[PATCH OLK-5.10 v2 001/308] cifsd: add server handler for central processing and tranport layers

From: Jason Yan yanaijie@huawei.com

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 0626e6641f6b467447c81dd7678a69c66f7746cf category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/0626e6641f6b

-------------------------------

This adds server handler for central processing, transport layers(tcp, rdma, ipc) and a document describing cifsd architecture.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Sergey Senozhatsky sergey.senozhatsky@gmail.com Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Acked-by: Ronnie Sahlberg lsahlber@redhat.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- Documentation/filesystems/cifs/cifsd.rst | 136 ++ fs/cifsd/connection.c | 416 +++++ fs/cifsd/connection.h | 212 +++ fs/cifsd/glob.h | 67 + fs/cifsd/ksmbd_server.h | 285 +++ fs/cifsd/ksmbd_work.c | 93 + fs/cifsd/ksmbd_work.h | 124 ++ fs/cifsd/server.c | 635 +++++++ fs/cifsd/server.h | 62 + fs/cifsd/transport_ipc.c | 900 ++++++++++ fs/cifsd/transport_ipc.h | 63 + fs/cifsd/transport_rdma.c | 2050 ++++++++++++++++++++++ fs/cifsd/transport_rdma.h | 61 + fs/cifsd/transport_tcp.c | 624 +++++++ fs/cifsd/transport_tcp.h | 13 + 15 files changed, 5741 insertions(+) create mode 100644 Documentation/filesystems/cifs/cifsd.rst create mode 100644 fs/cifsd/connection.c create mode 100644 fs/cifsd/connection.h create mode 100644 fs/cifsd/glob.h create mode 100644 fs/cifsd/ksmbd_server.h create mode 100644 fs/cifsd/ksmbd_work.c create mode 100644 fs/cifsd/ksmbd_work.h create mode 100644 fs/cifsd/server.c create mode 100644 fs/cifsd/server.h create mode 100644 fs/cifsd/transport_ipc.c create mode 100644 fs/cifsd/transport_ipc.h create mode 100644 fs/cifsd/transport_rdma.c create mode 100644 fs/cifsd/transport_rdma.h create mode 100644 fs/cifsd/transport_tcp.c create mode 100644 fs/cifsd/transport_tcp.h

diff --git a/Documentation/filesystems/cifs/cifsd.rst b/Documentation/filesystems/cifs/cifsd.rst new file mode 100644 index 000000000000..e0c33d03f290 --- /dev/null +++ b/Documentation/filesystems/cifs/cifsd.rst @@ -0,0 +1,136 @@ +.. SPDX-License-Identifier: GPL-2.0 + +========================= +CIFSD - SMB3 Kernel Server +========================= + +CIFSD is a linux kernel server which implements SMB3 protocol in kernel space +for sharing files over network. + +CIFSD architecture +================== + +The subset of performance related operations belong in kernelspace and +the other subset which belong to operations which are not really related with +performance in userspace. So, DCE/RPC management that has historically resulted +into number of buffer overflow issues and dangerous security bugs and user +account management are implemented in user space as ksmbd.mountd. +File operations that are related with performance (open/read/write/close etc.) +in kernel space (ksmbd). This also allows for easier integration with VFS +interface for all file operations. + +ksmbd (kernel daemon) +--------------------- + +When the server daemon is started, It starts up a forker thread +(ksmbd/interface name) at initialization time and open a dedicated port 445 +for listening to SMB requests. Whenever new clients make request, Forker +thread will accept the client connection and fork a new thread for dedicated +communication channel between the client and the server. It allows for parallel +processing of SMB requests(commands) from clients as well as allowing for new +clients to make new connections. Each instance is named ksmbd/1~n(port number) +to indicate connected clients. Depending on the SMB request types, each new +thread can decide to pass through the commands to the user space (ksmbd.mountd), +currently DCE/RPC commands are identified to be handled through the user space. +To further utilize the linux kernel, it has been chosen to process the commands +as workitems and to be executed in the handlers of the ksmbd-io kworker threads. +It allows for multiplexing of the handlers as the kernel take care of initiating +extra worker threads if the load is increased and vice versa, if the load is +decreased it destroys the extra worker threads. So, after connection is +established with client. Dedicated ksmbd/1..n(port number) takes complete +ownership of receiving/parsing of SMB commands. Each received command is worked +in parallel i.e., There can be multiple clients commands which are worked in +parallel. After receiving each command a separated kernel workitem is prepared +for each command which is further queued to be handled by ksmbd-io kworkers. +So, each SMB workitem is queued to the kworkers. This allows the benefit of load +sharing to be managed optimally by the default kernel and optimizing client +performance by handling client commands in parallel. + +ksmbd.mountd (user space daemon) +-------------------------------- + +ksmbd.mountd is userspace process to, transfer user account and password that +are registered using ksmbd.adduser(part of utils for user space). Further it +allows sharing information parameters that parsed from smb.conf to ksmbd in +kernel. For the execution part it has a daemon which is continuously running +and connected to the kernel interface using netlink socket, it waits for the +requests(dcerpc and share/user info). It handles RPC calls (at a minimum few +dozen) that are most important for file server from NetShareEnum and +NetServerGetInfo. Complete DCE/RPC response is prepared from the user space +and passed over to the associated kernel thread for the client. + +Key Features +============ + +The supported features are: + * SMB3 protocols for basic file sharing + * Auto negotiation + * Compound requests + * Oplock/Lease + * Large MTU + * NTLM/NTLMv2 + * HMAC-SHA256 Signing + * Secure negotiate + * Signing Update + * Pre-authentication integrity(SMB 3.1.1) + * SMB3 encryption(CCM, GCM) + * SMB direct(RDMA) + * SMB3.1.1 POSIX extension support + * ACLs + * Kerberos + +The features that are planned or not supported: + * SMB3 Multi-channel + * Durable handle v1,v2 + * Persistent handles + * Directory lease + * SMB2 notify + +How to run +========== + +1. Download ksmbd-tools and compile them. + - https://github.com/cifsd-team/ksmbd-tools + +2. Create user/password for SMB share. + + # mkdir /etc/ksmbd/ + # ksmbd.adduser -a <Enter USERNAME for SMB share access> + +3. Create /etc/ksmbd/smb.conf file, add SMB share in smb.conf file + - Refer smb.conf.example and Documentation/configuration.txt + in ksmbd-tools + +4. Insert ksmbd.ko module + + # insmod ksmbd.ko + +5. Start ksmbd user space daemon + # ksmbd.mountd + +6. Access share from Windows or Linux using CIFS + +Shutdown CIFSD +============== + +1. kill user and kernel space daemon + # sudo ksmbd.control -s + +How to turn debug print on +========================== + +Each layer +/sys/class/ksmbd-control/debug + +1. Enable all component prints + # sudo ksmbd.control -d "all" + +2. Enable one of components(smb, auth, vfs, oplock, ipc, conn, rdma) + # sudo ksmbd.control -d "smb" + +3. Show what prints are enable. + # cat/sys/class/ksmbd-control/debug + [smb] auth vfs oplock ipc conn [rdma] + +4. Disable prints: + If you try the selected component once more, It is disabled without brackets. diff --git a/fs/cifsd/connection.c b/fs/cifsd/connection.c new file mode 100644 index 000000000000..d27553dee2ad --- /dev/null +++ b/fs/cifsd/connection.c @@ -0,0 +1,416 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2016 Namjae Jeon namjae.jeon@protocolfreedom.org + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#include <linux/mutex.h> +#include <linux/freezer.h> +#include <linux/module.h> + +#include "server.h" +#include "buffer_pool.h" +#include "smb_common.h" +#include "mgmt/ksmbd_ida.h" +#include "connection.h" +#include "transport_tcp.h" +#include "transport_rdma.h" + +static DEFINE_MUTEX(init_lock); + +static struct ksmbd_conn_ops default_conn_ops; + +static LIST_HEAD(conn_list); +static DEFINE_RWLOCK(conn_list_lock); + +/** + * ksmbd_conn_free() - free resources of the connection instance + * + * @conn: connection instance to be cleand up + * + * During the thread termination, the corresponding conn instance + * resources(sock/memory) are released and finally the conn object is freed. + */ +void ksmbd_conn_free(struct ksmbd_conn *conn) +{ + write_lock(&conn_list_lock); + list_del(&conn->conns_list); + write_unlock(&conn_list_lock); + + ksmbd_free_request(conn->request_buf); + ksmbd_ida_free(conn->async_ida); + kfree(conn->preauth_info); + kfree(conn); +} + +/** + * ksmbd_conn_alloc() - initialize a new connection instance + * + * Return: ksmbd_conn struct on success, otherwise NULL + */ +struct ksmbd_conn *ksmbd_conn_alloc(void) +{ + struct ksmbd_conn *conn; + + conn = kzalloc(sizeof(struct ksmbd_conn), GFP_KERNEL); + if (!conn) + return NULL; + + conn->need_neg = true; + conn->status = KSMBD_SESS_NEW; + conn->local_nls = load_nls("utf8"); + if (!conn->local_nls) + conn->local_nls = load_nls_default(); + atomic_set(&conn->req_running, 0); + atomic_set(&conn->r_count, 0); + init_waitqueue_head(&conn->req_running_q); + INIT_LIST_HEAD(&conn->conns_list); + INIT_LIST_HEAD(&conn->sessions); + INIT_LIST_HEAD(&conn->requests); + INIT_LIST_HEAD(&conn->async_requests); + spin_lock_init(&conn->request_lock); + spin_lock_init(&conn->credits_lock); + conn->async_ida = ksmbd_ida_alloc(); + + write_lock(&conn_list_lock); + list_add(&conn->conns_list, &conn_list); + write_unlock(&conn_list_lock); + return conn; +} + +bool ksmbd_conn_lookup_dialect(struct ksmbd_conn *c) +{ + struct ksmbd_conn *t; + bool ret = false; + + read_lock(&conn_list_lock); + list_for_each_entry(t, &conn_list, conns_list) { + if (memcmp(t->ClientGUID, c->ClientGUID, SMB2_CLIENT_GUID_SIZE)) + continue; + + ret = true; + break; + } + read_unlock(&conn_list_lock); + return ret; +} + +void ksmbd_conn_enqueue_request(struct ksmbd_work *work) +{ + struct ksmbd_conn *conn = work->conn; + struct list_head *requests_queue = NULL; + + if (conn->ops->get_cmd_val(work) != SMB2_CANCEL_HE) { + requests_queue = &conn->requests; + work->syncronous = true; + } + + if (requests_queue) { + atomic_inc(&conn->req_running); + spin_lock(&conn->request_lock); + list_add_tail(&work->request_entry, requests_queue); + spin_unlock(&conn->request_lock); + } +} + +int ksmbd_conn_try_dequeue_request(struct ksmbd_work *work) +{ + struct ksmbd_conn *conn = work->conn; + int ret = 1; + + if (list_empty(&work->request_entry) && + list_empty(&work->async_request_entry)) + return 0; + + atomic_dec(&conn->req_running); + spin_lock(&conn->request_lock); + if (!work->multiRsp) { + list_del_init(&work->request_entry); + if (work->syncronous == false) + list_del_init(&work->async_request_entry); + ret = 0; + } + spin_unlock(&conn->request_lock); + + wake_up_all(&conn->req_running_q); + return ret; +} + +static void ksmbd_conn_lock(struct ksmbd_conn *conn) +{ + mutex_lock(&conn->srv_mutex); +} + +static void ksmbd_conn_unlock(struct ksmbd_conn *conn) +{ + mutex_unlock(&conn->srv_mutex); +} + +void ksmbd_conn_wait_idle(struct ksmbd_conn *conn) +{ + wait_event(conn->req_running_q, atomic_read(&conn->req_running) < 2); +} + +int ksmbd_conn_write(struct ksmbd_work *work) +{ + struct ksmbd_conn *conn = work->conn; + struct smb_hdr *rsp_hdr = RESPONSE_BUF(work); + size_t len = 0; + int sent; + struct kvec iov[3]; + int iov_idx = 0; + + ksmbd_conn_try_dequeue_request(work); + if (!rsp_hdr) { + ksmbd_err("NULL response header\n"); + return -EINVAL; + } + + if (HAS_TRANSFORM_BUF(work)) { + iov[iov_idx] = (struct kvec) { work->tr_buf, + sizeof(struct smb2_transform_hdr) }; + len += iov[iov_idx++].iov_len; + } + + if (HAS_AUX_PAYLOAD(work)) { + iov[iov_idx] = (struct kvec) { rsp_hdr, RESP_HDR_SIZE(work) }; + len += iov[iov_idx++].iov_len; + iov[iov_idx] = (struct kvec) { AUX_PAYLOAD(work), + AUX_PAYLOAD_SIZE(work) }; + len += iov[iov_idx++].iov_len; + } else { + if (HAS_TRANSFORM_BUF(work)) + iov[iov_idx].iov_len = RESP_HDR_SIZE(work); + else + iov[iov_idx].iov_len = get_rfc1002_len(rsp_hdr) + 4; + iov[iov_idx].iov_base = rsp_hdr; + len += iov[iov_idx++].iov_len; + } + + ksmbd_conn_lock(conn); + sent = conn->transport->ops->writev(conn->transport, &iov[0], + iov_idx, len, + work->need_invalidate_rkey, + work->remote_key); + ksmbd_conn_unlock(conn); + + if (sent < 0) { + ksmbd_err("Failed to send message: %d\n", sent); + return sent; + } + + return 0; +} + +int ksmbd_conn_rdma_read(struct ksmbd_conn *conn, + void *buf, unsigned int buflen, + u32 remote_key, u64 remote_offset, + u32 remote_len) +{ + int ret = -EINVAL; + + if (conn->transport->ops->rdma_read) + ret = conn->transport->ops->rdma_read(conn->transport, + buf, buflen, + remote_key, remote_offset, + remote_len); + return ret; +} + +int ksmbd_conn_rdma_write(struct ksmbd_conn *conn, + void *buf, unsigned int buflen, + u32 remote_key, u64 remote_offset, + u32 remote_len) +{ + int ret = -EINVAL; + + if (conn->transport->ops->rdma_write) + ret = conn->transport->ops->rdma_write(conn->transport, + buf, buflen, + remote_key, remote_offset, + remote_len); + return ret; +} + +bool ksmbd_conn_alive(struct ksmbd_conn *conn) +{ + if (!ksmbd_server_running()) + return false; + + if (conn->status == KSMBD_SESS_EXITING) + return false; + + if (kthread_should_stop()) + return false; + + if (atomic_read(&conn->stats.open_files_count) > 0) + return true; + + /* + * Stop current session if the time that get last request from client + * is bigger than deadtime user configured and openning file count is + * zero. + */ + if (server_conf.deadtime > 0 && + time_after(jiffies, conn->last_active + server_conf.deadtime)) { + ksmbd_debug(CONN, "No response from client in %lu minutes\n", + server_conf.deadtime / SMB_ECHO_INTERVAL); + return false; + } + return true; +} + +/** + * ksmbd_conn_handler_loop() - session thread to listen on new smb requests + * @p: connection instance + * + * One thread each per connection + * + * Return: 0 on success + */ +int ksmbd_conn_handler_loop(void *p) +{ + struct ksmbd_conn *conn = (struct ksmbd_conn *)p; + struct ksmbd_transport *t = conn->transport; + unsigned int pdu_size; + char hdr_buf[4] = {0,}; + int size; + + mutex_init(&conn->srv_mutex); + __module_get(THIS_MODULE); + + if (t->ops->prepare && t->ops->prepare(t)) + goto out; + + conn->last_active = jiffies; + while (ksmbd_conn_alive(conn)) { + if (try_to_freeze()) + continue; + + ksmbd_free_request(conn->request_buf); + conn->request_buf = NULL; + + size = t->ops->read(t, hdr_buf, sizeof(hdr_buf)); + if (size != sizeof(hdr_buf)) + break; + + pdu_size = get_rfc1002_len(hdr_buf); + ksmbd_debug(CONN, "RFC1002 header %u bytes\n", pdu_size); + + /* make sure we have enough to get to SMB header end */ + if (!ksmbd_pdu_size_has_room(pdu_size)) { + ksmbd_debug(CONN, "SMB request too short (%u bytes)\n", + pdu_size); + continue; + } + + /* 4 for rfc1002 length field */ + size = pdu_size + 4; + conn->request_buf = ksmbd_alloc_request(size); + if (!conn->request_buf) + continue; + + memcpy(conn->request_buf, hdr_buf, sizeof(hdr_buf)); + if (!ksmbd_smb_request(conn)) + break; + + /* + * We already read 4 bytes to find out PDU size, now + * read in PDU + */ + size = t->ops->read(t, conn->request_buf + 4, pdu_size); + if (size < 0) { + ksmbd_err("sock_read failed: %d\n", size); + break; + } + + if (size != pdu_size) { + ksmbd_err("PDU error. Read: %d, Expected: %d\n", + size, + pdu_size); + continue; + } + + if (!default_conn_ops.process_fn) { + ksmbd_err("No connection request callback\n"); + break; + } + + if (default_conn_ops.process_fn(conn)) { + ksmbd_err("Cannot handle request\n"); + break; + } + } + +out: + /* Wait till all reference dropped to the Server object*/ + while (atomic_read(&conn->r_count) > 0) + schedule_timeout(HZ); + + unload_nls(conn->local_nls); + if (default_conn_ops.terminate_fn) + default_conn_ops.terminate_fn(conn); + t->ops->disconnect(t); + module_put(THIS_MODULE); + return 0; +} + +void ksmbd_conn_init_server_callbacks(struct ksmbd_conn_ops *ops) +{ + default_conn_ops.process_fn = ops->process_fn; + default_conn_ops.terminate_fn = ops->terminate_fn; +} + +int ksmbd_conn_transport_init(void) +{ + int ret; + + mutex_lock(&init_lock); + ret = ksmbd_tcp_init(); + if (ret) { + pr_err("Failed to init TCP subsystem: %d\n", ret); + goto out; + } + + ret = ksmbd_rdma_init(); + if (ret) { + pr_err("Failed to init KSMBD subsystem: %d\n", ret); + goto out; + } +out: + mutex_unlock(&init_lock); + return ret; +} + +static void stop_sessions(void) +{ + struct ksmbd_conn *conn; + +again: + read_lock(&conn_list_lock); + list_for_each_entry(conn, &conn_list, conns_list) { + struct task_struct *task; + + task = conn->transport->handler; + if (task) + ksmbd_debug(CONN, "Stop session handler %s/%d\n", + task->comm, + task_pid_nr(task)); + conn->status = KSMBD_SESS_EXITING; + } + read_unlock(&conn_list_lock); + + if (!list_empty(&conn_list)) { + schedule_timeout_interruptible(HZ/10); /* 100ms */ + goto again; + } +} + +void ksmbd_conn_transport_destroy(void) +{ + mutex_lock(&init_lock); + ksmbd_tcp_destroy(); + ksmbd_rdma_destroy(); + stop_sessions(); + mutex_unlock(&init_lock); +} diff --git a/fs/cifsd/connection.h b/fs/cifsd/connection.h new file mode 100644 index 000000000000..179fb9278999 --- /dev/null +++ b/fs/cifsd/connection.h @@ -0,0 +1,212 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#ifndef __KSMBD_CONNECTION_H__ +#define __KSMBD_CONNECTION_H__ + +#include <linux/list.h> +#include <linux/ip.h> +#include <net/sock.h> +#include <net/tcp.h> +#include <net/inet_connection_sock.h> +#include <net/request_sock.h> +#include <linux/kthread.h> +#include <linux/nls.h> + +#include "smb_common.h" +#include "ksmbd_work.h" + +#define KSMBD_SOCKET_BACKLOG 16 + +/* + * WARNING + * + * This is nothing but a HACK. Session status should move to channel + * or to session. As of now we have 1 tcp_conn : 1 ksmbd_session, but + * we need to change it to 1 tcp_conn : N ksmbd_sessions. + */ +enum { + KSMBD_SESS_NEW = 0, + KSMBD_SESS_GOOD, + KSMBD_SESS_EXITING, + KSMBD_SESS_NEED_RECONNECT, + KSMBD_SESS_NEED_NEGOTIATE +}; + +struct ksmbd_stats { + atomic_t open_files_count; + atomic64_t request_served; +}; + +struct ksmbd_transport; + +struct ksmbd_conn { + struct smb_version_values *vals; + struct smb_version_ops *ops; + struct smb_version_cmds *cmds; + unsigned int max_cmds; + struct mutex srv_mutex; + int status; + unsigned int cli_cap; + char *request_buf; + struct ksmbd_transport *transport; + struct nls_table *local_nls; + struct list_head conns_list; + /* smb session 1 per user */ + struct list_head sessions; + unsigned long last_active; + /* How many request are running currently */ + atomic_t req_running; + /* References which are made for this Server object*/ + atomic_t r_count; + unsigned short total_credits; + unsigned short max_credits; + spinlock_t credits_lock; + wait_queue_head_t req_running_q; + /* Lock to protect requests list*/ + spinlock_t request_lock; + struct list_head requests; + struct list_head async_requests; + int connection_type; + struct ksmbd_stats stats; + char ClientGUID[SMB2_CLIENT_GUID_SIZE]; + union { + /* pending trans request table */ + struct trans_state *recent_trans; + /* Used by ntlmssp */ + char *ntlmssp_cryptkey; + }; + + struct preauth_integrity_info *preauth_info; + + bool need_neg; + unsigned int auth_mechs; + unsigned int preferred_auth_mech; + bool sign; + bool use_spnego:1; + __u16 cli_sec_mode; + __u16 srv_sec_mode; + /* dialect index that server chose */ + __u16 dialect; + + char *mechToken; + + struct ksmbd_conn_ops *conn_ops; + + /* Preauth Session Table */ + struct list_head preauth_sess_table; + + struct sockaddr_storage peer_addr; + + /* Identifier for async message */ + struct ksmbd_ida *async_ida; + + __le16 cipher_type; + __le16 compress_algorithm; + bool posix_ext_supported; +}; + +struct ksmbd_conn_ops { + int (*process_fn)(struct ksmbd_conn *conn); + int (*terminate_fn)(struct ksmbd_conn *conn); +}; + +struct ksmbd_transport_ops { + int (*prepare)(struct ksmbd_transport *t); + void (*disconnect)(struct ksmbd_transport *t); + int (*read)(struct ksmbd_transport *t, + char *buf, unsigned int size); + int (*writev)(struct ksmbd_transport *t, + struct kvec *iovs, int niov, int size, + bool need_invalidate_rkey, unsigned int remote_key); + int (*rdma_read)(struct ksmbd_transport *t, + void *buf, unsigned int len, u32 remote_key, + u64 remote_offset, u32 remote_len); + int (*rdma_write)(struct ksmbd_transport *t, + void *buf, unsigned int len, u32 remote_key, + u64 remote_offset, u32 remote_len); +}; + +struct ksmbd_transport { + struct ksmbd_conn *conn; + struct ksmbd_transport_ops *ops; + struct task_struct *handler; +}; + +#define KSMBD_TCP_RECV_TIMEOUT (7 * HZ) +#define KSMBD_TCP_SEND_TIMEOUT (5 * HZ) +#define KSMBD_TCP_PEER_SOCKADDR(c) ((struct sockaddr *)&((c)->peer_addr)) + +bool ksmbd_conn_alive(struct ksmbd_conn *conn); +void ksmbd_conn_wait_idle(struct ksmbd_conn *conn); + +struct ksmbd_conn *ksmbd_conn_alloc(void); +void ksmbd_conn_free(struct ksmbd_conn *conn); +bool ksmbd_conn_lookup_dialect(struct ksmbd_conn *c); +int ksmbd_conn_write(struct ksmbd_work *work); +int ksmbd_conn_rdma_read(struct ksmbd_conn *conn, + void *buf, unsigned int buflen, + u32 remote_key, u64 remote_offset, + u32 remote_len); +int ksmbd_conn_rdma_write(struct ksmbd_conn *conn, + void *buf, unsigned int buflen, + u32 remote_key, u64 remote_offset, + u32 remote_len); + +void ksmbd_conn_enqueue_request(struct ksmbd_work *work); +int ksmbd_conn_try_dequeue_request(struct ksmbd_work *work); +void ksmbd_conn_init_server_callbacks(struct ksmbd_conn_ops *ops); + +int ksmbd_conn_handler_loop(void *p); + +int ksmbd_conn_transport_init(void); +void ksmbd_conn_transport_destroy(void); + +/* + * WARNING + * + * This is a hack. We will move status to a proper place once we land + * a multi-sessions support. + */ +static inline bool ksmbd_conn_good(struct ksmbd_work *work) +{ + return work->conn->status == KSMBD_SESS_GOOD; +} + +static inline bool ksmbd_conn_need_negotiate(struct ksmbd_work *work) +{ + return work->conn->status == KSMBD_SESS_NEED_NEGOTIATE; +} + +static inline bool ksmbd_conn_need_reconnect(struct ksmbd_work *work) +{ + return work->conn->status == KSMBD_SESS_NEED_RECONNECT; +} + +static inline bool ksmbd_conn_exiting(struct ksmbd_work *work) +{ + return work->conn->status == KSMBD_SESS_EXITING; +} + +static inline void ksmbd_conn_set_good(struct ksmbd_work *work) +{ + work->conn->status = KSMBD_SESS_GOOD; +} + +static inline void ksmbd_conn_set_need_negotiate(struct ksmbd_work *work) +{ + work->conn->status = KSMBD_SESS_NEED_NEGOTIATE; +} + +static inline void ksmbd_conn_set_need_reconnect(struct ksmbd_work *work) +{ + work->conn->status = KSMBD_SESS_NEED_RECONNECT; +} + +static inline void ksmbd_conn_set_exiting(struct ksmbd_work *work) +{ + work->conn->status = KSMBD_SESS_EXITING; +} +#endif /* __CONNECTION_H__ */ diff --git a/fs/cifsd/glob.h b/fs/cifsd/glob.h new file mode 100644 index 000000000000..2dc3f603e837 --- /dev/null +++ b/fs/cifsd/glob.h @@ -0,0 +1,67 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2016 Namjae Jeon linkinjeon@kernel.org + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#ifndef __KSMBD_GLOB_H +#define __KSMBD_GLOB_H + +#include <linux/ctype.h> +#include <linux/version.h> + +#include "unicode.h" +#include "vfs_cache.h" +#include "smberr.h" + +#define KSMBD_VERSION "3.1.9" + +/* @FIXME clean up this code */ + +extern int ksmbd_debug_types; +extern int ksmbd_caseless_search; + +#define DATA_STREAM 1 +#define DIR_STREAM 2 + +#define KSMBD_DEBUG_SMB (1 << 0) +#define KSMBD_DEBUG_AUTH (1 << 1) +#define KSMBD_DEBUG_VFS (1 << 2) +#define KSMBD_DEBUG_OPLOCK (1 << 3) +#define KSMBD_DEBUG_IPC (1 << 4) +#define KSMBD_DEBUG_CONN (1 << 5) +#define KSMBD_DEBUG_RDMA (1 << 6) +#define KSMBD_DEBUG_ALL (KSMBD_DEBUG_SMB | KSMBD_DEBUG_AUTH | \ + KSMBD_DEBUG_VFS | KSMBD_DEBUG_OPLOCK | \ + KSMBD_DEBUG_IPC | KSMBD_DEBUG_CONN | \ + KSMBD_DEBUG_RDMA) + +#ifndef ksmbd_pr_fmt +#ifdef SUBMOD_NAME +#define ksmbd_pr_fmt(fmt) "ksmbd: " SUBMOD_NAME ": " fmt +#else +#define ksmbd_pr_fmt(fmt) "ksmbd: " fmt +#endif +#endif + +#define ksmbd_debug(type, fmt, ...) \ + do { \ + if (ksmbd_debug_types & KSMBD_DEBUG_##type) \ + pr_info(ksmbd_pr_fmt("%s:%d: " fmt), \ + __func__, \ + __LINE__, \ + ##__VA_ARGS__); \ + } while (0) + +#define ksmbd_info(fmt, ...) \ + pr_info(ksmbd_pr_fmt(fmt), ##__VA_ARGS__) + +#define ksmbd_err(fmt, ...) \ + pr_err(ksmbd_pr_fmt("%s:%d: " fmt), \ + __func__, \ + __LINE__, \ + ##__VA_ARGS__) + +#define UNICODE_LEN(x) ((x) * 2) + +#endif /* __KSMBD_GLOB_H */ diff --git a/fs/cifsd/ksmbd_server.h b/fs/cifsd/ksmbd_server.h new file mode 100644 index 000000000000..01eaf9ec4fde --- /dev/null +++ b/fs/cifsd/ksmbd_server.h @@ -0,0 +1,285 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + * + * linux-ksmbd-devel@lists.sourceforge.net + */ + +#ifndef _LINUX_KSMBD_SERVER_H +#define _LINUX_KSMBD_SERVER_H + +#include <linux/types.h> + +#define KSMBD_GENL_NAME "SMBD_GENL" +#define KSMBD_GENL_VERSION 0x01 + +#ifndef ____ksmbd_align +#define ____ksmbd_align __aligned(4) +#endif + +#define KSMBD_REQ_MAX_ACCOUNT_NAME_SZ 48 +#define KSMBD_REQ_MAX_HASH_SZ 18 +#define KSMBD_REQ_MAX_SHARE_NAME 64 + +struct ksmbd_heartbeat { + __u32 handle; +}; + +/* + * Global config flags. + */ +#define KSMBD_GLOBAL_FLAG_INVALID (0) +#define KSMBD_GLOBAL_FLAG_SMB2_LEASES (1 << 0) +#define KSMBD_GLOBAL_FLAG_CACHE_TBUF (1 << 1) +#define KSMBD_GLOBAL_FLAG_CACHE_RBUF (1 << 2) +#define KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION (1 << 3) +#define KSMBD_GLOBAL_FLAG_DURABLE_HANDLE (1 << 4) + +struct ksmbd_startup_request { + __u32 flags; + __s32 signing; + __s8 min_prot[16]; + __s8 max_prot[16]; + __s8 netbios_name[16]; + __s8 work_group[64]; + __s8 server_string[64]; + __u16 tcp_port; + __u16 ipc_timeout; + __u32 deadtime; + __u32 file_max; + __u32 smb2_max_write; + __u32 smb2_max_read; + __u32 smb2_max_trans; + __u32 share_fake_fscaps; + __u32 sub_auth[3]; + __u32 ifc_list_sz; + __s8 ____payload[0]; +} ____ksmbd_align; + +#define KSMBD_STARTUP_CONFIG_INTERFACES(s) ((s)->____payload) + +struct ksmbd_shutdown_request { + __s32 reserved; +} ____ksmbd_align; + +struct ksmbd_login_request { + __u32 handle; + __s8 account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ]; +} ____ksmbd_align; + +struct ksmbd_login_response { + __u32 handle; + __u32 gid; + __u32 uid; + __s8 account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ]; + __u16 status; + __u16 hash_sz; + __s8 hash[KSMBD_REQ_MAX_HASH_SZ]; +} ____ksmbd_align; + +struct ksmbd_share_config_request { + __u32 handle; + __s8 share_name[KSMBD_REQ_MAX_SHARE_NAME]; +} ____ksmbd_align; + +struct ksmbd_share_config_response { + __u32 handle; + __u32 flags; + __u16 create_mask; + __u16 directory_mask; + __u16 force_create_mode; + __u16 force_directory_mode; + __u16 force_uid; + __u16 force_gid; + __u32 veto_list_sz; + __s8 ____payload[0]; +} ____ksmbd_align; + +#define KSMBD_SHARE_CONFIG_VETO_LIST(s) ((s)->____payload) +#define KSMBD_SHARE_CONFIG_PATH(s) \ + ({ \ + char *p = (s)->____payload; \ + if ((s)->veto_list_sz) \ + p += (s)->veto_list_sz + 1; \ + p; \ + }) + +struct ksmbd_tree_connect_request { + __u32 handle; + __u16 account_flags; + __u16 flags; + __u64 session_id; + __u64 connect_id; + __s8 account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ]; + __s8 share[KSMBD_REQ_MAX_SHARE_NAME]; + __s8 peer_addr[64]; +} ____ksmbd_align; + +struct ksmbd_tree_connect_response { + __u32 handle; + __u16 status; + __u16 connection_flags; +} ____ksmbd_align; + +struct ksmbd_tree_disconnect_request { + __u64 session_id; + __u64 connect_id; +} ____ksmbd_align; + +struct ksmbd_logout_request { + __s8 account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ]; +} ____ksmbd_align; + +struct ksmbd_rpc_command { + __u32 handle; + __u32 flags; + __u32 payload_sz; + __u8 payload[0]; +} ____ksmbd_align; + +struct ksmbd_spnego_authen_request { + __u32 handle; + __u16 spnego_blob_len; + __u8 spnego_blob[0]; +} ____ksmbd_align; + +struct ksmbd_spnego_authen_response { + __u32 handle; + struct ksmbd_login_response login_response; + __u16 session_key_len; + __u16 spnego_blob_len; + __u8 payload[0]; /* session key + AP_REP */ +} ____ksmbd_align; + +/* + * This also used as NETLINK attribute type value. + * + * NOTE: + * Response message type value should be equal to + * request message type value + 1. + */ +enum ksmbd_event { + KSMBD_EVENT_UNSPEC = 0, + KSMBD_EVENT_HEARTBEAT_REQUEST, + + KSMBD_EVENT_STARTING_UP, + KSMBD_EVENT_SHUTTING_DOWN, + + KSMBD_EVENT_LOGIN_REQUEST, + KSMBD_EVENT_LOGIN_RESPONSE = 5, + + KSMBD_EVENT_SHARE_CONFIG_REQUEST, + KSMBD_EVENT_SHARE_CONFIG_RESPONSE, + + KSMBD_EVENT_TREE_CONNECT_REQUEST, + KSMBD_EVENT_TREE_CONNECT_RESPONSE, + + KSMBD_EVENT_TREE_DISCONNECT_REQUEST = 10, + + KSMBD_EVENT_LOGOUT_REQUEST, + + KSMBD_EVENT_RPC_REQUEST, + KSMBD_EVENT_RPC_RESPONSE, + + KSMBD_EVENT_SPNEGO_AUTHEN_REQUEST, + KSMBD_EVENT_SPNEGO_AUTHEN_RESPONSE = 15, + + KSMBD_EVENT_MAX +}; + +enum KSMBD_TREE_CONN_STATUS { + KSMBD_TREE_CONN_STATUS_OK = 0, + KSMBD_TREE_CONN_STATUS_NOMEM, + KSMBD_TREE_CONN_STATUS_NO_SHARE, + KSMBD_TREE_CONN_STATUS_NO_USER, + KSMBD_TREE_CONN_STATUS_INVALID_USER, + KSMBD_TREE_CONN_STATUS_HOST_DENIED = 5, + KSMBD_TREE_CONN_STATUS_CONN_EXIST, + KSMBD_TREE_CONN_STATUS_TOO_MANY_CONNS, + KSMBD_TREE_CONN_STATUS_TOO_MANY_SESSIONS, + KSMBD_TREE_CONN_STATUS_ERROR, +}; + +/* + * User config flags. + */ +#define KSMBD_USER_FLAG_INVALID (0) +#define KSMBD_USER_FLAG_OK (1 << 0) +#define KSMBD_USER_FLAG_BAD_PASSWORD (1 << 1) +#define KSMBD_USER_FLAG_BAD_UID (1 << 2) +#define KSMBD_USER_FLAG_BAD_USER (1 << 3) +#define KSMBD_USER_FLAG_GUEST_ACCOUNT (1 << 4) + +/* + * Share config flags. + */ +#define KSMBD_SHARE_FLAG_INVALID (0) +#define KSMBD_SHARE_FLAG_AVAILABLE (1 << 0) +#define KSMBD_SHARE_FLAG_BROWSEABLE (1 << 1) +#define KSMBD_SHARE_FLAG_WRITEABLE (1 << 2) +#define KSMBD_SHARE_FLAG_READONLY (1 << 3) +#define KSMBD_SHARE_FLAG_GUEST_OK (1 << 4) +#define KSMBD_SHARE_FLAG_GUEST_ONLY (1 << 5) +#define KSMBD_SHARE_FLAG_STORE_DOS_ATTRS (1 << 6) +#define KSMBD_SHARE_FLAG_OPLOCKS (1 << 7) +#define KSMBD_SHARE_FLAG_PIPE (1 << 8) +#define KSMBD_SHARE_FLAG_HIDE_DOT_FILES (1 << 9) +#define KSMBD_SHARE_FLAG_INHERIT_SMACK (1 << 10) +#define KSMBD_SHARE_FLAG_INHERIT_OWNER (1 << 11) +#define KSMBD_SHARE_FLAG_STREAMS (1 << 12) +#define KSMBD_SHARE_FLAG_FOLLOW_SYMLINKS (1 << 13) +#define KSMBD_SHARE_FLAG_ACL_XATTR (1 << 14) + +/* + * Tree connect request flags. + */ +#define KSMBD_TREE_CONN_FLAG_REQUEST_SMB1 (0) +#define KSMBD_TREE_CONN_FLAG_REQUEST_IPV6 (1 << 0) +#define KSMBD_TREE_CONN_FLAG_REQUEST_SMB2 (1 << 1) + +/* + * Tree connect flags. + */ +#define KSMBD_TREE_CONN_FLAG_GUEST_ACCOUNT (1 << 0) +#define KSMBD_TREE_CONN_FLAG_READ_ONLY (1 << 1) +#define KSMBD_TREE_CONN_FLAG_WRITABLE (1 << 2) +#define KSMBD_TREE_CONN_FLAG_ADMIN_ACCOUNT (1 << 3) + +/* + * RPC over IPC. + */ +#define KSMBD_RPC_METHOD_RETURN (1 << 0) +#define KSMBD_RPC_SRVSVC_METHOD_INVOKE (1 << 1) +#define KSMBD_RPC_SRVSVC_METHOD_RETURN ((1 << 1) | KSMBD_RPC_METHOD_RETURN) +#define KSMBD_RPC_WKSSVC_METHOD_INVOKE (1 << 2) +#define KSMBD_RPC_WKSSVC_METHOD_RETURN ((1 << 2) | KSMBD_RPC_METHOD_RETURN) +#define KSMBD_RPC_IOCTL_METHOD ((1 << 3) | KSMBD_RPC_METHOD_RETURN) +#define KSMBD_RPC_OPEN_METHOD (1 << 4) +#define KSMBD_RPC_WRITE_METHOD (1 << 5) +#define KSMBD_RPC_READ_METHOD ((1 << 6) | KSMBD_RPC_METHOD_RETURN) +#define KSMBD_RPC_CLOSE_METHOD (1 << 7) +#define KSMBD_RPC_RAP_METHOD ((1 << 8) | KSMBD_RPC_METHOD_RETURN) +#define KSMBD_RPC_RESTRICTED_CONTEXT (1 << 9) +#define KSMBD_RPC_SAMR_METHOD_INVOKE (1 << 10) +#define KSMBD_RPC_SAMR_METHOD_RETURN ((1 << 10) | KSMBD_RPC_METHOD_RETURN) +#define KSMBD_RPC_LSARPC_METHOD_INVOKE (1 << 11) +#define KSMBD_RPC_LSARPC_METHOD_RETURN ((1 << 11) | KSMBD_RPC_METHOD_RETURN) + +#define KSMBD_RPC_OK 0 +#define KSMBD_RPC_EBAD_FUNC 0x00000001 +#define KSMBD_RPC_EACCESS_DENIED 0x00000005 +#define KSMBD_RPC_EBAD_FID 0x00000006 +#define KSMBD_RPC_ENOMEM 0x00000008 +#define KSMBD_RPC_EBAD_DATA 0x0000000D +#define KSMBD_RPC_ENOTIMPLEMENTED 0x00000040 +#define KSMBD_RPC_EINVALID_PARAMETER 0x00000057 +#define KSMBD_RPC_EMORE_DATA 0x000000EA +#define KSMBD_RPC_EINVALID_LEVEL 0x0000007C +#define KSMBD_RPC_SOME_NOT_MAPPED 0x00000107 + +#define KSMBD_CONFIG_OPT_DISABLED 0 +#define KSMBD_CONFIG_OPT_ENABLED 1 +#define KSMBD_CONFIG_OPT_AUTO 2 +#define KSMBD_CONFIG_OPT_MANDATORY 3 + +#endif /* _LINUX_KSMBD_SERVER_H */ diff --git a/fs/cifsd/ksmbd_work.c b/fs/cifsd/ksmbd_work.c new file mode 100644 index 000000000000..8cd5dff0762d --- /dev/null +++ b/fs/cifsd/ksmbd_work.c @@ -0,0 +1,93 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2019 Samsung Electronics Co., Ltd. + */ + +#include <linux/list.h> +#include <linux/mm.h> +#include <linux/slab.h> +#include <linux/workqueue.h> + +#include "server.h" +#include "connection.h" +#include "ksmbd_work.h" +#include "buffer_pool.h" +#include "mgmt/ksmbd_ida.h" + +/* @FIXME */ +#include "ksmbd_server.h" + +static struct kmem_cache *work_cache; +static struct workqueue_struct *ksmbd_wq; + +struct ksmbd_work *ksmbd_alloc_work_struct(void) +{ + struct ksmbd_work *work = kmem_cache_zalloc(work_cache, GFP_KERNEL); + + if (work) { + work->compound_fid = KSMBD_NO_FID; + work->compound_pfid = KSMBD_NO_FID; + INIT_LIST_HEAD(&work->request_entry); + INIT_LIST_HEAD(&work->async_request_entry); + INIT_LIST_HEAD(&work->fp_entry); + INIT_LIST_HEAD(&work->interim_entry); + } + return work; +} + +void ksmbd_free_work_struct(struct ksmbd_work *work) +{ + WARN_ON(work->saved_cred != NULL); + if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_TBUF && + work->set_trans_buf) + ksmbd_release_buffer(RESPONSE_BUF(work)); + else + ksmbd_free_response(RESPONSE_BUF(work)); + + if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_RBUF && + work->set_read_buf) + ksmbd_release_buffer(AUX_PAYLOAD(work)); + else + ksmbd_free_response(AUX_PAYLOAD(work)); + + ksmbd_free_response(TRANSFORM_BUF(work)); + ksmbd_free_request(REQUEST_BUF(work)); + if (work->async_id) + ksmbd_release_id(work->conn->async_ida, work->async_id); + kmem_cache_free(work_cache, work); +} + +void ksmbd_work_pool_destroy(void) +{ + kmem_cache_destroy(work_cache); +} + +int ksmbd_work_pool_init(void) +{ + work_cache = kmem_cache_create("ksmbd_work_cache", + sizeof(struct ksmbd_work), 0, + SLAB_HWCACHE_ALIGN, NULL); + if (!work_cache) + return -ENOMEM; + return 0; +} + +int ksmbd_workqueue_init(void) +{ + ksmbd_wq = alloc_workqueue("ksmbd-io", 0, 0); + if (!ksmbd_wq) + return -ENOMEM; + return 0; +} + +void ksmbd_workqueue_destroy(void) +{ + flush_workqueue(ksmbd_wq); + destroy_workqueue(ksmbd_wq); + ksmbd_wq = NULL; +} + +bool ksmbd_queue_work(struct ksmbd_work *work) +{ + return queue_work(ksmbd_wq, &work->work); +} diff --git a/fs/cifsd/ksmbd_work.h b/fs/cifsd/ksmbd_work.h new file mode 100644 index 000000000000..405434d4c8ab --- /dev/null +++ b/fs/cifsd/ksmbd_work.h @@ -0,0 +1,124 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2019 Samsung Electronics Co., Ltd. + */ + +#ifndef __KSMBD_WORK_H__ +#define __KSMBD_WORK_H__ + +#include <linux/ctype.h> +#include <linux/workqueue.h> + +struct ksmbd_conn; +struct ksmbd_session; +struct ksmbd_tree_connect; + +enum { + KSMBD_WORK_ACTIVE = 0, + KSMBD_WORK_CANCELLED, + KSMBD_WORK_CLOSED, +}; + +/* one of these for every pending CIFS request at the connection */ +struct ksmbd_work { + /* Server corresponding to this mid */ + struct ksmbd_conn *conn; + struct ksmbd_session *sess; + struct ksmbd_tree_connect *tcon; + + /* Pointer to received SMB header */ + char *request_buf; + /* Response buffer */ + char *response_buf; + + /* Read data buffer */ + char *aux_payload_buf; + + /* Next cmd hdr in compound req buf*/ + int next_smb2_rcv_hdr_off; + /* Next cmd hdr in compound rsp buf*/ + int next_smb2_rsp_hdr_off; + + /* + * Current Local FID assigned compound response if SMB2 CREATE + * command is present in compound request + */ + unsigned int compound_fid; + unsigned int compound_pfid; + unsigned int compound_sid; + + const struct cred *saved_cred; + + /* Number of granted credits */ + unsigned int credits_granted; + + /* response smb header size */ + unsigned int resp_hdr_sz; + unsigned int response_sz; + /* Read data count */ + unsigned int aux_payload_sz; + + void *tr_buf; + + unsigned char state; + /* Multiple responses for one request e.g. SMB ECHO */ + bool multiRsp:1; + /* No response for cancelled request */ + bool send_no_response:1; + /* Request is encrypted */ + bool encrypted:1; + /* Is this SYNC or ASYNC ksmbd_work */ + bool syncronous:1; + bool need_invalidate_rkey:1; + bool set_trans_buf:1; + bool set_read_buf:1; + + unsigned int remote_key; + /* cancel works */ + int async_id; + void **cancel_argv; + void (*cancel_fn)(void **argv); + + struct work_struct work; + /* List head at conn->requests */ + struct list_head request_entry; + /* List head at conn->async_requests */ + struct list_head async_request_entry; + struct list_head fp_entry; + struct list_head interim_entry; +}; + +#define WORK_CANCELLED(w) ((w)->state == KSMBD_WORK_CANCELLED) +#define WORK_CLOSED(w) ((w)->state == KSMBD_WORK_CLOSED) +#define WORK_ACTIVE(w) ((w)->state == KSMBD_WORK_ACTIVE) + +#define RESPONSE_BUF(w) ((void *)(w)->response_buf) +#define REQUEST_BUF(w) ((void *)(w)->request_buf) + +#define RESPONSE_BUF_NEXT(w) \ + ((void *)((w)->response_buf + (w)->next_smb2_rsp_hdr_off)) +#define REQUEST_BUF_NEXT(w) \ + ((void *)((w)->request_buf + (w)->next_smb2_rcv_hdr_off)) + +#define RESPONSE_SZ(w) ((w)->response_sz) + +#define INIT_AUX_PAYLOAD(w) ((w)->aux_payload_buf = NULL) +#define HAS_AUX_PAYLOAD(w) ((w)->aux_payload_sz != 0) +#define AUX_PAYLOAD(w) ((void *)((w)->aux_payload_buf)) +#define AUX_PAYLOAD_SIZE(w) ((w)->aux_payload_sz) +#define RESP_HDR_SIZE(w) ((w)->resp_hdr_sz) + +#define HAS_TRANSFORM_BUF(w) ((w)->tr_buf != NULL) +#define TRANSFORM_BUF(w) ((void *)((w)->tr_buf)) + +struct ksmbd_work *ksmbd_alloc_work_struct(void); +void ksmbd_free_work_struct(struct ksmbd_work *work); + +void ksmbd_work_pool_destroy(void); +int ksmbd_work_pool_init(void); + +int ksmbd_workqueue_init(void); +void ksmbd_workqueue_destroy(void); +bool ksmbd_queue_work(struct ksmbd_work *work); + +#endif /* __KSMBD_WORK_H__ */ diff --git a/fs/cifsd/server.c b/fs/cifsd/server.c new file mode 100644 index 000000000000..b9e114f8a5d2 --- /dev/null +++ b/fs/cifsd/server.c @@ -0,0 +1,635 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2016 Namjae Jeon linkinjeon@kernel.org + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#include "glob.h" +#include "oplock.h" +#include "misc.h" +#include <linux/sched/signal.h> +#include <linux/workqueue.h> +#include <linux/sysfs.h> +#include <linux/module.h> +#include <linux/moduleparam.h> + +#include "server.h" +#include "smb_common.h" +#include "smbstatus.h" +#include "buffer_pool.h" +#include "connection.h" +#include "transport_ipc.h" +#include "mgmt/user_session.h" +#include "crypto_ctx.h" +#include "auth.h" + +int ksmbd_debug_types; + +struct ksmbd_server_config server_conf; + +enum