Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * fs/cifs/misc.c | |
3 | * | |
ad7a2926 | 4 | * Copyright (C) International Business Machines Corp., 2002,2008 |
1da177e4 LT |
5 | * Author(s): Steve French (sfrench@us.ibm.com) |
6 | * | |
7 | * This library is free software; you can redistribute it and/or modify | |
8 | * it under the terms of the GNU Lesser General Public License as published | |
9 | * by the Free Software Foundation; either version 2.1 of the License, or | |
10 | * (at your option) any later version. | |
11 | * | |
12 | * This library is distributed in the hope that it will be useful, | |
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See | |
15 | * the GNU Lesser General Public License for more details. | |
16 | * | |
17 | * You should have received a copy of the GNU Lesser General Public License | |
18 | * along with this library; if not, write to the Free Software | |
fb8c4b14 | 19 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
1da177e4 LT |
20 | */ |
21 | ||
22 | #include <linux/slab.h> | |
23 | #include <linux/ctype.h> | |
24 | #include <linux/mempool.h> | |
25 | #include "cifspdu.h" | |
26 | #include "cifsglob.h" | |
27 | #include "cifsproto.h" | |
28 | #include "cifs_debug.h" | |
29 | #include "smberr.h" | |
30 | #include "nterr.h" | |
6c91d362 | 31 | #include "cifs_unicode.h" |
1da177e4 LT |
32 | |
33 | extern mempool_t *cifs_sm_req_poolp; | |
34 | extern mempool_t *cifs_req_poolp; | |
1da177e4 | 35 | |
fb8c4b14 SF |
36 | /* The xid serves as a useful identifier for each incoming vfs request, |
37 | in a similar way to the mid which is useful to track each sent smb, | |
38 | and CurrentXid can also provide a running counter (although it | |
39 | will eventually wrap past zero) of the total vfs operations handled | |
1da177e4 LT |
40 | since the cifs fs was mounted */ |
41 | ||
42 | unsigned int | |
43 | _GetXid(void) | |
44 | { | |
45 | unsigned int xid; | |
46 | ||
47 | spin_lock(&GlobalMid_Lock); | |
48 | GlobalTotalActiveXid++; | |
50c2f753 SF |
49 | |
50 | /* keep high water mark for number of simultaneous ops in filesystem */ | |
1da177e4 | 51 | if (GlobalTotalActiveXid > GlobalMaxActiveXid) |
50c2f753 | 52 | GlobalMaxActiveXid = GlobalTotalActiveXid; |
790fe579 | 53 | if (GlobalTotalActiveXid > 65000) |
b6b38f70 | 54 | cFYI(1, "warning: more than 65000 requests active"); |
1da177e4 LT |
55 | xid = GlobalCurrentXid++; |
56 | spin_unlock(&GlobalMid_Lock); | |
57 | return xid; | |
58 | } | |
59 | ||
60 | void | |
61 | _FreeXid(unsigned int xid) | |
62 | { | |
63 | spin_lock(&GlobalMid_Lock); | |
790fe579 | 64 | /* if (GlobalTotalActiveXid == 0) |
1da177e4 LT |
65 | BUG(); */ |
66 | GlobalTotalActiveXid--; | |
67 | spin_unlock(&GlobalMid_Lock); | |
68 | } | |
69 | ||
96daf2b0 | 70 | struct cifs_ses * |
1da177e4 LT |
71 | sesInfoAlloc(void) |
72 | { | |
96daf2b0 | 73 | struct cifs_ses *ret_buf; |
1da177e4 | 74 | |
96daf2b0 | 75 | ret_buf = kzalloc(sizeof(struct cifs_ses), GFP_KERNEL); |
1da177e4 | 76 | if (ret_buf) { |
1da177e4 LT |
77 | atomic_inc(&sesInfoAllocCount); |
78 | ret_buf->status = CifsNew; | |
14fbf50d JL |
79 | ++ret_buf->ses_count; |
80 | INIT_LIST_HEAD(&ret_buf->smb_ses_list); | |
f1987b44 | 81 | INIT_LIST_HEAD(&ret_buf->tcon_list); |
d7b619cf | 82 | mutex_init(&ret_buf->session_mutex); |
1da177e4 LT |
83 | } |
84 | return ret_buf; | |
85 | } | |
86 | ||
87 | void | |
96daf2b0 | 88 | sesInfoFree(struct cifs_ses *buf_to_free) |
1da177e4 LT |
89 | { |
90 | if (buf_to_free == NULL) { | |
b6b38f70 | 91 | cFYI(1, "Null buffer passed to sesInfoFree"); |
1da177e4 LT |
92 | return; |
93 | } | |
94 | ||
1da177e4 | 95 | atomic_dec(&sesInfoAllocCount); |
f99d49ad JJ |
96 | kfree(buf_to_free->serverOS); |
97 | kfree(buf_to_free->serverDomain); | |
