fs/cifs/smb2pdu.c

0001 // SPDX-License-Identifier: LGPL-2.1
0002 /*
0003  *
0004  *   Copyright (C) International Business Machines  Corp., 2009, 2013
0005  *                 Etersoft, 2012
0006  *   Author(s): Steve French (sfrench@us.ibm.com)
0007  *              Pavel Shilovsky (pshilovsky@samba.org) 2012
0008  *
0009  *   Contains the routines for constructing the SMB2 PDUs themselves
0010  *
0011  */
0012
0013  /* SMB2 PDU handling routines here - except for leftovers (eg session setup) */
0014  /* Note that there are handle based routines which must be           */
0015  /* treated slightly differently for reconnection purposes since we never     */
0016  /* want to reuse a stale file handle and only the caller knows the file info */
0017
0018 #include <linux/fs.h>
0019 #include <linux/kernel.h>
0020 #include <linux/vfs.h>
0021 #include <linux/task_io_accounting_ops.h>
0022 #include <linux/uaccess.h>
0023 #include <linux/uuid.h>
0024 #include <linux/pagemap.h>
0025 #include <linux/xattr.h>
0026 #include "cifsglob.h"
0027 #include "cifsacl.h"
0028 #include "cifsproto.h"
0029 #include "smb2proto.h"
0030 #include "cifs_unicode.h"
0031 #include "cifs_debug.h"
0032 #include "ntlmssp.h"
0033 #include "smb2status.h"
0034 #include "smb2glob.h"
0035 #include "cifspdu.h"
0036 #include "cifs_spnego.h"
0037 #include "smbdirect.h"
0038 #include "trace.h"
0039 #ifdef CONFIG_CIFS_DFS_UPCALL
0040 #include "dfs_cache.h"
0041 #endif
0042 #include "cached_dir.h"
0043
0044 /*
0045  *  The following table defines the expected "StructureSize" of SMB2 requests
0046  *  in order by SMB2 command.  This is similar to "wct" in SMB/CIFS requests.
0047  *
0048  *  Note that commands are defined in smb2pdu.h in le16 but the array below is
0049  *  indexed by command in host byte order.
0050  */
0051 static const int smb2_req_struct_sizes[NUMBER_OF_SMB2_COMMANDS] = {
0052     /* SMB2_NEGOTIATE */ 36,
0053     /* SMB2_SESSION_SETUP */ 25,
0054     /* SMB2_LOGOFF */ 4,
0055     /* SMB2_TREE_CONNECT */ 9,
0056     /* SMB2_TREE_DISCONNECT */ 4,
0057     /* SMB2_CREATE */ 57,
0058     /* SMB2_CLOSE */ 24,
0059     /* SMB2_FLUSH */ 24,
0060     /* SMB2_READ */ 49,
0061     /* SMB2_WRITE */ 49,
0062     /* SMB2_LOCK */ 48,
0063     /* SMB2_IOCTL */ 57,
0064     /* SMB2_CANCEL */ 4,
0065     /* SMB2_ECHO */ 4,
0066     /* SMB2_QUERY_DIRECTORY */ 33,
0067     /* SMB2_CHANGE_NOTIFY */ 32,
0068     /* SMB2_QUERY_INFO */ 41,
0069     /* SMB2_SET_INFO */ 33,
0070     /* SMB2_OPLOCK_BREAK */ 24 /* BB this is 36 for LEASE_BREAK variant */
0071 };
0072
0073 int smb3_encryption_required(const struct cifs_tcon *tcon)
0074 {
0075     if (!tcon || !tcon->ses)
0076         return 0;
0077     if ((tcon->ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) ||
0078         (tcon->share_flags & SHI1005_FLAGS_ENCRYPT_DATA))
0079         return 1;
0080     if (tcon->seal &&
0081         (tcon->ses->server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION))
0082         return 1;
0083     return 0;
0084 }
0085
0086 static void
0087 smb2_hdr_assemble(struct smb2_hdr *shdr, __le16 smb2_cmd,
0088           const struct cifs_tcon *tcon,
0089           struct TCP_Server_Info *server)
0090 {
0091     shdr->ProtocolId = SMB2_PROTO_NUMBER;
0092     shdr->StructureSize = cpu_to_le16(64);
0093     shdr->Command = smb2_cmd;
0094     if (server) {
0095         spin_lock(&server->req_lock);
0096         /* Request up to 10 credits but don't go over the limit. */
0097         if (server->credits >= server->max_credits)
0098             shdr->CreditRequest = cpu_to_le16(0);
0099         else
0100             shdr->CreditRequest = cpu_to_le16(
0101                 min_t(int, server->max_credits -
0102                         server->credits, 10));
0103         spin_unlock(&server->req_lock);
0104     } else {
0105         shdr->CreditRequest = cpu_to_le16(2);
0106     }
0107     shdr->Id.SyncId.ProcessId = cpu_to_le32((__u16)current->tgid);
0108
0109     if (!tcon)
0110         goto out;
0111
0112     /* GLOBAL_CAP_LARGE_MTU will only be set if dialect > SMB2.02 */
0113     /* See sections 2.2.4 and 3.2.4.1.5 of MS-SMB2 */
0114     if (server && (server->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU))
0115         shdr->CreditCharge = cpu_to_le16(1);
0116     /* else CreditCharge MBZ */
0117
0118     shdr->Id.SyncId.TreeId = cpu_to_le32(tcon->tid);
0119     /* Uid is not converted */
0120     if (tcon->ses)
0121         shdr->SessionId = cpu_to_le64(tcon->ses->Suid);
0122
0123     /*
0124      * If we would set SMB2_FLAGS_DFS_OPERATIONS on open we also would have
0125      * to pass the path on the Open SMB prefixed by \\server\share.
0126      * Not sure when we would need to do the augmented path (if ever) and
0127      * setting this flag breaks the SMB2 open operation since it is
0128      * illegal to send an empty path name (without \\server\share prefix)
0129      * when the DFS flag is set in the SMB open header. We could
0130      * consider setting the flag on all operations other than open
0131      * but it is safer to net set it for now.
0132      */
0133 /*  if (tcon->share_flags & SHI1005_FLAGS_DFS)
0134         shdr->Flags |= SMB2_FLAGS_DFS_OPERATIONS; */
0135
0136     if (server && server->sign && !smb3_encryption_required(tcon))
0137         shdr->Flags |= SMB2_FLAGS_SIGNED;
0138 out:
0139     return;
0140 }
0141
0142 static int
0143 smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon,
0144            struct TCP_Server_Info *server)
0145 {
0146     int rc = 0;
0147     struct nls_table *nls_codepage;
0148     struct cifs_ses *ses;
0149     int retries;
0150
0151     /*
0152      * SMB2s NegProt, SessSetup, Logoff do not have tcon yet so
0153      * check for tcp and smb session status done differently
0154      * for those three - in the calling routine.
0155      */
0156     if (tcon == NULL)
0157         return 0;
0158
0159     /*
0160      * Need to also skip SMB2_IOCTL because it is used for checking nested dfs links in
0161      * cifs_tree_connect().
0162      */
0163     if (smb2_command == SMB2_TREE_CONNECT || smb2_command == SMB2_IOCTL)
0164         return 0;
0165
0166     spin_lock(&tcon->tc_lock);
0167     if (tcon->status == TID_EXITING) {
0168         /*
0169          * only tree disconnect, open, and write,
0170          * (and ulogoff which does not have tcon)
0171          * are allowed as we start force umount.
0172          */
0173         if ((smb2_command != SMB2_WRITE) &&
0174            (smb2_command != SMB2_CREATE) &&
0175            (smb2_command != SMB2_TREE_DISCONNECT)) {
0176             spin_unlock(&tcon->tc_lock);
0177             cifs_dbg(FYI, "can not send cmd %d while umounting\n",
0178                  smb2_command);
0179             return -ENODEV;
0180         }
0181     }
0182     spin_unlock(&tcon->tc_lock);
0183     if ((!tcon->ses) || (tcon->ses->ses_status == SES_EXITING) ||
0184         (!tcon->ses->server) || !server)
0185         return -EIO;
0186
0187     ses = tcon->ses;
0188     retries = server->nr_targets;
0189
0190     /*
0191      * Give demultiplex thread up to 10 seconds to each target available for
0192      * reconnect -- should be greater than cifs socket timeout which is 7
0193      * seconds.
0194      */
0195     while (server->tcpStatus == CifsNeedReconnect) {
0196         /*
0197          * Return to caller for TREE_DISCONNECT and LOGOFF and CLOSE
0198          * here since they are implicitly done when session drops.
0199          */
0200         switch (smb2_command) {
0201         /*
0202          * BB Should we keep oplock break and add flush to exceptions?
0203          */
0204         case SMB2_TREE_DISCONNECT:
0205         case SMB2_CANCEL:
0206         case SMB2_CLOSE:
0207         case SMB2_OPLOCK_BREAK:
0208             return -EAGAIN;
0209         }
0210
0211         rc = wait_event_interruptible_timeout(server->response_q,
0212                               (server->tcpStatus != CifsNeedReconnect),
0213                               10 * HZ);
0214         if (rc < 0) {
0215             cifs_dbg(FYI, "%s: aborting reconnect due to a received signal by the process\n",
0216                  __func__);
0217             return -ERESTARTSYS;
0218         }
0219
0220         /* are we still trying to reconnect? */
0221         spin_lock(&server->srv_lock);
0222         if (server->tcpStatus != CifsNeedReconnect) {
0223             spin_unlock(&server->srv_lock);
0224             break;
0225         }
0226         spin_unlock(&server->srv_lock);
0227
0228         if (retries && --retries)
0229             continue;
0230
0231         /*
0232          * on "soft" mounts we wait once. Hard mounts keep
0233          * retrying until process is killed or server comes
0234          * back on-line
0235          */
0236         if (!tcon->retry) {
0237             cifs_dbg(FYI, "gave up waiting on reconnect in smb_init\n");
0238             return -EHOSTDOWN;
0239         }
0240         retries = server->nr_targets;
0241     }
0242
0243     spin_lock(&ses->chan_lock);
0244     if (!cifs_chan_needs_reconnect(ses, server) && !tcon->need_reconnect) {
0245         spin_unlock(&ses->chan_lock);
0246         return 0;
0247     }
0248     spin_unlock(&ses->chan_lock);
0249     cifs_dbg(FYI, "sess reconnect mask: 0x%lx, tcon reconnect: %d",
0250          tcon->ses->chans_need_reconnect,
0251          tcon->need_reconnect);
0252
0253     nls_codepage = load_nls_default();
0254
0255     /*
0256      * Recheck after acquire mutex. If another thread is negotiating
0257      * and the server never sends an answer the socket will be closed
0258      * and tcpStatus set to reconnect.
0259      */
0260     spin_lock(&server->srv_lock);
0261     if (server->tcpStatus == CifsNeedReconnect) {
0262         spin_unlock(&server->srv_lock);
0263         rc = -EHOSTDOWN;
0264         goto out;
0265     }
0266     spin_unlock(&server->srv_lock);
0267
0268     /*
0269      * need to prevent multiple threads trying to simultaneously
0270      * reconnect the same SMB session
0271      */
0272     spin_lock(&ses->chan_lock);
0273     if (!cifs_chan_needs_reconnect(ses, server)) {
0274         spin_unlock(&ses->chan_lock);
0275
0276         /* this means that we only need to tree connect */
0277         if (tcon->need_reconnect)
0278             goto skip_sess_setup;
0279
0280         goto out;
0281     }
0282     spin_unlock(&ses->chan_lock);
0283
0284     mutex_lock(&ses->session_mutex);
0285     rc = cifs_negotiate_protocol(0, ses, server);
0286     if (!rc) {
0287         rc = cifs_setup_session(0, ses, server, nls_codepage);
0288         if ((rc == -EACCES) && !tcon->retry) {
0289             mutex_unlock(&ses->session_mutex);
0290             rc = -EHOSTDOWN;
0291             goto failed;
0292         } else if (rc) {
0293             mutex_unlock(&ses->session_mutex);
0294             goto out;
0295         }
0296     } else {
0297         mutex_unlock(&ses->session_mutex);
0298         goto out;
0299     }
0300     mutex_unlock(&ses->session_mutex);
0301
0302 skip_sess_setup:
0303     mutex_lock(&ses->session_mutex);
0304     if (!tcon->need_reconnect) {
0305         mutex_unlock(&ses->session_mutex);
0306         goto out;
0307     }
0308     cifs_mark_open_files_invalid(tcon);
0309     if (tcon->use_persistent)
0310         tcon->need_reopen_files = true;
0311
0312     rc = cifs_tree_connect(0, tcon, nls_codepage);
0313     mutex_unlock(&ses->session_mutex);
0314
0315     cifs_dbg(FYI, "reconnect tcon rc = %d\n", rc);
0316     if (rc) {
0317         /* If sess reconnected but tcon didn't, something strange ... */
0318         pr_warn_once("reconnect tcon failed rc = %d\n", rc);
0319         goto out;
0320     }
0321
0322     if (smb2_command != SMB2_INTERNAL_CMD)
0323         mod_delayed_work(cifsiod_wq, &server->reconnect, 0);
0324
0325     atomic_inc(&tconInfoReconnectCount);
0326 out:
0327     /*
0328      * Check if handle based operation so we know whether we can continue
0329      * or not without returning to caller to reset file handle.
0330      */
0331     /*
0332      * BB Is flush done by server on drop of tcp session? Should we special
0333      * case it and skip above?
0334      */
0335     switch (smb2_command) {
0336     case SMB2_FLUSH:
0337     case SMB2_READ:
0338     case SMB2_WRITE:
0339     case SMB2_LOCK:
0340     case SMB2_IOCTL:
0341     case SMB2_QUERY_DIRECTORY:
0342     case SMB2_CHANGE_NOTIFY:
0343     case SMB2_QUERY_INFO:
0344     case SMB2_SET_INFO:
0345         rc = -EAGAIN;
0346     }
0347 failed:
0348     unload_nls(nls_codepage);
0349     return rc;
0350 }
0351
0352 static void
0353 fill_small_buf(__le16 smb2_command, struct cifs_tcon *tcon,
0354            struct TCP_Server_Info *server,
0355            void *buf,
0356            unsigned int *total_len)
0357 {
0358     struct smb2_pdu *spdu = buf;
0359     /* lookup word count ie StructureSize from table */
0360     __u16 parmsize = smb2_req_struct_sizes[le16_to_cpu(smb2_command)];
0361
0362     /*
0363      * smaller than SMALL_BUFFER_SIZE but bigger than fixed area of
0364      * largest operations (Create)
0365      */
0366     memset(buf, 0, 256);
0367
0368     smb2_hdr_assemble(&spdu->hdr, smb2_command, tcon, server);
0369     spdu->StructureSize2 = cpu_to_le16(parmsize);
0370
0371     *total_len = parmsize + sizeof(struct smb2_hdr);
0372 }
0373
0374 /*
0375  * Allocate and return pointer to an SMB request hdr, and set basic
0376  * SMB information in the SMB header. If the return code is zero, this
0377  * function must have filled in request_buf pointer.
0378  */
0379 static int __smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon,
0380                  struct TCP_Server_Info *server,
0381                  void **request_buf, unsigned int *total_len)
0382 {
0383     /* BB eventually switch this to SMB2 specific small buf size */
0384     if (smb2_command == SMB2_SET_INFO)
0385         *request_buf = cifs_buf_get();
0386     else
0387         *request_buf = cifs_small_buf_get();
0388     if (*request_buf == NULL) {
0389         /* BB should we add a retry in here if not a writepage? */
0390         return -ENOMEM;
0391     }
0392
0393     fill_small_buf(smb2_command, tcon, server,
0394                (struct smb2_hdr *)(*request_buf),
0395                total_len);
0396
0397     if (tcon != NULL) {
0398         uint16_t com_code = le16_to_cpu(smb2_command);
0399         cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_sent[com_code]);
0400         cifs_stats_inc(&tcon->num_smbs_sent);
0401     }
0402
0403     return 0;
0404 }
0405
0406 static int smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon,
0407                    struct TCP_Server_Info *server,
0408                    void **request_buf, unsigned int *total_len)
0409 {
0410     int rc;
0411
0412     rc = smb2_reconnect(smb2_command, tcon, server);
0413     if (rc)
0414         return rc;
0415
0416     return __smb2_plain_req_init(smb2_command, tcon, server, request_buf,
0417                      total_len);
0418 }
0419
0420 static int smb2_ioctl_req_init(u32 opcode, struct cifs_tcon *tcon,
0421                    struct TCP_Server_Info *server,
0422                    void **request_buf, unsigned int *total_len)
0423 {
0424     /* Skip reconnect only for FSCTL_VALIDATE_NEGOTIATE_INFO IOCTLs */
0425     if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO) {
0426         return __smb2_plain_req_init(SMB2_IOCTL, tcon, server,
0427                          request_buf, total_len);
0428     }
0429     return smb2_plain_req_init(SMB2_IOCTL, tcon, server,
0430                    request_buf, total_len);
0431 }
0432
0433 /* For explanation of negotiate contexts see MS-SMB2 section 2.2.3.1 */
0434
0435 static void
0436 build_preauth_ctxt(struct smb2_preauth_neg_context *pneg_ctxt)
0437 {
0438     pneg_ctxt->ContextType = SMB2_PREAUTH_INTEGRITY_CAPABILITIES;
0439     pneg_ctxt->DataLength = cpu_to_le16(38);
0440     pneg_ctxt->HashAlgorithmCount = cpu_to_le16(1);
0441     pneg_ctxt->SaltLength = cpu_to_le16(SMB311_SALT_SIZE);
0442     get_random_bytes(pneg_ctxt->Salt, SMB311_SALT_SIZE);
0443     pneg_ctxt->HashAlgorithms = SMB2_PREAUTH_INTEGRITY_SHA512;
0444 }
0445
0446 static void
0447 build_compression_ctxt(struct smb2_compression_capabilities_context *pneg_ctxt)
0448 {
0449     pneg_ctxt->ContextType = SMB2_COMPRESSION_CAPABILITIES;
0450     pneg_ctxt->DataLength =
0451         cpu_to_le16(sizeof(struct smb2_compression_capabilities_context)
0452               - sizeof(struct smb2_neg_context));
0453     pneg_ctxt->CompressionAlgorithmCount = cpu_to_le16(3);
0454     pneg_ctxt->CompressionAlgorithms[0] = SMB3_COMPRESS_LZ77;
0455     pneg_ctxt->CompressionAlgorithms[1] = SMB3_COMPRESS_LZ77_HUFF;
0456     pneg_ctxt->CompressionAlgorithms[2] = SMB3_COMPRESS_LZNT1;
0457 }
0458
0459 static unsigned int
0460 build_signing_ctxt(struct smb2_signing_capabilities *pneg_ctxt)
0461 {
0462     unsigned int ctxt_len = sizeof(struct smb2_signing_capabilities);
0463     unsigned short num_algs = 1; /* number of signing algorithms sent */
0464
0465     pneg_ctxt->ContextType = SMB2_SIGNING_CAPABILITIES;
0466     /*
0467      * Context Data length must be rounded to multiple of 8 for some servers
0468      */
0469     pneg_ctxt->DataLength = cpu_to_le16(DIV_ROUND_UP(
0470                 sizeof(struct smb2_signing_capabilities) -
0471                 sizeof(struct smb2_neg_context) +
0472                 (num_algs * 2 /* sizeof u16 */), 8) * 8);
0473     pneg_ctxt->SigningAlgorithmCount = cpu_to_le16(num_algs);
0474     pneg_ctxt->SigningAlgorithms[0] = cpu_to_le16(SIGNING_ALG_AES_CMAC);
0475
0476     ctxt_len += 2 /* sizeof le16 */ * num_algs;
0477     ctxt_len = DIV_ROUND_UP(ctxt_len, 8) * 8;
0478     return ctxt_len;
0479     /* TBD add SIGNING_ALG_AES_GMAC and/or SIGNING_ALG_HMAC_SHA256 */
0480 }
0481
0482 static void
0483 build_encrypt_ctxt(struct smb2_encryption_neg_context *pneg_ctxt)
0484 {
0485     pneg_ctxt->ContextType = SMB2_ENCRYPTION_CAPABILITIES;
0486     if (require_gcm_256) {
0487         pneg_ctxt->DataLength = cpu_to_le16(4); /* Cipher Count + 1 cipher */
0488         pneg_ctxt->CipherCount = cpu_to_le16(1);
0489         pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES256_GCM;
0490     } else if (enable_gcm_256) {
0491         pneg_ctxt->DataLength = cpu_to_le16(8); /* Cipher Count + 3 ciphers */
0492         pneg_ctxt->CipherCount = cpu_to_le16(3);
0493         pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES128_GCM;
0494         pneg_ctxt->Ciphers[1] = SMB2_ENCRYPTION_AES256_GCM;
0495         pneg_ctxt->Ciphers[2] = SMB2_ENCRYPTION_AES128_CCM;
0496     } else {
0497         pneg_ctxt->DataLength = cpu_to_le16(6); /* Cipher Count + 2 ciphers */
0498         pneg_ctxt->CipherCount = cpu_to_le16(2);
0499         pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES128_GCM;
0500         pneg_ctxt->Ciphers[1] = SMB2_ENCRYPTION_AES128_CCM;
0501     }
0502 }
0503
0504 static unsigned int
0505 build_netname_ctxt(struct smb2_netname_neg_context *pneg_ctxt, char *hostname)
0506 {
0507     struct nls_table *cp = load_nls_default();
0508
0509     pneg_ctxt->ContextType = SMB2_NETNAME_NEGOTIATE_CONTEXT_ID;
0510
0511     /* copy up to max of first 100 bytes of server name to NetName field */
0512     pneg_ctxt->DataLength = cpu_to_le16(2 * cifs_strtoUTF16(pneg_ctxt->NetName, hostname, 100, cp));
0513     /* context size is DataLength + minimal smb2_neg_context */
0514     return DIV_ROUND_UP(le16_to_cpu(pneg_ctxt->DataLength) +
0515             sizeof(struct smb2_neg_context), 8) * 8;
0516 }
0517
0518 static void
0519 build_posix_ctxt(struct smb2_posix_neg_context *pneg_ctxt)
0520 {
0521     pneg_ctxt->ContextType = SMB2_POSIX_EXTENSIONS_AVAILABLE;
0522     pneg_ctxt->DataLength = cpu_to_le16(POSIX_CTXT_DATA_LEN);
0523     /* SMB2_CREATE_TAG_POSIX is "0x93AD25509CB411E7B42383DE968BCD7C" */
0524     pneg_ctxt->Name[0] = 0x93;
0525     pneg_ctxt->Name[1] = 0xAD;
0526     pneg_ctxt->Name[2] = 0x25;
0527     pneg_ctxt->Name[3] = 0x50;
0528     pneg_ctxt->Name[4] = 0x9C;
0529     pneg_ctxt->Name[5] = 0xB4;
0530     pneg_ctxt->Name[6] = 0x11;
0531     pneg_ctxt->Name[7] = 0xE7;
0532     pneg_ctxt->Name[8] = 0xB4;
0533     pneg_ctxt->Name[9] = 0x23;
0534     pneg_ctxt->Name[10] = 0x83;
0535     pneg_ctxt->Name[11] = 0xDE;
0536     pneg_ctxt->Name[12] = 0x96;
0537     pneg_ctxt->Name[13] = 0x8B;
0538     pneg_ctxt->Name[14] = 0xCD;
0539     pneg_ctxt->Name[15] = 0x7C;
0540 }
0541
0542 static void
0543 assemble_neg_contexts(struct smb2_negotiate_req *req,
0544               struct TCP_Server_Info *server, unsigned int *total_len)
0545 {
0546     char *pneg_ctxt;
0547     char *hostname = NULL;
0548     unsigned int ctxt_len, neg_context_count;
0549
0550     if (*total_len > 200) {
0551         /* In case length corrupted don't want to overrun smb buffer */
0552         cifs_server_dbg(VFS, "Bad frame length assembling neg contexts\n");
0553         return;
0554     }
0555
0556     /*
0557      * round up total_len of fixed part of SMB3 negotiate request to 8
0558      * byte boundary before adding negotiate contexts
0559      */
0560     *total_len = roundup(*total_len, 8);
0561
0562     pneg_ctxt = (*total_len) + (char *)req;
0563     req->NegotiateContextOffset = cpu_to_le32(*total_len);
0564
0565     build_preauth_ctxt((struct smb2_preauth_neg_context *)pneg_ctxt);
0566     ctxt_len = DIV_ROUND_UP(sizeof(struct smb2_preauth_neg_context), 8) * 8;
0567     *total_len += ctxt_len;
0568     pneg_ctxt += ctxt_len;
0569
0570     build_encrypt_ctxt((struct smb2_encryption_neg_context *)pneg_ctxt);
0571     ctxt_len = DIV_ROUND_UP(sizeof(struct smb2_encryption_neg_context), 8) * 8;
0572     *total_len += ctxt_len;
0573     pneg_ctxt += ctxt_len;
0574
0575     /*
0576      * secondary channels don't have the hostname field populated
0577      * use the hostname field in the primary channel instead
0578      */
0579     hostname = CIFS_SERVER_IS_CHAN(server) ?
0580         server->primary_server->hostname : server->hostname;
0581     if (hostname && (hostname[0] != 0)) {
0582         ctxt_len = build_netname_ctxt((struct smb2_netname_neg_context *)pneg_ctxt,
0583                           hostname);
0584         *total_len += ctxt_len;
0585         pneg_ctxt += ctxt_len;
0586         neg_context_count = 3;
0587     } else
0588         neg_context_count = 2;
0589
0590     build_posix_ctxt((struct smb2_posix_neg_context *)pneg_ctxt);
0591     *total_len += sizeof(struct smb2_posix_neg_context);
0592     pneg_ctxt += sizeof(struct smb2_posix_neg_context);
0593     neg_context_count++;
0594
0595     if (server->compress_algorithm) {
0596         build_compression_ctxt((struct smb2_compression_capabilities_context *)
0597                 pneg_ctxt);
0598         ctxt_len = DIV_ROUND_UP(
0599             sizeof(struct smb2_compression_capabilities_context),
0600                 8) * 8;
0601         *total_len += ctxt_len;
0602         pneg_ctxt += ctxt_len;
0603         neg_context_count++;
0604     }
0605
0606     if (enable_negotiate_signing) {
0607         ctxt_len = build_signing_ctxt((struct smb2_signing_capabilities *)
0608                 pneg_ctxt);
0609         *total_len += ctxt_len;
0610         pneg_ctxt += ctxt_len;
0611         neg_context_count++;
0612     }
0613
0614     /* check for and add transport_capabilities and signing capabilities */
0615     req->NegotiateContextCount = cpu_to_le16(neg_context_count);
0616
0617 }
0618
0619 static void decode_preauth_context(struct smb2_preauth_neg_context *ctxt)
0620 {
0621     unsigned int len = le16_to_cpu(ctxt->DataLength);
0622
0623     /* If invalid preauth context warn but use what we requested, SHA-512 */
0624     if (len < MIN_PREAUTH_CTXT_DATA_LEN) {
0625         pr_warn_once("server sent bad preauth context\n");
0626         return;
0627     } else if (len < MIN_PREAUTH_CTXT_DATA_LEN + le16_to_cpu(ctxt->SaltLength)) {
0628         pr_warn_once("server sent invalid SaltLength\n");
0629         return;
0630     }
0631     if (le16_to_cpu(ctxt->HashAlgorithmCount) != 1)
0632         pr_warn_once("Invalid SMB3 hash algorithm count\n");
0633     if (ctxt->HashAlgorithms != SMB2_PREAUTH_INTEGRITY_SHA512)
0634         pr_warn_once("unknown SMB3 hash algorithm\n");
0635 }
0636
0637 static void decode_compress_ctx(struct TCP_Server_Info *server,
0638              struct smb2_compression_capabilities_context *ctxt)
0639 {
0640     unsigned int len = le16_to_cpu(ctxt->DataLength);
0641
0642     /* sizeof compress context is a one element compression capbility struct */
0643     if (len < 10) {
0644         pr_warn_once("server sent bad compression cntxt\n");
0645         return;
0646     }
0647     if (le16_to_cpu(ctxt->CompressionAlgorithmCount) != 1) {
0648         pr_warn_once("Invalid SMB3 compress algorithm count\n");
0649         return;
0650     }
0651     if (le16_to_cpu(ctxt->CompressionAlgorithms[0]) > 3) {
0652         pr_warn_once("unknown compression algorithm\n");
0653         return;
0654     }
0655     server->compress_algorithm = ctxt->CompressionAlgorithms[0];
0656 }
0657
0658 static int decode_encrypt_ctx(struct TCP_Server_Info *server,
0659                   struct smb2_encryption_neg_context *ctxt)
0660 {
0661     unsigned int len = le16_to_cpu(ctxt->DataLength);
0662
0663     cifs_dbg(FYI, "decode SMB3.11 encryption neg context of len %d\n", len);
0664     if (len < MIN_ENCRYPT_CTXT_DATA_LEN) {
0665         pr_warn_once("server sent bad crypto ctxt len\n");
0666         return -EINVAL;
0667     }
0668
0669     if (le16_to_cpu(ctxt->CipherCount) != 1) {
0670         pr_warn_once("Invalid SMB3.11 cipher count\n");
0671         return -EINVAL;
0672     }
0673     cifs_dbg(FYI, "SMB311 cipher type:%d\n", le16_to_cpu(ctxt->Ciphers[0]));
0674     if (require_gcm_256) {
0675         if (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES256_GCM) {
0676             cifs_dbg(VFS, "Server does not support requested encryption type (AES256 GCM)\n");
0677             return -EOPNOTSUPP;
0678         }
0679     } else if (ctxt->Ciphers[0] == 0) {
0680         /*
0681          * e.g. if server only supported AES256_CCM (very unlikely)
0682          * or server supported no encryption types or had all disabled.