SERVER_CTRL_TYPE { + SERVER_CTRL_TYPE_INIT, + SERVER_CTRL_TYPE_RESET, +}; + +struct server_ctrl_struct { + int type; + struct work_struct ctrl_work; +}; + +static DEFINE_MUTEX(ctrl_lock); + +static int ___server_conf_set(int idx, char *val) +{ + if (idx >= ARRAY_SIZE(server_conf.conf)) + return -EINVAL; + + if (!val || val[0] == 0x00) + return -EINVAL; + + kfree(server_conf.conf[idx]); + server_conf.conf[idx] = kstrdup(val, GFP_KERNEL); + if (!server_conf.conf[idx]) + return -ENOMEM; + return 0; +} + +int ksmbd_set_netbios_name(char *v) +{ + return ___server_conf_set(SERVER_CONF_NETBIOS_NAME, v); +} + +int ksmbd_set_server_string(char *v) +{ + return ___server_conf_set(SERVER_CONF_SERVER_STRING, v); +} + +int ksmbd_set_work_group(char *v) +{ + return ___server_conf_set(SERVER_CONF_WORK_GROUP, v); +} + +char *ksmbd_netbios_name(void) +{ + return server_conf.conf[SERVER_CONF_NETBIOS_NAME]; +} + +char *ksmbd_server_string(void) +{ + return server_conf.conf[SERVER_CONF_SERVER_STRING]; +} + +char *ksmbd_work_group(void) +{ + return server_conf.conf[SERVER_CONF_WORK_GROUP]; +} + +/** + * check_conn_state() - check state of server thread connection + * @ksmbd_work: smb work containing server thread information + * + * Return: 0 on valid connection, otherwise 1 to reconnect + */ +static inline int check_conn_state(struct ksmbd_work *work) +{ + struct smb_hdr *rsp_hdr; + + if (ksmbd_conn_exiting(work) || ksmbd_conn_need_reconnect(work)) { + rsp_hdr = RESPONSE_BUF(work); + rsp_hdr->Status.CifsError = STATUS_CONNECTION_DISCONNECTED; + return 1; + } + return 0; +} + +/* @FIXME what a mess... god help. */ + +#define TCP_HANDLER_CONTINUE 0 +#define TCP_HANDLER_ABORT 1 + +static int __process_request(struct ksmbd_work *work, + struct ksmbd_conn *conn, + uint16_t *cmd) +{ + struct smb_version_cmds *cmds; + uint16_t command; + int ret; + + if (check_conn_state(work)) + return TCP_HANDLER_CONTINUE; + + if (ksmbd_verify_smb_message(work)) + return TCP_HANDLER_ABORT; + + command = conn->ops->get_cmd_val(work); + *cmd = command; + +andx_again: + if (command >= conn->max_cmds) { + conn->ops->set_rsp_status(work, STATUS_INVALID_PARAMETER); + return TCP_HANDLER_CONTINUE; + } + + cmds = &conn->cmds[command]; + if (!cmds->proc) { + ksmbd_debug(SMB, "*** not implemented yet cmd = %x\n", command); + conn->ops->set_rsp_status(work, STATUS_NOT_IMPLEMENTED); + return TCP_HANDLER_CONTINUE; + } + + if (work->sess && conn->ops->is_sign_req(work, command)) { + ret = conn->ops->check_sign_req(work); + if (!ret) { + conn->ops->set_rsp_status(work, STATUS_ACCESS_DENIED); + return TCP_HANDLER_CONTINUE; + } + } + + ret = cmds->proc(work); + + if (ret < 0) + ksmbd_debug(CONN, "Failed to process %u [%d]\n", command, ret); + /* AndX commands - chained request can return positive values */ + else if (ret > 0) { + command = ret; + *cmd = command; + goto andx_again; + } + + if (work->send_no_response) + return TCP_HANDLER_ABORT; + return TCP_HANDLER_CONTINUE; +} + +static void __handle_ksmbd_work(struct ksmbd_work *work, + struct ksmbd_conn *conn) +{ + uint16_t command = 0; + int rc; + + if (conn->ops->allocate_rsp_buf(work)) + return; + + if (conn->ops->is_transform_hdr && + conn->ops->is_transform_hdr(REQUEST_BUF(work))) { + rc = conn->ops->decrypt_req(work); + if (rc < 0) { + conn->ops->set_rsp_status(work, STATUS_DATA_ERROR); + goto send; + } + + work->encrypted = true; + } + + rc = conn->ops->init_rsp_hdr(work); + if (rc) { + /* either uid or tid is not correct */ + conn->ops->set_rsp_status(work, STATUS_INVALID_HANDLE); + goto send; + } + + if (conn->ops->check_user_session) { + rc = conn->ops->check_user_session(work); + if (rc < 0) { + command = conn->ops->get_cmd_val(work); + conn->ops->set_rsp_status(work, + STATUS_USER_SESSION_DELETED); + goto send; + } else if (rc > 0) { + rc = conn->ops->get_ksmbd_tcon(work); + if (rc < 0) { + conn->ops->set_rsp_status(work, + STATUS_NETWORK_NAME_DELETED); + goto send; + } + } + } + + do { + rc = __process_request(work, conn, &command); + if (rc == TCP_HANDLER_ABORT) + break; + + /* + * Call smb2_set_rsp_credits() function to set number of credits + * granted in hdr of smb2 response. + */ + if (conn->ops->set_rsp_credits) { + spin_lock(&conn->credits_lock); + rc = conn->ops->set_rsp_credits(work); + spin_unlock(&conn->credits_lock); + if (rc < 0) { + conn->ops->set_rsp_status(work, + STATUS_INVALID_PARAMETER); + goto send; + } + } + + if (work->sess && (work->sess->sign || + smb3_11_final_sess_setup_resp(work) || + conn->ops->is_sign_req(work, command))) + conn->ops->set_sign_rsp(work); + } while (is_chained_smb2_message(work)); + + if (work->send_no_response) + return; + +send: + smb3_preauth_hash_rsp(work); + if (work->sess && work->sess->enc && work->encrypted && + conn->ops->encrypt_resp) { + rc = conn->ops->encrypt_resp(work); + if (rc < 0) { + conn->ops->set_rsp_status(work, STATUS_DATA_ERROR); + goto send; + } + } + + ksmbd_conn_write(work); +} + +/** + * handle_ksmbd_work() - process pending smb work requests + * @ksmbd_work: smb work containing request command buffer + * + * called by kworker threads to processing remaining smb work requests + */ +static void handle_ksmbd_work(struct work_struct *wk) +{ + struct ksmbd_work *work = container_of(wk, struct ksmbd_work, work); + struct ksmbd_conn *conn = work->conn; + + atomic64_inc(&conn->stats.request_served); + + __handle_ksmbd_work(work, conn); + + ksmbd_conn_try_dequeue_request(work); + ksmbd_free_work_struct(work); + atomic_dec(&conn->r_count); +} + +/** + * queue_ksmbd_work() - queue a smb request to worker thread queue + * for proccessing smb command and sending response + * @conn: connection instance + * + * read remaining data from socket create and submit work. + */ +static int queue_ksmbd_work(struct ksmbd_conn *conn) +{ + struct ksmbd_work *work; + + work = ksmbd_alloc_work_struct(); + if (!work) { + ksmbd_err("allocation for work failed\n"); + return -ENOMEM; + } + + work->conn = conn; + work->request_buf = conn->request_buf; + conn->request_buf = NULL; + + if (ksmbd_init_smb_server(work)) { + ksmbd_free_work_struct(work); + return -EINVAL; + } + + ksmbd_conn_enqueue_request(work); + atomic_inc(&conn->r_count); + /* update activity on connection */ + conn->last_active = jiffies; + INIT_WORK(&work->work, handle_ksmbd_work); + ksmbd_queue_work(work); + return 0; +} + +static int ksmbd_server_process_request(struct ksmbd_conn *conn) +{ + return queue_ksmbd_work(conn); +} + +static int ksmbd_server_terminate_conn(struct ksmbd_conn *conn) +{ + ksmbd_sessions_deregister(conn); + destroy_lease_table(conn); + return 0; +} + +static void ksmbd_server_tcp_callbacks_init(void) +{ + struct ksmbd_conn_ops ops; + + ops.process_fn = ksmbd_server_process_request; + ops.terminate_fn = ksmbd_server_terminate_conn; + + ksmbd_conn_init_server_callbacks(&ops); +} + +static void server_conf_free(void) +{ + int i; + + for (i = 0; i < ARRAY_SIZE(server_conf.conf); i++) { + kfree(server_conf.conf[i]); + server_conf.conf[i] = NULL; + } +} + +static int server_conf_init(void) +{ + WRITE_ONCE(server_conf.state, SERVER_STATE_STARTING_UP); + server_conf.enforced_signing = 0; + server_conf.min_protocol = ksmbd_min_protocol(); + server_conf.max_protocol = ksmbd_max_protocol(); + server_conf.auth_mechs = KSMBD_AUTH_NTLMSSP; +#ifdef CONFIG_SMB_SERVER_KERBEROS5 + server_conf.auth_mechs |= KSMBD_AUTH_KRB5 | + KSMBD_AUTH_MSKRB5; +#endif + return 0; +} + +static void server_ctrl_handle_init(struct server_ctrl_struct *ctrl) +{ + int ret; + + ret = ksmbd_conn_transport_init(); + if (ret) { + server_queue_ctrl_reset_work(); + return; + } + + WRITE_ONCE(server_conf.state, SERVER_STATE_RUNNING); +} + +static void server_ctrl_handle_reset(struct server_ctrl_struct *ctrl) +{ + ksmbd_ipc_soft_reset(); + ksmbd_conn_transport_destroy(); + server_conf_free(); + server_conf_init(); + WRITE_ONCE(server_conf.state, SERVER_STATE_STARTING_UP); +} + +static void server_ctrl_handle_work(struct work_struct *work) +{ + struct server_ctrl_struct *ctrl; + + ctrl = container_of(work, struct server_ctrl_struct, ctrl_work); + + mutex_lock(&ctrl_lock); + switch (ctrl->type) { + case SERVER_CTRL_TYPE_INIT: + server_ctrl_handle_init(ctrl); + break; + case SERVER_CTRL_TYPE_RESET: + server_ctrl_handle_reset(ctrl); + break; + default: + pr_err("Unknown server work type: %d\n", ctrl->type); + } + mutex_unlock(&ctrl_lock); + kfree(ctrl); + module_put(THIS_MODULE); +} + +static int __queue_ctrl_work(int type) +{ + struct server_ctrl_struct *ctrl; + + ctrl = kmalloc(sizeof(struct server_ctrl_struct), GFP_KERNEL); + if (!ctrl) + return -ENOMEM; + + __module_get(THIS_MODULE); + ctrl->type = type; + INIT_WORK(&ctrl->ctrl_work, server_ctrl_handle_work); + queue_work(system_long_wq, &ctrl->ctrl_work); + return 0; +} + +int server_queue_ctrl_init_work(void) +{ + return __queue_ctrl_work(SERVER_CTRL_TYPE_INIT); +} + +int server_queue_ctrl_reset_work(void) +{ + return __queue_ctrl_work(SERVER_CTRL_TYPE_RESET); +} + +static ssize_t stats_show(struct class *class, + struct class_attribute *attr, + char *buf) +{ + /* + * Inc this each time you change stats output format, + * so user space will know what to do. + */ + static int stats_version = 2; + static const char * const state[] = { + "startup", + "running", + "reset", + "shutdown" + }; + + ssize_t sz = scnprintf(buf, + PAGE_SIZE, + "%d %s %d %lu\n", + stats_version, + state[server_conf.state], + server_conf.tcp_port, + server_conf.ipc_last_active / HZ); + return sz; +} + +static ssize_t kill_server_store(struct class *class, + struct class_attribute *attr, + const char *buf, + size_t len) +{ + if (!sysfs_streq(buf, "hard")) + return len; + + ksmbd_info("kill command received\n"); + mutex_lock(&ctrl_lock); + WRITE_ONCE(server_conf.state, SERVER_STATE_RESETTING); + __module_get(THIS_MODULE); + server_ctrl_handle_reset(NULL); + module_put(THIS_MODULE); + mutex_unlock(&ctrl_lock); + return len; +} + +static const char * const debug_type_strings[] = {"smb", "auth", "vfs", + "oplock", "ipc", "conn", + "rdma"}; + +static ssize_t debug_show(struct class *class, + struct class_attribute *attr, + char *buf) +{ + ssize_t sz = 0; + int i, pos = 0; + + for (i = 0; i < ARRAY_SIZE(debug_type_strings); i++) { + if ((ksmbd_debug_types >> i) & 1) { + pos = scnprintf(buf + sz, + PAGE_SIZE - sz, + "[%s] ", + debug_type_strings[i]); + } else { + pos = scnprintf(buf + sz, + PAGE_SIZE - sz, + "%s ", + debug_type_strings[i]); + } + sz += pos; + + } + sz += scnprintf(buf + sz, PAGE_SIZE - sz, "\n"); + return sz; +} + +static ssize_t debug_store(struct class *class, + struct class_attribute *attr, + const char *buf, + size_t len) +{ + int i; + + for (i = 0; i < ARRAY_SIZE(debug_type_strings); i++) { + if (sysfs_streq(buf, "all")) { + if (ksmbd_debug_types == KSMBD_DEBUG_ALL) + ksmbd_debug_types = 0; + else + ksmbd_debug_types = KSMBD_DEBUG_ALL; + break; + } + + if (sysfs_streq(buf, debug_type_strings[i])) { + if (ksmbd_debug_types & (1 << i)) + ksmbd_debug_types &= ~(1 << i); + else + ksmbd_debug_types |= (1 << i); + break; + } + } + + return len; +} + +static CLASS_ATTR_RO(stats); +static CLASS_ATTR_WO(kill_server); +static CLASS_ATTR_RW(debug); + +static struct attribute *ksmbd_control_class_attrs[] = { + &class_attr_stats.attr, + &class_attr_kill_server.attr, + &class_attr_debug.attr, + NULL, +}; +ATTRIBUTE_GROUPS(ksmbd_control_class); + +static struct class ksmbd_control_class = { + .name = "ksmbd-control", + .owner = THIS_MODULE, + .class_groups = ksmbd_control_class_groups, +}; + +static int ksmbd_server_shutdown(void) +{ + WRITE_ONCE(server_conf.state, SERVER_STATE_SHUTTING_DOWN); + + class_unregister(&ksmbd_control_class); + ksmbd_workqueue_destroy(); + ksmbd_ipc_release(); + ksmbd_conn_transport_destroy(); + ksmbd_free_session_table(); + ksmbd_crypto_destroy(); + ksmbd_free_global_file_table(); + destroy_lease_table(NULL); + ksmbd_destroy_buffer_pools(); + server_conf_free(); + return 0; +} + +static int __init ksmbd_server_init(void) +{ + int ret; + + ret = class_register(&ksmbd_control_class); + if (ret) { + ksmbd_err("Unable to register ksmbd-control class\n"); + return ret; + } + + ksmbd_server_tcp_callbacks_init(); + + ret = server_conf_init(); + if (ret) + return ret; + + ret = ksmbd_init_buffer_pools(); + if (ret) + return ret; + + ret = ksmbd_init_session_table(); + if (ret) + goto error; + + ret = ksmbd_ipc_init(); + if (ret) + goto error; + + ret = ksmbd_init_global_file_table(); + if (ret) + goto error; + + ret = ksmbd_inode_hash_init(); + if (ret) + goto error; + + ret = ksmbd_crypto_create(); + if (ret) + goto error; + + ret = ksmbd_workqueue_init(); + if (ret) + goto error; + return 0; + +error: + ksmbd_server_shutdown(); + return ret; +} + +/** + * exit_smb_server() - shutdown forker thread and free memory at module exit + */ +static void __exit ksmbd_server_exit(void) +{ + ksmbd_server_shutdown(); + ksmbd_release_inode_hash(); +} + +MODULE_AUTHOR("Namjae Jeon linkinjeon@kernel.org"); +MODULE_VERSION(KSMBD_VERSION); +MODULE_DESCRIPTION("Linux kernel CIFS/SMB SERVER"); +MODULE_LICENSE("GPL"); +MODULE_SOFTDEP("pre: arc4"); +MODULE_SOFTDEP("pre: ecb"); +MODULE_SOFTDEP("pre: hmac"); +MODULE_SOFTDEP("pre: md4"); +MODULE_SOFTDEP("pre: md5"); +MODULE_SOFTDEP("pre: nls"); +MODULE_SOFTDEP("pre: aes"); +MODULE_SOFTDEP("pre: cmac"); +MODULE_SOFTDEP("pre: sha256"); +MODULE_SOFTDEP("pre: sha512"); +MODULE_SOFTDEP("pre: aead2"); +MODULE_SOFTDEP("pre: ccm"); +MODULE_SOFTDEP("pre: gcm"); +module_init(ksmbd_server_init) +module_exit(ksmbd_server_exit) diff --git a/fs/cifsd/server.h b/fs/cifsd/server.h new file mode 100644 index 000000000000..7b2f6318fcff --- /dev/null +++ b/fs/cifsd/server.h @@ -0,0 +1,62 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#ifndef __SERVER_H__ +#define __SERVER_H__ + +#include "smbacl.h" + +#define SERVER_STATE_STARTING_UP 0 +#define SERVER_STATE_RUNNING 1 +#define SERVER_STATE_RESETTING 2 +#define SERVER_STATE_SHUTTING_DOWN 3 + +#define SERVER_CONF_NETBIOS_NAME 0 +#define SERVER_CONF_SERVER_STRING 1 +#define SERVER_CONF_WORK_GROUP 2 + +extern int ksmbd_debugging; + +struct ksmbd_server_config { + unsigned int flags; + unsigned int state; + short signing; + short enforced_signing; + short min_protocol; + short max_protocol; + unsigned short tcp_port; + unsigned short ipc_timeout; + unsigned long ipc_last_active; + unsigned long deadtime; + unsigned int share_fake_fscaps; + struct smb_sid domain_sid; + unsigned int auth_mechs; + + char *conf[SERVER_CONF_WORK_GROUP + 1]; +}; + +extern struct ksmbd_server_config server_conf; + +int ksmbd_set_netbios_name(char *v); +int ksmbd_set_server_string(char *v); +int ksmbd_set_work_group(char *v); + +char *ksmbd_netbios_name(void); +char *ksmbd_server_string(void); +char *ksmbd_work_group(void); + +static inline int ksmbd_server_running(void) +{ + return READ_ONCE(server_conf.state) == SERVER_STATE_RUNNING; +} + +static inline int ksmbd_server_configurable(void) +{ + return READ_ONCE(server_conf.state) < SERVER_STATE_RESETTING; +} + +int server_queue_ctrl_init_work(void); +int server_queue_ctrl_reset_work(void); +#endif /* __SERVER_H__ */ diff --git a/fs/cifsd/transport_ipc.c b/fs/cifsd/transport_ipc.c new file mode 100644 index 000000000000..b91fa265f85d --- /dev/null +++ b/fs/cifsd/transport_ipc.c @@ -0,0 +1,900 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#include <linux/jhash.h> +#include <linux/slab.h> +#include <linux/rwsem.h> +#include <linux/mutex.h> +#include <linux/wait.h> +#include <linux/hashtable.h> +#include <net/net_namespace.h> +#include <net/genetlink.h> +#include <linux/socket.h> +#include <linux/workqueue.h> + +#include "vfs_cache.h" +#include "transport_ipc.h" +#include "buffer_pool.h" +#include "server.h" +#include "smb_common.h" + +#include "mgmt/user_config.h" +#include "mgmt/share_config.h" +#include "mgmt/user_session.h" +#include "mgmt/tree_connect.h" +#include "mgmt/ksmbd_ida.h" +#include "connection.h" +#include "transport_tcp.h" + +/* @FIXME fix this code */ +extern int get_protocol_idx(char *str); + +#define IPC_WAIT_TIMEOUT (2 * HZ) + +#define IPC_MSG_HASH_BITS 3 +static DEFINE_HASHTABLE(ipc_msg_table, IPC_MSG_HASH_BITS); +static DECLARE_RWSEM(ipc_msg_table_lock); +static DEFINE_MUTEX(startup_lock); + +static struct ksmbd_ida *ida; + +static unsigned int ksmbd_tools_pid; + +#define KSMBD_IPC_MSG_HANDLE(m) (*(unsigned int *)m) + +static bool ksmbd_ipc_validate_version(struct genl_info *m) +{ + if (m->genlhdr->version != KSMBD_GENL_VERSION) { + ksmbd_err("%s. ksmbd: %d, kernel module: %d. %s.\n", + "Daemon and kernel module version mismatch", + m->genlhdr->version, + KSMBD_GENL_VERSION, + "User-space ksmbd should terminate"); + return false; + } + return true; +} + +struct ksmbd_ipc_msg { + unsigned int type; + unsigned int sz; + unsigned char ____payload[0]; +}; + +#define KSMBD_IPC_MSG_PAYLOAD(m) \ + ((void *)(((struct ksmbd_ipc_msg *)(m))->____payload)) + +struct ipc_msg_table_entry { + unsigned int handle; + unsigned int type; + wait_queue_head_t wait; + struct hlist_node ipc_table_hlist; + + void *response; +}; + +static struct delayed_work ipc_timer_work; + +static int handle_startup_event(struct sk_buff *skb, struct genl_info *info); +static int handle_unsupported_event(struct sk_buff *skb, + struct genl_info *info); +static int handle_generic_event(struct sk_buff *skb, struct genl_info *info); +static int ksmbd_ipc_heartbeat_request(void); + +static const struct nla_policy ksmbd_nl_policy[KSMBD_EVENT_MAX] = { + [KSMBD_EVENT_UNSPEC] = { + .len = 0, + }, + [KSMBD_EVENT_HEARTBEAT_REQUEST] = { + .len = sizeof(struct ksmbd_heartbeat), + }, + [KSMBD_EVENT_STARTING_UP] = { + .len = sizeof(struct ksmbd_startup_request), + }, + [KSMBD_EVENT_SHUTTING_DOWN] = { + .len = sizeof(struct ksmbd_shutdown_request), + }, + [KSMBD_EVENT_LOGIN_REQUEST] = { + .len = sizeof(struct ksmbd_login_request), + }, + [KSMBD_EVENT_LOGIN_RESPONSE] = { + .len = sizeof(struct ksmbd_login_response), + }, + [KSMBD_EVENT_SHARE_CONFIG_REQUEST] = { + .len = sizeof(struct ksmbd_share_config_request), + }, + [KSMBD_EVENT_SHARE_CONFIG_RESPONSE] = { + .len = sizeof(struct ksmbd_share_config_response), + }, + [KSMBD_EVENT_TREE_CONNECT_REQUEST] = { + .len = sizeof(struct ksmbd_tree_connect_request), + }, + [KSMBD_EVENT_TREE_CONNECT_RESPONSE] = { + .len = sizeof(struct ksmbd_tree_connect_response), + }, + [KSMBD_EVENT_TREE_DISCONNECT_REQUEST] = { + .len = sizeof(struct ksmbd_tree_disconnect_request), + }, + [KSMBD_EVENT_LOGOUT_REQUEST] = { + .len = sizeof(struct ksmbd_logout_request), + }, + [KSMBD_EVENT_RPC_REQUEST] = { + }, + [KSMBD_EVENT_RPC_RESPONSE] = { + }, + [KSMBD_EVENT_SPNEGO_AUTHEN_REQUEST] = { + }, + [KSMBD_EVENT_SPNEGO_AUTHEN_RESPONSE] = { + }, +}; + +static struct genl_ops ksmbd_genl_ops[] = { + { + .cmd = KSMBD_EVENT_UNSPEC, + .doit = handle_unsupported_event, + }, + { + .cmd = KSMBD_EVENT_HEARTBEAT_REQUEST, + .doit = handle_unsupported_event, + }, + { + .cmd = KSMBD_EVENT_STARTING_UP, + .doit = handle_startup_event, + }, + { + .cmd = KSMBD_EVENT_SHUTTING_DOWN, + .doit = handle_unsupported_event, + }, + { + .cmd = KSMBD_EVENT_LOGIN_REQUEST, + .doit = handle_unsupported_event, + }, + { + .cmd = KSMBD_EVENT_LOGIN_RESPONSE, + .doit = handle_generic_event, + }, + { + .cmd = KSMBD_EVENT_SHARE_CONFIG_REQUEST, + .doit = handle_unsupported_event, + }, + { + .cmd = KSMBD_EVENT_SHARE_CONFIG_RESPONSE, + .doit = handle_generic_event, + }, + { + .cmd = KSMBD_EVENT_TREE_CONNECT_REQUEST, + .doit = handle_unsupported_event, + }, + { + .cmd = KSMBD_EVENT_TREE_CONNECT_RESPONSE, + .doit = handle_generic_event, + }, + { + .cmd = KSMBD_EVENT_TREE_DISCONNECT_REQUEST, + .doit = handle_unsupported_event, + }, + { + .cmd = KSMBD_EVENT_LOGOUT_REQUEST, + .doit = handle_unsupported_event, + }, + { + .cmd = KSMBD_EVENT_RPC_REQUEST, + .doit = handle_unsupported_event, + }, + { + .cmd = KSMBD_EVENT_RPC_RESPONSE, + .doit = handle_generic_event, + }, + { + .cmd = KSMBD_EVENT_SPNEGO_AUTHEN_REQUEST, + .doit = handle_unsupported_event, + }, + { + .cmd = KSMBD_EVENT_SPNEGO_AUTHEN_RESPONSE, + .doit = handle_generic_event, + }, +}; + +static struct genl_family ksmbd_genl_family = { + .name = KSMBD_GENL_NAME, + .version = KSMBD_GENL_VERSION, + .hdrsize = 0, + .maxattr = KSMBD_EVENT_MAX, + .netnsok = true, + .module = THIS_MODULE, + .ops = ksmbd_genl_ops, + .n_ops = ARRAY_SIZE(ksmbd_genl_ops), +}; + +static void ksmbd_nl_init_fixup(void) +{ + int i; + + for (i = 0; i < ARRAY_SIZE(ksmbd_genl_ops); i++) + ksmbd_genl_ops[i].validate = GENL_DONT_VALIDATE_STRICT | + GENL_DONT_VALIDATE_DUMP; + + ksmbd_genl_family.policy = ksmbd_nl_policy; +} + +static int rpc_context_flags(struct ksmbd_session *sess) +{ + if (user_guest(sess->user)) + return KSMBD_RPC_RESTRICTED_CONTEXT; + return 0; +} + +static void ipc_update_last_active(void) +{ + if (server_conf.ipc_timeout) + server_conf.ipc_last_active = jiffies; +} + +static struct ksmbd_ipc_msg *ipc_msg_alloc(size_t sz) +{ + struct ksmbd_ipc_msg *msg; + size_t msg_sz = sz + sizeof(struct ksmbd_ipc_msg); + + msg = ksmbd_alloc(msg_sz); + if (msg) + msg->sz = sz; + return msg; +} + +static void ipc_msg_free(struct ksmbd_ipc_msg *msg) +{ + ksmbd_free(msg); +} + +static void ipc_msg_handle_free(int handle) +{ + if (handle >= 0) + ksmbd_release_id(ida, handle); +} + +static int handle_response(int type, void *payload, size_t sz) +{ + int handle = KSMBD_IPC_MSG_HANDLE(payload); + struct ipc_msg_table_entry *entry; + int ret = 0; + + ipc_update_last_active(); + down_read(&ipc_msg_table_lock); + hash_for_each_possible(ipc_msg_table, entry, ipc_table_hlist, handle) { + if (handle != entry->handle) + continue; + + entry->response = NULL; + /* + * Response message type value should be equal to + * request message type + 1. + */ + if (entry->type + 1 != type) { + ksmbd_err("Waiting for IPC type %d, got %d. Ignore.\n", + entry->type + 1, type); + } + + entry->response = ksmbd_alloc(sz); + if (!entry->response) { + ret = -ENOMEM; + break; + } + + memcpy(entry->response, payload, sz); + wake_up_interruptible(&entry->wait); + ret = 0; + break; + } + up_read(&ipc_msg_table_lock); + + return ret; +} + +static int ipc_server_config_on_startup(struct ksmbd_startup_request *req) +{ + int ret; + + ksmbd_set_fd_limit(req->file_max); + server_conf.flags = req->flags; + server_conf.signing = req->signing; + server_conf.tcp_port = req->tcp_port; + server_conf.ipc_timeout = req->ipc_timeout * HZ; + server_conf.deadtime = req->deadtime * SMB_ECHO_INTERVAL; + server_conf.share_fake_fscaps = req->share_fake_fscaps; + ksmbd_init_domain(req->sub_auth); + + if (req->smb2_max_read) + init_smb2_max_read_size(req->smb2_max_read); + if (req->smb2_max_write) + init_smb2_max_write_size(req->smb2_max_write); + if (req->smb2_max_trans) + init_smb2_max_trans_size(req->smb2_max_trans); + + ret = ksmbd_set_netbios_name(req->netbios_name); + ret |= ksmbd_set_server_string(req->server_string); + ret |= ksmbd_set_work_group(req->work_group); + ret |= ksmbd_tcp_set_interfaces(KSMBD_STARTUP_CONFIG_INTERFACES(req), + req->ifc_list_sz); + if (ret) { + ksmbd_err("Server configuration error: %s %s %s\n", + req->netbios_name, + req->server_string, + req->work_group); + return ret; + } + + if (req->min_prot[0]) { + ret = ksmbd_lookup_protocol_idx(req->min_prot); + if (ret >= 0) + server_conf.min_protocol = ret; + } + if (req->max_prot[0]) { + ret = ksmbd_lookup_protocol_idx(req->max_prot); + if (ret >= 0) + server_conf.max_protocol = ret; + } + + if (server_conf.ipc_timeout) + schedule_delayed_work(&ipc_timer_work, server_conf.ipc_timeout); + return 0; +} + +static int handle_startup_event(struct sk_buff *skb, struct genl_info *info) +{ + int ret = 0; + +#ifdef CONFIG_SMB_SERVER_CHECK_CAP_NET_ADMIN + if (!netlink_capable(skb, CAP_NET_ADMIN)) + return -EPERM; +#endif + + if (!ksmbd_ipc_validate_version(info)) + return -EINVAL; + + if (!info->attrs[KSMBD_EVENT_STARTING_UP]) + return -EINVAL; + + mutex_lock(&startup_lock); + if (!ksmbd_server_configurable()) { + mutex_unlock(&startup_lock); + ksmbd_err("Server reset is in progress, can't start daemon\n"); + return -EINVAL; + } + + if (ksmbd_tools_pid) { + if (ksmbd_ipc_heartbeat_request() == 0) { + ret = -EINVAL; + goto out; + } + + ksmbd_err("Reconnect to a new user space daemon\n"); + } else { + struct ksmbd_startup_request *req; + + req = nla_data(info->attrs[info->genlhdr->cmd]); + ret = ipc_server_config_on_startup(req); + if (ret) + goto out; + server_queue_ctrl_init_work(); + } + + ksmbd_tools_pid = info->snd_portid; + ipc_update_last_active(); + +out: + mutex_unlock(&startup_lock); + return ret; +} + +static int handle_unsupported_event(struct sk_buff *skb, + struct genl_info *info) +{ + ksmbd_err("Unknown IPC event: %d, ignore.\n", info->genlhdr->cmd); + return -EINVAL; +} + +static int handle_generic_event(struct sk_buff *skb, struct genl_info *info) +{ + void *payload; + int sz; + int type = info->genlhdr->cmd; + +#ifdef CONFIG_SMB_SERVER_CHECK_CAP_NET_ADMIN + if (!netlink_capable(skb, CAP_NET_ADMIN)) + return -EPERM; +#endif + + if (type >= KSMBD_EVENT_MAX) { + WARN_ON(1); + return -EINVAL; + } + + if (!ksmbd_ipc_validate_version(info)) + return -EINVAL; + + if (!info->attrs[type]) + return -EINVAL; + + payload = nla_data(info->attrs[info->genlhdr->cmd]); + sz = nla_len(info->attrs[info->genlhdr->cmd]); + return handle_response(type, payload, sz); +} + +static int ipc_msg_send(struct ksmbd_ipc_msg *msg) +{ + struct genlmsghdr *nlh; + struct sk_buff *skb; + int ret = -EINVAL; + + if (!ksmbd_tools_pid) + return ret; + + skb = genlmsg_new(msg->sz, GFP_KERNEL); + if (!skb) + return -ENOMEM; + + nlh = genlmsg_put(skb, 0, 0, &ksmbd_genl_family, 0, msg->type); + if (!nlh) + goto out; + + ret = nla_put(skb, msg->type, msg->sz, KSMBD_IPC_MSG_PAYLOAD(msg)); + if (ret) { + genlmsg_cancel(skb, nlh); + goto out; + } + + genlmsg_end(skb, nlh); + ret = genlmsg_unicast(&init_net, skb, ksmbd_tools_pid); + if (!ret) + ipc_update_last_active(); + return ret; + +out: + nlmsg_free(skb); + return ret; +} + +static void *ipc_msg_send_request(struct ksmbd_ipc_msg *msg, + unsigned int handle) +{ + struct ipc_msg_table_entry entry; + int ret; + + if ((int)handle < 0) + return NULL; + + entry.type = msg->type; + entry.response = NULL; + init_waitqueue_head(&entry.wait); + + down_write(&ipc_msg_table_lock); + entry.handle = handle; + hash_add(ipc_msg_table, &entry.ipc_table_hlist, entry.handle); + up_write(&ipc_msg_table_lock); + + ret = ipc_msg_send(msg); + if (ret) + goto out; + + ret = wait_event_interruptible_timeout(entry.wait, + entry.response != NULL, + IPC_WAIT_TIMEOUT); +out: + down_write(&ipc_msg_table_lock); + hash_del(&entry.ipc_table_hlist); + up_write(&ipc_msg_table_lock); + return entry.response; +} + +static int ksmbd_ipc_heartbeat_request(void) +{ + struct ksmbd_ipc_msg *msg; + int ret; + + msg = ipc_msg_alloc(sizeof(struct ksmbd_heartbeat)); + if (!msg) + return -EINVAL; + + msg->type = KSMBD_EVENT_HEARTBEAT_REQUEST; + ret = ipc_msg_send(msg); + ipc_msg_free(msg); + return ret; +} + +struct ksmbd_login_response *ksmbd_ipc_login_request(const char *account) +{ + struct ksmbd_ipc_msg *msg; + struct ksmbd_login_request *req; + struct ksmbd_login_response *resp; + + if (strlen(account) >= KSMBD_REQ_MAX_ACCOUNT_NAME_SZ) + return NULL; + + msg = ipc_msg_alloc(sizeof(struct ksmbd_login_request)); + if (!msg) + return NULL; + + msg->type = KSMBD_EVENT_LOGIN_REQUEST; + req = KSMBD_IPC_MSG_PAYLOAD(msg); + req->handle = ksmbd_acquire_id(ida); + strscpy(req->account, account, KSMBD_REQ_MAX_ACCOUNT_NAME_SZ); + + resp = ipc_msg_send_request(msg, req->handle); + ipc_msg_handle_free(req->handle); + ipc_msg_free(msg); + return resp; +} + +struct ksmbd_spnego_authen_response * +ksmbd_ipc_spnego_authen_request(const char *spnego_blob, int blob_len) +{ + struct ksmbd_ipc_msg *msg; + struct ksmbd_spnego_authen_request *req; + struct ksmbd_spnego_authen_response *resp; + + msg = ipc_msg_alloc(sizeof(struct ksmbd_spnego_authen_request) + + blob_len + 1); + if (!msg) + return NULL; + + msg->type = KSMBD_EVENT_SPNEGO_AUTHEN_REQUEST; + req = KSMBD_IPC_MSG_PAYLOAD(msg); + req->handle = ksmbd_acquire_id(ida); + req->spnego_blob_len = blob_len; + memcpy(req->spnego_blob, spnego_blob, blob_len); + + resp = ipc_msg_send_request(msg, req->handle); + ipc_msg_handle_free(req->handle); + ipc_msg_free(msg); + return resp; +} + +struct ksmbd_tree_connect_response * +ksmbd_ipc_tree_connect_request(struct ksmbd_session *sess, + struct ksmbd_share_config *share, + struct ksmbd_tree_connect *tree_conn, + struct sockaddr *peer_addr) +{ + struct ksmbd_ipc_msg *msg; + struct ksmbd_tree_connect_request *req; + struct ksmbd_tree_connect_response *resp; + + if (strlen(user_name(sess->user)) >= KSMBD_REQ_MAX_ACCOUNT_NAME_SZ) + return NULL; + + if (strlen(share->name) >= KSMBD_REQ_MAX_SHARE_NAME) + return NULL; + + msg = ipc_msg_alloc(sizeof(struct ksmbd_tree_connect_request)); + if (!msg) + return NULL; + + msg->type = KSMBD_EVENT_TREE_CONNECT_REQUEST; + req = KSMBD_IPC_MSG_PAYLOAD(msg); + + req->handle = ksmbd_acquire_id(ida); + req->account_flags = sess->user->flags; + req->session_id = sess->id; + req->connect_id = tree_conn->id; + strscpy(req->account, user_name(sess->user), KSMBD_REQ_MAX_ACCOUNT_NAME_SZ); + strscpy(req->share, share->name, KSMBD_REQ_MAX_SHARE_NAME); + snprintf(req->peer_addr, sizeof(req->peer_addr), "%pIS", peer_addr); + + if (peer_addr->sa_family == AF_INET6) + req->flags |= KSMBD_TREE_CONN_FLAG_REQUEST_IPV6; + if (test_session_flag(sess, CIFDS_SESSION_FLAG_SMB2)) + req->flags |= KSMBD_TREE_CONN_FLAG_REQUEST_SMB2; + + resp = ipc_msg_send_request(msg, req->handle); + ipc_msg_handle_free(req->handle); + ipc_msg_free(msg); + return resp; +} + +int ksmbd_ipc_tree_disconnect_request(unsigned long long session_id, + unsigned long long connect_id) +{ + struct ksmbd_ipc_msg *msg; + struct ksmbd_tree_disconnect_request *req; + int ret; + + msg = ipc_msg_alloc(sizeof(struct ksmbd_tree_disconnect_request)); + if (!msg) + return -ENOMEM; + + msg->type = KSMBD_EVENT_TREE_DISCONNECT_REQUEST; + req = KSMBD_IPC_MSG_PAYLOAD(msg); + req->session_id = session_id; + req->connect_id = connect_id; + + ret = ipc_msg_send(msg); + ipc_msg_free(msg); + return ret; +} + +int ksmbd_ipc_logout_request(const char *account) +{ + struct ksmbd_ipc_msg *msg; + struct ksmbd_logout_request *req; + int ret; + + if (strlen(account) >= KSMBD_REQ_MAX_ACCOUNT_NAME_SZ) + return -EINVAL; + + msg = ipc_msg_alloc(sizeof(struct ksmbd_logout_request)); + if (!msg) + return -ENOMEM; + + msg->type = KSMBD_EVENT_LOGOUT_REQUEST; + req = KSMBD_IPC_MSG_PAYLOAD(msg); + strscpy(req->account, account, KSMBD_REQ_MAX_ACCOUNT_NAME_SZ); + + ret = ipc_msg_send(msg); + ipc_msg_free(msg); + return ret; +} + +struct ksmbd_share_config_response * +ksmbd_ipc_share_config_request(const char *name) +{ + struct ksmbd_ipc_msg *msg; + struct ksmbd_share_config_request *req; + struct ksmbd_share_config_response *resp; + + if (strlen(name) >= KSMBD_REQ_MAX_SHARE_NAME) + return NULL; + + msg = ipc_msg_alloc(sizeof(struct ksmbd_share_config_request)); + if (!msg) + return NULL; + + msg->type = KSMBD_EVENT_SHARE_CONFIG_REQUEST; + req = KSMBD_IPC_MSG_PAYLOAD(msg); + req->handle = ksmbd_acquire_id(ida); + strscpy(req->share_name, name, KSMBD_REQ_MAX_SHARE_NAME); + + resp = ipc_msg_send_request(msg, req->handle); + ipc_msg_handle_free(req->handle); + ipc_msg_free(msg); + return resp; +} + +struct ksmbd_rpc_command *ksmbd_rpc_open(struct ksmbd_session *sess, + int handle) +{ + struct ksmbd_ipc_msg *msg; + struct ksmbd_rpc_command *req; + struct ksmbd_rpc_command *resp; + + msg = ipc_msg_alloc(sizeof(struct ksmbd_rpc_command)); + if (!msg) + return NULL; + + msg->type = KSMBD_EVENT_RPC_REQUEST; + req = KSMBD_IPC_MSG_PAYLOAD(msg); + req->handle = handle; + req->flags = ksmbd_session_rpc_method(sess, handle); + req->flags |= KSMBD_RPC_OPEN_METHOD; + req->payload_sz = 0; + + resp = ipc_msg_send_request(msg, req->handle); + ipc_msg_free(msg); + return resp; +} + +struct ksmbd_rpc_command *ksmbd_rpc_close(struct ksmbd_session *sess, + int handle) +{ + struct ksmbd_ipc_msg *msg; + struct ksmbd_rpc_command *req; + struct ksmbd_rpc_command *resp; + + msg = ipc_msg_alloc(sizeof(struct ksmbd_rpc_command)); + if (!msg) + return NULL; + + msg->type = KSMBD_EVENT_RPC_REQUEST; + req = KSMBD_IPC_MSG_PAYLOAD(msg); + req->handle = handle; + req->flags = ksmbd_session_rpc_method(sess, handle); + req->flags |= KSMBD_RPC_CLOSE_METHOD; + req->payload_sz = 0; + + resp = ipc_msg_send_request(msg, req->handle); + ipc_msg_free(msg); + return resp; +} + +struct ksmbd_rpc_command *ksmbd_rpc_write(struct ksmbd_session *sess, + int handle, + void *payload, + size_t payload_sz) +{ + struct ksmbd_ipc_msg *msg; + struct ksmbd_rpc_command *req; + struct ksmbd_rpc_command *resp; + + msg = ipc_msg_alloc(sizeof(struct ksmbd_rpc_command) + payload_sz + 1); + if (!msg) + return NULL; + + msg->type = KSMBD_EVENT_RPC_REQUEST; + req = KSMBD_IPC_MSG_PAYLOAD(msg); + req->handle = handle; + req->flags = ksmbd_session_rpc_method(sess, handle); + req->flags |= rpc_context_flags(sess); + req->flags |= KSMBD_RPC_WRITE_METHOD; + req->payload_sz = payload_sz; + memcpy(req->payload, payload, payload_sz); + + resp = ipc_msg_send_request(msg, req->handle); + ipc_msg_free(msg); + return resp; +} + +struct ksmbd_rpc_command *ksmbd_rpc_read(struct ksmbd_session *sess, + int handle) +{ + struct ksmbd_ipc_msg *msg; + struct ksmbd_rpc_command *req; + struct ksmbd_rpc_command *resp; + + msg = ipc_msg_alloc(sizeof(struct ksmbd_rpc_command)); + if (!msg) + return NULL; + + msg->type = KSMBD_EVENT_RPC_REQUEST; + req = KSMBD_IPC_MSG_PAYLOAD(msg); + req->handle = handle; + req->flags = ksmbd_session_rpc_method(sess, handle); + req->flags |= rpc_context_flags(sess); + req->flags |= KSMBD_RPC_READ_METHOD; + req->payload_sz = 0; + + resp = ipc_msg_send_request(msg, req->handle); + ipc_msg_free(msg); + return resp; +} + +struct ksmbd_rpc_command *ksmbd_rpc_ioctl(struct ksmbd_session *sess, + int handle, + void *payload, + size_t payload_sz) +{ + struct ksmbd_ipc_msg *msg; + struct ksmbd_rpc_command *req; + struct ksmbd_rpc_command *resp; + + msg = ipc_msg_alloc(sizeof(struct ksmbd_rpc_command) + payload_sz + 1); + if (!msg) + return NULL; + + msg->type = KSMBD_EVENT_RPC_REQUEST; + req = KSMBD_IPC_MSG_PAYLOAD(msg); + req->handle = handle; + req->flags = ksmbd_session_rpc_method(sess, handle); + req->flags |= rpc_context_flags(sess); + req->flags |= KSMBD_RPC_IOCTL_METHOD; + req->payload_sz = payload_sz; + memcpy(req->payload, payload, payload_sz); + + resp = ipc_msg_send_request(msg, req->handle); + ipc_msg_free(msg); + return resp; +} + +struct ksmbd_rpc_command *ksmbd_rpc_rap(struct ksmbd_session *sess, + void *payload, + size_t payload_sz) +{ + struct ksmbd_ipc_msg *msg; + struct ksmbd_rpc_command *req; + struct ksmbd_rpc_command *resp; + + msg = ipc_msg_alloc(sizeof(struct ksmbd_rpc_command) + payload_sz + 1); + if (!msg) + return NULL; + + msg->type = KSMBD_EVENT_RPC_REQUEST; + req = KSMBD_IPC_MSG_PAYLOAD(msg); + req->handle = ksmbd_acquire_id(ida); + req->flags = rpc_context_flags(sess); + req->flags |= KSMBD_RPC_RAP_METHOD; + req->payload_sz = payload_sz; + memcpy(req->payload, payload, payload_sz); + + resp = ipc_msg_send_request(msg, req->handle); + ipc_msg_handle_free(req->handle); + ipc_msg_free(msg); + return resp; +} + +static int __ipc_heartbeat(void) +{ + unsigned long delta; + + if (!ksmbd_server_running()) + return 0; + + if (time_after(jiffies, server_conf.ipc_last_active)) { + delta = (jiffies - server_conf.ipc_last_active); + } else { + ipc_update_last_active(); + schedule_delayed_work(&ipc_timer_work, + server_conf.ipc_timeout); + return 0; + } + + if (delta < server_conf.ipc_timeout) { + schedule_delayed_work(&ipc_timer_work, + server_conf.ipc_timeout - delta); + return 0; + } + + if (ksmbd_ipc_heartbeat_request() == 0) { + schedule_delayed_work(&ipc_timer_work, + server_conf.ipc_timeout); + return 0; + } + + mutex_lock(&startup_lock); + WRITE_ONCE(server_conf.state, SERVER_STATE_RESETTING); + server_conf.ipc_last_active = 0; + ksmbd_tools_pid = 0; + ksmbd_err("No IPC daemon response for %lus\n", delta / HZ); + mutex_unlock(&startup_lock); + return -EINVAL; +} + +static void ipc_timer_heartbeat(struct work_struct *w) +{ + if (__ipc_heartbeat()) + server_queue_ctrl_reset_work(); +} + +int ksmbd_ipc_id_alloc(void) +{ + return ksmbd_acquire_id(ida); +} + +void ksmbd_rpc_id_free(int handle) +{ + ksmbd_release_id(ida, handle); +} + +void ksmbd_ipc_release(void) +{ + cancel_delayed_work_sync(&ipc_timer_work); + ksmbd_ida_free(ida); + genl_unregister_family(&ksmbd_genl_family); +} + +void ksmbd_ipc_soft_reset(void) +{ + mutex_lock(&startup_lock); + ksmbd_tools_pid = 0; + cancel_delayed_work_sync(&ipc_timer_work); + mutex_unlock(&startup_lock); +} + +int ksmbd_ipc_init(void) +{ + int ret; + + ksmbd_nl_init_fixup(); + INIT_DELAYED_WORK(&ipc_timer_work, ipc_timer_heartbeat); + + ret = genl_register_family(&ksmbd_genl_family); + if (ret) { + ksmbd_err("Failed to register KSMBD netlink interface %d\n", + ret); + return ret; + } + + ida = ksmbd_ida_alloc(); + if (!ida) + return -ENOMEM; + return 0; +} diff --git a/fs/cifsd/transport_ipc.h b/fs/cifsd/transport_ipc.h new file mode 100644 index 000000000000..68c003027811 --- /dev/null +++ b/fs/cifsd/transport_ipc.h @@ -0,0 +1,63 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#ifndef __KSMBD_TRANSPORT_IPC_H__ +#define __KSMBD_TRANSPORT_IPC_H__ + +#include <linux/wait.h> +#include "ksmbd_server.h" /* FIXME */ + +#define KSMBD_IPC_MAX_PAYLOAD 4096 + +struct ksmbd_login_response * +ksmbd_ipc_login_request(const char *account); + +struct ksmbd_session; +struct ksmbd_share_config; +struct ksmbd_tree_connect; +struct sockaddr; + +struct ksmbd_tree_connect_response * +ksmbd_ipc_tree_connect_request(struct ksmbd_session *sess, + struct ksmbd_share_config *share, + struct ksmbd_tree_connect *tree_conn, + struct sockaddr *peer_addr); + +int ksmbd_ipc_tree_disconnect_request(unsigned long long session_id, + unsigned long long connect_id); +int ksmbd_ipc_logout_request(const char *account); + +struct ksmbd_share_config_response * +ksmbd_ipc_share_config_request(const char *name); + +struct ksmbd_spnego_authen_response * +ksmbd_ipc_spnego_authen_request(const char *spnego_blob, int blob_len); + +int ksmbd_ipc_id_alloc(void); +void ksmbd_rpc_id_free(int handle); + +struct ksmbd_rpc_command *ksmbd_rpc_open(struct ksmbd_session *sess, + int handle); +struct ksmbd_rpc_command *ksmbd_rpc_close(struct ksmbd_session *sess, + int handle); + +struct ksmbd_rpc_command *ksmbd_rpc_write(struct ksmbd_session *sess, + int handle, + void *payload, + size_t payload_sz); +struct ksmbd_rpc_command *ksmbd_rpc_read(struct ksmbd_session *sess, + int handle); +struct ksmbd_rpc_command *ksmbd_rpc_ioctl(struct ksmbd_session *sess, + int handle, + void *payload, + size_t payload_sz); +struct ksmbd_rpc_command *ksmbd_rpc_rap(struct ksmbd_session *sess, + void *payload, + size_t payload_sz); + +void ksmbd_ipc_release(void); +void ksmbd_ipc_soft_reset(void); +int ksmbd_ipc_init(void); +#endif /* __KSMBD_TRANSPORT_IPC_H__ */ diff --git a/fs/cifsd/transport_rdma.c b/fs/cifsd/transport_rdma.c new file