4 * Copyright (C) International Business Machines Corp., 2002,2008
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 #include <linux/slab.h>
23 #include <linux/ctype.h>
24 #include <linux/mempool.h>
27 #include "cifsproto.h"
28 #include "cifs_debug.h"
31 #include "cifs_unicode.h"
33 extern mempool_t *cifs_sm_req_poolp;
34 extern mempool_t *cifs_req_poolp;
36 /* The xid serves as a useful identifier for each incoming vfs request,
37 in a similar way to the mid which is useful to track each sent smb,
38 and CurrentXid can also provide a running counter (although it
39 will eventually wrap past zero) of the total vfs operations handled
40 since the cifs fs was mounted */
47 spin_lock(&GlobalMid_Lock);
48 GlobalTotalActiveXid++;
50 /* keep high water mark for number of simultaneous ops in filesystem */
51 if (GlobalTotalActiveXid > GlobalMaxActiveXid)
52 GlobalMaxActiveXid = GlobalTotalActiveXid;
53 if (GlobalTotalActiveXid > 65000)
54 cFYI(1, "warning: more than 65000 requests active");
55 xid = GlobalCurrentXid++;
56 spin_unlock(&GlobalMid_Lock);
61 _FreeXid(unsigned int xid)
63 spin_lock(&GlobalMid_Lock);
64 /* if (GlobalTotalActiveXid == 0)
66 GlobalTotalActiveXid--;
67 spin_unlock(&GlobalMid_Lock);
73 struct cifs_ses *ret_buf;
75 ret_buf = kzalloc(sizeof(struct cifs_ses), GFP_KERNEL);
77 atomic_inc(&sesInfoAllocCount);
78 ret_buf->status = CifsNew;
80 INIT_LIST_HEAD(&ret_buf->smb_ses_list);
81 INIT_LIST_HEAD(&ret_buf->tcon_list);
82 mutex_init(&ret_buf->session_mutex);
88 sesInfoFree(struct cifs_ses *buf_to_free)
90 if (buf_to_free == NULL) {
91 cFYI(1, "Null buffer passed to sesInfoFree");
95 atomic_dec(&sesInfoAllocCount);
96 kfree(buf_to_free->serverOS);
97 kfree(buf_to_free->serverDomain);
98 kfree(buf_to_free->serverNOS);
99 if (buf_to_free->password) {
100 memset(buf_to_free->password, 0, strlen(buf_to_free->password));
101 kfree(buf_to_free->password);
103 kfree(buf_to_free->user_name);
104 kfree(buf_to_free->domainName);
111 struct cifs_tcon *ret_buf;
112 ret_buf = kzalloc(sizeof(struct cifs_tcon), GFP_KERNEL);
114 atomic_inc(&tconInfoAllocCount);
115 ret_buf->tidStatus = CifsNew;
117 INIT_LIST_HEAD(&ret_buf->openFileList);
118 INIT_LIST_HEAD(&ret_buf->tcon_list);
119 #ifdef CONFIG_CIFS_STATS
120 spin_lock_init(&ret_buf->stat_lock);
127 tconInfoFree(struct cifs_tcon *buf_to_free)
129 if (buf_to_free == NULL) {
130 cFYI(1, "Null buffer passed to tconInfoFree");
133 atomic_dec(&tconInfoAllocCount);
134 kfree(buf_to_free->nativeFileSystem);
135 if (buf_to_free->password) {
136 memset(buf_to_free->password, 0, strlen(buf_to_free->password));
137 kfree(buf_to_free->password);
145 struct smb_hdr *ret_buf = NULL;
147 /* We could use negotiated size instead of max_msgsize -
148 but it may be more efficient to always alloc same size
149 albeit slightly larger than necessary and maxbuffersize
150 defaults to this and can not be bigger */
151 ret_buf = mempool_alloc(cifs_req_poolp, GFP_NOFS);
153 /* clear the first few header bytes */
154 /* for most paths, more is cleared in header_assemble */
156 memset(ret_buf, 0, sizeof(struct smb_hdr) + 3);
157 atomic_inc(&bufAllocCount);
158 #ifdef CONFIG_CIFS_STATS2
159 atomic_inc(&totBufAllocCount);
160 #endif /* CONFIG_CIFS_STATS2 */
167 cifs_buf_release(void *buf_to_free)
169 if (buf_to_free == NULL) {
170 /* cFYI(1, "Null buffer passed to cifs_buf_release");*/
