Loading...
1/*
2 * fs/cifs/misc.c
3 *
4 * Copyright (C) International Business Machines Corp., 2002,2008
5 * Author(s): Steve French (sfrench@us.ibm.com)
6 *
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
21
22#include <linux/slab.h>
23#include <linux/ctype.h>
24#include <linux/mempool.h>
25#include "cifspdu.h"
26#include "cifsglob.h"
27#include "cifsproto.h"
28#include "cifs_debug.h"
29#include "smberr.h"
30#include "nterr.h"
31#include "cifs_unicode.h"
32#ifdef CONFIG_CIFS_SMB2
33#include "smb2pdu.h"
34#endif
35
36extern mempool_t *cifs_sm_req_poolp;
37extern mempool_t *cifs_req_poolp;
38
39/* The xid serves as a useful identifier for each incoming vfs request,
40 in a similar way to the mid which is useful to track each sent smb,
41 and CurrentXid can also provide a running counter (although it
42 will eventually wrap past zero) of the total vfs operations handled
43 since the cifs fs was mounted */
44
45unsigned int
46_get_xid(void)
47{
48 unsigned int xid;
49
50 spin_lock(&GlobalMid_Lock);
51 GlobalTotalActiveXid++;
52
53 /* keep high water mark for number of simultaneous ops in filesystem */
54 if (GlobalTotalActiveXid > GlobalMaxActiveXid)
55 GlobalMaxActiveXid = GlobalTotalActiveXid;
56 if (GlobalTotalActiveXid > 65000)
57 cifs_dbg(FYI, "warning: more than 65000 requests active\n");
58 xid = GlobalCurrentXid++;
59 spin_unlock(&GlobalMid_Lock);
60 return xid;
61}
62
63void
64_free_xid(unsigned int xid)
65{
66 spin_lock(&GlobalMid_Lock);
67 /* if (GlobalTotalActiveXid == 0)
68 BUG(); */
69 GlobalTotalActiveXid--;
70 spin_unlock(&GlobalMid_Lock);
71}
72
73struct cifs_ses *
74sesInfoAlloc(void)
75{
76 struct cifs_ses *ret_buf;
77
78 ret_buf = kzalloc(sizeof(struct cifs_ses), GFP_KERNEL);
79 if (ret_buf) {
80 atomic_inc(&sesInfoAllocCount);
81 ret_buf->status = CifsNew;
82 ++ret_buf->ses_count;
83 INIT_LIST_HEAD(&ret_buf->smb_ses_list);
84 INIT_LIST_HEAD(&ret_buf->tcon_list);
85 mutex_init(&ret_buf->session_mutex);
86 }
87 return ret_buf;
88}
89
90void
91sesInfoFree(struct cifs_ses *buf_to_free)
92{
93 if (buf_to_free == NULL) {
94 cifs_dbg(FYI, "Null buffer passed to sesInfoFree\n");
95 return;
96 }
97
98 atomic_dec(&sesInfoAllocCount);
99 kfree(buf_to_free->serverOS);
100 kfree(buf_to_free->serverDomain);
101 kfree(buf_to_free->serverNOS);
102 if (buf_to_free->password) {
103 memset(buf_to_free->password, 0, strlen(buf_to_free->password));
104 kfree(buf_to_free->password);
105 }
106 kfree(buf_to_free->user_name);
107 kfree(buf_to_free->domainName);
108 kfree(buf_to_free->auth_key.response);
109 kfree(buf_to_free);
110}
111
112struct cifs_tcon *
113tconInfoAlloc(void)
114{
115 struct cifs_tcon *ret_buf;
116 ret_buf = kzalloc(sizeof(struct cifs_tcon), GFP_KERNEL);
117 if (ret_buf) {
118 atomic_inc(&tconInfoAllocCount);
119 ret_buf->tidStatus = CifsNew;
120 ++ret_buf->tc_count;
121 INIT_LIST_HEAD(&ret_buf->openFileList);
122 INIT_LIST_HEAD(&ret_buf->tcon_list);
123#ifdef CONFIG_CIFS_STATS
124 spin_lock_init(&ret_buf->stat_lock);
125#endif
126 }
127 return ret_buf;
128}
129
130void
131tconInfoFree(struct cifs_tcon *buf_to_free)
132{
133 if (buf_to_free == NULL) {
134 cifs_dbg(FYI, "Null buffer passed to tconInfoFree\n");
135 return;
136 }
137 atomic_dec(&tconInfoAllocCount);
138 kfree(buf_to_free->nativeFileSystem);
139 if (buf_to_free->password) {
140 memset(buf_to_free->password, 0, strlen(buf_to_free->password));
141 kfree(buf_to_free->password);
142 }
143 kfree(buf_to_free);
144}
145
146struct smb_hdr *
147cifs_buf_get(void)
148{
149 struct smb_hdr *ret_buf = NULL;
150 size_t buf_size = sizeof(struct smb_hdr);
151
152#ifdef CONFIG_CIFS_SMB2
153 /*
154 * SMB2 header is bigger than CIFS one - no problems to clean some
155 * more bytes for CIFS.
156 */
157 buf_size = sizeof(struct smb2_hdr);
158#endif
159 /*
160 * We could use negotiated size instead of max_msgsize -
161 * but it may be more efficient to always alloc same size
162 * albeit slightly larger than necessary and maxbuffersize
163 * defaults to this and can not be bigger.
