linux/fs/cifs/connect.c
<<
>>
Prefs
   1// SPDX-License-Identifier: LGPL-2.1
   2/*
   3 *   fs/cifs/connect.c
   4 *
   5 *   Copyright (C) International Business Machines  Corp., 2002,2011
   6 *   Author(s): Steve French (sfrench@us.ibm.com)
   7 *
   8 */
   9#include <linux/fs.h>
  10#include <linux/net.h>
  11#include <linux/string.h>
  12#include <linux/sched/mm.h>
  13#include <linux/sched/signal.h>
  14#include <linux/list.h>
  15#include <linux/wait.h>
  16#include <linux/slab.h>
  17#include <linux/pagemap.h>
  18#include <linux/ctype.h>
  19#include <linux/utsname.h>
  20#include <linux/mempool.h>
  21#include <linux/delay.h>
  22#include <linux/completion.h>
  23#include <linux/kthread.h>
  24#include <linux/pagevec.h>
  25#include <linux/freezer.h>
  26#include <linux/namei.h>
  27#include <linux/uuid.h>
  28#include <linux/uaccess.h>
  29#include <asm/processor.h>
  30#include <linux/inet.h>
  31#include <linux/module.h>
  32#include <keys/user-type.h>
  33#include <net/ipv6.h>
  34#include <linux/parser.h>
  35#include <linux/bvec.h>
  36#include "cifspdu.h"
  37#include "cifsglob.h"
  38#include "cifsproto.h"
  39#include "cifs_unicode.h"
  40#include "cifs_debug.h"
  41#include "cifs_fs_sb.h"
  42#include "ntlmssp.h"
  43#include "nterr.h"
  44#include "rfc1002pdu.h"
  45#include "fscache.h"
  46#include "smb2proto.h"
  47#include "smbdirect.h"
  48#include "dns_resolve.h"
  49#ifdef CONFIG_CIFS_DFS_UPCALL
  50#include "dfs_cache.h"
  51#endif
  52#include "fs_context.h"
  53#include "cifs_swn.h"
  54
  55extern mempool_t *cifs_req_poolp;
  56extern bool disable_legacy_dialects;
  57
  58/* FIXME: should these be tunable? */
  59#define TLINK_ERROR_EXPIRE      (1 * HZ)
  60#define TLINK_IDLE_EXPIRE       (600 * HZ)
  61
  62/* Drop the connection to not overload the server */
  63#define NUM_STATUS_IO_TIMEOUT   5
  64
  65static int ip_connect(struct TCP_Server_Info *server);
  66static int generic_ip_connect(struct TCP_Server_Info *server);
  67static void tlink_rb_insert(struct rb_root *root, struct tcon_link *new_tlink);
  68static void cifs_prune_tlinks(struct work_struct *work);
  69
  70/*
  71 * Resolve hostname and set ip addr in tcp ses. Useful for hostnames that may
  72 * get their ip addresses changed at some point.
  73 *
  74 * This should be called with server->srv_mutex held.
  75 */
  76static int reconn_set_ipaddr_from_hostname(struct TCP_Server_Info *server)
  77{
  78        int rc;
  79        int len;
  80        char *unc, *ipaddr = NULL;
  81        time64_t expiry, now;
  82        unsigned long ttl = SMB_DNS_RESOLVE_INTERVAL_DEFAULT;
  83
  84        if (!server->hostname)
  85                return -EINVAL;
  86
  87        len = strlen(server->hostname) + 3;
  88
  89        unc = kmalloc(len, GFP_KERNEL);
  90        if (!unc) {
  91                cifs_dbg(FYI, "%s: failed to create UNC path\n", __func__);
  92                return -ENOMEM;
  93        }
  94        scnprintf(unc, len, "\\\\%s", server->hostname);
  95
  96        rc = dns_resolve_server_name_to_ip(unc, &ipaddr, &expiry);
  97        kfree(unc);
  98
  99        if (rc < 0) {
 100                cifs_dbg(FYI, "%s: failed to resolve server part of %s to IP: %d\n",
 101                         __func__, server->hostname, rc);
 102                goto requeue_resolve;
 103        }
 104
 105        spin_lock(&cifs_tcp_ses_lock);
 106        rc = cifs_convert_address((struct sockaddr *)&server->dstaddr, ipaddr,
 107                                  strlen(ipaddr));
 108        spin_unlock(&cifs_tcp_ses_lock);
 109        kfree(ipaddr);
 110
 111        /* rc == 1 means success here */
 112        if (rc) {
 113                now = ktime_get_real_seconds();
 114                if (expiry && expiry > now)
 115                        /*
 116                         * To make sure we don't use the cached entry, retry 1s
 117                         * after expiry.
 118                         */
 119                        ttl = (expiry - now + 1);
 120        }
 121        rc = !rc ? -1 : 0;
 122
 123requeue_resolve:
 124        cifs_dbg(FYI, "%s: next dns resolution scheduled for %lu seconds in the future\n",
 125                 __func__, ttl);
 126        mod_delayed_work(cifsiod_wq, &server->resolve, (ttl * HZ));
 127
 128        return rc;
 129}
 130
 131
 132static void cifs_resolve_server(struct work_struct *work)
 133{
 134        int rc;
 135        struct TCP_Server_Info *server = container_of(work,
 136                                        struct TCP_Server_Info, resolve.work);
 137
 138        mutex_lock(&server->srv_mutex);
 139
 140        /*
 141         * Resolve the hostname again to make sure that IP address is up-to-date.
 142         */
 143        rc = reconn_set_ipaddr_from_hostname(server);
 144        if (rc) {
 145                cifs_dbg(FYI, "%s: failed to resolve hostname: %d\n",
 146                                __func__, rc);
 147        }
 148
 149        mutex_unlock(&server->srv_mutex);
 150}
 151
 152#ifdef CONFIG_CIFS_DFS_UPCALL
 153/* These functions must be called with server->srv_mutex held */
 154static void reconn_set_next_dfs_target(struct TCP_Server_Info *server,
 155                                       struct cifs_sb_info *cifs_sb,
 156                                       struct dfs_cache_tgt_list *tgt_list,
 157                                       struct dfs_cache_tgt_iterator **tgt_it)
 158{
 159        const char *name;
 160        int rc;
 161
 162        if (!cifs_sb || !cifs_sb->origin_fullpath)
 163                return;
 164
 165        if (!*tgt_it) {
 166                *tgt_it = dfs_cache_get_tgt_iterator(tgt_list);
 167        } else {
 168                *tgt_it = dfs_cache_get_next_tgt(tgt_list, *tgt_it);
 169                if (!*tgt_it)
 170                        *tgt_it = dfs_cache_get_tgt_iterator(tgt_list);
 171        }
 172
 173        cifs_dbg(FYI, "%s: UNC: %s\n", __func__, cifs_sb->origin_fullpath);
 174
 175        name = dfs_cache_get_tgt_name(*tgt_it);
 176
 177        kfree(server->hostname);
 178
 179        server->hostname = extract_hostname(name);
 180        if (IS_ERR(server->hostname)) {
 181                cifs_dbg(FYI,
 182                         "%s: failed to extract hostname from target: %ld\n",
 183                         __func__, PTR_ERR(server->hostname));
 184                return;
 185        }
 186
 187        rc = reconn_set_ipaddr_from_hostname(server);
 188        if (rc) {
 189                cifs_dbg(FYI, "%s: failed to resolve hostname: %d\n",
 190                         __func__, rc);
 191        }
 192}
 193
 194static inline int reconn_setup_dfs_targets(struct cifs_sb_info *cifs_sb,
 195                                           struct dfs_cache_tgt_list *tl)
 196{
 197        if (!cifs_sb->origin_fullpath)
 198                return -EOPNOTSUPP;
 199        return dfs_cache_noreq_find(cifs_sb->origin_fullpath + 1, NULL, tl);
 200}
 201#endif
 202
 203/*
 204 * cifs tcp session reconnection
 205 *
 206 * mark tcp session as reconnecting so temporarily locked
 207 * mark all smb sessions as reconnecting for tcp session
 208 * reconnect tcp session
 209 * wake up waiters on reconnection? - (not needed currently)
 210 */
 211int
 212cifs_reconnect(struct TCP_Server_Info *server)
 213{
 214        int rc = 0;
 215        struct list_head *tmp, *tmp2;
 216        struct cifs_ses *ses;
 217        struct cifs_tcon *tcon;
 218        struct mid_q_entry *mid_entry;
 219        struct list_head retry_list;
 220#ifdef CONFIG_CIFS_DFS_UPCALL
 221        struct super_block *sb = NULL;
 222        struct cifs_sb_info *cifs_sb = NULL;
 223        struct dfs_cache_tgt_list tgt_list = DFS_CACHE_TGT_LIST_INIT(tgt_list);
 224        struct dfs_cache_tgt_iterator *tgt_it = NULL;
 225#endif
 226
 227        spin_lock(&GlobalMid_Lock);
 228        server->nr_targets = 1;
 229#ifdef CONFIG_CIFS_DFS_UPCALL
 230        spin_unlock(&GlobalMid_Lock);
 231        sb = cifs_get_tcp_super(server);
 232        if (IS_ERR(sb)) {
 233                rc = PTR_ERR(sb);
 234                cifs_dbg(FYI, "%s: will not do DFS failover: rc = %d\n",
 235                         __func__, rc);
 236                sb = NULL;
 237        } else {
 238                cifs_sb = CIFS_SB(sb);
 239                rc = reconn_setup_dfs_targets(cifs_sb, &tgt_list);
 240                if (rc) {
 241                        cifs_sb = NULL;
 242                        if (rc != -EOPNOTSUPP) {
 243                                cifs_server_dbg(VFS, "%s: no target servers for DFS failover\n",
 244                                                __func__);
 245                        }
 246                } else {
 247                        server->nr_targets = dfs_cache_get_nr_tgts(&tgt_list);
 248                }
 249        }
 250        cifs_dbg(FYI, "%s: will retry %d target(s)\n", __func__,
 251                 server->nr_targets);
 252        spin_lock(&GlobalMid_Lock);
 253#endif
 254        if (server->tcpStatus == CifsExiting) {
 255                /* the demux thread will exit normally
 256                next time through the loop */
 257                spin_unlock(&GlobalMid_Lock);
 258#ifdef CONFIG_CIFS_DFS_UPCALL
 259                dfs_cache_free_tgts(&tgt_list);
 260                cifs_put_tcp_super(sb);
 261#endif
 262                wake_up(&server->response_q);
 263                return rc;
 264        } else
 265                server->tcpStatus = CifsNeedReconnect;
 266        spin_unlock(&GlobalMid_Lock);
 267        server->maxBuf = 0;
 268        server->max_read = 0;
 269
 270        cifs_dbg(FYI, "Mark tcp session as need reconnect\n");
 271        trace_smb3_reconnect(server->CurrentMid, server->conn_id, server->hostname);
 272
 273        /* before reconnecting the tcp session, mark the smb session (uid)
 274                and the tid bad so they are not used until reconnected */
 275        cifs_dbg(FYI, "%s: marking sessions and tcons for reconnect\n",
 276                 __func__);
 277        spin_lock(&cifs_tcp_ses_lock);
 278        list_for_each(tmp, &server->smb_ses_list) {
 279                ses = list_entry(tmp, struct cifs_ses, smb_ses_list);
 280                ses->need_reconnect = true;
 281                list_for_each(tmp2, &ses->tcon_list) {
 282                        tcon = list_entry(tmp2, struct cifs_tcon, tcon_list);
 283                        tcon->need_reconnect = true;
 284                }
 285                if (ses->tcon_ipc)
 286                        ses->tcon_ipc->need_reconnect = true;
 287        }
 288        spin_unlock(&cifs_tcp_ses_lock);
 289
 290        /* do not want to be sending data on a socket we are freeing */
 291        cifs_dbg(FYI, "%s: tearing down socket\n", __func__);
 292        mutex_lock(&server->srv_mutex);
 293        if (server->ssocket) {
 294                cifs_dbg(FYI, "State: 0x%x Flags: 0x%lx\n",
 295                         server->ssocket->state, server->ssocket->flags);
 296                kernel_sock_shutdown(server->ssocket, SHUT_WR);
 297                cifs_dbg(FYI, "Post shutdown state: 0x%x Flags: 0x%lx\n",
 298                         server->ssocket->state, server->ssocket->flags);
 299                sock_release(server->ssocket);
 300                server->ssocket = NULL;
 301        }
 302        server->sequence_number = 0;
 303        server->session_estab = false;
 304        kfree(server->session_key.response);
 305        server->session_key.response = NULL;
 306        server->session_key.len = 0;
 307        server->lstrp = jiffies;
 308
 309        /* mark submitted MIDs for retry and issue callback */
 310        INIT_LIST_HEAD(&retry_list);
 311        cifs_dbg(FYI, "%s: moving mids to private list\n", __func__);
 312        spin_lock(&GlobalMid_Lock);
 313        list_for_each_safe(tmp, tmp2, &server->pending_mid_q) {
 314                mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
 315                kref_get(&mid_entry->refcount);
 316                if (mid_entry->mid_state == MID_REQUEST_SUBMITTED)
 317                        mid_entry->mid_state = MID_RETRY_NEEDED;
 318                list_move(&mid_entry->qhead, &retry_list);
 319                mid_entry->mid_flags |= MID_DELETED;
 320        }
 321        spin_unlock(&GlobalMid_Lock);
 322        mutex_unlock(&server->srv_mutex);
 323
 324        cifs_dbg(FYI, "%s: issuing mid callbacks\n", __func__);
 325        list_for_each_safe(tmp, tmp2, &retry_list) {
 326                mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
 327                list_del_init(&mid_entry->qhead);
 328                mid_entry->callback(mid_entry);
 329                cifs_mid_q_entry_release(mid_entry);
 330        }
 331
 332        if (cifs_rdma_enabled(server)) {
 333                mutex_lock(&server->srv_mutex);
 334                smbd_destroy(server);
 335                mutex_unlock(&server->srv_mutex);
 336        }
 337
 338        do {
 339                try_to_freeze();
 340
 341                mutex_lock(&server->srv_mutex);
 342
 343
 344                if (!cifs_swn_set_server_dstaddr(server)) {
 345#ifdef CONFIG_CIFS_DFS_UPCALL
 346                if (cifs_sb && cifs_sb->origin_fullpath)
 347                        /*
 348                         * Set up next DFS target server (if any) for reconnect. If DFS
 349                         * feature is disabled, then we will retry last server we
 350                         * connected to before.
 351                         */
 352                        reconn_set_next_dfs_target(server, cifs_sb, &tgt_list, &tgt_it);
 353                else {
 354#endif
 355                        /*
 356                         * Resolve the hostname again to make sure that IP address is up-to-date.
 357                         */
 358                        rc = reconn_set_ipaddr_from_hostname(server);
 359                        if (rc) {
 360                                cifs_dbg(FYI, "%s: failed to resolve hostname: %d\n",
 361                                                __func__, rc);
 362                        }
 363
 364#ifdef CONFIG_CIFS_DFS_UPCALL
 365                }
 366#endif
 367
 368
 369                }
 370
 371                if (cifs_rdma_enabled(server))
 372                        rc = smbd_reconnect(server);
 373                else
 374                        rc = generic_ip_connect(server);
 375                if (rc) {
 376                        cifs_dbg(FYI, "reconnect error %d\n", rc);
 377                        mutex_unlock(&server->srv_mutex);
 378                        msleep(3000);
 379                } else {
 380                        atomic_inc(&tcpSesReconnectCount);
 381                        set_credits(server, 1);
 382                        spin_lock(&GlobalMid_Lock);
 383                        if (server->tcpStatus != CifsExiting)
 384                                server->tcpStatus = CifsNeedNegotiate;
 385                        spin_unlock(&GlobalMid_Lock);
 386                        cifs_swn_reset_server_dstaddr(server);
 387                        mutex_unlock(&server->srv_mutex);
 388                }
 389        } while (server->tcpStatus == CifsNeedReconnect);
 390
 391#ifdef CONFIG_CIFS_DFS_UPCALL
 392        if (tgt_it) {
 393                rc = dfs_cache_noreq_update_tgthint(cifs_sb->origin_fullpath + 1,
 394                                                    tgt_it);
 395                if (rc) {
 396                        cifs_server_dbg(VFS, "%s: failed to update DFS target hint: rc = %d\n",
 397                                 __func__, rc);
 398                }
 399                dfs_cache_free_tgts(&tgt_list);
 400        }
 401
 402        cifs_put_tcp_super(sb);
 403#endif
 404        if (server->tcpStatus == CifsNeedNegotiate)
 405                mod_delayed_work(cifsiod_wq, &server->echo, 0);
 406
 407        wake_up(&server->response_q);
 408        return rc;
 409}
 410
 411static void
 412cifs_echo_request(struct work_struct *work)
 413{
 414        int rc;
 415        struct TCP_Server_Info *server = container_of(work,
 416                                        struct TCP_Server_Info, echo.work);
 417
 418        /*
 419         * We cannot send an echo if it is disabled.
 420         * Also, no need to ping if we got a response recently.
 421         */
 422
 423        if (server->tcpStatus == CifsNeedReconnect ||
 424            server->tcpStatus == CifsExiting ||
 425            server->tcpStatus == CifsNew ||
 426            (server->ops->can_echo && !server->ops->can_echo(server)) ||
 427            time_before(jiffies, server->lstrp + server->echo_interval - HZ))
 428                goto requeue_echo;
 429
 430        rc = server->ops->echo ? server->ops->echo(server) : -ENOSYS;
 431        if (rc)
 432                cifs_dbg(FYI, "Unable to send echo request to server: %s\n",
 433                         server->hostname);
 434
 435        /* Check witness registrations */
 436        cifs_swn_check();
 437
 438requeue_echo:
 439        queue_delayed_work(cifsiod_wq, &server->echo, server->echo_interval);
 440}
 441
 442static bool
 443allocate_buffers(struct TCP_Server_Info *server)
 444{
 445        if (!server->bigbuf) {
 446                server->bigbuf = (char *)cifs_buf_get();
 447                if (!server->bigbuf) {
 448                        cifs_server_dbg(VFS, "No memory for large SMB response\n");
 449                        msleep(3000);
 450                        /* retry will check if exiting */
 451                        return false;
 452                }
 453        } else if (server->large_buf) {
 454                /* we are reusing a dirty large buf, clear its start */
 455                memset(server->bigbuf, 0, HEADER_SIZE(server));
 456        }
 457
 458        if (!server->smallbuf) {
 459                server->smallbuf = (char *)cifs_small_buf_get();
 460                if (!server->smallbuf) {
 461                        cifs_server_dbg(VFS, "No memory for SMB response\n");
 462                        msleep(1000);
 463                        /* retry will check if exiting */
 464                        return false;
 465                }
 466                /* beginning of smb buffer is cleared in our buf_get */
 467        } else {
 468                /* if existing small buf clear beginning */
 469                memset(server->smallbuf, 0, HEADER_SIZE(server));
 470        }
 471
 472        return true;
 473}
 474
 475static bool
 476server_unresponsive(struct TCP_Server_Info *server)
 477{
 478        /*
 479         * We need to wait 3 echo intervals to make sure we handle such
 480         * situations right:
 481         * 1s  client sends a normal SMB request
 482         * 2s  client gets a response
 483         * 30s echo workqueue job pops, and decides we got a response recently
 484         *     and don't need to send another
 485         * ...
 486         * 65s kernel_recvmsg times out, and we see that we haven't gotten
 487         *     a response in >60s.
 488         */
 489        if ((server->tcpStatus == CifsGood ||
 490            server->tcpStatus == CifsNeedNegotiate) &&
 491            (!server->ops->can_echo || server->ops->can_echo(server)) &&
 492            time_after(jiffies, server->lstrp + 3 * server->echo_interval)) {
 493                cifs_server_dbg(VFS, "has not responded in %lu seconds. Reconnecting...\n",
 494                         (3 * server->echo_interval) / HZ);
 495                cifs_reconnect(server);
 496                return true;
 497        }
 498
 499        return false;
 500}
 501
 502static inline bool
 503zero_credits(struct TCP_Server_Info *server)
 504{
 505        int val;
 506
 507        spin_lock(&server->req_lock);
 508        val = server->credits + server->echo_credits + server->oplock_credits;
 509        if (server->in_flight == 0 && val == 0) {
 510                spin_unlock(&server->req_lock);
 511                return true;
 512        }
 513        spin_unlock(&server->req_lock);
 514        return false;
 515}
 516
 517static int
 518cifs_readv_from_socket(struct TCP_Server_Info *server, struct msghdr *smb_msg)
 519{
 520        int length = 0;
 521        int total_read;
 522
 523        smb_msg->msg_control = NULL;
 524        smb_msg->msg_controllen = 0;
 525
 526        for (total_read = 0; msg_data_left(smb_msg); total_read += length) {
 527                try_to_freeze();
 528
 529                /* reconnect if no credits and no requests in flight */
 530                if (zero_credits(server)) {
 531                        cifs_reconnect(server);
 532                        return -ECONNABORTED;
 533                }
 534
 535                if (server_unresponsive(server))
 536                        return -ECONNABORTED;
 537                if (cifs_rdma_enabled(server) && server->smbd_conn)
 538                        length = smbd_recv(server->smbd_conn, smb_msg);
 539                else
 540                        length = sock_recvmsg(server->ssocket, smb_msg, 0);
 541
 542                if (server->tcpStatus == CifsExiting)
 543                        return -ESHUTDOWN;
 544
 545                if (server->tcpStatus == CifsNeedReconnect) {
 546                        cifs_reconnect(server);
 547                        return -ECONNABORTED;
 548                }
 549
 550                if (length == -ERESTARTSYS ||
 551                    length == -EAGAIN ||
 552                    length == -EINTR) {
 553                        /*
 554                         * Minimum sleep to prevent looping, allowing socket
 555                         * to clear and app threads to set tcpStatus
 556                         * CifsNeedReconnect if server hung.
