OMAPDSS: VENC: fix NULL pointer dereference in DSS2 VENC sysfs debug attr on OMAP4
[zen-stable.git] / fs / cifs / cifs_dfs_ref.c
blob6873bb634a97652f36bc477b08044e164c749b30
1 /*
2 * Contains the CIFS DFS referral mounting routines used for handling
3 * traversal via DFS junction point
5 * Copyright (c) 2007 Igor Mammedov
6 * Copyright (C) International Business Machines Corp., 2008
7 * Author(s): Igor Mammedov (niallain@gmail.com)
8 * Steve French (sfrench@us.ibm.com)
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
15 #include <linux/dcache.h>
16 #include <linux/mount.h>
17 #include <linux/namei.h>
18 #include <linux/slab.h>
19 #include <linux/vfs.h>
20 #include <linux/fs.h>
21 #include "cifsglob.h"
22 #include "cifsproto.h"
23 #include "cifsfs.h"
24 #include "dns_resolve.h"
25 #include "cifs_debug.h"
27 static LIST_HEAD(cifs_dfs_automount_list);
29 static void cifs_dfs_expire_automounts(struct work_struct *work);
30 static DECLARE_DELAYED_WORK(cifs_dfs_automount_task,
31 cifs_dfs_expire_automounts);
32 static int cifs_dfs_mountpoint_expiry_timeout = 500 * HZ;
34 static void cifs_dfs_expire_automounts(struct work_struct *work)
36 struct list_head *list = &cifs_dfs_automount_list;
38 mark_mounts_for_expiry(list);
39 if (!list_empty(list))
40 schedule_delayed_work(&cifs_dfs_automount_task,
41 cifs_dfs_mountpoint_expiry_timeout);
44 void cifs_dfs_release_automount_timer(void)
46 BUG_ON(!list_empty(&cifs_dfs_automount_list));
47 cancel_delayed_work_sync(&cifs_dfs_automount_task);
50 /**
51 * cifs_get_share_name - extracts share name from UNC
52 * @node_name: pointer to UNC string
54 * Extracts sharename form full UNC.
55 * i.e. strips from UNC trailing path that is not part of share
56 * name and fixup missing '\' in the beginning of DFS node refferal
57 * if necessary.
58 * Returns pointer to share name on success or ERR_PTR on error.
59 * Caller is responsible for freeing returned string.
61 static char *cifs_get_share_name(const char *node_name)
63 int len;
64 char *UNC;
65 char *pSep;
67 len = strlen(node_name);
68 UNC = kmalloc(len+2 /*for term null and additional \ if it's missed */,
69 GFP_KERNEL);
70 if (!UNC)
71 return ERR_PTR(-ENOMEM);
73 /* get share name and server name */
74 if (node_name[1] != '\\') {
75 UNC[0] = '\\';
76 strncpy(UNC+1, node_name, len);
77 len++;
78 UNC[len] = 0;
79 } else {
80 strncpy(UNC, node_name, len);
81 UNC[len] = 0;
84 /* find server name end */
85 pSep = memchr(UNC+2, '\\', len-2);
86 if (!pSep) {
87 cERROR(1, "%s: no server name end in node name: %s",
88 __func__, node_name);
89 kfree(UNC);
90 return ERR_PTR(-EINVAL);
93 /* find sharename end */
94 pSep++;
95 pSep = memchr(UNC+(pSep-UNC), '\\', len-(pSep-UNC));
96 if (pSep) {
97 /* trim path up to sharename end
98 * now we have share name in UNC */
99 *pSep = 0;
102 return UNC;
107 * cifs_compose_mount_options - creates mount options for refferral
108 * @sb_mountdata: parent/root DFS mount options (template)
109 * @fullpath: full path in UNC format
110 * @ref: server's referral
111 * @devname: pointer for saving device name
113 * creates mount options for submount based on template options sb_mountdata
114 * and replacing unc,ip,prefixpath options with ones we've got form ref_unc.
116 * Returns: pointer to new mount options or ERR_PTR.
117 * Caller is responcible for freeing retunrned value if it is not error.
