1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org>
4 * Copyright (C) 2018 Samsung Electronics Co., Ltd.
7 #include <linux/inetdevice.h>
8 #include <net/addrconf.h>
9 #include <linux/syscalls.h>
10 #include <linux/namei.h>
11 #include <linux/statfs.h>
12 #include <linux/ethtool.h>
13 #include <linux/falloc.h>
23 #include "connection.h"
24 #include "transport_ipc.h"
26 #include "vfs_cache.h"
30 #include "smb_common.h"
31 #include "smbstatus.h"
32 #include "ksmbd_work.h"
33 #include "mgmt/user_config.h"
34 #include "mgmt/share_config.h"
35 #include "mgmt/tree_connect.h"
36 #include "mgmt/user_session.h"
37 #include "mgmt/ksmbd_ida.h"
40 static void __wbuf(struct ksmbd_work *work, void **req, void **rsp)
42 if (work->next_smb2_rcv_hdr_off) {
43 *req = REQUEST_BUF_NEXT(work);
44 *rsp = RESPONSE_BUF_NEXT(work);
46 *req = work->request_buf;
47 *rsp = work->response_buf;
51 #define WORK_BUFFERS(w, rq, rs) __wbuf((w), (void **)&(rq), (void **)&(rs))
54 * check_session_id() - check for valid session id in smb header
55 * @conn: connection instance
56 * @id: session id from smb header
58 * Return: 1 if valid session id, otherwise 0
60 static inline int check_session_id(struct ksmbd_conn *conn, u64 id)
62 struct ksmbd_session *sess;
64 if (id == 0 || id == -1)
67 sess = ksmbd_session_lookup_all(conn, id);
70 pr_err("Invalid user session id: %llu\n", id);
74 struct channel *lookup_chann_list(struct ksmbd_session *sess, struct ksmbd_conn *conn)
76 struct channel *chann;
78 list_for_each_entry(chann, &sess->ksmbd_chann_list, chann_list) {
79 if (chann->conn == conn)
87 * smb2_get_ksmbd_tcon() - get tree connection information for a tree id
90 * Return: matching tree connection on success, otherwise error
92 int smb2_get_ksmbd_tcon(struct ksmbd_work *work)
94 struct smb2_hdr *req_hdr = work->request_buf;
98 if (work->conn->ops->get_cmd_val(work) == SMB2_TREE_CONNECT_HE ||
99 work->conn->ops->get_cmd_val(work) == SMB2_CANCEL_HE ||
100 work->conn->ops->get_cmd_val(work) == SMB2_LOGOFF_HE) {
101 ksmbd_debug(SMB, "skip to check tree connect request\n");
105 if (xa_empty(&work->sess->tree_conns)) {
106 ksmbd_debug(SMB, "NO tree connected\n");
110 tree_id = le32_to_cpu(req_hdr->Id.SyncId.TreeId);
111 work->tcon = ksmbd_tree_conn_lookup(work->sess, tree_id);
113 pr_err("Invalid tid %d\n", tree_id);
121 * smb2_set_err_rsp() - set error response code on smb response
122 * @work: smb work containing response buffer
124 void smb2_set_err_rsp(struct ksmbd_work *work)
126 struct smb2_err_rsp *err_rsp;
128 if (work->next_smb2_rcv_hdr_off)
129 err_rsp = RESPONSE_BUF_NEXT(work);
131 err_rsp = work->response_buf;
133 if (err_rsp->hdr.Status != STATUS_STOPPED_ON_SYMLINK) {
134 err_rsp->StructureSize = SMB2_ERROR_STRUCTURE_SIZE2_LE;
135 err_rsp->ErrorContextCount = 0;
136 err_rsp->Reserved = 0;
137 err_rsp->ByteCount = 0;
138 err_rsp->ErrorData[0] = 0;
139 inc_rfc1001_len(work->response_buf, SMB2_ERROR_STRUCTURE_SIZE2);
144 * is_smb2_neg_cmd() - is it smb2 negotiation command
145 * @work: smb work containing smb header
147 * Return: 1 if smb2 negotiation command, otherwise 0
149 int is_smb2_neg_cmd(struct ksmbd_work *work)
151 struct smb2_hdr *hdr = work->request_buf;
153 /* is it SMB2 header ? */
154 if (hdr->ProtocolId != SMB2_PROTO_NUMBER)
157 /* make sure it is request not response message */
158 if (hdr->Flags & SMB2_FLAGS_SERVER_TO_REDIR)
161 if (hdr->Command != SMB2_NEGOTIATE)
168 * is_smb2_rsp() - is it smb2 response
169 * @work: smb work containing smb response buffer
171 * Return: 1 if smb2 response, otherwise 0
173 int is_smb2_rsp(struct ksmbd_work *work)
175 struct smb2_hdr *hdr = work->response_buf;
177 /* is it SMB2 header ? */
178 if (hdr->ProtocolId != SMB2_PROTO_NUMBER)
181 /* make sure it is response not request message */
182 if (!(hdr->Flags & SMB2_FLAGS_SERVER_TO_REDIR))
189 * get_smb2_cmd_val() - get smb command code from smb header
190 * @work: smb work containing smb request buffer
192 * Return: smb2 request command value
194 u16 get_smb2_cmd_val(struct ksmbd_work *work)
196 struct smb2_hdr *rcv_hdr;
198 if (work->next_smb2_rcv_hdr_off)
199 rcv_hdr = REQUEST_BUF_NEXT(work);
201 rcv_hdr = work->request_buf;
202 return le16_to_cpu(rcv_hdr->Command);
206 * set_smb2_rsp_status() - set error response code on smb2 header
207 * @work: smb work containing response buffer
208 * @err: error response code
210 void set_smb2_rsp_status(struct ksmbd_work *work, __le32 err)
212 struct smb2_hdr *rsp_hdr;
214 if (work->next_smb2_rcv_hdr_off)
215 rsp_hdr = RESPONSE_BUF_NEXT(work);
217 rsp_hdr = work->response_buf;
218 rsp_hdr->Status = err;
219 smb2_set_err_rsp(work);
223 * init_smb2_neg_rsp() - initialize smb2 response for negotiate command
224 * @work: smb work containing smb request buffer
226 * smb2 negotiate response is sent in reply of smb1 negotiate command for
227 * dialect auto-negotiation.
229 int init_smb2_neg_rsp(struct ksmbd_work *work)
231 struct smb2_hdr *rsp_hdr;
232 struct smb2_negotiate_rsp *rsp;
233 struct ksmbd_conn *conn = work->conn;
235 if (conn->need_neg == false)
237 if (!(conn->dialect >= SMB20_PROT_ID &&
238 conn->dialect <= SMB311_PROT_ID))
241 rsp_hdr = work->response_buf;
243 memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2);
245 rsp_hdr->smb2_buf_length =
246 cpu_to_be32(HEADER_SIZE_NO_BUF_LEN(conn));
248 rsp_hdr->ProtocolId = SMB2_PROTO_NUMBER;
249 rsp_hdr->StructureSize = SMB2_HEADER_STRUCTURE_SIZE;
250 rsp_hdr->CreditRequest = cpu_to_le16(2);
251 rsp_hdr->Command = SMB2_NEGOTIATE;
252 rsp_hdr->Flags = (SMB2_FLAGS_SERVER_TO_REDIR);
253 rsp_hdr->NextCommand = 0;
254 rsp_hdr->MessageId = 0;
255 rsp_hdr->Id.SyncId.ProcessId = 0;
256 rsp_hdr->Id.SyncId.TreeId = 0;
257 rsp_hdr->SessionId = 0;
258 memset(rsp_hdr->Signature, 0, 16);
260 rsp = work->response_buf;
262 WARN_ON(ksmbd_conn_good(work));
264 rsp->StructureSize = cpu_to_le16(65);
265 ksmbd_debug(SMB, "conn->dialect 0x%x\n", conn->dialect);
266 rsp->DialectRevision = cpu_to_le16(conn->dialect);
267 /* Not setting conn guid rsp->ServerGUID, as it
268 * not used by client for identifying connection
270 rsp->Capabilities = cpu_to_le32(conn->vals->capabilities);
271 /* Default Max Message Size till SMB2.0, 64K*/
272 rsp->MaxTransactSize = cpu_to_le32(conn->vals->max_trans_size);
273 rsp->MaxReadSize = cpu_to_le32(conn->vals->max_read_size);
274 rsp->MaxWriteSize = cpu_to_le32(conn->vals->max_write_size);
276 rsp->SystemTime = cpu_to_le64(ksmbd_systime());
277 rsp->ServerStartTime = 0;
279 rsp->SecurityBufferOffset = cpu_to_le16(128);
280 rsp->SecurityBufferLength = cpu_to_le16(AUTH_GSS_LENGTH);
281 ksmbd_copy_gss_neg_header(((char *)(&rsp->hdr) +
282 sizeof(rsp->hdr.smb2_buf_length)) +
283 le16_to_cpu(rsp->SecurityBufferOffset));
284 inc_rfc1001_len(rsp, sizeof(struct smb2_negotiate_rsp) -
285 sizeof(struct smb2_hdr) - sizeof(rsp->Buffer) +
287 rsp->SecurityMode = SMB2_NEGOTIATE_SIGNING_ENABLED_LE;
288 if (server_conf.signing == KSMBD_CONFIG_OPT_MANDATORY)
289 rsp->SecurityMode |= SMB2_NEGOTIATE_SIGNING_REQUIRED_LE;
290 conn->use_spnego = true;
292 ksmbd_conn_set_need_negotiate(work);
296 static int smb2_consume_credit_charge(struct ksmbd_work *work,
297 unsigned short credit_charge)
299 struct ksmbd_conn *conn = work->conn;
300 unsigned int rsp_credits = 1;
302 if (!conn->total_credits)
305 if (credit_charge > 0)
306 rsp_credits = credit_charge;
308 conn->total_credits -= rsp_credits;
313 * smb2_set_rsp_credits() - set number of credits in response buffer
314 * @work: smb work containing smb response buffer
316 int smb2_set_rsp_credits(struct ksmbd_work *work)
318 struct smb2_hdr *req_hdr = REQUEST_BUF_NEXT(work);
319 struct smb2_hdr *hdr = RESPONSE_BUF_NEXT(work);
320 struct ksmbd_conn *conn = work->conn;
321 unsigned short credits_requested = le16_to_cpu(req_hdr->CreditRequest);
322 unsigned short credit_charge = 1, credits_granted = 0;
323 unsigned short aux_max, aux_credits, min_credits;
324 int rsp_credit_charge;
326 if (hdr->Command == SMB2_CANCEL)
329 /* get default minimum credits by shifting maximum credits by 4 */
330 min_credits = conn->max_credits >> 4;
332 if (conn->total_credits >= conn->max_credits) {
333 pr_err("Total credits overflow: %d\n", conn->total_credits);
334 conn->total_credits = min_credits;
338 smb2_consume_credit_charge(work, le16_to_cpu(req_hdr->CreditCharge));
339 if (rsp_credit_charge < 0)
342 hdr->CreditCharge = cpu_to_le16(rsp_credit_charge);
344 if (credits_requested > 0) {
345 aux_credits = credits_requested - 1;
347 if (hdr->Command == SMB2_NEGOTIATE)
349 aux_credits = (aux_credits < aux_max) ? aux_credits : aux_max;
350 credits_granted = aux_credits + credit_charge;
352 /* if credits granted per client is getting bigger than default
353 * minimum credits then we should wrap it up within the limits.
355 if ((conn->total_credits + credits_granted) > min_credits)
356 credits_granted = min_credits - conn->total_credits;
358 * TODO: Need to adjuct CreditRequest value according to
361 } else if (conn->total_credits == 0) {
365 conn->total_credits += credits_granted;
366 work->credits_granted += credits_granted;
368 if (!req_hdr->NextCommand) {
369 /* Update CreditRequest in last request */
370 hdr->CreditRequest = cpu_to_le16(work->credits_granted);
374 "credits: requested[%d] granted[%d] total_granted[%d]\n",
375 credits_requested, credits_granted,
376 conn->total_credits);
381 * init_chained_smb2_rsp() - initialize smb2 chained response
382 * @work: smb work containing smb response buffer
384 static void init_chained_smb2_rsp(struct ksmbd_work *work)
386 struct smb2_hdr *req = REQUEST_BUF_NEXT(work);
387 struct smb2_hdr *rsp = RESPONSE_BUF_NEXT(work);
388 struct smb2_hdr *rsp_hdr;
389 struct smb2_hdr *rcv_hdr;
390 int next_hdr_offset = 0;
393 /* Len of this response = updated RFC len - offset of previous cmd
394 * in the compound rsp
397 /* Storing the current local FID which may be needed by subsequent
398 * command in the compound request
400 if (req->Command == SMB2_CREATE && rsp->Status == STATUS_SUCCESS) {
402 le64_to_cpu(((struct smb2_create_rsp *)rsp)->
404 work->compound_pfid =
405 le64_to_cpu(((struct smb2_create_rsp *)rsp)->
407 work->compound_sid = le64_to_cpu(rsp->SessionId);
410 len = get_rfc1002_len(work->response_buf) - work->next_smb2_rsp_hdr_off;
411 next_hdr_offset = le32_to_cpu(req->NextCommand);
413 new_len = ALIGN(len, 8);
414 inc_rfc1001_len(work->response_buf, ((sizeof(struct smb2_hdr) - 4)
416 rsp->NextCommand = cpu_to_le32(new_len);
418 work->next_smb2_rcv_hdr_off += next_hdr_offset;
419 work->next_smb2_rsp_hdr_off += new_len;
421 "Compound req new_len = %d rcv off = %d rsp off = %d\n",
422 new_len, work->next_smb2_rcv_hdr_off,
423 work->next_smb2_rsp_hdr_off);
425 rsp_hdr = RESPONSE_BUF_NEXT(work);
426 rcv_hdr = REQUEST_BUF_NEXT(work);
428 if (!(rcv_hdr->Flags & SMB2_FLAGS_RELATED_OPERATIONS)) {
429 ksmbd_debug(SMB, "related flag should be set\n");
430 work->compound_fid = KSMBD_NO_FID;
431 work->compound_pfid = KSMBD_NO_FID;
433 memset((char *)rsp_hdr + 4, 0, sizeof(struct smb2_hdr) + 2);
434 rsp_hdr->ProtocolId = rcv_hdr->ProtocolId;
435 rsp_hdr->StructureSize = SMB2_HEADER_STRUCTURE_SIZE;
436 rsp_hdr->Command = rcv_hdr->Command;
439 * Message is response. We don't grant oplock yet.
441 rsp_hdr->Flags = (SMB2_FLAGS_SERVER_TO_REDIR |
442 SMB2_FLAGS_RELATED_OPERATIONS);
443 rsp_hdr->NextCommand = 0;
444 rsp_hdr->MessageId = rcv_hdr->MessageId;
445 rsp_hdr->Id.SyncId.ProcessId = rcv_hdr->Id.SyncId.ProcessId;
446 rsp_hdr->Id.SyncId.TreeId = rcv_hdr->Id.SyncId.TreeId;
447 rsp_hdr->SessionId = rcv_hdr->SessionId;
448 memcpy(rsp_hdr->Signature, rcv_hdr->Signature, 16);
452 * is_chained_smb2_message() - check for chained command
453 * @work: smb work containing smb request buffer
455 * Return: true if chained request, otherwise false
457 bool is_chained_smb2_message(struct ksmbd_work *work)
459 struct smb2_hdr *hdr = work->request_buf;
462 if (hdr->ProtocolId != SMB2_PROTO_NUMBER)
465 hdr = REQUEST_BUF_NEXT(work);
466 if (le32_to_cpu(hdr->NextCommand) > 0) {
467 ksmbd_debug(SMB, "got SMB2 chained command\n");
468 init_chained_smb2_rsp(work);
470 } else if (work->next_smb2_rcv_hdr_off) {
472 * This is last request in chained command,
473 * align response to 8 byte
475 len = ALIGN(get_rfc1002_len(work->response_buf), 8);
476 len = len - get_rfc1002_len(work->response_buf);
478 ksmbd_debug(SMB, "padding len %u\n", len);
479 inc_rfc1001_len(work->response_buf, len);
480 if (work->aux_payload_sz)
481 work->aux_payload_sz += len;
488 * init_smb2_rsp_hdr() - initialize smb2 response
489 * @work: smb work containing smb request buffer
493 int init_smb2_rsp_hdr(struct ksmbd_work *work)
495 struct smb2_hdr *rsp_hdr = work->response_buf;
496 struct smb2_hdr *rcv_hdr = work->request_buf;
497 struct ksmbd_conn *conn = work->conn;
499 memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2);
500 rsp_hdr->smb2_buf_length = cpu_to_be32(HEADER_SIZE_NO_BUF_LEN(conn));
501 rsp_hdr->ProtocolId = rcv_hdr->ProtocolId;
502 rsp_hdr->StructureSize = SMB2_HEADER_STRUCTURE_SIZE;
503 rsp_hdr->Command = rcv_hdr->Command;
506 * Message is response. We don't grant oplock yet.
508 rsp_hdr->Flags = (SMB2_FLAGS_SERVER_TO_REDIR);
509 rsp_hdr->NextCommand = 0;
510 rsp_hdr->MessageId = rcv_hdr->MessageId;
511 rsp_hdr->Id.SyncId.ProcessId = rcv_hdr->Id.SyncId.ProcessId;
512 rsp_hdr->Id.SyncId.TreeId = rcv_hdr->Id.SyncId.TreeId;
513 rsp_hdr->SessionId = rcv_hdr->SessionId;
514 memcpy(rsp_hdr->Signature, rcv_hdr->Signature, 16);
516 work->syncronous = true;
517 if (work->async_id) {
518 ksmbd_release_id(&conn->async_ida, work->async_id);
526 * smb2_allocate_rsp_buf() - allocate smb2 response buffer
527 * @work: smb work containing smb request buffer
529 * Return: 0 on success, otherwise -ENOMEM
531 int smb2_allocate_rsp_buf(struct ksmbd_work *work)
533 struct smb2_hdr *hdr = work->request_buf;
534 size_t small_sz = MAX_CIFS_SMALL_BUFFER_SIZE;
535 size_t large_sz = work->conn->vals->max_trans_size + MAX_SMB2_HDR_SIZE;
536 size_t sz = small_sz;
537 int cmd = le16_to_cpu(hdr->Command);
539 if (cmd == SMB2_IOCTL_HE || cmd == SMB2_QUERY_DIRECTORY_HE)
542 if (cmd == SMB2_QUERY_INFO_HE) {
543 struct smb2_query_info_req *req;
545 req = work->request_buf;
546 if (req->InfoType == SMB2_O_INFO_FILE &&
547 (req->FileInfoClass == FILE_FULL_EA_INFORMATION ||
548 req->FileInfoClass == FILE_ALL_INFORMATION))
552 /* allocate large response buf for chained commands */
553 if (le32_to_cpu(hdr->NextCommand) > 0)
556 work->response_buf = kvmalloc(sz, GFP_KERNEL | __GFP_ZERO);
557 if (!work->response_buf)
560 work->response_sz = sz;
565 * smb2_check_user_session() - check for valid session for a user
566 * @work: smb work containing smb request buffer
568 * Return: 0 on success, otherwise error
570 int smb2_check_user_session(struct ksmbd_work *work)
572 struct smb2_hdr *req_hdr = work->request_buf;
573 struct ksmbd_conn *conn = work->conn;
574 unsigned int cmd = conn->ops->get_cmd_val(work);
575 unsigned long long sess_id;
579 * SMB2_ECHO, SMB2_NEGOTIATE, SMB2_SESSION_SETUP command do not
580 * require a session id, so no need to validate user session's for
583 if (cmd == SMB2_ECHO_HE || cmd == SMB2_NEGOTIATE_HE ||
584 cmd == SMB2_SESSION_SETUP_HE)
587 if (!ksmbd_conn_good(work))
590 sess_id = le64_to_cpu(req_hdr->SessionId);
591 /* Check for validity of user session */
592 work->sess = ksmbd_session_lookup_all(conn, sess_id);
595 ksmbd_debug(SMB, "Invalid user session, Uid %llu\n", sess_id);
599 static void destroy_previous_session(struct ksmbd_user *user, u64 id)
601 struct ksmbd_session *prev_sess = ksmbd_session_lookup_slowpath(id);
602 struct ksmbd_user *prev_user;
607 prev_user = prev_sess->user;
610 strcmp(user->name, prev_user->name) ||
611 user->passkey_sz != prev_user->passkey_sz ||
612 memcmp(user->passkey, prev_user->passkey, user->passkey_sz)) {
613 put_session(prev_sess);
617 put_session(prev_sess);
618 ksmbd_session_destroy(prev_sess);
622 * smb2_get_name() - get filename string from on the wire smb format
623 * @share: ksmbd_share_config pointer
624 * @src: source buffer
625 * @maxlen: maxlen of source string
626 * @nls_table: nls_table pointer
628 * Return: matching converted filename on success, otherwise error ptr
631 smb2_get_name(struct ksmbd_share_config *share, const char *src,
632 const int maxlen, struct nls_table *local_nls)
634 char *name, *unixname;
636 name = smb_strndup_from_utf16(src, maxlen, 1, local_nls);
638 pr_err("failed to get name %ld\n", PTR_ERR(name));
642 /* change it to absolute unix name */
643 ksmbd_conv_path_to_unix(name);
644 ksmbd_strip_last_slash(name);
646 unixname = convert_to_unix_name(share, name);
649 pr_err("can not convert absolute name\n");
650 return ERR_PTR(-ENOMEM);
653 ksmbd_debug(SMB, "absolute name = %s\n", unixname);
657 int setup_async_work(struct ksmbd_work *work, void (*fn)(void **), void **arg)
659 struct smb2_hdr *rsp_hdr;
660 struct ksmbd_conn *conn = work->conn;
663 rsp_hdr = work->response_buf;
664 rsp_hdr->Flags |= SMB2_FLAGS_ASYNC_COMMAND;
666 id = ksmbd_acquire_async_msg_id(&conn->async_ida);
668 pr_err("Failed to alloc async message id\n");
671 work->syncronous = false;
673 rsp_hdr->Id.AsyncId = cpu_to_le64(id);
676 "Send interim Response to inform async request id : %d\n",
679 work->cancel_fn = fn;
680 work->cancel_argv = arg;
682 if (list_empty(&work->async_request_entry)) {
683 spin_lock(&conn->request_lock);
684 list_add_tail(&work->async_request_entry, &conn->async_requests);
685 spin_unlock(&conn->request_lock);
691 void smb2_send_interim_resp(struct ksmbd_work *work, __le32 status)
693 struct smb2_hdr *rsp_hdr;
695 rsp_hdr = work->response_buf;
696 smb2_set_err_rsp(work);
697 rsp_hdr->Status = status;
700 ksmbd_conn_write(work);
705 static __le32 smb2_get_reparse_tag_special_file(umode_t mode)
707 if (S_ISDIR(mode) || S_ISREG(mode))
711 return IO_REPARSE_TAG_LX_SYMLINK_LE;
712 else if (S_ISFIFO(mode))
713 return IO_REPARSE_TAG_LX_FIFO_LE;
714 else if (S_ISSOCK(mode))
715 return IO_REPARSE_TAG_AF_UNIX_LE;
716 else if (S_ISCHR(mode))
717 return IO_REPARSE_TAG_LX_CHR_LE;
718 else if (S_ISBLK(mode))
719 return IO_REPARSE_TAG_LX_BLK_LE;
725 * smb2_get_dos_mode() - get file mode in dos format from unix mode
726 * @stat: kstat containing file mode
727 * @attribute: attribute flags
729 * Return: converted dos mode
731 static int smb2_get_dos_mode(struct kstat *stat, int attribute)
735 if (S_ISDIR(stat->mode)) {
736 attr = ATTR_DIRECTORY |
737 (attribute & (ATTR_HIDDEN | ATTR_SYSTEM));
739 attr = (attribute & 0x00005137) | ATTR_ARCHIVE;
740 attr &= ~(ATTR_DIRECTORY);
741 if (S_ISREG(stat->mode) && (server_conf.share_fake_fscaps &
742 FILE_SUPPORTS_SPARSE_FILES))
745 if (smb2_get_reparse_tag_special_file(stat->mode))
746 attr |= ATTR_REPARSE;
752 static void build_preauth_ctxt(struct smb2_preauth_neg_context *pneg_ctxt,
755 pneg_ctxt->ContextType = SMB2_PREAUTH_INTEGRITY_CAPABILITIES;
756 pneg_ctxt->DataLength = cpu_to_le16(38);
757 pneg_ctxt->HashAlgorithmCount = cpu_to_le16(1);
758 pneg_ctxt->Reserved = cpu_to_le32(0);
759 pneg_ctxt->SaltLength = cpu_to_le16(SMB311_SALT_SIZE);
760 get_random_bytes(pneg_ctxt->Salt, SMB311_SALT_SIZE);
761 pneg_ctxt->HashAlgorithms = hash_id;
764 static void build_encrypt_ctxt(struct smb2_encryption_neg_context *pneg_ctxt,
767 pneg_ctxt->ContextType = SMB2_ENCRYPTION_CAPABILITIES;
768 pneg_ctxt->DataLength = cpu_to_le16(4);
769 pneg_ctxt->Reserved = cpu_to_le32(0);
770 pneg_ctxt->CipherCount = cpu_to_le16(1);
771 pneg_ctxt->Ciphers[0] = cipher_type;
774 static void build_compression_ctxt(struct smb2_compression_ctx *pneg_ctxt,
777 pneg_ctxt->ContextType = SMB2_COMPRESSION_CAPABILITIES;
778 pneg_ctxt->DataLength =
779 cpu_to_le16(sizeof(struct smb2_compression_ctx)
780 - sizeof(struct smb2_neg_context));
781 pneg_ctxt->Reserved = cpu_to_le32(0);
782 pneg_ctxt->CompressionAlgorithmCount = cpu_to_le16(1);
783 pneg_ctxt->Reserved1 = cpu_to_le32(0);
784 pneg_ctxt->CompressionAlgorithms[0] = comp_algo;
787 static void build_posix_ctxt(struct smb2_posix_neg_context *pneg_ctxt)
789 pneg_ctxt->ContextType = SMB2_POSIX_EXTENSIONS_AVAILABLE;
790 pneg_ctxt->DataLength = cpu_to_le16(POSIX_CTXT_DATA_LEN);
791 /* SMB2_CREATE_TAG_POSIX is "0x93AD25509CB411E7B42383DE968BCD7C" */
792 pneg_ctxt->Name[0] = 0x93;
793 pneg_ctxt->Name[1] = 0xAD;
794 pneg_ctxt->Name[2] = 0x25;
795 pneg_ctxt->Name[3] = 0x50;
796 pneg_ctxt->Name[4] = 0x9C;
797 pneg_ctxt->Name[5] = 0xB4;
798 pneg_ctxt->Name[6] = 0x11;
799 pneg_ctxt->Name[7] = 0xE7;
800 pneg_ctxt->Name[8] = 0xB4;
801 pneg_ctxt->Name[9] = 0x23;
802 pneg_ctxt->Name[10] = 0x83;
803 pneg_ctxt->Name[11] = 0xDE;
804 pneg_ctxt->Name[12] = 0x96;
805 pneg_ctxt->Name[13] = 0x8B;
806 pneg_ctxt->Name[14] = 0xCD;
807 pneg_ctxt->Name[15] = 0x7C;
810 static void assemble_neg_contexts(struct ksmbd_conn *conn,
811 struct smb2_negotiate_rsp *rsp)
813 /* +4 is to account for the RFC1001 len field */
814 char *pneg_ctxt = (char *)rsp +
815 le32_to_cpu(rsp->NegotiateContextOffset) + 4;
816 int neg_ctxt_cnt = 1;
820 "assemble SMB2_PREAUTH_INTEGRITY_CAPABILITIES context\n");
821 build_preauth_ctxt((struct smb2_preauth_neg_context *)pneg_ctxt,
822 conn->preauth_info->Preauth_HashId);
823 rsp->NegotiateContextCount = cpu_to_le16(neg_ctxt_cnt);
824 inc_rfc1001_len(rsp, AUTH_GSS_PADDING);
825 ctxt_size = sizeof(struct smb2_preauth_neg_context);
826 /* Round to 8 byte boundary */
827 pneg_ctxt += round_up(sizeof(struct smb2_preauth_neg_context), 8);
829 if (conn->cipher_type) {
830 ctxt_size = round_up(ctxt_size, 8);
832 "assemble SMB2_ENCRYPTION_CAPABILITIES context\n");
833 build_encrypt_ctxt((struct smb2_encryption_neg_context *)pneg_ctxt,
835 rsp->NegotiateContextCount = cpu_to_le16(++neg_ctxt_cnt);
836 ctxt_size += sizeof(struct smb2_encryption_neg_context);
837 /* Round to 8 byte boundary */
839 round_up(sizeof(struct smb2_encryption_neg_context),
843 if (conn->compress_algorithm) {
844 ctxt_size = round_up(ctxt_size, 8);
846 "assemble SMB2_COMPRESSION_CAPABILITIES context\n");
847 /* Temporarily set to SMB3_COMPRESS_NONE */
848 build_compression_ctxt((struct smb2_compression_ctx *)pneg_ctxt,
849 conn->compress_algorithm);
850 rsp->NegotiateContextCount = cpu_to_le16(++neg_ctxt_cnt);
851 ctxt_size += sizeof(struct smb2_compression_ctx);
852 /* Round to 8 byte boundary */
853 pneg_ctxt += round_up(sizeof(struct smb2_compression_ctx), 8);
856 if (conn->posix_ext_supported) {
857 ctxt_size = round_up(ctxt_size, 8);
859 "assemble SMB2_POSIX_EXTENSIONS_AVAILABLE context\n");
860 build_posix_ctxt((struct smb2_posix_neg_context *)pneg_ctxt);
861 rsp->NegotiateContextCount = cpu_to_le16(++neg_ctxt_cnt);
862 ctxt_size += sizeof(struct smb2_posix_neg_context);
865 inc_rfc1001_len(rsp, ctxt_size);
868 static __le32 decode_preauth_ctxt(struct ksmbd_conn *conn,
869 struct smb2_preauth_neg_context *pneg_ctxt)
871 __le32 err = STATUS_NO_PREAUTH_INTEGRITY_HASH_OVERLAP;
873 if (pneg_ctxt->HashAlgorithms == SMB2_PREAUTH_INTEGRITY_SHA512) {
874 conn->preauth_info->Preauth_HashId =
875 SMB2_PREAUTH_INTEGRITY_SHA512;
876 err = STATUS_SUCCESS;
882 static int decode_encrypt_ctxt(struct ksmbd_conn *conn,
883 struct smb2_encryption_neg_context *pneg_ctxt)
886 int cph_cnt = le16_to_cpu(pneg_ctxt->CipherCount);
888 conn->cipher_type = 0;
890 if (!(server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION))
893 for (i = 0; i < cph_cnt; i++) {
894 if (pneg_ctxt->Ciphers[i] == SMB2_ENCRYPTION_AES128_GCM ||
895 pneg_ctxt->Ciphers[i] == SMB2_ENCRYPTION_AES128_CCM ||
896 pneg_ctxt->Ciphers[i] == SMB2_ENCRYPTION_AES256_CCM ||
897 pneg_ctxt->Ciphers[i] == SMB2_ENCRYPTION_AES256_GCM) {
898 ksmbd_debug(SMB, "Cipher ID = 0x%x\n",
899 pneg_ctxt->Ciphers[i]);
900 conn->cipher_type = pneg_ctxt->Ciphers[i];
907 * Return encrypt context size in request.
908 * So need to plus extra number of ciphers size.
910 return sizeof(struct smb2_encryption_neg_context) +
914 static int decode_compress_ctxt(struct ksmbd_conn *conn,
915 struct smb2_compression_ctx *pneg_ctxt)
917 int algo_cnt = le16_to_cpu(pneg_ctxt->CompressionAlgorithmCount);
919 conn->compress_algorithm = SMB3_COMPRESS_NONE;
922 * Return compression context size in request.
923 * So need to plus extra number of CompressionAlgorithms size.