 557                         */
 558                        usleep_range(1000, 2000);
 559                        length = 0;
 560                        continue;
 561                }
 562
 563                if (length <= 0) {
 564                        cifs_dbg(FYI, "Received no data or error: %d\n", length);
 565                        cifs_reconnect(server);
 566                        return -ECONNABORTED;
 567                }
 568        }
 569        return total_read;
 570}
 571
 572int
 573cifs_read_from_socket(struct TCP_Server_Info *server, char *buf,
 574                      unsigned int to_read)
 575{
 576        struct msghdr smb_msg;
 577        struct kvec iov = {.iov_base = buf, .iov_len = to_read};
 578        iov_iter_kvec(&smb_msg.msg_iter, READ, &iov, 1, to_read);
 579
 580        return cifs_readv_from_socket(server, &smb_msg);
 581}
 582
 583ssize_t
 584cifs_discard_from_socket(struct TCP_Server_Info *server, size_t to_read)
 585{
 586        struct msghdr smb_msg;
 587
 588        /*
 589         *  iov_iter_discard already sets smb_msg.type and count and iov_offset
 590         *  and cifs_readv_from_socket sets msg_control and msg_controllen
 591         *  so little to initialize in struct msghdr
 592         */
 593        smb_msg.msg_name = NULL;
 594        smb_msg.msg_namelen = 0;
 595        iov_iter_discard(&smb_msg.msg_iter, READ, to_read);
 596
 597        return cifs_readv_from_socket(server, &smb_msg);
 598}
 599
 600int
 601cifs_read_page_from_socket(struct TCP_Server_Info *server, struct page *page,
 602        unsigned int page_offset, unsigned int to_read)
 603{
 604        struct msghdr smb_msg;
 605        struct bio_vec bv = {
 606                .bv_page = page, .bv_len = to_read, .bv_offset = page_offset};
 607        iov_iter_bvec(&smb_msg.msg_iter, READ, &bv, 1, to_read);
 608        return cifs_readv_from_socket(server, &smb_msg);
 609}
 610
 611static bool
 612is_smb_response(struct TCP_Server_Info *server, unsigned char type)
 613{
 614        /*
 615         * The first byte big endian of the length field,
 616         * is actually not part of the length but the type
 617         * with the most common, zero, as regular data.
 618         */
 619        switch (type) {
 620        case RFC1002_SESSION_MESSAGE:
 621                /* Regular SMB response */
 622                return true;
 623        case RFC1002_SESSION_KEEP_ALIVE:
 624                cifs_dbg(FYI, "RFC 1002 session keep alive\n");
 625                break;
 626        case RFC1002_POSITIVE_SESSION_RESPONSE:
 627                cifs_dbg(FYI, "RFC 1002 positive session response\n");
 628                break;
 629        case RFC1002_NEGATIVE_SESSION_RESPONSE:
 630                /*
 631                 * We get this from Windows 98 instead of an error on
 632                 * SMB negprot response.
 633                 */
 634                cifs_dbg(FYI, "RFC 1002 negative session response\n");
 635                /* give server a second to clean up */
 636                msleep(1000);
 637                /*
 638                 * Always try 445 first on reconnect since we get NACK
 639                 * on some if we ever connected to port 139 (the NACK
 640                 * is since we do not begin with RFC1001 session
 641                 * initialize frame).
 642                 */
 643                cifs_set_port((struct sockaddr *)&server->dstaddr, CIFS_PORT);
 644                cifs_reconnect(server);
 645                break;
 646        default:
 647                cifs_server_dbg(VFS, "RFC 1002 unknown response type 0x%x\n", type);
 648                cifs_reconnect(server);
 649        }
 650
 651        return false;
 652}
 653
 654void
 655dequeue_mid(struct mid_q_entry *mid, bool malformed)
 656{
 657#ifdef CONFIG_CIFS_STATS2
 658        mid->when_received = jiffies;
 659#endif
 660        spin_lock(&GlobalMid_Lock);
 661        if (!malformed)
 662                mid->mid_state = MID_RESPONSE_RECEIVED;
 663        else
 664                mid->mid_state = MID_RESPONSE_MALFORMED;
 665        /*
 666         * Trying to handle/dequeue a mid after the send_recv()
 667         * function has finished processing it is a bug.
 668         */
 669        if (mid->mid_flags & MID_DELETED)
 670                pr_warn_once("trying to dequeue a deleted mid\n");
 671        else {
 672                list_del_init(&mid->qhead);
 673                mid->mid_flags |= MID_DELETED;
 674        }
 675        spin_unlock(&GlobalMid_Lock);
 676}
 677
 678static unsigned int
 679smb2_get_credits_from_hdr(char *buffer, struct TCP_Server_Info *server)
 680{
 681        struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)buffer;
 682
 683        /*
 684         * SMB1 does not use credits.
 685         */
 686        if (server->vals->header_preamble_size)
 687                return 0;
 688
 689        return le16_to_cpu(shdr->CreditRequest);
 690}
 691
 692static void
 693handle_mid(struct mid_q_entry *mid, struct TCP_Server_Info *server,
 694           char *buf, int malformed)
 695{
 696        if (server->ops->check_trans2 &&
 697            server->ops->check_trans2(mid, server, buf, malformed))
 698                return;
 699        mid->credits_received = smb2_get_credits_from_hdr(buf, server);
 700        mid->resp_buf = buf;
 701        mid->large_buf = server->large_buf;
 702        /* Was previous buf put in mpx struct for multi-rsp? */
 703        if (!mid->multiRsp) {
 704                /* smb buffer will be freed by user thread */
 705                if (server->large_buf)
 706                        server->bigbuf = NULL;
 707                else
 708                        server->smallbuf = NULL;
 709        }
 710        dequeue_mid(mid, malformed);
 711}
 712
 713static void clean_demultiplex_info(struct TCP_Server_Info *server)
 714{
 715        int length;
 716
 717        /* take it off the list, if it's not already */
 718        spin_lock(&cifs_tcp_ses_lock);
 719        list_del_init(&server->tcp_ses_list);
 720        spin_unlock(&cifs_tcp_ses_lock);
 721
 722        cancel_delayed_work_sync(&server->echo);
 723        cancel_delayed_work_sync(&server->resolve);
 724
 725        spin_lock(&GlobalMid_Lock);
 726        server->tcpStatus = CifsExiting;
 727        spin_unlock(&GlobalMid_Lock);
 728        wake_up_all(&server->response_q);
 729
 730        /* check if we have blocked requests that need to free */
 731        spin_lock(&server->req_lock);
 732        if (server->credits <= 0)
 733                server->credits = 1;
 734        spin_unlock(&server->req_lock);
 735        /*
 736         * Although there should not be any requests blocked on this queue it
 737         * can not hurt to be paranoid and try to wake up requests that may
 738         * haven been blocked when more than 50 at time were on the wire to the
 739         * same server - they now will see the session is in exit state and get
 740         * out of SendReceive.
 741         */
 742        wake_up_all(&server->request_q);
 743        /* give those requests time to exit */
 744        msleep(125);
 745        if (cifs_rdma_enabled(server))
 746                smbd_destroy(server);
 747        if (server->ssocket) {
 748                sock_release(server->ssocket);
 749                server->ssocket = NULL;
 750        }
 751
 752        if (!list_empty(&server->pending_mid_q)) {
 753                struct list_head dispose_list;
 754                struct mid_q_entry *mid_entry;
 755                struct list_head *tmp, *tmp2;
 756
 757                INIT_LIST_HEAD(&dispose_list);
 758                spin_lock(&GlobalMid_Lock);
 759                list_for_each_safe(tmp, tmp2, &server->pending_mid_q) {
 760                        mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
 761                        cifs_dbg(FYI, "Clearing mid %llu\n", mid_entry->mid);
 762                        kref_get(&mid_entry->refcount);
 763                        mid_entry->mid_state = MID_SHUTDOWN;
 764                        list_move(&mid_entry->qhead, &dispose_list);
 765                        mid_entry->mid_flags |= MID_DELETED;
 766                }
 767                spin_unlock(&GlobalMid_Lock);
 768
 769                /* now walk dispose list and issue callbacks */
 770                list_for_each_safe(tmp, tmp2, &dispose_list) {
 771                        mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
 772                        cifs_dbg(FYI, "Callback mid %llu\n", mid_entry->mid);
 773                        list_del_init(&mid_entry->qhead);
 774                        mid_entry->callback(mid_entry);
 775                        cifs_mid_q_entry_release(mid_entry);
 776                }
 777                /* 1/8th of sec is more than enough time for them to exit */
 778                msleep(125);
 779        }
 780
 781        if (!list_empty(&server->pending_mid_q)) {
 782                /*
 783                 * mpx threads have not exited yet give them at least the smb
 784                 * send timeout time for long ops.
 785                 *
 786                 * Due to delays on oplock break requests, we need to wait at
 787                 * least 45 seconds before giving up on a request getting a
 788                 * response and going ahead and killing cifsd.
 789                 */
 790                cifs_dbg(FYI, "Wait for exit from demultiplex thread\n");
 791                msleep(46000);
 792                /*
 793                 * If threads still have not exited they are probably never
 794                 * coming home not much else we can do but free the memory.
 795                 */
 796        }
 797
 798        kfree(server->hostname);
 799        kfree(server);
 800
 801        length = atomic_dec_return(&tcpSesAllocCount);
 802        if (length > 0)
 803                mempool_resize(cifs_req_poolp, length + cifs_min_rcv);
 804}
 805
 806static int
 807standard_receive3(struct TCP_Server_Info *server, struct mid_q_entry *mid)
 808{
 809        int length;
 810        char *buf = server->smallbuf;
 811        unsigned int pdu_length = server->pdu_size;
 812
 813        /* make sure this will fit in a large buffer */
 814        if (pdu_length > CIFSMaxBufSize + MAX_HEADER_SIZE(server) -
 815                server->vals->header_preamble_size) {
 816                cifs_server_dbg(VFS, "SMB response too long (%u bytes)\n", pdu_length);
 817                cifs_reconnect(server);
 818                return -ECONNABORTED;
 819        }
 820
 821        /* switch to large buffer if too big for a small one */
 822        if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
 823                server->large_buf = true;
 824                memcpy(server->bigbuf, buf, server->total_read);
 825                buf = server->bigbuf;
 826        }
 827
 828        /* now read the rest */
 829        length = cifs_read_from_socket(server, buf + HEADER_SIZE(server) - 1,
 830                                       pdu_length - HEADER_SIZE(server) + 1
 831                                       + server->vals->header_preamble_size);
 832
 833        if (length < 0)
 834                return length;
 835        server->total_read += length;
 836
 837        dump_smb(buf, server->total_read);
 838
 839        return cifs_handle_standard(server, mid);
 840}
 841
 842int
 843cifs_handle_standard(struct TCP_Server_Info *server, struct mid_q_entry *mid)
 844{
 845        char *buf = server->large_buf ? server->bigbuf : server->smallbuf;
 846        int length;
 847
 848        /*
 849         * We know that we received enough to get to the MID as we
 850         * checked the pdu_length earlier. Now check to see
 851         * if the rest of the header is OK. We borrow the length
 852         * var for the rest of the loop to avoid a new stack var.
 853         *
 854         * 48 bytes is enough to display the header and a little bit
 855         * into the payload for debugging purposes.
 856         */
 857        length = server->ops->check_message(buf, server->total_read, server);
 858        if (length != 0)
 859                cifs_dump_mem("Bad SMB: ", buf,
 860                        min_t(unsigned int, server->total_read, 48));
 861
 862        if (server->ops->is_session_expired &&
 863            server->ops->is_session_expired(buf)) {
 864                cifs_reconnect(server);
 865                return -1;
 866        }
 867
 868        if (server->ops->is_status_pending &&
 869            server->ops->is_status_pending(buf, server))
 870                return -1;
 871
 872        if (!mid)
 873                return length;
 874
 875        handle_mid(mid, server, buf, length);
 876        return 0;
 877}
 878
 879static void
 880smb2_add_credits_from_hdr(char *buffer, struct TCP_Server_Info *server)
 881{
 882        struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)buffer;
 883        int scredits, in_flight;
 884
 885        /*
 886         * SMB1 does not use credits.
 887         */
 888        if (server->vals->header_preamble_size)
 889                return;
 890
 891        if (shdr->CreditRequest) {
 892                spin_lock(&server->req_lock);
 893                server->credits += le16_to_cpu(shdr->CreditRequest);
 894                scredits = server->credits;
 895                in_flight = server->in_flight;
 896                spin_unlock(&server->req_lock);
 897                wake_up(&server->request_q);
 898
 899                trace_smb3_add_credits(server->CurrentMid,
 900                                server->conn_id, server->hostname, scredits,
 901                                le16_to_cpu(shdr->CreditRequest), in_flight);
 902                cifs_server_dbg(FYI, "%s: added %u credits total=%d\n",
 903                                __func__, le16_to_cpu(shdr->CreditRequest),
 904                                scredits);
 905        }
 906}
 907
 908
 909static int
 910cifs_demultiplex_thread(void *p)
 911{
 912        int i, num_mids, length;
 913        struct TCP_Server_Info *server = p;
 914        unsigned int pdu_length;
 915        unsigned int next_offset;
 916        char *buf = NULL;
 917        struct task_struct *task_to_wake = NULL;
 918        struct mid_q_entry *mids[MAX_COMPOUND];
 919        char *bufs[MAX_COMPOUND];
 920        unsigned int noreclaim_flag, num_io_timeout = 0;
 921
 922        noreclaim_flag = memalloc_noreclaim_save();
 923        cifs_dbg(FYI, "Demultiplex PID: %d\n", task_pid_nr(current));
 924
 925        length = atomic_inc_return(&tcpSesAllocCount);
 926        if (length > 1)
 927                mempool_resize(cifs_req_poolp, length + cifs_min_rcv);
 928
 929        set_freezable();
 930        allow_kernel_signal(SIGKILL);
 931        while (server->tcpStatus != CifsExiting) {
 932                if (try_to_freeze())
 933                        continue;
 934
 935                if (!allocate_buffers(server))
 936                        continue;
 937
 938                server->large_buf = false;
 939                buf = server->smallbuf;
 940                pdu_length = 4; /* enough to get RFC1001 header */
 941
 942                length = cifs_read_from_socket(server, buf, pdu_length);
 943                if (length < 0)
 944                        continue;
 945
 946                if (server->vals->header_preamble_size == 0)
 947                        server->total_read = 0;
 948                else
 949                        server->total_read = length;
 950
 951                /*
 952                 * The right amount was read from socket - 4 bytes,
 953                 * so we can now interpret the length field.
 954                 */
 955                pdu_length = get_rfc1002_length(buf);
 956
 957                cifs_dbg(FYI, "RFC1002 header 0x%x\n", pdu_length);
 958                if (!is_smb_response(server, buf[0]))
 959                        continue;
 960next_pdu:
 961                server->pdu_size = pdu_length;
 962
 963                /* make sure we have enough to get to the MID */
 964                if (server->pdu_size < HEADER_SIZE(server) - 1 -
 965                    server->vals->header_preamble_size) {
 966                        cifs_server_dbg(VFS, "SMB response too short (%u bytes)\n",
 967                                 server->pdu_size);
 968                        cifs_reconnect(server);
 969                        continue;
 970                }
 971
 972                /* read down to the MID */
 973                length = cifs_read_from_socket(server,
 974                             buf + server->vals->header_preamble_size,
 975                             HEADER_SIZE(server) - 1
 976                             - server->vals->header_preamble_size);
 977                if (length < 0)
 978                        continue;
 979                server->total_read += length;
 980
 981                if (server->ops->next_header) {
 982                        next_offset = server->ops->next_header(buf);
 983                        if (next_offset)
 984                                server->pdu_size = next_offset;
 985                }
 986
 987                memset(mids, 0, sizeof(mids));
 988                memset(bufs, 0, sizeof(bufs));
 989                num_mids = 0;
 990
 991                if (server->ops->is_transform_hdr &&
 992                    server->ops->receive_transform &&
 993                    server->ops->is_transform_hdr(buf)) {
 994                        length = server->ops->receive_transform(server,
 995                                                                mids,
 996                                                                bufs,
 997                                                                &num_mids);
 998                } else {
 999                        mids[0] = server->ops->find_mid(server, buf);
1000                        bufs[0] = buf;
1001                        num_mids = 1;
1002
1003                        if (!mids[0] || !mids[0]->receive)
1004                                length = standard_receive3(server, mids[0]);
1005                        else
1006                                length = mids[0]->receive(server, mids[0]);
1007                }
1008
1009                if (length < 0) {
1010                        for (i = 0; i < num_mids; i++)
1011                                if (mids[i])
1012                                        cifs_mid_q_entry_release(mids[i]);
1013                        continue;
1014                }
1015
1016                if (server->ops->is_status_io_timeout &&
1017                    server->ops->is_status_io_timeout(buf)) {
1018                        num_io_timeout++;
1019                        if (num_io_timeout > NUM_STATUS_IO_TIMEOUT) {
1020                                cifs_reconnect(server);
1021                                num_io_timeout = 0;
1022                                continue;
1023                        }
1024                }
1025
1026                server->lstrp = jiffies;
1027
1028                for (i = 0; i < num_mids; i++) {
1029                        if (mids[i] != NULL) {
1030                                mids[i]->resp_buf_size = server->pdu_size;
1031
1032                                if (bufs[i] && server->ops->is_network_name_deleted)
1033                                        server->ops->is_network_name_deleted(bufs[i],
1034                                                                        server);
1035
1036                                if (!mids[i]->multiRsp || mids[i]->multiEnd)
1037                                        mids[i]->callback(mids[i]);
1038
1039                                cifs_mid_q_entry_release(mids[i]);
1040                        } else if (server->ops->is_oplock_break &&
1041                                   server->ops->is_oplock_break(bufs[i],
1042                                                                server)) {
1043                                smb2_add_credits_from_hdr(bufs[i], server);
1044                                cifs_dbg(FYI, "Received oplock break\n");
1045                        } else {
1046                                cifs_server_dbg(VFS, "No task to wake, unknown frame received! NumMids %d\n",
1047                                                atomic_read(&midCount));
1048                                cifs_dump_mem("Received Data is: ", bufs[i],
1049                                              HEADER_SIZE(server));
1050                                smb2_add_credits_from_hdr(bufs[i], server);
1051#ifdef CONFIG_CIFS_DEBUG2
1052                                if (server->ops->dump_detail)
1053                                        server->ops->dump_detail(bufs[i],
1054                                                                 server);
1055                                cifs_dump_mids(server);
1056#endif /* CIFS_DEBUG2 */
1057                        }
1058                }
1059
1060                if (pdu_length > server->pdu_size) {
1061                        if (!allocate_buffers(server))
1062                                continue;
1063                        pdu_length -= server->pdu_size;
1064                        server->total_read = 0;
1065                        server->large_buf = false;
1066                        buf = server->smallbuf;
1067                        goto next_pdu;
1068                }
1069        } /* end while !EXITING */
1070
1071        /* buffer usually freed in free_mid - need to free it here on exit */
1072        cifs_buf_release(server->bigbuf);
1073        if (server->smallbuf) /* no sense logging a debug message if NULL */
1074                cifs_small_buf_release(server->smallbuf);
1075
1076        task_to_wake = xchg(&server->tsk, NULL);
1077        clean_demultiplex_info(server);
1078
1079        /* if server->tsk was NULL then wait for a signal before exiting */
1080        if (!task_to_wake) {
1081                set_current_state(TASK_INTERRUPTIBLE);
1082                while (!signal_pending(current)) {
1083                        schedule();
1084                        set_current_state(TASK_INTERRUPTIBLE);
1085                }
1086                set_current_state(TASK_RUNNING);
1087        }
1088
1089        memalloc_noreclaim_restore(noreclaim_flag);
1090        module_put_and_exit(0);
1091}
1092
1093/**
1094 * Returns true if srcaddr isn't specified and rhs isn't specified, or
1095 * if srcaddr is specified and matches the IP address of the rhs argument
1096 */
1097bool
1098cifs_match_ipaddr(struct sockaddr *srcaddr, struct sockaddr *rhs)
1099{
1100        switch (srcaddr->sa_family) {
1101        case AF_UNSPEC:
1102                return (rhs->sa_family == AF_UNSPEC);
1103        case AF_INET: {
1104                struct sockaddr_in *saddr4 = (struct sockaddr_in *)srcaddr;
1105                struct sockaddr_in *vaddr4 = (struct sockaddr_in *)rhs;
1106                return (saddr4->sin_addr.s_addr == vaddr4->sin_addr.s_addr);
1107        }
1108        case AF_INET6: {
1109                struct sockaddr_in6 *saddr6 = (struct sockaddr_in6 *)srcaddr;
1110                struct sockaddr_in6 *vaddr6 = (struct sockaddr_in6 *)rhs;
1111                return ipv6_addr_equal(&saddr6->sin6_addr, &vaddr6->sin6_addr);
1112        }
1113        default:
1114                WARN_ON(1);
1115                return false; /* don't expect to be here */
1116        }
1117}
1118
1119/*
1120 * If no port is specified in addr structure, we try to match with 445 port
1121 * and if it fails - with 139 ports. It should be called only if address
1122 * families of server and addr are equal.