119 char *cifs_compose_mount_options(const char *sb_mountdata,
120 const char *fullpath,
121 const struct dfs_info3_param *ref,
122 char **devname)
124 int rc;
125 char *mountdata = NULL;
126 int md_len;
127 char *tkn_e;
128 char *srvIP = NULL;
129 char sep = ',';
130 int off, noff;
132 if (sb_mountdata == NULL)
133 return ERR_PTR(-EINVAL);
135 *devname = cifs_get_share_name(ref->node_name);
136 if (IS_ERR(*devname)) {
137 rc = PTR_ERR(*devname);
138 *devname = NULL;
139 goto compose_mount_options_err;
142 rc = dns_resolve_server_name_to_ip(*devname, &srvIP);
143 if (rc < 0) {
144 cFYI(1, "%s: Failed to resolve server part of %s to IP: %d",
145 __func__, *devname, rc);
146 goto compose_mount_options_err;
149 /* md_len = strlen(...) + 12 for 'sep+prefixpath='
150 * assuming that we have 'unc=' and 'ip=' in
151 * the original sb_mountdata
153 md_len = strlen(sb_mountdata) + rc + strlen(ref->node_name) + 12;
154 mountdata = kzalloc(md_len+1, GFP_KERNEL);
155 if (mountdata == NULL) {
156 rc = -ENOMEM;
157 goto compose_mount_options_err;
160 /* copy all options except of unc,ip,prefixpath */
161 off = 0;
162 if (strncmp(sb_mountdata, "sep=", 4) == 0) {
163 sep = sb_mountdata[4];
164 strncpy(mountdata, sb_mountdata, 5);
165 off += 5;
168 do {
169 tkn_e = strchr(sb_mountdata + off, sep);
170 if (tkn_e == NULL)
171 noff = strlen(sb_mountdata + off);
172 else
173 noff = tkn_e - (sb_mountdata + off) + 1;
175 if (strnicmp(sb_mountdata + off, "unc=", 4) == 0) {
176 off += noff;
177 continue;
179 if (strnicmp(sb_mountdata + off, "ip=", 3) == 0) {
180 off += noff;
181 continue;
183 if (strnicmp(sb_mountdata + off, "prefixpath=", 11) == 0) {
184 off += noff;
185 continue;
187 strncat(mountdata, sb_mountdata + off, noff);
188 off += noff;
189 } while (tkn_e);
190 strcat(mountdata, sb_mountdata + off);
191 mountdata[md_len] = '\0';
193 /* copy new IP and ref share name */
194 if (mountdata[strlen(mountdata) - 1] != sep)
195 strncat(mountdata, &sep, 1);
196 strcat(mountdata, "ip=");
197 strcat(mountdata, srvIP);
198 strncat(mountdata, &sep, 1);
199 strcat(mountdata, "unc=");
200 strcat(mountdata, *devname);
202 /* find & copy prefixpath */
203 tkn_e = strchr(ref->node_name + 2, '\\');
204 if (tkn_e == NULL) {
205 /* invalid unc, missing share name*/
206 rc = -EINVAL;
207 goto compose_mount_options_err;
210 tkn_e = strchr(tkn_e + 1, '\\');
211 if (tkn_e || (strlen(fullpath) - ref->path_consumed)) {
212 strncat(mountdata, &sep, 1);
213 strcat(mountdata, "prefixpath=");
214 if (tkn_e)
215 strcat(mountdata, tkn_e + 1);
216 strcat(mountdata, fullpath + ref->path_consumed);
219 /*cFYI(1, "%s: parent mountdata: %s", __func__,sb_mountdata);*/
220 /*cFYI(1, "%s: submount mountdata: %s", __func__, mountdata );*/
222 compose_mount_options_out:
223 kfree(srvIP);
224 return mountdata;
226 compose_mount_options_err:
227 kfree(mountdata);
228 mountdata = ERR_PTR(rc);
229 goto compose_mount_options_out;
233 * cifs_dfs_do_refmount - mounts specified path using provided refferal
234 * @cifs_sb: parent/root superblock
235 * @fullpath: full path in UNC format
236 * @ref: server's referral
238 static struct vfsmount *cifs_dfs_do_refmount(struct cifs_sb_info *cifs_sb,
239 const char *fullpath, const struct dfs_info3_param *ref)
241 struct vfsmount *mnt;
242 char *mountdata;
243 char *devname = NULL;
245 /* strip first '\' from fullpath */