0683          * Since GLOBAL_CAP_ENCRYPTION will be not set, in the case
0684          * in which mount requested encryption ("seal") checks later
0685          * on during tree connection will return proper rc, but if
0686          * seal not requested by client, since server is allowed to
0687          * return 0 to indicate no supported cipher, we can't fail here
0688          */
0689         server->cipher_type = 0;
0690         server->capabilities &= ~SMB2_GLOBAL_CAP_ENCRYPTION;
0691         pr_warn_once("Server does not support requested encryption types\n");
0692         return 0;
0693     } else if ((ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_CCM) &&
0694            (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_GCM) &&
0695            (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES256_GCM)) {
0696         /* server returned a cipher we didn't ask for */
0697         pr_warn_once("Invalid SMB3.11 cipher returned\n");
0698         return -EINVAL;
0699     }
0700     server->cipher_type = ctxt->Ciphers[0];
0701     server->capabilities |= SMB2_GLOBAL_CAP_ENCRYPTION;
0702     return 0;
0703 }
0704
0705 static void decode_signing_ctx(struct TCP_Server_Info *server,
0706                    struct smb2_signing_capabilities *pctxt)
0707 {
0708     unsigned int len = le16_to_cpu(pctxt->DataLength);
0709
0710     if ((len < 4) || (len > 16)) {
0711         pr_warn_once("server sent bad signing negcontext\n");
0712         return;
0713     }
0714     if (le16_to_cpu(pctxt->SigningAlgorithmCount) != 1) {
0715         pr_warn_once("Invalid signing algorithm count\n");
0716         return;
0717     }
0718     if (le16_to_cpu(pctxt->SigningAlgorithms[0]) > 2) {
0719         pr_warn_once("unknown signing algorithm\n");
0720         return;
0721     }
0722
0723     server->signing_negotiated = true;
0724     server->signing_algorithm = le16_to_cpu(pctxt->SigningAlgorithms[0]);
0725     cifs_dbg(FYI, "signing algorithm %d chosen\n",
0726              server->signing_algorithm);
0727 }
0728
0729
0730 static int smb311_decode_neg_context(struct smb2_negotiate_rsp *rsp,
0731                      struct TCP_Server_Info *server,
0732                      unsigned int len_of_smb)
0733 {
0734     struct smb2_neg_context *pctx;
0735     unsigned int offset = le32_to_cpu(rsp->NegotiateContextOffset);
0736     unsigned int ctxt_cnt = le16_to_cpu(rsp->NegotiateContextCount);
0737     unsigned int len_of_ctxts, i;
0738     int rc = 0;
0739
0740     cifs_dbg(FYI, "decoding %d negotiate contexts\n", ctxt_cnt);
0741     if (len_of_smb <= offset) {
0742         cifs_server_dbg(VFS, "Invalid response: negotiate context offset\n");
0743         return -EINVAL;
0744     }
0745
0746     len_of_ctxts = len_of_smb - offset;
0747
0748     for (i = 0; i < ctxt_cnt; i++) {
0749         int clen;
0750         /* check that offset is not beyond end of SMB */
0751         if (len_of_ctxts == 0)
0752             break;
0753
0754         if (len_of_ctxts < sizeof(struct smb2_neg_context))
0755             break;
0756
0757         pctx = (struct smb2_neg_context *)(offset + (char *)rsp);
0758         clen = le16_to_cpu(pctx->DataLength);
0759         if (clen > len_of_ctxts)
0760             break;
0761
0762         if (pctx->ContextType == SMB2_PREAUTH_INTEGRITY_CAPABILITIES)
0763             decode_preauth_context(
0764                 (struct smb2_preauth_neg_context *)pctx);
0765         else if (pctx->ContextType == SMB2_ENCRYPTION_CAPABILITIES)
0766             rc = decode_encrypt_ctx(server,
0767                 (struct smb2_encryption_neg_context *)pctx);
0768         else if (pctx->ContextType == SMB2_COMPRESSION_CAPABILITIES)
0769             decode_compress_ctx(server,
0770                 (struct smb2_compression_capabilities_context *)pctx);
0771         else if (pctx->ContextType == SMB2_POSIX_EXTENSIONS_AVAILABLE)
0772             server->posix_ext_supported = true;
0773         else if (pctx->ContextType == SMB2_SIGNING_CAPABILITIES)
0774             decode_signing_ctx(server,
0775                 (struct smb2_signing_capabilities *)pctx);
0776         else
0777             cifs_server_dbg(VFS, "unknown negcontext of type %d ignored\n",
0778                 le16_to_cpu(pctx->ContextType));
0779
0780         if (rc)
0781             break;
0782         /* offsets must be 8 byte aligned */
0783         clen = (clen + 7) & ~0x7;
0784         offset += clen + sizeof(struct smb2_neg_context);
0785         len_of_ctxts -= clen;
0786     }
0787     return rc;
0788 }
0789
0790 static struct create_posix *
0791 create_posix_buf(umode_t mode)
0792 {
0793     struct create_posix *buf;
0794
0795     buf = kzalloc(sizeof(struct create_posix),
0796             GFP_KERNEL);
0797     if (!buf)
0798         return NULL;
0799
0800     buf->ccontext.DataOffset =
0801         cpu_to_le16(offsetof(struct create_posix, Mode));
0802     buf->ccontext.DataLength = cpu_to_le32(4);
0803     buf->ccontext.NameOffset =
0804         cpu_to_le16(offsetof(struct create_posix, Name));
0805     buf->ccontext.NameLength = cpu_to_le16(16);
0806
0807     /* SMB2_CREATE_TAG_POSIX is "0x93AD25509CB411E7B42383DE968BCD7C" */
0808     buf->Name[0] = 0x93;
0809     buf->Name[1] = 0xAD;
0810     buf->Name[2] = 0x25;
0811     buf->Name[3] = 0x50;
0812     buf->Name[4] = 0x9C;
0813     buf->Name[5] = 0xB4;
0814     buf->Name[6] = 0x11;
0815     buf->Name[7] = 0xE7;
0816     buf->Name[8] = 0xB4;
0817     buf->Name[9] = 0x23;
0818     buf->Name[10] = 0x83;
0819     buf->Name[11] = 0xDE;
0820     buf->Name[12] = 0x96;
0821     buf->Name[13] = 0x8B;
0822     buf->Name[14] = 0xCD;
0823     buf->Name[15] = 0x7C;
0824     buf->Mode = cpu_to_le32(mode);
0825     cifs_dbg(FYI, "mode on posix create 0%o\n", mode);
0826     return buf;
0827 }
0828
0829 static int
0830 add_posix_context(struct kvec *iov, unsigned int *num_iovec, umode_t mode)
0831 {
0832     struct smb2_create_req *req = iov[0].iov_base;
0833     unsigned int num = *num_iovec;
0834
0835     iov[num].iov_base = create_posix_buf(mode);
0836     if (mode == ACL_NO_MODE)
0837         cifs_dbg(FYI, "Invalid mode\n");
0838     if (iov[num].iov_base == NULL)
0839         return -ENOMEM;
0840     iov[num].iov_len = sizeof(struct create_posix);
0841     if (!req->CreateContextsOffset)
0842         req->CreateContextsOffset = cpu_to_le32(
0843                 sizeof(struct smb2_create_req) +
0844                 iov[num - 1].iov_len);
0845     le32_add_cpu(&req->CreateContextsLength, sizeof(struct create_posix));
0846     *num_iovec = num + 1;
0847     return 0;
0848 }
0849
0850
0851 /*
0852  *
0853  *  SMB2 Worker functions follow:
0854  *
0855  *  The general structure of the worker functions is:
0856  *  1) Call smb2_init (assembles SMB2 header)
0857  *  2) Initialize SMB2 command specific fields in fixed length area of SMB
0858  *  3) Call smb_sendrcv2 (sends request on socket and waits for response)
0859  *  4) Decode SMB2 command specific fields in the fixed length area
0860  *  5) Decode variable length data area (if any for this SMB2 command type)
0861  *  6) Call free smb buffer
0862  *  7) return
0863  *
0864  */
0865
0866 int
0867 SMB2_negotiate(const unsigned int xid,
0868            struct cifs_ses *ses,
0869            struct TCP_Server_Info *server)
0870 {
0871     struct smb_rqst rqst;
0872     struct smb2_negotiate_req *req;
0873     struct smb2_negotiate_rsp *rsp;
0874     struct kvec iov[1];
0875     struct kvec rsp_iov;
0876     int rc = 0;
0877     int resp_buftype;
0878     int blob_offset, blob_length;
0879     char *security_blob;
0880     int flags = CIFS_NEG_OP;
0881     unsigned int total_len;
0882
0883     cifs_dbg(FYI, "Negotiate protocol\n");
0884
0885     if (!server) {
0886         WARN(1, "%s: server is NULL!\n", __func__);
0887         return -EIO;
0888     }
0889
0890     rc = smb2_plain_req_init(SMB2_NEGOTIATE, NULL, server,
0891                  (void **) &req, &total_len);
0892     if (rc)
0893         return rc;
0894
0895     req->hdr.SessionId = 0;
0896
0897     memset(server->preauth_sha_hash, 0, SMB2_PREAUTH_HASH_SIZE);
0898     memset(ses->preauth_sha_hash, 0, SMB2_PREAUTH_HASH_SIZE);
0899
0900     if (strcmp(server->vals->version_string,
0901            SMB3ANY_VERSION_STRING) == 0) {
0902         req->Dialects[0] = cpu_to_le16(SMB30_PROT_ID);
0903         req->Dialects[1] = cpu_to_le16(SMB302_PROT_ID);
0904         req->Dialects[2] = cpu_to_le16(SMB311_PROT_ID);
0905         req->DialectCount = cpu_to_le16(3);
0906         total_len += 6;
0907     } else if (strcmp(server->vals->version_string,
0908            SMBDEFAULT_VERSION_STRING) == 0) {
0909         req->Dialects[0] = cpu_to_le16(SMB21_PROT_ID);
0910         req->Dialects[1] = cpu_to_le16(SMB30_PROT_ID);
0911         req->Dialects[2] = cpu_to_le16(SMB302_PROT_ID);
0912         req->Dialects[3] = cpu_to_le16(SMB311_PROT_ID);
0913         req->DialectCount = cpu_to_le16(4);
0914         total_len += 8;
0915     } else {
0916         /* otherwise send specific dialect */
0917         req->Dialects[0] = cpu_to_le16(server->vals->protocol_id);
0918         req->DialectCount = cpu_to_le16(1);
0919         total_len += 2;
0920     }
0921
0922     /* only one of SMB2 signing flags may be set in SMB2 request */
0923     if (ses->sign)
0924         req->SecurityMode = cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED);
0925     else if (global_secflags & CIFSSEC_MAY_SIGN)
0926         req->SecurityMode = cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED);
0927     else
0928         req->SecurityMode = 0;
0929
0930     req->Capabilities = cpu_to_le32(server->vals->req_capabilities);
0931     if (ses->chan_max > 1)
0932         req->Capabilities |= cpu_to_le32(SMB2_GLOBAL_CAP_MULTI_CHANNEL);
0933
0934     /* ClientGUID must be zero for SMB2.02 dialect */
0935     if (server->vals->protocol_id == SMB20_PROT_ID)
0936         memset(req->ClientGUID, 0, SMB2_CLIENT_GUID_SIZE);
0937     else {
0938         memcpy(req->ClientGUID, server->client_guid,
0939             SMB2_CLIENT_GUID_SIZE);
0940         if ((server->vals->protocol_id == SMB311_PROT_ID) ||
0941             (strcmp(server->vals->version_string,
0942              SMB3ANY_VERSION_STRING) == 0) ||
0943             (strcmp(server->vals->version_string,
0944              SMBDEFAULT_VERSION_STRING) == 0))
0945             assemble_neg_contexts(req, server, &total_len);
0946     }
0947     iov[0].iov_base = (char *)req;
0948     iov[0].iov_len = total_len;
0949
0950     memset(&rqst, 0, sizeof(struct smb_rqst));
0951     rqst.rq_iov = iov;
0952     rqst.rq_nvec = 1;
0953
0954     rc = cifs_send_recv(xid, ses, server,
0955                 &rqst, &resp_buftype, flags, &rsp_iov);
0956     cifs_small_buf_release(req);
0957     rsp = (struct smb2_negotiate_rsp *)rsp_iov.iov_base;
0958     /*
0959      * No tcon so can't do
0960      * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
0961      */
0962     if (rc == -EOPNOTSUPP) {
0963         cifs_server_dbg(VFS, "Dialect not supported by server. Consider  specifying vers=1.0 or vers=2.0 on mount for accessing older servers\n");
0964         goto neg_exit;
0965     } else if (rc != 0)
0966         goto neg_exit;
0967
0968     rc = -EIO;
0969     if (strcmp(server->vals->version_string,
0970            SMB3ANY_VERSION_STRING) == 0) {
0971         if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) {
0972             cifs_server_dbg(VFS,
0973                 "SMB2 dialect returned but not requested\n");
0974             goto neg_exit;
0975         } else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) {
0976             cifs_server_dbg(VFS,
0977                 "SMB2.1 dialect returned but not requested\n");
0978             goto neg_exit;
0979         } else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) {
0980             /* ops set to 3.0 by default for default so update */
0981             server->ops = &smb311_operations;
0982             server->vals = &smb311_values;
0983         }
0984     } else if (strcmp(server->vals->version_string,
0985            SMBDEFAULT_VERSION_STRING) == 0) {
0986         if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) {
0987             cifs_server_dbg(VFS,
0988                 "SMB2 dialect returned but not requested\n");
0989             goto neg_exit;
0990         } else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) {
0991             /* ops set to 3.0 by default for default so update */
0992             server->ops = &smb21_operations;
0993             server->vals = &smb21_values;
0994         } else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) {
0995             server->ops = &smb311_operations;
0996             server->vals = &smb311_values;
0997         }
0998     } else if (le16_to_cpu(rsp->DialectRevision) !=
0999                 server->vals->protocol_id) {
1000         /* if requested single dialect ensure returned dialect matched */
1001         cifs_server_dbg(VFS, "Invalid 0x%x dialect returned: not requested\n",
1002                 le16_to_cpu(rsp->DialectRevision));
1003         goto neg_exit;
1004     }
1005
1006     cifs_dbg(FYI, "mode 0x%x\n", rsp->SecurityMode);
1007
1008     if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID))
1009         cifs_dbg(FYI, "negotiated smb2.0 dialect\n");
1010     else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID))
1011         cifs_dbg(FYI, "negotiated smb2.1 dialect\n");
1012     else if (rsp->DialectRevision == cpu_to_le16(SMB30_PROT_ID))
1013         cifs_dbg(FYI, "negotiated smb3.0 dialect\n");
1014     else if (rsp->DialectRevision == cpu_to_le16(SMB302_PROT_ID))
1015         cifs_dbg(FYI, "negotiated smb3.02 dialect\n");
1016     else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID))
1017         cifs_dbg(FYI, "negotiated smb3.1.1 dialect\n");
1018     else {
1019         cifs_server_dbg(VFS, "Invalid dialect returned by server 0x%x\n",
1020                 le16_to_cpu(rsp->DialectRevision));
1021         goto neg_exit;
1022     }
1023
1024     rc = 0;
1025     server->dialect = le16_to_cpu(rsp->DialectRevision);
1026
1027     /*
1028      * Keep a copy of the hash after negprot. This hash will be
1029      * the starting hash value for all sessions made from this
1030      * server.
1031      */
1032     memcpy(server->preauth_sha_hash, ses->preauth_sha_hash,
1033            SMB2_PREAUTH_HASH_SIZE);
1034
1035     /* SMB2 only has an extended negflavor */
1036     server->negflavor = CIFS_NEGFLAVOR_EXTENDED;
1037     /* set it to the maximum buffer size value we can send with 1 credit */
1038     server->maxBuf = min_t(unsigned int, le32_to_cpu(rsp->MaxTransactSize),
1039                    SMB2_MAX_BUFFER_SIZE);
1040     server->max_read = le32_to_cpu(rsp->MaxReadSize);
1041     server->max_write = le32_to_cpu(rsp->MaxWriteSize);
1042     server->sec_mode = le16_to_cpu(rsp->SecurityMode);
1043     if ((server->sec_mode & SMB2_SEC_MODE_FLAGS_ALL) != server->sec_mode)
1044         cifs_dbg(FYI, "Server returned unexpected security mode 0x%x\n",
1045                 server->sec_mode);
1046     server->capabilities = le32_to_cpu(rsp->Capabilities);
1047     /* Internal types */
1048     server->capabilities |= SMB2_NT_FIND | SMB2_LARGE_FILES;
1049
1050     /*
1051      * SMB3.0 supports only 1 cipher and doesn't have a encryption neg context
1052      * Set the cipher type manually.
1053      */
1054     if (server->dialect == SMB30_PROT_ID && (server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION))
1055         server->cipher_type = SMB2_ENCRYPTION_AES128_CCM;
1056
1057     security_blob = smb2_get_data_area_len(&blob_offset, &blob_length,
1058                            (struct smb2_hdr *)rsp);
1059     /*
1060      * See MS-SMB2 section 2.2.4: if no blob, client picks default which
1061      * for us will be
1062      *  ses->sectype = RawNTLMSSP;
1063      * but for time being this is our only auth choice so doesn't matter.
1064      * We just found a server which sets blob length to zero expecting raw.
1065      */
1066     if (blob_length == 0) {
1067         cifs_dbg(FYI, "missing security blob on negprot\n");
1068         server->sec_ntlmssp = true;
1069     }
1070
1071     rc = cifs_enable_signing(server, ses->sign);
1072     if (rc)
1073         goto neg_exit;
1074     if (blob_length) {
1075         rc = decode_negTokenInit(security_blob, blob_length, server);
1076         if (rc == 1)
1077             rc = 0;
1078         else if (rc == 0)
1079             rc = -EIO;
1080     }
1081
1082     if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) {
1083         if (rsp->NegotiateContextCount)
1084             rc = smb311_decode_neg_context(rsp, server,
1085                                rsp_iov.iov_len);
1086         else
1087             cifs_server_dbg(VFS, "Missing expected negotiate contexts\n");
1088     }
1089 neg_exit:
1090     free_rsp_buf(resp_buftype, rsp);
1091     return rc;
1092 }
1093
1094 int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon)
1095 {
1096     int rc;
1097     struct validate_negotiate_info_req *pneg_inbuf;
1098     struct validate_negotiate_info_rsp *pneg_rsp = NULL;
1099     u32 rsplen;
1100     u32 inbuflen; /* max of 4 dialects */
1101     struct TCP_Server_Info *server = tcon->ses->server;
1102
1103     cifs_dbg(FYI, "validate negotiate\n");
1104
1105     /* In SMB3.11 preauth integrity supersedes validate negotiate */
1106     if (server->dialect == SMB311_PROT_ID)
1107         return 0;
1108
1109     /*
1110      * validation ioctl must be signed, so no point sending this if we
1111      * can not sign it (ie are not known user).  Even if signing is not
1112      * required (enabled but not negotiated), in those cases we selectively
1113      * sign just this, the first and only signed request on a connection.
1114      * Having validation of negotiate info  helps reduce attack vectors.
1115      */
1116     if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_GUEST)
1117         return 0; /* validation requires signing */
1118
1119     if (tcon->ses->user_name == NULL) {
1120         cifs_dbg(FYI, "Can't validate negotiate: null user mount\n");
1121         return 0; /* validation requires signing */
1122     }
1123
1124     if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_NULL)
1125         cifs_tcon_dbg(VFS, "Unexpected null user (anonymous) auth flag sent by server\n");
1126
1127     pneg_inbuf = kmalloc(sizeof(*pneg_inbuf), GFP_NOFS);
1128     if (!pneg_inbuf)
1129         return -ENOMEM;
1130
1131     pneg_inbuf->Capabilities =
1132             cpu_to_le32(server->vals->req_capabilities);
1133     if (tcon->ses->chan_max > 1)
1134         pneg_inbuf->Capabilities |= cpu_to_le32(SMB2_GLOBAL_CAP_MULTI_CHANNEL);
1135
1136     memcpy(pneg_inbuf->Guid, server->client_guid,
1137                     SMB2_CLIENT_GUID_SIZE);
1138
1139     if (tcon->ses->sign)
1140         pneg_inbuf->SecurityMode =
1141             cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED);
1142     else if (global_secflags & CIFSSEC_MAY_SIGN)
1143         pneg_inbuf->SecurityMode =
1144             cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED);
1145     else
1146         pneg_inbuf->SecurityMode = 0;
1147
1148
1149     if (strcmp(server->vals->version_string,
1150         SMB3ANY_VERSION_STRING) == 0) {
1151         pneg_inbuf->Dialects[0] = cpu_to_le16(SMB30_PROT_ID);
1152         pneg_inbuf->Dialects[1] = cpu_to_le16(SMB302_PROT_ID);
1153         pneg_inbuf->Dialects[2] = cpu_to_le16(SMB311_PROT_ID);
1154         pneg_inbuf->DialectCount = cpu_to_le16(3);
1155         /* SMB 2.1 not included so subtract one dialect from len */
1156         inbuflen = sizeof(*pneg_inbuf) -
1157                 (sizeof(pneg_inbuf->Dialects[0]));
1158     } else if (strcmp(server->vals->version_string,
1159         SMBDEFAULT_VERSION_STRING) == 0) {
1160         pneg_inbuf->Dialects[0] = cpu_to_le16(SMB21_PROT_ID);
1161         pneg_inbuf->Dialects[1] = cpu_to_le16(SMB30_PROT_ID);
1162         pneg_inbuf->Dialects[2] = cpu_to_le16(SMB302_PROT_ID);
1163         pneg_inbuf->Dialects[3] = cpu_to_le16(SMB311_PROT_ID);
1164         pneg_inbuf->DialectCount = cpu_to_le16(4);
1165         /* structure is big enough for 4 dialects */
1166         inbuflen = sizeof(*pneg_inbuf);
1167     } else {
1168         /* otherwise specific dialect was requested */
1169         pneg_inbuf->Dialects[0] =
1170             cpu_to_le16(server->vals->protocol_id);
1171         pneg_inbuf->DialectCount = cpu_to_le16(1);
1172         /* structure is big enough for 3 dialects, sending only 1 */
1173         inbuflen = sizeof(*pneg_inbuf) -
1174                 sizeof(pneg_inbuf->Dialects[0]) * 2;
1175     }
1176
1177     rc = SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID,
1178         FSCTL_VALIDATE_NEGOTIATE_INFO,
1179         (char *)pneg_inbuf, inbuflen, CIFSMaxBufSize,
1180         (char **)&pneg_rsp, &rsplen);
1181     if (rc == -EOPNOTSUPP) {
1182         /*
1183          * Old Windows versions or Netapp SMB server can return
1184          * not supported error. Client should accept it.
1185          */
1186         cifs_tcon_dbg(VFS, "Server does not support validate negotiate\n");
1187         rc = 0;
1188         goto out_free_inbuf;
1189     } else if (rc != 0) {
1190         cifs_tcon_dbg(VFS, "validate protocol negotiate failed: %d\n",
1191                   rc);
1192         rc = -EIO;
1193         goto out_free_inbuf;
1194     }
1195
1196     rc = -EIO;
1197     if (rsplen != sizeof(*pneg_rsp)) {
1198         cifs_tcon_dbg(VFS, "Invalid protocol negotiate response size: %d\n",
1199                   rsplen);
1200
1201         /* relax check since Mac returns max bufsize allowed on ioctl */
1202         if (rsplen > CIFSMaxBufSize || rsplen < sizeof(*pneg_rsp))
1203             goto out_free_rsp;
1204     }
1205
1206     /* check validate negotiate info response matches what we got earlier */
1207     if (pneg_rsp->Dialect != cpu_to_le16(server->dialect))
1208         goto vneg_out;
1209
1210     if (pneg_rsp->SecurityMode != cpu_to_le16(server->sec_mode))
1211         goto vneg_out;
1212
1213     /* do not validate server guid because not saved at negprot time yet */
1214
1215     if ((le32_to_cpu(pneg_rsp->Capabilities) | SMB2_NT_FIND |
1216           SMB2_LARGE_FILES) != server->capabilities)
1217         goto vneg_out;
1218
1219     /* validate negotiate successful */
1220     rc = 0;
1221     cifs_dbg(FYI, "validate negotiate info successful\n");
1222     goto out_free_rsp;
1223
1224 vneg_out:
1225     cifs_tcon_dbg(VFS, "protocol revalidation - security settings mismatch\n");
1226 out_free_rsp:
1227     kfree(pneg_rsp);
1228 out_free_inbuf:
1229     kfree(pneg_inbuf);
1230     return rc;
1231 }
1232
1233 enum securityEnum
1234 smb2_select_sectype(struct TCP_Server_Info *server, enum securityEnum requested)
1235 {
1236     switch (requested) {
1237     case Kerberos:
1238     case RawNTLMSSP:
1239         return requested;
1240     case NTLMv2:
1241         return RawNTLMSSP;
1242     case Unspecified:
1243         if (server->sec_ntlmssp &&
1244             (global_secflags & CIFSSEC_MAY_NTLMSSP))
1245             return RawNTLMSSP;
1246         if ((server->sec_kerberos || server->sec_mskerberos) &&
1247             (global_secflags & CIFSSEC_MAY_KRB5))
1248             return Kerberos;
1249         fallthrough;
1250     default:
1251         return Unspecified;
1252     }
1253 }
1254
1255 struct SMB2_sess_data {
1256     unsigned int xid;
1257     struct cifs_ses *ses;
1258     struct TCP_Server_Info *server;
1259     struct nls_table *nls_cp;
1260     void (*func)(struct SMB2_sess_data *);
1261     int result;
1262     u64 previous_session;
1263
1264     /* we will send the SMB in three pieces:
1265      * a fixed length beginning part, an optional
1266      * SPNEGO blob (which can be zero length), and a
1267      * last part which will include the strings
1268      * and rest of bcc area. This allows us to avoid
1269      * a large buffer 17K allocation
1270      */
1271     int buf0_type;
1272     struct kvec iov[2];
1273 };
1274
1275 static int
1276 SMB2_sess_alloc_buffer(struct SMB2_sess_data *sess_data)
1277 {
1278     int rc;
1279     struct cifs_ses *ses = sess_data->ses;
1280     struct TCP_Server_Info *server = sess_data->server;
1281     struct smb2_sess_setup_req *req;
1282     unsigned int total_len;
1283     bool is_binding = false;
1284
1285     rc = smb2_plain_req_init(SMB2_SESSION_SETUP, NULL, server,
1286                  (void **) &req,
1287                  &total_len);
1288     if (rc)
1289         return rc;
1290
1291     spin_lock(&ses->chan_lock);
1292     is_binding = !CIFS_ALL_CHANS_NEED_RECONNECT(ses);
1293     spin_unlock(&ses->chan_lock);
1294
1295     if (is_binding) {
1296         req->hdr.SessionId = cpu_to_le64(ses->Suid);
1297         req->hdr.Flags |= SMB2_FLAGS_SIGNED;
1298         req->PreviousSessionId = 0;
1299         req->Flags = SMB2_SESSION_REQ_FLAG_BINDING;
1300         cifs_dbg(FYI, "Binding to sess id: %llx\n", ses->Suid);
1301     } else {
1302         /* First session, not a reauthenticate */
1303         req->hdr.SessionId = 0;
1304         /*
1305          * if reconnect, we need to send previous sess id
1306          * otherwise it is 0
1307          */
1308         req->PreviousSessionId = cpu_to_le64(sess_data->previous_session);
1309         req->Flags = 0; /* MBZ */
1310         cifs_dbg(FYI, "Fresh session. Previous: %llx\n",
1311              sess_data->previous_session);
1312     }
1313
1314     /* enough to enable echos and oplocks and one max size write */
1315     req->hdr.CreditRequest = cpu_to_le16(130);
1316
1317     /* only one of SMB2 signing flags may be set in SMB2 request */
1318     if (server->sign)
1319         req->SecurityMode = SMB2_NEGOTIATE_SIGNING_REQUIRED;
1320     else if (global_secflags & CIFSSEC_MAY_SIGN) /* one flag unlike MUST_ */
1321         req->SecurityMode = SMB2_NEGOTIATE_SIGNING_ENABLED;
1322     else
1323         req->SecurityMode = 0;
1324
1325 #ifdef CONFIG_CIFS_DFS_UPCALL
1326     req->Capabilities = cpu_to_le32(SMB2_GLOBAL_CAP_DFS);
1327 #else
1328     req->Capabilities = 0;
1329 #endif /* DFS_UPCALL */
1330
1331     req->Channel = 0; /* MBZ */
1332
1333     sess_data->iov[0].iov_base = (char *)req;
1334     /* 1 for pad */
1335     sess_data->iov[0].iov_len = total_len - 1;
1336     /*
1337      * This variable will be used to clear the buffer
1338      * allocated above in case of any error in the calling function.
