search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
lkdtm: fix stack protector trigger
[linux/fpc-iii.git] / fs / cifs / misc.c
blobf7d4b2285efea06fee58d52b94e72a332412cb1a
1 /*
2 * fs/cifs/misc.c
3 *
4 * Copyright (C) International Business Machines Corp., 2002,2008
5 * Author(s): Steve French (sfrench@us.ibm.com)
6 *
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
21
22 #include <linux/slab.h>
23 #include <linux/ctype.h>
24 #include <linux/mempool.h>
25 #include "cifspdu.h"
26 #include "cifsglob.h"
27 #include "cifsproto.h"
28 #include "cifs_debug.h"
29 #include "smberr.h"
30 #include "nterr.h"
31 #include "cifs_unicode.h"
32 #ifdef CONFIG_CIFS_SMB2
33 #include "smb2pdu.h"
34 #endif
35
36 extern mempool_t *cifs_sm_req_poolp;
37 extern mempool_t *cifs_req_poolp;
38
39 /* The xid serves as a useful identifier for each incoming vfs request,
40 in a similar way to the mid which is useful to track each sent smb,
41 and CurrentXid can also provide a running counter (although it
42 will eventually wrap past zero) of the total vfs operations handled
43 since the cifs fs was mounted */
44
45 unsigned int
46 _get_xid(void)
47 {
48 unsigned int xid;
49
50 spin_lock(&GlobalMid_Lock);
51 GlobalTotalActiveXid++;
52
53 /* keep high water mark for number of simultaneous ops in filesystem */
54 if (GlobalTotalActiveXid > GlobalMaxActiveXid)
55 GlobalMaxActiveXid = GlobalTotalActiveXid;
56 if (GlobalTotalActiveXid > 65000)
57 cifs_dbg(FYI, "warning: more than 65000 requests active\n");
58 xid = GlobalCurrentXid++;
59 spin_unlock(&GlobalMid_Lock);
60 return xid;
61 }
62
63 void
64 _free_xid(unsigned int xid)
65 {
66 spin_lock(&GlobalMid_Lock);
67 /* if (GlobalTotalActiveXid == 0)
68 BUG(); */
69 GlobalTotalActiveXid--;
70 spin_unlock(&GlobalMid_Lock);
71 }
72
73 struct cifs_ses *
74 sesInfoAlloc(void)
75 {
76 struct cifs_ses *ret_buf;
77
78 ret_buf = kzalloc(sizeof(struct cifs_ses), GFP_KERNEL);
79 if (ret_buf) {
80 atomic_inc(&sesInfoAllocCount);
81 ret_buf->status = CifsNew;
82 ++ret_buf->ses_count;
83 INIT_LIST_HEAD(&ret_buf->smb_ses_list);
84 INIT_LIST_HEAD(&ret_buf->tcon_list);
85 mutex_init(&ret_buf->session_mutex);
86 }
87 return ret_buf;
88 }
89
90 void
91 sesInfoFree(struct cifs_ses *buf_to_free)
92 {
93 if (buf_to_free == NULL) {
94 cifs_dbg(FYI, "Null buffer passed to sesInfoFree\n");
95 return;
96 }
97
98 atomic_dec(&sesInfoAllocCount);
99 kfree(buf_to_free->serverOS);
100 kfree(buf_to_free->serverDomain);
101 kfree(buf_to_free->serverNOS);
102 if (buf_to_free->password) {
103 memset(buf_to_free->password, 0, strlen(buf_to_free->password));
104 kfree(buf_to_free->password);
105 }
106 kfree(buf_to_free->user_name);
107 kfree(buf_to_free->domainName);
108 kfree(buf_to_free);
109 }
110
111 struct cifs_tcon *
112 tconInfoAlloc(void)
113 {
114 struct cifs_tcon *ret_buf;
115 ret_buf = kzalloc(sizeof(struct cifs_tcon), GFP_KERNEL);
116 if (ret_buf) {
117 atomic_inc(&tconInfoAllocCount);
118 ret_buf->tidStatus = CifsNew;
119 ++ret_buf->tc_count;