925 return sizeof(struct smb2_encryption_neg_context) +
926 ((algo_cnt - 1) * 2);
929 static __le32 deassemble_neg_contexts(struct ksmbd_conn *conn,
930 struct smb2_negotiate_req *req)
934 /* +4 is to account for the RFC1001 len field */
935 char *pneg_ctxt = (char *)req +
936 le32_to_cpu(req->NegotiateContextOffset) + 4;
937 __le16 *ContextType = (__le16 *)pneg_ctxt;
938 int neg_ctxt_cnt = le16_to_cpu(req->NegotiateContextCount);
941 ksmbd_debug(SMB, "negotiate context count = %d\n", neg_ctxt_cnt);
942 status = STATUS_INVALID_PARAMETER;
943 while (i++ < neg_ctxt_cnt) {
944 if (*ContextType == SMB2_PREAUTH_INTEGRITY_CAPABILITIES) {
946 "deassemble SMB2_PREAUTH_INTEGRITY_CAPABILITIES context\n");
947 if (conn->preauth_info->Preauth_HashId)
950 status = decode_preauth_ctxt(conn,
951 (struct smb2_preauth_neg_context *)pneg_ctxt);
952 pneg_ctxt += DIV_ROUND_UP(sizeof(struct smb2_preauth_neg_context), 8) * 8;
953 } else if (*ContextType == SMB2_ENCRYPTION_CAPABILITIES) {
955 "deassemble SMB2_ENCRYPTION_CAPABILITIES context\n");
956 if (conn->cipher_type)
959 ctxt_size = decode_encrypt_ctxt(conn,
960 (struct smb2_encryption_neg_context *)pneg_ctxt);
961 pneg_ctxt += DIV_ROUND_UP(ctxt_size, 8) * 8;
962 } else if (*ContextType == SMB2_COMPRESSION_CAPABILITIES) {
964 "deassemble SMB2_COMPRESSION_CAPABILITIES context\n");
965 if (conn->compress_algorithm)
968 ctxt_size = decode_compress_ctxt(conn,
969 (struct smb2_compression_ctx *)pneg_ctxt);
970 pneg_ctxt += DIV_ROUND_UP(ctxt_size, 8) * 8;
971 } else if (*ContextType == SMB2_NETNAME_NEGOTIATE_CONTEXT_ID) {
973 "deassemble SMB2_NETNAME_NEGOTIATE_CONTEXT_ID context\n");
974 ctxt_size = sizeof(struct smb2_netname_neg_context);
975 ctxt_size += DIV_ROUND_UP(le16_to_cpu(((struct smb2_netname_neg_context *)
976 pneg_ctxt)->DataLength), 8) * 8;
977 pneg_ctxt += ctxt_size;
978 } else if (*ContextType == SMB2_POSIX_EXTENSIONS_AVAILABLE) {
980 "deassemble SMB2_POSIX_EXTENSIONS_AVAILABLE context\n");
981 conn->posix_ext_supported = true;
982 pneg_ctxt += DIV_ROUND_UP(sizeof(struct smb2_posix_neg_context), 8) * 8;
984 ContextType = (__le16 *)pneg_ctxt;
986 if (status != STATUS_SUCCESS)
993 * smb2_handle_negotiate() - handler for smb2 negotiate command
994 * @work: smb work containing smb request buffer
998 int smb2_handle_negotiate(struct ksmbd_work *work)
1000 struct ksmbd_conn *conn = work->conn;
1001 struct smb2_negotiate_req *req = work->request_buf;
1002 struct smb2_negotiate_rsp *rsp = work->response_buf;
1006 ksmbd_debug(SMB, "Received negotiate request\n");
1007 conn->need_neg = false;
1008 if (ksmbd_conn_good(work)) {
1009 pr_err("conn->tcp_status is already in CifsGood State\n");
1010 work->send_no_response = 1;
1014 if (req->DialectCount == 0) {
1015 pr_err("malformed packet\n");
1016 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
1021 conn->cli_cap = le32_to_cpu(req->Capabilities);
1022 switch (conn->dialect) {
1023 case SMB311_PROT_ID:
1024 conn->preauth_info =
1025 kzalloc(sizeof(struct preauth_integrity_info),
1027 if (!conn->preauth_info) {
1029 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
1033 status = deassemble_neg_contexts(conn, req);
1034 if (status != STATUS_SUCCESS) {
1035 pr_err("deassemble_neg_contexts error(0x%x)\n",
1037 rsp->hdr.Status = status;
1042 rc = init_smb3_11_server(conn);
1044 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
1048 ksmbd_gen_preauth_integrity_hash(conn,
1050 conn->preauth_info->Preauth_HashValue);
1051 rsp->NegotiateContextOffset =
1052 cpu_to_le32(OFFSET_OF_NEG_CONTEXT);
1053 assemble_neg_contexts(conn, rsp);
1055 case SMB302_PROT_ID:
1056 init_smb3_02_server(conn);
1059 init_smb3_0_server(conn);
1062 init_smb2_1_server(conn);
1065 rc = init_smb2_0_server(conn);
1067 rsp->hdr.Status = STATUS_NOT_SUPPORTED;
1074 ksmbd_debug(SMB, "Server dialect :0x%x not supported\n",
1076 rsp->hdr.Status = STATUS_NOT_SUPPORTED;
1080 rsp->Capabilities = cpu_to_le32(conn->vals->capabilities);
1083 conn->connection_type = conn->dialect;
1085 rsp->MaxTransactSize = cpu_to_le32(conn->vals->max_trans_size);
1086 rsp->MaxReadSize = cpu_to_le32(conn->vals->max_read_size);
1087 rsp->MaxWriteSize = cpu_to_le32(conn->vals->max_write_size);
1089 if (conn->dialect > SMB20_PROT_ID) {
1090 memcpy(conn->ClientGUID, req->ClientGUID,
1091 SMB2_CLIENT_GUID_SIZE);
1092 conn->cli_sec_mode = le16_to_cpu(req->SecurityMode);
1095 rsp->StructureSize = cpu_to_le16(65);
1096 rsp->DialectRevision = cpu_to_le16(conn->dialect);
1097 /* Not setting conn guid rsp->ServerGUID, as it
1098 * not used by client for identifying server
1100 memset(rsp->ServerGUID, 0, SMB2_CLIENT_GUID_SIZE);
1102 rsp->SystemTime = cpu_to_le64(ksmbd_systime());
1103 rsp->ServerStartTime = 0;
1104 ksmbd_debug(SMB, "negotiate context offset %d, count %d\n",
1105 le32_to_cpu(rsp->NegotiateContextOffset),
1106 le16_to_cpu(rsp->NegotiateContextCount));
1108 rsp->SecurityBufferOffset = cpu_to_le16(128);
1109 rsp->SecurityBufferLength = cpu_to_le16(AUTH_GSS_LENGTH);
1110 ksmbd_copy_gss_neg_header(((char *)(&rsp->hdr) +
1111 sizeof(rsp->hdr.smb2_buf_length)) +
1112 le16_to_cpu(rsp->SecurityBufferOffset));
1113 inc_rfc1001_len(rsp, sizeof(struct smb2_negotiate_rsp) -
1114 sizeof(struct smb2_hdr) - sizeof(rsp->Buffer) +
1116 rsp->SecurityMode = SMB2_NEGOTIATE_SIGNING_ENABLED_LE;
1117 conn->use_spnego = true;
1119 if ((server_conf.signing == KSMBD_CONFIG_OPT_AUTO ||
1120 server_conf.signing == KSMBD_CONFIG_OPT_DISABLED) &&
1121 req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED_LE)
1123 else if (server_conf.signing == KSMBD_CONFIG_OPT_MANDATORY) {
1124 server_conf.enforced_signing = true;
1125 rsp->SecurityMode |= SMB2_NEGOTIATE_SIGNING_REQUIRED_LE;
1129 conn->srv_sec_mode = le16_to_cpu(rsp->SecurityMode);
1130 ksmbd_conn_set_need_negotiate(work);
1134 smb2_set_err_rsp(work);
1139 static int alloc_preauth_hash(struct ksmbd_session *sess,
1140 struct ksmbd_conn *conn)
1142 if (sess->Preauth_HashValue)
1145 sess->Preauth_HashValue = kmemdup(conn->preauth_info->Preauth_HashValue,
1146 PREAUTH_HASHVALUE_SIZE, GFP_KERNEL);
1147 if (!sess->Preauth_HashValue)
1153 static int generate_preauth_hash(struct ksmbd_work *work)
1155 struct ksmbd_conn *conn = work->conn;
1156 struct ksmbd_session *sess = work->sess;
1159 if (conn->dialect != SMB311_PROT_ID)
1162 if (conn->binding) {
1163 struct preauth_session *preauth_sess;
1165 preauth_sess = ksmbd_preauth_session_lookup(conn, sess->id);
1166 if (!preauth_sess) {
1167 preauth_sess = ksmbd_preauth_session_alloc(conn, sess->id);
1172 preauth_hash = preauth_sess->Preauth_HashValue;
1174 if (!sess->Preauth_HashValue)
1175 if (alloc_preauth_hash(sess, conn))
1177 preauth_hash = sess->Preauth_HashValue;
1180 ksmbd_gen_preauth_integrity_hash(conn, work->request_buf, preauth_hash);
1184 static int decode_negotiation_token(struct ksmbd_work *work,
1185 struct negotiate_message *negblob)
1187 struct ksmbd_conn *conn = work->conn;
1188 struct smb2_sess_setup_req *req;
1191 if (!conn->use_spnego)
1194 req = work->request_buf;
1195 sz = le16_to_cpu(req->SecurityBufferLength);
1197 if (ksmbd_decode_negTokenInit((char *)negblob, sz, conn)) {
1198 if (ksmbd_decode_negTokenTarg((char *)negblob, sz, conn)) {
1199 conn->auth_mechs |= KSMBD_AUTH_NTLMSSP;
1200 conn->preferred_auth_mech = KSMBD_AUTH_NTLMSSP;
1201 conn->use_spnego = false;
1207 static int ntlm_negotiate(struct ksmbd_work *work,
1208 struct negotiate_message *negblob)
1210 struct smb2_sess_setup_req *req = work->request_buf;
1211 struct smb2_sess_setup_rsp *rsp = work->response_buf;
1212 struct challenge_message *chgblob;
1213 unsigned char *spnego_blob = NULL;
1214 u16 spnego_blob_len;
1218 ksmbd_debug(SMB, "negotiate phase\n");
1219 sz = le16_to_cpu(req->SecurityBufferLength);
1220 rc = ksmbd_decode_ntlmssp_neg_blob(negblob, sz, work->sess);
1224 sz = le16_to_cpu(rsp->SecurityBufferOffset);
1226 (struct challenge_message *)((char *)&rsp->hdr.ProtocolId + sz);
1227 memset(chgblob, 0, sizeof(struct challenge_message));
1229 if (!work->conn->use_spnego) {
1230 sz = ksmbd_build_ntlmssp_challenge_blob(chgblob, work->sess);
1234 rsp->SecurityBufferLength = cpu_to_le16(sz);
1238 sz = sizeof(struct challenge_message);
1239 sz += (strlen(ksmbd_netbios_name()) * 2 + 1 + 4) * 6;
1241 neg_blob = kzalloc(sz, GFP_KERNEL);
1245 chgblob = (struct challenge_message *)neg_blob;
1246 sz = ksmbd_build_ntlmssp_challenge_blob(chgblob, work->sess);
1252 rc = build_spnego_ntlmssp_neg_blob(&spnego_blob, &spnego_blob_len,
1259 sz = le16_to_cpu(rsp->SecurityBufferOffset);
1260 memcpy((char *)&rsp->hdr.ProtocolId + sz, spnego_blob, spnego_blob_len);
1261 rsp->SecurityBufferLength = cpu_to_le16(spnego_blob_len);
1269 static struct authenticate_message *user_authblob(struct ksmbd_conn *conn,
1270 struct smb2_sess_setup_req *req)
1274 if (conn->use_spnego && conn->mechToken)
1275 return (struct authenticate_message *)conn->mechToken;
1277 sz = le16_to_cpu(req->SecurityBufferOffset);
1278 return (struct authenticate_message *)((char *)&req->hdr.ProtocolId
1282 static struct ksmbd_user *session_user(struct ksmbd_conn *conn,
1283 struct smb2_sess_setup_req *req)
1285 struct authenticate_message *authblob;
1286 struct ksmbd_user *user;
1290 authblob = user_authblob(conn, req);
1291 sz = le32_to_cpu(authblob->UserName.BufferOffset);
1292 name = smb_strndup_from_utf16((const char *)authblob + sz,
1293 le16_to_cpu(authblob->UserName.Length),
1297 pr_err("cannot allocate memory\n");
1301 ksmbd_debug(SMB, "session setup request for user %s\n", name);
1302 user = ksmbd_login_user(name);
1307 static int ntlm_authenticate(struct ksmbd_work *work)
1309 struct smb2_sess_setup_req *req = work->request_buf;
1310 struct smb2_sess_setup_rsp *rsp = work->response_buf;
1311 struct ksmbd_conn *conn = work->conn;
1312 struct ksmbd_session *sess = work->sess;
1313 struct channel *chann = NULL;
1314 struct ksmbd_user *user;
1318 ksmbd_debug(SMB, "authenticate phase\n");
1319 if (conn->use_spnego) {
1320 unsigned char *spnego_blob;
1321 u16 spnego_blob_len;
1323 rc = build_spnego_ntlmssp_auth_blob(&spnego_blob,
1329 sz = le16_to_cpu(rsp->SecurityBufferOffset);
1330 memcpy((char *)&rsp->hdr.ProtocolId + sz, spnego_blob, spnego_blob_len);
1331 rsp->SecurityBufferLength = cpu_to_le16(spnego_blob_len);
1333 inc_rfc1001_len(rsp, spnego_blob_len - 1);
1336 user = session_user(conn, req);
1338 ksmbd_debug(SMB, "Unknown user name or an error\n");
1339 rsp->hdr.Status = STATUS_LOGON_FAILURE;
1343 /* Check for previous session */
1344 prev_id = le64_to_cpu(req->PreviousSessionId);
1345 if (prev_id && prev_id != sess->id)
1346 destroy_previous_session(user, prev_id);
1348 if (sess->state == SMB2_SESSION_VALID) {
1350 * Reuse session if anonymous try to connect
1351 * on reauthetication.
1353 if (ksmbd_anonymous_user(user)) {
1354 ksmbd_free_user(user);
1357 ksmbd_free_user(sess->user);
1361 if (user_guest(sess->user)) {
1363 ksmbd_debug(SMB, "Guest login not allowed when signing enabled\n");
1364 rsp->hdr.Status = STATUS_LOGON_FAILURE;
1368 rsp->SessionFlags = SMB2_SESSION_FLAG_IS_GUEST_LE;
1370 struct authenticate_message *authblob;
1372 authblob = user_authblob(conn, req);
1373 sz = le16_to_cpu(req->SecurityBufferLength);
1374 rc = ksmbd_decode_ntlmssp_auth_blob(authblob, sz, sess);
1376 set_user_flag(sess->user, KSMBD_USER_FLAG_BAD_PASSWORD);
1377 ksmbd_debug(SMB, "authentication failed\n");
1378 rsp->hdr.Status = STATUS_LOGON_FAILURE;
1383 * If session state is SMB2_SESSION_VALID, We can assume
1384 * that it is reauthentication. And the user/password
1385 * has been verified, so return it here.
1387 if (sess->state == SMB2_SESSION_VALID) {
1389 goto binding_session;
1393 if ((conn->sign || server_conf.enforced_signing) ||
1394 (req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED))
1397 if (conn->vals->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION &&
1398 conn->ops->generate_encryptionkey &&
1399 !(req->Flags & SMB2_SESSION_REQ_FLAG_BINDING)) {
1400 rc = conn->ops->generate_encryptionkey(sess);
1403 "SMB3 encryption key generation failed\n");
1404 rsp->hdr.Status = STATUS_LOGON_FAILURE;
1408 rsp->SessionFlags = SMB2_SESSION_FLAG_ENCRYPT_DATA_LE;
1410 * signing is disable if encryption is enable
1418 if (conn->dialect >= SMB30_PROT_ID) {
1419 chann = lookup_chann_list(sess, conn);
1421 chann = kmalloc(sizeof(struct channel), GFP_KERNEL);
1426 INIT_LIST_HEAD(&chann->chann_list);
1427 list_add(&chann->chann_list, &sess->ksmbd_chann_list);
1431 if (conn->ops->generate_signingkey) {
1432 rc = conn->ops->generate_signingkey(sess, conn);
1434 ksmbd_debug(SMB, "SMB3 signing key generation failed\n");
1435 rsp->hdr.Status = STATUS_LOGON_FAILURE;
1440 if (conn->dialect > SMB20_PROT_ID) {
1441 if (!ksmbd_conn_lookup_dialect(conn)) {
1442 pr_err("fail to verify the dialect\n");
1443 rsp->hdr.Status = STATUS_USER_SESSION_DELETED;
1450 #ifdef CONFIG_SMB_SERVER_KERBEROS5
1451 static int krb5_authenticate(struct ksmbd_work *work)
1453 struct smb2_sess_setup_req *req = work->request_buf;
1454 struct smb2_sess_setup_rsp *rsp = work->response_buf;
1455 struct ksmbd_conn *conn = work->conn;
1456 struct ksmbd_session *sess = work->sess;
1457 char *in_blob, *out_blob;
1458 struct channel *chann = NULL;
1460 int in_len, out_len;
1463 in_blob = (char *)&req->hdr.ProtocolId +
1464 le16_to_cpu(req->SecurityBufferOffset);
1465 in_len = le16_to_cpu(req->SecurityBufferLength);
1466 out_blob = (char *)&rsp->hdr.ProtocolId +
1467 le16_to_cpu(rsp->SecurityBufferOffset);
1468 out_len = work->response_sz -
1469 offsetof(struct smb2_hdr, smb2_buf_length) -
1470 le16_to_cpu(rsp->SecurityBufferOffset);
1472 /* Check previous session */
1473 prev_sess_id = le64_to_cpu(req->PreviousSessionId);
1474 if (prev_sess_id && prev_sess_id != sess->id)
1475 destroy_previous_session(sess->user, prev_sess_id);
1477 if (sess->state == SMB2_SESSION_VALID)
1478 ksmbd_free_user(sess->user);
1480 retval = ksmbd_krb5_authenticate(sess, in_blob, in_len,
1481 out_blob, &out_len);
1483 ksmbd_debug(SMB, "krb5 authentication failed\n");
1484 rsp->hdr.Status = STATUS_LOGON_FAILURE;
1487 rsp->SecurityBufferLength = cpu_to_le16(out_len);
1488 inc_rfc1001_len(rsp, out_len - 1);
1490 if ((conn->sign || server_conf.enforced_signing) ||
1491 (req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED))
1494 if ((conn->vals->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION) &&
1495 conn->ops->generate_encryptionkey) {
1496 retval = conn->ops->generate_encryptionkey(sess);
1499 "SMB3 encryption key generation failed\n");
1500 rsp->hdr.Status = STATUS_LOGON_FAILURE;
1504 rsp->SessionFlags = SMB2_SESSION_FLAG_ENCRYPT_DATA_LE;
1508 if (conn->dialect >= SMB30_PROT_ID) {
1509 chann = lookup_chann_list(sess, conn);
1511 chann = kmalloc(sizeof(struct channel), GFP_KERNEL);
1516 INIT_LIST_HEAD(&chann->chann_list);
1517 list_add(&chann->chann_list, &sess->ksmbd_chann_list);
1521 if (conn->ops->generate_signingkey) {
1522 retval = conn->ops->generate_signingkey(sess, conn);
1524 ksmbd_debug(SMB, "SMB3 signing key generation failed\n");
1525 rsp->hdr.Status = STATUS_LOGON_FAILURE;
1530 if (conn->dialect > SMB20_PROT_ID) {
1531 if (!ksmbd_conn_lookup_dialect(conn)) {
1532 pr_err("fail to verify the dialect\n");
1533 rsp->hdr.Status = STATUS_USER_SESSION_DELETED;
1540 static int krb5_authenticate(struct ksmbd_work *work)
1546 int smb2_sess_setup(struct ksmbd_work *work)
1548 struct ksmbd_conn *conn = work->conn;
1549 struct smb2_sess_setup_req *req = work->request_buf;
1550 struct smb2_sess_setup_rsp *rsp = work->response_buf;
1551 struct ksmbd_session *sess;
1552 struct negotiate_message *negblob;
1555 ksmbd_debug(SMB, "Received request for session setup\n");
1557 rsp->StructureSize = cpu_to_le16(9);
1558 rsp->SessionFlags = 0;
1559 rsp->SecurityBufferOffset = cpu_to_le16(72);
1560 rsp->SecurityBufferLength = 0;
1561 inc_rfc1001_len(rsp, 9);
1563 if (!req->hdr.SessionId) {
1564 sess = ksmbd_smb2_session_create();
1569 rsp->hdr.SessionId = cpu_to_le64(sess->id);
1570 ksmbd_session_register(conn, sess);
1571 } else if (conn->dialect >= SMB30_PROT_ID &&
1572 (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL) &&
1573 req->Flags & SMB2_SESSION_REQ_FLAG_BINDING) {
1574 u64 sess_id = le64_to_cpu(req->hdr.SessionId);
1576 sess = ksmbd_session_lookup_slowpath(sess_id);
1582 if (conn->dialect != sess->conn->dialect) {
1587 if (!(req->hdr.Flags & SMB2_FLAGS_SIGNED)) {
1592 if (strncmp(conn->ClientGUID, sess->conn->ClientGUID,
1593 SMB2_CLIENT_GUID_SIZE)) {
1598 if (sess->state == SMB2_SESSION_IN_PROGRESS) {
1603 if (sess->state == SMB2_SESSION_EXPIRED) {
1608 if (ksmbd_session_lookup(conn, sess_id)) {
1613 conn->binding = true;
1614 } else if ((conn->dialect < SMB30_PROT_ID ||
1615 server_conf.flags & KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL) &&
1616 (req->Flags & SMB2_SESSION_REQ_FLAG_BINDING)) {
1620 sess = ksmbd_session_lookup(conn,
1621 le64_to_cpu(req->hdr.SessionId));
1629 if (sess->state == SMB2_SESSION_EXPIRED)
1630 sess->state = SMB2_SESSION_IN_PROGRESS;
1632 negblob = (struct negotiate_message *)((char *)&req->hdr.ProtocolId +
1633 le16_to_cpu(req->SecurityBufferOffset));
1635 if (decode_negotiation_token(work, negblob) == 0) {
1636 if (conn->mechToken)
1637 negblob = (struct negotiate_message *)conn->mechToken;
1640 if (server_conf.auth_mechs & conn->auth_mechs) {
1641 rc = generate_preauth_hash(work);
1645 if (conn->preferred_auth_mech &
1646 (KSMBD_AUTH_KRB5 | KSMBD_AUTH_MSKRB5)) {
1647 rc = krb5_authenticate(work);
1653 ksmbd_conn_set_good(work);
1654 sess->state = SMB2_SESSION_VALID;
1655 kfree(sess->Preauth_HashValue);
1656 sess->Preauth_HashValue = NULL;
1657 } else if (conn->preferred_auth_mech == KSMBD_AUTH_NTLMSSP) {
1658 if (negblob->MessageType == NtLmNegotiate) {
1659 rc = ntlm_negotiate(work, negblob);
1663 STATUS_MORE_PROCESSING_REQUIRED;
1665 * Note: here total size -1 is done as an
1666 * adjustment for 0 size blob
1668 inc_rfc1001_len(rsp, le16_to_cpu(rsp->SecurityBufferLength) - 1);
1670 } else if (negblob->MessageType == NtLmAuthenticate) {
1671 rc = ntlm_authenticate(work);
1675 ksmbd_conn_set_good(work);
1676 sess->state = SMB2_SESSION_VALID;
1677 if (conn->binding) {
1678 struct preauth_session *preauth_sess;
1681 ksmbd_preauth_session_lookup(conn, sess->id);
1683 list_del(&preauth_sess->preauth_entry);
1684 kfree(preauth_sess);
1687 kfree(sess->Preauth_HashValue);
1688 sess->Preauth_HashValue = NULL;
1691 /* TODO: need one more negotiation */
1692 pr_err("Not support the preferred authentication\n");
1696 pr_err("Not support authentication\n");
1702 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
1703 else if (rc == -ENOENT)
1704 rsp->hdr.Status = STATUS_USER_SESSION_DELETED;
1705 else if (rc == -EACCES)
1706 rsp->hdr.Status = STATUS_REQUEST_NOT_ACCEPTED;
1707 else if (rc == -EFAULT)
1708 rsp->hdr.Status = STATUS_NETWORK_SESSION_EXPIRED;
1710 rsp->hdr.Status = STATUS_LOGON_FAILURE;
1712 if (conn->use_spnego && conn->mechToken) {
1713 kfree(conn->mechToken);
1714 conn->mechToken = NULL;
1717 if (rc < 0 && sess) {
1718 ksmbd_session_destroy(sess);
1726 * smb2_tree_connect() - handler for smb2 tree connect command
1727 * @work: smb work containing smb request buffer
1729 * Return: 0 on success, otherwise error
1731 int smb2_tree_connect(struct ksmbd_work *work)
1733 struct ksmbd_conn *conn = work->conn;
1734 struct smb2_tree_connect_req *req = work->request_buf;
1735 struct smb2_tree_connect_rsp *rsp = work->response_buf;
1736 struct ksmbd_session *sess = work->sess;
1737 char *treename = NULL, *name = NULL;
1738 struct ksmbd_tree_conn_status status;
1739 struct ksmbd_share_config *share;
1742 treename = smb_strndup_from_utf16(req->Buffer,
1743 le16_to_cpu(req->PathLength), true,
1745 if (IS_ERR(treename)) {
1746 pr_err("treename is NULL\n");
1747 status.ret = KSMBD_TREE_CONN_STATUS_ERROR;
1751 name = ksmbd_extract_sharename(treename);
1753 status.ret = KSMBD_TREE_CONN_STATUS_ERROR;
1757 ksmbd_debug(SMB, "tree connect request for tree %s treename %s\n",
1760 status = ksmbd_tree_conn_connect(sess, name);
1761 if (status.ret == KSMBD_TREE_CONN_STATUS_OK)
1762 rsp->hdr.Id.SyncId.TreeId = cpu_to_le32(status.tree_conn->id);
1766 share = status.tree_conn->share_conf;
1767 if (test_share_config_flag(share, KSMBD_SHARE_FLAG_PIPE)) {
1768 ksmbd_debug(SMB, "IPC share path request\n");
1769 rsp->ShareType = SMB2_SHARE_TYPE_PIPE;
1770 rsp->MaximalAccess = FILE_READ_DATA_LE | FILE_READ_EA_LE |
1771 FILE_EXECUTE_LE | FILE_READ_ATTRIBUTES_LE |
1772 FILE_DELETE_LE | FILE_READ_CONTROL_LE |
1773 FILE_WRITE_DAC_LE | FILE_WRITE_OWNER_LE |
1774 FILE_SYNCHRONIZE_LE;
1776 rsp->ShareType = SMB2_SHARE_TYPE_DISK;
1777 rsp->MaximalAccess = FILE_READ_DATA_LE | FILE_READ_EA_LE |
1778 FILE_EXECUTE_LE | FILE_READ_ATTRIBUTES_LE;
1779 if (test_tree_conn_flag(status.tree_conn,
1780 KSMBD_TREE_CONN_FLAG_WRITABLE)) {
1781 rsp->MaximalAccess |= FILE_WRITE_DATA_LE |
1782 FILE_APPEND_DATA_LE | FILE_WRITE_EA_LE |
1783 FILE_DELETE_LE | FILE_WRITE_ATTRIBUTES_LE |
1784 FILE_DELETE_CHILD_LE | FILE_READ_CONTROL_LE |
1785 FILE_WRITE_DAC_LE | FILE_WRITE_OWNER_LE |
1786 FILE_SYNCHRONIZE_LE;
1790 status.tree_conn->maximal_access = le32_to_cpu(rsp->MaximalAccess);
1791 if (conn->posix_ext_supported)
1792 status.tree_conn->posix_extensions = true;
1795 rsp->StructureSize = cpu_to_le16(16);
1796 rsp->Capabilities = 0;
1798 /* default manual caching */
1799 rsp->ShareFlags = SMB2_SHAREFLAG_MANUAL_CACHING;
1800 inc_rfc1001_len(rsp, 16);
1802 if (!IS_ERR(treename))
1807 switch (status.ret) {
1808 case KSMBD_TREE_CONN_STATUS_OK:
1809 rsp->hdr.Status = STATUS_SUCCESS;
1812 case KSMBD_TREE_CONN_STATUS_NO_SHARE:
1813 rsp->hdr.Status = STATUS_BAD_NETWORK_PATH;
1816 case KSMBD_TREE_CONN_STATUS_NOMEM:
1817 rsp->hdr.Status = STATUS_NO_MEMORY;
1819 case KSMBD_TREE_CONN_STATUS_ERROR:
1820 case KSMBD_TREE_CONN_STATUS_TOO_MANY_CONNS:
1821 case KSMBD_TREE_CONN_STATUS_TOO_MANY_SESSIONS:
1822 rsp->hdr.Status = STATUS_ACCESS_DENIED;
1825 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
1828 rsp->hdr.Status = STATUS_ACCESS_DENIED;
1835 * smb2_create_open_flags() - convert smb open flags to unix open flags
1836 * @file_present: is file already present
1837 * @access: file access flags
1838 * @disposition: file disposition flags
1840 * Return: file open flags
1842 static int smb2_create_open_flags(bool file_present, __le32 access,
1845 int oflags = O_NONBLOCK | O_LARGEFILE;
1847 if (access & FILE_READ_DESIRED_ACCESS_LE &&
1848 access & FILE_WRITE_DESIRE_ACCESS_LE)
1850 else if (access & FILE_WRITE_DESIRE_ACCESS_LE)
1855 if (access == FILE_READ_ATTRIBUTES_LE)
1859 switch (disposition & FILE_CREATE_MASK_LE) {
1861 case FILE_CREATE_LE:
1863 case FILE_SUPERSEDE_LE:
1864 case FILE_OVERWRITE_LE:
1865 case FILE_OVERWRITE_IF_LE:
1872 switch (disposition & FILE_CREATE_MASK_LE) {
1873 case FILE_SUPERSEDE_LE:
1874 case FILE_CREATE_LE:
1875 case FILE_OPEN_IF_LE:
1876 case FILE_OVERWRITE_IF_LE:
1880 case FILE_OVERWRITE_LE:
1891 * smb2_tree_disconnect() - handler for smb tree connect request
1892 * @work: smb work containing request buffer
1896 int smb2_tree_disconnect(struct ksmbd_work *work)
1898 struct smb2_tree_disconnect_rsp *rsp = work->response_buf;
1899 struct ksmbd_session *sess = work->sess;
1900 struct ksmbd_tree_connect *tcon = work->tcon;
1902 rsp->StructureSize = cpu_to_le16(4);
1903 inc_rfc1001_len(rsp, 4);
1905 ksmbd_debug(SMB, "request\n");
1908 struct smb2_tree_disconnect_req *req = work->request_buf;
1910 ksmbd_debug(SMB, "Invalid tid %d\n", req->hdr.Id.SyncId.TreeId);
1911 rsp->hdr.Status = STATUS_NETWORK_NAME_DELETED;
1912 smb2_set_err_rsp(work);
1916 ksmbd_close_tree_conn_fds(work);
1917 ksmbd_tree_conn_disconnect(sess, tcon);
1922 * smb2_session_logoff() - handler for session log off request
1923 * @work: smb work containing request buffer
1927 int smb2_session_logoff(struct ksmbd_work *work)
1929 struct ksmbd_conn *conn = work->conn;
1930 struct smb2_logoff_rsp *rsp = work->response_buf;
1931 struct ksmbd_session *sess = work->sess;
1933 rsp->StructureSize = cpu_to_le16(4);
1934 inc_rfc1001_len(rsp, 4);
1936 ksmbd_debug(SMB, "request\n");
1938 /* Got a valid session, set connection state */
1939 WARN_ON(sess->conn != conn);
1941 /* setting CifsExiting here may race with start_tcp_sess */
1942 ksmbd_conn_set_need_reconnect(work);
1943 ksmbd_close_session_fds(work);
1944 ksmbd_conn_wait_idle(conn);
1946 if (ksmbd_tree_conn_session_logoff(sess)) {
1947 struct smb2_logoff_req *req = work->request_buf;
1949 ksmbd_debug(SMB, "Invalid tid %d\n", req->hdr.Id.SyncId.TreeId);
1950 rsp->hdr.Status = STATUS_NETWORK_NAME_DELETED;
1951 smb2_set_err_rsp(work);
1955 ksmbd_destroy_file_table(&sess->file_table);
1956 sess->state = SMB2_SESSION_EXPIRED;
1958 ksmbd_free_user(sess->user);
1961 /* let start_tcp_sess free connection info now */
1962 ksmbd_conn_set_need_negotiate(work);
1967 * create_smb2_pipe() - create IPC pipe
1968 * @work: smb work containing request buffer
1970 * Return: 0 on success, otherwise error
1972 static noinline int create_smb2_pipe(struct ksmbd_work *work)
1974 struct smb2_create_rsp *rsp = work->response_buf;
1975 struct smb2_create_req *req = work->request_buf;
1980 name = smb_strndup_from_utf16(req->Buffer, le16_to_cpu(req->NameLength),
1981 1, work->conn->local_nls);
1983 rsp->hdr.Status = STATUS_NO_MEMORY;
1984 err = PTR_ERR(name);
1988 id = ksmbd_session_rpc_open(work->sess, name);
1990 pr_err("Unable to open RPC pipe: %d\n", id);
1995 rsp->hdr.Status = STATUS_SUCCESS;
1996 rsp->StructureSize = cpu_to_le16(89);
1997 rsp->OplockLevel = SMB2_OPLOCK_LEVEL_NONE;
1999 rsp->CreateAction = cpu_to_le32(FILE_OPENED);
2001 rsp->CreationTime = cpu_to_le64(0);
2002 rsp->LastAccessTime = cpu_to_le64(0);
2003 rsp->ChangeTime = cpu_to_le64(0);
2004 rsp->AllocationSize = cpu_to_le64(0);
2005 rsp->EndofFile = cpu_to_le64(0);
2006 rsp->FileAttributes = ATTR_NORMAL_LE;
2008 rsp->VolatileFileId = cpu_to_le64(id);
2009 rsp->PersistentFileId = 0;
2010 rsp->CreateContextsOffset = 0;
2011 rsp->CreateContextsLength = 0;
2013 inc_rfc1001_len(rsp, 88); /* StructureSize - 1*/
2020 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
2024 rsp->hdr.Status = STATUS_NO_MEMORY;
2031 smb2_set_err_rsp(work);
2036 * smb2_set_ea() - handler for setting extended attributes using set
2038 * @eabuf: set info command buffer
2039 * @path: dentry path for get ea
2041 * Return: 0 on success, otherwise error
2043 static int smb2_set_ea(struct smb2_ea_info *eabuf, struct path *path)
2045 char *attr_name = NULL, *value;
2049 attr_name = kmalloc(XATTR_NAME_MAX + 1, GFP_KERNEL);
2054 if (!eabuf->EaNameLength)
2058 "name : <%s>, name_len : %u, value_len : %u, next : %u\n",
2059 eabuf->name, eabuf->EaNameLength,
2060 le16_to_cpu(eabuf->EaValueLength),
2061 le32_to_cpu(eabuf->NextEntryOffset));
2063 if (eabuf->EaNameLength >
2064 (XATTR_NAME_MAX - XATTR_USER_PREFIX_LEN)) {
2069 memcpy(attr_name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN);
2070 memcpy(&attr_name[XATTR_USER_PREFIX_LEN], eabuf->name,
2071 eabuf->EaNameLength);
2072 attr_name[XATTR_USER_PREFIX_LEN + eabuf->EaNameLength] = '\0';
2073 value = (char *)&eabuf->name + eabuf->EaNameLength + 1;
2075 if (!eabuf->EaValueLength) {
2076 rc = ksmbd_vfs_casexattr_len(path->dentry,