164 */
165 ret_buf = mempool_alloc(cifs_req_poolp, GFP_NOFS);
166
167 /* clear the first few header bytes */
168 /* for most paths, more is cleared in header_assemble */
169 if (ret_buf) {
170 memset(ret_buf, 0, buf_size + 3);
171 atomic_inc(&bufAllocCount);
172#ifdef CONFIG_CIFS_STATS2
173 atomic_inc(&totBufAllocCount);
174#endif /* CONFIG_CIFS_STATS2 */
175 }
176
177 return ret_buf;
178}
179
180void
181cifs_buf_release(void *buf_to_free)
182{
183 if (buf_to_free == NULL) {
184 /* cifs_dbg(FYI, "Null buffer passed to cifs_buf_release\n");*/
185 return;
186 }
187 mempool_free(buf_to_free, cifs_req_poolp);
188
189 atomic_dec(&bufAllocCount);
190 return;
191}
192
193struct smb_hdr *
194cifs_small_buf_get(void)
195{
196 struct smb_hdr *ret_buf = NULL;
197
198/* We could use negotiated size instead of max_msgsize -
199 but it may be more efficient to always alloc same size
200 albeit slightly larger than necessary and maxbuffersize
201 defaults to this and can not be bigger */
202 ret_buf = mempool_alloc(cifs_sm_req_poolp, GFP_NOFS);
203 if (ret_buf) {
204 /* No need to clear memory here, cleared in header assemble */
205 /* memset(ret_buf, 0, sizeof(struct smb_hdr) + 27);*/
206 atomic_inc(&smBufAllocCount);
207#ifdef CONFIG_CIFS_STATS2
208 atomic_inc(&totSmBufAllocCount);
209#endif /* CONFIG_CIFS_STATS2 */
210
211 }
212 return ret_buf;
213}
214
215void
216cifs_small_buf_release(void *buf_to_free)
217{
218
219 if (buf_to_free == NULL) {
220 cifs_dbg(FYI, "Null buffer passed to cifs_small_buf_release\n");
221 return;
222 }
223 mempool_free(buf_to_free, cifs_sm_req_poolp);
224
225 atomic_dec(&smBufAllocCount);
226 return;
227}
228
229/* NB: MID can not be set if treeCon not passed in, in that
230 case it is responsbility of caller to set the mid */
231void
232header_assemble(struct smb_hdr *buffer, char smb_command /* command */ ,
233 const struct cifs_tcon *treeCon, int word_count
234 /* length of fixed section (word count) in two byte units */)
235{
236 char *temp = (char *) buffer;
237
238 memset(temp, 0, 256); /* bigger than MAX_CIFS_HDR_SIZE */
239
240 buffer->smb_buf_length = cpu_to_be32(
241 (2 * word_count) + sizeof(struct smb_hdr) -
242 4 /* RFC 1001 length field does not count */ +
243 2 /* for bcc field itself */) ;
244
245 buffer->Protocol[0] = 0xFF;
246 buffer->Protocol[1] = 'S';
247 buffer->Protocol[2] = 'M';
248 buffer->Protocol[3] = 'B';
249 buffer->Command = smb_command;
250 buffer->Flags = 0x00; /* case sensitive */
251 buffer->Flags2 = SMBFLG2_KNOWS_LONG_NAMES;
252 buffer->Pid = cpu_to_le16((__u16)current->tgid);
253 buffer->PidHigh = cpu_to_le16((__u16)(current->tgid >> 16));
254 if (treeCon) {
255 buffer->Tid = treeCon->tid;
256 if (treeCon->ses) {
257 if (treeCon->ses->capabilities & CAP_UNICODE)
258 buffer->Flags2 |= SMBFLG2_UNICODE;
259 if (treeCon->ses->capabilities & CAP_STATUS32)
260 buffer->Flags2 |= SMBFLG2_ERR_STATUS;
261
262 /* Uid is not converted */
263 buffer->Uid = treeCon->ses->Suid;
264 buffer->Mid = get_next_mid(treeCon->ses->server);
265 }
266 if (treeCon->Flags & SMB_SHARE_IS_IN_DFS)
267 buffer->Flags2 |= SMBFLG2_DFS;
268 if (treeCon->nocase)
269 buffer->Flags |= SMBFLG_CASELESS;
270 if ((treeCon->ses) && (treeCon->ses->server))
271 if (treeCon->ses->server->sign)
272 buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
273 }
274
275/* endian conversion of flags is now done just before sending */
276 buffer->WordCount = (char) word_count;
277 return;
278}
279
280static int
281check_smb_hdr(struct smb_hdr *smb)
282{
283 /* does it have the right SMB "signature" ? */
284 if (*(__le32 *) smb->Protocol != cpu_to_le32(0x424d53ff)) {
285 cifs_dbg(VFS, "Bad protocol string signature header 0x%x\n",
286 *(unsigned int *)smb->Protocol);
287 return 1;
288 }
289
290 /* if it's a response then accept */
291 if (smb->Flags & SMBFLG_RESPONSE)
292 return 0;
293
294 /* only one valid case where server sends us request */
295 if (smb->Command == SMB_COM_LOCKING_ANDX)
296 return 0;
297
298 cifs_dbg(VFS, "Server sent request, not response. mid=%u\n",
299 get_mid(smb));
300 return 1;
301}
302
303int
304checkSMB(char *buf, unsigned int total_read)
305{
306 struct smb_hdr *smb = (struct smb_hdr *)buf;
307 __u32 rfclen = be32_to_cpu(smb->smb_buf_length);
308 __u32 clc_len; /* calculated length */
309 cifs_dbg(FYI, "checkSMB Length: 0x%x, smb_buf_length: 0x%x\n",
310 total_read, rfclen);
311
312 /* is this frame too small to even get to a BCC? */
313 if (total_read < 2 + sizeof(struct smb_hdr)) {
314 if ((total_read >= sizeof(struct smb_hdr) - 1)
315 && (smb->Status.CifsError != 0)) {
316 /* it's an error return */
317 smb->WordCount = 0;
318 /* some error cases do not return wct and bcc */
319 return 0;
320 } else if ((total_read == sizeof(struct smb_hdr) + 1) &&
321 (smb->WordCount == 0)) {
322 char *tmp = (char *)smb;
323 /* Need to work around a bug in two servers here */
324 /* First, check if the part of bcc they sent was zero */