98 | kfree(buf_to_free->serverNOS); | |
55162dec JL |
99 | if (buf_to_free->password) { |
100 | memset(buf_to_free->password, 0, strlen(buf_to_free->password)); | |
101 | kfree(buf_to_free->password); | |
102 | } | |
8727c8a8 | 103 | kfree(buf_to_free->user_name); |
3979877e | 104 | kfree(buf_to_free->domainName); |
1da177e4 LT |
105 | kfree(buf_to_free); |
106 | } | |
107 | ||
96daf2b0 | 108 | struct cifs_tcon * |
1da177e4 LT |
109 | tconInfoAlloc(void) |
110 | { | |
96daf2b0 SF |
111 | struct cifs_tcon *ret_buf; |
112 | ret_buf = kzalloc(sizeof(struct cifs_tcon), GFP_KERNEL); | |
1da177e4 | 113 | if (ret_buf) { |
1da177e4 | 114 | atomic_inc(&tconInfoAllocCount); |
1da177e4 | 115 | ret_buf->tidStatus = CifsNew; |
f1987b44 | 116 | ++ret_buf->tc_count; |
1da177e4 | 117 | INIT_LIST_HEAD(&ret_buf->openFileList); |
f1987b44 | 118 | INIT_LIST_HEAD(&ret_buf->tcon_list); |
1da177e4 LT |
119 | #ifdef CONFIG_CIFS_STATS |
120 | spin_lock_init(&ret_buf->stat_lock); | |
121 | #endif | |
1da177e4 LT |
122 | } |
123 | return ret_buf; | |
124 | } | |
125 | ||
126 | void | |
96daf2b0 | 127 | tconInfoFree(struct cifs_tcon *buf_to_free) |
1da177e4 LT |
128 | { |
129 | if (buf_to_free == NULL) { | |
b6b38f70 | 130 | cFYI(1, "Null buffer passed to tconInfoFree"); |
1da177e4 LT |
131 | return; |
132 | } | |
1da177e4 | 133 | atomic_dec(&tconInfoAllocCount); |
f99d49ad | 134 | kfree(buf_to_free->nativeFileSystem); |
00e485b0 JL |
135 | if (buf_to_free->password) { |
136 | memset(buf_to_free->password, 0, strlen(buf_to_free->password)); | |
137 | kfree(buf_to_free->password); | |
138 | } | |
1da177e4 LT |
139 | kfree(buf_to_free); |
140 | } | |
141 | ||
142 | struct smb_hdr * | |
143 | cifs_buf_get(void) | |
144 | { | |
145 | struct smb_hdr *ret_buf = NULL; | |
146 | ||
fb8c4b14 SF |
147 | /* We could use negotiated size instead of max_msgsize - |
148 | but it may be more efficient to always alloc same size | |
149 | albeit slightly larger than necessary and maxbuffersize | |
1da177e4 | 150 | defaults to this and can not be bigger */ |
232087cb | 151 | ret_buf = mempool_alloc(cifs_req_poolp, GFP_NOFS); |
1da177e4 LT |
152 | |
153 | /* clear the first few header bytes */ | |
154 | /* for most paths, more is cleared in header_assemble */ | |
155 | if (ret_buf) { | |
156 | memset(ret_buf, 0, sizeof(struct smb_hdr) + 3); | |
157 | atomic_inc(&bufAllocCount); | |
4498eed5 SF |
158 | #ifdef CONFIG_CIFS_STATS2 |
159 | atomic_inc(&totBufAllocCount); | |
160 | #endif /* CONFIG_CIFS_STATS2 */ | |
1da177e4 LT |
161 | } |
162 | ||
163 | return ret_buf; | |
164 | } | |
165 | ||
166 | void | |
167 | cifs_buf_release(void *buf_to_free) | |
168 | { | |
1da177e4 | 169 | if (buf_to_free == NULL) { |
b6b38f70 | 170 | /* cFYI(1, "Null buffer passed to cifs_buf_release");*/ |
1da177e4 LT |
171 | return; |
172 | } | |
fb8c4b14 | 173 | mempool_free(buf_to_free, cifs_req_poolp); |
1da177e4 LT |
174 | |
175 | atomic_dec(&bufAllocCount); | |
176 | return; | |
177 | } | |
178 | ||
179 | struct smb_hdr * | |
180 | cifs_small_buf_get(void) | |
181 | { | |
182 | struct smb_hdr *ret_buf = NULL; | |
183 | ||
fb8c4b14 SF |
184 | /* We could use negotiated size instead of max_msgsize - |
185 | but it may be more efficient to always alloc same size | |
186 | albeit slightly larger than necessary and maxbuffersize | |
1da177e4 | 187 | defaults to this and can not be bigger */ |
232087cb | 188 | ret_buf = mempool_alloc(cifs_sm_req_poolp, GFP_NOFS); |
1da177e4 LT |
189 | if (ret_buf) { |
190 | /* No need to clear memory here, cleared in header assemble */ | |
191 | /* memset(ret_buf, 0, sizeof(struct smb_hdr) + 27);*/ | |
192 | atomic_inc(&smBufAllocCount); | |
4498eed5 SF |
193 | #ifdef CONFIG_CIFS_STATS2 |
194 | atomic_inc(&totSmBufAllocCount); | |
195 | #endif /* CONFIG_CIFS_STATS2 */ | |