2078 XATTR_USER_PREFIX_LEN +
2079 eabuf->EaNameLength);
2081 /* delete the EA only when it exits */
2083 rc = ksmbd_vfs_remove_xattr(path->dentry,
2088 "remove xattr failed(%d)\n",
2094 /* if the EA doesn't exist, just do nothing. */
2097 rc = ksmbd_vfs_setxattr(path->dentry, attr_name, value,
2098 le16_to_cpu(eabuf->EaValueLength), 0);
2101 "ksmbd_vfs_setxattr is failed(%d)\n",
2108 next = le32_to_cpu(eabuf->NextEntryOffset);
2109 eabuf = (struct smb2_ea_info *)((char *)eabuf + next);
2110 } while (next != 0);
2116 static inline int check_context_err(void *ctx, char *str)
2121 ksmbd_debug(SMB, "find context %s err %d\n", str, err);
2123 if (err == -EINVAL) {
2124 pr_err("bad name length\n");
2131 static noinline int smb2_set_stream_name_xattr(struct path *path,
2132 struct ksmbd_file *fp,
2133 char *stream_name, int s_type)
2135 size_t xattr_stream_size;
2136 char *xattr_stream_name;
2139 rc = ksmbd_vfs_xattr_stream_name(stream_name,
2146 fp->stream.name = xattr_stream_name;
2147 fp->stream.size = xattr_stream_size;
2149 /* Check if there is stream prefix in xattr space */
2150 rc = ksmbd_vfs_casexattr_len(path->dentry,
2156 if (fp->cdoption == FILE_OPEN_LE) {
2157 ksmbd_debug(SMB, "XATTR stream name lookup failed: %d\n", rc);
2161 rc = ksmbd_vfs_setxattr(path->dentry, xattr_stream_name, NULL, 0, 0);
2163 pr_err("Failed to store XATTR stream name :%d\n", rc);
2167 static int smb2_remove_smb_xattrs(struct dentry *dentry)
2169 char *name, *xattr_list = NULL;
2170 ssize_t xattr_list_len;
2173 xattr_list_len = ksmbd_vfs_listxattr(dentry, &xattr_list);
2174 if (xattr_list_len < 0) {
2176 } else if (!xattr_list_len) {
2177 ksmbd_debug(SMB, "empty xattr in the file\n");
2181 for (name = xattr_list; name - xattr_list < xattr_list_len;
2182 name += strlen(name) + 1) {
2183 ksmbd_debug(SMB, "%s, len %zd\n", name, strlen(name));
2185 if (strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN) &&
2186 strncmp(&name[XATTR_USER_PREFIX_LEN], DOS_ATTRIBUTE_PREFIX,
2187 DOS_ATTRIBUTE_PREFIX_LEN) &&
2188 strncmp(&name[XATTR_USER_PREFIX_LEN], STREAM_PREFIX, STREAM_PREFIX_LEN))
2191 err = ksmbd_vfs_remove_xattr(dentry, name);
2193 ksmbd_debug(SMB, "remove xattr failed : %s\n", name);
2200 static int smb2_create_truncate(struct path *path)
2202 int rc = vfs_truncate(path, 0);
2205 pr_err("vfs_truncate failed, rc %d\n", rc);
2209 rc = smb2_remove_smb_xattrs(path->dentry);
2210 if (rc == -EOPNOTSUPP)
2214 "ksmbd_truncate_stream_name_xattr failed, rc %d\n",
2219 static void smb2_new_xattrs(struct ksmbd_tree_connect *tcon, struct path *path,
2220 struct ksmbd_file *fp)
2222 struct xattr_dos_attrib da = {0};
2225 if (!test_share_config_flag(tcon->share_conf,
2226 KSMBD_SHARE_FLAG_STORE_DOS_ATTRS))
2230 da.attr = le32_to_cpu(fp->f_ci->m_fattr);
2231 da.itime = da.create_time = fp->create_time;
2232 da.flags = XATTR_DOSINFO_ATTRIB | XATTR_DOSINFO_CREATE_TIME |
2233 XATTR_DOSINFO_ITIME;
2235 rc = ksmbd_vfs_set_dos_attrib_xattr(path->dentry, &da);
2237 ksmbd_debug(SMB, "failed to store file attribute into xattr\n");
2240 static void smb2_update_xattrs(struct ksmbd_tree_connect *tcon,
2241 struct path *path, struct ksmbd_file *fp)
2243 struct xattr_dos_attrib da;
2246 fp->f_ci->m_fattr &= ~(ATTR_HIDDEN_LE | ATTR_SYSTEM_LE);
2248 /* get FileAttributes from XATTR_NAME_DOS_ATTRIBUTE */
2249 if (!test_share_config_flag(tcon->share_conf,
2250 KSMBD_SHARE_FLAG_STORE_DOS_ATTRS))
2253 rc = ksmbd_vfs_get_dos_attrib_xattr(path->dentry, &da);
2255 fp->f_ci->m_fattr = cpu_to_le32(da.attr);
2256 fp->create_time = da.create_time;
2257 fp->itime = da.itime;
2261 static int smb2_creat(struct ksmbd_work *work, struct path *path, char *name,
2262 int open_flags, umode_t posix_mode, bool is_dir)
2264 struct ksmbd_tree_connect *tcon = work->tcon;
2265 struct ksmbd_share_config *share = tcon->share_conf;
2269 if (!(open_flags & O_CREAT))
2272 ksmbd_debug(SMB, "file does not exist, so creating\n");
2273 if (is_dir == true) {
2274 ksmbd_debug(SMB, "creating directory\n");
2276 mode = share_config_directory_mode(share, posix_mode);
2277 rc = ksmbd_vfs_mkdir(work, name, mode);
2281 ksmbd_debug(SMB, "creating regular file\n");
2283 mode = share_config_create_mode(share, posix_mode);
2284 rc = ksmbd_vfs_create(work, name, mode);
2289 rc = ksmbd_vfs_kern_path(name, 0, path, 0);
2291 pr_err("cannot get linux path (%s), err = %d\n",
2298 static int smb2_create_sd_buffer(struct ksmbd_work *work,
2299 struct smb2_create_req *req,
2300 struct dentry *dentry)
2302 struct create_context *context;
2305 if (!req->CreateContextsOffset)
2308 /* Parse SD BUFFER create contexts */
2309 context = smb2_find_context_vals(req, SMB2_CREATE_SD_BUFFER);
2310 if (context && !IS_ERR(context)) {
2311 struct create_sd_buf_req *sd_buf;
2314 "Set ACLs using SMB2_CREATE_SD_BUFFER context\n");
2315 sd_buf = (struct create_sd_buf_req *)context;
2316 rc = set_info_sec(work->conn, work->tcon, dentry, &sd_buf->ntsd,
2317 le32_to_cpu(sd_buf->ccontext.DataLength), true);
2323 static void ksmbd_acls_fattr(struct smb_fattr *fattr, struct inode *inode)
2325 fattr->cf_uid = inode->i_uid;
2326 fattr->cf_gid = inode->i_gid;
2327 fattr->cf_mode = inode->i_mode;
2328 fattr->cf_dacls = NULL;
2330 fattr->cf_acls = get_acl(inode, ACL_TYPE_ACCESS);
2331 if (S_ISDIR(inode->i_mode))
2332 fattr->cf_dacls = get_acl(inode, ACL_TYPE_DEFAULT);
2336 * smb2_open() - handler for smb file open request
2337 * @work: smb work containing request buffer
2339 * Return: 0 on success, otherwise error
2341 int smb2_open(struct ksmbd_work *work)
2343 struct ksmbd_conn *conn = work->conn;
2344 struct ksmbd_session *sess = work->sess;
2345 struct ksmbd_tree_connect *tcon = work->tcon;
2346 struct smb2_create_req *req;
2347 struct smb2_create_rsp *rsp, *rsp_org;
2349 struct ksmbd_share_config *share = tcon->share_conf;
2350 struct ksmbd_file *fp = NULL;
2351 struct file *filp = NULL;
2353 struct create_context *context;
2354 struct lease_ctx_info *lc = NULL;
2355 struct create_ea_buf_req *ea_buf = NULL;
2356 struct oplock_info *opinfo;
2357 __le32 *next_ptr = NULL;
2358 int req_op_level = 0, open_flags = 0, file_info = 0;
2359 int rc = 0, len = 0;
2360 int contxt_cnt = 0, query_disk_id = 0;
2361 int maximal_access_ctxt = 0, posix_ctxt = 0;
2365 char *stream_name = NULL;
2366 bool file_present = false, created = false, already_permitted = false;
2367 int share_ret, need_truncate = 0;
2369 umode_t posix_mode = 0;
2370 __le32 daccess, maximal_access = 0;
2372 rsp_org = work->response_buf;
2373 WORK_BUFFERS(work, req, rsp);
2375 if (req->hdr.NextCommand && !work->next_smb2_rcv_hdr_off &&
2376 (req->hdr.Flags & SMB2_FLAGS_RELATED_OPERATIONS)) {
2377 ksmbd_debug(SMB, "invalid flag in chained command\n");
2378 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
2379 smb2_set_err_rsp(work);
2383 if (test_share_config_flag(share, KSMBD_SHARE_FLAG_PIPE)) {
2384 ksmbd_debug(SMB, "IPC pipe create request\n");
2385 return create_smb2_pipe(work);
2388 if (req->NameLength) {
2389 if ((req->CreateOptions & FILE_DIRECTORY_FILE_LE) &&
2390 *(char *)req->Buffer == '\\') {
2391 pr_err("not allow directory name included leading slash\n");
2396 name = smb2_get_name(share,
2398 le16_to_cpu(req->NameLength),
2399 work->conn->local_nls);
2407 ksmbd_debug(SMB, "converted name = %s\n", name);
2408 if (strchr(name, ':')) {
2409 if (!test_share_config_flag(work->tcon->share_conf,
2410 KSMBD_SHARE_FLAG_STREAMS)) {
2414 rc = parse_stream_name(name, &stream_name, &s_type);
2419 rc = ksmbd_validate_filename(name);
2423 if (ksmbd_share_veto_filename(share, name)) {
2425 ksmbd_debug(SMB, "Reject open(), vetoed file: %s\n",
2430 len = strlen(share->path);
2431 ksmbd_debug(SMB, "share path len %d\n", len);
2432 name = kmalloc(len + 1, GFP_KERNEL);
2434 rsp->hdr.Status = STATUS_NO_MEMORY;
2439 memcpy(name, share->path, len);
2440 *(name + len) = '\0';
2443 req_op_level = req->RequestedOplockLevel;
2444 if (req_op_level == SMB2_OPLOCK_LEVEL_LEASE)
2445 lc = parse_lease_state(req);
2447 if (le32_to_cpu(req->ImpersonationLevel) > le32_to_cpu(IL_DELEGATE_LE)) {
2448 pr_err("Invalid impersonationlevel : 0x%x\n",
2449 le32_to_cpu(req->ImpersonationLevel));
2451 rsp->hdr.Status = STATUS_BAD_IMPERSONATION_LEVEL;
2455 if (req->CreateOptions && !(req->CreateOptions & CREATE_OPTIONS_MASK)) {
2456 pr_err("Invalid create options : 0x%x\n",
2457 le32_to_cpu(req->CreateOptions));
2461 if (req->CreateOptions & FILE_SEQUENTIAL_ONLY_LE &&
2462 req->CreateOptions & FILE_RANDOM_ACCESS_LE)
2463 req->CreateOptions = ~(FILE_SEQUENTIAL_ONLY_LE);
2465 if (req->CreateOptions &
2466 (FILE_OPEN_BY_FILE_ID_LE | CREATE_TREE_CONNECTION |
2467 FILE_RESERVE_OPFILTER_LE)) {
2472 if (req->CreateOptions & FILE_DIRECTORY_FILE_LE) {
2473 if (req->CreateOptions & FILE_NON_DIRECTORY_FILE_LE) {
2476 } else if (req->CreateOptions & FILE_NO_COMPRESSION_LE) {
2477 req->CreateOptions = ~(FILE_NO_COMPRESSION_LE);
2482 if (le32_to_cpu(req->CreateDisposition) >
2483 le32_to_cpu(FILE_OVERWRITE_IF_LE)) {
2484 pr_err("Invalid create disposition : 0x%x\n",
2485 le32_to_cpu(req->CreateDisposition));
2490 if (!(req->DesiredAccess & DESIRED_ACCESS_MASK)) {
2491 pr_err("Invalid desired access : 0x%x\n",
2492 le32_to_cpu(req->DesiredAccess));
2497 if (req->FileAttributes && !(req->FileAttributes & ATTR_MASK_LE)) {
2498 pr_err("Invalid file attribute : 0x%x\n",
2499 le32_to_cpu(req->FileAttributes));
2504 if (req->CreateContextsOffset) {
2505 /* Parse non-durable handle create contexts */
2506 context = smb2_find_context_vals(req, SMB2_CREATE_EA_BUFFER);
2507 if (IS_ERR(context)) {
2508 rc = check_context_err(context, SMB2_CREATE_EA_BUFFER);
2512 ea_buf = (struct create_ea_buf_req *)context;
2513 if (req->CreateOptions & FILE_NO_EA_KNOWLEDGE_LE) {
2514 rsp->hdr.Status = STATUS_ACCESS_DENIED;
2520 context = smb2_find_context_vals(req,
2521 SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST);
2522 if (IS_ERR(context)) {
2523 rc = check_context_err(context,
2524 SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST);
2529 "get query maximal access context\n");
2530 maximal_access_ctxt = 1;
2533 context = smb2_find_context_vals(req,
2534 SMB2_CREATE_TIMEWARP_REQUEST);
2535 if (IS_ERR(context)) {
2536 rc = check_context_err(context,
2537 SMB2_CREATE_TIMEWARP_REQUEST);
2541 ksmbd_debug(SMB, "get timewarp context\n");
2546 if (tcon->posix_extensions) {
2547 context = smb2_find_context_vals(req,
2548 SMB2_CREATE_TAG_POSIX);
2549 if (IS_ERR(context)) {
2550 rc = check_context_err(context,
2551 SMB2_CREATE_TAG_POSIX);
2555 struct create_posix *posix =
2556 (struct create_posix *)context;
2557 ksmbd_debug(SMB, "get posix context\n");
2559 posix_mode = le32_to_cpu(posix->Mode);
2565 if (ksmbd_override_fsids(work)) {
2570 if (req->CreateOptions & FILE_DELETE_ON_CLOSE_LE) {
2572 * On delete request, instead of following up, need to
2573 * look the current entity
2575 rc = ksmbd_vfs_kern_path(name, 0, &path, 1);
2578 * If file exists with under flags, return access
2581 if (req->CreateDisposition == FILE_OVERWRITE_IF_LE ||
2582 req->CreateDisposition == FILE_OPEN_IF_LE) {
2588 if (!test_tree_conn_flag(tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) {
2590 "User does not have write permission\n");
2597 if (test_share_config_flag(work->tcon->share_conf,
2598 KSMBD_SHARE_FLAG_FOLLOW_SYMLINKS)) {
2600 * Use LOOKUP_FOLLOW to follow the path of
2601 * symlink in path buildup
2603 rc = ksmbd_vfs_kern_path(name, LOOKUP_FOLLOW, &path, 1);
2604 if (rc) { /* Case for broken link ?*/
2605 rc = ksmbd_vfs_kern_path(name, 0, &path, 1);
2608 rc = ksmbd_vfs_kern_path(name, 0, &path, 1);
2609 if (!rc && d_is_symlink(path.dentry)) {
2618 if (rc == -EACCES) {
2620 "User does not have right permission\n");
2623 ksmbd_debug(SMB, "can not get linux path for %s, rc = %d\n",
2627 file_present = true;
2628 generic_fillattr(&init_user_ns, d_inode(path.dentry), &stat);
2631 if (req->CreateOptions & FILE_DIRECTORY_FILE_LE) {
2632 if (s_type == DATA_STREAM) {
2634 rsp->hdr.Status = STATUS_NOT_A_DIRECTORY;
2637 if (S_ISDIR(stat.mode) && s_type == DATA_STREAM) {
2639 rsp->hdr.Status = STATUS_FILE_IS_A_DIRECTORY;
2643 if (req->CreateOptions & FILE_DIRECTORY_FILE_LE &&
2644 req->FileAttributes & ATTR_NORMAL_LE) {
2645 rsp->hdr.Status = STATUS_NOT_A_DIRECTORY;
2653 if (file_present && req->CreateOptions & FILE_NON_DIRECTORY_FILE_LE &&
2654 S_ISDIR(stat.mode) && !(req->CreateOptions & FILE_DELETE_ON_CLOSE_LE)) {
2655 ksmbd_debug(SMB, "open() argument is a directory: %s, %x\n",
2656 name, req->CreateOptions);
2657 rsp->hdr.Status = STATUS_FILE_IS_A_DIRECTORY;
2662 if (file_present && (req->CreateOptions & FILE_DIRECTORY_FILE_LE) &&
2663 !(req->CreateDisposition == FILE_CREATE_LE) &&
2664 !S_ISDIR(stat.mode)) {
2665 rsp->hdr.Status = STATUS_NOT_A_DIRECTORY;
2670 if (!stream_name && file_present &&
2671 req->CreateDisposition == FILE_CREATE_LE) {
2676 daccess = smb_map_generic_desired_access(req->DesiredAccess);
2678 if (file_present && !(req->CreateOptions & FILE_DELETE_ON_CLOSE_LE)) {
2679 rc = smb_check_perm_dacl(conn, path.dentry, &daccess,
2685 if (daccess & FILE_MAXIMAL_ACCESS_LE) {
2686 if (!file_present) {
2687 daccess = cpu_to_le32(GENERIC_ALL_FLAGS);
2689 rc = ksmbd_vfs_query_maximal_access(path.dentry,
2693 already_permitted = true;
2695 maximal_access = daccess;
2698 open_flags = smb2_create_open_flags(file_present, daccess,
2699 req->CreateDisposition);
2701 if (!test_tree_conn_flag(tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) {
2702 if (open_flags & O_CREAT) {
2704 "User does not have write permission\n");
2710 /*create file if not present */
2711 if (!file_present) {
2712 rc = smb2_creat(work, &path, name, open_flags, posix_mode,
2713 req->CreateOptions & FILE_DIRECTORY_FILE_LE);
2719 rc = smb2_set_ea(&ea_buf->ea, &path);
2720 if (rc == -EOPNOTSUPP)
2725 } else if (!already_permitted) {
2728 may_delete = daccess & FILE_DELETE_LE ||
2729 req->CreateOptions & FILE_DELETE_ON_CLOSE_LE;
2731 /* FILE_READ_ATTRIBUTE is allowed without inode_permission,
2732 * because execute(search) permission on a parent directory,
2733 * is already granted.
2735 if (daccess & ~(FILE_READ_ATTRIBUTES_LE | FILE_READ_CONTROL_LE)) {
2736 rc = ksmbd_vfs_inode_permission(path.dentry,
2737 open_flags & O_ACCMODE,
2744 rc = ksmbd_query_inode_status(d_inode(path.dentry->d_parent));
2745 if (rc == KSMBD_INODE_STATUS_PENDING_DELETE) {
2751 filp = dentry_open(&path, open_flags, current_cred());
2754 pr_err("dentry open for dir failed, rc %d\n", rc);
2759 if (!(open_flags & O_TRUNC))
2760 file_info = FILE_OPENED;
2762 file_info = FILE_OVERWRITTEN;
2764 if ((req->CreateDisposition & FILE_CREATE_MASK_LE) ==
2766 file_info = FILE_SUPERSEDED;
2767 } else if (open_flags & O_CREAT) {
2768 file_info = FILE_CREATED;
2771 ksmbd_vfs_set_fadvise(filp, req->CreateOptions);
2773 /* Obtain Volatile-ID */
2774 fp = ksmbd_open_fd(work, filp);
2782 /* Get Persistent-ID */
2783 ksmbd_open_durable_fd(fp);
2784 if (!HAS_FILE_ID(fp->persistent_id)) {
2789 fp->filename = name;
2790 fp->cdoption = req->CreateDisposition;
2791 fp->daccess = daccess;
2792 fp->saccess = req->ShareAccess;
2793 fp->coption = req->CreateOptions;
2795 /* Set default windows and posix acls if creating new file */
2798 struct inode *inode = d_inode(path.dentry);
2800 posix_acl_rc = ksmbd_vfs_inherit_posix_acl(inode, d_inode(path.dentry->d_parent));
2802 ksmbd_debug(SMB, "inherit posix acl failed : %d\n", posix_acl_rc);
2804 if (test_share_config_flag(work->tcon->share_conf,
2805 KSMBD_SHARE_FLAG_ACL_XATTR)) {
2806 rc = smb_inherit_dacl(conn, path.dentry, sess->user->uid,
2811 rc = smb2_create_sd_buffer(work, req, path.dentry);
2814 ksmbd_vfs_set_init_posix_acl(inode);
2816 if (test_share_config_flag(work->tcon->share_conf,
2817 KSMBD_SHARE_FLAG_ACL_XATTR)) {
2818 struct smb_fattr fattr;
2819 struct smb_ntsd *pntsd;
2820 int pntsd_size, ace_num = 0;
2822 ksmbd_acls_fattr(&fattr, inode);
2824 ace_num = fattr.cf_acls->a_count;
2826 ace_num += fattr.cf_dacls->a_count;
2828 pntsd = kmalloc(sizeof(struct smb_ntsd) +
2829 sizeof(struct smb_sid) * 3 +
2830 sizeof(struct smb_acl) +
2831 sizeof(struct smb_ace) * ace_num * 2,
2836 rc = build_sec_desc(pntsd, NULL,
2840 &pntsd_size, &fattr);
2841 posix_acl_release(fattr.cf_acls);
2842 posix_acl_release(fattr.cf_dacls);
2844 rc = ksmbd_vfs_set_sd_xattr(conn,
2850 pr_err("failed to store ntacl in xattr : %d\n",
2859 rc = smb2_set_stream_name_xattr(&path,
2865 file_info = FILE_CREATED;
2868 fp->attrib_only = !(req->DesiredAccess & ~(FILE_READ_ATTRIBUTES_LE |
2869 FILE_WRITE_ATTRIBUTES_LE | FILE_SYNCHRONIZE_LE));
2870 if (!S_ISDIR(file_inode(filp)->i_mode) && open_flags & O_TRUNC &&
2871 !fp->attrib_only && !stream_name) {
2872 smb_break_all_oplock(work, fp);
2876 /* fp should be searchable through ksmbd_inode.m_fp_list
2877 * after daccess, saccess, attrib_only, and stream are
2880 write_lock(&fp->f_ci->m_lock);
2881 list_add(&fp->node, &fp->f_ci->m_fp_list);
2882 write_unlock(&fp->f_ci->m_lock);
2884 rc = ksmbd_vfs_getattr(&path, &stat);
2886 generic_fillattr(&init_user_ns, d_inode(path.dentry), &stat);
2890 /* Check delete pending among previous fp before oplock break */
2891 if (ksmbd_inode_pending_delete(fp)) {
2896 share_ret = ksmbd_smb_check_shared_mode(fp->filp, fp);
2897 if (!test_share_config_flag(work->tcon->share_conf, KSMBD_SHARE_FLAG_OPLOCKS) ||
2898 (req_op_level == SMB2_OPLOCK_LEVEL_LEASE &&
2899 !(conn->vals->capabilities & SMB2_GLOBAL_CAP_LEASING))) {
2900 if (share_ret < 0 && !S_ISDIR(FP_INODE(fp)->i_mode)) {
2905 if (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) {
2906 req_op_level = smb2_map_lease_to_oplock(lc->req_state);
2908 "lease req for(%s) req oplock state 0x%x, lease state 0x%x\n",
2909 name, req_op_level, lc->req_state);
2910 rc = find_same_lease_key(sess, fp->f_ci, lc);
2913 } else if (open_flags == O_RDONLY &&
2914 (req_op_level == SMB2_OPLOCK_LEVEL_BATCH ||
2915 req_op_level == SMB2_OPLOCK_LEVEL_EXCLUSIVE))
2916 req_op_level = SMB2_OPLOCK_LEVEL_II;
2918 rc = smb_grant_oplock(work, req_op_level,
2919 fp->persistent_id, fp,
2920 le32_to_cpu(req->hdr.Id.SyncId.TreeId),
2926 if (req->CreateOptions & FILE_DELETE_ON_CLOSE_LE)
2927 ksmbd_fd_set_delete_on_close(fp, file_info);
2929 if (need_truncate) {
2930 rc = smb2_create_truncate(&path);
2935 if (req->CreateContextsOffset) {
2936 struct create_alloc_size_req *az_req;
2938 az_req = (struct create_alloc_size_req *)smb2_find_context_vals(req,
2939 SMB2_CREATE_ALLOCATION_SIZE);
2940 if (IS_ERR(az_req)) {
2941 rc = check_context_err(az_req,
2942 SMB2_CREATE_ALLOCATION_SIZE);
2946 loff_t alloc_size = le64_to_cpu(az_req->AllocationSize);
2950 "request smb2 create allocate size : %llu\n",
2952 smb_break_all_levII_oplock(work, fp, 1);
2953 err = vfs_fallocate(fp->filp, FALLOC_FL_KEEP_SIZE, 0,
2957 "vfs_fallocate is failed : %d\n",
2961 context = smb2_find_context_vals(req, SMB2_CREATE_QUERY_ON_DISK_ID);
2962 if (IS_ERR(context)) {
2963 rc = check_context_err(context, SMB2_CREATE_QUERY_ON_DISK_ID);
2967 ksmbd_debug(SMB, "get query on disk id context\n");
2972 if (stat.result_mask & STATX_BTIME)
2973 fp->create_time = ksmbd_UnixTimeToNT(stat.btime);
2975 fp->create_time = ksmbd_UnixTimeToNT(stat.ctime);
2976 if (req->FileAttributes || fp->f_ci->m_fattr == 0)
2978 cpu_to_le32(smb2_get_dos_mode(&stat, le32_to_cpu(req->FileAttributes)));
2981 smb2_update_xattrs(tcon, &path, fp);
2983 smb2_new_xattrs(tcon, &path, fp);
2985 memcpy(fp->client_guid, conn->ClientGUID, SMB2_CLIENT_GUID_SIZE);
2987 generic_fillattr(&init_user_ns, FP_INODE(fp), &stat);
2989 rsp->StructureSize = cpu_to_le16(89);
2991 opinfo = rcu_dereference(fp->f_opinfo);
2992 rsp->OplockLevel = opinfo != NULL ? opinfo->level : 0;
2995 rsp->CreateAction = cpu_to_le32(file_info);
2996 rsp->CreationTime = cpu_to_le64(fp->create_time);
2997 time = ksmbd_UnixTimeToNT(stat.atime);
2998 rsp->LastAccessTime = cpu_to_le64(time);
2999 time = ksmbd_UnixTimeToNT(stat.mtime);
3000 rsp->LastWriteTime = cpu_to_le64(time);
3001 time = ksmbd_UnixTimeToNT(stat.ctime);
3002 rsp->ChangeTime = cpu_to_le64(time);
3003 rsp->AllocationSize = S_ISDIR(stat.mode) ? 0 :
3004 cpu_to_le64(stat.blocks << 9);
3005 rsp->EndofFile = S_ISDIR(stat.mode) ? 0 : cpu_to_le64(stat.size);
3006 rsp->FileAttributes = fp->f_ci->m_fattr;
3010 rsp->PersistentFileId = cpu_to_le64(fp->persistent_id);
3011 rsp->VolatileFileId = cpu_to_le64(fp->volatile_id);
3013 rsp->CreateContextsOffset = 0;
3014 rsp->CreateContextsLength = 0;
3015 inc_rfc1001_len(rsp_org, 88); /* StructureSize - 1*/
3017 /* If lease is request send lease context response */
3018 if (opinfo && opinfo->is_lease) {
3019 struct create_context *lease_ccontext;
3021 ksmbd_debug(SMB, "lease granted on(%s) lease state 0x%x\n",
3022 name, opinfo->o_lease->state);
3023 rsp->OplockLevel = SMB2_OPLOCK_LEVEL_LEASE;
3025 lease_ccontext = (struct create_context *)rsp->Buffer;
3027 create_lease_buf(rsp->Buffer, opinfo->o_lease);
3028 le32_add_cpu(&rsp->CreateContextsLength,
3029 conn->vals->create_lease_size);
3030 inc_rfc1001_len(rsp_org, conn->vals->create_lease_size);
3031 next_ptr = &lease_ccontext->Next;
3032 next_off = conn->vals->create_lease_size;
3035 if (maximal_access_ctxt) {
3036 struct create_context *mxac_ccontext;
3038 if (maximal_access == 0)
3039 ksmbd_vfs_query_maximal_access(path.dentry,
3041 mxac_ccontext = (struct create_context *)(rsp->Buffer +
3042 le32_to_cpu(rsp->CreateContextsLength));
3044 create_mxac_rsp_buf(rsp->Buffer +
3045 le32_to_cpu(rsp->CreateContextsLength),
3046 le32_to_cpu(maximal_access));
3047 le32_add_cpu(&rsp->CreateContextsLength,
3048 conn->vals->create_mxac_size);
3049 inc_rfc1001_len(rsp_org, conn->vals->create_mxac_size);
3051 *next_ptr = cpu_to_le32(next_off);
3052 next_ptr = &mxac_ccontext->Next;
3053 next_off = conn->vals->create_mxac_size;
3056 if (query_disk_id) {
3057 struct create_context *disk_id_ccontext;
3059 disk_id_ccontext = (struct create_context *)(rsp->Buffer +
3060 le32_to_cpu(rsp->CreateContextsLength));
3062 create_disk_id_rsp_buf(rsp->Buffer +
3063 le32_to_cpu(rsp->CreateContextsLength),
3064 stat.ino, tcon->id);
3065 le32_add_cpu(&rsp->CreateContextsLength,
3066 conn->vals->create_disk_id_size);
3067 inc_rfc1001_len(rsp_org, conn->vals->create_disk_id_size);
3069 *next_ptr = cpu_to_le32(next_off);
3070 next_ptr = &disk_id_ccontext->Next;
3071 next_off = conn->vals->create_disk_id_size;
3076 create_posix_rsp_buf(rsp->Buffer +
3077 le32_to_cpu(rsp->CreateContextsLength),
3079 le32_add_cpu(&rsp->CreateContextsLength,
3080 conn->vals->create_posix_size);
3081 inc_rfc1001_len(rsp_org, conn->vals->create_posix_size);
3083 *next_ptr = cpu_to_le32(next_off);
3086 if (contxt_cnt > 0) {
3087 rsp->CreateContextsOffset =
3088 cpu_to_le32(offsetof(struct smb2_create_rsp, Buffer)
3093 if (file_present || created)
3095 ksmbd_revert_fsids(work);
3099 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
3100 else if (rc == -EOPNOTSUPP)
3101 rsp->hdr.Status = STATUS_NOT_SUPPORTED;
3102 else if (rc == -EACCES || rc == -ESTALE)
3103 rsp->hdr.Status = STATUS_ACCESS_DENIED;
3104 else if (rc == -ENOENT)
3105 rsp->hdr.Status = STATUS_OBJECT_NAME_INVALID;
3106 else if (rc == -EPERM)
3107 rsp->hdr.Status = STATUS_SHARING_VIOLATION;
3108 else if (rc == -EBUSY)
3109 rsp->hdr.Status = STATUS_DELETE_PENDING;
3110 else if (rc == -EBADF)
3111 rsp->hdr.Status = STATUS_OBJECT_NAME_NOT_FOUND;
3112 else if (rc == -ENOEXEC)
3113 rsp->hdr.Status = STATUS_DUPLICATE_OBJECTID;
3114 else if (rc == -ENXIO)
3115 rsp->hdr.Status = STATUS_NO_SUCH_DEVICE;
3116 else if (rc == -EEXIST)
3117 rsp->hdr.Status = STATUS_OBJECT_NAME_COLLISION;
3118 else if (rc == -EMFILE)
3119 rsp->hdr.Status = STATUS_INSUFFICIENT_RESOURCES;
3120 if (!rsp->hdr.Status)
3121 rsp->hdr.Status = STATUS_UNEXPECTED_IO_ERROR;
3123 if (!fp || !fp->filename)
3126 ksmbd_fd_put(work, fp);
3127 smb2_set_err_rsp(work);
3128 ksmbd_debug(SMB, "Error response: %x\n", rsp->hdr.Status);
3136 static int readdir_info_level_struct_sz(int info_level)
3138 switch (info_level) {
3139 case FILE_FULL_DIRECTORY_INFORMATION:
3140 return sizeof(struct file_full_directory_info);
3141 case FILE_BOTH_DIRECTORY_INFORMATION:
3142 return sizeof(struct file_both_directory_info);
3143 case FILE_DIRECTORY_INFORMATION:
3144 return sizeof(struct file_directory_info);
3145 case FILE_NAMES_INFORMATION:
3146 return sizeof(struct file_names_info);
3147 case FILEID_FULL_DIRECTORY_INFORMATION:
3148 return sizeof(struct file_id_full_dir_info);
3149 case FILEID_BOTH_DIRECTORY_INFORMATION:
3150 return sizeof(struct file_id_both_directory_info);
3151 case SMB_FIND_FILE_POSIX_INFO:
3152 return sizeof(struct smb2_posix_info);
3158 static int dentry_name(struct ksmbd_dir_info *d_info, int info_level)
3160 switch (info_level) {
3161 case FILE_FULL_DIRECTORY_INFORMATION:
3163 struct file_full_directory_info *ffdinfo;
3165 ffdinfo = (struct file_full_directory_info *)d_info->rptr;
3166 d_info->rptr += le32_to_cpu(ffdinfo->NextEntryOffset);
3167 d_info->name = ffdinfo->FileName;
3168 d_info->name_len = le32_to_cpu(ffdinfo->FileNameLength);
3171 case FILE_BOTH_DIRECTORY_INFORMATION:
3173 struct file_both_directory_info *fbdinfo;
3175 fbdinfo = (struct file_both_directory_info *)d_info->rptr;
3176 d_info->rptr += le32_to_cpu(fbdinfo->NextEntryOffset);
3177 d_info->name = fbdinfo->FileName;
3178 d_info->name_len = le32_to_cpu(fbdinfo->FileNameLength);
3181 case FILE_DIRECTORY_INFORMATION:
3183 struct file_directory_info *fdinfo;
3185 fdinfo = (struct file_directory_info *)d_info->rptr;
3186 d_info->rptr += le32_to_cpu(fdinfo->NextEntryOffset);
3187 d_info->name = fdinfo->FileName;
3188 d_info->name_len = le32_to_cpu(fdinfo->FileNameLength);
3191 case FILE_NAMES_INFORMATION:
3193 struct file_names_info *fninfo;
3195 fninfo = (struct file_names_info *)d_info->rptr;
3196 d_info->rptr += le32_to_cpu(fninfo->NextEntryOffset);
3197 d_info->name = fninfo->FileName;
3198 d_info->name_len = le32_to_cpu(fninfo->FileNameLength);
3201 case FILEID_FULL_DIRECTORY_INFORMATION:
3203 struct file_id_full_dir_info *dinfo;
3205 dinfo = (struct file_id_full_dir_info *)d_info->rptr;
3206 d_info->rptr += le32_to_cpu(dinfo->NextEntryOffset);
3207 d_info->name = dinfo->FileName;
3208 d_info->name_len = le32_to_cpu(dinfo->FileNameLength);
3211 case FILEID_BOTH_DIRECTORY_INFORMATION:
3213 struct file_id_both_directory_info *fibdinfo;
3215 fibdinfo = (struct file_id_both_directory_info *)d_info->rptr;
3216 d_info->rptr += le32_to_cpu(fibdinfo->NextEntryOffset);
3217 d_info->name = fibdinfo->FileName;
3218 d_info->name_len = le32_to_cpu(fibdinfo->FileNameLength);
3221 case SMB_FIND_FILE_POSIX_INFO:
3223 struct smb2_posix_info *posix_info;
3225 posix_info = (struct smb2_posix_info *)d_info->rptr;
3226 d_info->rptr += le32_to_cpu(posix_info->NextEntryOffset);
3227 d_info->name = posix_info->name;
3228 d_info->name_len = le32_to_cpu(posix_info->name_len);
3237 * smb2_populate_readdir_entry() - encode directory entry in smb2 response
3239 * @conn: connection instance
3240 * @info_level: smb information level
3241 * @d_info: structure included variables for query dir
3242 * @ksmbd_kstat: ksmbd wrapper of dirent stat information
3244 * if directory has many entries, find first can't read it fully.