mode 100644 index 000000000000..1698f7ed9c2f --- /dev/null +++ b/fs/cifsd/transport_rdma.c @@ -0,0 +1,2050 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2017, Microsoft Corporation. + * Copyright (C) 2018, LG Electronics. + * + * Author(s): Long Li longli@microsoft.com, + * Hyunchul Lee hyc.lee@gmail.com + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See + * the GNU General Public License for more details. + */ + +#define SUBMOD_NAME "smb_direct" + +#include <linux/kthread.h> +#include <linux/rwlock.h> +#include <linux/list.h> +#include <linux/mempool.h> +#include <linux/highmem.h> +#include <linux/scatterlist.h> +#include <rdma/ib_verbs.h> +#include <rdma/rdma_cm.h> +#include <rdma/rw.h> + +#include "glob.h" +#include "connection.h" +#include "smb_common.h" +#include "smbstatus.h" +#include "buffer_pool.h" +#include "transport_rdma.h" + +#define SMB_DIRECT_PORT 5445 + +#define SMB_DIRECT_VERSION_LE cpu_to_le16(0x0100) + +/* SMB_DIRECT negotiation timeout in seconds */ +#define SMB_DIRECT_NEGOTIATE_TIMEOUT 120 + +#define SMB_DIRECT_MAX_SEND_SGES 8 +#define SMB_DIRECT_MAX_RECV_SGES 1 + +/* + * Default maximum number of RDMA read/write outstanding on this connection + * This value is possibly decreased during QP creation on hardware limit + */ +#define SMB_DIRECT_CM_INITIATOR_DEPTH 8 + +/* Maximum number of retries on data transfer operations */ +#define SMB_DIRECT_CM_RETRY 6 +/* No need to retry on Receiver Not Ready since SMB_DIRECT manages credits */ +#define SMB_DIRECT_CM_RNR_RETRY 0 + +/* + * User configurable initial values per SMB_DIRECT transport connection + * as defined in [MS-KSMBD] 3.1.1.1 + * Those may change after a SMB_DIRECT negotiation + */ +/* The local peer's maximum number of credits to grant to the peer */ +static int smb_direct_receive_credit_max = 255; + +/* The remote peer's credit request of local peer */ +static int smb_direct_send_credit_target = 255; + +/* The maximum single message size can be sent to remote peer */ +static int smb_direct_max_send_size = 8192; + +/* The maximum fragmented upper-layer payload receive size supported */ +static int smb_direct_max_fragmented_recv_size = 1024 * 1024; + +/* The maximum single-message size which can be received */ +static int smb_direct_max_receive_size = 8192; + +static int smb_direct_max_read_write_size = 1024 * 1024; + +static int smb_direct_max_outstanding_rw_ops = 8; + +static struct smb_direct_listener { + struct rdma_cm_id *cm_id; +} smb_direct_listener; + + +static struct workqueue_struct *smb_direct_wq; + +enum smb_direct_status { + SMB_DIRECT_CS_NEW = 0, + SMB_DIRECT_CS_CONNECTED, + SMB_DIRECT_CS_DISCONNECTING, + SMB_DIRECT_CS_DISCONNECTED, +}; + +struct smb_direct_transport { + struct ksmbd_transport transport; + + enum smb_direct_status status; + bool full_packet_received; + wait_queue_head_t wait_status; + + struct rdma_cm_id *cm_id; + struct ib_cq *send_cq; + struct ib_cq *recv_cq; + struct ib_pd *pd; + struct ib_qp *qp; + + int max_send_size; + int max_recv_size; + int max_fragmented_send_size; + int max_fragmented_recv_size; + int max_rdma_rw_size; + + spinlock_t reassembly_queue_lock; + struct list_head reassembly_queue; + int reassembly_data_length; + int reassembly_queue_length; + int first_entry_offset; + wait_queue_head_t wait_reassembly_queue; + + spinlock_t receive_credit_lock; + int recv_credits; + int count_avail_recvmsg; + int recv_credit_max; + int recv_credit_target; + + spinlock_t recvmsg_queue_lock; + struct list_head recvmsg_queue; + + spinlock_t empty_recvmsg_queue_lock; + struct list_head empty_recvmsg_queue; + + int send_credit_target; + atomic_t send_credits; + spinlock_t lock_new_recv_credits; + int new_recv_credits; + atomic_t rw_avail_ops; + + wait_queue_head_t wait_send_credits; + wait_queue_head_t wait_rw_avail_ops; + + mempool_t *sendmsg_mempool; + struct kmem_cache *sendmsg_cache; + mempool_t *recvmsg_mempool; + struct kmem_cache *recvmsg_cache; + + wait_queue_head_t wait_send_payload_pending; + atomic_t send_payload_pending; + wait_queue_head_t wait_send_pending; + atomic_t send_pending; + + struct delayed_work post_recv_credits_work; + struct work_struct send_immediate_work; + struct work_struct disconnect_work; + + bool negotiation_requested; +}; + +#define KSMBD_TRANS(t) ((struct ksmbd_transport *)&((t)->transport)) +#define SMB_DIRECT_TRANS(t) ((struct smb_direct_transport *)container_of(t, \ + struct smb_direct_transport, transport)) + +enum { + SMB_DIRECT_MSG_NEGOTIATE_REQ = 0, + SMB_DIRECT_MSG_DATA_TRANSFER +}; + +static struct ksmbd_transport_ops ksmbd_smb_direct_transport_ops; + +struct smb_direct_send_ctx { + struct list_head msg_list; + int wr_cnt; + bool need_invalidate_rkey; + unsigned int remote_key; +}; + +struct smb_direct_sendmsg { + struct smb_direct_transport *transport; + struct ib_send_wr wr; + struct list_head list; + int num_sge; + struct ib_sge sge[SMB_DIRECT_MAX_SEND_SGES]; + struct ib_cqe cqe; + u8 packet[]; +}; + +struct smb_direct_recvmsg { + struct smb_direct_transport *transport; + struct list_head list; + int type; + struct ib_sge sge; + struct ib_cqe cqe; + bool first_segment; + u8 packet[]; +}; + +struct smb_direct_rdma_rw_msg { + struct smb_direct_transport *t; + struct ib_cqe cqe; + struct completion *completion; + struct rdma_rw_ctx rw_ctx; + struct sg_table sgt; + struct scatterlist sg_list[0]; +}; + +#define BUFFER_NR_PAGES(buf, len) \ + (DIV_ROUND_UP((unsigned long)(buf) + (len), PAGE_SIZE) \ + - (unsigned long)(buf) / PAGE_SIZE) + +static void smb_direct_destroy_pools(struct smb_direct_transport *transport); +static void smb_direct_post_recv_credits(struct work_struct *work); +static int smb_direct_post_send_data(struct smb_direct_transport *t, + struct smb_direct_send_ctx *send_ctx, + struct kvec *iov, int niov, int remaining_data_length); + +static inline void +*smb_direct_recvmsg_payload(struct smb_direct_recvmsg *recvmsg) +{ + return (void *)recvmsg->packet; +} + +static inline bool is_receive_credit_post_required(int receive_credits, + int avail_recvmsg_count) +{ + return receive_credits <= (smb_direct_receive_credit_max >> 3) && + avail_recvmsg_count >= (receive_credits >> 2); +} + +static struct +smb_direct_recvmsg *get_free_recvmsg(struct smb_direct_transport *t) +{ + struct smb_direct_recvmsg *recvmsg = NULL; + + spin_lock(&t->recvmsg_queue_lock); + if (!list_empty(&t->recvmsg_queue)) { + recvmsg = list_first_entry(&t->recvmsg_queue, + struct smb_direct_recvmsg, + list); + list_del(&recvmsg->list); + } + spin_unlock(&t->recvmsg_queue_lock); + return recvmsg; +} + +static void put_recvmsg(struct smb_direct_transport *t, + struct smb_direct_recvmsg *recvmsg) +{ + ib_dma_unmap_single(t->cm_id->device, recvmsg->sge.addr, + recvmsg->sge.length, DMA_FROM_DEVICE); + + spin_lock(&t->recvmsg_queue_lock); + list_add(&recvmsg->list, &t->recvmsg_queue); + spin_unlock(&t->recvmsg_queue_lock); + +} + +static struct +smb_direct_recvmsg *get_empty_recvmsg(struct smb_direct_transport *t) +{ + struct smb_direct_recvmsg *recvmsg = NULL; + + spin_lock(&t->empty_recvmsg_queue_lock); + if (!list_empty(&t->empty_recvmsg_queue)) { + recvmsg = list_first_entry( + &t->empty_recvmsg_queue, + struct smb_direct_recvmsg, list); + list_del(&recvmsg->list); + } + spin_unlock(&t->empty_recvmsg_queue_lock); + return recvmsg; +} + +static void put_empty_recvmsg(struct smb_direct_transport *t, + struct smb_direct_recvmsg *recvmsg) +{ + ib_dma_unmap_single(t->cm_id->device, recvmsg->sge.addr, + recvmsg->sge.length, DMA_FROM_DEVICE); + + spin_lock(&t->empty_recvmsg_queue_lock); + list_add_tail(&recvmsg->list, &t->empty_recvmsg_queue); + spin_unlock(&t->empty_recvmsg_queue_lock); +} + +static void enqueue_reassembly(struct smb_direct_transport *t, + struct smb_direct_recvmsg *recvmsg, + int data_length) +{ + spin_lock(&t->reassembly_queue_lock); + list_add_tail(&recvmsg->list, &t->reassembly_queue); + t->reassembly_queue_length++; + /* + * Make sure reassembly_data_length is updated after list and + * reassembly_queue_length are updated. On the dequeue side + * reassembly_data_length is checked without a lock to determine + * if reassembly_queue_length and list is up to date + */ + virt_wmb(); + t->reassembly_data_length += data_length; + spin_unlock(&t->reassembly_queue_lock); + +} + +static struct smb_direct_recvmsg *get_first_reassembly( + struct smb_direct_transport *t) +{ + if (!list_empty(&t->reassembly_queue)) + return list_first_entry(&t->reassembly_queue, + struct smb_direct_recvmsg, list); + else + return NULL; +} + +static void smb_direct_disconnect_rdma_work(struct work_struct *work) +{ + struct smb_direct_transport *t = + container_of(work, struct smb_direct_transport, + disconnect_work); + + if (t->status == SMB_DIRECT_CS_CONNECTED) { + t->status = SMB_DIRECT_CS_DISCONNECTING; + rdma_disconnect(t->cm_id); + } +} + +static void +smb_direct_disconnect_rdma_connection(struct smb_direct_transport *t) +{ + queue_work(smb_direct_wq, &t->disconnect_work); +} + +static void smb_direct_send_immediate_work(struct work_struct *work) +{ + struct smb_direct_transport *t = container_of(work, + struct smb_direct_transport, send_immediate_work); + + if (t->status != SMB_DIRECT_CS_CONNECTED) + return; + + smb_direct_post_send_data(t, NULL, NULL, 0, 0); +} + +static struct smb_direct_transport *alloc_transport(struct rdma_cm_id *cm_id) +{ + struct smb_direct_transport *t; + struct ksmbd_conn *conn; + + t = kzalloc(sizeof(*t), GFP_KERNEL); + if (!t) + return NULL; + + t->cm_id = cm_id; + cm_id->context = t; + + t->status = SMB_DIRECT_CS_NEW; + init_waitqueue_head(&t->wait_status); + + spin_lock_init(&t->reassembly_queue_lock); + INIT_LIST_HEAD(&t->reassembly_queue); + t->reassembly_data_length = 0; + t->reassembly_queue_length = 0; + init_waitqueue_head(&t->wait_reassembly_queue); + init_waitqueue_head(&t->wait_send_credits); + init_waitqueue_head(&t->wait_rw_avail_ops); + + spin_lock_init(&t->receive_credit_lock); + spin_lock_init(&t->recvmsg_queue_lock); + INIT_LIST_HEAD(&t->recvmsg_queue); + + spin_lock_init(&t->empty_recvmsg_queue_lock); + INIT_LIST_HEAD(&t->empty_recvmsg_queue); + + init_waitqueue_head(&t->wait_send_payload_pending); + atomic_set(&t->send_payload_pending, 0); + init_waitqueue_head(&t->wait_send_pending); + atomic_set(&t->send_pending, 0); + + spin_lock_init(&t->lock_new_recv_credits); + + INIT_DELAYED_WORK(&t->post_recv_credits_work, + smb_direct_post_recv_credits); + INIT_WORK(&t->send_immediate_work, smb_direct_send_immediate_work); + INIT_WORK(&t->disconnect_work, smb_direct_disconnect_rdma_work); + + conn = ksmbd_conn_alloc(); + if (!conn) + goto err; + conn->transport = KSMBD_TRANS(t); + KSMBD_TRANS(t)->conn = conn; + KSMBD_TRANS(t)->ops = &ksmbd_smb_direct_transport_ops; + return t; +err: + kfree(t); + return NULL; +} + +static void free_transport(struct smb_direct_transport *t) +{ + struct smb_direct_recvmsg *recvmsg; + + wake_up_interruptible(&t->wait_send_credits); + + ksmbd_debug(RDMA, "wait for all send posted to IB to finish\n"); + wait_event(t->wait_send_payload_pending, + atomic_read(&t->send_payload_pending) == 0); + wait_event(t->wait_send_pending, + atomic_read(&t->send_pending) == 0); + + cancel_work_sync(&t->disconnect_work); + cancel_delayed_work_sync(&t->post_recv_credits_work); + cancel_work_sync(&t->send_immediate_work); + + if (t->qp) { + ib_drain_qp(t->qp); + ib_destroy_qp(t->qp); + } + + ksmbd_debug(RDMA, "drain the reassembly queue\n"); + do { + spin_lock(&t->reassembly_queue_lock); + recvmsg = get_first_reassembly(t); + if (recvmsg) { + list_del(&recvmsg->list); + spin_unlock( + &t->reassembly_queue_lock); + put_recvmsg(t, recvmsg); + } else + spin_unlock(&t->reassembly_queue_lock); + } while (recvmsg); + t->reassembly_data_length = 0; + + if (t->send_cq) + ib_free_cq(t->send_cq); + if (t->recv_cq) + ib_free_cq(t->recv_cq); + if (t->pd) + ib_dealloc_pd(t->pd); + if (t->cm_id) + rdma_destroy_id(t->cm_id); + + smb_direct_destroy_pools(t); + ksmbd_conn_free(KSMBD_TRANS(t)->conn); + kfree(t); +} + +static struct smb_direct_sendmsg +*smb_direct_alloc_sendmsg(struct smb_direct_transport *t) +{ + struct smb_direct_sendmsg *msg; + + msg = mempool_alloc(t->sendmsg_mempool, GFP_KERNEL); + if (!msg) + return ERR_PTR(-ENOMEM); + msg->transport = t; + INIT_LIST_HEAD(&msg->list); + msg->num_sge = 0; + return msg; +} + +static void smb_direct_free_sendmsg(struct smb_direct_transport *t, + struct smb_direct_sendmsg *msg) +{ + int i; + + if (msg->num_sge > 0) { + ib_dma_unmap_single(t->cm_id->device, + msg->sge[0].addr, msg->sge[0].length, + DMA_TO_DEVICE); + for (i = 1; i < msg->num_sge; i++) + ib_dma_unmap_page(t->cm_id->device, + msg->sge[i].addr, msg->sge[i].length, + DMA_TO_DEVICE); + } + mempool_free(msg, t->sendmsg_mempool); +} + +static int smb_direct_check_recvmsg(struct smb_direct_recvmsg *recvmsg) +{ + switch (recvmsg->type) { + case SMB_DIRECT_MSG_DATA_TRANSFER: { + struct smb_direct_data_transfer *req = + (struct smb_direct_data_transfer *) recvmsg->packet; + struct smb2_hdr *hdr = (struct smb2_hdr *) (recvmsg->packet + + le32_to_cpu(req->data_offset) - 4); + ksmbd_debug(RDMA, + "CreditGranted: %u, CreditRequested: %u, DataLength: %u, RemaingDataLength: %u, SMB: %x, Command: %u\n", + le16_to_cpu(req->credits_granted), + le16_to_cpu(req->credits_requested), + req->data_length, req->remaining_data_length, + hdr->ProtocolId, hdr->Command); + break; + } + case SMB_DIRECT_MSG_NEGOTIATE_REQ: { + struct smb_direct_negotiate_req *req = + (struct smb_direct_negotiate_req *)recvmsg->packet; + ksmbd_debug(RDMA, + "MinVersion: %u, MaxVersion: %u, CreditRequested: %u, MaxSendSize: %u, MaxRecvSize: %u, MaxFragmentedSize: %u\n", + le16_to_cpu(req->min_version), + le16_to_cpu(req->max_version), + le16_to_cpu(req->credits_requested), + le32_to_cpu(req->preferred_send_size), + le32_to_cpu(req->max_receive_size), + le32_to_cpu(req->max_fragmented_size)); + if (le16_to_cpu(req->min_version) > 0x0100 || + le16_to_cpu(req->max_version) < 0x0100) + return -EOPNOTSUPP; + if (le16_to_cpu(req->credits_requested) <= 0 || + le32_to_cpu(req->max_receive_size) <= 128 || + le32_to_cpu(req->max_fragmented_size) <= + 128*1024) + return -ECONNABORTED; + + break; + } + default: + return -EINVAL; + } + return 0; +} + +static void recv_done(struct ib_cq *cq, struct ib_wc *wc) +{ + struct smb_direct_recvmsg *recvmsg; + struct smb_direct_transport *t; + + recvmsg = container_of(wc->wr_cqe, struct smb_direct_recvmsg, cqe); + t = recvmsg->transport; + + if (wc->status != IB_WC_SUCCESS || wc->opcode != IB_WC_RECV) { + if (wc->status != IB_WC_WR_FLUSH_ERR) { + ksmbd_err("Recv error. status='%s (%d)' opcode=%d\n", + ib_wc_status_msg(wc->status), wc->status, + wc->opcode); + smb_direct_disconnect_rdma_connection(t); + } + put_empty_recvmsg(t, recvmsg); + return; + } + + ksmbd_debug(RDMA, "Recv completed. status='%s (%d)', opcode=%d\n", + ib_wc_status_msg(wc->status), wc->status, + wc->opcode); + + ib_dma_sync_single_for_cpu(wc->qp->device, recvmsg->sge.addr, + recvmsg->sge.length, DMA_FROM_DEVICE); + + switch (recvmsg->type) { + case SMB_DIRECT_MSG_NEGOTIATE_REQ: + t->negotiation_requested = true; + t->full_packet_received = true; + wake_up_interruptible(&t->wait_status); + break; + case SMB_DIRECT_MSG_DATA_TRANSFER: { + struct smb_direct_data_transfer *data_transfer = + (struct smb_direct_data_transfer *)recvmsg->packet; + int data_length = le32_to_cpu(data_transfer->data_length); + int avail_recvmsg_count, receive_credits; + + if (data_length) { + if (t->full_packet_received) + recvmsg->first_segment = true; + + if (le32_to_cpu(data_transfer->remaining_data_length)) + t->full_packet_received = false; + else + t->full_packet_received = true; + + enqueue_reassembly(t, recvmsg, data_length); + wake_up_interruptible(&t->wait_reassembly_queue); + + spin_lock(&t->receive_credit_lock); + receive_credits = --(t->recv_credits); + avail_recvmsg_count = t->count_avail_recvmsg; + spin_unlock(&t->receive_credit_lock); + } else { + put_empty_recvmsg(t, recvmsg); + + spin_lock(&t->receive_credit_lock); + receive_credits = --(t->recv_credits); + avail_recvmsg_count = ++(t->count_avail_recvmsg); + spin_unlock(&t->receive_credit_lock); + } + + t->recv_credit_target = + le16_to_cpu(data_transfer->credits_requested); + atomic_add(le16_to_cpu(data_transfer->credits_granted), + &t->send_credits); + + if (le16_to_cpu(data_transfer->flags) & + SMB_DIRECT_RESPONSE_REQUESTED) + queue_work(smb_direct_wq, &t->send_immediate_work); + + if (atomic_read(&t->send_credits) > 0) + wake_up_interruptible(&t->wait_send_credits); + + if (is_receive_credit_post_required(receive_credits, + avail_recvmsg_count)) + mod_delayed_work(smb_direct_wq, + &t->post_recv_credits_work, 0); + break; + } + default: + break; + } +} + +static int smb_direct_post_recv(struct smb_direct_transport *t, + struct smb_direct_recvmsg *recvmsg) +{ + struct ib_recv_wr wr; + int ret; + + recvmsg->sge.addr = ib_dma_map_single(t->cm_id->device, + recvmsg->packet, t->max_recv_size, + DMA_FROM_DEVICE); + ret = ib_dma_mapping_error(t->cm_id->device, recvmsg->sge.addr); + if (ret) + return ret; + recvmsg->sge.length = t->max_recv_size; + recvmsg->sge.lkey = t->pd->local_dma_lkey; + recvmsg->cqe.done = recv_done; + + wr.wr_cqe = &recvmsg->cqe; + wr.next = NULL; + wr.sg_list = &recvmsg->sge; + wr.num_sge = 1; + + ret = ib_post_recv(t->qp, &wr, NULL); + if (ret) { + ksmbd_err("Can't post recv: %d\n", ret); + ib_dma_unmap_single(t->cm_id->device, + recvmsg->sge.addr, recvmsg->sge.length, + DMA_FROM_DEVICE); + smb_direct_disconnect_rdma_connection(t); + return ret; + } + return ret; +} + +static int smb_direct_read(struct ksmbd_transport *t, char *buf, + unsigned int size) +{ + struct smb_direct_recvmsg *recvmsg; + struct smb_direct_data_transfer *data_transfer; + int to_copy, to_read, data_read, offset; + u32 data_length, remaining_data_length, data_offset; + int rc; + struct smb_direct_transport *st = SMB_DIRECT_TRANS(t); + +again: + if (st->status != SMB_DIRECT_CS_CONNECTED) { + ksmbd_err("disconnected\n"); + return -ENOTCONN; + } + + /* + * No need to hold the reassembly queue lock all the time as we are + * the only one reading from the front of the queue. The transport + * may add more entries to the back of the queue at the same time + */ + if (st->reassembly_data_length >= size) { + int queue_length; + int queue_removed = 0; + + /* + * Need to make sure reassembly_data_length is read before + * reading reassembly_queue_length and calling + * get_first_reassembly. This call is lock free + * as we never read at the end of the queue which are being + * updated in SOFTIRQ as more data is received + */ + virt_rmb(); + queue_length = st->reassembly_queue_length; + data_read = 0; + to_read = size; + offset = st->first_entry_offset; + while (data_read < size) { + recvmsg = get_first_reassembly(st); + data_transfer = smb_direct_recvmsg_payload(recvmsg); + data_length = le32_to_cpu(data_transfer->data_length); + remaining_data_length = + le32_to_cpu( + data_transfer->remaining_data_length); + data_offset = le32_to_cpu(data_transfer->data_offset); + + /* + * The upper layer expects RFC1002 length at the + * beginning of the payload. Return it to indicate + * the total length of the packet. This minimize the + * change to upper layer packet processing logic. This + * will be eventually remove when an intermediate + * transport layer is added + */ + if (recvmsg->first_segment && size == 4) { + unsigned int rfc1002_len = + data_length + remaining_data_length; + *((__be32 *)buf) = cpu_to_be32(rfc1002_len); + data_read = 4; + recvmsg->first_segment = false; + ksmbd_debug(RDMA, + "returning rfc1002 length %d\n", + rfc1002_len); + goto read_rfc1002_done; + } + + to_copy = min_t(int, data_length - offset, to_read); + memcpy( + buf + data_read, + (char *)data_transfer + data_offset + offset, + to_copy); + + /* move on to the next buffer? */ + if (to_copy == data_length - offset) { + queue_length--; + /* + * No need to lock if we are not at the + * end of the queue + */ + if (queue_length) + list_del(&recvmsg->list); + else { + spin_lock_irq( + &st->reassembly_queue_lock); + list_del(&recvmsg->list); + spin_unlock_irq( + &st->reassembly_queue_lock); + } + queue_removed++; + put_recvmsg(st, recvmsg); + offset = 0; + } else + offset += to_copy; + + to_read -= to_copy; + data_read += to_copy; + } + + spin_lock_irq(&st->reassembly_queue_lock); + st->reassembly_data_length -= data_read; + st->reassembly_queue_length -= queue_removed; + spin_unlock_irq(&st->reassembly_queue_lock); + + spin_lock(&st->receive_credit_lock); + st->count_avail_recvmsg += queue_removed; + if (is_receive_credit_post_required(st->recv_credits, + st->count_avail_recvmsg)) { + spin_unlock(&st->receive_credit_lock); + mod_delayed_work(smb_direct_wq, + &st->post_recv_credits_work, 0); + } else + spin_unlock(&st->receive_credit_lock); + + st->first_entry_offset = offset; + ksmbd_debug(RDMA, + "returning to thread data_read=%d reassembly_data_length=%d first_entry_offset=%d\n", + data_read, st->reassembly_data_length, + st->first_entry_offset); +read_rfc1002_done: + return data_read; + } + + ksmbd_debug(RDMA, "wait_event on more data\n"); + rc = wait_event_interruptible( + st->wait_reassembly_queue, + st->reassembly_data_length >= size || + st->status != SMB_DIRECT_CS_CONNECTED); + if (rc) + return -EINTR; + + goto again; +} + +static void smb_direct_post_recv_credits(struct work_struct *work) +{ + struct smb_direct_transport *t = container_of(work, + struct smb_direct_transport, post_recv_credits_work.work); + struct smb_direct_recvmsg *recvmsg; + int receive_credits, credits = 0; + int ret; + int use_free = 1; + + spin_lock(&t->receive_credit_lock); + receive_credits = t->recv_credits; + spin_unlock(&t->receive_credit_lock); + + if (receive_credits < t->recv_credit_target) { + while (true) { + if (use_free) + recvmsg = get_free_recvmsg(t); + else + recvmsg = get_empty_recvmsg(t); + if (!recvmsg) { + if (use_free) { + use_free = 0; + continue; + } else + break; + } + + recvmsg->type = SMB_DIRECT_MSG_DATA_TRANSFER; + recvmsg->first_segment = false; + + ret = smb_direct_post_recv(t, recvmsg); + if (ret) { + ksmbd_err("Can't post recv: %d\n", ret); + put_recvmsg(t, recvmsg); + break; + } + credits++; + } + } + + spin_lock(&t->receive_credit_lock); + t->recv_credits += credits; + t->count_avail_recvmsg -= credits; + spin_unlock(&t->receive_credit_lock); + + spin_lock(&t->lock_new_recv_credits); + t->new_recv_credits += credits; + spin_unlock(&t->lock_new_recv_credits); + + if (credits) + queue_work(smb_direct_wq, &t->send_immediate_work); +} + +static void send_done(struct ib_cq *cq, struct ib_wc *wc) +{ + struct smb_direct_sendmsg *sendmsg, *sibling; + struct smb_direct_transport *t; + struct list_head *pos, *prev, *end; + + sendmsg = container_of(wc->wr_cqe, struct smb_direct_sendmsg, cqe); + t = sendmsg->transport; + + ksmbd_debug(RDMA, "Send completed. status='%s (%d)', opcode=%d\n", + ib_wc_status_msg(wc->status), wc->status, + wc->opcode); + + if (wc->status != IB_WC_SUCCESS || wc->opcode != IB_WC_SEND) { + ksmbd_err("Send error. status='%s (%d)', opcode=%d\n", + ib_wc_status_msg(wc->status), wc->status, + wc->opcode); + smb_direct_disconnect_rdma_connection(t); + } + + if (sendmsg->num_sge > 1) { + if (atomic_dec_and_test(&t->send_payload_pending)) + wake_up(&t->wait_send_payload_pending); + } else { + if (atomic_dec_and_test(&t->send_pending)) + wake_up(&t->wait_send_pending); + } + + /* iterate and free the list of messages in reverse. the list's head + * is invalid. + */ + for (pos = &sendmsg->list, prev = pos->prev, end = sendmsg->list.next; + prev != end; pos = prev, prev = prev->prev) { + sibling = container_of(pos, struct smb_direct_sendmsg, list); + smb_direct_free_sendmsg(t, sibling); + } + + sibling = container_of(pos, struct smb_direct_sendmsg, list); + smb_direct_free_sendmsg(t, sibling); +} + +static int manage_credits_prior_sending(struct smb_direct_transport *t) +{ + int new_credits; + + spin_lock(&t->lock_new_recv_credits); + new_credits = t->new_recv_credits; + t->new_recv_credits = 0; + spin_unlock(&t->lock_new_recv_credits); + + return new_credits; +} + +static int smb_direct_post_send(struct smb_direct_transport *t, + struct ib_send_wr *wr) +{ + int ret; + + if (wr->num_sge > 1) + atomic_inc(&t->send_payload_pending); + else + atomic_inc(&t->send_pending); + + ret = ib_post_send(t->qp, wr, NULL); + if (ret) { + ksmbd_err("failed to post send: %d\n", ret); + if (wr->num_sge > 1) { + if (atomic_dec_and_test(&t->send_payload_pending)) + wake_up(&t->wait_send_payload_pending); + } else { + if (atomic_dec_and_test(&t->send_pending)) + wake_up(&t->wait_send_pending); + } + smb_direct_disconnect_rdma_connection(t); + } + return ret; +} + +static void smb_direct_send_ctx_init(struct smb_direct_transport *t, + struct smb_direct_send_ctx *send_ctx, + bool need_invalidate_rkey, unsigned int remote_key) +{ + INIT_LIST_HEAD(&send_ctx->msg_list); + send_ctx->wr_cnt = 0; + send_ctx->need_invalidate_rkey = need_invalidate_rkey; + send_ctx->remote_key = remote_key; +} + +static int smb_direct_flush_send_list(struct smb_direct_transport *t, + struct smb_direct_send_ctx *send_ctx, bool is_last) +{ + struct smb_direct_sendmsg *first, *last; + int ret; + + if (list_empty(&send_ctx->msg_list)) + return 0; + + first = list_first_entry(&send_ctx->msg_list, + struct smb_direct_sendmsg, + list); + last = list_last_entry(&send_ctx->msg_list, + struct smb_direct_sendmsg, + list); + + last->wr.send_flags = IB_SEND_SIGNALED; + last->wr.wr_cqe = &last->cqe; + if (is_last && send_ctx->need_invalidate_rkey) { + last->wr.opcode = IB_WR_SEND_WITH_INV; + last->wr.ex.invalidate_rkey = send_ctx->remote_key; + } + + ret = smb_direct_post_send(t, &first->wr); + if (!ret) { + smb_direct_send_ctx_init(t, send_ctx, + send_ctx->need_invalidate_rkey, send_ctx->remote_key); + } else { + atomic_add(send_ctx->wr_cnt, &t->send_credits); + wake_up(&t->wait_send_credits); + list_for_each_entry_safe(first, last, &send_ctx->msg_list, + list) { + smb_direct_free_sendmsg(t, first); + } + } + return ret; +} + +static int wait_for_credits(struct smb_direct_transport *t, + wait_queue_head_t *waitq, atomic_t *credits) +{ + int ret; + + do { + if (atomic_dec_return(credits) >= 0) + return 0; + + atomic_inc(credits); + ret = wait_event_interruptible(*waitq, + atomic_read(credits) > 0 || + t->status != SMB_DIRECT_CS_CONNECTED); + + if (t->status != SMB_DIRECT_CS_CONNECTED) + return -ENOTCONN; + else if (ret < 0) + return ret; + } while (true); +} + +static int wait_for_send_credits(struct smb_direct_transport *t, + struct smb_direct_send_ctx *send_ctx) +{ + int ret; + + if (send_ctx && (send_ctx->wr_cnt >= 16 || + atomic_read(&t->send_credits) <= 1)) { + ret = smb_direct_flush_send_list(t, send_ctx, false); + if (ret) + return ret; + } + + return wait_for_credits(t, &t->wait_send_credits, &t->send_credits); +} + +static int smb_direct_create_header(struct smb_direct_transport *t, + int size, int remaining_data_length, + struct smb_direct_sendmsg **sendmsg_out) +{ + struct smb_direct_sendmsg *sendmsg; + struct smb_direct_data_transfer *packet; + int header_length; + int ret; + + sendmsg = smb_direct_alloc_sendmsg(t); + if (!sendmsg) + return -ENOMEM; + + /* Fill in the packet header */ + packet = (struct smb_direct_data_transfer *)sendmsg->packet; + packet->credits_requested = cpu_to_le16(t->send_credit_target); + packet->credits_granted = cpu_to_le16(manage_credits_prior_sending(t)); + + packet->flags = 0; + packet->reserved = 0; + if (!size) + packet->data_offset = 0; + else + packet->data_offset = cpu_to_le32(24); + packet->data_length = cpu_to_le32(size); + packet->remaining_data_length = cpu_to_le32(remaining_data_length); + packet->padding = 0; + + ksmbd_debug(RDMA, + "credits_requested=%d credits_granted=%d data_offset=%d data_length=%d remaining_data_length=%d\n", + le16_to_cpu(packet->credits_requested), + le16_to_cpu(packet->credits_granted), + le32_to_cpu(packet->data_offset), + le32_to_cpu(packet->data_length), + le32_to_cpu(packet->remaining_data_length)); + + /* Map the packet to DMA */ + header_length = sizeof(struct smb_direct_data_transfer); + /* If this is a packet without payload, don't send padding */ + if (!size) + header_length = + offsetof(struct smb_direct_data_transfer, padding); + + sendmsg->sge[0].addr = ib_dma_map_single(t->cm_id->device, + (void *)packet, + header_length, + DMA_TO_DEVICE); + ret = ib_dma_mapping_error(t->cm_id->device, sendmsg->sge[0].addr); + if (ret) { + smb_direct_free_sendmsg(t, sendmsg); + return ret; + } + + sendmsg->num_sge = 1; + sendmsg->sge[0].length = header_length; + sendmsg->sge[0].lkey = t->pd->local_dma_lkey; + + *sendmsg_out = sendmsg; + return 0; +} + +static int get_sg_list(void *buf, int size, + struct scatterlist *sg_list, int nentries) +{ + bool high = is_vmalloc_addr(buf); + struct page *page; + int offset, len; + int i = 0; + + if (nentries < BUFFER_NR_PAGES(buf, size)) + return -EINVAL; + + offset = offset_in_page(buf); + buf -= offset; + while (size > 0) { + len = min_t(int, PAGE_SIZE - offset, size); + if (high) + page = vmalloc_to_page(buf); + else + page = kmap_to_page(buf); + + if (!sg_list) + return -EINVAL; + sg_set_page(sg_list, page, len, offset); + sg_list = sg_next(sg_list); + + buf += PAGE_SIZE; + size -= len; + offset = 0; + i++; + } + return i; +} + +static int get_mapped_sg_list(struct ib_device *device, void *buf, int size, + struct scatterlist *sg_list, int nentries, + enum dma_data_direction dir) +{ + int npages; + + npages = get_sg_list(buf, size, sg_list, nentries); + if (npages <= 0) + return -EINVAL; + return ib_dma_map_sg(device, sg_list, npages, dir); +} + +static int post_sendmsg(struct smb_direct_transport *t, + struct smb_direct_send_ctx *send_ctx, + struct smb_direct_sendmsg *msg) +{ + int i; + + for (i = 0; i < msg->num_sge; i++) + ib_dma_sync_single_for_device(t->cm_id->device, + msg->sge[i].addr, msg->sge[i].length, + DMA_TO_DEVICE); + + msg->cqe.done = send_done; + msg->wr.opcode = IB_WR_SEND; + msg->wr.sg_list = &msg->sge[0]; + msg->wr.num_sge = msg->num_sge; + msg->wr.next = NULL; + + if (send_ctx) { + msg->wr.wr_cqe = NULL; + msg->wr.send_flags = 0; + if (!list_empty(&send_ctx->msg_list)) { + struct smb_direct_sendmsg *last; + + last = list_last_entry(&send_ctx->msg_list, + struct smb_direct_sendmsg, + list); + last->wr.next = &msg->wr; + } + list_add_tail(&msg->list, &send_ctx->msg_list); + send_ctx->wr_cnt++; + return 0; + } + + msg->wr.wr_cqe = &msg->cqe; + msg->wr.send_flags = IB_SEND_SIGNALED; + return smb_direct_post_send(t, &msg->wr); +} + +static int smb_direct_post_send_data(struct smb_direct_transport *t, + struct smb_direct_send_ctx *send_ctx, + struct kvec *iov, int niov, int remaining_data_length) +{ + int i, j, ret; + struct smb_direct_sendmsg *msg; + int data_length; + struct scatterlist sg[SMB_DIRECT_MAX_SEND_SGES-1]; + + ret = wait_for_send_credits(t, send_ctx); + if (ret) + return ret; + + data_length = 0; + for (i = 0; i < niov; i++) + data_length += iov[i].iov_len; + + ret = smb_direct_create_header(t, data_length, remaining_data_length, + &msg); + if (ret) { + atomic_inc(&t->send_credits); + return ret; + } + + for (i = 0; i < niov; i++) { + struct ib_sge *sge; + int sg_cnt; + + sg_init_table(sg, SMB_DIRECT_MAX_SEND_SGES-1); + sg_cnt = get_mapped_sg_list(t->cm_id->device, + iov[i].iov_base, iov[i].iov_len, + sg, SMB_DIRECT_MAX_SEND_SGES-1, DMA_TO_DEVICE); + if (sg_cnt <= 0) { + ksmbd_err("failed to map buffer\n"); + goto err; + } else if (sg_cnt + msg->num_sge > SMB_DIRECT_MAX_SEND_SGES-1) { + ksmbd_err("buffer not fitted into sges\n"); + ret = -E2BIG; + ib_dma_unmap_sg(t->cm_id->device, sg, sg_cnt, + DMA_TO_DEVICE); + goto err; + } + + for (j = 0; j < sg_cnt; j++) { + sge = &msg->sge[msg->num_sge]; + sge->addr = sg_dma_address(&sg[j]); + sge->length = sg_dma_len(&sg[j]); + sge->lkey = t->pd->local_dma_lkey; + msg->num_sge++; + } + } + + ret = post_sendmsg(t, send_ctx, msg); + if (ret) + goto err; + return 0; +err: + smb_direct_free_sendmsg(t, msg); + atomic_inc(&t->send_credits); + return ret; +} + +static int smb_direct_writev(struct ksmbd_transport *t, + struct kvec *iov, int niovs, int buflen, + bool need_invalidate, unsigned int remote_key) +{ + struct smb_direct_transport *st = SMB_DIRECT_TRANS(t); + int remaining_data_length; + int start, i, j; + int max_iov_size = st->max_send_size - + sizeof(struct smb_direct_data_transfer); + int ret; + struct kvec vec; + struct smb_direct_send_ctx send_ctx; + + if (st->status != SMB_DIRECT_CS_CONNECTED) { + ret = -ENOTCONN; + goto done; + } + + //FIXME: skip RFC1002 header.. + buflen -= 4; + iov[0].iov_base += 4; + iov[0].iov_len -= 4; + + remaining_data_length = buflen; + ksmbd_debug(RDMA, "Sending smb (RDMA): smb_len=%u\n", buflen); + + smb_direct_send_ctx_init(st, &send_ctx, need_invalidate, remote_key); + start = i = 0; + buflen = 0; + while (true) { + buflen += iov[i].iov_len; + if (buflen > max_iov_size) { + if (i > start) { + remaining_data_length -= + (buflen-iov[i].iov_len); + ret = smb_direct_post_send_data(st, &send_ctx, + &iov[start], i-start, + remaining_data_length); + if (ret) + goto done; + } else { + /* iov[start] is too big, break it */ + int nvec = (buflen+max_iov_size-1) / + max_iov_size; + + for (j = 0; j < nvec; j++) { + vec.iov_base = + (char *)iov[start].iov_base + + j*max_iov_size; + vec.iov_len = + min_t(int, max_iov_size, + buflen - max_iov_size*j); + remaining_data_length -= vec.iov_len; + ret = smb_direct_post_send_data(st, + &send_ctx, &vec, 1, + remaining_data_length); + if (ret) + goto done; + } + i++; + if (i == niovs) + break; + } + start = i; + buflen = 0; + } else { + i++; + if (i == niovs) { + /* send out all remaining vecs */ + remaining_data_length -= buflen; + ret = smb_direct_post_send_data(st, &send_ctx, + &iov[start], i-start, + remaining_data_length); + if (ret) + goto done; + break; + } + } + } + +done: + ret = smb_direct_flush_send_list(st, &send_ctx, true); + + /* + * As an optimization, we don't wait for individual I/O to finish + * before sending the next one. + * Send them all and wait for pending send count to get to 0 + * that means all the I/Os have been out and we are good to return + */ + + wait_event(st->wait_send_payload_pending, + atomic_read(&st->send_payload_pending) == 0); + return ret; +} + +static void read_write_done(struct ib_cq *cq, struct ib_wc *wc, + enum dma_data_direction dir) +{ + struct smb_direct_rdma_rw_msg *msg = container_of(wc->wr_cqe, + struct smb_direct_rdma_rw_msg, cqe); + struct smb_direct_transport *t = msg->t; + + if (wc->status != IB_WC_SUCCESS) { + ksmbd_err("read/write error. opcode = %d, status = %s(%d)\n", + wc->opcode, ib_wc_status_msg(wc->status), wc->status); + smb_direct_disconnect_rdma_connection(t); + } + + if (atomic_inc_return(&t->rw_avail_ops) > 0) + wake_up(&t->wait_rw_avail_ops); + + rdma_rw_ctx_destroy(&msg->rw_ctx, t->qp, t->qp->port, + msg->sg_list, msg->sgt.nents, dir); + sg_free_table_chained(&msg->sgt, SG_CHUNK_SIZE); + complete(msg->completion); + kfree(msg); +} + +static void read_done(struct ib_cq *cq, struct ib_wc *wc) +{ + read_write_done(cq, wc, DMA_FROM_DEVICE); +} + +static void write_done(struct ib_cq *cq, struct ib_wc *wc) +{ + read_write_done(cq, wc, DMA_TO_DEVICE); +} + +static int smb_direct_rdma_xmit(struct smb_direct_transport *t, void *buf, + int buf_len, u32 remote_key, u64 remote_offset, u32 remote_len, + bool is_read) +{ + struct smb_direct_rdma_rw_msg *msg; + int ret; + DECLARE_COMPLETION_ONSTACK(completion); + struct ib_send_wr *first_wr = NULL; + + ret = wait_for_credits(t, &t->wait_rw_avail_ops, &t->rw_avail_ops); + if (ret < 0) + return ret; + + /* TODO: mempool */ + msg = kmalloc(offsetof(struct smb_direct_rdma_rw_msg, sg_list) + + sizeof(struct scatterlist) * SG_CHUNK_SIZE, GFP_KERNEL); + if (!msg) { + atomic_inc(&t->rw_avail_ops); + return -ENOMEM; + } + + msg->sgt.sgl = &msg->sg_list[0]; + ret = sg_alloc_table_chained(&msg->sgt, + BUFFER_NR_PAGES(buf, buf_len), + msg->sg_list, SG_CHUNK_SIZE); + if (ret) { + atomic_inc(&t->rw_avail_ops); + kfree(msg); + return -ENOMEM; + } + + ret = get_sg_list(buf, buf_len, msg->sgt.sgl, msg->sgt.orig_nents); + if (ret <= 0) { + ksmbd_err("failed to get pages\n"); + goto err; + } + + ret = rdma_rw_ctx_init(&msg->rw_ctx, t->qp, t->qp->port, + msg->sg_list, BUFFER_NR_PAGES(buf, buf_len), + 0, remote_offset, remote_key, + is_read ? DMA_FROM_DEVICE : DMA_TO_DEVICE); + if (ret < 0) { + ksmbd_err("failed to init rdma_rw_ctx: %d\n", ret); + goto err; + } + + msg->t = t; + msg->cqe.done = is_read ? read_done : write_done; + msg->completion = &completion; + first_wr = rdma_rw_ctx_wrs(&msg->rw_ctx, t->qp, t->qp->port, + &msg->cqe, NULL); + + ret = ib_post_send(t->qp, first_wr, NULL); + if (ret) { + ksmbd_err("failed to post send wr: %d\n", ret); + goto err; + } + + wait_for_completion(&completion); + return 0; + +err: + atomic_inc(&t->rw_avail_ops); + if (first_wr) + rdma_rw_ctx_destroy(&msg->rw_ctx, t->qp, t->qp->port, + msg->sg_list, msg->sgt.nents, + is_read ? DMA_FROM_DEVICE : DMA_TO_DEVICE); + sg_free_table_chained(&msg->sgt, SG_CHUNK_SIZE); + kfree(msg); + return ret; + +} + +static int smb_direct_rdma_write(struct ksmbd_transport *t, + void *buf, unsigned int buflen, + u32 remote_key, u64 remote_offset, + u32 remote_len) +{ + return smb_direct_rdma_xmit(SMB_DIRECT_TRANS(t), buf, buflen, + remote_key, remote_offset, + remote_len, false); +} + +static int smb_direct_rdma_read(struct ksmbd_transport *t, + void *buf, unsigned int buflen, + u32 remote_key, u64 remote_offset, + u32 remote_len) +{ + return smb_direct_rdma_xmit(SMB_DIRECT_TRANS(t), buf, buflen, + remote_key, remote_offset, + remote_len, true); +} + +static void smb_direct_disconnect(struct ksmbd_transport *t) +{ + struct smb_direct_transport *st = SMB_DIRECT_TRANS(t); + + ksmbd_debug(RDMA, "Disconnecting cm_id=%p\n", st->cm_id); + + smb_direct_disconnect_rdma_connection(st); + wait_event_interruptible(st->wait_status, + st->status == SMB_DIRECT_CS_DISCONNECTED); + free_transport(st); +} + +static int smb_direct_cm_handler(struct rdma_cm_id *cm_id, + struct rdma_cm_event *event) +{ + struct smb_direct_transport *t = cm_id->context; + + ksmbd_debug(RDMA, "RDMA CM event. cm_id=%p event=%s (%d)\n", + cm_id, rdma_event_msg(event->event), event->event); + + switch (event->event) { + case RDMA_CM_EVENT_ESTABLISHED: { + t->status = SMB_DIRECT_CS_CONNECTED; + wake_up_interruptible(&t->wait_status); + break; + } + case RDMA_CM_EVENT_DEVICE_REMOVAL: + case RDMA_CM_EVENT_DISCONNECTED: { + t->status = SMB_DIRECT_CS_DISCONNECTED; + wake_up_interruptible(&t->wait_status); + wake_up_interruptible(&t->wait_reassembly_queue); + wake_up(&t->wait_send_credits); + break; + } + case RDMA_CM_EVENT_CONNECT_ERROR: { + t->status = SMB_DIRECT_CS_DISCONNECTED; + wake_up_interruptible(&t->wait_status); + break; + } + default: + ksmbd_err("Unexpected RDMA CM event. cm_id=%p, event=%s (%d)\n", + cm_id, rdma_event_msg(event->event), + event->event); + break; + } + return 0; +} + +static void smb_direct_qpair_handler(struct ib_event *event, void *context) +{ + struct smb_direct_transport *t = context; + + ksmbd_debug(RDMA, "Received