1339      */
1340     sess_data->buf0_type = CIFS_SMALL_BUFFER;
1341
1342     return 0;
1343 }
1344
1345 static void
1346 SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
1347 {
1348     free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
1349     sess_data->buf0_type = CIFS_NO_BUFFER;
1350 }
1351
1352 static int
1353 SMB2_sess_sendreceive(struct SMB2_sess_data *sess_data)
1354 {
1355     int rc;
1356     struct smb_rqst rqst;
1357     struct smb2_sess_setup_req *req = sess_data->iov[0].iov_base;
1358     struct kvec rsp_iov = { NULL, 0 };
1359
1360     /* Testing shows that buffer offset must be at location of Buffer[0] */
1361     req->SecurityBufferOffset =
1362         cpu_to_le16(sizeof(struct smb2_sess_setup_req) - 1 /* pad */);
1363     req->SecurityBufferLength = cpu_to_le16(sess_data->iov[1].iov_len);
1364
1365     memset(&rqst, 0, sizeof(struct smb_rqst));
1366     rqst.rq_iov = sess_data->iov;
1367     rqst.rq_nvec = 2;
1368
1369     /* BB add code to build os and lm fields */
1370     rc = cifs_send_recv(sess_data->xid, sess_data->ses,
1371                 sess_data->server,
1372                 &rqst,
1373                 &sess_data->buf0_type,
1374                 CIFS_LOG_ERROR | CIFS_SESS_OP, &rsp_iov);
1375     cifs_small_buf_release(sess_data->iov[0].iov_base);
1376     memcpy(&sess_data->iov[0], &rsp_iov, sizeof(struct kvec));
1377
1378     return rc;
1379 }
1380
1381 static int
1382 SMB2_sess_establish_session(struct SMB2_sess_data *sess_data)
1383 {
1384     int rc = 0;
1385     struct cifs_ses *ses = sess_data->ses;
1386     struct TCP_Server_Info *server = sess_data->server;
1387
1388     cifs_server_lock(server);
1389     if (server->ops->generate_signingkey) {
1390         rc = server->ops->generate_signingkey(ses, server);
1391         if (rc) {
1392             cifs_dbg(FYI,
1393                 "SMB3 session key generation failed\n");
1394             cifs_server_unlock(server);
1395             return rc;
1396         }
1397     }
1398     if (!server->session_estab) {
1399         server->sequence_number = 0x2;
1400         server->session_estab = true;
1401     }
1402     cifs_server_unlock(server);
1403
1404     cifs_dbg(FYI, "SMB2/3 session established successfully\n");
1405     return rc;
1406 }
1407
1408 #ifdef CONFIG_CIFS_UPCALL
1409 static void
1410 SMB2_auth_kerberos(struct SMB2_sess_data *sess_data)
1411 {
1412     int rc;
1413     struct cifs_ses *ses = sess_data->ses;
1414     struct TCP_Server_Info *server = sess_data->server;
1415     struct cifs_spnego_msg *msg;
1416     struct key *spnego_key = NULL;
1417     struct smb2_sess_setup_rsp *rsp = NULL;
1418     bool is_binding = false;
1419
1420     rc = SMB2_sess_alloc_buffer(sess_data);
1421     if (rc)
1422         goto out;
1423
1424     spnego_key = cifs_get_spnego_key(ses, server);
1425     if (IS_ERR(spnego_key)) {
1426         rc = PTR_ERR(spnego_key);
1427         if (rc == -ENOKEY)
1428             cifs_dbg(VFS, "Verify user has a krb5 ticket and keyutils is installed\n");
1429         spnego_key = NULL;
1430         goto out;
1431     }
1432
1433     msg = spnego_key->payload.data[0];
1434     /*
1435      * check version field to make sure that cifs.upcall is
1436      * sending us a response in an expected form
1437      */
1438     if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) {
1439         cifs_dbg(VFS, "bad cifs.upcall version. Expected %d got %d\n",
1440              CIFS_SPNEGO_UPCALL_VERSION, msg->version);
1441         rc = -EKEYREJECTED;
1442         goto out_put_spnego_key;
1443     }
1444
1445     spin_lock(&ses->chan_lock);
1446     is_binding = !CIFS_ALL_CHANS_NEED_RECONNECT(ses);
1447     spin_unlock(&ses->chan_lock);
1448
1449     /* keep session key if binding */
1450     if (!is_binding) {
1451         ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len,
1452                          GFP_KERNEL);
1453         if (!ses->auth_key.response) {
1454             cifs_dbg(VFS, "Kerberos can't allocate (%u bytes) memory\n",
1455                  msg->sesskey_len);
1456             rc = -ENOMEM;
1457             goto out_put_spnego_key;
1458         }
1459         ses->auth_key.len = msg->sesskey_len;
1460     }
1461
1462     sess_data->iov[1].iov_base = msg->data + msg->sesskey_len;
1463     sess_data->iov[1].iov_len = msg->secblob_len;
1464
1465     rc = SMB2_sess_sendreceive(sess_data);
1466     if (rc)
1467         goto out_put_spnego_key;
1468
1469     rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base;
1470     /* keep session id and flags if binding */
1471     if (!is_binding) {
1472         ses->Suid = le64_to_cpu(rsp->hdr.SessionId);
1473         ses->session_flags = le16_to_cpu(rsp->SessionFlags);
1474     }
1475
1476     rc = SMB2_sess_establish_session(sess_data);
1477 out_put_spnego_key:
1478     key_invalidate(spnego_key);
1479     key_put(spnego_key);
1480 out:
1481     sess_data->result = rc;
1482     sess_data->func = NULL;
1483     SMB2_sess_free_buffer(sess_data);
1484 }
1485 #else
1486 static void
1487 SMB2_auth_kerberos(struct SMB2_sess_data *sess_data)
1488 {
1489     cifs_dbg(VFS, "Kerberos negotiated but upcall support disabled!\n");
1490     sess_data->result = -EOPNOTSUPP;
1491     sess_data->func = NULL;
1492 }
1493 #endif
1494
1495 static void
1496 SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data *sess_data);
1497
1498 static void
1499 SMB2_sess_auth_rawntlmssp_negotiate(struct SMB2_sess_data *sess_data)
1500 {
1501     int rc;
1502     struct cifs_ses *ses = sess_data->ses;
1503     struct TCP_Server_Info *server = sess_data->server;
1504     struct smb2_sess_setup_rsp *rsp = NULL;
1505     unsigned char *ntlmssp_blob = NULL;
1506     bool use_spnego = false; /* else use raw ntlmssp */
1507     u16 blob_length = 0;
1508     bool is_binding = false;
1509
1510     /*
1511      * If memory allocation is successful, caller of this function
1512      * frees it.
1513      */
1514     ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL);
1515     if (!ses->ntlmssp) {
1516         rc = -ENOMEM;
1517         goto out_err;
1518     }
1519     ses->ntlmssp->sesskey_per_smbsess = true;
1520
1521     rc = SMB2_sess_alloc_buffer(sess_data);
1522     if (rc)
1523         goto out_err;
1524
1525     rc = build_ntlmssp_smb3_negotiate_blob(&ntlmssp_blob,
1526                       &blob_length, ses, server,
1527                       sess_data->nls_cp);
1528     if (rc)
1529         goto out_err;
1530
1531     if (use_spnego) {
1532         /* BB eventually need to add this */
1533         cifs_dbg(VFS, "spnego not supported for SMB2 yet\n");
1534         rc = -EOPNOTSUPP;
1535         goto out;
1536     }
1537     sess_data->iov[1].iov_base = ntlmssp_blob;
1538     sess_data->iov[1].iov_len = blob_length;
1539
1540     rc = SMB2_sess_sendreceive(sess_data);
1541     rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base;
1542
1543     /* If true, rc here is expected and not an error */
1544     if (sess_data->buf0_type != CIFS_NO_BUFFER &&
1545         rsp->hdr.Status == STATUS_MORE_PROCESSING_REQUIRED)
1546         rc = 0;
1547
1548     if (rc)
1549         goto out;
1550
1551     if (offsetof(struct smb2_sess_setup_rsp, Buffer) !=
1552             le16_to_cpu(rsp->SecurityBufferOffset)) {
1553         cifs_dbg(VFS, "Invalid security buffer offset %d\n",
1554             le16_to_cpu(rsp->SecurityBufferOffset));
1555         rc = -EIO;
1556         goto out;
1557     }
1558     rc = decode_ntlmssp_challenge(rsp->Buffer,
1559             le16_to_cpu(rsp->SecurityBufferLength), ses);
1560     if (rc)
1561         goto out;
1562
1563     cifs_dbg(FYI, "rawntlmssp session setup challenge phase\n");
1564
1565     spin_lock(&ses->chan_lock);
1566     is_binding = !CIFS_ALL_CHANS_NEED_RECONNECT(ses);
1567     spin_unlock(&ses->chan_lock);
1568
1569     /* keep existing ses id and flags if binding */
1570     if (!is_binding) {
1571         ses->Suid = le64_to_cpu(rsp->hdr.SessionId);
1572         ses->session_flags = le16_to_cpu(rsp->SessionFlags);
1573     }
1574
1575 out:
1576     kfree(ntlmssp_blob);
1577     SMB2_sess_free_buffer(sess_data);
1578     if (!rc) {
1579         sess_data->result = 0;
1580         sess_data->func = SMB2_sess_auth_rawntlmssp_authenticate;
1581         return;
1582     }
1583 out_err:
1584     kfree(ses->ntlmssp);
1585     ses->ntlmssp = NULL;
1586     sess_data->result = rc;
1587     sess_data->func = NULL;
1588 }
1589
1590 static void
1591 SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data *sess_data)
1592 {
1593     int rc;
1594     struct cifs_ses *ses = sess_data->ses;
1595     struct TCP_Server_Info *server = sess_data->server;
1596     struct smb2_sess_setup_req *req;
1597     struct smb2_sess_setup_rsp *rsp = NULL;
1598     unsigned char *ntlmssp_blob = NULL;
1599     bool use_spnego = false; /* else use raw ntlmssp */
1600     u16 blob_length = 0;
1601     bool is_binding = false;
1602
1603     rc = SMB2_sess_alloc_buffer(sess_data);
1604     if (rc)
1605         goto out;
1606
1607     req = (struct smb2_sess_setup_req *) sess_data->iov[0].iov_base;
1608     req->hdr.SessionId = cpu_to_le64(ses->Suid);
1609
1610     rc = build_ntlmssp_auth_blob(&ntlmssp_blob, &blob_length,
1611                      ses, server,
1612                      sess_data->nls_cp);
1613     if (rc) {
1614         cifs_dbg(FYI, "build_ntlmssp_auth_blob failed %d\n", rc);
1615         goto out;
1616     }
1617
1618     if (use_spnego) {
1619         /* BB eventually need to add this */
1620         cifs_dbg(VFS, "spnego not supported for SMB2 yet\n");
1621         rc = -EOPNOTSUPP;
1622         goto out;
1623     }
1624     sess_data->iov[1].iov_base = ntlmssp_blob;
1625     sess_data->iov[1].iov_len = blob_length;
1626
1627     rc = SMB2_sess_sendreceive(sess_data);
1628     if (rc)
1629         goto out;
1630
1631     rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base;
1632
1633     spin_lock(&ses->chan_lock);
1634     is_binding = !CIFS_ALL_CHANS_NEED_RECONNECT(ses);
1635     spin_unlock(&ses->chan_lock);
1636
1637     /* keep existing ses id and flags if binding */
1638     if (!is_binding) {
1639         ses->Suid = le64_to_cpu(rsp->hdr.SessionId);
1640         ses->session_flags = le16_to_cpu(rsp->SessionFlags);
1641     }
1642
1643     rc = SMB2_sess_establish_session(sess_data);
1644 #ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS
1645     if (ses->server->dialect < SMB30_PROT_ID) {
1646         cifs_dbg(VFS, "%s: dumping generated SMB2 session keys\n", __func__);
1647         /*
1648          * The session id is opaque in terms of endianness, so we can't
1649          * print it as a long long. we dump it as we got it on the wire
1650          */
1651         cifs_dbg(VFS, "Session Id    %*ph\n", (int)sizeof(ses->Suid),
1652              &ses->Suid);
1653         cifs_dbg(VFS, "Session Key   %*ph\n",
1654              SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response);
1655         cifs_dbg(VFS, "Signing Key   %*ph\n",
1656              SMB3_SIGN_KEY_SIZE, ses->auth_key.response);
1657     }
1658 #endif
1659 out:
1660     kfree(ntlmssp_blob);
1661     SMB2_sess_free_buffer(sess_data);
1662     kfree(ses->ntlmssp);
1663     ses->ntlmssp = NULL;
1664     sess_data->result = rc;
1665     sess_data->func = NULL;
1666 }
1667
1668 static int
1669 SMB2_select_sec(struct SMB2_sess_data *sess_data)
1670 {
1671     int type;
1672     struct cifs_ses *ses = sess_data->ses;
1673     struct TCP_Server_Info *server = sess_data->server;
1674
1675     type = smb2_select_sectype(server, ses->sectype);
1676     cifs_dbg(FYI, "sess setup type %d\n", type);
1677     if (type == Unspecified) {
1678         cifs_dbg(VFS, "Unable to select appropriate authentication method!\n");
1679         return -EINVAL;
1680     }
1681
1682     switch (type) {
1683     case Kerberos:
1684         sess_data->func = SMB2_auth_kerberos;
1685         break;
1686     case RawNTLMSSP:
1687         sess_data->func = SMB2_sess_auth_rawntlmssp_negotiate;
1688         break;
1689     default:
1690         cifs_dbg(VFS, "secType %d not supported!\n", type);
1691         return -EOPNOTSUPP;
1692     }
1693
1694     return 0;
1695 }
1696
1697 int
1698 SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses,
1699         struct TCP_Server_Info *server,
1700         const struct nls_table *nls_cp)
1701 {
1702     int rc = 0;
1703     struct SMB2_sess_data *sess_data;
1704
1705     cifs_dbg(FYI, "Session Setup\n");
1706
1707     if (!server) {
1708         WARN(1, "%s: server is NULL!\n", __func__);
1709         return -EIO;
1710     }
1711
1712     sess_data = kzalloc(sizeof(struct SMB2_sess_data), GFP_KERNEL);
1713     if (!sess_data)
1714         return -ENOMEM;
1715
1716     sess_data->xid = xid;
1717     sess_data->ses = ses;
1718     sess_data->server = server;
1719     sess_data->buf0_type = CIFS_NO_BUFFER;
1720     sess_data->nls_cp = (struct nls_table *) nls_cp;
1721     sess_data->previous_session = ses->Suid;
1722
1723     rc = SMB2_select_sec(sess_data);
1724     if (rc)
1725         goto out;
1726
1727     /*
1728      * Initialize the session hash with the server one.
1729      */
1730     memcpy(ses->preauth_sha_hash, server->preauth_sha_hash,
1731            SMB2_PREAUTH_HASH_SIZE);
1732
1733     while (sess_data->func)
1734         sess_data->func(sess_data);
1735
1736     if ((ses->session_flags & SMB2_SESSION_FLAG_IS_GUEST) && (ses->sign))
1737         cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
1738     rc = sess_data->result;
1739 out:
1740     kfree(sess_data);
1741     return rc;
1742 }
1743
1744 int
1745 SMB2_logoff(const unsigned int xid, struct cifs_ses *ses)
1746 {
1747     struct smb_rqst rqst;
1748     struct smb2_logoff_req *req; /* response is also trivial struct */
1749     int rc = 0;
1750     struct TCP_Server_Info *server;
1751     int flags = 0;
1752     unsigned int total_len;
1753     struct kvec iov[1];
1754     struct kvec rsp_iov;
1755     int resp_buf_type;
1756
1757     cifs_dbg(FYI, "disconnect session %p\n", ses);
1758
1759     if (ses && (ses->server))
1760         server = ses->server;
1761     else
1762         return -EIO;
1763
1764     /* no need to send SMB logoff if uid already closed due to reconnect */
1765     spin_lock(&ses->chan_lock);
1766     if (CIFS_ALL_CHANS_NEED_RECONNECT(ses)) {
1767         spin_unlock(&ses->chan_lock);
1768         goto smb2_session_already_dead;
1769     }
1770     spin_unlock(&ses->chan_lock);
1771
1772     rc = smb2_plain_req_init(SMB2_LOGOFF, NULL, ses->server,
1773                  (void **) &req, &total_len);
1774     if (rc)
1775         return rc;
1776
1777      /* since no tcon, smb2_init can not do this, so do here */
1778     req->hdr.SessionId = cpu_to_le64(ses->Suid);
1779
1780     if (ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA)
1781         flags |= CIFS_TRANSFORM_REQ;
1782     else if (server->sign)
1783         req->hdr.Flags |= SMB2_FLAGS_SIGNED;
1784
1785     flags |= CIFS_NO_RSP_BUF;
1786
1787     iov[0].iov_base = (char *)req;
1788     iov[0].iov_len = total_len;
1789
1790     memset(&rqst, 0, sizeof(struct smb_rqst));
1791     rqst.rq_iov = iov;
1792     rqst.rq_nvec = 1;
1793
1794     rc = cifs_send_recv(xid, ses, ses->server,
1795                 &rqst, &resp_buf_type, flags, &rsp_iov);
1796     cifs_small_buf_release(req);
1797     /*
1798      * No tcon so can't do
1799      * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
1800      */
1801
1802 smb2_session_already_dead:
1803     return rc;
1804 }
1805
1806 static inline void cifs_stats_fail_inc(struct cifs_tcon *tcon, uint16_t code)
1807 {
1808     cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_failed[code]);
1809 }
1810
1811 #define MAX_SHARENAME_LENGTH (255 /* server */ + 80 /* share */ + 1 /* NULL */)
1812
1813 /* These are similar values to what Windows uses */
1814 static inline void init_copy_chunk_defaults(struct cifs_tcon *tcon)
1815 {
1816     tcon->max_chunks = 256;
1817     tcon->max_bytes_chunk = 1048576;
1818     tcon->max_bytes_copy = 16777216;
1819 }
1820
1821 int
1822 SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree,
1823       struct cifs_tcon *tcon, const struct nls_table *cp)
1824 {
1825     struct smb_rqst rqst;
1826     struct smb2_tree_connect_req *req;
1827     struct smb2_tree_connect_rsp *rsp = NULL;
1828     struct kvec iov[2];
1829     struct kvec rsp_iov = { NULL, 0 };
1830     int rc = 0;
1831     int resp_buftype;
1832     int unc_path_len;
1833     __le16 *unc_path = NULL;
1834     int flags = 0;
1835     unsigned int total_len;
1836     struct TCP_Server_Info *server;
1837
1838     /* always use master channel */
1839     server = ses->server;
1840
1841     cifs_dbg(FYI, "TCON\n");
1842
1843     if (!server || !tree)
1844         return -EIO;
1845
1846     unc_path = kmalloc(MAX_SHARENAME_LENGTH * 2, GFP_KERNEL);
1847     if (unc_path == NULL)
1848         return -ENOMEM;
1849
1850     unc_path_len = cifs_strtoUTF16(unc_path, tree, strlen(tree), cp) + 1;
1851     unc_path_len *= 2;
1852     if (unc_path_len < 2) {
1853         kfree(unc_path);
1854         return -EINVAL;
1855     }
1856
1857     /* SMB2 TREE_CONNECT request must be called with TreeId == 0 */
1858     tcon->tid = 0;
1859     atomic_set(&tcon->num_remote_opens, 0);
1860     rc = smb2_plain_req_init(SMB2_TREE_CONNECT, tcon, server,
1861                  (void **) &req, &total_len);
1862     if (rc) {
1863         kfree(unc_path);
1864         return rc;
1865     }
1866
1867     if (smb3_encryption_required(tcon))
1868         flags |= CIFS_TRANSFORM_REQ;
1869
1870     iov[0].iov_base = (char *)req;
1871     /* 1 for pad */
1872     iov[0].iov_len = total_len - 1;
1873
1874     /* Testing shows that buffer offset must be at location of Buffer[0] */
1875     req->PathOffset = cpu_to_le16(sizeof(struct smb2_tree_connect_req)
1876             - 1 /* pad */);
1877     req->PathLength = cpu_to_le16(unc_path_len - 2);
1878     iov[1].iov_base = unc_path;
1879     iov[1].iov_len = unc_path_len;
1880
1881     /*
1882      * 3.11 tcon req must be signed if not encrypted. See MS-SMB2 3.2.4.1.1
1883      * unless it is guest or anonymous user. See MS-SMB2 3.2.5.3.1
1884      * (Samba servers don't always set the flag so also check if null user)
1885      */
1886     if ((server->dialect == SMB311_PROT_ID) &&
1887         !smb3_encryption_required(tcon) &&
1888         !(ses->session_flags &
1889             (SMB2_SESSION_FLAG_IS_GUEST|SMB2_SESSION_FLAG_IS_NULL)) &&
1890         ((ses->user_name != NULL) || (ses->sectype == Kerberos)))
1891         req->hdr.Flags |= SMB2_FLAGS_SIGNED;
1892
1893     memset(&rqst, 0, sizeof(struct smb_rqst));
1894     rqst.rq_iov = iov;
1895     rqst.rq_nvec = 2;
1896
1897     /* Need 64 for max size write so ask for more in case not there yet */
1898     req->hdr.CreditRequest = cpu_to_le16(64);
1899
1900     rc = cifs_send_recv(xid, ses, server,
1901                 &rqst, &resp_buftype, flags, &rsp_iov);
1902     cifs_small_buf_release(req);
1903     rsp = (struct smb2_tree_connect_rsp *)rsp_iov.iov_base;
1904     trace_smb3_tcon(xid, tcon->tid, ses->Suid, tree, rc);
1905     if ((rc != 0) || (rsp == NULL)) {
1906         cifs_stats_fail_inc(tcon, SMB2_TREE_CONNECT_HE);
1907         tcon->need_reconnect = true;
1908         goto tcon_error_exit;
1909     }
1910
1911     switch (rsp->ShareType) {
1912     case SMB2_SHARE_TYPE_DISK:
1913         cifs_dbg(FYI, "connection to disk share\n");
1914         break;
1915     case SMB2_SHARE_TYPE_PIPE:
1916         tcon->pipe = true;
1917         cifs_dbg(FYI, "connection to pipe share\n");
1918         break;
1919     case SMB2_SHARE_TYPE_PRINT:
1920         tcon->print = true;
1921         cifs_dbg(FYI, "connection to printer\n");
1922         break;
1923     default:
1924         cifs_server_dbg(VFS, "unknown share type %d\n", rsp->ShareType);
1925         rc = -EOPNOTSUPP;
1926         goto tcon_error_exit;
1927     }
1928
1929     tcon->share_flags = le32_to_cpu(rsp->ShareFlags);
1930     tcon->capabilities = rsp->Capabilities; /* we keep caps little endian */
1931     tcon->maximal_access = le32_to_cpu(rsp->MaximalAccess);
1932     tcon->tid = le32_to_cpu(rsp->hdr.Id.SyncId.TreeId);
1933     strscpy(tcon->treeName, tree, sizeof(tcon->treeName));
1934
1935     if ((rsp->Capabilities & SMB2_SHARE_CAP_DFS) &&
1936         ((tcon->share_flags & SHI1005_FLAGS_DFS) == 0))
1937         cifs_tcon_dbg(VFS, "DFS capability contradicts DFS flag\n");
1938
1939     if (tcon->seal &&
1940         !(server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION))
1941         cifs_tcon_dbg(VFS, "Encryption is requested but not supported\n");
1942
1943     init_copy_chunk_defaults(tcon);
1944     if (server->ops->validate_negotiate)
1945         rc = server->ops->validate_negotiate(xid, tcon);
1946 tcon_exit:
1947
1948     free_rsp_buf(resp_buftype, rsp);
1949     kfree(unc_path);
1950     return rc;
1951
1952 tcon_error_exit:
1953     if (rsp && rsp->hdr.Status == STATUS_BAD_NETWORK_NAME)
1954         cifs_tcon_dbg(VFS, "BAD_NETWORK_NAME: %s\n", tree);
1955     goto tcon_exit;
1956 }
1957
1958 int
1959 SMB2_tdis(const unsigned int xid, struct cifs_tcon *tcon)
1960 {
1961     struct smb_rqst rqst;
1962     struct smb2_tree_disconnect_req *req; /* response is trivial */
1963     int rc = 0;
1964     struct cifs_ses *ses = tcon->ses;
1965     int flags = 0;
1966     unsigned int total_len;
1967     struct kvec iov[1];
1968     struct kvec rsp_iov;
1969     int resp_buf_type;
1970
1971     cifs_dbg(FYI, "Tree Disconnect\n");
1972
1973     if (!ses || !(ses->server))
1974         return -EIO;
1975
1976     spin_lock(&ses->chan_lock);
1977     if ((tcon->need_reconnect) ||
1978         (CIFS_ALL_CHANS_NEED_RECONNECT(tcon->ses))) {
1979         spin_unlock(&ses->chan_lock);
1980         return 0;
1981     }
1982     spin_unlock(&ses->chan_lock);
1983
1984     invalidate_all_cached_dirs(tcon);
1985
1986     rc = smb2_plain_req_init(SMB2_TREE_DISCONNECT, tcon, ses->server,
1987                  (void **) &req,
1988                  &total_len);
1989     if (rc)
1990         return rc;
1991
1992     if (smb3_encryption_required(tcon))
1993         flags |= CIFS_TRANSFORM_REQ;
1994
1995     flags |= CIFS_NO_RSP_BUF;
1996
1997     iov[0].iov_base = (char *)req;
1998     iov[0].iov_len = total_len;
1999
2000     memset(&rqst, 0, sizeof(struct smb_rqst));
2001     rqst.rq_iov = iov;
2002     rqst.rq_nvec = 1;
2003
2004     rc = cifs_send_recv(xid, ses, ses->server,
2005                 &rqst, &resp_buf_type, flags, &rsp_iov);
2006     cifs_small_buf_release(req);
2007     if (rc)
2008         cifs_stats_fail_inc(tcon, SMB2_TREE_DISCONNECT_HE);
2009
2010     return rc;
2011 }
2012
2013
2014 static struct create_durable *
2015 create_durable_buf(void)
2016 {
2017     struct create_durable *buf;
2018
2019     buf = kzalloc(sizeof(struct create_durable), GFP_KERNEL);
2020     if (!buf)
2021         return NULL;
2022
2023     buf->ccontext.DataOffset = cpu_to_le16(offsetof
2024                     (struct create_durable, Data));
2025     buf->ccontext.DataLength = cpu_to_le32(16);
2026     buf->ccontext.NameOffset = cpu_to_le16(offsetof
2027                 (struct create_durable, Name));
2028     buf->ccontext.NameLength = cpu_to_le16(4);
2029     /* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DHnQ" */
2030     buf->Name[0] = 'D';
2031     buf->Name[1] = 'H';
2032     buf->Name[2] = 'n';
2033     buf->Name[3] = 'Q';
2034     return buf;
2035 }
2036
2037 static struct create_durable *
2038 create_reconnect_durable_buf(struct cifs_fid *fid)
2039 {
2040     struct create_durable *buf;
2041
2042     buf = kzalloc(sizeof(struct create_durable), GFP_KERNEL);
2043     if (!buf)
2044         return NULL;
2045
2046     buf->ccontext.DataOffset = cpu_to_le16(offsetof
2047                     (struct create_durable, Data));
2048     buf->ccontext.DataLength = cpu_to_le32(16);
2049     buf->ccontext.NameOffset = cpu_to_le16(offsetof
2050                 (struct create_durable, Name));
2051     buf->ccontext.NameLength = cpu_to_le16(4);
2052     buf->Data.Fid.PersistentFileId = fid->persistent_fid;
2053     buf->Data.Fid.VolatileFileId = fid->volatile_fid;
2054     /* SMB2_CREATE_DURABLE_HANDLE_RECONNECT is "DHnC" */
2055     buf->Name[0] = 'D';
2056     buf->Name[1] = 'H';
2057     buf->Name[2] = 'n';
2058     buf->Name[3] = 'C';
2059     return buf;
2060 }
2061
2062 static void
2063 parse_query_id_ctxt(struct create_context *cc, struct smb2_file_all_info *buf)
2064 {
2065     struct create_on_disk_id *pdisk_id = (struct create_on_disk_id *)cc;
2066
2067     cifs_dbg(FYI, "parse query id context 0x%llx 0x%llx\n",
2068         pdisk_id->DiskFileId, pdisk_id->VolumeId);
2069     buf->IndexNumber = pdisk_id->DiskFileId;
2070 }
2071
2072 static void
2073 parse_posix_ctxt(struct create_context *cc, struct smb2_file_all_info *info,
2074          struct create_posix_rsp *posix)
2075 {
2076     int sid_len;
2077     u8 *beg = (u8 *)cc + le16_to_cpu(cc->DataOffset);
2078     u8 *end = beg + le32_to_cpu(cc->DataLength);
2079     u8 *sid;
2080
2081     memset(posix, 0, sizeof(*posix));
2082
2083     posix->nlink = le32_to_cpu(*(__le32 *)(beg + 0));
2084     posix->reparse_tag = le32_to_cpu(*(__le32 *)(beg + 4));
2085     posix->mode = le32_to_cpu(*(__le32 *)(beg + 8));
2086
2087     sid = beg + 12;
2088     sid_len = posix_info_sid_size(sid, end);
2089     if (sid_len < 0) {
2090         cifs_dbg(VFS, "bad owner sid in posix create response\n");
2091         return;
2092     }
2093     memcpy(&posix->owner, sid, sid_len);
2094
2095     sid = sid + sid_len;
2096     sid_len = posix_info_sid_size(sid, end);
2097     if (sid_len < 0) {
2098         cifs_dbg(VFS, "bad group sid in posix create response\n");
2099         return;
2100     }
2101     memcpy(&posix->group, sid, sid_len);
2102
2103     cifs_dbg(FYI, "nlink=%d mode=%o reparse_tag=%x\n",
2104          posix->nlink, posix->mode, posix->reparse_tag);
2105 }
2106
2107 void
2108 smb2_parse_contexts(struct TCP_Server_Info *server,
2109             struct smb2_create_rsp *rsp,
2110             unsigned int *epoch, char *lease_key, __u8 *oplock,
2111             struct smb2_file_all_info *buf,
2112             struct create_posix_rsp *posix)
2113 {
2114     char *data_offset;
2115     struct create_context *cc;
2116     unsigned int next;
2117     unsigned int remaining;
2118     char *name;
2119     static const char smb3_create_tag_posix[] = {
2120         0x93, 0xAD, 0x25, 0x50, 0x9C,
2121         0xB4, 0x11, 0xE7, 0xB4, 0x23, 0x83,
2122         0xDE, 0x96, 0x8B, 0xCD, 0x7C
2123     };
2124
2125     *oplock = 0;
2126     data_offset = (char *)rsp + le32_to_cpu(rsp->CreateContextsOffset);
2127     remaining = le32_to_cpu(rsp->CreateContextsLength);
2128     cc = (struct create_context *)data_offset;
2129
2130     /* Initialize inode number to 0 in case no valid data in qfid context */
2131     if (buf)
2132         buf->IndexNumber = 0;
2133
2134     while (remaining >= sizeof(struct create_context)) {
2135         name = le16_to_cpu(cc->NameOffset) + (char *)cc;
2136         if (le16_to_cpu(cc->NameLength) == 4 &&
2137             strncmp(name, SMB2_CREATE_REQUEST_LEASE, 4) == 0)
2138             *oplock = server->ops->parse_lease_buf(cc, epoch,
2139                                lease_key);
2140         else if (buf && (le16_to_cpu(cc->NameLength) == 4) &&
2141             strncmp(name, SMB2_CREATE_QUERY_ON_DISK_ID, 4) == 0)
2142             parse_query_id_ctxt(cc, buf);
2143         else if ((le16_to_cpu(cc->NameLength) == 16)) {
2144             if (posix &&
2145                 memcmp(name, smb3_create_tag_posix, 16) == 0)
2146                 parse_posix_ctxt(cc, buf, posix);
2147         }
2148         /* else {
2149             cifs_dbg(FYI, "Context not matched with len %d\n",
2150                 le16_to_cpu(cc->NameLength));
2151             cifs_dump_mem("Cctxt name: ", name, 4);
2152         } */
2153
2154         next = le32_to_cpu(cc->Next);
2155         if (!next)
2156             break;
2157         remaining -= next;
2158         cc = (struct create_context *)((char *)cc + next);
2159     }
2160
2161     if (rsp->OplockLevel != SMB2_OPLOCK_LEVEL_LEASE)
2162         *oplock = rsp->OplockLevel;
2163
2164     return;
2165 }
2166
2167 static int
2168 add_lease_context(struct TCP_Server_Info *server, struct kvec *iov,
2169           unsigned int *num_iovec, u8 *lease_key, __u8 *oplock)
2170 {
2171     struct smb2_create_req *req = iov[0].iov_base;
2172     unsigned int num = *num_iovec;
2173
2174     iov[num].iov_base = server->ops->create_lease_buf(lease_key, *oplock);
2175     if (iov[num].iov_base == NULL)
2176         return -ENOMEM;
2177     iov[num].iov_len = server->vals->create_lease_size;
2178     req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_LEASE;
2179     if (!req->CreateContextsOffset)
2180         req->CreateContextsOffset = cpu_to_le32(
2181                 sizeof(struct smb2_create_req) +
2182                 iov[num - 1].iov_len);
2183     le32_add_cpu(&req->CreateContextsLength,
2184              server->vals->create_lease_size);
2185     *num_iovec = num + 1;
2186     return 0;
2187 }
2188
2189 static struct create_durable_v2 *
2190 create_durable_v2_buf(struct cifs_open_parms *oparms)
2191 {
2192     struct cifs_fid *pfid = oparms->fid;
2193     struct create_durable_v2 *buf;
2194
2195     buf = kzalloc(sizeof(struct create_durable_v2), GFP_KERNEL);
2196     if (!buf)
2197         return NULL;
2198
2199     buf->ccontext.DataOffset = cpu_to_le16(offsetof
2200                     (struct create_durable_v2, dcontext));
2201     buf->ccontext.DataLength = cpu_to_le32(sizeof(struct durable_context_v2));
2202     buf->ccontext.NameOffset = cpu_to_le16(offsetof
2203                 (struct create_durable_v2, Name));
2204     buf->ccontext.NameLength = cpu_to_le16(4);
2205
2206     /*
2207      * NB: Handle timeout defaults to 0, which allows server to choose
2208      * (most servers default to 120 seconds) and most clients default to 0.