196 | ||
1da177e4 LT |
197 | } |
198 | return ret_buf; | |
199 | } | |
200 | ||
201 | void | |
202 | cifs_small_buf_release(void *buf_to_free) | |
203 | { | |
204 | ||
205 | if (buf_to_free == NULL) { | |
b6b38f70 | 206 | cFYI(1, "Null buffer passed to cifs_small_buf_release"); |
1da177e4 LT |
207 | return; |
208 | } | |
fb8c4b14 | 209 | mempool_free(buf_to_free, cifs_sm_req_poolp); |
1da177e4 LT |
210 | |
211 | atomic_dec(&smBufAllocCount); | |
212 | return; | |
213 | } | |
214 | ||
fb8c4b14 | 215 | /* |
243d04b6 PS |
216 | * Find a free multiplex id (SMB mid). Otherwise there could be |
217 | * mid collisions which might cause problems, demultiplexing the | |
218 | * wrong response to this request. Multiplex ids could collide if | |
219 | * one of a series requests takes much longer than the others, or | |
220 | * if a very large number of long lived requests (byte range | |
221 | * locks or FindNotify requests) are pending. No more than | |
222 | * 64K-1 requests can be outstanding at one time. If no | |
223 | * mids are available, return zero. A future optimization | |
224 | * could make the combination of mids and uid the key we use | |
225 | * to demultiplex on (rather than mid alone). | |
226 | * In addition to the above check, the cifs demultiplex | |
227 | * code already used the command code as a secondary | |
228 | * check of the frame and if signing is negotiated the | |
229 | * response would be discarded if the mid were the same | |
230 | * but the signature was wrong. Since the mid is not put in the | |
231 | * pending queue until later (when it is about to be dispatched) | |
232 | * we do have to limit the number of outstanding requests | |
233 | * to somewhat less than 64K-1 although it is hard to imagine | |
234 | * so many threads being in the vfs at one time. | |
235 | */ | |
236 | __u64 GetNextMid(struct TCP_Server_Info *server) | |
1982c344 | 237 | { |
243d04b6 PS |
238 | __u64 mid = 0; |
239 | __u16 last_mid, cur_mid; | |
92a4e0f0 | 240 | bool collision; |
1982c344 SF |
241 | |
242 | spin_lock(&GlobalMid_Lock); | |
243d04b6 PS |
243 | |
244 | /* mid is 16 bit only for CIFS/SMB */ | |
245 | cur_mid = (__u16)((server->CurrentMid) & 0xffff); | |
246 | /* we do not want to loop forever */ | |
247 | last_mid = cur_mid; | |
248 | cur_mid++; | |
249 | ||
250 | /* | |
251 | * This nested loop looks more expensive than it is. | |
252 | * In practice the list of pending requests is short, | |
253 | * fewer than 50, and the mids are likely to be unique | |
254 | * on the first pass through the loop unless some request | |
255 | * takes longer than the 64 thousand requests before it | |
256 | * (and it would also have to have been a request that | |
257 | * did not time out). | |
258 | */ | |
259 | while (cur_mid != last_mid) { | |
1982c344 | 260 | struct mid_q_entry *mid_entry; |
92a4e0f0 | 261 | unsigned int num_mids; |
1982c344 | 262 | |
92a4e0f0 | 263 | collision = false; |
243d04b6 PS |
264 | if (cur_mid == 0) |
265 | cur_mid++; | |
1982c344 | 266 | |
92a4e0f0 JL |
267 | num_mids = 0; |
268 | list_for_each_entry(mid_entry, &server->pending_mid_q, qhead) { | |
269 | ++num_mids; | |
243d04b6 | 270 | if (mid_entry->mid == cur_mid && |
7c9421e1 | 271 | mid_entry->mid_state == MID_REQUEST_SUBMITTED) { |
1982c344 | 272 | /* This mid is in use, try a different one */ |
92a4e0f0 | 273 | collision = true; |
1982c344 SF |
274 | break; |
275 | } | |
276 | } | |
92a4e0f0 JL |
277 | |
278 | /* | |
279 | * if we have more than 32k mids in the list, then something | |
280 | * is very wrong. Possibly a local user is trying to DoS the | |
281 | * box by issuing long-running calls and SIGKILL'ing them. If | |
282 | * we get to 2^16 mids then we're in big trouble as this | |
283 | * function could loop forever. | |