1123 */
1124static bool
1125match_port(struct TCP_Server_Info *server, struct sockaddr *addr)
1126{
1127        __be16 port, *sport;
1128
1129        /* SMBDirect manages its own ports, don't match it here */
1130        if (server->rdma)
1131                return true;
1132
1133        switch (addr->sa_family) {
1134        case AF_INET:
1135                sport = &((struct sockaddr_in *) &server->dstaddr)->sin_port;
1136                port = ((struct sockaddr_in *) addr)->sin_port;
1137                break;
1138        case AF_INET6:
1139                sport = &((struct sockaddr_in6 *) &server->dstaddr)->sin6_port;
1140                port = ((struct sockaddr_in6 *) addr)->sin6_port;
1141                break;
1142        default:
1143                WARN_ON(1);
1144                return false;
1145        }
1146
1147        if (!port) {
1148                port = htons(CIFS_PORT);
1149                if (port == *sport)
1150                        return true;
1151
1152                port = htons(RFC1001_PORT);
1153        }
1154
1155        return port == *sport;
1156}
1157
1158static bool
1159match_address(struct TCP_Server_Info *server, struct sockaddr *addr,
1160              struct sockaddr *srcaddr)
1161{
1162        switch (addr->sa_family) {
1163        case AF_INET: {
1164                struct sockaddr_in *addr4 = (struct sockaddr_in *)addr;
1165                struct sockaddr_in *srv_addr4 =
1166                                        (struct sockaddr_in *)&server->dstaddr;
1167
1168                if (addr4->sin_addr.s_addr != srv_addr4->sin_addr.s_addr)
1169                        return false;
1170                break;
1171        }
1172        case AF_INET6: {
1173                struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)addr;
1174                struct sockaddr_in6 *srv_addr6 =
1175                                        (struct sockaddr_in6 *)&server->dstaddr;
1176
1177                if (!ipv6_addr_equal(&addr6->sin6_addr,
1178                                     &srv_addr6->sin6_addr))
1179                        return false;
1180                if (addr6->sin6_scope_id != srv_addr6->sin6_scope_id)
1181                        return false;
1182                break;
1183        }
1184        default:
1185                WARN_ON(1);
1186                return false; /* don't expect to be here */
1187        }
1188
1189        if (!cifs_match_ipaddr(srcaddr, (struct sockaddr *)&server->srcaddr))
1190                return false;
1191
1192        return true;
1193}
1194
1195static bool
1196match_security(struct TCP_Server_Info *server, struct smb3_fs_context *ctx)
1197{
1198        /*
1199         * The select_sectype function should either return the ctx->sectype
1200         * that was specified, or "Unspecified" if that sectype was not
1201         * compatible with the given NEGOTIATE request.
1202         */
1203        if (server->ops->select_sectype(server, ctx->sectype)
1204             == Unspecified)
1205                return false;
1206
1207        /*
1208         * Now check if signing mode is acceptable. No need to check
1209         * global_secflags at this point since if MUST_SIGN is set then
1210         * the server->sign had better be too.
1211         */
1212        if (ctx->sign && !server->sign)
1213                return false;
1214
1215        return true;
1216}
1217
1218static int match_server(struct TCP_Server_Info *server, struct smb3_fs_context *ctx)
1219{
1220        struct sockaddr *addr = (struct sockaddr *)&ctx->dstaddr;
1221
1222        if (ctx->nosharesock)
1223                return 0;
1224
1225        /* If multidialect negotiation see if existing sessions match one */
1226        if (strcmp(ctx->vals->version_string, SMB3ANY_VERSION_STRING) == 0) {
1227                if (server->vals->protocol_id < SMB30_PROT_ID)
1228                        return 0;
1229        } else if (strcmp(ctx->vals->version_string,
1230                   SMBDEFAULT_VERSION_STRING) == 0) {
1231                if (server->vals->protocol_id < SMB21_PROT_ID)
1232                        return 0;
1233        } else if ((server->vals != ctx->vals) || (server->ops != ctx->ops))
1234                return 0;
1235
1236        if (!net_eq(cifs_net_ns(server), current->nsproxy->net_ns))
1237                return 0;
1238
1239        if (!match_address(server, addr,
1240                           (struct sockaddr *)&ctx->srcaddr))
1241                return 0;
1242
1243        if (!match_port(server, addr))
1244                return 0;
1245
1246        if (!match_security(server, ctx))
1247                return 0;
1248
1249        if (server->echo_interval != ctx->echo_interval * HZ)
1250                return 0;
1251
1252        if (server->rdma != ctx->rdma)
1253                return 0;
1254
1255        if (server->ignore_signature != ctx->ignore_signature)
1256                return 0;
1257
1258        if (server->min_offload != ctx->min_offload)
1259                return 0;
1260
1261        return 1;
1262}
1263
1264struct TCP_Server_Info *
1265cifs_find_tcp_session(struct smb3_fs_context *ctx)
1266{
1267        struct TCP_Server_Info *server;
1268
1269        spin_lock(&cifs_tcp_ses_lock);
1270        list_for_each_entry(server, &cifs_tcp_ses_list, tcp_ses_list) {
1271#ifdef CONFIG_CIFS_DFS_UPCALL
1272                /*
1273                 * DFS failover implementation in cifs_reconnect() requires unique tcp sessions for
1274                 * DFS connections to do failover properly, so avoid sharing them with regular
1275                 * shares or even links that may connect to same server but having completely
1276                 * different failover targets.
1277                 */
1278                if (server->is_dfs_conn)
1279                        continue;
1280#endif
1281                /*
1282                 * Skip ses channels since they're only handled in lower layers
1283                 * (e.g. cifs_send_recv).
1284                 */
1285                if (server->is_channel || !match_server(server, ctx))
1286                        continue;
1287
1288                ++server->srv_count;
1289                spin_unlock(&cifs_tcp_ses_lock);
1290                cifs_dbg(FYI, "Existing tcp session with server found\n");
1291                return server;
1292        }
1293        spin_unlock(&cifs_tcp_ses_lock);
1294        return NULL;
1295}
1296
1297void
1298cifs_put_tcp_session(struct TCP_Server_Info *server, int from_reconnect)
1299{
1300        struct task_struct *task;
1301
1302        spin_lock(&cifs_tcp_ses_lock);
1303        if (--server->srv_count > 0) {
1304                spin_unlock(&cifs_tcp_ses_lock);
1305                return;
1306        }
1307
1308        /* srv_count can never go negative */
1309        WARN_ON(server->srv_count < 0);
1310
1311        put_net(cifs_net_ns(server));
1312
1313        list_del_init(&server->tcp_ses_list);
1314        spin_unlock(&cifs_tcp_ses_lock);
1315
1316        cancel_delayed_work_sync(&server->echo);
1317        cancel_delayed_work_sync(&server->resolve);
1318
1319        if (from_reconnect)
1320                /*
1321                 * Avoid deadlock here: reconnect work calls
1322                 * cifs_put_tcp_session() at its end. Need to be sure
1323                 * that reconnect work does nothing with server pointer after
1324                 * that step.
1325                 */
1326                cancel_delayed_work(&server->reconnect);
1327        else
1328                cancel_delayed_work_sync(&server->reconnect);
1329
1330        spin_lock(&GlobalMid_Lock);
1331        server->tcpStatus = CifsExiting;
1332        spin_unlock(&GlobalMid_Lock);
1333
1334        cifs_crypto_secmech_release(server);
1335        cifs_fscache_release_client_cookie(server);
1336
1337        kfree(server->session_key.response);
1338        server->session_key.response = NULL;
1339        server->session_key.len = 0;
1340
1341        task = xchg(&server->tsk, NULL);
1342        if (task)
1343                send_sig(SIGKILL, task, 1);
1344}
1345
1346struct TCP_Server_Info *
1347cifs_get_tcp_session(struct smb3_fs_context *ctx)
1348{
1349        struct TCP_Server_Info *tcp_ses = NULL;
1350        int rc;
1351
1352        cifs_dbg(FYI, "UNC: %s\n", ctx->UNC);
1353
1354        /* see if we already have a matching tcp_ses */
1355        tcp_ses = cifs_find_tcp_session(ctx);
1356        if (tcp_ses)
1357                return tcp_ses;
1358
1359        tcp_ses = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL);
1360        if (!tcp_ses) {
1361                rc = -ENOMEM;
1362                goto out_err;
1363        }
1364
1365        tcp_ses->ops = ctx->ops;
1366        tcp_ses->vals = ctx->vals;
1367        cifs_set_net_ns(tcp_ses, get_net(current->nsproxy->net_ns));
1368        tcp_ses->hostname = extract_hostname(ctx->UNC);
1369        if (IS_ERR(tcp_ses->hostname)) {
1370                rc = PTR_ERR(tcp_ses->hostname);
1371                goto out_err_crypto_release;
1372        }
1373
1374        tcp_ses->conn_id = atomic_inc_return(&tcpSesNextId);
1375        tcp_ses->noblockcnt = ctx->rootfs;
1376        tcp_ses->noblocksnd = ctx->noblocksnd || ctx->rootfs;
1377        tcp_ses->noautotune = ctx->noautotune;
1378        tcp_ses->tcp_nodelay = ctx->sockopt_tcp_nodelay;
1379        tcp_ses->rdma = ctx->rdma;
1380        tcp_ses->in_flight = 0;
1381        tcp_ses->max_in_flight = 0;
1382        tcp_ses->credits = 1;
1383        init_waitqueue_head(&tcp_ses->response_q);
1384        init_waitqueue_head(&tcp_ses->request_q);
1385        INIT_LIST_HEAD(&tcp_ses->pending_mid_q);
1386        mutex_init(&tcp_ses->srv_mutex);
1387        memcpy(tcp_ses->workstation_RFC1001_name,
1388                ctx->source_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1389        memcpy(tcp_ses->server_RFC1001_name,
1390                ctx->target_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1391        tcp_ses->session_estab = false;
1392        tcp_ses->sequence_number = 0;
1393        tcp_ses->reconnect_instance = 1;
1394        tcp_ses->lstrp = jiffies;
1395        tcp_ses->compress_algorithm = cpu_to_le16(ctx->compression);
1396        spin_lock_init(&tcp_ses->req_lock);
1397        INIT_LIST_HEAD(&tcp_ses->tcp_ses_list);
1398        INIT_LIST_HEAD(&tcp_ses->smb_ses_list);
1399        INIT_DELAYED_WORK(&tcp_ses->echo, cifs_echo_request);
1400        INIT_DELAYED_WORK(&tcp_ses->resolve, cifs_resolve_server);
1401        INIT_DELAYED_WORK(&tcp_ses->reconnect, smb2_reconnect_server);
1402        mutex_init(&tcp_ses->reconnect_mutex);
1403        memcpy(&tcp_ses->srcaddr, &ctx->srcaddr,
1404               sizeof(tcp_ses->srcaddr));
1405        memcpy(&tcp_ses->dstaddr, &ctx->dstaddr,
1406                sizeof(tcp_ses->dstaddr));
1407        if (ctx->use_client_guid)
1408                memcpy(tcp_ses->client_guid, ctx->client_guid,
1409                       SMB2_CLIENT_GUID_SIZE);
1410        else
1411                generate_random_uuid(tcp_ses->client_guid);
1412        /*
1413         * at this point we are the only ones with the pointer
1414         * to the struct since the kernel thread not created yet
1415         * no need to spinlock this init of tcpStatus or srv_count
1416         */
1417        tcp_ses->tcpStatus = CifsNew;
1418        ++tcp_ses->srv_count;
1419
1420        if (ctx->echo_interval >= SMB_ECHO_INTERVAL_MIN &&
1421                ctx->echo_interval <= SMB_ECHO_INTERVAL_MAX)
1422                tcp_ses->echo_interval = ctx->echo_interval * HZ;
1423        else
1424                tcp_ses->echo_interval = SMB_ECHO_INTERVAL_DEFAULT * HZ;
1425        if (tcp_ses->rdma) {
1426#ifndef CONFIG_CIFS_SMB_DIRECT
1427                cifs_dbg(VFS, "CONFIG_CIFS_SMB_DIRECT is not enabled\n");
1428                rc = -ENOENT;
1429                goto out_err_crypto_release;
1430#endif
1431                tcp_ses->smbd_conn = smbd_get_connection(
1432                        tcp_ses, (struct sockaddr *)&ctx->dstaddr);
1433                if (tcp_ses->smbd_conn) {
1434                        cifs_dbg(VFS, "RDMA transport established\n");
1435                        rc = 0;
1436                        goto smbd_connected;
1437                } else {
1438                        rc = -ENOENT;
1439                        goto out_err_crypto_release;
1440                }
1441        }
1442        rc = ip_connect(tcp_ses);
1443        if (rc < 0) {
1444                cifs_dbg(VFS, "Error connecting to socket. Aborting operation.\n");
1445                goto out_err_crypto_release;
1446        }
1447smbd_connected:
1448        /*
1449         * since we're in a cifs function already, we know that
1450         * this will succeed. No need for try_module_get().
1451         */
1452        __module_get(THIS_MODULE);
1453        tcp_ses->tsk = kthread_run(cifs_demultiplex_thread,
1454                                  tcp_ses, "cifsd");
1455        if (IS_ERR(tcp_ses->tsk)) {
1456                rc = PTR_ERR(tcp_ses->tsk);
1457                cifs_dbg(VFS, "error %d create cifsd thread\n", rc);
1458                module_put(THIS_MODULE);
1459                goto out_err_crypto_release;
1460        }
1461        tcp_ses->min_offload = ctx->min_offload;
1462        /*
1463         * at this point we are the only ones with the pointer
1464         * to the struct since the kernel thread not created yet
1465         * no need to spinlock this update of tcpStatus
1466         */
1467        tcp_ses->tcpStatus = CifsNeedNegotiate;
1468
1469        if ((ctx->max_credits < 20) || (ctx->max_credits > 60000))
1470                tcp_ses->max_credits = SMB2_MAX_CREDITS_AVAILABLE;
1471        else
1472                tcp_ses->max_credits = ctx->max_credits;
1473
1474        tcp_ses->nr_targets = 1;
1475        tcp_ses->ignore_signature = ctx->ignore_signature;
1476        /* thread spawned, put it on the list */
1477        spin_lock(&cifs_tcp_ses_lock);
1478        list_add(&tcp_ses->tcp_ses_list, &cifs_tcp_ses_list);
1479        spin_unlock(&cifs_tcp_ses_lock);
1480
1481        cifs_fscache_get_client_cookie(tcp_ses);
1482
1483        /* queue echo request delayed work */
1484        queue_delayed_work(cifsiod_wq, &tcp_ses->echo, tcp_ses->echo_interval);
1485
1486        /* queue dns resolution delayed work */
1487        cifs_dbg(FYI, "%s: next dns resolution scheduled for %d seconds in the future\n",
1488                 __func__, SMB_DNS_RESOLVE_INTERVAL_DEFAULT);
1489
1490        queue_delayed_work(cifsiod_wq, &tcp_ses->resolve, (SMB_DNS_RESOLVE_INTERVAL_DEFAULT * HZ));
1491
1492        return tcp_ses;
1493
1494out_err_crypto_release:
1495        cifs_crypto_secmech_release(tcp_ses);
1496
1497        put_net(cifs_net_ns(tcp_ses));
1498
1499out_err:
1500        if (tcp_ses) {
1501                if (!IS_ERR(tcp_ses->hostname))
1502                        kfree(tcp_ses->hostname);
1503                if (tcp_ses->ssocket)
1504                        sock_release(tcp_ses->ssocket);
1505                kfree(tcp_ses);
1506        }
1507        return ERR_PTR(rc);
1508}
1509
1510static int match_session(struct cifs_ses *ses, struct smb3_fs_context *ctx)
1511{
1512        if (ctx->sectype != Unspecified &&
1513            ctx->sectype != ses->sectype)
1514                return 0;
1515
1516        /*
1517         * If an existing session is limited to less channels than
1518         * requested, it should not be reused
1519         */
1520        if (ses->chan_max < ctx->max_channels)
1521                return 0;
1522
1523        switch (ses->sectype) {
1524        case Kerberos:
1525                if (!uid_eq(ctx->cred_uid, ses->cred_uid))
1526                        return 0;
1527                break;
1528        default:
1529                /* NULL username means anonymous session */
1530                if (ses->user_name == NULL) {
1531                        if (!ctx->nullauth)
1532                                return 0;
1533                        break;
1534                }
1535
1536                /* anything else takes username/password */
1537                if (strncmp(ses->user_name,
1538                            ctx->username ? ctx->username : "",
1539                            CIFS_MAX_USERNAME_LEN))
1540                        return 0;
1541                if ((ctx->username && strlen(ctx->username) != 0) &&
1542                    ses->password != NULL &&
1543                    strncmp(ses->password,
1544                            ctx->password ? ctx->password : "",
1545                            CIFS_MAX_PASSWORD_LEN))
1546                        return 0;
1547        }
1548        return 1;
1549}
1550
1551/**
1552 * cifs_setup_ipc - helper to setup the IPC tcon for the session
1553 *
1554 * A new IPC connection is made and stored in the session
1555 * tcon_ipc. The IPC tcon has the same lifetime as the session.
1556 */
1557static int
1558cifs_setup_ipc(struct cifs_ses *ses, struct smb3_fs_context *ctx)
1559{
1560        int rc = 0, xid;
1561        struct cifs_tcon *tcon;
1562        char unc[SERVER_NAME_LENGTH + sizeof("//x/IPC$")] = {0};
1563        bool seal = false;
1564        struct TCP_Server_Info *server = ses->server;
1565
1566        /*
1567         * If the mount request that resulted in the creation of the
1568         * session requires encryption, force IPC to be encrypted too.
1569         */
1570        if (ctx->seal) {
1571                if (server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION)
1572                        seal = true;
1573                else {
1574                        cifs_server_dbg(VFS,
1575                                 "IPC: server doesn't support encryption\n");
1576                        return -EOPNOTSUPP;
1577                }
1578        }
1579
1580        tcon = tconInfoAlloc();
1581        if (tcon == NULL)
1582                return -ENOMEM;
1583
1584        scnprintf(unc, sizeof(unc), "\\\\%s\\IPC$", server->hostname);
1585
1586        xid = get_xid();
1587        tcon->ses = ses;
1588        tcon->ipc = true;
1589        tcon->seal = seal;
1590        rc = server->ops->tree_connect(xid, ses, unc, tcon, ctx->local_nls);
1591        free_xid(xid);
1592
1593        if (rc) {
1594                cifs_server_dbg(VFS, "failed to connect to IPC (rc=%d)\n", rc);
1595                tconInfoFree(tcon);
1596                goto out;
1597        }
1598
1599        cifs_dbg(FYI, "IPC tcon rc = %d ipc tid = %d\n", rc, tcon->tid);
1600
1601        ses->tcon_ipc = tcon;
1602out:
1603        return rc;
1604}
1605
1606/**
1607 * cifs_free_ipc - helper to release the session IPC tcon
1608 *
1609 * Needs to be called everytime a session is destroyed.
1610 *
1611 * On session close, the IPC is closed and the server must release all tcons of the session.
1612 * No need to send a tree disconnect here.
1613 *
1614 * Besides, it will make the server to not close durable and resilient files on session close, as
1615 * specified in MS-SMB2 3.3.5.6 Receiving an SMB2 LOGOFF Request.