2209      * This can be overridden at mount ("handletimeout=") if the user wants
2210      * a different persistent (or resilient) handle timeout for all opens
2211      * opens on a particular SMB3 mount.
2212      */
2213     buf->dcontext.Timeout = cpu_to_le32(oparms->tcon->handle_timeout);
2214     buf->dcontext.Flags = cpu_to_le32(SMB2_DHANDLE_FLAG_PERSISTENT);
2215     generate_random_uuid(buf->dcontext.CreateGuid);
2216     memcpy(pfid->create_guid, buf->dcontext.CreateGuid, 16);
2217
2218     /* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DH2Q" */
2219     buf->Name[0] = 'D';
2220     buf->Name[1] = 'H';
2221     buf->Name[2] = '2';
2222     buf->Name[3] = 'Q';
2223     return buf;
2224 }
2225
2226 static struct create_durable_handle_reconnect_v2 *
2227 create_reconnect_durable_v2_buf(struct cifs_fid *fid)
2228 {
2229     struct create_durable_handle_reconnect_v2 *buf;
2230
2231     buf = kzalloc(sizeof(struct create_durable_handle_reconnect_v2),
2232             GFP_KERNEL);
2233     if (!buf)
2234         return NULL;
2235
2236     buf->ccontext.DataOffset =
2237         cpu_to_le16(offsetof(struct create_durable_handle_reconnect_v2,
2238                      dcontext));
2239     buf->ccontext.DataLength =
2240         cpu_to_le32(sizeof(struct durable_reconnect_context_v2));
2241     buf->ccontext.NameOffset =
2242         cpu_to_le16(offsetof(struct create_durable_handle_reconnect_v2,
2243                 Name));
2244     buf->ccontext.NameLength = cpu_to_le16(4);
2245
2246     buf->dcontext.Fid.PersistentFileId = fid->persistent_fid;
2247     buf->dcontext.Fid.VolatileFileId = fid->volatile_fid;
2248     buf->dcontext.Flags = cpu_to_le32(SMB2_DHANDLE_FLAG_PERSISTENT);
2249     memcpy(buf->dcontext.CreateGuid, fid->create_guid, 16);
2250
2251     /* SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 is "DH2C" */
2252     buf->Name[0] = 'D';
2253     buf->Name[1] = 'H';
2254     buf->Name[2] = '2';
2255     buf->Name[3] = 'C';
2256     return buf;
2257 }
2258
2259 static int
2260 add_durable_v2_context(struct kvec *iov, unsigned int *num_iovec,
2261             struct cifs_open_parms *oparms)
2262 {
2263     struct smb2_create_req *req = iov[0].iov_base;
2264     unsigned int num = *num_iovec;
2265
2266     iov[num].iov_base = create_durable_v2_buf(oparms);
2267     if (iov[num].iov_base == NULL)
2268         return -ENOMEM;
2269     iov[num].iov_len = sizeof(struct create_durable_v2);
2270     if (!req->CreateContextsOffset)
2271         req->CreateContextsOffset =
2272             cpu_to_le32(sizeof(struct smb2_create_req) +
2273                                 iov[1].iov_len);
2274     le32_add_cpu(&req->CreateContextsLength, sizeof(struct create_durable_v2));
2275     *num_iovec = num + 1;
2276     return 0;
2277 }
2278
2279 static int
2280 add_durable_reconnect_v2_context(struct kvec *iov, unsigned int *num_iovec,
2281             struct cifs_open_parms *oparms)
2282 {
2283     struct smb2_create_req *req = iov[0].iov_base;
2284     unsigned int num = *num_iovec;
2285
2286     /* indicate that we don't need to relock the file */
2287     oparms->reconnect = false;
2288
2289     iov[num].iov_base = create_reconnect_durable_v2_buf(oparms->fid);
2290     if (iov[num].iov_base == NULL)
2291         return -ENOMEM;
2292     iov[num].iov_len = sizeof(struct create_durable_handle_reconnect_v2);
2293     if (!req->CreateContextsOffset)
2294         req->CreateContextsOffset =
2295             cpu_to_le32(sizeof(struct smb2_create_req) +
2296                                 iov[1].iov_len);
2297     le32_add_cpu(&req->CreateContextsLength,
2298             sizeof(struct create_durable_handle_reconnect_v2));
2299     *num_iovec = num + 1;
2300     return 0;
2301 }
2302
2303 static int
2304 add_durable_context(struct kvec *iov, unsigned int *num_iovec,
2305             struct cifs_open_parms *oparms, bool use_persistent)
2306 {
2307     struct smb2_create_req *req = iov[0].iov_base;
2308     unsigned int num = *num_iovec;
2309
2310     if (use_persistent) {
2311         if (oparms->reconnect)
2312             return add_durable_reconnect_v2_context(iov, num_iovec,
2313                                 oparms);
2314         else
2315             return add_durable_v2_context(iov, num_iovec, oparms);
2316     }
2317
2318     if (oparms->reconnect) {
2319         iov[num].iov_base = create_reconnect_durable_buf(oparms->fid);
2320         /* indicate that we don't need to relock the file */
2321         oparms->reconnect = false;
2322     } else
2323         iov[num].iov_base = create_durable_buf();
2324     if (iov[num].iov_base == NULL)
2325         return -ENOMEM;
2326     iov[num].iov_len = sizeof(struct create_durable);
2327     if (!req->CreateContextsOffset)
2328         req->CreateContextsOffset =
2329             cpu_to_le32(sizeof(struct smb2_create_req) +
2330                                 iov[1].iov_len);
2331     le32_add_cpu(&req->CreateContextsLength, sizeof(struct create_durable));
2332     *num_iovec = num + 1;
2333     return 0;
2334 }
2335
2336 /* See MS-SMB2 2.2.13.2.7 */
2337 static struct crt_twarp_ctxt *
2338 create_twarp_buf(__u64 timewarp)
2339 {
2340     struct crt_twarp_ctxt *buf;
2341
2342     buf = kzalloc(sizeof(struct crt_twarp_ctxt), GFP_KERNEL);
2343     if (!buf)
2344         return NULL;
2345
2346     buf->ccontext.DataOffset = cpu_to_le16(offsetof
2347                     (struct crt_twarp_ctxt, Timestamp));
2348     buf->ccontext.DataLength = cpu_to_le32(8);
2349     buf->ccontext.NameOffset = cpu_to_le16(offsetof
2350                 (struct crt_twarp_ctxt, Name));
2351     buf->ccontext.NameLength = cpu_to_le16(4);
2352     /* SMB2_CREATE_TIMEWARP_TOKEN is "TWrp" */
2353     buf->Name[0] = 'T';
2354     buf->Name[1] = 'W';
2355     buf->Name[2] = 'r';
2356     buf->Name[3] = 'p';
2357     buf->Timestamp = cpu_to_le64(timewarp);
2358     return buf;
2359 }
2360
2361 /* See MS-SMB2 2.2.13.2.7 */
2362 static int
2363 add_twarp_context(struct kvec *iov, unsigned int *num_iovec, __u64 timewarp)
2364 {
2365     struct smb2_create_req *req = iov[0].iov_base;
2366     unsigned int num = *num_iovec;
2367
2368     iov[num].iov_base = create_twarp_buf(timewarp);
2369     if (iov[num].iov_base == NULL)
2370         return -ENOMEM;
2371     iov[num].iov_len = sizeof(struct crt_twarp_ctxt);
2372     if (!req->CreateContextsOffset)
2373         req->CreateContextsOffset = cpu_to_le32(
2374                 sizeof(struct smb2_create_req) +
2375                 iov[num - 1].iov_len);
2376     le32_add_cpu(&req->CreateContextsLength, sizeof(struct crt_twarp_ctxt));
2377     *num_iovec = num + 1;
2378     return 0;
2379 }
2380
2381 /* See See http://technet.microsoft.com/en-us/library/hh509017(v=ws.10).aspx */
2382 static void setup_owner_group_sids(char *buf)
2383 {
2384     struct owner_group_sids *sids = (struct owner_group_sids *)buf;
2385
2386     /* Populate the user ownership fields S-1-5-88-1 */
2387     sids->owner.Revision = 1;
2388     sids->owner.NumAuth = 3;
2389     sids->owner.Authority[5] = 5;
2390     sids->owner.SubAuthorities[0] = cpu_to_le32(88);
2391     sids->owner.SubAuthorities[1] = cpu_to_le32(1);
2392     sids->owner.SubAuthorities[2] = cpu_to_le32(current_fsuid().val);
2393
2394     /* Populate the group ownership fields S-1-5-88-2 */
2395     sids->group.Revision = 1;
2396     sids->group.NumAuth = 3;
2397     sids->group.Authority[5] = 5;
2398     sids->group.SubAuthorities[0] = cpu_to_le32(88);
2399     sids->group.SubAuthorities[1] = cpu_to_le32(2);
2400     sids->group.SubAuthorities[2] = cpu_to_le32(current_fsgid().val);
2401
2402     cifs_dbg(FYI, "owner S-1-5-88-1-%d, group S-1-5-88-2-%d\n", current_fsuid().val, current_fsgid().val);
2403 }
2404
2405 /* See MS-SMB2 2.2.13.2.2 and MS-DTYP 2.4.6 */
2406 static struct crt_sd_ctxt *
2407 create_sd_buf(umode_t mode, bool set_owner, unsigned int *len)
2408 {
2409     struct crt_sd_ctxt *buf;
2410     __u8 *ptr, *aclptr;
2411     unsigned int acelen, acl_size, ace_count;
2412     unsigned int owner_offset = 0;
2413     unsigned int group_offset = 0;
2414     struct smb3_acl acl;
2415
2416     *len = roundup(sizeof(struct crt_sd_ctxt) + (sizeof(struct cifs_ace) * 4), 8);
2417
2418     if (set_owner) {
2419         /* sizeof(struct owner_group_sids) is already multiple of 8 so no need to round */
2420         *len += sizeof(struct owner_group_sids);
2421     }
2422
2423     buf = kzalloc(*len, GFP_KERNEL);
2424     if (buf == NULL)
2425         return buf;
2426
2427     ptr = (__u8 *)&buf[1];
2428     if (set_owner) {
2429         /* offset fields are from beginning of security descriptor not of create context */
2430         owner_offset = ptr - (__u8 *)&buf->sd;
2431         buf->sd.OffsetOwner = cpu_to_le32(owner_offset);
2432         group_offset = owner_offset + offsetof(struct owner_group_sids, group);
2433         buf->sd.OffsetGroup = cpu_to_le32(group_offset);
2434
2435         setup_owner_group_sids(ptr);
2436         ptr += sizeof(struct owner_group_sids);
2437     } else {
2438         buf->sd.OffsetOwner = 0;
2439         buf->sd.OffsetGroup = 0;
2440     }
2441
2442     buf->ccontext.DataOffset = cpu_to_le16(offsetof(struct crt_sd_ctxt, sd));
2443     buf->ccontext.NameOffset = cpu_to_le16(offsetof(struct crt_sd_ctxt, Name));
2444     buf->ccontext.NameLength = cpu_to_le16(4);
2445     /* SMB2_CREATE_SD_BUFFER_TOKEN is "SecD" */
2446     buf->Name[0] = 'S';
2447     buf->Name[1] = 'e';
2448     buf->Name[2] = 'c';
2449     buf->Name[3] = 'D';
2450     buf->sd.Revision = 1;  /* Must be one see MS-DTYP 2.4.6 */
2451
2452     /*
2453      * ACL is "self relative" ie ACL is stored in contiguous block of memory
2454      * and "DP" ie the DACL is present
2455      */
2456     buf->sd.Control = cpu_to_le16(ACL_CONTROL_SR | ACL_CONTROL_DP);
2457
2458     /* offset owner, group and Sbz1 and SACL are all zero */
2459     buf->sd.OffsetDacl = cpu_to_le32(ptr - (__u8 *)&buf->sd);
2460     /* Ship the ACL for now. we will copy it into buf later. */
2461     aclptr = ptr;
2462     ptr += sizeof(struct smb3_acl);
2463
2464     /* create one ACE to hold the mode embedded in reserved special SID */
2465     acelen = setup_special_mode_ACE((struct cifs_ace *)ptr, (__u64)mode);
2466     ptr += acelen;
2467     acl_size = acelen + sizeof(struct smb3_acl);
2468     ace_count = 1;
2469
2470     if (set_owner) {
2471         /* we do not need to reallocate buffer to add the two more ACEs. plenty of space */
2472         acelen = setup_special_user_owner_ACE((struct cifs_ace *)ptr);
2473         ptr += acelen;
2474         acl_size += acelen;
2475         ace_count += 1;
2476     }
2477
2478     /* and one more ACE to allow access for authenticated users */
2479     acelen = setup_authusers_ACE((struct cifs_ace *)ptr);
2480     ptr += acelen;
2481     acl_size += acelen;
2482     ace_count += 1;
2483
2484     acl.AclRevision = ACL_REVISION; /* See 2.4.4.1 of MS-DTYP */
2485     acl.AclSize = cpu_to_le16(acl_size);
2486     acl.AceCount = cpu_to_le16(ace_count);
2487     memcpy(aclptr, &acl, sizeof(struct smb3_acl));
2488
2489     buf->ccontext.DataLength = cpu_to_le32(ptr - (__u8 *)&buf->sd);
2490     *len = roundup(ptr - (__u8 *)buf, 8);
2491
2492     return buf;
2493 }
2494
2495 static int
2496 add_sd_context(struct kvec *iov, unsigned int *num_iovec, umode_t mode, bool set_owner)
2497 {
2498     struct smb2_create_req *req = iov[0].iov_base;
2499     unsigned int num = *num_iovec;
2500     unsigned int len = 0;
2501
2502     iov[num].iov_base = create_sd_buf(mode, set_owner, &len);
2503     if (iov[num].iov_base == NULL)
2504         return -ENOMEM;
2505     iov[num].iov_len = len;
2506     if (!req->CreateContextsOffset)
2507         req->CreateContextsOffset = cpu_to_le32(
2508                 sizeof(struct smb2_create_req) +
2509                 iov[num - 1].iov_len);
2510     le32_add_cpu(&req->CreateContextsLength, len);
2511     *num_iovec = num + 1;
2512     return 0;
2513 }
2514
2515 static struct crt_query_id_ctxt *
2516 create_query_id_buf(void)
2517 {
2518     struct crt_query_id_ctxt *buf;
2519
2520     buf = kzalloc(sizeof(struct crt_query_id_ctxt), GFP_KERNEL);
2521     if (!buf)
2522         return NULL;
2523
2524     buf->ccontext.DataOffset = cpu_to_le16(0);
2525     buf->ccontext.DataLength = cpu_to_le32(0);
2526     buf->ccontext.NameOffset = cpu_to_le16(offsetof
2527                 (struct crt_query_id_ctxt, Name));
2528     buf->ccontext.NameLength = cpu_to_le16(4);
2529     /* SMB2_CREATE_QUERY_ON_DISK_ID is "QFid" */
2530     buf->Name[0] = 'Q';
2531     buf->Name[1] = 'F';
2532     buf->Name[2] = 'i';
2533     buf->Name[3] = 'd';
2534     return buf;
2535 }
2536
2537 /* See MS-SMB2 2.2.13.2.9 */
2538 static int
2539 add_query_id_context(struct kvec *iov, unsigned int *num_iovec)
2540 {
2541     struct smb2_create_req *req = iov[0].iov_base;
2542     unsigned int num = *num_iovec;
2543
2544     iov[num].iov_base = create_query_id_buf();
2545     if (iov[num].iov_base == NULL)
2546         return -ENOMEM;
2547     iov[num].iov_len = sizeof(struct crt_query_id_ctxt);
2548     if (!req->CreateContextsOffset)
2549         req->CreateContextsOffset = cpu_to_le32(
2550                 sizeof(struct smb2_create_req) +
2551                 iov[num - 1].iov_len);
2552     le32_add_cpu(&req->CreateContextsLength, sizeof(struct crt_query_id_ctxt));
2553     *num_iovec = num + 1;
2554     return 0;
2555 }
2556
2557 static int
2558 alloc_path_with_tree_prefix(__le16 **out_path, int *out_size, int *out_len,
2559                 const char *treename, const __le16 *path)
2560 {
2561     int treename_len, path_len;
2562     struct nls_table *cp;
2563     const __le16 sep[] = {cpu_to_le16('\\'), cpu_to_le16(0x0000)};
2564
2565     /*
2566      * skip leading "\\"
2567      */
2568     treename_len = strlen(treename);
2569     if (treename_len < 2 || !(treename[0] == '\\' && treename[1] == '\\'))
2570         return -EINVAL;
2571
2572     treename += 2;
2573     treename_len -= 2;
2574
2575     path_len = UniStrnlen((wchar_t *)path, PATH_MAX);
2576
2577     /* make room for one path separator only if @path isn't empty */
2578     *out_len = treename_len + (path[0] ? 1 : 0) + path_len;
2579
2580     /*
2581      * final path needs to be 8-byte aligned as specified in
2582      * MS-SMB2 2.2.13 SMB2 CREATE Request.
2583      */
2584     *out_size = roundup(*out_len * sizeof(__le16), 8);
2585     *out_path = kzalloc(*out_size + sizeof(__le16) /* null */, GFP_KERNEL);
2586     if (!*out_path)
2587         return -ENOMEM;
2588
2589     cp = load_nls_default();
2590     cifs_strtoUTF16(*out_path, treename, treename_len, cp);
2591
2592     /* Do not append the separator if the path is empty */
2593     if (path[0] != cpu_to_le16(0x0000)) {
2594         UniStrcat(*out_path, sep);
2595         UniStrcat(*out_path, path);
2596     }
2597
2598     unload_nls(cp);
2599
2600     return 0;
2601 }
2602
2603 int smb311_posix_mkdir(const unsigned int xid, struct inode *inode,
2604                    umode_t mode, struct cifs_tcon *tcon,
2605                    const char *full_path,
2606                    struct cifs_sb_info *cifs_sb)
2607 {
2608     struct smb_rqst rqst;
2609     struct smb2_create_req *req;
2610     struct smb2_create_rsp *rsp = NULL;
2611     struct cifs_ses *ses = tcon->ses;
2612     struct kvec iov[3]; /* make sure at least one for each open context */
2613     struct kvec rsp_iov = {NULL, 0};
2614     int resp_buftype;
2615     int uni_path_len;
2616     __le16 *copy_path = NULL;
2617     int copy_size;
2618     int rc = 0;
2619     unsigned int n_iov = 2;
2620     __u32 file_attributes = 0;
2621     char *pc_buf = NULL;
2622     int flags = 0;
2623     unsigned int total_len;
2624     __le16 *utf16_path = NULL;
2625     struct TCP_Server_Info *server = cifs_pick_channel(ses);
2626
2627     cifs_dbg(FYI, "mkdir\n");
2628
2629     /* resource #1: path allocation */
2630     utf16_path = cifs_convert_path_to_utf16(full_path, cifs_sb);
2631     if (!utf16_path)
2632         return -ENOMEM;
2633
2634     if (!ses || !server) {
2635         rc = -EIO;
2636         goto err_free_path;
2637     }
2638
2639     /* resource #2: request */
2640     rc = smb2_plain_req_init(SMB2_CREATE, tcon, server,
2641                  (void **) &req, &total_len);
2642     if (rc)
2643         goto err_free_path;
2644
2645
2646     if (smb3_encryption_required(tcon))
2647         flags |= CIFS_TRANSFORM_REQ;
2648
2649     req->ImpersonationLevel = IL_IMPERSONATION;
2650     req->DesiredAccess = cpu_to_le32(FILE_WRITE_ATTRIBUTES);
2651     /* File attributes ignored on open (used in create though) */
2652     req->FileAttributes = cpu_to_le32(file_attributes);
2653     req->ShareAccess = FILE_SHARE_ALL_LE;
2654     req->CreateDisposition = cpu_to_le32(FILE_CREATE);
2655     req->CreateOptions = cpu_to_le32(CREATE_NOT_FILE);
2656
2657     iov[0].iov_base = (char *)req;
2658     /* -1 since last byte is buf[0] which is sent below (path) */
2659     iov[0].iov_len = total_len - 1;
2660
2661     req->NameOffset = cpu_to_le16(sizeof(struct smb2_create_req));
2662
2663     /* [MS-SMB2] 2.2.13 NameOffset:
2664      * If SMB2_FLAGS_DFS_OPERATIONS is set in the Flags field of
2665      * the SMB2 header, the file name includes a prefix that will
2666      * be processed during DFS name normalization as specified in
2667      * section 3.3.5.9. Otherwise, the file name is relative to
2668      * the share that is identified by the TreeId in the SMB2
2669      * header.
2670      */
2671     if (tcon->share_flags & SHI1005_FLAGS_DFS) {
2672         int name_len;
2673
2674         req->hdr.Flags |= SMB2_FLAGS_DFS_OPERATIONS;
2675         rc = alloc_path_with_tree_prefix(&copy_path, &copy_size,
2676                          &name_len,
2677                          tcon->treeName, utf16_path);
2678         if (rc)
2679             goto err_free_req;
2680
2681         req->NameLength = cpu_to_le16(name_len * 2);
2682         uni_path_len = copy_size;
2683         /* free before overwriting resource */
2684         kfree(utf16_path);
2685         utf16_path = copy_path;
2686     } else {
2687         uni_path_len = (2 * UniStrnlen((wchar_t *)utf16_path, PATH_MAX)) + 2;
2688         /* MUST set path len (NameLength) to 0 opening root of share */
2689         req->NameLength = cpu_to_le16(uni_path_len - 2);
2690         if (uni_path_len % 8 != 0) {
2691             copy_size = roundup(uni_path_len, 8);
2692             copy_path = kzalloc(copy_size, GFP_KERNEL);
2693             if (!copy_path) {
2694                 rc = -ENOMEM;
2695                 goto err_free_req;
2696             }
2697             memcpy((char *)copy_path, (const char *)utf16_path,
2698                    uni_path_len);
2699             uni_path_len = copy_size;
2700             /* free before overwriting resource */
2701             kfree(utf16_path);
2702             utf16_path = copy_path;
2703         }
2704     }
2705
2706     iov[1].iov_len = uni_path_len;
2707     iov[1].iov_base = utf16_path;
2708     req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_NONE;
2709
2710     if (tcon->posix_extensions) {
2711         /* resource #3: posix buf */
2712         rc = add_posix_context(iov, &n_iov, mode);
2713         if (rc)
2714             goto err_free_req;
2715         pc_buf = iov[n_iov-1].iov_base;
2716     }
2717
2718
2719     memset(&rqst, 0, sizeof(struct smb_rqst));
2720     rqst.rq_iov = iov;
2721     rqst.rq_nvec = n_iov;
2722
2723     /* no need to inc num_remote_opens because we close it just below */
2724     trace_smb3_posix_mkdir_enter(xid, tcon->tid, ses->Suid, CREATE_NOT_FILE,
2725                     FILE_WRITE_ATTRIBUTES);
2726     /* resource #4: response buffer */
2727     rc = cifs_send_recv(xid, ses, server,
2728                 &rqst, &resp_buftype, flags, &rsp_iov);
2729     if (rc) {
2730         cifs_stats_fail_inc(tcon, SMB2_CREATE_HE);
2731         trace_smb3_posix_mkdir_err(xid, tcon->tid, ses->Suid,
2732                        CREATE_NOT_FILE,
2733                        FILE_WRITE_ATTRIBUTES, rc);
2734         goto err_free_rsp_buf;
2735     }
2736
2737     /*
2738      * Although unlikely to be possible for rsp to be null and rc not set,
2739      * adding check below is slightly safer long term (and quiets Coverity
2740      * warning)
2741      */
2742     rsp = (struct smb2_create_rsp *)rsp_iov.iov_base;
2743     if (rsp == NULL) {
2744         rc = -EIO;
2745         kfree(pc_buf);
2746         goto err_free_req;
2747     }
2748
2749     trace_smb3_posix_mkdir_done(xid, rsp->PersistentFileId, tcon->tid, ses->Suid,
2750                     CREATE_NOT_FILE, FILE_WRITE_ATTRIBUTES);
2751
2752     SMB2_close(xid, tcon, rsp->PersistentFileId, rsp->VolatileFileId);
2753
2754     /* Eventually save off posix specific response info and timestaps */
2755
2756 err_free_rsp_buf:
2757     free_rsp_buf(resp_buftype, rsp);
2758     kfree(pc_buf);
2759 err_free_req:
2760     cifs_small_buf_release(req);
2761 err_free_path:
2762     kfree(utf16_path);
2763     return rc;
2764 }
2765
2766 int
2767 SMB2_open_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server,
2768            struct smb_rqst *rqst, __u8 *oplock,
2769            struct cifs_open_parms *oparms, __le16 *path)
2770 {
2771     struct smb2_create_req *req;
2772     unsigned int n_iov = 2;
2773     __u32 file_attributes = 0;
2774     int copy_size;
2775     int uni_path_len;
2776     unsigned int total_len;
2777     struct kvec *iov = rqst->rq_iov;
2778     __le16 *copy_path;
2779     int rc;
2780
2781     rc = smb2_plain_req_init(SMB2_CREATE, tcon, server,
2782                  (void **) &req, &total_len);
2783     if (rc)
2784         return rc;
2785
2786     iov[0].iov_base = (char *)req;
2787     /* -1 since last byte is buf[0] which is sent below (path) */
2788     iov[0].iov_len = total_len - 1;
2789
2790     if (oparms->create_options & CREATE_OPTION_READONLY)
2791         file_attributes |= ATTR_READONLY;
2792     if (oparms->create_options & CREATE_OPTION_SPECIAL)
2793         file_attributes |= ATTR_SYSTEM;
2794
2795     req->ImpersonationLevel = IL_IMPERSONATION;
2796     req->DesiredAccess = cpu_to_le32(oparms->desired_access);
2797     /* File attributes ignored on open (used in create though) */
2798     req->FileAttributes = cpu_to_le32(file_attributes);
2799     req->ShareAccess = FILE_SHARE_ALL_LE;
2800
2801     req->CreateDisposition = cpu_to_le32(oparms->disposition);
2802     req->CreateOptions = cpu_to_le32(oparms->create_options & CREATE_OPTIONS_MASK);
2803     req->NameOffset = cpu_to_le16(sizeof(struct smb2_create_req));
2804
2805     /* [MS-SMB2] 2.2.13 NameOffset:
2806      * If SMB2_FLAGS_DFS_OPERATIONS is set in the Flags field of
2807      * the SMB2 header, the file name includes a prefix that will
2808      * be processed during DFS name normalization as specified in
2809      * section 3.3.5.9. Otherwise, the file name is relative to
2810      * the share that is identified by the TreeId in the SMB2
2811      * header.