QP event. cm_id=%p, event=%s (%d)\n", + t->cm_id, ib_event_msg(event->event), event->event); + + switch (event->event) { + case IB_EVENT_CQ_ERR: + case IB_EVENT_QP_FATAL: + smb_direct_disconnect_rdma_connection(t); + break; + default: + break; + } +} + +static int smb_direct_send_negotiate_response(struct smb_direct_transport *t, + int failed) +{ + struct smb_direct_sendmsg *sendmsg; + struct smb_direct_negotiate_resp *resp; + int ret; + + sendmsg = smb_direct_alloc_sendmsg(t); + if (IS_ERR(sendmsg)) + return -ENOMEM; + + resp = (struct smb_direct_negotiate_resp *)sendmsg->packet; + if (failed) { + memset(resp, 0, sizeof(*resp)); + resp->min_version = cpu_to_le16(0x0100); + resp->max_version = cpu_to_le16(0x0100); + resp->status = STATUS_NOT_SUPPORTED; + } else { + resp->status = STATUS_SUCCESS; + resp->min_version = SMB_DIRECT_VERSION_LE; + resp->max_version = SMB_DIRECT_VERSION_LE; + resp->negotiated_version = SMB_DIRECT_VERSION_LE; + resp->reserved = 0; + resp->credits_requested = + cpu_to_le16(t->send_credit_target); + resp->credits_granted = cpu_to_le16( + manage_credits_prior_sending(t)); + resp->max_readwrite_size = cpu_to_le32(t->max_rdma_rw_size); + resp->preferred_send_size = cpu_to_le32(t->max_send_size); + resp->max_receive_size = cpu_to_le32(t->max_recv_size); + resp->max_fragmented_size = + cpu_to_le32(t->max_fragmented_recv_size); + } + + sendmsg->sge[0].addr = ib_dma_map_single(t->cm_id->device, + (void *)resp, sizeof(*resp), DMA_TO_DEVICE); + ret = ib_dma_mapping_error(t->cm_id->device, + sendmsg->sge[0].addr); + if (ret) { + smb_direct_free_sendmsg(t, sendmsg); + return ret; + } + + sendmsg->num_sge = 1; + sendmsg->sge[0].length = sizeof(*resp); + sendmsg->sge[0].lkey = t->pd->local_dma_lkey; + + ret = post_sendmsg(t, NULL, sendmsg); + if (ret) { + smb_direct_free_sendmsg(t, sendmsg); + return ret; + } + + wait_event(t->wait_send_pending, + atomic_read(&t->send_pending) == 0); + return 0; +} + +static int smb_direct_accept_client(struct smb_direct_transport *t) +{ + struct rdma_conn_param conn_param; + struct ib_port_immutable port_immutable; + u32 ird_ord_hdr[2]; + int ret; + + memset(&conn_param, 0, sizeof(conn_param)); + conn_param.initiator_depth = min_t(u8, + t->cm_id->device->attrs.max_qp_rd_atom, + SMB_DIRECT_CM_INITIATOR_DEPTH); + conn_param.responder_resources = 0; + + t->cm_id->device->ops.get_port_immutable(t->cm_id->device, + t->cm_id->port_num, &port_immutable); + if (port_immutable.core_cap_flags & RDMA_CORE_PORT_IWARP) { + ird_ord_hdr[0] = conn_param.responder_resources; + ird_ord_hdr[1] = 1; + conn_param.private_data = ird_ord_hdr; + conn_param.private_data_len = sizeof(ird_ord_hdr); + } else { + conn_param.private_data = NULL; + conn_param.private_data_len = 0; + } + conn_param.retry_count = SMB_DIRECT_CM_RETRY; + conn_param.rnr_retry_count = SMB_DIRECT_CM_RNR_RETRY; + conn_param.flow_control = 0; + + ret = rdma_accept(t->cm_id, &conn_param); + if (ret) { + ksmbd_err("error at rdma_accept: %d\n", ret); + return ret; + } + + wait_event_interruptible(t->wait_status, + t->status != SMB_DIRECT_CS_NEW); + if (t->status != SMB_DIRECT_CS_CONNECTED) + return -ENOTCONN; + return 0; +} + +static int smb_direct_negotiate(struct smb_direct_transport *t) +{ + int ret; + struct smb_direct_recvmsg *recvmsg; + struct smb_direct_negotiate_req *req; + + recvmsg = get_free_recvmsg(t); + if (!recvmsg) + return -ENOMEM; + recvmsg->type = SMB_DIRECT_MSG_NEGOTIATE_REQ; + + ret = smb_direct_post_recv(t, recvmsg); + if (ret) { + ksmbd_err("Can't post recv: %d\n", ret); + goto out; + } + + t->negotiation_requested = false; + ret = smb_direct_accept_client(t); + if (ret) { + ksmbd_err("Can't accept client\n"); + goto out; + } + + smb_direct_post_recv_credits(&t->post_recv_credits_work.work); + + ksmbd_debug(RDMA, "Waiting for SMB_DIRECT negotiate request\n"); + ret = wait_event_interruptible_timeout(t->wait_status, + t->negotiation_requested || + t->status == SMB_DIRECT_CS_DISCONNECTED, + SMB_DIRECT_NEGOTIATE_TIMEOUT * HZ); + if (ret <= 0 || t->status == SMB_DIRECT_CS_DISCONNECTED) { + ret = ret < 0 ? ret : -ETIMEDOUT; + goto out; + } + + ret = smb_direct_check_recvmsg(recvmsg); + if (ret == -ECONNABORTED) + goto out; + + req = (struct smb_direct_negotiate_req *)recvmsg->packet; + t->max_recv_size = min_t(int, t->max_recv_size, + le32_to_cpu(req->preferred_send_size)); + t->max_send_size = min_t(int, t->max_send_size, + le32_to_cpu(req->max_receive_size)); + t->max_fragmented_send_size = + le32_to_cpu(req->max_fragmented_size); + + ret = smb_direct_send_negotiate_response(t, ret); +out: + if (recvmsg) + put_recvmsg(t, recvmsg); + return ret; +} + +static int smb_direct_init_params(struct smb_direct_transport *t, + struct ib_qp_cap *cap) +{ + struct ib_device *device = t->cm_id->device; + int max_send_sges, max_pages, max_rw_wrs, max_send_wrs; + + /* need 2 more sge. because a SMB_DIRECT header will be mapped, + * and maybe a send buffer could be not page aligned. + */ + t->max_send_size = smb_direct_max_send_size; + max_send_sges = DIV_ROUND_UP(t->max_send_size, PAGE_SIZE) + 2; + if (max_send_sges > SMB_DIRECT_MAX_SEND_SGES) { + ksmbd_err("max_send_size %d is too large\n", t->max_send_size); + return -EINVAL; + } + + /* + * allow smb_direct_max_outstanding_rw_ops of in-flight RDMA + * read/writes. HCA guarantees at least max_send_sge of sges for + * a RDMA read/write work request, and if memory registration is used, + * we need reg_mr, local_inv wrs for each read/write. + */ + t->max_rdma_rw_size = smb_direct_max_read_write_size; + max_pages = DIV_ROUND_UP(t->max_rdma_rw_size, PAGE_SIZE) + 1; + max_rw_wrs = DIV_ROUND_UP(max_pages, SMB_DIRECT_MAX_SEND_SGES); + max_rw_wrs += rdma_rw_mr_factor(device, t->cm_id->port_num, + max_pages) * 2; + max_rw_wrs *= smb_direct_max_outstanding_rw_ops; + + max_send_wrs = smb_direct_send_credit_target + max_rw_wrs; + if (max_send_wrs > device->attrs.max_cqe || + max_send_wrs > device->attrs.max_qp_wr) { + ksmbd_err("consider lowering send_credit_target = %d, or max_outstanding_rw_ops = %d\n", + smb_direct_send_credit_target, + smb_direct_max_outstanding_rw_ops); + ksmbd_err("Possible CQE overrun, device reporting max_cqe %d max_qp_wr %d\n", + device->attrs.max_cqe, device->attrs.max_qp_wr); + return -EINVAL; + } + + if (smb_direct_receive_credit_max > device->attrs.max_cqe || + smb_direct_receive_credit_max > device->attrs.max_qp_wr) { + ksmbd_err("consider lowering receive_credit_max = %d\n", + smb_direct_receive_credit_max); + ksmbd_err("Possible CQE overrun, device reporting max_cpe %d max_qp_wr %d\n", + device->attrs.max_cqe, device->attrs.max_qp_wr); + return -EINVAL; + } + + if (device->attrs.max_send_sge < SMB_DIRECT_MAX_SEND_SGES) { + ksmbd_err("warning: device max_send_sge = %d too small\n", + device->attrs.max_send_sge); + return -EINVAL; + } + if (device->attrs.max_recv_sge < SMB_DIRECT_MAX_RECV_SGES) { + ksmbd_err("warning: device max_recv_sge = %d too small\n", + device->attrs.max_recv_sge); + return -EINVAL; + } + + t->recv_credits = 0; + t->count_avail_recvmsg = 0; + + t->recv_credit_max = smb_direct_receive_credit_max; + t->recv_credit_target = 10; + t->new_recv_credits = 0; + + t->send_credit_target = smb_direct_send_credit_target; + atomic_set(&t->send_credits, 0); + atomic_set(&t->rw_avail_ops, smb_direct_max_outstanding_rw_ops); + + t->max_send_size = smb_direct_max_send_size; + t->max_recv_size = smb_direct_max_receive_size; + t->max_fragmented_recv_size = smb_direct_max_fragmented_recv_size; + + cap->max_send_wr = max_send_wrs; + cap->max_recv_wr = t->recv_credit_max; + cap->max_send_sge = SMB_DIRECT_MAX_SEND_SGES; + cap->max_recv_sge = SMB_DIRECT_MAX_RECV_SGES; + cap->max_inline_data = 0; + cap->max_rdma_ctxs = 0; + return 0; +} + +static void smb_direct_destroy_pools(struct smb_direct_transport *t) +{ + struct smb_direct_recvmsg *recvmsg; + + while ((recvmsg = get_free_recvmsg(t))) + mempool_free(recvmsg, t->recvmsg_mempool); + while ((recvmsg = get_empty_recvmsg(t))) + mempool_free(recvmsg, t->recvmsg_mempool); + + mempool_destroy(t->recvmsg_mempool); + t->recvmsg_mempool = NULL; + + kmem_cache_destroy(t->recvmsg_cache); + t->recvmsg_cache = NULL; + + mempool_destroy(t->sendmsg_mempool); + t->sendmsg_mempool = NULL; + + kmem_cache_destroy(t->sendmsg_cache); + t->sendmsg_cache = NULL; +} + +static int smb_direct_create_pools(struct smb_direct_transport *t) +{ + char name[80]; + int i; + struct smb_direct_recvmsg *recvmsg; + + snprintf(name, sizeof(name), "smb_direct_rqst_pool_%p", t); + t->sendmsg_cache = kmem_cache_create(name, + sizeof(struct smb_direct_sendmsg) + + sizeof(struct smb_direct_negotiate_resp), + 0, SLAB_HWCACHE_ALIGN, NULL); + if (!t->sendmsg_cache) + return -ENOMEM; + + t->sendmsg_mempool = mempool_create(t->send_credit_target, + mempool_alloc_slab, mempool_free_slab, + t->sendmsg_cache); + if (!t->sendmsg_mempool) + goto err; + + snprintf(name, sizeof(name), "smb_direct_resp_%p", t); + t->recvmsg_cache = kmem_cache_create(name, + sizeof(struct smb_direct_recvmsg) + + t->max_recv_size, + 0, SLAB_HWCACHE_ALIGN, NULL); + if (!t->recvmsg_cache) + goto err; + + t->recvmsg_mempool = + mempool_create(t->recv_credit_max, mempool_alloc_slab, + mempool_free_slab, t->recvmsg_cache); + if (!t->recvmsg_mempool) + goto err; + + INIT_LIST_HEAD(&t->recvmsg_queue); + + for (i = 0; i < t->recv_credit_max; i++) { + recvmsg = mempool_alloc(t->recvmsg_mempool, GFP_KERNEL); + if (!recvmsg) + goto err; + recvmsg->transport = t; + list_add(&recvmsg->list, &t->recvmsg_queue); + } + t->count_avail_recvmsg = t->recv_credit_max; + + return 0; +err: + smb_direct_destroy_pools(t); + return -ENOMEM; +} + +static int smb_direct_create_qpair(struct smb_direct_transport *t, + struct ib_qp_cap *cap) +{ + int ret; + struct ib_qp_init_attr qp_attr; + + t->pd = ib_alloc_pd(t->cm_id->device, 0); + if (IS_ERR(t->pd)) { + ksmbd_err("Can't create RDMA PD\n"); + ret = PTR_ERR(t->pd); + t->pd = NULL; + return ret; + } + + t->send_cq = ib_alloc_cq(t->cm_id->device, t, + t->send_credit_target, 0, IB_POLL_WORKQUEUE); + if (IS_ERR(t->send_cq)) { + ksmbd_err("Can't create RDMA send CQ\n"); + ret = PTR_ERR(t->send_cq); + t->send_cq = NULL; + goto err; + } + + t->recv_cq = ib_alloc_cq(t->cm_id->device, t, + cap->max_send_wr + cap->max_rdma_ctxs, + 0, IB_POLL_WORKQUEUE); + if (IS_ERR(t->recv_cq)) { + ksmbd_err("Can't create RDMA recv CQ\n"); + ret = PTR_ERR(t->recv_cq); + t->recv_cq = NULL; + goto err; + } + + memset(&qp_attr, 0, sizeof(qp_attr)); + qp_attr.event_handler = smb_direct_qpair_handler; + qp_attr.qp_context = t; + qp_attr.cap = *cap; + qp_attr.sq_sig_type = IB_SIGNAL_REQ_WR; + qp_attr.qp_type = IB_QPT_RC; + qp_attr.send_cq = t->send_cq; + qp_attr.recv_cq = t->recv_cq; + qp_attr.port_num = ~0; + + ret = rdma_create_qp(t->cm_id, t->pd, &qp_attr); + if (ret) { + ksmbd_err("Can't create RDMA QP: %d\n", ret); + goto err; + } + + t->qp = t->cm_id->qp; + t->cm_id->event_handler = smb_direct_cm_handler; + + return 0; +err: + if (t->qp) { + ib_destroy_qp(t->qp); + t->qp = NULL; + } + if (t->recv_cq) { + ib_destroy_cq(t->recv_cq); + t->recv_cq = NULL; + } + if (t->send_cq) { + ib_destroy_cq(t->send_cq); + t->send_cq = NULL; + } + if (t->pd) { + ib_dealloc_pd(t->pd); + t->pd = NULL; + } + return ret; +} + +static int smb_direct_prepare(struct ksmbd_transport *t) +{ + struct smb_direct_transport *st = SMB_DIRECT_TRANS(t); + int ret; + struct ib_qp_cap qp_cap; + + ret = smb_direct_init_params(st, &qp_cap); + if (ret) { + ksmbd_err("Can't configure RDMA parameters\n"); + return ret; + } + + ret = smb_direct_create_pools(st); + if (ret) { + ksmbd_err("Can't init RDMA pool: %d\n", ret); + return ret; + } + + ret = smb_direct_create_qpair(st, &qp_cap); + if (ret) { + ksmbd_err("Can't accept RDMA client: %d\n", ret); + return ret; + } + + ret = smb_direct_negotiate(st); + if (ret) { + ksmbd_err("Can't negotiate: %d\n", ret); + return ret; + } + + st->status = SMB_DIRECT_CS_CONNECTED; + return 0; +} + +static bool rdma_frwr_is_supported(struct ib_device_attr *attrs) +{ + if (!(attrs->device_cap_flags & IB_DEVICE_MEM_MGT_EXTENSIONS)) + return false; + if (attrs->max_fast_reg_page_list_len == 0) + return false; + return true; +} + +static int smb_direct_handle_connect_request(struct rdma_cm_id *new_cm_id) +{ + struct smb_direct_transport *t; + + if (!rdma_frwr_is_supported(&new_cm_id->device->attrs)) { + ksmbd_debug(RDMA, + "Fast Registration Work Requests is not supported. device capabilities=%llx\n", + new_cm_id->device->attrs.device_cap_flags); + return -EPROTONOSUPPORT; + } + + t = alloc_transport(new_cm_id); + if (!t) + return -ENOMEM; + + KSMBD_TRANS(t)->handler = kthread_run(ksmbd_conn_handler_loop, + KSMBD_TRANS(t)->conn, "ksmbd:r%u", SMB_DIRECT_PORT); + if (IS_ERR(KSMBD_TRANS(t)->handler)) { + int ret = PTR_ERR(KSMBD_TRANS(t)->handler); + + ksmbd_err("Can't start thread\n"); + free_transport(t); + return ret; + } + + return 0; +} + +static int smb_direct_listen_handler(struct rdma_cm_id *cm_id, + struct rdma_cm_event *event) +{ + switch (event->event) { + case RDMA_CM_EVENT_CONNECT_REQUEST: { + int ret = smb_direct_handle_connect_request(cm_id); + + if (ret) { + ksmbd_err("Can't create transport: %d\n", ret); + return ret; + } + + ksmbd_debug(RDMA, "Received connection request. cm_id=%p\n", + cm_id); + break; + } + default: + ksmbd_err("Unexpected listen event. cm_id=%p, event=%s (%d)\n", + cm_id, + rdma_event_msg(event->event), event->event); + break; + } + return 0; +} + +static int smb_direct_listen(int port) +{ + int ret; + struct rdma_cm_id *cm_id; + struct sockaddr_in sin = { + .sin_family = AF_INET, + .sin_addr.s_addr = htonl(INADDR_ANY), + .sin_port = htons(port), + }; + + cm_id = rdma_create_id(&init_net, smb_direct_listen_handler, + &smb_direct_listener, RDMA_PS_TCP, IB_QPT_RC); + if (IS_ERR(cm_id)) { + ksmbd_err("Can't create cm id: %ld\n", + PTR_ERR(cm_id)); + return PTR_ERR(cm_id); + } + + ret = rdma_bind_addr(cm_id, (struct sockaddr *)&sin); + if (ret) { + ksmbd_err("Can't bind: %d\n", ret); + goto err; + } + + smb_direct_listener.cm_id = cm_id; + + ret = rdma_listen(cm_id, 10); + if (ret) { + ksmbd_err("Can't listen: %d\n", ret); + goto err; + } + return 0; +err: + smb_direct_listener.cm_id = NULL; + rdma_destroy_id(cm_id); + return ret; +} + +int ksmbd_rdma_init(void) +{ + int ret; + + smb_direct_listener.cm_id = NULL; + + /* When a client is running out of send credits, the credits are + * granted by the server's sending a packet using this queue. + * This avoids the situation that a clients cannot send packets + * for lack of credits + */ + smb_direct_wq = alloc_workqueue("ksmbd-smb_direct-wq", + WQ_HIGHPRI|WQ_MEM_RECLAIM, 0); + if (!smb_direct_wq) + return -ENOMEM; + + ret = smb_direct_listen(SMB_DIRECT_PORT); + if (ret) { + destroy_workqueue(smb_direct_wq); + smb_direct_wq = NULL; + ksmbd_err("Can't listen: %d\n", ret); + return ret; + } + + ksmbd_debug(RDMA, "init RDMA listener. cm_id=%p\n", + smb_direct_listener.cm_id); + return 0; +} + +int ksmbd_rdma_destroy(void) +{ + if (smb_direct_listener.cm_id) + rdma_destroy_id(smb_direct_listener.cm_id); + smb_direct_listener.cm_id = NULL; + + if (smb_direct_wq) { + flush_workqueue(smb_direct_wq); + destroy_workqueue(smb_direct_wq); + smb_direct_wq = NULL; + } + return 0; +} + +static struct ksmbd_transport_ops ksmbd_smb_direct_transport_ops = { + .prepare = smb_direct_prepare, + .disconnect = smb_direct_disconnect, + .writev = smb_direct_writev, + .read = smb_direct_read, + .rdma_read = smb_direct_rdma_read, + .rdma_write = smb_direct_rdma_write, +}; diff --git a/fs/cifsd/transport_rdma.h b/fs/cifsd/transport_rdma.h new file mode 100644 index 000000000000..da60fcec3ede --- /dev/null +++ b/fs/cifsd/transport_rdma.h @@ -0,0 +1,61 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2017, Microsoft Corporation. + * Copyright (C) 2018, LG Electronics. + */ + +#ifndef __KSMBD_TRANSPORT_RDMA_H__ +#define __KSMBD_TRANSPORT_RDMA_H__ + +#define SMB_DIRECT_PORT 5445 + +/* SMB DIRECT negotiation request packet [MS-KSMBD] 2.2.1 */ +struct smb_direct_negotiate_req { + __le16 min_version; + __le16 max_version; + __le16 reserved; + __le16 credits_requested; + __le32 preferred_send_size; + __le32 max_receive_size; + __le32 max_fragmented_size; +} __packed; + +/* SMB DIRECT negotiation response packet [MS-KSMBD] 2.2.2 */ +struct smb_direct_negotiate_resp { + __le16 min_version; + __le16 max_version; + __le16 negotiated_version; + __le16 reserved; + __le16 credits_requested; + __le16 credits_granted; + __le32 status; + __le32 max_readwrite_size; + __le32 preferred_send_size; + __le32 max_receive_size; + __le32 max_fragmented_size; +} __packed; + +#define SMB_DIRECT_RESPONSE_REQUESTED 0x0001 + +/* SMB DIRECT data transfer packet with payload [MS-KSMBD] 2.2.3 */ +struct smb_direct_data_transfer { + __le16 credits_requested; + __le16 credits_granted; + __le16 flags; + __le16 reserved; + __le32 remaining_data_length; + __le32 data_offset; + __le32 data_length; + __le32 padding; + __u8 buffer[]; +} __packed; + +#ifdef CONFIG_SMB_SERVER_SMBDIRECT +int ksmbd_rdma_init(void); +int ksmbd_rdma_destroy(void); +#else +static inline int ksmbd_rdma_init(void) { return 0; } +static inline int ksmbd_rdma_destroy(void) { return 0; } +#endif + +#endif /* __KSMBD_TRANSPORT_RDMA_H__ */ diff --git a/fs/cifsd/transport_tcp.c b/fs/cifsd/transport_tcp.c new file mode 100644 index 000000000000..60ec9b2e0370 --- /dev/null +++ b/fs/cifsd/transport_tcp.c @@ -0,0 +1,624 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2016 Namjae Jeon linkinjeon@kernel.org + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#include <linux/freezer.h> + +#include "smb_common.h" +#include "server.h" +#include "auth.h" +#include "buffer_pool.h" +#include "connection.h" +#include "transport_tcp.h" + +#define IFACE_STATE_DOWN (1 << 0) +#define IFACE_STATE_CONFIGURED (1 << 1) + +struct interface { + struct task_struct *ksmbd_kthread; + struct socket *ksmbd_socket; + struct list_head entry; + char *name; + struct mutex sock_release_lock; + int state; +}; + +static LIST_HEAD(iface_list); + +static int bind_additional_ifaces; + +struct tcp_transport { + struct ksmbd_transport transport; + struct socket *sock; + struct kvec *iov; + unsigned int nr_iov; +}; + +static struct ksmbd_transport_ops ksmbd_tcp_transport_ops; + +static void tcp_stop_kthread(struct task_struct *kthread); +static struct interface *alloc_iface(char *ifname); + +#define KSMBD_TRANS(t) (&(t)->transport) +#define TCP_TRANS(t) ((struct tcp_transport *)container_of(t, \ + struct tcp_transport, transport)) + +static inline void ksmbd_tcp_nodelay(struct socket *sock) +{ + tcp_sock_set_nodelay(sock->sk); +} + +static inline void ksmbd_tcp_reuseaddr(struct socket *sock) +{ + sock_set_reuseaddr(sock->sk); +} + +static inline void ksmbd_tcp_rcv_timeout(struct socket *sock, s64 secs) +{ + lock_sock(sock->sk); + if (secs && secs < MAX_SCHEDULE_TIMEOUT / HZ - 1) + sock->sk->sk_rcvtimeo = secs * HZ; + else + sock->sk->sk_rcvtimeo = MAX_SCHEDULE_TIMEOUT; + release_sock(sock->sk); +} + +static inline void ksmbd_tcp_snd_timeout(struct socket *sock, s64 secs) +{ + sock_set_sndtimeo(sock->sk, secs); +} + +static struct tcp_transport *alloc_transport(struct socket *client_sk) +{ + struct tcp_transport *t; + struct ksmbd_conn *conn; + + t = kzalloc(sizeof(*t), GFP_KERNEL); + if (!t) + return NULL; + t->sock = client_sk; + + conn = ksmbd_conn_alloc(); + if (!conn) { + kfree(t); + return NULL; + } + + conn->transport = KSMBD_TRANS(t); + KSMBD_TRANS(t)->conn = conn; + KSMBD_TRANS(t)->ops = &ksmbd_tcp_transport_ops; + return t; +} + +static void free_transport(struct tcp_transport *t) +{ + kernel_sock_shutdown(t->sock, SHUT_RDWR); + sock_release(t->sock); + t->sock = NULL; + + ksmbd_conn_free(KSMBD_TRANS(t)->conn); + kfree(t->iov); + kfree(t); +} + +/** + * kvec_array_init() - initialize a IO vector segment + * @new: IO vector to be initialized + * @iov: base IO vector + * @nr_segs: number of segments in base iov + * @bytes: total iovec length so far for read + * + * Return: Number of IO segments + */ +static unsigned int kvec_array_init(struct kvec *new, struct kvec *iov, + unsigned int nr_segs, size_t bytes) +{ + size_t base = 0; + + while (bytes || !iov->iov_len) { + int copy = min(bytes, iov->iov_len); + + bytes -= copy; + base += copy; + if (iov->iov_len == base) { + iov++; + nr_segs--; + base = 0; + } + } + + memcpy(new, iov, sizeof(*iov) * nr_segs); + new->iov_base += base; + new->iov_len -= base; + return nr_segs; +} + +/** + * get_conn_iovec() - get connection iovec for reading from socket + * @t: TCP transport instance + * @nr_segs: number of segments in iov + * + * Return: return existing or newly allocate iovec + */ +static struct kvec *get_conn_iovec(struct tcp_transport *t, + unsigned int nr_segs) +{ + struct kvec *new_iov; + + if (t->iov && nr_segs <= t->nr_iov) + return t->iov; + + /* not big enough -- allocate a new one and release the old */ + new_iov = kmalloc_array(nr_segs, sizeof(*new_iov), GFP_KERNEL); + if (new_iov) { + kfree(t->iov); + t->iov = new_iov; + t->nr_iov = nr_segs; + } + return new_iov; +} + +static unsigned short ksmbd_tcp_get_port(const struct sockaddr *sa) +{ + switch (sa->sa_family) { + case AF_INET: + return ntohs(((struct sockaddr_in *)sa)->sin_port); + case AF_INET6: + return ntohs(((struct sockaddr_in6 *)sa)->sin6_port); + } + return 0; +} + +/** + * ksmbd_tcp_new_connection() - create a new tcp session on mount + * @sock: socket associated with new connection + * + * whenever a new connection is requested, create a conn thread + * (session thread) to handle new incoming smb requests from the connection + * + * Return: 0 on success, otherwise error + */ +static int ksmbd_tcp_new_connection(struct socket *client_sk) +{ + struct sockaddr *csin; + int rc = 0; + struct tcp_transport *t; + + t = alloc_transport(client_sk); + if (!t) + return -ENOMEM; + + csin = KSMBD_TCP_PEER_SOCKADDR(KSMBD_TRANS(t)->conn); + if (kernel_getpeername(client_sk, csin) < 0) { + ksmbd_err("client ip resolution failed\n"); + rc = -EINVAL; + goto out_error; + } + + KSMBD_TRANS(t)->handler = kthread_run(ksmbd_conn_handler_loop, + KSMBD_TRANS(t)->conn, + "ksmbd:%u", ksmbd_tcp_get_port(csin)); + if (IS_ERR(KSMBD_TRANS(t)->handler)) { + ksmbd_err("cannot start conn thread\n"); + rc = PTR_ERR(KSMBD_TRANS(t)->handler); + free_transport(t); + } + return rc; + +out_error: + free_transport(t); + return rc; +} + +/** + * ksmbd_kthread_fn() - listen to new SMB connections and callback server + * @p: arguments to forker thread + * + * Return: Returns a task_struct or ERR_PTR + */ +static int ksmbd_kthread_fn(void *p) +{ + struct socket *client_sk = NULL; + struct interface *iface = (struct interface *)p; + int ret; + + while (!kthread_should_stop()) { + mutex_lock(&iface->sock_release_lock); + if (!iface->ksmbd_socket) { + mutex_unlock(&iface->sock_release_lock); + break; + } + ret = kernel_accept(iface->ksmbd_socket, &client_sk, + O_NONBLOCK); + mutex_unlock(&iface->sock_release_lock); + if (ret) { + if (ret == -EAGAIN) + /* check for new connections every 100 msecs */ + schedule_timeout_interruptible(HZ / 10); + continue; + } + + ksmbd_debug(CONN, "connect success: accepted new connection\n"); + client_sk->sk->sk_rcvtimeo = KSMBD_TCP_RECV_TIMEOUT; + client_sk->sk->sk_sndtimeo = KSMBD_TCP_SEND_TIMEOUT; + + ksmbd_tcp_new_connection(client_sk); + } + + ksmbd_debug(CONN, "releasing socket\n"); + return 0; +} + +/** + * ksmbd_create_ksmbd_kthread() - start forker thread + * + * start forker thread(ksmbd/0) at module init time to listen + * on port 445 for new SMB connection requests. It creates per connection + * server threads(ksmbd/x) + * + * Return: 0 on success or error number + */ +static int ksmbd_tcp_run_kthread(struct interface *iface) +{ + int rc; + struct task_struct *kthread; + + kthread = kthread_run(ksmbd_kthread_fn, (void *)iface, + "ksmbd-%s", iface->name); + if (IS_ERR(kthread)) { + rc = PTR_ERR(kthread); + return rc; + } + iface->ksmbd_kthread = kthread; + + return 0; +} + +/** + * ksmbd_tcp_readv() - read data from socket in given iovec + * @t: TCP transport instance + * @iov_orig: base IO vector + * @nr_segs: number of segments in base iov + * @to_read: number of bytes to read from socket + * + * Return: on success return number of bytes read from socket, + * otherwise return error number + */ +static int ksmbd_tcp_readv(struct tcp_transport *t, + struct kvec *iov_orig, + unsigned int nr_segs, + unsigned int to_read) +{ + int length = 0; + int total_read; + unsigned int segs; + struct msghdr ksmbd_msg; + struct kvec *iov; + struct ksmbd_conn *conn = KSMBD_TRANS(t)->conn; + + iov = get_conn_iovec(t, nr_segs); + if (!iov) + return -ENOMEM; + + ksmbd_msg.msg_control = NULL; + ksmbd_msg.msg_controllen = 0; + + for (total_read = 0; to_read; total_read += length, to_read -= length) { + try_to_freeze(); + + if (!ksmbd_conn_alive(conn)) { + total_read = -ESHUTDOWN; + break; + } + segs = kvec_array_init(iov, iov_orig, nr_segs, total_read); + + length = kernel_recvmsg(t->sock, &ksmbd_msg, + iov, segs, to_read, 0); + + if (length == -EINTR) { + total_read = -ESHUTDOWN; + break; + } else if (conn->status == KSMBD_SESS_NEED_RECONNECT) { + total_read = -EAGAIN; + break; + } else if (length == -ERESTARTSYS || length == -EAGAIN) { + usleep_range(1000, 2000); + length = 0; + continue; + } else if (length <= 0) { + total_read = -EAGAIN; + break; + } + } + return total_read; +} + +/** + * ksmbd_tcp_read() - read data from socket in given buffer + * @t: TCP transport instance + * @buf: buffer to store read data from socket + * @to_read: number of bytes to read from socket + * + * Return: on success return number of bytes read from socket, + * otherwise return error number + */ +static int ksmbd_tcp_read(struct ksmbd_transport *t, + char *buf, + unsigned int to_read) +{ + struct kvec iov; + + iov.iov_base = buf; + iov.iov_len = to_read; + + return ksmbd_tcp_readv(TCP_TRANS(t), &iov, 1, to_read); +} + +static int ksmbd_tcp_writev(struct ksmbd_transport *t, + struct kvec *iov, int nvecs, int size, + bool need_invalidate, unsigned int remote_key) + +{ + struct msghdr smb_msg = {.msg_flags = MSG_NOSIGNAL}; + + return kernel_sendmsg(TCP_TRANS(t)->sock, &smb_msg, iov, nvecs, size); +} + +static void ksmbd_tcp_disconnect(struct ksmbd_transport *t) +{ + free_transport(TCP_TRANS(t)); +} + +static void tcp_destroy_socket(struct socket *ksmbd_socket) +{ + int ret; + + if (!ksmbd_socket) + return; + + /* set zero to timeout */ + ksmbd_tcp_rcv_timeout(ksmbd_socket, 0); + ksmbd_tcp_snd_timeout(ksmbd_socket, 0); + + ret = kernel_sock_shutdown(ksmbd_socket, SHUT_RDWR); + if (ret) + ksmbd_err("Failed to shutdown socket: %d\n", ret); + else + sock_release(ksmbd_socket); +} + +/** + * create_socket - create socket for ksmbd/0 + * + * Return: Returns a task_struct or ERR_PTR + */ +static int create_socket(struct interface *iface) +{ + int ret; + struct sockaddr_in6 sin6; + struct sockaddr_in sin; + struct socket *ksmbd_socket; + bool ipv4 = false; + + ret = sock_create(PF_INET6, SOCK_STREAM, IPPROTO_TCP, &ksmbd_socket); + if (ret) { + ksmbd_err("Can't create socket for ipv6, try ipv4: %d\n", ret); + ret = sock_create(PF_INET, SOCK_STREAM, IPPROTO_TCP, + &ksmbd_socket); + if (ret) { + ksmbd_err("Can't create socket for ipv4: %d\n", ret); + goto out_error; + } + + sin.sin_family = PF_INET; + sin.sin_addr.s_addr = htonl(INADDR_ANY); + sin.sin_port = htons(server_conf.tcp_port); + ipv4 = true; + } else { + sin6.sin6_family = PF_INET6; + sin6.sin6_addr = in6addr_any; + sin6.sin6_port = htons(server_conf.tcp_port); + } + + ksmbd_tcp_nodelay(ksmbd_socket); + ksmbd_tcp_reuseaddr(ksmbd_socket); + + ret = sock_setsockopt(ksmbd_socket, + SOL_SOCKET, + SO_BINDTODEVICE, + KERNEL_SOCKPTR(iface->name), + strlen(iface->name)); + if (ret != -ENODEV && ret < 0) { + ksmbd_err("Failed to set SO_BINDTODEVICE: %d\n", ret); + goto out_error; + } + + if (ipv4) + ret = kernel_bind(ksmbd_socket, (struct sockaddr *)&sin, + sizeof(sin)); + else + ret = kernel_bind(ksmbd_socket, (struct sockaddr *)&sin6, + sizeof(sin6)); + if (ret) { + ksmbd_err("Failed to bind socket: %d\n", ret); + goto out_error; + } + + ksmbd_socket->sk->sk_rcvtimeo = KSMBD_TCP_RECV_TIMEOUT; + ksmbd_socket->sk->sk_sndtimeo = KSMBD_TCP_SEND_TIMEOUT; + + ret = kernel_listen(ksmbd_socket, KSMBD_SOCKET_BACKLOG); + if (ret) { + ksmbd_err("Port listen() error: %d\n", ret); + goto out_error; + } + + iface->ksmbd_socket = ksmbd_socket; + ret = ksmbd_tcp_run_kthread(iface); + if (ret) { + ksmbd_err("Can't start ksmbd main kthread: %d\n", ret); + goto out_error; + } + iface->state = IFACE_STATE_CONFIGURED; + + return 0; + +out_error: + tcp_destroy_socket(ksmbd_socket); + iface->ksmbd_socket = NULL; + return ret; +} + +static int ksmbd_netdev_event(struct notifier_block *nb, unsigned long event, + void *ptr) +{ + struct net_device *netdev = netdev_notifier_info_to_dev(ptr); + struct interface *iface; + int ret, found = 0; + + switch (event) { + case NETDEV_UP: + if (netdev->priv_flags & IFF_BRIDGE_PORT) + return NOTIFY_OK; + + list_for_each_entry(iface, &iface_list, entry) { + if (!strcmp(iface->name, netdev->name)) { + found = 1; + if (iface->state != IFACE_STATE_DOWN) + break; + ret = create_socket(iface); + if (ret) + return NOTIFY_OK; + break; + } + } + if (!found && bind_additional_ifaces) { + iface = alloc_iface(kstrdup(netdev->name, GFP_KERNEL)); + if (!iface) + return NOTIFY_OK; + ret = create_socket(iface); + if (ret) + break; + } + break; + case NETDEV_DOWN: + list_for_each_entry(iface, &iface_list, entry) { + if (!strcmp(iface->name, netdev->name) && + iface->state == IFACE_STATE_CONFIGURED) { + tcp_stop_kthread(iface->ksmbd_kthread); + iface->ksmbd_kthread = NULL; + mutex_lock(&iface->sock_release_lock); + tcp_destroy_socket(iface->ksmbd_socket); + iface->ksmbd_socket = NULL; + mutex_unlock(&iface->sock_release_lock); + + iface->state = IFACE_STATE_DOWN; + break; + } + } + break; + } + + return NOTIFY_DONE; + +} + +static struct notifier_block ksmbd_netdev_notifier = { + .notifier_call = ksmbd_netdev_event, +}; + +int ksmbd_tcp_init(void) +{ + register_netdevice_notifier(&ksmbd_netdev_notifier); + + return 0; +} + +static void tcp_stop_kthread(struct task_struct *kthread) +{ + int ret; + + if (!kthread) + return; + + ret = kthread_stop(kthread); + if (ret) + ksmbd_err("failed to stop forker thread\n"); +} + +void ksmbd_tcp_destroy(void) +{ + struct interface *iface, *tmp; + + unregister_netdevice_notifier(&ksmbd_netdev_notifier); + + list_for_each_entry_safe(iface, tmp, &iface_list, entry) { + list_del(&iface->entry); + kfree(iface->name); + ksmbd_free(iface); + } +} + +static struct interface *alloc_iface(char *ifname) +{ + struct interface *iface; + + if (!ifname) + return NULL; + + iface = ksmbd_alloc(sizeof(struct interface)); + if (!iface) { + kfree(ifname); + return NULL; + } + + iface->name = ifname; + iface->state = IFACE_STATE_DOWN; + list_add(&iface->entry, &iface_list); + mutex_init(&iface->sock_release_lock); + return iface; +} + +int ksmbd_tcp_set_interfaces(char *ifc_list, int ifc_list_sz) +{ + int sz = 0; + + if (!ifc_list_sz) { + struct net_device *netdev; + + rtnl_lock(); + for_each_netdev(&init_net, netdev) { + if (netdev->priv_flags & IFF_BRIDGE_PORT) + continue; + if (!alloc_iface(kstrdup(netdev->name, GFP_KERNEL))) + return -ENOMEM; + } + rtnl_unlock(); + bind_additional_ifaces = 1; + return 0; + } + + while (ifc_list_sz > 0) { + if (!alloc_iface(kstrdup(ifc_list, GFP_KERNEL))) + return -ENOMEM; + + sz = strlen(ifc_list); + if (!sz) + break; + + ifc_list += sz + 1; + ifc_list_sz -= (sz + 1); + } + + bind_additional_ifaces = 0; + + return 0; +} + +static struct ksmbd_transport_ops ksmbd_tcp_transport_ops = { + .read = ksmbd_tcp_read, + .writev = ksmbd_tcp_writev, + .disconnect = ksmbd_tcp_disconnect, +}; diff --git a/fs/cifsd/transport_tcp.h b/fs/cifsd/transport_tcp.h new file mode 100644 index 000000000000..e338bebe322f --- /dev/null +++ b/fs/cifsd/transport_tcp.h @@ -0,0 +1,13 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#ifndef __KSMBD_TRANSPORT_TCP_H__ +#define __KSMBD_TRANSPORT_TCP_H__ + +int ksmbd_tcp_set_interfaces(char *ifc_list, int ifc_list_sz); +int ksmbd_tcp_init(void); +void ksmbd_tcp_destroy(void); + +#endif /* __KSMBD_TRANSPORT_TCP_H__ */

From patchwork Mon Nov 14 12:48:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183100 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:13 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:12 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:11 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 002/308] cifsd: add server-side procedures for SMB3 Date: Mon, 14 Nov 2022 20:48:31 +0800 Message-ID: 20221114125337.1831594-3-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 565dbde2-f44a-44bf-6d78-08dac63c40d9 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.8780854 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/e2f34481b24d

-------------------------------

This adds smb3 engine, NTLM/NTLMv2/Kerberos authentication, oplock/lease cache mechanism for cifsd.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Sergey Senozhatsky sergey.senozhatsky@gmail.com Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Acked-by: Ronnie Sahlberg lsahlber@redhat.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/asn1.c | 702 +++ fs/cifsd/asn1.h | 29 + fs/cifsd/auth.c | 1348 ++++++ fs/cifsd/auth.h | 90 + fs/cifsd/crypto_ctx.c | 287 ++ fs/cifsd/crypto_ctx.h | 77 + fs/cifsd/mgmt/ksmbd_ida.c | 69 + fs/cifsd/mgmt/ksmbd_ida.h | 41 + fs/cifsd/mgmt/share_config.c | 239 + fs/cifsd/mgmt/share_config.h | 83 + fs/cifsd/mgmt/tree_connect.c | 129 + fs/cifsd/mgmt/tree_connect.h | 56 + fs/cifsd/mgmt/user_config.c | 70 + fs/cifsd/mgmt/user_config.h | 67 + fs/cifsd/mgmt/user_session.c | 345 ++ fs/cifsd/mgmt/user_session.h | 105 + fs/cifsd/misc.c | 293 ++ fs/cifsd/misc.h | 38 + fs/cifsd/ndr.c | 344 ++ fs/cifsd/ndr.h | 21 + fs/cifsd/netmisc.c | 46 + fs/cifsd/nterr.c | 674 +++ fs/cifsd/nterr.h | 552 +++ fs/cifsd/ntlmssp.h | 169 + fs/cifsd/oplock.c | 1693 +++++++ fs/cifsd/oplock.h | 138 + fs/cifsd/smb2misc.c | 458 ++ fs/cifsd/smb2ops.c | 300 ++ fs/cifsd/smb2pdu.c | 8486 ++++++++++++++++++++++++++++++++++ fs/cifsd/smb2pdu.h | 1649 +++++++ fs/cifsd/smb_common.c | 668 +++ fs/cifsd/smb_common.h | 546 +++ fs/cifsd/smbacl.c | 1309 ++++++ fs/cifsd/smbacl.h | 202 + fs/cifsd/smberr.h | 235 + fs/cifsd/smbfsctl.h | 90 + fs/cifsd/smbstatus.h | 1822 ++++++++ fs/cifsd/time_wrappers.h | 34 + fs/cifsd/unicode.c | 391 ++ fs/cifsd/unicode.h | 374 ++ fs/cifsd/uniupr.h | 268 ++ 41 files changed, 24537 insertions(+) create mode 100644 fs/cifsd/asn1.c create mode 100644 fs/cifsd/asn1.h create mode 100644 fs/cifsd/auth.c create mode 100644 fs/cifsd/auth.h create mode 100644 fs/cifsd/crypto_ctx.c create mode 100644 fs/cifsd/crypto_ctx.h create mode 100644 fs/cifsd/mgmt/ksmbd_ida.c create mode 100644 fs/cifsd/mgmt/ksmbd_ida.h create mode 100644 fs/cifsd/mgmt/share_config.c create mode 100644 fs/cifsd/mgmt/share_config.h create mode 100644 fs/cifsd/mgmt/tree_connect.c create mode 100644 fs/cifsd/mgmt/tree_connect.h create mode 100644 fs/cifsd/mgmt/user_config.c create mode 100644 fs/cifsd/mgmt/user_config.h create mode 100644 fs/cifsd/mgmt/user_session.c create mode 100644 fs/cifsd/mgmt/user_session.h create mode 100644 fs/cifsd/misc.c create mode 100644 fs/cifsd/misc.h create mode 100644 fs/cifsd/ndr.c create mode 100644 fs/cifsd/ndr.h create mode 100644 fs/cifsd/netmisc.c create mode 100644 fs/cifsd/nterr.c create mode 100644 fs/cifsd/nterr.h create mode 100644 fs/cifsd/ntlmssp.h create mode 100644 fs/cifsd/oplock.c create mode 100644 fs/cifsd/oplock.h create mode 100644 fs/cifsd/smb2misc.c create mode 100644 fs/cifsd/smb2ops.c create mode 100644 fs/cifsd/smb2pdu.c create mode 100644 fs/cifsd/smb2pdu.h create mode 100644 fs/cifsd/smb_common.c create mode 100644 fs/cifsd/smb_common.h create mode 100644 fs/cifsd/smbacl.c create mode 100644 fs/cifsd/smbacl.h create mode 100644 fs/cifsd/smberr.h create mode 100644 fs/cifsd/smbfsctl.h create mode 100644 fs/cifsd/smbstatus.h create mode 100644 fs/cifsd/time_wrappers.h create mode 100644 fs/cifsd/unicode.c create mode 100644 fs/cifsd/unicode.h create mode 100644 fs/cifsd/uniupr.h