120 INIT_LIST_HEAD(&ret_buf->openFileList);
121 INIT_LIST_HEAD(&ret_buf->tcon_list);
122 #ifdef CONFIG_CIFS_STATS
123 spin_lock_init(&ret_buf->stat_lock);
124 #endif
125 }
126 return ret_buf;
127 }
128
129 void
130 tconInfoFree(struct cifs_tcon *buf_to_free)
131 {
132 if (buf_to_free == NULL) {
133 cifs_dbg(FYI, "Null buffer passed to tconInfoFree\n");
134 return;
135 }
136 atomic_dec(&tconInfoAllocCount);
137 kfree(buf_to_free->nativeFileSystem);
138 if (buf_to_free->password) {
139 memset(buf_to_free->password, 0, strlen(buf_to_free->password));
140 kfree(buf_to_free->password);
141 }
142 kfree(buf_to_free);
143 }
144
145 struct smb_hdr *
146 cifs_buf_get(void)
147 {
148 struct smb_hdr *ret_buf = NULL;
149 size_t buf_size = sizeof(struct smb_hdr);
150
151 #ifdef CONFIG_CIFS_SMB2
152 /*
153 * SMB2 header is bigger than CIFS one - no problems to clean some
154 * more bytes for CIFS.
155 */
156 buf_size = sizeof(struct smb2_hdr);
157 #endif
158 /*
159 * We could use negotiated size instead of max_msgsize -
160 * but it may be more efficient to always alloc same size
161 * albeit slightly larger than necessary and maxbuffersize
162 * defaults to this and can not be bigger.
163 */
164 ret_buf = mempool_alloc(cifs_req_poolp, GFP_NOFS);
165
166 /* clear the first few header bytes */
167 /* for most paths, more is cleared in header_assemble */
168 if (ret_buf) {
169 memset(ret_buf, 0, buf_size + 3);
170 atomic_inc(&bufAllocCount);
171 #ifdef CONFIG_CIFS_STATS2
172 atomic_inc(&totBufAllocCount);
173 #endif /* CONFIG_CIFS_STATS2 */
174 }
175
176 return ret_buf;
177 }
178
179 void
180 cifs_buf_release(void *buf_to_free)
181 {
182 if (buf_to_free == NULL) {
183 /* cifs_dbg(FYI, "Null buffer passed to cifs_buf_release\n");*/
184 return;
185 }
186 mempool_free(buf_to_free, cifs_req_poolp);
187
188 atomic_dec(&bufAllocCount);
189 return;
190 }
191
192 struct smb_hdr *
193 cifs_small_buf_get(void)
194 {
195 struct smb_hdr *ret_buf = NULL;
196
197 /* We could use negotiated size instead of max_msgsize -
198 but it may be more efficient to always alloc same size
199 albeit slightly larger than necessary and maxbuffersize
200 defaults to this and can not be bigger */
201 ret_buf = mempool_alloc(cifs_sm_req_poolp, GFP_NOFS);
202 if (ret_buf) {
203 /* No need to clear memory here, cleared in header assemble */
204 /* memset(ret_buf, 0, sizeof(struct smb_hdr) + 27);*/
205 atomic_inc(&smBufAllocCount);
206 #ifdef CONFIG_CIFS_STATS2
207 atomic_inc(&totSmBufAllocCount);
208 #endif /* CONFIG_CIFS_STATS2 */
209
210 }
211 return ret_buf;
212 }
213
214 void
215 cifs_small_buf_release(void *buf_to_free)
216 {
217
218 if (buf_to_free == NULL) {
219 cifs_dbg(FYI, "Null buffer passed to cifs_small_buf_release\n");
220 return;
221 }
222 mempool_free(buf_to_free, cifs_sm_req_poolp);
223
224 atomic_dec(&smBufAllocCount);
225 return;
226 }
227
228 /* NB: MID can not be set if treeCon not passed in, in that
229 case it is responsbility of caller to set the mid */
230 void