325 if (tmp[sizeof(struct smb_hdr)] == 0) {
326 /* some servers return only half of bcc
327 * on simple responses (wct, bcc both zero)
328 * in particular have seen this on
329 * ulogoffX and FindClose. This leaves
330 * one byte of bcc potentially unitialized
331 */
332 /* zero rest of bcc */
333 tmp[sizeof(struct smb_hdr)+1] = 0;
334 return 0;
335 }
336 cifs_dbg(VFS, "rcvd invalid byte count (bcc)\n");
337 } else {
338 cifs_dbg(VFS, "Length less than smb header size\n");
339 }
340 return -EIO;
341 }
342
343 /* otherwise, there is enough to get to the BCC */
344 if (check_smb_hdr(smb))
345 return -EIO;
346 clc_len = smbCalcSize(smb);
347
348 if (4 + rfclen != total_read) {
349 cifs_dbg(VFS, "Length read does not match RFC1001 length %d\n",
350 rfclen);
351 return -EIO;
352 }
353
354 if (4 + rfclen != clc_len) {
355 __u16 mid = get_mid(smb);
356 /* check if bcc wrapped around for large read responses */
357 if ((rfclen > 64 * 1024) && (rfclen > clc_len)) {
358 /* check if lengths match mod 64K */
359 if (((4 + rfclen) & 0xFFFF) == (clc_len & 0xFFFF))
360 return 0; /* bcc wrapped */
361 }
362 cifs_dbg(FYI, "Calculated size %u vs length %u mismatch for mid=%u\n",
363 clc_len, 4 + rfclen, mid);
364
365 if (4 + rfclen < clc_len) {
366 cifs_dbg(VFS, "RFC1001 size %u smaller than SMB for mid=%u\n",
367 rfclen, mid);
368 return -EIO;
369 } else if (rfclen > clc_len + 512) {
370 /*
371 * Some servers (Windows XP in particular) send more
372 * data than the lengths in the SMB packet would
373 * indicate on certain calls (byte range locks and
374 * trans2 find first calls in particular). While the
375 * client can handle such a frame by ignoring the
376 * trailing data, we choose limit the amount of extra
377 * data to 512 bytes.
378 */
379 cifs_dbg(VFS, "RFC1001 size %u more than 512 bytes larger than SMB for mid=%u\n",
380 rfclen, mid);
381 return -EIO;
382 }
383 }
384 return 0;
385}
386
387bool
388is_valid_oplock_break(char *buffer, struct TCP_Server_Info *srv)
389{
390 struct smb_hdr *buf = (struct smb_hdr *)buffer;
391 struct smb_com_lock_req *pSMB = (struct smb_com_lock_req *)buf;
392 struct list_head *tmp, *tmp1, *tmp2;
393 struct cifs_ses *ses;
394 struct cifs_tcon *tcon;
395 struct cifsInodeInfo *pCifsInode;
396 struct cifsFileInfo *netfile;
397
398 cifs_dbg(FYI, "Checking for oplock break or dnotify response\n");
399 if ((pSMB->hdr.Command == SMB_COM_NT_TRANSACT) &&
400 (pSMB->hdr.Flags & SMBFLG_RESPONSE)) {
401 struct smb_com_transaction_change_notify_rsp *pSMBr =
402 (struct smb_com_transaction_change_notify_rsp *)buf;
403 struct file_notify_information *pnotify;
404 __u32 data_offset = 0;
405 if (get_bcc(buf) > sizeof(struct file_notify_information)) {
406 data_offset = le32_to_cpu(pSMBr->DataOffset);
407
408 pnotify = (struct file_notify_information *)
409 ((char *)&pSMBr->hdr.Protocol + data_offset);
410 cifs_dbg(FYI, "dnotify on %s Action: 0x%x\n",
411 pnotify->FileName, pnotify->Action);
412 /* cifs_dump_mem("Rcvd notify Data: ",buf,
413 sizeof(struct smb_hdr)+60); */
414 return true;
415 }
416 if (pSMBr->hdr.Status.CifsError) {
417 cifs_dbg(FYI, "notify err 0x%d\n",
418 pSMBr->hdr.Status.CifsError);
419 return true;
420 }
421 return false;
422 }
423 if (pSMB->hdr.Command != SMB_COM_LOCKING_ANDX)
424 return false;
425 if (pSMB->hdr.Flags & SMBFLG_RESPONSE) {
426 /* no sense logging error on invalid handle on oplock
427 break - harmless race between close request and oplock
428 break response is expected from time to time writing out
429 large dirty files cached on the client */
430 if ((NT_STATUS_INVALID_HANDLE) ==
431 le32_to_cpu(pSMB->hdr.Status.CifsError)) {
432 cifs_dbg(FYI, "invalid handle on oplock break\n");
433 return true;
434 } else if (ERRbadfid ==
435 le16_to_cpu(pSMB->hdr.Status.DosError.Error)) {
436 return true;
437 } else {
438 return false; /* on valid oplock brk we get "request" */
439 }
440 }
441 if (pSMB->hdr.WordCount != 8)
442 return false;
443
444 cifs_dbg(FYI, "oplock type 0x%d level 0x%d\n",
445 pSMB->LockType, pSMB->OplockLevel);
446 if (!(pSMB->LockType & LOCKING_ANDX_OPLOCK_RELEASE))
447 return false;
448
449 /* look up tcon based on tid & uid */
450 spin_lock(&cifs_tcp_ses_lock);
451 list_for_each(tmp, &srv->smb_ses_list) {
452 ses = list_entry(tmp, struct cifs_ses, smb_ses_list);
453 list_for_each(tmp1, &ses->tcon_list) {
454 tcon = list_entry(tmp1, struct cifs_tcon, tcon_list);
455 if (tcon->tid != buf->Tid)
456 continue;
457
458 cifs_stats_inc(&tcon->stats.cifs_stats.num_oplock_brks);
459 spin_lock(&cifs_file_list_lock);
460 list_for_each(tmp2, &tcon->openFileList) {
461 netfile = list_entry(tmp2, struct cifsFileInfo,
462 tlist);
463 if (pSMB->Fid != netfile->fid.netfid)
464 continue;
465
466 cifs_dbg(FYI, "file id match, oplock break\n");
467 pCifsInode = CIFS_I(netfile->dentry->d_inode);
468
469 set_bit(CIFS_INODE_PENDING_OPLOCK_BREAK,
470 &pCifsInode->flags);
471
472 /*
473 * Set flag if the server downgrades the oplock
474 * to L2 else clear.