173 mempool_free(buf_to_free, cifs_req_poolp);
175 atomic_dec(&bufAllocCount);
180 cifs_small_buf_get(void)
182 struct smb_hdr *ret_buf = NULL;
184 /* We could use negotiated size instead of max_msgsize -
185 but it may be more efficient to always alloc same size
186 albeit slightly larger than necessary and maxbuffersize
187 defaults to this and can not be bigger */
188 ret_buf = mempool_alloc(cifs_sm_req_poolp, GFP_NOFS);
190 /* No need to clear memory here, cleared in header assemble */
191 /* memset(ret_buf, 0, sizeof(struct smb_hdr) + 27);*/
192 atomic_inc(&smBufAllocCount);
193 #ifdef CONFIG_CIFS_STATS2
194 atomic_inc(&totSmBufAllocCount);
195 #endif /* CONFIG_CIFS_STATS2 */
202 cifs_small_buf_release(void *buf_to_free)
205 if (buf_to_free == NULL) {
206 cFYI(1, "Null buffer passed to cifs_small_buf_release");
209 mempool_free(buf_to_free, cifs_sm_req_poolp);
211 atomic_dec(&smBufAllocCount);
216 * Find a free multiplex id (SMB mid). Otherwise there could be
217 * mid collisions which might cause problems, demultiplexing the
218 * wrong response to this request. Multiplex ids could collide if
219 * one of a series requests takes much longer than the others, or
220 * if a very large number of long lived requests (byte range
221 * locks or FindNotify requests) are pending. No more than
222 * 64K-1 requests can be outstanding at one time. If no
223 * mids are available, return zero. A future optimization
224 * could make the combination of mids and uid the key we use
225 * to demultiplex on (rather than mid alone).
226 * In addition to the above check, the cifs demultiplex
227 * code already used the command code as a secondary
228 * check of the frame and if signing is negotiated the
229 * response would be discarded if the mid were the same
230 * but the signature was wrong. Since the mid is not put in the
231 * pending queue until later (when it is about to be dispatched)
232 * we do have to limit the number of outstanding requests
233 * to somewhat less than 64K-1 although it is hard to imagine
234 * so many threads being in the vfs at one time.
236 __u64 GetNextMid(struct TCP_Server_Info *server)
239 __u16 last_mid, cur_mid;
242 spin_lock(&GlobalMid_Lock);
244 /* mid is 16 bit only for CIFS/SMB */
245 cur_mid = (__u16)((server->CurrentMid) & 0xffff);
246 /* we do not want to loop forever */
251 * This nested loop looks more expensive than it is.
252 * In practice the list of pending requests is short,
253 * fewer than 50, and the mids are likely to be unique
254 * on the first pass through the loop unless some request
255 * takes longer than the 64 thousand requests before it
256 * (and it would also have to have been a request that
259 while (cur_mid != last_mid) {
260 struct mid_q_entry *mid_entry;
261 unsigned int num_mids;
268 list_for_each_entry(mid_entry, &server->pending_mid_q, qhead) {
270 if (mid_entry->mid == cur_mid &&
271 mid_entry->mid_state == MID_REQUEST_SUBMITTED) {
272 /* This mid is in use, try a different one */
279 * if we have more than 32k mids in the list, then something
280 * is very wrong. Possibly a local user is trying to DoS the
281 * box by issuing long-running calls and SIGKILL'ing them. If
282 * we get to 2^16 mids then we're in big trouble as this
283 * function could loop forever.
285 * Go ahead and assign out the mid in this situation, but force
286 * an eventual reconnect to clean out the pending_mid_q.