2812      */
2813     if (tcon->share_flags & SHI1005_FLAGS_DFS) {
2814         int name_len;
2815
2816         req->hdr.Flags |= SMB2_FLAGS_DFS_OPERATIONS;
2817         rc = alloc_path_with_tree_prefix(&copy_path, &copy_size,
2818                          &name_len,
2819                          tcon->treeName, path);
2820         if (rc)
2821             return rc;
2822         req->NameLength = cpu_to_le16(name_len * 2);
2823         uni_path_len = copy_size;
2824         path = copy_path;
2825     } else {
2826         uni_path_len = (2 * UniStrnlen((wchar_t *)path, PATH_MAX)) + 2;
2827         /* MUST set path len (NameLength) to 0 opening root of share */
2828         req->NameLength = cpu_to_le16(uni_path_len - 2);
2829         copy_size = uni_path_len;
2830         if (copy_size % 8 != 0)
2831             copy_size = roundup(copy_size, 8);
2832         copy_path = kzalloc(copy_size, GFP_KERNEL);
2833         if (!copy_path)
2834             return -ENOMEM;
2835         memcpy((char *)copy_path, (const char *)path,
2836                uni_path_len);
2837         uni_path_len = copy_size;
2838         path = copy_path;
2839     }
2840
2841     iov[1].iov_len = uni_path_len;
2842     iov[1].iov_base = path;
2843
2844     if ((!server->oplocks) || (tcon->no_lease))
2845         *oplock = SMB2_OPLOCK_LEVEL_NONE;
2846
2847     if (!(server->capabilities & SMB2_GLOBAL_CAP_LEASING) ||
2848         *oplock == SMB2_OPLOCK_LEVEL_NONE)
2849         req->RequestedOplockLevel = *oplock;
2850     else if (!(server->capabilities & SMB2_GLOBAL_CAP_DIRECTORY_LEASING) &&
2851           (oparms->create_options & CREATE_NOT_FILE))
2852         req->RequestedOplockLevel = *oplock; /* no srv lease support */
2853     else {
2854         rc = add_lease_context(server, iov, &n_iov,
2855                        oparms->fid->lease_key, oplock);
2856         if (rc)
2857             return rc;
2858     }
2859
2860     if (*oplock == SMB2_OPLOCK_LEVEL_BATCH) {
2861         /* need to set Next field of lease context if we request it */
2862         if (server->capabilities & SMB2_GLOBAL_CAP_LEASING) {
2863             struct create_context *ccontext =
2864                 (struct create_context *)iov[n_iov-1].iov_base;
2865             ccontext->Next =
2866                 cpu_to_le32(server->vals->create_lease_size);
2867         }
2868
2869         rc = add_durable_context(iov, &n_iov, oparms,
2870                     tcon->use_persistent);
2871         if (rc)
2872             return rc;
2873     }
2874
2875     if (tcon->posix_extensions) {
2876         if (n_iov > 2) {
2877             struct create_context *ccontext =
2878                 (struct create_context *)iov[n_iov-1].iov_base;
2879             ccontext->Next =
2880                 cpu_to_le32(iov[n_iov-1].iov_len);
2881         }
2882
2883         rc = add_posix_context(iov, &n_iov, oparms->mode);
2884         if (rc)
2885             return rc;
2886     }
2887
2888     if (tcon->snapshot_time) {
2889         cifs_dbg(FYI, "adding snapshot context\n");
2890         if (n_iov > 2) {
2891             struct create_context *ccontext =
2892                 (struct create_context *)iov[n_iov-1].iov_base;
2893             ccontext->Next =
2894                 cpu_to_le32(iov[n_iov-1].iov_len);
2895         }
2896
2897         rc = add_twarp_context(iov, &n_iov, tcon->snapshot_time);
2898         if (rc)
2899             return rc;
2900     }
2901
2902     if ((oparms->disposition != FILE_OPEN) && (oparms->cifs_sb)) {
2903         bool set_mode;
2904         bool set_owner;
2905
2906         if ((oparms->cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MODE_FROM_SID) &&
2907             (oparms->mode != ACL_NO_MODE))
2908             set_mode = true;
2909         else {
2910             set_mode = false;
2911             oparms->mode = ACL_NO_MODE;
2912         }
2913
2914         if (oparms->cifs_sb->mnt_cifs_flags & CIFS_MOUNT_UID_FROM_ACL)
2915             set_owner = true;
2916         else
2917             set_owner = false;
2918
2919         if (set_owner | set_mode) {
2920             if (n_iov > 2) {
2921                 struct create_context *ccontext =
2922                     (struct create_context *)iov[n_iov-1].iov_base;
2923                 ccontext->Next = cpu_to_le32(iov[n_iov-1].iov_len);
2924             }
2925
2926             cifs_dbg(FYI, "add sd with mode 0x%x\n", oparms->mode);
2927             rc = add_sd_context(iov, &n_iov, oparms->mode, set_owner);
2928             if (rc)
2929                 return rc;
2930         }
2931     }
2932
2933     if (n_iov > 2) {
2934         struct create_context *ccontext =
2935             (struct create_context *)iov[n_iov-1].iov_base;
2936         ccontext->Next = cpu_to_le32(iov[n_iov-1].iov_len);
2937     }
2938     add_query_id_context(iov, &n_iov);
2939
2940     rqst->rq_nvec = n_iov;
2941     return 0;
2942 }
2943
2944 /* rq_iov[0] is the request and is released by cifs_small_buf_release().
2945  * All other vectors are freed by kfree().
2946  */
2947 void
2948 SMB2_open_free(struct smb_rqst *rqst)
2949 {
2950     int i;
2951
2952     if (rqst && rqst->rq_iov) {
2953         cifs_small_buf_release(rqst->rq_iov[0].iov_base);
2954         for (i = 1; i < rqst->rq_nvec; i++)
2955             if (rqst->rq_iov[i].iov_base != smb2_padding)
2956                 kfree(rqst->rq_iov[i].iov_base);
2957     }
2958 }
2959
2960 int
2961 SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
2962       __u8 *oplock, struct smb2_file_all_info *buf,
2963       struct create_posix_rsp *posix,
2964       struct kvec *err_iov, int *buftype)
2965 {
2966     struct smb_rqst rqst;
2967     struct smb2_create_rsp *rsp = NULL;
2968     struct cifs_tcon *tcon = oparms->tcon;
2969     struct cifs_ses *ses = tcon->ses;
2970     struct TCP_Server_Info *server = cifs_pick_channel(ses);
2971     struct kvec iov[SMB2_CREATE_IOV_SIZE];
2972     struct kvec rsp_iov = {NULL, 0};
2973     int resp_buftype = CIFS_NO_BUFFER;
2974     int rc = 0;
2975     int flags = 0;
2976
2977     cifs_dbg(FYI, "create/open\n");
2978     if (!ses || !server)
2979         return -EIO;
2980
2981     if (smb3_encryption_required(tcon))
2982         flags |= CIFS_TRANSFORM_REQ;
2983
2984     memset(&rqst, 0, sizeof(struct smb_rqst));
2985     memset(&iov, 0, sizeof(iov));
2986     rqst.rq_iov = iov;
2987     rqst.rq_nvec = SMB2_CREATE_IOV_SIZE;
2988
2989     rc = SMB2_open_init(tcon, server,
2990                 &rqst, oplock, oparms, path);
2991     if (rc)
2992         goto creat_exit;
2993
2994     trace_smb3_open_enter(xid, tcon->tid, tcon->ses->Suid,
2995         oparms->create_options, oparms->desired_access);
2996
2997     rc = cifs_send_recv(xid, ses, server,
2998                 &rqst, &resp_buftype, flags,
2999                 &rsp_iov);
3000     rsp = (struct smb2_create_rsp *)rsp_iov.iov_base;
3001
3002     if (rc != 0) {
3003         cifs_stats_fail_inc(tcon, SMB2_CREATE_HE);
3004         if (err_iov && rsp) {
3005             *err_iov = rsp_iov;
3006             *buftype = resp_buftype;
3007             resp_buftype = CIFS_NO_BUFFER;
3008             rsp = NULL;
3009         }
3010         trace_smb3_open_err(xid, tcon->tid, ses->Suid,
3011                     oparms->create_options, oparms->desired_access, rc);
3012         if (rc == -EREMCHG) {
3013             pr_warn_once("server share %s deleted\n",
3014                      tcon->treeName);
3015             tcon->need_reconnect = true;
3016         }
3017         goto creat_exit;
3018     } else if (rsp == NULL) /* unlikely to happen, but safer to check */
3019         goto creat_exit;
3020     else
3021         trace_smb3_open_done(xid, rsp->PersistentFileId, tcon->tid, ses->Suid,
3022                      oparms->create_options, oparms->desired_access);
3023
3024     atomic_inc(&tcon->num_remote_opens);
3025     oparms->fid->persistent_fid = rsp->PersistentFileId;
3026     oparms->fid->volatile_fid = rsp->VolatileFileId;
3027     oparms->fid->access = oparms->desired_access;
3028 #ifdef CONFIG_CIFS_DEBUG2
3029     oparms->fid->mid = le64_to_cpu(rsp->hdr.MessageId);
3030 #endif /* CIFS_DEBUG2 */
3031
3032     if (buf) {
3033         buf->CreationTime = rsp->CreationTime;
3034         buf->LastAccessTime = rsp->LastAccessTime;
3035         buf->LastWriteTime = rsp->LastWriteTime;
3036         buf->ChangeTime = rsp->ChangeTime;
3037         buf->AllocationSize = rsp->AllocationSize;
3038         buf->EndOfFile = rsp->EndofFile;
3039         buf->Attributes = rsp->FileAttributes;
3040         buf->NumberOfLinks = cpu_to_le32(1);
3041         buf->DeletePending = 0;
3042     }
3043
3044
3045     smb2_parse_contexts(server, rsp, &oparms->fid->epoch,
3046                 oparms->fid->lease_key, oplock, buf, posix);
3047 creat_exit:
3048     SMB2_open_free(&rqst);
3049     free_rsp_buf(resp_buftype, rsp);
3050     return rc;
3051 }
3052
3053 int
3054 SMB2_ioctl_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server,
3055         struct smb_rqst *rqst,
3056         u64 persistent_fid, u64 volatile_fid, u32 opcode,
3057         char *in_data, u32 indatalen,
3058         __u32 max_response_size)
3059 {
3060     struct smb2_ioctl_req *req;
3061     struct kvec *iov = rqst->rq_iov;
3062     unsigned int total_len;
3063     int rc;
3064     char *in_data_buf;
3065
3066     rc = smb2_ioctl_req_init(opcode, tcon, server,
3067                  (void **) &req, &total_len);
3068     if (rc)
3069         return rc;
3070
3071     if (indatalen) {
3072         /*
3073          * indatalen is usually small at a couple of bytes max, so
3074          * just allocate through generic pool
3075          */
3076         in_data_buf = kmemdup(in_data, indatalen, GFP_NOFS);
3077         if (!in_data_buf) {
3078             cifs_small_buf_release(req);
3079             return -ENOMEM;
3080         }
3081     }
3082
3083     req->CtlCode = cpu_to_le32(opcode);
3084     req->PersistentFileId = persistent_fid;
3085     req->VolatileFileId = volatile_fid;
3086
3087     iov[0].iov_base = (char *)req;
3088     /*
3089      * If no input data, the size of ioctl struct in
3090      * protocol spec still includes a 1 byte data buffer,
3091      * but if input data passed to ioctl, we do not
3092      * want to double count this, so we do not send
3093      * the dummy one byte of data in iovec[0] if sending
3094      * input data (in iovec[1]).
3095      */
3096     if (indatalen) {
3097         req->InputCount = cpu_to_le32(indatalen);
3098         /* do not set InputOffset if no input data */
3099         req->InputOffset =
3100                cpu_to_le32(offsetof(struct smb2_ioctl_req, Buffer));
3101         rqst->rq_nvec = 2;
3102         iov[0].iov_len = total_len - 1;
3103         iov[1].iov_base = in_data_buf;
3104         iov[1].iov_len = indatalen;
3105     } else {
3106         rqst->rq_nvec = 1;
3107         iov[0].iov_len = total_len;
3108     }
3109
3110     req->OutputOffset = 0;
3111     req->OutputCount = 0; /* MBZ */
3112
3113     /*
3114      * In most cases max_response_size is set to 16K (CIFSMaxBufSize)
3115      * We Could increase default MaxOutputResponse, but that could require
3116      * more credits. Windows typically sets this smaller, but for some
3117      * ioctls it may be useful to allow server to send more. No point
3118      * limiting what the server can send as long as fits in one credit
3119      * We can not handle more than CIFS_MAX_BUF_SIZE yet but may want
3120      * to increase this limit up in the future.
3121      * Note that for snapshot queries that servers like Azure expect that
3122      * the first query be minimal size (and just used to get the number/size
3123      * of previous versions) so response size must be specified as EXACTLY
3124      * sizeof(struct snapshot_array) which is 16 when rounded up to multiple
3125      * of eight bytes.  Currently that is the only case where we set max
3126      * response size smaller.
3127      */
3128     req->MaxOutputResponse = cpu_to_le32(max_response_size);
3129     req->hdr.CreditCharge =
3130         cpu_to_le16(DIV_ROUND_UP(max(indatalen, max_response_size),
3131                      SMB2_MAX_BUFFER_SIZE));
3132     /* always an FSCTL (for now) */
3133     req->Flags = cpu_to_le32(SMB2_0_IOCTL_IS_FSCTL);
3134
3135     /* validate negotiate request must be signed - see MS-SMB2 3.2.5.5 */
3136     if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO)
3137         req->hdr.Flags |= SMB2_FLAGS_SIGNED;
3138
3139     return 0;
3140 }
3141
3142 void
3143 SMB2_ioctl_free(struct smb_rqst *rqst)
3144 {
3145     int i;
3146     if (rqst && rqst->rq_iov) {
3147         cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */
3148         for (i = 1; i < rqst->rq_nvec; i++)
3149             if (rqst->rq_iov[i].iov_base != smb2_padding)
3150                 kfree(rqst->rq_iov[i].iov_base);
3151     }
3152 }
3153
3154
3155 /*
3156  *  SMB2 IOCTL is used for both IOCTLs and FSCTLs
3157  */
3158 int
3159 SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
3160        u64 volatile_fid, u32 opcode, char *in_data, u32 indatalen,
3161        u32 max_out_data_len, char **out_data,
3162        u32 *plen /* returned data len */)
3163 {
3164     struct smb_rqst rqst;
3165     struct smb2_ioctl_rsp *rsp = NULL;
3166     struct cifs_ses *ses;
3167     struct TCP_Server_Info *server;
3168     struct kvec iov[SMB2_IOCTL_IOV_SIZE];
3169     struct kvec rsp_iov = {NULL, 0};
3170     int resp_buftype = CIFS_NO_BUFFER;
3171     int rc = 0;
3172     int flags = 0;
3173
3174     cifs_dbg(FYI, "SMB2 IOCTL\n");
3175
3176     if (out_data != NULL)
3177         *out_data = NULL;
3178
3179     /* zero out returned data len, in case of error */
3180     if (plen)
3181         *plen = 0;
3182
3183     if (!tcon)
3184         return -EIO;
3185
3186     ses = tcon->ses;
3187     if (!ses)
3188         return -EIO;
3189
3190     server = cifs_pick_channel(ses);
3191     if (!server)
3192         return -EIO;
3193
3194     if (smb3_encryption_required(tcon))
3195         flags |= CIFS_TRANSFORM_REQ;
3196
3197     memset(&rqst, 0, sizeof(struct smb_rqst));
3198     memset(&iov, 0, sizeof(iov));
3199     rqst.rq_iov = iov;
3200     rqst.rq_nvec = SMB2_IOCTL_IOV_SIZE;
3201
3202     rc = SMB2_ioctl_init(tcon, server,
3203                  &rqst, persistent_fid, volatile_fid, opcode,
3204                  in_data, indatalen, max_out_data_len);
3205     if (rc)
3206         goto ioctl_exit;
3207
3208     rc = cifs_send_recv(xid, ses, server,
3209                 &rqst, &resp_buftype, flags,
3210                 &rsp_iov);
3211     rsp = (struct smb2_ioctl_rsp *)rsp_iov.iov_base;
3212
3213     if (rc != 0)
3214         trace_smb3_fsctl_err(xid, persistent_fid, tcon->tid,
3215                 ses->Suid, 0, opcode, rc);
3216
3217     if ((rc != 0) && (rc != -EINVAL) && (rc != -E2BIG)) {
3218         cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE);
3219         goto ioctl_exit;
3220     } else if (rc == -EINVAL) {
3221         if ((opcode != FSCTL_SRV_COPYCHUNK_WRITE) &&
3222             (opcode != FSCTL_SRV_COPYCHUNK)) {
3223             cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE);
3224             goto ioctl_exit;
3225         }
3226     } else if (rc == -E2BIG) {
3227         if (opcode != FSCTL_QUERY_ALLOCATED_RANGES) {
3228             cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE);
3229             goto ioctl_exit;
3230         }
3231     }
3232
3233     /* check if caller wants to look at return data or just return rc */
3234     if ((plen == NULL) || (out_data == NULL))
3235         goto ioctl_exit;
3236
3237     /*
3238      * Although unlikely to be possible for rsp to be null and rc not set,
3239      * adding check below is slightly safer long term (and quiets Coverity
3240      * warning)
3241      */
3242     if (rsp == NULL) {
3243         rc = -EIO;
3244         goto ioctl_exit;
3245     }
3246
3247     *plen = le32_to_cpu(rsp->OutputCount);
3248
3249     /* We check for obvious errors in the output buffer length and offset */
3250     if (*plen == 0)
3251         goto ioctl_exit; /* server returned no data */
3252     else if (*plen > rsp_iov.iov_len || *plen > 0xFF00) {
3253         cifs_tcon_dbg(VFS, "srv returned invalid ioctl length: %d\n", *plen);
3254         *plen = 0;
3255         rc = -EIO;
3256         goto ioctl_exit;
3257     }
3258
3259     if (rsp_iov.iov_len - *plen < le32_to_cpu(rsp->OutputOffset)) {
3260         cifs_tcon_dbg(VFS, "Malformed ioctl resp: len %d offset %d\n", *plen,
3261             le32_to_cpu(rsp->OutputOffset));
3262         *plen = 0;
3263         rc = -EIO;
3264         goto ioctl_exit;
3265     }
3266
3267     *out_data = kmemdup((char *)rsp + le32_to_cpu(rsp->OutputOffset),
3268                 *plen, GFP_KERNEL);
3269     if (*out_data == NULL) {
3270         rc = -ENOMEM;
3271         goto ioctl_exit;
3272     }
3273
3274 ioctl_exit:
3275     SMB2_ioctl_free(&rqst);
3276     free_rsp_buf(resp_buftype, rsp);
3277     return rc;
3278 }
3279
3280 /*
3281  *   Individual callers to ioctl worker function follow
3282  */
3283
3284 int
3285 SMB2_set_compression(const unsigned int xid, struct cifs_tcon *tcon,
3286              u64 persistent_fid, u64 volatile_fid)
3287 {
3288     int rc;
3289     struct  compress_ioctl fsctl_input;
3290     char *ret_data = NULL;
3291
3292     fsctl_input.CompressionState =
3293             cpu_to_le16(COMPRESSION_FORMAT_DEFAULT);
3294
3295     rc = SMB2_ioctl(xid, tcon, persistent_fid, volatile_fid,
3296             FSCTL_SET_COMPRESSION,
3297             (char *)&fsctl_input /* data input */,
3298             2 /* in data len */, CIFSMaxBufSize /* max out data */,
3299             &ret_data /* out data */, NULL);
3300
3301     cifs_dbg(FYI, "set compression rc %d\n", rc);
3302
3303     return rc;
3304 }
3305
3306 int
3307 SMB2_close_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server,
3308         struct smb_rqst *rqst,
3309         u64 persistent_fid, u64 volatile_fid, bool query_attrs)
3310 {
3311     struct smb2_close_req *req;
3312     struct kvec *iov = rqst->rq_iov;
3313     unsigned int total_len;
3314     int rc;
3315
3316     rc = smb2_plain_req_init(SMB2_CLOSE, tcon, server,
3317                  (void **) &req, &total_len);
3318     if (rc)
3319         return rc;
3320
3321     req->PersistentFileId = persistent_fid;
3322     req->VolatileFileId = volatile_fid;
3323     if (query_attrs)
3324         req->Flags = SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB;
3325     else
3326         req->Flags = 0;
3327     iov[0].iov_base = (char *)req;
3328     iov[0].iov_len = total_len;
3329
3330     return 0;
3331 }
3332
3333 void
3334 SMB2_close_free(struct smb_rqst *rqst)
3335 {
3336     if (rqst && rqst->rq_iov)
3337         cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */
3338 }
3339
3340 int
3341 __SMB2_close(const unsigned int xid, struct cifs_tcon *tcon,
3342          u64 persistent_fid, u64 volatile_fid,
3343          struct smb2_file_network_open_info *pbuf)
3344 {
3345     struct smb_rqst rqst;
3346     struct smb2_close_rsp *rsp = NULL;
3347     struct cifs_ses *ses = tcon->ses;
3348     struct TCP_Server_Info *server = cifs_pick_channel(ses);
3349     struct kvec iov[1];
3350     struct kvec rsp_iov;
3351     int resp_buftype = CIFS_NO_BUFFER;
3352     int rc = 0;
3353     int flags = 0;
3354     bool query_attrs = false;
3355
3356     cifs_dbg(FYI, "Close\n");
3357
3358     if (!ses || !server)
3359         return -EIO;
3360
3361     if (smb3_encryption_required(tcon))
3362         flags |= CIFS_TRANSFORM_REQ;
3363
3364     memset(&rqst, 0, sizeof(struct smb_rqst));
3365     memset(&iov, 0, sizeof(iov));
3366     rqst.rq_iov = iov;
3367     rqst.rq_nvec = 1;
3368
3369     /* check if need to ask server to return timestamps in close response */
3370     if (pbuf)
3371         query_attrs = true;
3372
3373     trace_smb3_close_enter(xid, persistent_fid, tcon->tid, ses->Suid);
3374     rc = SMB2_close_init(tcon, server,
3375                  &rqst, persistent_fid, volatile_fid,
3376                  query_attrs);
3377     if (rc)
3378         goto close_exit;
3379
3380     rc = cifs_send_recv(xid, ses, server,
3381                 &rqst, &resp_buftype, flags, &rsp_iov);
3382     rsp = (struct smb2_close_rsp *)rsp_iov.iov_base;
3383
3384     if (rc != 0) {
3385         cifs_stats_fail_inc(tcon, SMB2_CLOSE_HE);
3386         trace_smb3_close_err(xid, persistent_fid, tcon->tid, ses->Suid,
3387                      rc);
3388         goto close_exit;
3389     } else {
3390         trace_smb3_close_done(xid, persistent_fid, tcon->tid,
3391                       ses->Suid);
3392         /*
3393          * Note that have to subtract 4 since struct network_open_info
3394          * has a final 4 byte pad that close response does not have
3395          */
3396         if (pbuf)
3397             memcpy(pbuf, (char *)&rsp->CreationTime, sizeof(*pbuf) - 4);
3398     }
3399
3400     atomic_dec(&tcon->num_remote_opens);
3401 close_exit:
3402     SMB2_close_free(&rqst);
3403     free_rsp_buf(resp_buftype, rsp);
3404
3405     /* retry close in a worker thread if this one is interrupted */
3406     if (is_interrupt_error(rc)) {
3407         int tmp_rc;
3408
3409         tmp_rc = smb2_handle_cancelled_close(tcon, persistent_fid,
3410                              volatile_fid);
3411         if (tmp_rc)
3412             cifs_dbg(VFS, "handle cancelled close fid 0x%llx returned error %d\n",
3413                  persistent_fid, tmp_rc);
3414     }
3415     return rc;
3416 }
3417
3418 int
3419 SMB2_close(const unsigned int xid, struct cifs_tcon *tcon,
3420         u64 persistent_fid, u64 volatile_fid)
3421 {
3422     return __SMB2_close(xid, tcon, persistent_fid, volatile_fid, NULL);
3423 }
3424
3425 int
3426 smb2_validate_iov(unsigned int offset, unsigned int buffer_length,
3427           struct kvec *iov, unsigned int min_buf_size)
3428 {
3429     unsigned int smb_len = iov->iov_len;
3430     char *end_of_smb = smb_len + (char *)iov->iov_base;
3431     char *begin_of_buf = offset + (char *)iov->iov_base;
3432     char *end_of_buf = begin_of_buf + buffer_length;
3433
3434
3435     if (buffer_length < min_buf_size) {
3436         cifs_dbg(VFS, "buffer length %d smaller than minimum size %d\n",
3437              buffer_length, min_buf_size);
3438         return -EINVAL;
3439     }
3440
3441     /* check if beyond RFC1001 maximum length */
3442     if ((smb_len > 0x7FFFFF) || (buffer_length > 0x7FFFFF)) {
3443         cifs_dbg(VFS, "buffer length %d or smb length %d too large\n",
3444              buffer_length, smb_len);
3445         return -EINVAL;
3446     }
3447
3448     if ((begin_of_buf > end_of_smb) || (end_of_buf > end_of_smb)) {
3449         cifs_dbg(VFS, "Invalid server response, bad offset to data\n");
3450         return -EINVAL;
3451     }
3452
3453     return 0;
3454 }
3455
3456 /*
3457  * If SMB buffer fields are valid, copy into temporary buffer to hold result.
3458  * Caller must free buffer.