475 */
476 if (pSMB->OplockLevel)
477 set_bit(
478 CIFS_INODE_DOWNGRADE_OPLOCK_TO_L2,
479 &pCifsInode->flags);
480 else
481 clear_bit(
482 CIFS_INODE_DOWNGRADE_OPLOCK_TO_L2,
483 &pCifsInode->flags);
484
485 queue_work(cifsiod_wq,
486 &netfile->oplock_break);
487 netfile->oplock_break_cancelled = false;
488
489 spin_unlock(&cifs_file_list_lock);
490 spin_unlock(&cifs_tcp_ses_lock);
491 return true;
492 }
493 spin_unlock(&cifs_file_list_lock);
494 spin_unlock(&cifs_tcp_ses_lock);
495 cifs_dbg(FYI, "No matching file for oplock break\n");
496 return true;
497 }
498 }
499 spin_unlock(&cifs_tcp_ses_lock);
500 cifs_dbg(FYI, "Can not process oplock break for non-existent connection\n");
501 return true;
502}
503
504void
505dump_smb(void *buf, int smb_buf_length)
506{
507 int i, j;
508 char debug_line[17];
509 unsigned char *buffer = buf;
510
511 if (traceSMB == 0)
512 return;
513
514 for (i = 0, j = 0; i < smb_buf_length; i++, j++) {
515 if (i % 8 == 0) {
516 /* have reached the beginning of line */
517 printk(KERN_DEBUG "| ");
518 j = 0;
519 }
520 printk("%0#4x ", buffer[i]);
521 debug_line[2 * j] = ' ';
522 if (isprint(buffer[i]))
523 debug_line[1 + (2 * j)] = buffer[i];
524 else
525 debug_line[1 + (2 * j)] = '_';
526
527 if (i % 8 == 7) {
528 /* reached end of line, time to print ascii */
529 debug_line[16] = 0;
530 printk(" | %s\n", debug_line);
531 }
532 }
533 for (; j < 8; j++) {
534 printk(" ");
535 debug_line[2 * j] = ' ';
536 debug_line[1 + (2 * j)] = ' ';
537 }
538 printk(" | %s\n", debug_line);
539 return;
540}
541
542void
543cifs_autodisable_serverino(struct cifs_sb_info *cifs_sb)
544{
545 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SERVER_INUM) {
546 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_SERVER_INUM;
547 cifs_dbg(VFS, "Autodisabling the use of server inode numbers on %s. This server doesn't seem to support them properly. Hardlinks will not be recognized on this mount. Consider mounting with the \"noserverino\" option to silence this message.\n",
548 cifs_sb_master_tcon(cifs_sb)->treeName);
549 }
550}
551
552void cifs_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock)
553{
554 oplock &= 0xF;
555
556 if (oplock == OPLOCK_EXCLUSIVE) {
557 cinode->oplock = CIFS_CACHE_WRITE_FLG | CIFS_CACHE_READ_FLG;
558 cifs_dbg(FYI, "Exclusive Oplock granted on inode %p\n",
559 &cinode->vfs_inode);
560 } else if (oplock == OPLOCK_READ) {
561 cinode->oplock = CIFS_CACHE_READ_FLG;
562 cifs_dbg(FYI, "Level II Oplock granted on inode %p\n",
563 &cinode->vfs_inode);
564 } else
565 cinode->oplock = 0;
566}
567
568static int
569cifs_oplock_break_wait(void *unused)
570{
571 schedule();
572 return signal_pending(current) ? -ERESTARTSYS : 0;
573}
574
575/*
576 * We wait for oplock breaks to be processed before we attempt to perform
577 * writes.