diff --git a/fs/cifsd/asn1.c b/fs/cifsd/asn1.c new file mode 100644 index 000000000000..aa702b665849 --- /dev/null +++ b/fs/cifsd/asn1.c @@ -0,0 +1,702 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * The ASB.1/BER parsing code is derived from ip_nat_snmp_basic.c which was in + * turn derived from the gxsnmp package by Gregory McLean & Jochen Friedrich + * + * Copyright (c) 2000 RP Internet (www.rpi.net.au). + */ + +#include <linux/module.h> +#include <linux/types.h> +#include <linux/kernel.h> +#include <linux/mm.h> +#include <linux/slab.h> + +#include "glob.h" + +#include "asn1.h" +#include "connection.h" +#include "auth.h" + +/***************************************************************************** + * + * Basic ASN.1 decoding routines (gxsnmp author Dirk Wisse) + * + *****************************************************************************/ + +/* Class */ +#define ASN1_UNI 0 /* Universal */ +#define ASN1_APL 1 /* Application */ +#define ASN1_CTX 2 /* Context */ +#define ASN1_PRV 3 /* Private */ + +/* Tag */ +#define ASN1_EOC 0 /* End Of Contents or N/A */ +#define ASN1_BOL 1 /* Boolean */ +#define ASN1_INT 2 /* Integer */ +#define ASN1_BTS 3 /* Bit String */ +#define ASN1_OTS 4 /* Octet String */ +#define ASN1_NUL 5 /* Null */ +#define ASN1_OJI 6 /* Object Identifier */ +#define ASN1_OJD 7 /* Object Description */ +#define ASN1_EXT 8 /* External */ +#define ASN1_ENUM 10 /* Enumerated */ +#define ASN1_SEQ 16 /* Sequence */ +#define ASN1_SET 17 /* Set */ +#define ASN1_NUMSTR 18 /* Numerical String */ +#define ASN1_PRNSTR 19 /* Printable String */ +#define ASN1_TEXSTR 20 /* Teletext String */ +#define ASN1_VIDSTR 21 /* Video String */ +#define ASN1_IA5STR 22 /* IA5 String */ +#define ASN1_UNITIM 23 /* Universal Time */ +#define ASN1_GENTIM 24 /* General Time */ +#define ASN1_GRASTR 25 /* Graphical String */ +#define ASN1_VISSTR 26 /* Visible String */ +#define ASN1_GENSTR 27 /* General String */ + +/* Primitive / Constructed methods*/ +#define ASN1_PRI 0 /* Primitive */ +#define ASN1_CON 1 /* Constructed */ + +/* + * Error codes. + */ +#define ASN1_ERR_NOERROR 0 +#define ASN1_ERR_DEC_EMPTY 2 +#define ASN1_ERR_DEC_EOC_MISMATCH 3 +#define ASN1_ERR_DEC_LENGTH_MISMATCH 4 +#define ASN1_ERR_DEC_BADVALUE 5 + +#define SPNEGO_OID_LEN 7 +#define NTLMSSP_OID_LEN 10 +#define KRB5_OID_LEN 7 +#define KRB5U2U_OID_LEN 8 +#define MSKRB5_OID_LEN 7 +static unsigned long SPNEGO_OID[7] = { 1, 3, 6, 1, 5, 5, 2 }; +static unsigned long NTLMSSP_OID[10] = { 1, 3, 6, 1, 4, 1, 311, 2, 2, 10 }; +static unsigned long KRB5_OID[7] = { 1, 2, 840, 113554, 1, 2, 2 }; +static unsigned long KRB5U2U_OID[8] = { 1, 2, 840, 113554, 1, 2, 2, 3 }; +static unsigned long MSKRB5_OID[7] = { 1, 2, 840, 48018, 1, 2, 2 }; + +static char NTLMSSP_OID_STR[NTLMSSP_OID_LEN] = { 0x2b, 0x06, 0x01, 0x04, 0x01, + 0x82, 0x37, 0x02, 0x02, 0x0a }; + +/* + * ASN.1 context. + */ +struct asn1_ctx { + int error; /* Error condition */ + unsigned char *pointer; /* Octet just to be decoded */ + unsigned char *begin; /* First octet */ + unsigned char *end; /* Octet after last octet */ +}; + +/* + * Octet string (not null terminated) + */ +struct asn1_octstr { + unsigned char *data; + unsigned int len; +}; + +static void +asn1_open(struct asn1_ctx *ctx, unsigned char *buf, unsigned int len) +{ + ctx->begin = buf; + ctx->end = buf + len; + ctx->pointer = buf; + ctx->error = ASN1_ERR_NOERROR; +} + +static unsigned char +asn1_octet_decode(struct asn1_ctx *ctx, unsigned char *ch) +{ + if (ctx->pointer >= ctx->end) { + ctx->error = ASN1_ERR_DEC_EMPTY; + return 0; + } + *ch = *(ctx->pointer)++; + return 1; +} + +static unsigned char +asn1_tag_decode(struct asn1_ctx *ctx, unsigned int *tag) +{ + unsigned char ch; + + *tag = 0; + + do { + if (!asn1_octet_decode(ctx, &ch)) + return 0; + *tag <<= 7; + *tag |= ch & 0x7F; + } while ((ch & 0x80) == 0x80); + return 1; +} + +static unsigned char +asn1_id_decode(struct asn1_ctx *ctx, + unsigned int *cls, unsigned int *con, unsigned int *tag) +{ + unsigned char ch; + + if (!asn1_octet_decode(ctx, &ch)) + return 0; + + *cls = (ch & 0xC0) >> 6; + *con = (ch & 0x20) >> 5; + *tag = (ch & 0x1F); + + if (*tag == 0x1F) { + if (!asn1_tag_decode(ctx, tag)) + return 0; + } + return 1; +} + +static unsigned char +asn1_length_decode(struct asn1_ctx *ctx, unsigned int *def, unsigned int *len) +{ + unsigned char ch, cnt; + + if (!asn1_octet_decode(ctx, &ch)) + return 0; + + if (ch == 0x80) + *def = 0; + else { + *def = 1; + + if (ch < 0x80) + *len = ch; + else { + cnt = (unsigned char) (ch & 0x7F); + *len = 0; + + while (cnt > 0) { + if (!asn1_octet_decode(ctx, &ch)) + return 0; + *len <<= 8; + *len |= ch; + cnt--; + } + } + } + + /* don't trust len bigger than ctx buffer */ + if (*len > ctx->end - ctx->pointer) + return 0; + + return 1; +} + +static unsigned char +asn1_header_decode(struct asn1_ctx *ctx, + unsigned char **eoc, + unsigned int *cls, unsigned int *con, unsigned int *tag) +{ + unsigned int def = 0; + unsigned int len = 0; + + if (!asn1_id_decode(ctx, cls, con, tag)) + return 0; + + if (!asn1_length_decode(ctx, &def, &len)) + return 0; + + /* primitive shall be definite, indefinite shall be constructed */ + if (*con == ASN1_PRI && !def) + return 0; + + if (def) + *eoc = ctx->pointer + len; + else + *eoc = NULL; + return 1; +} + +static unsigned char +asn1_eoc_decode(struct asn1_ctx *ctx, unsigned char *eoc) +{ + unsigned char ch; + + if (!eoc) { + if (!asn1_octet_decode(ctx, &ch)) + return 0; + + if (ch != 0x00) { + ctx->error = ASN1_ERR_DEC_EOC_MISMATCH; + return 0; + } + + if (!asn1_octet_decode(ctx, &ch)) + return 0; + + if (ch != 0x00) { + ctx->error = ASN1_ERR_DEC_EOC_MISMATCH; + return 0; + } + } else { + if (ctx->pointer != eoc) { + ctx->error = ASN1_ERR_DEC_LENGTH_MISMATCH; + return 0; + } + } + return 1; +} + +static unsigned char +asn1_subid_decode(struct asn1_ctx *ctx, unsigned long *subid) +{ + unsigned char ch; + + *subid = 0; + + do { + if (!asn1_octet_decode(ctx, &ch)) + return 0; + + *subid <<= 7; + *subid |= ch & 0x7F; + } while ((ch & 0x80) == 0x80); + return 1; +} + +static int +asn1_oid_decode(struct asn1_ctx *ctx, + unsigned char *eoc, unsigned long **oid, unsigned int *len) +{ + unsigned long subid; + unsigned int size; + unsigned long *optr; + + size = eoc - ctx->pointer + 1; + + /* first subid actually encodes first two subids */ + if (size < 2 || size > UINT_MAX/sizeof(unsigned long)) + return 0; + + *oid = kmalloc(size * sizeof(unsigned long), GFP_KERNEL); + if (!*oid) + return 0; + + optr = *oid; + + if (!asn1_subid_decode(ctx, &subid)) { + kfree(*oid); + *oid = NULL; + return 0; + } + + if (subid < 40) { + optr[0] = 0; + optr[1] = subid; + } else if (subid < 80) { + optr[0] = 1; + optr[1] = subid - 40; + } else { + optr[0] = 2; + optr[1] = subid - 80; + } + + *len = 2; + optr += 2; + + while (ctx->pointer < eoc) { + if (++(*len) > size) { + ctx->error = ASN1_ERR_DEC_BADVALUE; + kfree(*oid); + *oid = NULL; + return 0; + } + + if (!asn1_subid_decode(ctx, optr++)) { + kfree(*oid); + *oid = NULL; + return 0; + } + } + return 1; +} + +static int +compare_oid(unsigned long *oid1, unsigned int oid1len, + unsigned long *oid2, unsigned int oid2len) +{ + unsigned int i; + + if (oid1len != oid2len) + return 0; + + for (i = 0; i < oid1len; i++) { + if (oid1[i] != oid2[i]) + return 0; + } + return 1; +} + +/* BB check for endian conversion issues here */ + +int +ksmbd_decode_negTokenInit(unsigned char *security_blob, int length, + struct ksmbd_conn *conn) +{ + struct asn1_ctx ctx; + unsigned char *end; + unsigned char *sequence_end; + unsigned long *oid = NULL; + unsigned int cls, con, tag, oidlen, rc, mechTokenlen; + unsigned int mech_type; + + ksmbd_debug(AUTH, "Received SecBlob: length %d\n", length); + + asn1_open(&ctx, security_blob, length); + + /* GSSAPI header */ + if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) { + ksmbd_debug(AUTH, "Error decoding negTokenInit header\n"); + return 0; + } else if ((cls != ASN1_APL) || (con != ASN1_CON) + || (tag != ASN1_EOC)) { + ksmbd_debug(AUTH, "cls = %d con = %d tag = %d\n", cls, con, + tag); + return 0; + } + + /* Check for SPNEGO OID -- remember to free obj->oid */ + rc = asn1_header_decode(&ctx, &end, &cls, &con, &tag); + if (rc) { + if ((tag == ASN1_OJI) && (con == ASN1_PRI) && + (cls == ASN1_UNI)) { + rc = asn1_oid_decode(&ctx, end, &oid, &oidlen); + if (rc) { + rc = compare_oid(oid, oidlen, SPNEGO_OID, + SPNEGO_OID_LEN); + kfree(oid); + } + } else + rc = 0; + } + + /* SPNEGO OID not present or garbled -- bail out */ + if (!rc) { + ksmbd_debug(AUTH, "Error decoding negTokenInit header\n"); + return 0; + } + + /* SPNEGO */ + if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) { + ksmbd_debug(AUTH, "Error decoding negTokenInit\n"); + return 0; + } else if ((cls != ASN1_CTX) || (con != ASN1_CON) + || (tag != ASN1_EOC)) { + ksmbd_debug(AUTH, + "cls = %d con = %d tag = %d end = %p (%d) exit 0\n", + cls, con, tag, end, *end); + return 0; + } + + /* negTokenInit */ + if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) { + ksmbd_debug(AUTH, "Error decoding negTokenInit\n"); + return 0; + } else if ((cls != ASN1_UNI) || (con != ASN1_CON) + || (tag != ASN1_SEQ)) { + ksmbd_debug(AUTH, + "cls = %d con = %d tag = %d end = %p (%d) exit 1\n", + cls, con, tag, end, *end); + return 0; + } + + /* sequence */ + if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) { + ksmbd_debug(AUTH, "Error decoding 2nd part of negTokenInit\n"); + return 0; + } else if ((cls != ASN1_CTX) || (con != ASN1_CON) + || (tag != ASN1_EOC)) { + ksmbd_debug(AUTH, + "cls = %d con = %d tag = %d end = %p (%d) exit 0\n", + cls, con, tag, end, *end); + return 0; + } + + /* sequence of */ + if (asn1_header_decode + (&ctx, &sequence_end, &cls, &con, &tag) == 0) { + ksmbd_debug(AUTH, "Error decoding 2nd part of negTokenInit\n"); + return 0; + } else if ((cls != ASN1_UNI) || (con != ASN1_CON) + || (tag != ASN1_SEQ)) { + ksmbd_debug(AUTH, + "cls = %d con = %d tag = %d end = %p (%d) exit 1\n", + cls, con, tag, end, *end); + return 0; + } + + /* list of security mechanisms */ + while (!asn1_eoc_decode(&ctx, sequence_end)) { + rc = asn1_header_decode(&ctx, &end, &cls, &con, &tag); + if (!rc) { + ksmbd_debug(AUTH, + "Error decoding negTokenInit hdr exit2\n"); + return 0; + } + if ((tag == ASN1_OJI) && (con == ASN1_PRI)) { + if (asn1_oid_decode(&ctx, end, &oid, &oidlen)) { + if (compare_oid(oid, oidlen, MSKRB5_OID, + MSKRB5_OID_LEN)) + mech_type = KSMBD_AUTH_MSKRB5; + else if (compare_oid(oid, oidlen, KRB5U2U_OID, + KRB5U2U_OID_LEN)) + mech_type = KSMBD_AUTH_KRB5U2U; + else if (compare_oid(oid, oidlen, KRB5_OID, + KRB5_OID_LEN)) + mech_type = KSMBD_AUTH_KRB5; + else if (compare_oid(oid, oidlen, NTLMSSP_OID, + NTLMSSP_OID_LEN)) + mech_type = KSMBD_AUTH_NTLMSSP; + else { + kfree(oid); + continue; + } + + conn->auth_mechs |= mech_type; + if (conn->preferred_auth_mech == 0) + conn->preferred_auth_mech = mech_type; + kfree(oid); + } + } else { + ksmbd_debug(AUTH, + "Should be an oid what is going on?\n"); + } + } + + /* sequence */ + if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) { + ksmbd_debug(AUTH, "Error decoding 2nd part of negTokenInit\n"); + return 0; + } else if ((cls != ASN1_CTX) || (con != ASN1_CON) + || (tag != ASN1_INT)) { + ksmbd_debug(AUTH, + "cls = %d con = %d tag = %d end = %p (%d) exit 0\n", + cls, con, tag, end, *end); + return 0; + } + + /* sequence of */ + if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) { + ksmbd_debug(AUTH, "Error decoding 2nd part of negTokenInit\n"); + return 0; + } else if ((cls != ASN1_UNI) || (con != ASN1_PRI) + || (tag != ASN1_OTS)) { + ksmbd_debug(AUTH, + "cls = %d con = %d tag = %d end = %p (%d) exit 0\n", + cls, con, tag, end, *end); + return 0; + } + + mechTokenlen = ctx.end - ctx.pointer; + conn->mechToken = kmalloc(mechTokenlen + 1, GFP_KERNEL); + if (!conn->mechToken) { + ksmbd_err("memory allocation error\n"); + return 0; + } + + memcpy(conn->mechToken, ctx.pointer, mechTokenlen); + conn->mechToken[mechTokenlen] = '\0'; + + return 1; +} + +int +ksmbd_decode_negTokenTarg(unsigned char *security_blob, int length, + struct ksmbd_conn *conn) +{ + struct asn1_ctx ctx; + unsigned char *end; + unsigned int cls, con, tag, mechTokenlen; + + ksmbd_debug(AUTH, "Received Auth SecBlob: length %d\n", length); + + asn1_open(&ctx, security_blob, length); + + /* GSSAPI header */ + if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) { + ksmbd_debug(AUTH, "Error decoding negTokenInit header\n"); + return 0; + } else if ((cls != ASN1_CTX) || (con != ASN1_CON) + || (tag != ASN1_BOL)) { + ksmbd_debug(AUTH, "cls = %d con = %d tag = %d\n", cls, con, + tag); + return 0; + } + + /* SPNEGO */ + if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) { + ksmbd_debug(AUTH, "Error decoding negTokenInit\n"); + return 0; + } else if ((cls != ASN1_UNI) || (con != ASN1_CON) + || (tag != ASN1_SEQ)) { + ksmbd_debug(AUTH, + "cls = %d con = %d tag = %d end = %p (%d) exit 0\n", + cls, con, tag, end, *end); + return 0; + } + + /* negTokenTarg */ + if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) { + ksmbd_debug(AUTH, "Error decoding negTokenInit\n"); + return 0; + } else if ((cls != ASN1_CTX) || (con != ASN1_CON) + || (tag != ASN1_INT)) { + ksmbd_debug(AUTH, + "cls = %d con = %d tag = %d end = %p (%d) exit 1\n", + cls, con, tag, end, *end); + return 0; + } + + /* negTokenTarg */ + if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) { + ksmbd_debug(AUTH, "Error decoding negTokenInit\n"); + return 0; + } else if ((cls != ASN1_UNI) || (con != ASN1_PRI) + || (tag != ASN1_OTS)) { + ksmbd_debug(AUTH, + "cls = %d con = %d tag = %d end = %p (%d) exit 1\n", + cls, con, tag, end, *end); + return 0; + } + + mechTokenlen = ctx.end - ctx.pointer; + conn->mechToken = kmalloc(mechTokenlen + 1, GFP_KERNEL); + if (!conn->mechToken) { + ksmbd_err("memory allocation error\n"); + return 0; + } + + memcpy(conn->mechToken, ctx.pointer, mechTokenlen); + conn->mechToken[mechTokenlen] = '\0'; + + return 1; +} + +static int compute_asn_hdr_len_bytes(int len) +{ + if (len > 0xFFFFFF) + return 4; + else if (len > 0xFFFF) + return 3; + else if (len > 0xFF) + return 2; + else if (len > 0x7F) + return 1; + else + return 0; +} + +static void encode_asn_tag(char *buf, + unsigned int *ofs, + char tag, + char seq, + int length) +{ + int i; + int index = *ofs; + char hdr_len = compute_asn_hdr_len_bytes(length); + int len = length + 2 + hdr_len; + + /* insert tag */ + buf[index++] = tag; + + if (!hdr_len) + buf[index++] = len; + else { + buf[index++] = 0x80 | hdr_len; + for (i = hdr_len - 1; i >= 0; i--) + buf[index++] = (len >> (i * 8)) & 0xFF; + } + + /* insert seq */ + len = len - (index - *ofs); + buf[index++] = seq; + + if (!hdr_len) + buf[index++] = len; + else { + buf[index++] = 0x80 | hdr_len; + for (i = hdr_len - 1; i >= 0; i--) + buf[index++] = (len >> (i * 8)) & 0xFF; + } + + *ofs += (index - *ofs); +} + +int build_spnego_ntlmssp_neg_blob(unsigned char **pbuffer, u16 *buflen, + char *ntlm_blob, int ntlm_blob_len) +{ + char *buf; + unsigned int ofs = 0; + int neg_result_len = 4 + compute_asn_hdr_len_bytes(1) * 2 + 1; + int oid_len = 4 + compute_asn_hdr_len_bytes(NTLMSSP_OID_LEN) * 2 + + NTLMSSP_OID_LEN; + int ntlmssp_len = 4 + compute_asn_hdr_len_bytes(ntlm_blob_len) * 2 + + ntlm_blob_len; + int total_len = 4 + compute_asn_hdr_len_bytes(neg_result_len + + oid_len + ntlmssp_len) * 2 + + neg_result_len + oid_len + ntlmssp_len; + + buf = kmalloc(total_len, GFP_KERNEL); + if (!buf) + return -ENOMEM; + + /* insert main gss header */ + encode_asn_tag(buf, &ofs, 0xa1, 0x30, neg_result_len + oid_len + + ntlmssp_len); + + /* insert neg result */ + encode_asn_tag(buf, &ofs, 0xa0, 0x0a, 1); + buf[ofs++] = 1; + + /* insert oid */ + encode_asn_tag(buf, &ofs, 0xa1, 0x06, NTLMSSP_OID_LEN); + memcpy(buf + ofs, NTLMSSP_OID_STR, NTLMSSP_OID_LEN); + ofs += NTLMSSP_OID_LEN; + + /* insert response token - ntlmssp blob */ + encode_asn_tag(buf, &ofs, 0xa2, 0x04, ntlm_blob_len); + memcpy(buf + ofs, ntlm_blob, ntlm_blob_len); + ofs += ntlm_blob_len; + + *pbuffer = buf; + *buflen = total_len; + return 0; +} + +int build_spnego_ntlmssp_auth_blob(unsigned char **pbuffer, u16 *buflen, + int neg_result) +{ + char *buf; + unsigned int ofs = 0; + int neg_result_len = 4 + compute_asn_hdr_len_bytes(1) * 2 + 1; + int total_len = 4 + compute_asn_hdr_len_bytes(neg_result_len) * 2 + + neg_result_len; + + buf = kmalloc(total_len, GFP_KERNEL); + if (!buf) + return -ENOMEM; + + /* insert main gss header */ + encode_asn_tag(buf, &ofs, 0xa1, 0x30, neg_result_len); + + /* insert neg result */ + encode_asn_tag(buf, &ofs, 0xa0, 0x0a, 1); + if (neg_result) + buf[ofs++] = 2; + else + buf[ofs++] = 0; + + *pbuffer = buf; + *buflen = total_len; + return 0; +} diff --git a/fs/cifsd/asn1.h b/fs/cifsd/asn1.h new file mode 100644 index 000000000000..ff2692b502d6 --- /dev/null +++ b/fs/cifsd/asn1.h @@ -0,0 +1,29 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * The ASB.1/BER parsing code is derived from ip_nat_snmp_basic.c which was in + * turn derived from the gxsnmp package by Gregory McLean & Jochen Friedrich + * + * Copyright (c) 2000 RP Internet (www.rpi.net.au). + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#ifndef __ASN1_H__ +#define __ASN1_H__ + +int ksmbd_decode_negTokenInit(unsigned char *security_blob, + int length, + struct ksmbd_conn *conn); + +int ksmbd_decode_negTokenTarg(unsigned char *security_blob, + int length, + struct ksmbd_conn *conn); + +int build_spnego_ntlmssp_neg_blob(unsigned char **pbuffer, + u16 *buflen, + char *ntlm_blob, + int ntlm_blob_len); + +int build_spnego_ntlmssp_auth_blob(unsigned char **pbuffer, + u16 *buflen, + int neg_result); +#endif /* __ASN1_H__ */ diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c new file mode 100644 index 000000000000..0a49c67a69d6 --- /dev/null +++ b/fs/cifsd/auth.c @@ -0,0 +1,1348 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2016 Namjae Jeon linkinjeon@kernel.org + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#include <linux/kernel.h> +#include <linux/fs.h> +#include <linux/uaccess.h> +#include <linux/backing-dev.h> +#include <linux/writeback.h> +#include <linux/uio.h> +#include <linux/xattr.h> +#include <crypto/hash.h> +#include <crypto/aead.h> +#include <linux/random.h> +#include <linux/scatterlist.h> + +#include "auth.h" +#include "glob.h" + +#include <linux/fips.h> +#include <crypto/des.h> + +#include "server.h" +#include "smb_common.h" +#include "connection.h" +#include "mgmt/user_session.h" +#include "mgmt/user_config.h" +#include "crypto_ctx.h" +#include "transport_ipc.h" +#include "buffer_pool.h" + +/* + * Fixed format data defining GSS header and fixed string + * "not_defined_in_RFC4178@please_ignore". + * So sec blob data in neg phase could be generated statically. + */ +static char NEGOTIATE_GSS_HEADER[AUTH_GSS_LENGTH] = { +#ifdef CONFIG_SMB_SERVER_KERBEROS5 + 0x60, 0x5e, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05, + 0x05, 0x02, 0xa0, 0x54, 0x30, 0x52, 0xa0, 0x24, + 0x30, 0x22, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x12, 0x01, 0x02, 0x02, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x82, 0xf7, 0x12, 0x01, 0x02, 0x02, + 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, + 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a, 0x30, 0x28, + 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f, 0x74, 0x5f, + 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, 0x64, 0x5f, + 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43, 0x34, 0x31, + 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65, 0x61, 0x73, + 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65 +#else + 0x60, 0x48, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05, + 0x05, 0x02, 0xa0, 0x3e, 0x30, 0x3c, 0xa0, 0x0e, + 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, + 0x01, 0x82, 0x37, 0x02, 0x02, 0x0a, 0xa3, 0x2a, + 0x30, 0x28, 0xa0, 0x26, 0x1b, 0x24, 0x6e, 0x6f, + 0x74, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x65, + 0x64, 0x5f, 0x69, 0x6e, 0x5f, 0x52, 0x46, 0x43, + 0x34, 0x31, 0x37, 0x38, 0x40, 0x70, 0x6c, 0x65, + 0x61, 0x73, 0x65, 0x5f, 0x69, 0x67, 0x6e, 0x6f, + 0x72, 0x65 +#endif +}; + + +void ksmbd_copy_gss_neg_header(void *buf) +{ + memcpy(buf, NEGOTIATE_GSS_HEADER, AUTH_GSS_LENGTH); +} + +static void +str_to_key(unsigned char *str, unsigned char *key) +{ + int i; + + key[0] = str[0] >> 1; + key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2); + key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3); + key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4); + key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5); + key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6); + key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7); + key[7] = str[6] & 0x7F; + for (i = 0; i < 8; i++) + key[i] = (key[i] << 1); +} + +static int +smbhash(unsigned char *out, const unsigned char *in, unsigned char *key) +{ + unsigned char key2[8]; + struct des_ctx ctx; + + str_to_key(key, key2); + + if (fips_enabled) { + ksmbd_debug(AUTH, + "FIPS compliance enabled: DES not permitted\n"); + return -ENOENT; + } + + des_expand_key(&ctx, key2, DES_KEY_SIZE); + des_encrypt(&ctx, out, in); + memzero_explicit(&ctx, sizeof(ctx)); + return 0; +} + +static int ksmbd_enc_p24(unsigned char *p21, + const unsigned char *c8, + unsigned char *p24) +{ + int rc; + + rc = smbhash(p24, c8, p21); + if (rc) + return rc; + rc = smbhash(p24 + 8, c8, p21 + 7); + if (rc) + return rc; + rc = smbhash(p24 + 16, c8, p21 + 14); + return rc; +} + +/* produce a md4 message digest from data of length n bytes */ +static int ksmbd_enc_md4(unsigned char *md4_hash, + unsigned char *link_str, + int link_len) +{ + int rc; + struct ksmbd_crypto_ctx *ctx; + + ctx = ksmbd_crypto_ctx_find_md4(); + if (!ctx) { + ksmbd_debug(AUTH, "Crypto md4 allocation error\n"); + return -EINVAL; + } + + rc = crypto_shash_init(CRYPTO_MD4(ctx)); + if (rc) { + ksmbd_debug(AUTH, "Could not init md4 shash\n"); + goto out; + } + + rc = crypto_shash_update(CRYPTO_MD4(ctx), link_str, link_len); + if (rc) { + ksmbd_debug(AUTH, "Could not update with link_str\n"); + goto out; + } + + rc = crypto_shash_final(CRYPTO_MD4(ctx), md4_hash); + if (rc) + ksmbd_debug(AUTH, "Could not generate md4 hash\n"); +out: + ksmbd_release_crypto_ctx(ctx); + return rc; +} + +static int ksmbd_enc_update_sess_key(unsigned char *md5_hash, + char *nonce, + char *server_challenge, + int len) +{ + int rc; + struct ksmbd_crypto_ctx *ctx; + + ctx = ksmbd_crypto_ctx_find_md5(); + if (!ctx) { + ksmbd_debug(AUTH, "Crypto md5 allocation error\n"); + return -EINVAL; + } + + rc = crypto_shash_init(CRYPTO_MD5(ctx)); + if (rc) { + ksmbd_debug(AUTH, "Could not init md5 shash\n"); + goto out; + } + + rc = crypto_shash_update(CRYPTO_MD5(ctx), server_challenge, len); + if (rc) { + ksmbd_debug(AUTH, "Could not update with challenge\n"); + goto out; + } + + rc = crypto_shash_update(CRYPTO_MD5(ctx), nonce, len); + if (rc) { + ksmbd_debug(AUTH, "Could not update with nonce\n"); + goto out; + } + + rc = crypto_shash_final(CRYPTO_MD5(ctx), md5_hash); + if (rc) + ksmbd_debug(AUTH, "Could not generate md5 hash\n"); +out: + ksmbd_release_crypto_ctx(ctx); + return rc; +} + +/** + * ksmbd_gen_sess_key() - function to generate session key + * @sess: session of connection + * @hash: source hash value to be used for find session key + * @hmac: source hmac value to be used for finding session key + * + */ +static int ksmbd_gen_sess_key(struct ksmbd_session *sess, + char *hash, + char *hmac) +{ + struct ksmbd_crypto_ctx *ctx; + int rc = -EINVAL; + + ctx = ksmbd_crypto_ctx_find_hmacmd5(); + if (!ctx) + goto out; + + rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx), + hash, + CIFS_HMAC_MD5_HASH_SIZE); + if (rc) { + ksmbd_debug(AUTH, "hmacmd5 set key fail error %d\n", rc); + goto out; + } + + rc = crypto_shash_init(CRYPTO_HMACMD5(ctx)); + if (rc) { + ksmbd_debug(AUTH, "could not init hmacmd5 error %d\n", rc); + goto out; + } + + rc = crypto_shash_update(CRYPTO_HMACMD5(ctx), + hmac, + SMB2_NTLMV2_SESSKEY_SIZE); + if (rc) { + ksmbd_debug(AUTH, "Could not update with response error %d\n", + rc); + goto out; + } + + rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), sess->sess_key); + if (rc) { + ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n", + rc); + goto out; + } + +out: + ksmbd_release_crypto_ctx(ctx); + return rc; +} + +static int calc_ntlmv2_hash(struct ksmbd_session *sess, char *ntlmv2_hash, + char *dname) +{ + int ret = -EINVAL, len; + wchar_t *domain = NULL; + __le16 *uniname = NULL; + struct ksmbd_crypto_ctx *ctx; + + ctx = ksmbd_crypto_ctx_find_hmacmd5(); + if (!ctx) { + ksmbd_debug(AUTH, "can't generate ntlmv2 hash\n"); + goto out; + } + + ret = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx), + user_passkey(sess->user), + CIFS_ENCPWD_SIZE); + if (ret) { + ksmbd_debug(AUTH, "Could not set NT Hash as a key\n"); + goto out; + } + + ret = crypto_shash_init(CRYPTO_HMACMD5(ctx)); + if (ret) { + ksmbd_debug(AUTH, "could not init hmacmd5\n"); + goto out; + } + + /* convert user_name to unicode */ + len = strlen(user_name(sess->user)); + uniname = kzalloc(2 + UNICODE_LEN(len), GFP_KERNEL); + if (!uniname) { + ret = -ENOMEM; + goto out; + } + + if (len) { + len = smb_strtoUTF16(uniname, user_name(sess->user), len, + sess->conn->local_nls); + UniStrupr(uniname); + } + + ret = crypto_shash_update(CRYPTO_HMACMD5(ctx), + (char *)uniname, + UNICODE_LEN(len)); + if (ret) { + ksmbd_debug(AUTH, "Could not update with user\n"); + goto out; + } + + /* Convert domain name or conn name to unicode and uppercase */ + len = strlen(dname); + domain = kzalloc(2 + UNICODE_LEN(len), GFP_KERNEL); + if (!domain) { + ret = -ENOMEM; + goto out; + } + + len = smb_strtoUTF16((__le16 *)domain, dname, len, + sess->conn->local_nls); + + ret = crypto_shash_update(CRYPTO_HMACMD5(ctx), + (char *)domain, + UNICODE_LEN(len)); + if (ret) { + ksmbd_debug(AUTH, "Could not update with domain\n"); + goto out; + } + + ret = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_hash); +out: + if (ret) + ksmbd_debug(AUTH, "Could not generate md5 hash\n"); + kfree(uniname); + kfree(domain); + ksmbd_release_crypto_ctx(ctx); + return ret; +} + +/** + * ksmbd_auth_ntlm() - NTLM authentication handler + * @sess: session of connection + * @pw_buf: NTLM challenge response + * @passkey: user password + * + * Return: 0 on success, error number on error + */ +int ksmbd_auth_ntlm(struct ksmbd_session *sess, char *pw_buf) +{ + int rc; + unsigned char p21[21]; + char key[CIFS_AUTH_RESP_SIZE]; + + memset(p21, '\0', 21); + memcpy(p21, user_passkey(sess->user), CIFS_NTHASH_SIZE); + rc = ksmbd_enc_p24(p21, sess->ntlmssp.cryptkey, key); + if (rc) { + ksmbd_err("password processing failed\n"); + return rc; + } + + ksmbd_enc_md4(sess->sess_key, + user_passkey(sess->user), + CIFS_SMB1_SESSKEY_SIZE); + memcpy(sess->sess_key + CIFS_SMB1_SESSKEY_SIZE, key, + CIFS_AUTH_RESP_SIZE); + sess->sequence_number = 1; + + if (strncmp(pw_buf, key, CIFS_AUTH_RESP_SIZE) != 0) { + ksmbd_debug(AUTH, "ntlmv1 authentication failed\n"); + rc = -EINVAL; + } else + ksmbd_debug(AUTH, "ntlmv1 authentication pass\n"); + + return rc; +} + +/** + * ksmbd_auth_ntlmv2() - NTLMv2 authentication handler + * @sess: session of connection + * @ntlmv2: NTLMv2 challenge response + * @blen: NTLMv2 blob length + * @domain_name: domain name + * + * Return: 0 on success, error number on error + */ +int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, + struct ntlmv2_resp *ntlmv2, + int blen, + char *domain_name) +{ + char ntlmv2_hash[CIFS_ENCPWD_SIZE]; + char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE]; + struct ksmbd_crypto_ctx *ctx; + char *construct = NULL; + int rc = -EINVAL, len; + + ctx = ksmbd_crypto_ctx_find_hmacmd5(); + if (!ctx) { + ksmbd_debug(AUTH, "could not crypto alloc hmacmd5 rc %d\n", rc); + goto out; + } + + rc = calc_ntlmv2_hash(sess, ntlmv2_hash, domain_name); + if (rc) { + ksmbd_debug(AUTH, "could not get v2 hash rc %d\n", rc); + goto out; + } + + rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx), + ntlmv2_hash, + CIFS_HMAC_MD5_HASH_SIZE); + if (rc) { + ksmbd_debug(AUTH, "Could not set NTLMV2 Hash as a key\n"); + goto out; + } + + rc = crypto_shash_init(CRYPTO_HMACMD5(ctx)); + if (rc) { + ksmbd_debug(AUTH, "Could not init hmacmd5\n"); + goto out; + } + + len = CIFS_CRYPTO_KEY_SIZE + blen; + construct = kzalloc(len, GFP_KERNEL); + if (!construct) { + rc = -ENOMEM; + goto out; + } + + memcpy(construct, sess->ntlmssp.cryptkey, CIFS_CRYPTO_KEY_SIZE); + memcpy(construct + CIFS_CRYPTO_KEY_SIZE, + (char *)(&ntlmv2->blob_signature), blen); + + rc = crypto_shash_update(CRYPTO_HMACMD5(ctx), construct, len); + if (rc) { + ksmbd_debug(AUTH, "Could not update with response\n"); + goto out; + } + + rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_rsp); + if (rc) { + ksmbd_debug(AUTH, "Could not generate md5 hash\n"); + goto out; + } + + rc = ksmbd_gen_sess_key(sess, ntlmv2_hash, ntlmv2_rsp); + if (rc) { + ksmbd_debug(AUTH, "Could not generate sess key\n"); + goto out; + } + + rc = memcmp(ntlmv2->ntlmv2_hash, ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE); +out: + ksmbd_release_crypto_ctx(ctx); + kfree(construct); + return rc; +} + +/** + * __ksmbd_auth_ntlmv2() - NTLM2(extended security) authentication handler + * @sess: session of connection + * @client_nonce: client nonce from LM response. + * @ntlm_resp: ntlm response data from client. + * + * Return: 0 on success, error number on error + */ +static int __ksmbd_auth_ntlmv2(struct ksmbd_session *sess, + char *client_nonce, + char *ntlm_resp) +{ + char sess_key[CIFS_SMB1_SESSKEY_SIZE] = {0}; + int rc; + unsigned char p21[21]; + char key[CIFS_AUTH_RESP_SIZE]; + + rc = ksmbd_enc_update_sess_key(sess_key, + client_nonce, + (char *)sess->ntlmssp.cryptkey, 8); + if (rc) { + ksmbd_err("password processing failed\n"); + goto out; + } + + memset(p21, '\0', 21); + memcpy(p21, user_passkey(sess->user), CIFS_NTHASH_SIZE); + rc = ksmbd_enc_p24(p21, sess_key, key); + if (rc) { + ksmbd_err("password processing failed\n"); + goto out; + } + + rc = memcmp(ntlm_resp, key, CIFS_AUTH_RESP_SIZE); +out: + return rc; +} + +/** + * ksmbd_decode_ntlmssp_auth_blob() - helper function to construct + * authenticate blob + * @authblob: authenticate blob source pointer + * @usr: user details + * @sess: session of connection + * + * Return: 0 on success, error number on error + */ +int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, + int blob_len, + struct ksmbd_session *sess) +{ + char *domain_name; + unsigned int lm_off, nt_off; + unsigned short nt_len; + int ret; + + if (blob_len < sizeof(struct authenticate_message)) { + ksmbd_debug(AUTH, "negotiate blob len %d too small\n", + blob_len); + return -EINVAL; + } + + if (memcmp(authblob->Signature, "NTLMSSP", 8)) { + ksmbd_debug(AUTH, "blob signature incorrect %s\n", + authblob->Signature); + return -EINVAL; + } + + lm_off = le32_to_cpu(authblob->LmChallengeResponse.BufferOffset); + nt_off = le32_to_cpu(authblob->NtChallengeResponse.BufferOffset); + nt_len = le16_to_cpu(authblob->NtChallengeResponse.Length); + + /* process NTLM authentication */ + if (nt_len == CIFS_AUTH_RESP_SIZE) { + if (le32_to_cpu(authblob->NegotiateFlags) + & NTLMSSP_NEGOTIATE_EXTENDED_SEC) + return __ksmbd_auth_ntlmv2(sess, (char *)authblob + + lm_off, (char *)authblob + nt_off); + else + return ksmbd_auth_ntlm(sess, (char *)authblob + + nt_off); + } + + /* TODO : use domain name that imported from configuration file */ + domain_name = smb_strndup_from_utf16( + (const char *)authblob + + le32_to_cpu(authblob->DomainName.BufferOffset), + le16_to_cpu(authblob->DomainName.Length), true, + sess->conn->local_nls); + if (IS_ERR(domain_name)) + return PTR_ERR(domain_name); + + /* process NTLMv2 authentication */ + ksmbd_debug(AUTH, "decode_ntlmssp_authenticate_blob dname%s\n", + domain_name); + ret = ksmbd_auth_ntlmv2(sess, + (struct ntlmv2_resp *)((char *)authblob + nt_off), + nt_len - CIFS_ENCPWD_SIZE, + domain_name); + kfree(domain_name); + return ret; +} + +/** + * ksmbd_decode_ntlmssp_neg_blob() - helper function to construct + * negotiate blob + * @negblob: negotiate blob source pointer + * @rsp: response header pointer to be updated + * @sess: session of connection + * + */ +int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob, + int blob_len, + struct ksmbd_session *sess) +{ + if (blob_len < sizeof(struct negotiate_message)) { + ksmbd_debug(AUTH, "negotiate blob len %d too small\n", + blob_len); + return -EINVAL; + } + + if (memcmp(negblob->Signature, "NTLMSSP", 8)) { + ksmbd_debug(AUTH, "blob signature incorrect %s\n", + negblob->Signature); + return -EINVAL; + } + + sess->ntlmssp.client_flags = le32_to_cpu(negblob->NegotiateFlags); + return 0; +} + +/** + * ksmbd_build_ntlmssp_challenge_blob() - helper function to construct + * challenge blob + * @chgblob: challenge blob source pointer to initialize + * @rsp: response header pointer to be updated + * @sess: session of connection + * + */ +unsigned int +ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, + struct ksmbd_session *sess) +{ + struct target_info *tinfo; + wchar_t *name; + __u8 *target_name; + unsigned int len, flags, blob_off, blob_len, type, target_info_len = 0; + int cflags = sess->ntlmssp.client_flags; + + memcpy(chgblob->Signature, NTLMSSP_SIGNATURE, 8); + chgblob->MessageType = NtLmChallenge; + + flags = NTLMSSP_NEGOTIATE_UNICODE | + NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_TARGET_TYPE_SERVER | + NTLMSSP_NEGOTIATE_TARGET_INFO; + + if (cflags & NTLMSSP_NEGOTIATE_SIGN) { + flags |= NTLMSSP_NEGOTIATE_SIGN; + flags |= cflags & (NTLMSSP_NEGOTIATE_128 | + NTLMSSP_NEGOTIATE_56); + } + + if (cflags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN) + flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN; + + if (cflags & NTLMSSP_REQUEST_TARGET) + flags |= NTLMSSP_REQUEST_TARGET; + + if (sess->conn->use_spnego && + (cflags & NTLMSSP_NEGOTIATE_EXTENDED_SEC)) + flags |= NTLMSSP_NEGOTIATE_EXTENDED_SEC; + + chgblob->NegotiateFlags = cpu_to_le32(flags); + len = strlen(ksmbd_netbios_name()); + name = kmalloc(2 + (len * 2), GFP_KERNEL); + if (!name) + return -ENOMEM; + + len = smb_strtoUTF16((__le16 *)name, ksmbd_netbios_name(), len, + sess->conn->local_nls); + len = UNICODE_LEN(len); + + blob_off = sizeof(struct challenge_message); + blob_len = blob_off + len; + + chgblob->TargetName.Length = cpu_to_le16(len); + chgblob->TargetName.MaximumLength = cpu_to_le16(len); + chgblob->TargetName.BufferOffset = cpu_to_le32(blob_off); + + /* Initialize random conn challenge */ + get_random_bytes(sess->ntlmssp.cryptkey, sizeof(__u64)); + memcpy(chgblob->Challenge, sess->ntlmssp.cryptkey, + CIFS_CRYPTO_KEY_SIZE); + + /* Add Target Information to security buffer */ + chgblob->TargetInfoArray.BufferOffset = cpu_to_le32(blob_len); + + target_name = (__u8 *)chgblob + blob_off; + memcpy(target_name, name, len); + tinfo = (struct target_info *)(target_name + len); + + chgblob->TargetInfoArray.Length = 0; + /* Add target info list for NetBIOS/DNS settings */ + for (type = NTLMSSP_AV_NB_COMPUTER_NAME; + type <= NTLMSSP_AV_DNS_DOMAIN_NAME; type++) { + tinfo->Type = cpu_to_le16(type); + tinfo->Length = cpu_to_le16(len); + memcpy(tinfo->Content, name, len); + tinfo = (struct target_info *)((char *)tinfo + 4 + len); + target_info_len += 4 + len; + } + + /* Add terminator subblock */ + tinfo->Type = 0; + tinfo->Length = 0; + target_info_len += 4; + + chgblob->TargetInfoArray.Length = cpu_to_le16(target_info_len); + chgblob->TargetInfoArray.MaximumLength = cpu_to_le16(target_info_len); + blob_len += target_info_len; + kfree(name); + ksmbd_debug(AUTH, "NTLMSSP SecurityBufferLength %d\n", blob_len); + return blob_len; +} + +#ifdef CONFIG_SMB_SERVER_KERBEROS5 +int ksmbd_krb5_authenticate(struct ksmbd_session *sess, + char *in_blob, int in_len, + char *out_blob, int *out_len) +{ + struct ksmbd_spnego_authen_response *resp; + struct ksmbd_user *user = NULL; + int retval; + + resp = ksmbd_ipc_spnego_authen_request(in_blob, in_len); + if (!resp) { + ksmbd_debug(AUTH, "SPNEGO_AUTHEN_REQUEST failure\n"); + return -EINVAL; + } + + if (!(resp->login_response.status & KSMBD_USER_FLAG_OK)) { + ksmbd_debug(AUTH, "krb5 authentication failure\n"); + retval = -EPERM; + goto out; + } + + if (*out_len <= resp->spnego_blob_len) { + ksmbd_debug(AUTH, "buf len %d, but blob len %d\n", + *out_len, resp->spnego_blob_len); + retval = -EINVAL; + goto out; + } + + if (resp->session_key_len > sizeof(sess->sess_key)) { + ksmbd_debug(AUTH, "session key is too long\n"); + retval = -EINVAL; + goto out; + } + + user = ksmbd_alloc_user(&resp->login_response); + if (!user) { + ksmbd_debug(AUTH, "login failure\n"); + retval = -ENOMEM; + goto out; + } + sess->user = user; + + memcpy(sess->sess_key, resp->payload, resp->session_key_len); + memcpy(out_blob, resp->payload + resp->session_key_len, + resp->spnego_blob_len); + *out_len = resp->spnego_blob_len; + retval = 0; +out: + ksmbd_free(resp); + return retval; +} +#else +int ksmbd_krb5_authenticate(struct ksmbd_session *sess, + char *in_blob, int in_len, + char *out_blob, int *out_len) +{ + return -EOPNOTSUPP; +} +#endif + +/** + * ksmbd_sign_smb2_pdu() - function to generate packet signing + * @conn: connection + * @key: signing key + * @iov: buffer iov array + * @n_vec: number of iovecs + * @sig: signature value generated for client request packet + * + */ +int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, + char *key, + struct kvec *iov, + int n_vec, + char *sig) +{ + struct ksmbd_crypto_ctx *ctx; + int rc = -EINVAL; + int i; + + ctx = ksmbd_crypto_ctx_find_hmacsha256(); + if (!ctx) { + ksmbd_debug(AUTH, "could not crypto alloc hmacmd5 rc %d\n", rc); + goto out; + } + + rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx), + key, + SMB2_NTLMV2_SESSKEY_SIZE); + if (rc) + goto out; + + rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx)); + if (rc) { + ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc); + goto out; + } + + for (i = 0; i < n_vec; i++) { + rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), + iov[i].iov_base, + iov[i].iov_len); + if (rc) { + ksmbd_debug(AUTH, "hmacsha256 update error %d\n", rc); + goto out; + } + } + + rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), sig); + if (rc) + ksmbd_debug(AUTH, "hmacsha256 generation error %d\n", rc); +out: + ksmbd_release_crypto_ctx(ctx); + return rc; +} + +/** + * ksmbd_sign_smb3_pdu() - function to generate packet signing + * @conn: connection + * @key: signing key + * @iov: buffer iov array + * @n_vec: number of iovecs + * @sig: signature value generated for client request packet + * + */ +int ksmbd_sign_smb3_pdu(struct ksmbd_conn *conn, + char *key, + struct kvec *iov, + int n_vec, + char *sig) +{ + struct ksmbd_crypto_ctx *ctx; + int rc = -EINVAL; + int i; + + ctx = ksmbd_crypto_ctx_find_cmacaes(); + if (!ctx) { + ksmbd_debug(AUTH, "could not crypto alloc cmac rc %d\n", rc); + goto out; + } + + rc = crypto_shash_setkey(CRYPTO_CMACAES_TFM(ctx), + key, + SMB2_CMACAES_SIZE); + if (rc) + goto out; + + rc = crypto_shash_init(CRYPTO_CMACAES(ctx)); + if (rc) { + ksmbd_debug(AUTH, "cmaces init error %d\n", rc); + goto out; + } + + for (i = 0; i < n_vec; i++) { + rc = crypto_shash_update(CRYPTO_CMACAES(ctx), + iov[i].iov_base, + iov[i].iov_len); + if (rc) { + ksmbd_debug(AUTH, "cmaces update error %d\n", rc); + goto out; + } + } + + rc = crypto_shash_final(CRYPTO_CMACAES(ctx), sig); + if (rc) + ksmbd_debug(AUTH, "cmaces generation error %d\n", rc); +out: + ksmbd_release_crypto_ctx(ctx); + return rc; +} + +struct derivation { + struct kvec label; + struct kvec context; + bool binding; +}; + +static int generate_key(struct ksmbd_session *sess, struct kvec label, + struct kvec context, __u8 *key, unsigned int key_size) +{ + unsigned char zero = 0x0; + __u8 i[4] = {0, 0, 0, 1}; + __u8 L[4] = {0, 0, 0, 128}; + int rc = -EINVAL; + unsigned char prfhash[SMB2_HMACSHA256_SIZE]; + unsigned char *hashptr = prfhash; + struct ksmbd_crypto_ctx *ctx; + + memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE); + memset(key, 0x0, key_size); + + ctx = ksmbd_crypto_ctx_find_hmacsha256(); + if (!ctx) { + ksmbd_debug(AUTH, "could not crypto alloc hmacmd5 rc %d\n", rc); + goto smb3signkey_ret; + } + + rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx), + sess->sess_key, + SMB2_NTLMV2_SESSKEY_SIZE); + if (rc) + goto smb3signkey_ret; + + rc = crypto_shash_init(CRYPTO_HMACSHA256(ctx)); + if (rc) { + ksmbd_debug(AUTH, "hmacsha256 init error %d\n", rc); + goto smb3signkey_ret; + } + + rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), i, 4); + if (rc) { + ksmbd_debug(AUTH, "could not update with n\n"); + goto smb3signkey_ret; + } + + rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), + label.iov_base, + label.iov_len); + if (rc) { + ksmbd_debug(AUTH, "could not update with label\n"); + goto smb3signkey_ret; + } + + rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), &zero, 1); + if (rc) { + ksmbd_debug(AUTH, "could not update with zero\n"); + goto smb3signkey_ret; + } + + rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), + context.iov_base, + context.iov_len); + if (rc) { + ksmbd_debug(AUTH, "could not update with context\n"); + goto smb3signkey_ret; + } + + rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L, 4); + if (rc) { + ksmbd_debug(AUTH, "could not update with L\n"); + goto smb3signkey_ret; + } + + rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), hashptr); + if (rc) { + ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n", + rc); + goto smb3signkey_ret; + } + + memcpy(key, hashptr, key_size); + +smb3signkey_ret: + ksmbd_release_crypto_ctx(ctx); + return rc; +} + +static int generate_smb3signingkey(struct ksmbd_session *sess, + const struct derivation *signing) +{ + int rc; + struct channel *chann; + char *key; + + chann = lookup_chann_list(sess); + if (!chann) + return 0; + + if (sess->conn->dialect >= SMB30_PROT_ID && signing->binding) + key = chann->smb3signingkey; + else + key = sess->smb3signingkey; + + rc = generate_key(sess, signing->label, signing->context, key, + SMB3_SIGN_KEY_SIZE); + if (rc) + return rc; + + if (!