284 | * | |
285 | * Go ahead and assign out the mid in this situation, but force | |
286 | * an eventual reconnect to clean out the pending_mid_q. | |
287 | */ | |
288 | if (num_mids > 32768) | |
289 | server->tcpStatus = CifsNeedReconnect; | |
290 | ||
291 | if (!collision) { | |
243d04b6 PS |
292 | mid = (__u64)cur_mid; |
293 | server->CurrentMid = mid; | |
1982c344 SF |
294 | break; |
295 | } | |
243d04b6 | 296 | cur_mid++; |
1982c344 SF |
297 | } |
298 | spin_unlock(&GlobalMid_Lock); | |
299 | return mid; | |
300 | } | |
301 | ||
302 | /* NB: MID can not be set if treeCon not passed in, in that | |
303 | case it is responsbility of caller to set the mid */ | |
1da177e4 LT |
304 | void |
305 | header_assemble(struct smb_hdr *buffer, char smb_command /* command */ , | |
96daf2b0 | 306 | const struct cifs_tcon *treeCon, int word_count |
1da177e4 LT |
307 | /* length of fixed section (word count) in two byte units */) |
308 | { | |
fb8c4b14 | 309 | struct list_head *temp_item; |
96daf2b0 | 310 | struct cifs_ses *ses; |
1da177e4 LT |
311 | char *temp = (char *) buffer; |
312 | ||
fb8c4b14 | 313 | memset(temp, 0, 256); /* bigger than MAX_CIFS_HDR_SIZE */ |
1da177e4 | 314 | |
be8e3b00 | 315 | buffer->smb_buf_length = cpu_to_be32( |
630f3f0c | 316 | (2 * word_count) + sizeof(struct smb_hdr) - |
1da177e4 | 317 | 4 /* RFC 1001 length field does not count */ + |
be8e3b00 | 318 | 2 /* for bcc field itself */) ; |
1da177e4 LT |
319 | |
320 | buffer->Protocol[0] = 0xFF; | |
321 | buffer->Protocol[1] = 'S'; | |
322 | buffer->Protocol[2] = 'M'; | |
323 | buffer->Protocol[3] = 'B'; | |
324 | buffer->Command = smb_command; | |
325 | buffer->Flags = 0x00; /* case sensitive */ | |
326 | buffer->Flags2 = SMBFLG2_KNOWS_LONG_NAMES; | |
327 | buffer->Pid = cpu_to_le16((__u16)current->tgid); | |
328 | buffer->PidHigh = cpu_to_le16((__u16)(current->tgid >> 16)); | |
1da177e4 LT |
329 | if (treeCon) { |
330 | buffer->Tid = treeCon->tid; | |
331 | if (treeCon->ses) { | |
332 | if (treeCon->ses->capabilities & CAP_UNICODE) | |
333 | buffer->Flags2 |= SMBFLG2_UNICODE; | |
ad7a2926 | 334 | if (treeCon->ses->capabilities & CAP_STATUS32) |
1da177e4 | 335 | buffer->Flags2 |= SMBFLG2_ERR_STATUS; |
ad7a2926 | 336 | |
1982c344 SF |
337 | /* Uid is not converted */ |
338 | buffer->Uid = treeCon->ses->Suid; | |
339 | buffer->Mid = GetNextMid(treeCon->ses->server); | |
790fe579 | 340 | if (multiuser_mount != 0) { |
1da177e4 LT |
341 | /* For the multiuser case, there are few obvious technically */ |
342 | /* possible mechanisms to match the local linux user (uid) */ | |
343 | /* to a valid remote smb user (smb_uid): */ | |
344 | /* 1) Query Winbind (or other local pam/nss daemon */ | |
345 | /* for userid/password/logon_domain or credential */ | |
346 | /* 2) Query Winbind for uid to sid to username mapping */ | |
347 | /* and see if we have a matching password for existing*/ | |
348 | /* session for that user perhas getting password by */ | |
349 | /* adding a new pam_cifs module that stores passwords */ | |
350 | /* so that the cifs vfs can get at that for all logged*/ | |
351 | /* on users */ | |
352 | /* 3) (Which is the mechanism we have chosen) */ | |
353 | /* Search through sessions to the same server for a */ | |
354 | /* a match on the uid that was passed in on mount */ | |
355 | /* with the current processes uid (or euid?) and use */ | |
356 | /* that smb uid. If no existing smb session for */ | |
357 | /* that uid found, use the default smb session ie */ | |
358 | /* the smb session for the volume mounted which is */ | |
359 | /* the same as would be used if the multiuser mount */ | |
360 | /* flag were disabled. */ | |
361 | ||
362 | /* BB Add support for establishing new tCon and SMB Session */ | |