1616 */
1617static int
1618cifs_free_ipc(struct cifs_ses *ses)
1619{
1620        struct cifs_tcon *tcon = ses->tcon_ipc;
1621
1622        if (tcon == NULL)
1623                return 0;
1624
1625        tconInfoFree(tcon);
1626        ses->tcon_ipc = NULL;
1627        return 0;
1628}
1629
1630static struct cifs_ses *
1631cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx)
1632{
1633        struct cifs_ses *ses;
1634
1635        spin_lock(&cifs_tcp_ses_lock);
1636        list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
1637                if (ses->status == CifsExiting)
1638                        continue;
1639                if (!match_session(ses, ctx))
1640                        continue;
1641                ++ses->ses_count;
1642                spin_unlock(&cifs_tcp_ses_lock);
1643                return ses;
1644        }
1645        spin_unlock(&cifs_tcp_ses_lock);
1646        return NULL;
1647}
1648
1649void cifs_put_smb_ses(struct cifs_ses *ses)
1650{
1651        unsigned int rc, xid;
1652        struct TCP_Server_Info *server = ses->server;
1653        cifs_dbg(FYI, "%s: ses_count=%d\n", __func__, ses->ses_count);
1654
1655        spin_lock(&cifs_tcp_ses_lock);
1656        if (ses->status == CifsExiting) {
1657                spin_unlock(&cifs_tcp_ses_lock);
1658                return;
1659        }
1660
1661        cifs_dbg(FYI, "%s: ses_count=%d\n", __func__, ses->ses_count);
1662        cifs_dbg(FYI, "%s: ses ipc: %s\n", __func__, ses->tcon_ipc ? ses->tcon_ipc->treeName : "NONE");
1663
1664        if (--ses->ses_count > 0) {
1665                spin_unlock(&cifs_tcp_ses_lock);
1666                return;
1667        }
1668        spin_unlock(&cifs_tcp_ses_lock);
1669
1670        /* ses_count can never go negative */
1671        WARN_ON(ses->ses_count < 0);
1672
1673        spin_lock(&GlobalMid_Lock);
1674        if (ses->status == CifsGood)
1675                ses->status = CifsExiting;
1676        spin_unlock(&GlobalMid_Lock);
1677
1678        cifs_free_ipc(ses);
1679
1680        if (ses->status == CifsExiting && server->ops->logoff) {
1681                xid = get_xid();
1682                rc = server->ops->logoff(xid, ses);
1683                if (rc)
1684                        cifs_server_dbg(VFS, "%s: Session Logoff failure rc=%d\n",
1685                                __func__, rc);
1686                _free_xid(xid);
1687        }
1688
1689        spin_lock(&cifs_tcp_ses_lock);
1690        list_del_init(&ses->smb_ses_list);
1691        spin_unlock(&cifs_tcp_ses_lock);
1692
1693        /* close any extra channels */
1694        if (ses->chan_count > 1) {
1695                int i;
1696
1697                for (i = 1; i < ses->chan_count; i++)
1698                        cifs_put_tcp_session(ses->chans[i].server, 0);
1699        }
1700
1701        sesInfoFree(ses);
1702        cifs_put_tcp_session(server, 0);
1703}
1704
1705#ifdef CONFIG_KEYS
1706
1707/* strlen("cifs:a:") + CIFS_MAX_DOMAINNAME_LEN + 1 */
1708#define CIFSCREDS_DESC_SIZE (7 + CIFS_MAX_DOMAINNAME_LEN + 1)
1709
1710/* Populate username and pw fields from keyring if possible */
1711static int
1712cifs_set_cifscreds(struct smb3_fs_context *ctx, struct cifs_ses *ses)
1713{
1714        int rc = 0;
1715        int is_domain = 0;
1716        const char *delim, *payload;
1717        char *desc;
1718        ssize_t len;
1719        struct key *key;
1720        struct TCP_Server_Info *server = ses->server;
1721        struct sockaddr_in *sa;
1722        struct sockaddr_in6 *sa6;
1723        const struct user_key_payload *upayload;
1724
1725        desc = kmalloc(CIFSCREDS_DESC_SIZE, GFP_KERNEL);
1726        if (!desc)
1727                return -ENOMEM;
1728
1729        /* try to find an address key first */
1730        switch (server->dstaddr.ss_family) {
1731        case AF_INET:
1732                sa = (struct sockaddr_in *)&server->dstaddr;
1733                sprintf(desc, "cifs:a:%pI4", &sa->sin_addr.s_addr);
1734                break;
1735        case AF_INET6:
1736                sa6 = (struct sockaddr_in6 *)&server->dstaddr;
1737                sprintf(desc, "cifs:a:%pI6c", &sa6->sin6_addr.s6_addr);
1738                break;
1739        default:
1740                cifs_dbg(FYI, "Bad ss_family (%hu)\n",
1741                         server->dstaddr.ss_family);
1742                rc = -EINVAL;
1743                goto out_err;
1744        }
1745
1746        cifs_dbg(FYI, "%s: desc=%s\n", __func__, desc);
1747        key = request_key(&key_type_logon, desc, "");
1748        if (IS_ERR(key)) {
1749                if (!ses->domainName) {
1750                        cifs_dbg(FYI, "domainName is NULL\n");
1751                        rc = PTR_ERR(key);
1752                        goto out_err;
1753                }
1754
1755                /* didn't work, try to find a domain key */
1756                sprintf(desc, "cifs:d:%s", ses->domainName);
1757                cifs_dbg(FYI, "%s: desc=%s\n", __func__, desc);
1758                key = request_key(&key_type_logon, desc, "");
1759                if (IS_ERR(key)) {
1760                        rc = PTR_ERR(key);
1761                        goto out_err;
1762                }
1763                is_domain = 1;
1764        }
1765
1766        down_read(&key->sem);
1767        upayload = user_key_payload_locked(key);
1768        if (IS_ERR_OR_NULL(upayload)) {
1769                rc = upayload ? PTR_ERR(upayload) : -EINVAL;
1770                goto out_key_put;
1771        }
1772
1773        /* find first : in payload */
1774        payload = upayload->data;
1775        delim = strnchr(payload, upayload->datalen, ':');
1776        cifs_dbg(FYI, "payload=%s\n", payload);
1777        if (!delim) {
1778                cifs_dbg(FYI, "Unable to find ':' in payload (datalen=%d)\n",
1779                         upayload->datalen);
1780                rc = -EINVAL;
1781                goto out_key_put;
1782        }
1783
1784        len = delim - payload;
1785        if (len > CIFS_MAX_USERNAME_LEN || len <= 0) {
1786                cifs_dbg(FYI, "Bad value from username search (len=%zd)\n",
1787                         len);
1788                rc = -EINVAL;
1789                goto out_key_put;
1790        }
1791
1792        ctx->username = kstrndup(payload, len, GFP_KERNEL);
1793        if (!ctx->username) {
1794                cifs_dbg(FYI, "Unable to allocate %zd bytes for username\n",
1795                         len);
1796                rc = -ENOMEM;
1797                goto out_key_put;
1798        }
1799        cifs_dbg(FYI, "%s: username=%s\n", __func__, ctx->username);
1800
1801        len = key->datalen - (len + 1);
1802        if (len > CIFS_MAX_PASSWORD_LEN || len <= 0) {
1803                cifs_dbg(FYI, "Bad len for password search (len=%zd)\n", len);
1804                rc = -EINVAL;
1805                kfree(ctx->username);
1806                ctx->username = NULL;
1807                goto out_key_put;
1808        }
1809
1810        ++delim;
1811        ctx->password = kstrndup(delim, len, GFP_KERNEL);
1812        if (!ctx->password) {
1813                cifs_dbg(FYI, "Unable to allocate %zd bytes for password\n",
1814                         len);
1815                rc = -ENOMEM;
1816                kfree(ctx->username);
1817                ctx->username = NULL;
1818                goto out_key_put;
1819        }
1820
1821        /*
1822         * If we have a domain key then we must set the domainName in the
1823         * for the request.
1824         */
1825        if (is_domain && ses->domainName) {
1826                ctx->domainname = kstrdup(ses->domainName, GFP_KERNEL);
1827                if (!ctx->domainname) {
1828                        cifs_dbg(FYI, "Unable to allocate %zd bytes for domain\n",
1829                                 len);
1830                        rc = -ENOMEM;
1831                        kfree(ctx->username);
1832                        ctx->username = NULL;
1833                        kfree_sensitive(ctx->password);
1834                        ctx->password = NULL;
1835                        goto out_key_put;
1836                }
1837        }
1838
1839out_key_put:
1840        up_read(&key->sem);
1841        key_put(key);
1842out_err:
1843        kfree(desc);
1844        cifs_dbg(FYI, "%s: returning %d\n", __func__, rc);
1845        return rc;
1846}
1847#else /* ! CONFIG_KEYS */
1848static inline int
1849cifs_set_cifscreds(struct smb3_fs_context *ctx __attribute__((unused)),
1850                   struct cifs_ses *ses __attribute__((unused)))
1851{
1852        return -ENOSYS;
1853}
1854#endif /* CONFIG_KEYS */
1855
1856/**
1857 * cifs_get_smb_ses - get a session matching @ctx data from @server
1858 *
1859 * This function assumes it is being called from cifs_mount() where we
1860 * already got a server reference (server refcount +1). See
1861 * cifs_get_tcon() for refcount explanations.
1862 */
1863struct cifs_ses *
1864cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx)
1865{
1866        int rc = -ENOMEM;
1867        unsigned int xid;
1868        struct cifs_ses *ses;
1869        struct sockaddr_in *addr = (struct sockaddr_in *)&server->dstaddr;
1870        struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)&server->dstaddr;
1871
1872        xid = get_xid();
1873
1874        ses = cifs_find_smb_ses(server, ctx);
1875        if (ses) {
1876                cifs_dbg(FYI, "Existing smb sess found (status=%d)\n",
1877                         ses->status);
1878
1879                mutex_lock(&ses->session_mutex);
1880                rc = cifs_negotiate_protocol(xid, ses);
1881                if (rc) {
1882                        mutex_unlock(&ses->session_mutex);
1883                        /* problem -- put our ses reference */
1884                        cifs_put_smb_ses(ses);
1885                        free_xid(xid);
1886                        return ERR_PTR(rc);
1887                }
1888                if (ses->need_reconnect) {
1889                        cifs_dbg(FYI, "Session needs reconnect\n");
1890                        rc = cifs_setup_session(xid, ses,
1891                                                ctx->local_nls);
1892                        if (rc) {
1893                                mutex_unlock(&ses->session_mutex);
1894                                /* problem -- put our reference */
1895                                cifs_put_smb_ses(ses);
1896                                free_xid(xid);
1897                                return ERR_PTR(rc);
1898                        }
1899                }
1900                mutex_unlock(&ses->session_mutex);
1901
1902                /* existing SMB ses has a server reference already */
1903                cifs_put_tcp_session(server, 0);
1904                free_xid(xid);
1905                return ses;
1906        }
1907
1908        cifs_dbg(FYI, "Existing smb sess not found\n");
1909        ses = sesInfoAlloc();
1910        if (ses == NULL)
1911                goto get_ses_fail;
1912
1913        /* new SMB session uses our server ref */
1914        ses->server = server;
1915        if (server->dstaddr.ss_family == AF_INET6)
1916                sprintf(ses->ip_addr, "%pI6", &addr6->sin6_addr);
1917        else
1918                sprintf(ses->ip_addr, "%pI4", &addr->sin_addr);
1919
1920        if (ctx->username) {
1921                ses->user_name = kstrdup(ctx->username, GFP_KERNEL);
1922                if (!ses->user_name)
1923                        goto get_ses_fail;
1924        }
1925
1926        /* ctx->password freed at unmount */
1927        if (ctx->password) {
1928                ses->password = kstrdup(ctx->password, GFP_KERNEL);
1929                if (!ses->password)
1930                        goto get_ses_fail;
1931        }
1932        if (ctx->domainname) {
1933                ses->domainName = kstrdup(ctx->domainname, GFP_KERNEL);
1934                if (!ses->domainName)
1935                        goto get_ses_fail;
1936        }
1937        if (ctx->domainauto)
1938                ses->domainAuto = ctx->domainauto;
1939        ses->cred_uid = ctx->cred_uid;
1940        ses->linux_uid = ctx->linux_uid;
1941
1942        ses->sectype = ctx->sectype;
1943        ses->sign = ctx->sign;
1944        mutex_lock(&ses->session_mutex);
1945
1946        /* add server as first channel */
1947        ses->chans[0].server = server;
1948        ses->chan_count = 1;
1949        ses->chan_max = ctx->multichannel ? ctx->max_channels:1;
1950
1951        rc = cifs_negotiate_protocol(xid, ses);
1952        if (!rc)
1953                rc = cifs_setup_session(xid, ses, ctx->local_nls);
1954
1955        /* each channel uses a different signing key */
1956        memcpy(ses->chans[0].signkey, ses->smb3signingkey,
1957               sizeof(ses->smb3signingkey));
1958
1959        mutex_unlock(&ses->session_mutex);
1960        if (rc)
1961                goto get_ses_fail;
1962
1963        /* success, put it on the list and add it as first channel */
1964        spin_lock(&cifs_tcp_ses_lock);
1965        list_add(&ses->smb_ses_list, &server->smb_ses_list);
1966        spin_unlock(&cifs_tcp_ses_lock);
1967
1968        free_xid(xid);
1969
1970        cifs_setup_ipc(ses, ctx);
1971
1972        return ses;
1973
1974get_ses_fail:
1975        sesInfoFree(ses);
1976        free_xid(xid);
1977        return ERR_PTR(rc);
1978}
1979
1980static int match_tcon(struct cifs_tcon *tcon, struct smb3_fs_context *ctx)
1981{
1982        if (tcon->tidStatus == CifsExiting)
1983                return 0;
1984        if (strncmp(tcon->treeName, ctx->UNC, MAX_TREE_SIZE))
1985                return 0;
1986        if (tcon->seal != ctx->seal)
1987                return 0;
1988        if (tcon->snapshot_time != ctx->snapshot_time)
1989                return 0;
1990        if (tcon->handle_timeout != ctx->handle_timeout)
1991                return 0;
1992        if (tcon->no_lease != ctx->no_lease)
1993                return 0;
1994        if (tcon->nodelete != ctx->nodelete)
1995                return 0;
1996        return 1;
1997}
1998
1999static struct cifs_tcon *
2000cifs_find_tcon(struct cifs_ses *ses, struct smb3_fs_context *ctx)
2001{
2002        struct list_head *tmp;
2003        struct cifs_tcon *tcon;
2004
2005        spin_lock(&cifs_tcp_ses_lock);
2006        list_for_each(tmp, &ses->tcon_list) {
2007                tcon = list_entry(tmp, struct cifs_tcon, tcon_list);
2008
2009                if (!match_tcon(tcon, ctx))
2010                        continue;
2011                ++tcon->tc_count;
2012                spin_unlock(&cifs_tcp_ses_lock);
2013                return tcon;
2014        }
2015        spin_unlock(&cifs_tcp_ses_lock);
2016        return NULL;
2017}
2018
2019void
2020cifs_put_tcon(struct cifs_tcon *tcon)
2021{
2022        unsigned int xid;
2023        struct cifs_ses *ses;
2024
2025        /*
2026         * IPC tcon share the lifetime of their session and are
2027         * destroyed in the session put function
2028         */
2029        if (tcon == NULL || tcon->ipc)
2030                return;
2031
2032        ses = tcon->ses;
2033        cifs_dbg(FYI, "%s: tc_count=%d\n", __func__, tcon->tc_count);
2034        spin_lock(&cifs_tcp_ses_lock);
2035        if (--tcon->tc_count > 0) {
2036                spin_unlock(&cifs_tcp_ses_lock);
2037                return;
2038        }
2039
2040        /* tc_count can never go negative */
2041        WARN_ON(tcon->tc_count < 0);
2042
2043        if (tcon->use_witness) {
2044                int rc;
2045
2046                rc = cifs_swn_unregister(tcon);
2047                if (rc < 0) {
2048                        cifs_dbg(VFS, "%s: Failed to unregister for witness notifications: %d\n",
2049                                        __func__, rc);
2050                }
2051        }
2052
2053        list_del_init(&tcon->tcon_list);
2054        spin_unlock(&cifs_tcp_ses_lock);
2055
2056        xid = get_xid();
2057        if (ses->server->ops->tree_disconnect)
2058                ses->server->ops->tree_disconnect(xid, tcon);
2059        _free_xid(xid);
2060
2061        cifs_fscache_release_super_cookie(tcon);
2062        tconInfoFree(tcon);
2063        cifs_put_smb_ses(ses);
2064}
2065
2066/**
2067 * cifs_get_tcon - get a tcon matching @ctx data from @ses
2068 *
2069 * - tcon refcount is the number of mount points using the tcon.
2070 * - ses refcount is the number of tcon using the session.
2071 *
2072 * 1. This function assumes it is being called from cifs_mount() where
2073 *    we already got a session reference (ses refcount +1).
2074 *
2075 * 2. Since we're in the context of adding a mount point, the end
2076 *    result should be either:
2077 *
2078 * a) a new tcon already allocated with refcount=1 (1 mount point) and
2079 *    its session refcount incremented (1 new tcon). This +1 was
2080 *    already done in (1).
2081 *
2082 * b) an existing tcon with refcount+1 (add a mount point to it) and
2083 *    identical ses refcount (no new tcon). Because of (1) we need to
2084 *    decrement the ses refcount.
2085 */
2086static struct cifs_tcon *
2087cifs_get_tcon(struct cifs_ses *ses, struct smb3_fs_context *ctx)
2088{
2089        int rc, xid;
2090        struct cifs_tcon *tcon;
2091
2092        tcon = cifs_find_tcon(ses, ctx);
2093        if (tcon) {
2094                /*
2095                 * tcon has refcount already incremented but we need to
2096                 * decrement extra ses reference gotten by caller (case b)
2097                 */
2098                cifs_dbg(FYI, "Found match on UNC path\n");
2099                cifs_put_smb_ses(ses);
2100                return tcon;
2101        }
2102
2103        if (!ses->server->ops->tree_connect) {
2104                rc = -ENOSYS;
2105                goto out_fail;
2106        }
2107
2108        tcon = tconInfoAlloc();
2109        if (tcon == NULL) {
2110                rc = -ENOMEM;
2111                goto out_fail;
2112        }
2113
2114        if (ctx->snapshot_time) {
2115                if (ses->server->vals->protocol_id == 0) {
2116                        cifs_dbg(VFS,
2117                             "Use SMB2 or later for snapshot mount option\n");
2118                        rc = -EOPNOTSUPP;
2119                        goto out_fail;
2120                } else
2121                        tcon->snapshot_time = ctx->snapshot_time;
2122        }
2123
2124        if (ctx->handle_timeout) {
2125                if (ses->server->vals->protocol_id == 0) {
2126                        cifs_dbg(VFS,
2127                             "Use SMB2.1 or later for handle timeout option\n");
2128                        rc = -EOPNOTSUPP;
2129                        goto out_fail;
2130                } else
2131                        tcon->handle_timeout = ctx->handle_timeout;
2132        }
2133
2134        tcon->ses = ses;
2135        if (ctx->password) {
2136                tcon->password = kstrdup(ctx->password, GFP_KERNEL);
2137                if (!tcon->password) {
2138                        rc = -ENOMEM;
2139                        goto out_fail;
2140                }
2141        }
2142
2143        if (ctx->seal) {
2144                if (ses->server->vals->protocol_id == 0) {
2145                        cifs_dbg(VFS,
2146                                 "SMB3 or later required for encryption\n");
2147                        rc = -EOPNOTSUPP;
2148                        goto out_fail;
2149                } else if (tcon->ses->server->capabilities &
2150                                        SMB2_GLOBAL_CAP_ENCRYPTION)
2151                        tcon->seal = true;
2152                else {
2153                        cifs_dbg(VFS, "Encryption is not supported on share\n");
2154                        rc = -EOPNOTSUPP;
2155                        goto out_fail;
2156                }
2157        }
2158
2159        if (ctx->linux_ext) {
2160                if (ses->server->posix_ext_supported) {
2161                        tcon->posix_extensions = true;
2162                        pr_warn_once("SMB3.11 POSIX Extensions are experimental\n");
2163                } else {
2164                        cifs_dbg(VFS, "Server does not support mounting with posix SMB3.11 extensions\n");
2165                        rc = -EOPNOTSUPP;
2166                        goto out_fail;
2167                }
2168        }
2169
2170        /*
2171         * BB Do we need to wrap session_mutex around this TCon call and Unix
2172         * SetFS as we do on SessSetup and reconnect?