(sess->conn->dialect >= SMB30_PROT_ID && signing->binding)) + memcpy(chann->smb3signingkey, key, SMB3_SIGN_KEY_SIZE); + + ksmbd_debug(AUTH, "dumping generated AES signing keys\n"); + ksmbd_debug(AUTH, "Session Id %llu\n", sess->id); + ksmbd_debug(AUTH, "Session Key %*ph\n", + SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key); + ksmbd_debug(AUTH, "Signing Key %*ph\n", + SMB3_SIGN_KEY_SIZE, key); + return rc; +} + +int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess) +{ + struct derivation d; + + d.label.iov_base = "SMB2AESCMAC"; + d.label.iov_len = 12; + d.context.iov_base = "SmbSign"; + d.context.iov_len = 8; + d.binding = false; + + return generate_smb3signingkey(sess, &d); +} + +int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess) +{ + struct derivation d; + + d.label.iov_base = "SMBSigningKey"; + d.label.iov_len = 14; + d.context.iov_base = sess->Preauth_HashValue; + d.context.iov_len = 64; + d.binding = false; + + return generate_smb3signingkey(sess, &d); +} + +struct derivation_twin { + struct derivation encryption; + struct derivation decryption; +}; + +static int generate_smb3encryptionkey(struct ksmbd_session *sess, + const struct derivation_twin *ptwin) +{ + int rc; + + rc = generate_key(sess, ptwin->encryption.label, + ptwin->encryption.context, sess->smb3encryptionkey, + SMB3_SIGN_KEY_SIZE); + if (rc) + return rc; + + rc = generate_key(sess, ptwin->decryption.label, + ptwin->decryption.context, + sess->smb3decryptionkey, SMB3_SIGN_KEY_SIZE); + if (rc) + return rc; + + ksmbd_debug(AUTH, "dumping generated AES encryption keys\n"); + ksmbd_debug(AUTH, "Session Id %llu\n", sess->id); + ksmbd_debug(AUTH, "Session Key %*ph\n", + SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key); + ksmbd_debug(AUTH, "ServerIn Key %*ph\n", + SMB3_SIGN_KEY_SIZE, sess->smb3encryptionkey); + ksmbd_debug(AUTH, "ServerOut Key %*ph\n", + SMB3_SIGN_KEY_SIZE, sess->smb3decryptionkey); + return rc; +} + +int ksmbd_gen_smb30_encryptionkey(struct ksmbd_session *sess) +{ + struct derivation_twin twin; + struct derivation *d; + + d = &twin.encryption; + d->label.iov_base = "SMB2AESCCM"; + d->label.iov_len = 11; + d->context.iov_base = "ServerOut"; + d->context.iov_len = 10; + + d = &twin.decryption; + d->label.iov_base = "SMB2AESCCM"; + d->label.iov_len = 11; + d->context.iov_base = "ServerIn "; + d->context.iov_len = 10; + + return generate_smb3encryptionkey(sess, &twin); +} + +int ksmbd_gen_smb311_encryptionkey(struct ksmbd_session *sess) +{ + struct derivation_twin twin; + struct derivation *d; + + d = &twin.encryption; + d->label.iov_base = "SMBS2CCipherKey"; + d->label.iov_len = 16; + d->context.iov_base = sess->Preauth_HashValue; + d->context.iov_len = 64; + + d = &twin.decryption; + d->label.iov_base = "SMBC2SCipherKey"; + d->label.iov_len = 16; + d->context.iov_base = sess->Preauth_HashValue; + d->context.iov_len = 64; + + return generate_smb3encryptionkey(sess, &twin); +} + +int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, + char *buf, + __u8 *pi_hash) +{ + int rc = -1; + struct smb2_hdr *rcv_hdr = (struct smb2_hdr *)buf; + char *all_bytes_msg = (char *)&rcv_hdr->ProtocolId; + int msg_size = be32_to_cpu(rcv_hdr->smb2_buf_length); + struct ksmbd_crypto_ctx *ctx = NULL; + + if (conn->preauth_info->Preauth_HashId == + SMB2_PREAUTH_INTEGRITY_SHA512) { + ctx = ksmbd_crypto_ctx_find_sha512(); + if (!ctx) { + ksmbd_debug(AUTH, "could not alloc sha512 rc %d\n", rc); + goto out; + } + } else + goto out; + + rc = crypto_shash_init(CRYPTO_SHA512(ctx)); + if (rc) { + ksmbd_debug(AUTH, "could not init shashn"); + goto out; + } + + rc = crypto_shash_update(CRYPTO_SHA512(ctx), pi_hash, 64); + if (rc) { + ksmbd_debug(AUTH, "could not update with n\n"); + goto out; + } + + rc = crypto_shash_update(CRYPTO_SHA512(ctx), all_bytes_msg, msg_size); + if (rc) { + ksmbd_debug(AUTH, "could not update with n\n"); + goto out; + } + + rc = crypto_shash_final(CRYPTO_SHA512(ctx), pi_hash); + if (rc) { + ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc); + goto out; + } +out: + ksmbd_release_crypto_ctx(ctx); + return rc; +} + +int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len, + __u8 *pi_hash) +{ + int rc = -1; + struct ksmbd_crypto_ctx *ctx = NULL; + + ctx = ksmbd_crypto_ctx_find_sha256(); + if (!ctx) { + ksmbd_debug(AUTH, "could not alloc sha256 rc %d\n", rc); + goto out; + } + + rc = crypto_shash_init(CRYPTO_SHA256(ctx)); + if (rc) { + ksmbd_debug(AUTH, "could not init shashn"); + goto out; + } + + rc = crypto_shash_update(CRYPTO_SHA256(ctx), sd_buf, len); + if (rc) { + ksmbd_debug(AUTH, "could not update with n\n"); + goto out; + } + + rc = crypto_shash_final(CRYPTO_SHA256(ctx), pi_hash); + if (rc) { + ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc); + goto out; + } +out: + ksmbd_release_crypto_ctx(ctx); + return rc; +} + +static int ksmbd_get_encryption_key(struct ksmbd_conn *conn, + __u64 ses_id, + int enc, + u8 *key) +{ + struct ksmbd_session *sess; + u8 *ses_enc_key; + + sess = ksmbd_session_lookup(conn, ses_id); + if (!sess) + return 1; + + ses_enc_key = enc ? sess->smb3encryptionkey : + sess->smb3decryptionkey; + memcpy(key, ses_enc_key, SMB3_SIGN_KEY_SIZE); + + return 0; +} + +static inline void smb2_sg_set_buf(struct scatterlist *sg, const void *buf, + unsigned int buflen) +{ + void *addr; + + if (is_vmalloc_addr(buf)) + addr = vmalloc_to_page(buf); + else + addr = virt_to_page(buf); + sg_set_page(sg, addr, buflen, offset_in_page(buf)); +} + +static struct scatterlist *ksmbd_init_sg(struct kvec *iov, + unsigned int nvec, + u8 *sign) +{ + struct scatterlist *sg; + unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 24; + int i, nr_entries[3] = {0}, total_entries = 0, sg_idx = 0; + + for (i = 0; i < nvec - 1; i++) { + unsigned long kaddr = (unsigned long)iov[i + 1].iov_base; + + if (is_vmalloc_addr(iov[i + 1].iov_base)) { + nr_entries[i] = ((kaddr + iov[i + 1].iov_len + + PAGE_SIZE - 1) >> PAGE_SHIFT) - + (kaddr >> PAGE_SHIFT); + } else + nr_entries[i]++; + total_entries += nr_entries[i]; + } + + /* Add two entries for transform header and signature */ + total_entries += 2; + + sg = kmalloc_array(total_entries, sizeof(struct scatterlist), GFP_KERNEL); + if (!sg) + return NULL; + + sg_init_table(sg, total_entries); + smb2_sg_set_buf(&sg[sg_idx++], iov[0].iov_base + 24, assoc_data_len); + for (i = 0; i < nvec - 1; i++) { + void *data = iov[i + 1].iov_base; + int len = iov[i + 1].iov_len; + + if (is_vmalloc_addr(data)) { + int j, offset = offset_in_page(data); + + for (j = 0; j < nr_entries[i]; j++) { + unsigned int bytes = PAGE_SIZE - offset; + + if (len <= 0) + break; + + if (bytes > len) + bytes = len; + + sg_set_page(&sg[sg_idx++], + vmalloc_to_page(data), bytes, + offset_in_page(data)); + + data += bytes; + len -= bytes; + offset = 0; + } + } else { + sg_set_page(&sg[sg_idx++], virt_to_page(data), len, + offset_in_page(data)); + } + + } + smb2_sg_set_buf(&sg[sg_idx], sign, SMB2_SIGNATURE_SIZE); + return sg; +} + +int ksmbd_crypt_message(struct ksmbd_conn *conn, + struct kvec *iov, + unsigned int nvec, + int enc) +{ + struct smb2_transform_hdr *tr_hdr = + (struct smb2_transform_hdr *)iov[0].iov_base; + unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 24; + int rc = 0; + struct scatterlist *sg; + u8 sign[SMB2_SIGNATURE_SIZE] = {}; + u8 key[SMB3_SIGN_KEY_SIZE]; + struct aead_request *req; + char *iv; + unsigned int iv_len; + struct crypto_aead *tfm; + unsigned int crypt_len = le32_to_cpu(tr_hdr->OriginalMessageSize); + struct ksmbd_crypto_ctx *ctx; + + rc = ksmbd_get_encryption_key(conn, + le64_to_cpu(tr_hdr->SessionId), + enc, + key); + if (rc) { + ksmbd_err("Could not get %scryption key\n", enc ? "en" : "de"); + return 0; + } + + if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM) + ctx = ksmbd_crypto_ctx_find_gcm(); + else + ctx = ksmbd_crypto_ctx_find_ccm(); + if (!ctx) { + ksmbd_err("crypto alloc failed\n"); + return -EINVAL; + } + + if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM) + tfm = CRYPTO_GCM(ctx); + else + tfm = CRYPTO_CCM(ctx); + + rc = crypto_aead_setkey(tfm, key, SMB3_SIGN_KEY_SIZE); + if (rc) { + ksmbd_err("Failed to set aead key %d\n", rc); + goto free_ctx; + } + + rc = crypto_aead_setauthsize(tfm, SMB2_SIGNATURE_SIZE); + if (rc) { + ksmbd_err("Failed to set authsize %d\n", rc); + goto free_ctx; + } + + req = aead_request_alloc(tfm, GFP_KERNEL); + if (!req) { + ksmbd_err("Failed to alloc aead request\n"); + rc = -ENOMEM; + goto free_ctx; + } + + if (!enc) { + memcpy(sign, &tr_hdr->Signature, SMB2_SIGNATURE_SIZE); + crypt_len += SMB2_SIGNATURE_SIZE; + } + + sg = ksmbd_init_sg(iov, nvec, sign); + if (!sg) { + ksmbd_err("Failed to init sg\n"); + rc = -ENOMEM; + goto free_req; + } + + iv_len = crypto_aead_ivsize(tfm); + iv = kzalloc(iv_len, GFP_KERNEL); + if (!iv) { + ksmbd_err("Failed to alloc IV\n"); + rc = -ENOMEM; + goto free_sg; + } + + if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM) + memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES128GCM_NONCE); + else { + iv[0] = 3; + memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES128CCM_NONCE); + } + + aead_request_set_crypt(req, sg, sg, crypt_len, iv); + aead_request_set_ad(req, assoc_data_len); + aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL); + + if (enc) + rc = crypto_aead_encrypt(req); + else + rc = crypto_aead_decrypt(req); + if (!rc && enc) + memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE); + + kfree(iv); +free_sg: + kfree(sg); +free_req: + kfree(req); +free_ctx: + ksmbd_release_crypto_ctx(ctx); + return rc; +} diff --git a/fs/cifsd/auth.h b/fs/cifsd/auth.h new file mode 100644 index 000000000000..6fcfad5e7e1f --- /dev/null +++ b/fs/cifsd/auth.h @@ -0,0 +1,90 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#ifndef __AUTH_H__ +#define __AUTH_H__ + +#include "ntlmssp.h" + +#ifdef CONFIG_SMB_SERVER_KERBEROS5 +#define AUTH_GSS_LENGTH 96 +#define AUTH_GSS_PADDING 0 +#else +#define AUTH_GSS_LENGTH 74 +#define AUTH_GSS_PADDING 6 +#endif + +#define CIFS_HMAC_MD5_HASH_SIZE (16) +#define CIFS_NTHASH_SIZE (16) + +/* + * Size of the ntlm client response + */ +#define CIFS_AUTH_RESP_SIZE 24 +#define CIFS_SMB1_SIGNATURE_SIZE 8 +#define CIFS_SMB1_SESSKEY_SIZE 16 + +#define KSMBD_AUTH_NTLMSSP 0x0001 +#define KSMBD_AUTH_KRB5 0x0002 +#define KSMBD_AUTH_MSKRB5 0x0004 +#define KSMBD_AUTH_KRB5U2U 0x0008 + +struct ksmbd_session; +struct ksmbd_conn; +struct kvec; + +int ksmbd_crypt_message(struct ksmbd_conn *conn, + struct kvec *iov, + unsigned int nvec, + int enc); + +void ksmbd_copy_gss_neg_header(void *buf); + +int ksmbd_auth_ntlm(struct ksmbd_session *sess, + char *pw_buf); + +int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, + struct ntlmv2_resp *ntlmv2, + int blen, + char *domain_name); + +int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, + int blob_len, + struct ksmbd_session *sess); + +int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob, + int blob_len, + struct ksmbd_session *sess); + +unsigned int +ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, + struct ksmbd_session *sess); + +int ksmbd_krb5_authenticate(struct ksmbd_session *sess, + char *in_blob, int in_len, + char *out_blob, int *out_len); + +int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, + char *key, + struct kvec *iov, + int n_vec, + char *sig); +int ksmbd_sign_smb3_pdu(struct ksmbd_conn *conn, + char *key, + struct kvec *iov, + int n_vec, + char *sig); + +int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess); +int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess); +int ksmbd_gen_smb30_encryptionkey(struct ksmbd_session *sess); +int ksmbd_gen_smb311_encryptionkey(struct ksmbd_session *sess); + +int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, + char *buf, + __u8 *pi_hash); +int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len, + __u8 *pi_hash); +#endif diff --git a/fs/cifsd/crypto_ctx.c b/fs/cifsd/crypto_ctx.c new file mode 100644 index 000000000000..15d7e2f7c3d7 --- /dev/null +++ b/fs/cifsd/crypto_ctx.c @@ -0,0 +1,287 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2019 Samsung Electronics Co., Ltd. + */ + +#include <linux/kernel.h> +#include <linux/string.h> +#include <linux/err.h> +#include <linux/slab.h> +#include <linux/wait.h> +#include <linux/sched.h> +#include <linux/version.h> + +#include "glob.h" +#include "crypto_ctx.h" +#include "buffer_pool.h" + +struct crypto_ctx_list { + spinlock_t ctx_lock; + int avail_ctx; + struct list_head idle_ctx; + wait_queue_head_t ctx_wait; +}; + +static struct crypto_ctx_list ctx_list; + +static inline void free_aead(struct crypto_aead *aead) +{ + if (aead) + crypto_free_aead(aead); +} + +static void free_shash(struct shash_desc *shash) +{ + if (shash) { + crypto_free_shash(shash->tfm); + kfree(shash); + } +} + +static struct crypto_aead *alloc_aead(int id) +{ + struct crypto_aead *tfm = NULL; + + switch (id) { + case CRYPTO_AEAD_AES128_GCM: + tfm = crypto_alloc_aead("gcm(aes)", 0, 0); + break; + case CRYPTO_AEAD_AES128_CCM: + tfm = crypto_alloc_aead("ccm(aes)", 0, 0); + break; + default: + ksmbd_err("Does not support encrypt ahead(id : %d)\n", id); + return NULL; + } + + if (IS_ERR(tfm)) { + ksmbd_err("Failed to alloc encrypt aead : %ld\n", PTR_ERR(tfm)); + return NULL; + } + + return tfm; +} + +static struct shash_desc *alloc_shash_desc(int id) +{ + struct crypto_shash *tfm = NULL; + struct shash_desc *shash; + + switch (id) { + case CRYPTO_SHASH_HMACMD5: + tfm = crypto_alloc_shash("hmac(md5)", 0, 0); + break; + case CRYPTO_SHASH_HMACSHA256: + tfm = crypto_alloc_shash("hmac(sha256)", 0, 0); + break; + case CRYPTO_SHASH_CMACAES: + tfm = crypto_alloc_shash("cmac(aes)", 0, 0); + break; + case CRYPTO_SHASH_SHA256: + tfm = crypto_alloc_shash("sha256", 0, 0); + break; + case CRYPTO_SHASH_SHA512: + tfm = crypto_alloc_shash("sha512", 0, 0); + break; + case CRYPTO_SHASH_MD4: + tfm = crypto_alloc_shash("md4", 0, 0); + break; + case CRYPTO_SHASH_MD5: + tfm = crypto_alloc_shash("md5", 0, 0); + break; + } + + if (IS_ERR(tfm)) + return NULL; + + shash = kzalloc(sizeof(*shash) + crypto_shash_descsize(tfm), + GFP_KERNEL); + if (!shash) + crypto_free_shash(tfm); + else + shash->tfm = tfm; + return shash; +} + +static struct ksmbd_crypto_ctx *ctx_alloc(void) +{ + return ksmbd_alloc(sizeof(struct ksmbd_crypto_ctx)); +} + +static void ctx_free(struct ksmbd_crypto_ctx *ctx) +{ + int i; + + for (i = 0; i < CRYPTO_SHASH_MAX; i++) + free_shash(ctx->desc[i]); + for (i = 0; i < CRYPTO_AEAD_MAX; i++) + free_aead(ctx->ccmaes[i]); + ksmbd_free(ctx); +} + +static struct ksmbd_crypto_ctx *ksmbd_find_crypto_ctx(void) +{ + struct ksmbd_crypto_ctx *ctx; + + while (1) { + spin_lock(&ctx_list.ctx_lock); + if (!list_empty(&ctx_list.idle_ctx)) { + ctx = list_entry(ctx_list.idle_ctx.next, + struct ksmbd_crypto_ctx, + list); + list_del(&ctx->list); + spin_unlock(&ctx_list.ctx_lock); + return ctx; + } + + if (ctx_list.avail_ctx > num_online_cpus()) { + spin_unlock(&ctx_list.ctx_lock); + wait_event(ctx_list.ctx_wait, + !list_empty(&ctx_list.idle_ctx)); + continue; + } + + ctx_list.avail_ctx++; + spin_unlock(&ctx_list.ctx_lock); + + ctx = ctx_alloc(); + if (!ctx) { + spin_lock(&ctx_list.ctx_lock); + ctx_list.avail_ctx--; + spin_unlock(&ctx_list.ctx_lock); + wait_event(ctx_list.ctx_wait, + !list_empty(&ctx_list.idle_ctx)); + continue; + } + break; + } + return ctx; +} + +void ksmbd_release_crypto_ctx(struct ksmbd_crypto_ctx *ctx) +{ + if (!ctx) + return; + + spin_lock(&ctx_list.ctx_lock); + if (ctx_list.avail_ctx <= num_online_cpus()) { + list_add(&ctx->list, &ctx_list.idle_ctx); + spin_unlock(&ctx_list.ctx_lock); + wake_up(&ctx_list.ctx_wait); + return; + } + + ctx_list.avail_ctx--; + spin_unlock(&ctx_list.ctx_lock); + ctx_free(ctx); +} + +static struct ksmbd_crypto_ctx *____crypto_shash_ctx_find(int id) +{ + struct ksmbd_crypto_ctx *ctx; + + if (id >= CRYPTO_SHASH_MAX) + return NULL; + + ctx = ksmbd_find_crypto_ctx(); + if (ctx->desc[id]) + return ctx; + + ctx->desc[id] = alloc_shash_desc(id); + if (ctx->desc[id]) + return ctx; + ksmbd_release_crypto_ctx(ctx); + return NULL; +} + +struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_hmacmd5(void) +{ + return ____crypto_shash_ctx_find(CRYPTO_SHASH_HMACMD5); +} + +struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_hmacsha256(void) +{ + return ____crypto_shash_ctx_find(CRYPTO_SHASH_HMACSHA256); +} + +struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_cmacaes(void) +{ + return ____crypto_shash_ctx_find(CRYPTO_SHASH_CMACAES); +} + +struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_sha256(void) +{ + return ____crypto_shash_ctx_find(CRYPTO_SHASH_SHA256); +} + +struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_sha512(void) +{ + return ____crypto_shash_ctx_find(CRYPTO_SHASH_SHA512); +} + +struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_md4(void) +{ + return ____crypto_shash_ctx_find(CRYPTO_SHASH_MD4); +} + +struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_md5(void) +{ + return ____crypto_shash_ctx_find(CRYPTO_SHASH_MD5); +} + +static struct ksmbd_crypto_ctx *____crypto_aead_ctx_find(int id) +{ + struct ksmbd_crypto_ctx *ctx; + + if (id >= CRYPTO_AEAD_MAX) + return NULL; + + ctx = ksmbd_find_crypto_ctx(); + if (ctx->ccmaes[id]) + return ctx; + + ctx->ccmaes[id] = alloc_aead(id); + if (ctx->ccmaes[id]) + return ctx; + ksmbd_release_crypto_ctx(ctx); + return NULL; +} + +struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_gcm(void) +{ + return ____crypto_aead_ctx_find(CRYPTO_AEAD_AES128_GCM); +} + +struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_ccm(void) +{ + return ____crypto_aead_ctx_find(CRYPTO_AEAD_AES128_CCM); +} + +void ksmbd_crypto_destroy(void) +{ + struct ksmbd_crypto_ctx *ctx; + + while (!list_empty(&ctx_list.idle_ctx)) { + ctx = list_entry(ctx_list.idle_ctx.next, + struct ksmbd_crypto_ctx, + list); + list_del(&ctx->list); + ctx_free(ctx); + } +} + +int ksmbd_crypto_create(void) +{ + struct ksmbd_crypto_ctx *ctx; + + spin_lock_init(&ctx_list.ctx_lock); + INIT_LIST_HEAD(&ctx_list.idle_ctx); + init_waitqueue_head(&ctx_list.ctx_wait); + ctx_list.avail_ctx = 1; + + ctx = ctx_alloc(); + if (!ctx) + return -ENOMEM; + list_add(&ctx->list, &ctx_list.idle_ctx); + return 0; +} diff --git a/fs/cifsd/crypto_ctx.h b/fs/cifsd/crypto_ctx.h new file mode 100644 index 000000000000..64a11dfd6c83 --- /dev/null +++ b/fs/cifsd/crypto_ctx.h @@ -0,0 +1,77 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2019 Samsung Electronics Co., Ltd. + */ + +#ifndef __CRYPTO_CTX_H__ +#define __CRYPTO_CTX_H__ + +#include <crypto/hash.h> +#include <crypto/aead.h> + +enum { + CRYPTO_SHASH_HMACMD5 = 0, + CRYPTO_SHASH_HMACSHA256, + CRYPTO_SHASH_CMACAES, + CRYPTO_SHASH_SHA256, + CRYPTO_SHASH_SHA512, + CRYPTO_SHASH_MD4, + CRYPTO_SHASH_MD5, + CRYPTO_SHASH_MAX, +}; + +enum { + CRYPTO_AEAD_AES128_GCM = 16, + CRYPTO_AEAD_AES128_CCM, + CRYPTO_AEAD_MAX, +}; + +enum { + CRYPTO_BLK_ECBDES = 32, + CRYPTO_BLK_MAX, +}; + +struct ksmbd_crypto_ctx { + struct list_head list; + + struct shash_desc *desc[CRYPTO_SHASH_MAX]; + struct crypto_aead *ccmaes[CRYPTO_AEAD_MAX]; +}; + +#define CRYPTO_HMACMD5(c) ((c)->desc[CRYPTO_SHASH_HMACMD5]) +#define CRYPTO_HMACSHA256(c) ((c)->desc[CRYPTO_SHASH_HMACSHA256]) +#define CRYPTO_CMACAES(c) ((c)->desc[CRYPTO_SHASH_CMACAES]) +#define CRYPTO_SHA256(c) ((c)->desc[CRYPTO_SHASH_SHA256]) +#define CRYPTO_SHA512(c) ((c)->desc[CRYPTO_SHASH_SHA512]) +#define CRYPTO_MD4(c) ((c)->desc[CRYPTO_SHASH_MD4]) +#define CRYPTO_MD5(c) ((c)->desc[CRYPTO_SHASH_MD5]) + +#define CRYPTO_HMACMD5_TFM(c) ((c)->desc[CRYPTO_SHASH_HMACMD5]->tfm) +#define CRYPTO_HMACSHA256_TFM(c)\ + ((c)->desc[CRYPTO_SHASH_HMACSHA256]->tfm) +#define CRYPTO_CMACAES_TFM(c) ((c)->desc[CRYPTO_SHASH_CMACAES]->tfm) +#define CRYPTO_SHA256_TFM(c) ((c)->desc[CRYPTO_SHASH_SHA256]->tfm) +#define CRYPTO_SHA512_TFM(c) ((c)->desc[CRYPTO_SHASH_SHA512]->tfm) +#define CRYPTO_MD4_TFM(c) ((c)->desc[CRYPTO_SHASH_MD4]->tfm) +#define CRYPTO_MD5_TFM(c) ((c)->desc[CRYPTO_SHASH_MD5]->tfm) + +#define CRYPTO_GCM(c) ((c)->ccmaes[CRYPTO_AEAD_AES128_GCM]) +#define CRYPTO_CCM(c) ((c)->ccmaes[CRYPTO_AEAD_AES128_CCM]) + +void ksmbd_release_crypto_ctx(struct ksmbd_crypto_ctx *ctx); + +struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_hmacmd5(void); +struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_hmacsha256(void); +struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_cmacaes(void); +struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_sha512(void); +struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_sha256(void); +struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_md4(void); +struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_md5(void); + +struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_gcm(void); +struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_ccm(void); + +void ksmbd_crypto_destroy(void); +int ksmbd_crypto_create(void); + +#endif /* __CRYPTO_CTX_H__ */ diff --git a/fs/cifsd/mgmt/ksmbd_ida.c b/fs/cifsd/mgmt/ksmbd_ida.c new file mode 100644 index 000000000000..cbc9fd049852 --- /dev/null +++ b/fs/cifsd/mgmt/ksmbd_ida.c @@ -0,0 +1,69 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#include "ksmbd_ida.h" + +struct ksmbd_ida *ksmbd_ida_alloc(void) +{ + struct ksmbd_ida *ida; + + ida = kmalloc(sizeof(struct ksmbd_ida), GFP_KERNEL); + if (!ida) + return NULL; + + ida_init(&ida->map); + return ida; +} + +void ksmbd_ida_free(struct ksmbd_ida *ida) +{ + if (!ida) + return; + + ida_destroy(&ida->map); + kfree(ida); +} + +static inline int __acquire_id(struct ksmbd_ida *ida, int from, int to) +{ + return ida_simple_get(&ida->map, from, to, GFP_KERNEL); +} + +int ksmbd_acquire_smb2_tid(struct ksmbd_ida *ida) +{ + int id; + + do { + id = __acquire_id(ida, 0, 0); + } while (id == 0xFFFF); + + return id; +} + +int ksmbd_acquire_smb2_uid(struct ksmbd_ida *ida) +{ + int id; + + do { + id = __acquire_id(ida, 1, 0); + } while (id == 0xFFFE); + + return id; +} + +int ksmbd_acquire_async_msg_id(struct ksmbd_ida *ida) +{ + return __acquire_id(ida, 1, 0); +} + +int ksmbd_acquire_id(struct ksmbd_ida *ida) +{ + return __acquire_id(ida, 0, 0); +} + +void ksmbd_release_id(struct ksmbd_ida *ida, int id) +{ + ida_simple_remove(&ida->map, id); +} diff --git a/fs/cifsd/mgmt/ksmbd_ida.h b/fs/cifsd/mgmt/ksmbd_ida.h new file mode 100644 index 000000000000..b075156adf23 --- /dev/null +++ b/fs/cifsd/mgmt/ksmbd_ida.h @@ -0,0 +1,41 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#ifndef __KSMBD_IDA_MANAGEMENT_H__ +#define __KSMBD_IDA_MANAGEMENT_H__ + +#include <linux/slab.h> +#include <linux/idr.h> + +struct ksmbd_ida { + struct ida map; +}; + +struct ksmbd_ida *ksmbd_ida_alloc(void); +void ksmbd_ida_free(struct ksmbd_ida *ida); + +/* + * 2.2.1.6.7 TID Generation + * The value 0xFFFF MUST NOT be used as a valid TID. All other + * possible values for TID, including zero (0x0000), are valid. + * The value 0xFFFF is used to specify all TIDs or no TID, + * depending upon the context in which it is used. + */ +int ksmbd_acquire_smb2_tid(struct ksmbd_ida *ida); + +/* + * 2.2.1.6.8 UID Generation + * The value 0xFFFE was declared reserved in the LAN Manager 1.0 + * documentation, so a value of 0xFFFE SHOULD NOT be used as a + * valid UID.<21> All other possible values for a UID, excluding + * zero (0x0000), are valid. + */ +int ksmbd_acquire_smb2_uid(struct ksmbd_ida *ida); +int ksmbd_acquire_async_msg_id(struct ksmbd_ida *ida); + +int ksmbd_acquire_id(struct ksmbd_ida *ida); + +void ksmbd_release_id(struct ksmbd_ida *ida, int id); +#endif /* __KSMBD_IDA_MANAGEMENT_H__ */ diff --git a/fs/cifsd/mgmt/share_config.c b/fs/cifsd/mgmt/share_config.c new file mode 100644 index 000000000000..0593702babfe --- /dev/null +++ b/fs/cifsd/mgmt/share_config.c @@ -0,0 +1,239 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#include <linux/list.h> +#include <linux/jhash.h> +#include <linux/slab.h> +#include <linux/rwsem.h> +#include <linux/parser.h> +#include <linux/namei.h> +#include <linux/sched.h> + +#include "share_config.h" +#include "user_config.h" +#include "user_session.h" +#include "../buffer_pool.h" +#include "../transport_ipc.h" +#include "../ksmbd_server.h" /* FIXME */ + +#define SHARE_HASH_BITS 3 +static DEFINE_HASHTABLE(shares_table, SHARE_HASH_BITS); +static DECLARE_RWSEM(shares_table_lock); + +struct ksmbd_veto_pattern { + char *pattern; + struct list_head list; +}; + +static unsigned int share_name_hash(char *name) +{ + return jhash(name, strlen(name), 0); +} + +static void kill_share(struct ksmbd_share_config *share) +{ + while (!list_empty(&share->veto_list)) { + struct ksmbd_veto_pattern *p; + + p = list_entry(share->veto_list.next, + struct ksmbd_veto_pattern, + list); + list_del(&p->list); + kfree(p->pattern); + kfree(p); + } + + if (share->path) + path_put(&share->vfs_path); + kfree(share->name); + kfree(share->path); + kfree(share); +} + +void __ksmbd_share_config_put(struct ksmbd_share_config *share) +{ + down_write(&shares_table_lock); + hash_del(&share->hlist); + up_write(&shares_table_lock); + + kill_share(share); +} + +static struct ksmbd_share_config * +__get_share_config(struct ksmbd_share_config *share) +{ + if (!atomic_inc_not_zero(&share->refcount)) + return NULL; + return share; +} + +static struct ksmbd_share_config *__share_lookup(char *name) +{ + struct ksmbd_share_config *share; + unsigned int key = share_name_hash(name); + + hash_for_each_possible(shares_table, share, hlist, key) { + if (!strcmp(name, share->name)) + return share; + } + return NULL; +} + +static int parse_veto_list(struct ksmbd_share_config *share, + char *veto_list, + int veto_list_sz) +{ + int sz = 0; + + if (!veto_list_sz) + return 0; + + while (veto_list_sz > 0) { + struct ksmbd_veto_pattern *p; + + p = ksmbd_alloc(sizeof(struct ksmbd_veto_pattern)); + if (!p) + return -ENOMEM; + + sz = strlen(veto_list); + if (!sz) + break; + + p->pattern = kstrdup(veto_list, GFP_KERNEL); + if (!p->pattern) { + ksmbd_free(p); + return -ENOMEM; + } + + list_add(&p->list, &share->veto_list); + + veto_list += sz + 1; + veto_list_sz -= (sz + 1); + } + + return 0; +} + +static struct ksmbd_share_config *share_config_request(char *name) +{ + struct ksmbd_share_config_response *resp; + struct ksmbd_share_config *share = NULL; + struct ksmbd_share_config *lookup; + int ret; + + resp = ksmbd_ipc_share_config_request(name); + if (!resp) + return NULL; + + if (resp->flags == KSMBD_SHARE_FLAG_INVALID) + goto out; + + share = ksmbd_alloc(sizeof(struct ksmbd_share_config)); + if (!share) + goto out; + + share->flags = resp->flags; + atomic_set(&share->refcount, 1); + INIT_LIST_HEAD(&share->veto_list); + share->name = kstrdup(name, GFP_KERNEL); + + if (!test_share_config_flag(share, KSMBD_SHARE_FLAG_PIPE)) { + share->path = kstrdup(KSMBD_SHARE_CONFIG_PATH(resp), + GFP_KERNEL); + if (share->path) + share->path_sz = strlen(share->path); + share->create_mask = resp->create_mask; + share->directory_mask = resp->directory_mask; + share->force_create_mode = resp->force_create_mode; + share->force_directory_mode = resp->force_directory_mode; + share->force_uid = resp->force_uid; + share->force_gid = resp->force_gid; + ret = parse_veto_list(share, + KSMBD_SHARE_CONFIG_VETO_LIST(resp), + resp->veto_list_sz); + if (!ret && share->path) { + ret = kern_path(share->path, 0, &share->vfs_path); + if (ret) { + ksmbd_debug(SMB, "failed to access '%s'\n", + share->path); + /* Avoid put_path() */ + kfree(share->path); + share->path = NULL; + } + } + if (ret || !share->name) { + kill_share(share); + share = NULL; + goto out; + } + } + + down_write(&shares_table_lock); + lookup = __share_lookup(name); + if (lookup) + lookup = __get_share_config(lookup); + if (!lookup) { + hash_add(shares_table, &share->hlist, share_name_hash(name)); + } else { + kill_share(share); + share = lookup; + } + up_write(&shares_table_lock); + +out: + ksmbd_free(resp); + return share; +} + +static void strtolower(char *share_name) +{ + while (*share_name) { + *share_name = tolower(*share_name); + share_name++; + } +} + +struct ksmbd_share_config *ksmbd_share_config_get(char *name) +{ + struct ksmbd_share_config *share; + + strtolower(name); + + down_read(&shares_table_lock); + share = __share_lookup(name); + if (share) + share = __get_share_config(share); + up_read(&shares_table_lock); + + if (share) + return share; + return share_config_request(name); +} + +bool ksmbd_share_veto_filename(struct ksmbd_share_config *share, + const char *filename) +{ + struct ksmbd_veto_pattern *p; + + list_for_each_entry(p, &share->veto_list, list) { + if (match_wildcard(p->pattern, filename)) + return true; + } + return false; +} + +void ksmbd_share_configs_cleanup(void) +{ + struct ksmbd_share_config *share; + struct hlist_node *tmp; + int i; + + down_write(&shares_table_lock); + hash_for_each_safe(shares_table, i, tmp, share, hlist) { + hash_del(&share->hlist); + kill_share(share); + } + up_write(&shares_table_lock); +} diff --git a/fs/cifsd/mgmt/share_config.h b/fs/cifsd/mgmt/share_config.h new file mode 100644 index 000000000000..c47b874bd80b --- /dev/null +++ b/fs/cifsd/mgmt/share_config.h @@ -0,0 +1,83 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#ifndef __SHARE_CONFIG_MANAGEMENT_H__ +#define __SHARE_CONFIG_MANAGEMENT_H__ + +#include <linux/workqueue.h> +#include <linux/hashtable.h> +#include <linux/path.h> + +#include "../glob.h" /* FIXME */ + +struct ksmbd_share_config { + char *name; + char *path; + + unsigned int path_sz; + unsigned int flags; + struct list_head veto_list; + + struct path vfs_path; + + atomic_t refcount; + struct hlist_node hlist; + unsigned short create_mask; + unsigned short directory_mask; + unsigned short force_create_mode; + unsigned short force_directory_mode; + unsigned short force_uid; + unsigned short force_gid; +}; + +#define KSMBD_SHARE_INVALID_UID ((__u16)-1) +#define KSMBD_SHARE_INVALID_GID ((__u16)-1) + +static inline int share_config_create_mode(struct ksmbd_share_config *share, + umode_t posix_mode) +{ + if (!share->force_create_mode) { + if (!posix_mode) + return share->create_mask; + else + return posix_mode & share->create_mask; + } + return share->force_create_mode & share->create_mask; +} + +static inline int share_config_directory_mode(struct ksmbd_share_config *share, + umode_t posix_mode) +{ + if (!share->force_directory_mode) { + if (!posix_mode) + return share->directory_mask; + else + return posix_mode & share->directory_mask; + } + + return share->force_directory_mode & share->directory_mask; +} + +static inline int test_share_config_flag(struct ksmbd_share_config *share, + int flag) +{ + return share->flags & flag; +} + +extern void __ksmbd_share_config_put(struct ksmbd_share_config *share); + +static inline void ksmbd_share_config_put(struct ksmbd_share_config *share) +{ + if (!atomic_dec_and_test(&share->refcount)) + return; + __ksmbd_share_config_put(share); +} + +struct ksmbd_share_config *ksmbd_share_config_get(char *name); +bool ksmbd_share_veto_filename(struct ksmbd_share_config *share, + const char *filename); +void ksmbd_share_configs_cleanup(void); + +#endif /* __SHARE_CONFIG_MANAGEMENT_H__ */ diff --git a/fs/cifsd/mgmt/tree_connect.c b/fs/cifsd/mgmt/tree_connect.c new file mode 100644 index 000000000000..2be7b2e2e3cd --- /dev/null +++ b/fs/cifsd/mgmt/tree_connect.c @@ -0,0 +1,129 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#include <linux/list.h> +#include <linux/slab.h> + +#include "../ksmbd_server.h" /* FIXME */ +#include "../buffer_pool.h" +#include "../transport_ipc.h" +#include "../connection.h" + +#include "tree_connect.h" +#include "user_config.h" +#include "share_config.h" +#include "user_session.h" + +struct ksmbd_tree_conn_status +ksmbd_tree_conn_connect(struct ksmbd_session *sess, char *share_name) +{ + struct ksmbd_tree_conn_status status = {-EINVAL, NULL}; + struct ksmbd_tree_connect_response *resp = NULL; + struct ksmbd_share_config *sc; + struct ksmbd_tree_connect *tree_conn = NULL; + struct sockaddr *peer_addr; + + sc = ksmbd_share_config_get(share_name); + if (!sc) + return status; + + tree_conn = ksmbd_alloc(sizeof(struct ksmbd_tree_connect)); + if (!tree_conn) { + status.ret = -ENOMEM; + goto out_error; + } + + tree_conn->id = ksmbd_acquire_tree_conn_id(sess); + if (tree_conn->id < 0) { + status.ret = -EINVAL; + goto out_error; + } + + peer_addr = KSMBD_TCP_PEER_SOCKADDR(sess->conn); + resp = ksmbd_ipc_tree_connect_request(sess, + sc, + tree_conn, + peer_addr); + if (!resp) { + status.ret = -EINVAL; + goto out_error; + } + + status.ret = resp->status; + if (status.ret != KSMBD_TREE_CONN_STATUS_OK) + goto out_error; + + tree_conn->flags = resp->connection_flags; + tree_conn->user = sess->user; + tree_conn->share_conf = sc; + status.tree_conn = tree_conn; + + list_add(&tree_conn->list, &sess->tree_conn_list); + + ksmbd_free(resp); + return status; + +out_error: + if (tree_conn) + ksmbd_release_tree_conn_id(sess, tree_conn->id); + ksmbd_share_config_put(sc); + ksmbd_free(tree_conn); + ksmbd_free(resp); + return status; +} + +int ksmbd_tree_conn_disconnect(struct ksmbd_session *sess, + struct ksmbd_tree_connect *tree_conn) +{ + int ret; + + ret = ksmbd_ipc_tree_disconnect_request(sess->id, tree_conn->id); + ksmbd_release_tree_conn_id(sess, tree_conn->id); + list_del(&tree_conn->list); + ksmbd_share_config_put(tree_conn->share_conf); + ksmbd_free(tree_conn); + return ret; +} + +struct ksmbd_tree_connect *ksmbd_tree_conn_lookup(struct ksmbd_session *sess, + unsigned int id) +{ + struct ksmbd_tree_connect *tree_conn; + struct list_head *tmp; + + list_for_each(tmp, &sess->tree_conn_list) { + tree_conn = list_entry(tmp, struct ksmbd_tree_connect, list); + if (tree_conn->id == id) + return tree_conn; + } + return NULL; +} + +struct ksmbd_share_config *ksmbd_tree_conn_share(struct ksmbd_session *sess, + unsigned int id) +{ + struct ksmbd_tree_connect *tc; + + tc = ksmbd_tree_conn_lookup(sess, id); + if (tc) + return tc->share_conf; + return NULL; +} + +int ksmbd_tree_conn_session_logoff(struct ksmbd_session *sess) +{ + int ret = 0; + + while (!list_empty(&sess->tree_conn_list)) { + struct ksmbd_tree_connect *tc; + + tc = list_entry(sess->tree_conn_list.next, + struct ksmbd_tree_connect, + list); + ret |= ksmbd_tree_conn_disconnect(sess, tc); + } + + return ret; +} diff --git a/fs/cifsd/mgmt/tree_connect.h b/fs/cifsd/mgmt/tree_connect.h new file mode 100644 index 000000000000..46237cd05b9c --- /dev/null +++ b/fs/cifsd/mgmt/tree_connect.h @@ -0,0 +1,56 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#ifndef __TREE_CONNECT_MANAGEMENT_H__ +#define __TREE_CONNECT_MANAGEMENT_H__ + +#include <linux/hashtable.h> + +#include "../ksmbd_server.h" /* FIXME */ + +struct ksmbd_share_config; +struct ksmbd_user; + +struct ksmbd_tree_connect { + int id; + + unsigned int flags; + struct ksmbd_share_config *share_conf; + struct ksmbd_user *user; + + struct list_head list; + + int maximal_access; + bool posix_extensions; +}; + +struct ksmbd_tree_conn_status { + unsigned int ret; + struct ksmbd_tree_connect *tree_conn; +}; + +static inline int test_tree_conn_flag(struct ksmbd_tree_connect *tree_conn, + int flag) +{ + return tree_conn->flags & flag; +} + +struct ksmbd_session; + +struct ksmbd_tree_conn_status +ksmbd_tree_conn_connect(struct ksmbd_session *sess, char *share_name); + +int ksmbd_tree_conn_disconnect(struct ksmbd_session *sess, + struct ksmbd_tree_connect *tree_conn); + +struct ksmbd_tree_connect *ksmbd_tree_conn_lookup(struct ksmbd_session *sess, + unsigned int id); + +struct ksmbd_share_config *ksmbd_tree_conn_share(struct ksmbd_session *sess, + unsigned int id); + +int ksmbd_tree_conn_session_logoff(struct ksmbd_session *sess); + +#endif /* __TREE_CONNECT_MANAGEMENT_H__ */ diff --git a/fs/cifsd/mgmt/user_config.c b/fs/cifsd/mgmt/user_config.c new file mode 100644 index 000000000000..1ab68f80f72e --- /dev/null +++ b/fs/cifsd/mgmt/user_config.c @@ -0,0 +1,70 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#include <linux/slab.h> + +#include "user_config.h" +#include "../buffer_pool.h" +#include "../transport_ipc.h" +#include "../ksmbd_server.h" /* FIXME */ + +struct ksmbd_user *ksmbd_login_user(const char *account) +{ + struct ksmbd_login_response *resp; + struct ksmbd_user *user = NULL; + + resp = ksmbd_ipc_login_request(account); + if (!resp) + return NULL; + + if (!