288 if (num_mids > 32768)
289 server->tcpStatus = CifsNeedReconnect;
292 mid = (__u64)cur_mid;
293 server->CurrentMid = mid;
298 spin_unlock(&GlobalMid_Lock);
302 /* NB: MID can not be set if treeCon not passed in, in that
303 case it is responsbility of caller to set the mid */
305 header_assemble(struct smb_hdr *buffer, char smb_command /* command */ ,
306 const struct cifs_tcon *treeCon, int word_count
307 /* length of fixed section (word count) in two byte units */)
309 struct list_head *temp_item;
310 struct cifs_ses *ses;
311 char *temp = (char *) buffer;
313 memset(temp, 0, 256); /* bigger than MAX_CIFS_HDR_SIZE */
315 buffer->smb_buf_length = cpu_to_be32(
316 (2 * word_count) + sizeof(struct smb_hdr) -
317 4 /* RFC 1001 length field does not count */ +
318 2 /* for bcc field itself */) ;
320 buffer->Protocol[0] = 0xFF;
321 buffer->Protocol[1] = 'S';
322 buffer->Protocol[2] = 'M';
323 buffer->Protocol[3] = 'B';
324 buffer->Command = smb_command;
325 buffer->Flags = 0x00; /* case sensitive */
326 buffer->Flags2 = SMBFLG2_KNOWS_LONG_NAMES;
327 buffer->Pid = cpu_to_le16((__u16)current->tgid);
328 buffer->PidHigh = cpu_to_le16((__u16)(current->tgid >> 16));
330 buffer->Tid = treeCon->tid;
332 if (treeCon->ses->capabilities & CAP_UNICODE)
333 buffer->Flags2 |= SMBFLG2_UNICODE;
334 if (treeCon->ses->capabilities & CAP_STATUS32)
335 buffer->Flags2 |= SMBFLG2_ERR_STATUS;
337 /* Uid is not converted */
338 buffer->Uid = treeCon->ses->Suid;
339 buffer->Mid = GetNextMid(treeCon->ses->server);
340 if (multiuser_mount != 0) {
341 /* For the multiuser case, there are few obvious technically */
342 /* possible mechanisms to match the local linux user (uid) */
343 /* to a valid remote smb user (smb_uid): */
344 /* 1) Query Winbind (or other local pam/nss daemon */
345 /* for userid/password/logon_domain or credential */
346 /* 2) Query Winbind for uid to sid to username mapping */
347 /* and see if we have a matching password for existing*/
348 /* session for that user perhas getting password by */
349 /* adding a new pam_cifs module that stores passwords */
350 /* so that the cifs vfs can get at that for all logged*/
352 /* 3) (Which is the mechanism we have chosen) */
353 /* Search through sessions to the same server for a */
354 /* a match on the uid that was passed in on mount */
355 /* with the current processes uid (or euid?) and use */
356 /* that smb uid. If no existing smb session for */
357 /* that uid found, use the default smb session ie */
358 /* the smb session for the volume mounted which is */
359 /* the same as would be used if the multiuser mount */
360 /* flag were disabled. */
362 /* BB Add support for establishing new tCon and SMB Session */
363 /* with userid/password pairs found on the smb session */
364 /* for other target tcp/ip addresses BB */
365 if (current_fsuid() != treeCon->ses->linux_uid) {
366 cFYI(1, "Multiuser mode and UID "
367 "did not match tcon uid");
368 spin_lock(&cifs_tcp_ses_lock);
369 list_for_each(temp_item, &treeCon->ses->server->smb_ses_list) {
370 ses = list_entry(temp_item, struct cifs_ses, smb_ses_list);
371 if (ses->linux_uid == current_fsuid()) {
372 if (ses->server == treeCon->ses->server) {
373 cFYI(1, "found matching uid substitute right smb_uid");
374 buffer->Uid = ses->Suid;
377 /* BB eventually call cifs_setup_session here */
378 cFYI(1, "local UID found but no smb sess with this server exists");
382 spin_unlock(&cifs_tcp_ses_lock);
386 if (treeCon->Flags & SMB_SHARE_IS_IN_DFS)
387 buffer->Flags2 |= SMBFLG2_DFS;
389 buffer->Flags |= SMBFLG_CASELESS;
390 if ((treeCon->ses) && (treeCon->ses->server))
391 if (treeCon->ses->server->sec_mode &
392 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
393 buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
396 /* endian conversion of flags is now done just before sending */
397 buffer->WordCount = (char) word_count;
402 check_smb_hdr(struct smb_hdr *smb, __u16 mid)
404 /* does it have the right SMB "signature" ? */
405 if (*(__le32 *) smb->Protocol != cpu_to_le32(0x424d53ff)) {
406 cERROR(1, "Bad protocol string signature header 0x%x",
