1 // SPDX-License-Identifier: LGPL-2.1
4 * Copyright (C) International Business Machines Corp., 2009, 2013
6 * Author(s): Steve French (sfrench@us.ibm.com)
7 * Pavel Shilovsky (pshilovsky@samba.org) 2012
9 * Contains the routines for constructing the SMB2 PDUs themselves
13 /* SMB2 PDU handling routines here - except for leftovers (eg session setup) */
14 /* Note that there are handle based routines which must be */
15 /* treated slightly differently for reconnection purposes since we never */
16 /* want to reuse a stale file handle and only the caller knows the file info */
19 #include <linux/kernel.h>
20 #include <linux/vfs.h>
21 #include <linux/task_io_accounting_ops.h>
22 #include <linux/uaccess.h>
23 #include <linux/uuid.h>
24 #include <linux/pagemap.h>
25 #include <linux/xattr.h>
28 #include "cifsproto.h"
29 #include "smb2proto.h"
30 #include "cifs_unicode.h"
31 #include "cifs_debug.h"
33 #include "smb2status.h"
36 #include "cifs_spnego.h"
37 #include "smbdirect.h"
39 #ifdef CONFIG_CIFS_DFS_UPCALL
40 #include "dfs_cache.h"
42 #include "cached_dir.h"
45 * The following table defines the expected "StructureSize" of SMB2 requests
46 * in order by SMB2 command. This is similar to "wct" in SMB/CIFS requests.
48 * Note that commands are defined in smb2pdu.h in le16 but the array below is
49 * indexed by command in host byte order.
51 static const int smb2_req_struct_sizes[NUMBER_OF_SMB2_COMMANDS] = {
52 /* SMB2_NEGOTIATE */ 36,
53 /* SMB2_SESSION_SETUP */ 25,
55 /* SMB2_TREE_CONNECT */ 9,
56 /* SMB2_TREE_DISCONNECT */ 4,
66 /* SMB2_QUERY_DIRECTORY */ 33,
67 /* SMB2_CHANGE_NOTIFY */ 32,
68 /* SMB2_QUERY_INFO */ 41,
69 /* SMB2_SET_INFO */ 33,
70 /* SMB2_OPLOCK_BREAK */ 24 /* BB this is 36 for LEASE_BREAK variant */
73 int smb3_encryption_required(const struct cifs_tcon *tcon)
75 if (!tcon || !tcon->ses)
77 if ((tcon->ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) ||
78 (tcon->share_flags & SHI1005_FLAGS_ENCRYPT_DATA))
81 (tcon->ses->server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION))
87 smb2_hdr_assemble(struct smb2_hdr *shdr, __le16 smb2_cmd,
88 const struct cifs_tcon *tcon,
89 struct TCP_Server_Info *server)
91 struct smb3_hdr_req *smb3_hdr;
93 shdr->ProtocolId = SMB2_PROTO_NUMBER;
94 shdr->StructureSize = cpu_to_le16(64);
95 shdr->Command = smb2_cmd;
98 /* After reconnect SMB3 must set ChannelSequence on subsequent reqs */
99 if (server->dialect >= SMB30_PROT_ID) {
100 smb3_hdr = (struct smb3_hdr_req *)shdr;
102 * if primary channel is not set yet, use default
103 * channel for chan sequence num
105 if (SERVER_IS_CHAN(server))
106 smb3_hdr->ChannelSequence =
107 cpu_to_le16(server->primary_server->channel_sequence_num);
109 smb3_hdr->ChannelSequence =
110 cpu_to_le16(server->channel_sequence_num);
112 spin_lock(&server->req_lock);
113 /* Request up to 10 credits but don't go over the limit. */
114 if (server->credits >= server->max_credits)
115 shdr->CreditRequest = cpu_to_le16(0);
117 shdr->CreditRequest = cpu_to_le16(
118 min_t(int, server->max_credits -
119 server->credits, 10));
120 spin_unlock(&server->req_lock);
122 shdr->CreditRequest = cpu_to_le16(2);
124 shdr->Id.SyncId.ProcessId = cpu_to_le32((__u16)current->tgid);
129 /* GLOBAL_CAP_LARGE_MTU will only be set if dialect > SMB2.02 */
130 /* See sections 2.2.4 and 3.2.4.1.5 of MS-SMB2 */
131 if (server && (server->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU))
132 shdr->CreditCharge = cpu_to_le16(1);
133 /* else CreditCharge MBZ */
135 shdr->Id.SyncId.TreeId = cpu_to_le32(tcon->tid);
136 /* Uid is not converted */
138 shdr->SessionId = cpu_to_le64(tcon->ses->Suid);
141 * If we would set SMB2_FLAGS_DFS_OPERATIONS on open we also would have
142 * to pass the path on the Open SMB prefixed by \\server\share.
143 * Not sure when we would need to do the augmented path (if ever) and
144 * setting this flag breaks the SMB2 open operation since it is
145 * illegal to send an empty path name (without \\server\share prefix)
146 * when the DFS flag is set in the SMB open header. We could
147 * consider setting the flag on all operations other than open
148 * but it is safer to net set it for now.
150 /* if (tcon->share_flags & SHI1005_FLAGS_DFS)
151 shdr->Flags |= SMB2_FLAGS_DFS_OPERATIONS; */
153 if (server && server->sign && !smb3_encryption_required(tcon))
154 shdr->Flags |= SMB2_FLAGS_SIGNED;
159 /* helper function for code reuse */
161 cifs_chan_skip_or_disable(struct cifs_ses *ses,
162 struct TCP_Server_Info *server,
165 struct TCP_Server_Info *pserver;
166 unsigned int chan_index;
168 if (SERVER_IS_CHAN(server)) {
170 "server %s does not support multichannel anymore. Skip secondary channel\n",
171 ses->server->hostname);
173 spin_lock(&ses->chan_lock);
174 chan_index = cifs_ses_get_chan_index(ses, server);
175 if (chan_index == CIFS_INVAL_CHAN_INDEX) {
176 spin_unlock(&ses->chan_lock);
180 ses->chans[chan_index].server = NULL;
181 server->terminate = true;
182 spin_unlock(&ses->chan_lock);
185 * the above reference of server by channel
186 * needs to be dropped without holding chan_lock
187 * as cifs_put_tcp_session takes a higher lock
188 * i.e. cifs_tcp_ses_lock
190 cifs_put_tcp_session(server, from_reconnect);
192 cifs_signal_cifsd_for_reconnect(server, false);
194 /* mark primary server as needing reconnect */
195 pserver = server->primary_server;
196 cifs_signal_cifsd_for_reconnect(pserver, false);
202 "server does not support multichannel anymore. Disable all other channels\n");
203 cifs_disable_secondary_channels(ses);
210 smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon,
211 struct TCP_Server_Info *server, bool from_reconnect)
214 struct nls_table *nls_codepage = NULL;
215 struct cifs_ses *ses;
219 * SMB2s NegProt, SessSetup, Logoff do not have tcon yet so
220 * check for tcp and smb session status done differently
221 * for those three - in the calling routine.
227 * Need to also skip SMB2_IOCTL because it is used for checking nested dfs links in
228 * cifs_tree_connect().
230 if (smb2_command == SMB2_TREE_CONNECT || smb2_command == SMB2_IOCTL)
233 spin_lock(&tcon->tc_lock);
234 if (tcon->status == TID_EXITING) {
236 * only tree disconnect allowed when disconnecting ...
238 if (smb2_command != SMB2_TREE_DISCONNECT) {
239 spin_unlock(&tcon->tc_lock);
240 cifs_dbg(FYI, "can not send cmd %d while umounting\n",
245 spin_unlock(&tcon->tc_lock);
250 spin_lock(&ses->ses_lock);
251 if (ses->ses_status == SES_EXITING) {
252 spin_unlock(&ses->ses_lock);
255 spin_unlock(&ses->ses_lock);
256 if (!ses->server || !server)
259 spin_lock(&server->srv_lock);
260 if (server->tcpStatus == CifsNeedReconnect) {
262 * Return to caller for TREE_DISCONNECT and LOGOFF and CLOSE
263 * here since they are implicitly done when session drops.
265 switch (smb2_command) {
267 * BB Should we keep oplock break and add flush to exceptions?
269 case SMB2_TREE_DISCONNECT:
272 case SMB2_OPLOCK_BREAK:
273 spin_unlock(&server->srv_lock);
278 /* if server is marked for termination, cifsd will cleanup */
279 if (server->terminate) {
280 spin_unlock(&server->srv_lock);
283 spin_unlock(&server->srv_lock);
286 rc = cifs_wait_for_server_reconnect(server, tcon->retry);
290 spin_lock(&ses->chan_lock);
291 if (!cifs_chan_needs_reconnect(ses, server) && !tcon->need_reconnect) {
292 spin_unlock(&ses->chan_lock);
295 spin_unlock(&ses->chan_lock);
296 cifs_dbg(FYI, "sess reconnect mask: 0x%lx, tcon reconnect: %d",
297 tcon->ses->chans_need_reconnect,
298 tcon->need_reconnect);
300 mutex_lock(&ses->session_mutex);
302 * if this is called by delayed work, and the channel has been disabled
303 * in parallel, the delayed work can continue to execute in parallel
304 * there's a chance that this channel may not exist anymore
306 spin_lock(&server->srv_lock);
307 if (server->tcpStatus == CifsExiting) {
308 spin_unlock(&server->srv_lock);
309 mutex_unlock(&ses->session_mutex);
315 * Recheck after acquire mutex. If another thread is negotiating
316 * and the server never sends an answer the socket will be closed
317 * and tcpStatus set to reconnect.
319 if (server->tcpStatus == CifsNeedReconnect) {
320 spin_unlock(&server->srv_lock);
321 mutex_unlock(&ses->session_mutex);
329 spin_unlock(&server->srv_lock);
331 nls_codepage = ses->local_nls;
334 * need to prevent multiple threads trying to simultaneously
335 * reconnect the same SMB session
337 spin_lock(&ses->ses_lock);
338 spin_lock(&ses->chan_lock);
339 if (!cifs_chan_needs_reconnect(ses, server) &&
340 ses->ses_status == SES_GOOD) {
341 spin_unlock(&ses->chan_lock);
342 spin_unlock(&ses->ses_lock);
343 /* this means that we only need to tree connect */
344 if (tcon->need_reconnect)
345 goto skip_sess_setup;
347 mutex_unlock(&ses->session_mutex);
350 spin_unlock(&ses->chan_lock);
351 spin_unlock(&ses->ses_lock);
353 rc = cifs_negotiate_protocol(0, ses, server);
356 * if server stopped supporting multichannel
357 * and the first channel reconnected, disable all the others.
359 if (ses->chan_count > 1 &&
360 !(server->capabilities & SMB2_GLOBAL_CAP_MULTI_CHANNEL)) {
361 rc = cifs_chan_skip_or_disable(ses, server,
364 mutex_unlock(&ses->session_mutex);
369 rc = cifs_setup_session(0, ses, server, nls_codepage);
370 if ((rc == -EACCES) && !tcon->retry) {
371 mutex_unlock(&ses->session_mutex);
375 mutex_unlock(&ses->session_mutex);
379 mutex_unlock(&ses->session_mutex);
384 if (!tcon->need_reconnect) {
385 mutex_unlock(&ses->session_mutex);
388 cifs_mark_open_files_invalid(tcon);
389 if (tcon->use_persistent)
390 tcon->need_reopen_files = true;
392 rc = cifs_tree_connect(0, tcon, nls_codepage);
394 cifs_dbg(FYI, "reconnect tcon rc = %d\n", rc);
396 /* If sess reconnected but tcon didn't, something strange ... */
397 mutex_unlock(&ses->session_mutex);
398 cifs_dbg(VFS, "reconnect tcon failed rc = %d\n", rc);
402 spin_lock(&ses->ses_lock);
403 if (ses->flags & CIFS_SES_FLAG_SCALE_CHANNELS) {
404 spin_unlock(&ses->ses_lock);
405 mutex_unlock(&ses->session_mutex);
406 goto skip_add_channels;
408 ses->flags |= CIFS_SES_FLAG_SCALE_CHANNELS;
409 spin_unlock(&ses->ses_lock);
412 (server->capabilities & SMB2_GLOBAL_CAP_MULTI_CHANNEL) &&
413 server->ops->query_server_interfaces) {
414 mutex_unlock(&ses->session_mutex);
417 * query server network interfaces, in case they change
420 rc = server->ops->query_server_interfaces(xid, tcon, false);
423 if (rc == -EOPNOTSUPP && ses->chan_count > 1) {
425 * some servers like Azure SMB server do not advertise
426 * that multichannel has been disabled with server
427 * capabilities, rather return STATUS_NOT_IMPLEMENTED.
428 * treat this as server not supporting multichannel
431 rc = cifs_chan_skip_or_disable(ses, server,
433 goto skip_add_channels;
435 cifs_dbg(FYI, "%s: failed to query server interfaces: %d\n",
438 if (ses->chan_max > ses->chan_count &&
440 !SERVER_IS_CHAN(server)) {
441 if (ses->chan_count == 1) {
442 cifs_server_dbg(VFS, "supports multichannel now\n");
443 queue_delayed_work(cifsiod_wq, &tcon->query_interfaces,
444 (SMB_INTERFACE_POLL_INTERVAL * HZ));
447 cifs_try_adding_channels(ses);
450 mutex_unlock(&ses->session_mutex);
454 spin_lock(&ses->ses_lock);
455 ses->flags &= ~CIFS_SES_FLAG_SCALE_CHANNELS;
456 spin_unlock(&ses->ses_lock);
458 if (smb2_command != SMB2_INTERNAL_CMD)
459 mod_delayed_work(cifsiod_wq, &server->reconnect, 0);
461 atomic_inc(&tconInfoReconnectCount);
464 * Check if handle based operation so we know whether we can continue
465 * or not without returning to caller to reset file handle.
468 * BB Is flush done by server on drop of tcp session? Should we special
469 * case it and skip above?
471 switch (smb2_command) {
476 case SMB2_QUERY_DIRECTORY:
477 case SMB2_CHANGE_NOTIFY:
478 case SMB2_QUERY_INFO:
487 fill_small_buf(__le16 smb2_command, struct cifs_tcon *tcon,
488 struct TCP_Server_Info *server,
490 unsigned int *total_len)
492 struct smb2_pdu *spdu = buf;
493 /* lookup word count ie StructureSize from table */
494 __u16 parmsize = smb2_req_struct_sizes[le16_to_cpu(smb2_command)];
497 * smaller than SMALL_BUFFER_SIZE but bigger than fixed area of
498 * largest operations (Create)
502 smb2_hdr_assemble(&spdu->hdr, smb2_command, tcon, server);
503 spdu->StructureSize2 = cpu_to_le16(parmsize);
505 *total_len = parmsize + sizeof(struct smb2_hdr);
509 * Allocate and return pointer to an SMB request hdr, and set basic
510 * SMB information in the SMB header. If the return code is zero, this
511 * function must have filled in request_buf pointer.
513 static int __smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon,
514 struct TCP_Server_Info *server,
515 void **request_buf, unsigned int *total_len)
517 /* BB eventually switch this to SMB2 specific small buf size */
518 switch (smb2_command) {
520 case SMB2_QUERY_INFO:
521 *request_buf = cifs_buf_get();
524 *request_buf = cifs_small_buf_get();
527 if (*request_buf == NULL) {
528 /* BB should we add a retry in here if not a writepage? */
532 fill_small_buf(smb2_command, tcon, server,
533 (struct smb2_hdr *)(*request_buf),
537 uint16_t com_code = le16_to_cpu(smb2_command);
538 cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_sent[com_code]);
539 cifs_stats_inc(&tcon->num_smbs_sent);
545 static int smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon,
546 struct TCP_Server_Info *server,
547 void **request_buf, unsigned int *total_len)
551 rc = smb2_reconnect(smb2_command, tcon, server, false);
555 return __smb2_plain_req_init(smb2_command, tcon, server, request_buf,
559 static int smb2_ioctl_req_init(u32 opcode, struct cifs_tcon *tcon,
560 struct TCP_Server_Info *server,
561 void **request_buf, unsigned int *total_len)
563 /* Skip reconnect only for FSCTL_VALIDATE_NEGOTIATE_INFO IOCTLs */
564 if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO) {
565 return __smb2_plain_req_init(SMB2_IOCTL, tcon, server,
566 request_buf, total_len);
568 return smb2_plain_req_init(SMB2_IOCTL, tcon, server,
569 request_buf, total_len);
572 /* For explanation of negotiate contexts see MS-SMB2 section 2.2.3.1 */
575 build_preauth_ctxt(struct smb2_preauth_neg_context *pneg_ctxt)
577 pneg_ctxt->ContextType = SMB2_PREAUTH_INTEGRITY_CAPABILITIES;
578 pneg_ctxt->DataLength = cpu_to_le16(38);
579 pneg_ctxt->HashAlgorithmCount = cpu_to_le16(1);
580 pneg_ctxt->SaltLength = cpu_to_le16(SMB311_SALT_SIZE);
581 get_random_bytes(pneg_ctxt->Salt, SMB311_SALT_SIZE);
582 pneg_ctxt->HashAlgorithms = SMB2_PREAUTH_INTEGRITY_SHA512;
586 build_compression_ctxt(struct smb2_compression_capabilities_context *pneg_ctxt)
588 pneg_ctxt->ContextType = SMB2_COMPRESSION_CAPABILITIES;
589 pneg_ctxt->DataLength =
590 cpu_to_le16(sizeof(struct smb2_compression_capabilities_context)
591 - sizeof(struct smb2_neg_context));
592 pneg_ctxt->CompressionAlgorithmCount = cpu_to_le16(3);
593 pneg_ctxt->CompressionAlgorithms[0] = SMB3_COMPRESS_LZ77;
594 pneg_ctxt->CompressionAlgorithms[1] = SMB3_COMPRESS_LZ77_HUFF;
595 pneg_ctxt->CompressionAlgorithms[2] = SMB3_COMPRESS_LZNT1;
599 build_signing_ctxt(struct smb2_signing_capabilities *pneg_ctxt)
601 unsigned int ctxt_len = sizeof(struct smb2_signing_capabilities);
602 unsigned short num_algs = 1; /* number of signing algorithms sent */
604 pneg_ctxt->ContextType = SMB2_SIGNING_CAPABILITIES;
606 * Context Data length must be rounded to multiple of 8 for some servers
608 pneg_ctxt->DataLength = cpu_to_le16(ALIGN(sizeof(struct smb2_signing_capabilities) -
609 sizeof(struct smb2_neg_context) +
610 (num_algs * sizeof(u16)), 8));
611 pneg_ctxt->SigningAlgorithmCount = cpu_to_le16(num_algs);
612 pneg_ctxt->SigningAlgorithms[0] = cpu_to_le16(SIGNING_ALG_AES_CMAC);
614 ctxt_len += sizeof(__le16) * num_algs;
615 ctxt_len = ALIGN(ctxt_len, 8);
617 /* TBD add SIGNING_ALG_AES_GMAC and/or SIGNING_ALG_HMAC_SHA256 */
621 build_encrypt_ctxt(struct smb2_encryption_neg_context *pneg_ctxt)
623 pneg_ctxt->ContextType = SMB2_ENCRYPTION_CAPABILITIES;
624 if (require_gcm_256) {
625 pneg_ctxt->DataLength = cpu_to_le16(4); /* Cipher Count + 1 cipher */
626 pneg_ctxt->CipherCount = cpu_to_le16(1);
627 pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES256_GCM;
628 } else if (enable_gcm_256) {
629 pneg_ctxt->DataLength = cpu_to_le16(8); /* Cipher Count + 3 ciphers */
630 pneg_ctxt->CipherCount = cpu_to_le16(3);
631 pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES128_GCM;
632 pneg_ctxt->Ciphers[1] = SMB2_ENCRYPTION_AES256_GCM;
633 pneg_ctxt->Ciphers[2] = SMB2_ENCRYPTION_AES128_CCM;
635 pneg_ctxt->DataLength = cpu_to_le16(6); /* Cipher Count + 2 ciphers */
636 pneg_ctxt->CipherCount = cpu_to_le16(2);
637 pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES128_GCM;
638 pneg_ctxt->Ciphers[1] = SMB2_ENCRYPTION_AES128_CCM;
643 build_netname_ctxt(struct smb2_netname_neg_context *pneg_ctxt, char *hostname)
645 struct nls_table *cp = load_nls_default();
647 pneg_ctxt->ContextType = SMB2_NETNAME_NEGOTIATE_CONTEXT_ID;
649 /* copy up to max of first 100 bytes of server name to NetName field */
650 pneg_ctxt->DataLength = cpu_to_le16(2 * cifs_strtoUTF16(pneg_ctxt->NetName, hostname, 100, cp));
651 /* context size is DataLength + minimal smb2_neg_context */
652 return ALIGN(le16_to_cpu(pneg_ctxt->DataLength) + sizeof(struct smb2_neg_context), 8);
656 build_posix_ctxt(struct smb2_posix_neg_context *pneg_ctxt)
658 pneg_ctxt->ContextType = SMB2_POSIX_EXTENSIONS_AVAILABLE;
659 pneg_ctxt->DataLength = cpu_to_le16(POSIX_CTXT_DATA_LEN);
660 /* SMB2_CREATE_TAG_POSIX is "0x93AD25509CB411E7B42383DE968BCD7C" */
661 pneg_ctxt->Name[0] = 0x93;
662 pneg_ctxt->Name[1] = 0xAD;
663 pneg_ctxt->Name[2] = 0x25;
664 pneg_ctxt->Name[3] = 0x50;
665 pneg_ctxt->Name[4] = 0x9C;
666 pneg_ctxt->Name[5] = 0xB4;
667 pneg_ctxt->Name[6] = 0x11;
668 pneg_ctxt->Name[7] = 0xE7;
669 pneg_ctxt->Name[8] = 0xB4;
670 pneg_ctxt->Name[9] = 0x23;
671 pneg_ctxt->Name[10] = 0x83;
672 pneg_ctxt->Name[11] = 0xDE;
673 pneg_ctxt->Name[12] = 0x96;
674 pneg_ctxt->Name[13] = 0x8B;
675 pneg_ctxt->Name[14] = 0xCD;
676 pneg_ctxt->Name[15] = 0x7C;
680 assemble_neg_contexts(struct smb2_negotiate_req *req,
681 struct TCP_Server_Info *server, unsigned int *total_len)
683 unsigned int ctxt_len, neg_context_count;
684 struct TCP_Server_Info *pserver;
688 if (*total_len > 200) {
689 /* In case length corrupted don't want to overrun smb buffer */
690 cifs_server_dbg(VFS, "Bad frame length assembling neg contexts\n");
695 * round up total_len of fixed part of SMB3 negotiate request to 8
696 * byte boundary before adding negotiate contexts
698 *total_len = ALIGN(*total_len, 8);
700 pneg_ctxt = (*total_len) + (char *)req;
701 req->NegotiateContextOffset = cpu_to_le32(*total_len);
703 build_preauth_ctxt((struct smb2_preauth_neg_context *)pneg_ctxt);
704 ctxt_len = ALIGN(sizeof(struct smb2_preauth_neg_context), 8);
705 *total_len += ctxt_len;
706 pneg_ctxt += ctxt_len;
708 build_encrypt_ctxt((struct smb2_encryption_neg_context *)pneg_ctxt);
709 ctxt_len = ALIGN(sizeof(struct smb2_encryption_neg_context), 8);
710 *total_len += ctxt_len;
711 pneg_ctxt += ctxt_len;
714 * secondary channels don't have the hostname field populated
715 * use the hostname field in the primary channel instead
717 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server;
718 cifs_server_lock(pserver);
719 hostname = pserver->hostname;
720 if (hostname && (hostname[0] != 0)) {
721 ctxt_len = build_netname_ctxt((struct smb2_netname_neg_context *)pneg_ctxt,
723 *total_len += ctxt_len;
724 pneg_ctxt += ctxt_len;
725 neg_context_count = 3;
727 neg_context_count = 2;
728 cifs_server_unlock(pserver);
730 build_posix_ctxt((struct smb2_posix_neg_context *)pneg_ctxt);
731 *total_len += sizeof(struct smb2_posix_neg_context);
732 pneg_ctxt += sizeof(struct smb2_posix_neg_context);
735 if (server->compression.requested) {
736 build_compression_ctxt((struct smb2_compression_capabilities_context *)
738 ctxt_len = ALIGN(sizeof(struct smb2_compression_capabilities_context), 8);
739 *total_len += ctxt_len;
740 pneg_ctxt += ctxt_len;
744 if (enable_negotiate_signing) {
745 ctxt_len = build_signing_ctxt((struct smb2_signing_capabilities *)
747 *total_len += ctxt_len;
748 pneg_ctxt += ctxt_len;
752 /* check for and add transport_capabilities and signing capabilities */
753 req->NegotiateContextCount = cpu_to_le16(neg_context_count);
757 /* If invalid preauth context warn but use what we requested, SHA-512 */
758 static void decode_preauth_context(struct smb2_preauth_neg_context *ctxt)
760 unsigned int len = le16_to_cpu(ctxt->DataLength);
763 * Caller checked that DataLength remains within SMB boundary. We still
764 * need to confirm that one HashAlgorithms member is accounted for.