3245 * find next might be called multiple times to read remaining dir entries
3247 * Return: 0 on success, otherwise error
3249 static int smb2_populate_readdir_entry(struct ksmbd_conn *conn, int info_level,
3250 struct ksmbd_dir_info *d_info,
3251 struct ksmbd_kstat *ksmbd_kstat)
3253 int next_entry_offset = 0;
3259 conv_name = ksmbd_convert_dir_info_name(d_info,
3265 /* Somehow the name has only terminating NULL bytes */
3271 struct_sz = readdir_info_level_struct_sz(info_level);
3272 next_entry_offset = ALIGN(struct_sz - 1 + conv_len,
3273 KSMBD_DIR_INFO_ALIGNMENT);
3275 if (next_entry_offset > d_info->out_buf_len) {
3276 d_info->out_buf_len = 0;
3280 kstat = d_info->wptr;
3281 if (info_level != FILE_NAMES_INFORMATION)
3282 kstat = ksmbd_vfs_init_kstat(&d_info->wptr, ksmbd_kstat);
3284 switch (info_level) {
3285 case FILE_FULL_DIRECTORY_INFORMATION:
3287 struct file_full_directory_info *ffdinfo;
3289 ffdinfo = (struct file_full_directory_info *)kstat;
3290 ffdinfo->FileNameLength = cpu_to_le32(conv_len);
3292 smb2_get_reparse_tag_special_file(ksmbd_kstat->kstat->mode);
3293 if (ffdinfo->EaSize)
3294 ffdinfo->ExtFileAttributes = ATTR_REPARSE_POINT_LE;
3295 if (d_info->hide_dot_file && d_info->name[0] == '.')
3296 ffdinfo->ExtFileAttributes |= ATTR_HIDDEN_LE;
3297 memcpy(ffdinfo->FileName, conv_name, conv_len);
3298 ffdinfo->NextEntryOffset = cpu_to_le32(next_entry_offset);
3301 case FILE_BOTH_DIRECTORY_INFORMATION:
3303 struct file_both_directory_info *fbdinfo;
3305 fbdinfo = (struct file_both_directory_info *)kstat;
3306 fbdinfo->FileNameLength = cpu_to_le32(conv_len);
3308 smb2_get_reparse_tag_special_file(ksmbd_kstat->kstat->mode);
3309 if (fbdinfo->EaSize)
3310 fbdinfo->ExtFileAttributes = ATTR_REPARSE_POINT_LE;
3311 fbdinfo->ShortNameLength = 0;
3312 fbdinfo->Reserved = 0;
3313 if (d_info->hide_dot_file && d_info->name[0] == '.')
3314 fbdinfo->ExtFileAttributes |= ATTR_HIDDEN_LE;
3315 memcpy(fbdinfo->FileName, conv_name, conv_len);
3316 fbdinfo->NextEntryOffset = cpu_to_le32(next_entry_offset);
3319 case FILE_DIRECTORY_INFORMATION:
3321 struct file_directory_info *fdinfo;
3323 fdinfo = (struct file_directory_info *)kstat;
3324 fdinfo->FileNameLength = cpu_to_le32(conv_len);
3325 if (d_info->hide_dot_file && d_info->name[0] == '.')
3326 fdinfo->ExtFileAttributes |= ATTR_HIDDEN_LE;
3327 memcpy(fdinfo->FileName, conv_name, conv_len);
3328 fdinfo->NextEntryOffset = cpu_to_le32(next_entry_offset);
3331 case FILE_NAMES_INFORMATION:
3333 struct file_names_info *fninfo;
3335 fninfo = (struct file_names_info *)kstat;
3336 fninfo->FileNameLength = cpu_to_le32(conv_len);
3337 memcpy(fninfo->FileName, conv_name, conv_len);
3338 fninfo->NextEntryOffset = cpu_to_le32(next_entry_offset);
3341 case FILEID_FULL_DIRECTORY_INFORMATION:
3343 struct file_id_full_dir_info *dinfo;
3345 dinfo = (struct file_id_full_dir_info *)kstat;
3346 dinfo->FileNameLength = cpu_to_le32(conv_len);
3348 smb2_get_reparse_tag_special_file(ksmbd_kstat->kstat->mode);
3350 dinfo->ExtFileAttributes = ATTR_REPARSE_POINT_LE;
3351 dinfo->Reserved = 0;
3352 dinfo->UniqueId = cpu_to_le64(ksmbd_kstat->kstat->ino);
3353 if (d_info->hide_dot_file && d_info->name[0] == '.')
3354 dinfo->ExtFileAttributes |= ATTR_HIDDEN_LE;
3355 memcpy(dinfo->FileName, conv_name, conv_len);
3356 dinfo->NextEntryOffset = cpu_to_le32(next_entry_offset);
3359 case FILEID_BOTH_DIRECTORY_INFORMATION:
3361 struct file_id_both_directory_info *fibdinfo;
3363 fibdinfo = (struct file_id_both_directory_info *)kstat;
3364 fibdinfo->FileNameLength = cpu_to_le32(conv_len);
3366 smb2_get_reparse_tag_special_file(ksmbd_kstat->kstat->mode);
3367 if (fibdinfo->EaSize)
3368 fibdinfo->ExtFileAttributes = ATTR_REPARSE_POINT_LE;
3369 fibdinfo->UniqueId = cpu_to_le64(ksmbd_kstat->kstat->ino);
3370 fibdinfo->ShortNameLength = 0;
3371 fibdinfo->Reserved = 0;
3372 fibdinfo->Reserved2 = cpu_to_le16(0);
3373 if (d_info->hide_dot_file && d_info->name[0] == '.')
3374 fibdinfo->ExtFileAttributes |= ATTR_HIDDEN_LE;
3375 memcpy(fibdinfo->FileName, conv_name, conv_len);
3376 fibdinfo->NextEntryOffset = cpu_to_le32(next_entry_offset);
3379 case SMB_FIND_FILE_POSIX_INFO:
3381 struct smb2_posix_info *posix_info;
3384 posix_info = (struct smb2_posix_info *)kstat;
3385 posix_info->Ignored = 0;
3386 posix_info->CreationTime = cpu_to_le64(ksmbd_kstat->create_time);
3387 time = ksmbd_UnixTimeToNT(ksmbd_kstat->kstat->ctime);
3388 posix_info->ChangeTime = cpu_to_le64(time);
3389 time = ksmbd_UnixTimeToNT(ksmbd_kstat->kstat->atime);
3390 posix_info->LastAccessTime = cpu_to_le64(time);
3391 time = ksmbd_UnixTimeToNT(ksmbd_kstat->kstat->mtime);
3392 posix_info->LastWriteTime = cpu_to_le64(time);
3393 posix_info->EndOfFile = cpu_to_le64(ksmbd_kstat->kstat->size);
3394 posix_info->AllocationSize = cpu_to_le64(ksmbd_kstat->kstat->blocks << 9);
3395 posix_info->DeviceId = cpu_to_le32(ksmbd_kstat->kstat->rdev);
3396 posix_info->HardLinks = cpu_to_le32(ksmbd_kstat->kstat->nlink);
3397 posix_info->Mode = cpu_to_le32(ksmbd_kstat->kstat->mode);
3398 posix_info->Inode = cpu_to_le64(ksmbd_kstat->kstat->ino);
3399 posix_info->DosAttributes =
3400 S_ISDIR(ksmbd_kstat->kstat->mode) ? ATTR_DIRECTORY_LE : ATTR_ARCHIVE_LE;
3401 if (d_info->hide_dot_file && d_info->name[0] == '.')
3402 posix_info->DosAttributes |= ATTR_HIDDEN_LE;
3403 id_to_sid(from_kuid(&init_user_ns, ksmbd_kstat->kstat->uid),
3404 SIDNFS_USER, (struct smb_sid *)&posix_info->SidBuffer[0]);
3405 id_to_sid(from_kgid(&init_user_ns, ksmbd_kstat->kstat->gid),
3406 SIDNFS_GROUP, (struct smb_sid *)&posix_info->SidBuffer[20]);
3407 memcpy(posix_info->name, conv_name, conv_len);
3408 posix_info->name_len = cpu_to_le32(conv_len);
3409 posix_info->NextEntryOffset = cpu_to_le32(next_entry_offset);
3413 } /* switch (info_level) */
3415 d_info->last_entry_offset = d_info->data_count;
3416 d_info->data_count += next_entry_offset;
3417 d_info->out_buf_len -= next_entry_offset;
3418 d_info->wptr += next_entry_offset;
3422 "info_level : %d, buf_len :%d, next_offset : %d, data_count : %d\n",
3423 info_level, d_info->out_buf_len,
3424 next_entry_offset, d_info->data_count);
3429 struct smb2_query_dir_private {
3430 struct ksmbd_work *work;
3431 char *search_pattern;
3432 struct ksmbd_file *dir_fp;
3434 struct ksmbd_dir_info *d_info;
3438 static void lock_dir(struct ksmbd_file *dir_fp)
3440 struct dentry *dir = dir_fp->filp->f_path.dentry;
3442 inode_lock_nested(d_inode(dir), I_MUTEX_PARENT);
3445 static void unlock_dir(struct ksmbd_file *dir_fp)
3447 struct dentry *dir = dir_fp->filp->f_path.dentry;
3449 inode_unlock(d_inode(dir));
3452 static int process_query_dir_entries(struct smb2_query_dir_private *priv)
3455 struct ksmbd_kstat ksmbd_kstat;
3459 for (i = 0; i < priv->d_info->num_entry; i++) {
3460 struct dentry *dent;
3462 if (dentry_name(priv->d_info, priv->info_level))
3465 lock_dir(priv->dir_fp);
3466 dent = lookup_one_len(priv->d_info->name,
3467 priv->dir_fp->filp->f_path.dentry,
3468 priv->d_info->name_len);
3469 unlock_dir(priv->dir_fp);
3472 ksmbd_debug(SMB, "Cannot lookup `%s' [%ld]\n",
3477 if (unlikely(d_is_negative(dent))) {
3479 ksmbd_debug(SMB, "Negative dentry `%s'\n",
3480 priv->d_info->name);
3484 ksmbd_kstat.kstat = &kstat;
3485 if (priv->info_level != FILE_NAMES_INFORMATION)
3486 ksmbd_vfs_fill_dentry_attrs(priv->work,
3490 rc = smb2_populate_readdir_entry(priv->work->conn,
3501 static int reserve_populate_dentry(struct ksmbd_dir_info *d_info,
3506 int next_entry_offset;
3508 struct_sz = readdir_info_level_struct_sz(info_level);
3509 if (struct_sz == -EOPNOTSUPP)
3512 conv_len = (d_info->name_len + 1) * 2;
3513 next_entry_offset = ALIGN(struct_sz - 1 + conv_len,
3514 KSMBD_DIR_INFO_ALIGNMENT);
3516 if (next_entry_offset > d_info->out_buf_len) {
3517 d_info->out_buf_len = 0;
3521 switch (info_level) {
3522 case FILE_FULL_DIRECTORY_INFORMATION:
3524 struct file_full_directory_info *ffdinfo;
3526 ffdinfo = (struct file_full_directory_info *)d_info->wptr;
3527 memcpy(ffdinfo->FileName, d_info->name, d_info->name_len);
3528 ffdinfo->FileName[d_info->name_len] = 0x00;
3529 ffdinfo->FileNameLength = cpu_to_le32(d_info->name_len);
3530 ffdinfo->NextEntryOffset = cpu_to_le32(next_entry_offset);
3533 case FILE_BOTH_DIRECTORY_INFORMATION:
3535 struct file_both_directory_info *fbdinfo;
3537 fbdinfo = (struct file_both_directory_info *)d_info->wptr;
3538 memcpy(fbdinfo->FileName, d_info->name, d_info->name_len);
3539 fbdinfo->FileName[d_info->name_len] = 0x00;
3540 fbdinfo->FileNameLength = cpu_to_le32(d_info->name_len);
3541 fbdinfo->NextEntryOffset = cpu_to_le32(next_entry_offset);
3544 case FILE_DIRECTORY_INFORMATION:
3546 struct file_directory_info *fdinfo;
3548 fdinfo = (struct file_directory_info *)d_info->wptr;
3549 memcpy(fdinfo->FileName, d_info->name, d_info->name_len);
3550 fdinfo->FileName[d_info->name_len] = 0x00;
3551 fdinfo->FileNameLength = cpu_to_le32(d_info->name_len);
3552 fdinfo->NextEntryOffset = cpu_to_le32(next_entry_offset);
3555 case FILE_NAMES_INFORMATION:
3557 struct file_names_info *fninfo;
3559 fninfo = (struct file_names_info *)d_info->wptr;
3560 memcpy(fninfo->FileName, d_info->name, d_info->name_len);
3561 fninfo->FileName[d_info->name_len] = 0x00;
3562 fninfo->FileNameLength = cpu_to_le32(d_info->name_len);
3563 fninfo->NextEntryOffset = cpu_to_le32(next_entry_offset);
3566 case FILEID_FULL_DIRECTORY_INFORMATION:
3568 struct file_id_full_dir_info *dinfo;
3570 dinfo = (struct file_id_full_dir_info *)d_info->wptr;
3571 memcpy(dinfo->FileName, d_info->name, d_info->name_len);
3572 dinfo->FileName[d_info->name_len] = 0x00;
3573 dinfo->FileNameLength = cpu_to_le32(d_info->name_len);
3574 dinfo->NextEntryOffset = cpu_to_le32(next_entry_offset);
3577 case FILEID_BOTH_DIRECTORY_INFORMATION:
3579 struct file_id_both_directory_info *fibdinfo;
3581 fibdinfo = (struct file_id_both_directory_info *)d_info->wptr;
3582 memcpy(fibdinfo->FileName, d_info->name, d_info->name_len);
3583 fibdinfo->FileName[d_info->name_len] = 0x00;
3584 fibdinfo->FileNameLength = cpu_to_le32(d_info->name_len);
3585 fibdinfo->NextEntryOffset = cpu_to_le32(next_entry_offset);
3588 case SMB_FIND_FILE_POSIX_INFO:
3590 struct smb2_posix_info *posix_info;
3592 posix_info = (struct smb2_posix_info *)d_info->wptr;
3593 memcpy(posix_info->name, d_info->name, d_info->name_len);
3594 posix_info->name[d_info->name_len] = 0x00;
3595 posix_info->name_len = cpu_to_le32(d_info->name_len);
3596 posix_info->NextEntryOffset =
3597 cpu_to_le32(next_entry_offset);
3600 } /* switch (info_level) */
3602 d_info->num_entry++;
3603 d_info->out_buf_len -= next_entry_offset;
3604 d_info->wptr += next_entry_offset;
3608 static int __query_dir(struct dir_context *ctx, const char *name, int namlen,
3609 loff_t offset, u64 ino, unsigned int d_type)
3611 struct ksmbd_readdir_data *buf;
3612 struct smb2_query_dir_private *priv;
3613 struct ksmbd_dir_info *d_info;
3616 buf = container_of(ctx, struct ksmbd_readdir_data, ctx);
3617 priv = buf->private;
3618 d_info = priv->d_info;
3620 /* dot and dotdot entries are already reserved */
3621 if (!strcmp(".", name) || !strcmp("..", name))
3623 if (ksmbd_share_veto_filename(priv->work->tcon->share_conf, name))
3625 if (!match_pattern(name, namlen, priv->search_pattern))
3628 d_info->name = name;
3629 d_info->name_len = namlen;
3630 rc = reserve_populate_dentry(d_info, priv->info_level);
3633 if (d_info->flags & SMB2_RETURN_SINGLE_ENTRY) {
3634 d_info->out_buf_len = 0;
3640 static void restart_ctx(struct dir_context *ctx)
3645 static int verify_info_level(int info_level)
3647 switch (info_level) {
3648 case FILE_FULL_DIRECTORY_INFORMATION:
3649 case FILE_BOTH_DIRECTORY_INFORMATION:
3650 case FILE_DIRECTORY_INFORMATION:
3651 case FILE_NAMES_INFORMATION:
3652 case FILEID_FULL_DIRECTORY_INFORMATION:
3653 case FILEID_BOTH_DIRECTORY_INFORMATION:
3654 case SMB_FIND_FILE_POSIX_INFO:
3663 int smb2_query_dir(struct ksmbd_work *work)
3665 struct ksmbd_conn *conn = work->conn;
3666 struct smb2_query_directory_req *req;
3667 struct smb2_query_directory_rsp *rsp, *rsp_org;
3668 struct ksmbd_share_config *share = work->tcon->share_conf;
3669 struct ksmbd_file *dir_fp = NULL;
3670 struct ksmbd_dir_info d_info;
3672 char *srch_ptr = NULL;
3673 unsigned char srch_flag;
3675 struct smb2_query_dir_private query_dir_private = {NULL, };
3677 rsp_org = work->response_buf;
3678 WORK_BUFFERS(work, req, rsp);
3680 if (ksmbd_override_fsids(work)) {
3681 rsp->hdr.Status = STATUS_NO_MEMORY;
3682 smb2_set_err_rsp(work);
3686 rc = verify_info_level(req->FileInformationClass);
3692 dir_fp = ksmbd_lookup_fd_slow(work,
3693 le64_to_cpu(req->VolatileFileId),
3694 le64_to_cpu(req->PersistentFileId));
3700 if (!(dir_fp->daccess & FILE_LIST_DIRECTORY_LE) ||
3701 inode_permission(&init_user_ns, file_inode(dir_fp->filp),
3702 MAY_READ | MAY_EXEC)) {
3703 pr_err("no right to enumerate directory (%s)\n",
3704 FP_FILENAME(dir_fp));
3709 if (!S_ISDIR(file_inode(dir_fp->filp)->i_mode)) {
3710 pr_err("can't do query dir for a file\n");
3715 srch_flag = req->Flags;
3716 srch_ptr = smb_strndup_from_utf16(req->Buffer,
3717 le16_to_cpu(req->FileNameLength), 1,
3719 if (IS_ERR(srch_ptr)) {
3720 ksmbd_debug(SMB, "Search Pattern not found\n");
3724 ksmbd_debug(SMB, "Search pattern is %s\n", srch_ptr);
3727 ksmbd_debug(SMB, "Directory name is %s\n", dir_fp->filename);
3729 if (srch_flag & SMB2_REOPEN || srch_flag & SMB2_RESTART_SCANS) {
3730 ksmbd_debug(SMB, "Restart directory scan\n");
3731 generic_file_llseek(dir_fp->filp, 0, SEEK_SET);
3732 restart_ctx(&dir_fp->readdir_data.ctx);
3735 memset(&d_info, 0, sizeof(struct ksmbd_dir_info));
3736 d_info.wptr = (char *)rsp->Buffer;
3737 d_info.rptr = (char *)rsp->Buffer;
3738 d_info.out_buf_len = (work->response_sz - (get_rfc1002_len(rsp_org) + 4));
3739 d_info.out_buf_len = min_t(int, d_info.out_buf_len, le32_to_cpu(req->OutputBufferLength)) -
3740 sizeof(struct smb2_query_directory_rsp);
3741 d_info.flags = srch_flag;
3744 * reserve dot and dotdot entries in head of buffer
3747 rc = ksmbd_populate_dot_dotdot_entries(work, req->FileInformationClass,
3748 dir_fp, &d_info, srch_ptr,
3749 smb2_populate_readdir_entry);
3755 if (test_share_config_flag(share, KSMBD_SHARE_FLAG_HIDE_DOT_FILES))
3756 d_info.hide_dot_file = true;
3758 buffer_sz = d_info.out_buf_len;
3759 d_info.rptr = d_info.wptr;
3760 query_dir_private.work = work;
3761 query_dir_private.search_pattern = srch_ptr;
3762 query_dir_private.dir_fp = dir_fp;
3763 query_dir_private.d_info = &d_info;
3764 query_dir_private.info_level = req->FileInformationClass;
3765 dir_fp->readdir_data.private = &query_dir_private;
3766 set_ctx_actor(&dir_fp->readdir_data.ctx, __query_dir);
3768 rc = iterate_dir(dir_fp->filp, &dir_fp->readdir_data.ctx);
3770 restart_ctx(&dir_fp->readdir_data.ctx);
3776 d_info.wptr = d_info.rptr;
3777 d_info.out_buf_len = buffer_sz;
3778 rc = process_query_dir_entries(&query_dir_private);
3782 if (!d_info.data_count && d_info.out_buf_len >= 0) {
3783 if (srch_flag & SMB2_RETURN_SINGLE_ENTRY && !is_asterisk(srch_ptr)) {
3784 rsp->hdr.Status = STATUS_NO_SUCH_FILE;
3786 dir_fp->dot_dotdot[0] = dir_fp->dot_dotdot[1] = 0;
3787 rsp->hdr.Status = STATUS_NO_MORE_FILES;
3789 rsp->StructureSize = cpu_to_le16(9);
3790 rsp->OutputBufferOffset = cpu_to_le16(0);
3791 rsp->OutputBufferLength = cpu_to_le32(0);
3793 inc_rfc1001_len(rsp_org, 9);
3795 ((struct file_directory_info *)
3796 ((char *)rsp->Buffer + d_info.last_entry_offset))
3797 ->NextEntryOffset = 0;
3799 rsp->StructureSize = cpu_to_le16(9);
3800 rsp->OutputBufferOffset = cpu_to_le16(72);
3801 rsp->OutputBufferLength = cpu_to_le32(d_info.data_count);
3802 inc_rfc1001_len(rsp_org, 8 + d_info.data_count);
3806 ksmbd_fd_put(work, dir_fp);
3807 ksmbd_revert_fsids(work);
3811 pr_err("error while processing smb2 query dir rc = %d\n", rc);
3816 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
3817 else if (rc == -EACCES)
3818 rsp->hdr.Status = STATUS_ACCESS_DENIED;
3819 else if (rc == -ENOENT)
3820 rsp->hdr.Status = STATUS_NO_SUCH_FILE;
3821 else if (rc == -EBADF)
3822 rsp->hdr.Status = STATUS_FILE_CLOSED;
3823 else if (rc == -ENOMEM)
3824 rsp->hdr.Status = STATUS_NO_MEMORY;
3825 else if (rc == -EFAULT)
3826 rsp->hdr.Status = STATUS_INVALID_INFO_CLASS;
3827 if (!rsp->hdr.Status)
3828 rsp->hdr.Status = STATUS_UNEXPECTED_IO_ERROR;
3830 smb2_set_err_rsp(work);
3831 ksmbd_fd_put(work, dir_fp);
3832 ksmbd_revert_fsids(work);
3837 * buffer_check_err() - helper function to check buffer errors
3838 * @reqOutputBufferLength: max buffer length expected in command response
3839 * @rsp: query info response buffer contains output buffer length
3840 * @infoclass_size: query info class response buffer size
3842 * Return: 0 on success, otherwise error
3844 static int buffer_check_err(int reqOutputBufferLength,
3845 struct smb2_query_info_rsp *rsp, int infoclass_size)
3847 if (reqOutputBufferLength < le32_to_cpu(rsp->OutputBufferLength)) {
3848 if (reqOutputBufferLength < infoclass_size) {
3849 pr_err("Invalid Buffer Size Requested\n");
3850 rsp->hdr.Status = STATUS_INFO_LENGTH_MISMATCH;
3851 rsp->hdr.smb2_buf_length = cpu_to_be32(sizeof(struct smb2_hdr) - 4);
3855 ksmbd_debug(SMB, "Buffer Overflow\n");
3856 rsp->hdr.Status = STATUS_BUFFER_OVERFLOW;
3857 rsp->hdr.smb2_buf_length = cpu_to_be32(sizeof(struct smb2_hdr) - 4 +
3858 reqOutputBufferLength);
3859 rsp->OutputBufferLength = cpu_to_le32(reqOutputBufferLength);
3864 static void get_standard_info_pipe(struct smb2_query_info_rsp *rsp)
3866 struct smb2_file_standard_info *sinfo;
3868 sinfo = (struct smb2_file_standard_info *)rsp->Buffer;
3870 sinfo->AllocationSize = cpu_to_le64(4096);
3871 sinfo->EndOfFile = cpu_to_le64(0);
3872 sinfo->NumberOfLinks = cpu_to_le32(1);
3873 sinfo->DeletePending = 1;
3874 sinfo->Directory = 0;
3875 rsp->OutputBufferLength =
3876 cpu_to_le32(sizeof(struct smb2_file_standard_info));
3877 inc_rfc1001_len(rsp, sizeof(struct smb2_file_standard_info));
3880 static void get_internal_info_pipe(struct smb2_query_info_rsp *rsp, u64 num)
3882 struct smb2_file_internal_info *file_info;
3884 file_info = (struct smb2_file_internal_info *)rsp->Buffer;
3886 /* any unique number */
3887 file_info->IndexNumber = cpu_to_le64(num | (1ULL << 63));
3888 rsp->OutputBufferLength =
3889 cpu_to_le32(sizeof(struct smb2_file_internal_info));
3890 inc_rfc1001_len(rsp, sizeof(struct smb2_file_internal_info));
3893 static int smb2_get_info_file_pipe(struct ksmbd_session *sess,
3894 struct smb2_query_info_req *req,
3895 struct smb2_query_info_rsp *rsp)
3901 * Windows can sometime send query file info request on
3902 * pipe without opening it, checking error condition here
3904 id = le64_to_cpu(req->VolatileFileId);
3905 if (!ksmbd_session_rpc_method(sess, id))
3908 ksmbd_debug(SMB, "FileInfoClass %u, FileId 0x%llx\n",
3909 req->FileInfoClass, le64_to_cpu(req->VolatileFileId));
3911 switch (req->FileInfoClass) {
3912 case FILE_STANDARD_INFORMATION:
3913 get_standard_info_pipe(rsp);
3914 rc = buffer_check_err(le32_to_cpu(req->OutputBufferLength),
3915 rsp, FILE_STANDARD_INFORMATION_SIZE);
3917 case FILE_INTERNAL_INFORMATION:
3918 get_internal_info_pipe(rsp, id);
3919 rc = buffer_check_err(le32_to_cpu(req->OutputBufferLength),
3920 rsp, FILE_INTERNAL_INFORMATION_SIZE);
3923 ksmbd_debug(SMB, "smb2_info_file_pipe for %u not supported\n",
3924 req->FileInfoClass);
3931 * smb2_get_ea() - handler for smb2 get extended attribute command
3932 * @work: smb work containing query info command buffer
3933 * @fp: ksmbd_file pointer
3934 * @req: get extended attribute request
3935 * @rsp: response buffer pointer
3936 * @rsp_org: base response buffer pointer in case of chained response
3938 * Return: 0 on success, otherwise error
3940 static int smb2_get_ea(struct ksmbd_work *work, struct ksmbd_file *fp,
3941 struct smb2_query_info_req *req,
3942 struct smb2_query_info_rsp *rsp, void *rsp_org)
3944 struct smb2_ea_info *eainfo, *prev_eainfo;
3945 char *name, *ptr, *xattr_list = NULL, *buf;
3946 int rc, name_len, value_len, xattr_list_len, idx;
3947 ssize_t buf_free_len, alignment_bytes, next_offset, rsp_data_cnt = 0;
3948 struct smb2_ea_info_req *ea_req = NULL;
3951 if (!(fp->daccess & FILE_READ_EA_LE)) {
3952 pr_err("Not permitted to read ext attr : 0x%x\n",
3957 path = &fp->filp->f_path;
3958 /* single EA entry is requested with given user.* name */
3959 if (req->InputBufferLength) {
3960 ea_req = (struct smb2_ea_info_req *)req->Buffer;
3962 /* need to send all EAs, if no specific EA is requested*/
3963 if (le32_to_cpu(req->Flags) & SL_RETURN_SINGLE_ENTRY)
3965 "All EAs are requested but need to send single EA entry in rsp flags 0x%x\n",
3966 le32_to_cpu(req->Flags));
3969 buf_free_len = work->response_sz -
3970 (get_rfc1002_len(rsp_org) + 4) -
3971 sizeof(struct smb2_query_info_rsp);
3973 if (le32_to_cpu(req->OutputBufferLength) < buf_free_len)
3974 buf_free_len = le32_to_cpu(req->OutputBufferLength);
3976 rc = ksmbd_vfs_listxattr(path->dentry, &xattr_list);
3978 rsp->hdr.Status = STATUS_INVALID_HANDLE;
3980 } else if (!rc) { /* there is no EA in the file */
3981 ksmbd_debug(SMB, "no ea data in the file\n");
3984 xattr_list_len = rc;
3986 ptr = (char *)rsp->Buffer;
3987 eainfo = (struct smb2_ea_info *)ptr;
3988 prev_eainfo = eainfo;
3991 while (idx < xattr_list_len) {
3992 name = xattr_list + idx;
3993 name_len = strlen(name);
3995 ksmbd_debug(SMB, "%s, len %d\n", name, name_len);
3996 idx += name_len + 1;
3999 * CIFS does not support EA other than user.* namespace,
4000 * still keep the framework generic, to list other attrs
4003 if (strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN))
4006 if (!strncmp(&name[XATTR_USER_PREFIX_LEN], STREAM_PREFIX,
4010 if (req->InputBufferLength &&
4011 strncmp(&name[XATTR_USER_PREFIX_LEN], ea_req->name,
4012 ea_req->EaNameLength))
4015 if (!strncmp(&name[XATTR_USER_PREFIX_LEN],
4016 DOS_ATTRIBUTE_PREFIX, DOS_ATTRIBUTE_PREFIX_LEN))
4019 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN))
4020 name_len -= XATTR_USER_PREFIX_LEN;
4022 ptr = (char *)(&eainfo->name + name_len + 1);
4023 buf_free_len -= (offsetof(struct smb2_ea_info, name) +
4025 /* bailout if xattr can't fit in buf_free_len */
4026 value_len = ksmbd_vfs_getxattr(path->dentry, name, &buf);
4027 if (value_len <= 0) {
4029 rsp->hdr.Status = STATUS_INVALID_HANDLE;
4033 buf_free_len -= value_len;
4034 if (buf_free_len < 0) {
4039 memcpy(ptr, buf, value_len);
4044 eainfo->EaNameLength = name_len;
4046 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN))
4047 memcpy(eainfo->name, &name[XATTR_USER_PREFIX_LEN],
4050 memcpy(eainfo->name, name, name_len);
4052 eainfo->name[name_len] = '\0';
4053 eainfo->EaValueLength = cpu_to_le16(value_len);
4054 next_offset = offsetof(struct smb2_ea_info, name) +
4055 name_len + 1 + value_len;
4057 /* align next xattr entry at 4 byte bundary */
4058 alignment_bytes = ((next_offset + 3) & ~3) - next_offset;
4059 if (alignment_bytes) {
4060 memset(ptr, '\0', alignment_bytes);
4061 ptr += alignment_bytes;
4062 next_offset += alignment_bytes;
4063 buf_free_len -= alignment_bytes;
4065 eainfo->NextEntryOffset = cpu_to_le32(next_offset);
4066 prev_eainfo = eainfo;
4067 eainfo = (struct smb2_ea_info *)ptr;
4068 rsp_data_cnt += next_offset;
4070 if (req->InputBufferLength) {
4071 ksmbd_debug(SMB, "single entry requested\n");
4076 /* no more ea entries */
4077 prev_eainfo->NextEntryOffset = 0;
4080 if (rsp_data_cnt == 0)
4081 rsp->hdr.Status = STATUS_NO_EAS_ON_FILE;
4082 rsp->OutputBufferLength = cpu_to_le32(rsp_data_cnt);
4083 inc_rfc1001_len(rsp_org, rsp_data_cnt);
4089 static void get_file_access_info(struct smb2_query_info_rsp *rsp,
4090 struct ksmbd_file *fp, void *rsp_org)
4092 struct smb2_file_access_info *file_info;
4094 file_info = (struct smb2_file_access_info *)rsp->Buffer;
4095 file_info->AccessFlags = fp->daccess;
4096 rsp->OutputBufferLength =
4097 cpu_to_le32(sizeof(struct smb2_file_access_info));
4098 inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_access_info));
4101 static int get_file_basic_info(struct smb2_query_info_rsp *rsp,
4102 struct ksmbd_file *fp, void *rsp_org)
4104 struct smb2_file_all_info *basic_info;
4108 if (!(fp->daccess & FILE_READ_ATTRIBUTES_LE)) {
4109 pr_err("no right to read the attributes : 0x%x\n",
4114 basic_info = (struct smb2_file_all_info *)rsp->Buffer;
4115 generic_fillattr(&init_user_ns, FP_INODE(fp), &stat);
4116 basic_info->CreationTime = cpu_to_le64(fp->create_time);
4117 time = ksmbd_UnixTimeToNT(stat.atime);
4118 basic_info->LastAccessTime = cpu_to_le64(time);
4119 time = ksmbd_UnixTimeToNT(stat.mtime);
4120 basic_info->LastWriteTime = cpu_to_le64(time);
4121 time = ksmbd_UnixTimeToNT(stat.ctime);
4122 basic_info->ChangeTime = cpu_to_le64(time);
4123 basic_info->Attributes = fp->f_ci->m_fattr;
4124 basic_info->Pad1 = 0;
4125 rsp->OutputBufferLength =