3459  */
3460 int
3461 smb2_validate_and_copy_iov(unsigned int offset, unsigned int buffer_length,
3462                struct kvec *iov, unsigned int minbufsize,
3463                char *data)
3464 {
3465     char *begin_of_buf = offset + (char *)iov->iov_base;
3466     int rc;
3467
3468     if (!data)
3469         return -EINVAL;
3470
3471     rc = smb2_validate_iov(offset, buffer_length, iov, minbufsize);
3472     if (rc)
3473         return rc;
3474
3475     memcpy(data, begin_of_buf, buffer_length);
3476
3477     return 0;
3478 }
3479
3480 int
3481 SMB2_query_info_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server,
3482              struct smb_rqst *rqst,
3483              u64 persistent_fid, u64 volatile_fid,
3484              u8 info_class, u8 info_type, u32 additional_info,
3485              size_t output_len, size_t input_len, void *input)
3486 {
3487     struct smb2_query_info_req *req;
3488     struct kvec *iov = rqst->rq_iov;
3489     unsigned int total_len;
3490     int rc;
3491
3492     rc = smb2_plain_req_init(SMB2_QUERY_INFO, tcon, server,
3493                  (void **) &req, &total_len);
3494     if (rc)
3495         return rc;
3496
3497     req->InfoType = info_type;
3498     req->FileInfoClass = info_class;
3499     req->PersistentFileId = persistent_fid;
3500     req->VolatileFileId = volatile_fid;
3501     req->AdditionalInformation = cpu_to_le32(additional_info);
3502
3503     req->OutputBufferLength = cpu_to_le32(output_len);
3504     if (input_len) {
3505         req->InputBufferLength = cpu_to_le32(input_len);
3506         /* total_len for smb query request never close to le16 max */
3507         req->InputBufferOffset = cpu_to_le16(total_len - 1);
3508         memcpy(req->Buffer, input, input_len);
3509     }
3510
3511     iov[0].iov_base = (char *)req;
3512     /* 1 for Buffer */
3513     iov[0].iov_len = total_len - 1 + input_len;
3514     return 0;
3515 }
3516
3517 void
3518 SMB2_query_info_free(struct smb_rqst *rqst)
3519 {
3520     if (rqst && rqst->rq_iov)
3521         cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */
3522 }
3523
3524 static int
3525 query_info(const unsigned int xid, struct cifs_tcon *tcon,
3526        u64 persistent_fid, u64 volatile_fid, u8 info_class, u8 info_type,
3527        u32 additional_info, size_t output_len, size_t min_len, void **data,
3528         u32 *dlen)
3529 {
3530     struct smb_rqst rqst;
3531     struct smb2_query_info_rsp *rsp = NULL;
3532     struct kvec iov[1];
3533     struct kvec rsp_iov;
3534     int rc = 0;
3535     int resp_buftype = CIFS_NO_BUFFER;
3536     struct cifs_ses *ses = tcon->ses;
3537     struct TCP_Server_Info *server;
3538     int flags = 0;
3539     bool allocated = false;
3540
3541     cifs_dbg(FYI, "Query Info\n");
3542
3543     if (!ses)
3544         return -EIO;
3545     server = cifs_pick_channel(ses);
3546     if (!server)
3547         return -EIO;
3548
3549     if (smb3_encryption_required(tcon))
3550         flags |= CIFS_TRANSFORM_REQ;
3551
3552     memset(&rqst, 0, sizeof(struct smb_rqst));
3553     memset(&iov, 0, sizeof(iov));
3554     rqst.rq_iov = iov;
3555     rqst.rq_nvec = 1;
3556
3557     rc = SMB2_query_info_init(tcon, server,
3558                   &rqst, persistent_fid, volatile_fid,
3559                   info_class, info_type, additional_info,
3560                   output_len, 0, NULL);
3561     if (rc)
3562         goto qinf_exit;
3563
3564     trace_smb3_query_info_enter(xid, persistent_fid, tcon->tid,
3565                     ses->Suid, info_class, (__u32)info_type);
3566
3567     rc = cifs_send_recv(xid, ses, server,
3568                 &rqst, &resp_buftype, flags, &rsp_iov);
3569     rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base;
3570
3571     if (rc) {
3572         cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
3573         trace_smb3_query_info_err(xid, persistent_fid, tcon->tid,
3574                 ses->Suid, info_class, (__u32)info_type, rc);
3575         goto qinf_exit;
3576     }
3577
3578     trace_smb3_query_info_done(xid, persistent_fid, tcon->tid,
3579                 ses->Suid, info_class, (__u32)info_type);
3580
3581     if (dlen) {
3582         *dlen = le32_to_cpu(rsp->OutputBufferLength);
3583         if (!*data) {
3584             *data = kmalloc(*dlen, GFP_KERNEL);
3585             if (!*data) {
3586                 cifs_tcon_dbg(VFS,
3587                     "Error %d allocating memory for acl\n",
3588                     rc);
3589                 *dlen = 0;
3590                 rc = -ENOMEM;
3591                 goto qinf_exit;
3592             }
3593             allocated = true;
3594         }
3595     }
3596
3597     rc = smb2_validate_and_copy_iov(le16_to_cpu(rsp->OutputBufferOffset),
3598                     le32_to_cpu(rsp->OutputBufferLength),
3599                     &rsp_iov, min_len, *data);
3600     if (rc && allocated) {
3601         kfree(*data);
3602         *data = NULL;
3603         *dlen = 0;
3604     }
3605
3606 qinf_exit:
3607     SMB2_query_info_free(&rqst);
3608     free_rsp_buf(resp_buftype, rsp);
3609     return rc;
3610 }
3611
3612 int SMB2_query_info(const unsigned int xid, struct cifs_tcon *tcon,
3613     u64 persistent_fid, u64 volatile_fid, struct smb2_file_all_info *data)
3614 {
3615     return query_info(xid, tcon, persistent_fid, volatile_fid,
3616               FILE_ALL_INFORMATION, SMB2_O_INFO_FILE, 0,
3617               sizeof(struct smb2_file_all_info) + PATH_MAX * 2,
3618               sizeof(struct smb2_file_all_info), (void **)&data,
3619               NULL);
3620 }
3621
3622 #if 0
3623 /* currently unused, as now we are doing compounding instead (see smb311_posix_query_path_info) */
3624 int
3625 SMB311_posix_query_info(const unsigned int xid, struct cifs_tcon *tcon,
3626         u64 persistent_fid, u64 volatile_fid, struct smb311_posix_qinfo *data, u32 *plen)
3627 {
3628     size_t output_len = sizeof(struct smb311_posix_qinfo *) +
3629             (sizeof(struct cifs_sid) * 2) + (PATH_MAX * 2);
3630     *plen = 0;
3631
3632     return query_info(xid, tcon, persistent_fid, volatile_fid,
3633               SMB_FIND_FILE_POSIX_INFO, SMB2_O_INFO_FILE, 0,
3634               output_len, sizeof(struct smb311_posix_qinfo), (void **)&data, plen);
3635     /* Note caller must free "data" (passed in above). It may be allocated in query_info call */
3636 }
3637 #endif
3638
3639 int
3640 SMB2_query_acl(const unsigned int xid, struct cifs_tcon *tcon,
3641            u64 persistent_fid, u64 volatile_fid,
3642            void **data, u32 *plen, u32 extra_info)
3643 {
3644     __u32 additional_info = OWNER_SECINFO | GROUP_SECINFO | DACL_SECINFO |
3645                 extra_info;
3646     *plen = 0;
3647
3648     return query_info(xid, tcon, persistent_fid, volatile_fid,
3649               0, SMB2_O_INFO_SECURITY, additional_info,
3650               SMB2_MAX_BUFFER_SIZE, MIN_SEC_DESC_LEN, data, plen);
3651 }
3652
3653 int
3654 SMB2_get_srv_num(const unsigned int xid, struct cifs_tcon *tcon,
3655          u64 persistent_fid, u64 volatile_fid, __le64 *uniqueid)
3656 {
3657     return query_info(xid, tcon, persistent_fid, volatile_fid,
3658               FILE_INTERNAL_INFORMATION, SMB2_O_INFO_FILE, 0,
3659               sizeof(struct smb2_file_internal_info),
3660               sizeof(struct smb2_file_internal_info),
3661               (void **)&uniqueid, NULL);
3662 }
3663
3664 /*
3665  * CHANGE_NOTIFY Request is sent to get notifications on changes to a directory
3666  * See MS-SMB2 2.2.35 and 2.2.36
3667  */
3668
3669 static int
3670 SMB2_notify_init(const unsigned int xid, struct smb_rqst *rqst,
3671          struct cifs_tcon *tcon, struct TCP_Server_Info *server,
3672          u64 persistent_fid, u64 volatile_fid,
3673          u32 completion_filter, bool watch_tree)
3674 {
3675     struct smb2_change_notify_req *req;
3676     struct kvec *iov = rqst->rq_iov;
3677     unsigned int total_len;
3678     int rc;
3679
3680     rc = smb2_plain_req_init(SMB2_CHANGE_NOTIFY, tcon, server,
3681                  (void **) &req, &total_len);
3682     if (rc)
3683         return rc;
3684
3685     req->PersistentFileId = persistent_fid;
3686     req->VolatileFileId = volatile_fid;
3687     /* See note 354 of MS-SMB2, 64K max */
3688     req->OutputBufferLength =
3689         cpu_to_le32(SMB2_MAX_BUFFER_SIZE - MAX_SMB2_HDR_SIZE);
3690     req->CompletionFilter = cpu_to_le32(completion_filter);
3691     if (watch_tree)
3692         req->Flags = cpu_to_le16(SMB2_WATCH_TREE);
3693     else
3694         req->Flags = 0;
3695
3696     iov[0].iov_base = (char *)req;
3697     iov[0].iov_len = total_len;
3698
3699     return 0;
3700 }
3701
3702 int
3703 SMB2_change_notify(const unsigned int xid, struct cifs_tcon *tcon,
3704         u64 persistent_fid, u64 volatile_fid, bool watch_tree,
3705         u32 completion_filter)
3706 {
3707     struct cifs_ses *ses = tcon->ses;
3708     struct TCP_Server_Info *server = cifs_pick_channel(ses);
3709     struct smb_rqst rqst;
3710     struct kvec iov[1];
3711     struct kvec rsp_iov = {NULL, 0};
3712     int resp_buftype = CIFS_NO_BUFFER;
3713     int flags = 0;
3714     int rc = 0;
3715
3716     cifs_dbg(FYI, "change notify\n");
3717     if (!ses || !server)
3718         return -EIO;
3719
3720     if (smb3_encryption_required(tcon))
3721         flags |= CIFS_TRANSFORM_REQ;
3722
3723     memset(&rqst, 0, sizeof(struct smb_rqst));
3724     memset(&iov, 0, sizeof(iov));
3725     rqst.rq_iov = iov;
3726     rqst.rq_nvec = 1;
3727
3728     rc = SMB2_notify_init(xid, &rqst, tcon, server,
3729                   persistent_fid, volatile_fid,
3730                   completion_filter, watch_tree);
3731     if (rc)
3732         goto cnotify_exit;
3733
3734     trace_smb3_notify_enter(xid, persistent_fid, tcon->tid, ses->Suid,
3735                 (u8)watch_tree, completion_filter);
3736     rc = cifs_send_recv(xid, ses, server,
3737                 &rqst, &resp_buftype, flags, &rsp_iov);
3738
3739     if (rc != 0) {
3740         cifs_stats_fail_inc(tcon, SMB2_CHANGE_NOTIFY_HE);
3741         trace_smb3_notify_err(xid, persistent_fid, tcon->tid, ses->Suid,
3742                 (u8)watch_tree, completion_filter, rc);
3743     } else
3744         trace_smb3_notify_done(xid, persistent_fid, tcon->tid,
3745                 ses->Suid, (u8)watch_tree, completion_filter);
3746
3747  cnotify_exit:
3748     if (rqst.rq_iov)
3749         cifs_small_buf_release(rqst.rq_iov[0].iov_base); /* request */
3750     free_rsp_buf(resp_buftype, rsp_iov.iov_base);
3751     return rc;
3752 }
3753
3754
3755
3756 /*
3757  * This is a no-op for now. We're not really interested in the reply, but
3758  * rather in the fact that the server sent one and that server->lstrp
3759  * gets updated.
3760  *
3761  * FIXME: maybe we should consider checking that the reply matches request?
3762  */
3763 static void
3764 smb2_echo_callback(struct mid_q_entry *mid)
3765 {
3766     struct TCP_Server_Info *server = mid->callback_data;
3767     struct smb2_echo_rsp *rsp = (struct smb2_echo_rsp *)mid->resp_buf;
3768     struct cifs_credits credits = { .value = 0, .instance = 0 };
3769
3770     if (mid->mid_state == MID_RESPONSE_RECEIVED
3771         || mid->mid_state == MID_RESPONSE_MALFORMED) {
3772         credits.value = le16_to_cpu(rsp->hdr.CreditRequest);
3773         credits.instance = server->reconnect_instance;
3774     }
3775
3776     release_mid(mid);
3777     add_credits(server, &credits, CIFS_ECHO_OP);
3778 }
3779
3780 void smb2_reconnect_server(struct work_struct *work)
3781 {
3782     struct TCP_Server_Info *server = container_of(work,
3783                     struct TCP_Server_Info, reconnect.work);
3784     struct TCP_Server_Info *pserver;
3785     struct cifs_ses *ses, *ses2;
3786     struct cifs_tcon *tcon, *tcon2;
3787     struct list_head tmp_list, tmp_ses_list;
3788     bool tcon_exist = false, ses_exist = false;
3789     bool tcon_selected = false;
3790     int rc;
3791     bool resched = false;
3792
3793     /* If server is a channel, select the primary channel */
3794     pserver = CIFS_SERVER_IS_CHAN(server) ? server->primary_server : server;
3795
3796     /* Prevent simultaneous reconnects that can corrupt tcon->rlist list */
3797     mutex_lock(&pserver->reconnect_mutex);
3798
3799     INIT_LIST_HEAD(&tmp_list);
3800     INIT_LIST_HEAD(&tmp_ses_list);
3801     cifs_dbg(FYI, "Reconnecting tcons and channels\n");
3802
3803     spin_lock(&cifs_tcp_ses_lock);
3804     list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {
3805
3806         tcon_selected = false;
3807
3808         list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
3809             if (tcon->need_reconnect || tcon->need_reopen_files) {
3810                 tcon->tc_count++;
3811                 list_add_tail(&tcon->rlist, &tmp_list);
3812                 tcon_selected = tcon_exist = true;
3813             }
3814         }
3815         /*
3816          * IPC has the same lifetime as its session and uses its
3817          * refcount.
3818          */
3819         if (ses->tcon_ipc && ses->tcon_ipc->need_reconnect) {
3820             list_add_tail(&ses->tcon_ipc->rlist, &tmp_list);
3821             tcon_selected = tcon_exist = true;
3822             ses->ses_count++;
3823         }
3824         /*
3825          * handle the case where channel needs to reconnect
3826          * binding session, but tcon is healthy (some other channel
3827          * is active)
3828          */
3829         spin_lock(&ses->chan_lock);
3830         if (!tcon_selected && cifs_chan_needs_reconnect(ses, server)) {
3831             list_add_tail(&ses->rlist, &tmp_ses_list);
3832             ses_exist = true;
3833             ses->ses_count++;
3834         }
3835         spin_unlock(&ses->chan_lock);
3836     }
3837     /*
3838      * Get the reference to server struct to be sure that the last call of
3839      * cifs_put_tcon() in the loop below won't release the server pointer.
3840      */
3841     if (tcon_exist || ses_exist)
3842         server->srv_count++;
3843
3844     spin_unlock(&cifs_tcp_ses_lock);
3845
3846     list_for_each_entry_safe(tcon, tcon2, &tmp_list, rlist) {
3847         rc = smb2_reconnect(SMB2_INTERNAL_CMD, tcon, server);
3848         if (!rc)
3849             cifs_reopen_persistent_handles(tcon);
3850         else
3851             resched = true;
3852         list_del_init(&tcon->rlist);
3853         if (tcon->ipc)
3854             cifs_put_smb_ses(tcon->ses);
3855         else
3856             cifs_put_tcon(tcon);
3857     }
3858
3859     if (!ses_exist)
3860         goto done;
3861
3862     /* allocate a dummy tcon struct used for reconnect */
3863     tcon = kzalloc(sizeof(struct cifs_tcon), GFP_KERNEL);
3864     if (!tcon) {
3865         resched = true;
3866         list_for_each_entry_safe(ses, ses2, &tmp_ses_list, rlist) {
3867             list_del_init(&ses->rlist);
3868             cifs_put_smb_ses(ses);
3869         }
3870         goto done;
3871     }
3872
3873     tcon->status = TID_GOOD;
3874     tcon->retry = false;
3875     tcon->need_reconnect = false;
3876
3877     /* now reconnect sessions for necessary channels */
3878     list_for_each_entry_safe(ses, ses2, &tmp_ses_list, rlist) {
3879         tcon->ses = ses;
3880         rc = smb2_reconnect(SMB2_INTERNAL_CMD, tcon, server);
3881         if (rc)
3882             resched = true;
3883         list_del_init(&ses->rlist);
3884         cifs_put_smb_ses(ses);
3885     }
3886     kfree(tcon);
3887
3888 done:
3889     cifs_dbg(FYI, "Reconnecting tcons and channels finished\n");
3890     if (resched)
3891         queue_delayed_work(cifsiod_wq, &server->reconnect, 2 * HZ);
3892     mutex_unlock(&pserver->reconnect_mutex);
3893
3894     /* now we can safely release srv struct */
3895     if (tcon_exist || ses_exist)
3896         cifs_put_tcp_session(server, 1);
3897 }
3898
3899 int
3900 SMB2_echo(struct TCP_Server_Info *server)
3901 {
3902     struct smb2_echo_req *req;
3903     int rc = 0;
3904     struct kvec iov[1];
3905     struct smb_rqst rqst = { .rq_iov = iov,
3906                  .rq_nvec = 1 };
3907     unsigned int total_len;
3908
3909     cifs_dbg(FYI, "In echo request for conn_id %lld\n", server->conn_id);
3910
3911     spin_lock(&server->srv_lock);
3912     if (server->ops->need_neg &&
3913         server->ops->need_neg(server)) {
3914         spin_unlock(&server->srv_lock);
3915         /* No need to send echo on newly established connections */
3916         mod_delayed_work(cifsiod_wq, &server->reconnect, 0);
3917         return rc;
3918     }
3919     spin_unlock(&server->srv_lock);
3920
3921     rc = smb2_plain_req_init(SMB2_ECHO, NULL, server,
3922                  (void **)&req, &total_len);
3923     if (rc)
3924         return rc;
3925
3926     req->hdr.CreditRequest = cpu_to_le16(1);
3927
3928     iov[0].iov_len = total_len;
3929     iov[0].iov_base = (char *)req;
3930
3931     rc = cifs_call_async(server, &rqst, NULL, smb2_echo_callback, NULL,
3932                  server, CIFS_ECHO_OP, NULL);
3933     if (rc)
3934         cifs_dbg(FYI, "Echo request failed: %d\n", rc);
3935
3936     cifs_small_buf_release(req);
3937     return rc;
3938 }
3939
3940 void
3941 SMB2_flush_free(struct smb_rqst *rqst)
3942 {
3943     if (rqst && rqst->rq_iov)
3944         cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */
3945 }
3946
3947 int
3948 SMB2_flush_init(const unsigned int xid, struct smb_rqst *rqst,
3949         struct cifs_tcon *tcon, struct TCP_Server_Info *server,
3950         u64 persistent_fid, u64 volatile_fid)
3951 {
3952     struct smb2_flush_req *req;
3953     struct kvec *iov = rqst->rq_iov;
3954     unsigned int total_len;
3955     int rc;
3956
3957     rc = smb2_plain_req_init(SMB2_FLUSH, tcon, server,
3958                  (void **) &req, &total_len);
3959     if (rc)
3960         return rc;
3961
3962     req->PersistentFileId = persistent_fid;
3963     req->VolatileFileId = volatile_fid;
3964
3965     iov[0].iov_base = (char *)req;
3966     iov[0].iov_len = total_len;
3967
3968     return 0;
3969 }
3970
3971 int
3972 SMB2_flush(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
3973        u64 volatile_fid)
3974 {
3975     struct cifs_ses *ses = tcon->ses;
3976     struct smb_rqst rqst;
3977     struct kvec iov[1];
3978     struct kvec rsp_iov = {NULL, 0};
3979     struct TCP_Server_Info *server = cifs_pick_channel(ses);
3980     int resp_buftype = CIFS_NO_BUFFER;
3981     int flags = 0;
3982     int rc = 0;
3983
3984     cifs_dbg(FYI, "flush\n");
3985     if (!ses || !(ses->server))
3986         return -EIO;
3987
3988     if (smb3_encryption_required(tcon))
3989         flags |= CIFS_TRANSFORM_REQ;
3990
3991     memset(&rqst, 0, sizeof(struct smb_rqst));
3992     memset(&iov, 0, sizeof(iov));
3993     rqst.rq_iov = iov;
3994     rqst.rq_nvec = 1;
3995
3996     rc = SMB2_flush_init(xid, &rqst, tcon, server,
3997                  persistent_fid, volatile_fid);
3998     if (rc)
3999         goto flush_exit;
4000
4001     trace_smb3_flush_enter(xid, persistent_fid, tcon->tid, ses->Suid);
4002     rc = cifs_send_recv(xid, ses, server,
4003                 &rqst, &resp_buftype, flags, &rsp_iov);
4004
4005     if (rc != 0) {
4006         cifs_stats_fail_inc(tcon, SMB2_FLUSH_HE);
4007         trace_smb3_flush_err(xid, persistent_fid, tcon->tid, ses->Suid,
4008                      rc);
4009     } else
4010         trace_smb3_flush_done(xid, persistent_fid, tcon->tid,
4011                       ses->Suid);
4012
4013  flush_exit:
4014     SMB2_flush_free(&rqst);
4015     free_rsp_buf(resp_buftype, rsp_iov.iov_base);
4016     return rc;
4017 }
4018
4019 /*
4020  * To form a chain of read requests, any read requests after the first should
4021  * have the end_of_chain boolean set to true.
4022  */
4023 static int
4024 smb2_new_read_req(void **buf, unsigned int *total_len,
4025     struct cifs_io_parms *io_parms, struct cifs_readdata *rdata,
4026     unsigned int remaining_bytes, int request_type)
4027 {
4028     int rc = -EACCES;
4029     struct smb2_read_req *req = NULL;
4030     struct smb2_hdr *shdr;
4031     struct TCP_Server_Info *server = io_parms->server;
4032
4033     rc = smb2_plain_req_init(SMB2_READ, io_parms->tcon, server,
4034                  (void **) &req, total_len);
4035     if (rc)
4036         return rc;
4037
4038     if (server == NULL)
4039         return -ECONNABORTED;
4040
4041     shdr = &req->hdr;
4042     shdr->Id.SyncId.ProcessId = cpu_to_le32(io_parms->pid);
4043
4044     req->PersistentFileId = io_parms->persistent_fid;
4045     req->VolatileFileId = io_parms->volatile_fid;
4046     req->ReadChannelInfoOffset = 0; /* reserved */
4047     req->ReadChannelInfoLength = 0; /* reserved */
4048     req->Channel = 0; /* reserved */
4049     req->MinimumCount = 0;
4050     req->Length = cpu_to_le32(io_parms->length);
4051     req->Offset = cpu_to_le64(io_parms->offset);
4052
4053     trace_smb3_read_enter(0 /* xid */,
4054             io_parms->persistent_fid,
4055             io_parms->tcon->tid, io_parms->tcon->ses->Suid,
4056             io_parms->offset, io_parms->length);
4057 #ifdef CONFIG_CIFS_SMB_DIRECT
4058     /*
4059      * If we want to do a RDMA write, fill in and append
4060      * smbd_buffer_descriptor_v1 to the end of read request
4061      */
4062     if (server->rdma && rdata && !server->sign &&
4063         rdata->bytes >= server->smbd_conn->rdma_readwrite_threshold) {
4064
4065         struct smbd_buffer_descriptor_v1 *v1;
4066         bool need_invalidate = server->dialect == SMB30_PROT_ID;
4067
4068         rdata->mr = smbd_register_mr(
4069                 server->smbd_conn, rdata->pages,
4070                 rdata->nr_pages, rdata->page_offset,
4071                 rdata->tailsz, true, need_invalidate);
4072         if (!rdata->mr)
4073             return -EAGAIN;
4074
4075         req->Channel = SMB2_CHANNEL_RDMA_V1_INVALIDATE;
4076         if (need_invalidate)
4077             req->Channel = SMB2_CHANNEL_RDMA_V1;
4078         req->ReadChannelInfoOffset =
4079             cpu_to_le16(offsetof(struct smb2_read_req, Buffer));
4080         req->ReadChannelInfoLength =
4081             cpu_to_le16(sizeof(struct smbd_buffer_descriptor_v1));
4082         v1 = (struct smbd_buffer_descriptor_v1 *) &req->Buffer[0];
4083         v1->offset = cpu_to_le64(rdata->mr->mr->iova);
4084         v1->token = cpu_to_le32(rdata->mr->mr->rkey);
4085         v1->length = cpu_to_le32(rdata->mr->mr->length);
4086
4087         *total_len += sizeof(*v1) - 1;
4088     }
4089 #endif
4090     if (request_type & CHAINED_REQUEST) {
4091         if (!(request_type & END_OF_CHAIN)) {
4092             /* next 8-byte aligned request */
4093             *total_len = DIV_ROUND_UP(*total_len, 8) * 8;
4094             shdr->NextCommand = cpu_to_le32(*total_len);
4095         } else /* END_OF_CHAIN */
4096             shdr->NextCommand = 0;
4097         if (request_type & RELATED_REQUEST) {
4098             shdr->Flags |= SMB2_FLAGS_RELATED_OPERATIONS;
4099             /*
4100              * Related requests use info from previous read request
4101              * in chain.