766 if (len < MIN_PREAUTH_CTXT_DATA_LEN) {
767 pr_warn_once("server sent bad preauth context\n");
769 } else if (len < MIN_PREAUTH_CTXT_DATA_LEN + le16_to_cpu(ctxt->SaltLength)) {
770 pr_warn_once("server sent invalid SaltLength\n");
773 if (le16_to_cpu(ctxt->HashAlgorithmCount) != 1)
774 pr_warn_once("Invalid SMB3 hash algorithm count\n");
775 if (ctxt->HashAlgorithms != SMB2_PREAUTH_INTEGRITY_SHA512)
776 pr_warn_once("unknown SMB3 hash algorithm\n");
779 static void decode_compress_ctx(struct TCP_Server_Info *server,
780 struct smb2_compression_capabilities_context *ctxt)
782 unsigned int len = le16_to_cpu(ctxt->DataLength);
785 server->compression.enabled = false;
788 * Caller checked that DataLength remains within SMB boundary. We still
789 * need to confirm that one CompressionAlgorithms member is accounted
793 pr_warn_once("server sent bad compression cntxt\n");
797 if (le16_to_cpu(ctxt->CompressionAlgorithmCount) != 1) {
798 pr_warn_once("invalid SMB3 compress algorithm count\n");
802 alg = ctxt->CompressionAlgorithms[0];
804 /* 'NONE' (0) compressor type is never negotiated */
805 if (alg == 0 || le16_to_cpu(alg) > 3) {
806 pr_warn_once("invalid compression algorithm '%u'\n", alg);
810 server->compression.alg = alg;
811 server->compression.enabled = true;
814 static int decode_encrypt_ctx(struct TCP_Server_Info *server,
815 struct smb2_encryption_neg_context *ctxt)
817 unsigned int len = le16_to_cpu(ctxt->DataLength);
819 cifs_dbg(FYI, "decode SMB3.11 encryption neg context of len %d\n", len);
821 * Caller checked that DataLength remains within SMB boundary. We still
822 * need to confirm that one Cipher flexible array member is accounted
825 if (len < MIN_ENCRYPT_CTXT_DATA_LEN) {
826 pr_warn_once("server sent bad crypto ctxt len\n");
830 if (le16_to_cpu(ctxt->CipherCount) != 1) {
831 pr_warn_once("Invalid SMB3.11 cipher count\n");
834 cifs_dbg(FYI, "SMB311 cipher type:%d\n", le16_to_cpu(ctxt->Ciphers[0]));
835 if (require_gcm_256) {
836 if (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES256_GCM) {
837 cifs_dbg(VFS, "Server does not support requested encryption type (AES256 GCM)\n");
840 } else if (ctxt->Ciphers[0] == 0) {
842 * e.g. if server only supported AES256_CCM (very unlikely)
843 * or server supported no encryption types or had all disabled.
844 * Since GLOBAL_CAP_ENCRYPTION will be not set, in the case
845 * in which mount requested encryption ("seal") checks later
846 * on during tree connection will return proper rc, but if
847 * seal not requested by client, since server is allowed to
848 * return 0 to indicate no supported cipher, we can't fail here
850 server->cipher_type = 0;
851 server->capabilities &= ~SMB2_GLOBAL_CAP_ENCRYPTION;
852 pr_warn_once("Server does not support requested encryption types\n");
854 } else if ((ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_CCM) &&
855 (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_GCM) &&
856 (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES256_GCM)) {
857 /* server returned a cipher we didn't ask for */
858 pr_warn_once("Invalid SMB3.11 cipher returned\n");
861 server->cipher_type = ctxt->Ciphers[0];
862 server->capabilities |= SMB2_GLOBAL_CAP_ENCRYPTION;
866 static void decode_signing_ctx(struct TCP_Server_Info *server,
867 struct smb2_signing_capabilities *pctxt)
869 unsigned int len = le16_to_cpu(pctxt->DataLength);
872 * Caller checked that DataLength remains within SMB boundary. We still
873 * need to confirm that one SigningAlgorithms flexible array member is
876 if ((len < 4) || (len > 16)) {
877 pr_warn_once("server sent bad signing negcontext\n");
880 if (le16_to_cpu(pctxt->SigningAlgorithmCount) != 1) {
881 pr_warn_once("Invalid signing algorithm count\n");
884 if (le16_to_cpu(pctxt->SigningAlgorithms[0]) > 2) {
885 pr_warn_once("unknown signing algorithm\n");
889 server->signing_negotiated = true;
890 server->signing_algorithm = le16_to_cpu(pctxt->SigningAlgorithms[0]);
891 cifs_dbg(FYI, "signing algorithm %d chosen\n",
892 server->signing_algorithm);
896 static int smb311_decode_neg_context(struct smb2_negotiate_rsp *rsp,
897 struct TCP_Server_Info *server,
898 unsigned int len_of_smb)
900 struct smb2_neg_context *pctx;
901 unsigned int offset = le32_to_cpu(rsp->NegotiateContextOffset);
902 unsigned int ctxt_cnt = le16_to_cpu(rsp->NegotiateContextCount);
903 unsigned int len_of_ctxts, i;
906 cifs_dbg(FYI, "decoding %d negotiate contexts\n", ctxt_cnt);
907 if (len_of_smb <= offset) {
908 cifs_server_dbg(VFS, "Invalid response: negotiate context offset\n");
912 len_of_ctxts = len_of_smb - offset;
914 for (i = 0; i < ctxt_cnt; i++) {
916 /* check that offset is not beyond end of SMB */
917 if (len_of_ctxts < sizeof(struct smb2_neg_context))
920 pctx = (struct smb2_neg_context *)(offset + (char *)rsp);
921 clen = sizeof(struct smb2_neg_context)
922 + le16_to_cpu(pctx->DataLength);
924 * 2.2.4 SMB2 NEGOTIATE Response
925 * Subsequent negotiate contexts MUST appear at the first 8-byte
926 * aligned offset following the previous negotiate context.
928 if (i + 1 != ctxt_cnt)
929 clen = ALIGN(clen, 8);
930 if (clen > len_of_ctxts)
933 if (pctx->ContextType == SMB2_PREAUTH_INTEGRITY_CAPABILITIES)
934 decode_preauth_context(
935 (struct smb2_preauth_neg_context *)pctx);
936 else if (pctx->ContextType == SMB2_ENCRYPTION_CAPABILITIES)
937 rc = decode_encrypt_ctx(server,
938 (struct smb2_encryption_neg_context *)pctx);
939 else if (pctx->ContextType == SMB2_COMPRESSION_CAPABILITIES)
940 decode_compress_ctx(server,
941 (struct smb2_compression_capabilities_context *)pctx);
942 else if (pctx->ContextType == SMB2_POSIX_EXTENSIONS_AVAILABLE)
943 server->posix_ext_supported = true;
944 else if (pctx->ContextType == SMB2_SIGNING_CAPABILITIES)
945 decode_signing_ctx(server,
946 (struct smb2_signing_capabilities *)pctx);
948 cifs_server_dbg(VFS, "unknown negcontext of type %d ignored\n",
949 le16_to_cpu(pctx->ContextType));
954 len_of_ctxts -= clen;
959 static struct create_posix *
960 create_posix_buf(umode_t mode)
962 struct create_posix *buf;
964 buf = kzalloc(sizeof(struct create_posix),
969 buf->ccontext.DataOffset =
970 cpu_to_le16(offsetof(struct create_posix, Mode));
971 buf->ccontext.DataLength = cpu_to_le32(4);
972 buf->ccontext.NameOffset =
973 cpu_to_le16(offsetof(struct create_posix, Name));
974 buf->ccontext.NameLength = cpu_to_le16(16);
976 /* SMB2_CREATE_TAG_POSIX is "0x93AD25509CB411E7B42383DE968BCD7C" */
987 buf->Name[10] = 0x83;
988 buf->Name[11] = 0xDE;
989 buf->Name[12] = 0x96;
990 buf->Name[13] = 0x8B;
991 buf->Name[14] = 0xCD;
992 buf->Name[15] = 0x7C;
993 buf->Mode = cpu_to_le32(mode);
994 cifs_dbg(FYI, "mode on posix create 0%o\n", mode);
999 add_posix_context(struct kvec *iov, unsigned int *num_iovec, umode_t mode)
1001 unsigned int num = *num_iovec;
1003 iov[num].iov_base = create_posix_buf(mode);
1004 if (mode == ACL_NO_MODE)
1005 cifs_dbg(FYI, "%s: no mode\n", __func__);
1006 if (iov[num].iov_base == NULL)
1008 iov[num].iov_len = sizeof(struct create_posix);
1009 *num_iovec = num + 1;
1016 * SMB2 Worker functions follow:
1018 * The general structure of the worker functions is:
1019 * 1) Call smb2_init (assembles SMB2 header)
1020 * 2) Initialize SMB2 command specific fields in fixed length area of SMB
1021 * 3) Call smb_sendrcv2 (sends request on socket and waits for response)
1022 * 4) Decode SMB2 command specific fields in the fixed length area
1023 * 5) Decode variable length data area (if any for this SMB2 command type)
1024 * 6) Call free smb buffer
1030 SMB2_negotiate(const unsigned int xid,
1031 struct cifs_ses *ses,
1032 struct TCP_Server_Info *server)
1034 struct smb_rqst rqst;
1035 struct smb2_negotiate_req *req;
1036 struct smb2_negotiate_rsp *rsp;
1038 struct kvec rsp_iov;
1041 int blob_offset, blob_length;
1042 char *security_blob;
1043 int flags = CIFS_NEG_OP;
1044 unsigned int total_len;
1046 cifs_dbg(FYI, "Negotiate protocol\n");
1049 WARN(1, "%s: server is NULL!\n", __func__);
1053 rc = smb2_plain_req_init(SMB2_NEGOTIATE, NULL, server,
1054 (void **) &req, &total_len);
1058 req->hdr.SessionId = 0;
1060 memset(server->preauth_sha_hash, 0, SMB2_PREAUTH_HASH_SIZE);
1061 memset(ses->preauth_sha_hash, 0, SMB2_PREAUTH_HASH_SIZE);
1063 if (strcmp(server->vals->version_string,
1064 SMB3ANY_VERSION_STRING) == 0) {
1065 req->Dialects[0] = cpu_to_le16(SMB30_PROT_ID);
1066 req->Dialects[1] = cpu_to_le16(SMB302_PROT_ID);
1067 req->Dialects[2] = cpu_to_le16(SMB311_PROT_ID);
1068 req->DialectCount = cpu_to_le16(3);
1070 } else if (strcmp(server->vals->version_string,
1071 SMBDEFAULT_VERSION_STRING) == 0) {
1072 req->Dialects[0] = cpu_to_le16(SMB21_PROT_ID);
1073 req->Dialects[1] = cpu_to_le16(SMB30_PROT_ID);
1074 req->Dialects[2] = cpu_to_le16(SMB302_PROT_ID);
1075 req->Dialects[3] = cpu_to_le16(SMB311_PROT_ID);
1076 req->DialectCount = cpu_to_le16(4);
1079 /* otherwise send specific dialect */
1080 req->Dialects[0] = cpu_to_le16(server->vals->protocol_id);
1081 req->DialectCount = cpu_to_le16(1);
1085 /* only one of SMB2 signing flags may be set in SMB2 request */
1087 req->SecurityMode = cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED);
1088 else if (global_secflags & CIFSSEC_MAY_SIGN)
1089 req->SecurityMode = cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED);
1091 req->SecurityMode = 0;
1093 req->Capabilities = cpu_to_le32(server->vals->req_capabilities);
1094 if (ses->chan_max > 1)
1095 req->Capabilities |= cpu_to_le32(SMB2_GLOBAL_CAP_MULTI_CHANNEL);
1097 /* ClientGUID must be zero for SMB2.02 dialect */
1098 if (server->vals->protocol_id == SMB20_PROT_ID)
1099 memset(req->ClientGUID, 0, SMB2_CLIENT_GUID_SIZE);
1101 memcpy(req->ClientGUID, server->client_guid,
1102 SMB2_CLIENT_GUID_SIZE);
1103 if ((server->vals->protocol_id == SMB311_PROT_ID) ||
1104 (strcmp(server->vals->version_string,
1105 SMB3ANY_VERSION_STRING) == 0) ||
1106 (strcmp(server->vals->version_string,
1107 SMBDEFAULT_VERSION_STRING) == 0))
1108 assemble_neg_contexts(req, server, &total_len);
1110 iov[0].iov_base = (char *)req;
1111 iov[0].iov_len = total_len;
1113 memset(&rqst, 0, sizeof(struct smb_rqst));
1117 rc = cifs_send_recv(xid, ses, server,
1118 &rqst, &resp_buftype, flags, &rsp_iov);
1119 cifs_small_buf_release(req);
1120 rsp = (struct smb2_negotiate_rsp *)rsp_iov.iov_base;
1122 * No tcon so can't do
1123 * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
1125 if (rc == -EOPNOTSUPP) {
1126 cifs_server_dbg(VFS, "Dialect not supported by server. Consider specifying vers=1.0 or vers=2.0 on mount for accessing older servers\n");
1132 if (strcmp(server->vals->version_string,
1133 SMB3ANY_VERSION_STRING) == 0) {
1134 if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) {
1135 cifs_server_dbg(VFS,
1136 "SMB2 dialect returned but not requested\n");
1138 } else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) {
1139 cifs_server_dbg(VFS,
1140 "SMB2.1 dialect returned but not requested\n");
1142 } else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) {
1143 /* ops set to 3.0 by default for default so update */
1144 server->ops = &smb311_operations;
1145 server->vals = &smb311_values;
1147 } else if (strcmp(server->vals->version_string,
1148 SMBDEFAULT_VERSION_STRING) == 0) {
1149 if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) {
1150 cifs_server_dbg(VFS,
1151 "SMB2 dialect returned but not requested\n");
1153 } else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) {
1154 /* ops set to 3.0 by default for default so update */
1155 server->ops = &smb21_operations;
1156 server->vals = &smb21_values;
1157 } else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) {
1158 server->ops = &smb311_operations;
1159 server->vals = &smb311_values;
1161 } else if (le16_to_cpu(rsp->DialectRevision) !=
1162 server->vals->protocol_id) {
1163 /* if requested single dialect ensure returned dialect matched */
1164 cifs_server_dbg(VFS, "Invalid 0x%x dialect returned: not requested\n",
1165 le16_to_cpu(rsp->DialectRevision));
1169 cifs_dbg(FYI, "mode 0x%x\n", rsp->SecurityMode);
1171 if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID))
1172 cifs_dbg(FYI, "negotiated smb2.0 dialect\n");
1173 else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID))
1174 cifs_dbg(FYI, "negotiated smb2.1 dialect\n");
1175 else if (rsp->DialectRevision == cpu_to_le16(SMB30_PROT_ID))
1176 cifs_dbg(FYI, "negotiated smb3.0 dialect\n");
1177 else if (rsp->DialectRevision == cpu_to_le16(SMB302_PROT_ID))
1178 cifs_dbg(FYI, "negotiated smb3.02 dialect\n");
1179 else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID))
1180 cifs_dbg(FYI, "negotiated smb3.1.1 dialect\n");
1182 cifs_server_dbg(VFS, "Invalid dialect returned by server 0x%x\n",
1183 le16_to_cpu(rsp->DialectRevision));
1188 server->dialect = le16_to_cpu(rsp->DialectRevision);
1191 * Keep a copy of the hash after negprot. This hash will be
1192 * the starting hash value for all sessions made from this
1195 memcpy(server->preauth_sha_hash, ses->preauth_sha_hash,
1196 SMB2_PREAUTH_HASH_SIZE);
1198 /* SMB2 only has an extended negflavor */
1199 server->negflavor = CIFS_NEGFLAVOR_EXTENDED;
1200 /* set it to the maximum buffer size value we can send with 1 credit */
1201 server->maxBuf = min_t(unsigned int, le32_to_cpu(rsp->MaxTransactSize),
1202 SMB2_MAX_BUFFER_SIZE);
1203 server->max_read = le32_to_cpu(rsp->MaxReadSize);
1204 server->max_write = le32_to_cpu(rsp->MaxWriteSize);
1205 server->sec_mode = le16_to_cpu(rsp->SecurityMode);
1206 if ((server->sec_mode & SMB2_SEC_MODE_FLAGS_ALL) != server->sec_mode)
1207 cifs_dbg(FYI, "Server returned unexpected security mode 0x%x\n",
1209 server->capabilities = le32_to_cpu(rsp->Capabilities);
1210 /* Internal types */
1211 server->capabilities |= SMB2_NT_FIND | SMB2_LARGE_FILES;
1214 * SMB3.0 supports only 1 cipher and doesn't have a encryption neg context
1215 * Set the cipher type manually.
1217 if (server->dialect == SMB30_PROT_ID && (server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION))
1218 server->cipher_type = SMB2_ENCRYPTION_AES128_CCM;
1220 security_blob = smb2_get_data_area_len(&blob_offset, &blob_length,
1221 (struct smb2_hdr *)rsp);
1223 * See MS-SMB2 section 2.2.4: if no blob, client picks default which
1225 * ses->sectype = RawNTLMSSP;
1226 * but for time being this is our only auth choice so doesn't matter.
1227 * We just found a server which sets blob length to zero expecting raw.
1229 if (blob_length == 0) {
1230 cifs_dbg(FYI, "missing security blob on negprot\n");
1231 server->sec_ntlmssp = true;
1234 rc = cifs_enable_signing(server, ses->sign);
1238 rc = decode_negTokenInit(security_blob, blob_length, server);
1245 if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) {
1246 if (rsp->NegotiateContextCount)
1247 rc = smb311_decode_neg_context(rsp, server,
1250 cifs_server_dbg(VFS, "Missing expected negotiate contexts\n");
1253 free_rsp_buf(resp_buftype, rsp);
1257 int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon)
1260 struct validate_negotiate_info_req *pneg_inbuf;
1261 struct validate_negotiate_info_rsp *pneg_rsp = NULL;
1263 u32 inbuflen; /* max of 4 dialects */
1264 struct TCP_Server_Info *server = tcon->ses->server;
1266 cifs_dbg(FYI, "validate negotiate\n");
1268 /* In SMB3.11 preauth integrity supersedes validate negotiate */
1269 if (server->dialect == SMB311_PROT_ID)
1273 * validation ioctl must be signed, so no point sending this if we
1274 * can not sign it (ie are not known user). Even if signing is not
1275 * required (enabled but not negotiated), in those cases we selectively
1276 * sign just this, the first and only signed request on a connection.
1277 * Having validation of negotiate info helps reduce attack vectors.
1279 if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_GUEST)
1280 return 0; /* validation requires signing */
1282 if (tcon->ses->user_name == NULL) {
1283 cifs_dbg(FYI, "Can't validate negotiate: null user mount\n");
1284 return 0; /* validation requires signing */
1287 if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_NULL)
1288 cifs_tcon_dbg(VFS, "Unexpected null user (anonymous) auth flag sent by server\n");
1290 pneg_inbuf = kmalloc(sizeof(*pneg_inbuf), GFP_NOFS);
1294 pneg_inbuf->Capabilities =
1295 cpu_to_le32(server->vals->req_capabilities);
1296 if (tcon->ses->chan_max > 1)
1297 pneg_inbuf->Capabilities |= cpu_to_le32(SMB2_GLOBAL_CAP_MULTI_CHANNEL);
1299 memcpy(pneg_inbuf->Guid, server->client_guid,
1300 SMB2_CLIENT_GUID_SIZE);
1302 if (tcon->ses->sign)
1303 pneg_inbuf->SecurityMode =
1304 cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED);
1305 else if (global_secflags & CIFSSEC_MAY_SIGN)
1306 pneg_inbuf->SecurityMode =
1307 cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED);
1309 pneg_inbuf->SecurityMode = 0;
1312 if (strcmp(server->vals->version_string,
1313 SMB3ANY_VERSION_STRING) == 0) {
1314 pneg_inbuf->Dialects[0] = cpu_to_le16(SMB30_PROT_ID);
1315 pneg_inbuf->Dialects[1] = cpu_to_le16(SMB302_PROT_ID);
1316 pneg_inbuf->Dialects[2] = cpu_to_le16(SMB311_PROT_ID);
1317 pneg_inbuf->DialectCount = cpu_to_le16(3);
1318 /* SMB 2.1 not included so subtract one dialect from len */
1319 inbuflen = sizeof(*pneg_inbuf) -
1320 (sizeof(pneg_inbuf->Dialects[0]));
1321 } else if (strcmp(server->vals->version_string,
1322 SMBDEFAULT_VERSION_STRING) == 0) {
1323 pneg_inbuf->Dialects[0] = cpu_to_le16(SMB21_PROT_ID);
1324 pneg_inbuf->Dialects[1] = cpu_to_le16(SMB30_PROT_ID);
1325 pneg_inbuf->Dialects[2] = cpu_to_le16(SMB302_PROT_ID);
1326 pneg_inbuf->Dialects[3] = cpu_to_le16(SMB311_PROT_ID);
1327 pneg_inbuf->DialectCount = cpu_to_le16(4);
1328 /* structure is big enough for 4 dialects */
1329 inbuflen = sizeof(*pneg_inbuf);
1331 /* otherwise specific dialect was requested */
1332 pneg_inbuf->Dialects[0] =
1333 cpu_to_le16(server->vals->protocol_id);
1334 pneg_inbuf->DialectCount = cpu_to_le16(1);
1335 /* structure is big enough for 4 dialects, sending only 1 */
1336 inbuflen = sizeof(*pneg_inbuf) -
1337 sizeof(pneg_inbuf->Dialects[0]) * 3;
1340 rc = SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID,
1341 FSCTL_VALIDATE_NEGOTIATE_INFO,
1342 (char *)pneg_inbuf, inbuflen, CIFSMaxBufSize,
1343 (char **)&pneg_rsp, &rsplen);
1344 if (rc == -EOPNOTSUPP) {
1346 * Old Windows versions or Netapp SMB server can return
1347 * not supported error. Client should accept it.
1349 cifs_tcon_dbg(VFS, "Server does not support validate negotiate\n");
1351 goto out_free_inbuf;
1352 } else if (rc != 0) {
1353 cifs_tcon_dbg(VFS, "validate protocol negotiate failed: %d\n",
1356 goto out_free_inbuf;
1360 if (rsplen != sizeof(*pneg_rsp)) {
1361 cifs_tcon_dbg(VFS, "Invalid protocol negotiate response size: %d\n",
1364 /* relax check since Mac returns max bufsize allowed on ioctl */
1365 if (rsplen > CIFSMaxBufSize || rsplen < sizeof(*pneg_rsp))
1369 /* check validate negotiate info response matches what we got earlier */
1370 if (pneg_rsp->Dialect != cpu_to_le16(server->dialect))
1373 if (pneg_rsp->SecurityMode != cpu_to_le16(server->sec_mode))
1376 /* do not validate server guid because not saved at negprot time yet */
1378 if ((le32_to_cpu(pneg_rsp->Capabilities) | SMB2_NT_FIND |
1379 SMB2_LARGE_FILES) != server->capabilities)
1382 /* validate negotiate successful */
1384 cifs_dbg(FYI, "validate negotiate info successful\n");
1388 cifs_tcon_dbg(VFS, "protocol revalidation - security settings mismatch\n");
1397 smb2_select_sectype(struct TCP_Server_Info *server, enum securityEnum requested)
1399 switch (requested) {
1406 if (server->sec_ntlmssp &&
1407 (global_secflags & CIFSSEC_MAY_NTLMSSP))
1409 if ((server->sec_kerberos || server->sec_mskerberos) &&
1410 (global_secflags & CIFSSEC_MAY_KRB5))
1418 struct SMB2_sess_data {
1420 struct cifs_ses *ses;
1421 struct TCP_Server_Info *server;
1422 struct nls_table *nls_cp;
1423 void (*func)(struct SMB2_sess_data *);
1425 u64 previous_session;
1427 /* we will send the SMB in three pieces:
1428 * a fixed length beginning part, an optional
1429 * SPNEGO blob (which can be zero length), and a
1430 * last part which will include the strings
1431 * and rest of bcc area. This allows us to avoid
1432 * a large buffer 17K allocation
1439 SMB2_sess_alloc_buffer(struct SMB2_sess_data *sess_data)
1442 struct cifs_ses *ses = sess_data->ses;
1443 struct TCP_Server_Info *server = sess_data->server;
1444 struct smb2_sess_setup_req *req;
1445 unsigned int total_len;
1446 bool is_binding = false;
1448 rc = smb2_plain_req_init(SMB2_SESSION_SETUP, NULL, server,
1454 spin_lock(&ses->ses_lock);
1455 is_binding = (ses->ses_status == SES_GOOD);
1456 spin_unlock(&ses->ses_lock);
1459 req->hdr.SessionId = cpu_to_le64(ses->Suid);
1460 req->hdr.Flags |= SMB2_FLAGS_SIGNED;
1461 req->PreviousSessionId = 0;
1462 req->Flags = SMB2_SESSION_REQ_FLAG_BINDING;
1463 cifs_dbg(FYI, "Binding to sess id: %llx\n", ses->Suid);
1465 /* First session, not a reauthenticate */
1466 req->hdr.SessionId = 0;
1468 * if reconnect, we need to send previous sess id
1471 req->PreviousSessionId = cpu_to_le64(sess_data->previous_session);
1472 req->Flags = 0; /* MBZ */
1473 cifs_dbg(FYI, "Fresh session. Previous: %llx\n",
1474 sess_data->previous_session);
1477 /* enough to enable echos and oplocks and one max size write */
1478 if (server->credits >= server->max_credits)
1479 req->hdr.CreditRequest = cpu_to_le16(0);
1481 req->hdr.CreditRequest = cpu_to_le16(
1482 min_t(int, server->max_credits -
1483 server->credits, 130));
1485 /* only one of SMB2 signing flags may be set in SMB2 request */
1487 req->SecurityMode = SMB2_NEGOTIATE_SIGNING_REQUIRED;
1488 else if (global_secflags & CIFSSEC_MAY_SIGN) /* one flag unlike MUST_ */
1489 req->SecurityMode = SMB2_NEGOTIATE_SIGNING_ENABLED;
1491 req->SecurityMode = 0;
1493 #ifdef CONFIG_CIFS_DFS_UPCALL
1494 req->Capabilities = cpu_to_le32(SMB2_GLOBAL_CAP_DFS);
1496 req->Capabilities = 0;
1497 #endif /* DFS_UPCALL */
1499 req->Channel = 0; /* MBZ */
1501 sess_data->iov[0].iov_base = (char *)req;
1503 sess_data->iov[0].iov_len = total_len - 1;
1505 * This variable will be used to clear the buffer
1506 * allocated above in case of any error in the calling function.