4126 cpu_to_le32(offsetof(struct smb2_file_all_info, AllocationSize));
4127 inc_rfc1001_len(rsp_org, offsetof(struct smb2_file_all_info,
4132 static unsigned long long get_allocation_size(struct inode *inode,
4135 unsigned long long alloc_size = 0;
4137 if (!S_ISDIR(stat->mode)) {
4138 if ((inode->i_blocks << 9) <= stat->size)
4139 alloc_size = stat->size;
4141 alloc_size = inode->i_blocks << 9;
4147 static void get_file_standard_info(struct smb2_query_info_rsp *rsp,
4148 struct ksmbd_file *fp, void *rsp_org)
4150 struct smb2_file_standard_info *sinfo;
4151 unsigned int delete_pending;
4152 struct inode *inode;
4155 inode = FP_INODE(fp);
4156 generic_fillattr(&init_user_ns, inode, &stat);
4158 sinfo = (struct smb2_file_standard_info *)rsp->Buffer;
4159 delete_pending = ksmbd_inode_pending_delete(fp);
4161 sinfo->AllocationSize = cpu_to_le64(get_allocation_size(inode, &stat));
4162 sinfo->EndOfFile = S_ISDIR(stat.mode) ? 0 : cpu_to_le64(stat.size);
4163 sinfo->NumberOfLinks = cpu_to_le32(get_nlink(&stat) - delete_pending);
4164 sinfo->DeletePending = delete_pending;
4165 sinfo->Directory = S_ISDIR(stat.mode) ? 1 : 0;
4166 rsp->OutputBufferLength =
4167 cpu_to_le32(sizeof(struct smb2_file_standard_info));
4168 inc_rfc1001_len(rsp_org,
4169 sizeof(struct smb2_file_standard_info));
4172 static void get_file_alignment_info(struct smb2_query_info_rsp *rsp,
4175 struct smb2_file_alignment_info *file_info;
4177 file_info = (struct smb2_file_alignment_info *)rsp->Buffer;
4178 file_info->AlignmentRequirement = 0;
4179 rsp->OutputBufferLength =
4180 cpu_to_le32(sizeof(struct smb2_file_alignment_info));
4181 inc_rfc1001_len(rsp_org,
4182 sizeof(struct smb2_file_alignment_info));
4185 static int get_file_all_info(struct ksmbd_work *work,
4186 struct smb2_query_info_rsp *rsp,
4187 struct ksmbd_file *fp,
4190 struct ksmbd_conn *conn = work->conn;
4191 struct smb2_file_all_info *file_info;
4192 unsigned int delete_pending;
4193 struct inode *inode;
4199 if (!(fp->daccess & FILE_READ_ATTRIBUTES_LE)) {
4200 ksmbd_debug(SMB, "no right to read the attributes : 0x%x\n",
4205 filename = convert_to_nt_pathname(fp->filename,
4206 work->tcon->share_conf->path);
4210 inode = FP_INODE(fp);
4211 generic_fillattr(&init_user_ns, inode, &stat);
4213 ksmbd_debug(SMB, "filename = %s\n", filename);
4214 delete_pending = ksmbd_inode_pending_delete(fp);
4215 file_info = (struct smb2_file_all_info *)rsp->Buffer;
4217 file_info->CreationTime = cpu_to_le64(fp->create_time);
4218 time = ksmbd_UnixTimeToNT(stat.atime);
4219 file_info->LastAccessTime = cpu_to_le64(time);
4220 time = ksmbd_UnixTimeToNT(stat.mtime);
4221 file_info->LastWriteTime = cpu_to_le64(time);
4222 time = ksmbd_UnixTimeToNT(stat.ctime);
4223 file_info->ChangeTime = cpu_to_le64(time);
4224 file_info->Attributes = fp->f_ci->m_fattr;
4225 file_info->Pad1 = 0;
4226 file_info->AllocationSize =
4227 cpu_to_le64(get_allocation_size(inode, &stat));
4228 file_info->EndOfFile = S_ISDIR(stat.mode) ? 0 : cpu_to_le64(stat.size);
4229 file_info->NumberOfLinks =
4230 cpu_to_le32(get_nlink(&stat) - delete_pending);
4231 file_info->DeletePending = delete_pending;
4232 file_info->Directory = S_ISDIR(stat.mode) ? 1 : 0;
4233 file_info->Pad2 = 0;
4234 file_info->IndexNumber = cpu_to_le64(stat.ino);
4235 file_info->EASize = 0;
4236 file_info->AccessFlags = fp->daccess;
4237 file_info->CurrentByteOffset = cpu_to_le64(fp->filp->f_pos);
4238 file_info->Mode = fp->coption;
4239 file_info->AlignmentRequirement = 0;
4240 conv_len = smbConvertToUTF16((__le16 *)file_info->FileName, filename,
4241 PATH_MAX, conn->local_nls, 0);
4243 file_info->FileNameLength = cpu_to_le32(conv_len);
4244 rsp->OutputBufferLength =
4245 cpu_to_le32(sizeof(struct smb2_file_all_info) + conv_len - 1);
4247 inc_rfc1001_len(rsp_org, le32_to_cpu(rsp->OutputBufferLength));
4251 static void get_file_alternate_info(struct ksmbd_work *work,
4252 struct smb2_query_info_rsp *rsp,
4253 struct ksmbd_file *fp,
4256 struct ksmbd_conn *conn = work->conn;
4257 struct smb2_file_alt_name_info *file_info;
4261 filename = (char *)FP_FILENAME(fp);
4262 file_info = (struct smb2_file_alt_name_info *)rsp->Buffer;
4263 conv_len = ksmbd_extract_shortname(conn,
4265 file_info->FileName);
4266 file_info->FileNameLength = cpu_to_le32(conv_len);
4267 rsp->OutputBufferLength =
4268 cpu_to_le32(sizeof(struct smb2_file_alt_name_info) + conv_len);
4269 inc_rfc1001_len(rsp_org, le32_to_cpu(rsp->OutputBufferLength));
4272 static void get_file_stream_info(struct ksmbd_work *work,
4273 struct smb2_query_info_rsp *rsp,
4274 struct ksmbd_file *fp,
4277 struct ksmbd_conn *conn = work->conn;
4278 struct smb2_file_stream_info *file_info;
4279 char *stream_name, *xattr_list = NULL, *stream_buf;
4281 struct path *path = &fp->filp->f_path;
4282 ssize_t xattr_list_len;
4283 int nbytes = 0, streamlen, stream_name_len, next, idx = 0;
4285 generic_fillattr(&init_user_ns, FP_INODE(fp), &stat);
4286 file_info = (struct smb2_file_stream_info *)rsp->Buffer;
4288 xattr_list_len = ksmbd_vfs_listxattr(path->dentry, &xattr_list);
4289 if (xattr_list_len < 0) {
4291 } else if (!xattr_list_len) {
4292 ksmbd_debug(SMB, "empty xattr in the file\n");
4296 while (idx < xattr_list_len) {
4297 stream_name = xattr_list + idx;
4298 streamlen = strlen(stream_name);
4299 idx += streamlen + 1;
4301 ksmbd_debug(SMB, "%s, len %d\n", stream_name, streamlen);
4303 if (strncmp(&stream_name[XATTR_USER_PREFIX_LEN],
4304 STREAM_PREFIX, STREAM_PREFIX_LEN))
4307 stream_name_len = streamlen - (XATTR_USER_PREFIX_LEN +
4309 streamlen = stream_name_len;
4313 stream_buf = kmalloc(streamlen + 1, GFP_KERNEL);
4317 streamlen = snprintf(stream_buf, streamlen + 1,
4318 ":%s", &stream_name[XATTR_NAME_STREAM_LEN]);
4320 file_info = (struct smb2_file_stream_info *)&rsp->Buffer[nbytes];
4321 streamlen = smbConvertToUTF16((__le16 *)file_info->StreamName,
4322 stream_buf, streamlen,
4323 conn->local_nls, 0);
4326 file_info->StreamNameLength = cpu_to_le32(streamlen);
4327 file_info->StreamSize = cpu_to_le64(stream_name_len);
4328 file_info->StreamAllocationSize = cpu_to_le64(stream_name_len);
4330 next = sizeof(struct smb2_file_stream_info) + streamlen;
4332 file_info->NextEntryOffset = cpu_to_le32(next);
4336 file_info = (struct smb2_file_stream_info *)
4337 &rsp->Buffer[nbytes];
4338 streamlen = smbConvertToUTF16((__le16 *)file_info->StreamName,
4339 "::$DATA", 7, conn->local_nls, 0);
4341 file_info->StreamNameLength = cpu_to_le32(streamlen);
4342 file_info->StreamSize = S_ISDIR(stat.mode) ? 0 :
4343 cpu_to_le64(stat.size);
4344 file_info->StreamAllocationSize = S_ISDIR(stat.mode) ? 0 :
4345 cpu_to_le64(stat.size);
4346 nbytes += sizeof(struct smb2_file_stream_info) + streamlen;
4349 /* last entry offset should be 0 */
4350 file_info->NextEntryOffset = 0;
4354 rsp->OutputBufferLength = cpu_to_le32(nbytes);
4355 inc_rfc1001_len(rsp_org, nbytes);
4358 static void get_file_internal_info(struct smb2_query_info_rsp *rsp,
4359 struct ksmbd_file *fp, void *rsp_org)
4361 struct smb2_file_internal_info *file_info;
4364 generic_fillattr(&init_user_ns, FP_INODE(fp), &stat);
4365 file_info = (struct smb2_file_internal_info *)rsp->Buffer;
4366 file_info->IndexNumber = cpu_to_le64(stat.ino);
4367 rsp->OutputBufferLength =
4368 cpu_to_le32(sizeof(struct smb2_file_internal_info));
4369 inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_internal_info));
4372 static int get_file_network_open_info(struct smb2_query_info_rsp *rsp,
4373 struct ksmbd_file *fp, void *rsp_org)
4375 struct smb2_file_ntwrk_info *file_info;
4376 struct inode *inode;
4380 if (!(fp->daccess & FILE_READ_ATTRIBUTES_LE)) {
4381 pr_err("no right to read the attributes : 0x%x\n",
4386 file_info = (struct smb2_file_ntwrk_info *)rsp->Buffer;
4388 inode = FP_INODE(fp);
4389 generic_fillattr(&init_user_ns, inode, &stat);
4391 file_info->CreationTime = cpu_to_le64(fp->create_time);
4392 time = ksmbd_UnixTimeToNT(stat.atime);
4393 file_info->LastAccessTime = cpu_to_le64(time);
4394 time = ksmbd_UnixTimeToNT(stat.mtime);
4395 file_info->LastWriteTime = cpu_to_le64(time);
4396 time = ksmbd_UnixTimeToNT(stat.ctime);
4397 file_info->ChangeTime = cpu_to_le64(time);
4398 file_info->Attributes = fp->f_ci->m_fattr;
4399 file_info->AllocationSize =
4400 cpu_to_le64(get_allocation_size(inode, &stat));
4401 file_info->EndOfFile = S_ISDIR(stat.mode) ? 0 : cpu_to_le64(stat.size);
4402 file_info->Reserved = cpu_to_le32(0);
4403 rsp->OutputBufferLength =
4404 cpu_to_le32(sizeof(struct smb2_file_ntwrk_info));
4405 inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_ntwrk_info));
4409 static void get_file_ea_info(struct smb2_query_info_rsp *rsp, void *rsp_org)
4411 struct smb2_file_ea_info *file_info;
4413 file_info = (struct smb2_file_ea_info *)rsp->Buffer;
4414 file_info->EASize = 0;
4415 rsp->OutputBufferLength =
4416 cpu_to_le32(sizeof(struct smb2_file_ea_info));
4417 inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_ea_info));
4420 static void get_file_position_info(struct smb2_query_info_rsp *rsp,
4421 struct ksmbd_file *fp, void *rsp_org)
4423 struct smb2_file_pos_info *file_info;
4425 file_info = (struct smb2_file_pos_info *)rsp->Buffer;
4426 file_info->CurrentByteOffset = cpu_to_le64(fp->filp->f_pos);
4427 rsp->OutputBufferLength =
4428 cpu_to_le32(sizeof(struct smb2_file_pos_info));
4429 inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_pos_info));
4432 static void get_file_mode_info(struct smb2_query_info_rsp *rsp,
4433 struct ksmbd_file *fp, void *rsp_org)
4435 struct smb2_file_mode_info *file_info;
4437 file_info = (struct smb2_file_mode_info *)rsp->Buffer;
4438 file_info->Mode = fp->coption & FILE_MODE_INFO_MASK;
4439 rsp->OutputBufferLength =
4440 cpu_to_le32(sizeof(struct smb2_file_mode_info));
4441 inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_mode_info));
4444 static void get_file_compression_info(struct smb2_query_info_rsp *rsp,
4445 struct ksmbd_file *fp, void *rsp_org)
4447 struct smb2_file_comp_info *file_info;
4450 generic_fillattr(&init_user_ns, FP_INODE(fp), &stat);
4452 file_info = (struct smb2_file_comp_info *)rsp->Buffer;
4453 file_info->CompressedFileSize = cpu_to_le64(stat.blocks << 9);
4454 file_info->CompressionFormat = COMPRESSION_FORMAT_NONE;
4455 file_info->CompressionUnitShift = 0;
4456 file_info->ChunkShift = 0;
4457 file_info->ClusterShift = 0;
4458 memset(&file_info->Reserved[0], 0, 3);
4460 rsp->OutputBufferLength =
4461 cpu_to_le32(sizeof(struct smb2_file_comp_info));
4462 inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_comp_info));
4465 static int get_file_attribute_tag_info(struct smb2_query_info_rsp *rsp,
4466 struct ksmbd_file *fp, void *rsp_org)
4468 struct smb2_file_attr_tag_info *file_info;
4470 if (!(fp->daccess & FILE_READ_ATTRIBUTES_LE)) {
4471 pr_err("no right to read the attributes : 0x%x\n",
4476 file_info = (struct smb2_file_attr_tag_info *)rsp->Buffer;
4477 file_info->FileAttributes = fp->f_ci->m_fattr;
4478 file_info->ReparseTag = 0;
4479 rsp->OutputBufferLength =
4480 cpu_to_le32(sizeof(struct smb2_file_attr_tag_info));
4481 inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_attr_tag_info));
4485 static int find_file_posix_info(struct smb2_query_info_rsp *rsp,
4486 struct ksmbd_file *fp, void *rsp_org)
4488 struct smb311_posix_qinfo *file_info;
4489 struct inode *inode = FP_INODE(fp);
4492 file_info = (struct smb311_posix_qinfo *)rsp->Buffer;
4493 file_info->CreationTime = cpu_to_le64(fp->create_time);
4494 time = ksmbd_UnixTimeToNT(inode->i_atime);
4495 file_info->LastAccessTime = cpu_to_le64(time);
4496 time = ksmbd_UnixTimeToNT(inode->i_mtime);
4497 file_info->LastWriteTime = cpu_to_le64(time);
4498 time = ksmbd_UnixTimeToNT(inode->i_ctime);
4499 file_info->ChangeTime = cpu_to_le64(time);
4500 file_info->DosAttributes = fp->f_ci->m_fattr;
4501 file_info->Inode = cpu_to_le64(inode->i_ino);
4502 file_info->EndOfFile = cpu_to_le64(inode->i_size);
4503 file_info->AllocationSize = cpu_to_le64(inode->i_blocks << 9);
4504 file_info->HardLinks = cpu_to_le32(inode->i_nlink);
4505 file_info->Mode = cpu_to_le32(inode->i_mode);
4506 file_info->DeviceId = cpu_to_le32(inode->i_rdev);
4507 rsp->OutputBufferLength =
4508 cpu_to_le32(sizeof(struct smb311_posix_qinfo));
4509 inc_rfc1001_len(rsp_org, sizeof(struct smb311_posix_qinfo));
4513 static int smb2_get_info_file(struct ksmbd_work *work,
4514 struct smb2_query_info_req *req,
4515 struct smb2_query_info_rsp *rsp, void *rsp_org)
4517 struct ksmbd_file *fp;
4518 int fileinfoclass = 0;
4520 int file_infoclass_size;
4521 unsigned int id = KSMBD_NO_FID, pid = KSMBD_NO_FID;
4523 if (test_share_config_flag(work->tcon->share_conf,
4524 KSMBD_SHARE_FLAG_PIPE)) {
4525 /* smb2 info file called for pipe */
4526 return smb2_get_info_file_pipe(work->sess, req, rsp);
4529 if (work->next_smb2_rcv_hdr_off) {
4530 if (!HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) {
4531 ksmbd_debug(SMB, "Compound request set FID = %u\n",
4532 work->compound_fid);
4533 id = work->compound_fid;
4534 pid = work->compound_pfid;
4538 if (!HAS_FILE_ID(id)) {
4539 id = le64_to_cpu(req->VolatileFileId);
4540 pid = le64_to_cpu(req->PersistentFileId);
4543 fp = ksmbd_lookup_fd_slow(work, id, pid);
4547 fileinfoclass = req->FileInfoClass;
4549 switch (fileinfoclass) {
4550 case FILE_ACCESS_INFORMATION:
4551 get_file_access_info(rsp, fp, rsp_org);
4552 file_infoclass_size = FILE_ACCESS_INFORMATION_SIZE;
4555 case FILE_BASIC_INFORMATION:
4556 rc = get_file_basic_info(rsp, fp, rsp_org);
4557 file_infoclass_size = FILE_BASIC_INFORMATION_SIZE;
4560 case FILE_STANDARD_INFORMATION:
4561 get_file_standard_info(rsp, fp, rsp_org);
4562 file_infoclass_size = FILE_STANDARD_INFORMATION_SIZE;
4565 case FILE_ALIGNMENT_INFORMATION:
4566 get_file_alignment_info(rsp, rsp_org);
4567 file_infoclass_size = FILE_ALIGNMENT_INFORMATION_SIZE;
4570 case FILE_ALL_INFORMATION:
4571 rc = get_file_all_info(work, rsp, fp, rsp_org);
4572 file_infoclass_size = FILE_ALL_INFORMATION_SIZE;
4575 case FILE_ALTERNATE_NAME_INFORMATION:
4576 get_file_alternate_info(work, rsp, fp, rsp_org);
4577 file_infoclass_size = FILE_ALTERNATE_NAME_INFORMATION_SIZE;
4580 case FILE_STREAM_INFORMATION:
4581 get_file_stream_info(work, rsp, fp, rsp_org);
4582 file_infoclass_size = FILE_STREAM_INFORMATION_SIZE;
4585 case FILE_INTERNAL_INFORMATION:
4586 get_file_internal_info(rsp, fp, rsp_org);
4587 file_infoclass_size = FILE_INTERNAL_INFORMATION_SIZE;
4590 case FILE_NETWORK_OPEN_INFORMATION:
4591 rc = get_file_network_open_info(rsp, fp, rsp_org);
4592 file_infoclass_size = FILE_NETWORK_OPEN_INFORMATION_SIZE;
4595 case FILE_EA_INFORMATION:
4596 get_file_ea_info(rsp, rsp_org);
4597 file_infoclass_size = FILE_EA_INFORMATION_SIZE;
4600 case FILE_FULL_EA_INFORMATION:
4601 rc = smb2_get_ea(work, fp, req, rsp, rsp_org);
4602 file_infoclass_size = FILE_FULL_EA_INFORMATION_SIZE;
4605 case FILE_POSITION_INFORMATION:
4606 get_file_position_info(rsp, fp, rsp_org);
4607 file_infoclass_size = FILE_POSITION_INFORMATION_SIZE;
4610 case FILE_MODE_INFORMATION:
4611 get_file_mode_info(rsp, fp, rsp_org);
4612 file_infoclass_size = FILE_MODE_INFORMATION_SIZE;
4615 case FILE_COMPRESSION_INFORMATION:
4616 get_file_compression_info(rsp, fp, rsp_org);
4617 file_infoclass_size = FILE_COMPRESSION_INFORMATION_SIZE;
4620 case FILE_ATTRIBUTE_TAG_INFORMATION:
4621 rc = get_file_attribute_tag_info(rsp, fp, rsp_org);
4622 file_infoclass_size = FILE_ATTRIBUTE_TAG_INFORMATION_SIZE;
4624 case SMB_FIND_FILE_POSIX_INFO:
4625 if (!work->tcon->posix_extensions) {
4626 pr_err("client doesn't negotiate with SMB3.1.1 POSIX Extensions\n");
4629 rc = find_file_posix_info(rsp, fp, rsp_org);
4630 file_infoclass_size = sizeof(struct smb311_posix_qinfo);
4634 ksmbd_debug(SMB, "fileinfoclass %d not supported yet\n",
4639 rc = buffer_check_err(le32_to_cpu(req->OutputBufferLength),
4641 file_infoclass_size);
4642 ksmbd_fd_put(work, fp);
4646 static int smb2_get_info_filesystem(struct ksmbd_work *work,
4647 struct smb2_query_info_req *req,
4648 struct smb2_query_info_rsp *rsp, void *rsp_org)
4650 struct ksmbd_session *sess = work->sess;
4651 struct ksmbd_conn *conn = sess->conn;
4652 struct ksmbd_share_config *share = work->tcon->share_conf;
4653 int fsinfoclass = 0;
4654 struct kstatfs stfs;
4657 int fs_infoclass_size = 0;
4658 int lookup_flags = 0;
4660 if (test_share_config_flag(share, KSMBD_SHARE_FLAG_FOLLOW_SYMLINKS))
4661 lookup_flags = LOOKUP_FOLLOW;
4663 rc = ksmbd_vfs_kern_path(share->path, lookup_flags, &path, 0);
4665 pr_err("cannot create vfs path\n");
4669 rc = vfs_statfs(&path, &stfs);
4671 pr_err("cannot do stat of path %s\n", share->path);
4676 fsinfoclass = req->FileInfoClass;
4678 switch (fsinfoclass) {
4679 case FS_DEVICE_INFORMATION:
4681 struct filesystem_device_info *info;
4683 info = (struct filesystem_device_info *)rsp->Buffer;
4685 info->DeviceType = cpu_to_le32(stfs.f_type);
4686 info->DeviceCharacteristics = cpu_to_le32(0x00000020);
4687 rsp->OutputBufferLength = cpu_to_le32(8);
4688 inc_rfc1001_len(rsp_org, 8);
4689 fs_infoclass_size = FS_DEVICE_INFORMATION_SIZE;
4692 case FS_ATTRIBUTE_INFORMATION:
4694 struct filesystem_attribute_info *info;
4697 info = (struct filesystem_attribute_info *)rsp->Buffer;
4698 info->Attributes = cpu_to_le32(FILE_SUPPORTS_OBJECT_IDS |
4699 FILE_PERSISTENT_ACLS |
4700 FILE_UNICODE_ON_DISK |
4701 FILE_CASE_PRESERVED_NAMES |
4702 FILE_CASE_SENSITIVE_SEARCH |
4703 FILE_SUPPORTS_BLOCK_REFCOUNTING);
4705 info->Attributes |= cpu_to_le32(server_conf.share_fake_fscaps);
4707 info->MaxPathNameComponentLength = cpu_to_le32(stfs.f_namelen);
4708 len = smbConvertToUTF16((__le16 *)info->FileSystemName,
4709 "NTFS", PATH_MAX, conn->local_nls, 0);
4711 info->FileSystemNameLen = cpu_to_le32(len);
4712 sz = sizeof(struct filesystem_attribute_info) - 2 + len;
4713 rsp->OutputBufferLength = cpu_to_le32(sz);
4714 inc_rfc1001_len(rsp_org, sz);
4715 fs_infoclass_size = FS_ATTRIBUTE_INFORMATION_SIZE;
4718 case FS_VOLUME_INFORMATION:
4720 struct filesystem_vol_info *info;
4723 info = (struct filesystem_vol_info *)(rsp->Buffer);
4724 info->VolumeCreationTime = 0;
4725 /* Taking dummy value of serial number*/
4726 info->SerialNumber = cpu_to_le32(0xbc3ac512);
4727 len = smbConvertToUTF16((__le16 *)info->VolumeLabel,
4728 share->name, PATH_MAX,
4729 conn->local_nls, 0);
4731 info->VolumeLabelSize = cpu_to_le32(len);
4733 sz = sizeof(struct filesystem_vol_info) - 2 + len;
4734 rsp->OutputBufferLength = cpu_to_le32(sz);
4735 inc_rfc1001_len(rsp_org, sz);
4736 fs_infoclass_size = FS_VOLUME_INFORMATION_SIZE;
4739 case FS_SIZE_INFORMATION:
4741 struct filesystem_info *info;
4743 info = (struct filesystem_info *)(rsp->Buffer);
4744 info->TotalAllocationUnits = cpu_to_le64(stfs.f_blocks);
4745 info->FreeAllocationUnits = cpu_to_le64(stfs.f_bfree);
4746 info->SectorsPerAllocationUnit = cpu_to_le32(1);
4747 info->BytesPerSector = cpu_to_le32(stfs.f_bsize);
4748 rsp->OutputBufferLength = cpu_to_le32(24);
4749 inc_rfc1001_len(rsp_org, 24);
4750 fs_infoclass_size = FS_SIZE_INFORMATION_SIZE;
4753 case FS_FULL_SIZE_INFORMATION:
4755 struct smb2_fs_full_size_info *info;
4757 info = (struct smb2_fs_full_size_info *)(rsp->Buffer);
4758 info->TotalAllocationUnits = cpu_to_le64(stfs.f_blocks);
4759 info->CallerAvailableAllocationUnits =
4760 cpu_to_le64(stfs.f_bavail);
4761 info->ActualAvailableAllocationUnits =
4762 cpu_to_le64(stfs.f_bfree);
4763 info->SectorsPerAllocationUnit = cpu_to_le32(1);
4764 info->BytesPerSector = cpu_to_le32(stfs.f_bsize);
4765 rsp->OutputBufferLength = cpu_to_le32(32);
4766 inc_rfc1001_len(rsp_org, 32);
4767 fs_infoclass_size = FS_FULL_SIZE_INFORMATION_SIZE;
4770 case FS_OBJECT_ID_INFORMATION:
4772 struct object_id_info *info;
4774 info = (struct object_id_info *)(rsp->Buffer);
4776 if (!user_guest(sess->user))
4777 memcpy(info->objid, user_passkey(sess->user), 16);
4779 memset(info->objid, 0, 16);
4781 info->extended_info.magic = cpu_to_le32(EXTENDED_INFO_MAGIC);
4782 info->extended_info.version = cpu_to_le32(1);
4783 info->extended_info.release = cpu_to_le32(1);
4784 info->extended_info.rel_date = 0;
4785 memcpy(info->extended_info.version_string, "1.1.0", strlen("1.1.0"));
4786 rsp->OutputBufferLength = cpu_to_le32(64);
4787 inc_rfc1001_len(rsp_org, 64);
4788 fs_infoclass_size = FS_OBJECT_ID_INFORMATION_SIZE;
4791 case FS_SECTOR_SIZE_INFORMATION:
4793 struct smb3_fs_ss_info *info;
4795 info = (struct smb3_fs_ss_info *)(rsp->Buffer);
4797 info->LogicalBytesPerSector = cpu_to_le32(stfs.f_bsize);
4798 info->PhysicalBytesPerSectorForAtomicity =
4799 cpu_to_le32(stfs.f_bsize);
4800 info->PhysicalBytesPerSectorForPerf = cpu_to_le32(stfs.f_bsize);
4801 info->FSEffPhysicalBytesPerSectorForAtomicity =
4802 cpu_to_le32(stfs.f_bsize);
4803 info->Flags = cpu_to_le32(SSINFO_FLAGS_ALIGNED_DEVICE |
4804 SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE);
4805 info->ByteOffsetForSectorAlignment = 0;
4806 info->ByteOffsetForPartitionAlignment = 0;
4807 rsp->OutputBufferLength = cpu_to_le32(28);
4808 inc_rfc1001_len(rsp_org, 28);
4809 fs_infoclass_size = FS_SECTOR_SIZE_INFORMATION_SIZE;
4812 case FS_CONTROL_INFORMATION:
4815 * TODO : The current implementation is based on
4816 * test result with win7(NTFS) server. It's need to
4817 * modify this to get valid Quota values
4820 struct smb2_fs_control_info *info;
4822 info = (struct smb2_fs_control_info *)(rsp->Buffer);
4823 info->FreeSpaceStartFiltering = 0;
4824 info->FreeSpaceThreshold = 0;
4825 info->FreeSpaceStopFiltering = 0;
4826 info->DefaultQuotaThreshold = cpu_to_le64(SMB2_NO_FID);
4827 info->DefaultQuotaLimit = cpu_to_le64(SMB2_NO_FID);
4829 rsp->OutputBufferLength = cpu_to_le32(48);
4830 inc_rfc1001_len(rsp_org, 48);
4831 fs_infoclass_size = FS_CONTROL_INFORMATION_SIZE;
4834 case FS_POSIX_INFORMATION:
4836 struct filesystem_posix_info *info;
4838 if (!work->tcon->posix_extensions) {
4839 pr_err("client doesn't negotiate with SMB3.1.1 POSIX Extensions\n");
4842 info = (struct filesystem_posix_info *)(rsp->Buffer);
4843 info->OptimalTransferSize = cpu_to_le32(stfs.f_bsize);
4844 info->BlockSize = cpu_to_le32(stfs.f_bsize);
4845 info->TotalBlocks = cpu_to_le64(stfs.f_blocks);
4846 info->BlocksAvail = cpu_to_le64(stfs.f_bfree);
4847 info->UserBlocksAvail = cpu_to_le64(stfs.f_bavail);
4848 info->TotalFileNodes = cpu_to_le64(stfs.f_files);
4849 info->FreeFileNodes = cpu_to_le64(stfs.f_ffree);
4850 rsp->OutputBufferLength = cpu_to_le32(56);
4851 inc_rfc1001_len(rsp_org, 56);
4852 fs_infoclass_size = FS_POSIX_INFORMATION_SIZE;
4860 rc = buffer_check_err(le32_to_cpu(req->OutputBufferLength),
4867 static int smb2_get_info_sec(struct ksmbd_work *work,
4868 struct smb2_query_info_req *req,
4869 struct smb2_query_info_rsp *rsp, void *rsp_org)
4871 struct ksmbd_file *fp;
4872 struct smb_ntsd *pntsd = (struct smb_ntsd *)rsp->Buffer, *ppntsd = NULL;
4873 struct smb_fattr fattr = {{0}};
4874 struct inode *inode;
4876 unsigned int id = KSMBD_NO_FID, pid = KSMBD_NO_FID;
4877 int addition_info = le32_to_cpu(req->AdditionalInformation);
4880 if (addition_info & ~(OWNER_SECINFO | GROUP_SECINFO | DACL_SECINFO)) {
4881 ksmbd_debug(SMB, "Unsupported addition info: 0x%x)\n",
4884 pntsd->revision = cpu_to_le16(1);
4885 pntsd->type = cpu_to_le16(SELF_RELATIVE | DACL_PROTECTED);
4886 pntsd->osidoffset = 0;
4887 pntsd->gsidoffset = 0;
4888 pntsd->sacloffset = 0;
4889 pntsd->dacloffset = 0;
4891 secdesclen = sizeof(struct smb_ntsd);
4892 rsp->OutputBufferLength = cpu_to_le32(secdesclen);
4893 inc_rfc1001_len(rsp_org, secdesclen);
4898 if (work->next_smb2_rcv_hdr_off) {
4899 if (!HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) {
4900 ksmbd_debug(SMB, "Compound request set FID = %u\n",
4901 work->compound_fid);
4902 id = work->compound_fid;
4903 pid = work->compound_pfid;
4907 if (!HAS_FILE_ID(id)) {
4908 id = le64_to_cpu(req->VolatileFileId);
4909 pid = le64_to_cpu(req->PersistentFileId);
4912 fp = ksmbd_lookup_fd_slow(work, id, pid);
4916 inode = FP_INODE(fp);
4917 ksmbd_acls_fattr(&fattr, inode);
4919 if (test_share_config_flag(work->tcon->share_conf,
4920 KSMBD_SHARE_FLAG_ACL_XATTR))
4921 ksmbd_vfs_get_sd_xattr(work->conn, fp->filp->f_path.dentry, &ppntsd);
4923 rc = build_sec_desc(pntsd, ppntsd, addition_info, &secdesclen, &fattr);
4924 posix_acl_release(fattr.cf_acls);
4925 posix_acl_release(fattr.cf_dacls);
4927 ksmbd_fd_put(work, fp);
4931 rsp->OutputBufferLength = cpu_to_le32(secdesclen);
4932 inc_rfc1001_len(rsp_org, secdesclen);
4937 * smb2_query_info() - handler for smb2 query info command
4938 * @work: smb work containing query info request buffer
4940 * Return: 0 on success, otherwise error
4942 int smb2_query_info(struct ksmbd_work *work)
4944 struct smb2_query_info_req *req;
4945 struct smb2_query_info_rsp *rsp, *rsp_org;
4948 rsp_org = work->response_buf;
4949 WORK_BUFFERS(work, req, rsp);
4951 ksmbd_debug(SMB, "GOT query info request\n");