4102              */
4103             shdr->SessionId = cpu_to_le64(0xFFFFFFFFFFFFFFFF);
4104             shdr->Id.SyncId.TreeId = cpu_to_le32(0xFFFFFFFF);
4105             req->PersistentFileId = (u64)-1;
4106             req->VolatileFileId = (u64)-1;
4107         }
4108     }
4109     if (remaining_bytes > io_parms->length)
4110         req->RemainingBytes = cpu_to_le32(remaining_bytes);
4111     else
4112         req->RemainingBytes = 0;
4113
4114     *buf = req;
4115     return rc;
4116 }
4117
4118 static void
4119 smb2_readv_callback(struct mid_q_entry *mid)
4120 {
4121     struct cifs_readdata *rdata = mid->callback_data;
4122     struct cifs_tcon *tcon = tlink_tcon(rdata->cfile->tlink);
4123     struct TCP_Server_Info *server = rdata->server;
4124     struct smb2_hdr *shdr =
4125                 (struct smb2_hdr *)rdata->iov[0].iov_base;
4126     struct cifs_credits credits = { .value = 0, .instance = 0 };
4127     struct smb_rqst rqst = { .rq_iov = &rdata->iov[1],
4128                  .rq_nvec = 1,
4129                  .rq_pages = rdata->pages,
4130                  .rq_offset = rdata->page_offset,
4131                  .rq_npages = rdata->nr_pages,
4132                  .rq_pagesz = rdata->pagesz,
4133                  .rq_tailsz = rdata->tailsz };
4134
4135     WARN_ONCE(rdata->server != mid->server,
4136           "rdata server %p != mid server %p",
4137           rdata->server, mid->server);
4138
4139     cifs_dbg(FYI, "%s: mid=%llu state=%d result=%d bytes=%u\n",
4140          __func__, mid->mid, mid->mid_state, rdata->result,
4141          rdata->bytes);
4142
4143     switch (mid->mid_state) {
4144     case MID_RESPONSE_RECEIVED:
4145         credits.value = le16_to_cpu(shdr->CreditRequest);
4146         credits.instance = server->reconnect_instance;
4147         /* result already set, check signature */
4148         if (server->sign && !mid->decrypted) {
4149             int rc;
4150
4151             rc = smb2_verify_signature(&rqst, server);
4152             if (rc)
4153                 cifs_tcon_dbg(VFS, "SMB signature verification returned error = %d\n",
4154                      rc);
4155         }
4156         /* FIXME: should this be counted toward the initiating task? */
4157         task_io_account_read(rdata->got_bytes);
4158         cifs_stats_bytes_read(tcon, rdata->got_bytes);
4159         break;
4160     case MID_REQUEST_SUBMITTED:
4161     case MID_RETRY_NEEDED:
4162         rdata->result = -EAGAIN;
4163         if (server->sign && rdata->got_bytes)
4164             /* reset bytes number since we can not check a sign */
4165             rdata->got_bytes = 0;
4166         /* FIXME: should this be counted toward the initiating task? */
4167         task_io_account_read(rdata->got_bytes);
4168         cifs_stats_bytes_read(tcon, rdata->got_bytes);
4169         break;
4170     case MID_RESPONSE_MALFORMED:
4171         credits.value = le16_to_cpu(shdr->CreditRequest);
4172         credits.instance = server->reconnect_instance;
4173         fallthrough;
4174     default:
4175         rdata->result = -EIO;
4176     }
4177 #ifdef CONFIG_CIFS_SMB_DIRECT
4178     /*
4179      * If this rdata has a memmory registered, the MR can be freed
4180      * MR needs to be freed as soon as I/O finishes to prevent deadlock
4181      * because they have limited number and are used for future I/Os
4182      */
4183     if (rdata->mr) {
4184         smbd_deregister_mr(rdata->mr);
4185         rdata->mr = NULL;
4186     }
4187 #endif
4188     if (rdata->result && rdata->result != -ENODATA) {
4189         cifs_stats_fail_inc(tcon, SMB2_READ_HE);
4190         trace_smb3_read_err(0 /* xid */,
4191                     rdata->cfile->fid.persistent_fid,
4192                     tcon->tid, tcon->ses->Suid, rdata->offset,
4193                     rdata->bytes, rdata->result);
4194     } else
4195         trace_smb3_read_done(0 /* xid */,
4196                      rdata->cfile->fid.persistent_fid,
4197                      tcon->tid, tcon->ses->Suid,
4198                      rdata->offset, rdata->got_bytes);
4199
4200     queue_work(cifsiod_wq, &rdata->work);
4201     release_mid(mid);
4202     add_credits(server, &credits, 0);
4203 }
4204
4205 /* smb2_async_readv - send an async read, and set up mid to handle result */
4206 int
4207 smb2_async_readv(struct cifs_readdata *rdata)
4208 {
4209     int rc, flags = 0;
4210     char *buf;
4211     struct smb2_hdr *shdr;
4212     struct cifs_io_parms io_parms;
4213     struct smb_rqst rqst = { .rq_iov = rdata->iov,
4214                  .rq_nvec = 1 };
4215     struct TCP_Server_Info *server;
4216     struct cifs_tcon *tcon = tlink_tcon(rdata->cfile->tlink);
4217     unsigned int total_len;
4218
4219     cifs_dbg(FYI, "%s: offset=%llu bytes=%u\n",
4220          __func__, rdata->offset, rdata->bytes);
4221
4222     if (!rdata->server)
4223         rdata->server = cifs_pick_channel(tcon->ses);
4224
4225     io_parms.tcon = tlink_tcon(rdata->cfile->tlink);
4226     io_parms.server = server = rdata->server;
4227     io_parms.offset = rdata->offset;
4228     io_parms.length = rdata->bytes;
4229     io_parms.persistent_fid = rdata->cfile->fid.persistent_fid;
4230     io_parms.volatile_fid = rdata->cfile->fid.volatile_fid;
4231     io_parms.pid = rdata->pid;
4232
4233     rc = smb2_new_read_req(
4234         (void **) &buf, &total_len, &io_parms, rdata, 0, 0);
4235     if (rc)
4236         return rc;
4237
4238     if (smb3_encryption_required(io_parms.tcon))
4239         flags |= CIFS_TRANSFORM_REQ;
4240
4241     rdata->iov[0].iov_base = buf;
4242     rdata->iov[0].iov_len = total_len;
4243
4244     shdr = (struct smb2_hdr *)buf;
4245
4246     if (rdata->credits.value > 0) {
4247         shdr->CreditCharge = cpu_to_le16(DIV_ROUND_UP(rdata->bytes,
4248                         SMB2_MAX_BUFFER_SIZE));
4249         shdr->CreditRequest = cpu_to_le16(le16_to_cpu(shdr->CreditCharge) + 8);
4250
4251         rc = adjust_credits(server, &rdata->credits, rdata->bytes);
4252         if (rc)
4253             goto async_readv_out;
4254
4255         flags |= CIFS_HAS_CREDITS;
4256     }
4257
4258     kref_get(&rdata->refcount);
4259     rc = cifs_call_async(server, &rqst,
4260                  cifs_readv_receive, smb2_readv_callback,
4261                  smb3_handle_read_data, rdata, flags,
4262                  &rdata->credits);
4263     if (rc) {
4264         kref_put(&rdata->refcount, cifs_readdata_release);
4265         cifs_stats_fail_inc(io_parms.tcon, SMB2_READ_HE);
4266         trace_smb3_read_err(0 /* xid */, io_parms.persistent_fid,
4267                     io_parms.tcon->tid,
4268                     io_parms.tcon->ses->Suid,
4269                     io_parms.offset, io_parms.length, rc);
4270     }
4271
4272 async_readv_out:
4273     cifs_small_buf_release(buf);
4274     return rc;
4275 }
4276
4277 int
4278 SMB2_read(const unsigned int xid, struct cifs_io_parms *io_parms,
4279       unsigned int *nbytes, char **buf, int *buf_type)
4280 {
4281     struct smb_rqst rqst;
4282     int resp_buftype, rc;
4283     struct smb2_read_req *req = NULL;
4284     struct smb2_read_rsp *rsp = NULL;
4285     struct kvec iov[1];
4286     struct kvec rsp_iov;
4287     unsigned int total_len;
4288     int flags = CIFS_LOG_ERROR;
4289     struct cifs_ses *ses = io_parms->tcon->ses;
4290
4291     if (!io_parms->server)
4292         io_parms->server = cifs_pick_channel(io_parms->tcon->ses);
4293
4294     *nbytes = 0;
4295     rc = smb2_new_read_req((void **)&req, &total_len, io_parms, NULL, 0, 0);
4296     if (rc)
4297         return rc;
4298
4299     if (smb3_encryption_required(io_parms->tcon))
4300         flags |= CIFS_TRANSFORM_REQ;
4301
4302     iov[0].iov_base = (char *)req;
4303     iov[0].iov_len = total_len;
4304
4305     memset(&rqst, 0, sizeof(struct smb_rqst));
4306     rqst.rq_iov = iov;
4307     rqst.rq_nvec = 1;
4308
4309     rc = cifs_send_recv(xid, ses, io_parms->server,
4310                 &rqst, &resp_buftype, flags, &rsp_iov);
4311     rsp = (struct smb2_read_rsp *)rsp_iov.iov_base;
4312
4313     if (rc) {
4314         if (rc != -ENODATA) {
4315             cifs_stats_fail_inc(io_parms->tcon, SMB2_READ_HE);
4316             cifs_dbg(VFS, "Send error in read = %d\n", rc);
4317             trace_smb3_read_err(xid,
4318                         req->PersistentFileId,
4319                         io_parms->tcon->tid, ses->Suid,
4320                         io_parms->offset, io_parms->length,
4321                         rc);
4322         } else
4323             trace_smb3_read_done(xid, req->PersistentFileId, io_parms->tcon->tid,
4324                          ses->Suid, io_parms->offset, 0);
4325         free_rsp_buf(resp_buftype, rsp_iov.iov_base);
4326         cifs_small_buf_release(req);
4327         return rc == -ENODATA ? 0 : rc;
4328     } else
4329         trace_smb3_read_done(xid,
4330                     req->PersistentFileId,
4331                     io_parms->tcon->tid, ses->Suid,
4332                     io_parms->offset, io_parms->length);
4333
4334     cifs_small_buf_release(req);
4335
4336     *nbytes = le32_to_cpu(rsp->DataLength);
4337     if ((*nbytes > CIFS_MAX_MSGSIZE) ||
4338         (*nbytes > io_parms->length)) {
4339         cifs_dbg(FYI, "bad length %d for count %d\n",
4340              *nbytes, io_parms->length);
4341         rc = -EIO;
4342         *nbytes = 0;
4343     }
4344
4345     if (*buf) {
4346         memcpy(*buf, (char *)rsp + rsp->DataOffset, *nbytes);
4347         free_rsp_buf(resp_buftype, rsp_iov.iov_base);
4348     } else if (resp_buftype != CIFS_NO_BUFFER) {
4349         *buf = rsp_iov.iov_base;
4350         if (resp_buftype == CIFS_SMALL_BUFFER)
4351             *buf_type = CIFS_SMALL_BUFFER;
4352         else if (resp_buftype == CIFS_LARGE_BUFFER)
4353             *buf_type = CIFS_LARGE_BUFFER;
4354     }
4355     return rc;
4356 }
4357
4358 /*
4359  * Check the mid_state and signature on received buffer (if any), and queue the
4360  * workqueue completion task.
4361  */
4362 static void
4363 smb2_writev_callback(struct mid_q_entry *mid)
4364 {
4365     struct cifs_writedata *wdata = mid->callback_data;
4366     struct cifs_tcon *tcon = tlink_tcon(wdata->cfile->tlink);
4367     struct TCP_Server_Info *server = wdata->server;
4368     unsigned int written;
4369     struct smb2_write_rsp *rsp = (struct smb2_write_rsp *)mid->resp_buf;
4370     struct cifs_credits credits = { .value = 0, .instance = 0 };
4371
4372     WARN_ONCE(wdata->server != mid->server,
4373           "wdata server %p != mid server %p",
4374           wdata->server, mid->server);
4375
4376     switch (mid->mid_state) {
4377     case MID_RESPONSE_RECEIVED:
4378         credits.value = le16_to_cpu(rsp->hdr.CreditRequest);
4379         credits.instance = server->reconnect_instance;
4380         wdata->result = smb2_check_receive(mid, server, 0);
4381         if (wdata->result != 0)
4382             break;
4383
4384         written = le32_to_cpu(rsp->DataLength);
4385         /*
4386          * Mask off high 16 bits when bytes written as returned
4387          * by the server is greater than bytes requested by the
4388          * client. OS/2 servers are known to set incorrect
4389          * CountHigh values.
4390          */
4391         if (written > wdata->bytes)
4392             written &= 0xFFFF;
4393
4394         if (written < wdata->bytes)
4395             wdata->result = -ENOSPC;
4396         else
4397             wdata->bytes = written;
4398         break;
4399     case MID_REQUEST_SUBMITTED:
4400     case MID_RETRY_NEEDED:
4401         wdata->result = -EAGAIN;
4402         break;
4403     case MID_RESPONSE_MALFORMED:
4404         credits.value = le16_to_cpu(rsp->hdr.CreditRequest);
4405         credits.instance = server->reconnect_instance;
4406         fallthrough;
4407     default:
4408         wdata->result = -EIO;
4409         break;
4410     }
4411 #ifdef CONFIG_CIFS_SMB_DIRECT
4412     /*
4413      * If this wdata has a memory registered, the MR can be freed
4414      * The number of MRs available is limited, it's important to recover
4415      * used MR as soon as I/O is finished. Hold MR longer in the later
4416      * I/O process can possibly result in I/O deadlock due to lack of MR
4417      * to send request on I/O retry
4418      */
4419     if (wdata->mr) {
4420         smbd_deregister_mr(wdata->mr);
4421         wdata->mr = NULL;
4422     }
4423 #endif
4424     if (wdata->result) {
4425         cifs_stats_fail_inc(tcon, SMB2_WRITE_HE);
4426         trace_smb3_write_err(0 /* no xid */,
4427                      wdata->cfile->fid.persistent_fid,
4428                      tcon->tid, tcon->ses->Suid, wdata->offset,
4429                      wdata->bytes, wdata->result);
4430         if (wdata->result == -ENOSPC)
4431             pr_warn_once("Out of space writing to %s\n",
4432                      tcon->treeName);
4433     } else
4434         trace_smb3_write_done(0 /* no xid */,
4435                       wdata->cfile->fid.persistent_fid,
4436                       tcon->tid, tcon->ses->Suid,
4437                       wdata->offset, wdata->bytes);
4438
4439     queue_work(cifsiod_wq, &wdata->work);
4440     release_mid(mid);
4441     add_credits(server, &credits, 0);
4442 }
4443
4444 /* smb2_async_writev - send an async write, and set up mid to handle result */
4445 int
4446 smb2_async_writev(struct cifs_writedata *wdata,
4447           void (*release)(struct kref *kref))
4448 {
4449     int rc = -EACCES, flags = 0;
4450     struct smb2_write_req *req = NULL;
4451     struct smb2_hdr *shdr;
4452     struct cifs_tcon *tcon = tlink_tcon(wdata->cfile->tlink);
4453     struct TCP_Server_Info *server = wdata->server;
4454     struct kvec iov[1];
4455     struct smb_rqst rqst = { };
4456     unsigned int total_len;
4457
4458     if (!wdata->server)
4459         server = wdata->server = cifs_pick_channel(tcon->ses);
4460
4461     rc = smb2_plain_req_init(SMB2_WRITE, tcon, server,
4462                  (void **) &req, &total_len);
4463     if (rc)
4464         return rc;
4465
4466     if (smb3_encryption_required(tcon))
4467         flags |= CIFS_TRANSFORM_REQ;
4468
4469     shdr = (struct smb2_hdr *)req;
4470     shdr->Id.SyncId.ProcessId = cpu_to_le32(wdata->cfile->pid);
4471
4472     req->PersistentFileId = wdata->cfile->fid.persistent_fid;
4473     req->VolatileFileId = wdata->cfile->fid.volatile_fid;
4474     req->WriteChannelInfoOffset = 0;
4475     req->WriteChannelInfoLength = 0;
4476     req->Channel = 0;
4477     req->Offset = cpu_to_le64(wdata->offset);
4478     req->DataOffset = cpu_to_le16(
4479                 offsetof(struct smb2_write_req, Buffer));
4480     req->RemainingBytes = 0;
4481
4482     trace_smb3_write_enter(0 /* xid */, wdata->cfile->fid.persistent_fid,
4483         tcon->tid, tcon->ses->Suid, wdata->offset, wdata->bytes);
4484 #ifdef CONFIG_CIFS_SMB_DIRECT
4485     /*
4486      * If we want to do a server RDMA read, fill in and append
4487      * smbd_buffer_descriptor_v1 to the end of write request
4488      */
4489     if (server->rdma && !server->sign && wdata->bytes >=
4490         server->smbd_conn->rdma_readwrite_threshold) {
4491
4492         struct smbd_buffer_descriptor_v1 *v1;
4493         bool need_invalidate = server->dialect == SMB30_PROT_ID;
4494
4495         wdata->mr = smbd_register_mr(
4496                 server->smbd_conn, wdata->pages,
4497                 wdata->nr_pages, wdata->page_offset,
4498                 wdata->tailsz, false, need_invalidate);
4499         if (!wdata->mr) {
4500             rc = -EAGAIN;
4501             goto async_writev_out;
4502         }
4503         req->Length = 0;
4504         req->DataOffset = 0;
4505         if (wdata->nr_pages > 1)
4506             req->RemainingBytes =
4507                 cpu_to_le32(
4508                     (wdata->nr_pages - 1) * wdata->pagesz -
4509                     wdata->page_offset + wdata->tailsz
4510                 );
4511         else
4512             req->RemainingBytes = cpu_to_le32(wdata->tailsz);
4513         req->Channel = SMB2_CHANNEL_RDMA_V1_INVALIDATE;
4514         if (need_invalidate)
4515             req->Channel = SMB2_CHANNEL_RDMA_V1;
4516         req->WriteChannelInfoOffset =
4517             cpu_to_le16(offsetof(struct smb2_write_req, Buffer));
4518         req->WriteChannelInfoLength =
4519             cpu_to_le16(sizeof(struct smbd_buffer_descriptor_v1));
4520         v1 = (struct smbd_buffer_descriptor_v1 *) &req->Buffer[0];
4521         v1->offset = cpu_to_le64(wdata->mr->mr->iova);
4522         v1->token = cpu_to_le32(wdata->mr->mr->rkey);
4523         v1->length = cpu_to_le32(wdata->mr->mr->length);
4524     }
4525 #endif
4526     iov[0].iov_len = total_len - 1;
4527     iov[0].iov_base = (char *)req;
4528
4529     rqst.rq_iov = iov;
4530     rqst.rq_nvec = 1;
4531     rqst.rq_pages = wdata->pages;
4532     rqst.rq_offset = wdata->page_offset;
4533     rqst.rq_npages = wdata->nr_pages;
4534     rqst.rq_pagesz = wdata->pagesz;
4535     rqst.rq_tailsz = wdata->tailsz;
4536 #ifdef CONFIG_CIFS_SMB_DIRECT
4537     if (wdata->mr) {
4538         iov[0].iov_len += sizeof(struct smbd_buffer_descriptor_v1);
4539         rqst.rq_npages = 0;
4540     }
4541 #endif
4542     cifs_dbg(FYI, "async write at %llu %u bytes\n",
4543          wdata->offset, wdata->bytes);
4544
4545 #ifdef CONFIG_CIFS_SMB_DIRECT
4546     /* For RDMA read, I/O size is in RemainingBytes not in Length */
4547     if (!wdata->mr)
4548         req->Length = cpu_to_le32(wdata->bytes);
4549 #else
4550     req->Length = cpu_to_le32(wdata->bytes);
4551 #endif
4552
4553     if (wdata->credits.value > 0) {
4554         shdr->CreditCharge = cpu_to_le16(DIV_ROUND_UP(wdata->bytes,
4555                             SMB2_MAX_BUFFER_SIZE));
4556         shdr->CreditRequest = cpu_to_le16(le16_to_cpu(shdr->CreditCharge) + 8);
4557
4558         rc = adjust_credits(server, &wdata->credits, wdata->bytes);
4559         if (rc)
4560             goto async_writev_out;
4561
4562         flags |= CIFS_HAS_CREDITS;
4563     }
4564
4565     kref_get(&wdata->refcount);
4566     rc = cifs_call_async(server, &rqst, NULL, smb2_writev_callback, NULL,
4567                  wdata, flags, &wdata->credits);
4568
4569     if (rc) {
4570         trace_smb3_write_err(0 /* no xid */,
4571                      req->PersistentFileId,
4572                      tcon->tid, tcon->ses->Suid, wdata->offset,
4573                      wdata->bytes, rc);
4574         kref_put(&wdata->refcount, release);
4575         cifs_stats_fail_inc(tcon, SMB2_WRITE_HE);
4576     }
4577
4578 async_writev_out:
4579     cifs_small_buf_release(req);
4580     return rc;
4581 }
4582
4583 /*
4584  * SMB2_write function gets iov pointer to kvec array with n_vec as a length.
4585  * The length field from io_parms must be at least 1 and indicates a number of
4586  * elements with data to write that begins with position 1 in iov array. All
4587  * data length is specified by count.
4588  */
4589 int
4590 SMB2_write(const unsigned int xid, struct cifs_io_parms *io_parms,
4591        unsigned int *nbytes, struct kvec *iov, int n_vec)
4592 {
4593     struct smb_rqst rqst;
4594     int rc = 0;
4595     struct smb2_write_req *req = NULL;
4596     struct smb2_write_rsp *rsp = NULL;
4597     int resp_buftype;
4598     struct kvec rsp_iov;
4599     int flags = 0;
4600     unsigned int total_len;
4601     struct TCP_Server_Info *server;
4602
4603     *nbytes = 0;
4604
4605     if (n_vec < 1)
4606         return rc;
4607
4608     if (!io_parms->server)
4609         io_parms->server = cifs_pick_channel(io_parms->tcon->ses);
4610     server = io_parms->server;
4611     if (server == NULL)
4612         return -ECONNABORTED;
4613
4614     rc = smb2_plain_req_init(SMB2_WRITE, io_parms->tcon, server,
4615                  (void **) &req, &total_len);
4616     if (rc)
4617         return rc;
4618
4619     if (smb3_encryption_required(io_parms->tcon))
4620         flags |= CIFS_TRANSFORM_REQ;
4621
4622     req->hdr.Id.SyncId.ProcessId = cpu_to_le32(io_parms->pid);
4623
4624     req->PersistentFileId = io_parms->persistent_fid;
4625     req->VolatileFileId = io_parms->volatile_fid;
4626     req->WriteChannelInfoOffset = 0;
4627     req->WriteChannelInfoLength = 0;
4628     req->Channel = 0;
4629     req->Length = cpu_to_le32(io_parms->length);
4630     req->Offset = cpu_to_le64(io_parms->offset);
4631     req->DataOffset = cpu_to_le16(
4632                 offsetof(struct smb2_write_req, Buffer));
4633     req->RemainingBytes = 0;
4634
4635     trace_smb3_write_enter(xid, io_parms->persistent_fid,
4636         io_parms->tcon->tid, io_parms->tcon->ses->Suid,
4637         io_parms->offset, io_parms->length);
4638
4639     iov[0].iov_base = (char *)req;
4640     /* 1 for Buffer */
4641     iov[0].iov_len = total_len - 1;
4642
4643     memset(&rqst, 0, sizeof(struct smb_rqst));
4644     rqst.rq_iov = iov;
4645     rqst.rq_nvec = n_vec + 1;
4646
4647     rc = cifs_send_recv(xid, io_parms->tcon->ses, server,
4648                 &rqst,
4649                 &resp_buftype, flags, &rsp_iov);
4650     rsp = (struct smb2_write_rsp *)rsp_iov.iov_base;
4651
4652     if (rc) {
4653         trace_smb3_write_err(xid,
4654                      req->PersistentFileId,
4655                      io_parms->tcon->tid,
4656                      io_parms->tcon->ses->Suid,
4657                      io_parms->offset, io_parms->length, rc);
4658         cifs_stats_fail_inc(io_parms->tcon, SMB2_WRITE_HE);
4659         cifs_dbg(VFS, "Send error in write = %d\n", rc);
4660     } else {
4661         *nbytes = le32_to_cpu(rsp->DataLength);
4662         trace_smb3_write_done(xid,
4663                       req->PersistentFileId,
4664                       io_parms->tcon->tid,
4665                       io_parms->tcon->ses->Suid,
4666                       io_parms->offset, *nbytes);
4667     }
4668
4669     cifs_small_buf_release(req);
4670     free_rsp_buf(resp_buftype, rsp);
4671     return rc;
4672 }
4673
4674 int posix_info_sid_size(const void *beg, const void *end)
4675 {
4676     size_t subauth;
4677     int total;
4678
4679     if (beg + 1 > end)
4680         return -1;
4681
4682     subauth = *(u8 *)(beg+1);
4683     if (subauth < 1 || subauth > 15)
4684         return -1;
4685
4686     total = 1 + 1 + 6 + 4*subauth;
4687     if (beg + total > end)
4688         return -1;
4689
4690     return total;
4691 }
4692
4693 int posix_info_parse(const void *beg, const void *end,
4694              struct smb2_posix_info_parsed *out)
4695
4696 {
4697     int total_len = 0;
4698     int owner_len, group_len;
4699     int name_len;
4700     const void *owner_sid;
4701     const void *group_sid;
4702     const void *name;
4703
4704     /* if no end bound given, assume payload to be correct */
4705     if (!end) {
4706         const struct smb2_posix_info *p = beg;
4707
4708         end = beg + le32_to_cpu(p->NextEntryOffset);
4709         /* last element will have a 0 offset, pick a sensible bound */
4710         if (end == beg)
4711             end += 0xFFFF;
4712     }
4713
4714     /* check base buf */
4715     if (beg + sizeof(struct smb2_posix_info) > end)
4716         return -1;
4717     total_len = sizeof(struct smb2_posix_info);
4718
4719     /* check owner sid */
4720     owner_sid = beg + total_len;
4721     owner_len = posix_info_sid_size(owner_sid, end);
4722     if (owner_len < 0)
4723         return -1;
4724     total_len += owner_len;
4725
4726     /* check group sid */
4727     group_sid = beg + total_len;
4728     group_len = posix_info_sid_size(group_sid, end);
4729     if (group_len < 0)
4730         return -1;
4731     total_len += group_len;
4732
4733     /* check name len */
4734     if (beg + total_len + 4 > end)
4735         return -1;
4736     name_len = le32_to_cpu(*(__le32 *)(beg + total_len));
4737     if (name_len < 1 || name_len > 0xFFFF)
4738         return -1;
4739     total_len += 4;
4740
4741     /* check name */
4742     name = beg + total_len;
4743     if (name + name_len > end)
4744         return -1;
4745     total_len += name_len;
4746
4747     if (out) {
4748         out->base = beg;
4749         out->size = total_len;
4750         out->name_len = name_len;
4751         out->name = name;
4752         memcpy(&out->owner, owner_sid, owner_len);
4753         memcpy(&out->group, group_sid, group_len);
4754     }
4755     return total_len;
4756 }
4757
4758 static int posix_info_extra_size(const void *beg, const void *end)
4759 {
4760     int len = posix_info_parse(beg, end, NULL);
4761
4762     if (len < 0)
4763         return -1;
4764     return len - sizeof(struct smb2_posix_info);
4765 }
4766
4767 static unsigned int
4768 num_entries(int infotype, char *bufstart, char *end_of_buf, char **lastentry,
4769         size_t size)
4770 {
4771     int len;
4772     unsigned int entrycount = 0;
4773     unsigned int next_offset = 0;
4774     char *entryptr;
4775     FILE_DIRECTORY_INFO *dir_info;
4776
4777     if (bufstart == NULL)
4778         return 0;
4779
4780     entryptr = bufstart;
4781
4782     while (1) {
4783         if (entryptr + next_offset < entryptr ||
4784             entryptr + next_offset > end_of_buf ||
4785             entryptr + next_offset + size > end_of_buf) {
4786             cifs_dbg(VFS, "malformed search entry would overflow\n");
4787             break;
4788         }
4789
4790         entryptr = entryptr + next_offset;
4791         dir_info = (FILE_DIRECTORY_INFO *)entryptr;
4792
4793         if (infotype == SMB_FIND_FILE_POSIX_INFO)
4794             len = posix_info_extra_size(entryptr, end_of_buf);
4795         else
4796             len = le32_to_cpu(dir_info->FileNameLength);
4797
4798         if (len < 0 ||
4799             entryptr + len < entryptr ||
4800             entryptr + len > end_of_buf ||
4801             entryptr + len + size > end_of_buf) {
4802             cifs_dbg(VFS, "directory entry name would overflow frame end of buf %p\n",
4803                  end_of_buf);
4804             break;
4805         }
4806
4807         *lastentry = entryptr;
4808         entrycount++;
4809
4810         next_offset = le32_to_cpu(dir_info->NextEntryOffset);
4811         if (!next_offset)
4812             break;
4813     }
4814
4815     return entrycount;
4816 }
4817
4818 /*
4819  * Readdir/FindFirst
4820  */
4821 int SMB2_query_directory_init(const unsigned int xid,
4822                   struct cifs_tcon *tcon,
4823                   struct TCP_Server_Info *server,
4824                   struct smb_rqst *rqst,
4825                   u64 persistent_fid, u64 volatile_fid,
4826                   int index, int info_level)
4827 {
4828     struct smb2_query_directory_req *req;
4829     unsigned char *bufptr;
4830     __le16 asteriks = cpu_to_le16('*');
4831     unsigned int output_size = CIFSMaxBufSize -
4832         MAX_SMB2_CREATE_RESPONSE_SIZE -
4833         MAX_SMB2_CLOSE_RESPONSE_SIZE;
4834     unsigned int total_len;
4835     struct kvec *iov = rqst->rq_iov;
4836     int len, rc;
4837
4838     rc = smb2_plain_req_init(SMB2_QUERY_DIRECTORY, tcon, server,
4839                  (void **) &req, &total_len);
4840     if (rc)
4841         return rc;
4842
4843     switch (info_level) {
4844     case SMB_FIND_FILE_DIRECTORY_INFO:
4845         req->FileInformationClass = FILE_DIRECTORY_INFORMATION;
4846         break;
4847     case SMB_FIND_FILE_ID_FULL_DIR_INFO:
4848         req->FileInformationClass = FILEID_FULL_DIRECTORY_INFORMATION;
4849         break;
4850     case SMB_FIND_FILE_POSIX_INFO:
4851         req->FileInformationClass = SMB_FIND_FILE_POSIX_INFO;
4852         break;
4853     default:
4854         cifs_tcon_dbg(VFS, "info level %u isn't supported\n",
4855             info_level);
4856         return -EINVAL;
4857     }
4858
4859     req->FileIndex = cpu_to_le32(index);
4860     req->PersistentFileId = persistent_fid;
4861     req->VolatileFileId = volatile_fid;
4862
4863     len = 0x2;
4864     bufptr = req->Buffer;
4865     memcpy(bufptr, &asteriks, len);
4866
4867     req->FileNameOffset =
4868         cpu_to_le16(sizeof(struct smb2_query_directory_req) - 1);
4869     req->FileNameLength = cpu_to_le16(len);
4870     /*
4871      * BB could be 30 bytes or so longer if we used SMB2 specific
4872      * buffer lengths, but this is safe and close enough.