231 header_assemble(struct smb_hdr *buffer, char smb_command /* command */ ,
232 const struct cifs_tcon *treeCon, int word_count
233 /* length of fixed section (word count) in two byte units */)
234 {
235 char *temp = (char *) buffer;
236
237 memset(temp, 0, 256); /* bigger than MAX_CIFS_HDR_SIZE */
238
239 buffer->smb_buf_length = cpu_to_be32(
240 (2 * word_count) + sizeof(struct smb_hdr) -
241 4 /* RFC 1001 length field does not count */ +
242 2 /* for bcc field itself */) ;
243
244 buffer->Protocol[0] = 0xFF;
245 buffer->Protocol[1] = 'S';
246 buffer->Protocol[2] = 'M';
247 buffer->Protocol[3] = 'B';
248 buffer->Command = smb_command;
249 buffer->Flags = 0x00; /* case sensitive */
250 buffer->Flags2 = SMBFLG2_KNOWS_LONG_NAMES;
251 buffer->Pid = cpu_to_le16((__u16)current->tgid);
252 buffer->PidHigh = cpu_to_le16((__u16)(current->tgid >> 16));
253 if (treeCon) {
254 buffer->Tid = treeCon->tid;
255 if (treeCon->ses) {
256 if (treeCon->ses->capabilities & CAP_UNICODE)
257 buffer->Flags2 |= SMBFLG2_UNICODE;
258 if (treeCon->ses->capabilities & CAP_STATUS32)
259 buffer->Flags2 |= SMBFLG2_ERR_STATUS;
260
261 /* Uid is not converted */
262 buffer->Uid = treeCon->ses->Suid;
263 buffer->Mid = get_next_mid(treeCon->ses->server);
264 }
265 if (treeCon->Flags & SMB_SHARE_IS_IN_DFS)
266 buffer->Flags2 |= SMBFLG2_DFS;
267 if (treeCon->nocase)
268 buffer->Flags |= SMBFLG_CASELESS;
269 if ((treeCon->ses) && (treeCon->ses->server))
270 if (treeCon->ses->server->sign)
271 buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
272 }
273
274 /* endian conversion of flags is now done just before sending */
275 buffer->WordCount = (char) word_count;
276 return;
277 }
278
279 static int
280 check_smb_hdr(struct smb_hdr *smb, __u16 mid)
281 {
282 /* does it have the right SMB "signature" ? */
283 if (*(__le32 *) smb->Protocol != cpu_to_le32(0x424d53ff)) {
284 cifs_dbg(VFS, "Bad protocol string signature header 0x%x\n",
285 *(unsigned int *)smb->Protocol);
286 return 1;
287 }
288
289 /* Make sure that message ids match */
290 if (mid != smb->Mid) {
291 cifs_dbg(VFS, "Mids do not match. received=%u expected=%u\n",
292 smb->Mid, mid);
293 return 1;
294 }
295
296 /* if it's a response then accept */
297 if (smb->Flags & SMBFLG_RESPONSE)
298 return 0;
299
300 /* only one valid case where server sends us request */
301 if (smb->Command == SMB_COM_LOCKING_ANDX)
302 return 0;
303
304 cifs_dbg(VFS, "Server sent request, not response. mid=%u\n", smb->Mid);
305 return 1;
306 }
307
308 int
309 checkSMB(char *buf, unsigned int total_read)
310 {
311 struct smb_hdr *smb = (struct smb_hdr *)buf;
312 __u16 mid = smb->Mid;
313 __u32 rfclen = be32_to_cpu(smb->smb_buf_length);
314 __u32 clc_len; /* calculated length */
315 cifs_dbg(FYI, "checkSMB Length: 0x%x, smb_buf_length: 0x%x\n",
316 total_read, rfclen);
317
318 /* is this frame too small to even get to a BCC? */
319 if (total_read < 2 + sizeof(struct smb_hdr)) {
320 if ((total_read >= sizeof(struct smb_hdr) - 1)
321 && (smb->Status.CifsError != 0)) {