2173         */
2174        xid = get_xid();
2175        rc = ses->server->ops->tree_connect(xid, ses, ctx->UNC, tcon,
2176                                            ctx->local_nls);
2177        free_xid(xid);
2178        cifs_dbg(FYI, "Tcon rc = %d\n", rc);
2179        if (rc)
2180                goto out_fail;
2181
2182        tcon->use_persistent = false;
2183        /* check if SMB2 or later, CIFS does not support persistent handles */
2184        if (ctx->persistent) {
2185                if (ses->server->vals->protocol_id == 0) {
2186                        cifs_dbg(VFS,
2187                             "SMB3 or later required for persistent handles\n");
2188                        rc = -EOPNOTSUPP;
2189                        goto out_fail;
2190                } else if (ses->server->capabilities &
2191                           SMB2_GLOBAL_CAP_PERSISTENT_HANDLES)
2192                        tcon->use_persistent = true;
2193                else /* persistent handles requested but not supported */ {
2194                        cifs_dbg(VFS,
2195                                "Persistent handles not supported on share\n");
2196                        rc = -EOPNOTSUPP;
2197                        goto out_fail;
2198                }
2199        } else if ((tcon->capabilities & SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY)
2200             && (ses->server->capabilities & SMB2_GLOBAL_CAP_PERSISTENT_HANDLES)
2201             && (ctx->nopersistent == false)) {
2202                cifs_dbg(FYI, "enabling persistent handles\n");
2203                tcon->use_persistent = true;
2204        } else if (ctx->resilient) {
2205                if (ses->server->vals->protocol_id == 0) {
2206                        cifs_dbg(VFS,
2207                             "SMB2.1 or later required for resilient handles\n");
2208                        rc = -EOPNOTSUPP;
2209                        goto out_fail;
2210                }
2211                tcon->use_resilient = true;
2212        }
2213
2214        tcon->use_witness = false;
2215        if (IS_ENABLED(CONFIG_CIFS_SWN_UPCALL) && ctx->witness) {
2216                if (ses->server->vals->protocol_id >= SMB30_PROT_ID) {
2217                        if (tcon->capabilities & SMB2_SHARE_CAP_CLUSTER) {
2218                                /*
2219                                 * Set witness in use flag in first place
2220                                 * to retry registration in the echo task
2221                                 */
2222                                tcon->use_witness = true;
2223                                /* And try to register immediately */
2224                                rc = cifs_swn_register(tcon);
2225                                if (rc < 0) {
2226                                        cifs_dbg(VFS, "Failed to register for witness notifications: %d\n", rc);
2227                                        goto out_fail;
2228                                }
2229                        } else {
2230                                /* TODO: try to extend for non-cluster uses (eg multichannel) */
2231                                cifs_dbg(VFS, "witness requested on mount but no CLUSTER capability on share\n");
2232                                rc = -EOPNOTSUPP;
2233                                goto out_fail;
2234                        }
2235                } else {
2236                        cifs_dbg(VFS, "SMB3 or later required for witness option\n");
2237                        rc = -EOPNOTSUPP;
2238                        goto out_fail;
2239                }
2240        }
2241
2242        /* If the user really knows what they are doing they can override */
2243        if (tcon->share_flags & SMB2_SHAREFLAG_NO_CACHING) {
2244                if (ctx->cache_ro)
2245                        cifs_dbg(VFS, "cache=ro requested on mount but NO_CACHING flag set on share\n");
2246                else if (ctx->cache_rw)
2247                        cifs_dbg(VFS, "cache=singleclient requested on mount but NO_CACHING flag set on share\n");
2248        }
2249
2250        if (ctx->no_lease) {
2251                if (ses->server->vals->protocol_id == 0) {
2252                        cifs_dbg(VFS,
2253                                "SMB2 or later required for nolease option\n");
2254                        rc = -EOPNOTSUPP;
2255                        goto out_fail;
2256                } else
2257                        tcon->no_lease = ctx->no_lease;
2258        }
2259
2260        /*
2261         * We can have only one retry value for a connection to a share so for
2262         * resources mounted more than once to the same server share the last
2263         * value passed in for the retry flag is used.
2264         */
2265        tcon->retry = ctx->retry;
2266        tcon->nocase = ctx->nocase;
2267        if (ses->server->capabilities & SMB2_GLOBAL_CAP_DIRECTORY_LEASING)
2268                tcon->nohandlecache = ctx->nohandlecache;
2269        else
2270                tcon->nohandlecache = true;
2271        tcon->nodelete = ctx->nodelete;
2272        tcon->local_lease = ctx->local_lease;
2273        INIT_LIST_HEAD(&tcon->pending_opens);
2274
2275        spin_lock(&cifs_tcp_ses_lock);
2276        list_add(&tcon->tcon_list, &ses->tcon_list);
2277        spin_unlock(&cifs_tcp_ses_lock);
2278
2279        cifs_fscache_get_super_cookie(tcon);
2280
2281        return tcon;
2282
2283out_fail:
2284        tconInfoFree(tcon);
2285        return ERR_PTR(rc);
2286}
2287
2288void
2289cifs_put_tlink(struct tcon_link *tlink)
2290{
2291        if (!tlink || IS_ERR(tlink))
2292                return;
2293
2294        if (!atomic_dec_and_test(&tlink->tl_count) ||
2295            test_bit(TCON_LINK_IN_TREE, &tlink->tl_flags)) {
2296                tlink->tl_time = jiffies;
2297                return;
2298        }
2299
2300        if (!IS_ERR(tlink_tcon(tlink)))
2301                cifs_put_tcon(tlink_tcon(tlink));
2302        kfree(tlink);
2303        return;
2304}
2305
2306static int
2307compare_mount_options(struct super_block *sb, struct cifs_mnt_data *mnt_data)
2308{
2309        struct cifs_sb_info *old = CIFS_SB(sb);
2310        struct cifs_sb_info *new = mnt_data->cifs_sb;
2311        unsigned int oldflags = old->mnt_cifs_flags & CIFS_MOUNT_MASK;
2312        unsigned int newflags = new->mnt_cifs_flags & CIFS_MOUNT_MASK;
2313
2314        if ((sb->s_flags & CIFS_MS_MASK) != (mnt_data->flags & CIFS_MS_MASK))
2315                return 0;
2316
2317        if (old->mnt_cifs_serverino_autodisabled)
2318                newflags &= ~CIFS_MOUNT_SERVER_INUM;
2319
2320        if (oldflags != newflags)
2321                return 0;
2322
2323        /*
2324         * We want to share sb only if we don't specify an r/wsize or
2325         * specified r/wsize is greater than or equal to existing one.
2326         */
2327        if (new->ctx->wsize && new->ctx->wsize < old->ctx->wsize)
2328                return 0;
2329
2330        if (new->ctx->rsize && new->ctx->rsize < old->ctx->rsize)
2331                return 0;
2332
2333        if (!uid_eq(old->ctx->linux_uid, new->ctx->linux_uid) ||
2334            !gid_eq(old->ctx->linux_gid, new->ctx->linux_gid))
2335                return 0;
2336
2337        if (old->ctx->file_mode != new->ctx->file_mode ||
2338            old->ctx->dir_mode != new->ctx->dir_mode)
2339                return 0;
2340
2341        if (strcmp(old->local_nls->charset, new->local_nls->charset))
2342                return 0;
2343
2344        if (old->ctx->acregmax != new->ctx->acregmax)
2345                return 0;
2346        if (old->ctx->acdirmax != new->ctx->acdirmax)
2347                return 0;
2348
2349        return 1;
2350}
2351
2352static int
2353match_prepath(struct super_block *sb, struct cifs_mnt_data *mnt_data)
2354{
2355        struct cifs_sb_info *old = CIFS_SB(sb);
2356        struct cifs_sb_info *new = mnt_data->cifs_sb;
2357        bool old_set = (old->mnt_cifs_flags & CIFS_MOUNT_USE_PREFIX_PATH) &&
2358                old->prepath;
2359        bool new_set = (new->mnt_cifs_flags & CIFS_MOUNT_USE_PREFIX_PATH) &&
2360                new->prepath;
2361
2362        if (old_set && new_set && !strcmp(new->prepath, old->prepath))
2363                return 1;
2364        else if (!old_set && !new_set)
2365                return 1;
2366
2367        return 0;
2368}
2369
2370int
2371cifs_match_super(struct super_block *sb, void *data)
2372{
2373        struct cifs_mnt_data *mnt_data = (struct cifs_mnt_data *)data;
2374        struct smb3_fs_context *ctx;
2375        struct cifs_sb_info *cifs_sb;
2376        struct TCP_Server_Info *tcp_srv;
2377        struct cifs_ses *ses;
2378        struct cifs_tcon *tcon;
2379        struct tcon_link *tlink;
2380        int rc = 0;
2381
2382        spin_lock(&cifs_tcp_ses_lock);
2383        cifs_sb = CIFS_SB(sb);
2384        tlink = cifs_get_tlink(cifs_sb_master_tlink(cifs_sb));
2385        if (IS_ERR(tlink)) {
2386                spin_unlock(&cifs_tcp_ses_lock);
2387                return rc;
2388        }
2389        tcon = tlink_tcon(tlink);
2390        ses = tcon->ses;
2391        tcp_srv = ses->server;
2392
2393        ctx = mnt_data->ctx;
2394
2395        if (!match_server(tcp_srv, ctx) ||
2396            !match_session(ses, ctx) ||
2397            !match_tcon(tcon, ctx) ||
2398            !match_prepath(sb, mnt_data)) {
2399                rc = 0;
2400                goto out;
2401        }
2402
2403        rc = compare_mount_options(sb, mnt_data);
2404out:
2405        spin_unlock(&cifs_tcp_ses_lock);
2406        cifs_put_tlink(tlink);
2407        return rc;
2408}
2409
2410#ifdef CONFIG_DEBUG_LOCK_ALLOC
2411static struct lock_class_key cifs_key[2];
2412static struct lock_class_key cifs_slock_key[2];
2413
2414static inline void
2415cifs_reclassify_socket4(struct socket *sock)
2416{
2417        struct sock *sk = sock->sk;
2418        BUG_ON(!sock_allow_reclassification(sk));
2419        sock_lock_init_class_and_name(sk, "slock-AF_INET-CIFS",
2420                &cifs_slock_key[0], "sk_lock-AF_INET-CIFS", &cifs_key[0]);
2421}
2422
2423static inline void
2424cifs_reclassify_socket6(struct socket *sock)
2425{
2426        struct sock *sk = sock->sk;
2427        BUG_ON(!sock_allow_reclassification(sk));
2428        sock_lock_init_class_and_name(sk, "slock-AF_INET6-CIFS",
2429                &cifs_slock_key[1], "sk_lock-AF_INET6-CIFS", &cifs_key[1]);
2430}
2431#else
2432static inline void
2433cifs_reclassify_socket4(struct socket *sock)
2434{
2435}
2436
2437static inline void
2438cifs_reclassify_socket6(struct socket *sock)
2439{
2440}
2441#endif
2442
2443/* See RFC1001 section 14 on representation of Netbios names */
2444static void rfc1002mangle(char *target, char *source, unsigned int length)
2445{
2446        unsigned int i, j;
2447
2448        for (i = 0, j = 0; i < (length); i++) {
2449                /* mask a nibble at a time and encode */
2450                target[j] = 'A' + (0x0F & (source[i] >> 4));
2451                target[j+1] = 'A' + (0x0F & source[i]);
2452                j += 2;
2453        }
2454
2455}
2456
2457static int
2458bind_socket(struct TCP_Server_Info *server)
2459{
2460        int rc = 0;
2461        if (server->srcaddr.ss_family != AF_UNSPEC) {
2462                /* Bind to the specified local IP address */
2463                struct socket *socket = server->ssocket;
2464                rc = socket->ops->bind(socket,
2465                                       (struct sockaddr *) &server->srcaddr,
2466                                       sizeof(server->srcaddr));
2467                if (rc < 0) {
2468                        struct sockaddr_in *saddr4;
2469                        struct sockaddr_in6 *saddr6;
2470                        saddr4 = (struct sockaddr_in *)&server->srcaddr;
2471                        saddr6 = (struct sockaddr_in6 *)&server->srcaddr;
2472                        if (saddr6->sin6_family == AF_INET6)
2473                                cifs_server_dbg(VFS, "Failed to bind to: %pI6c, error: %d\n",
2474                                         &saddr6->sin6_addr, rc);
2475                        else
2476                                cifs_server_dbg(VFS, "Failed to bind to: %pI4, error: %d\n",
2477                                         &saddr4->sin_addr.s_addr, rc);
2478                }
2479        }
2480        return rc;
2481}
2482
2483static int
2484ip_rfc1001_connect(struct TCP_Server_Info *server)
2485{
2486        int rc = 0;
2487        /*
2488         * some servers require RFC1001 sessinit before sending
2489         * negprot - BB check reconnection in case where second
2490         * sessinit is sent but no second negprot
2491         */
2492        struct rfc1002_session_packet *ses_init_buf;
2493        struct smb_hdr *smb_buf;
2494        ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
2495                               GFP_KERNEL);
2496        if (ses_init_buf) {
2497                ses_init_buf->trailer.session_req.called_len = 32;
2498
2499                if (server->server_RFC1001_name[0] != 0)
2500                        rfc1002mangle(ses_init_buf->trailer.
2501                                      session_req.called_name,
2502                                      server->server_RFC1001_name,
2503                                      RFC1001_NAME_LEN_WITH_NULL);
2504                else
2505                        rfc1002mangle(ses_init_buf->trailer.
2506                                      session_req.called_name,
2507                                      DEFAULT_CIFS_CALLED_NAME,
2508                                      RFC1001_NAME_LEN_WITH_NULL);
2509
2510                ses_init_buf->trailer.session_req.calling_len = 32;
2511
2512                /*
2513                 * calling name ends in null (byte 16) from old smb
2514                 * convention.
2515                 */
2516                if (server->workstation_RFC1001_name[0] != 0)
2517                        rfc1002mangle(ses_init_buf->trailer.
2518                                      session_req.calling_name,
2519                                      server->workstation_RFC1001_name,
2520                                      RFC1001_NAME_LEN_WITH_NULL);
2521                else
2522                        rfc1002mangle(ses_init_buf->trailer.
2523                                      session_req.calling_name,
2524                                      "LINUX_CIFS_CLNT",
2525                                      RFC1001_NAME_LEN_WITH_NULL);
2526
2527                ses_init_buf->trailer.session_req.scope1 = 0;
2528                ses_init_buf->trailer.session_req.scope2 = 0;
2529                smb_buf = (struct smb_hdr *)ses_init_buf;
2530
2531                /* sizeof RFC1002_SESSION_REQUEST with no scope */
2532                smb_buf->smb_buf_length = cpu_to_be32(0x81000044);
2533                rc = smb_send(server, smb_buf, 0x44);
2534                kfree(ses_init_buf);
2535                /*
2536                 * RFC1001 layer in at least one server
2537                 * requires very short break before negprot
2538                 * presumably because not expecting negprot
2539                 * to follow so fast.  This is a simple
2540                 * solution that works without
2541                 * complicating the code and causes no
2542                 * significant slowing down on mount
2543                 * for everyone else
2544                 */
2545                usleep_range(1000, 2000);
2546        }
2547        /*
2548         * else the negprot may still work without this
2549         * even though malloc failed
2550         */
2551
2552        return rc;
2553}
2554
2555static int
2556generic_ip_connect(struct TCP_Server_Info *server)
2557{
2558        int rc = 0;
2559        __be16 sport;
2560        int slen, sfamily;
2561        struct socket *socket = server->ssocket;
2562        struct sockaddr *saddr;
2563
2564        saddr = (struct sockaddr *) &server->dstaddr;
2565
2566        if (server->dstaddr.ss_family == AF_INET6) {
2567                struct sockaddr_in6 *ipv6 = (struct sockaddr_in6 *)&server->dstaddr;
2568
2569                sport = ipv6->sin6_port;
2570                slen = sizeof(struct sockaddr_in6);
2571                sfamily = AF_INET6;
2572                cifs_dbg(FYI, "%s: connecting to [%pI6]:%d\n", __func__, &ipv6->sin6_addr,
2573                                ntohs(sport));
2574        } else {
2575                struct sockaddr_in *ipv4 = (struct sockaddr_in *)&server->dstaddr;
2576
2577                sport = ipv4->sin_port;
2578                slen = sizeof(struct sockaddr_in);
2579                sfamily = AF_INET;
2580                cifs_dbg(FYI, "%s: connecting to %pI4:%d\n", __func__, &ipv4->sin_addr,
2581                                ntohs(sport));
2582        }
2583
2584        if (socket == NULL) {
2585                rc = __sock_create(cifs_net_ns(server), sfamily, SOCK_STREAM,
2586                                   IPPROTO_TCP, &socket, 1);
2587                if (rc < 0) {
2588                        cifs_server_dbg(VFS, "Error %d creating socket\n", rc);
2589                        server->ssocket = NULL;
2590                        return rc;
2591                }
2592
2593                /* BB other socket options to set KEEPALIVE, NODELAY? */
2594                cifs_dbg(FYI, "Socket created\n");
2595                server->ssocket = socket;
2596                socket->sk->sk_allocation = GFP_NOFS;
2597                if (sfamily == AF_INET6)
2598                        cifs_reclassify_socket6(socket);
2599                else
2600                        cifs_reclassify_socket4(socket);
2601        }
2602
2603        rc = bind_socket(server);
2604        if (rc < 0)
2605                return rc;
2606
2607        /*
2608         * Eventually check for other socket options to change from
2609         * the default. sock_setsockopt not used because it expects
2610         * user space buffer
2611         */
2612        socket->sk->sk_rcvtimeo = 7 * HZ;
2613        socket->sk->sk_sndtimeo = 5 * HZ;
2614
2615        /* make the bufsizes depend on wsize/rsize and max requests */
2616        if (server->noautotune) {
2617                if (socket->sk->sk_sndbuf < (200 * 1024))
2618                        socket->sk->sk_sndbuf = 200 * 1024;
2619                if (socket->sk->sk_rcvbuf < (140 * 1024))
2620                        socket->sk->sk_rcvbuf = 140 * 1024;
2621        }
2622
2623        if (server->tcp_nodelay)
2624                tcp_sock_set_nodelay(socket->sk);
2625
2626        cifs_dbg(FYI, "sndbuf %d rcvbuf %d rcvtimeo 0x%lx\n",
2627                 socket->sk->sk_sndbuf,
2628                 socket->sk->sk_rcvbuf, socket->sk->sk_rcvtimeo);
2629
2630        rc = socket->ops->connect(socket, saddr, slen,
2631                                  server->noblockcnt ? O_NONBLOCK : 0);
2632        /*
2633         * When mounting SMB root file systems, we do not want to block in
2634         * connect. Otherwise bail out and then let cifs_reconnect() perform
2635         * reconnect failover - if possible.
2636         */
2637        if (server->noblockcnt && rc == -EINPROGRESS)
2638                rc = 0;
2639        if (rc < 0) {
2640                cifs_dbg(FYI, "Error %d connecting to server\n", rc);
2641                sock_release(socket);
2642                server->ssocket = NULL;
2643                return rc;
2644        }
2645
2646        if (sport == htons(RFC1001_PORT))
2647                rc = ip_rfc1001_connect(server);
2648
2649        return rc;
2650}
2651
2652static int
2653ip_connect(struct TCP_Server_Info *server)
2654{
2655        __be16 *sport;
2656        struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)&server->dstaddr;
2657        struct sockaddr_in *addr = (struct sockaddr_in *)&server->dstaddr;
2658
2659        if (server->dstaddr.ss_family == AF_INET6)
2660                sport = &addr6->sin6_port;
2661        else
2662                sport = &addr->sin_port;
2663
2664        if (*sport == 0) {
2665                int rc;
2666
2667                /* try with 445 port at first */
2668                *sport = htons(CIFS_PORT);
2669
2670                rc = generic_ip_connect(server);
2671                if (rc >= 0)
2672                        return rc;
2673
2674                /* if it failed, try with 139 port */
2675                *sport = htons(RFC1001_PORT);
2676        }
2677
2678        return generic_ip_connect(server);
2679}
2680
2681void reset_cifs_unix_caps(unsigned int xid, struct cifs_tcon *tcon,
2682                          struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx)
2683{
2684        /*
2685         * If we are reconnecting then should we check to see if
2686         * any requested capabilities changed locally e.g. via
2687         * remount but we can not do much about it here
2688         * if they have (even if we could detect it by the following)
2689         * Perhaps we could add a backpointer to array of sb from tcon
2690         * or if we change to make all sb to same share the same
2691         * sb as NFS - then we only have one backpointer to sb.
2692         * What if we wanted to mount the server share twice once with
2693         * and once without posixacls or posix paths?