1508 sess_data->buf0_type = CIFS_SMALL_BUFFER;
1514 SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
1516 struct kvec *iov = sess_data->iov;
1518 /* iov[1] is already freed by caller */
1519 if (sess_data->buf0_type != CIFS_NO_BUFFER && iov[0].iov_base)
1520 memzero_explicit(iov[0].iov_base, iov[0].iov_len);
1522 free_rsp_buf(sess_data->buf0_type, iov[0].iov_base);
1523 sess_data->buf0_type = CIFS_NO_BUFFER;
1527 SMB2_sess_sendreceive(struct SMB2_sess_data *sess_data)
1530 struct smb_rqst rqst;
1531 struct smb2_sess_setup_req *req = sess_data->iov[0].iov_base;
1532 struct kvec rsp_iov = { NULL, 0 };
1534 /* Testing shows that buffer offset must be at location of Buffer[0] */
1535 req->SecurityBufferOffset =
1536 cpu_to_le16(sizeof(struct smb2_sess_setup_req));
1537 req->SecurityBufferLength = cpu_to_le16(sess_data->iov[1].iov_len);
1539 memset(&rqst, 0, sizeof(struct smb_rqst));
1540 rqst.rq_iov = sess_data->iov;
1543 /* BB add code to build os and lm fields */
1544 rc = cifs_send_recv(sess_data->xid, sess_data->ses,
1547 &sess_data->buf0_type,
1548 CIFS_LOG_ERROR | CIFS_SESS_OP, &rsp_iov);
1549 cifs_small_buf_release(sess_data->iov[0].iov_base);
1551 sess_data->ses->expired_pwd = false;
1552 else if ((rc == -EACCES) || (rc == -EKEYEXPIRED) || (rc == -EKEYREVOKED))
1553 sess_data->ses->expired_pwd = true;
1555 memcpy(&sess_data->iov[0], &rsp_iov, sizeof(struct kvec));
1561 SMB2_sess_establish_session(struct SMB2_sess_data *sess_data)
1564 struct cifs_ses *ses = sess_data->ses;
1565 struct TCP_Server_Info *server = sess_data->server;
1567 cifs_server_lock(server);
1568 if (server->ops->generate_signingkey) {
1569 rc = server->ops->generate_signingkey(ses, server);
1572 "SMB3 session key generation failed\n");
1573 cifs_server_unlock(server);
1577 if (!server->session_estab) {
1578 server->sequence_number = 0x2;
1579 server->session_estab = true;
1581 cifs_server_unlock(server);
1583 cifs_dbg(FYI, "SMB2/3 session established successfully\n");
1587 #ifdef CONFIG_CIFS_UPCALL
1589 SMB2_auth_kerberos(struct SMB2_sess_data *sess_data)
1592 struct cifs_ses *ses = sess_data->ses;
1593 struct TCP_Server_Info *server = sess_data->server;
1594 struct cifs_spnego_msg *msg;
1595 struct key *spnego_key = NULL;
1596 struct smb2_sess_setup_rsp *rsp = NULL;
1597 bool is_binding = false;
1599 rc = SMB2_sess_alloc_buffer(sess_data);
1603 spnego_key = cifs_get_spnego_key(ses, server);
1604 if (IS_ERR(spnego_key)) {
1605 rc = PTR_ERR(spnego_key);
1607 cifs_dbg(VFS, "Verify user has a krb5 ticket and keyutils is installed\n");
1612 msg = spnego_key->payload.data[0];
1614 * check version field to make sure that cifs.upcall is
1615 * sending us a response in an expected form
1617 if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) {
1618 cifs_dbg(VFS, "bad cifs.upcall version. Expected %d got %d\n",
1619 CIFS_SPNEGO_UPCALL_VERSION, msg->version);
1621 goto out_put_spnego_key;
1624 spin_lock(&ses->ses_lock);
1625 is_binding = (ses->ses_status == SES_GOOD);
1626 spin_unlock(&ses->ses_lock);
1628 /* keep session key if binding */
1630 kfree_sensitive(ses->auth_key.response);
1631 ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len,
1633 if (!ses->auth_key.response) {
1634 cifs_dbg(VFS, "Kerberos can't allocate (%u bytes) memory\n",
1637 goto out_put_spnego_key;
1639 ses->auth_key.len = msg->sesskey_len;
1642 sess_data->iov[1].iov_base = msg->data + msg->sesskey_len;
1643 sess_data->iov[1].iov_len = msg->secblob_len;
1645 rc = SMB2_sess_sendreceive(sess_data);
1647 goto out_put_spnego_key;
1649 rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base;
1650 /* keep session id and flags if binding */
1652 ses->Suid = le64_to_cpu(rsp->hdr.SessionId);
1653 ses->session_flags = le16_to_cpu(rsp->SessionFlags);
1656 rc = SMB2_sess_establish_session(sess_data);
1658 key_invalidate(spnego_key);
1659 key_put(spnego_key);
1661 kfree_sensitive(ses->auth_key.response);
1662 ses->auth_key.response = NULL;
1663 ses->auth_key.len = 0;
1666 sess_data->result = rc;
1667 sess_data->func = NULL;
1668 SMB2_sess_free_buffer(sess_data);
1672 SMB2_auth_kerberos(struct SMB2_sess_data *sess_data)
1674 cifs_dbg(VFS, "Kerberos negotiated but upcall support disabled!\n");
1675 sess_data->result = -EOPNOTSUPP;
1676 sess_data->func = NULL;
1681 SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data *sess_data);
1684 SMB2_sess_auth_rawntlmssp_negotiate(struct SMB2_sess_data *sess_data)
1687 struct cifs_ses *ses = sess_data->ses;
1688 struct TCP_Server_Info *server = sess_data->server;
1689 struct smb2_sess_setup_rsp *rsp = NULL;
1690 unsigned char *ntlmssp_blob = NULL;
1691 bool use_spnego = false; /* else use raw ntlmssp */
1692 u16 blob_length = 0;
1693 bool is_binding = false;
1696 * If memory allocation is successful, caller of this function
1699 ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL);
1700 if (!ses->ntlmssp) {
1704 ses->ntlmssp->sesskey_per_smbsess = true;
1706 rc = SMB2_sess_alloc_buffer(sess_data);
1710 rc = build_ntlmssp_smb3_negotiate_blob(&ntlmssp_blob,
1711 &blob_length, ses, server,
1717 /* BB eventually need to add this */
1718 cifs_dbg(VFS, "spnego not supported for SMB2 yet\n");
1722 sess_data->iov[1].iov_base = ntlmssp_blob;
1723 sess_data->iov[1].iov_len = blob_length;
1725 rc = SMB2_sess_sendreceive(sess_data);
1726 rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base;
1728 /* If true, rc here is expected and not an error */
1729 if (sess_data->buf0_type != CIFS_NO_BUFFER &&
1730 rsp->hdr.Status == STATUS_MORE_PROCESSING_REQUIRED)
1736 if (offsetof(struct smb2_sess_setup_rsp, Buffer) !=
1737 le16_to_cpu(rsp->SecurityBufferOffset)) {
1738 cifs_dbg(VFS, "Invalid security buffer offset %d\n",
1739 le16_to_cpu(rsp->SecurityBufferOffset));
1743 rc = decode_ntlmssp_challenge(rsp->Buffer,
1744 le16_to_cpu(rsp->SecurityBufferLength), ses);
1748 cifs_dbg(FYI, "rawntlmssp session setup challenge phase\n");
1750 spin_lock(&ses->ses_lock);
1751 is_binding = (ses->ses_status == SES_GOOD);
1752 spin_unlock(&ses->ses_lock);
1754 /* keep existing ses id and flags if binding */
1756 ses->Suid = le64_to_cpu(rsp->hdr.SessionId);
1757 ses->session_flags = le16_to_cpu(rsp->SessionFlags);
1761 kfree_sensitive(ntlmssp_blob);
1762 SMB2_sess_free_buffer(sess_data);
1764 sess_data->result = 0;
1765 sess_data->func = SMB2_sess_auth_rawntlmssp_authenticate;
1769 kfree_sensitive(ses->ntlmssp);
1770 ses->ntlmssp = NULL;
1771 sess_data->result = rc;
1772 sess_data->func = NULL;
1776 SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data *sess_data)
1779 struct cifs_ses *ses = sess_data->ses;
1780 struct TCP_Server_Info *server = sess_data->server;
1781 struct smb2_sess_setup_req *req;
1782 struct smb2_sess_setup_rsp *rsp = NULL;
1783 unsigned char *ntlmssp_blob = NULL;
1784 bool use_spnego = false; /* else use raw ntlmssp */
1785 u16 blob_length = 0;
1786 bool is_binding = false;
1788 rc = SMB2_sess_alloc_buffer(sess_data);
1792 req = (struct smb2_sess_setup_req *) sess_data->iov[0].iov_base;
1793 req->hdr.SessionId = cpu_to_le64(ses->Suid);
1795 rc = build_ntlmssp_auth_blob(&ntlmssp_blob, &blob_length,
1799 cifs_dbg(FYI, "build_ntlmssp_auth_blob failed %d\n", rc);
1804 /* BB eventually need to add this */
1805 cifs_dbg(VFS, "spnego not supported for SMB2 yet\n");
1809 sess_data->iov[1].iov_base = ntlmssp_blob;
1810 sess_data->iov[1].iov_len = blob_length;
1812 rc = SMB2_sess_sendreceive(sess_data);
1816 rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base;
1818 spin_lock(&ses->ses_lock);
1819 is_binding = (ses->ses_status == SES_GOOD);
1820 spin_unlock(&ses->ses_lock);
1822 /* keep existing ses id and flags if binding */
1824 ses->Suid = le64_to_cpu(rsp->hdr.SessionId);
1825 ses->session_flags = le16_to_cpu(rsp->SessionFlags);
1828 rc = SMB2_sess_establish_session(sess_data);
1829 #ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS
1830 if (ses->server->dialect < SMB30_PROT_ID) {
1831 cifs_dbg(VFS, "%s: dumping generated SMB2 session keys\n", __func__);
1833 * The session id is opaque in terms of endianness, so we can't
1834 * print it as a long long. we dump it as we got it on the wire
1836 cifs_dbg(VFS, "Session Id %*ph\n", (int)sizeof(ses->Suid),
1838 cifs_dbg(VFS, "Session Key %*ph\n",
1839 SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response);
1840 cifs_dbg(VFS, "Signing Key %*ph\n",
1841 SMB3_SIGN_KEY_SIZE, ses->auth_key.response);
1845 kfree_sensitive(ntlmssp_blob);
1846 SMB2_sess_free_buffer(sess_data);
1847 kfree_sensitive(ses->ntlmssp);
1848 ses->ntlmssp = NULL;
1849 sess_data->result = rc;
1850 sess_data->func = NULL;
1854 SMB2_select_sec(struct SMB2_sess_data *sess_data)
1857 struct cifs_ses *ses = sess_data->ses;
1858 struct TCP_Server_Info *server = sess_data->server;
1860 type = smb2_select_sectype(server, ses->sectype);
1861 cifs_dbg(FYI, "sess setup type %d\n", type);
1862 if (type == Unspecified) {
1863 cifs_dbg(VFS, "Unable to select appropriate authentication method!\n");
1869 sess_data->func = SMB2_auth_kerberos;
1872 sess_data->func = SMB2_sess_auth_rawntlmssp_negotiate;
1875 cifs_dbg(VFS, "secType %d not supported!\n", type);
1883 SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses,
1884 struct TCP_Server_Info *server,
1885 const struct nls_table *nls_cp)
1888 struct SMB2_sess_data *sess_data;
1890 cifs_dbg(FYI, "Session Setup\n");
1893 WARN(1, "%s: server is NULL!\n", __func__);
1897 sess_data = kzalloc(sizeof(struct SMB2_sess_data), GFP_KERNEL);
1901 sess_data->xid = xid;
1902 sess_data->ses = ses;
1903 sess_data->server = server;
1904 sess_data->buf0_type = CIFS_NO_BUFFER;
1905 sess_data->nls_cp = (struct nls_table *) nls_cp;
1906 sess_data->previous_session = ses->Suid;
1908 rc = SMB2_select_sec(sess_data);
1913 * Initialize the session hash with the server one.
1915 memcpy(ses->preauth_sha_hash, server->preauth_sha_hash,
1916 SMB2_PREAUTH_HASH_SIZE);
1918 while (sess_data->func)
1919 sess_data->func(sess_data);
1921 if ((ses->session_flags & SMB2_SESSION_FLAG_IS_GUEST) && (ses->sign))
1922 cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
1923 rc = sess_data->result;
1925 kfree_sensitive(sess_data);
1930 SMB2_logoff(const unsigned int xid, struct cifs_ses *ses)
1932 struct smb_rqst rqst;
1933 struct smb2_logoff_req *req; /* response is also trivial struct */
1935 struct TCP_Server_Info *server;
1937 unsigned int total_len;
1939 struct kvec rsp_iov;
1942 cifs_dbg(FYI, "disconnect session %p\n", ses);
1944 if (ses && (ses->server))
1945 server = ses->server;
1949 /* no need to send SMB logoff if uid already closed due to reconnect */
1950 spin_lock(&ses->chan_lock);
1951 if (CIFS_ALL_CHANS_NEED_RECONNECT(ses)) {
1952 spin_unlock(&ses->chan_lock);
1953 goto smb2_session_already_dead;
1955 spin_unlock(&ses->chan_lock);
1957 rc = smb2_plain_req_init(SMB2_LOGOFF, NULL, ses->server,
1958 (void **) &req, &total_len);
1962 /* since no tcon, smb2_init can not do this, so do here */
1963 req->hdr.SessionId = cpu_to_le64(ses->Suid);
1965 if (ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA)
1966 flags |= CIFS_TRANSFORM_REQ;
1967 else if (server->sign)
1968 req->hdr.Flags |= SMB2_FLAGS_SIGNED;
1970 flags |= CIFS_NO_RSP_BUF;
1972 iov[0].iov_base = (char *)req;
1973 iov[0].iov_len = total_len;
1975 memset(&rqst, 0, sizeof(struct smb_rqst));
1979 rc = cifs_send_recv(xid, ses, ses->server,
1980 &rqst, &resp_buf_type, flags, &rsp_iov);
1981 cifs_small_buf_release(req);
1983 * No tcon so can't do
1984 * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
1987 smb2_session_already_dead:
1991 static inline void cifs_stats_fail_inc(struct cifs_tcon *tcon, uint16_t code)
1993 cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_failed[code]);
1996 #define MAX_SHARENAME_LENGTH (255 /* server */ + 80 /* share */ + 1 /* NULL */)
1998 /* These are similar values to what Windows uses */
1999 static inline void init_copy_chunk_defaults(struct cifs_tcon *tcon)
2001 tcon->max_chunks = 256;
2002 tcon->max_bytes_chunk = 1048576;
2003 tcon->max_bytes_copy = 16777216;
2007 SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree,
2008 struct cifs_tcon *tcon, const struct nls_table *cp)
2010 struct smb_rqst rqst;
2011 struct smb2_tree_connect_req *req;
2012 struct smb2_tree_connect_rsp *rsp = NULL;
2014 struct kvec rsp_iov = { NULL, 0 };
2018 __le16 *unc_path = NULL;
2020 unsigned int total_len;
2021 struct TCP_Server_Info *server = cifs_pick_channel(ses);
2023 cifs_dbg(FYI, "TCON\n");
2025 if (!server || !tree)
2028 unc_path = kmalloc(MAX_SHARENAME_LENGTH * 2, GFP_KERNEL);
2029 if (unc_path == NULL)
2032 unc_path_len = cifs_strtoUTF16(unc_path, tree, strlen(tree), cp);
2033 if (unc_path_len <= 0) {
2039 /* SMB2 TREE_CONNECT request must be called with TreeId == 0 */
2041 atomic_set(&tcon->num_remote_opens, 0);
2042 rc = smb2_plain_req_init(SMB2_TREE_CONNECT, tcon, server,
2043 (void **) &req, &total_len);
2049 if (smb3_encryption_required(tcon))
2050 flags |= CIFS_TRANSFORM_REQ;
2052 iov[0].iov_base = (char *)req;
2054 iov[0].iov_len = total_len - 1;
2056 /* Testing shows that buffer offset must be at location of Buffer[0] */
2057 req->PathOffset = cpu_to_le16(sizeof(struct smb2_tree_connect_req));
2058 req->PathLength = cpu_to_le16(unc_path_len);
2059 iov[1].iov_base = unc_path;
2060 iov[1].iov_len = unc_path_len;
2063 * 3.11 tcon req must be signed if not encrypted. See MS-SMB2 3.2.4.1.1
2064 * unless it is guest or anonymous user. See MS-SMB2 3.2.5.3.1
2065 * (Samba servers don't always set the flag so also check if null user)
2067 if ((server->dialect == SMB311_PROT_ID) &&
2068 !smb3_encryption_required(tcon) &&
2069 !(ses->session_flags &
2070 (SMB2_SESSION_FLAG_IS_GUEST|SMB2_SESSION_FLAG_IS_NULL)) &&
2071 ((ses->user_name != NULL) || (ses->sectype == Kerberos)))
2072 req->hdr.Flags |= SMB2_FLAGS_SIGNED;
2074 memset(&rqst, 0, sizeof(struct smb_rqst));
2078 /* Need 64 for max size write so ask for more in case not there yet */
2079 if (server->credits >= server->max_credits)
2080 req->hdr.CreditRequest = cpu_to_le16(0);
2082 req->hdr.CreditRequest = cpu_to_le16(
2083 min_t(int, server->max_credits -
2084 server->credits, 64));
2086 rc = cifs_send_recv(xid, ses, server,
2087 &rqst, &resp_buftype, flags, &rsp_iov);
2088 cifs_small_buf_release(req);
2089 rsp = (struct smb2_tree_connect_rsp *)rsp_iov.iov_base;
2090 trace_smb3_tcon(xid, tcon->tid, ses->Suid, tree, rc);
2091 if ((rc != 0) || (rsp == NULL)) {
2092 cifs_stats_fail_inc(tcon, SMB2_TREE_CONNECT_HE);
2093 tcon->need_reconnect = true;
2094 goto tcon_error_exit;
2097 switch (rsp->ShareType) {
2098 case SMB2_SHARE_TYPE_DISK:
2099 cifs_dbg(FYI, "connection to disk share\n");
2101 case SMB2_SHARE_TYPE_PIPE:
2103 cifs_dbg(FYI, "connection to pipe share\n");
2105 case SMB2_SHARE_TYPE_PRINT:
2107 cifs_dbg(FYI, "connection to printer\n");
2110 cifs_server_dbg(VFS, "unknown share type %d\n", rsp->ShareType);
2112 goto tcon_error_exit;
2115 tcon->share_flags = le32_to_cpu(rsp->ShareFlags);
2116 tcon->capabilities = rsp->Capabilities; /* we keep caps little endian */
2117 tcon->maximal_access = le32_to_cpu(rsp->MaximalAccess);
2118 tcon->tid = le32_to_cpu(rsp->hdr.Id.SyncId.TreeId);
2119 strscpy(tcon->tree_name, tree, sizeof(tcon->tree_name));
2121 if ((rsp->Capabilities & SMB2_SHARE_CAP_DFS) &&
2122 ((tcon->share_flags & SHI1005_FLAGS_DFS) == 0))
2123 cifs_tcon_dbg(VFS, "DFS capability contradicts DFS flag\n");
2126 !(server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION))
2127 cifs_tcon_dbg(VFS, "Encryption is requested but not supported\n");
2129 init_copy_chunk_defaults(tcon);
2130 if (server->ops->validate_negotiate)
2131 rc = server->ops->validate_negotiate(xid, tcon);
2132 if (rc == 0) /* See MS-SMB2 2.2.10 and 3.2.5.5 */
2133 if (tcon->share_flags & SMB2_SHAREFLAG_ISOLATED_TRANSPORT)
2134 server->nosharesock = true;
2137 free_rsp_buf(resp_buftype, rsp);
2142 if (rsp && rsp->hdr.Status == STATUS_BAD_NETWORK_NAME)
2143 cifs_tcon_dbg(VFS, "BAD_NETWORK_NAME: %s\n", tree);
2148 SMB2_tdis(const unsigned int xid, struct cifs_tcon *tcon)
2150 struct smb_rqst rqst;
2151 struct smb2_tree_disconnect_req *req; /* response is trivial */
2153 struct cifs_ses *ses = tcon->ses;
2154 struct TCP_Server_Info *server = cifs_pick_channel(ses);
2156 unsigned int total_len;
2158 struct kvec rsp_iov;
2161 cifs_dbg(FYI, "Tree Disconnect\n");
2163 if (!ses || !(ses->server))
2166 trace_smb3_tdis_enter(xid, tcon->tid, ses->Suid, tcon->tree_name);
2167 spin_lock(&ses->chan_lock);
2168 if ((tcon->need_reconnect) ||
2169 (CIFS_ALL_CHANS_NEED_RECONNECT(tcon->ses))) {
2170 spin_unlock(&ses->chan_lock);
2173 spin_unlock(&ses->chan_lock);
2175 invalidate_all_cached_dirs(tcon);
2177 rc = smb2_plain_req_init(SMB2_TREE_DISCONNECT, tcon, server,
2183 if (smb3_encryption_required(tcon))
2184 flags |= CIFS_TRANSFORM_REQ;
2186 flags |= CIFS_NO_RSP_BUF;
2188 iov[0].iov_base = (char *)req;
2189 iov[0].iov_len = total_len;
2191 memset(&rqst, 0, sizeof(struct smb_rqst));
2195 rc = cifs_send_recv(xid, ses, server,
2196 &rqst, &resp_buf_type, flags, &rsp_iov);
2197 cifs_small_buf_release(req);
2199 cifs_stats_fail_inc(tcon, SMB2_TREE_DISCONNECT_HE);
2200 trace_smb3_tdis_err(xid, tcon->tid, ses->Suid, rc);
2202 trace_smb3_tdis_done(xid, tcon->tid, ses->Suid);
2208 static struct create_durable *
2209 create_durable_buf(void)
2211 struct create_durable *buf;
2213 buf = kzalloc(sizeof(struct create_durable), GFP_KERNEL);
2217 buf->ccontext.DataOffset = cpu_to_le16(offsetof
2218 (struct create_durable, Data));
2219 buf->ccontext.DataLength = cpu_to_le32(16);
2220 buf->ccontext.NameOffset = cpu_to_le16(offsetof
2221 (struct create_durable, Name));
2222 buf->ccontext.NameLength = cpu_to_le16(4);
2223 /* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DHnQ" */
2231 static struct create_durable *
2232 create_reconnect_durable_buf(struct cifs_fid *fid)
2234 struct create_durable *buf;
2236 buf = kzalloc(sizeof(struct create_durable), GFP_KERNEL);
2240 buf->ccontext.DataOffset = cpu_to_le16(offsetof
2241 (struct create_durable, Data));
2242 buf->ccontext.DataLength = cpu_to_le32(16);
2243 buf->ccontext.NameOffset = cpu_to_le16(offsetof
2244 (struct create_durable, Name));
2245 buf->ccontext.NameLength = cpu_to_le16(4);
2246 buf->Data.Fid.PersistentFileId = fid->persistent_fid;
2247 buf->Data.Fid.VolatileFileId = fid->volatile_fid;
2248 /* SMB2_CREATE_DURABLE_HANDLE_RECONNECT is "DHnC" */
2257 parse_query_id_ctxt(struct create_context *cc, struct smb2_file_all_info *buf)
2259 struct create_disk_id_rsp *pdisk_id = (struct create_disk_id_rsp *)cc;
2261 cifs_dbg(FYI, "parse query id context 0x%llx 0x%llx\n",
2262 pdisk_id->DiskFileId, pdisk_id->VolumeId);
2263 buf->IndexNumber = pdisk_id->DiskFileId;
2267 parse_posix_ctxt(struct create_context *cc, struct smb2_file_all_info *info,
2268 struct create_posix_rsp *posix)
2271 u8 *beg = (u8 *)cc + le16_to_cpu(cc->DataOffset);
2272 u8 *end = beg + le32_to_cpu(cc->DataLength);
2275 memset(posix, 0, sizeof(*posix));
2277 posix->nlink = le32_to_cpu(*(__le32 *)(beg + 0));
2278 posix->reparse_tag = le32_to_cpu(*(__le32 *)(beg + 4));
2279 posix->mode = le32_to_cpu(*(__le32 *)(beg + 8));
2282 sid_len = posix_info_sid_size(sid, end);
2284 cifs_dbg(VFS, "bad owner sid in posix create response\n");
2287 memcpy(&posix->owner, sid, sid_len);
2289 sid = sid + sid_len;
2290 sid_len = posix_info_sid_size(sid, end);
2292 cifs_dbg(VFS, "bad group sid in posix create response\n");
2295 memcpy(&posix->group, sid, sid_len);
2297 cifs_dbg(FYI, "nlink=%d mode=%o reparse_tag=%x\n",
2298 posix->nlink, posix->mode, posix->reparse_tag);
2301 int smb2_parse_contexts(struct TCP_Server_Info *server,
2302 struct kvec *rsp_iov,
2303 unsigned int *epoch,
2304 char *lease_key, __u8 *oplock,
2305 struct smb2_file_all_info *buf,
2306 struct create_posix_rsp *posix)
2308 struct smb2_create_rsp *rsp = rsp_iov->iov_base;
2309 struct create_context *cc;
2310 size_t rem, off, len;
2314 static const char smb3_create_tag_posix[] = {
2315 0x93, 0xAD, 0x25, 0x50, 0x9C,
2316 0xB4, 0x11, 0xE7, 0xB4, 0x23, 0x83,
2317 0xDE, 0x96, 0x8B, 0xCD, 0x7C
2322 off = le32_to_cpu(rsp->CreateContextsOffset);
2323 rem = le32_to_cpu(rsp->CreateContextsLength);
2324 if (check_add_overflow(off, rem, &len) || len > rsp_iov->iov_len)
2326 cc = (struct create_context *)((u8 *)rsp + off);
2328 /* Initialize inode number to 0 in case no valid data in qfid context */
2330 buf->IndexNumber = 0;
2332 while (rem >= sizeof(*cc)) {
2333 doff = le16_to_cpu(cc->DataOffset);
2334 dlen = le32_to_cpu(cc->DataLength);
2335 if (check_add_overflow(doff, dlen, &len) || len > rem)
2338 noff = le16_to_cpu(cc->NameOffset);
2339 nlen = le16_to_cpu(cc->NameLength);
2340 if (noff + nlen > doff)
2343 name = (char *)cc + noff;
2346 if (!strncmp(name, SMB2_CREATE_REQUEST_LEASE, 4)) {
2347 *oplock = server->ops->parse_lease_buf(cc, epoch,
2350 !strncmp(name, SMB2_CREATE_QUERY_ON_DISK_ID, 4)) {
2351 parse_query_id_ctxt(cc, buf);
2355 if (posix && !memcmp(name, smb3_create_tag_posix, 16))
2356 parse_posix_ctxt(cc, buf, posix);
2359 cifs_dbg(FYI, "%s: unhandled context (nlen=%zu dlen=%zu)\n",
2360 __func__, nlen, dlen);
2361 if (IS_ENABLED(CONFIG_CIFS_DEBUG2))
2362 cifs_dump_mem("context data: ", cc, dlen);
2366 off = le32_to_cpu(cc->Next);
2369 if (check_sub_overflow(rem, off, &rem))
2371 cc = (struct create_context *)((u8 *)cc + off);
2374 if (rsp->OplockLevel != SMB2_OPLOCK_LEVEL_LEASE)
2375 *oplock = rsp->OplockLevel;
2381 add_lease_context(struct TCP_Server_Info *server,
2382 struct smb2_create_req *req,
2384 unsigned int *num_iovec, u8 *lease_key, __u8 *oplock)
2386 unsigned int num = *num_iovec;
2388 iov[num].iov_base = server->ops->create_lease_buf(lease_key, *oplock);
2389 if (iov[num].iov_base == NULL)
2391 iov[num].iov_len = server->vals->create_lease_size;
2392 req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_LEASE;
2393 *num_iovec = num + 1;
2397 static struct create_durable_v2 *
2398 create_durable_v2_buf(struct cifs_open_parms *oparms)
2400 struct cifs_fid *pfid = oparms->fid;
2401 struct create_durable_v2 *buf;
2403 buf = kzalloc(sizeof(struct create_durable_v2), GFP_KERNEL);
2407 buf->ccontext.DataOffset = cpu_to_le16(offsetof
2408 (struct create_durable_v2, dcontext));
2409 buf->ccontext.DataLength = cpu_to_le32(sizeof(struct durable_context_v2));
2410 buf->ccontext.NameOffset = cpu_to_le16(offsetof
2411 (struct create_durable_v2, Name));
2412 buf->ccontext.NameLength = cpu_to_le16(4);
2415 * NB: Handle timeout defaults to 0, which allows server to choose
2416 * (most servers default to 120 seconds) and most clients default to 0.