578 */
579int cifs_get_writer(struct cifsInodeInfo *cinode)
580{
581 int rc;
582
583start:
584 rc = wait_on_bit(&cinode->flags, CIFS_INODE_PENDING_OPLOCK_BREAK,
585 cifs_oplock_break_wait, TASK_KILLABLE);
586 if (rc)
587 return rc;
588
589 spin_lock(&cinode->writers_lock);
590 if (!cinode->writers)
591 set_bit(CIFS_INODE_PENDING_WRITERS, &cinode->flags);
592 cinode->writers++;
593 /* Check to see if we have started servicing an oplock break */
594 if (test_bit(CIFS_INODE_PENDING_OPLOCK_BREAK, &cinode->flags)) {
595 cinode->writers--;
596 if (cinode->writers == 0) {
597 clear_bit(CIFS_INODE_PENDING_WRITERS, &cinode->flags);
598 wake_up_bit(&cinode->flags, CIFS_INODE_PENDING_WRITERS);
599 }
600 spin_unlock(&cinode->writers_lock);
601 goto start;
602 }
603 spin_unlock(&cinode->writers_lock);
604 return 0;
605}
606
607void cifs_put_writer(struct cifsInodeInfo *cinode)
608{
609 spin_lock(&cinode->writers_lock);
610 cinode->writers--;
611 if (cinode->writers == 0) {
612 clear_bit(CIFS_INODE_PENDING_WRITERS, &cinode->flags);
613 wake_up_bit(&cinode->flags, CIFS_INODE_PENDING_WRITERS);
614 }
615 spin_unlock(&cinode->writers_lock);
616}
617
618void cifs_done_oplock_break(struct cifsInodeInfo *cinode)
619{
620 clear_bit(CIFS_INODE_PENDING_OPLOCK_BREAK, &cinode->flags);
621 wake_up_bit(&cinode->flags, CIFS_INODE_PENDING_OPLOCK_BREAK);
622}
623
624bool
625backup_cred(struct cifs_sb_info *cifs_sb)
626{
627 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_CIFS_BACKUPUID) {
628 if (uid_eq(cifs_sb->mnt_backupuid, current_fsuid()))
629 return true;
630 }
631 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_CIFS_BACKUPGID) {
632 if (in_group_p(cifs_sb->mnt_backupgid))
633 return true;
634 }
635
636 return false;
637}
638
639void
640cifs_del_pending_open(struct cifs_pending_open *open)
641{
642 spin_lock(&cifs_file_list_lock);
643 list_del(&open->olist);
644 spin_unlock(&cifs_file_list_lock);
645}
646
647void
648cifs_add_pending_open_locked(struct cifs_fid *fid, struct tcon_link *tlink,
649 struct cifs_pending_open *open)
650{
651#ifdef CONFIG_CIFS_SMB2
652 memcpy(open->lease_key, fid->lease_key, SMB2_LEASE_KEY_SIZE);
653#endif
654 open->oplock = CIFS_OPLOCK_NO_CHANGE;
655 open->tlink = tlink;
656 fid->pending_open = open;
657 list_add_tail(&open->olist, &tlink_tcon(tlink)->pending_opens);
658}
659
660void
661cifs_add_pending_open(struct cifs_fid *fid, struct tcon_link *tlink,
662 struct cifs_pending_open *open)
663{
664 spin_lock(&cifs_file_list_lock);
665 cifs_add_pending_open_locked(fid, tlink, open);
666 spin_unlock(&cifs_file_list_lock);
667}
1/*
2 * fs/cifs/misc.c
3 *
4 * Copyright (C) International Business Machines Corp., 2002,2008
5 * Author(s): Steve French (sfrench@us.ibm.com)
6 *
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
21
22#include <linux/slab.h>
23#include <linux/ctype.h>
24#include <linux/mempool.h>
25#include "cifspdu.h"
26#include "cifsglob.h"
27#include "cifsproto.h"
28#include "cifs_debug.h"
29#include "smberr.h"
30#include "nterr.h"
31#include "cifs_unicode.h"
32
33extern mempool_t *cifs_sm_req_poolp;
34extern mempool_t *cifs_req_poolp;
35
36/* The xid serves as a useful identifier for each incoming vfs request,
37 in a similar way to the mid which is useful to track each sent smb,
38 and CurrentXid can also provide a running counter (although it
39 will eventually wrap past zero) of the total vfs operations handled
40 since the cifs fs was mounted */
41
42unsigned int
43_GetXid(void)
44{
45 unsigned int xid;
46
47 spin_lock(&GlobalMid_Lock);
48 GlobalTotalActiveXid++;
49
50 /* keep high water mark for number of simultaneous ops in filesystem */
51 if (GlobalTotalActiveXid > GlobalMaxActiveXid)
52 GlobalMaxActiveXid = GlobalTotalActiveXid;
53 if (GlobalTotalActiveXid > 65000)
54 cFYI(1, "warning: more than 65000 requests active");
55 xid = GlobalCurrentXid++;
56 spin_unlock(&GlobalMid_Lock);
57 return xid;
58}
59
60void
61_FreeXid(unsigned int xid)
62{
63 spin_lock(&GlobalMid_Lock);
64 /* if (GlobalTotalActiveXid == 0)
65 BUG(); */
66 GlobalTotalActiveXid--;
67 spin_unlock(&GlobalMid_Lock);
68}
69
70struct cifs_ses *
71sesInfoAlloc(void)
72{
73 struct cifs_ses *ret_buf;
74
75 ret_buf = kzalloc(sizeof(struct cifs_ses), GFP_KERNEL);
76 if (ret_buf) {
77 atomic_inc(&sesInfoAllocCount);
78 ret_buf->status = CifsNew;
79 ++ret_buf->ses_count;
80 INIT_LIST_HEAD(&ret_buf->smb_ses_list);
81 INIT_LIST_HEAD(&ret_buf->tcon_list);
82 mutex_init(&ret_buf->session_mutex);
83 }
84 return ret_buf;
85}
86
87void
88sesInfoFree(struct cifs_ses *buf_to_free)
89{
90 if (buf_to_free == NULL) {
91 cFYI(1, "Null buffer passed to sesInfoFree");
92 return;
93 }
94
95 atomic_dec(&sesInfoAllocCount);
96 kfree(buf_to_free->serverOS);
97 kfree(buf_to_free->serverDomain);