fb8c4b14 | 363 | /* with userid/password pairs found on the smb session */ |
1da177e4 | 364 | /* for other target tcp/ip addresses BB */ |
a001e5b5 | 365 | if (current_fsuid() != treeCon->ses->linux_uid) { |
b6b38f70 JP |
366 | cFYI(1, "Multiuser mode and UID " |
367 | "did not match tcon uid"); | |
3f9bcca7 | 368 | spin_lock(&cifs_tcp_ses_lock); |
14fbf50d | 369 | list_for_each(temp_item, &treeCon->ses->server->smb_ses_list) { |
96daf2b0 | 370 | ses = list_entry(temp_item, struct cifs_ses, smb_ses_list); |
a001e5b5 | 371 | if (ses->linux_uid == current_fsuid()) { |
790fe579 | 372 | if (ses->server == treeCon->ses->server) { |
b6b38f70 | 373 | cFYI(1, "found matching uid substitute right smb_uid"); |
1da177e4 LT |
374 | buffer->Uid = ses->Suid; |
375 | break; | |
376 | } else { | |
fb8c4b14 | 377 | /* BB eventually call cifs_setup_session here */ |
b6b38f70 | 378 | cFYI(1, "local UID found but no smb sess with this server exists"); |
1da177e4 LT |
379 | } |
380 | } | |
381 | } | |
3f9bcca7 | 382 | spin_unlock(&cifs_tcp_ses_lock); |
1da177e4 LT |
383 | } |
384 | } | |
385 | } | |
386 | if (treeCon->Flags & SMB_SHARE_IS_IN_DFS) | |
387 | buffer->Flags2 |= SMBFLG2_DFS; | |
d3485d37 SF |
388 | if (treeCon->nocase) |
389 | buffer->Flags |= SMBFLG_CASELESS; | |
790fe579 | 390 | if ((treeCon->ses) && (treeCon->ses->server)) |
96daf2b0 | 391 | if (treeCon->ses->server->sec_mode & |
1da177e4 LT |
392 | (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) |
393 | buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE; | |
394 | } | |
395 | ||
396 | /* endian conversion of flags is now done just before sending */ | |
397 | buffer->WordCount = (char) word_count; | |
398 | return; | |
399 | } | |
400 | ||
2cd646a2 | 401 | static int |
68abaffa | 402 | check_smb_hdr(struct smb_hdr *smb, __u16 mid) |
1da177e4 | 403 | { |
68abaffa JL |
404 | /* does it have the right SMB "signature" ? */ |
405 | if (*(__le32 *) smb->Protocol != cpu_to_le32(0x424d53ff)) { | |
406 | cERROR(1, "Bad protocol string signature header 0x%x", | |
407 | *(unsigned int *)smb->Protocol); | |
408 | return 1; | |
409 | } | |
410 | ||
411 | /* Make sure that message ids match */ | |
412 | if (mid != smb->Mid) { | |
413 | cERROR(1, "Mids do not match. received=%u expected=%u", | |
414 | smb->Mid, mid); | |
415 | return 1; | |
1da177e4 | 416 | } |
68abaffa JL |
417 | |
418 | /* if it's a response then accept */ | |
419 | if (smb->Flags & SMBFLG_RESPONSE) | |
420 | return 0; | |
421 | ||
422 | /* only one valid case where server sends us request */ | |
423 | if (smb->Command == SMB_COM_LOCKING_ANDX) | |
424 | return 0; | |
425 | ||
426 | cERROR(1, "Server sent request, not response. mid=%u", smb->Mid); | |
1da177e4 LT |
427 | return 1; |
428 | } | |
429 | ||
430 | int | |
d4e4854f | 431 | checkSMB(char *buf, unsigned int total_read) |
1da177e4 | 432 | { |
d4e4854f PS |
433 | struct smb_hdr *smb = (struct smb_hdr *)buf; |
434 | __u16 mid = smb->Mid; | |
376b43f4 | 435 | __u32 rfclen = be32_to_cpu(smb->smb_buf_length); |
190fdeb8 | 436 | __u32 clc_len; /* calculated length */ |
376b43f4 JL |
437 | cFYI(0, "checkSMB Length: 0x%x, smb_buf_length: 0x%x", |
438 | total_read, rfclen); | |
d103e164 | 439 | |
376b43f4 JL |
440 | /* is this frame too small to even get to a BCC? */ |
441 | if (total_read < 2 + sizeof(struct smb_hdr)) { | |
442 | if ((total_read >= sizeof(struct smb_hdr) - 1) | |
1da177e4 | 443 | && (smb->Status.CifsError != 0)) { |
376b43f4 | 444 | /* it's an error return */ |
d103e164 SF |
445 | smb->WordCount = 0; |
446 | /* some error cases do not return wct and bcc */ | |
447 | return 0; | |
376b43f4 | 448 | } else if ((total_read == sizeof(struct smb_hdr) + 1) && |
d103e164 | 449 | (smb->WordCount == 0)) { |
fb8c4b14 | 450 | char *tmp = (char *)smb; |
d103e164 SF |