407 *(unsigned int *)smb->Protocol);
411 /* Make sure that message ids match */
412 if (mid != smb->Mid) {
413 cERROR(1, "Mids do not match. received=%u expected=%u",
418 /* if it's a response then accept */
419 if (smb->Flags & SMBFLG_RESPONSE)
422 /* only one valid case where server sends us request */
423 if (smb->Command == SMB_COM_LOCKING_ANDX)
426 cERROR(1, "Server sent request, not response. mid=%u", smb->Mid);
431 checkSMB(char *buf, unsigned int total_read)
433 struct smb_hdr *smb = (struct smb_hdr *)buf;
434 __u16 mid = smb->Mid;
435 __u32 rfclen = be32_to_cpu(smb->smb_buf_length);
436 __u32 clc_len; /* calculated length */
437 cFYI(0, "checkSMB Length: 0x%x, smb_buf_length: 0x%x",
440 /* is this frame too small to even get to a BCC? */
441 if (total_read < 2 + sizeof(struct smb_hdr)) {
442 if ((total_read >= sizeof(struct smb_hdr) - 1)
443 && (smb->Status.CifsError != 0)) {
444 /* it's an error return */
446 /* some error cases do not return wct and bcc */
448 } else if ((total_read == sizeof(struct smb_hdr) + 1) &&
449 (smb->WordCount == 0)) {
450 char *tmp = (char *)smb;
451 /* Need to work around a bug in two servers here */
452 /* First, check if the part of bcc they sent was zero */
453 if (tmp[sizeof(struct smb_hdr)] == 0) {
454 /* some servers return only half of bcc
455 * on simple responses (wct, bcc both zero)
456 * in particular have seen this on
457 * ulogoffX and FindClose. This leaves
458 * one byte of bcc potentially unitialized
460 /* zero rest of bcc */
461 tmp[sizeof(struct smb_hdr)+1] = 0;
464 cERROR(1, "rcvd invalid byte count (bcc)");
466 cERROR(1, "Length less than smb header size");
471 /* otherwise, there is enough to get to the BCC */
472 if (check_smb_hdr(smb, mid))
474 clc_len = smbCalcSize(smb);
476 if (4 + rfclen != total_read) {
477 cERROR(1, "Length read does not match RFC1001 length %d",
482 if (4 + rfclen != clc_len) {
483 /* check if bcc wrapped around for large read responses */
484 if ((rfclen > 64 * 1024) && (rfclen > clc_len)) {
485 /* check if lengths match mod 64K */
486 if (((4 + rfclen) & 0xFFFF) == (clc_len & 0xFFFF))
487 return 0; /* bcc wrapped */
489 cFYI(1, "Calculated size %u vs length %u mismatch for mid=%u",
490 clc_len, 4 + rfclen, smb->Mid);
492 if (4 + rfclen < clc_len) {
493 cERROR(1, "RFC1001 size %u smaller than SMB for mid=%u",
496 } else if (rfclen > clc_len + 512) {
498 * Some servers (Windows XP in particular) send more
499 * data than the lengths in the SMB packet would
500 * indicate on certain calls (byte range locks and
501 * trans2 find first calls in particular). While the
502 * client can handle such a frame by ignoring the
503 * trailing data, we choose limit the amount of extra
506 cERROR(1, "RFC1001 size %u more than 512 bytes larger "
507 "than SMB for mid=%u", rfclen, smb->Mid);
515 is_valid_oplock_break(char *buffer, struct TCP_Server_Info *srv)
517 struct smb_hdr *buf = (struct smb_hdr *)buffer;
518 struct smb_com_lock_req *pSMB = (struct smb_com_lock_req *)buf;
519 struct list_head *tmp, *tmp1, *tmp2;
520 struct cifs_ses *ses;
521 struct cifs_tcon *tcon;
522 struct cifsInodeInfo *pCifsInode;
523 struct cifsFileInfo *netfile;
525 cFYI(1, "Checking for oplock break or dnotify response");
526 if ((pSMB->hdr.Command == SMB_COM_NT_TRANSACT) &&
527 (pSMB->hdr.Flags & SMBFLG_RESPONSE)) {
528 struct smb_com_transaction_change_notify_rsp *pSMBr =
529 (struct smb_com_transaction_change_notify_rsp *)buf;
530 struct file_notify_information *pnotify;
531 __u32 data_offset = 0;
532 if (get_bcc(buf) > sizeof(struct file_notify_information)) {
533 data_offset = le32_to_cpu(pSMBr->DataOffset);
535 pnotify = (struct file_notify_information *)
536 ((char *)&pSMBr->hdr.Protocol + data_offset);
537 cFYI(1, "dnotify on %s Action: 0x%x",
538 pnotify->FileName, pnotify->Action);
539 /* cifs_dump_mem("Rcvd notify Data: ",buf,
540 sizeof(struct smb_hdr)+60); */
543 if (pSMBr->hdr.Status.CifsError) {
544 cFYI(1, "notify err 0x%d",
545 pSMBr->hdr.Status.CifsError);
550 if (pSMB->hdr.Command != SMB_COM_LOCKING_ANDX)
552 if (pSMB->hdr.Flags & SMBFLG_RESPONSE) {