98 kfree(buf_to_free->serverNOS);
99 if (buf_to_free->password) {
100 memset(buf_to_free->password, 0, strlen(buf_to_free->password));
101 kfree(buf_to_free->password);
102 }
103 kfree(buf_to_free->user_name);
104 kfree(buf_to_free->domainName);
105 kfree(buf_to_free);
106}
107
108struct cifs_tcon *
109tconInfoAlloc(void)
110{
111 struct cifs_tcon *ret_buf;
112 ret_buf = kzalloc(sizeof(struct cifs_tcon), GFP_KERNEL);
113 if (ret_buf) {
114 atomic_inc(&tconInfoAllocCount);
115 ret_buf->tidStatus = CifsNew;
116 ++ret_buf->tc_count;
117 INIT_LIST_HEAD(&ret_buf->openFileList);
118 INIT_LIST_HEAD(&ret_buf->tcon_list);
119#ifdef CONFIG_CIFS_STATS
120 spin_lock_init(&ret_buf->stat_lock);
121#endif
122 }
123 return ret_buf;
124}
125
126void
127tconInfoFree(struct cifs_tcon *buf_to_free)
128{
129 if (buf_to_free == NULL) {
130 cFYI(1, "Null buffer passed to tconInfoFree");
131 return;
132 }
133 atomic_dec(&tconInfoAllocCount);
134 kfree(buf_to_free->nativeFileSystem);
135 if (buf_to_free->password) {
136 memset(buf_to_free->password, 0, strlen(buf_to_free->password));
137 kfree(buf_to_free->password);
138 }
139 kfree(buf_to_free);
140}
141
142struct smb_hdr *
143cifs_buf_get(void)
144{
145 struct smb_hdr *ret_buf = NULL;
146
147/* We could use negotiated size instead of max_msgsize -
148 but it may be more efficient to always alloc same size
149 albeit slightly larger than necessary and maxbuffersize
150 defaults to this and can not be bigger */
151 ret_buf = mempool_alloc(cifs_req_poolp, GFP_NOFS);
152
153 /* clear the first few header bytes */
154 /* for most paths, more is cleared in header_assemble */
155 if (ret_buf) {
156 memset(ret_buf, 0, sizeof(struct smb_hdr) + 3);
157 atomic_inc(&bufAllocCount);
158#ifdef CONFIG_CIFS_STATS2
159 atomic_inc(&totBufAllocCount);
160#endif /* CONFIG_CIFS_STATS2 */
161 }
162
163 return ret_buf;
164}
165
166void
167cifs_buf_release(void *buf_to_free)
168{
169 if (buf_to_free == NULL) {
170 /* cFYI(1, "Null buffer passed to cifs_buf_release");*/
171 return;
172 }
173 mempool_free(buf_to_free, cifs_req_poolp);
174
175 atomic_dec(&bufAllocCount);
176 return;
177}
178
179struct smb_hdr *
180cifs_small_buf_get(void)
181{
182 struct smb_hdr *ret_buf = NULL;
183
184/* We could use negotiated size instead of max_msgsize -
185 but it may be more efficient to always alloc same size
186 albeit slightly larger than necessary and maxbuffersize
187 defaults to this and can not be bigger */
188 ret_buf = mempool_alloc(cifs_sm_req_poolp, GFP_NOFS);
189 if (ret_buf) {
190 /* No need to clear memory here, cleared in header assemble */
191 /* memset(ret_buf, 0, sizeof(struct smb_hdr) + 27);*/
192 atomic_inc(&smBufAllocCount);
193#ifdef CONFIG_CIFS_STATS2
194 atomic_inc(&totSmBufAllocCount);
195#endif /* CONFIG_CIFS_STATS2 */
196
197 }
198 return ret_buf;
199}
200
201void
202cifs_small_buf_release(void *buf_to_free)
203{
204
205 if (buf_to_free == NULL) {
206 cFYI(1, "Null buffer passed to cifs_small_buf_release");
207 return;
208 }
209 mempool_free(buf_to_free, cifs_sm_req_poolp);
210
211 atomic_dec(&smBufAllocCount);
212 return;
213}
214
215/* NB: MID can not be set if treeCon not passed in, in that
216 case it is responsbility of caller to set the mid */
217void
218header_assemble(struct smb_hdr *buffer, char smb_command /* command */ ,
219 const struct cifs_tcon *treeCon, int word_count
220 /* length of fixed section (word count) in two byte units */)
221{
222 char *temp = (char *) buffer;
223
224 memset(temp, 0, 256); /* bigger than MAX_CIFS_HDR_SIZE */
225
226 buffer->smb_buf_length = cpu_to_be32(
227 (2 * word_count) + sizeof(struct smb_hdr) -
228 4 /* RFC 1001 length field does not count */ +
229 2 /* for bcc field itself */) ;
230
231 buffer->Protocol[0] = 0xFF;
232 buffer->Protocol[1] = 'S';
233 buffer->Protocol[2] = 'M';
234 buffer->Protocol[3] = 'B';
235 buffer->Command = smb_command;
236 buffer->Flags = 0x00; /* case sensitive */
237 buffer->Flags2 = SMBFLG2_KNOWS_LONG_NAMES;
238 buffer->Pid = cpu_to_le16((__u16)current->tgid);
239 buffer->PidHigh = cpu_to_le16((__u16)(current->tgid >> 16));
240 if (treeCon) {
241 buffer->Tid = treeCon->tid;
242 if (treeCon->ses) {
243 if (treeCon->ses->capabilities & CAP_UNICODE)
244 buffer->Flags2 |= SMBFLG2_UNICODE;
245 if (treeCon->ses->capabilities & CAP_STATUS32)
246 buffer->Flags2 |= SMBFLG2_ERR_STATUS;
247
248 /* Uid is not converted */
249 buffer->Uid = treeCon->ses->Suid;
250 buffer->Mid = get_next_mid(treeCon->ses->server);
251 }
252 if (treeCon->Flags & SMB_SHARE_IS_IN_DFS)
253 buffer->Flags2 |= SMBFLG2_DFS;
254 if (treeCon->nocase)
255 buffer->Flags |= SMBFLG_CASELESS;
256 if ((treeCon->ses) && (treeCon->ses->server))
257 if (treeCon->ses->server->sec_mode &
258 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