2417 * This can be overridden at mount ("handletimeout=") if the user wants
2418 * a different persistent (or resilient) handle timeout for all opens
2419 * on a particular SMB3 mount.
2421 buf->dcontext.Timeout = cpu_to_le32(oparms->tcon->handle_timeout);
2422 buf->dcontext.Flags = cpu_to_le32(SMB2_DHANDLE_FLAG_PERSISTENT);
2424 /* for replay, we should not overwrite the existing create guid */
2425 if (!oparms->replay) {
2426 generate_random_uuid(buf->dcontext.CreateGuid);
2427 memcpy(pfid->create_guid, buf->dcontext.CreateGuid, 16);
2429 memcpy(buf->dcontext.CreateGuid, pfid->create_guid, 16);
2431 /* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DH2Q" */
2439 static struct create_durable_handle_reconnect_v2 *
2440 create_reconnect_durable_v2_buf(struct cifs_fid *fid)
2442 struct create_durable_handle_reconnect_v2 *buf;
2444 buf = kzalloc(sizeof(struct create_durable_handle_reconnect_v2),
2449 buf->ccontext.DataOffset =
2450 cpu_to_le16(offsetof(struct create_durable_handle_reconnect_v2,
2452 buf->ccontext.DataLength =
2453 cpu_to_le32(sizeof(struct durable_reconnect_context_v2));
2454 buf->ccontext.NameOffset =
2455 cpu_to_le16(offsetof(struct create_durable_handle_reconnect_v2,
2457 buf->ccontext.NameLength = cpu_to_le16(4);
2459 buf->dcontext.Fid.PersistentFileId = fid->persistent_fid;
2460 buf->dcontext.Fid.VolatileFileId = fid->volatile_fid;
2461 buf->dcontext.Flags = cpu_to_le32(SMB2_DHANDLE_FLAG_PERSISTENT);
2462 memcpy(buf->dcontext.CreateGuid, fid->create_guid, 16);
2464 /* SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 is "DH2C" */
2473 add_durable_v2_context(struct kvec *iov, unsigned int *num_iovec,
2474 struct cifs_open_parms *oparms)
2476 unsigned int num = *num_iovec;
2478 iov[num].iov_base = create_durable_v2_buf(oparms);
2479 if (iov[num].iov_base == NULL)
2481 iov[num].iov_len = sizeof(struct create_durable_v2);
2482 *num_iovec = num + 1;
2487 add_durable_reconnect_v2_context(struct kvec *iov, unsigned int *num_iovec,
2488 struct cifs_open_parms *oparms)
2490 unsigned int num = *num_iovec;
2492 /* indicate that we don't need to relock the file */
2493 oparms->reconnect = false;
2495 iov[num].iov_base = create_reconnect_durable_v2_buf(oparms->fid);
2496 if (iov[num].iov_base == NULL)
2498 iov[num].iov_len = sizeof(struct create_durable_handle_reconnect_v2);
2499 *num_iovec = num + 1;
2504 add_durable_context(struct kvec *iov, unsigned int *num_iovec,
2505 struct cifs_open_parms *oparms, bool use_persistent)
2507 unsigned int num = *num_iovec;
2509 if (use_persistent) {
2510 if (oparms->reconnect)
2511 return add_durable_reconnect_v2_context(iov, num_iovec,
2514 return add_durable_v2_context(iov, num_iovec, oparms);
2517 if (oparms->reconnect) {
2518 iov[num].iov_base = create_reconnect_durable_buf(oparms->fid);
2519 /* indicate that we don't need to relock the file */
2520 oparms->reconnect = false;
2522 iov[num].iov_base = create_durable_buf();
2523 if (iov[num].iov_base == NULL)
2525 iov[num].iov_len = sizeof(struct create_durable);
2526 *num_iovec = num + 1;
2530 /* See MS-SMB2 2.2.13.2.7 */
2531 static struct crt_twarp_ctxt *
2532 create_twarp_buf(__u64 timewarp)
2534 struct crt_twarp_ctxt *buf;
2536 buf = kzalloc(sizeof(struct crt_twarp_ctxt), GFP_KERNEL);
2540 buf->ccontext.DataOffset = cpu_to_le16(offsetof
2541 (struct crt_twarp_ctxt, Timestamp));
2542 buf->ccontext.DataLength = cpu_to_le32(8);
2543 buf->ccontext.NameOffset = cpu_to_le16(offsetof
2544 (struct crt_twarp_ctxt, Name));
2545 buf->ccontext.NameLength = cpu_to_le16(4);
2546 /* SMB2_CREATE_TIMEWARP_TOKEN is "TWrp" */
2551 buf->Timestamp = cpu_to_le64(timewarp);
2555 /* See MS-SMB2 2.2.13.2.7 */
2557 add_twarp_context(struct kvec *iov, unsigned int *num_iovec, __u64 timewarp)
2559 unsigned int num = *num_iovec;
2561 iov[num].iov_base = create_twarp_buf(timewarp);
2562 if (iov[num].iov_base == NULL)
2564 iov[num].iov_len = sizeof(struct crt_twarp_ctxt);
2565 *num_iovec = num + 1;
2569 /* See http://technet.microsoft.com/en-us/library/hh509017(v=ws.10).aspx */
2570 static void setup_owner_group_sids(char *buf)
2572 struct owner_group_sids *sids = (struct owner_group_sids *)buf;
2574 /* Populate the user ownership fields S-1-5-88-1 */
2575 sids->owner.Revision = 1;
2576 sids->owner.NumAuth = 3;
2577 sids->owner.Authority[5] = 5;
2578 sids->owner.SubAuthorities[0] = cpu_to_le32(88);
2579 sids->owner.SubAuthorities[1] = cpu_to_le32(1);
2580 sids->owner.SubAuthorities[2] = cpu_to_le32(current_fsuid().val);
2582 /* Populate the group ownership fields S-1-5-88-2 */
2583 sids->group.Revision = 1;
2584 sids->group.NumAuth = 3;
2585 sids->group.Authority[5] = 5;
2586 sids->group.SubAuthorities[0] = cpu_to_le32(88);
2587 sids->group.SubAuthorities[1] = cpu_to_le32(2);
2588 sids->group.SubAuthorities[2] = cpu_to_le32(current_fsgid().val);
2590 cifs_dbg(FYI, "owner S-1-5-88-1-%d, group S-1-5-88-2-%d\n", current_fsuid().val, current_fsgid().val);
2593 /* See MS-SMB2 2.2.13.2.2 and MS-DTYP 2.4.6 */
2594 static struct crt_sd_ctxt *
2595 create_sd_buf(umode_t mode, bool set_owner, unsigned int *len)
2597 struct crt_sd_ctxt *buf;
2599 unsigned int acelen, acl_size, ace_count;
2600 unsigned int owner_offset = 0;
2601 unsigned int group_offset = 0;
2602 struct smb3_acl acl = {};
2604 *len = round_up(sizeof(struct crt_sd_ctxt) + (sizeof(struct cifs_ace) * 4), 8);
2607 /* sizeof(struct owner_group_sids) is already multiple of 8 so no need to round */
2608 *len += sizeof(struct owner_group_sids);
2611 buf = kzalloc(*len, GFP_KERNEL);
2615 ptr = (__u8 *)&buf[1];
2617 /* offset fields are from beginning of security descriptor not of create context */
2618 owner_offset = ptr - (__u8 *)&buf->sd;
2619 buf->sd.OffsetOwner = cpu_to_le32(owner_offset);
2620 group_offset = owner_offset + offsetof(struct owner_group_sids, group);
2621 buf->sd.OffsetGroup = cpu_to_le32(group_offset);
2623 setup_owner_group_sids(ptr);
2624 ptr += sizeof(struct owner_group_sids);
2626 buf->sd.OffsetOwner = 0;
2627 buf->sd.OffsetGroup = 0;
2630 buf->ccontext.DataOffset = cpu_to_le16(offsetof(struct crt_sd_ctxt, sd));
2631 buf->ccontext.NameOffset = cpu_to_le16(offsetof(struct crt_sd_ctxt, Name));
2632 buf->ccontext.NameLength = cpu_to_le16(4);
2633 /* SMB2_CREATE_SD_BUFFER_TOKEN is "SecD" */
2638 buf->sd.Revision = 1; /* Must be one see MS-DTYP 2.4.6 */
2641 * ACL is "self relative" ie ACL is stored in contiguous block of memory
2642 * and "DP" ie the DACL is present
2644 buf->sd.Control = cpu_to_le16(ACL_CONTROL_SR | ACL_CONTROL_DP);
2646 /* offset owner, group and Sbz1 and SACL are all zero */
2647 buf->sd.OffsetDacl = cpu_to_le32(ptr - (__u8 *)&buf->sd);
2648 /* Ship the ACL for now. we will copy it into buf later. */
2650 ptr += sizeof(struct smb3_acl);
2652 /* create one ACE to hold the mode embedded in reserved special SID */
2653 acelen = setup_special_mode_ACE((struct cifs_ace *)ptr, (__u64)mode);
2655 acl_size = acelen + sizeof(struct smb3_acl);
2659 /* we do not need to reallocate buffer to add the two more ACEs. plenty of space */
2660 acelen = setup_special_user_owner_ACE((struct cifs_ace *)ptr);
2666 /* and one more ACE to allow access for authenticated users */
2667 acelen = setup_authusers_ACE((struct cifs_ace *)ptr);
2672 acl.AclRevision = ACL_REVISION; /* See 2.4.4.1 of MS-DTYP */
2673 acl.AclSize = cpu_to_le16(acl_size);
2674 acl.AceCount = cpu_to_le16(ace_count);
2675 /* acl.Sbz1 and Sbz2 MBZ so are not set here, but initialized above */
2676 memcpy(aclptr, &acl, sizeof(struct smb3_acl));
2678 buf->ccontext.DataLength = cpu_to_le32(ptr - (__u8 *)&buf->sd);
2679 *len = round_up((unsigned int)(ptr - (__u8 *)buf), 8);
2685 add_sd_context(struct kvec *iov, unsigned int *num_iovec, umode_t mode, bool set_owner)
2687 unsigned int num = *num_iovec;
2688 unsigned int len = 0;
2690 iov[num].iov_base = create_sd_buf(mode, set_owner, &len);
2691 if (iov[num].iov_base == NULL)
2693 iov[num].iov_len = len;
2694 *num_iovec = num + 1;
2698 static struct crt_query_id_ctxt *
2699 create_query_id_buf(void)
2701 struct crt_query_id_ctxt *buf;
2703 buf = kzalloc(sizeof(struct crt_query_id_ctxt), GFP_KERNEL);
2707 buf->ccontext.DataOffset = cpu_to_le16(0);
2708 buf->ccontext.DataLength = cpu_to_le32(0);
2709 buf->ccontext.NameOffset = cpu_to_le16(offsetof
2710 (struct crt_query_id_ctxt, Name));
2711 buf->ccontext.NameLength = cpu_to_le16(4);
2712 /* SMB2_CREATE_QUERY_ON_DISK_ID is "QFid" */
2720 /* See MS-SMB2 2.2.13.2.9 */
2722 add_query_id_context(struct kvec *iov, unsigned int *num_iovec)
2724 unsigned int num = *num_iovec;
2726 iov[num].iov_base = create_query_id_buf();
2727 if (iov[num].iov_base == NULL)
2729 iov[num].iov_len = sizeof(struct crt_query_id_ctxt);
2730 *num_iovec = num + 1;
2734 static void add_ea_context(struct cifs_open_parms *oparms,
2735 struct kvec *rq_iov, unsigned int *num_iovs)
2737 struct kvec *iov = oparms->ea_cctx;
2739 if (iov && iov->iov_base && iov->iov_len) {
2740 rq_iov[(*num_iovs)++] = *iov;
2741 memset(iov, 0, sizeof(*iov));
2746 alloc_path_with_tree_prefix(__le16 **out_path, int *out_size, int *out_len,
2747 const char *treename, const __le16 *path)
2749 int treename_len, path_len;
2750 struct nls_table *cp;
2751 const __le16 sep[] = {cpu_to_le16('\\'), cpu_to_le16(0x0000)};
2756 treename_len = strlen(treename);
2757 if (treename_len < 2 || !(treename[0] == '\\' && treename[1] == '\\'))
2763 path_len = UniStrnlen((wchar_t *)path, PATH_MAX);
2765 /* make room for one path separator only if @path isn't empty */
2766 *out_len = treename_len + (path[0] ? 1 : 0) + path_len;
2769 * final path needs to be 8-byte aligned as specified in
2770 * MS-SMB2 2.2.13 SMB2 CREATE Request.
2772 *out_size = round_up(*out_len * sizeof(__le16), 8);
2773 *out_path = kzalloc(*out_size + sizeof(__le16) /* null */, GFP_KERNEL);
2777 cp = load_nls_default();
2778 cifs_strtoUTF16(*out_path, treename, treename_len, cp);
2780 /* Do not append the separator if the path is empty */
2781 if (path[0] != cpu_to_le16(0x0000)) {
2782 UniStrcat((wchar_t *)*out_path, (wchar_t *)sep);
2783 UniStrcat((wchar_t *)*out_path, (wchar_t *)path);
2791 int smb311_posix_mkdir(const unsigned int xid, struct inode *inode,
2792 umode_t mode, struct cifs_tcon *tcon,
2793 const char *full_path,
2794 struct cifs_sb_info *cifs_sb)
2796 struct smb_rqst rqst;
2797 struct smb2_create_req *req;
2798 struct smb2_create_rsp *rsp = NULL;
2799 struct cifs_ses *ses = tcon->ses;
2800 struct kvec iov[3]; /* make sure at least one for each open context */
2801 struct kvec rsp_iov = {NULL, 0};
2804 __le16 *copy_path = NULL;
2807 unsigned int n_iov = 2;
2808 __u32 file_attributes = 0;
2809 char *pc_buf = NULL;
2811 unsigned int total_len;
2812 __le16 *utf16_path = NULL;
2813 struct TCP_Server_Info *server;
2814 int retries = 0, cur_sleep = 1;
2817 /* reinitialize for possible replay */
2820 server = cifs_pick_channel(ses);
2822 cifs_dbg(FYI, "mkdir\n");
2824 /* resource #1: path allocation */
2825 utf16_path = cifs_convert_path_to_utf16(full_path, cifs_sb);
2829 if (!ses || !server) {
2834 /* resource #2: request */
2835 rc = smb2_plain_req_init(SMB2_CREATE, tcon, server,
2836 (void **) &req, &total_len);
2841 if (smb3_encryption_required(tcon))
2842 flags |= CIFS_TRANSFORM_REQ;
2844 req->ImpersonationLevel = IL_IMPERSONATION;
2845 req->DesiredAccess = cpu_to_le32(FILE_WRITE_ATTRIBUTES);
2846 /* File attributes ignored on open (used in create though) */
2847 req->FileAttributes = cpu_to_le32(file_attributes);
2848 req->ShareAccess = FILE_SHARE_ALL_LE;
2849 req->CreateDisposition = cpu_to_le32(FILE_CREATE);
2850 req->CreateOptions = cpu_to_le32(CREATE_NOT_FILE);
2852 iov[0].iov_base = (char *)req;
2853 /* -1 since last byte is buf[0] which is sent below (path) */
2854 iov[0].iov_len = total_len - 1;
2856 req->NameOffset = cpu_to_le16(sizeof(struct smb2_create_req));
2858 /* [MS-SMB2] 2.2.13 NameOffset:
2859 * If SMB2_FLAGS_DFS_OPERATIONS is set in the Flags field of
2860 * the SMB2 header, the file name includes a prefix that will
2861 * be processed during DFS name normalization as specified in
2862 * section 3.3.5.9. Otherwise, the file name is relative to
2863 * the share that is identified by the TreeId in the SMB2
2866 if (tcon->share_flags & SHI1005_FLAGS_DFS) {
2869 req->hdr.Flags |= SMB2_FLAGS_DFS_OPERATIONS;
2870 rc = alloc_path_with_tree_prefix(©_path, ©_size,
2872 tcon->tree_name, utf16_path);
2876 req->NameLength = cpu_to_le16(name_len * 2);
2877 uni_path_len = copy_size;
2878 /* free before overwriting resource */
2880 utf16_path = copy_path;
2882 uni_path_len = (2 * UniStrnlen((wchar_t *)utf16_path, PATH_MAX)) + 2;
2883 /* MUST set path len (NameLength) to 0 opening root of share */
2884 req->NameLength = cpu_to_le16(uni_path_len - 2);
2885 if (uni_path_len % 8 != 0) {
2886 copy_size = roundup(uni_path_len, 8);
2887 copy_path = kzalloc(copy_size, GFP_KERNEL);
2892 memcpy((char *)copy_path, (const char *)utf16_path,
2894 uni_path_len = copy_size;
2895 /* free before overwriting resource */
2897 utf16_path = copy_path;
2901 iov[1].iov_len = uni_path_len;
2902 iov[1].iov_base = utf16_path;
2903 req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_NONE;
2905 if (tcon->posix_extensions) {
2906 /* resource #3: posix buf */
2907 rc = add_posix_context(iov, &n_iov, mode);
2910 req->CreateContextsOffset = cpu_to_le32(
2911 sizeof(struct smb2_create_req) +
2913 pc_buf = iov[n_iov-1].iov_base;
2917 memset(&rqst, 0, sizeof(struct smb_rqst));
2919 rqst.rq_nvec = n_iov;
2921 /* no need to inc num_remote_opens because we close it just below */
2922 trace_smb3_posix_mkdir_enter(xid, tcon->tid, ses->Suid, full_path, CREATE_NOT_FILE,
2923 FILE_WRITE_ATTRIBUTES);
2926 smb2_set_replay(server, &rqst);
2928 /* resource #4: response buffer */
2929 rc = cifs_send_recv(xid, ses, server,
2930 &rqst, &resp_buftype, flags, &rsp_iov);
2932 cifs_stats_fail_inc(tcon, SMB2_CREATE_HE);
2933 trace_smb3_posix_mkdir_err(xid, tcon->tid, ses->Suid,
2935 FILE_WRITE_ATTRIBUTES, rc);
2936 goto err_free_rsp_buf;
2940 * Although unlikely to be possible for rsp to be null and rc not set,
2941 * adding check below is slightly safer long term (and quiets Coverity
2944 rsp = (struct smb2_create_rsp *)rsp_iov.iov_base;
2951 trace_smb3_posix_mkdir_done(xid, rsp->PersistentFileId, tcon->tid, ses->Suid,
2952 CREATE_NOT_FILE, FILE_WRITE_ATTRIBUTES);
2954 SMB2_close(xid, tcon, rsp->PersistentFileId, rsp->VolatileFileId);
2956 /* Eventually save off posix specific response info and timestaps */
2959 free_rsp_buf(resp_buftype, rsp);
2962 cifs_small_buf_release(req);
2966 if (is_replayable_error(rc) &&
2967 smb2_should_replay(tcon, &retries, &cur_sleep))
2974 SMB2_open_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server,
2975 struct smb_rqst *rqst, __u8 *oplock,
2976 struct cifs_open_parms *oparms, __le16 *path)
2978 struct smb2_create_req *req;
2979 unsigned int n_iov = 2;
2980 __u32 file_attributes = 0;
2983 unsigned int total_len;
2984 struct kvec *iov = rqst->rq_iov;
2988 rc = smb2_plain_req_init(SMB2_CREATE, tcon, server,
2989 (void **) &req, &total_len);
2993 iov[0].iov_base = (char *)req;
2994 /* -1 since last byte is buf[0] which is sent below (path) */
2995 iov[0].iov_len = total_len - 1;
2997 if (oparms->create_options & CREATE_OPTION_READONLY)
2998 file_attributes |= ATTR_READONLY;
2999 if (oparms->create_options & CREATE_OPTION_SPECIAL)
3000 file_attributes |= ATTR_SYSTEM;
3002 req->ImpersonationLevel = IL_IMPERSONATION;
3003 req->DesiredAccess = cpu_to_le32(oparms->desired_access);
3004 /* File attributes ignored on open (used in create though) */
3005 req->FileAttributes = cpu_to_le32(file_attributes);
3006 req->ShareAccess = FILE_SHARE_ALL_LE;
3008 req->CreateDisposition = cpu_to_le32(oparms->disposition);
3009 req->CreateOptions = cpu_to_le32(oparms->create_options & CREATE_OPTIONS_MASK);
3010 req->NameOffset = cpu_to_le16(sizeof(struct smb2_create_req));
3012 /* [MS-SMB2] 2.2.13 NameOffset:
3013 * If SMB2_FLAGS_DFS_OPERATIONS is set in the Flags field of
3014 * the SMB2 header, the file name includes a prefix that will
3015 * be processed during DFS name normalization as specified in
3016 * section 3.3.5.9. Otherwise, the file name is relative to
3017 * the share that is identified by the TreeId in the SMB2
3020 if (tcon->share_flags & SHI1005_FLAGS_DFS) {
3023 req->hdr.Flags |= SMB2_FLAGS_DFS_OPERATIONS;
3024 rc = alloc_path_with_tree_prefix(©_path, ©_size,
3026 tcon->tree_name, path);
3029 req->NameLength = cpu_to_le16(name_len * 2);
3030 uni_path_len = copy_size;
3033 uni_path_len = (2 * UniStrnlen((wchar_t *)path, PATH_MAX)) + 2;
3034 /* MUST set path len (NameLength) to 0 opening root of share */
3035 req->NameLength = cpu_to_le16(uni_path_len - 2);
3036 copy_size = round_up(uni_path_len, 8);
3037 copy_path = kzalloc(copy_size, GFP_KERNEL);
3040 memcpy((char *)copy_path, (const char *)path,
3042 uni_path_len = copy_size;
3046 iov[1].iov_len = uni_path_len;
3047 iov[1].iov_base = path;
3049 if ((!server->oplocks) || (tcon->no_lease))
3050 *oplock = SMB2_OPLOCK_LEVEL_NONE;
3052 if (!(server->capabilities & SMB2_GLOBAL_CAP_LEASING) ||
3053 *oplock == SMB2_OPLOCK_LEVEL_NONE)
3054 req->RequestedOplockLevel = *oplock;
3055 else if (!(server->capabilities & SMB2_GLOBAL_CAP_DIRECTORY_LEASING) &&
3056 (oparms->create_options & CREATE_NOT_FILE))
3057 req->RequestedOplockLevel = *oplock; /* no srv lease support */
3059 rc = add_lease_context(server, req, iov, &n_iov,
3060 oparms->fid->lease_key, oplock);
3065 if (*oplock == SMB2_OPLOCK_LEVEL_BATCH) {
3066 rc = add_durable_context(iov, &n_iov, oparms,
3067 tcon->use_persistent);
3072 if (tcon->posix_extensions) {
3073 rc = add_posix_context(iov, &n_iov, oparms->mode);
3078 if (tcon->snapshot_time) {
3079 cifs_dbg(FYI, "adding snapshot context\n");
3080 rc = add_twarp_context(iov, &n_iov, tcon->snapshot_time);
3085 if ((oparms->disposition != FILE_OPEN) && (oparms->cifs_sb)) {
3089 if ((oparms->cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MODE_FROM_SID) &&
3090 (oparms->mode != ACL_NO_MODE))
3094 oparms->mode = ACL_NO_MODE;
3097 if (oparms->cifs_sb->mnt_cifs_flags & CIFS_MOUNT_UID_FROM_ACL)
3102 if (set_owner | set_mode) {
3103 cifs_dbg(FYI, "add sd with mode 0x%x\n", oparms->mode);
3104 rc = add_sd_context(iov, &n_iov, oparms->mode, set_owner);
3110 add_query_id_context(iov, &n_iov);
3111 add_ea_context(oparms, iov, &n_iov);
3115 * We have create contexts behind iov[1] (the file
3116 * name), point at them from the main create request
3118 req->CreateContextsOffset = cpu_to_le32(
3119 sizeof(struct smb2_create_req) +
3121 req->CreateContextsLength = 0;
3123 for (unsigned int i = 2; i < (n_iov-1); i++) {
3124 struct kvec *v = &iov[i];
3125 size_t len = v->iov_len;
3126 struct create_context *cctx =
3127 (struct create_context *)v->iov_base;
3129 cctx->Next = cpu_to_le32(len);
3130 le32_add_cpu(&req->CreateContextsLength, len);
3132 le32_add_cpu(&req->CreateContextsLength,
3133 iov[n_iov-1].iov_len);
3136 rqst->rq_nvec = n_iov;
3140 /* rq_iov[0] is the request and is released by cifs_small_buf_release().