2694         */
2695        __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2696
2697        if (ctx && ctx->no_linux_ext) {
2698                tcon->fsUnixInfo.Capability = 0;
2699                tcon->unix_ext = 0; /* Unix Extensions disabled */
2700                cifs_dbg(FYI, "Linux protocol extensions disabled\n");
2701                return;
2702        } else if (ctx)
2703                tcon->unix_ext = 1; /* Unix Extensions supported */
2704
2705        if (!tcon->unix_ext) {
2706                cifs_dbg(FYI, "Unix extensions disabled so not set on reconnect\n");
2707                return;
2708        }
2709
2710        if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
2711                __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2712                cifs_dbg(FYI, "unix caps which server supports %lld\n", cap);
2713                /*
2714                 * check for reconnect case in which we do not
2715                 * want to change the mount behavior if we can avoid it
2716                 */
2717                if (ctx == NULL) {
2718                        /*
2719                         * turn off POSIX ACL and PATHNAMES if not set
2720                         * originally at mount time
2721                         */
2722                        if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
2723                                cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2724                        if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2725                                if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2726                                        cifs_dbg(VFS, "POSIXPATH support change\n");
2727                                cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2728                        } else if ((cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2729                                cifs_dbg(VFS, "possible reconnect error\n");
2730                                cifs_dbg(VFS, "server disabled POSIX path support\n");
2731                        }
2732                }
2733
2734                if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)
2735                        cifs_dbg(VFS, "per-share encryption not supported yet\n");
2736
2737                cap &= CIFS_UNIX_CAP_MASK;
2738                if (ctx && ctx->no_psx_acl)
2739                        cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2740                else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
2741                        cifs_dbg(FYI, "negotiated posix acl support\n");
2742                        if (cifs_sb)
2743                                cifs_sb->mnt_cifs_flags |=
2744                                        CIFS_MOUNT_POSIXACL;
2745                }
2746
2747                if (ctx && ctx->posix_paths == 0)
2748                        cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2749                else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
2750                        cifs_dbg(FYI, "negotiate posix pathnames\n");
2751                        if (cifs_sb)
2752                                cifs_sb->mnt_cifs_flags |=
2753                                        CIFS_MOUNT_POSIX_PATHS;
2754                }
2755
2756                cifs_dbg(FYI, "Negotiate caps 0x%x\n", (int)cap);
2757#ifdef CONFIG_CIFS_DEBUG2
2758                if (cap & CIFS_UNIX_FCNTL_CAP)
2759                        cifs_dbg(FYI, "FCNTL cap\n");
2760                if (cap & CIFS_UNIX_EXTATTR_CAP)
2761                        cifs_dbg(FYI, "EXTATTR cap\n");
2762                if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2763                        cifs_dbg(FYI, "POSIX path cap\n");
2764                if (cap & CIFS_UNIX_XATTR_CAP)
2765                        cifs_dbg(FYI, "XATTR cap\n");
2766                if (cap & CIFS_UNIX_POSIX_ACL_CAP)
2767                        cifs_dbg(FYI, "POSIX ACL cap\n");
2768                if (cap & CIFS_UNIX_LARGE_READ_CAP)
2769                        cifs_dbg(FYI, "very large read cap\n");
2770                if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
2771                        cifs_dbg(FYI, "very large write cap\n");
2772                if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)
2773                        cifs_dbg(FYI, "transport encryption cap\n");
2774                if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)
2775                        cifs_dbg(FYI, "mandatory transport encryption cap\n");
2776#endif /* CIFS_DEBUG2 */
2777                if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
2778                        if (ctx == NULL)
2779                                cifs_dbg(FYI, "resetting capabilities failed\n");
2780                        else
2781                                cifs_dbg(VFS, "Negotiating Unix capabilities with the server failed. Consider mounting with the Unix Extensions disabled if problems are found by specifying the nounix mount option.\n");
2782
2783                }
2784        }
2785}
2786
2787int cifs_setup_cifs_sb(struct cifs_sb_info *cifs_sb)
2788{
2789        struct smb3_fs_context *ctx = cifs_sb->ctx;
2790
2791        INIT_DELAYED_WORK(&cifs_sb->prune_tlinks, cifs_prune_tlinks);
2792
2793        spin_lock_init(&cifs_sb->tlink_tree_lock);
2794        cifs_sb->tlink_tree = RB_ROOT;
2795
2796        cifs_dbg(FYI, "file mode: %04ho  dir mode: %04ho\n",
2797                 ctx->file_mode, ctx->dir_mode);
2798
2799        /* this is needed for ASCII cp to Unicode converts */
2800        if (ctx->iocharset == NULL) {
2801                /* load_nls_default cannot return null */
2802                cifs_sb->local_nls = load_nls_default();
2803        } else {
2804                cifs_sb->local_nls = load_nls(ctx->iocharset);
2805                if (cifs_sb->local_nls == NULL) {
2806                        cifs_dbg(VFS, "CIFS mount error: iocharset %s not found\n",
2807                                 ctx->iocharset);
2808                        return -ELIBACC;
2809                }
2810        }
2811        ctx->local_nls = cifs_sb->local_nls;
2812
2813        smb3_update_mnt_flags(cifs_sb);
2814
2815        if (ctx->direct_io)
2816                cifs_dbg(FYI, "mounting share using direct i/o\n");
2817        if (ctx->cache_ro) {
2818                cifs_dbg(VFS, "mounting share with read only caching. Ensure that the share will not be modified while in use.\n");
2819                cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_RO_CACHE;
2820        } else if (ctx->cache_rw) {
2821                cifs_dbg(VFS, "mounting share in single client RW caching mode. Ensure that no other systems will be accessing the share.\n");
2822                cifs_sb->mnt_cifs_flags |= (CIFS_MOUNT_RO_CACHE |
2823                                            CIFS_MOUNT_RW_CACHE);
2824        }
2825
2826        if ((ctx->cifs_acl) && (ctx->dynperm))
2827                cifs_dbg(VFS, "mount option dynperm ignored if cifsacl mount option supported\n");
2828
2829        if (ctx->prepath) {
2830                cifs_sb->prepath = kstrdup(ctx->prepath, GFP_KERNEL);
2831                if (cifs_sb->prepath == NULL)
2832                        return -ENOMEM;
2833                cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_USE_PREFIX_PATH;
2834        }
2835
2836        return 0;
2837}
2838
2839/* Release all succeed connections */
2840static inline void mount_put_conns(struct cifs_sb_info *cifs_sb,
2841                                   unsigned int xid,
2842                                   struct TCP_Server_Info *server,
2843                                   struct cifs_ses *ses, struct cifs_tcon *tcon)
2844{
2845        int rc = 0;
2846
2847        if (tcon)
2848                cifs_put_tcon(tcon);
2849        else if (ses)
2850                cifs_put_smb_ses(ses);
2851        else if (server)
2852                cifs_put_tcp_session(server, 0);
2853        cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_POSIX_PATHS;
2854        free_xid(xid);
2855}
2856
2857/* Get connections for tcp, ses and tcon */
2858static int mount_get_conns(struct smb3_fs_context *ctx, struct cifs_sb_info *cifs_sb,
2859                           unsigned int *xid,
2860                           struct TCP_Server_Info **nserver,
2861                           struct cifs_ses **nses, struct cifs_tcon **ntcon)
2862{
2863        int rc = 0;
2864        struct TCP_Server_Info *server;
2865        struct cifs_ses *ses;
2866        struct cifs_tcon *tcon;
2867
2868        *nserver = NULL;
2869        *nses = NULL;
2870        *ntcon = NULL;
2871
2872        *xid = get_xid();
2873
2874        /* get a reference to a tcp session */
2875        server = cifs_get_tcp_session(ctx);
2876        if (IS_ERR(server)) {
2877                rc = PTR_ERR(server);
2878                return rc;
2879        }
2880
2881        *nserver = server;
2882
2883        /* get a reference to a SMB session */
2884        ses = cifs_get_smb_ses(server, ctx);
2885        if (IS_ERR(ses)) {
2886                rc = PTR_ERR(ses);
2887                return rc;
2888        }
2889
2890        *nses = ses;
2891
2892        if ((ctx->persistent == true) && (!(ses->server->capabilities &
2893                                            SMB2_GLOBAL_CAP_PERSISTENT_HANDLES))) {
2894                cifs_server_dbg(VFS, "persistent handles not supported by server\n");
2895                return -EOPNOTSUPP;
2896        }
2897
2898        /* search for existing tcon to this server share */
2899        tcon = cifs_get_tcon(ses, ctx);
2900        if (IS_ERR(tcon)) {
2901                rc = PTR_ERR(tcon);
2902                return rc;
2903        }
2904
2905        *ntcon = tcon;
2906
2907        /* if new SMB3.11 POSIX extensions are supported do not remap / and \ */
2908        if (tcon->posix_extensions)
2909                cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_POSIX_PATHS;
2910
2911        /* tell server which Unix caps we support */
2912        if (cap_unix(tcon->ses)) {
2913                /*
2914                 * reset of caps checks mount to see if unix extensions disabled
2915                 * for just this mount.
2916                 */
2917                reset_cifs_unix_caps(*xid, tcon, cifs_sb, ctx);
2918                if ((tcon->ses->server->tcpStatus == CifsNeedReconnect) &&
2919                    (le64_to_cpu(tcon->fsUnixInfo.Capability) &
2920                     CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP))
2921                        return -EACCES;
2922        } else
2923                tcon->unix_ext = 0; /* server does not support them */
2924
2925        /* do not care if a following call succeed - informational */
2926        if (!tcon->pipe && server->ops->qfs_tcon) {
2927                server->ops->qfs_tcon(*xid, tcon, cifs_sb);
2928                if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_RO_CACHE) {
2929                        if (tcon->fsDevInfo.DeviceCharacteristics &
2930                            cpu_to_le32(FILE_READ_ONLY_DEVICE))
2931                                cifs_dbg(VFS, "mounted to read only share\n");
2932                        else if ((cifs_sb->mnt_cifs_flags &
2933                                  CIFS_MOUNT_RW_CACHE) == 0)
2934                                cifs_dbg(VFS, "read only mount of RW share\n");
2935                        /* no need to log a RW mount of a typical RW share */
2936                }
2937        }
2938
2939        /*
2940         * Clamp the rsize/wsize mount arguments if they are too big for the server
2941         * and set the rsize/wsize to the negotiated values if not passed in by
2942         * the user on mount
2943         */
2944        if ((cifs_sb->ctx->wsize == 0) ||
2945            (cifs_sb->ctx->wsize > server->ops->negotiate_wsize(tcon, ctx)))
2946                cifs_sb->ctx->wsize = server->ops->negotiate_wsize(tcon, ctx);
2947        if ((cifs_sb->ctx->rsize == 0) ||
2948            (cifs_sb->ctx->rsize > server->ops->negotiate_rsize(tcon, ctx)))
2949                cifs_sb->ctx->rsize = server->ops->negotiate_rsize(tcon, ctx);
2950
2951        return 0;
2952}
2953
2954static int mount_setup_tlink(struct cifs_sb_info *cifs_sb, struct cifs_ses *ses,
2955                             struct cifs_tcon *tcon)
2956{
2957        struct tcon_link *tlink;
2958
2959        /* hang the tcon off of the superblock */
2960        tlink = kzalloc(sizeof(*tlink), GFP_KERNEL);
2961        if (tlink == NULL)
2962                return -ENOMEM;
2963
2964        tlink->tl_uid = ses->linux_uid;
2965        tlink->tl_tcon = tcon;
2966        tlink->tl_time = jiffies;
2967        set_bit(TCON_LINK_MASTER, &tlink->tl_flags);
2968        set_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
2969
2970        cifs_sb->master_tlink = tlink;
2971        spin_lock(&cifs_sb->tlink_tree_lock);
2972        tlink_rb_insert(&cifs_sb->tlink_tree, tlink);
2973        spin_unlock(&cifs_sb->tlink_tree_lock);
2974
2975        queue_delayed_work(cifsiod_wq, &cifs_sb->prune_tlinks,
2976                                TLINK_IDLE_EXPIRE);
2977        return 0;
2978}
2979
2980#ifdef CONFIG_CIFS_DFS_UPCALL
2981static int mount_get_dfs_conns(struct smb3_fs_context *ctx, struct cifs_sb_info *cifs_sb,
2982                               unsigned int *xid, struct TCP_Server_Info **nserver,
2983                               struct cifs_ses **nses, struct cifs_tcon **ntcon)
2984{
2985        int rc;
2986
2987        ctx->nosharesock = true;
2988        rc = mount_get_conns(ctx, cifs_sb, xid, nserver, nses, ntcon);
2989        if (*nserver) {
2990                cifs_dbg(FYI, "%s: marking tcp session as a dfs connection\n", __func__);
2991                spin_lock(&cifs_tcp_ses_lock);
2992                (*nserver)->is_dfs_conn = true;
2993                spin_unlock(&cifs_tcp_ses_lock);
2994        }
2995        return rc;
2996}
2997
2998/*
2999 * cifs_build_path_to_root returns full path to root when we do not have an
3000 * existing connection (tcon)
3001 */
3002static char *
3003build_unc_path_to_root(const struct smb3_fs_context *ctx,
3004                       const struct cifs_sb_info *cifs_sb, bool useppath)
3005{
3006        char *full_path, *pos;
3007        unsigned int pplen = useppath && ctx->prepath ?
3008                strlen(ctx->prepath) + 1 : 0;
3009        unsigned int unc_len = strnlen(ctx->UNC, MAX_TREE_SIZE + 1);
3010
3011        if (unc_len > MAX_TREE_SIZE)
3012                return ERR_PTR(-EINVAL);
3013
3014        full_path = kmalloc(unc_len + pplen + 1, GFP_KERNEL);
3015        if (full_path == NULL)
3016                return ERR_PTR(-ENOMEM);
3017
3018        memcpy(full_path, ctx->UNC, unc_len);
3019        pos = full_path + unc_len;
3020
3021        if (pplen) {
3022                *pos = CIFS_DIR_SEP(cifs_sb);
3023                memcpy(pos + 1, ctx->prepath, pplen);
3024                pos += pplen;
3025        }
3026
3027        *pos = '\0'; /* add trailing null */
3028        convert_delimiter(full_path, CIFS_DIR_SEP(cifs_sb));
3029        cifs_dbg(FYI, "%s: full_path=%s\n", __func__, full_path);
3030        return full_path;
3031}
3032
3033/**
3034 * expand_dfs_referral - Perform a dfs referral query and update the cifs_sb
3035 *
3036 * If a referral is found, cifs_sb->ctx->mount_options will be (re-)allocated
3037 * to a string containing updated options for the submount.  Otherwise it
3038 * will be left untouched.
3039 *
3040 * Returns the rc from get_dfs_path to the caller, which can be used to
3041 * determine whether there were referrals.
3042 */
3043static int
3044expand_dfs_referral(const unsigned int xid, struct cifs_ses *ses,
3045                    struct smb3_fs_context *ctx, struct cifs_sb_info *cifs_sb,
3046                    char *ref_path)
3047{
3048        int rc;
3049        struct dfs_info3_param referral = {0};
3050        char *full_path = NULL, *mdata = NULL;
3051
3052        if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NO_DFS)
3053                return -EREMOTE;
3054
3055        full_path = build_unc_path_to_root(ctx, cifs_sb, true);
3056        if (IS_ERR(full_path))
3057                return PTR_ERR(full_path);
3058
3059        rc = dfs_cache_find(xid, ses, cifs_sb->local_nls, cifs_remap(cifs_sb),
3060                            ref_path, &referral, NULL);
3061        if (!rc) {
3062                char *fake_devname = NULL;
3063
3064                mdata = cifs_compose_mount_options(cifs_sb->ctx->mount_options,
3065                                                   full_path + 1, &referral,
3066                                                   &fake_devname);
3067                free_dfs_info_param(&referral);
3068
3069                if (IS_ERR(mdata)) {
3070                        rc = PTR_ERR(mdata);
3071                        mdata = NULL;
3072                } else {
3073                        /*
3074                         * We can not clear out the whole structure since we
3075                         * no longer have an explicit function to parse
3076                         * a mount-string. Instead we need to clear out the
3077                         * individual fields that are no longer valid.
3078                         */
3079                        kfree(ctx->prepath);
3080                        ctx->prepath = NULL;
3081                        rc = cifs_setup_volume_info(ctx, mdata, fake_devname);
3082                }
3083                kfree(fake_devname);
3084                kfree(cifs_sb->ctx->mount_options);
3085                cifs_sb->ctx->mount_options = mdata;
3086        }
3087        kfree(full_path);
3088        return rc;
3089}
3090
3091static int get_next_dfs_tgt(struct dfs_cache_tgt_list *tgt_list,
3092                            struct dfs_cache_tgt_iterator **tgt_it)
3093{
3094        if (!*tgt_it)
3095                *tgt_it = dfs_cache_get_tgt_iterator(tgt_list);
3096        else
3097                *tgt_it = dfs_cache_get_next_tgt(tgt_list, *tgt_it);
3098        return !*tgt_it ? -EHOSTDOWN : 0;
3099}
3100
3101static int update_vol_info(const struct dfs_cache_tgt_iterator *tgt_it,
3102                           struct smb3_fs_context *fake_ctx, struct smb3_fs_context *ctx)
3103{
3104        const char *tgt = dfs_cache_get_tgt_name(tgt_it);
3105        int len = strlen(tgt) + 2;
3106        char *new_unc;
3107
3108        new_unc = kmalloc(len, GFP_KERNEL);
3109        if (!new_unc)
3110                return -ENOMEM;
3111        scnprintf(new_unc, len, "\\%s", tgt);
3112
3113        kfree(ctx->UNC);
3114        ctx->UNC = new_unc;
3115
3116        if (fake_ctx->prepath) {
3117                kfree(ctx->prepath);
3118                ctx->prepath = fake_ctx->prepath;
3119                fake_ctx->prepath = NULL;
3120        }
3121        memcpy(&ctx->dstaddr, &fake_ctx->dstaddr, sizeof(ctx->dstaddr));
3122
3123        return 0;
3124}
3125
3126static int do_dfs_failover(const char *path, const char *full_path, struct cifs_sb_info *cifs_sb,
3127                           struct smb3_fs_context *ctx, struct cifs_ses *root_ses,
3128                           unsigned int *xid, struct TCP_Server_Info **server,
3129                           struct cifs_ses **ses, struct cifs_tcon **tcon)
3130{
3131        int rc;
3132        char *npath = NULL;
3133        struct dfs_cache_tgt_list tgt_list = DFS_CACHE_TGT_LIST_INIT(tgt_list);
3134        struct dfs_cache_tgt_iterator *tgt_it = NULL;
3135        struct smb3_fs_context tmp_ctx = {NULL};
3136
3137        if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NO_DFS)
3138                return -EOPNOTSUPP;
3139
3140        npath = dfs_cache_canonical_path(path, cifs_sb->local_nls, cifs_remap(cifs_sb));
3141        if (IS_ERR(npath))
3142                return PTR_ERR(npath);
3143
3144        cifs_dbg(FYI, "%s: path=%s full_path=%s\n", __func__, npath, full_path);
3145
3146        rc = dfs_cache_noreq_find(npath, NULL, &tgt_list);
3147        if (rc)
3148                goto out;
3149        /*
3150         * We use a 'tmp_ctx' here because we need pass it down to the mount_{get,put} functions to
3151         * test connection against new DFS targets.
3152         */
3153        rc = smb3_fs_context_dup(&tmp_ctx, ctx);
3154        if (rc)
3155                goto out;
3156
3157        for (;;) {
3158                struct dfs_info3_param ref = {0};
3159                char *fake_devname = NULL, *mdata = NULL;
3160
3161                /* Get next DFS target server - if any */
3162                rc = get_next_dfs_tgt(&tgt_list, &tgt_it);
3163                if (rc)
3164                        break;
3165
3166                rc = dfs_cache_get_tgt_referral(npath, tgt_it, &ref);
3167                if (rc)
3168                        break;
3169
3170                cifs_dbg(FYI, "%s: old ctx: UNC=%s prepath=%s\n", __func__, tmp_ctx.UNC,
3171                         tmp_ctx.prepath);
3172
3173                mdata = cifs_compose_mount_options(cifs_sb->ctx->mount_options, full_path + 1, &ref,
3174                                                   &fake_devname);
3175                free_dfs_info_param(&ref);
3176
3177                if (IS_ERR(mdata)) {
3178                        rc = PTR_ERR(mdata);
3179                        mdata = NULL;
3180                } else
3181                        rc = cifs_setup_volume_info(&tmp_ctx, mdata, fake_devname);
3182
3183                kfree(mdata);
3184                kfree(fake_devname);
3185
3186                if (rc)
3187                        break;
3188
3189                cifs_dbg(FYI, "%s: new ctx: UNC=%s prepath=%s\n", __func__, tmp_ctx.UNC,
3190                         tmp_ctx.prepath);
3191
3192                mount_put_conns(cifs_sb, *xid, *server, *ses, *tcon);
3193                rc = mount_get_dfs_conns(&tmp_ctx, cifs_sb, xid, server, ses, tcon);
3194                if (!rc || (*server && *ses)) {
3195                        /*
3196                         * We were able to connect to new target server. Update current context with
3197                         * new target server.
3198                         */
3199                        rc = update_vol_info(tgt_it, &tmp_ctx, ctx);
3200                        break;
3201                }
3202        }
3203        if (!rc) {
3204                cifs_dbg(FYI, "%s: final ctx: UNC=%s prepath=%s\n", __func__, tmp_ctx.UNC,
3205                         tmp_ctx.prepath);
3206                /*
3207                 * Update DFS target hint in DFS referral cache with the target server we
3208                 * successfully reconnected to.