4953 switch (req->InfoType) {
4954 case SMB2_O_INFO_FILE:
4955 ksmbd_debug(SMB, "GOT SMB2_O_INFO_FILE\n");
4956 rc = smb2_get_info_file(work, req, rsp, (void *)rsp_org);
4958 case SMB2_O_INFO_FILESYSTEM:
4959 ksmbd_debug(SMB, "GOT SMB2_O_INFO_FILESYSTEM\n");
4960 rc = smb2_get_info_filesystem(work, req, rsp, (void *)rsp_org);
4962 case SMB2_O_INFO_SECURITY:
4963 ksmbd_debug(SMB, "GOT SMB2_O_INFO_SECURITY\n");
4964 rc = smb2_get_info_sec(work, req, rsp, (void *)rsp_org);
4967 ksmbd_debug(SMB, "InfoType %d not supported yet\n",
4974 rsp->hdr.Status = STATUS_ACCESS_DENIED;
4975 else if (rc == -ENOENT)
4976 rsp->hdr.Status = STATUS_FILE_CLOSED;
4977 else if (rc == -EIO)
4978 rsp->hdr.Status = STATUS_UNEXPECTED_IO_ERROR;
4979 else if (rc == -EOPNOTSUPP || rsp->hdr.Status == 0)
4980 rsp->hdr.Status = STATUS_INVALID_INFO_CLASS;
4981 smb2_set_err_rsp(work);
4983 ksmbd_debug(SMB, "error while processing smb2 query rc = %d\n",
4987 rsp->StructureSize = cpu_to_le16(9);
4988 rsp->OutputBufferOffset = cpu_to_le16(72);
4989 inc_rfc1001_len(rsp_org, 8);
4994 * smb2_close_pipe() - handler for closing IPC pipe
4995 * @work: smb work containing close request buffer
4999 static noinline int smb2_close_pipe(struct ksmbd_work *work)
5002 struct smb2_close_req *req = work->request_buf;
5003 struct smb2_close_rsp *rsp = work->response_buf;
5005 id = le64_to_cpu(req->VolatileFileId);
5006 ksmbd_session_rpc_close(work->sess, id);
5008 rsp->StructureSize = cpu_to_le16(60);
5011 rsp->CreationTime = 0;
5012 rsp->LastAccessTime = 0;
5013 rsp->LastWriteTime = 0;
5014 rsp->ChangeTime = 0;
5015 rsp->AllocationSize = 0;
5017 rsp->Attributes = 0;
5018 inc_rfc1001_len(rsp, 60);
5023 * smb2_close() - handler for smb2 close file command
5024 * @work: smb work containing close request buffer
5028 int smb2_close(struct ksmbd_work *work)
5030 unsigned int volatile_id = KSMBD_NO_FID;
5032 struct smb2_close_req *req;
5033 struct smb2_close_rsp *rsp;
5034 struct smb2_close_rsp *rsp_org;
5035 struct ksmbd_conn *conn = work->conn;
5036 struct ksmbd_file *fp;
5037 struct inode *inode;
5041 rsp_org = work->response_buf;
5042 WORK_BUFFERS(work, req, rsp);
5044 if (test_share_config_flag(work->tcon->share_conf,
5045 KSMBD_SHARE_FLAG_PIPE)) {
5046 ksmbd_debug(SMB, "IPC pipe close request\n");
5047 return smb2_close_pipe(work);
5050 sess_id = le64_to_cpu(req->hdr.SessionId);
5051 if (req->hdr.Flags & SMB2_FLAGS_RELATED_OPERATIONS)
5052 sess_id = work->compound_sid;
5054 work->compound_sid = 0;
5055 if (check_session_id(conn, sess_id)) {
5056 work->compound_sid = sess_id;
5058 rsp->hdr.Status = STATUS_USER_SESSION_DELETED;
5059 if (req->hdr.Flags & SMB2_FLAGS_RELATED_OPERATIONS)
5060 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
5065 if (work->next_smb2_rcv_hdr_off &&
5066 !HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) {
5067 if (!HAS_FILE_ID(work->compound_fid)) {
5068 /* file already closed, return FILE_CLOSED */
5069 ksmbd_debug(SMB, "file already closed\n");
5070 rsp->hdr.Status = STATUS_FILE_CLOSED;
5074 ksmbd_debug(SMB, "Compound request set FID = %u:%u\n",
5076 work->compound_pfid);
5077 volatile_id = work->compound_fid;
5079 /* file closed, stored id is not valid anymore */
5080 work->compound_fid = KSMBD_NO_FID;
5081 work->compound_pfid = KSMBD_NO_FID;
5084 volatile_id = le64_to_cpu(req->VolatileFileId);
5086 ksmbd_debug(SMB, "volatile_id = %u\n", volatile_id);
5088 rsp->StructureSize = cpu_to_le16(60);
5091 if (req->Flags == SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB) {
5092 fp = ksmbd_lookup_fd_fast(work, volatile_id);
5098 inode = FP_INODE(fp);
5099 rsp->Flags = SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB;
5100 rsp->AllocationSize = S_ISDIR(inode->i_mode) ? 0 :
5101 cpu_to_le64(inode->i_blocks << 9);
5102 rsp->EndOfFile = cpu_to_le64(inode->i_size);
5103 rsp->Attributes = fp->f_ci->m_fattr;
5104 rsp->CreationTime = cpu_to_le64(fp->create_time);
5105 time = ksmbd_UnixTimeToNT(inode->i_atime);
5106 rsp->LastAccessTime = cpu_to_le64(time);
5107 time = ksmbd_UnixTimeToNT(inode->i_mtime);
5108 rsp->LastWriteTime = cpu_to_le64(time);
5109 time = ksmbd_UnixTimeToNT(inode->i_ctime);
5110 rsp->ChangeTime = cpu_to_le64(time);
5111 ksmbd_fd_put(work, fp);
5114 rsp->AllocationSize = 0;
5116 rsp->Attributes = 0;
5117 rsp->CreationTime = 0;
5118 rsp->LastAccessTime = 0;
5119 rsp->LastWriteTime = 0;
5120 rsp->ChangeTime = 0;
5123 err = ksmbd_close_fd(work, volatile_id);
5126 if (rsp->hdr.Status == 0)
5127 rsp->hdr.Status = STATUS_FILE_CLOSED;
5128 smb2_set_err_rsp(work);
5130 inc_rfc1001_len(rsp_org, 60);
5137 * smb2_echo() - handler for smb2 echo(ping) command
5138 * @work: smb work containing echo request buffer
5142 int smb2_echo(struct ksmbd_work *work)
5144 struct smb2_echo_rsp *rsp = work->response_buf;
5146 rsp->StructureSize = cpu_to_le16(4);
5148 inc_rfc1001_len(rsp, 4);
5152 static int smb2_rename(struct ksmbd_work *work, struct ksmbd_file *fp,
5153 struct smb2_file_rename_info *file_info,
5154 struct nls_table *local_nls)
5156 struct ksmbd_share_config *share = fp->tcon->share_conf;
5157 char *new_name = NULL, *abs_oldname = NULL, *old_name = NULL;
5158 char *pathname = NULL;
5160 bool file_present = true;
5163 ksmbd_debug(SMB, "setting FILE_RENAME_INFO\n");
5164 pathname = kmalloc(PATH_MAX, GFP_KERNEL);
5168 abs_oldname = d_path(&fp->filp->f_path, pathname, PATH_MAX);
5169 if (IS_ERR(abs_oldname)) {
5173 old_name = strrchr(abs_oldname, '/');
5174 if (old_name && old_name[1] != '\0') {
5177 ksmbd_debug(SMB, "can't get last component in path %s\n",
5183 new_name = smb2_get_name(share,
5184 file_info->FileName,
5185 le32_to_cpu(file_info->FileNameLength),
5187 if (IS_ERR(new_name)) {
5188 rc = PTR_ERR(new_name);
5192 if (strchr(new_name, ':')) {
5194 char *xattr_stream_name, *stream_name = NULL;
5195 size_t xattr_stream_size;
5198 rc = parse_stream_name(new_name, &stream_name, &s_type);
5202 len = strlen(new_name);
5203 if (new_name[len - 1] != '/') {
5204 pr_err("not allow base filename in rename\n");
5209 rc = ksmbd_vfs_xattr_stream_name(stream_name,
5216 rc = ksmbd_vfs_setxattr(fp->filp->f_path.dentry,
5220 pr_err("failed to store stream name in xattr: %d\n",
5229 ksmbd_debug(SMB, "new name %s\n", new_name);
5230 rc = ksmbd_vfs_kern_path(new_name, 0, &path, 1);
5232 file_present = false;
5236 if (ksmbd_share_veto_filename(share, new_name)) {
5238 ksmbd_debug(SMB, "Can't rename vetoed file: %s\n", new_name);
5242 if (file_info->ReplaceIfExists) {
5244 rc = ksmbd_vfs_remove_file(work, new_name);
5246 if (rc != -ENOTEMPTY)
5248 ksmbd_debug(SMB, "cannot delete %s, rc %d\n",
5255 strncmp(old_name, path.dentry->d_name.name, strlen(old_name))) {
5258 "cannot rename already existing file\n");
5263 rc = ksmbd_vfs_fp_rename(work, fp, new_name);
5266 if (!IS_ERR(new_name))
5271 static int smb2_create_link(struct ksmbd_work *work,
5272 struct ksmbd_share_config *share,
5273 struct smb2_file_link_info *file_info,
5275 struct nls_table *local_nls)
5277 char *link_name = NULL, *target_name = NULL, *pathname = NULL;
5279 bool file_present = true;
5282 ksmbd_debug(SMB, "setting FILE_LINK_INFORMATION\n");
5283 pathname = kmalloc(PATH_MAX, GFP_KERNEL);
5287 link_name = smb2_get_name(share,
5288 file_info->FileName,
5289 le32_to_cpu(file_info->FileNameLength),
5291 if (IS_ERR(link_name) || S_ISDIR(file_inode(filp)->i_mode)) {
5296 ksmbd_debug(SMB, "link name is %s\n", link_name);
5297 target_name = d_path(&filp->f_path, pathname, PATH_MAX);
5298 if (IS_ERR(target_name)) {
5303 ksmbd_debug(SMB, "target name is %s\n", target_name);
5304 rc = ksmbd_vfs_kern_path(link_name, 0, &path, 0);
5306 file_present = false;
5310 if (file_info->ReplaceIfExists) {
5312 rc = ksmbd_vfs_remove_file(work, link_name);
5315 ksmbd_debug(SMB, "cannot delete %s\n",
5323 ksmbd_debug(SMB, "link already exists\n");
5328 rc = ksmbd_vfs_link(work, target_name, link_name);
5332 if (!IS_ERR(link_name))
5338 static int set_file_basic_info(struct ksmbd_file *fp, char *buf,
5339 struct ksmbd_share_config *share)
5341 struct smb2_file_all_info *file_info;
5343 struct iattr temp_attrs;
5345 struct inode *inode;
5348 if (!(fp->daccess & FILE_WRITE_ATTRIBUTES_LE))
5351 file_info = (struct smb2_file_all_info *)buf;
5354 inode = file_inode(filp);
5356 if (file_info->CreationTime)
5357 fp->create_time = le64_to_cpu(file_info->CreationTime);
5359 if (file_info->LastAccessTime) {
5360 attrs.ia_atime = ksmbd_NTtimeToUnix(file_info->LastAccessTime);
5361 attrs.ia_valid |= (ATTR_ATIME | ATTR_ATIME_SET);
5364 if (file_info->ChangeTime) {
5365 temp_attrs.ia_ctime = ksmbd_NTtimeToUnix(file_info->ChangeTime);
5366 attrs.ia_ctime = temp_attrs.ia_ctime;
5367 attrs.ia_valid |= ATTR_CTIME;
5369 temp_attrs.ia_ctime = inode->i_ctime;
5372 if (file_info->LastWriteTime) {
5373 attrs.ia_mtime = ksmbd_NTtimeToUnix(file_info->LastWriteTime);
5374 attrs.ia_valid |= (ATTR_MTIME | ATTR_MTIME_SET);
5377 if (file_info->Attributes) {
5378 if (!S_ISDIR(inode->i_mode) &&
5379 file_info->Attributes & ATTR_DIRECTORY_LE) {
5380 pr_err("can't change a file to a directory\n");
5384 if (!(S_ISDIR(inode->i_mode) && file_info->Attributes == ATTR_NORMAL_LE))
5385 fp->f_ci->m_fattr = file_info->Attributes |
5386 (fp->f_ci->m_fattr & ATTR_DIRECTORY_LE);
5389 if (test_share_config_flag(share, KSMBD_SHARE_FLAG_STORE_DOS_ATTRS) &&
5390 (file_info->CreationTime || file_info->Attributes)) {
5391 struct xattr_dos_attrib da = {0};
5394 da.itime = fp->itime;
5395 da.create_time = fp->create_time;
5396 da.attr = le32_to_cpu(fp->f_ci->m_fattr);
5397 da.flags = XATTR_DOSINFO_ATTRIB | XATTR_DOSINFO_CREATE_TIME |
5398 XATTR_DOSINFO_ITIME;
5400 rc = ksmbd_vfs_set_dos_attrib_xattr(filp->f_path.dentry, &da);
5403 "failed to restore file attribute in EA\n");
5408 * HACK : set ctime here to avoid ctime changed
5409 * when file_info->ChangeTime is zero.
5411 attrs.ia_ctime = temp_attrs.ia_ctime;
5412 attrs.ia_valid |= ATTR_CTIME;
5414 if (attrs.ia_valid) {
5415 struct dentry *dentry = filp->f_path.dentry;
5416 struct inode *inode = d_inode(dentry);
5418 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
5421 rc = setattr_prepare(&init_user_ns, dentry, &attrs);
5426 setattr_copy(&init_user_ns, inode, &attrs);
5427 attrs.ia_valid &= ~ATTR_CTIME;
5428 rc = notify_change(&init_user_ns, dentry, &attrs, NULL);
5429 inode_unlock(inode);
5434 static int set_file_allocation_info(struct ksmbd_work *work,
5435 struct ksmbd_file *fp, char *buf)
5438 * TODO : It's working fine only when store dos attributes
5439 * is not yes. need to implement a logic which works
5440 * properly with any smb.conf option
5443 struct smb2_file_alloc_info *file_alloc_info;
5445 struct inode *inode;
5448 if (!(fp->daccess & FILE_WRITE_DATA_LE))
5451 file_alloc_info = (struct smb2_file_alloc_info *)buf;
5452 alloc_blks = (le64_to_cpu(file_alloc_info->AllocationSize) + 511) >> 9;
5453 inode = file_inode(fp->filp);
5455 if (alloc_blks > inode->i_blocks) {
5456 smb_break_all_levII_oplock(work, fp, 1);
5457 rc = vfs_fallocate(fp->filp, FALLOC_FL_KEEP_SIZE, 0,
5459 if (rc && rc != -EOPNOTSUPP) {
5460 pr_err("vfs_fallocate is failed : %d\n", rc);
5463 } else if (alloc_blks < inode->i_blocks) {
5467 * Allocation size could be smaller than original one
5468 * which means allocated blocks in file should be
5469 * deallocated. use truncate to cut out it, but inode
5470 * size is also updated with truncate offset.
5471 * inode size is retained by backup inode size.
5473 size = i_size_read(inode);
5474 rc = ksmbd_vfs_truncate(work, NULL, fp, alloc_blks * 512);
5476 pr_err("truncate failed! filename : %s, err %d\n",
5480 if (size < alloc_blks * 512)
5481 i_size_write(inode, size);
5486 static int set_end_of_file_info(struct ksmbd_work *work, struct ksmbd_file *fp,
5489 struct smb2_file_eof_info *file_eof_info;
5491 struct inode *inode;
5494 if (!(fp->daccess & FILE_WRITE_DATA_LE))
5497 file_eof_info = (struct smb2_file_eof_info *)buf;
5498 newsize = le64_to_cpu(file_eof_info->EndOfFile);
5499 inode = file_inode(fp->filp);
5502 * If FILE_END_OF_FILE_INFORMATION of set_info_file is called
5503 * on FAT32 shared device, truncate execution time is too long
5504 * and network error could cause from windows client. because
5505 * truncate of some filesystem like FAT32 fill zero data in
5508 if (inode->i_sb->s_magic != MSDOS_SUPER_MAGIC) {
5509 ksmbd_debug(SMB, "filename : %s truncated to newsize %lld\n",
5510 fp->filename, newsize);
5511 rc = ksmbd_vfs_truncate(work, NULL, fp, newsize);
5513 ksmbd_debug(SMB, "truncate failed! filename : %s err %d\n",
5523 static int set_rename_info(struct ksmbd_work *work, struct ksmbd_file *fp,
5526 struct ksmbd_file *parent_fp;
5528 if (!(fp->daccess & FILE_DELETE_LE)) {
5529 pr_err("no right to delete : 0x%x\n", fp->daccess);
5533 if (ksmbd_stream_fd(fp))
5536 parent_fp = ksmbd_lookup_fd_inode(PARENT_INODE(fp));
5538 if (parent_fp->daccess & FILE_DELETE_LE) {
5539 pr_err("parent dir is opened with delete access\n");
5544 return smb2_rename(work, fp,
5545 (struct smb2_file_rename_info *)buf,
5546 work->sess->conn->local_nls);
5549 static int set_file_disposition_info(struct ksmbd_file *fp, char *buf)
5551 struct smb2_file_disposition_info *file_info;
5552 struct inode *inode;
5554 if (!(fp->daccess & FILE_DELETE_LE)) {
5555 pr_err("no right to delete : 0x%x\n", fp->daccess);
5559 inode = file_inode(fp->filp);
5560 file_info = (struct smb2_file_disposition_info *)buf;
5561 if (file_info->DeletePending) {
5562 if (S_ISDIR(inode->i_mode) &&
5563 ksmbd_vfs_empty_dir(fp) == -ENOTEMPTY)
5565 ksmbd_set_inode_pending_delete(fp);
5567 ksmbd_clear_inode_pending_delete(fp);
5572 static int set_file_position_info(struct ksmbd_file *fp, char *buf)
5574 struct smb2_file_pos_info *file_info;
5575 loff_t current_byte_offset;
5576 unsigned long sector_size;
5577 struct inode *inode;
5579 inode = file_inode(fp->filp);
5580 file_info = (struct smb2_file_pos_info *)buf;
5581 current_byte_offset = le64_to_cpu(file_info->CurrentByteOffset);
5582 sector_size = inode->i_sb->s_blocksize;
5584 if (current_byte_offset < 0 ||
5585 (fp->coption == FILE_NO_INTERMEDIATE_BUFFERING_LE &&
5586 current_byte_offset & (sector_size - 1))) {
5587 pr_err("CurrentByteOffset is not valid : %llu\n",
5588 current_byte_offset);
5592 fp->filp->f_pos = current_byte_offset;
5596 static int set_file_mode_info(struct ksmbd_file *fp, char *buf)
5598 struct smb2_file_mode_info *file_info;
5601 file_info = (struct smb2_file_mode_info *)buf;
5602 mode = file_info->Mode;
5604 if ((mode & ~FILE_MODE_INFO_MASK) ||
5605 (mode & FILE_SYNCHRONOUS_IO_ALERT_LE &&
5606 mode & FILE_SYNCHRONOUS_IO_NONALERT_LE)) {
5607 pr_err("Mode is not valid : 0x%x\n", le32_to_cpu(mode));
5612 * TODO : need to implement consideration for
5613 * FILE_SYNCHRONOUS_IO_ALERT and FILE_SYNCHRONOUS_IO_NONALERT
5615 ksmbd_vfs_set_fadvise(fp->filp, mode);
5621 * smb2_set_info_file() - handler for smb2 set info command
5622 * @work: smb work containing set info command buffer
5623 * @fp: ksmbd_file pointer
5624 * @info_class: smb2 set info class
5625 * @share: ksmbd_share_config pointer
5627 * Return: 0 on success, otherwise error
5628 * TODO: need to implement an error handling for STATUS_INFO_LENGTH_MISMATCH
5630 static int smb2_set_info_file(struct ksmbd_work *work, struct ksmbd_file *fp,
5631 int info_class, char *buf,
5632 struct ksmbd_share_config *share)
5634 switch (info_class) {
5635 case FILE_BASIC_INFORMATION:
5636 return set_file_basic_info(fp, buf, share);
5638 case FILE_ALLOCATION_INFORMATION:
5639 return set_file_allocation_info(work, fp, buf);
5641 case FILE_END_OF_FILE_INFORMATION:
5642 return set_end_of_file_info(work, fp, buf);
5644 case FILE_RENAME_INFORMATION:
5645 if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) {
5647 "User does not have write permission\n");
5650 return set_rename_info(work, fp, buf);
5652 case FILE_LINK_INFORMATION:
5653 return smb2_create_link(work, work->tcon->share_conf,
5654 (struct smb2_file_link_info *)buf, fp->filp,
5655 work->sess->conn->local_nls);
5657 case FILE_DISPOSITION_INFORMATION:
5658 if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) {
5660 "User does not have write permission\n");
5663 return set_file_disposition_info(fp, buf);
5665 case FILE_FULL_EA_INFORMATION:
5667 if (!(fp->daccess & FILE_WRITE_EA_LE)) {
5668 pr_err("Not permitted to write ext attr: 0x%x\n",
5673 return smb2_set_ea((struct smb2_ea_info *)buf,
5677 case FILE_POSITION_INFORMATION:
5678 return set_file_position_info(fp, buf);
5680 case FILE_MODE_INFORMATION:
5681 return set_file_mode_info(fp, buf);
5684 pr_err("Unimplemented Fileinfoclass :%d\n", info_class);
5688 static int smb2_set_info_sec(struct ksmbd_file *fp, int addition_info,
5689 char *buffer, int buf_len)
5691 struct smb_ntsd *pntsd = (struct smb_ntsd *)buffer;
5693 fp->saccess |= FILE_SHARE_DELETE_LE;
5695 return set_info_sec(fp->conn, fp->tcon, fp->filp->f_path.dentry, pntsd,
5700 * smb2_set_info() - handler for smb2 set info command handler
5701 * @work: smb work containing set info request buffer
5703 * Return: 0 on success, otherwise error
5705 int smb2_set_info(struct ksmbd_work *work)
5707 struct smb2_set_info_req *req;
5708 struct smb2_set_info_rsp *rsp, *rsp_org;
5709 struct ksmbd_file *fp;
5711 unsigned int id = KSMBD_NO_FID, pid = KSMBD_NO_FID;
5713 ksmbd_debug(SMB, "Received set info request\n");
5715 rsp_org = work->response_buf;
5716 if (work->next_smb2_rcv_hdr_off) {
5717 req = REQUEST_BUF_NEXT(work);
5718 rsp = RESPONSE_BUF_NEXT(work);
5719 if (!HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) {
5720 ksmbd_debug(SMB, "Compound request set FID = %u\n",
5721 work->compound_fid);
5722 id = work->compound_fid;
5723 pid = work->compound_pfid;
5726 req = work->request_buf;
5727 rsp = work->response_buf;
5730 if (!HAS_FILE_ID(id)) {
5731 id = le64_to_cpu(req->VolatileFileId);
5732 pid = le64_to_cpu(req->PersistentFileId);
5735 fp = ksmbd_lookup_fd_slow(work, id, pid);
5737 ksmbd_debug(SMB, "Invalid id for close: %u\n", id);
5742 switch (req->InfoType) {
5743 case SMB2_O_INFO_FILE:
5744 ksmbd_debug(SMB, "GOT SMB2_O_INFO_FILE\n");
5745 rc = smb2_set_info_file(work, fp, req->FileInfoClass,
5746 req->Buffer, work->tcon->share_conf);
5748 case SMB2_O_INFO_SECURITY:
5749 ksmbd_debug(SMB, "GOT SMB2_O_INFO_SECURITY\n");
5750 rc = smb2_set_info_sec(fp,
5751 le32_to_cpu(req->AdditionalInformation),
5753 le32_to_cpu(req->BufferLength));
5762 rsp->StructureSize = cpu_to_le16(2);
5763 inc_rfc1001_len(rsp_org, 2);
5764 ksmbd_fd_put(work, fp);
5768 if (rc == -EACCES || rc == -EPERM)
5769 rsp->hdr.Status = STATUS_ACCESS_DENIED;
5770 else if (rc == -EINVAL)
5771 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
5772 else if (rc == -ESHARE)
5773 rsp->hdr.Status = STATUS_SHARING_VIOLATION;
5774 else if (rc == -ENOENT)
5775 rsp->hdr.Status = STATUS_OBJECT_NAME_INVALID;
5776 else if (rc == -EBUSY || rc == -ENOTEMPTY)
5777 rsp->hdr.Status = STATUS_DIRECTORY_NOT_EMPTY;
5778 else if (rc == -EAGAIN)
5779 rsp->hdr.Status = STATUS_FILE_LOCK_CONFLICT;
5780 else if (rc == -EBADF || rc == -ESTALE)
5781 rsp->hdr.Status = STATUS_INVALID_HANDLE;
5782 else if (rc == -EEXIST)
5783 rsp->hdr.Status = STATUS_OBJECT_NAME_COLLISION;
5784 else if (rsp->hdr.Status == 0 || rc == -EOPNOTSUPP)
5785 rsp->hdr.Status = STATUS_INVALID_INFO_CLASS;
5786 smb2_set_err_rsp(work);
5787 ksmbd_fd_put(work, fp);
5788 ksmbd_debug(SMB, "error while processing smb2 query rc = %d\n", rc);
5793 * smb2_read_pipe() - handler for smb2 read from IPC pipe
5794 * @work: smb work containing read IPC pipe command buffer
5796 * Return: 0 on success, otherwise error
5798 static noinline int smb2_read_pipe(struct ksmbd_work *work)
5800 int nbytes = 0, err;
5802 struct ksmbd_rpc_command *rpc_resp;
5803 struct smb2_read_req *req = work->request_buf;
5804 struct smb2_read_rsp *rsp = work->response_buf;
5806 id = le64_to_cpu(req->VolatileFileId);
5808 inc_rfc1001_len(rsp, 16);
5809 rpc_resp = ksmbd_rpc_read(work->sess, id);
5811 if (rpc_resp->flags != KSMBD_RPC_OK) {
5816 work->aux_payload_buf =
5817 kvmalloc(rpc_resp->payload_sz, GFP_KERNEL | __GFP_ZERO);
5818 if (!work->aux_payload_buf) {
5823 memcpy(work->aux_payload_buf, rpc_resp->payload,
5824 rpc_resp->payload_sz);
5826 nbytes = rpc_resp->payload_sz;
5827 work->resp_hdr_sz = get_rfc1002_len(rsp) + 4;
5828 work->aux_payload_sz = nbytes;
5832 rsp->StructureSize = cpu_to_le16(17);
5833 rsp->DataOffset = 80;
5835 rsp->DataLength = cpu_to_le32(nbytes);
5836 rsp->DataRemaining = 0;
5838 inc_rfc1001_len(rsp, nbytes);
5842 rsp->hdr.Status = STATUS_UNEXPECTED_IO_ERROR;
5843 smb2_set_err_rsp(work);
5848 static ssize_t smb2_read_rdma_channel(struct ksmbd_work *work,
5849 struct smb2_read_req *req, void *data_buf,
5852 struct smb2_buffer_desc_v1 *desc =
5853 (struct smb2_buffer_desc_v1 *)&req->Buffer[0];
5856 if (work->conn->dialect == SMB30_PROT_ID &&
5857 req->Channel != SMB2_CHANNEL_RDMA_V1)
5860 if (req->ReadChannelInfoOffset == 0 ||
5861 le16_to_cpu(req->ReadChannelInfoLength) < sizeof(*desc))
5864 work->need_invalidate_rkey =
5865 (req->Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE);
5866 work->remote_key = le32_to_cpu(desc->token);
5868 err = ksmbd_conn_rdma_write(work->conn, data_buf, length,
5869 le32_to_cpu(desc->token),
5870 le64_to_cpu(desc->offset),
5871 le32_to_cpu(desc->length));
5879 * smb2_read() - handler for smb2 read from file
5880 * @work: smb work containing read command buffer
5882 * Return: 0 on success, otherwise error
5884 int smb2_read(struct ksmbd_work *work)
5886 struct ksmbd_conn *conn = work->conn;
5887 struct smb2_read_req *req;
5888 struct smb2_read_rsp *rsp, *rsp_org;
5889 struct ksmbd_file *fp;
5891 size_t length, mincount;
5892 ssize_t nbytes = 0, remain_bytes = 0;
5895 rsp_org = work->response_buf;
5896 WORK_BUFFERS(work, req, rsp);
5898 if (test_share_config_flag(work->tcon->share_conf,
5899 KSMBD_SHARE_FLAG_PIPE)) {
5900 ksmbd_debug(SMB, "IPC pipe read request\n");
5901 return smb2_read_pipe(work);
5904 fp = ksmbd_lookup_fd_slow(work, le64_to_cpu(req->VolatileFileId),
5905 le64_to_cpu(req->PersistentFileId));
5911 if (!(fp->daccess & (FILE_READ_DATA_LE | FILE_READ_ATTRIBUTES_LE))) {
5912 pr_err("Not permitted to read : 0x%x\n", fp->daccess);
5917 offset = le64_to_cpu(req->Offset);
5918 length = le32_to_cpu(req->Length);
5919 mincount = le32_to_cpu(req->MinimumCount);
5921 if (length > conn->vals->max_read_size) {
5922 ksmbd_debug(SMB, "limiting read size to max size(%u)\n",
5923 conn->vals->max_read_size);
5928 ksmbd_debug(SMB, "filename %s, offset %lld, len %zu\n", FP_FILENAME(fp),
5931 work->aux_payload_buf = kvmalloc(length, GFP_KERNEL | __GFP_ZERO);
5932 if (!work->aux_payload_buf) {
5937 nbytes = ksmbd_vfs_read(work, fp, length, &offset);
5943 if ((nbytes == 0 && length != 0) || nbytes < mincount) {
5944 kvfree(work->aux_payload_buf);
5945 work->aux_payload_buf = NULL;
5946 rsp->hdr.Status = STATUS_END_OF_FILE;
5947 smb2_set_err_rsp(work);
5948 ksmbd_fd_put(work, fp);
5952 ksmbd_debug(SMB, "nbytes %zu, offset %lld mincount %zu\n",
5953 nbytes, offset, mincount);
5955 if (req->Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE ||
5956 req->Channel == SMB2_CHANNEL_RDMA_V1) {
5957 /* write data to the client using rdma channel */
5958 remain_bytes = smb2_read_rdma_channel(work, req,
5959 work->aux_payload_buf,
5961 kvfree(work->aux_payload_buf);
5962 work->aux_payload_buf = NULL;
5965 if (remain_bytes < 0) {
5966 err = (int)remain_bytes;
5971 rsp->StructureSize = cpu_to_le16(17);
5972 rsp->DataOffset = 80;
5974 rsp->DataLength = cpu_to_le32(nbytes);
5975 rsp->DataRemaining = cpu_to_le32(remain_bytes);
5977 inc_rfc1001_len(rsp_org, 16);
5978 work->resp_hdr_sz = get_rfc1002_len(rsp_org) + 4;
5979 work->aux_payload_sz = nbytes;
5980 inc_rfc1001_len(rsp_org, nbytes);
5981 ksmbd_fd_put(work, fp);
5987 rsp->hdr.Status = STATUS_INVALID_DEVICE_REQUEST;
5988 else if (err == -EAGAIN)
5989 rsp->hdr.Status = STATUS_FILE_LOCK_CONFLICT;
5990 else if (err == -ENOENT)
5991 rsp->hdr.Status = STATUS_FILE_CLOSED;
5992 else if (err == -EACCES)
5993 rsp->hdr.Status = STATUS_ACCESS_DENIED;
5994 else if (err == -ESHARE)
5995 rsp->hdr.Status = STATUS_SHARING_VIOLATION;
5996 else if (err == -EINVAL)
5997 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
5999 rsp->hdr.Status = STATUS_INVALID_HANDLE;
6001 smb2_set_err_rsp(work);
6003 ksmbd_fd_put(work, fp);
6008 * smb2_write_pipe() - handler for smb2 write on IPC pipe
6009 * @work: smb work containing write IPC pipe command buffer
6011 * Return: 0 on success, otherwise error
6013 static noinline int smb2_write_pipe(struct ksmbd_work *work)
6015 struct smb2_write_req *req = work->request_buf;
6016 struct smb2_write_rsp *rsp = work->response_buf;
6017 struct ksmbd_rpc_command *rpc_resp;
6019 int err = 0, ret = 0;
6023 length = le32_to_cpu(req->Length);