259 buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
260 }
261
262/* endian conversion of flags is now done just before sending */
263 buffer->WordCount = (char) word_count;
264 return;
265}
266
267static int
268check_smb_hdr(struct smb_hdr *smb, __u16 mid)
269{
270 /* does it have the right SMB "signature" ? */
271 if (*(__le32 *) smb->Protocol != cpu_to_le32(0x424d53ff)) {
272 cERROR(1, "Bad protocol string signature header 0x%x",
273 *(unsigned int *)smb->Protocol);
274 return 1;
275 }
276
277 /* Make sure that message ids match */
278 if (mid != smb->Mid) {
279 cERROR(1, "Mids do not match. received=%u expected=%u",
280 smb->Mid, mid);
281 return 1;
282 }
283
284 /* if it's a response then accept */
285 if (smb->Flags & SMBFLG_RESPONSE)
286 return 0;
287
288 /* only one valid case where server sends us request */
289 if (smb->Command == SMB_COM_LOCKING_ANDX)
290 return 0;
291
292 cERROR(1, "Server sent request, not response. mid=%u", smb->Mid);
293 return 1;
294}
295
296int
297checkSMB(char *buf, unsigned int total_read)
298{
299 struct smb_hdr *smb = (struct smb_hdr *)buf;
300 __u16 mid = smb->Mid;
301 __u32 rfclen = be32_to_cpu(smb->smb_buf_length);
302 __u32 clc_len; /* calculated length */
303 cFYI(0, "checkSMB Length: 0x%x, smb_buf_length: 0x%x",
304 total_read, rfclen);
305
306 /* is this frame too small to even get to a BCC? */
307 if (total_read < 2 + sizeof(struct smb_hdr)) {
308 if ((total_read >= sizeof(struct smb_hdr) - 1)
309 && (smb->Status.CifsError != 0)) {
310 /* it's an error return */
311 smb->WordCount = 0;
312 /* some error cases do not return wct and bcc */
313 return 0;
314 } else if ((total_read == sizeof(struct smb_hdr) + 1) &&
315 (smb->WordCount == 0)) {
316 char *tmp = (char *)smb;
317 /* Need to work around a bug in two servers here */
318 /* First, check if the part of bcc they sent was zero */
319 if (tmp[sizeof(struct smb_hdr)] == 0) {
320 /* some servers return only half of bcc
321 * on simple responses (wct, bcc both zero)
322 * in particular have seen this on
323 * ulogoffX and FindClose. This leaves
324 * one byte of bcc potentially unitialized
325 */
326 /* zero rest of bcc */
327 tmp[sizeof(struct smb_hdr)+1] = 0;
328 return 0;
329 }
330 cERROR(1, "rcvd invalid byte count (bcc)");
331 } else {
332 cERROR(1, "Length less than smb header size");
333 }
334 return -EIO;
335 }
336
337 /* otherwise, there is enough to get to the BCC */
338 if (check_smb_hdr(smb, mid))
339 return -EIO;
340 clc_len = smbCalcSize(smb);
341
342 if (4 + rfclen != total_read) {
343 cERROR(1, "Length read does not match RFC1001 length %d",
344 rfclen);
345 return -EIO;
346 }
347
348 if (4 + rfclen != clc_len) {
349 /* check if bcc wrapped around for large read responses */
350 if ((rfclen > 64 * 1024) && (rfclen > clc_len)) {
351 /* check if lengths match mod 64K */
352 if (((4 + rfclen) & 0xFFFF) == (clc_len & 0xFFFF))
353 return 0; /* bcc wrapped */
354 }
355 cFYI(1, "Calculated size %u vs length %u mismatch for mid=%u",
356 clc_len, 4 + rfclen, smb->Mid);
357
358 if (4 + rfclen < clc_len) {
359 cERROR(1, "RFC1001 size %u smaller than SMB for mid=%u",
360 rfclen, smb->Mid);
361 return -EIO;
362 } else if (rfclen > clc_len + 512) {
363 /*
364 * Some servers (Windows XP in particular) send more
365 * data than the lengths in the SMB packet would
366 * indicate on certain calls (byte range locks and
367 * trans2 find first calls in particular). While the
368 * client can handle such a frame by ignoring the
369 * trailing data, we choose limit the amount of extra
370 * data to 512 bytes.
371 */
372 cERROR(1, "RFC1001 size %u more than 512 bytes larger "
373 "than SMB for mid=%u", rfclen, smb->Mid);
374 return -EIO;
375 }
376 }
377 return 0;
378}
379
380bool
381is_valid_oplock_break(char *buffer, struct TCP_Server_Info *srv)
382{
383 struct smb_hdr *buf = (struct smb_hdr *)buffer;
384 struct smb_com_lock_req *pSMB = (struct smb_com_lock_req *)buf;
385 struct list_head *tmp, *tmp1, *tmp2;
386 struct cifs_ses *ses;
387 struct cifs_tcon *tcon;
388 struct cifsInodeInfo *pCifsInode;
389 struct cifsFileInfo *netfile;
390
391 cFYI(1, "Checking for oplock break or dnotify response");
392 if ((pSMB->hdr.Command == SMB_COM_NT_TRANSACT) &&
393 (pSMB->hdr.Flags & SMBFLG_RESPONSE)) {
394 struct smb_com_transaction_change_notify_rsp *pSMBr =
395 (struct smb_com_transaction_change_notify_rsp *)buf;
396 struct file_notify_information *pnotify;
397 __u32 data_offset = 0;
398 if (get_bcc(buf) > sizeof(struct file_notify_information)) {
399 data_offset = le32_to_cpu(pSMBr->DataOffset);
400
401 pnotify = (struct file_notify_information *)
402 ((char *)&pSMBr->hdr.Protocol + data_offset);
403 cFYI(1, "dnotify on %s Action: 0x%x",
404 pnotify->FileName, pnotify->Action);