3141 * All other vectors are freed by kfree().
3144 SMB2_open_free(struct smb_rqst *rqst)
3148 if (rqst && rqst->rq_iov) {
3149 cifs_small_buf_release(rqst->rq_iov[0].iov_base);
3150 for (i = 1; i < rqst->rq_nvec; i++)
3151 if (rqst->rq_iov[i].iov_base != smb2_padding)
3152 kfree(rqst->rq_iov[i].iov_base);
3157 SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
3158 __u8 *oplock, struct smb2_file_all_info *buf,
3159 struct create_posix_rsp *posix,
3160 struct kvec *err_iov, int *buftype)
3162 struct smb_rqst rqst;
3163 struct smb2_create_rsp *rsp = NULL;
3164 struct cifs_tcon *tcon = oparms->tcon;
3165 struct cifs_ses *ses = tcon->ses;
3166 struct TCP_Server_Info *server;
3167 struct kvec iov[SMB2_CREATE_IOV_SIZE];
3168 struct kvec rsp_iov = {NULL, 0};
3169 int resp_buftype = CIFS_NO_BUFFER;
3172 int retries = 0, cur_sleep = 1;
3175 /* reinitialize for possible replay */
3177 server = cifs_pick_channel(ses);
3178 oparms->replay = !!(retries);
3180 cifs_dbg(FYI, "create/open\n");
3181 if (!ses || !server)
3184 if (smb3_encryption_required(tcon))
3185 flags |= CIFS_TRANSFORM_REQ;
3187 memset(&rqst, 0, sizeof(struct smb_rqst));
3188 memset(&iov, 0, sizeof(iov));
3190 rqst.rq_nvec = SMB2_CREATE_IOV_SIZE;
3192 rc = SMB2_open_init(tcon, server,
3193 &rqst, oplock, oparms, path);
3197 trace_smb3_open_enter(xid, tcon->tid, tcon->ses->Suid, oparms->path,
3198 oparms->create_options, oparms->desired_access);
3201 smb2_set_replay(server, &rqst);
3203 rc = cifs_send_recv(xid, ses, server,
3204 &rqst, &resp_buftype, flags,
3206 rsp = (struct smb2_create_rsp *)rsp_iov.iov_base;
3209 cifs_stats_fail_inc(tcon, SMB2_CREATE_HE);
3210 if (err_iov && rsp) {
3212 *buftype = resp_buftype;
3213 resp_buftype = CIFS_NO_BUFFER;
3216 trace_smb3_open_err(xid, tcon->tid, ses->Suid,
3217 oparms->create_options, oparms->desired_access, rc);
3218 if (rc == -EREMCHG) {
3219 pr_warn_once("server share %s deleted\n",
3221 tcon->need_reconnect = true;
3224 } else if (rsp == NULL) /* unlikely to happen, but safer to check */
3227 trace_smb3_open_done(xid, rsp->PersistentFileId, tcon->tid, ses->Suid,
3228 oparms->create_options, oparms->desired_access);
3230 atomic_inc(&tcon->num_remote_opens);
3231 oparms->fid->persistent_fid = rsp->PersistentFileId;
3232 oparms->fid->volatile_fid = rsp->VolatileFileId;
3233 oparms->fid->access = oparms->desired_access;
3234 #ifdef CONFIG_CIFS_DEBUG2
3235 oparms->fid->mid = le64_to_cpu(rsp->hdr.MessageId);
3236 #endif /* CIFS_DEBUG2 */
3239 buf->CreationTime = rsp->CreationTime;
3240 buf->LastAccessTime = rsp->LastAccessTime;
3241 buf->LastWriteTime = rsp->LastWriteTime;
3242 buf->ChangeTime = rsp->ChangeTime;
3243 buf->AllocationSize = rsp->AllocationSize;
3244 buf->EndOfFile = rsp->EndofFile;
3245 buf->Attributes = rsp->FileAttributes;
3246 buf->NumberOfLinks = cpu_to_le32(1);
3247 buf->DeletePending = 0;
3251 rc = smb2_parse_contexts(server, &rsp_iov, &oparms->fid->epoch,
3252 oparms->fid->lease_key, oplock, buf, posix);
3254 SMB2_open_free(&rqst);
3255 free_rsp_buf(resp_buftype, rsp);
3257 if (is_replayable_error(rc) &&
3258 smb2_should_replay(tcon, &retries, &cur_sleep))
3265 SMB2_ioctl_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server,
3266 struct smb_rqst *rqst,
3267 u64 persistent_fid, u64 volatile_fid, u32 opcode,
3268 char *in_data, u32 indatalen,
3269 __u32 max_response_size)
3271 struct smb2_ioctl_req *req;
3272 struct kvec *iov = rqst->rq_iov;
3273 unsigned int total_len;
3277 rc = smb2_ioctl_req_init(opcode, tcon, server,
3278 (void **) &req, &total_len);
3284 * indatalen is usually small at a couple of bytes max, so
3285 * just allocate through generic pool
3287 in_data_buf = kmemdup(in_data, indatalen, GFP_NOFS);
3289 cifs_small_buf_release(req);
3294 req->CtlCode = cpu_to_le32(opcode);
3295 req->PersistentFileId = persistent_fid;
3296 req->VolatileFileId = volatile_fid;
3298 iov[0].iov_base = (char *)req;
3300 * If no input data, the size of ioctl struct in
3301 * protocol spec still includes a 1 byte data buffer,
3302 * but if input data passed to ioctl, we do not
3303 * want to double count this, so we do not send
3304 * the dummy one byte of data in iovec[0] if sending
3305 * input data (in iovec[1]).
3308 req->InputCount = cpu_to_le32(indatalen);
3309 /* do not set InputOffset if no input data */
3311 cpu_to_le32(offsetof(struct smb2_ioctl_req, Buffer));
3313 iov[0].iov_len = total_len - 1;
3314 iov[1].iov_base = in_data_buf;
3315 iov[1].iov_len = indatalen;
3318 iov[0].iov_len = total_len;
3321 req->OutputOffset = 0;
3322 req->OutputCount = 0; /* MBZ */
3325 * In most cases max_response_size is set to 16K (CIFSMaxBufSize)
3326 * We Could increase default MaxOutputResponse, but that could require
3327 * more credits. Windows typically sets this smaller, but for some
3328 * ioctls it may be useful to allow server to send more. No point
3329 * limiting what the server can send as long as fits in one credit
3330 * We can not handle more than CIFS_MAX_BUF_SIZE yet but may want
3331 * to increase this limit up in the future.
3332 * Note that for snapshot queries that servers like Azure expect that
3333 * the first query be minimal size (and just used to get the number/size
3334 * of previous versions) so response size must be specified as EXACTLY
3335 * sizeof(struct snapshot_array) which is 16 when rounded up to multiple
3336 * of eight bytes. Currently that is the only case where we set max
3337 * response size smaller.
3339 req->MaxOutputResponse = cpu_to_le32(max_response_size);
3340 req->hdr.CreditCharge =
3341 cpu_to_le16(DIV_ROUND_UP(max(indatalen, max_response_size),
3342 SMB2_MAX_BUFFER_SIZE));
3343 /* always an FSCTL (for now) */
3344 req->Flags = cpu_to_le32(SMB2_0_IOCTL_IS_FSCTL);
3346 /* validate negotiate request must be signed - see MS-SMB2 3.2.5.5 */
3347 if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO)
3348 req->hdr.Flags |= SMB2_FLAGS_SIGNED;
3354 SMB2_ioctl_free(struct smb_rqst *rqst)
3358 if (rqst && rqst->rq_iov) {
3359 cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */
3360 for (i = 1; i < rqst->rq_nvec; i++)
3361 if (rqst->rq_iov[i].iov_base != smb2_padding)
3362 kfree(rqst->rq_iov[i].iov_base);
3368 * SMB2 IOCTL is used for both IOCTLs and FSCTLs
3371 SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
3372 u64 volatile_fid, u32 opcode, char *in_data, u32 indatalen,
3373 u32 max_out_data_len, char **out_data,
3374 u32 *plen /* returned data len */)
3376 struct smb_rqst rqst;
3377 struct smb2_ioctl_rsp *rsp = NULL;
3378 struct cifs_ses *ses;
3379 struct TCP_Server_Info *server;
3380 struct kvec iov[SMB2_IOCTL_IOV_SIZE];
3381 struct kvec rsp_iov = {NULL, 0};
3382 int resp_buftype = CIFS_NO_BUFFER;
3385 int retries = 0, cur_sleep = 1;
3395 /* reinitialize for possible replay */
3397 server = cifs_pick_channel(ses);
3402 cifs_dbg(FYI, "SMB2 IOCTL\n");
3404 if (out_data != NULL)
3407 /* zero out returned data len, in case of error */
3411 if (smb3_encryption_required(tcon))
3412 flags |= CIFS_TRANSFORM_REQ;
3414 memset(&rqst, 0, sizeof(struct smb_rqst));
3415 memset(&iov, 0, sizeof(iov));
3417 rqst.rq_nvec = SMB2_IOCTL_IOV_SIZE;
3419 rc = SMB2_ioctl_init(tcon, server,
3420 &rqst, persistent_fid, volatile_fid, opcode,
3421 in_data, indatalen, max_out_data_len);
3426 smb2_set_replay(server, &rqst);
3428 rc = cifs_send_recv(xid, ses, server,
3429 &rqst, &resp_buftype, flags,
3431 rsp = (struct smb2_ioctl_rsp *)rsp_iov.iov_base;
3434 trace_smb3_fsctl_err(xid, persistent_fid, tcon->tid,
3435 ses->Suid, 0, opcode, rc);
3437 if ((rc != 0) && (rc != -EINVAL) && (rc != -E2BIG)) {
3438 cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE);
3440 } else if (rc == -EINVAL) {
3441 if ((opcode != FSCTL_SRV_COPYCHUNK_WRITE) &&
3442 (opcode != FSCTL_SRV_COPYCHUNK)) {
3443 cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE);
3446 } else if (rc == -E2BIG) {
3447 if (opcode != FSCTL_QUERY_ALLOCATED_RANGES) {
3448 cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE);
3453 /* check if caller wants to look at return data or just return rc */
3454 if ((plen == NULL) || (out_data == NULL))
3458 * Although unlikely to be possible for rsp to be null and rc not set,
3459 * adding check below is slightly safer long term (and quiets Coverity
3467 *plen = le32_to_cpu(rsp->OutputCount);
3469 /* We check for obvious errors in the output buffer length and offset */
3471 goto ioctl_exit; /* server returned no data */
3472 else if (*plen > rsp_iov.iov_len || *plen > 0xFF00) {
3473 cifs_tcon_dbg(VFS, "srv returned invalid ioctl length: %d\n", *plen);
3479 if (rsp_iov.iov_len - *plen < le32_to_cpu(rsp->OutputOffset)) {
3480 cifs_tcon_dbg(VFS, "Malformed ioctl resp: len %d offset %d\n", *plen,
3481 le32_to_cpu(rsp->OutputOffset));
3487 *out_data = kmemdup((char *)rsp + le32_to_cpu(rsp->OutputOffset),
3489 if (*out_data == NULL) {
3495 SMB2_ioctl_free(&rqst);
3496 free_rsp_buf(resp_buftype, rsp);
3498 if (is_replayable_error(rc) &&
3499 smb2_should_replay(tcon, &retries, &cur_sleep))
3506 * Individual callers to ioctl worker function follow
3510 SMB2_set_compression(const unsigned int xid, struct cifs_tcon *tcon,
3511 u64 persistent_fid, u64 volatile_fid)
3514 struct compress_ioctl fsctl_input;
3515 char *ret_data = NULL;
3517 fsctl_input.CompressionState =
3518 cpu_to_le16(COMPRESSION_FORMAT_DEFAULT);
3520 rc = SMB2_ioctl(xid, tcon, persistent_fid, volatile_fid,
3521 FSCTL_SET_COMPRESSION,
3522 (char *)&fsctl_input /* data input */,
3523 2 /* in data len */, CIFSMaxBufSize /* max out data */,
3524 &ret_data /* out data */, NULL);
3526 cifs_dbg(FYI, "set compression rc %d\n", rc);
3532 SMB2_close_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server,
3533 struct smb_rqst *rqst,
3534 u64 persistent_fid, u64 volatile_fid, bool query_attrs)
3536 struct smb2_close_req *req;
3537 struct kvec *iov = rqst->rq_iov;
3538 unsigned int total_len;
3541 rc = smb2_plain_req_init(SMB2_CLOSE, tcon, server,
3542 (void **) &req, &total_len);
3546 req->PersistentFileId = persistent_fid;
3547 req->VolatileFileId = volatile_fid;
3549 req->Flags = SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB;
3552 iov[0].iov_base = (char *)req;
3553 iov[0].iov_len = total_len;
3559 SMB2_close_free(struct smb_rqst *rqst)
3561 if (rqst && rqst->rq_iov)
3562 cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */
3566 __SMB2_close(const unsigned int xid, struct cifs_tcon *tcon,
3567 u64 persistent_fid, u64 volatile_fid,
3568 struct smb2_file_network_open_info *pbuf)
3570 struct smb_rqst rqst;
3571 struct smb2_close_rsp *rsp = NULL;
3572 struct cifs_ses *ses = tcon->ses;
3573 struct TCP_Server_Info *server;
3575 struct kvec rsp_iov;
3576 int resp_buftype = CIFS_NO_BUFFER;
3579 bool query_attrs = false;
3580 int retries = 0, cur_sleep = 1;
3583 /* reinitialize for possible replay */
3585 query_attrs = false;
3586 server = cifs_pick_channel(ses);
3588 cifs_dbg(FYI, "Close\n");
3590 if (!ses || !server)
3593 if (smb3_encryption_required(tcon))
3594 flags |= CIFS_TRANSFORM_REQ;
3596 memset(&rqst, 0, sizeof(struct smb_rqst));
3597 memset(&iov, 0, sizeof(iov));
3601 /* check if need to ask server to return timestamps in close response */
3605 trace_smb3_close_enter(xid, persistent_fid, tcon->tid, ses->Suid);
3606 rc = SMB2_close_init(tcon, server,
3607 &rqst, persistent_fid, volatile_fid,
3613 smb2_set_replay(server, &rqst);
3615 rc = cifs_send_recv(xid, ses, server,
3616 &rqst, &resp_buftype, flags, &rsp_iov);
3617 rsp = (struct smb2_close_rsp *)rsp_iov.iov_base;
3620 cifs_stats_fail_inc(tcon, SMB2_CLOSE_HE);
3621 trace_smb3_close_err(xid, persistent_fid, tcon->tid, ses->Suid,
3625 trace_smb3_close_done(xid, persistent_fid, tcon->tid,
3628 memcpy(&pbuf->network_open_info,
3629 &rsp->network_open_info,
3630 sizeof(pbuf->network_open_info));
3633 atomic_dec(&tcon->num_remote_opens);
3635 SMB2_close_free(&rqst);
3636 free_rsp_buf(resp_buftype, rsp);
3638 /* retry close in a worker thread if this one is interrupted */
3639 if (is_interrupt_error(rc)) {
3642 tmp_rc = smb2_handle_cancelled_close(tcon, persistent_fid,
3645 cifs_dbg(VFS, "handle cancelled close fid 0x%llx returned error %d\n",
3646 persistent_fid, tmp_rc);
3649 if (is_replayable_error(rc) &&
3650 smb2_should_replay(tcon, &retries, &cur_sleep))
3657 SMB2_close(const unsigned int xid, struct cifs_tcon *tcon,
3658 u64 persistent_fid, u64 volatile_fid)
3660 return __SMB2_close(xid, tcon, persistent_fid, volatile_fid, NULL);
3664 smb2_validate_iov(unsigned int offset, unsigned int buffer_length,
3665 struct kvec *iov, unsigned int min_buf_size)
3667 unsigned int smb_len = iov->iov_len;
3668 char *end_of_smb = smb_len + (char *)iov->iov_base;
3669 char *begin_of_buf = offset + (char *)iov->iov_base;
3670 char *end_of_buf = begin_of_buf + buffer_length;
3673 if (buffer_length < min_buf_size) {
3674 cifs_dbg(VFS, "buffer length %d smaller than minimum size %d\n",
3675 buffer_length, min_buf_size);
3679 /* check if beyond RFC1001 maximum length */
3680 if ((smb_len > 0x7FFFFF) || (buffer_length > 0x7FFFFF)) {
3681 cifs_dbg(VFS, "buffer length %d or smb length %d too large\n",
3682 buffer_length, smb_len);
3686 if ((begin_of_buf > end_of_smb) || (end_of_buf > end_of_smb)) {
3687 cifs_dbg(VFS, "Invalid server response, bad offset to data\n");
3695 * If SMB buffer fields are valid, copy into temporary buffer to hold result.
3696 * Caller must free buffer.