246 mountdata = cifs_compose_mount_options(cifs_sb->mountdata,
247 fullpath + 1, ref, &devname);
249 if (IS_ERR(mountdata))
250 return (struct vfsmount *)mountdata;
252 mnt = vfs_kern_mount(&cifs_fs_type, 0, devname, mountdata);
253 kfree(mountdata);
254 kfree(devname);
255 return mnt;
259 static void dump_referral(const struct dfs_info3_param *ref)
261 cFYI(1, "DFS: ref path: %s", ref->path_name);
262 cFYI(1, "DFS: node path: %s", ref->node_name);
263 cFYI(1, "DFS: fl: %hd, srv_type: %hd", ref->flags, ref->server_type);
264 cFYI(1, "DFS: ref_flags: %hd, path_consumed: %hd", ref->ref_flag,
265 ref->path_consumed);
269 * Create a vfsmount that we can automount
271 static struct vfsmount *cifs_dfs_do_automount(struct dentry *mntpt)
273 struct dfs_info3_param *referrals = NULL;
274 unsigned int num_referrals = 0;
275 struct cifs_sb_info *cifs_sb;
276 struct cifs_ses *ses;
277 char *full_path;
278 int xid, i;
279 int rc;
280 struct vfsmount *mnt;
281 struct tcon_link *tlink;
283 cFYI(1, "in %s", __func__);
284 BUG_ON(IS_ROOT(mntpt));
287 * The MSDFS spec states that paths in DFS referral requests and
288 * responses must be prefixed by a single '\' character instead of
289 * the double backslashes usually used in the UNC. This function
290 * gives us the latter, so we must adjust the result.
292 mnt = ERR_PTR(-ENOMEM);
293 full_path = build_path_from_dentry(mntpt);
294 if (full_path == NULL)
295 goto cdda_exit;
297 cifs_sb = CIFS_SB(mntpt->d_inode->i_sb);
298 tlink = cifs_sb_tlink(cifs_sb);
299 if (IS_ERR(tlink)) {
300 mnt = ERR_CAST(tlink);
301 goto free_full_path;
303 ses = tlink_tcon(tlink)->ses;
305 xid = GetXid();
306 rc = get_dfs_path(xid, ses, full_path + 1, cifs_sb->local_nls,
307 &num_referrals, &referrals,
308 cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);
309 FreeXid(xid);
311 cifs_put_tlink(tlink);
313 mnt = ERR_PTR(-ENOENT);
314 for (i = 0; i < num_referrals; i++) {
315 int len;
316 dump_referral(referrals + i);
317 /* connect to a node */
318 len = strlen(referrals[i].node_name);
319 if (len < 2) {
320 cERROR(1, "%s: Net Address path too short: %s",
321 __func__, referrals[i].node_name);
322 mnt = ERR_PTR(-EINVAL);
323 break;
325 mnt = cifs_dfs_do_refmount(cifs_sb,
326 full_path, referrals + i);
327 cFYI(1, "%s: cifs_dfs_do_refmount:%s , mnt:%p", __func__,
328 referrals[i].node_name, mnt);
329 if (!IS_ERR(mnt))
330 goto success;
333 /* no valid submounts were found; return error from get_dfs_path() by
334 * preference */
335 if (rc != 0)
336 mnt = ERR_PTR(rc);
338 success:
339 free_dfs_info_array(referrals, num_referrals);
340 free_full_path:
341 kfree(full_path);
342 cdda_exit:
343 cFYI(1, "leaving %s" , __func__);
344 return mnt;
348 * Attempt to automount the referral
350 struct vfsmount *cifs_dfs_d_automount(struct path *path)
352 struct vfsmount *newmnt;
354 cFYI(1, "in %s", __func__);
356 newmnt = cifs_dfs_do_automount(path->dentry);
357 if (IS_ERR(newmnt)) {
358 cFYI(1, "leaving %s [automount failed]" , __func__);
359 return newmnt;
362 mntget(newmnt); /* prevent immediate expiration */
363 mnt_set_expiry(newmnt, &cifs_dfs_automount_list);
364 schedule_delayed_work(&cifs_dfs_automount_task,
365 cifs_dfs_mountpoint_expiry_timeout);
366 cFYI(1, "leaving %s [ok]" , __func__);
367 return newmnt;
370 const struct inode_operations cifs_dfs_referral_inode_operations = {