451 | /* Need to work around a bug in two servers here */ |
452 | /* First, check if the part of bcc they sent was zero */ | |
453 | if (tmp[sizeof(struct smb_hdr)] == 0) { | |
454 | /* some servers return only half of bcc | |
455 | * on simple responses (wct, bcc both zero) | |
456 | * in particular have seen this on | |
457 | * ulogoffX and FindClose. This leaves | |
458 | * one byte of bcc potentially unitialized | |
459 | */ | |
460 | /* zero rest of bcc */ | |
461 | tmp[sizeof(struct smb_hdr)+1] = 0; | |
46c79a64 | 462 | return 0; |
1da177e4 | 463 | } |
b6b38f70 | 464 | cERROR(1, "rcvd invalid byte count (bcc)"); |
d103e164 | 465 | } else { |
b6b38f70 | 466 | cERROR(1, "Length less than smb header size"); |
1da177e4 | 467 | } |
376b43f4 | 468 | return -EIO; |
1da177e4 LT |
469 | } |
470 | ||
376b43f4 | 471 | /* otherwise, there is enough to get to the BCC */ |
68abaffa | 472 | if (check_smb_hdr(smb, mid)) |
376b43f4 | 473 | return -EIO; |
820a803f | 474 | clc_len = smbCalcSize(smb); |
184ed211 | 475 | |
376b43f4 | 476 | if (4 + rfclen != total_read) { |
b6b38f70 | 477 | cERROR(1, "Length read does not match RFC1001 length %d", |
376b43f4 JL |
478 | rfclen); |
479 | return -EIO; | |
184ed211 SF |
480 | } |
481 | ||
376b43f4 | 482 | if (4 + rfclen != clc_len) { |
184ed211 | 483 | /* check if bcc wrapped around for large read responses */ |
376b43f4 | 484 | if ((rfclen > 64 * 1024) && (rfclen > clc_len)) { |
184ed211 | 485 | /* check if lengths match mod 64K */ |
376b43f4 | 486 | if (((4 + rfclen) & 0xFFFF) == (clc_len & 0xFFFF)) |
fb8c4b14 | 487 | return 0; /* bcc wrapped */ |
184ed211 | 488 | } |
6284644e | 489 | cFYI(1, "Calculated size %u vs length %u mismatch for mid=%u", |
376b43f4 | 490 | clc_len, 4 + rfclen, smb->Mid); |
6284644e | 491 | |
376b43f4 | 492 | if (4 + rfclen < clc_len) { |
6284644e | 493 | cERROR(1, "RFC1001 size %u smaller than SMB for mid=%u", |
376b43f4 JL |
494 | rfclen, smb->Mid); |
495 | return -EIO; | |
496 | } else if (rfclen > clc_len + 512) { | |
6284644e JL |
497 | /* |
498 | * Some servers (Windows XP in particular) send more | |
499 | * data than the lengths in the SMB packet would | |
500 | * indicate on certain calls (byte range locks and | |
501 | * trans2 find first calls in particular). While the | |
502 | * client can handle such a frame by ignoring the | |
503 | * trailing data, we choose limit the amount of extra | |
504 | * data to 512 bytes. | |
505 | */ | |
506 | cERROR(1, "RFC1001 size %u more than 512 bytes larger " | |
376b43f4 JL |
507 | "than SMB for mid=%u", rfclen, smb->Mid); |
508 | return -EIO; | |
46c79a64 | 509 | } |
1da177e4 | 510 | } |
20962438 | 511 | return 0; |
1da177e4 | 512 | } |
4b18f2a9 SF |
513 | |
514 | bool | |
d4e4854f | 515 | is_valid_oplock_break(char *buffer, struct TCP_Server_Info *srv) |
fb8c4b14 | 516 | { |
d4e4854f | 517 | struct smb_hdr *buf = (struct smb_hdr *)buffer; |
fb8c4b14 | 518 | struct smb_com_lock_req *pSMB = (struct smb_com_lock_req *)buf; |
f1987b44 | 519 | struct list_head *tmp, *tmp1, *tmp2; |
96daf2b0 SF |
520 | struct cifs_ses *ses; |
521 | struct cifs_tcon *tcon; | |
f1987b44 | 522 | struct cifsInodeInfo *pCifsInode; |
1da177e4 LT |
523 | struct cifsFileInfo *netfile; |
524 | ||
b6b38f70 | 525 | cFYI(1, "Checking for oplock break or dnotify response"); |
790fe579 | 526 | if ((pSMB->hdr.Command == SMB_COM_NT_TRANSACT) && |
1da177e4 | 527 | (pSMB->hdr.Flags & SMBFLG_RESPONSE)) { |
fb8c4b14 | 528 | struct smb_com_transaction_change_notify_rsp *pSMBr = |
1da177e4 | 529 | (struct smb_com_transaction_change_notify_rsp *)buf; |
fb8c4b14 | 530 | struct file_notify_information *pnotify; |
1da177e4 | 531 | __u32 data_offset = 0; |
820a803f | 532 | if (get_bcc(buf) > sizeof(struct file_notify_information)) { |
1da177e4 LT |