3699 smb2_validate_and_copy_iov(unsigned int offset, unsigned int buffer_length,
3700 struct kvec *iov, unsigned int minbufsize,
3703 char *begin_of_buf = offset + (char *)iov->iov_base;
3709 rc = smb2_validate_iov(offset, buffer_length, iov, minbufsize);
3713 memcpy(data, begin_of_buf, minbufsize);
3719 SMB2_query_info_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server,
3720 struct smb_rqst *rqst,
3721 u64 persistent_fid, u64 volatile_fid,
3722 u8 info_class, u8 info_type, u32 additional_info,
3723 size_t output_len, size_t input_len, void *input)
3725 struct smb2_query_info_req *req;
3726 struct kvec *iov = rqst->rq_iov;
3727 unsigned int total_len;
3731 if (unlikely(check_add_overflow(input_len, sizeof(*req), &len) ||
3732 len > CIFSMaxBufSize))
3735 rc = smb2_plain_req_init(SMB2_QUERY_INFO, tcon, server,
3736 (void **) &req, &total_len);
3740 req->InfoType = info_type;
3741 req->FileInfoClass = info_class;
3742 req->PersistentFileId = persistent_fid;
3743 req->VolatileFileId = volatile_fid;
3744 req->AdditionalInformation = cpu_to_le32(additional_info);
3746 req->OutputBufferLength = cpu_to_le32(output_len);
3748 req->InputBufferLength = cpu_to_le32(input_len);
3749 /* total_len for smb query request never close to le16 max */
3750 req->InputBufferOffset = cpu_to_le16(total_len - 1);
3751 memcpy(req->Buffer, input, input_len);
3754 iov[0].iov_base = (char *)req;
3756 iov[0].iov_len = len;
3761 SMB2_query_info_free(struct smb_rqst *rqst)
3763 if (rqst && rqst->rq_iov)
3764 cifs_buf_release(rqst->rq_iov[0].iov_base); /* request */
3768 query_info(const unsigned int xid, struct cifs_tcon *tcon,
3769 u64 persistent_fid, u64 volatile_fid, u8 info_class, u8 info_type,
3770 u32 additional_info, size_t output_len, size_t min_len, void **data,
3773 struct smb_rqst rqst;
3774 struct smb2_query_info_rsp *rsp = NULL;
3776 struct kvec rsp_iov;
3778 int resp_buftype = CIFS_NO_BUFFER;
3779 struct cifs_ses *ses = tcon->ses;
3780 struct TCP_Server_Info *server;
3782 bool allocated = false;
3783 int retries = 0, cur_sleep = 1;
3785 cifs_dbg(FYI, "Query Info\n");
3791 /* reinitialize for possible replay */
3794 server = cifs_pick_channel(ses);
3799 if (smb3_encryption_required(tcon))
3800 flags |= CIFS_TRANSFORM_REQ;
3802 memset(&rqst, 0, sizeof(struct smb_rqst));
3803 memset(&iov, 0, sizeof(iov));
3807 rc = SMB2_query_info_init(tcon, server,
3808 &rqst, persistent_fid, volatile_fid,
3809 info_class, info_type, additional_info,
3810 output_len, 0, NULL);
3814 trace_smb3_query_info_enter(xid, persistent_fid, tcon->tid,
3815 ses->Suid, info_class, (__u32)info_type);
3818 smb2_set_replay(server, &rqst);
3820 rc = cifs_send_recv(xid, ses, server,
3821 &rqst, &resp_buftype, flags, &rsp_iov);
3822 rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base;
3825 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
3826 trace_smb3_query_info_err(xid, persistent_fid, tcon->tid,
3827 ses->Suid, info_class, (__u32)info_type, rc);
3831 trace_smb3_query_info_done(xid, persistent_fid, tcon->tid,
3832 ses->Suid, info_class, (__u32)info_type);
3835 *dlen = le32_to_cpu(rsp->OutputBufferLength);
3837 *data = kmalloc(*dlen, GFP_KERNEL);
3840 "Error %d allocating memory for acl\n",
3850 rc = smb2_validate_and_copy_iov(le16_to_cpu(rsp->OutputBufferOffset),
3851 le32_to_cpu(rsp->OutputBufferLength),
3852 &rsp_iov, dlen ? *dlen : min_len, *data);
3853 if (rc && allocated) {
3860 SMB2_query_info_free(&rqst);
3861 free_rsp_buf(resp_buftype, rsp);
3863 if (is_replayable_error(rc) &&
3864 smb2_should_replay(tcon, &retries, &cur_sleep))
3870 int SMB2_query_info(const unsigned int xid, struct cifs_tcon *tcon,
3871 u64 persistent_fid, u64 volatile_fid, struct smb2_file_all_info *data)
3873 return query_info(xid, tcon, persistent_fid, volatile_fid,
3874 FILE_ALL_INFORMATION, SMB2_O_INFO_FILE, 0,
3875 sizeof(struct smb2_file_all_info) + PATH_MAX * 2,
3876 sizeof(struct smb2_file_all_info), (void **)&data,
3881 /* currently unused, as now we are doing compounding instead (see smb311_posix_query_path_info) */
3883 SMB311_posix_query_info(const unsigned int xid, struct cifs_tcon *tcon,
3884 u64 persistent_fid, u64 volatile_fid, struct smb311_posix_qinfo *data, u32 *plen)
3886 size_t output_len = sizeof(struct smb311_posix_qinfo *) +
3887 (sizeof(struct cifs_sid) * 2) + (PATH_MAX * 2);
3890 return query_info(xid, tcon, persistent_fid, volatile_fid,
3891 SMB_FIND_FILE_POSIX_INFO, SMB2_O_INFO_FILE, 0,
3892 output_len, sizeof(struct smb311_posix_qinfo), (void **)&data, plen);
3893 /* Note caller must free "data" (passed in above). It may be allocated in query_info call */
3898 SMB2_query_acl(const unsigned int xid, struct cifs_tcon *tcon,
3899 u64 persistent_fid, u64 volatile_fid,
3900 void **data, u32 *plen, u32 extra_info)
3902 __u32 additional_info = OWNER_SECINFO | GROUP_SECINFO | DACL_SECINFO |
3906 return query_info(xid, tcon, persistent_fid, volatile_fid,
3907 0, SMB2_O_INFO_SECURITY, additional_info,
3908 SMB2_MAX_BUFFER_SIZE, MIN_SEC_DESC_LEN, data, plen);
3912 SMB2_get_srv_num(const unsigned int xid, struct cifs_tcon *tcon,
3913 u64 persistent_fid, u64 volatile_fid, __le64 *uniqueid)
3915 return query_info(xid, tcon, persistent_fid, volatile_fid,
3916 FILE_INTERNAL_INFORMATION, SMB2_O_INFO_FILE, 0,
3917 sizeof(struct smb2_file_internal_info),
3918 sizeof(struct smb2_file_internal_info),
3919 (void **)&uniqueid, NULL);
3923 * CHANGE_NOTIFY Request is sent to get notifications on changes to a directory
3924 * See MS-SMB2 2.2.35 and 2.2.36
3928 SMB2_notify_init(const unsigned int xid, struct smb_rqst *rqst,
3929 struct cifs_tcon *tcon, struct TCP_Server_Info *server,
3930 u64 persistent_fid, u64 volatile_fid,
3931 u32 completion_filter, bool watch_tree)
3933 struct smb2_change_notify_req *req;
3934 struct kvec *iov = rqst->rq_iov;
3935 unsigned int total_len;
3938 rc = smb2_plain_req_init(SMB2_CHANGE_NOTIFY, tcon, server,
3939 (void **) &req, &total_len);
3943 req->PersistentFileId = persistent_fid;
3944 req->VolatileFileId = volatile_fid;
3945 /* See note 354 of MS-SMB2, 64K max */
3946 req->OutputBufferLength =
3947 cpu_to_le32(SMB2_MAX_BUFFER_SIZE - MAX_SMB2_HDR_SIZE);
3948 req->CompletionFilter = cpu_to_le32(completion_filter);
3950 req->Flags = cpu_to_le16(SMB2_WATCH_TREE);
3954 iov[0].iov_base = (char *)req;
3955 iov[0].iov_len = total_len;
3961 SMB2_change_notify(const unsigned int xid, struct cifs_tcon *tcon,
3962 u64 persistent_fid, u64 volatile_fid, bool watch_tree,
3963 u32 completion_filter, u32 max_out_data_len, char **out_data,
3964 u32 *plen /* returned data len */)
3966 struct cifs_ses *ses = tcon->ses;
3967 struct TCP_Server_Info *server;
3968 struct smb_rqst rqst;
3969 struct smb2_change_notify_rsp *smb_rsp;
3971 struct kvec rsp_iov = {NULL, 0};
3972 int resp_buftype = CIFS_NO_BUFFER;
3975 int retries = 0, cur_sleep = 1;
3978 /* reinitialize for possible replay */
3980 server = cifs_pick_channel(ses);
3982 cifs_dbg(FYI, "change notify\n");
3983 if (!ses || !server)
3986 if (smb3_encryption_required(tcon))
3987 flags |= CIFS_TRANSFORM_REQ;
3989 memset(&rqst, 0, sizeof(struct smb_rqst));
3990 memset(&iov, 0, sizeof(iov));
3997 rc = SMB2_notify_init(xid, &rqst, tcon, server,
3998 persistent_fid, volatile_fid,
3999 completion_filter, watch_tree);
4003 trace_smb3_notify_enter(xid, persistent_fid, tcon->tid, ses->Suid,
4004 (u8)watch_tree, completion_filter);
4007 smb2_set_replay(server, &rqst);
4009 rc = cifs_send_recv(xid, ses, server,
4010 &rqst, &resp_buftype, flags, &rsp_iov);
4013 cifs_stats_fail_inc(tcon, SMB2_CHANGE_NOTIFY_HE);
4014 trace_smb3_notify_err(xid, persistent_fid, tcon->tid, ses->Suid,
4015 (u8)watch_tree, completion_filter, rc);
4017 trace_smb3_notify_done(xid, persistent_fid, tcon->tid,
4018 ses->Suid, (u8)watch_tree, completion_filter);
4019 /* validate that notify information is plausible */
4020 if ((rsp_iov.iov_base == NULL) ||
4021 (rsp_iov.iov_len < sizeof(struct smb2_change_notify_rsp) + 1))
4024 smb_rsp = (struct smb2_change_notify_rsp *)rsp_iov.iov_base;
4026 smb2_validate_iov(le16_to_cpu(smb_rsp->OutputBufferOffset),
4027 le32_to_cpu(smb_rsp->OutputBufferLength), &rsp_iov,
4028 sizeof(struct file_notify_information));
4030 *out_data = kmemdup((char *)smb_rsp + le16_to_cpu(smb_rsp->OutputBufferOffset),
4031 le32_to_cpu(smb_rsp->OutputBufferLength), GFP_KERNEL);
4032 if (*out_data == NULL) {
4036 *plen = le32_to_cpu(smb_rsp->OutputBufferLength);
4041 cifs_small_buf_release(rqst.rq_iov[0].iov_base); /* request */
4042 free_rsp_buf(resp_buftype, rsp_iov.iov_base);
4044 if (is_replayable_error(rc) &&
4045 smb2_should_replay(tcon, &retries, &cur_sleep))
4054 * This is a no-op for now. We're not really interested in the reply, but
4055 * rather in the fact that the server sent one and that server->lstrp
4058 * FIXME: maybe we should consider checking that the reply matches request?
4061 smb2_echo_callback(struct mid_q_entry *mid)
4063 struct TCP_Server_Info *server = mid->callback_data;
4064 struct smb2_echo_rsp *rsp = (struct smb2_echo_rsp *)mid->resp_buf;
4065 struct cifs_credits credits = { .value = 0, .instance = 0 };
4067 if (mid->mid_state == MID_RESPONSE_RECEIVED
4068 || mid->mid_state == MID_RESPONSE_MALFORMED) {
4069 credits.value = le16_to_cpu(rsp->hdr.CreditRequest);
4070 credits.instance = server->reconnect_instance;
4074 add_credits(server, &credits, CIFS_ECHO_OP);
4077 void smb2_reconnect_server(struct work_struct *work)
4079 struct TCP_Server_Info *server = container_of(work,
4080 struct TCP_Server_Info, reconnect.work);
4081 struct TCP_Server_Info *pserver;
4082 struct cifs_ses *ses, *ses2;
4083 struct cifs_tcon *tcon, *tcon2;
4084 struct list_head tmp_list, tmp_ses_list;
4085 bool ses_exist = false;
4086 bool tcon_selected = false;
4088 bool resched = false;
4090 /* first check if ref count has reached 0, if not inc ref count */
4091 spin_lock(&cifs_tcp_ses_lock);
4092 if (!server->srv_count) {
4093 spin_unlock(&cifs_tcp_ses_lock);
4096 server->srv_count++;
4097 spin_unlock(&cifs_tcp_ses_lock);
4099 /* If server is a channel, select the primary channel */
4100 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server;
4102 /* Prevent simultaneous reconnects that can corrupt tcon->rlist list */
4103 mutex_lock(&pserver->reconnect_mutex);
4105 /* if the server is marked for termination, drop the ref count here */
4106 if (server->terminate) {
4107 cifs_put_tcp_session(server, true);
4108 mutex_unlock(&pserver->reconnect_mutex);
4112 INIT_LIST_HEAD(&tmp_list);
4113 INIT_LIST_HEAD(&tmp_ses_list);
4114 cifs_dbg(FYI, "Reconnecting tcons and channels\n");
4116 spin_lock(&cifs_tcp_ses_lock);
4117 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {
4118 spin_lock(&ses->ses_lock);
4119 if (ses->ses_status == SES_EXITING) {
4120 spin_unlock(&ses->ses_lock);
4123 spin_unlock(&ses->ses_lock);
4125 tcon_selected = false;
4127 list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
4128 if (tcon->need_reconnect || tcon->need_reopen_files) {
4130 list_add_tail(&tcon->rlist, &tmp_list);
4131 tcon_selected = true;
4135 * IPC has the same lifetime as its session and uses its
4138 if (ses->tcon_ipc && ses->tcon_ipc->need_reconnect) {
4139 list_add_tail(&ses->tcon_ipc->rlist, &tmp_list);
4140 tcon_selected = true;
4141 cifs_smb_ses_inc_refcount(ses);
4144 * handle the case where channel needs to reconnect
4145 * binding session, but tcon is healthy (some other channel
4148 spin_lock(&ses->chan_lock);
4149 if (!tcon_selected && cifs_chan_needs_reconnect(ses, server)) {
4150 list_add_tail(&ses->rlist, &tmp_ses_list);
4152 cifs_smb_ses_inc_refcount(ses);
4154 spin_unlock(&ses->chan_lock);
4156 spin_unlock(&cifs_tcp_ses_lock);
4158 list_for_each_entry_safe(tcon, tcon2, &tmp_list, rlist) {
4159 rc = smb2_reconnect(SMB2_INTERNAL_CMD, tcon, server, true);
4161 cifs_reopen_persistent_handles(tcon);
4164 list_del_init(&tcon->rlist);
4166 cifs_put_smb_ses(tcon->ses);
4168 cifs_put_tcon(tcon);
4174 /* allocate a dummy tcon struct used for reconnect */
4175 tcon = tcon_info_alloc(false);
4178 list_for_each_entry_safe(ses, ses2, &tmp_ses_list, rlist) {
4179 list_del_init(&ses->rlist);
4180 cifs_put_smb_ses(ses);
4185 tcon->status = TID_GOOD;
4186 tcon->retry = false;
4187 tcon->need_reconnect = false;
4189 /* now reconnect sessions for necessary channels */
4190 list_for_each_entry_safe(ses, ses2, &tmp_ses_list, rlist) {
4192 rc = smb2_reconnect(SMB2_INTERNAL_CMD, tcon, server, true);
4195 list_del_init(&ses->rlist);
4196 cifs_put_smb_ses(ses);
4201 cifs_dbg(FYI, "Reconnecting tcons and channels finished\n");
4203 queue_delayed_work(cifsiod_wq, &server->reconnect, 2 * HZ);
4204 mutex_unlock(&pserver->reconnect_mutex);
4206 /* now we can safely release srv struct */
4207 cifs_put_tcp_session(server, true);
4211 SMB2_echo(struct TCP_Server_Info *server)
4213 struct smb2_echo_req *req;
4216 struct smb_rqst rqst = { .rq_iov = iov,
4218 unsigned int total_len;
4220 cifs_dbg(FYI, "In echo request for conn_id %lld\n", server->conn_id);
4222 spin_lock(&server->srv_lock);
4223 if (server->ops->need_neg &&
4224 server->ops->need_neg(server)) {
4225 spin_unlock(&server->srv_lock);
4226 /* No need to send echo on newly established connections */
4227 mod_delayed_work(cifsiod_wq, &server->reconnect, 0);
4230 spin_unlock(&server->srv_lock);
4232 rc = smb2_plain_req_init(SMB2_ECHO, NULL, server,
4233 (void **)&req, &total_len);
4237 req->hdr.CreditRequest = cpu_to_le16(1);
4239 iov[0].iov_len = total_len;
4240 iov[0].iov_base = (char *)req;
4242 rc = cifs_call_async(server, &rqst, NULL, smb2_echo_callback, NULL,
4243 server, CIFS_ECHO_OP, NULL);
4245 cifs_dbg(FYI, "Echo request failed: %d\n", rc);
4247 cifs_small_buf_release(req);
4252 SMB2_flush_free(struct smb_rqst *rqst)
4254 if (rqst && rqst->rq_iov)
4255 cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */
4259 SMB2_flush_init(const unsigned int xid, struct smb_rqst *rqst,
4260 struct cifs_tcon *tcon, struct TCP_Server_Info *server,
4261 u64 persistent_fid, u64 volatile_fid)
4263 struct smb2_flush_req *req;
4264 struct kvec *iov = rqst->rq_iov;
4265 unsigned int total_len;
4268 rc = smb2_plain_req_init(SMB2_FLUSH, tcon, server,
4269 (void **) &req, &total_len);
4273 req->PersistentFileId = persistent_fid;
4274 req->VolatileFileId = volatile_fid;
4276 iov[0].iov_base = (char *)req;
4277 iov[0].iov_len = total_len;
4283 SMB2_flush(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
4286 struct cifs_ses *ses = tcon->ses;
4287 struct smb_rqst rqst;
4289 struct kvec rsp_iov = {NULL, 0};
4290 struct TCP_Server_Info *server;
4291 int resp_buftype = CIFS_NO_BUFFER;
4294 int retries = 0, cur_sleep = 1;
4297 /* reinitialize for possible replay */
4299 server = cifs_pick_channel(ses);
4301 cifs_dbg(FYI, "flush\n");
4302 if (!ses || !(ses->server))
4305 if (smb3_encryption_required(tcon))
4306 flags |= CIFS_TRANSFORM_REQ;
4308 memset(&rqst, 0, sizeof(struct smb_rqst));
4309 memset(&iov, 0, sizeof(iov));
4313 rc = SMB2_flush_init(xid, &rqst, tcon, server,
4314 persistent_fid, volatile_fid);
4318 trace_smb3_flush_enter(xid, persistent_fid, tcon->tid, ses->Suid);
4321 smb2_set_replay(server, &rqst);
4323 rc = cifs_send_recv(xid, ses, server,
4324 &rqst, &resp_buftype, flags, &rsp_iov);
4327 cifs_stats_fail_inc(tcon, SMB2_FLUSH_HE);
4328 trace_smb3_flush_err(xid, persistent_fid, tcon->tid, ses->Suid,
4331 trace_smb3_flush_done(xid, persistent_fid, tcon->tid,
4335 SMB2_flush_free(&rqst);
4336 free_rsp_buf(resp_buftype, rsp_iov.iov_base);
4338 if (is_replayable_error(rc) &&
4339 smb2_should_replay(tcon, &retries, &cur_sleep))
4345 #ifdef CONFIG_CIFS_SMB_DIRECT
4346 static inline bool smb3_use_rdma_offload(struct cifs_io_parms *io_parms)
4348 struct TCP_Server_Info *server = io_parms->server;
4349 struct cifs_tcon *tcon = io_parms->tcon;
4351 /* we can only offload if we're connected */
4352 if (!server || !tcon)
4355 /* we can only offload on an rdma connection */
4356 if (!server->rdma || !server->smbd_conn)
4359 /* we don't support signed offload yet */
4363 /* we don't support encrypted offload yet */
4364 if (smb3_encryption_required(tcon))
4367 /* offload also has its overhead, so only do it if desired */
4368 if (io_parms->length < server->smbd_conn->rdma_readwrite_threshold)
4373 #endif /* CONFIG_CIFS_SMB_DIRECT */
4376 * To form a chain of read requests, any read requests after the first should
4377 * have the end_of_chain boolean set to true.
4380 smb2_new_read_req(void **buf, unsigned int *total_len,
4381 struct cifs_io_parms *io_parms, struct cifs_readdata *rdata,
4382 unsigned int remaining_bytes, int request_type)
4385 struct smb2_read_req *req = NULL;
4386 struct smb2_hdr *shdr;
4387 struct TCP_Server_Info *server = io_parms->server;
4389 rc = smb2_plain_req_init(SMB2_READ, io_parms->tcon, server,
4390 (void **) &req, total_len);
4395 return -ECONNABORTED;
4398 shdr->Id.SyncId.ProcessId = cpu_to_le32(io_parms->pid);
4400 req->PersistentFileId = io_parms->persistent_fid;
4401 req->VolatileFileId = io_parms->volatile_fid;
4402 req->ReadChannelInfoOffset = 0; /* reserved */
4403 req->ReadChannelInfoLength = 0; /* reserved */
4404 req->Channel = 0; /* reserved */
4405 req->MinimumCount = 0;
4406 req->Length = cpu_to_le32(io_parms->length);
4407 req->Offset = cpu_to_le64(io_parms->offset);
4409 trace_smb3_read_enter(0 /* xid */,
4410 io_parms->persistent_fid,
4411 io_parms->tcon->tid, io_parms->tcon->ses->Suid,
4412 io_parms->offset, io_parms->length);
4413 #ifdef CONFIG_CIFS_SMB_DIRECT
4415 * If we want to do a RDMA write, fill in and append
4416 * smbd_buffer_descriptor_v1 to the end of read request
4418 if (smb3_use_rdma_offload(io_parms)) {
4419 struct smbd_buffer_descriptor_v1 *v1;
4420 bool need_invalidate = server->dialect == SMB30_PROT_ID;
4422 rdata->mr = smbd_register_mr(server->smbd_conn, &rdata->iter,
4423 true, need_invalidate);
4427 req->Channel = SMB2_CHANNEL_RDMA_V1_INVALIDATE;
4428 if (need_invalidate)
4429 req->Channel = SMB2_CHANNEL_RDMA_V1;
4430 req->ReadChannelInfoOffset =
4431 cpu_to_le16(offsetof(struct smb2_read_req, Buffer));
4432 req->ReadChannelInfoLength =
4433 cpu_to_le16(sizeof(struct smbd_buffer_descriptor_v1));
4434 v1 = (struct smbd_buffer_descriptor_v1 *) &req->Buffer[0];
4435 v1->offset = cpu_to_le64(rdata->mr->mr->iova);
4436 v1->token = cpu_to_le32(rdata->mr->mr->rkey);
4437 v1->length = cpu_to_le32(rdata->mr->mr->length);
4439 *total_len += sizeof(*v1) - 1;
4442 if (request_type & CHAINED_REQUEST) {
4443 if (!(request_type & END_OF_CHAIN)) {
4444 /* next 8-byte aligned request */
4445 *total_len = ALIGN(*total_len, 8);
4446 shdr->NextCommand = cpu_to_le32(*total_len);
4447 } else /* END_OF_CHAIN */
4448 shdr->NextCommand = 0;
4449 if (request_type & RELATED_REQUEST) {
4450 shdr->Flags |= SMB2_FLAGS_RELATED_OPERATIONS;
4452 * Related requests use info from previous read request
4455 shdr->SessionId = cpu_to_le64(0xFFFFFFFFFFFFFFFF);
4456 shdr->Id.SyncId.TreeId = cpu_to_le32(0xFFFFFFFF);
4457 req->PersistentFileId = (u64)-1;
4458 req->VolatileFileId = (u64)-1;
4461 if (remaining_bytes > io_parms->length)
4462 req->RemainingBytes = cpu_to_le32(remaining_bytes);
4464 req->RemainingBytes = 0;
4471 smb2_readv_callback(struct mid_q_entry *mid)
4473 struct cifs_readdata *rdata = mid->callback_data;
4474 struct cifs_tcon *tcon = tlink_tcon(rdata->cfile->tlink);
4475 struct TCP_Server_Info *server = rdata->server;
4476 struct smb2_hdr *shdr =
4477 (struct smb2_hdr *)rdata->iov[0].iov_base;
4478 struct cifs_credits credits = { .value = 0, .instance = 0 };
4479 struct smb_rqst rqst = { .rq_iov = &rdata->iov[1], .rq_nvec = 1 };
4481 if (rdata->got_bytes) {
4482 rqst.rq_iter = rdata->iter;
4483 rqst.rq_iter_size = iov_iter_count(&rdata->iter);
4486 WARN_ONCE(rdata->server != mid->server,
4487 "rdata server %p != mid server %p",
4488 rdata->server, mid->server);
4490 cifs_dbg(FYI, "%s: mid=%llu state=%d result=%d bytes=%u\n",
4491 __func__, mid->mid, mid->mid_state, rdata->result,
4494 switch (mid->mid_state) {
4495 case MID_RESPONSE_RECEIVED:
4496 credits.value = le16_to_cpu(shdr->CreditRequest);
4497 credits.instance = server->reconnect_instance;
4498 /* result already set, check signature */
4499 if (server->sign && !mid->decrypted) {
4502 iov_iter_revert(&rqst.rq_iter, rdata->got_bytes);
4503 iov_iter_truncate(&rqst.rq_iter, rdata->got_bytes);
4504 rc = smb2_verify_signature(&rqst, server);
4506 cifs_tcon_dbg(VFS, "SMB signature verification returned error = %d\n",
4509 /* FIXME: should this be counted toward the initiating task? */
4510 task_io_account_read(rdata->got_bytes);
4511 cifs_stats_bytes_read(tcon, rdata->got_bytes);
4513 case MID_REQUEST_SUBMITTED:
4514 case MID_RETRY_NEEDED:
4515 rdata->result = -EAGAIN;
4516 if (server->sign && rdata->got_bytes)
4517 /* reset bytes number since we can not check a sign */
4518 rdata->got_bytes = 0;
4519 /* FIXME: should this be counted toward the initiating task? */
4520 task_io_account_read(rdata->got_bytes);
4521 cifs_stats_bytes_read(tcon, rdata->got_bytes);
4523 case MID_RESPONSE_MALFORMED:
4524 credits.value = le16_to_cpu(shdr->CreditRequest);
4525 credits.instance = server->reconnect_instance;
4528 rdata->result = -EIO;
4530 #ifdef CONFIG_CIFS_SMB_DIRECT
4532 * If this rdata has a memmory registered, the MR can be freed
4533 * MR needs to be freed as soon as I/O finishes to prevent deadlock
4534 * because they have limited number and are used for future I/Os
4537 smbd_deregister_mr(rdata->mr);
4541 if (rdata->result && rdata->result != -ENODATA) {
4542 cifs_stats_fail_inc(tcon, SMB2_READ_HE);
4543 trace_smb3_read_err(0 /* xid */,
4544 rdata->cfile->fid.persistent_fid,
4545 tcon->tid, tcon->ses->Suid, rdata->offset,
4546 rdata->bytes, rdata->result);
4548 trace_smb3_read_done(0 /* xid */,
4549 rdata->cfile->fid.persistent_fid,
4550 tcon->tid, tcon->ses->Suid,
4551 rdata->offset, rdata->got_bytes);
4553 queue_work(cifsiod_wq, &rdata->work);
4555 add_credits(server, &credits, 0);
4558 /* smb2_async_readv - send an async read, and set up mid to handle result */
4560 smb2_async_readv(struct cifs_readdata *rdata)
4564 struct smb2_hdr *shdr;
4565 struct cifs_io_parms io_parms;
4566 struct smb_rqst rqst = { .rq_iov = rdata->iov,
4568 struct TCP_Server_Info *server;
4569 struct cifs_tcon *tcon = tlink_tcon(rdata->cfile->tlink);
4570 unsigned int total_len;
4573 cifs_dbg(FYI, "%s: offset=%llu bytes=%u\n",
4574 __func__, rdata->offset, rdata->bytes);
4577 rdata->server = cifs_pick_channel(tcon->ses);
4579 io_parms.tcon = tlink_tcon(rdata->cfile->tlink);
4580 io_parms.server = server = rdata->server;
4581 io_parms.offset = rdata->offset;
4582 io_parms.length = rdata->bytes;
4583 io_parms.persistent_fid = rdata->cfile->fid.persistent_fid;
4584 io_parms.volatile_fid = rdata->cfile->fid.volatile_fid;
4585 io_parms.pid = rdata->pid;
4587 rc = smb2_new_read_req(
4588 (void **) &buf, &total_len, &io_parms, rdata, 0, 0);
4592 if (smb3_encryption_required(io_parms.tcon))
4593 flags |= CIFS_TRANSFORM_REQ;
4595 rdata->iov[0].iov_base = buf;
4596 rdata->iov[0].iov_len = total_len;
4598 shdr = (struct smb2_hdr *)buf;
4600 if (rdata->credits.value > 0) {
4601 shdr->CreditCharge = cpu_to_le16(DIV_ROUND_UP(rdata->bytes,
4602 SMB2_MAX_BUFFER_SIZE));
4603 credit_request = le16_to_cpu(shdr->CreditCharge) + 8;
4604 if (server->credits >= server->max_credits)
4605 shdr->CreditRequest = cpu_to_le16(0);
4607 shdr->CreditRequest = cpu_to_le16(
4608 min_t(int, server->max_credits -
4609 server->credits, credit_request));
4611 rc = adjust_credits(server, &rdata->credits, rdata->bytes);
4613 goto async_readv_out;
4615 flags |= CIFS_HAS_CREDITS;
4618 kref_get(&rdata->refcount);
4619 rc = cifs_call_async(server, &rqst,
4620 cifs_readv_receive, smb2_readv_callback,
4621 smb3_handle_read_data, rdata, flags,
4624 kref_put(&rdata->refcount, cifs_readdata_release);
4625 cifs_stats_fail_inc(io_parms.tcon, SMB2_READ_HE);
4626 trace_smb3_read_err(0 /* xid */, io_parms.persistent_fid,
4628 io_parms.tcon->ses->Suid,
4629 io_parms.offset, io_parms.length, rc);
4633 cifs_small_buf_release(buf);
4638 SMB2_read(const unsigned int xid, struct cifs_io_parms *io_parms,
4639 unsigned int *nbytes, char **buf, int *buf_type)
4641 struct smb_rqst rqst;
4642 int resp_buftype, rc;
4643 struct smb2_read_req *req = NULL;
4644 struct smb2_read_rsp *rsp = NULL;
4646 struct kvec rsp_iov;
4647 unsigned int total_len;
4648 int flags = CIFS_LOG_ERROR;
4649 struct cifs_ses *ses = io_parms->tcon->ses;
4651 if (!io_parms->server)
4652 io_parms->server = cifs_pick_channel(io_parms->tcon->ses);
4655 rc = smb2_new_read_req((void **)&req, &total_len, io_parms, NULL, 0, 0);
4659 if (smb3_encryption_required(io_parms->tcon))
4660 flags |= CIFS_TRANSFORM_REQ;
4662 iov[0].iov_base = (char *)req;
4663 iov[0].iov_len = total_len;
4665 memset(&rqst, 0, sizeof(struct smb_rqst));
4669 rc = cifs_send_recv(xid, ses, io_parms->server,
4670 &rqst, &resp_buftype, flags, &rsp_iov);
4671 rsp = (struct smb2_read_rsp *)rsp_iov.iov_base;
4674 if (rc != -ENODATA) {
4675 cifs_stats_fail_inc(io_parms->tcon, SMB2_READ_HE);
4676 cifs_dbg(VFS, "Send error in read = %d\n", rc);
4677 trace_smb3_read_err(xid,
4678 req->PersistentFileId,
4679 io_parms->tcon->tid, ses->Suid,
4680 io_parms->offset, io_parms->length,
4683 trace_smb3_read_done(xid, req->PersistentFileId, io_parms->tcon->tid,
4684 ses->Suid, io_parms->offset, 0);
4685 free_rsp_buf(resp_buftype, rsp_iov.iov_base);
4686 cifs_small_buf_release(req);
4687 return rc == -ENODATA ? 0 : rc;
4689 trace_smb3_read_done(xid,
4690 req->PersistentFileId,
4691 io_parms->tcon->tid, ses->Suid,
4692 io_parms->offset, io_parms->length);
4694 cifs_small_buf_release(req);
4696 *nbytes = le32_to_cpu(rsp->DataLength);
4697 if ((*nbytes > CIFS_MAX_MSGSIZE) ||
4698 (*nbytes > io_parms->length)) {
4699 cifs_dbg(FYI, "bad length %d for count %d\n",
4700 *nbytes, io_parms->length);
4706 memcpy(*buf, (char *)rsp + rsp->DataOffset, *nbytes);
4707 free_rsp_buf(resp_buftype, rsp_iov.iov_base);
4708 } else if (resp_buftype != CIFS_NO_BUFFER) {
4709 *buf = rsp_iov.iov_base;
4710 if (resp_buftype == CIFS_SMALL_BUFFER)
4711 *buf_type = CIFS_SMALL_BUFFER;
4712 else if (resp_buftype == CIFS_LARGE_BUFFER)
4713 *buf_type = CIFS_LARGE_BUFFER;
4719 * Check the mid_state and signature on received buffer (if any), and queue the
4720 * workqueue completion task.