6024 id = le64_to_cpu(req->VolatileFileId);
6026 if (le16_to_cpu(req->DataOffset) ==
6027 (offsetof(struct smb2_write_req, Buffer) - 4)) {
6028 data_buf = (char *)&req->Buffer[0];
6030 if ((le16_to_cpu(req->DataOffset) > get_rfc1002_len(req)) ||
6031 (le16_to_cpu(req->DataOffset) + length > get_rfc1002_len(req))) {
6032 pr_err("invalid write data offset %u, smb_len %u\n",
6033 le16_to_cpu(req->DataOffset),
6034 get_rfc1002_len(req));
6039 data_buf = (char *)(((char *)&req->hdr.ProtocolId) +
6040 le16_to_cpu(req->DataOffset));
6043 rpc_resp = ksmbd_rpc_write(work->sess, id, data_buf, length);
6045 if (rpc_resp->flags == KSMBD_RPC_ENOTIMPLEMENTED) {
6046 rsp->hdr.Status = STATUS_NOT_SUPPORTED;
6048 smb2_set_err_rsp(work);
6051 if (rpc_resp->flags != KSMBD_RPC_OK) {
6052 rsp->hdr.Status = STATUS_INVALID_HANDLE;
6053 smb2_set_err_rsp(work);
6060 rsp->StructureSize = cpu_to_le16(17);
6061 rsp->DataOffset = 0;
6063 rsp->DataLength = cpu_to_le32(length);
6064 rsp->DataRemaining = 0;
6066 inc_rfc1001_len(rsp, 16);
6070 rsp->hdr.Status = STATUS_INVALID_HANDLE;
6071 smb2_set_err_rsp(work);
6077 static ssize_t smb2_write_rdma_channel(struct ksmbd_work *work,
6078 struct smb2_write_req *req,
6079 struct ksmbd_file *fp,
6080 loff_t offset, size_t length, bool sync)
6082 struct smb2_buffer_desc_v1 *desc;
6087 desc = (struct smb2_buffer_desc_v1 *)&req->Buffer[0];
6089 if (work->conn->dialect == SMB30_PROT_ID &&
6090 req->Channel != SMB2_CHANNEL_RDMA_V1)
6093 if (req->Length != 0 || req->DataOffset != 0)
6096 if (req->WriteChannelInfoOffset == 0 ||
6097 le16_to_cpu(req->WriteChannelInfoLength) < sizeof(*desc))
6100 work->need_invalidate_rkey =
6101 (req->Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE);
6102 work->remote_key = le32_to_cpu(desc->token);
6104 data_buf = kvmalloc(length, GFP_KERNEL | __GFP_ZERO);
6108 ret = ksmbd_conn_rdma_read(work->conn, data_buf, length,
6109 le32_to_cpu(desc->token),
6110 le64_to_cpu(desc->offset),
6111 le32_to_cpu(desc->length));
6117 ret = ksmbd_vfs_write(work, fp, data_buf, length, &offset, sync, &nbytes);
6126 * smb2_write() - handler for smb2 write from file
6127 * @work: smb work containing write command buffer
6129 * Return: 0 on success, otherwise error
6131 int smb2_write(struct ksmbd_work *work)
6133 struct smb2_write_req *req;
6134 struct smb2_write_rsp *rsp, *rsp_org;
6135 struct ksmbd_file *fp = NULL;
6140 bool writethrough = false;
6143 rsp_org = work->response_buf;
6144 WORK_BUFFERS(work, req, rsp);
6146 if (test_share_config_flag(work->tcon->share_conf, KSMBD_SHARE_FLAG_PIPE)) {
6147 ksmbd_debug(SMB, "IPC pipe write request\n");
6148 return smb2_write_pipe(work);
6151 if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) {
6152 ksmbd_debug(SMB, "User does not have write permission\n");
6157 fp = ksmbd_lookup_fd_slow(work, le64_to_cpu(req->VolatileFileId),
6158 le64_to_cpu(req->PersistentFileId));
6164 if (!(fp->daccess & (FILE_WRITE_DATA_LE | FILE_READ_ATTRIBUTES_LE))) {
6165 pr_err("Not permitted to write : 0x%x\n", fp->daccess);
6170 offset = le64_to_cpu(req->Offset);
6171 length = le32_to_cpu(req->Length);
6173 if (length > work->conn->vals->max_write_size) {
6174 ksmbd_debug(SMB, "limiting write size to max size(%u)\n",
6175 work->conn->vals->max_write_size);
6180 if (le32_to_cpu(req->Flags) & SMB2_WRITEFLAG_WRITE_THROUGH)
6181 writethrough = true;
6183 if (req->Channel != SMB2_CHANNEL_RDMA_V1 &&
6184 req->Channel != SMB2_CHANNEL_RDMA_V1_INVALIDATE) {
6185 if (le16_to_cpu(req->DataOffset) ==
6186 (offsetof(struct smb2_write_req, Buffer) - 4)) {
6187 data_buf = (char *)&req->Buffer[0];
6189 if ((le16_to_cpu(req->DataOffset) > get_rfc1002_len(req)) ||
6190 (le16_to_cpu(req->DataOffset) + length > get_rfc1002_len(req))) {
6191 pr_err("invalid write data offset %u, smb_len %u\n",
6192 le16_to_cpu(req->DataOffset),
6193 get_rfc1002_len(req));
6198 data_buf = (char *)(((char *)&req->hdr.ProtocolId) +
6199 le16_to_cpu(req->DataOffset));
6202 ksmbd_debug(SMB, "flags %u\n", le32_to_cpu(req->Flags));
6203 if (le32_to_cpu(req->Flags) & SMB2_WRITEFLAG_WRITE_THROUGH)
6204 writethrough = true;
6206 ksmbd_debug(SMB, "filename %s, offset %lld, len %zu\n",
6207 FP_FILENAME(fp), offset, length);
6208 err = ksmbd_vfs_write(work, fp, data_buf, length, &offset,
6209 writethrough, &nbytes);
6213 /* read data from the client using rdma channel, and
6216 nbytes = smb2_write_rdma_channel(work, req, fp, offset,
6217 le32_to_cpu(req->RemainingBytes),
6225 rsp->StructureSize = cpu_to_le16(17);
6226 rsp->DataOffset = 0;
6228 rsp->DataLength = cpu_to_le32(nbytes);
6229 rsp->DataRemaining = 0;
6231 inc_rfc1001_len(rsp_org, 16);
6232 ksmbd_fd_put(work, fp);
6237 rsp->hdr.Status = STATUS_FILE_LOCK_CONFLICT;
6238 else if (err == -ENOSPC || err == -EFBIG)
6239 rsp->hdr.Status = STATUS_DISK_FULL;
6240 else if (err == -ENOENT)
6241 rsp->hdr.Status = STATUS_FILE_CLOSED;
6242 else if (err == -EACCES)
6243 rsp->hdr.Status = STATUS_ACCESS_DENIED;
6244 else if (err == -ESHARE)
6245 rsp->hdr.Status = STATUS_SHARING_VIOLATION;
6246 else if (err == -EINVAL)
6247 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
6249 rsp->hdr.Status = STATUS_INVALID_HANDLE;
6251 smb2_set_err_rsp(work);
6252 ksmbd_fd_put(work, fp);
6257 * smb2_flush() - handler for smb2 flush file - fsync
6258 * @work: smb work containing flush command buffer
6260 * Return: 0 on success, otherwise error
6262 int smb2_flush(struct ksmbd_work *work)
6264 struct smb2_flush_req *req;
6265 struct smb2_flush_rsp *rsp, *rsp_org;
6268 rsp_org = work->response_buf;
6269 WORK_BUFFERS(work, req, rsp);
6271 ksmbd_debug(SMB, "SMB2_FLUSH called for fid %llu\n",
6272 le64_to_cpu(req->VolatileFileId));
6274 err = ksmbd_vfs_fsync(work,
6275 le64_to_cpu(req->VolatileFileId),
6276 le64_to_cpu(req->PersistentFileId));
6280 rsp->StructureSize = cpu_to_le16(4);
6282 inc_rfc1001_len(rsp_org, 4);
6287 rsp->hdr.Status = STATUS_INVALID_HANDLE;
6288 smb2_set_err_rsp(work);
6295 * smb2_cancel() - handler for smb2 cancel command
6296 * @work: smb work containing cancel command buffer
6298 * Return: 0 on success, otherwise error
6300 int smb2_cancel(struct ksmbd_work *work)
6302 struct ksmbd_conn *conn = work->conn;
6303 struct smb2_hdr *hdr = work->request_buf;
6304 struct smb2_hdr *chdr;
6305 struct ksmbd_work *cancel_work = NULL;
6307 struct list_head *command_list;
6309 ksmbd_debug(SMB, "smb2 cancel called on mid %llu, async flags 0x%x\n",
6310 hdr->MessageId, hdr->Flags);
6312 if (hdr->Flags & SMB2_FLAGS_ASYNC_COMMAND) {
6313 command_list = &conn->async_requests;
6315 spin_lock(&conn->request_lock);
6316 list_for_each_entry(cancel_work, command_list,
6317 async_request_entry) {
6318 chdr = cancel_work->request_buf;
6320 if (cancel_work->async_id !=
6321 le64_to_cpu(hdr->Id.AsyncId))
6325 "smb2 with AsyncId %llu cancelled command = 0x%x\n",
6326 le64_to_cpu(hdr->Id.AsyncId),
6327 le16_to_cpu(chdr->Command));
6331 spin_unlock(&conn->request_lock);
6333 command_list = &conn->requests;
6335 spin_lock(&conn->request_lock);
6336 list_for_each_entry(cancel_work, command_list, request_entry) {
6337 chdr = cancel_work->request_buf;
6339 if (chdr->MessageId != hdr->MessageId ||
6340 cancel_work == work)
6344 "smb2 with mid %llu cancelled command = 0x%x\n",
6345 le64_to_cpu(hdr->MessageId),
6346 le16_to_cpu(chdr->Command));
6350 spin_unlock(&conn->request_lock);
6354 cancel_work->state = KSMBD_WORK_CANCELLED;
6355 if (cancel_work->cancel_fn)
6356 cancel_work->cancel_fn(cancel_work->cancel_argv);
6359 /* For SMB2_CANCEL command itself send no response*/
6360 work->send_no_response = 1;
6364 struct file_lock *smb_flock_init(struct file *f)
6366 struct file_lock *fl;
6368 fl = locks_alloc_lock();
6372 locks_init_lock(fl);
6375 fl->fl_pid = current->tgid;
6377 fl->fl_flags = FL_POSIX;
6379 fl->fl_lmops = NULL;
6385 static int smb2_set_flock_flags(struct file_lock *flock, int flags)
6389 /* Checking for wrong flag combination during lock request*/
6391 case SMB2_LOCKFLAG_SHARED:
6392 ksmbd_debug(SMB, "received shared request\n");
6394 flock->fl_type = F_RDLCK;
6395 flock->fl_flags |= FL_SLEEP;
6397 case SMB2_LOCKFLAG_EXCLUSIVE:
6398 ksmbd_debug(SMB, "received exclusive request\n");
6400 flock->fl_type = F_WRLCK;
6401 flock->fl_flags |= FL_SLEEP;
6403 case SMB2_LOCKFLAG_SHARED | SMB2_LOCKFLAG_FAIL_IMMEDIATELY:
6405 "received shared & fail immediately request\n");
6407 flock->fl_type = F_RDLCK;
6409 case SMB2_LOCKFLAG_EXCLUSIVE | SMB2_LOCKFLAG_FAIL_IMMEDIATELY:
6411 "received exclusive & fail immediately request\n");
6413 flock->fl_type = F_WRLCK;
6415 case SMB2_LOCKFLAG_UNLOCK:
6416 ksmbd_debug(SMB, "received unlock request\n");
6417 flock->fl_type = F_UNLCK;
6425 static struct ksmbd_lock *smb2_lock_init(struct file_lock *flock,
6426 unsigned int cmd, int flags,
6427 struct list_head *lock_list)
6429 struct ksmbd_lock *lock;
6431 lock = kzalloc(sizeof(struct ksmbd_lock), GFP_KERNEL);
6437 lock->start = flock->fl_start;
6438 lock->end = flock->fl_end;
6439 lock->flags = flags;
6440 if (lock->start == lock->end)
6442 INIT_LIST_HEAD(&lock->llist);
6443 INIT_LIST_HEAD(&lock->glist);
6444 list_add_tail(&lock->llist, lock_list);
6449 static void smb2_remove_blocked_lock(void **argv)
6451 struct file_lock *flock = (struct file_lock *)argv[0];
6453 ksmbd_vfs_posix_lock_unblock(flock);
6454 wake_up(&flock->fl_wait);
6457 static inline bool lock_defer_pending(struct file_lock *fl)
6459 /* check pending lock waiters */
6460 return waitqueue_active(&fl->fl_wait);
6464 * smb2_lock() - handler for smb2 file lock command
6465 * @work: smb work containing lock command buffer
6467 * Return: 0 on success, otherwise error
6469 int smb2_lock(struct ksmbd_work *work)
6471 struct smb2_lock_req *req = work->request_buf;
6472 struct smb2_lock_rsp *rsp = work->response_buf;
6473 struct smb2_lock_element *lock_ele;
6474 struct ksmbd_file *fp = NULL;
6475 struct file_lock *flock = NULL;
6476 struct file *filp = NULL;
6481 u64 lock_start, lock_length;
6482 struct ksmbd_lock *smb_lock = NULL, *cmp_lock, *tmp;
6484 LIST_HEAD(lock_list);
6485 LIST_HEAD(rollback_list);
6488 ksmbd_debug(SMB, "Received lock request\n");
6489 fp = ksmbd_lookup_fd_slow(work,
6490 le64_to_cpu(req->VolatileFileId),
6491 le64_to_cpu(req->PersistentFileId));
6493 ksmbd_debug(SMB, "Invalid file id for lock : %llu\n",
6494 le64_to_cpu(req->VolatileFileId));
6495 rsp->hdr.Status = STATUS_FILE_CLOSED;
6500 lock_count = le16_to_cpu(req->LockCount);
6501 lock_ele = req->locks;
6503 ksmbd_debug(SMB, "lock count is %d\n", lock_count);
6505 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
6509 for (i = 0; i < lock_count; i++) {
6510 flags = le32_to_cpu(lock_ele[i].Flags);
6512 flock = smb_flock_init(filp);
6514 rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED;
6518 cmd = smb2_set_flock_flags(flock, flags);
6520 lock_start = le64_to_cpu(lock_ele[i].Offset);
6521 lock_length = le64_to_cpu(lock_ele[i].Length);
6522 if (lock_start > U64_MAX - lock_length) {
6523 pr_err("Invalid lock range requested\n");
6524 rsp->hdr.Status = STATUS_INVALID_LOCK_RANGE;
6528 if (lock_start > OFFSET_MAX)
6529 flock->fl_start = OFFSET_MAX;
6531 flock->fl_start = lock_start;
6533 lock_length = le64_to_cpu(lock_ele[i].Length);
6534 if (lock_length > OFFSET_MAX - flock->fl_start)
6535 lock_length = OFFSET_MAX - flock->fl_start;
6537 flock->fl_end = flock->fl_start + lock_length;
6539 if (flock->fl_end < flock->fl_start) {
6541 "the end offset(%llx) is smaller than the start offset(%llx)\n",
6542 flock->fl_end, flock->fl_start);
6543 rsp->hdr.Status = STATUS_INVALID_LOCK_RANGE;
6547 /* Check conflict locks in one request */
6548 list_for_each_entry(cmp_lock, &lock_list, llist) {
6549 if (cmp_lock->fl->fl_start <= flock->fl_start &&
6550 cmp_lock->fl->fl_end >= flock->fl_end) {
6551 if (cmp_lock->fl->fl_type != F_UNLCK &&
6552 flock->fl_type != F_UNLCK) {
6553 pr_err("conflict two locks in one request\n");
6555 STATUS_INVALID_PARAMETER;
6561 smb_lock = smb2_lock_init(flock, cmd, flags, &lock_list);
6563 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
6568 list_for_each_entry_safe(smb_lock, tmp, &lock_list, llist) {
6569 if (smb_lock->cmd < 0) {
6570 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
6574 if (!(smb_lock->flags & SMB2_LOCKFLAG_MASK)) {
6575 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
6579 if ((prior_lock & (SMB2_LOCKFLAG_EXCLUSIVE | SMB2_LOCKFLAG_SHARED) &&
6580 smb_lock->flags & SMB2_LOCKFLAG_UNLOCK) ||
6581 (prior_lock == SMB2_LOCKFLAG_UNLOCK &&
6582 !(smb_lock->flags & SMB2_LOCKFLAG_UNLOCK))) {
6583 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
6587 prior_lock = smb_lock->flags;
6589 if (!(smb_lock->flags & SMB2_LOCKFLAG_UNLOCK) &&
6590 !(smb_lock->flags & SMB2_LOCKFLAG_FAIL_IMMEDIATELY))
6594 /* check locks in global list */
6595 list_for_each_entry(cmp_lock, &global_lock_list, glist) {
6596 if (file_inode(cmp_lock->fl->fl_file) !=
6597 file_inode(smb_lock->fl->fl_file))
6600 if (smb_lock->fl->fl_type == F_UNLCK) {
6601 if (cmp_lock->fl->fl_file == smb_lock->fl->fl_file &&
6602 cmp_lock->start == smb_lock->start &&
6603 cmp_lock->end == smb_lock->end &&
6604 !lock_defer_pending(cmp_lock->fl)) {
6606 locks_free_lock(cmp_lock->fl);
6607 list_del(&cmp_lock->glist);
6614 if (cmp_lock->fl->fl_file == smb_lock->fl->fl_file) {
6615 if (smb_lock->flags & SMB2_LOCKFLAG_SHARED)
6618 if (cmp_lock->flags & SMB2_LOCKFLAG_SHARED)
6622 /* check zero byte lock range */
6623 if (cmp_lock->zero_len && !smb_lock->zero_len &&
6624 cmp_lock->start > smb_lock->start &&
6625 cmp_lock->start < smb_lock->end) {
6626 pr_err("previous lock conflict with zero byte lock range\n");
6627 rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED;
6631 if (smb_lock->zero_len && !cmp_lock->zero_len &&
6632 smb_lock->start > cmp_lock->start &&
6633 smb_lock->start < cmp_lock->end) {
6634 pr_err("current lock conflict with zero byte lock range\n");
6635 rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED;
6639 if (((cmp_lock->start <= smb_lock->start &&
6640 cmp_lock->end > smb_lock->start) ||
6641 (cmp_lock->start < smb_lock->end && cmp_lock->end >= smb_lock->end)) &&
6642 !cmp_lock->zero_len && !smb_lock->zero_len) {
6643 pr_err("Not allow lock operation on exclusive lock range\n");
6645 STATUS_LOCK_NOT_GRANTED;
6650 if (smb_lock->fl->fl_type == F_UNLCK && nolock) {
6651 pr_err("Try to unlock nolocked range\n");
6652 rsp->hdr.Status = STATUS_RANGE_NOT_LOCKED;
6657 if (smb_lock->zero_len) {
6662 flock = smb_lock->fl;
6663 list_del(&smb_lock->llist);
6665 err = vfs_lock_file(filp, smb_lock->cmd, flock, NULL);
6667 if (flags & SMB2_LOCKFLAG_UNLOCK) {
6669 ksmbd_debug(SMB, "File unlocked\n");
6670 } else if (err == -ENOENT) {
6671 rsp->hdr.Status = STATUS_NOT_LOCKED;
6674 locks_free_lock(flock);
6677 if (err == FILE_LOCK_DEFERRED) {
6681 "would have to wait for getting lock\n");
6682 list_add_tail(&smb_lock->glist,
6684 list_add(&smb_lock->llist, &rollback_list);
6686 argv = kmalloc(sizeof(void *), GFP_KERNEL);
6693 err = setup_async_work(work,
6694 smb2_remove_blocked_lock,
6698 STATUS_INSUFFICIENT_RESOURCES;
6701 spin_lock(&fp->f_lock);
6702 list_add(&work->fp_entry, &fp->blocked_works);
6703 spin_unlock(&fp->f_lock);
6705 smb2_send_interim_resp(work, STATUS_PENDING);
6707 err = ksmbd_vfs_posix_lock_wait(flock);
6709 if (!WORK_ACTIVE(work)) {
6710 list_del(&smb_lock->llist);
6711 list_del(&smb_lock->glist);
6712 locks_free_lock(flock);
6714 if (WORK_CANCELLED(work)) {
6715 spin_lock(&fp->f_lock);
6716 list_del(&work->fp_entry);
6717 spin_unlock(&fp->f_lock);
6721 smb2_send_interim_resp(work,
6723 work->send_no_response = 1;
6726 init_smb2_rsp_hdr(work);
6727 smb2_set_err_rsp(work);
6729 STATUS_RANGE_NOT_LOCKED;
6734 list_del(&smb_lock->llist);
6735 list_del(&smb_lock->glist);
6736 spin_lock(&fp->f_lock);
6737 list_del(&work->fp_entry);
6738 spin_unlock(&fp->f_lock);
6741 list_add_tail(&smb_lock->glist,
6743 list_add(&smb_lock->llist, &rollback_list);
6744 ksmbd_debug(SMB, "successful in taking lock\n");
6746 rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED;
6752 if (atomic_read(&fp->f_ci->op_count) > 1)
6753 smb_break_all_oplock(work, fp);
6755 rsp->StructureSize = cpu_to_le16(4);
6756 ksmbd_debug(SMB, "successful in taking lock\n");
6757 rsp->hdr.Status = STATUS_SUCCESS;
6759 inc_rfc1001_len(rsp, 4);
6760 ksmbd_fd_put(work, fp);
6764 list_for_each_entry_safe(smb_lock, tmp, &lock_list, llist) {
6765 locks_free_lock(smb_lock->fl);
6766 list_del(&smb_lock->llist);
6770 list_for_each_entry_safe(smb_lock, tmp, &rollback_list, llist) {
6771 struct file_lock *rlock = NULL;
6773 rlock = smb_flock_init(filp);
6774 rlock->fl_type = F_UNLCK;
6775 rlock->fl_start = smb_lock->start;
6776 rlock->fl_end = smb_lock->end;
6778 err = vfs_lock_file(filp, 0, rlock, NULL);
6780 pr_err("rollback unlock fail : %d\n", err);
6781 list_del(&smb_lock->llist);
6782 list_del(&smb_lock->glist);
6783 locks_free_lock(smb_lock->fl);
6784 locks_free_lock(rlock);
6788 ksmbd_debug(SMB, "failed in taking lock(flags : %x)\n", flags);
6789 smb2_set_err_rsp(work);
6790 ksmbd_fd_put(work, fp);
6794 static int fsctl_copychunk(struct ksmbd_work *work, struct smb2_ioctl_req *req,
6795 struct smb2_ioctl_rsp *rsp)
6797 struct copychunk_ioctl_req *ci_req;
6798 struct copychunk_ioctl_rsp *ci_rsp;
6799 struct ksmbd_file *src_fp = NULL, *dst_fp = NULL;
6800 struct srv_copychunk *chunks;
6801 unsigned int i, chunk_count, chunk_count_written = 0;
6802 unsigned int chunk_size_written = 0;
6803 loff_t total_size_written = 0;
6806 cnt_code = le32_to_cpu(req->CntCode);
6807 ci_req = (struct copychunk_ioctl_req *)&req->Buffer[0];
6808 ci_rsp = (struct copychunk_ioctl_rsp *)&rsp->Buffer[0];
6810 rsp->VolatileFileId = req->VolatileFileId;
6811 rsp->PersistentFileId = req->PersistentFileId;
6812 ci_rsp->ChunksWritten =
6813 cpu_to_le32(ksmbd_server_side_copy_max_chunk_count());
6814 ci_rsp->ChunkBytesWritten =
6815 cpu_to_le32(ksmbd_server_side_copy_max_chunk_size());
6816 ci_rsp->TotalBytesWritten =
6817 cpu_to_le32(ksmbd_server_side_copy_max_total_size());
6819 chunks = (struct srv_copychunk *)&ci_req->Chunks[0];
6820 chunk_count = le32_to_cpu(ci_req->ChunkCount);
6821 total_size_written = 0;
6823 /* verify the SRV_COPYCHUNK_COPY packet */
6824 if (chunk_count > ksmbd_server_side_copy_max_chunk_count() ||
6825 le32_to_cpu(req->InputCount) <
6826 offsetof(struct copychunk_ioctl_req, Chunks) +
6827 chunk_count * sizeof(struct srv_copychunk)) {
6828 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
6832 for (i = 0; i < chunk_count; i++) {
6833 if (le32_to_cpu(chunks[i].Length) == 0 ||
6834 le32_to_cpu(chunks[i].Length) > ksmbd_server_side_copy_max_chunk_size())
6836 total_size_written += le32_to_cpu(chunks[i].Length);
6839 if (i < chunk_count ||
6840 total_size_written > ksmbd_server_side_copy_max_total_size()) {
6841 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
6845 src_fp = ksmbd_lookup_foreign_fd(work,
6846 le64_to_cpu(ci_req->ResumeKey[0]));
6847 dst_fp = ksmbd_lookup_fd_slow(work,
6848 le64_to_cpu(req->VolatileFileId),
6849 le64_to_cpu(req->PersistentFileId));
6852 src_fp->persistent_id != le64_to_cpu(ci_req->ResumeKey[1])) {
6853 rsp->hdr.Status = STATUS_OBJECT_NAME_NOT_FOUND;
6858 rsp->hdr.Status = STATUS_FILE_CLOSED;
6863 * FILE_READ_DATA should only be included in
6864 * the FSCTL_COPYCHUNK case
6866 if (cnt_code == FSCTL_COPYCHUNK &&
6867 !(dst_fp->daccess & (FILE_READ_DATA_LE | FILE_GENERIC_READ_LE))) {
6868 rsp->hdr.Status = STATUS_ACCESS_DENIED;
6872 ret = ksmbd_vfs_copy_file_ranges(work, src_fp, dst_fp,
6873 chunks, chunk_count,
6874 &chunk_count_written,
6875 &chunk_size_written,
6876 &total_size_written);
6879 rsp->hdr.Status = STATUS_ACCESS_DENIED;
6881 rsp->hdr.Status = STATUS_FILE_LOCK_CONFLICT;
6882 else if (ret == -EBADF)
6883 rsp->hdr.Status = STATUS_INVALID_HANDLE;
6884 else if (ret == -EFBIG || ret == -ENOSPC)
6885 rsp->hdr.Status = STATUS_DISK_FULL;
6886 else if (ret == -EINVAL)
6887 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
6888 else if (ret == -EISDIR)
6889 rsp->hdr.Status = STATUS_FILE_IS_A_DIRECTORY;
6890 else if (ret == -E2BIG)
6891 rsp->hdr.Status = STATUS_INVALID_VIEW_SIZE;
6893 rsp->hdr.Status = STATUS_UNEXPECTED_IO_ERROR;
6896 ci_rsp->ChunksWritten = cpu_to_le32(chunk_count_written);
6897 ci_rsp->ChunkBytesWritten = cpu_to_le32(chunk_size_written);
6898 ci_rsp->TotalBytesWritten = cpu_to_le32(total_size_written);
6900 ksmbd_fd_put(work, src_fp);
6901 ksmbd_fd_put(work, dst_fp);
6905 static __be32 idev_ipv4_address(struct in_device *idev)
6909 struct in_ifaddr *ifa;
6912 in_dev_for_each_ifa_rcu(ifa, idev) {
6913 if (ifa->ifa_flags & IFA_F_SECONDARY)
6916 addr = ifa->ifa_address;
6923 static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn,
6924 struct smb2_ioctl_req *req,
6925 struct smb2_ioctl_rsp *rsp)
6927 struct network_interface_info_ioctl_rsp *nii_rsp = NULL;
6929 struct net_device *netdev;
6930 struct sockaddr_storage_rsp *sockaddr_storage;
6932 unsigned long long speed;
6935 for_each_netdev(&init_net, netdev) {
6936 if (unlikely(!netdev)) {
6941 if (netdev->type == ARPHRD_LOOPBACK)
6944 flags = dev_get_flags(netdev);
6945 if (!(flags & IFF_RUNNING))
6948 nii_rsp = (struct network_interface_info_ioctl_rsp *)
6949 &rsp->Buffer[nbytes];
6950 nii_rsp->IfIndex = cpu_to_le32(netdev->ifindex);
6952 /* TODO: specify the RDMA capabilities */
6953 if (netdev->num_tx_queues > 1)
6954 nii_rsp->Capability = cpu_to_le32(RSS_CAPABLE);
6956 nii_rsp->Capability = 0;
6958 nii_rsp->Next = cpu_to_le32(152);
6959 nii_rsp->Reserved = 0;
6961 if (netdev->ethtool_ops->get_link_ksettings) {
6962 struct ethtool_link_ksettings cmd;
6964 netdev->ethtool_ops->get_link_ksettings(netdev, &cmd);
6965 speed = cmd.base.speed;
6967 pr_err("%s %s\n", netdev->name,
6968 "speed is unknown, defaulting to 1Gb/sec");
6973 nii_rsp->LinkSpeed = cpu_to_le64(speed);
6975 sockaddr_storage = (struct sockaddr_storage_rsp *)
6976 nii_rsp->SockAddr_Storage;
6977 memset(sockaddr_storage, 0, 128);
6979 if (conn->peer_addr.ss_family == PF_INET) {
6980 struct in_device *idev;
6982 sockaddr_storage->Family = cpu_to_le16(INTERNETWORK);
6983 sockaddr_storage->addr4.Port = 0;
6985 idev = __in_dev_get_rtnl(netdev);
6988 sockaddr_storage->addr4.IPv4address =
6989 idev_ipv4_address(idev);
6991 struct inet6_dev *idev6;
6992 struct inet6_ifaddr *ifa;
6993 __u8 *ipv6_addr = sockaddr_storage->addr6.IPv6address;
6995 sockaddr_storage->Family = cpu_to_le16(INTERNETWORKV6);
6996 sockaddr_storage->addr6.Port = 0;
6997 sockaddr_storage->addr6.FlowInfo = 0;
6999 idev6 = __in6_dev_get(netdev);
7003 list_for_each_entry(ifa, &idev6->addr_list, if_list) {
7004 if (ifa->flags & (IFA_F_TENTATIVE |
7007 memcpy(ipv6_addr, ifa->addr.s6_addr, 16);
7010 sockaddr_storage->addr6.ScopeId = 0;
7013 nbytes += sizeof(struct network_interface_info_ioctl_rsp);
7017 /* zero if this is last one */
7022 rsp->hdr.Status = STATUS_BUFFER_TOO_SMALL;
7026 rsp->PersistentFileId = cpu_to_le64(SMB2_NO_FID);
7027 rsp->VolatileFileId = cpu_to_le64(SMB2_NO_FID);
7031 static int fsctl_validate_negotiate_info(struct ksmbd_conn *conn,
7032 struct validate_negotiate_info_req *neg_req,
7033 struct validate_negotiate_info_rsp *neg_rsp)
7038 dialect = ksmbd_lookup_dialect_by_id(neg_req->Dialects,
7039 neg_req->DialectCount);
7040 if (dialect == BAD_PROT_ID || dialect != conn->dialect) {
7045 if (strncmp(neg_req->Guid, conn->ClientGUID, SMB2_CLIENT_GUID_SIZE)) {
7050 if (le16_to_cpu(neg_req->SecurityMode) != conn->cli_sec_mode) {
7055 if (le32_to_cpu(neg_req->Capabilities) != conn->cli_cap) {
7060 neg_rsp->Capabilities = cpu_to_le32(conn->vals->capabilities);
7061 memset(neg_rsp->Guid, 0, SMB2_CLIENT_GUID_SIZE);
7062 neg_rsp->SecurityMode = cpu_to_le16(conn->srv_sec_mode);
7063 neg_rsp->Dialect = cpu_to_le16(conn->dialect);
7068 static int fsctl_query_allocated_ranges(struct ksmbd_work *work, u64 id,
7069 struct file_allocated_range_buffer *qar_req,
7070 struct file_allocated_range_buffer *qar_rsp,
7071 int in_count, int *out_count)
7073 struct ksmbd_file *fp;
7074 loff_t start, length;
7081 fp = ksmbd_lookup_fd_fast(work, id);
7085 start = le64_to_cpu(qar_req->file_offset);
7086 length = le64_to_cpu(qar_req->length);
7088 ret = ksmbd_vfs_fqar_lseek(fp, start, length,
7089 qar_rsp, in_count, out_count);
7090 if (ret && ret != -E2BIG)
7093 ksmbd_fd_put(work, fp);
7097 static int fsctl_pipe_transceive(struct ksmbd_work *work, u64 id,
7098 int out_buf_len, struct smb2_ioctl_req *req,
7099 struct smb2_ioctl_rsp *rsp)
7101 struct ksmbd_rpc_command *rpc_resp;
7102 char *data_buf = (char *)&req->Buffer[0];
7105 rpc_resp = ksmbd_rpc_ioctl(work->sess, id, data_buf,
7106 le32_to_cpu(req->InputCount));
7108 if (rpc_resp->flags == KSMBD_RPC_SOME_NOT_MAPPED) {
7110 * set STATUS_SOME_NOT_MAPPED response
7111 * for unknown domain sid.