322 /* it's an error return */
323 smb->WordCount = 0;
324 /* some error cases do not return wct and bcc */
325 return 0;
326 } else if ((total_read == sizeof(struct smb_hdr) + 1) &&
327 (smb->WordCount == 0)) {
328 char *tmp = (char *)smb;
329 /* Need to work around a bug in two servers here */
330 /* First, check if the part of bcc they sent was zero */
331 if (tmp[sizeof(struct smb_hdr)] == 0) {
332 /* some servers return only half of bcc
333 * on simple responses (wct, bcc both zero)
334 * in particular have seen this on
335 * ulogoffX and FindClose. This leaves
336 * one byte of bcc potentially unitialized
337 */
338 /* zero rest of bcc */
339 tmp[sizeof(struct smb_hdr)+1] = 0;
340 return 0;
341 }
342 cifs_dbg(VFS, "rcvd invalid byte count (bcc)\n");
343 } else {
344 cifs_dbg(VFS, "Length less than smb header size\n");
345 }
346 return -EIO;
347 }
348
349 /* otherwise, there is enough to get to the BCC */
350 if (check_smb_hdr(smb, mid))
351 return -EIO;
352 clc_len = smbCalcSize(smb);
353
354 if (4 + rfclen != total_read) {
355 cifs_dbg(VFS, "Length read does not match RFC1001 length %d\n",
356 rfclen);
357 return -EIO;
358 }
359
360 if (4 + rfclen != clc_len) {
361 /* check if bcc wrapped around for large read responses */
362 if ((rfclen > 64 * 1024) && (rfclen > clc_len)) {
363 /* check if lengths match mod 64K */
364 if (((4 + rfclen) & 0xFFFF) == (clc_len & 0xFFFF))
365 return 0; /* bcc wrapped */
366 }
367 cifs_dbg(FYI, "Calculated size %u vs length %u mismatch for mid=%u\n",
368 clc_len, 4 + rfclen, smb->Mid);
369
370 if (4 + rfclen < clc_len) {
371 cifs_dbg(VFS, "RFC1001 size %u smaller than SMB for mid=%u\n",
372 rfclen, smb->Mid);
373 return -EIO;
374 } else if (rfclen > clc_len + 512) {
375 /*
376 * Some servers (Windows XP in particular) send more
377 * data than the lengths in the SMB packet would
378 * indicate on certain calls (byte range locks and
379 * trans2 find first calls in particular). While the
380 * client can handle such a frame by ignoring the
381 * trailing data, we choose limit the amount of extra
382 * data to 512 bytes.
383 */
384 cifs_dbg(VFS, "RFC1001 size %u more than 512 bytes larger than SMB for mid=%u\n",
385 rfclen, smb->Mid);
386 return -EIO;
387 }
388 }
389 return 0;
390 }
391
392 bool
393 is_valid_oplock_break(char *buffer, struct TCP_Server_Info *srv)
394 {
395 struct smb_hdr *buf = (struct smb_hdr *)buffer;
396 struct smb_com_lock_req *pSMB = (struct smb_com_lock_req *)buf;
397 struct list_head *tmp, *tmp1, *tmp2;
398 struct cifs_ses *ses;
399 struct cifs_tcon *tcon;
400 struct cifsInodeInfo *pCifsInode;
401 struct cifsFileInfo *netfile;
402
403 cifs_dbg(FYI, "Checking for oplock break or dnotify response\n");
404 if ((pSMB->hdr.Command == SMB_COM_NT_TRANSACT) &&
405 (pSMB->hdr.Flags & SMBFLG_RESPONSE)) {
406 struct smb_com_transaction_change_notify_rsp *pSMBr =
407 (struct smb_com_transaction_change_notify_rsp *)buf;
408 struct file_notify_information *pnotify;
409 __u32 data_offset = 0;