533 | data_offset = le32_to_cpu(pSMBr->DataOffset); |
534 | ||
3979877e SF |
535 | pnotify = (struct file_notify_information *) |
536 | ((char *)&pSMBr->hdr.Protocol + data_offset); | |
b6b38f70 JP |
537 | cFYI(1, "dnotify on %s Action: 0x%x", |
538 | pnotify->FileName, pnotify->Action); | |
fb8c4b14 | 539 | /* cifs_dump_mem("Rcvd notify Data: ",buf, |
3979877e | 540 | sizeof(struct smb_hdr)+60); */ |
4b18f2a9 | 541 | return true; |
1da177e4 | 542 | } |
790fe579 | 543 | if (pSMBr->hdr.Status.CifsError) { |
b6b38f70 JP |
544 | cFYI(1, "notify err 0x%d", |
545 | pSMBr->hdr.Status.CifsError); | |
4b18f2a9 | 546 | return true; |
1da177e4 | 547 | } |
4b18f2a9 | 548 | return false; |
fb8c4b14 | 549 | } |
790fe579 | 550 | if (pSMB->hdr.Command != SMB_COM_LOCKING_ANDX) |
4b18f2a9 | 551 | return false; |
790fe579 | 552 | if (pSMB->hdr.Flags & SMBFLG_RESPONSE) { |
1da177e4 LT |
553 | /* no sense logging error on invalid handle on oplock |
554 | break - harmless race between close request and oplock | |
555 | break response is expected from time to time writing out | |
556 | large dirty files cached on the client */ | |
fb8c4b14 SF |
557 | if ((NT_STATUS_INVALID_HANDLE) == |
558 | le32_to_cpu(pSMB->hdr.Status.CifsError)) { | |
b6b38f70 | 559 | cFYI(1, "invalid handle on oplock break"); |
4b18f2a9 | 560 | return true; |
fb8c4b14 | 561 | } else if (ERRbadfid == |
1da177e4 | 562 | le16_to_cpu(pSMB->hdr.Status.DosError.Error)) { |
4b18f2a9 | 563 | return true; |
1da177e4 | 564 | } else { |
4b18f2a9 | 565 | return false; /* on valid oplock brk we get "request" */ |
1da177e4 LT |
566 | } |
567 | } | |
790fe579 | 568 | if (pSMB->hdr.WordCount != 8) |
4b18f2a9 | 569 | return false; |
1da177e4 | 570 | |
b6b38f70 JP |
571 | cFYI(1, "oplock type 0x%d level 0x%d", |
572 | pSMB->LockType, pSMB->OplockLevel); | |
790fe579 | 573 | if (!(pSMB->LockType & LOCKING_ANDX_OPLOCK_RELEASE)) |
4b18f2a9 | 574 | return false; |
1da177e4 LT |
575 | |
576 | /* look up tcon based on tid & uid */ | |
3f9bcca7 | 577 | spin_lock(&cifs_tcp_ses_lock); |
f1987b44 | 578 | list_for_each(tmp, &srv->smb_ses_list) { |
96daf2b0 | 579 | ses = list_entry(tmp, struct cifs_ses, smb_ses_list); |
f1987b44 | 580 | list_for_each(tmp1, &ses->tcon_list) { |
96daf2b0 | 581 | tcon = list_entry(tmp1, struct cifs_tcon, tcon_list); |
f1987b44 JL |
582 | if (tcon->tid != buf->Tid) |
583 | continue; | |
584 | ||
a4544347 | 585 | cifs_stats_inc(&tcon->num_oplock_brks); |
4477288a | 586 | spin_lock(&cifs_file_list_lock); |
f1987b44 JL |
587 | list_for_each(tmp2, &tcon->openFileList) { |
588 | netfile = list_entry(tmp2, struct cifsFileInfo, | |
57337e42 | 589 | tlist); |
f1987b44 JL |
590 | if (pSMB->Fid != netfile->netfid) |
591 | continue; | |
592 | ||
b6b38f70 | 593 | cFYI(1, "file id match, oplock break"); |
a5e18bc3 | 594 | pCifsInode = CIFS_I(netfile->dentry->d_inode); |
9b646972 | 595 | |
c6723628 | 596 | cifs_set_oplock_level(pCifsInode, |
12fed00d | 597 | pSMB->OplockLevel ? OPLOCK_READ : 0); |
ad635942 JL |
598 | queue_work(system_nrt_wq, |
599 | &netfile->oplock_break); | |
9b646972 TH |
600 | netfile->oplock_break_cancelled = false; |
601 | ||
4477288a | 602 | spin_unlock(&cifs_file_list_lock); |
3f9bcca7 | 603 | spin_unlock(&cifs_tcp_ses_lock); |
f1987b44 | 604 | return true; |
1da177e4 | 605 | } |
4477288a | 606 | spin_unlock(&cifs_file_list_lock); |
3f9bcca7 | 607 | spin_unlock(&cifs_tcp_ses_lock); |
b6b38f70 | 608 | cFYI(1, "No matching file for oplock break"); |
4b18f2a9 | 609 | return true; |
1da177e4 LT |
610 | } |
611 | } | |
3f9bcca7 | 612 | spin_unlock(&cifs_tcp_ses_lock); |
b6b38f70 | 613 | cFYI(1, "Can not process oplock break for non-existent connection"); |
4b18f2a9 | 614 | return true; |
1da177e4 LT |
615 | } |
616 | ||
617 | void | |
792af7b0 | 618 | dump_smb(void *buf, int smb_buf_length) |