(resp->status & KSMBD_USER_FLAG_OK)) + goto out; + + user = ksmbd_alloc_user(resp); +out: + ksmbd_free(resp); + return user; +} + +struct ksmbd_user *ksmbd_alloc_user(struct ksmbd_login_response *resp) +{ + struct ksmbd_user *user = NULL; + + user = ksmbd_alloc(sizeof(struct ksmbd_user)); + if (!user) + return NULL; + + user->name = kstrdup(resp->account, GFP_KERNEL); + user->flags = resp->status; + user->gid = resp->gid; + user->uid = resp->uid; + user->passkey_sz = resp->hash_sz; + user->passkey = ksmbd_alloc(resp->hash_sz); + if (user->passkey) + memcpy(user->passkey, resp->hash, resp->hash_sz); + + if (!user->name || !user->passkey) { + kfree(user->name); + ksmbd_free(user->passkey); + ksmbd_free(user); + user = NULL; + } + return user; +} + +void ksmbd_free_user(struct ksmbd_user *user) +{ + ksmbd_ipc_logout_request(user->name); + kfree(user->name); + ksmbd_free(user->passkey); + ksmbd_free(user); +} + +int ksmbd_anonymous_user(struct ksmbd_user *user) +{ + if (user->name[0] == '\0') + return 1; + return 0; +} diff --git a/fs/cifsd/mgmt/user_config.h b/fs/cifsd/mgmt/user_config.h new file mode 100644 index 000000000000..5cda4a5d3e2f --- /dev/null +++ b/fs/cifsd/mgmt/user_config.h @@ -0,0 +1,67 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#ifndef __USER_CONFIG_MANAGEMENT_H__ +#define __USER_CONFIG_MANAGEMENT_H__ + +#include "../glob.h" /* FIXME */ +#include "../ksmbd_server.h" /* FIXME */ + +struct ksmbd_user { + unsigned short flags; + + unsigned int uid; + unsigned int gid; + + char *name; + + size_t passkey_sz; + char *passkey; +}; + +static inline bool user_guest(struct ksmbd_user *user) +{ + return user->flags & KSMBD_USER_FLAG_GUEST_ACCOUNT; +} + +static inline void set_user_flag(struct ksmbd_user *user, int flag) +{ + user->flags |= flag; +} + +static inline int test_user_flag(struct ksmbd_user *user, int flag) +{ + return user->flags & flag; +} + +static inline void set_user_guest(struct ksmbd_user *user) +{ +} + +static inline char *user_passkey(struct ksmbd_user *user) +{ + return user->passkey; +} + +static inline char *user_name(struct ksmbd_user *user) +{ + return user->name; +} + +static inline unsigned int user_uid(struct ksmbd_user *user) +{ + return user->uid; +} + +static inline unsigned int user_gid(struct ksmbd_user *user) +{ + return user->gid; +} + +struct ksmbd_user *ksmbd_login_user(const char *account); +struct ksmbd_user *ksmbd_alloc_user(struct ksmbd_login_response *resp); +void ksmbd_free_user(struct ksmbd_user *user); +int ksmbd_anonymous_user(struct ksmbd_user *user); +#endif /* __USER_CONFIG_MANAGEMENT_H__ */ diff --git a/fs/cifsd/mgmt/user_session.c b/fs/cifsd/mgmt/user_session.c new file mode 100644 index 000000000000..d9f6dbde850a --- /dev/null +++ b/fs/cifsd/mgmt/user_session.c @@ -0,0 +1,345 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#include <linux/list.h> +#include <linux/slab.h> +#include <linux/rwsem.h> + +#include "ksmbd_ida.h" +#include "user_session.h" +#include "user_config.h" +#include "tree_connect.h" +#include "../transport_ipc.h" +#include "../connection.h" +#include "../buffer_pool.h" +#include "../ksmbd_server.h" /* FIXME */ +#include "../vfs_cache.h" + +static struct ksmbd_ida *session_ida; + +#define SESSION_HASH_BITS 3 +static DEFINE_HASHTABLE(sessions_table, SESSION_HASH_BITS); +static DECLARE_RWSEM(sessions_table_lock); + +struct ksmbd_session_rpc { + int id; + unsigned int method; + struct list_head list; +}; + +static void free_channel_list(struct ksmbd_session *sess) +{ + struct channel *chann; + struct list_head *tmp, *t; + + list_for_each_safe(tmp, t, &sess->ksmbd_chann_list) { + chann = list_entry(tmp, struct channel, chann_list); + if (chann) { + list_del(&chann->chann_list); + kfree(chann); + } + } +} + +static void __session_rpc_close(struct ksmbd_session *sess, + struct ksmbd_session_rpc *entry) +{ + struct ksmbd_rpc_command *resp; + + resp = ksmbd_rpc_close(sess, entry->id); + if (!resp) + pr_err("Unable to close RPC pipe %d\n", entry->id); + + ksmbd_free(resp); + ksmbd_rpc_id_free(entry->id); + ksmbd_free(entry); +} + +static void ksmbd_session_rpc_clear_list(struct ksmbd_session *sess) +{ + struct ksmbd_session_rpc *entry; + + while (!list_empty(&sess->rpc_handle_list)) { + entry = list_entry(sess->rpc_handle_list.next, + struct ksmbd_session_rpc, + list); + + list_del(&entry->list); + __session_rpc_close(sess, entry); + } +} + +static int __rpc_method(char *rpc_name) +{ + if (!strcmp(rpc_name, "\srvsvc") || !strcmp(rpc_name, "srvsvc")) + return KSMBD_RPC_SRVSVC_METHOD_INVOKE; + + if (!strcmp(rpc_name, "\wkssvc") || !strcmp(rpc_name, "wkssvc")) + return KSMBD_RPC_WKSSVC_METHOD_INVOKE; + + if (!strcmp(rpc_name, "LANMAN") || !strcmp(rpc_name, "lanman")) + return KSMBD_RPC_RAP_METHOD; + + if (!strcmp(rpc_name, "\samr") || !strcmp(rpc_name, "samr")) + return KSMBD_RPC_SAMR_METHOD_INVOKE; + + if (!strcmp(rpc_name, "\lsarpc") || !strcmp(rpc_name, "lsarpc")) + return KSMBD_RPC_LSARPC_METHOD_INVOKE; + + ksmbd_err("Unsupported RPC: %s\n", rpc_name); + return 0; +} + +int ksmbd_session_rpc_open(struct ksmbd_session *sess, char *rpc_name) +{ + struct ksmbd_session_rpc *entry; + struct ksmbd_rpc_command *resp; + int method; + + method = __rpc_method(rpc_name); + if (!method) + return -EINVAL; + + entry = ksmbd_alloc(sizeof(struct ksmbd_session_rpc)); + if (!entry) + return -EINVAL; + + list_add(&entry->list, &sess->rpc_handle_list); + entry->method = method; + entry->id = ksmbd_ipc_id_alloc(); + if (entry->id < 0) + goto error; + + resp = ksmbd_rpc_open(sess, entry->id); + if (!resp) + goto error; + + ksmbd_free(resp); + return entry->id; +error: + list_del(&entry->list); + ksmbd_free(entry); + return -EINVAL; +} + +void ksmbd_session_rpc_close(struct ksmbd_session *sess, int id) +{ + struct ksmbd_session_rpc *entry; + + list_for_each_entry(entry, &sess->rpc_handle_list, list) { + if (entry->id == id) { + list_del(&entry->list); + __session_rpc_close(sess, entry); + break; + } + } +} + +int ksmbd_session_rpc_method(struct ksmbd_session *sess, int id) +{ + struct ksmbd_session_rpc *entry; + + list_for_each_entry(entry, &sess->rpc_handle_list, list) { + if (entry->id == id) + return entry->method; + } + return 0; +} + +void ksmbd_session_destroy(struct ksmbd_session *sess) +{ + if (!sess) + return; + + if (!atomic_dec_and_test(&sess->refcnt)) + return; + + list_del(&sess->sessions_entry); + + if (IS_SMB2(sess->conn)) { + down_write(&sessions_table_lock); + hash_del(&sess->hlist); + up_write(&sessions_table_lock); + } + + if (sess->user) + ksmbd_free_user(sess->user); + + ksmbd_tree_conn_session_logoff(sess); + ksmbd_destroy_file_table(&sess->file_table); + ksmbd_session_rpc_clear_list(sess); + free_channel_list(sess); + kfree(sess->Preauth_HashValue); + ksmbd_release_id(session_ida, sess->id); + + ksmbd_ida_free(sess->tree_conn_ida); + ksmbd_free(sess); +} + +static struct ksmbd_session *__session_lookup(unsigned long long id) +{ + struct ksmbd_session *sess; + + hash_for_each_possible(sessions_table, sess, hlist, id) { + if (id == sess->id) + return sess; + } + return NULL; +} + +void ksmbd_session_register(struct ksmbd_conn *conn, + struct ksmbd_session *sess) +{ + sess->conn = conn; + list_add(&sess->sessions_entry, &conn->sessions); +} + +void ksmbd_sessions_deregister(struct ksmbd_conn *conn) +{ + struct ksmbd_session *sess; + + while (!list_empty(&conn->sessions)) { + sess = list_entry(conn->sessions.next, + struct ksmbd_session, + sessions_entry); + + ksmbd_session_destroy(sess); + } +} + +bool ksmbd_session_id_match(struct ksmbd_session *sess, unsigned long long id) +{ + return sess->id == id; +} + +struct ksmbd_session *ksmbd_session_lookup(struct ksmbd_conn *conn, + unsigned long long id) +{ + struct ksmbd_session *sess = NULL; + + list_for_each_entry(sess, &conn->sessions, sessions_entry) { + if (ksmbd_session_id_match(sess, id)) + return sess; + } + return NULL; +} + +int get_session(struct ksmbd_session *sess) +{ + return atomic_inc_not_zero(&sess->refcnt); +} + +void put_session(struct ksmbd_session *sess) +{ + if (atomic_dec_and_test(&sess->refcnt)) + ksmbd_err("get/%s seems to be mismatched.", __func__); +} + +struct ksmbd_session *ksmbd_session_lookup_slowpath(unsigned long long id) +{ + struct ksmbd_session *sess; + + down_read(&sessions_table_lock); + sess = __session_lookup(id); + if (sess) { + if (!get_session(sess)) + sess = NULL; + } + up_read(&sessions_table_lock); + + return sess; +} + +static int __init_smb2_session(struct ksmbd_session *sess) +{ + int id = ksmbd_acquire_smb2_uid(session_ida); + + if (id < 0) + return -EINVAL; + sess->id = id; + return 0; +} + +static struct ksmbd_session *__session_create(int protocol) +{ + struct ksmbd_session *sess; + int ret; + + sess = ksmbd_alloc(sizeof(struct ksmbd_session)); + if (!sess) + return NULL; + + if (ksmbd_init_file_table(&sess->file_table)) + goto error; + + set_session_flag(sess, protocol); + INIT_LIST_HEAD(&sess->sessions_entry); + INIT_LIST_HEAD(&sess->tree_conn_list); + INIT_LIST_HEAD(&sess->ksmbd_chann_list); + INIT_LIST_HEAD(&sess->rpc_handle_list); + sess->sequence_number = 1; + atomic_set(&sess->refcnt, 1); + + switch (protocol) { + case CIFDS_SESSION_FLAG_SMB2: + ret = __init_smb2_session(sess); + break; + default: + ret = -EINVAL; + break; + } + + if (ret) + goto error; + + sess->tree_conn_ida = ksmbd_ida_alloc(); + if (!sess->tree_conn_ida) + goto error; + + if (protocol == CIFDS_SESSION_FLAG_SMB2) { + down_read(&sessions_table_lock); + hash_add(sessions_table, &sess->hlist, sess->id); + up_read(&sessions_table_lock); + } + return sess; + +error: + ksmbd_session_destroy(sess); + return NULL; +} + +struct ksmbd_session *ksmbd_smb2_session_create(void) +{ + return __session_create(CIFDS_SESSION_FLAG_SMB2); +} + +int ksmbd_acquire_tree_conn_id(struct ksmbd_session *sess) +{ + int id = -EINVAL; + + if (test_session_flag(sess, CIFDS_SESSION_FLAG_SMB2)) + id = ksmbd_acquire_smb2_tid(sess->tree_conn_ida); + + return id; +} + +void ksmbd_release_tree_conn_id(struct ksmbd_session *sess, int id) +{ + if (id >= 0) + ksmbd_release_id(sess->tree_conn_ida, id); +} + +int ksmbd_init_session_table(void) +{ + session_ida = ksmbd_ida_alloc(); + if (!session_ida) + return -ENOMEM; + return 0; +} + +void ksmbd_free_session_table(void) +{ + ksmbd_ida_free(session_ida); +} diff --git a/fs/cifsd/mgmt/user_session.h b/fs/cifsd/mgmt/user_session.h new file mode 100644 index 000000000000..0a6eb21647ab --- /dev/null +++ b/fs/cifsd/mgmt/user_session.h @@ -0,0 +1,105 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#ifndef __USER_SESSION_MANAGEMENT_H__ +#define __USER_SESSION_MANAGEMENT_H__ + +#include <linux/hashtable.h> + +#include "../smb_common.h" +#include "../ntlmssp.h" + +#define CIFDS_SESSION_FLAG_SMB2 (1 << 1) + +#define PREAUTH_HASHVALUE_SIZE 64 + +struct ksmbd_ida; +struct ksmbd_file_table; + +struct channel { + __u8 smb3signingkey[SMB3_SIGN_KEY_SIZE]; + struct ksmbd_conn *conn; + struct list_head chann_list; +}; + +struct preauth_session { + __u8 Preauth_HashValue[PREAUTH_HASHVALUE_SIZE]; + uint64_t sess_id; + struct list_head list_entry; +}; + +struct ksmbd_session { + uint64_t id; + + struct ksmbd_user *user; + struct ksmbd_conn *conn; + unsigned int sequence_number; + unsigned int flags; + + bool sign; + bool enc; + bool is_anonymous; + + int state; + __u8 *Preauth_HashValue; + + struct ntlmssp_auth ntlmssp; + char sess_key[CIFS_KEY_SIZE]; + + struct hlist_node hlist; + struct list_head ksmbd_chann_list; + struct list_head tree_conn_list; + struct ksmbd_ida *tree_conn_ida; + struct list_head rpc_handle_list; + + __u8 smb3encryptionkey[SMB3_SIGN_KEY_SIZE]; + __u8 smb3decryptionkey[SMB3_SIGN_KEY_SIZE]; + __u8 smb3signingkey[SMB3_SIGN_KEY_SIZE]; + + struct list_head sessions_entry; + struct ksmbd_file_table file_table; + atomic_t refcnt; +}; + +static inline int test_session_flag(struct ksmbd_session *sess, int bit) +{ + return sess->flags & bit; +} + +static inline void set_session_flag(struct ksmbd_session *sess, int bit) +{ + sess->flags |= bit; +} + +static inline void clear_session_flag(struct ksmbd_session *sess, int bit) +{ + sess->flags &= ~bit; +} + +struct ksmbd_session *ksmbd_smb2_session_create(void); + +void ksmbd_session_destroy(struct ksmbd_session *sess); + +bool ksmbd_session_id_match(struct ksmbd_session *sess, unsigned long long id); +struct ksmbd_session *ksmbd_session_lookup_slowpath(unsigned long long id); +struct ksmbd_session *ksmbd_session_lookup(struct ksmbd_conn *conn, + unsigned long long id); +void ksmbd_session_register(struct ksmbd_conn *conn, + struct ksmbd_session *sess); +void ksmbd_sessions_deregister(struct ksmbd_conn *conn); + +int ksmbd_acquire_tree_conn_id(struct ksmbd_session *sess); +void ksmbd_release_tree_conn_id(struct ksmbd_session *sess, int id); + +int ksmbd_session_rpc_open(struct ksmbd_session *sess, char *rpc_name); +void ksmbd_session_rpc_close(struct ksmbd_session *sess, int id); +int ksmbd_session_rpc_method(struct ksmbd_session *sess, int id); +int get_session(struct ksmbd_session *sess); +void put_session(struct ksmbd_session *sess); + +int ksmbd_init_session_table(void); +void ksmbd_free_session_table(void); + +#endif /* __USER_SESSION_MANAGEMENT_H__ */ diff --git a/fs/cifsd/misc.c b/fs/cifsd/misc.c new file mode 100644 index 000000000000..9e689c33f7bb --- /dev/null +++ b/fs/cifsd/misc.c @@ -0,0 +1,293 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2016 Namjae Jeon linkinjeon@kernel.org + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#include <linux/kernel.h> +#include <linux/version.h> +#include <linux/xattr.h> +#include <linux/fs.h> + +#include "misc.h" +#include "smb_common.h" +#include "connection.h" +#include "vfs.h" + +#include "mgmt/share_config.h" + +/** + * match_pattern() - compare a string with a pattern which might include + * wildcard '*' and '?' + * TODO : implement consideration about DOS_DOT, DOS_QM and DOS_STAR + * + * @string: string to compare with a pattern + * @pattern: pattern string which might include wildcard '*' and '?' + * + * Return: 0 if pattern matched with the string, otherwise non zero value + */ +int match_pattern(const char *str, const char *pattern) +{ + const char *s = str; + const char *p = pattern; + bool star = false; + + while (*s) { + switch (*p) { + case '?': + s++; + p++; + break; + case '*': + star = true; + str = s; + if (!*++p) + return true; + pattern = p; + break; + default: + if (tolower(*s) == tolower(*p)) { + s++; + p++; + } else { + if (!star) + return false; + str++; + s = str; + p = pattern; + } + break; + } + } + + if (*p == '*') + ++p; + return !*p; +} + +/* + * is_char_allowed() - check for valid character + * @ch: input character to be checked + * + * Return: 1 if char is allowed, otherwise 0 + */ +static inline int is_char_allowed(char ch) +{ + /* check for control chars, wildcards etc. */ + if (!(ch & 0x80) && + (ch <= 0x1f || + ch == '?' || ch == '"' || ch == '<' || + ch == '>' || ch == '|' || ch == '*')) + return 0; + + return 1; +} + +int ksmbd_validate_filename(char *filename) +{ + while (*filename) { + char c = *filename; + + filename++; + if (!is_char_allowed(c)) { + ksmbd_debug(VFS, "File name validation failed: 0x%x\n", c); + return -ENOENT; + } + } + + return 0; +} + +static int ksmbd_validate_stream_name(char *stream_name) +{ + while (*stream_name) { + char c = *stream_name; + + stream_name++; + if (c == '/' || c == ':' || c == '\') { + ksmbd_err("Stream name validation failed: %c\n", c); + return -ENOENT; + } + } + + return 0; +} + +int parse_stream_name(char *filename, char **stream_name, int *s_type) +{ + char *stream_type; + char *s_name; + int rc = 0; + + s_name = filename; + filename = strsep(&s_name, ":"); + ksmbd_debug(SMB, "filename : %s, streams : %s\n", filename, s_name); + if (strchr(s_name, ':')) { + stream_type = s_name; + s_name = strsep(&stream_type, ":"); + + rc = ksmbd_validate_stream_name(s_name); + if (rc < 0) { + rc = -ENOENT; + goto out; + } + + ksmbd_debug(SMB, "stream name : %s, stream type : %s\n", s_name, + stream_type); + if (!strncasecmp("$data", stream_type, 5)) + *s_type = DATA_STREAM; + else if (!strncasecmp("$index_allocation", stream_type, 17)) + *s_type = DIR_STREAM; + else + rc = -ENOENT; + } + + *stream_name = s_name; +out: + return rc; +} + +/** + * convert_to_nt_pathname() - extract and return windows path string + * whose share directory prefix was removed from file path + * @filename : unix filename + * @sharepath: share path string + * + * Return : windows path string or error + */ + +char *convert_to_nt_pathname(char *filename, char *sharepath) +{ + char *ab_pathname; + int len, name_len; + + name_len = strlen(filename); + ab_pathname = kmalloc(name_len, GFP_KERNEL); + if (!ab_pathname) + return NULL; + + ab_pathname[0] = '\'; + ab_pathname[1] = '\0'; + + len = strlen(sharepath); + if (!strncmp(filename, sharepath, len) && name_len != len) { + strscpy(ab_pathname, &filename[len], name_len); + ksmbd_conv_path_to_windows(ab_pathname); + } + + return ab_pathname; +} + +int get_nlink(struct kstat *st) +{ + int nlink; + + nlink = st->nlink; + if (S_ISDIR(st->mode)) + nlink--; + + return nlink; +} + +void ksmbd_conv_path_to_unix(char *path) +{ + strreplace(path, '\', '/'); +} + +void ksmbd_strip_last_slash(char *path) +{ + int len = strlen(path); + + while (len && path[len - 1] == '/') { + path[len - 1] = '\0'; + len--; + } +} + +void ksmbd_conv_path_to_windows(char *path) +{ + strreplace(path, '/', '\'); +} + +/** + * extract_sharename() - get share name from tree connect request + * @treename: buffer containing tree name and share name + * + * Return: share name on success, otherwise error + */ +char *extract_sharename(char *treename) +{ + char *name = treename; + char *dst; + char *pos = strrchr(name, '\'); + + if (pos) + name = (pos + 1); + + /* caller has to free the memory */ + dst = kstrdup(name, GFP_KERNEL); + if (!dst) + return ERR_PTR(-ENOMEM); + return dst; +} + +/** + * convert_to_unix_name() - convert windows name to unix format + * @path: name to be converted + * @tid: tree id of mathing share + * + * Return: converted name on success, otherwise NULL + */ +char *convert_to_unix_name(struct ksmbd_share_config *share, char *name) +{ + int no_slash = 0, name_len, path_len; + char *new_name; + + if (name[0] == '/') + name++; + + path_len = share->path_sz; + name_len = strlen(name); + new_name = kmalloc(path_len + name_len + 2, GFP_KERNEL); + if (!new_name) + return new_name; + + memcpy(new_name, share->path, path_len); + if (new_name[path_len - 1] != '/') { + new_name[path_len] = '/'; + no_slash = 1; + } + + memcpy(new_name + path_len + no_slash, name, name_len); + path_len += name_len + no_slash; + new_name[path_len] = 0x00; + return new_name; +} + +char *ksmbd_convert_dir_info_name(struct ksmbd_dir_info *d_info, + const struct nls_table *local_nls, + int *conv_len) +{ + char *conv; + int sz = min(4 * d_info->name_len, PATH_MAX); + + if (!sz) + return NULL; + + conv = kmalloc(sz, GFP_KERNEL); + if (!conv) + return NULL; + + /* XXX */ + *conv_len = smbConvertToUTF16((__le16 *)conv, + d_info->name, + d_info->name_len, + local_nls, + 0); + *conv_len *= 2; + + /* We allocate buffer twice bigger than needed. */ + conv[*conv_len] = 0x00; + conv[*conv_len + 1] = 0x00; + return conv; +} diff --git a/fs/cifsd/misc.h b/fs/cifsd/misc.h new file mode 100644 index 000000000000..d67843aad509 --- /dev/null +++ b/fs/cifsd/misc.h @@ -0,0 +1,38 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#ifndef __KSMBD_MISC_H__ +#define __KSMBD_MISC_H__ + +struct ksmbd_share_config; +struct nls_table; +struct kstat; +struct ksmbd_file; + +int match_pattern(const char *str, const char *pattern); + +int ksmbd_validate_filename(char *filename); + +int parse_stream_name(char *filename, char **stream_name, int *s_type); + +char *convert_to_nt_pathname(char *filename, char *sharepath); + +int get_nlink(struct kstat *st); + +void ksmbd_conv_path_to_unix(char *path); +void ksmbd_strip_last_slash(char *path); +void ksmbd_conv_path_to_windows(char *path); + +char *extract_sharename(char *treename); + +char *convert_to_unix_name(struct ksmbd_share_config *share, char *name); + +#define KSMBD_DIR_INFO_ALIGNMENT 8 + +struct ksmbd_dir_info; +char *ksmbd_convert_dir_info_name(struct ksmbd_dir_info *d_info, + const struct nls_table *local_nls, + int *conv_len); +#endif /* __KSMBD_MISC_H__ */ diff --git a/fs/cifsd/ndr.c b/fs/cifsd/ndr.c new file mode 100644 index 000000000000..d96dcd9e43c6 --- /dev/null +++ b/fs/cifsd/ndr.c @@ -0,0 +1,344 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2021 Samsung Electronics Co., Ltd. + * Author(s): Namjae Jeon linkinjeon@kernel.org + */ + +#include <linux/fs.h> + +#include "glob.h" +#include "ndr.h" + +#define PAYLOAD_HEAD(d) ((d)->data + (d)->offset) + +#define KSMBD_ALIGN_MASK(x, mask) (((x) + (mask)) & ~(mask)) + +#define KSMBD_ALIGN(x, a) \ + ({ \ + typeof(x) ret = (x); \ + if (((x) & ((typeof(x))(a) - 1)) != 0) \ + ret = KSMBD_ALIGN_MASK(x, (typeof(x))(a) - 1); \ + ret; \ + }) + +static void align_offset(struct ndr *ndr, int n) +{ + ndr->offset = KSMBD_ALIGN(ndr->offset, n); +} + +static int try_to_realloc_ndr_blob(struct ndr *n, size_t sz) +{ + char *data; + + data = krealloc(n->data, n->offset + sz + 1024, GFP_KERNEL); + if (!data) + return -ENOMEM; + + n->data = data; + n->length += 1024; + memset(n->data + n->offset, 0, 1024); + return 0; +} + +static void ndr_write_int16(struct ndr *n, __u16 value) +{ + if (n->length <= n->offset + sizeof(value)) + try_to_realloc_ndr_blob(n, sizeof(value)); + + *(__le16 *)PAYLOAD_HEAD(n) = cpu_to_le16(value); + n->offset += sizeof(value); +} + +static void ndr_write_int32(struct ndr *n, __u32 value) +{ + if (n->length <= n->offset + sizeof(value)) + try_to_realloc_ndr_blob(n, sizeof(value)); + + *(__le32 *)PAYLOAD_HEAD(n) = cpu_to_le32(value); + n->offset += sizeof(value); +} + +static void ndr_write_int64(struct ndr *n, __u64 value) +{ + if (n->length <= n->offset + sizeof(value)) + try_to_realloc_ndr_blob(n, sizeof(value)); + + *(__le64 *)PAYLOAD_HEAD(n) = cpu_to_le64(value); + n->offset += sizeof(value); +} + +static int ndr_write_bytes(struct ndr *n, void *value, size_t sz) +{ + if (n->length <= n->offset + sz) + try_to_realloc_ndr_blob(n, sz); + + memcpy(PAYLOAD_HEAD(n), value, sz); + n->offset += sz; + return 0; +} + +static int ndr_write_string(struct ndr *n, void *value, size_t sz) +{ + if (n->length <= n->offset + sz) + try_to_realloc_ndr_blob(n, sz); + + strncpy(PAYLOAD_HEAD(n), value, sz); + sz++; + n->offset += sz; + align_offset(n, 2); + return 0; +} + +static int ndr_read_string(struct ndr *n, void *value, size_t sz) +{ + int len = strnlen(PAYLOAD_HEAD(n), sz); + + memcpy(value, PAYLOAD_HEAD(n), len); + len++; + n->offset += len; + align_offset(n, 2); + return 0; +} + +static int ndr_read_bytes(struct ndr *n, void *value, size_t sz) +{ + memcpy(value, PAYLOAD_HEAD(n), sz); + n->offset += sz; + return 0; +} + +static __u16 ndr_read_int16(struct ndr *n) +{ + __u16 ret; + + ret = le16_to_cpu(*(__le16 *)PAYLOAD_HEAD(n)); + n->offset += sizeof(__u16); + return ret; +} + +static __u32 ndr_read_int32(struct ndr *n) +{ + __u32 ret; + + ret = le32_to_cpu(*(__le32 *)PAYLOAD_HEAD(n)); + n->offset += sizeof(__u32); + return ret; +} + +static __u64 ndr_read_int64(struct ndr *n) +{ + __u64 ret; + + ret = le64_to_cpu(*(__le64 *)PAYLOAD_HEAD(n)); + n->offset += sizeof(__u64); + return ret; +} + +int ndr_encode_dos_attr(struct ndr *n, struct xattr_dos_attrib *da) +{ + char hex_attr[12] = {0}; + + n->offset = 0; + n->length = 1024; + n->data = kzalloc(n->length, GFP_KERNEL); + if (!n->data) + return -ENOMEM; + + if (da->version == 3) { + snprintf(hex_attr, 10, "0x%x", da->attr); + ndr_write_string(n, hex_attr, strlen(hex_attr)); + } else { + ndr_write_string(n, "", strlen("")); + } + ndr_write_int16(n, da->version); + ndr_write_int32(n, da->version); + + ndr_write_int32(n, da->flags); + ndr_write_int32(n, da->attr); + if (da->version == 3) { + ndr_write_int32(n, da->ea_size); + ndr_write_int64(n, da->size); + ndr_write_int64(n, da->alloc_size); + } else + ndr_write_int64(n, da->itime); + ndr_write_int64(n, da->create_time); + if (da->version == 3) + ndr_write_int64(n, da->change_time); + return 0; +} + +int ndr_decode_dos_attr(struct ndr *n, struct xattr_dos_attrib *da) +{ + char hex_attr[12] = {0}; + int version2; + + n->offset = 0; + ndr_read_string(n, hex_attr, n->length - n->offset); + da->version = ndr_read_int16(n); + + if (da->version != 3 && da->version != 4) { + ksmbd_err("v%d version is not supported\n", da->version); + return -EINVAL; + } + + version2 = ndr_read_int32(n); + if (da->version != version2) { + ksmbd_err("ndr version mismatched(version: %d, version2: %d)\n", + da->version, version2); + return -EINVAL; + } + + ndr_read_int32(n); + da->attr = ndr_read_int32(n); + if (da->version == 4) { + da->itime = ndr_read_int64(n); + da->create_time = ndr_read_int64(n); + } else { + ndr_read_int32(n); + ndr_read_int64(n); + ndr_read_int64(n); + da->create_time = ndr_read_int64(n); + ndr_read_int64(n); + } + + return 0; +} + +static int ndr_encode_posix_acl_entry(struct ndr *n, struct xattr_smb_acl *acl) +{ + int i; + + ndr_write_int32(n, acl->count); + align_offset(n, 8); + ndr_write_int32(n, acl->count); + ndr_write_int32(n, 0); + + for (i = 0; i < acl->count; i++) { + align_offset(n, 8); + ndr_write_int16(n, acl->entries[i].type); + ndr_write_int16(n, acl->entries[i].type); + + if (acl->entries[i].type == SMB_ACL_USER) { + align_offset(n, 8); + ndr_write_int64(n, acl->entries[i].uid); + } else if (acl->entries[i].type == SMB_ACL_GROUP) { + align_offset(n, 8); + ndr_write_int64(n, acl->entries[i].gid); + } + + /* push permission */ + ndr_write_int32(n, acl->entries[i].perm); + } + + return 0; +} + +int ndr_encode_posix_acl(struct ndr *n, struct inode *inode, + struct xattr_smb_acl *acl, struct xattr_smb_acl *def_acl) +{ + int ref_id = 0x00020000; + + n->offset = 0; + n->length = 1024; + n->data = kzalloc(n->length, GFP_KERNEL); + if (!n->data) + return -ENOMEM; + + if (acl) { + /* ACL ACCESS */ + ndr_write_int32(n, ref_id); + ref_id += 4; + } else + ndr_write_int32(n, 0); + + if (def_acl) { + /* DEFAULT ACL ACCESS */ + ndr_write_int32(n, ref_id); + ref_id += 4; + } else + ndr_write_int32(n, 0); + + ndr_write_int64(n, from_kuid(&init_user_ns, inode->i_uid)); + ndr_write_int64(n, from_kgid(&init_user_ns, inode->i_gid)); + ndr_write_int32(n, inode->i_mode); + + if (acl) { + ndr_encode_posix_acl_entry(n, acl); + if (def_acl) + ndr_encode_posix_acl_entry(n, def_acl); + } + return 0; +} + +int ndr_encode_v4_ntacl(struct ndr *n, struct xattr_ntacl *acl) +{ + int ref_id = 0x00020004; + + n->offset = 0; + n->length = 2048; + n->data = kzalloc(n->length, GFP_KERNEL); + if (!n->data) + return -ENOMEM; + + ndr_write_int16(n, acl->version); + ndr_write_int32(n, acl->version); + ndr_write_int16(n, 2); + ndr_write_int32(n, ref_id); + + /* push hash type and hash 64bytes */ + ndr_write_int16(n, acl->hash_type); + ndr_write_bytes(n, acl->hash, XATTR_SD_HASH_SIZE); + ndr_write_bytes(n, acl->desc, acl->desc_len); + ndr_write_int64(n, acl->current_time); + ndr_write_bytes(n, acl->posix_acl_hash, XATTR_SD_HASH_SIZE); + + /* push ndr for security descriptor */ + ndr_write_bytes(n, acl->sd_buf, acl->sd_size); + + return 0; +} + +int ndr_decode_v4_ntacl(struct ndr *n, struct xattr_ntacl *acl) +{ + int version2; + + n->offset = 0; + acl->version = ndr_read_int16(n); + if (acl->version != 4) { + ksmbd_err("v%d version is not supported\n", acl->version); + return -EINVAL; + } + + version2 = ndr_read_int32(n); + if (acl->version != version2) { + ksmbd_err("ndr version mismatched(version: %d, version2: %d)\n", + acl->version, version2); + return -EINVAL; + } + + /* Read Level */ + ndr_read_int16(n); + /* Read Ref Id */ + ndr_read_int32(n); + acl->hash_type = ndr_read_int16(n); + ndr_read_bytes(n, acl->hash, XATTR_SD_HASH_SIZE); + + ndr_read_bytes(n, acl->desc, 10); + if (strncmp(acl->desc, "posix_acl", 9)) { + ksmbd_err("Invalid acl desciption : %s\n", acl->desc); + return -EINVAL; + } + + /* Read Time */ + ndr_read_int64(n); + /* Read Posix ACL hash */ + ndr_read_bytes(n, acl->posix_acl_hash, XATTR_SD_HASH_SIZE); + acl->sd_size = n->length - n->offset; + acl->sd_buf = kzalloc(acl->sd_size, GFP_KERNEL); + if (!acl->sd_buf) + return -ENOMEM; + + ndr_read_bytes(n, acl->sd_buf, acl->sd_size); + + return 0; +} diff --git a/fs/cifsd/ndr.h b/fs/cifsd/ndr.h new file mode 100644 index 000000000000..a9db968b78ac --- /dev/null +++ b/fs/cifsd/ndr.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2020 Samsung Electronics Co., Ltd. + * Author(s): Namjae Jeon linkinjeon@kernel.org + */ + +struct ndr { + char *data; + int offset; + int length; +}; + +#define NDR_NTSD_OFFSETOF 0xA0 + +int ndr_encode_dos_attr(struct ndr *n, struct xattr_dos_attrib *da); +int ndr_decode_dos_attr(struct ndr *n, struct xattr_dos_attrib *da); +int ndr_encode_posix_acl(struct ndr *n, struct inode *inode, + struct xattr_smb_acl *acl, struct xattr_smb_acl *def_acl); +int ndr_encode_v4_ntacl(struct ndr *n, struct xattr_ntacl *acl); +int ndr_encode_v3_ntacl(struct ndr *n, struct xattr_ntacl *acl); +int ndr_decode_v4_ntacl(struct ndr *n, struct xattr_ntacl *acl); diff --git a/fs/cifsd/netmisc.c b/fs/cifsd/netmisc.c new file mode 100644 index 000000000000..6f7dd78348a3 --- /dev/null +++ b/fs/cifsd/netmisc.c @@ -0,0 +1,46 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * fs/ksmbd/netmisc.c + * + * Copyright (c) International Business Machines Corp., 2002,2008 + * Author(s): Steve French (sfrench@us.ibm.com) + * + * Error mapping routines from Samba libsmb/errormap.c + * Copyright (C) Andrew Tridgell 2001 + */ + +#include "glob.h" +#include "smberr.h" +#include "nterr.h" +#include "time_wrappers.h" + +/* + * Convert the NT UTC (based 1601-01-01, in hundred nanosecond units) + * into Unix UTC (based 1970-01-01, in seconds). + */ +struct timespec64 ksmbd_NTtimeToUnix(__le64 ntutc) +{ + struct timespec64 ts; + + /* Subtract the NTFS time offset, then convert to 1s intervals. */ + s64 t = le64_to_cpu(ntutc) - NTFS_TIME_OFFSET; + u64 abs_t; + + /* + * Unfortunately can not use normal 64 bit division on 32 bit arch, but + * the alternative, do_div, does not work with negative numbers so have + * to special case them + */ + if (t < 0) { + abs_t = -t; + ts.tv_nsec = do_div(abs_t, 10000000) * 100; + ts.tv_nsec = -ts.tv_nsec; + ts.tv_sec = -abs_t; + } else { + abs_t = t; + ts.tv_nsec = do_div(abs_t, 10000000) * 100; + ts.tv_sec = abs_t; + } + + return ts; +} diff --git a/fs/cifsd/nterr.c b/fs/cifsd/nterr.c new file mode 100644 index 000000000000..358a766375b4 --- /dev/null +++ b/fs/cifsd/nterr.c @@ -0,0 +1,674 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Unix SMB/Netbios implementation. + * Version 1.9. + * RPC Pipe client / server routines + * Copyright (C) Luke Kenneth Casson Leighton 1997-2001. + */ + +/* NT error codes - see nterr.h */ +#include <linux/types.h> +#include <linux/fs.h> +#include "nterr.h" + +const struct nt_err_code_struct nt_errs[] = { + {"NT_STATUS_OK", NT_STATUS_OK}, + {"NT_STATUS_UNSUCCESSFUL", NT_STATUS_UNSUCCESSFUL}, + {"NT_STATUS_NOT_IMPLEMENTED", NT_STATUS_NOT_IMPLEMENTED}, + {"NT_STATUS_INVALID_INFO_CLASS", NT_STATUS_INVALID_INFO_CLASS}, + {"NT_STATUS_INFO_LENGTH_MISMATCH", NT_STATUS_INFO_LENGTH_MISMATCH}, + {"NT_STATUS_ACCESS_VIOLATION", NT_STATUS_ACCESS_VIOLATION}, + {"NT_STATUS_BUFFER_OVERFLOW", NT_STATUS_BUFFER_OVERFLOW}, + {"NT_STATUS_IN_PAGE_ERROR", NT_STATUS_IN_PAGE_ERROR}, + {"NT_STATUS_PAGEFILE_QUOTA", NT_STATUS_PAGEFILE_QUOTA}, + {"NT_STATUS_INVALID_HANDLE", NT_STATUS_INVALID_HANDLE}, + {"NT_STATUS_BAD_INITIAL_STACK", NT_STATUS_BAD_INITIAL_STACK}, + {"NT_STATUS_BAD_INITIAL_PC", NT_STATUS_BAD_INITIAL_PC}, + {"NT_STATUS_INVALID_CID", NT_STATUS_INVALID_CID}, + {"NT_STATUS_TIMER_NOT_CANCELED", NT_STATUS_TIMER_NOT_CANCELED}, + {"NT_STATUS_INVALID_PARAMETER", NT_STATUS_INVALID_PARAMETER}, + {"NT_STATUS_NO_SUCH_DEVICE", NT_STATUS_NO_SUCH_DEVICE}, + {"NT_STATUS_NO_SUCH_FILE", NT_STATUS_NO_SUCH_FILE}, + {"NT_STATUS_INVALID_DEVICE_REQUEST", + NT_STATUS_INVALID_DEVICE_REQUEST}, + {"NT_STATUS_END_OF_FILE", NT_STATUS_END_OF_FILE}, + {"NT_STATUS_WRONG_VOLUME", NT_STATUS_WRONG_VOLUME}, + {"NT_STATUS_NO_MEDIA_IN_DEVICE", NT_STATUS_NO_MEDIA_IN_DEVICE}, + {"NT_STATUS_UNRECOGNIZED_MEDIA", NT_STATUS_UNRECOGNIZED_MEDIA}, + {"NT_STATUS_NONEXISTENT_SECTOR", NT_STATUS_NONEXISTENT_SECTOR}, + {"NT_STATUS_MORE_PROCESSING_REQUIRED", + NT_STATUS_MORE_PROCESSING_REQUIRED}, + {"NT_STATUS_NO_MEMORY", NT_STATUS_NO_MEMORY}, + {"NT_STATUS_CONFLICTING_ADDRESSES", + NT_STATUS_CONFLICTING_ADDRESSES}, + {"NT_STATUS_NOT_MAPPED_VIEW", NT_STATUS_NOT_MAPPED_VIEW}, + {"NT_STATUS_UNABLE_TO_FREE_VM", NT_STATUS_UNABLE_TO_FREE_VM}, + {"NT_STATUS_UNABLE_TO_DELETE_SECTION", + NT_STATUS_UNABLE_TO_DELETE_SECTION}, + {"NT_STATUS_INVALID_SYSTEM_SERVICE", + NT_STATUS_INVALID_SYSTEM_SERVICE}, + {"NT_STATUS_ILLEGAL_INSTRUCTION", NT_STATUS_ILLEGAL_INSTRUCTION}, + {"NT_STATUS_INVALID_LOCK_SEQUENCE", + NT_STATUS_INVALID_LOCK_SEQUENCE}, + {"NT_STATUS_INVALID_VIEW_SIZE", NT_STATUS_INVALID_VIEW_SIZE}, + {"NT_STATUS_INVALID_FILE_FOR_SECTION", + NT_STATUS_INVALID_FILE_FOR_SECTION}, + {"NT_STATUS_ALREADY_COMMITTED", NT_STATUS_ALREADY_COMMITTED}, + {"NT_STATUS_ACCESS_DENIED", NT_STATUS_ACCESS_DENIED}, + {"NT_STATUS_BUFFER_TOO_SMALL", NT_STATUS_BUFFER_TOO_SMALL}, + {"NT_STATUS_OBJECT_TYPE_MISMATCH", NT_STATUS_OBJECT_TYPE_MISMATCH}, + {"NT_STATUS_NONCONTINUABLE_EXCEPTION", + NT_STATUS_NONCONTINUABLE_EXCEPTION}, + {"NT_STATUS_INVALID_DISPOSITION", NT_STATUS_INVALID_DISPOSITION}, + {"NT_STATUS_UNWIND", NT_STATUS_UNWIND}, + {"NT_STATUS_BAD_STACK", NT_STATUS_BAD_STACK}, + {"NT_STATUS_INVALID_UNWIND_TARGET", + NT_STATUS_INVALID_UNWIND_TARGET}, + {"NT_STATUS_NOT_LOCKED", NT_STATUS_NOT_LOCKED}, + {"NT_STATUS_PARITY_ERROR", NT_STATUS_PARITY_ERROR}, + {"NT_STATUS_UNABLE_TO_DECOMMIT_VM", + NT_STATUS_UNABLE_TO_DECOMMIT_VM}, + {"NT_STATUS_NOT_COMMITTED", NT_STATUS_NOT_COMMITTED}, + {"NT_STATUS_INVALID_PORT_ATTRIBUTES", + NT_STATUS_INVALID_PORT_ATTRIBUTES}, + {"NT_STATUS_PORT_MESSAGE_TOO_LONG", + NT_STATUS_PORT_MESSAGE_TOO_LONG}, + {"NT_STATUS_INVALID_PARAMETER_MIX", + NT_STATUS_INVALID_PARAMETER_MIX}, + {"NT_STATUS_INVALID_QUOTA_LOWER", NT_STATUS_INVALID_QUOTA_LOWER}, + {"NT_STATUS_DISK_CORRUPT_ERROR", NT_STATUS_DISK_CORRUPT_ERROR}, + {"NT_STATUS_OBJECT_NAME_INVALID", NT_STATUS_OBJECT_NAME_INVALID}, + {"NT_STATUS_OBJECT_NAME_NOT_FOUND", + NT_STATUS_OBJECT_NAME_NOT_FOUND}, + {"NT_STATUS_OBJECT_NAME_COLLISION", + NT_STATUS_OBJECT_NAME_COLLISION}, + {"NT_STATUS_HANDLE_NOT_WAITABLE", NT_STATUS_HANDLE_NOT_WAITABLE}, + {"NT_STATUS_PORT_DISCONNECTED", NT_STATUS_PORT_DISCONNECTED}, + {"NT_STATUS_DEVICE_ALREADY_ATTACHED", + NT_STATUS_DEVICE_ALREADY_ATTACHED}, + {"NT_STATUS_OBJECT_PATH_INVALID", NT_STATUS_OBJECT_PATH_INVALID}, + {"NT_STATUS_OBJECT_PATH_NOT_FOUND", + NT_STATUS_OBJECT_PATH_NOT_FOUND}, + {"NT_STATUS_OBJECT_PATH_SYNTAX_BAD", + NT_STATUS_OBJECT_PATH_SYNTAX_BAD}, + {"NT_STATUS_DATA_OVERRUN", NT_STATUS_DATA_OVERRUN}, + {"NT_STATUS_DATA_LATE_ERROR", NT_STATUS_DATA_LATE_ERROR}, + {"NT_STATUS_DATA_ERROR", NT_STATUS_DATA_ERROR}, + {"NT_STATUS_CRC_ERROR", NT_STATUS_CRC_ERROR}, + {"NT_STATUS_SECTION_TOO_BIG", NT_STATUS_SECTION_TOO_BIG}, + {"NT_STATUS_PORT_CONNECTION_REFUSED", + NT_STATUS_PORT_CONNECTION_REFUSED}, + {"NT_STATUS_INVALID_PORT_HANDLE", NT_STATUS_INVALID_PORT_HANDLE}, + {"NT_STATUS_SHARING_VIOLATION", NT_STATUS_SHARING_VIOLATION}, + {"NT_STATUS_QUOTA_EXCEEDED", NT_STATUS_QUOTA_EXCEEDED}, + {"NT_STATUS_INVALID_PAGE_PROTECTION", + NT_STATUS_INVALID_PAGE_PROTECTION}, + {"NT_STATUS_MUTANT_NOT_OWNED", NT_STATUS_MUTANT_NOT_OWNED}, + {"NT_STATUS_SEMAPHORE_LIMIT_EXCEEDED", + NT_STATUS_SEMAPHORE_LIMIT_EXCEEDED}, + {"NT_STATUS_PORT_ALREADY_SET", NT_STATUS_PORT_ALREADY_SET}, + {"NT_STATUS_SECTION_NOT_IMAGE", NT_STATUS_SECTION_NOT_IMAGE}, + {"NT_STATUS_SUSPEND_COUNT_EXCEEDED", + NT_STATUS_SUSPEND_COUNT_EXCEEDED}, + {"NT_STATUS_THREAD_IS_TERMINATING", + NT_STATUS_THREAD_IS_TERMINATING}, + {"NT_STATUS_BAD_WORKING_SET_LIMIT", + NT_STATUS_BAD_WORKING_SET_LIMIT}, + {"NT_STATUS_INCOMPATIBLE_FILE_MAP", + NT_STATUS_INCOMPATIBLE_FILE_MAP}, + {"NT_STATUS_SECTION_PROTECTION", NT_STATUS_SECTION_PROTECTION}, + {"NT_STATUS_EAS_NOT_SUPPORTED", NT_STATUS_EAS_NOT_SUPPORTED}, + {"NT_STATUS_EA_TOO_LARGE", NT_STATUS_EA_TOO_LARGE}, + {"NT_STATUS_NONEXISTENT_EA_ENTRY", NT_STATUS_NONEXISTENT_EA_ENTRY}, + {"NT_STATUS_NO_EAS_ON_FILE", NT_STATUS_NO_EAS_ON_FILE}, + {"NT_STATUS_EA_CORRUPT_ERROR", NT_STATUS_EA_CORRUPT_ERROR}, + {"NT_STATUS_FILE_LOCK_CONFLICT", NT_STATUS_FILE_LOCK_CONFLICT}, + {"NT_STATUS_LOCK_NOT_GRANTED", NT_STATUS_LOCK_NOT_GRANTED}, + {"NT_STATUS_DELETE_PENDING", NT_STATUS_DELETE_PENDING}, + {"NT_STATUS_CTL_FILE_NOT_SUPPORTED", + NT_STATUS_CTL_FILE_NOT_SUPPORTED}, + {"NT_STATUS_UNKNOWN_REVISION", NT_STATUS_UNKNOWN_REVISION}, + {"NT_STATUS_REVISION_MISMATCH", NT_STATUS_REVISION_MISMATCH}, + {"NT_STATUS_INVALID_OWNER", NT_STATUS_INVALID_OWNER}, + {"NT_STATUS_INVALID_PRIMARY_GROUP", + NT_STATUS_INVALID_PRIMARY_GROUP}, + {"NT_STATUS_NO_IMPERSONATION_TOKEN", + NT_STATUS_NO_IMPERSONATION_TOKEN}, + {"NT_STATUS_CANT_DISABLE_MANDATORY", + NT_STATUS_CANT_DISABLE_MANDATORY}, + {"NT_STATUS_NO_LOGON_SERVERS", NT_STATUS_NO_LOGON_SERVERS}, + {"NT_STATUS_NO_SUCH_LOGON_SESSION", + NT_STATUS_NO_SUCH_LOGON_SESSION}, + {"NT_STATUS_NO_SUCH_PRIVILEGE", NT_STATUS_NO_SUCH_PRIVILEGE}, + {"NT_STATUS_PRIVILEGE_NOT_HELD", NT_STATUS_PRIVILEGE_NOT_HELD}, + {"NT_STATUS_INVALID_ACCOUNT_NAME", NT_STATUS_INVALID_ACCOUNT_NAME}, + {"NT_STATUS_USER_EXISTS", NT_STATUS_USER_EXISTS}, + {"NT_STATUS_NO_SUCH_USER", NT_STATUS_NO_SUCH_USER}, + {"NT_STATUS_GROUP_EXISTS", NT_STATUS_GROUP_EXISTS}, + {"NT_STATUS_NO_SUCH_GROUP", NT_STATUS_NO_SUCH_GROUP}, + {"NT_STATUS_MEMBER_IN_GROUP", NT_STATUS_MEMBER_IN_GROUP}, + {"NT_STATUS_MEMBER_NOT_IN_GROUP", NT_STATUS_MEMBER_NOT_IN_GROUP}, + {"NT_STATUS_LAST_ADMIN", NT_STATUS_LAST_ADMIN}, + {"NT_STATUS_WRONG_PASSWORD", NT_STATUS_WRONG_PASSWORD}, + {"NT_STATUS_ILL_FORMED_PASSWORD", NT_STATUS_ILL_FORMED_PASSWORD}, + {"NT_STATUS_PASSWORD_RESTRICTION", NT_STATUS_PASSWORD_RESTRICTION}, + {"NT_STATUS_LOGON_FAILURE", NT_STATUS_LOGON_FAILURE}, + {"NT_STATUS_ACCOUNT_RESTRICTION", NT_STATUS_ACCOUNT_RESTRICTION}, + {"NT_STATUS_INVALID_LOGON_HOURS", NT_STATUS_INVALID_LOGON_HOURS}, + {"NT_STATUS_INVALID_WORKSTATION", NT_STATUS_INVALID_WORKSTATION}, + {"NT_STATUS_PASSWORD_EXPIRED", NT_STATUS_PASSWORD_EXPIRED}, + {"NT_STATUS_ACCOUNT_DISABLED", NT_STATUS_ACCOUNT_DISABLED}, + {"NT_STATUS_NONE_MAPPED", NT_STATUS_NONE_MAPPED}, + {"NT_STATUS_TOO_MANY_LUIDS_REQUESTED", + NT_STATUS_TOO_MANY_LUIDS_REQUESTED}, + {"NT_STATUS_LUIDS_EXHAUSTED", NT_STATUS_LUIDS_EXHAUSTED}, + {"NT_STATUS_INVALID_SUB_AUTHORITY", + NT_STATUS_INVALID_SUB_AUTHORITY}, + {"NT_STATUS_INVALID_ACL", NT_STATUS_INVALID_ACL}, + {"NT_STATUS_INVALID_SID", NT_STATUS_INVALID_SID}, + {"NT_STATUS_INVALID_SECURITY_DESCR", + NT_STATUS_INVALID_SECURITY_DESCR}, + {"NT_STATUS_PROCEDURE_NOT_FOUND", NT_STATUS_PROCEDURE_NOT_FOUND}, + {"NT_STATUS_INVALID_IMAGE_FORMAT", NT_STATUS_INVALID_IMAGE_FORMAT}, + {"NT_STATUS_NO_TOKEN", NT_STATUS_NO_TOKEN}, + {"NT_STATUS_BAD_INHERITANCE_ACL", NT_STATUS_BAD_INHERITANCE_ACL}, + {"NT_STATUS_RANGE_NOT_LOCKED", NT_STATUS_RANGE_NOT_LOCKED}, + {"NT_STATUS_DISK_FULL", NT_STATUS_DISK_FULL}, + {"NT_STATUS_SERVER_DISABLED", NT_STATUS_SERVER_DISABLED}, + {"NT_STATUS_SERVER_NOT_DISABLED", NT_STATUS_SERVER_NOT_DISABLED}, + {"NT_STATUS_TOO_MANY_GUIDS_REQUESTED", + NT_STATUS_TOO_MANY_GUIDS_REQUESTED}, + {"NT_STATUS_GUIDS_EXHAUSTED", NT_STATUS_GUIDS_EXHAUSTED}, + {"NT_STATUS_INVALID_ID_AUTHORITY", NT_STATUS_INVALID_ID_AUTHORITY}, + {"NT_STATUS_AGENTS_EXHAUSTED", NT_STATUS_AGENTS_EXHAUSTED}, + {"NT_STATUS_INVALID_VOLUME_LABEL", NT_STATUS_INVALID_VOLUME_LABEL}, + {"NT_STATUS_SECTION_NOT_EXTENDED", NT_STATUS_SECTION_NOT_EXTENDED}, + {"NT_STATUS_NOT_MAPPED_DATA", NT_STATUS_NOT_MAPPED_DATA}, + {"NT_STATUS_RESOURCE_DATA_NOT_FOUND", + NT_STATUS_RESOURCE_DATA_NOT_FOUND}, + {"NT_STATUS_RESOURCE_TYPE_NOT_FOUND", + NT_STATUS_RESOURCE_TYPE_NOT_FOUND}, + {"NT_STATUS_RESOURCE_NAME_NOT_FOUND", + NT_STATUS_RESOURCE_NAME_NOT_FOUND}, + {"NT_STATUS_ARRAY_BOUNDS_EXCEEDED", + NT_STATUS_ARRAY_BOUNDS_EXCEEDED}, + {"NT_STATUS_FLOAT_DENORMAL_OPERAND", + NT_STATUS_FLOAT_DENORMAL_OPERAND}, + {"NT_STATUS_FLOAT_DIVIDE_BY_ZERO", NT_STATUS_FLOAT_DIVIDE_BY_ZERO}, + {"NT_STATUS_FLOAT_INEXACT_RESULT", NT_STATUS_FLOAT_INEXACT_RESULT}, + {"NT_STATUS_FLOAT_INVALID_OPERATION", + NT_STATUS_FLOAT_INVALID_OPERATION}, + {"NT_STATUS_FLOAT_OVERFLOW", NT_STATUS_FLOAT_OVERFLOW}, + {"NT_STATUS_FLOAT_STACK_CHECK", NT_STATUS_FLOAT_STACK_CHECK}, + {"NT_STATUS_FLOAT_UNDERFLOW", NT_STATUS_FLOAT_UNDERFLOW}, + {"NT_STATUS_INTEGER_DIVIDE_BY_ZERO", + NT_STATUS_INTEGER_DIVIDE_BY_ZERO}, + {"NT_STATUS_INTEGER_OVERFLOW", NT_STATUS_INTEGER_OVERFLOW}, + {"NT_STATUS_PRIVILEGED_INSTRUCTION", + NT_STATUS_PRIVILEGED_INSTRUCTION}, + {"NT_STATUS_TOO_MANY_PAGING_FILES", + NT_STATUS_TOO_MANY_PAGING_FILES}, + {"NT_STATUS_FILE_INVALID", NT_STATUS_FILE_INVALID}, + {"NT_STATUS_ALLOTTED_SPACE_EXCEEDED", + NT_STATUS_ALLOTTED_SPACE_EXCEEDED}, + {"NT_STATUS_INSUFFICIENT_RESOURCES", + NT_STATUS_INSUFFICIENT_RESOURCES}, + {"NT_STATUS_DFS_EXIT_PATH_FOUND", NT_STATUS_DFS_EXIT_PATH_FOUND}, + {"NT_STATUS_DEVICE_DATA_ERROR", NT_STATUS_DEVICE_DATA_ERROR}, + {"NT_STATUS_DEVICE_NOT_CONNECTED", NT_STATUS_DEVICE_NOT_CONNECTED}, + {"NT_STATUS_DEVICE_POWER_FAILURE", NT_STATUS_DEVICE_POWER_FAILURE}, + {"NT_STATUS_FREE_VM_NOT_AT_BASE", NT_STATUS_FREE_VM_NOT_AT_BASE}, + {"NT_STATUS_MEMORY_NOT_ALLOCATED", NT_STATUS_MEMORY_NOT_ALLOCATED}, + {"NT_STATUS_WORKING_SET_QUOTA", NT_STATUS_WORKING_SET_QUOTA}, + {"NT_STATUS_MEDIA_WRITE_PROTECTED", + NT_STATUS_MEDIA_WRITE_PROTECTED}, + {"NT_STATUS_DEVICE_NOT_READY", NT_STATUS_DEVICE_NOT_READY}, + {"NT_STATUS_INVALID_GROUP_ATTRIBUTES", + NT_STATUS_INVALID_GROUP_ATTRIBUTES}, + {"NT_STATUS_BAD_IMPERSONATION_LEVEL", + NT_STATUS_BAD