410 if (get_bcc(buf) > sizeof(struct file_notify_information)) {
411 data_offset = le32_to_cpu(pSMBr->DataOffset);
412
413 pnotify = (struct file_notify_information *)
414 ((char *)&pSMBr->hdr.Protocol + data_offset);
415 cifs_dbg(FYI, "dnotify on %s Action: 0x%x\n",
416 pnotify->FileName, pnotify->Action);
417 /* cifs_dump_mem("Rcvd notify Data: ",buf,
418 sizeof(struct smb_hdr)+60); */
419 return true;
420 }
421 if (pSMBr->hdr.Status.CifsError) {
422 cifs_dbg(FYI, "notify err 0x%d\n",
423 pSMBr->hdr.Status.CifsError);
424 return true;
425 }
426 return false;
427 }
428 if (pSMB->hdr.Command != SMB_COM_LOCKING_ANDX)
429 return false;
430 if (pSMB->hdr.Flags & SMBFLG_RESPONSE) {
431 /* no sense logging error on invalid handle on oplock
432 break - harmless race between close request and oplock
433 break response is expected from time to time writing out
434 large dirty files cached on the client */
435 if ((NT_STATUS_INVALID_HANDLE) ==
436 le32_to_cpu(pSMB->hdr.Status.CifsError)) {
437 cifs_dbg(FYI, "invalid handle on oplock break\n");
438 return true;
439 } else if (ERRbadfid ==
440 le16_to_cpu(pSMB->hdr.Status.DosError.Error)) {
441 return true;
442 } else {
443 return false; /* on valid oplock brk we get "request" */
444 }
445 }
446 if (pSMB->hdr.WordCount != 8)
447 return false;
448
449 cifs_dbg(FYI, "oplock type 0x%d level 0x%d\n",
450 pSMB->LockType, pSMB->OplockLevel);
451 if (!(pSMB->LockType & LOCKING_ANDX_OPLOCK_RELEASE))
452 return false;
453
454 /* look up tcon based on tid & uid */
455 spin_lock(&cifs_tcp_ses_lock);
456 list_for_each(tmp, &srv->smb_ses_list) {
457 ses = list_entry(tmp, struct cifs_ses, smb_ses_list);
458 list_for_each(tmp1, &ses->tcon_list) {
459 tcon = list_entry(tmp1, struct cifs_tcon, tcon_list);
460 if (tcon->tid != buf->Tid)
461 continue;
462
463 cifs_stats_inc(&tcon->stats.cifs_stats.num_oplock_brks);
464 spin_lock(&cifs_file_list_lock);
465 list_for_each(tmp2, &tcon->openFileList) {
466 netfile = list_entry(tmp2, struct cifsFileInfo,
467 tlist);
468 if (pSMB->Fid != netfile->fid.netfid)
469 continue;
470
471 cifs_dbg(FYI, "file id match, oplock break\n");
472 pCifsInode = CIFS_I(netfile->dentry->d_inode);
473
474 cifs_set_oplock_level(pCifsInode,
475 pSMB->OplockLevel ? OPLOCK_READ : 0);
476 queue_work(cifsiod_wq,
477 &netfile->oplock_break);
478 netfile->oplock_break_cancelled = false;
479
480 spin_unlock(&cifs_file_list_lock);
481 spin_unlock(&cifs_tcp_ses_lock);
482 return true;
483 }
484 spin_unlock(&cifs_file_list_lock);
485 spin_unlock(&cifs_tcp_ses_lock);
486 cifs_dbg(FYI, "No matching file for oplock break\n");
487 return true;
488 }
489 }
490 spin_unlock(&cifs_tcp_ses_lock);
491 cifs_dbg(FYI, "Can not process oplock break for non-existent connection\n");
492 return true;
493 }
494
495 void
496 dump_smb(void *buf, int smb_buf_length)
497 {
498 int i, j;
499 char debug_line[17];
500 unsigned char *buffer = buf;
501
502 if (traceSMB == 0)
503 return;
504
505 for (i = 0, j = 0; i < smb_buf_length; i++, j++) {
506 if (i % 8 == 0) {