405 /* cifs_dump_mem("Rcvd notify Data: ",buf,
406 sizeof(struct smb_hdr)+60); */
407 return true;
408 }
409 if (pSMBr->hdr.Status.CifsError) {
410 cFYI(1, "notify err 0x%d",
411 pSMBr->hdr.Status.CifsError);
412 return true;
413 }
414 return false;
415 }
416 if (pSMB->hdr.Command != SMB_COM_LOCKING_ANDX)
417 return false;
418 if (pSMB->hdr.Flags & SMBFLG_RESPONSE) {
419 /* no sense logging error on invalid handle on oplock
420 break - harmless race between close request and oplock
421 break response is expected from time to time writing out
422 large dirty files cached on the client */
423 if ((NT_STATUS_INVALID_HANDLE) ==
424 le32_to_cpu(pSMB->hdr.Status.CifsError)) {
425 cFYI(1, "invalid handle on oplock break");
426 return true;
427 } else if (ERRbadfid ==
428 le16_to_cpu(pSMB->hdr.Status.DosError.Error)) {
429 return true;
430 } else {
431 return false; /* on valid oplock brk we get "request" */
432 }
433 }
434 if (pSMB->hdr.WordCount != 8)
435 return false;
436
437 cFYI(1, "oplock type 0x%d level 0x%d",
438 pSMB->LockType, pSMB->OplockLevel);
439 if (!(pSMB->LockType & LOCKING_ANDX_OPLOCK_RELEASE))
440 return false;
441
442 /* look up tcon based on tid & uid */
443 spin_lock(&cifs_tcp_ses_lock);
444 list_for_each(tmp, &srv->smb_ses_list) {
445 ses = list_entry(tmp, struct cifs_ses, smb_ses_list);
446 list_for_each(tmp1, &ses->tcon_list) {
447 tcon = list_entry(tmp1, struct cifs_tcon, tcon_list);
448 if (tcon->tid != buf->Tid)
449 continue;
450
451 cifs_stats_inc(&tcon->num_oplock_brks);
452 spin_lock(&cifs_file_list_lock);
453 list_for_each(tmp2, &tcon->openFileList) {
454 netfile = list_entry(tmp2, struct cifsFileInfo,
455 tlist);
456 if (pSMB->Fid != netfile->netfid)
457 continue;
458
459 cFYI(1, "file id match, oplock break");
460 pCifsInode = CIFS_I(netfile->dentry->d_inode);
461
462 cifs_set_oplock_level(pCifsInode,
463 pSMB->OplockLevel ? OPLOCK_READ : 0);
464 queue_work(cifsiod_wq,
465 &netfile->oplock_break);
466 netfile->oplock_break_cancelled = false;
467
468 spin_unlock(&cifs_file_list_lock);
469 spin_unlock(&cifs_tcp_ses_lock);
470 return true;
471 }
472 spin_unlock(&cifs_file_list_lock);
473 spin_unlock(&cifs_tcp_ses_lock);
474 cFYI(1, "No matching file for oplock break");
475 return true;
476 }
477 }
478 spin_unlock(&cifs_tcp_ses_lock);
479 cFYI(1, "Can not process oplock break for non-existent connection");
480 return true;
481}
482
483void
484dump_smb(void *buf, int smb_buf_length)
485{
486 int i, j;
487 char debug_line[17];
488 unsigned char *buffer = buf;
489
490 if (traceSMB == 0)
491 return;
492
493 for (i = 0, j = 0; i < smb_buf_length; i++, j++) {
494 if (i % 8 == 0) {
495 /* have reached the beginning of line */
496 printk(KERN_DEBUG "| ");
497 j = 0;
498 }
499 printk("%0#4x ", buffer[i]);
500 debug_line[2 * j] = ' ';
501 if (isprint(buffer[i]))
502 debug_line[1 + (2 * j)] = buffer[i];
503 else
504 debug_line[1 + (2 * j)] = '_';
505
506 if (i % 8 == 7) {
507 /* reached end of line, time to print ascii */
508 debug_line[16] = 0;
509 printk(" | %s\n", debug_line);
510 }
511 }
512 for (; j < 8; j++) {
513 printk(" ");
514 debug_line[2 * j] = ' ';
515 debug_line[1 + (2 * j)] = ' ';
516 }
517 printk(" | %s\n", debug_line);
518 return;
519}
520
521void
522cifs_autodisable_serverino(struct cifs_sb_info *cifs_sb)
523{
524 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SERVER_INUM) {
525 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_SERVER_INUM;
526 cERROR(1, "Autodisabling the use of server inode numbers on "
527 "%s. This server doesn't seem to support them "
528 "properly. Hardlinks will not be recognized on this "
529 "mount. Consider mounting with the \"noserverino\" "
530 "option to silence this message.",
531 cifs_sb_master_tcon(cifs_sb)->treeName);
532 }
533}
534
535void cifs_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock)
536{
537 oplock &= 0xF;
538
539 if (oplock == OPLOCK_EXCLUSIVE) {
540 cinode->clientCanCacheAll = true;
541 cinode->clientCanCacheRead = true;
542 cFYI(1, "Exclusive Oplock granted on inode %p",
543 &cinode->vfs_inode);
544 } else if (oplock == OPLOCK_READ) {
545 cinode->clientCanCacheAll = false;
546 cinode->clientCanCacheRead = true;
547 cFYI(1, "Level II Oplock granted on inode %p",
548 &cinode->vfs_inode);
549 } else {
550 cinode->clientCanCacheAll = false;
551 cinode->clientCanCacheRead = false;
552 }
553}
554
555bool
556backup_cred(struct cifs_sb_info *cifs_sb)
557{
558 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_CIFS_BACKUPUID) {
559 if (cifs_sb->mnt_backupuid == current_fsuid())
560 return true;
561 }
562 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_CIFS_BACKUPGID) {
563 if (in_group_p(cifs_sb->mnt_backupgid))
564 return true;
565 }
566
567 return false;
568}