4723 smb2_writev_callback(struct mid_q_entry *mid)
4725 struct cifs_writedata *wdata = mid->callback_data;
4726 struct cifs_tcon *tcon = tlink_tcon(wdata->cfile->tlink);
4727 struct TCP_Server_Info *server = wdata->server;
4728 unsigned int written;
4729 struct smb2_write_rsp *rsp = (struct smb2_write_rsp *)mid->resp_buf;
4730 struct cifs_credits credits = { .value = 0, .instance = 0 };
4732 WARN_ONCE(wdata->server != mid->server,
4733 "wdata server %p != mid server %p",
4734 wdata->server, mid->server);
4736 switch (mid->mid_state) {
4737 case MID_RESPONSE_RECEIVED:
4738 credits.value = le16_to_cpu(rsp->hdr.CreditRequest);
4739 credits.instance = server->reconnect_instance;
4740 wdata->result = smb2_check_receive(mid, server, 0);
4741 if (wdata->result != 0)
4744 written = le32_to_cpu(rsp->DataLength);
4746 * Mask off high 16 bits when bytes written as returned
4747 * by the server is greater than bytes requested by the
4748 * client. OS/2 servers are known to set incorrect
4751 if (written > wdata->bytes)
4754 if (written < wdata->bytes)
4755 wdata->result = -ENOSPC;
4757 wdata->bytes = written;
4759 case MID_REQUEST_SUBMITTED:
4760 case MID_RETRY_NEEDED:
4761 wdata->result = -EAGAIN;
4763 case MID_RESPONSE_MALFORMED:
4764 credits.value = le16_to_cpu(rsp->hdr.CreditRequest);
4765 credits.instance = server->reconnect_instance;
4768 wdata->result = -EIO;
4771 #ifdef CONFIG_CIFS_SMB_DIRECT
4773 * If this wdata has a memory registered, the MR can be freed
4774 * The number of MRs available is limited, it's important to recover
4775 * used MR as soon as I/O is finished. Hold MR longer in the later
4776 * I/O process can possibly result in I/O deadlock due to lack of MR
4777 * to send request on I/O retry
4780 smbd_deregister_mr(wdata->mr);
4784 if (wdata->result) {
4785 cifs_stats_fail_inc(tcon, SMB2_WRITE_HE);
4786 trace_smb3_write_err(0 /* no xid */,
4787 wdata->cfile->fid.persistent_fid,
4788 tcon->tid, tcon->ses->Suid, wdata->offset,
4789 wdata->bytes, wdata->result);
4790 if (wdata->result == -ENOSPC)
4791 pr_warn_once("Out of space writing to %s\n",
4794 trace_smb3_write_done(0 /* no xid */,
4795 wdata->cfile->fid.persistent_fid,
4796 tcon->tid, tcon->ses->Suid,
4797 wdata->offset, wdata->bytes);
4799 queue_work(cifsiod_wq, &wdata->work);
4801 add_credits(server, &credits, 0);
4804 /* smb2_async_writev - send an async write, and set up mid to handle result */
4806 smb2_async_writev(struct cifs_writedata *wdata,
4807 void (*release)(struct kref *kref))
4809 int rc = -EACCES, flags = 0;
4810 struct smb2_write_req *req = NULL;
4811 struct smb2_hdr *shdr;
4812 struct cifs_tcon *tcon = tlink_tcon(wdata->cfile->tlink);
4813 struct TCP_Server_Info *server = wdata->server;
4815 struct smb_rqst rqst = { };
4816 unsigned int total_len;
4817 struct cifs_io_parms _io_parms;
4818 struct cifs_io_parms *io_parms = NULL;
4821 if (!wdata->server || wdata->replay)
4822 server = wdata->server = cifs_pick_channel(tcon->ses);
4825 * in future we may get cifs_io_parms passed in from the caller,
4826 * but for now we construct it here...
4828 _io_parms = (struct cifs_io_parms) {
4831 .offset = wdata->offset,
4832 .length = wdata->bytes,
4833 .persistent_fid = wdata->cfile->fid.persistent_fid,
4834 .volatile_fid = wdata->cfile->fid.volatile_fid,
4837 io_parms = &_io_parms;
4839 rc = smb2_plain_req_init(SMB2_WRITE, tcon, server,
4840 (void **) &req, &total_len);
4844 if (smb3_encryption_required(tcon))
4845 flags |= CIFS_TRANSFORM_REQ;
4847 shdr = (struct smb2_hdr *)req;
4848 shdr->Id.SyncId.ProcessId = cpu_to_le32(io_parms->pid);
4850 req->PersistentFileId = io_parms->persistent_fid;
4851 req->VolatileFileId = io_parms->volatile_fid;
4852 req->WriteChannelInfoOffset = 0;
4853 req->WriteChannelInfoLength = 0;
4854 req->Channel = SMB2_CHANNEL_NONE;
4855 req->Offset = cpu_to_le64(io_parms->offset);
4856 req->DataOffset = cpu_to_le16(
4857 offsetof(struct smb2_write_req, Buffer));
4858 req->RemainingBytes = 0;
4860 trace_smb3_write_enter(0 /* xid */,
4861 io_parms->persistent_fid,
4862 io_parms->tcon->tid,
4863 io_parms->tcon->ses->Suid,
4867 #ifdef CONFIG_CIFS_SMB_DIRECT
4869 * If we want to do a server RDMA read, fill in and append
4870 * smbd_buffer_descriptor_v1 to the end of write request
4872 if (smb3_use_rdma_offload(io_parms)) {
4873 struct smbd_buffer_descriptor_v1 *v1;
4874 size_t data_size = iov_iter_count(&wdata->iter);
4875 bool need_invalidate = server->dialect == SMB30_PROT_ID;
4877 wdata->mr = smbd_register_mr(server->smbd_conn, &wdata->iter,
4878 false, need_invalidate);
4881 goto async_writev_out;
4884 req->DataOffset = 0;
4885 req->RemainingBytes = cpu_to_le32(data_size);
4886 req->Channel = SMB2_CHANNEL_RDMA_V1_INVALIDATE;
4887 if (need_invalidate)
4888 req->Channel = SMB2_CHANNEL_RDMA_V1;
4889 req->WriteChannelInfoOffset =
4890 cpu_to_le16(offsetof(struct smb2_write_req, Buffer));
4891 req->WriteChannelInfoLength =
4892 cpu_to_le16(sizeof(struct smbd_buffer_descriptor_v1));
4893 v1 = (struct smbd_buffer_descriptor_v1 *) &req->Buffer[0];
4894 v1->offset = cpu_to_le64(wdata->mr->mr->iova);
4895 v1->token = cpu_to_le32(wdata->mr->mr->rkey);
4896 v1->length = cpu_to_le32(wdata->mr->mr->length);
4899 iov[0].iov_len = total_len - 1;
4900 iov[0].iov_base = (char *)req;
4904 rqst.rq_iter = wdata->iter;
4905 rqst.rq_iter_size = iov_iter_count(&rqst.rq_iter);
4907 smb2_set_replay(server, &rqst);
4908 #ifdef CONFIG_CIFS_SMB_DIRECT
4910 iov[0].iov_len += sizeof(struct smbd_buffer_descriptor_v1);
4912 cifs_dbg(FYI, "async write at %llu %u bytes iter=%zx\n",
4913 io_parms->offset, io_parms->length, iov_iter_count(&rqst.rq_iter));
4915 #ifdef CONFIG_CIFS_SMB_DIRECT
4916 /* For RDMA read, I/O size is in RemainingBytes not in Length */
4918 req->Length = cpu_to_le32(io_parms->length);
4920 req->Length = cpu_to_le32(io_parms->length);
4923 if (wdata->credits.value > 0) {
4924 shdr->CreditCharge = cpu_to_le16(DIV_ROUND_UP(wdata->bytes,
4925 SMB2_MAX_BUFFER_SIZE));
4926 credit_request = le16_to_cpu(shdr->CreditCharge) + 8;
4927 if (server->credits >= server->max_credits)
4928 shdr->CreditRequest = cpu_to_le16(0);
4930 shdr->CreditRequest = cpu_to_le16(
4931 min_t(int, server->max_credits -
4932 server->credits, credit_request));
4934 rc = adjust_credits(server, &wdata->credits, io_parms->length);
4936 goto async_writev_out;
4938 flags |= CIFS_HAS_CREDITS;
4941 kref_get(&wdata->refcount);
4942 rc = cifs_call_async(server, &rqst, NULL, smb2_writev_callback, NULL,
4943 wdata, flags, &wdata->credits);
4946 trace_smb3_write_err(0 /* no xid */,
4947 io_parms->persistent_fid,
4948 io_parms->tcon->tid,
4949 io_parms->tcon->ses->Suid,
4953 kref_put(&wdata->refcount, release);
4954 cifs_stats_fail_inc(tcon, SMB2_WRITE_HE);
4958 cifs_small_buf_release(req);
4963 * SMB2_write function gets iov pointer to kvec array with n_vec as a length.
4964 * The length field from io_parms must be at least 1 and indicates a number of
4965 * elements with data to write that begins with position 1 in iov array. All
4966 * data length is specified by count.
4969 SMB2_write(const unsigned int xid, struct cifs_io_parms *io_parms,
4970 unsigned int *nbytes, struct kvec *iov, int n_vec)
4972 struct smb_rqst rqst;
4974 struct smb2_write_req *req = NULL;
4975 struct smb2_write_rsp *rsp = NULL;
4977 struct kvec rsp_iov;
4979 unsigned int total_len;
4980 struct TCP_Server_Info *server;
4981 int retries = 0, cur_sleep = 1;
4984 /* reinitialize for possible replay */
4987 if (!io_parms->server)
4988 io_parms->server = cifs_pick_channel(io_parms->tcon->ses);
4989 server = io_parms->server;
4991 return -ECONNABORTED;
4996 rc = smb2_plain_req_init(SMB2_WRITE, io_parms->tcon, server,
4997 (void **) &req, &total_len);
5001 if (smb3_encryption_required(io_parms->tcon))
5002 flags |= CIFS_TRANSFORM_REQ;
5004 req->hdr.Id.SyncId.ProcessId = cpu_to_le32(io_parms->pid);
5006 req->PersistentFileId = io_parms->persistent_fid;
5007 req->VolatileFileId = io_parms->volatile_fid;
5008 req->WriteChannelInfoOffset = 0;
5009 req->WriteChannelInfoLength = 0;
5011 req->Length = cpu_to_le32(io_parms->length);
5012 req->Offset = cpu_to_le64(io_parms->offset);
5013 req->DataOffset = cpu_to_le16(
5014 offsetof(struct smb2_write_req, Buffer));
5015 req->RemainingBytes = 0;
5017 trace_smb3_write_enter(xid, io_parms->persistent_fid,
5018 io_parms->tcon->tid, io_parms->tcon->ses->Suid,
5019 io_parms->offset, io_parms->length);
5021 iov[0].iov_base = (char *)req;
5023 iov[0].iov_len = total_len - 1;
5025 memset(&rqst, 0, sizeof(struct smb_rqst));
5027 rqst.rq_nvec = n_vec + 1;
5030 smb2_set_replay(server, &rqst);
5032 rc = cifs_send_recv(xid, io_parms->tcon->ses, server,
5034 &resp_buftype, flags, &rsp_iov);
5035 rsp = (struct smb2_write_rsp *)rsp_iov.iov_base;
5038 trace_smb3_write_err(xid,
5039 req->PersistentFileId,
5040 io_parms->tcon->tid,
5041 io_parms->tcon->ses->Suid,
5042 io_parms->offset, io_parms->length, rc);
5043 cifs_stats_fail_inc(io_parms->tcon, SMB2_WRITE_HE);
5044 cifs_dbg(VFS, "Send error in write = %d\n", rc);
5046 *nbytes = le32_to_cpu(rsp->DataLength);
5047 trace_smb3_write_done(xid,
5048 req->PersistentFileId,
5049 io_parms->tcon->tid,
5050 io_parms->tcon->ses->Suid,
5051 io_parms->offset, *nbytes);
5054 cifs_small_buf_release(req);
5055 free_rsp_buf(resp_buftype, rsp);
5057 if (is_replayable_error(rc) &&
5058 smb2_should_replay(io_parms->tcon, &retries, &cur_sleep))
5064 int posix_info_sid_size(const void *beg, const void *end)
5072 subauth = *(u8 *)(beg+1);
5073 if (subauth < 1 || subauth > 15)
5076 total = 1 + 1 + 6 + 4*subauth;
5077 if (beg + total > end)
5083 int posix_info_parse(const void *beg, const void *end,
5084 struct smb2_posix_info_parsed *out)
5088 int owner_len, group_len;
5090 const void *owner_sid;
5091 const void *group_sid;
5094 /* if no end bound given, assume payload to be correct */
5096 const struct smb2_posix_info *p = beg;
5098 end = beg + le32_to_cpu(p->NextEntryOffset);
5099 /* last element will have a 0 offset, pick a sensible bound */
5104 /* check base buf */
5105 if (beg + sizeof(struct smb2_posix_info) > end)
5107 total_len = sizeof(struct smb2_posix_info);
5109 /* check owner sid */
5110 owner_sid = beg + total_len;
5111 owner_len = posix_info_sid_size(owner_sid, end);
5114 total_len += owner_len;
5116 /* check group sid */
5117 group_sid = beg + total_len;
5118 group_len = posix_info_sid_size(group_sid, end);
5121 total_len += group_len;
5123 /* check name len */
5124 if (beg + total_len + 4 > end)
5126 name_len = le32_to_cpu(*(__le32 *)(beg + total_len));
5127 if (name_len < 1 || name_len > 0xFFFF)
5132 name = beg + total_len;
5133 if (name + name_len > end)
5135 total_len += name_len;
5139 out->size = total_len;
5140 out->name_len = name_len;
5142 memcpy(&out->owner, owner_sid, owner_len);
5143 memcpy(&out->group, group_sid, group_len);
5148 static int posix_info_extra_size(const void *beg, const void *end)
5150 int len = posix_info_parse(beg, end, NULL);
5154 return len - sizeof(struct smb2_posix_info);
5158 num_entries(int infotype, char *bufstart, char *end_of_buf, char **lastentry,
5162 unsigned int entrycount = 0;
5163 unsigned int next_offset = 0;
5165 FILE_DIRECTORY_INFO *dir_info;
5167 if (bufstart == NULL)
5170 entryptr = bufstart;
5173 if (entryptr + next_offset < entryptr ||
5174 entryptr + next_offset > end_of_buf ||
5175 entryptr + next_offset + size > end_of_buf) {
5176 cifs_dbg(VFS, "malformed search entry would overflow\n");
5180 entryptr = entryptr + next_offset;
5181 dir_info = (FILE_DIRECTORY_INFO *)entryptr;
5183 if (infotype == SMB_FIND_FILE_POSIX_INFO)
5184 len = posix_info_extra_size(entryptr, end_of_buf);
5186 len = le32_to_cpu(dir_info->FileNameLength);
5189 entryptr + len < entryptr ||
5190 entryptr + len > end_of_buf ||
5191 entryptr + len + size > end_of_buf) {
5192 cifs_dbg(VFS, "directory entry name would overflow frame end of buf %p\n",
5197 *lastentry = entryptr;
5200 next_offset = le32_to_cpu(dir_info->NextEntryOffset);
5211 int SMB2_query_directory_init(const unsigned int xid,
5212 struct cifs_tcon *tcon,
5213 struct TCP_Server_Info *server,
5214 struct smb_rqst *rqst,
5215 u64 persistent_fid, u64 volatile_fid,
5216 int index, int info_level)
5218 struct smb2_query_directory_req *req;
5219 unsigned char *bufptr;
5220 __le16 asteriks = cpu_to_le16('*');
5221 unsigned int output_size = CIFSMaxBufSize -
5222 MAX_SMB2_CREATE_RESPONSE_SIZE -
5223 MAX_SMB2_CLOSE_RESPONSE_SIZE;
5224 unsigned int total_len;
5225 struct kvec *iov = rqst->rq_iov;
5228 rc = smb2_plain_req_init(SMB2_QUERY_DIRECTORY, tcon, server,
5229 (void **) &req, &total_len);
5233 switch (info_level) {
5234 case SMB_FIND_FILE_DIRECTORY_INFO:
5235 req->FileInformationClass = FILE_DIRECTORY_INFORMATION;
5237 case SMB_FIND_FILE_ID_FULL_DIR_INFO:
5238 req->FileInformationClass = FILEID_FULL_DIRECTORY_INFORMATION;
5240 case SMB_FIND_FILE_POSIX_INFO:
5241 req->FileInformationClass = SMB_FIND_FILE_POSIX_INFO;
5243 case SMB_FIND_FILE_FULL_DIRECTORY_INFO:
5244 req->FileInformationClass = FILE_FULL_DIRECTORY_INFORMATION;
5247 cifs_tcon_dbg(VFS, "info level %u isn't supported\n",
5252 req->FileIndex = cpu_to_le32(index);
5253 req->PersistentFileId = persistent_fid;
5254 req->VolatileFileId = volatile_fid;
5257 bufptr = req->Buffer;
5258 memcpy(bufptr, &asteriks, len);
5260 req->FileNameOffset =
5261 cpu_to_le16(sizeof(struct smb2_query_directory_req));
5262 req->FileNameLength = cpu_to_le16(len);
5264 * BB could be 30 bytes or so longer if we used SMB2 specific
5265 * buffer lengths, but this is safe and close enough.