7113 rsp->hdr.Status = STATUS_SOME_NOT_MAPPED;
7114 } else if (rpc_resp->flags == KSMBD_RPC_ENOTIMPLEMENTED) {
7115 rsp->hdr.Status = STATUS_NOT_SUPPORTED;
7117 } else if (rpc_resp->flags != KSMBD_RPC_OK) {
7118 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
7122 nbytes = rpc_resp->payload_sz;
7123 if (rpc_resp->payload_sz > out_buf_len) {
7124 rsp->hdr.Status = STATUS_BUFFER_OVERFLOW;
7125 nbytes = out_buf_len;
7128 if (!rpc_resp->payload_sz) {
7130 STATUS_UNEXPECTED_IO_ERROR;
7134 memcpy((char *)rsp->Buffer, rpc_resp->payload, nbytes);
7141 static inline int fsctl_set_sparse(struct ksmbd_work *work, u64 id,
7142 struct file_sparse *sparse)
7144 struct ksmbd_file *fp;
7148 fp = ksmbd_lookup_fd_fast(work, id);
7152 old_fattr = fp->f_ci->m_fattr;
7153 if (sparse->SetSparse)
7154 fp->f_ci->m_fattr |= ATTR_SPARSE_FILE_LE;
7156 fp->f_ci->m_fattr &= ~ATTR_SPARSE_FILE_LE;
7158 if (fp->f_ci->m_fattr != old_fattr &&
7159 test_share_config_flag(work->tcon->share_conf,
7160 KSMBD_SHARE_FLAG_STORE_DOS_ATTRS)) {
7161 struct xattr_dos_attrib da;
7163 ret = ksmbd_vfs_get_dos_attrib_xattr(fp->filp->f_path.dentry, &da);
7167 da.attr = le32_to_cpu(fp->f_ci->m_fattr);
7168 ret = ksmbd_vfs_set_dos_attrib_xattr(fp->filp->f_path.dentry, &da);
7170 fp->f_ci->m_fattr = old_fattr;
7174 ksmbd_fd_put(work, fp);
7178 static int fsctl_request_resume_key(struct ksmbd_work *work,
7179 struct smb2_ioctl_req *req,
7180 struct resume_key_ioctl_rsp *key_rsp)
7182 struct ksmbd_file *fp;
7184 fp = ksmbd_lookup_fd_slow(work,
7185 le64_to_cpu(req->VolatileFileId),
7186 le64_to_cpu(req->PersistentFileId));
7190 memset(key_rsp, 0, sizeof(*key_rsp));
7191 key_rsp->ResumeKey[0] = req->VolatileFileId;
7192 key_rsp->ResumeKey[1] = req->PersistentFileId;
7193 ksmbd_fd_put(work, fp);
7199 * smb2_ioctl() - handler for smb2 ioctl command
7200 * @work: smb work containing ioctl command buffer
7202 * Return: 0 on success, otherwise error
7204 int smb2_ioctl(struct ksmbd_work *work)
7206 struct smb2_ioctl_req *req;
7207 struct smb2_ioctl_rsp *rsp, *rsp_org;
7208 int cnt_code, nbytes = 0;
7210 u64 id = KSMBD_NO_FID;
7211 struct ksmbd_conn *conn = work->conn;
7214 rsp_org = work->response_buf;
7215 if (work->next_smb2_rcv_hdr_off) {
7216 req = REQUEST_BUF_NEXT(work);
7217 rsp = RESPONSE_BUF_NEXT(work);
7218 if (!HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) {
7219 ksmbd_debug(SMB, "Compound request set FID = %u\n",
7220 work->compound_fid);
7221 id = work->compound_fid;
7224 req = work->request_buf;
7225 rsp = work->response_buf;
7228 if (!HAS_FILE_ID(id))
7229 id = le64_to_cpu(req->VolatileFileId);
7231 if (req->Flags != cpu_to_le32(SMB2_0_IOCTL_IS_FSCTL)) {
7232 rsp->hdr.Status = STATUS_NOT_SUPPORTED;
7236 cnt_code = le32_to_cpu(req->CntCode);
7237 out_buf_len = le32_to_cpu(req->MaxOutputResponse);
7238 out_buf_len = min(KSMBD_IPC_MAX_PAYLOAD, out_buf_len);
7241 case FSCTL_DFS_GET_REFERRALS:
7242 case FSCTL_DFS_GET_REFERRALS_EX:
7243 /* Not support DFS yet */
7244 rsp->hdr.Status = STATUS_FS_DRIVER_REQUIRED;
7246 case FSCTL_CREATE_OR_GET_OBJECT_ID:
7248 struct file_object_buf_type1_ioctl_rsp *obj_buf;
7250 nbytes = sizeof(struct file_object_buf_type1_ioctl_rsp);
7251 obj_buf = (struct file_object_buf_type1_ioctl_rsp *)
7255 * TODO: This is dummy implementation to pass smbtorture
7256 * Need to check correct response later
7258 memset(obj_buf->ObjectId, 0x0, 16);
7259 memset(obj_buf->BirthVolumeId, 0x0, 16);
7260 memset(obj_buf->BirthObjectId, 0x0, 16);
7261 memset(obj_buf->DomainId, 0x0, 16);
7265 case FSCTL_PIPE_TRANSCEIVE:
7266 nbytes = fsctl_pipe_transceive(work, id, out_buf_len, req, rsp);
7268 case FSCTL_VALIDATE_NEGOTIATE_INFO:
7269 if (conn->dialect < SMB30_PROT_ID) {
7274 ret = fsctl_validate_negotiate_info(conn,
7275 (struct validate_negotiate_info_req *)&req->Buffer[0],
7276 (struct validate_negotiate_info_rsp *)&rsp->Buffer[0]);
7280 nbytes = sizeof(struct validate_negotiate_info_rsp);
7281 rsp->PersistentFileId = cpu_to_le64(SMB2_NO_FID);
7282 rsp->VolatileFileId = cpu_to_le64(SMB2_NO_FID);
7284 case FSCTL_QUERY_NETWORK_INTERFACE_INFO:
7285 nbytes = fsctl_query_iface_info_ioctl(conn, req, rsp);
7289 case FSCTL_REQUEST_RESUME_KEY:
7290 if (out_buf_len < sizeof(struct resume_key_ioctl_rsp)) {
7295 ret = fsctl_request_resume_key(work, req,
7296 (struct resume_key_ioctl_rsp *)&rsp->Buffer[0]);
7299 rsp->PersistentFileId = req->PersistentFileId;
7300 rsp->VolatileFileId = req->VolatileFileId;
7301 nbytes = sizeof(struct resume_key_ioctl_rsp);
7303 case FSCTL_COPYCHUNK:
7304 case FSCTL_COPYCHUNK_WRITE:
7305 if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) {
7307 "User does not have write permission\n");
7312 if (out_buf_len < sizeof(struct copychunk_ioctl_rsp)) {
7317 nbytes = sizeof(struct copychunk_ioctl_rsp);
7318 fsctl_copychunk(work, req, rsp);
7320 case FSCTL_SET_SPARSE:
7321 ret = fsctl_set_sparse(work, id,
7322 (struct file_sparse *)&req->Buffer[0]);
7326 case FSCTL_SET_ZERO_DATA:
7328 struct file_zero_data_information *zero_data;
7329 struct ksmbd_file *fp;
7332 if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) {
7334 "User does not have write permission\n");
7340 (struct file_zero_data_information *)&req->Buffer[0];
7342 fp = ksmbd_lookup_fd_fast(work, id);
7348 off = le64_to_cpu(zero_data->FileOffset);
7349 len = le64_to_cpu(zero_data->BeyondFinalZero) - off;
7351 ret = ksmbd_vfs_zero_data(work, fp, off, len);
7352 ksmbd_fd_put(work, fp);
7357 case FSCTL_QUERY_ALLOCATED_RANGES:
7358 ret = fsctl_query_allocated_ranges(work, id,
7359 (struct file_allocated_range_buffer *)&req->Buffer[0],
7360 (struct file_allocated_range_buffer *)&rsp->Buffer[0],
7362 sizeof(struct file_allocated_range_buffer), &nbytes);
7363 if (ret == -E2BIG) {
7364 rsp->hdr.Status = STATUS_BUFFER_OVERFLOW;
7365 } else if (ret < 0) {
7370 nbytes *= sizeof(struct file_allocated_range_buffer);
7372 case FSCTL_GET_REPARSE_POINT:
7374 struct reparse_data_buffer *reparse_ptr;
7375 struct ksmbd_file *fp;
7377 reparse_ptr = (struct reparse_data_buffer *)&rsp->Buffer[0];
7378 fp = ksmbd_lookup_fd_fast(work, id);
7380 pr_err("not found fp!!\n");
7385 reparse_ptr->ReparseTag =
7386 smb2_get_reparse_tag_special_file(FP_INODE(fp)->i_mode);
7387 reparse_ptr->ReparseDataLength = 0;
7388 ksmbd_fd_put(work, fp);
7389 nbytes = sizeof(struct reparse_data_buffer);
7392 case FSCTL_DUPLICATE_EXTENTS_TO_FILE:
7394 struct ksmbd_file *fp_in, *fp_out = NULL;
7395 struct duplicate_extents_to_file *dup_ext;
7396 loff_t src_off, dst_off, length, cloned;
7398 dup_ext = (struct duplicate_extents_to_file *)&req->Buffer[0];
7400 fp_in = ksmbd_lookup_fd_slow(work, dup_ext->VolatileFileHandle,
7401 dup_ext->PersistentFileHandle);
7403 pr_err("not found file handle in duplicate extent to file\n");
7408 fp_out = ksmbd_lookup_fd_fast(work, id);
7410 pr_err("not found fp\n");
7415 src_off = le64_to_cpu(dup_ext->SourceFileOffset);
7416 dst_off = le64_to_cpu(dup_ext->TargetFileOffset);
7417 length = le64_to_cpu(dup_ext->ByteCount);
7418 cloned = vfs_clone_file_range(fp_in->filp, src_off, fp_out->filp,
7419 dst_off, length, 0);
7420 if (cloned == -EXDEV || cloned == -EOPNOTSUPP) {
7423 } else if (cloned != length) {
7424 cloned = vfs_copy_file_range(fp_in->filp, src_off,
7425 fp_out->filp, dst_off, length, 0);
7426 if (cloned != length) {
7435 ksmbd_fd_put(work, fp_in);
7436 ksmbd_fd_put(work, fp_out);
7442 ksmbd_debug(SMB, "not implemented yet ioctl command 0x%x\n",
7448 rsp->CntCode = cpu_to_le32(cnt_code);
7449 rsp->InputCount = cpu_to_le32(0);
7450 rsp->InputOffset = cpu_to_le32(112);
7451 rsp->OutputOffset = cpu_to_le32(112);
7452 rsp->OutputCount = cpu_to_le32(nbytes);
7453 rsp->StructureSize = cpu_to_le16(49);
7454 rsp->Reserved = cpu_to_le16(0);
7455 rsp->Flags = cpu_to_le32(0);
7456 rsp->Reserved2 = cpu_to_le32(0);
7457 inc_rfc1001_len(rsp_org, 48 + nbytes);
7463 rsp->hdr.Status = STATUS_ACCESS_DENIED;
7464 else if (ret == -ENOENT)
7465 rsp->hdr.Status = STATUS_OBJECT_NAME_NOT_FOUND;
7466 else if (ret == -EOPNOTSUPP)
7467 rsp->hdr.Status = STATUS_NOT_SUPPORTED;
7468 else if (ret < 0 || rsp->hdr.Status == 0)
7469 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
7470 smb2_set_err_rsp(work);
7475 * smb20_oplock_break_ack() - handler for smb2.0 oplock break command
7476 * @work: smb work containing oplock break command buffer
7480 static void smb20_oplock_break_ack(struct ksmbd_work *work)
7482 struct smb2_oplock_break *req = work->request_buf;
7483 struct smb2_oplock_break *rsp = work->response_buf;
7484 struct ksmbd_file *fp;
7485 struct oplock_info *opinfo = NULL;
7488 u64 volatile_id, persistent_id;
7489 char req_oplevel = 0, rsp_oplevel = 0;
7490 unsigned int oplock_change_type;
7492 volatile_id = le64_to_cpu(req->VolatileFid);
7493 persistent_id = le64_to_cpu(req->PersistentFid);
7494 req_oplevel = req->OplockLevel;
7495 ksmbd_debug(OPLOCK, "v_id %llu, p_id %llu request oplock level %d\n",
7496 volatile_id, persistent_id, req_oplevel);
7498 fp = ksmbd_lookup_fd_slow(work, volatile_id, persistent_id);
7500 rsp->hdr.Status = STATUS_FILE_CLOSED;
7501 smb2_set_err_rsp(work);
7505 opinfo = opinfo_get(fp);
7507 pr_err("unexpected null oplock_info\n");
7508 rsp->hdr.Status = STATUS_INVALID_OPLOCK_PROTOCOL;
7509 smb2_set_err_rsp(work);
7510 ksmbd_fd_put(work, fp);
7514 if (opinfo->level == SMB2_OPLOCK_LEVEL_NONE) {
7515 rsp->hdr.Status = STATUS_INVALID_OPLOCK_PROTOCOL;
7519 if (opinfo->op_state == OPLOCK_STATE_NONE) {
7520 ksmbd_debug(SMB, "unexpected oplock state 0x%x\n", opinfo->op_state);
7521 rsp->hdr.Status = STATUS_UNSUCCESSFUL;
7525 if ((opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE ||
7526 opinfo->level == SMB2_OPLOCK_LEVEL_BATCH) &&
7527 (req_oplevel != SMB2_OPLOCK_LEVEL_II &&
7528 req_oplevel != SMB2_OPLOCK_LEVEL_NONE)) {
7529 err = STATUS_INVALID_OPLOCK_PROTOCOL;
7530 oplock_change_type = OPLOCK_WRITE_TO_NONE;
7531 } else if (opinfo->level == SMB2_OPLOCK_LEVEL_II &&
7532 req_oplevel != SMB2_OPLOCK_LEVEL_NONE) {
7533 err = STATUS_INVALID_OPLOCK_PROTOCOL;
7534 oplock_change_type = OPLOCK_READ_TO_NONE;
7535 } else if (req_oplevel == SMB2_OPLOCK_LEVEL_II ||
7536 req_oplevel == SMB2_OPLOCK_LEVEL_NONE) {
7537 err = STATUS_INVALID_DEVICE_STATE;
7538 if ((opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE ||
7539 opinfo->level == SMB2_OPLOCK_LEVEL_BATCH) &&
7540 req_oplevel == SMB2_OPLOCK_LEVEL_II) {
7541 oplock_change_type = OPLOCK_WRITE_TO_READ;
7542 } else if ((opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE ||
7543 opinfo->level == SMB2_OPLOCK_LEVEL_BATCH) &&
7544 req_oplevel == SMB2_OPLOCK_LEVEL_NONE) {
7545 oplock_change_type = OPLOCK_WRITE_TO_NONE;
7546 } else if (opinfo->level == SMB2_OPLOCK_LEVEL_II &&
7547 req_oplevel == SMB2_OPLOCK_LEVEL_NONE) {
7548 oplock_change_type = OPLOCK_READ_TO_NONE;
7550 oplock_change_type = 0;
7553 oplock_change_type = 0;
7556 switch (oplock_change_type) {
7557 case OPLOCK_WRITE_TO_READ:
7558 ret = opinfo_write_to_read(opinfo);
7559 rsp_oplevel = SMB2_OPLOCK_LEVEL_II;
7561 case OPLOCK_WRITE_TO_NONE:
7562 ret = opinfo_write_to_none(opinfo);
7563 rsp_oplevel = SMB2_OPLOCK_LEVEL_NONE;
7565 case OPLOCK_READ_TO_NONE:
7566 ret = opinfo_read_to_none(opinfo);
7567 rsp_oplevel = SMB2_OPLOCK_LEVEL_NONE;
7570 pr_err("unknown oplock change 0x%x -> 0x%x\n",
7571 opinfo->level, rsp_oplevel);
7575 rsp->hdr.Status = err;
7580 ksmbd_fd_put(work, fp);
7581 opinfo->op_state = OPLOCK_STATE_NONE;
7582 wake_up_interruptible_all(&opinfo->oplock_q);
7584 rsp->StructureSize = cpu_to_le16(24);
7585 rsp->OplockLevel = rsp_oplevel;
7588 rsp->VolatileFid = cpu_to_le64(volatile_id);
7589 rsp->PersistentFid = cpu_to_le64(persistent_id);
7590 inc_rfc1001_len(rsp, 24);
7594 opinfo->op_state = OPLOCK_STATE_NONE;
7595 wake_up_interruptible_all(&opinfo->oplock_q);
7598 ksmbd_fd_put(work, fp);
7599 smb2_set_err_rsp(work);
7602 static int check_lease_state(struct lease *lease, __le32 req_state)
7604 if ((lease->new_state ==
7605 (SMB2_LEASE_READ_CACHING_LE | SMB2_LEASE_HANDLE_CACHING_LE)) &&
7606 !(req_state & SMB2_LEASE_WRITE_CACHING_LE)) {
7607 lease->new_state = req_state;
7611 if (lease->new_state == req_state)
7618 * smb21_lease_break_ack() - handler for smb2.1 lease break command
7619 * @work: smb work containing lease break command buffer
7623 static void smb21_lease_break_ack(struct ksmbd_work *work)
7625 struct ksmbd_conn *conn = work->conn;
7626 struct smb2_lease_ack *req = work->request_buf;
7627 struct smb2_lease_ack *rsp = work->response_buf;
7628 struct oplock_info *opinfo;
7631 unsigned int lease_change_type;
7633 struct lease *lease;
7635 ksmbd_debug(OPLOCK, "smb21 lease break, lease state(0x%x)\n",
7636 le32_to_cpu(req->LeaseState));
7637 opinfo = lookup_lease_in_table(conn, req->LeaseKey);
7639 ksmbd_debug(OPLOCK, "file not opened\n");
7640 smb2_set_err_rsp(work);
7641 rsp->hdr.Status = STATUS_UNSUCCESSFUL;
7644 lease = opinfo->o_lease;
7646 if (opinfo->op_state == OPLOCK_STATE_NONE) {
7647 pr_err("unexpected lease break state 0x%x\n",
7649 rsp->hdr.Status = STATUS_UNSUCCESSFUL;
7653 if (check_lease_state(lease, req->LeaseState)) {
7654 rsp->hdr.Status = STATUS_REQUEST_NOT_ACCEPTED;
7656 "req lease state: 0x%x, expected state: 0x%x\n",
7657 req->LeaseState, lease->new_state);
7661 if (!atomic_read(&opinfo->breaking_cnt)) {
7662 rsp->hdr.Status = STATUS_UNSUCCESSFUL;
7666 /* check for bad lease state */
7667 if (req->LeaseState &
7668 (~(SMB2_LEASE_READ_CACHING_LE | SMB2_LEASE_HANDLE_CACHING_LE))) {
7669 err = STATUS_INVALID_OPLOCK_PROTOCOL;
7670 if (lease->state & SMB2_LEASE_WRITE_CACHING_LE)
7671 lease_change_type = OPLOCK_WRITE_TO_NONE;
7673 lease_change_type = OPLOCK_READ_TO_NONE;
7674 ksmbd_debug(OPLOCK, "handle bad lease state 0x%x -> 0x%x\n",
7675 le32_to_cpu(lease->state),
7676 le32_to_cpu(req->LeaseState));
7677 } else if (lease->state == SMB2_LEASE_READ_CACHING_LE &&
7678 req->LeaseState != SMB2_LEASE_NONE_LE) {
7679 err = STATUS_INVALID_OPLOCK_PROTOCOL;
7680 lease_change_type = OPLOCK_READ_TO_NONE;
7681 ksmbd_debug(OPLOCK, "handle bad lease state 0x%x -> 0x%x\n",
7682 le32_to_cpu(lease->state),
7683 le32_to_cpu(req->LeaseState));
7685 /* valid lease state changes */
7686 err = STATUS_INVALID_DEVICE_STATE;
7687 if (req->LeaseState == SMB2_LEASE_NONE_LE) {
7688 if (lease->state & SMB2_LEASE_WRITE_CACHING_LE)
7689 lease_change_type = OPLOCK_WRITE_TO_NONE;
7691 lease_change_type = OPLOCK_READ_TO_NONE;
7692 } else if (req->LeaseState & SMB2_LEASE_READ_CACHING_LE) {
7693 if (lease->state & SMB2_LEASE_WRITE_CACHING_LE)
7694 lease_change_type = OPLOCK_WRITE_TO_READ;
7696 lease_change_type = OPLOCK_READ_HANDLE_TO_READ;
7698 lease_change_type = 0;
7702 switch (lease_change_type) {
7703 case OPLOCK_WRITE_TO_READ:
7704 ret = opinfo_write_to_read(opinfo);
7706 case OPLOCK_READ_HANDLE_TO_READ:
7707 ret = opinfo_read_handle_to_read(opinfo);
7709 case OPLOCK_WRITE_TO_NONE:
7710 ret = opinfo_write_to_none(opinfo);
7712 case OPLOCK_READ_TO_NONE:
7713 ret = opinfo_read_to_none(opinfo);
7716 ksmbd_debug(OPLOCK, "unknown lease change 0x%x -> 0x%x\n",
7717 le32_to_cpu(lease->state),
7718 le32_to_cpu(req->LeaseState));
7721 lease_state = lease->state;
7722 opinfo->op_state = OPLOCK_STATE_NONE;
7723 wake_up_interruptible_all(&opinfo->oplock_q);
7724 atomic_dec(&opinfo->breaking_cnt);
7725 wake_up_interruptible_all(&opinfo->oplock_brk);
7729 rsp->hdr.Status = err;
7733 rsp->StructureSize = cpu_to_le16(36);
7736 memcpy(rsp->LeaseKey, req->LeaseKey, 16);
7737 rsp->LeaseState = lease_state;
7738 rsp->LeaseDuration = 0;
7739 inc_rfc1001_len(rsp, 36);
7743 opinfo->op_state = OPLOCK_STATE_NONE;
7744 wake_up_interruptible_all(&opinfo->oplock_q);
7745 atomic_dec(&opinfo->breaking_cnt);
7746 wake_up_interruptible_all(&opinfo->oplock_brk);
7749 smb2_set_err_rsp(work);
7753 * smb2_oplock_break() - dispatcher for smb2.0 and 2.1 oplock/lease break
7754 * @work: smb work containing oplock/lease break command buffer
7758 int smb2_oplock_break(struct ksmbd_work *work)
7760 struct smb2_oplock_break *req = work->request_buf;
7761 struct smb2_oplock_break *rsp = work->response_buf;
7763 switch (le16_to_cpu(req->StructureSize)) {
7764 case OP_BREAK_STRUCT_SIZE_20:
7765 smb20_oplock_break_ack(work);
7767 case OP_BREAK_STRUCT_SIZE_21:
7768 smb21_lease_break_ack(work);
7771 ksmbd_debug(OPLOCK, "invalid break cmd %d\n",
7772 le16_to_cpu(req->StructureSize));
7773 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
7774 smb2_set_err_rsp(work);
7781 * smb2_notify() - handler for smb2 notify request
7782 * @work: smb work containing notify command buffer
7786 int smb2_notify(struct ksmbd_work *work)
7788 struct smb2_notify_req *req;
7789 struct smb2_notify_rsp *rsp;
7791 WORK_BUFFERS(work, req, rsp);
7793 if (work->next_smb2_rcv_hdr_off && req->hdr.NextCommand) {
7794 rsp->hdr.Status = STATUS_INTERNAL_ERROR;
7795 smb2_set_err_rsp(work);
7799 smb2_set_err_rsp(work);
7800 rsp->hdr.Status = STATUS_NOT_IMPLEMENTED;
7805 * smb2_is_sign_req() - handler for checking packet signing status
7806 * @work: smb work containing notify command buffer
7807 * @command: SMB2 command id
7809 * Return: true if packed is signed, false otherwise
7811 bool smb2_is_sign_req(struct ksmbd_work *work, unsigned int command)
7813 struct smb2_hdr *rcv_hdr2 = work->request_buf;
7815 if ((rcv_hdr2->Flags & SMB2_FLAGS_SIGNED) &&
7816 command != SMB2_NEGOTIATE_HE &&
7817 command != SMB2_SESSION_SETUP_HE &&
7818 command != SMB2_OPLOCK_BREAK_HE)
7825 * smb2_check_sign_req() - handler for req packet sign processing
7826 * @work: smb work containing notify command buffer
7828 * Return: 1 on success, 0 otherwise
7830 int smb2_check_sign_req(struct ksmbd_work *work)
7832 struct smb2_hdr *hdr, *hdr_org;
7833 char signature_req[SMB2_SIGNATURE_SIZE];
7834 char signature[SMB2_HMACSHA256_SIZE];
7838 hdr_org = hdr = work->request_buf;
7839 if (work->next_smb2_rcv_hdr_off)
7840 hdr = REQUEST_BUF_NEXT(work);
7842 if (!hdr->NextCommand && !work->next_smb2_rcv_hdr_off)
7843 len = be32_to_cpu(hdr_org->smb2_buf_length);
7844 else if (hdr->NextCommand)
7845 len = le32_to_cpu(hdr->NextCommand);
7847 len = be32_to_cpu(hdr_org->smb2_buf_length) -
7848 work->next_smb2_rcv_hdr_off;
7850 memcpy(signature_req, hdr->Signature, SMB2_SIGNATURE_SIZE);
7851 memset(hdr->Signature, 0, SMB2_SIGNATURE_SIZE);
7853 iov[0].iov_base = (char *)&hdr->ProtocolId;
7854 iov[0].iov_len = len;
7856 if (ksmbd_sign_smb2_pdu(work->conn, work->sess->sess_key, iov, 1,
7860 if (memcmp(signature, signature_req, SMB2_SIGNATURE_SIZE)) {
7861 pr_err("bad smb2 signature\n");
7869 * smb2_set_sign_rsp() - handler for rsp packet sign processing
7870 * @work: smb work containing notify command buffer
7873 void smb2_set_sign_rsp(struct ksmbd_work *work)
7875 struct smb2_hdr *hdr, *hdr_org;
7876 struct smb2_hdr *req_hdr;
7877 char signature[SMB2_HMACSHA256_SIZE];
7882 hdr_org = hdr = work->response_buf;
7883 if (work->next_smb2_rsp_hdr_off)
7884 hdr = RESPONSE_BUF_NEXT(work);
7886 req_hdr = REQUEST_BUF_NEXT(work);
7888 if (!work->next_smb2_rsp_hdr_off) {
7889 len = get_rfc1002_len(hdr_org);
7890 if (req_hdr->NextCommand)
7891 len = ALIGN(len, 8);
7893 len = get_rfc1002_len(hdr_org) - work->next_smb2_rsp_hdr_off;
7894 len = ALIGN(len, 8);
7897 if (req_hdr->NextCommand)
7898 hdr->NextCommand = cpu_to_le32(len);
7900 hdr->Flags |= SMB2_FLAGS_SIGNED;
7901 memset(hdr->Signature, 0, SMB2_SIGNATURE_SIZE);
7903 iov[0].iov_base = (char *)&hdr->ProtocolId;
7904 iov[0].iov_len = len;
7906 if (work->aux_payload_sz) {
7907 iov[0].iov_len -= work->aux_payload_sz;
7909 iov[1].iov_base = work->aux_payload_buf;
7910 iov[1].iov_len = work->aux_payload_sz;
7914 if (!ksmbd_sign_smb2_pdu(work->conn, work->sess->sess_key, iov, n_vec,
7916 memcpy(hdr->Signature, signature, SMB2_SIGNATURE_SIZE);
7920 * smb3_check_sign_req() - handler for req packet sign processing
7921 * @work: smb work containing notify command buffer
7923 * Return: 1 on success, 0 otherwise
7925 int smb3_check_sign_req(struct ksmbd_work *work)
7927 struct ksmbd_conn *conn = work->conn;
7929 struct smb2_hdr *hdr, *hdr_org;
7930 struct channel *chann;
7931 char signature_req[SMB2_SIGNATURE_SIZE];
7932 char signature[SMB2_CMACAES_SIZE];
7936 hdr_org = hdr = work->request_buf;
7937 if (work->next_smb2_rcv_hdr_off)
7938 hdr = REQUEST_BUF_NEXT(work);
7940 if (!hdr->NextCommand && !work->next_smb2_rcv_hdr_off)
7941 len = be32_to_cpu(hdr_org->smb2_buf_length);
7942 else if (hdr->NextCommand)
7943 len = le32_to_cpu(hdr->NextCommand);
7945 len = be32_to_cpu(hdr_org->smb2_buf_length) -
7946 work->next_smb2_rcv_hdr_off;
7948 if (le16_to_cpu(hdr->Command) == SMB2_SESSION_SETUP_HE) {
7949 signing_key = work->sess->smb3signingkey;
7951 chann = lookup_chann_list(work->sess, conn);
7954 signing_key = chann->smb3signingkey;
7958 pr_err("SMB3 signing key is not generated\n");
7962 memcpy(signature_req, hdr->Signature, SMB2_SIGNATURE_SIZE);
7963 memset(hdr->Signature, 0, SMB2_SIGNATURE_SIZE);
7964 iov[0].iov_base = (char *)&hdr->ProtocolId;
7965 iov[0].iov_len = len;
7967 if (ksmbd_sign_smb3_pdu(conn, signing_key, iov, 1, signature))
7970 if (memcmp(signature, signature_req, SMB2_SIGNATURE_SIZE)) {
7971 pr_err("bad smb2 signature\n");
7979 * smb3_set_sign_rsp() - handler for rsp packet sign processing
7980 * @work: smb work containing notify command buffer
7983 void smb3_set_sign_rsp(struct ksmbd_work *work)
7985 struct ksmbd_conn *conn = work->conn;
7986 struct smb2_hdr *req_hdr;
7987 struct smb2_hdr *hdr, *hdr_org;
7988 struct channel *chann;
7989 char signature[SMB2_CMACAES_SIZE];
7995 hdr_org = hdr = work->response_buf;
7996 if (work->next_smb2_rsp_hdr_off)
7997 hdr = RESPONSE_BUF_NEXT(work);
7999 req_hdr = REQUEST_BUF_NEXT(work);
8001 if (!work->next_smb2_rsp_hdr_off) {
8002 len = get_rfc1002_len(hdr_org);
8003 if (req_hdr->NextCommand)
8004 len = ALIGN(len, 8);
8006 len = get_rfc1002_len(hdr_org) - work->next_smb2_rsp_hdr_off;
8007 len = ALIGN(len, 8);
8010 if (le16_to_cpu(hdr->Command) == SMB2_SESSION_SETUP_HE) {
8011 signing_key = work->sess->smb3signingkey;
8013 chann = lookup_chann_list(work->sess, work->conn);
8016 signing_key = chann->smb3signingkey;
8022 if (req_hdr->NextCommand)
8023 hdr->NextCommand = cpu_to_le32(len);
8025 hdr->Flags |= SMB2_FLAGS_SIGNED;
8026 memset(hdr->Signature, 0, SMB2_SIGNATURE_SIZE);
8027 iov[0].iov_base = (char *)&hdr->ProtocolId;
8028 iov[0].iov_len = len;
8029 if (work->aux_payload_sz) {
8030 iov[0].iov_len -= work->aux_payload_sz;
8031 iov[1].iov_base = work->aux_payload_buf;
8032 iov[1].iov_len = work->aux_payload_sz;
8036 if (!ksmbd_sign_smb3_pdu(conn, signing_key, iov, n_vec, signature))
8037 memcpy(hdr->Signature, signature, SMB2_SIGNATURE_SIZE);
8041 * smb3_preauth_hash_rsp() - handler for computing preauth hash on response
8042 * @work: smb work containing response buffer
8045 void smb3_preauth_hash_rsp(struct ksmbd_work *work)
8047 struct ksmbd_conn *conn = work->conn;
8048 struct ksmbd_session *sess = work->sess;
8049 struct smb2_hdr *req, *rsp;
8051 if (conn->dialect != SMB311_PROT_ID)
8054 WORK_BUFFERS(work, req, rsp);
8056 if (le16_to_cpu(req->Command) == SMB2_NEGOTIATE_HE)
8057 ksmbd_gen_preauth_integrity_hash(conn, (char *)rsp,
8058 conn->preauth_info->Preauth_HashValue);
8060 if (le16_to_cpu(rsp->Command) == SMB2_SESSION_SETUP_HE && sess) {
8063 if (conn->binding) {
8064 struct preauth_session *preauth_sess;
8066 preauth_sess = ksmbd_preauth_session_lookup(conn, sess->id);
8069 hash_value = preauth_sess->Preauth_HashValue;
8071 hash_value = sess->Preauth_HashValue;
8075 ksmbd_gen_preauth_integrity_hash(conn, (char *)rsp,
8080 static void fill_transform_hdr(struct smb2_transform_hdr *tr_hdr, char *old_buf,
8083 struct smb2_hdr *hdr = (struct smb2_hdr *)old_buf;
8084 unsigned int orig_len = get_rfc1002_len(old_buf);
8086 memset(tr_hdr, 0, sizeof(struct smb2_transform_hdr));
8087 tr_hdr->ProtocolId = SMB2_TRANSFORM_PROTO_NUM;
8088 tr_hdr->OriginalMessageSize = cpu_to_le32(orig_len);
8089 tr_hdr->Flags = cpu_to_le16(0x01);
8090 if (cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
8091 cipher_type == SMB2_ENCRYPTION_AES256_GCM)
8092 get_random_bytes(&tr_hdr->Nonce, SMB3_AES_GCM_NONCE);
8094 get_random_bytes(&tr_hdr->Nonce, SMB3_AES_CCM_NONCE);
8095 memcpy(&tr_hdr->SessionId, &hdr->SessionId, 8);
8096 inc_rfc1001_len(tr_hdr, sizeof(struct smb2_transform_hdr) - 4);
8097 inc_rfc1001_len(tr_hdr, orig_len);
8100 int smb3_encrypt_resp(struct ksmbd_work *work)
8102 char *buf = work->response_buf;
8103 struct smb2_transform_hdr *tr_hdr;
8106 int buf_size = 0, rq_nvec = 2 + (work->aux_payload_sz ? 1 : 0);
8108 if (ARRAY_SIZE(iov) < rq_nvec)
8111 tr_hdr = kzalloc(sizeof(struct smb2_transform_hdr), GFP_KERNEL);
8115 /* fill transform header */
8116 fill_transform_hdr(tr_hdr, buf, work->conn->cipher_type);
8118 iov[0].iov_base = tr_hdr;
8119 iov[0].iov_len = sizeof(struct smb2_transform_hdr);
8120 buf_size += iov[0].iov_len - 4;
8122 iov[1].iov_base = buf + 4;
8123 iov[1].iov_len = get_rfc1002_len(buf);
8124 if (work->aux_payload_sz) {
8125 iov[1].iov_len = work->resp_hdr_sz - 4;
8127 iov[2].iov_base = work->aux_payload_buf;
8128 iov[2].iov_len = work->aux_payload_sz;
8129 buf_size += iov[2].iov_len;
8131 buf_size += iov[1].iov_len;
8132 work->resp_hdr_sz = iov[1].iov_len;
8134 rc = ksmbd_crypt_message(work->conn, iov, rq_nvec, 1);
8138 memmove(buf, iov[1].iov_base, iov[1].iov_len);
8139 tr_hdr->smb2_buf_length = cpu_to_be32(buf_size);
8140 work->tr_buf = tr_hdr;
8145 int smb3_is_transform_hdr(void *buf)
8147 struct smb2_transform_hdr *trhdr = buf;
8149 return trhdr->ProtocolId == SMB2_TRANSFORM_PROTO_NUM;
8152 int smb3_decrypt_req(struct ksmbd_work *work)
8154 struct ksmbd_conn *conn = work->conn;
8155 struct ksmbd_session *sess;
8156 char *buf = work->request_buf;
8157 struct smb2_hdr *hdr;
8158 unsigned int pdu_length = get_rfc1002_len(buf);
8160 unsigned int buf_data_size = pdu_length + 4 -
8161 sizeof(struct smb2_transform_hdr);
8162 struct smb2_transform_hdr *tr_hdr = (struct smb2_transform_hdr *)buf;
8163 unsigned int orig_len = le32_to_cpu(tr_hdr->OriginalMessageSize);
8166 sess = ksmbd_session_lookup_all(conn, le64_to_cpu(tr_hdr->SessionId));
8168 pr_err("invalid session id(%llx) in transform header\n",
8169 le64_to_cpu(tr_hdr->SessionId));
8170 return -ECONNABORTED;
8173 if (pdu_length + 4 <
8174 sizeof(struct smb2_transform_hdr) + sizeof(struct smb2_hdr)) {
8175 pr_err("Transform message is too small (%u)\n",
8177 return -ECONNABORTED;
8180 if (pdu_length + 4 < orig_len + sizeof(struct smb2_transform_hdr)) {
8181 pr_err("Transform message is broken\n");
8182 return -ECONNABORTED;
8185 iov[0].iov_base = buf;
8186 iov[0].iov_len = sizeof(struct smb2_transform_hdr);
8187 iov[1].iov_base = buf + sizeof(struct smb2_transform_hdr);
8188 iov[1].iov_len = buf_data_size;
8189 rc = ksmbd_crypt_message(conn, iov, 2, 0);
8193 memmove(buf + 4, iov[1].iov_base, buf_data_size);
8194 hdr = (struct smb2_hdr *)buf;
8195 hdr->smb2_buf_length = cpu_to_be32(buf_data_size);
8200 bool smb3_11_final_sess_setup_resp(struct ksmbd_work *work)
8202 struct ksmbd_conn *conn = work->conn;
8203 struct smb2_hdr *rsp = work->response_buf;
8205 if (conn->dialect < SMB30_PROT_ID)
8208 if (work->next_smb2_rcv_hdr_off)
8209 rsp = RESPONSE_BUF_NEXT(work);
8211 if (le16_to_cpu(rsp->Command) == SMB2_SESSION_SETUP_HE &&
8212 rsp->Status == STATUS_SUCCESS)