3209                 */
3210                rc = dfs_cache_update_tgthint(*xid, root_ses ? root_ses : *ses, cifs_sb->local_nls,
3211                                              cifs_remap(cifs_sb), path, tgt_it);
3212        }
3213
3214out:
3215        kfree(npath);
3216        smb3_cleanup_fs_context_contents(&tmp_ctx);
3217        dfs_cache_free_tgts(&tgt_list);
3218        return rc;
3219}
3220#endif
3221
3222/* TODO: all callers to this are broken. We are not parsing mount_options here
3223 * we should pass a clone of the original context?
3224 */
3225int
3226cifs_setup_volume_info(struct smb3_fs_context *ctx, const char *mntopts, const char *devname)
3227{
3228        int rc;
3229
3230        if (devname) {
3231                cifs_dbg(FYI, "%s: devname=%s\n", __func__, devname);
3232                rc = smb3_parse_devname(devname, ctx);
3233                if (rc) {
3234                        cifs_dbg(VFS, "%s: failed to parse %s: %d\n", __func__, devname, rc);
3235                        return rc;
3236                }
3237        }
3238
3239        if (mntopts) {
3240                char *ip;
3241
3242                rc = smb3_parse_opt(mntopts, "ip", &ip);
3243                if (rc) {
3244                        cifs_dbg(VFS, "%s: failed to parse ip options: %d\n", __func__, rc);
3245                        return rc;
3246                }
3247
3248                rc = cifs_convert_address((struct sockaddr *)&ctx->dstaddr, ip, strlen(ip));
3249                kfree(ip);
3250                if (!rc) {
3251                        cifs_dbg(VFS, "%s: failed to convert ip address\n", __func__);
3252                        return -EINVAL;
3253                }
3254        }
3255
3256        if (ctx->nullauth) {
3257                cifs_dbg(FYI, "Anonymous login\n");
3258                kfree(ctx->username);
3259                ctx->username = NULL;
3260        } else if (ctx->username) {
3261                /* BB fixme parse for domain name here */
3262                cifs_dbg(FYI, "Username: %s\n", ctx->username);
3263        } else {
3264                cifs_dbg(VFS, "No username specified\n");
3265        /* In userspace mount helper we can get user name from alternate
3266           locations such as env variables and files on disk */
3267                return -EINVAL;
3268        }
3269
3270        return 0;
3271}
3272
3273static int
3274cifs_are_all_path_components_accessible(struct TCP_Server_Info *server,
3275                                        unsigned int xid,
3276                                        struct cifs_tcon *tcon,
3277                                        struct cifs_sb_info *cifs_sb,
3278                                        char *full_path,
3279                                        int added_treename)
3280{
3281        int rc;
3282        char *s;
3283        char sep, tmp;
3284        int skip = added_treename ? 1 : 0;
3285
3286        sep = CIFS_DIR_SEP(cifs_sb);
3287        s = full_path;
3288
3289        rc = server->ops->is_path_accessible(xid, tcon, cifs_sb, "");
3290        while (rc == 0) {
3291                /* skip separators */
3292                while (*s == sep)
3293                        s++;
3294                if (!*s)
3295                        break;
3296                /* next separator */
3297                while (*s && *s != sep)
3298                        s++;
3299                /*
3300                 * if the treename is added, we then have to skip the first
3301                 * part within the separators
3302                 */
3303                if (skip) {
3304                        skip = 0;
3305                        continue;
3306                }
3307                /*
3308                 * temporarily null-terminate the path at the end of
3309                 * the current component
3310                 */
3311                tmp = *s;
3312                *s = 0;
3313                rc = server->ops->is_path_accessible(xid, tcon, cifs_sb,
3314                                                     full_path);
3315                *s = tmp;
3316        }
3317        return rc;
3318}
3319
3320/*
3321 * Check if path is remote (e.g. a DFS share). Return -EREMOTE if it is,
3322 * otherwise 0.
3323 */
3324static int is_path_remote(struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx,
3325                          const unsigned int xid,
3326                          struct TCP_Server_Info *server,
3327                          struct cifs_tcon *tcon)
3328{
3329        int rc;
3330        char *full_path;
3331
3332        if (!server->ops->is_path_accessible)
3333                return -EOPNOTSUPP;
3334
3335        /*
3336         * cifs_build_path_to_root works only when we have a valid tcon
3337         */
3338        full_path = cifs_build_path_to_root(ctx, cifs_sb, tcon,
3339                                            tcon->Flags & SMB_SHARE_IS_IN_DFS);
3340        if (full_path == NULL)
3341                return -ENOMEM;
3342
3343        cifs_dbg(FYI, "%s: full_path: %s\n", __func__, full_path);
3344
3345        rc = server->ops->is_path_accessible(xid, tcon, cifs_sb,
3346                                             full_path);
3347        if (rc != 0 && rc != -EREMOTE) {
3348                kfree(full_path);
3349                return rc;
3350        }
3351
3352        if (rc != -EREMOTE) {
3353                rc = cifs_are_all_path_components_accessible(server, xid, tcon,
3354                        cifs_sb, full_path, tcon->Flags & SMB_SHARE_IS_IN_DFS);
3355                if (rc != 0) {
3356                        cifs_server_dbg(VFS, "cannot query dirs between root and final path, enabling CIFS_MOUNT_USE_PREFIX_PATH\n");
3357                        cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_USE_PREFIX_PATH;
3358                        rc = 0;
3359                }
3360        }
3361
3362        kfree(full_path);
3363        return rc;
3364}
3365
3366#ifdef CONFIG_CIFS_DFS_UPCALL
3367static void set_root_ses(struct cifs_sb_info *cifs_sb, const uuid_t *mount_id, struct cifs_ses *ses,
3368                         struct cifs_ses **root_ses)
3369{
3370        if (ses) {
3371                spin_lock(&cifs_tcp_ses_lock);
3372                ses->ses_count++;
3373                spin_unlock(&cifs_tcp_ses_lock);
3374                dfs_cache_add_refsrv_session(mount_id, ses);
3375        }
3376        *root_ses = ses;
3377}
3378
3379/* Set up next dfs prefix path in @dfs_path */
3380static int next_dfs_prepath(struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx,
3381                            const unsigned int xid, struct TCP_Server_Info *server,
3382                            struct cifs_tcon *tcon, char **dfs_path)
3383{
3384        char *path, *npath;
3385        int added_treename = is_tcon_dfs(tcon);
3386        int rc;
3387
3388        path = cifs_build_path_to_root(ctx, cifs_sb, tcon, added_treename);
3389        if (!path)
3390                return -ENOMEM;
3391
3392        rc = is_path_remote(cifs_sb, ctx, xid, server, tcon);
3393        if (rc == -EREMOTE) {
3394                struct smb3_fs_context v = {NULL};
3395                /* if @path contains a tree name, skip it in the prefix path */
3396                if (added_treename) {
3397                        rc = smb3_parse_devname(path, &v);
3398                        if (rc)
3399                                goto out;
3400                        npath = build_unc_path_to_root(&v, cifs_sb, true);
3401                        smb3_cleanup_fs_context_contents(&v);
3402                } else {
3403                        v.UNC = ctx->UNC;
3404                        v.prepath = path + 1;
3405                        npath = build_unc_path_to_root(&v, cifs_sb, true);
3406                }
3407
3408                if (IS_ERR(npath)) {
3409                        rc = PTR_ERR(npath);
3410                        goto out;
3411                }
3412
3413                kfree(*dfs_path);
3414                *dfs_path = npath;
3415                rc = -EREMOTE;
3416        }
3417
3418out:
3419        kfree(path);
3420        return rc;
3421}
3422
3423/* Check if resolved targets can handle any DFS referrals */
3424static int is_referral_server(const char *ref_path, struct cifs_sb_info *cifs_sb,
3425                              struct cifs_tcon *tcon, bool *ref_server)
3426{
3427        int rc;
3428        struct dfs_info3_param ref = {0};
3429
3430        cifs_dbg(FYI, "%s: ref_path=%s\n", __func__, ref_path);
3431
3432        if (is_tcon_dfs(tcon)) {
3433                *ref_server = true;
3434        } else {
3435                char *npath;
3436
3437                npath = dfs_cache_canonical_path(ref_path, cifs_sb->local_nls, cifs_remap(cifs_sb));
3438                if (IS_ERR(npath))
3439                        return PTR_ERR(npath);
3440
3441                rc = dfs_cache_noreq_find(npath, &ref, NULL);
3442                kfree(npath);
3443                if (rc) {
3444                        cifs_dbg(VFS, "%s: dfs_cache_noreq_find: failed (rc=%d)\n", __func__, rc);
3445                        return rc;
3446                }
3447                cifs_dbg(FYI, "%s: ref.flags=0x%x\n", __func__, ref.flags);
3448                /*
3449                 * Check if all targets are capable of handling DFS referrals as per
3450                 * MS-DFSC 2.2.4 RESP_GET_DFS_REFERRAL.
3451                 */
3452                *ref_server = !!(ref.flags & DFSREF_REFERRAL_SERVER);
3453                free_dfs_info_param(&ref);
3454        }
3455        return 0;
3456}
3457
3458int cifs_mount(struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx)
3459{
3460        int rc = 0;
3461        unsigned int xid;
3462        struct TCP_Server_Info *server = NULL;
3463        struct cifs_ses *ses = NULL, *root_ses = NULL;
3464        struct cifs_tcon *tcon = NULL;
3465        int count = 0;
3466        uuid_t mount_id = {0};
3467        char *ref_path = NULL, *full_path = NULL;
3468        char *oldmnt = NULL;
3469        bool ref_server = false;
3470
3471        rc = mount_get_conns(ctx, cifs_sb, &xid, &server, &ses, &tcon);
3472        /*
3473         * If called with 'nodfs' mount option, then skip DFS resolving.  Otherwise unconditionally
3474         * try to get an DFS referral (even cached) to determine whether it is an DFS mount.
3475         *
3476         * Skip prefix path to provide support for DFS referrals from w2k8 servers which don't seem
3477         * to respond with PATH_NOT_COVERED to requests that include the prefix.
3478         */
3479        if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NO_DFS) ||
3480            dfs_cache_find(xid, ses, cifs_sb->local_nls, cifs_remap(cifs_sb), ctx->UNC + 1, NULL,
3481                           NULL)) {
3482                if (rc)
3483                        goto error;
3484                /* Check if it is fully accessible and then mount it */
3485                rc = is_path_remote(cifs_sb, ctx, xid, server, tcon);
3486                if (!rc)
3487                        goto out;
3488                if (rc != -EREMOTE)
3489                        goto error;
3490        }
3491
3492        mount_put_conns(cifs_sb, xid, server, ses, tcon);
3493        /*
3494         * Ignore error check here because we may failover to other targets from cached a
3495         * referral.
3496         */
3497        (void)mount_get_dfs_conns(ctx, cifs_sb, &xid, &server, &ses, &tcon);
3498
3499        /* Get path of DFS root */
3500        ref_path = build_unc_path_to_root(ctx, cifs_sb, false);
3501        if (IS_ERR(ref_path)) {
3502                rc = PTR_ERR(ref_path);
3503                ref_path = NULL;
3504                goto error;
3505        }
3506
3507        uuid_gen(&mount_id);
3508        set_root_ses(cifs_sb, &mount_id, ses, &root_ses);
3509        do {
3510                /* Save full path of last DFS path we used to resolve final target server */
3511                kfree(full_path);
3512                full_path = build_unc_path_to_root(ctx, cifs_sb, !!count);
3513                if (IS_ERR(full_path)) {
3514                        rc = PTR_ERR(full_path);
3515                        full_path = NULL;
3516                        break;
3517                }
3518                /* Chase referral */
3519                oldmnt = cifs_sb->ctx->mount_options;
3520                rc = expand_dfs_referral(xid, root_ses, ctx, cifs_sb, ref_path + 1);
3521                if (rc)
3522                        break;
3523                /* Connect to new DFS target only if we were redirected */
3524                if (oldmnt != cifs_sb->ctx->mount_options) {
3525                        mount_put_conns(cifs_sb, xid, server, ses, tcon);
3526                        rc = mount_get_dfs_conns(ctx, cifs_sb, &xid, &server, &ses, &tcon);
3527                }
3528                if (rc && !server && !ses) {
3529                        /* Failed to connect. Try to connect to other targets in the referral. */
3530                        rc = do_dfs_failover(ref_path + 1, full_path, cifs_sb, ctx, root_ses, &xid,
3531                                             &server, &ses, &tcon);
3532                }
3533                if (rc == -EACCES || rc == -EOPNOTSUPP || !server || !ses)
3534                        break;
3535                if (!tcon)
3536                        continue;
3537
3538                /* Make sure that requests go through new root servers */
3539                rc = is_referral_server(ref_path + 1, cifs_sb, tcon, &ref_server);
3540                if (rc)
3541                        break;
3542                if (ref_server)
3543                        set_root_ses(cifs_sb, &mount_id, ses, &root_ses);
3544
3545                /* Get next dfs path and then continue chasing them if -EREMOTE */
3546                rc = next_dfs_prepath(cifs_sb, ctx, xid, server, tcon, &ref_path);
3547                /* Prevent recursion on broken link referrals */
3548                if (rc == -EREMOTE && ++count > MAX_NESTED_LINKS)
3549                        rc = -ELOOP;
3550        } while (rc == -EREMOTE);
3551
3552        if (rc || !tcon || !ses)
3553                goto error;
3554
3555        kfree(ref_path);
3556        /*
3557         * Store DFS full path in both superblock and tree connect structures.
3558         *
3559         * For DFS root mounts, the prefix path (cifs_sb->prepath) is preserved during reconnect so
3560         * only the root path is set in cifs_sb->origin_fullpath and tcon->dfs_path. And for DFS
3561         * links, the prefix path is included in both and may be changed during reconnect.  See
3562         * cifs_tree_connect().
3563         */
3564        ref_path = dfs_cache_canonical_path(full_path, cifs_sb->local_nls, cifs_remap(cifs_sb));
3565        kfree(full_path);
3566        full_path = NULL;
3567
3568        if (IS_ERR(ref_path)) {
3569                rc = PTR_ERR(ref_path);
3570                ref_path = NULL;
3571                goto error;
3572        }
3573        cifs_sb->origin_fullpath = ref_path;
3574
3575        ref_path = kstrdup(cifs_sb->origin_fullpath, GFP_KERNEL);
3576        if (!ref_path) {
3577                rc = -ENOMEM;
3578                goto error;
3579        }
3580        spin_lock(&cifs_tcp_ses_lock);
3581        tcon->dfs_path = ref_path;
3582        ref_path = NULL;
3583        spin_unlock(&cifs_tcp_ses_lock);
3584
3585        /*
3586         * After reconnecting to a different server, unique ids won't
3587         * match anymore, so we disable serverino. This prevents
3588         * dentry revalidation to think the dentry are stale (ESTALE).
3589         */
3590        cifs_autodisable_serverino(cifs_sb);
3591        /*
3592         * Force the use of prefix path to support failover on DFS paths that
3593         * resolve to targets that have different prefix paths.
3594         */
3595        cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_USE_PREFIX_PATH;
3596        kfree(cifs_sb->prepath);
3597        cifs_sb->prepath = ctx->prepath;
3598        ctx->prepath = NULL;
3599        uuid_copy(&cifs_sb->dfs_mount_id, &mount_id);
3600
3601out:
3602        free_xid(xid);
3603        cifs_try_adding_channels(cifs_sb, ses);
3604        return mount_setup_tlink(cifs_sb, ses, tcon);
3605
3606error:
3607        kfree(ref_path);
3608        kfree(full_path);
3609        kfree(cifs_sb->origin_fullpath);
3610        dfs_cache_put_refsrv_sessions(&mount_id);
3611        mount_put_conns(cifs_sb, xid, server, ses, tcon);
3612        return rc;
3613}
3614#else
3615int cifs_mount(struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx)
3616{
3617        int rc = 0;
3618        unsigned int xid;
3619        struct cifs_ses *ses;
3620        struct cifs_tcon *tcon;
3621        struct TCP_Server_Info *server;
3622
3623        rc = mount_get_conns(ctx, cifs_sb, &xid, &server, &ses, &tcon);
3624        if (rc)
3625                goto error;
3626
3627        if (tcon) {
3628                rc = is_path_remote(cifs_sb, ctx, xid, server, tcon);
3629                if (rc == -EREMOTE)
3630                        rc = -EOPNOTSUPP;
3631                if (rc)
3632                        goto error;
3633        }
3634
3635        free_xid(xid);
3636
3637        return mount_setup_tlink(cifs_sb, ses, tcon);
3638
3639error:
3640        mount_put_conns(cifs_sb, xid, server, ses, tcon);
3641        return rc;
3642}
3643#endif
3644
3645/*
3646 * Issue a TREE_CONNECT request.