5267 output_size = min_t(unsigned int, output_size, server->maxBuf);
5268 output_size = min_t(unsigned int, output_size, 2 << 15);
5269 req->OutputBufferLength = cpu_to_le32(output_size);
5271 iov[0].iov_base = (char *)req;
5273 iov[0].iov_len = total_len - 1;
5275 iov[1].iov_base = (char *)(req->Buffer);
5276 iov[1].iov_len = len;
5278 trace_smb3_query_dir_enter(xid, persistent_fid, tcon->tid,
5279 tcon->ses->Suid, index, output_size);
5284 void SMB2_query_directory_free(struct smb_rqst *rqst)
5286 if (rqst && rqst->rq_iov) {
5287 cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */
5292 smb2_parse_query_directory(struct cifs_tcon *tcon,
5293 struct kvec *rsp_iov,
5295 struct cifs_search_info *srch_inf)
5297 struct smb2_query_directory_rsp *rsp;
5298 size_t info_buf_size;
5302 rsp = (struct smb2_query_directory_rsp *)rsp_iov->iov_base;
5304 switch (srch_inf->info_level) {
5305 case SMB_FIND_FILE_DIRECTORY_INFO:
5306 info_buf_size = sizeof(FILE_DIRECTORY_INFO);
5308 case SMB_FIND_FILE_ID_FULL_DIR_INFO:
5309 info_buf_size = sizeof(SEARCH_ID_FULL_DIR_INFO);
5311 case SMB_FIND_FILE_POSIX_INFO:
5312 /* note that posix payload are variable size */
5313 info_buf_size = sizeof(struct smb2_posix_info);
5315 case SMB_FIND_FILE_FULL_DIRECTORY_INFO:
5316 info_buf_size = sizeof(FILE_FULL_DIRECTORY_INFO);
5319 cifs_tcon_dbg(VFS, "info level %u isn't supported\n",
5320 srch_inf->info_level);
5324 rc = smb2_validate_iov(le16_to_cpu(rsp->OutputBufferOffset),
5325 le32_to_cpu(rsp->OutputBufferLength), rsp_iov,
5328 cifs_tcon_dbg(VFS, "bad info payload");
5332 srch_inf->unicode = true;
5334 if (srch_inf->ntwrk_buf_start) {
5335 if (srch_inf->smallBuf)
5336 cifs_small_buf_release(srch_inf->ntwrk_buf_start);
5338 cifs_buf_release(srch_inf->ntwrk_buf_start);
5340 srch_inf->ntwrk_buf_start = (char *)rsp;
5341 srch_inf->srch_entries_start = srch_inf->last_entry =
5342 (char *)rsp + le16_to_cpu(rsp->OutputBufferOffset);
5343 end_of_smb = rsp_iov->iov_len + (char *)rsp;
5345 srch_inf->entries_in_buffer = num_entries(
5346 srch_inf->info_level,
5347 srch_inf->srch_entries_start,
5349 &srch_inf->last_entry,
5352 srch_inf->index_of_last_entry += srch_inf->entries_in_buffer;
5353 cifs_dbg(FYI, "num entries %d last_index %lld srch start %p srch end %p\n",
5354 srch_inf->entries_in_buffer, srch_inf->index_of_last_entry,
5355 srch_inf->srch_entries_start, srch_inf->last_entry);
5356 if (resp_buftype == CIFS_LARGE_BUFFER)
5357 srch_inf->smallBuf = false;
5358 else if (resp_buftype == CIFS_SMALL_BUFFER)
5359 srch_inf->smallBuf = true;
5361 cifs_tcon_dbg(VFS, "Invalid search buffer type\n");
5367 SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
5368 u64 persistent_fid, u64 volatile_fid, int index,
5369 struct cifs_search_info *srch_inf)
5371 struct smb_rqst rqst;
5372 struct kvec iov[SMB2_QUERY_DIRECTORY_IOV_SIZE];
5373 struct smb2_query_directory_rsp *rsp = NULL;
5374 int resp_buftype = CIFS_NO_BUFFER;
5375 struct kvec rsp_iov;
5377 struct cifs_ses *ses = tcon->ses;
5378 struct TCP_Server_Info *server;
5380 int retries = 0, cur_sleep = 1;
5383 /* reinitialize for possible replay */
5385 server = cifs_pick_channel(ses);
5387 if (!ses || !(ses->server))
5390 if (smb3_encryption_required(tcon))
5391 flags |= CIFS_TRANSFORM_REQ;
5393 memset(&rqst, 0, sizeof(struct smb_rqst));
5394 memset(&iov, 0, sizeof(iov));
5396 rqst.rq_nvec = SMB2_QUERY_DIRECTORY_IOV_SIZE;
5398 rc = SMB2_query_directory_init(xid, tcon, server,
5399 &rqst, persistent_fid,
5400 volatile_fid, index,
5401 srch_inf->info_level);
5406 smb2_set_replay(server, &rqst);
5408 rc = cifs_send_recv(xid, ses, server,
5409 &rqst, &resp_buftype, flags, &rsp_iov);
5410 rsp = (struct smb2_query_directory_rsp *)rsp_iov.iov_base;
5413 if (rc == -ENODATA &&
5414 rsp->hdr.Status == STATUS_NO_MORE_FILES) {
5415 trace_smb3_query_dir_done(xid, persistent_fid,
5416 tcon->tid, tcon->ses->Suid, index, 0);
5417 srch_inf->endOfSearch = true;
5420 trace_smb3_query_dir_err(xid, persistent_fid, tcon->tid,
5421 tcon->ses->Suid, index, 0, rc);
5422 cifs_stats_fail_inc(tcon, SMB2_QUERY_DIRECTORY_HE);
5427 rc = smb2_parse_query_directory(tcon, &rsp_iov, resp_buftype,
5430 trace_smb3_query_dir_err(xid, persistent_fid, tcon->tid,
5431 tcon->ses->Suid, index, 0, rc);
5434 resp_buftype = CIFS_NO_BUFFER;
5436 trace_smb3_query_dir_done(xid, persistent_fid, tcon->tid,
5437 tcon->ses->Suid, index, srch_inf->entries_in_buffer);
5440 SMB2_query_directory_free(&rqst);
5441 free_rsp_buf(resp_buftype, rsp);
5443 if (is_replayable_error(rc) &&
5444 smb2_should_replay(tcon, &retries, &cur_sleep))
5451 SMB2_set_info_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server,
5452 struct smb_rqst *rqst,
5453 u64 persistent_fid, u64 volatile_fid, u32 pid,
5454 u8 info_class, u8 info_type, u32 additional_info,
5455 void **data, unsigned int *size)
5457 struct smb2_set_info_req *req;
5458 struct kvec *iov = rqst->rq_iov;
5459 unsigned int i, total_len;
5462 rc = smb2_plain_req_init(SMB2_SET_INFO, tcon, server,
5463 (void **) &req, &total_len);
5467 req->hdr.Id.SyncId.ProcessId = cpu_to_le32(pid);
5468 req->InfoType = info_type;
5469 req->FileInfoClass = info_class;
5470 req->PersistentFileId = persistent_fid;
5471 req->VolatileFileId = volatile_fid;
5472 req->AdditionalInformation = cpu_to_le32(additional_info);
5474 req->BufferOffset = cpu_to_le16(sizeof(struct smb2_set_info_req));
5475 req->BufferLength = cpu_to_le32(*size);
5477 memcpy(req->Buffer, *data, *size);
5480 iov[0].iov_base = (char *)req;
5482 iov[0].iov_len = total_len - 1;
5484 for (i = 1; i < rqst->rq_nvec; i++) {
5485 le32_add_cpu(&req->BufferLength, size[i]);
5486 iov[i].iov_base = (char *)data[i];
5487 iov[i].iov_len = size[i];
5494 SMB2_set_info_free(struct smb_rqst *rqst)
5496 if (rqst && rqst->rq_iov)
5497 cifs_buf_release(rqst->rq_iov[0].iov_base); /* request */
5501 send_set_info(const unsigned int xid, struct cifs_tcon *tcon,
5502 u64 persistent_fid, u64 volatile_fid, u32 pid, u8 info_class,
5503 u8 info_type, u32 additional_info, unsigned int num,
5504 void **data, unsigned int *size)
5506 struct smb_rqst rqst;
5507 struct smb2_set_info_rsp *rsp = NULL;
5509 struct kvec rsp_iov;
5512 struct cifs_ses *ses = tcon->ses;
5513 struct TCP_Server_Info *server;
5515 int retries = 0, cur_sleep = 1;
5518 /* reinitialize for possible replay */
5520 server = cifs_pick_channel(ses);
5522 if (!ses || !server)
5528 if (smb3_encryption_required(tcon))
5529 flags |= CIFS_TRANSFORM_REQ;
5531 iov = kmalloc_array(num, sizeof(struct kvec), GFP_KERNEL);
5535 memset(&rqst, 0, sizeof(struct smb_rqst));
5539 rc = SMB2_set_info_init(tcon, server,
5540 &rqst, persistent_fid, volatile_fid, pid,
5541 info_class, info_type, additional_info,
5549 smb2_set_replay(server, &rqst);
5551 rc = cifs_send_recv(xid, ses, server,
5552 &rqst, &resp_buftype, flags,
5554 SMB2_set_info_free(&rqst);
5555 rsp = (struct smb2_set_info_rsp *)rsp_iov.iov_base;
5558 cifs_stats_fail_inc(tcon, SMB2_SET_INFO_HE);
5559 trace_smb3_set_info_err(xid, persistent_fid, tcon->tid,
5560 ses->Suid, info_class, (__u32)info_type, rc);
5563 free_rsp_buf(resp_buftype, rsp);
5566 if (is_replayable_error(rc) &&
5567 smb2_should_replay(tcon, &retries, &cur_sleep))
5574 SMB2_set_eof(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
5575 u64 volatile_fid, u32 pid, loff_t new_eof)
5577 struct smb2_file_eof_info info;
5581 info.EndOfFile = cpu_to_le64(new_eof);
5584 size = sizeof(struct smb2_file_eof_info);
5586 trace_smb3_set_eof(xid, persistent_fid, tcon->tid, tcon->ses->Suid, new_eof);
5588 return send_set_info(xid, tcon, persistent_fid, volatile_fid,
5589 pid, FILE_END_OF_FILE_INFORMATION, SMB2_O_INFO_FILE,
5590 0, 1, &data, &size);
5594 SMB2_set_acl(const unsigned int xid, struct cifs_tcon *tcon,
5595 u64 persistent_fid, u64 volatile_fid,
5596 struct cifs_ntsd *pnntsd, int pacllen, int aclflag)
5598 return send_set_info(xid, tcon, persistent_fid, volatile_fid,
5599 current->tgid, 0, SMB2_O_INFO_SECURITY, aclflag,
5600 1, (void **)&pnntsd, &pacllen);
5604 SMB2_set_ea(const unsigned int xid, struct cifs_tcon *tcon,
5605 u64 persistent_fid, u64 volatile_fid,
5606 struct smb2_file_full_ea_info *buf, int len)
5608 return send_set_info(xid, tcon, persistent_fid, volatile_fid,
5609 current->tgid, FILE_FULL_EA_INFORMATION, SMB2_O_INFO_FILE,
5610 0, 1, (void **)&buf, &len);
5614 SMB2_oplock_break(const unsigned int xid, struct cifs_tcon *tcon,
5615 const u64 persistent_fid, const u64 volatile_fid,
5618 struct smb_rqst rqst;
5620 struct smb2_oplock_break *req = NULL;
5621 struct cifs_ses *ses = tcon->ses;
5622 struct TCP_Server_Info *server;
5623 int flags = CIFS_OBREAK_OP;
5624 unsigned int total_len;
5626 struct kvec rsp_iov;
5628 int retries = 0, cur_sleep = 1;
5631 /* reinitialize for possible replay */
5632 flags = CIFS_OBREAK_OP;
5633 server = cifs_pick_channel(ses);
5635 cifs_dbg(FYI, "SMB2_oplock_break\n");
5636 rc = smb2_plain_req_init(SMB2_OPLOCK_BREAK, tcon, server,
5637 (void **) &req, &total_len);
5641 if (smb3_encryption_required(tcon))
5642 flags |= CIFS_TRANSFORM_REQ;
5644 req->VolatileFid = volatile_fid;
5645 req->PersistentFid = persistent_fid;
5646 req->OplockLevel = oplock_level;
5647 req->hdr.CreditRequest = cpu_to_le16(1);
5649 flags |= CIFS_NO_RSP_BUF;
5651 iov[0].iov_base = (char *)req;
5652 iov[0].iov_len = total_len;
5654 memset(&rqst, 0, sizeof(struct smb_rqst));
5659 smb2_set_replay(server, &rqst);
5661 rc = cifs_send_recv(xid, ses, server,
5662 &rqst, &resp_buf_type, flags, &rsp_iov);
5663 cifs_small_buf_release(req);
5665 cifs_stats_fail_inc(tcon, SMB2_OPLOCK_BREAK_HE);
5666 cifs_dbg(FYI, "Send error in Oplock Break = %d\n", rc);
5669 if (is_replayable_error(rc) &&
5670 smb2_should_replay(tcon, &retries, &cur_sleep))
5677 smb2_copy_fs_info_to_kstatfs(struct smb2_fs_full_size_info *pfs_inf,
5678 struct kstatfs *kst)
5680 kst->f_bsize = le32_to_cpu(pfs_inf->BytesPerSector) *
5681 le32_to_cpu(pfs_inf->SectorsPerAllocationUnit);
5682 kst->f_blocks = le64_to_cpu(pfs_inf->TotalAllocationUnits);
5683 kst->f_bfree = kst->f_bavail =
5684 le64_to_cpu(pfs_inf->CallerAvailableAllocationUnits);
5689 copy_posix_fs_info_to_kstatfs(FILE_SYSTEM_POSIX_INFO *response_data,
5690 struct kstatfs *kst)
5692 kst->f_bsize = le32_to_cpu(response_data->BlockSize);
5693 kst->f_blocks = le64_to_cpu(response_data->TotalBlocks);
5694 kst->f_bfree = le64_to_cpu(response_data->BlocksAvail);
5695 if (response_data->UserBlocksAvail == cpu_to_le64(-1))
5696 kst->f_bavail = kst->f_bfree;
5698 kst->f_bavail = le64_to_cpu(response_data->UserBlocksAvail);
5699 if (response_data->TotalFileNodes != cpu_to_le64(-1))
5700 kst->f_files = le64_to_cpu(response_data->TotalFileNodes);
5701 if (response_data->FreeFileNodes != cpu_to_le64(-1))
5702 kst->f_ffree = le64_to_cpu(response_data->FreeFileNodes);
5708 build_qfs_info_req(struct kvec *iov, struct cifs_tcon *tcon,
5709 struct TCP_Server_Info *server,
5710 int level, int outbuf_len, u64 persistent_fid,
5714 struct smb2_query_info_req *req;
5715 unsigned int total_len;
5717 cifs_dbg(FYI, "Query FSInfo level %d\n", level);
5719 if ((tcon->ses == NULL) || server == NULL)
5722 rc = smb2_plain_req_init(SMB2_QUERY_INFO, tcon, server,
5723 (void **) &req, &total_len);
5727 req->InfoType = SMB2_O_INFO_FILESYSTEM;
5728 req->FileInfoClass = level;
5729 req->PersistentFileId = persistent_fid;
5730 req->VolatileFileId = volatile_fid;
5732 req->InputBufferOffset =
5733 cpu_to_le16(sizeof(struct smb2_query_info_req));
5734 req->OutputBufferLength = cpu_to_le32(
5735 outbuf_len + sizeof(struct smb2_query_info_rsp));
5737 iov->iov_base = (char *)req;
5738 iov->iov_len = total_len;
5742 static inline void free_qfs_info_req(struct kvec *iov)
5744 cifs_buf_release(iov->iov_base);
5748 SMB311_posix_qfs_info(const unsigned int xid, struct cifs_tcon *tcon,
5749 u64 persistent_fid, u64 volatile_fid, struct kstatfs *fsdata)
5751 struct smb_rqst rqst;
5752 struct smb2_query_info_rsp *rsp = NULL;
5754 struct kvec rsp_iov;
5757 struct cifs_ses *ses = tcon->ses;
5758 struct TCP_Server_Info *server;
5759 FILE_SYSTEM_POSIX_INFO *info = NULL;
5761 int retries = 0, cur_sleep = 1;
5764 /* reinitialize for possible replay */
5766 server = cifs_pick_channel(ses);
5768 rc = build_qfs_info_req(&iov, tcon, server,
5769 FS_POSIX_INFORMATION,
5770 sizeof(FILE_SYSTEM_POSIX_INFO),
5771 persistent_fid, volatile_fid);
5775 if (smb3_encryption_required(tcon))
5776 flags |= CIFS_TRANSFORM_REQ;
5778 memset(&rqst, 0, sizeof(struct smb_rqst));
5783 smb2_set_replay(server, &rqst);
5785 rc = cifs_send_recv(xid, ses, server,
5786 &rqst, &resp_buftype, flags, &rsp_iov);
5787 free_qfs_info_req(&iov);
5789 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
5790 goto posix_qfsinf_exit;
5792 rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base;
5794 info = (FILE_SYSTEM_POSIX_INFO *)(
5795 le16_to_cpu(rsp->OutputBufferOffset) + (char *)rsp);
5796 rc = smb2_validate_iov(le16_to_cpu(rsp->OutputBufferOffset),
5797 le32_to_cpu(rsp->OutputBufferLength), &rsp_iov,
5798 sizeof(FILE_SYSTEM_POSIX_INFO));
5800 copy_posix_fs_info_to_kstatfs(info, fsdata);
5803 free_rsp_buf(resp_buftype, rsp_iov.iov_base);
5805 if (is_replayable_error(rc) &&
5806 smb2_should_replay(tcon, &retries, &cur_sleep))
5813 SMB2_QFS_info(const unsigned int xid, struct cifs_tcon *tcon,
5814 u64 persistent_fid, u64 volatile_fid, struct kstatfs *fsdata)
5816 struct smb_rqst rqst;
5817 struct smb2_query_info_rsp *rsp = NULL;
5819 struct kvec rsp_iov;
5822 struct cifs_ses *ses = tcon->ses;
5823 struct TCP_Server_Info *server;
5824 struct smb2_fs_full_size_info *info = NULL;
5826 int retries = 0, cur_sleep = 1;
5829 /* reinitialize for possible replay */
5831 server = cifs_pick_channel(ses);
5833 rc = build_qfs_info_req(&iov, tcon, server,
5834 FS_FULL_SIZE_INFORMATION,
5835 sizeof(struct smb2_fs_full_size_info),
5836 persistent_fid, volatile_fid);
5840 if (smb3_encryption_required(tcon))
5841 flags |= CIFS_TRANSFORM_REQ;
5843 memset(&rqst, 0, sizeof(struct smb_rqst));
5848 smb2_set_replay(server, &rqst);
5850 rc = cifs_send_recv(xid, ses, server,
5851 &rqst, &resp_buftype, flags, &rsp_iov);
5852 free_qfs_info_req(&iov);
5854 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
5857 rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base;
5859 info = (struct smb2_fs_full_size_info *)(
5860 le16_to_cpu(rsp->OutputBufferOffset) + (char *)rsp);
5861 rc = smb2_validate_iov(le16_to_cpu(rsp->OutputBufferOffset),
5862 le32_to_cpu(rsp->OutputBufferLength), &rsp_iov,
5863 sizeof(struct smb2_fs_full_size_info));
5865 smb2_copy_fs_info_to_kstatfs(info, fsdata);
5868 free_rsp_buf(resp_buftype, rsp_iov.iov_base);
5870 if (is_replayable_error(rc) &&
5871 smb2_should_replay(tcon, &retries, &cur_sleep))
5878 SMB2_QFS_attr(const unsigned int xid, struct cifs_tcon *tcon,
5879 u64 persistent_fid, u64 volatile_fid, int level)
5881 struct smb_rqst rqst;
5882 struct smb2_query_info_rsp *rsp = NULL;
5884 struct kvec rsp_iov;
5886 int resp_buftype, max_len, min_len;
5887 struct cifs_ses *ses = tcon->ses;
5888 struct TCP_Server_Info *server;
5889 unsigned int rsp_len, offset;
5891 int retries = 0, cur_sleep = 1;
5894 /* reinitialize for possible replay */
5896 server = cifs_pick_channel(ses);
5898 if (level == FS_DEVICE_INFORMATION) {
5899 max_len = sizeof(FILE_SYSTEM_DEVICE_INFO);
5900 min_len = sizeof(FILE_SYSTEM_DEVICE_INFO);
5901 } else if (level == FS_ATTRIBUTE_INFORMATION) {
5902 max_len = sizeof(FILE_SYSTEM_ATTRIBUTE_INFO);
5903 min_len = MIN_FS_ATTR_INFO_SIZE;
5904 } else if (level == FS_SECTOR_SIZE_INFORMATION) {
5905 max_len = sizeof(struct smb3_fs_ss_info);
5906 min_len = sizeof(struct smb3_fs_ss_info);
5907 } else if (level == FS_VOLUME_INFORMATION) {
5908 max_len = sizeof(struct smb3_fs_vol_info) + MAX_VOL_LABEL_LEN;
5909 min_len = sizeof(struct smb3_fs_vol_info);
5911 cifs_dbg(FYI, "Invalid qfsinfo level %d\n", level);
5915 rc = build_qfs_info_req(&iov, tcon, server,
5917 persistent_fid, volatile_fid);
5921 if (smb3_encryption_required(tcon))
5922 flags |= CIFS_TRANSFORM_REQ;
5924 memset(&rqst, 0, sizeof(struct smb_rqst));
5929 smb2_set_replay(server, &rqst);
5931 rc = cifs_send_recv(xid, ses, server,
5932 &rqst, &resp_buftype, flags, &rsp_iov);
5933 free_qfs_info_req(&iov);
5935 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
5938 rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base;
5940 rsp_len = le32_to_cpu(rsp->OutputBufferLength);
5941 offset = le16_to_cpu(rsp->OutputBufferOffset);
5942 rc = smb2_validate_iov(offset, rsp_len, &rsp_iov, min_len);
5946 if (level == FS_ATTRIBUTE_INFORMATION)
5947 memcpy(&tcon->fsAttrInfo, offset
5948 + (char *)rsp, min_t(unsigned int,
5950 else if (level == FS_DEVICE_INFORMATION)
5951 memcpy(&tcon->fsDevInfo, offset
5952 + (char *)rsp, sizeof(FILE_SYSTEM_DEVICE_INFO));
5953 else if (level == FS_SECTOR_SIZE_INFORMATION) {
5954 struct smb3_fs_ss_info *ss_info = (struct smb3_fs_ss_info *)
5955 (offset + (char *)rsp);
5956 tcon->ss_flags = le32_to_cpu(ss_info->Flags);
5957 tcon->perf_sector_size =
5958 le32_to_cpu(ss_info->PhysicalBytesPerSectorForPerf);
5959 } else if (level == FS_VOLUME_INFORMATION) {
5960 struct smb3_fs_vol_info *vol_info = (struct smb3_fs_vol_info *)
5961 (offset + (char *)rsp);
5962 tcon->vol_serial_number = vol_info->VolumeSerialNumber;
5963 tcon->vol_create_time = vol_info->VolumeCreationTime;
5967 free_rsp_buf(resp_buftype, rsp_iov.iov_base);
5969 if (is_replayable_error(rc) &&
5970 smb2_should_replay(tcon, &retries, &cur_sleep))
5977 smb2_lockv(const unsigned int xid, struct cifs_tcon *tcon,
5978 const __u64 persist_fid, const __u64 volatile_fid, const __u32 pid,
5979 const __u32 num_lock, struct smb2_lock_element *buf)
5981 struct smb_rqst rqst;
5983 struct smb2_lock_req *req = NULL;
5985 struct kvec rsp_iov;
5988 int flags = CIFS_NO_RSP_BUF;
5989 unsigned int total_len;
5990 struct TCP_Server_Info *server;
5991 int retries = 0, cur_sleep = 1;
5994 /* reinitialize for possible replay */
5995 flags = CIFS_NO_RSP_BUF;
5996 server = cifs_pick_channel(tcon->ses);
5998 cifs_dbg(FYI, "smb2_lockv num lock %d\n", num_lock);
6000 rc = smb2_plain_req_init(SMB2_LOCK, tcon, server,
6001 (void **) &req, &total_len);
6005 if (smb3_encryption_required(tcon))
6006 flags |= CIFS_TRANSFORM_REQ;
6008 req->hdr.Id.SyncId.ProcessId = cpu_to_le32(pid);
6009 req->LockCount = cpu_to_le16(num_lock);
6011 req->PersistentFileId = persist_fid;
6012 req->VolatileFileId = volatile_fid;
6014 count = num_lock * sizeof(struct smb2_lock_element);
6016 iov[0].iov_base = (char *)req;
6017 iov[0].iov_len = total_len - sizeof(struct smb2_lock_element);
6018 iov[1].iov_base = (char *)buf;
6019 iov[1].iov_len = count;
6021 cifs_stats_inc(&tcon->stats.cifs_stats.num_locks);
6023 memset(&rqst, 0, sizeof(struct smb_rqst));
6028 smb2_set_replay(server, &rqst);
6030 rc = cifs_send_recv(xid, tcon->ses, server,
6031 &rqst, &resp_buf_type, flags,
6033 cifs_small_buf_release(req);
6035 cifs_dbg(FYI, "Send error in smb2_lockv = %d\n", rc);
6036 cifs_stats_fail_inc(tcon, SMB2_LOCK_HE);
6037 trace_smb3_lock_err(xid, persist_fid, tcon->tid,
6038 tcon->ses->Suid, rc);
6041 if (is_replayable_error(rc) &&
6042 smb2_should_replay(tcon, &retries, &cur_sleep))
6049 SMB2_lock(const unsigned int xid, struct cifs_tcon *tcon,
6050 const __u64 persist_fid, const __u64 volatile_fid, const __u32 pid,
6051 const __u64 length, const __u64 offset, const __u32 lock_flags,
6054 struct smb2_lock_element lock;
6056 lock.Offset = cpu_to_le64(offset);
6057 lock.Length = cpu_to_le64(length);
6058 lock.Flags = cpu_to_le32(lock_flags);
6059 if (!wait && lock_flags != SMB2_LOCKFLAG_UNLOCK)
6060 lock.Flags |= cpu_to_le32(SMB2_LOCKFLAG_FAIL_IMMEDIATELY);
6062 return smb2_lockv(xid, tcon, persist_fid, volatile_fid, pid, 1, &lock);
6066 SMB2_lease_break(const unsigned int xid, struct cifs_tcon *tcon,
6067 __u8 *lease_key, const __le32 lease_state)
6069 struct smb_rqst rqst;
6071 struct smb2_lease_ack *req = NULL;
6072 struct cifs_ses *ses = tcon->ses;
6073 int flags = CIFS_OBREAK_OP;
6074 unsigned int total_len;
6076 struct kvec rsp_iov;
6078 __u64 *please_key_high;
6079 __u64 *please_key_low;
6080 struct TCP_Server_Info *server = cifs_pick_channel(tcon->ses);
6082 cifs_dbg(FYI, "SMB2_lease_break\n");
6083 rc = smb2_plain_req_init(SMB2_OPLOCK_BREAK, tcon, server,
6084 (void **) &req, &total_len);
6088 if (smb3_encryption_required(tcon))
6089 flags |= CIFS_TRANSFORM_REQ;
6091 req->hdr.CreditRequest = cpu_to_le16(1);
6092 req->StructureSize = cpu_to_le16(36);
6095 memcpy(req->LeaseKey, lease_key, 16);
6096 req->LeaseState = lease_state;
6098 flags |= CIFS_NO_RSP_BUF;
6100 iov[0].iov_base = (char *)req;
6101 iov[0].iov_len = total_len;
6103 memset(&rqst, 0, sizeof(struct smb_rqst));
6107 rc = cifs_send_recv(xid, ses, server,
6108 &rqst, &resp_buf_type, flags, &rsp_iov);
6109 cifs_small_buf_release(req);
6111 please_key_low = (__u64 *)lease_key;
6112 please_key_high = (__u64 *)(lease_key+8);
6114 cifs_stats_fail_inc(tcon, SMB2_OPLOCK_BREAK_HE);
6115 trace_smb3_lease_err(le32_to_cpu(lease_state), tcon->tid,
6116 ses->Suid, *please_key_low, *please_key_high, rc);
6117 cifs_dbg(FYI, "Send error in Lease Break = %d\n", rc);
6119 trace_smb3_lease_done(le32_to_cpu(lease_state), tcon->tid,
6120 ses->Suid, *please_key_low, *please_key_high);