553 /* no sense logging error on invalid handle on oplock
554 break - harmless race between close request and oplock
555 break response is expected from time to time writing out
556 large dirty files cached on the client */
557 if ((NT_STATUS_INVALID_HANDLE) ==
558 le32_to_cpu(pSMB->hdr.Status.CifsError)) {
559 cFYI(1, "invalid handle on oplock break");
561 } else if (ERRbadfid ==
562 le16_to_cpu(pSMB->hdr.Status.DosError.Error)) {
565 return false; /* on valid oplock brk we get "request" */
568 if (pSMB->hdr.WordCount != 8)
571 cFYI(1, "oplock type 0x%d level 0x%d",
572 pSMB->LockType, pSMB->OplockLevel);
573 if (!(pSMB->LockType & LOCKING_ANDX_OPLOCK_RELEASE))
576 /* look up tcon based on tid & uid */
577 spin_lock(&cifs_tcp_ses_lock);
578 list_for_each(tmp, &srv->smb_ses_list) {
579 ses = list_entry(tmp, struct cifs_ses, smb_ses_list);
580 list_for_each(tmp1, &ses->tcon_list) {
581 tcon = list_entry(tmp1, struct cifs_tcon, tcon_list);
582 if (tcon->tid != buf->Tid)
585 cifs_stats_inc(&tcon->num_oplock_brks);
586 spin_lock(&cifs_file_list_lock);
587 list_for_each(tmp2, &tcon->openFileList) {
588 netfile = list_entry(tmp2, struct cifsFileInfo,
590 if (pSMB->Fid != netfile->netfid)
593 cFYI(1, "file id match, oplock break");
594 pCifsInode = CIFS_I(netfile->dentry->d_inode);
596 cifs_set_oplock_level(pCifsInode,
597 pSMB->OplockLevel ? OPLOCK_READ : 0);
598 queue_work(cifsiod_wq,
599 &netfile->oplock_break);
600 netfile->oplock_break_cancelled = false;
602 spin_unlock(&cifs_file_list_lock);
603 spin_unlock(&cifs_tcp_ses_lock);
606 spin_unlock(&cifs_file_list_lock);
607 spin_unlock(&cifs_tcp_ses_lock);
608 cFYI(1, "No matching file for oplock break");
612 spin_unlock(&cifs_tcp_ses_lock);
613 cFYI(1, "Can not process oplock break for non-existent connection");
618 dump_smb(void *buf, int smb_buf_length)
622 unsigned char *buffer = buf;
627 for (i = 0, j = 0; i < smb_buf_length; i++, j++) {
629 /* have reached the beginning of line */
630 printk(KERN_DEBUG "| ");
633 printk("%0#4x ", buffer[i]);
634 debug_line[2 * j] = ' ';
635 if (isprint(buffer[i]))
636 debug_line[1 + (2 * j)] = buffer[i];
638 debug_line[1 + (2 * j)] = '_';
641 /* reached end of line, time to print ascii */
643 printk(" | %s\n", debug_line);
648 debug_line[2 * j] = ' ';
649 debug_line[1 + (2 * j)] = ' ';
651 printk(" | %s\n", debug_line);
656 cifs_autodisable_serverino(struct cifs_sb_info *cifs_sb)
658 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SERVER_INUM) {
659 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_SERVER_INUM;
660 cERROR(1, "Autodisabling the use of server inode numbers on "
661 "%s. This server doesn't seem to support them "
662 "properly. Hardlinks will not be recognized on this "
663 "mount. Consider mounting with the \"noserverino\" "
664 "option to silence this message.",
665 cifs_sb_master_tcon(cifs_sb)->treeName);
669 void cifs_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock)
673 if (oplock == OPLOCK_EXCLUSIVE) {
674 cinode->clientCanCacheAll = true;
675 cinode->clientCanCacheRead = true;
676 cFYI(1, "Exclusive Oplock granted on inode %p",
678 } else if (oplock == OPLOCK_READ) {
679 cinode->clientCanCacheAll = false;
680 cinode->clientCanCacheRead = true;
681 cFYI(1, "Level II Oplock granted on inode %p",
684 cinode->clientCanCacheAll = false;
685 cinode->clientCanCacheRead = false;
690 backup_cred(struct cifs_sb_info *cifs_sb)
692 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_CIFS_BACKUPUID) {
693 if (cifs_sb->mnt_backupuid == current_fsuid())
696 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_CIFS_BACKUPGID) {
697 if (in_group_p(cifs_sb->mnt_backupgid))
705 cifs_add_credits(struct TCP_Server_Info *server, const unsigned int add)
707 spin_lock(&server->req_lock);
708 server->credits += add;
710 spin_unlock(&server->req_lock);
711 wake_up(&server->request_q);
715 cifs_set_credits(struct TCP_Server_Info *server, const int val)
717 spin_lock(&server->req_lock);
718 server->credits = val;
719 server->oplocks = val > 1 ? enable_oplocks : false;
720 spin_unlock(&server->req_lock);
projects / linux.git / blob