1da177e4 LT |
619 | { |
620 | int i, j; | |
621 | char debug_line[17]; | |
792af7b0 | 622 | unsigned char *buffer = buf; |
1da177e4 LT |
623 | |
624 | if (traceSMB == 0) | |
625 | return; | |
626 | ||
1da177e4 | 627 | for (i = 0, j = 0; i < smb_buf_length; i++, j++) { |
ad7a2926 SF |
628 | if (i % 8 == 0) { |
629 | /* have reached the beginning of line */ | |
1da177e4 LT |
630 | printk(KERN_DEBUG "| "); |
631 | j = 0; | |
632 | } | |
633 | printk("%0#4x ", buffer[i]); | |
634 | debug_line[2 * j] = ' '; | |
635 | if (isprint(buffer[i])) | |
636 | debug_line[1 + (2 * j)] = buffer[i]; | |
637 | else | |
638 | debug_line[1 + (2 * j)] = '_'; | |
639 | ||
ad7a2926 SF |
640 | if (i % 8 == 7) { |
641 | /* reached end of line, time to print ascii */ | |
1da177e4 LT |
642 | debug_line[16] = 0; |
643 | printk(" | %s\n", debug_line); | |
644 | } | |
645 | } | |
646 | for (; j < 8; j++) { | |
647 | printk(" "); | |
648 | debug_line[2 * j] = ' '; | |
649 | debug_line[1 + (2 * j)] = ' '; | |
650 | } | |
ad7a2926 | 651 | printk(" | %s\n", debug_line); |
1da177e4 LT |
652 | return; |
653 | } | |
6a0b4824 | 654 | |
ec06aedd JL |
655 | void |
656 | cifs_autodisable_serverino(struct cifs_sb_info *cifs_sb) | |
657 | { | |
658 | if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SERVER_INUM) { | |
f534dc99 | 659 | cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_SERVER_INUM; |
b6b38f70 | 660 | cERROR(1, "Autodisabling the use of server inode numbers on " |
ec06aedd JL |
661 | "%s. This server doesn't seem to support them " |
662 | "properly. Hardlinks will not be recognized on this " | |
663 | "mount. Consider mounting with the \"noserverino\" " | |
664 | "option to silence this message.", | |
0d424ad0 | 665 | cifs_sb_master_tcon(cifs_sb)->treeName); |
ec06aedd JL |
666 | } |
667 | } | |
e66673e3 | 668 | |
c6723628 | 669 | void cifs_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock) |
e66673e3 | 670 | { |
c6723628 | 671 | oplock &= 0xF; |
e66673e3 | 672 | |
c6723628 | 673 | if (oplock == OPLOCK_EXCLUSIVE) { |
e66673e3 PS |
674 | cinode->clientCanCacheAll = true; |
675 | cinode->clientCanCacheRead = true; | |
c6723628 PS |
676 | cFYI(1, "Exclusive Oplock granted on inode %p", |
677 | &cinode->vfs_inode); | |
678 | } else if (oplock == OPLOCK_READ) { | |
e66673e3 PS |
679 | cinode->clientCanCacheAll = false; |
680 | cinode->clientCanCacheRead = true; | |
c6723628 PS |
681 | cFYI(1, "Level II Oplock granted on inode %p", |
682 | &cinode->vfs_inode); | |
e66673e3 PS |
683 | } else { |
684 | cinode->clientCanCacheAll = false; | |
685 | cinode->clientCanCacheRead = false; | |
686 | } | |
687 | } | |
3d3ea8e6 SP |
688 | |
689 | bool | |
690 | backup_cred(struct cifs_sb_info *cifs_sb) | |
691 | { | |
692 | if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_CIFS_BACKUPUID) { | |
693 | if (cifs_sb->mnt_backupuid == current_fsuid()) | |
694 | return true; | |
695 | } | |
696 | if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_CIFS_BACKUPGID) { | |
697 | if (in_group_p(cifs_sb->mnt_backupgid)) | |
698 | return true; | |
699 | } | |
700 | ||
701 | return false; | |
702 | } | |
2d86dbc9 PS |
703 | |
704 | void | |
705 | cifs_add_credits(struct TCP_Server_Info *server, const unsigned int add) | |
706 | { | |
707 | spin_lock(&server->req_lock); | |
708 | server->credits += add; | |
709 | server->in_flight--; | |
710 | spin_unlock(&server->req_lock); | |
711 | wake_up(&server->request_q); | |
712 | } | |
713 | ||
714 | void | |
715 | cifs_set_credits(struct TCP_Server_Info *server, const int val) | |
716 | { | |
717 | spin_lock(&server->req_lock); | |
718 | server->credits = val; | |
719 | server->oplocks = val > 1 ? enable_oplocks : false; | |
720 | spin_unlock(&server->req_lock); | |
721 | } |