507 /* have reached the beginning of line */
508 printk(KERN_DEBUG "| ");
509 j = 0;
510 }
511 printk("%0#4x ", buffer[i]);
512 debug_line[2 * j] = ' ';
513 if (isprint(buffer[i]))
514 debug_line[1 + (2 * j)] = buffer[i];
515 else
516 debug_line[1 + (2 * j)] = '_';
517
518 if (i % 8 == 7) {
519 /* reached end of line, time to print ascii */
520 debug_line[16] = 0;
521 printk(" | %s\n", debug_line);
522 }
523 }
524 for (; j < 8; j++) {
525 printk(" ");
526 debug_line[2 * j] = ' ';
527 debug_line[1 + (2 * j)] = ' ';
528 }
529 printk(" | %s\n", debug_line);
530 return;
531 }
532
533 void
534 cifs_autodisable_serverino(struct cifs_sb_info *cifs_sb)
535 {
536 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SERVER_INUM) {
537 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_SERVER_INUM;
538 cifs_dbg(VFS, "Autodisabling the use of server inode numbers on %s. This server doesn't seem to support them properly. Hardlinks will not be recognized on this mount. Consider mounting with the \"noserverino\" option to silence this message.\n",
539 cifs_sb_master_tcon(cifs_sb)->treeName);
540 }
541 }
542
543 void cifs_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock)
544 {
545 oplock &= 0xF;
546
547 if (oplock == OPLOCK_EXCLUSIVE) {
548 cinode->clientCanCacheAll = true;
549 cinode->clientCanCacheRead = true;
550 cifs_dbg(FYI, "Exclusive Oplock granted on inode %p\n",
551 &cinode->vfs_inode);
552 } else if (oplock == OPLOCK_READ) {
553 cinode->clientCanCacheAll = false;
554 cinode->clientCanCacheRead = true;
555 cifs_dbg(FYI, "Level II Oplock granted on inode %p\n",
556 &cinode->vfs_inode);
557 } else {
558 cinode->clientCanCacheAll = false;
559 cinode->clientCanCacheRead = false;
560 }
561 }
562
563 bool
564 backup_cred(struct cifs_sb_info *cifs_sb)
565 {
566 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_CIFS_BACKUPUID) {
567 if (uid_eq(cifs_sb->mnt_backupuid, current_fsuid()))
568 return true;
569 }
570 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_CIFS_BACKUPGID) {
571 if (in_group_p(cifs_sb->mnt_backupgid))
572 return true;
573 }
574
575 return false;
576 }
577
578 void
579 cifs_del_pending_open(struct cifs_pending_open *open)
580 {
581 spin_lock(&cifs_file_list_lock);
582 list_del(&open->olist);
583 spin_unlock(&cifs_file_list_lock);
584 }
585
586 void
587 cifs_add_pending_open_locked(struct cifs_fid *fid, struct tcon_link *tlink,
588 struct cifs_pending_open *open)
589 {
590 #ifdef CONFIG_CIFS_SMB2
591 memcpy(open->lease_key, fid->lease_key, SMB2_LEASE_KEY_SIZE);
592 #endif
593 open->oplock = CIFS_OPLOCK_NO_CHANGE;
594 open->tlink = tlink;
595 fid->pending_open = open;
596 list_add_tail(&open->olist, &tlink_tcon(tlink)->pending_opens);
597 }
598
599 void
600 cifs_add_pending_open(struct cifs_fid *fid, struct tcon_link *tlink,
601 struct cifs_pending_open *open)
602 {
603 spin_lock(&cifs_file_list_lock);
604 cifs_add_pending_open_locked(fid, tlink, open);
605 spin_unlock(&cifs_file_list_lock);
606 }
Linux with added FPC-III support