3647 */
3648int
3649CIFSTCon(const unsigned int xid, struct cifs_ses *ses,
3650         const char *tree, struct cifs_tcon *tcon,
3651         const struct nls_table *nls_codepage)
3652{
3653        struct smb_hdr *smb_buffer;
3654        struct smb_hdr *smb_buffer_response;
3655        TCONX_REQ *pSMB;
3656        TCONX_RSP *pSMBr;
3657        unsigned char *bcc_ptr;
3658        int rc = 0;
3659        int length;
3660        __u16 bytes_left, count;
3661
3662        if (ses == NULL)
3663                return -EIO;
3664
3665        smb_buffer = cifs_buf_get();
3666        if (smb_buffer == NULL)
3667                return -ENOMEM;
3668
3669        smb_buffer_response = smb_buffer;
3670
3671        header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3672                        NULL /*no tid */ , 4 /*wct */ );
3673
3674        smb_buffer->Mid = get_next_mid(ses->server);
3675        smb_buffer->Uid = ses->Suid;
3676        pSMB = (TCONX_REQ *) smb_buffer;
3677        pSMBr = (TCONX_RSP *) smb_buffer_response;
3678
3679        pSMB->AndXCommand = 0xFF;
3680        pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3681        bcc_ptr = &pSMB->Password[0];
3682        if (tcon->pipe || (ses->server->sec_mode & SECMODE_USER)) {
3683                pSMB->PasswordLength = cpu_to_le16(1);  /* minimum */
3684                *bcc_ptr = 0; /* password is null byte */
3685                bcc_ptr++;              /* skip password */
3686                /* already aligned so no need to do it below */
3687        } else {
3688                pSMB->PasswordLength = cpu_to_le16(CIFS_AUTH_RESP_SIZE);
3689                /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3690                   specified as required (when that support is added to
3691                   the vfs in the future) as only NTLM or the much
3692                   weaker LANMAN (which we do not send by default) is accepted
3693                   by Samba (not sure whether other servers allow
3694                   NTLMv2 password here) */
3695#ifdef CONFIG_CIFS_WEAK_PW_HASH
3696                if ((global_secflags & CIFSSEC_MAY_LANMAN) &&
3697                    (ses->sectype == LANMAN))
3698                        calc_lanman_hash(tcon->password, ses->server->cryptkey,
3699                                         ses->server->sec_mode &
3700                                            SECMODE_PW_ENCRYPT ? true : false,
3701                                         bcc_ptr);
3702                else
3703#endif /* CIFS_WEAK_PW_HASH */
3704                rc = SMBNTencrypt(tcon->password, ses->server->cryptkey,
3705                                        bcc_ptr, nls_codepage);
3706                if (rc) {
3707                        cifs_dbg(FYI, "%s Can't generate NTLM rsp. Error: %d\n",
3708                                 __func__, rc);
3709                        cifs_buf_release(smb_buffer);
3710                        return rc;
3711                }
3712
3713                bcc_ptr += CIFS_AUTH_RESP_SIZE;
3714                if (ses->capabilities & CAP_UNICODE) {
3715                        /* must align unicode strings */
3716                        *bcc_ptr = 0; /* null byte password */
3717                        bcc_ptr++;
3718                }
3719        }
3720
3721        if (ses->server->sign)
3722                smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3723
3724        if (ses->capabilities & CAP_STATUS32) {
3725                smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3726        }
3727        if (ses->capabilities & CAP_DFS) {
3728                smb_buffer->Flags2 |= SMBFLG2_DFS;
3729        }
3730        if (ses->capabilities & CAP_UNICODE) {
3731                smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3732                length =
3733                    cifs_strtoUTF16((__le16 *) bcc_ptr, tree,
3734                        6 /* max utf8 char length in bytes */ *
3735                        (/* server len*/ + 256 /* share len */), nls_codepage);
3736                bcc_ptr += 2 * length;  /* convert num 16 bit words to bytes */
3737                bcc_ptr += 2;   /* skip trailing null */
3738        } else {                /* ASCII */
3739                strcpy(bcc_ptr, tree);
3740                bcc_ptr += strlen(tree) + 1;
3741        }
3742        strcpy(bcc_ptr, "?????");
3743        bcc_ptr += strlen("?????");
3744        bcc_ptr += 1;
3745        count = bcc_ptr - &pSMB->Password[0];
3746        be32_add_cpu(&pSMB->hdr.smb_buf_length, count);
3747        pSMB->ByteCount = cpu_to_le16(count);
3748
3749        rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
3750                         0);
3751
3752        /* above now done in SendReceive */
3753        if (rc == 0) {
3754                bool is_unicode;
3755
3756                tcon->tidStatus = CifsGood;
3757                tcon->need_reconnect = false;
3758                tcon->tid = smb_buffer_response->Tid;
3759                bcc_ptr = pByteArea(smb_buffer_response);
3760                bytes_left = get_bcc(smb_buffer_response);
3761                length = strnlen(bcc_ptr, bytes_left - 2);
3762                if (smb_buffer->Flags2 & SMBFLG2_UNICODE)
3763                        is_unicode = true;
3764                else
3765                        is_unicode = false;
3766
3767
3768                /* skip service field (NB: this field is always ASCII) */
3769                if (length == 3) {
3770                        if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') &&
3771                            (bcc_ptr[2] == 'C')) {
3772                                cifs_dbg(FYI, "IPC connection\n");
3773                                tcon->ipc = true;
3774                                tcon->pipe = true;
3775                        }
3776                } else if (length == 2) {
3777                        if ((bcc_ptr[0] == 'A') && (bcc_ptr[1] == ':')) {
3778                                /* the most common case */
3779                                cifs_dbg(FYI, "disk share connection\n");
3780                        }
3781                }
3782                bcc_ptr += length + 1;
3783                bytes_left -= (length + 1);
3784                strlcpy(tcon->treeName, tree, sizeof(tcon->treeName));
3785
3786                /* mostly informational -- no need to fail on error here */
3787                kfree(tcon->nativeFileSystem);
3788                tcon->nativeFileSystem = cifs_strndup_from_utf16(bcc_ptr,
3789                                                      bytes_left, is_unicode,
3790                                                      nls_codepage);
3791
3792                cifs_dbg(FYI, "nativeFileSystem=%s\n", tcon->nativeFileSystem);
3793
3794                if ((smb_buffer_response->WordCount == 3) ||
3795                         (smb_buffer_response->WordCount == 7))
3796                        /* field is in same location */
3797                        tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3798                else
3799                        tcon->Flags = 0;
3800                cifs_dbg(FYI, "Tcon flags: 0x%x\n", tcon->Flags);
3801        }
3802
3803        cifs_buf_release(smb_buffer);
3804        return rc;
3805}
3806
3807static void delayed_free(struct rcu_head *p)
3808{
3809        struct cifs_sb_info *cifs_sb = container_of(p, struct cifs_sb_info, rcu);
3810
3811        unload_nls(cifs_sb->local_nls);
3812        smb3_cleanup_fs_context(cifs_sb->ctx);
3813        kfree(cifs_sb);
3814}
3815
3816void
3817cifs_umount(struct cifs_sb_info *cifs_sb)
3818{
3819        struct rb_root *root = &cifs_sb->tlink_tree;
3820        struct rb_node *node;
3821        struct tcon_link *tlink;
3822
3823        cancel_delayed_work_sync(&cifs_sb->prune_tlinks);
3824
3825        spin_lock(&cifs_sb->tlink_tree_lock);
3826        while ((node = rb_first(root))) {
3827                tlink = rb_entry(node, struct tcon_link, tl_rbnode);
3828                cifs_get_tlink(tlink);
3829                clear_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
3830                rb_erase(node, root);
3831
3832                spin_unlock(&cifs_sb->tlink_tree_lock);
3833                cifs_put_tlink(tlink);
3834                spin_lock(&cifs_sb->tlink_tree_lock);
3835        }
3836        spin_unlock(&cifs_sb->tlink_tree_lock);
3837
3838        kfree(cifs_sb->prepath);
3839#ifdef CONFIG_CIFS_DFS_UPCALL
3840        dfs_cache_put_refsrv_sessions(&cifs_sb->dfs_mount_id);
3841        kfree(cifs_sb->origin_fullpath);
3842#endif
3843        call_rcu(&cifs_sb->rcu, delayed_free);
3844}
3845
3846int
3847cifs_negotiate_protocol(const unsigned int xid, struct cifs_ses *ses)
3848{
3849        int rc = 0;
3850        struct TCP_Server_Info *server = cifs_ses_server(ses);
3851
3852        if (!server->ops->need_neg || !server->ops->negotiate)
3853                return -ENOSYS;
3854
3855        /* only send once per connect */
3856        if (!server->ops->need_neg(server))
3857                return 0;
3858
3859        rc = server->ops->negotiate(xid, ses);
3860        if (rc == 0) {
3861                spin_lock(&GlobalMid_Lock);
3862                if (server->tcpStatus == CifsNeedNegotiate)
3863                        server->tcpStatus = CifsGood;
3864                else
3865                        rc = -EHOSTDOWN;
3866                spin_unlock(&GlobalMid_Lock);
3867        }
3868
3869        return rc;
3870}
3871
3872int
3873cifs_setup_session(const unsigned int xid, struct cifs_ses *ses,
3874                   struct nls_table *nls_info)
3875{
3876        int rc = -ENOSYS;
3877        struct TCP_Server_Info *server = cifs_ses_server(ses);
3878
3879        if (!ses->binding) {
3880                ses->capabilities = server->capabilities;
3881                if (!linuxExtEnabled)
3882                        ses->capabilities &= (~server->vals->cap_unix);
3883
3884                if (ses->auth_key.response) {
3885                        cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
3886                                 ses->auth_key.response);
3887                        kfree(ses->auth_key.response);
3888                        ses->auth_key.response = NULL;
3889                        ses->auth_key.len = 0;
3890                }
3891        }
3892
3893        cifs_dbg(FYI, "Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d\n",
3894                 server->sec_mode, server->capabilities, server->timeAdj);
3895
3896        if (server->ops->sess_setup)
3897                rc = server->ops->sess_setup(xid, ses, nls_info);
3898
3899        if (rc)
3900                cifs_server_dbg(VFS, "Send error in SessSetup = %d\n", rc);
3901
3902        return rc;
3903}
3904
3905static int
3906cifs_set_vol_auth(struct smb3_fs_context *ctx, struct cifs_ses *ses)
3907{
3908        ctx->sectype = ses->sectype;
3909
3910        /* krb5 is special, since we don't need username or pw */
3911        if (ctx->sectype == Kerberos)
3912                return 0;
3913
3914        return cifs_set_cifscreds(ctx, ses);
3915}
3916
3917static struct cifs_tcon *
3918cifs_construct_tcon(struct cifs_sb_info *cifs_sb, kuid_t fsuid)
3919{
3920        int rc;
3921        struct cifs_tcon *master_tcon = cifs_sb_master_tcon(cifs_sb);
3922        struct cifs_ses *ses;
3923        struct cifs_tcon *tcon = NULL;
3924        struct smb3_fs_context *ctx;
3925
3926        ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
3927        if (ctx == NULL)
3928                return ERR_PTR(-ENOMEM);
3929
3930        ctx->local_nls = cifs_sb->local_nls;
3931        ctx->linux_uid = fsuid;
3932        ctx->cred_uid = fsuid;
3933        ctx->UNC = master_tcon->treeName;
3934        ctx->retry = master_tcon->retry;
3935        ctx->nocase = master_tcon->nocase;
3936        ctx->nohandlecache = master_tcon->nohandlecache;
3937        ctx->local_lease = master_tcon->local_lease;
3938        ctx->no_lease = master_tcon->no_lease;
3939        ctx->resilient = master_tcon->use_resilient;
3940        ctx->persistent = master_tcon->use_persistent;
3941        ctx->handle_timeout = master_tcon->handle_timeout;
3942        ctx->no_linux_ext = !master_tcon->unix_ext;
3943        ctx->linux_ext = master_tcon->posix_extensions;
3944        ctx->sectype = master_tcon->ses->sectype;
3945        ctx->sign = master_tcon->ses->sign;
3946        ctx->seal = master_tcon->seal;
3947        ctx->witness = master_tcon->use_witness;
3948
3949        rc = cifs_set_vol_auth(ctx, master_tcon->ses);
3950        if (rc) {
3951                tcon = ERR_PTR(rc);
3952                goto out;
3953        }
3954
3955        /* get a reference for the same TCP session */
3956        spin_lock(&cifs_tcp_ses_lock);
3957        ++master_tcon->ses->server->srv_count;
3958        spin_unlock(&cifs_tcp_ses_lock);
3959
3960        ses = cifs_get_smb_ses(master_tcon->ses->server, ctx);
3961        if (IS_ERR(ses)) {
3962                tcon = (struct cifs_tcon *)ses;
3963                cifs_put_tcp_session(master_tcon->ses->server, 0);
3964                goto out;
3965        }
3966
3967        tcon = cifs_get_tcon(ses, ctx);
3968        if (IS_ERR(tcon)) {
3969                cifs_put_smb_ses(ses);
3970                goto out;
3971        }
3972
3973        if (cap_unix(ses))
3974                reset_cifs_unix_caps(0, tcon, NULL, ctx);
3975
3976out:
3977        kfree(ctx->username);
3978        kfree_sensitive(ctx->password);
3979        kfree(ctx);
3980
3981        return tcon;
3982}
3983
3984struct cifs_tcon *
3985cifs_sb_master_tcon(struct cifs_sb_info *cifs_sb)
3986{
3987        return tlink_tcon(cifs_sb_master_tlink(cifs_sb));
3988}
3989
3990/* find and return a tlink with given uid */
3991static struct tcon_link *
3992tlink_rb_search(struct rb_root *root, kuid_t uid)
3993{
3994        struct rb_node *node = root->rb_node;
3995        struct tcon_link *tlink;
3996
3997        while (node) {
3998                tlink = rb_entry(node, struct tcon_link, tl_rbnode);
3999
4000                if (uid_gt(tlink->tl_uid, uid))
4001                        node = node->rb_left;
4002                else if (uid_lt(tlink->tl_uid, uid))
4003                        node = node->rb_right;
4004                else
4005                        return tlink;
4006        }
4007        return NULL;
4008}
4009
4010/* insert a tcon_link into the tree */
4011static void
4012tlink_rb_insert(struct rb_root *root, struct tcon_link *new_tlink)
4013{
4014        struct rb_node **new = &(root->rb_node), *parent = NULL;
4015        struct tcon_link *tlink;
4016
4017        while (*new) {
4018                tlink = rb_entry(*new, struct tcon_link, tl_rbnode);
4019                parent = *new;
4020
4021                if (uid_gt(tlink->tl_uid, new_tlink->tl_uid))
4022                        new = &((*new)->rb_left);
4023                else
4024                        new = &((*new)->rb_right);
4025        }
4026
4027        rb_link_node(&new_tlink->tl_rbnode, parent, new);
4028        rb_insert_color(&new_tlink->tl_rbnode, root);
4029}
4030
4031/*
4032 * Find or construct an appropriate tcon given a cifs_sb and the fsuid of the
4033 * current task.
4034 *
4035 * If the superblock doesn't refer to a multiuser mount, then just return
4036 * the master tcon for the mount.
4037 *
4038 * First, search the rbtree for an existing tcon for this fsuid. If one
4039 * exists, then check to see if it's pending construction. If it is then wait
4040 * for construction to complete. Once it's no longer pending, check to see if
4041 * it failed and either return an error or retry construction, depending on
4042 * the timeout.
4043 *
4044 * If one doesn't exist then insert a new tcon_link struct into the tree and
4045 * try to construct a new one.
4046 */
4047struct tcon_link *
4048cifs_sb_tlink(struct cifs_sb_info *cifs_sb)
4049{
4050        int ret;
4051        kuid_t fsuid = current_fsuid();
4052        struct tcon_link *tlink, *newtlink;
4053
4054        if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MULTIUSER))
4055                return cifs_get_tlink(cifs_sb_master_tlink(cifs_sb));
4056
4057        spin_lock(&cifs_sb->tlink_tree_lock);
4058        tlink = tlink_rb_search(&cifs_sb->tlink_tree, fsuid);
4059        if (tlink)
4060                cifs_get_tlink(tlink);
4061        spin_unlock(&cifs_sb->tlink_tree_lock);
4062
4063        if (tlink == NULL) {
4064                newtlink = kzalloc(sizeof(*tlink), GFP_KERNEL);
4065                if (newtlink == NULL)
4066                        return ERR_PTR(-ENOMEM);
4067                newtlink->tl_uid = fsuid;
4068                newtlink->tl_tcon = ERR_PTR(-EACCES);
4069                set_bit(TCON_LINK_PENDING, &newtlink->tl_flags);
4070                set_bit(TCON_LINK_IN_TREE, &newtlink->tl_flags);
4071                cifs_get_tlink(newtlink);
4072
4073                spin_lock(&cifs_sb->tlink_tree_lock);
4074                /* was one inserted after previous search? */
4075                tlink = tlink_rb_search(&cifs_sb->tlink_tree, fsuid);
4076                if (tlink) {
4077                        cifs_get_tlink(tlink);
4078                        spin_unlock(&cifs_sb->tlink_tree_lock);
4079                        kfree(newtlink);
4080                        goto wait_for_construction;
4081                }
4082                tlink = newtlink;
4083                tlink_rb_insert(&cifs_sb->tlink_tree, tlink);
4084                spin_unlock(&cifs_sb->tlink_tree_lock);
4085        } else {
4086wait_for_construction:
4087                ret = wait_on_bit(&tlink->tl_flags, TCON_LINK_PENDING,
4088                                  TASK_INTERRUPTIBLE);
4089                if (ret) {
4090                        cifs_put_tlink(tlink);
4091                        return ERR_PTR(-ERESTARTSYS);
4092                }
4093
4094                /* if it's good, return it */
4095                if (!IS_ERR(tlink->tl_tcon))
4096                        return tlink;
4097
4098                /* return error if we tried this already recently */
4099                if (time_before(jiffies, tlink->tl_time + TLINK_ERROR_EXPIRE)) {
4100                        cifs_put_tlink(tlink);
4101                        return ERR_PTR(-EACCES);
4102                }
4103
4104                if (test_and_set_bit(TCON_LINK_PENDING, &tlink->tl_flags))
4105                        goto wait_for_construction;
4106        }
4107
4108        tlink->tl_tcon = cifs_construct_tcon(cifs_sb, fsuid);
4109        clear_bit(TCON_LINK_PENDING, &tlink->tl_flags);
4110        wake_up_bit(&tlink->tl_flags, TCON_LINK_PENDING);
4111
4112        if (IS_ERR(tlink->tl_tcon)) {
4113                cifs_put_tlink(tlink);
4114                return ERR_PTR(-EACCES);
4115        }
4116
4117        return tlink;
4118}
4119
4120/*
4121 * periodic workqueue job that scans tcon_tree for a superblock and closes
4122 * out tcons.
4123 */
4124static void
4125cifs_prune_tlinks(struct work_struct *work)
4126{
4127        struct cifs_sb_info *cifs_sb = container_of(work, struct cifs_sb_info,
4128                                                    prune_tlinks.work);
4129        struct rb_root *root = &cifs_sb->tlink_tree;
4130        struct rb_node *node;
4131        struct rb_node *tmp;
4132        struct tcon_link *tlink;
4133
4134        /*
4135         * Because we drop the spinlock in the loop in order to put the tlink
4136         * it's not guarded against removal of links from the tree. The only
4137         * places that remove entries from the tree are this function and
4138         * umounts. Because this function is non-reentrant and is canceled
4139         * before umount can proceed, this is safe.
4140         */
4141        spin_lock(&cifs_sb->tlink_tree_lock);
4142        node = rb_first(root);
4143        while (node != NULL) {
4144                tmp = node;
4145                node = rb_next(tmp);
4146                tlink = rb_entry(tmp, struct tcon_link, tl_rbnode);
4147
4148                if (test_bit(TCON_LINK_MASTER, &tlink->tl_flags) ||
4149                    atomic_read(&tlink->tl_count) != 0 ||
4150                    time_after(tlink->tl_time + TLINK_IDLE_EXPIRE, jiffies))
4151                        continue;
4152
4153                cifs_get_tlink(tlink);
4154                clear_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
4155                rb_erase(tmp, root);
4156
4157                spin_unlock(&cifs_sb->tlink_tree_lock);
4158                cifs_put_tlink(tlink);
4159                spin_lock(&cifs_sb->tlink_tree_lock);
4160        }
4161        spin_unlock(&cifs_sb->tlink_tree_lock);
4162
4163        queue_delayed_work(cifsiod_wq, &cifs_sb->prune_tlinks,
4164                                TLINK_IDLE_EXPIRE);
4165}
4166
4167#ifdef CONFIG_CIFS_DFS_UPCALL
4168int cifs_tree_connect(const unsigned int xid, struct cifs_tcon *tcon, const struct nls_table *nlsc)
4169{
4170        int rc;
4171        struct TCP_Server_Info *server = tcon->ses->server;
4172        const struct smb_version_operations *ops = server->ops;
4173        struct dfs_cache_tgt_list tl;
4174        struct dfs_cache_tgt_iterator *it = NULL;
4175        char *tree;
4176        const char *tcp_host;
4177        size_t tcp_host_len;
4178        const char *dfs_host;
4179        size_t dfs_host_len;
4180        char *share = NULL, *prefix = NULL;
4181        struct dfs_info3_param ref = {0};
4182        bool isroot;
4183
4184        tree = kzalloc(MAX_TREE_SIZE, GFP_KERNEL);
4185        if (!tree)
4186                return -ENOMEM;
4187
4188        /* If it is not dfs or there was no cached dfs referral, then reconnect to same share */
4189        if (!tcon->dfs_path || dfs_cache_noreq_find(tcon->dfs_path + 1, &ref, &tl)) {
4190                if (tcon->ipc) {
4191                        scnprintf(tree, MAX_TREE_SIZE, "\\\\%s\\IPC$", server->hostname);
4192                        rc = ops->tree_connect(xid, tcon->ses, tree, tcon, nlsc);
4193                } else {
4194                        rc = ops->tree_connect(xid, tcon->ses, tcon->treeName, tcon, nlsc);
4195                }
4196                goto out;
4197        }
4198
4199        isroot = ref.server_type == DFS_TYPE_ROOT;
4200        free_dfs_info_param(&ref);
4201
4202        extract_unc_hostname(server->hostname, &tcp_host, &tcp_host_len);
4203
4204        for (it = dfs_cache_get_tgt_iterator(&tl); it; it = dfs_cache_get_next_tgt(&tl, it)) {
4205                bool target_match;
4206
4207                kfree(share);
4208                kfree(prefix);
4209                share = NULL;
4210                prefix = NULL;
4211
4212                rc = dfs_cache_get_tgt_share(tcon->dfs_path + 1, it, &share, &prefix);
4213                if (rc) {
4214                        cifs_dbg(VFS, "%s: failed to parse target share %d\n",
4215                                 __func__, rc);
4216                        continue;
4217                }
4218
4219                extract_unc_hostname(share, &dfs_host, &dfs_host_len);
4220
4221                if (dfs_host_len != tcp_host_len
4222                    || strncasecmp(dfs_host, tcp_host, dfs_host_len) != 0) {
4223                        cifs_dbg(FYI, "%s: %.*s doesn't match %.*s\n", __func__, (int)dfs_host_len,
4224                                 dfs_host, (int)tcp_host_len, tcp_host);
4225
4226                        rc = match_target_ip(server, dfs_host, dfs_host_len, &target_match);
4227                        if (rc) {
4228                                cifs_dbg(VFS, "%s: failed to match target ip: %d\n", __func__, rc);
4229                                break;
4230                        }
4231
4232                        if (!target_match) {
4233                                cifs_dbg(FYI, "%s: skipping target\n", __func__);
4234                                continue;
4235                        }
4236                }
4237
4238                if (tcon->ipc) {
4239                        scnprintf(tree, MAX_TREE_SIZE, "\\\\%s\\IPC$", share);
4240                        rc = ops->tree_connect(xid, tcon->ses, tree, tcon, nlsc);
4241                } else {
4242                        scnprintf(tree, MAX_TREE_SIZE, "\\%s", share);
4243                        rc = ops->tree_connect(xid, tcon->ses, tree, tcon, nlsc);
4244                        /* Only handle prefix paths of DFS link targets */
4245                        if (!rc && !isroot) {
4246                                rc = update_super_prepath(tcon, prefix);
4247                                break;
4248                        }
4249                }
4250                if (rc == -EREMOTE)
4251                        break;
4252        }
4253
4254        kfree(share);
4255        kfree(prefix);
4256
4257        if (!rc) {
4258                if (it)
4259                        rc = dfs_cache_noreq_update_tgthint(tcon->dfs_path + 1, it);
4260                else
4261                        rc = -ENOENT;
4262        }
4263        dfs_cache_free_tgts(&tl);
4264out:
4265        kfree(tree);
4266        return rc;
4267}
4268#else
4269int cifs_tree_connect(const unsigned int xid, struct cifs_tcon *tcon, const struct nls_table *nlsc)
4270{
4271        const struct smb_version_operations *ops = tcon->ses->server->ops;
4272
4273        return ops->tree_connect(xid, tcon->ses, tcon->treeName, tcon, nlsc);
4274}
4275#endif
4276