4873      */
4874     output_size = min_t(unsigned int, output_size, server->maxBuf);
4875     output_size = min_t(unsigned int, output_size, 2 << 15);
4876     req->OutputBufferLength = cpu_to_le32(output_size);
4877
4878     iov[0].iov_base = (char *)req;
4879     /* 1 for Buffer */
4880     iov[0].iov_len = total_len - 1;
4881
4882     iov[1].iov_base = (char *)(req->Buffer);
4883     iov[1].iov_len = len;
4884
4885     trace_smb3_query_dir_enter(xid, persistent_fid, tcon->tid,
4886             tcon->ses->Suid, index, output_size);
4887
4888     return 0;
4889 }
4890
4891 void SMB2_query_directory_free(struct smb_rqst *rqst)
4892 {
4893     if (rqst && rqst->rq_iov) {
4894         cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */
4895     }
4896 }
4897
4898 int
4899 smb2_parse_query_directory(struct cifs_tcon *tcon,
4900                struct kvec *rsp_iov,
4901                int resp_buftype,
4902                struct cifs_search_info *srch_inf)
4903 {
4904     struct smb2_query_directory_rsp *rsp;
4905     size_t info_buf_size;
4906     char *end_of_smb;
4907     int rc;
4908
4909     rsp = (struct smb2_query_directory_rsp *)rsp_iov->iov_base;
4910
4911     switch (srch_inf->info_level) {
4912     case SMB_FIND_FILE_DIRECTORY_INFO:
4913         info_buf_size = sizeof(FILE_DIRECTORY_INFO) - 1;
4914         break;
4915     case SMB_FIND_FILE_ID_FULL_DIR_INFO:
4916         info_buf_size = sizeof(SEARCH_ID_FULL_DIR_INFO) - 1;
4917         break;
4918     case SMB_FIND_FILE_POSIX_INFO:
4919         /* note that posix payload are variable size */
4920         info_buf_size = sizeof(struct smb2_posix_info);
4921         break;
4922     default:
4923         cifs_tcon_dbg(VFS, "info level %u isn't supported\n",
4924              srch_inf->info_level);
4925         return -EINVAL;
4926     }
4927
4928     rc = smb2_validate_iov(le16_to_cpu(rsp->OutputBufferOffset),
4929                    le32_to_cpu(rsp->OutputBufferLength), rsp_iov,
4930                    info_buf_size);
4931     if (rc) {
4932         cifs_tcon_dbg(VFS, "bad info payload");
4933         return rc;
4934     }
4935
4936     srch_inf->unicode = true;
4937
4938     if (srch_inf->ntwrk_buf_start) {
4939         if (srch_inf->smallBuf)
4940             cifs_small_buf_release(srch_inf->ntwrk_buf_start);
4941         else
4942             cifs_buf_release(srch_inf->ntwrk_buf_start);
4943     }
4944     srch_inf->ntwrk_buf_start = (char *)rsp;
4945     srch_inf->srch_entries_start = srch_inf->last_entry =
4946         (char *)rsp + le16_to_cpu(rsp->OutputBufferOffset);
4947     end_of_smb = rsp_iov->iov_len + (char *)rsp;
4948
4949     srch_inf->entries_in_buffer = num_entries(
4950         srch_inf->info_level,
4951         srch_inf->srch_entries_start,
4952         end_of_smb,
4953         &srch_inf->last_entry,
4954         info_buf_size);
4955
4956     srch_inf->index_of_last_entry += srch_inf->entries_in_buffer;
4957     cifs_dbg(FYI, "num entries %d last_index %lld srch start %p srch end %p\n",
4958          srch_inf->entries_in_buffer, srch_inf->index_of_last_entry,
4959          srch_inf->srch_entries_start, srch_inf->last_entry);
4960     if (resp_buftype == CIFS_LARGE_BUFFER)
4961         srch_inf->smallBuf = false;
4962     else if (resp_buftype == CIFS_SMALL_BUFFER)
4963         srch_inf->smallBuf = true;
4964     else
4965         cifs_tcon_dbg(VFS, "Invalid search buffer type\n");
4966
4967     return 0;
4968 }
4969
4970 int
4971 SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
4972              u64 persistent_fid, u64 volatile_fid, int index,
4973              struct cifs_search_info *srch_inf)
4974 {
4975     struct smb_rqst rqst;
4976     struct kvec iov[SMB2_QUERY_DIRECTORY_IOV_SIZE];
4977     struct smb2_query_directory_rsp *rsp = NULL;
4978     int resp_buftype = CIFS_NO_BUFFER;
4979     struct kvec rsp_iov;
4980     int rc = 0;
4981     struct cifs_ses *ses = tcon->ses;
4982     struct TCP_Server_Info *server = cifs_pick_channel(ses);
4983     int flags = 0;
4984
4985     if (!ses || !(ses->server))
4986         return -EIO;
4987
4988     if (smb3_encryption_required(tcon))
4989         flags |= CIFS_TRANSFORM_REQ;
4990
4991     memset(&rqst, 0, sizeof(struct smb_rqst));
4992     memset(&iov, 0, sizeof(iov));
4993     rqst.rq_iov = iov;
4994     rqst.rq_nvec = SMB2_QUERY_DIRECTORY_IOV_SIZE;
4995
4996     rc = SMB2_query_directory_init(xid, tcon, server,
4997                        &rqst, persistent_fid,
4998                        volatile_fid, index,
4999                        srch_inf->info_level);
5000     if (rc)
5001         goto qdir_exit;
5002
5003     rc = cifs_send_recv(xid, ses, server,
5004                 &rqst, &resp_buftype, flags, &rsp_iov);
5005     rsp = (struct smb2_query_directory_rsp *)rsp_iov.iov_base;
5006
5007     if (rc) {
5008         if (rc == -ENODATA &&
5009             rsp->hdr.Status == STATUS_NO_MORE_FILES) {
5010             trace_smb3_query_dir_done(xid, persistent_fid,
5011                 tcon->tid, tcon->ses->Suid, index, 0);
5012             srch_inf->endOfSearch = true;
5013             rc = 0;
5014         } else {
5015             trace_smb3_query_dir_err(xid, persistent_fid, tcon->tid,
5016                 tcon->ses->Suid, index, 0, rc);
5017             cifs_stats_fail_inc(tcon, SMB2_QUERY_DIRECTORY_HE);
5018         }
5019         goto qdir_exit;
5020     }
5021
5022     rc = smb2_parse_query_directory(tcon, &rsp_iov, resp_buftype,
5023                     srch_inf);
5024     if (rc) {
5025         trace_smb3_query_dir_err(xid, persistent_fid, tcon->tid,
5026             tcon->ses->Suid, index, 0, rc);
5027         goto qdir_exit;
5028     }
5029     resp_buftype = CIFS_NO_BUFFER;
5030
5031     trace_smb3_query_dir_done(xid, persistent_fid, tcon->tid,
5032             tcon->ses->Suid, index, srch_inf->entries_in_buffer);
5033
5034 qdir_exit:
5035     SMB2_query_directory_free(&rqst);
5036     free_rsp_buf(resp_buftype, rsp);
5037     return rc;
5038 }
5039
5040 int
5041 SMB2_set_info_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server,
5042            struct smb_rqst *rqst,
5043            u64 persistent_fid, u64 volatile_fid, u32 pid,
5044            u8 info_class, u8 info_type, u32 additional_info,
5045            void **data, unsigned int *size)
5046 {
5047     struct smb2_set_info_req *req;
5048     struct kvec *iov = rqst->rq_iov;
5049     unsigned int i, total_len;
5050     int rc;
5051
5052     rc = smb2_plain_req_init(SMB2_SET_INFO, tcon, server,
5053                  (void **) &req, &total_len);
5054     if (rc)
5055         return rc;
5056
5057     req->hdr.Id.SyncId.ProcessId = cpu_to_le32(pid);
5058     req->InfoType = info_type;
5059     req->FileInfoClass = info_class;
5060     req->PersistentFileId = persistent_fid;
5061     req->VolatileFileId = volatile_fid;
5062     req->AdditionalInformation = cpu_to_le32(additional_info);
5063
5064     req->BufferOffset =
5065             cpu_to_le16(sizeof(struct smb2_set_info_req) - 1);
5066     req->BufferLength = cpu_to_le32(*size);
5067
5068     memcpy(req->Buffer, *data, *size);
5069     total_len += *size;
5070
5071     iov[0].iov_base = (char *)req;
5072     /* 1 for Buffer */
5073     iov[0].iov_len = total_len - 1;
5074
5075     for (i = 1; i < rqst->rq_nvec; i++) {
5076         le32_add_cpu(&req->BufferLength, size[i]);
5077         iov[i].iov_base = (char *)data[i];
5078         iov[i].iov_len = size[i];
5079     }
5080
5081     return 0;
5082 }
5083
5084 void
5085 SMB2_set_info_free(struct smb_rqst *rqst)
5086 {
5087     if (rqst && rqst->rq_iov)
5088         cifs_buf_release(rqst->rq_iov[0].iov_base); /* request */
5089 }
5090
5091 static int
5092 send_set_info(const unsigned int xid, struct cifs_tcon *tcon,
5093            u64 persistent_fid, u64 volatile_fid, u32 pid, u8 info_class,
5094            u8 info_type, u32 additional_info, unsigned int num,
5095         void **data, unsigned int *size)
5096 {
5097     struct smb_rqst rqst;
5098     struct smb2_set_info_rsp *rsp = NULL;
5099     struct kvec *iov;
5100     struct kvec rsp_iov;
5101     int rc = 0;
5102     int resp_buftype;
5103     struct cifs_ses *ses = tcon->ses;
5104     struct TCP_Server_Info *server = cifs_pick_channel(ses);
5105     int flags = 0;
5106
5107     if (!ses || !server)
5108         return -EIO;
5109
5110     if (!num)
5111         return -EINVAL;
5112
5113     if (smb3_encryption_required(tcon))
5114         flags |= CIFS_TRANSFORM_REQ;
5115
5116     iov = kmalloc_array(num, sizeof(struct kvec), GFP_KERNEL);
5117     if (!iov)
5118         return -ENOMEM;
5119
5120     memset(&rqst, 0, sizeof(struct smb_rqst));
5121     rqst.rq_iov = iov;
5122     rqst.rq_nvec = num;
5123
5124     rc = SMB2_set_info_init(tcon, server,
5125                 &rqst, persistent_fid, volatile_fid, pid,
5126                 info_class, info_type, additional_info,
5127                 data, size);
5128     if (rc) {
5129         kfree(iov);
5130         return rc;
5131     }
5132
5133
5134     rc = cifs_send_recv(xid, ses, server,
5135                 &rqst, &resp_buftype, flags,
5136                 &rsp_iov);
5137     SMB2_set_info_free(&rqst);
5138     rsp = (struct smb2_set_info_rsp *)rsp_iov.iov_base;
5139
5140     if (rc != 0) {
5141         cifs_stats_fail_inc(tcon, SMB2_SET_INFO_HE);
5142         trace_smb3_set_info_err(xid, persistent_fid, tcon->tid,
5143                 ses->Suid, info_class, (__u32)info_type, rc);
5144     }
5145
5146     free_rsp_buf(resp_buftype, rsp);
5147     kfree(iov);
5148     return rc;
5149 }
5150
5151 int
5152 SMB2_set_eof(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
5153          u64 volatile_fid, u32 pid, __le64 *eof)
5154 {
5155     struct smb2_file_eof_info info;
5156     void *data;
5157     unsigned int size;
5158
5159     info.EndOfFile = *eof;
5160
5161     data = &info;
5162     size = sizeof(struct smb2_file_eof_info);
5163
5164     trace_smb3_set_eof(xid, persistent_fid, tcon->tid, tcon->ses->Suid, le64_to_cpu(*eof));
5165
5166     return send_set_info(xid, tcon, persistent_fid, volatile_fid,
5167             pid, FILE_END_OF_FILE_INFORMATION, SMB2_O_INFO_FILE,
5168             0, 1, &data, &size);
5169 }
5170
5171 int
5172 SMB2_set_acl(const unsigned int xid, struct cifs_tcon *tcon,
5173         u64 persistent_fid, u64 volatile_fid,
5174         struct cifs_ntsd *pnntsd, int pacllen, int aclflag)
5175 {
5176     return send_set_info(xid, tcon, persistent_fid, volatile_fid,
5177             current->tgid, 0, SMB2_O_INFO_SECURITY, aclflag,
5178             1, (void **)&pnntsd, &pacllen);
5179 }
5180
5181 int
5182 SMB2_set_ea(const unsigned int xid, struct cifs_tcon *tcon,
5183         u64 persistent_fid, u64 volatile_fid,
5184         struct smb2_file_full_ea_info *buf, int len)
5185 {
5186     return send_set_info(xid, tcon, persistent_fid, volatile_fid,
5187         current->tgid, FILE_FULL_EA_INFORMATION, SMB2_O_INFO_FILE,
5188         0, 1, (void **)&buf, &len);
5189 }
5190
5191 int
5192 SMB2_oplock_break(const unsigned int xid, struct cifs_tcon *tcon,
5193           const u64 persistent_fid, const u64 volatile_fid,
5194           __u8 oplock_level)
5195 {
5196     struct smb_rqst rqst;
5197     int rc;
5198     struct smb2_oplock_break *req = NULL;
5199     struct cifs_ses *ses = tcon->ses;
5200     struct TCP_Server_Info *server = cifs_pick_channel(ses);
5201     int flags = CIFS_OBREAK_OP;
5202     unsigned int total_len;
5203     struct kvec iov[1];
5204     struct kvec rsp_iov;
5205     int resp_buf_type;
5206
5207     cifs_dbg(FYI, "SMB2_oplock_break\n");
5208     rc = smb2_plain_req_init(SMB2_OPLOCK_BREAK, tcon, server,
5209                  (void **) &req, &total_len);
5210     if (rc)
5211         return rc;
5212
5213     if (smb3_encryption_required(tcon))
5214         flags |= CIFS_TRANSFORM_REQ;
5215
5216     req->VolatileFid = volatile_fid;
5217     req->PersistentFid = persistent_fid;
5218     req->OplockLevel = oplock_level;
5219     req->hdr.CreditRequest = cpu_to_le16(1);
5220
5221     flags |= CIFS_NO_RSP_BUF;
5222
5223     iov[0].iov_base = (char *)req;
5224     iov[0].iov_len = total_len;
5225
5226     memset(&rqst, 0, sizeof(struct smb_rqst));
5227     rqst.rq_iov = iov;
5228     rqst.rq_nvec = 1;
5229
5230     rc = cifs_send_recv(xid, ses, server,
5231                 &rqst, &resp_buf_type, flags, &rsp_iov);
5232     cifs_small_buf_release(req);
5233
5234     if (rc) {
5235         cifs_stats_fail_inc(tcon, SMB2_OPLOCK_BREAK_HE);
5236         cifs_dbg(FYI, "Send error in Oplock Break = %d\n", rc);
5237     }
5238
5239     return rc;
5240 }
5241
5242 void
5243 smb2_copy_fs_info_to_kstatfs(struct smb2_fs_full_size_info *pfs_inf,
5244                  struct kstatfs *kst)
5245 {
5246     kst->f_bsize = le32_to_cpu(pfs_inf->BytesPerSector) *
5247               le32_to_cpu(pfs_inf->SectorsPerAllocationUnit);
5248     kst->f_blocks = le64_to_cpu(pfs_inf->TotalAllocationUnits);
5249     kst->f_bfree  = kst->f_bavail =
5250             le64_to_cpu(pfs_inf->CallerAvailableAllocationUnits);
5251     return;
5252 }
5253
5254 static void
5255 copy_posix_fs_info_to_kstatfs(FILE_SYSTEM_POSIX_INFO *response_data,
5256             struct kstatfs *kst)
5257 {
5258     kst->f_bsize = le32_to_cpu(response_data->BlockSize);
5259     kst->f_blocks = le64_to_cpu(response_data->TotalBlocks);
5260     kst->f_bfree =  le64_to_cpu(response_data->BlocksAvail);
5261     if (response_data->UserBlocksAvail == cpu_to_le64(-1))
5262         kst->f_bavail = kst->f_bfree;
5263     else
5264         kst->f_bavail = le64_to_cpu(response_data->UserBlocksAvail);
5265     if (response_data->TotalFileNodes != cpu_to_le64(-1))
5266         kst->f_files = le64_to_cpu(response_data->TotalFileNodes);
5267     if (response_data->FreeFileNodes != cpu_to_le64(-1))
5268         kst->f_ffree = le64_to_cpu(response_data->FreeFileNodes);
5269
5270     return;
5271 }
5272
5273 static int
5274 build_qfs_info_req(struct kvec *iov, struct cifs_tcon *tcon,
5275            struct TCP_Server_Info *server,
5276            int level, int outbuf_len, u64 persistent_fid,
5277            u64 volatile_fid)
5278 {
5279     int rc;
5280     struct smb2_query_info_req *req;
5281     unsigned int total_len;
5282
5283     cifs_dbg(FYI, "Query FSInfo level %d\n", level);
5284
5285     if ((tcon->ses == NULL) || server == NULL)
5286         return -EIO;
5287
5288     rc = smb2_plain_req_init(SMB2_QUERY_INFO, tcon, server,
5289                  (void **) &req, &total_len);
5290     if (rc)
5291         return rc;
5292
5293     req->InfoType = SMB2_O_INFO_FILESYSTEM;
5294     req->FileInfoClass = level;
5295     req->PersistentFileId = persistent_fid;
5296     req->VolatileFileId = volatile_fid;
5297     /* 1 for pad */
5298     req->InputBufferOffset =
5299             cpu_to_le16(sizeof(struct smb2_query_info_req) - 1);
5300     req->OutputBufferLength = cpu_to_le32(
5301         outbuf_len + sizeof(struct smb2_query_info_rsp) - 1);
5302
5303     iov->iov_base = (char *)req;
5304     iov->iov_len = total_len;
5305     return 0;
5306 }
5307
5308 int
5309 SMB311_posix_qfs_info(const unsigned int xid, struct cifs_tcon *tcon,
5310           u64 persistent_fid, u64 volatile_fid, struct kstatfs *fsdata)
5311 {
5312     struct smb_rqst rqst;
5313     struct smb2_query_info_rsp *rsp = NULL;
5314     struct kvec iov;
5315     struct kvec rsp_iov;
5316     int rc = 0;
5317     int resp_buftype;
5318     struct cifs_ses *ses = tcon->ses;
5319     struct TCP_Server_Info *server = cifs_pick_channel(ses);
5320     FILE_SYSTEM_POSIX_INFO *info = NULL;
5321     int flags = 0;
5322
5323     rc = build_qfs_info_req(&iov, tcon, server,
5324                 FS_POSIX_INFORMATION,
5325                 sizeof(FILE_SYSTEM_POSIX_INFO),
5326                 persistent_fid, volatile_fid);
5327     if (rc)
5328         return rc;
5329
5330     if (smb3_encryption_required(tcon))
5331         flags |= CIFS_TRANSFORM_REQ;
5332
5333     memset(&rqst, 0, sizeof(struct smb_rqst));
5334     rqst.rq_iov = &iov;
5335     rqst.rq_nvec = 1;
5336
5337     rc = cifs_send_recv(xid, ses, server,
5338                 &rqst, &resp_buftype, flags, &rsp_iov);
5339     cifs_small_buf_release(iov.iov_base);
5340     if (rc) {
5341         cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
5342         goto posix_qfsinf_exit;
5343     }
5344     rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base;
5345
5346     info = (FILE_SYSTEM_POSIX_INFO *)(
5347         le16_to_cpu(rsp->OutputBufferOffset) + (char *)rsp);
5348     rc = smb2_validate_iov(le16_to_cpu(rsp->OutputBufferOffset),
5349                    le32_to_cpu(rsp->OutputBufferLength), &rsp_iov,
5350                    sizeof(FILE_SYSTEM_POSIX_INFO));
5351     if (!rc)
5352         copy_posix_fs_info_to_kstatfs(info, fsdata);
5353
5354 posix_qfsinf_exit:
5355     free_rsp_buf(resp_buftype, rsp_iov.iov_base);
5356     return rc;
5357 }
5358
5359 int
5360 SMB2_QFS_info(const unsigned int xid, struct cifs_tcon *tcon,
5361           u64 persistent_fid, u64 volatile_fid, struct kstatfs *fsdata)
5362 {
5363     struct smb_rqst rqst;
5364     struct smb2_query_info_rsp *rsp = NULL;
5365     struct kvec iov;
5366     struct kvec rsp_iov;
5367     int rc = 0;
5368     int resp_buftype;
5369     struct cifs_ses *ses = tcon->ses;
5370     struct TCP_Server_Info *server = cifs_pick_channel(ses);
5371     struct smb2_fs_full_size_info *info = NULL;
5372     int flags = 0;
5373
5374     rc = build_qfs_info_req(&iov, tcon, server,
5375                 FS_FULL_SIZE_INFORMATION,
5376                 sizeof(struct smb2_fs_full_size_info),
5377                 persistent_fid, volatile_fid);
5378     if (rc)
5379         return rc;
5380
5381     if (smb3_encryption_required(tcon))
5382         flags |= CIFS_TRANSFORM_REQ;
5383
5384     memset(&rqst, 0, sizeof(struct smb_rqst));
5385     rqst.rq_iov = &iov;
5386     rqst.rq_nvec = 1;
5387
5388     rc = cifs_send_recv(xid, ses, server,
5389                 &rqst, &resp_buftype, flags, &rsp_iov);
5390     cifs_small_buf_release(iov.iov_base);
5391     if (rc) {
5392         cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
5393         goto qfsinf_exit;
5394     }
5395     rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base;
5396
5397     info = (struct smb2_fs_full_size_info *)(
5398         le16_to_cpu(rsp->OutputBufferOffset) + (char *)rsp);
5399     rc = smb2_validate_iov(le16_to_cpu(rsp->OutputBufferOffset),
5400                    le32_to_cpu(rsp->OutputBufferLength), &rsp_iov,
5401                    sizeof(struct smb2_fs_full_size_info));
5402     if (!rc)
5403         smb2_copy_fs_info_to_kstatfs(info, fsdata);
5404
5405 qfsinf_exit:
5406     free_rsp_buf(resp_buftype, rsp_iov.iov_base);
5407     return rc;
5408 }
5409
5410 int
5411 SMB2_QFS_attr(const unsigned int xid, struct cifs_tcon *tcon,
5412           u64 persistent_fid, u64 volatile_fid, int level)
5413 {
5414     struct smb_rqst rqst;
5415     struct smb2_query_info_rsp *rsp = NULL;
5416     struct kvec iov;
5417     struct kvec rsp_iov;
5418     int rc = 0;
5419     int resp_buftype, max_len, min_len;
5420     struct cifs_ses *ses = tcon->ses;
5421     struct TCP_Server_Info *server = cifs_pick_channel(ses);
5422     unsigned int rsp_len, offset;
5423     int flags = 0;
5424
5425     if (level == FS_DEVICE_INFORMATION) {
5426         max_len = sizeof(FILE_SYSTEM_DEVICE_INFO);
5427         min_len = sizeof(FILE_SYSTEM_DEVICE_INFO);
5428     } else if (level == FS_ATTRIBUTE_INFORMATION) {
5429         max_len = sizeof(FILE_SYSTEM_ATTRIBUTE_INFO);
5430         min_len = MIN_FS_ATTR_INFO_SIZE;
5431     } else if (level == FS_SECTOR_SIZE_INFORMATION) {
5432         max_len = sizeof(struct smb3_fs_ss_info);
5433         min_len = sizeof(struct smb3_fs_ss_info);
5434     } else if (level == FS_VOLUME_INFORMATION) {
5435         max_len = sizeof(struct smb3_fs_vol_info) + MAX_VOL_LABEL_LEN;
5436         min_len = sizeof(struct smb3_fs_vol_info);
5437     } else {
5438         cifs_dbg(FYI, "Invalid qfsinfo level %d\n", level);
5439         return -EINVAL;
5440     }
5441
5442     rc = build_qfs_info_req(&iov, tcon, server,
5443                 level, max_len,
5444                 persistent_fid, volatile_fid);
5445     if (rc)
5446         return rc;
5447
5448     if (smb3_encryption_required(tcon))
5449         flags |= CIFS_TRANSFORM_REQ;
5450
5451     memset(&rqst, 0, sizeof(struct smb_rqst));
5452     rqst.rq_iov = &iov;
5453     rqst.rq_nvec = 1;
5454
5455     rc = cifs_send_recv(xid, ses, server,
5456                 &rqst, &resp_buftype, flags, &rsp_iov);
5457     cifs_small_buf_release(iov.iov_base);
5458     if (rc) {
5459         cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
5460         goto qfsattr_exit;
5461     }
5462     rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base;
5463
5464     rsp_len = le32_to_cpu(rsp->OutputBufferLength);
5465     offset = le16_to_cpu(rsp->OutputBufferOffset);
5466     rc = smb2_validate_iov(offset, rsp_len, &rsp_iov, min_len);
5467     if (rc)
5468         goto qfsattr_exit;
5469
5470     if (level == FS_ATTRIBUTE_INFORMATION)
5471         memcpy(&tcon->fsAttrInfo, offset
5472             + (char *)rsp, min_t(unsigned int,
5473             rsp_len, max_len));
5474     else if (level == FS_DEVICE_INFORMATION)
5475         memcpy(&tcon->fsDevInfo, offset
5476             + (char *)rsp, sizeof(FILE_SYSTEM_DEVICE_INFO));
5477     else if (level == FS_SECTOR_SIZE_INFORMATION) {
5478         struct smb3_fs_ss_info *ss_info = (struct smb3_fs_ss_info *)
5479             (offset + (char *)rsp);
5480         tcon->ss_flags = le32_to_cpu(ss_info->Flags);
5481         tcon->perf_sector_size =
5482             le32_to_cpu(ss_info->PhysicalBytesPerSectorForPerf);
5483     } else if (level == FS_VOLUME_INFORMATION) {
5484         struct smb3_fs_vol_info *vol_info = (struct smb3_fs_vol_info *)
5485             (offset + (char *)rsp);
5486         tcon->vol_serial_number = vol_info->VolumeSerialNumber;
5487         tcon->vol_create_time = vol_info->VolumeCreationTime;
5488     }
5489
5490 qfsattr_exit:
5491     free_rsp_buf(resp_buftype, rsp_iov.iov_base);
5492     return rc;
5493 }
5494
5495 int
5496 smb2_lockv(const unsigned int xid, struct cifs_tcon *tcon,
5497        const __u64 persist_fid, const __u64 volatile_fid, const __u32 pid,
5498        const __u32 num_lock, struct smb2_lock_element *buf)
5499 {
5500     struct smb_rqst rqst;
5501     int rc = 0;
5502     struct smb2_lock_req *req = NULL;
5503     struct kvec iov[2];
5504     struct kvec rsp_iov;
5505     int resp_buf_type;
5506     unsigned int count;
5507     int flags = CIFS_NO_RSP_BUF;
5508     unsigned int total_len;
5509     struct TCP_Server_Info *server = cifs_pick_channel(tcon->ses);
5510
5511     cifs_dbg(FYI, "smb2_lockv num lock %d\n", num_lock);
5512
5513     rc = smb2_plain_req_init(SMB2_LOCK, tcon, server,
5514                  (void **) &req, &total_len);
5515     if (rc)
5516         return rc;
5517
5518     if (smb3_encryption_required(tcon))
5519         flags |= CIFS_TRANSFORM_REQ;
5520
5521     req->hdr.Id.SyncId.ProcessId = cpu_to_le32(pid);
5522     req->LockCount = cpu_to_le16(num_lock);
5523
5524     req->PersistentFileId = persist_fid;
5525     req->VolatileFileId = volatile_fid;
5526
5527     count = num_lock * sizeof(struct smb2_lock_element);
5528
5529     iov[0].iov_base = (char *)req;
5530     iov[0].iov_len = total_len - sizeof(struct smb2_lock_element);
5531     iov[1].iov_base = (char *)buf;
5532     iov[1].iov_len = count;
5533
5534     cifs_stats_inc(&tcon->stats.cifs_stats.num_locks);
5535
5536     memset(&rqst, 0, sizeof(struct smb_rqst));
5537     rqst.rq_iov = iov;
5538     rqst.rq_nvec = 2;
5539
5540     rc = cifs_send_recv(xid, tcon->ses, server,
5541                 &rqst, &resp_buf_type, flags,
5542                 &rsp_iov);
5543     cifs_small_buf_release(req);
5544     if (rc) {
5545         cifs_dbg(FYI, "Send error in smb2_lockv = %d\n", rc);
5546         cifs_stats_fail_inc(tcon, SMB2_LOCK_HE);
5547         trace_smb3_lock_err(xid, persist_fid, tcon->tid,
5548                     tcon->ses->Suid, rc);
5549     }
5550
5551     return rc;
5552 }
5553
5554 int
5555 SMB2_lock(const unsigned int xid, struct cifs_tcon *tcon,
5556       const __u64 persist_fid, const __u64 volatile_fid, const __u32 pid,
5557       const __u64 length, const __u64 offset, const __u32 lock_flags,
5558       const bool wait)
5559 {
5560     struct smb2_lock_element lock;
5561
5562     lock.Offset = cpu_to_le64(offset);
5563     lock.Length = cpu_to_le64(length);
5564     lock.Flags = cpu_to_le32(lock_flags);
5565     if (!wait && lock_flags != SMB2_LOCKFLAG_UNLOCK)
5566         lock.Flags |= cpu_to_le32(SMB2_LOCKFLAG_FAIL_IMMEDIATELY);
5567
5568     return smb2_lockv(xid, tcon, persist_fid, volatile_fid, pid, 1, &lock);
5569 }
5570
5571 int
5572 SMB2_lease_break(const unsigned int xid, struct cifs_tcon *tcon,
5573          __u8 *lease_key, const __le32 lease_state)
5574 {
5575     struct smb_rqst rqst;
5576     int rc;
5577     struct smb2_lease_ack *req = NULL;
5578     struct cifs_ses *ses = tcon->ses;
5579     int flags = CIFS_OBREAK_OP;
5580     unsigned int total_len;
5581     struct kvec iov[1];
5582     struct kvec rsp_iov;
5583     int resp_buf_type;
5584     __u64 *please_key_high;
5585     __u64 *please_key_low;
5586     struct TCP_Server_Info *server = cifs_pick_channel(tcon->ses);
5587
5588     cifs_dbg(FYI, "SMB2_lease_break\n");
5589     rc = smb2_plain_req_init(SMB2_OPLOCK_BREAK, tcon, server,
5590                  (void **) &req, &total_len);
5591     if (rc)
5592         return rc;
5593
5594     if (smb3_encryption_required(tcon))
5595         flags |= CIFS_TRANSFORM_REQ;
5596
5597     req->hdr.CreditRequest = cpu_to_le16(1);
5598     req->StructureSize = cpu_to_le16(36);
5599     total_len += 12;
5600
5601     memcpy(req->LeaseKey, lease_key, 16);
5602     req->LeaseState = lease_state;
5603
5604     flags |= CIFS_NO_RSP_BUF;
5605
5606     iov[0].iov_base = (char *)req;
5607     iov[0].iov_len = total_len;
5608
5609     memset(&rqst, 0, sizeof(struct smb_rqst));
5610     rqst.rq_iov = iov;
5611     rqst.rq_nvec = 1;
5612
5613     rc = cifs_send_recv(xid, ses, server,
5614                 &rqst, &resp_buf_type, flags, &rsp_iov);
5615     cifs_small_buf_release(req);
5616
5617     please_key_low = (__u64 *)lease_key;
5618     please_key_high = (__u64 *)(lease_key+8);
5619     if (rc) {
5620         cifs_stats_fail_inc(tcon, SMB2_OPLOCK_BREAK_HE);
5621         trace_smb3_lease_err(le32_to_cpu(lease_state), tcon->tid,
5622             ses->Suid, *please_key_low, *please_key_high, rc);
5623         cifs_dbg(FYI, "Send error in Lease Break = %d\n", rc);
5624     } else
5625         trace_smb3_lease_done(le32_to_cpu(lease_state), tcon->tid,
5626             ses->Suid, *please_key_low, *please_key_high);
5627
5628     return rc;
5629 }