_IMPERSONATION_LEVEL}, + {"NT_STATUS_CANT_OPEN_ANONYMOUS", NT_STATUS_CANT_OPEN_ANONYMOUS}, + {"NT_STATUS_BAD_VALIDATION_CLASS", NT_STATUS_BAD_VALIDATION_CLASS}, + {"NT_STATUS_BAD_TOKEN_TYPE", NT_STATUS_BAD_TOKEN_TYPE}, + {"NT_STATUS_BAD_MASTER_BOOT_RECORD", + NT_STATUS_BAD_MASTER_BOOT_RECORD}, + {"NT_STATUS_INSTRUCTION_MISALIGNMENT", + NT_STATUS_INSTRUCTION_MISALIGNMENT}, + {"NT_STATUS_INSTANCE_NOT_AVAILABLE", + NT_STATUS_INSTANCE_NOT_AVAILABLE}, + {"NT_STATUS_PIPE_NOT_AVAILABLE", NT_STATUS_PIPE_NOT_AVAILABLE}, + {"NT_STATUS_INVALID_PIPE_STATE", NT_STATUS_INVALID_PIPE_STATE}, + {"NT_STATUS_PIPE_BUSY", NT_STATUS_PIPE_BUSY}, + {"NT_STATUS_ILLEGAL_FUNCTION", NT_STATUS_ILLEGAL_FUNCTION}, + {"NT_STATUS_PIPE_DISCONNECTED", NT_STATUS_PIPE_DISCONNECTED}, + {"NT_STATUS_PIPE_CLOSING", NT_STATUS_PIPE_CLOSING}, + {"NT_STATUS_PIPE_CONNECTED", NT_STATUS_PIPE_CONNECTED}, + {"NT_STATUS_PIPE_LISTENING", NT_STATUS_PIPE_LISTENING}, + {"NT_STATUS_INVALID_READ_MODE", NT_STATUS_INVALID_READ_MODE}, + {"NT_STATUS_IO_TIMEOUT", NT_STATUS_IO_TIMEOUT}, + {"NT_STATUS_FILE_FORCED_CLOSED", NT_STATUS_FILE_FORCED_CLOSED}, + {"NT_STATUS_PROFILING_NOT_STARTED", + NT_STATUS_PROFILING_NOT_STARTED}, + {"NT_STATUS_PROFILING_NOT_STOPPED", + NT_STATUS_PROFILING_NOT_STOPPED}, + {"NT_STATUS_COULD_NOT_INTERPRET", NT_STATUS_COULD_NOT_INTERPRET}, + {"NT_STATUS_FILE_IS_A_DIRECTORY", NT_STATUS_FILE_IS_A_DIRECTORY}, + {"NT_STATUS_NOT_SUPPORTED", NT_STATUS_NOT_SUPPORTED}, + {"NT_STATUS_REMOTE_NOT_LISTENING", NT_STATUS_REMOTE_NOT_LISTENING}, + {"NT_STATUS_DUPLICATE_NAME", NT_STATUS_DUPLICATE_NAME}, + {"NT_STATUS_BAD_NETWORK_PATH", NT_STATUS_BAD_NETWORK_PATH}, + {"NT_STATUS_NETWORK_BUSY", NT_STATUS_NETWORK_BUSY}, + {"NT_STATUS_DEVICE_DOES_NOT_EXIST", + NT_STATUS_DEVICE_DOES_NOT_EXIST}, + {"NT_STATUS_TOO_MANY_COMMANDS", NT_STATUS_TOO_MANY_COMMANDS}, + {"NT_STATUS_ADAPTER_HARDWARE_ERROR", + NT_STATUS_ADAPTER_HARDWARE_ERROR}, + {"NT_STATUS_INVALID_NETWORK_RESPONSE", + NT_STATUS_INVALID_NETWORK_RESPONSE}, + {"NT_STATUS_UNEXPECTED_NETWORK_ERROR", + NT_STATUS_UNEXPECTED_NETWORK_ERROR}, + {"NT_STATUS_BAD_REMOTE_ADAPTER", NT_STATUS_BAD_REMOTE_ADAPTER}, + {"NT_STATUS_PRINT_QUEUE_FULL", NT_STATUS_PRINT_QUEUE_FULL}, + {"NT_STATUS_NO_SPOOL_SPACE", NT_STATUS_NO_SPOOL_SPACE}, + {"NT_STATUS_PRINT_CANCELLED", NT_STATUS_PRINT_CANCELLED}, + {"NT_STATUS_NETWORK_NAME_DELETED", NT_STATUS_NETWORK_NAME_DELETED}, + {"NT_STATUS_NETWORK_ACCESS_DENIED", + NT_STATUS_NETWORK_ACCESS_DENIED}, + {"NT_STATUS_BAD_DEVICE_TYPE", NT_STATUS_BAD_DEVICE_TYPE}, + {"NT_STATUS_BAD_NETWORK_NAME", NT_STATUS_BAD_NETWORK_NAME}, + {"NT_STATUS_TOO_MANY_NAMES", NT_STATUS_TOO_MANY_NAMES}, + {"NT_STATUS_TOO_MANY_SESSIONS", NT_STATUS_TOO_MANY_SESSIONS}, + {"NT_STATUS_SHARING_PAUSED", NT_STATUS_SHARING_PAUSED}, + {"NT_STATUS_REQUEST_NOT_ACCEPTED", NT_STATUS_REQUEST_NOT_ACCEPTED}, + {"NT_STATUS_REDIRECTOR_PAUSED", NT_STATUS_REDIRECTOR_PAUSED}, + {"NT_STATUS_NET_WRITE_FAULT", NT_STATUS_NET_WRITE_FAULT}, + {"NT_STATUS_PROFILING_AT_LIMIT", NT_STATUS_PROFILING_AT_LIMIT}, + {"NT_STATUS_NOT_SAME_DEVICE", NT_STATUS_NOT_SAME_DEVICE}, + {"NT_STATUS_FILE_RENAMED", NT_STATUS_FILE_RENAMED}, + {"NT_STATUS_VIRTUAL_CIRCUIT_CLOSED", + NT_STATUS_VIRTUAL_CIRCUIT_CLOSED}, + {"NT_STATUS_NO_SECURITY_ON_OBJECT", + NT_STATUS_NO_SECURITY_ON_OBJECT}, + {"NT_STATUS_CANT_WAIT", NT_STATUS_CANT_WAIT}, + {"NT_STATUS_PIPE_EMPTY", NT_STATUS_PIPE_EMPTY}, + {"NT_STATUS_CANT_ACCESS_DOMAIN_INFO", + NT_STATUS_CANT_ACCESS_DOMAIN_INFO}, + {"NT_STATUS_CANT_TERMINATE_SELF", NT_STATUS_CANT_TERMINATE_SELF}, + {"NT_STATUS_INVALID_SERVER_STATE", NT_STATUS_INVALID_SERVER_STATE}, + {"NT_STATUS_INVALID_DOMAIN_STATE", NT_STATUS_INVALID_DOMAIN_STATE}, + {"NT_STATUS_INVALID_DOMAIN_ROLE", NT_STATUS_INVALID_DOMAIN_ROLE}, + {"NT_STATUS_NO_SUCH_DOMAIN", NT_STATUS_NO_SUCH_DOMAIN}, + {"NT_STATUS_DOMAIN_EXISTS", NT_STATUS_DOMAIN_EXISTS}, + {"NT_STATUS_DOMAIN_LIMIT_EXCEEDED", + NT_STATUS_DOMAIN_LIMIT_EXCEEDED}, + {"NT_STATUS_OPLOCK_NOT_GRANTED", NT_STATUS_OPLOCK_NOT_GRANTED}, + {"NT_STATUS_INVALID_OPLOCK_PROTOCOL", + NT_STATUS_INVALID_OPLOCK_PROTOCOL}, + {"NT_STATUS_INTERNAL_DB_CORRUPTION", + NT_STATUS_INTERNAL_DB_CORRUPTION}, + {"NT_STATUS_INTERNAL_ERROR", NT_STATUS_INTERNAL_ERROR}, + {"NT_STATUS_GENERIC_NOT_MAPPED", NT_STATUS_GENERIC_NOT_MAPPED}, + {"NT_STATUS_BAD_DESCRIPTOR_FORMAT", + NT_STATUS_BAD_DESCRIPTOR_FORMAT}, + {"NT_STATUS_INVALID_USER_BUFFER", NT_STATUS_INVALID_USER_BUFFER}, + {"NT_STATUS_UNEXPECTED_IO_ERROR", NT_STATUS_UNEXPECTED_IO_ERROR}, + {"NT_STATUS_UNEXPECTED_MM_CREATE_ERR", + NT_STATUS_UNEXPECTED_MM_CREATE_ERR}, + {"NT_STATUS_UNEXPECTED_MM_MAP_ERROR", + NT_STATUS_UNEXPECTED_MM_MAP_ERROR}, + {"NT_STATUS_UNEXPECTED_MM_EXTEND_ERR", + NT_STATUS_UNEXPECTED_MM_EXTEND_ERR}, + {"NT_STATUS_NOT_LOGON_PROCESS", NT_STATUS_NOT_LOGON_PROCESS}, + {"NT_STATUS_LOGON_SESSION_EXISTS", NT_STATUS_LOGON_SESSION_EXISTS}, + {"NT_STATUS_INVALID_PARAMETER_1", NT_STATUS_INVALID_PARAMETER_1}, + {"NT_STATUS_INVALID_PARAMETER_2", NT_STATUS_INVALID_PARAMETER_2}, + {"NT_STATUS_INVALID_PARAMETER_3", NT_STATUS_INVALID_PARAMETER_3}, + {"NT_STATUS_INVALID_PARAMETER_4", NT_STATUS_INVALID_PARAMETER_4}, + {"NT_STATUS_INVALID_PARAMETER_5", NT_STATUS_INVALID_PARAMETER_5}, + {"NT_STATUS_INVALID_PARAMETER_6", NT_STATUS_INVALID_PARAMETER_6}, + {"NT_STATUS_INVALID_PARAMETER_7", NT_STATUS_INVALID_PARAMETER_7}, + {"NT_STATUS_INVALID_PARAMETER_8", NT_STATUS_INVALID_PARAMETER_8}, + {"NT_STATUS_INVALID_PARAMETER_9", NT_STATUS_INVALID_PARAMETER_9}, + {"NT_STATUS_INVALID_PARAMETER_10", NT_STATUS_INVALID_PARAMETER_10}, + {"NT_STATUS_INVALID_PARAMETER_11", NT_STATUS_INVALID_PARAMETER_11}, + {"NT_STATUS_INVALID_PARAMETER_12", NT_STATUS_INVALID_PARAMETER_12}, + {"NT_STATUS_REDIRECTOR_NOT_STARTED", + NT_STATUS_REDIRECTOR_NOT_STARTED}, + {"NT_STATUS_REDIRECTOR_STARTED", NT_STATUS_REDIRECTOR_STARTED}, + {"NT_STATUS_STACK_OVERFLOW", NT_STATUS_STACK_OVERFLOW}, + {"NT_STATUS_NO_SUCH_PACKAGE", NT_STATUS_NO_SUCH_PACKAGE}, + {"NT_STATUS_BAD_FUNCTION_TABLE", NT_STATUS_BAD_FUNCTION_TABLE}, + {"NT_STATUS_DIRECTORY_NOT_EMPTY", NT_STATUS_DIRECTORY_NOT_EMPTY}, + {"NT_STATUS_FILE_CORRUPT_ERROR", NT_STATUS_FILE_CORRUPT_ERROR}, + {"NT_STATUS_NOT_A_DIRECTORY", NT_STATUS_NOT_A_DIRECTORY}, + {"NT_STATUS_BAD_LOGON_SESSION_STATE", + NT_STATUS_BAD_LOGON_SESSION_STATE}, + {"NT_STATUS_LOGON_SESSION_COLLISION", + NT_STATUS_LOGON_SESSION_COLLISION}, + {"NT_STATUS_NAME_TOO_LONG", NT_STATUS_NAME_TOO_LONG}, + {"NT_STATUS_FILES_OPEN", NT_STATUS_FILES_OPEN}, + {"NT_STATUS_CONNECTION_IN_USE", NT_STATUS_CONNECTION_IN_USE}, + {"NT_STATUS_MESSAGE_NOT_FOUND", NT_STATUS_MESSAGE_NOT_FOUND}, + {"NT_STATUS_PROCESS_IS_TERMINATING", + NT_STATUS_PROCESS_IS_TERMINATING}, + {"NT_STATUS_INVALID_LOGON_TYPE", NT_STATUS_INVALID_LOGON_TYPE}, + {"NT_STATUS_NO_GUID_TRANSLATION", NT_STATUS_NO_GUID_TRANSLATION}, + {"NT_STATUS_CANNOT_IMPERSONATE", NT_STATUS_CANNOT_IMPERSONATE}, + {"NT_STATUS_IMAGE_ALREADY_LOADED", NT_STATUS_IMAGE_ALREADY_LOADED}, + {"NT_STATUS_ABIOS_NOT_PRESENT", NT_STATUS_ABIOS_NOT_PRESENT}, + {"NT_STATUS_ABIOS_LID_NOT_EXIST", NT_STATUS_ABIOS_LID_NOT_EXIST}, + {"NT_STATUS_ABIOS_LID_ALREADY_OWNED", + NT_STATUS_ABIOS_LID_ALREADY_OWNED}, + {"NT_STATUS_ABIOS_NOT_LID_OWNER", NT_STATUS_ABIOS_NOT_LID_OWNER}, + {"NT_STATUS_ABIOS_INVALID_COMMAND", + NT_STATUS_ABIOS_INVALID_COMMAND}, + {"NT_STATUS_ABIOS_INVALID_LID", NT_STATUS_ABIOS_INVALID_LID}, + {"NT_STATUS_ABIOS_SELECTOR_NOT_AVAILABLE", + NT_STATUS_ABIOS_SELECTOR_NOT_AVAILABLE}, + {"NT_STATUS_ABIOS_INVALID_SELECTOR", + NT_STATUS_ABIOS_INVALID_SELECTOR}, + {"NT_STATUS_NO_LDT", NT_STATUS_NO_LDT}, + {"NT_STATUS_INVALID_LDT_SIZE", NT_STATUS_INVALID_LDT_SIZE}, + {"NT_STATUS_INVALID_LDT_OFFSET", NT_STATUS_INVALID_LDT_OFFSET}, + {"NT_STATUS_INVALID_LDT_DESCRIPTOR", + NT_STATUS_INVALID_LDT_DESCRIPTOR}, + {"NT_STATUS_INVALID_IMAGE_NE_FORMAT", + NT_STATUS_INVALID_IMAGE_NE_FORMAT}, + {"NT_STATUS_RXACT_INVALID_STATE", NT_STATUS_RXACT_INVALID_STATE}, + {"NT_STATUS_RXACT_COMMIT_FAILURE", NT_STATUS_RXACT_COMMIT_FAILURE}, + {"NT_STATUS_MAPPED_FILE_SIZE_ZERO", + NT_STATUS_MAPPED_FILE_SIZE_ZERO}, + {"NT_STATUS_TOO_MANY_OPENED_FILES", + NT_STATUS_TOO_MANY_OPENED_FILES}, + {"NT_STATUS_CANCELLED", NT_STATUS_CANCELLED}, + {"NT_STATUS_CANNOT_DELETE", NT_STATUS_CANNOT_DELETE}, + {"NT_STATUS_INVALID_COMPUTER_NAME", + NT_STATUS_INVALID_COMPUTER_NAME}, + {"NT_STATUS_FILE_DELETED", NT_STATUS_FILE_DELETED}, + {"NT_STATUS_SPECIAL_ACCOUNT", NT_STATUS_SPECIAL_ACCOUNT}, + {"NT_STATUS_SPECIAL_GROUP", NT_STATUS_SPECIAL_GROUP}, + {"NT_STATUS_SPECIAL_USER", NT_STATUS_SPECIAL_USER}, + {"NT_STATUS_MEMBERS_PRIMARY_GROUP", + NT_STATUS_MEMBERS_PRIMARY_GROUP}, + {"NT_STATUS_FILE_CLOSED", NT_STATUS_FILE_CLOSED}, + {"NT_STATUS_TOO_MANY_THREADS", NT_STATUS_TOO_MANY_THREADS}, + {"NT_STATUS_THREAD_NOT_IN_PROCESS", + NT_STATUS_THREAD_NOT_IN_PROCESS}, + {"NT_STATUS_TOKEN_ALREADY_IN_USE", NT_STATUS_TOKEN_ALREADY_IN_USE}, + {"NT_STATUS_PAGEFILE_QUOTA_EXCEEDED", + NT_STATUS_PAGEFILE_QUOTA_EXCEEDED}, + {"NT_STATUS_COMMITMENT_LIMIT", NT_STATUS_COMMITMENT_LIMIT}, + {"NT_STATUS_INVALID_IMAGE_LE_FORMAT", + NT_STATUS_INVALID_IMAGE_LE_FORMAT}, + {"NT_STATUS_INVALID_IMAGE_NOT_MZ", NT_STATUS_INVALID_IMAGE_NOT_MZ}, + {"NT_STATUS_INVALID_IMAGE_PROTECT", + NT_STATUS_INVALID_IMAGE_PROTECT}, + {"NT_STATUS_INVALID_IMAGE_WIN_16", NT_STATUS_INVALID_IMAGE_WIN_16}, + {"NT_STATUS_LOGON_SERVER_CONFLICT", + NT_STATUS_LOGON_SERVER_CONFLICT}, + {"NT_STATUS_TIME_DIFFERENCE_AT_DC", + NT_STATUS_TIME_DIFFERENCE_AT_DC}, + {"NT_STATUS_SYNCHRONIZATION_REQUIRED", + NT_STATUS_SYNCHRONIZATION_REQUIRED}, + {"NT_STATUS_DLL_NOT_FOUND", NT_STATUS_DLL_NOT_FOUND}, + {"NT_STATUS_OPEN_FAILED", NT_STATUS_OPEN_FAILED}, + {"NT_STATUS_IO_PRIVILEGE_FAILED", NT_STATUS_IO_PRIVILEGE_FAILED}, + {"NT_STATUS_ORDINAL_NOT_FOUND", NT_STATUS_ORDINAL_NOT_FOUND}, + {"NT_STATUS_ENTRYPOINT_NOT_FOUND", NT_STATUS_ENTRYPOINT_NOT_FOUND}, + {"NT_STATUS_CONTROL_C_EXIT", NT_STATUS_CONTROL_C_EXIT}, + {"NT_STATUS_LOCAL_DISCONNECT", NT_STATUS_LOCAL_DISCONNECT}, + {"NT_STATUS_REMOTE_DISCONNECT", NT_STATUS_REMOTE_DISCONNECT}, + {"NT_STATUS_REMOTE_RESOURCES", NT_STATUS_REMOTE_RESOURCES}, + {"NT_STATUS_LINK_FAILED", NT_STATUS_LINK_FAILED}, + {"NT_STATUS_LINK_TIMEOUT", NT_STATUS_LINK_TIMEOUT}, + {"NT_STATUS_INVALID_CONNECTION", NT_STATUS_INVALID_CONNECTION}, + {"NT_STATUS_INVALID_ADDRESS", NT_STATUS_INVALID_ADDRESS}, + {"NT_STATUS_DLL_INIT_FAILED", NT_STATUS_DLL_INIT_FAILED}, + {"NT_STATUS_MISSING_SYSTEMFILE", NT_STATUS_MISSING_SYSTEMFILE}, + {"NT_STATUS_UNHANDLED_EXCEPTION", NT_STATUS_UNHANDLED_EXCEPTION}, + {"NT_STATUS_APP_INIT_FAILURE", NT_STATUS_APP_INIT_FAILURE}, + {"NT_STATUS_PAGEFILE_CREATE_FAILED", + NT_STATUS_PAGEFILE_CREATE_FAILED}, + {"NT_STATUS_NO_PAGEFILE", NT_STATUS_NO_PAGEFILE}, + {"NT_STATUS_INVALID_LEVEL", NT_STATUS_INVALID_LEVEL}, + {"NT_STATUS_WRONG_PASSWORD_CORE", NT_STATUS_WRONG_PASSWORD_CORE}, + {"NT_STATUS_ILLEGAL_FLOAT_CONTEXT", + NT_STATUS_ILLEGAL_FLOAT_CONTEXT}, + {"NT_STATUS_PIPE_BROKEN", NT_STATUS_PIPE_BROKEN}, + {"NT_STATUS_REGISTRY_CORRUPT", NT_STATUS_REGISTRY_CORRUPT}, + {"NT_STATUS_REGISTRY_IO_FAILED", NT_STATUS_REGISTRY_IO_FAILED}, + {"NT_STATUS_NO_EVENT_PAIR", NT_STATUS_NO_EVENT_PAIR}, + {"NT_STATUS_UNRECOGNIZED_VOLUME", NT_STATUS_UNRECOGNIZED_VOLUME}, + {"NT_STATUS_SERIAL_NO_DEVICE_INITED", + NT_STATUS_SERIAL_NO_DEVICE_INITED}, + {"NT_STATUS_NO_SUCH_ALIAS", NT_STATUS_NO_SUCH_ALIAS}, + {"NT_STATUS_MEMBER_NOT_IN_ALIAS", NT_STATUS_MEMBER_NOT_IN_ALIAS}, + {"NT_STATUS_MEMBER_IN_ALIAS", NT_STATUS_MEMBER_IN_ALIAS}, + {"NT_STATUS_ALIAS_EXISTS", NT_STATUS_ALIAS_EXISTS}, + {"NT_STATUS_LOGON_NOT_GRANTED", NT_STATUS_LOGON_NOT_GRANTED}, + {"NT_STATUS_TOO_MANY_SECRETS", NT_STATUS_TOO_MANY_SECRETS}, + {"NT_STATUS_SECRET_TOO_LONG", NT_STATUS_SECRET_TOO_LONG}, + {"NT_STATUS_INTERNAL_DB_ERROR", NT_STATUS_INTERNAL_DB_ERROR}, + {"NT_STATUS_FULLSCREEN_MODE", NT_STATUS_FULLSCREEN_MODE}, + {"NT_STATUS_TOO_MANY_CONTEXT_IDS", NT_STATUS_TOO_MANY_CONTEXT_IDS}, + {"NT_STATUS_LOGON_TYPE_NOT_GRANTED", + NT_STATUS_LOGON_TYPE_NOT_GRANTED}, + {"NT_STATUS_NOT_REGISTRY_FILE", NT_STATUS_NOT_REGISTRY_FILE}, + {"NT_STATUS_NT_CROSS_ENCRYPTION_REQUIRED", + NT_STATUS_NT_CROSS_ENCRYPTION_REQUIRED}, + {"NT_STATUS_DOMAIN_CTRLR_CONFIG_ERROR", + NT_STATUS_DOMAIN_CTRLR_CONFIG_ERROR}, + {"NT_STATUS_FT_MISSING_MEMBER", NT_STATUS_FT_MISSING_MEMBER}, + {"NT_STATUS_ILL_FORMED_SERVICE_ENTRY", + NT_STATUS_ILL_FORMED_SERVICE_ENTRY}, + {"NT_STATUS_ILLEGAL_CHARACTER", NT_STATUS_ILLEGAL_CHARACTER}, + {"NT_STATUS_UNMAPPABLE_CHARACTER", NT_STATUS_UNMAPPABLE_CHARACTER}, + {"NT_STATUS_UNDEFINED_CHARACTER", NT_STATUS_UNDEFINED_CHARACTER}, + {"NT_STATUS_FLOPPY_VOLUME", NT_STATUS_FLOPPY_VOLUME}, + {"NT_STATUS_FLOPPY_ID_MARK_NOT_FOUND", + NT_STATUS_FLOPPY_ID_MARK_NOT_FOUND}, + {"NT_STATUS_FLOPPY_WRONG_CYLINDER", + NT_STATUS_FLOPPY_WRONG_CYLINDER}, + {"NT_STATUS_FLOPPY_UNKNOWN_ERROR", NT_STATUS_FLOPPY_UNKNOWN_ERROR}, + {"NT_STATUS_FLOPPY_BAD_REGISTERS", NT_STATUS_FLOPPY_BAD_REGISTERS}, + {"NT_STATUS_DISK_RECALIBRATE_FAILED", + NT_STATUS_DISK_RECALIBRATE_FAILED}, + {"NT_STATUS_DISK_OPERATION_FAILED", + NT_STATUS_DISK_OPERATION_FAILED}, + {"NT_STATUS_DISK_RESET_FAILED", NT_STATUS_DISK_RESET_FAILED}, + {"NT_STATUS_SHARED_IRQ_BUSY", NT_STATUS_SHARED_IRQ_BUSY}, + {"NT_STATUS_FT_ORPHANING", NT_STATUS_FT_ORPHANING}, + {"NT_STATUS_PARTITION_FAILURE", NT_STATUS_PARTITION_FAILURE}, + {"NT_STATUS_INVALID_BLOCK_LENGTH", NT_STATUS_INVALID_BLOCK_LENGTH}, + {"NT_STATUS_DEVICE_NOT_PARTITIONED", + NT_STATUS_DEVICE_NOT_PARTITIONED}, + {"NT_STATUS_UNABLE_TO_LOCK_MEDIA", NT_STATUS_UNABLE_TO_LOCK_MEDIA}, + {"NT_STATUS_UNABLE_TO_UNLOAD_MEDIA", + NT_STATUS_UNABLE_TO_UNLOAD_MEDIA}, + {"NT_STATUS_EOM_OVERFLOW", NT_STATUS_EOM_OVERFLOW}, + {"NT_STATUS_NO_MEDIA", NT_STATUS_NO_MEDIA}, + {"NT_STATUS_NO_SUCH_MEMBER", NT_STATUS_NO_SUCH_MEMBER}, + {"NT_STATUS_INVALID_MEMBER", NT_STATUS_INVALID_MEMBER}, + {"NT_STATUS_KEY_DELETED", NT_STATUS_KEY_DELETED}, + {"NT_STATUS_NO_LOG_SPACE", NT_STATUS_NO_LOG_SPACE}, + {"NT_STATUS_TOO_MANY_SIDS", NT_STATUS_TOO_MANY_SIDS}, + {"NT_STATUS_LM_CROSS_ENCRYPTION_REQUIRED", + NT_STATUS_LM_CROSS_ENCRYPTION_REQUIRED}, + {"NT_STATUS_KEY_HAS_CHILDREN", NT_STATUS_KEY_HAS_CHILDREN}, + {"NT_STATUS_CHILD_MUST_BE_VOLATILE", + NT_STATUS_CHILD_MUST_BE_VOLATILE}, + {"NT_STATUS_DEVICE_CONFIGURATION_ERROR", + NT_STATUS_DEVICE_CONFIGURATION_ERROR}, + {"NT_STATUS_DRIVER_INTERNAL_ERROR", + NT_STATUS_DRIVER_INTERNAL_ERROR}, + {"NT_STATUS_INVALID_DEVICE_STATE", NT_STATUS_INVALID_DEVICE_STATE}, + {"NT_STATUS_IO_DEVICE_ERROR", NT_STATUS_IO_DEVICE_ERROR}, + {"NT_STATUS_DEVICE_PROTOCOL_ERROR", + NT_STATUS_DEVICE_PROTOCOL_ERROR}, + {"NT_STATUS_BACKUP_CONTROLLER", NT_STATUS_BACKUP_CONTROLLER}, + {"NT_STATUS_LOG_FILE_FULL", NT_STATUS_LOG_FILE_FULL}, + {"NT_STATUS_TOO_LATE", NT_STATUS_TOO_LATE}, + {"NT_STATUS_NO_TRUST_LSA_SECRET", NT_STATUS_NO_TRUST_LSA_SECRET}, + {"NT_STATUS_NO_TRUST_SAM_ACCOUNT", NT_STATUS_NO_TRUST_SAM_ACCOUNT}, + {"NT_STATUS_TRUSTED_DOMAIN_FAILURE", + NT_STATUS_TRUSTED_DOMAIN_FAILURE}, + {"NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE", + NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE}, + {"NT_STATUS_EVENTLOG_FILE_CORRUPT", + NT_STATUS_EVENTLOG_FILE_CORRUPT}, + {"NT_STATUS_EVENTLOG_CANT_START", NT_STATUS_EVENTLOG_CANT_START}, + {"NT_STATUS_TRUST_FAILURE", NT_STATUS_TRUST_FAILURE}, + {"NT_STATUS_MUTANT_LIMIT_EXCEEDED", + NT_STATUS_MUTANT_LIMIT_EXCEEDED}, + {"NT_STATUS_NETLOGON_NOT_STARTED", NT_STATUS_NETLOGON_NOT_STARTED}, + {"NT_STATUS_ACCOUNT_EXPIRED", NT_STATUS_ACCOUNT_EXPIRED}, + {"NT_STATUS_POSSIBLE_DEADLOCK", NT_STATUS_POSSIBLE_DEADLOCK}, + {"NT_STATUS_NETWORK_CREDENTIAL_CONFLICT", + NT_STATUS_NETWORK_CREDENTIAL_CONFLICT}, + {"NT_STATUS_REMOTE_SESSION_LIMIT", NT_STATUS_REMOTE_SESSION_LIMIT}, + {"NT_STATUS_EVENTLOG_FILE_CHANGED", + NT_STATUS_EVENTLOG_FILE_CHANGED}, + {"NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT", + NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT}, + {"NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT", + NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT}, + {"NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT", + NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT}, + {"NT_STATUS_DOMAIN_TRUST_INCONSISTENT", + NT_STATUS_DOMAIN_TRUST_INCONSISTENT}, + {"NT_STATUS_FS_DRIVER_REQUIRED", NT_STATUS_FS_DRIVER_REQUIRED}, + {"NT_STATUS_NO_USER_SESSION_KEY", NT_STATUS_NO_USER_SESSION_KEY}, + {"NT_STATUS_USER_SESSION_DELETED", NT_STATUS_USER_SESSION_DELETED}, + {"NT_STATUS_RESOURCE_LANG_NOT_FOUND", + NT_STATUS_RESOURCE_LANG_NOT_FOUND}, + {"NT_STATUS_INSUFF_SERVER_RESOURCES", + NT_STATUS_INSUFF_SERVER_RESOURCES}, + {"NT_STATUS_INVALID_BUFFER_SIZE", NT_STATUS_INVALID_BUFFER_SIZE}, + {"NT_STATUS_INVALID_ADDRESS_COMPONENT", + NT_STATUS_INVALID_ADDRESS_COMPONENT}, + {"NT_STATUS_INVALID_ADDRESS_WILDCARD", + NT_STATUS_INVALID_ADDRESS_WILDCARD}, + {"NT_STATUS_TOO_MANY_ADDRESSES", NT_STATUS_TOO_MANY_ADDRESSES}, + {"NT_STATUS_ADDRESS_ALREADY_EXISTS", + NT_STATUS_ADDRESS_ALREADY_EXISTS}, + {"NT_STATUS_ADDRESS_CLOSED", NT_STATUS_ADDRESS_CLOSED}, + {"NT_STATUS_CONNECTION_DISCONNECTED", + NT_STATUS_CONNECTION_DISCONNECTED}, + {"NT_STATUS_CONNECTION_RESET", NT_STATUS_CONNECTION_RESET}, + {"NT_STATUS_TOO_MANY_NODES", NT_STATUS_TOO_MANY_NODES}, + {"NT_STATUS_TRANSACTION_ABORTED", NT_STATUS_TRANSACTION_ABORTED}, + {"NT_STATUS_TRANSACTION_TIMED_OUT", + NT_STATUS_TRANSACTION_TIMED_OUT}, + {"NT_STATUS_TRANSACTION_NO_RELEASE", + NT_STATUS_TRANSACTION_NO_RELEASE}, + {"NT_STATUS_TRANSACTION_NO_MATCH", NT_STATUS_TRANSACTION_NO_MATCH}, + {"NT_STATUS_TRANSACTION_RESPONDED", + NT_STATUS_TRANSACTION_RESPONDED}, + {"NT_STATUS_TRANSACTION_INVALID_ID", + NT_STATUS_TRANSACTION_INVALID_ID}, + {"NT_STATUS_TRANSACTION_INVALID_TYPE", + NT_STATUS_TRANSACTION_INVALID_TYPE}, + {"NT_STATUS_NOT_SERVER_SESSION", NT_STATUS_NOT_SERVER_SESSION}, + {"NT_STATUS_NOT_CLIENT_SESSION", NT_STATUS_NOT_CLIENT_SESSION}, + {"NT_STATUS_CANNOT_LOAD_REGISTRY_FILE", + NT_STATUS_CANNOT_LOAD_REGISTRY_FILE}, + {"NT_STATUS_DEBUG_ATTACH_FAILED", NT_STATUS_DEBUG_ATTACH_FAILED}, + {"NT_STATUS_SYSTEM_PROCESS_TERMINATED", + NT_STATUS_SYSTEM_PROCESS_TERMINATED}, + {"NT_STATUS_DATA_NOT_ACCEPTED", NT_STATUS_DATA_NOT_ACCEPTED}, + {"NT_STATUS_NO_BROWSER_SERVERS_FOUND", + NT_STATUS_NO_BROWSER_SERVERS_FOUND}, + {"NT_STATUS_VDM_HARD_ERROR", NT_STATUS_VDM_HARD_ERROR}, + {"NT_STATUS_DRIVER_CANCEL_TIMEOUT", + NT_STATUS_DRIVER_CANCEL_TIMEOUT}, + {"NT_STATUS_REPLY_MESSAGE_MISMATCH", + NT_STATUS_REPLY_MESSAGE_MISMATCH}, + {"NT_STATUS_MAPPED_ALIGNMENT", NT_STATUS_MAPPED_ALIGNMENT}, + {"NT_STATUS_IMAGE_CHECKSUM_MISMATCH", + NT_STATUS_IMAGE_CHECKSUM_MISMATCH}, + {"NT_STATUS_LOST_WRITEBEHIND_DATA", + NT_STATUS_LOST_WRITEBEHIND_DATA}, + {"NT_STATUS_CLIENT_SERVER_PARAMETERS_INVALID", + NT_STATUS_CLIENT_SERVER_PARAMETERS_INVALID}, + {"NT_STATUS_PASSWORD_MUST_CHANGE", NT_STATUS_PASSWORD_MUST_CHANGE}, + {"NT_STATUS_NOT_FOUND", NT_STATUS_NOT_FOUND}, + {"NT_STATUS_NOT_TINY_STREAM", NT_STATUS_NOT_TINY_STREAM}, + {"NT_STATUS_RECOVERY_FAILURE", NT_STATUS_RECOVERY_FAILURE}, + {"NT_STATUS_STACK_OVERFLOW_READ", NT_STATUS_STACK_OVERFLOW_READ}, + {"NT_STATUS_FAIL_CHECK", NT_STATUS_FAIL_CHECK}, + {"NT_STATUS_DUPLICATE_OBJECTID", NT_STATUS_DUPLICATE_OBJECTID}, + {"NT_STATUS_OBJECTID_EXISTS", NT_STATUS_OBJECTID_EXISTS}, + {"NT_STATUS_CONVERT_TO_LARGE", NT_STATUS_CONVERT_TO_LARGE}, + {"NT_STATUS_RETRY", NT_STATUS_RETRY}, + {"NT_STATUS_FOUND_OUT_OF_SCOPE", NT_STATUS_FOUND_OUT_OF_SCOPE}, + {"NT_STATUS_ALLOCATE_BUCKET", NT_STATUS_ALLOCATE_BUCKET}, + {"NT_STATUS_PROPSET_NOT_FOUND", NT_STATUS_PROPSET_NOT_FOUND}, + {"NT_STATUS_MARSHALL_OVERFLOW", NT_STATUS_MARSHALL_OVERFLOW}, + {"NT_STATUS_INVALID_VARIANT", NT_STATUS_INVALID_VARIANT}, + {"NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND", + NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND}, + {"NT_STATUS_ACCOUNT_LOCKED_OUT", NT_STATUS_ACCOUNT_LOCKED_OUT}, + {"NT_STATUS_HANDLE_NOT_CLOSABLE", NT_STATUS_HANDLE_NOT_CLOSABLE}, + {"NT_STATUS_CONNECTION_REFUSED", NT_STATUS_CONNECTION_REFUSED}, + {"NT_STATUS_GRACEFUL_DISCONNECT", NT_STATUS_GRACEFUL_DISCONNECT}, + {"NT_STATUS_ADDRESS_ALREADY_ASSOCIATED", + NT_STATUS_ADDRESS_ALREADY_ASSOCIATED}, + {"NT_STATUS_ADDRESS_NOT_ASSOCIATED", + NT_STATUS_ADDRESS_NOT_ASSOCIATED}, + {"NT_STATUS_CONNECTION_INVALID", NT_STATUS_CONNECTION_INVALID}, + {"NT_STATUS_CONNECTION_ACTIVE", NT_STATUS_CONNECTION_ACTIVE}, + {"NT_STATUS_NETWORK_UNREACHABLE", NT_STATUS_NETWORK_UNREACHABLE}, + {"NT_STATUS_HOST_UNREACHABLE", NT_STATUS_HOST_UNREACHABLE}, + {"NT_STATUS_PROTOCOL_UNREACHABLE", NT_STATUS_PROTOCOL_UNREACHABLE}, + {"NT_STATUS_PORT_UNREACHABLE", NT_STATUS_PORT_UNREACHABLE}, + {"NT_STATUS_REQUEST_ABORTED", NT_STATUS_REQUEST_ABORTED}, + {"NT_STATUS_CONNECTION_ABORTED", NT_STATUS_CONNECTION_ABORTED}, + {"NT_STATUS_BAD_COMPRESSION_BUFFER", + NT_STATUS_BAD_COMPRESSION_BUFFER}, + {"NT_STATUS_USER_MAPPED_FILE", NT_STATUS_USER_MAPPED_FILE}, + {"NT_STATUS_AUDIT_FAILED", NT_STATUS_AUDIT_FAILED}, + {"NT_STATUS_TIMER_RESOLUTION_NOT_SET", + NT_STATUS_TIMER_RESOLUTION_NOT_SET}, + {"NT_STATUS_CONNECTION_COUNT_LIMIT", + NT_STATUS_CONNECTION_COUNT_LIMIT}, + {"NT_STATUS_LOGIN_TIME_RESTRICTION", + NT_STATUS_LOGIN_TIME_RESTRICTION}, + {"NT_STATUS_LOGIN_WKSTA_RESTRICTION", + NT_STATUS_LOGIN_WKSTA_RESTRICTION}, + {"NT_STATUS_IMAGE_MP_UP_MISMATCH", NT_STATUS_IMAGE_MP_UP_MISMATCH}, + {"NT_STATUS_INSUFFICIENT_LOGON_INFO", + NT_STATUS_INSUFFICIENT_LOGON_INFO}, + {"NT_STATUS_BAD_DLL_ENTRYPOINT", NT_STATUS_BAD_DLL_ENTRYPOINT}, + {"NT_STATUS_BAD_SERVICE_ENTRYPOINT", + NT_STATUS_BAD_SERVICE_ENTRYPOINT}, + {"NT_STATUS_LPC_REPLY_LOST", NT_STATUS_LPC_REPLY_LOST}, + {"NT_STATUS_IP_ADDRESS_CONFLICT1", NT_STATUS_IP_ADDRESS_CONFLICT1}, + {"NT_STATUS_IP_ADDRESS_CONFLICT2", NT_STATUS_IP_ADDRESS_CONFLICT2}, + {"NT_STATUS_REGISTRY_QUOTA_LIMIT", NT_STATUS_REGISTRY_QUOTA_LIMIT}, + {"NT_STATUS_PATH_NOT_COVERED", NT_STATUS_PATH_NOT_COVERED}, + {"NT_STATUS_NO_CALLBACK_ACTIVE", NT_STATUS_NO_CALLBACK_ACTIVE}, + {"NT_STATUS_LICENSE_QUOTA_EXCEEDED", + NT_STATUS_LICENSE_QUOTA_EXCEEDED}, + {"NT_STATUS_PWD_TOO_SHORT", NT_STATUS_PWD_TOO_SHORT}, + {"NT_STATUS_PWD_TOO_RECENT", NT_STATUS_PWD_TOO_RECENT}, + {"NT_STATUS_PWD_HISTORY_CONFLICT", NT_STATUS_PWD_HISTORY_CONFLICT}, + {"NT_STATUS_PLUGPLAY_NO_DEVICE", NT_STATUS_PLUGPLAY_NO_DEVICE}, + {"NT_STATUS_UNSUPPORTED_COMPRESSION", + NT_STATUS_UNSUPPORTED_COMPRESSION}, + {"NT_STATUS_INVALID_HW_PROFILE", NT_STATUS_INVALID_HW_PROFILE}, + {"NT_STATUS_INVALID_PLUGPLAY_DEVICE_PATH", + NT_STATUS_INVALID_PLUGPLAY_DEVICE_PATH}, + {"NT_STATUS_DRIVER_ORDINAL_NOT_FOUND", + NT_STATUS_DRIVER_ORDINAL_NOT_FOUND}, + {"NT_STATUS_DRIVER_ENTRYPOINT_NOT_FOUND", + NT_STATUS_DRIVER_ENTRYPOINT_NOT_FOUND}, + {"NT_STATUS_RESOURCE_NOT_OWNED", NT_STATUS_RESOURCE_NOT_OWNED}, + {"NT_STATUS_TOO_MANY_LINKS", NT_STATUS_TOO_MANY_LINKS}, + {"NT_STATUS_QUOTA_LIST_INCONSISTENT", + NT_STATUS_QUOTA_LIST_INCONSISTENT}, + {"NT_STATUS_FILE_IS_OFFLINE", NT_STATUS_FILE_IS_OFFLINE}, + {"NT_STATUS_NO_MORE_ENTRIES", NT_STATUS_NO_MORE_ENTRIES}, + {"NT_STATUS_MORE_ENTRIES", NT_STATUS_MORE_ENTRIES}, + {"NT_STATUS_SOME_UNMAPPED", NT_STATUS_SOME_UNMAPPED}, + {NULL, 0} +}; diff --git a/fs/cifsd/nterr.h b/fs/cifsd/nterr.h new file mode 100644 index 000000000000..9f5004b69d30 --- /dev/null +++ b/fs/cifsd/nterr.h @@ -0,0 +1,552 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Unix SMB/Netbios implementation. + * Version 1.9. + * NT error code constants + * Copyright (C) Andrew Tridgell 1992-2000 + * Copyright (C) John H Terpstra 1996-2000 + * Copyright (C) Luke Kenneth Casson Leighton 1996-2000 + * Copyright (C) Paul Ashton 1998-2000 + */ + + + +#ifndef _NTERR_H +#define _NTERR_H + +struct nt_err_code_struct { + char *nt_errstr; + __u32 nt_errcode; +}; + +extern const struct nt_err_code_struct nt_errs[]; + +/* Win32 Status codes. */ +#define NT_STATUS_MORE_ENTRIES 0x0105 +#define NT_ERROR_INVALID_PARAMETER 0x0057 +#define NT_ERROR_INSUFFICIENT_BUFFER 0x007a +#define NT_STATUS_1804 0x070c +#define NT_STATUS_NOTIFY_ENUM_DIR 0x010c +#define NT_STATUS_INVALID_LOCK_RANGE (0xC0000000 | 0x01a1) +/* + * Win32 Error codes extracted using a loop in smbclient then printing a netmon + * sniff to a file. + */ + +#define NT_STATUS_OK 0x0000 +#define NT_STATUS_SOME_UNMAPPED 0x0107 +#define NT_STATUS_BUFFER_OVERFLOW 0x80000005 +#define NT_STATUS_NO_MORE_ENTRIES 0x8000001a +#define NT_STATUS_MEDIA_CHANGED 0x8000001c +#define NT_STATUS_END_OF_MEDIA 0x8000001e +#define NT_STATUS_MEDIA_CHECK 0x80000020 +#define NT_STATUS_NO_DATA_DETECTED 0x8000001c +#define NT_STATUS_STOPPED_ON_SYMLINK 0x8000002d +#define NT_STATUS_DEVICE_REQUIRES_CLEANING 0x80000288 +#define NT_STATUS_DEVICE_DOOR_OPEN 0x80000288 +#define NT_STATUS_UNSUCCESSFUL (0xC0000000 | 0x0001) +#define NT_STATUS_NOT_IMPLEMENTED (0xC0000000 | 0x0002) +#define NT_STATUS_INVALID_INFO_CLASS (0xC0000000 | 0x0003) +#define NT_STATUS_INFO_LENGTH_MISMATCH (0xC0000000 | 0x0004) +#define NT_STATUS_ACCESS_VIOLATION (0xC0000000 | 0x0005) +#define NT_STATUS_IN_PAGE_ERROR (0xC0000000 | 0x0006) +#define NT_STATUS_PAGEFILE_QUOTA (0xC0000000 | 0x0007) +#define NT_STATUS_INVALID_HANDLE (0xC0000000 | 0x0008) +#define NT_STATUS_BAD_INITIAL_STACK (0xC0000000 | 0x0009) +#define NT_STATUS_BAD_INITIAL_PC (0xC0000000 | 0x000a) +#define NT_STATUS_INVALID_CID (0xC0000000 | 0x000b) +#define NT_STATUS_TIMER_NOT_CANCELED (0xC0000000 | 0x000c) +#define NT_STATUS_INVALID_PARAMETER (0xC0000000 | 0x000d) +#define NT_STATUS_NO_SUCH_DEVICE (0xC0000000 | 0x000e) +#define NT_STATUS_NO_SUCH_FILE (0xC0000000 | 0x000f) +#define NT_STATUS_INVALID_DEVICE_REQUEST (0xC0000000 | 0x0010) +#define NT_STATUS_END_OF_FILE (0xC0000000 | 0x0011) +#define NT_STATUS_WRONG_VOLUME (0xC0000000 | 0x0012) +#define NT_STATUS_NO_MEDIA_IN_DEVICE (0xC0000000 | 0x0013) +#define NT_STATUS_UNRECOGNIZED_MEDIA (0xC0000000 | 0x0014) +#define NT_STATUS_NONEXISTENT_SECTOR (0xC0000000 | 0x0015) +#define NT_STATUS_MORE_PROCESSING_REQUIRED (0xC0000000 | 0x0016) +#define NT_STATUS_NO_MEMORY (0xC0000000 | 0x0017) +#define NT_STATUS_CONFLICTING_ADDRESSES (0xC0000000 | 0x0018) +#define NT_STATUS_NOT_MAPPED_VIEW (0xC0000000 | 0x0019) +#define NT_STATUS_UNABLE_TO_FREE_VM (0x80000000 | 0x001a) +#define NT_STATUS_UNABLE_TO_DELETE_SECTION (0xC0000000 | 0x001b) +#define NT_STATUS_INVALID_SYSTEM_SERVICE (0xC0000000 | 0x001c) +#define NT_STATUS_ILLEGAL_INSTRUCTION (0xC0000000 | 0x001d) +#define NT_STATUS_INVALID_LOCK_SEQUENCE (0xC0000000 | 0x001e) +#define NT_STATUS_INVALID_VIEW_SIZE (0xC0000000 | 0x001f) +#define NT_STATUS_INVALID_FILE_FOR_SECTION (0xC0000000 | 0x0020) +#define NT_STATUS_ALREADY_COMMITTED (0xC0000000 | 0x0021) +#define NT_STATUS_ACCESS_DENIED (0xC0000000 | 0x0022) +#define NT_STATUS_BUFFER_TOO_SMALL (0xC0000000 | 0x0023) +#define NT_STATUS_OBJECT_TYPE_MISMATCH (0xC0000000 | 0x0024) +#define NT_STATUS_NONCONTINUABLE_EXCEPTION (0xC0000000 | 0x0025) +#define NT_STATUS_INVALID_DISPOSITION (0xC0000000 | 0x0026) +#define NT_STATUS_UNWIND (0xC0000000 | 0x0027) +#define NT_STATUS_BAD_STACK (0xC0000000 | 0x0028) +#define NT_STATUS_INVALID_UNWIND_TARGET (0xC0000000 | 0x0029) +#define NT_STATUS_NOT_LOCKED (0xC0000000 | 0x002a) +#define NT_STATUS_PARITY_ERROR (0xC0000000 | 0x002b) +#define NT_STATUS_UNABLE_TO_DECOMMIT_VM (0xC0000000 | 0x002c) +#define NT_STATUS_NOT_COMMITTED (0xC0000000 | 0x002d) +#define NT_STATUS_INVALID_PORT_ATTRIBUTES (0xC0000000 | 0x002e) +#define NT_STATUS_PORT_MESSAGE_TOO_LONG (0xC0000000 | 0x002f) +#define NT_STATUS_INVALID_PARAMETER_MIX (0xC0000000 | 0x0030) +#define NT_STATUS_INVALID_QUOTA_LOWER (0xC0000000 | 0x0031) +#define NT_STATUS_DISK_CORRUPT_ERROR (0xC0000000 | 0x0032) +#define NT_STATUS_OBJECT_NAME_INVALID (0xC0000000 | 0x0033) +#define NT_STATUS_OBJECT_NAME_NOT_FOUND (0xC0000000 | 0x0034) +#define NT_STATUS_OBJECT_NAME_COLLISION (0xC0000000 | 0x0035) +#define NT_STATUS_HANDLE_NOT_WAITABLE (0xC0000000 | 0x0036) +#define NT_STATUS_PORT_DISCONNECTED (0xC0000000 | 0x0037) +#define NT_STATUS_DEVICE_ALREADY_ATTACHED (0xC0000000 | 0x0038) +#define NT_STATUS_OBJECT_PATH_INVALID (0xC0000000 | 0x0039) +#define NT_STATUS_OBJECT_PATH_NOT_FOUND (0xC0000000 | 0x003a) +#define NT_STATUS_OBJECT_PATH_SYNTAX_BAD (0xC0000000 | 0x003b) +#define NT_STATUS_DATA_OVERRUN (0xC0000000 | 0x003c) +#define NT_STATUS_DATA_LATE_ERROR (0xC0000000 | 0x003d) +#define NT_STATUS_DATA_ERROR (0xC0000000 | 0x003e) +#define NT_STATUS_CRC_ERROR (0xC0000000 | 0x003f) +#define NT_STATUS_SECTION_TOO_BIG (0xC0000000 | 0x0040) +#define NT_STATUS_PORT_CONNECTION_REFUSED (0xC0000000 | 0x0041) +#define NT_STATUS_INVALID_PORT_HANDLE (0xC0000000 | 0x0042) +#define NT_STATUS_SHARING_VIOLATION (0xC0000000 | 0x0043) +#define NT_STATUS_QUOTA_EXCEEDED (0xC0000000 | 0x0044) +#define NT_STATUS_INVALID_PAGE_PROTECTION (0xC0000000 | 0x0045) +#define NT_STATUS_MUTANT_NOT_OWNED (0xC0000000 | 0x0046) +#define NT_STATUS_SEMAPHORE_LIMIT_EXCEEDED (0xC0000000 | 0x0047) +#define NT_STATUS_PORT_ALREADY_SET (0xC0000000 | 0x0048) +#define NT_STATUS_SECTION_NOT_IMAGE (0xC0000000 | 0x0049) +#define NT_STATUS_SUSPEND_COUNT_EXCEEDED (0xC0000000 | 0x004a) +#define NT_STATUS_THREAD_IS_TERMINATING (0xC0000000 | 0x004b) +#define NT_STATUS_BAD_WORKING_SET_LIMIT (0xC0000000 | 0x004c) +#define NT_STATUS_INCOMPATIBLE_FILE_MAP (0xC0000000 | 0x004d) +#define NT_STATUS_SECTION_PROTECTION (0xC0000000 | 0x004e) +#define NT_STATUS_EAS_NOT_SUPPORTED (0xC0000000 | 0x004f) +#define NT_STATUS_EA_TOO_LARGE (0xC0000000 | 0x0050) +#define NT_STATUS_NONEXISTENT_EA_ENTRY (0xC0000000 | 0x0051) +#define NT_STATUS_NO_EAS_ON_FILE (0xC0000000 | 0x0052) +#define NT_STATUS_EA_CORRUPT_ERROR (0xC0000000 | 0x0053) +#define NT_STATUS_FILE_LOCK_CONFLICT (0xC0000000 | 0x0054) +#define NT_STATUS_LOCK_NOT_GRANTED (0xC0000000 | 0x0055) +#define NT_STATUS_DELETE_PENDING (0xC0000000 | 0x0056) +#define NT_STATUS_CTL_FILE_NOT_SUPPORTED (0xC0000000 | 0x0057) +#define NT_STATUS_UNKNOWN_REVISION (0xC0000000 | 0x0058) +#define NT_STATUS_REVISION_MISMATCH (0xC0000000 | 0x0059) +#define NT_STATUS_INVALID_OWNER (0xC0000000 | 0x005a) +#define NT_STATUS_INVALID_PRIMARY_GROUP (0xC0000000 | 0x005b) +#define NT_STATUS_NO_IMPERSONATION_TOKEN (0xC0000000 | 0x005c) +#define NT_STATUS_CANT_DISABLE_MANDATORY (0xC0000000 | 0x005d) +#define NT_STATUS_NO_LOGON_SERVERS (0xC0000000 | 0x005e) +#define NT_STATUS_NO_SUCH_LOGON_SESSION (0xC0000000 | 0x005f) +#define NT_STATUS_NO_SUCH_PRIVILEGE (0xC0000000 | 0x0060) +#define NT_STATUS_PRIVILEGE_NOT_HELD (0xC0000000 | 0x0061) +#define NT_STATUS_INVALID_ACCOUNT_NAME (0xC0000000 | 0x0062) +#define NT_STATUS_USER_EXISTS (0xC0000000 | 0x0063) +#define NT_STATUS_NO_SUCH_USER (0xC0000000 | 0x0064) +#define NT_STATUS_GROUP_EXISTS (0xC0000000 | 0x0065) +#define NT_STATUS_NO_SUCH_GROUP (0xC0000000 | 0x0066) +#define NT_STATUS_MEMBER_IN_GROUP (0xC0000000 | 0x0067) +#define NT_STATUS_MEMBER_NOT_IN_GROUP (0xC0000000 | 0x0068) +#define NT_STATUS_LAST_ADMIN (0xC0000000 | 0x0069) +#define NT_STATUS_WRONG_PASSWORD (0xC0000000 | 0x006a) +#define NT_STATUS_ILL_FORMED_PASSWORD (0xC0000000 | 0x006b) +#define NT_STATUS_PASSWORD_RESTRICTION (0xC0000000 | 0x006c) +#define NT_STATUS_LOGON_FAILURE (0xC0000000 | 0x006d) +#define NT_STATUS_ACCOUNT_RESTRICTION (0xC0000000 | 0x006e) +#define NT_STATUS_INVALID_LOGON_HOURS (0xC0000000 | 0x006f) +#define NT_STATUS_INVALID_WORKSTATION (0xC0000000 | 0x0070) +#define NT_STATUS_PASSWORD_EXPIRED (0xC0000000 | 0x0071) +#define NT_STATUS_ACCOUNT_DISABLED (0xC0000000 | 0x0072) +#define NT_STATUS_NONE_MAPPED (0xC0000000 | 0x0073) +#define NT_STATUS_TOO_MANY_LUIDS_REQUESTED (0xC0000000 | 0x0074) +#define NT_STATUS_LUIDS_EXHAUSTED (0xC0000000 | 0x0075) +#define NT_STATUS_INVALID_SUB_AUTHORITY (0xC0000000 | 0x0076) +#define NT_STATUS_INVALID_ACL (0xC0000000 | 0x0077) +#define NT_STATUS_INVALID_SID (0xC0000000 | 0x0078) +#define NT_STATUS_INVALID_SECURITY_DESCR (0xC0000000 | 0x0079) +#define NT_STATUS_PROCEDURE_NOT_FOUND (0xC0000000 | 0x007a) +#define NT_STATUS_INVALID_IMAGE_FORMAT (0xC0000000 | 0x007b) +#define NT_STATUS_NO_TOKEN (0xC0000000 | 0x007c) +#define NT_STATUS_BAD_INHERITANCE_ACL (0xC0000000 | 0x007d) +#define NT_STATUS_RANGE_NOT_LOCKED (0xC0000000 | 0x007e) +#define NT_STATUS_DISK_FULL (0xC0000000 | 0x007f) +#define NT_STATUS_SERVER_DISABLED (0xC0000000 | 0x0080) +#define NT_STATUS_SERVER_NOT_DISABLED (0xC0000000 | 0x0081) +#define NT_STATUS_TOO_MANY_GUIDS_REQUESTED (0xC0000000 | 0x0082) +#define NT_STATUS_GUIDS_EXHAUSTED (0xC0000000 | 0x0083) +#define NT_STATUS_INVALID_ID_AUTHORITY (0xC0000000 | 0x0084) +#define NT_STATUS_AGENTS_EXHAUSTED (0xC0000000 | 0x0085) +#define NT_STATUS_INVALID_VOLUME_LABEL (0xC0000000 | 0x0086) +#define NT_STATUS_SECTION_NOT_EXTENDED (0xC0000000 | 0x0087) +#define NT_STATUS_NOT_MAPPED_DATA (0xC0000000 | 0x0088) +#define NT_STATUS_RESOURCE_DATA_NOT_FOUND (0xC0000000 | 0x0089) +#define NT_STATUS_RESOURCE_TYPE_NOT_FOUND (0xC0000000 | 0x008a) +#define NT_STATUS_RESOURCE_NAME_NOT_FOUND (0xC0000000 | 0x008b) +#define NT_STATUS_ARRAY_BOUNDS_EXCEEDED (0xC0000000 | 0x008c) +#define NT_STATUS_FLOAT_DENORMAL_OPERAND (0xC0000000 | 0x008d) +#define NT_STATUS_FLOAT_DIVIDE_BY_ZERO (0xC0000000 | 0x008e) +#define NT_STATUS_FLOAT_INEXACT_RESULT (0xC0000000 | 0x008f) +#define NT_STATUS_FLOAT_INVALID_OPERATION (0xC0000000 | 0x0090) +#define NT_STATUS_FLOAT_OVERFLOW (0xC0000000 | 0x0091) +#define NT_STATUS_FLOAT_STACK_CHECK (0xC0000000 | 0x0092) +#define NT_STATUS_FLOAT_UNDERFLOW (0xC0000000 | 0x0093) +#define NT_STATUS_INTEGER_DIVIDE_BY_ZERO (0xC0000000 | 0x0094) +#define NT_STATUS_INTEGER_OVERFLOW (0xC0000000 | 0x0095) +#define NT_STATUS_PRIVILEGED_INSTRUCTION (0xC0000000 | 0x0096) +#define NT_STATUS_TOO_MANY_PAGING_FILES (0xC0000000 | 0x0097) +#define NT_STATUS_FILE_INVALID (0xC0000000 | 0x0098) +#define NT_STATUS_ALLOTTED_SPACE_EXCEEDED (0xC0000000 | 0x0099) +#define NT_STATUS_INSUFFICIENT_RESOURCES (0xC0000000 | 0x009a) +#define NT_STATUS_DFS_EXIT_PATH_FOUND (0xC0000000 | 0x009b) +#define NT_STATUS_DEVICE_DATA_ERROR (0xC0000000 | 0x009c) +#define NT_STATUS_DEVICE_NOT_CONNECTED (0xC0000000 | 0x009d) +#define NT_STATUS_DEVICE_POWER_FAILURE (0xC0000000 | 0x009e) +#define NT_STATUS_FREE_VM_NOT_AT_BASE (0xC0000000 | 0x009f) +#define NT_STATUS_MEMORY_NOT_ALLOCATED (0xC0000000 | 0x00a0) +#define NT_STATUS_WORKING_SET_QUOTA (0xC0000000 | 0x00a1) +#define NT_STATUS_MEDIA_WRITE_PROTECTED (0xC0000000 | 0x00a2) +#define NT_STATUS_DEVICE_NOT_READY (0xC0000000 | 0x00a3) +#define NT_STATUS_INVALID_GROUP_ATTRIBUTES (0xC0000000 | 0x00a4) +#define NT_STATUS_BAD_IMPERSONATION_LEVEL (0xC0000000 | 0x00a5) +#define NT_STATUS_CANT_OPEN_ANONYMOUS (0xC0000000 | 0x00a6) +#define NT_STATUS_BAD_VALIDATION_CLASS (0xC0000000 | 0x00a7) +#define NT_STATUS_BAD_TOKEN_TYPE (0xC0000000 | 0x00a8) +#define NT_STATUS_BAD_MASTER_BOOT_RECORD (0xC0000000 | 0x00a9) +#define NT_STATUS_INSTRUCTION_MISALIGNMENT (0xC0000000 | 0x00aa) +#define NT_STATUS_INSTANCE_NOT_AVAILABLE (0xC0000000 | 0x00ab) +#define NT_STATUS_PIPE_NOT_AVAILABLE (0xC0000000 | 0x00ac) +#define NT_STATUS_INVALID_PIPE_STATE (0xC0000000 | 0x00ad) +#define NT_STATUS_PIPE_BUSY (0xC0000000 | 0x00ae) +#define NT_STATUS_ILLEGAL_FUNCTION (0xC0000000 | 0x00af) +#define NT_STATUS_PIPE_DISCONNECTED (0xC0000000 | 0x00b0) +#define NT_STATUS_PIPE_CLOSING (0xC0000000 | 0x00b1) +#define NT_STATUS_PIPE_CONNECTED (0xC0000000 | 0x00b2) +#define NT_STATUS_PIPE_LISTENING (0xC0000000 | 0x00b3) +#define NT_STATUS_INVALID_READ_MODE (0xC0000000 | 0x00b4) +#define NT_STATUS_IO_TIMEOUT (0xC0000000 | 0x00b5) +#define NT_STATUS_FILE_FORCED_CLOSED (0xC0000000 | 0x00b6) +#define NT_STATUS_PROFILING_NOT_STARTED (0xC0000000 | 0x00b7) +#define NT_STATUS_PROFILING_NOT_STOPPED (0xC0000000 | 0x00b8) +#define NT_STATUS_COULD_NOT_INTERPRET (0xC0000000 | 0x00b9) +#define NT_STATUS_FILE_IS_A_DIRECTORY (0xC0000000 | 0x00ba) +#define NT_STATUS_NOT_SUPPORTED (0xC0000000 | 0x00bb) +#define NT_STATUS_REMOTE_NOT_LISTENING (0xC0000000 | 0x00bc) +#define NT_STATUS_DUPLICATE_NAME (0xC0000000 | 0x00bd) +#define NT_STATUS_BAD_NETWORK_PATH (0xC0000000 | 0x00be) +#define NT_STATUS_NETWORK_BUSY (0xC0000000 | 0x00bf) +#define NT_STATUS_DEVICE_DOES_NOT_EXIST (0xC0000000 | 0x00c0) +#define NT_STATUS_TOO_MANY_COMMANDS (0xC0000000 | 0x00c1) +#define NT_STATUS_ADAPTER_HARDWARE_ERROR (0xC0000000 | 0x00c2) +#define NT_STATUS_INVALID_NETWORK_RESPONSE (0xC0000000 | 0x00c3) +#define NT_STATUS_UNEXPECTED_NETWORK_ERROR (0xC0000000 | 0x00c4) +#define NT_STATUS_BAD_REMOTE_ADAPTER (0xC0000000 | 0x00c5) +#define NT_STATUS_PRINT_QUEUE_FULL (0xC0000000 | 0x00c6) +#define NT_STATUS_NO_SPOOL_SPACE (0xC0000000 | 0x00c7) +#define NT_STATUS_PRINT_CANCELLED (0xC0000000 | 0x00c8) +#define NT_STATUS_NETWORK_NAME_DELETED (0xC0000000 | 0x00c9) +#define NT_STATUS_NETWORK_ACCESS_DENIED (0xC0000000 | 0x00ca) +#define NT_STATUS_BAD_DEVICE_TYPE (0xC0000000 | 0x00cb) +#define NT_STATUS_BAD_NETWORK_NAME (0xC0000000 | 0x00cc) +#define NT_STATUS_TOO_MANY_NAMES (0xC0000000 | 0x00cd) +#define NT_STATUS_TOO_MANY_SESSIONS (0xC0000000 | 0x00ce) +#define NT_STATUS_SHARING_PAUSED (0xC0000000 | 0x00cf) +#define NT_STATUS_REQUEST_NOT_ACCEPTED (0xC0000000 | 0x00d0) +#define NT_STATUS_REDIRECTOR_PAUSED (0xC0000000 | 0x00d1) +#define NT_STATUS_NET_WRITE_FAULT (0xC0000000 | 0x00d2) +#define NT_STATUS_PROFILING_AT_LIMIT (0xC0000000 | 0x00d3) +#define NT_STATUS_NOT_SAME_DEVICE (0xC0000000 | 0x00d4) +#define NT_STATUS_FILE_RENAMED (0xC0000000 | 0x00d5) +#define NT_STATUS_VIRTUAL_CIRCUIT_CLOSED (0xC0000000 | 0x00d6) +#define NT_STATUS_NO_SECURITY_ON_OBJECT (0xC0000000 | 0x00d7) +#define NT_STATUS_CANT_WAIT (0xC0000000 | 0x00d8) +#define NT_STATUS_PIPE_EMPTY (0xC0000000 | 0x00d9) +#define NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xC0000000 | 0x00da) +#define NT_STATUS_CANT_TERMINATE_SELF (0xC0000000 | 0x00db) +#define NT_STATUS_INVALID_SERVER_STATE (0xC0000000 | 0x00dc) +#define NT_STATUS_INVALID_DOMAIN_STATE (0xC0000000 | 0x00dd) +#define NT_STATUS_INVALID_DOMAIN_ROLE (0xC0000000 | 0x00de) +#define NT_STATUS_NO_SUCH_DOMAIN (0xC0000000 | 0x00df) +#define NT_STATUS_DOMAIN_EXISTS (0xC0000000 | 0x00e0) +#define NT_STATUS_DOMAIN_LIMIT_EXCEEDED (0xC0000000 | 0x00e1) +#define NT_STATUS_OPLOCK_NOT_GRANTED (0xC0000000 | 0x00e2) +#define NT_STATUS_INVALID_OPLOCK_PROTOCOL (0xC0000000 | 0x00e3) +#define NT_STATUS_INTERNAL_DB_CORRUPTION (0xC0000000 | 0x00e4) +#define NT_STATUS_INTERNAL_ERROR (0xC0000000 | 0x00e5) +#define NT_STATUS_GENERIC_NOT_MAPPED (0xC0000000 | 0x00e6) +#define NT_STATUS_BAD_DESCRIPTOR_FORMAT (0xC0000000 | 0x00e7) +#define NT_STATUS_INVALID_USER_BUFFER (0xC0000000 | 0x00e8) +#define NT_STATUS_UNEXPECTED_IO_ERROR (0xC0000000 | 0x00e9) +#define NT_STATUS_UNEXPECTED_MM_CREATE_ERR (0xC0000000 | 0x00ea) +#define NT_STATUS_UNEXPECTED_MM_MAP_ERROR (0xC0000000 | 0x00eb) +#define NT_STATUS_UNEXPECTED_MM_EXTEND_ERR (0xC0000000 | 0x00ec) +#define NT_STATUS_NOT_LOGON_PROCESS (0xC0000000 | 0x00ed) +#define NT_STATUS_LOGON_SESSION_EXISTS (0xC0000000 | 0x00ee) +#define NT_STATUS_INVALID_PARAMETER_1 (0xC0000000 | 0x00ef) +#define NT_STATUS_INVALID_PARAMETER_2 (0xC0000000 | 0x00f0) +#define NT_STATUS_INVALID_PARAMETER_3 (0xC0000000 | 0x00f1) +#define NT_STATUS_INVALID_PARAMETER_4 (0xC0000000 | 0x00f2) +#define NT_STATUS_INVALID_PARAMETER_5 (0xC0000000 | 0x00f3) +#define NT_STATUS_INVALID_PARAMETER_6 (0xC0000000 | 0x00f4) +#define NT_STATUS_INVALID_PARAMETER_7 (0xC0000000 | 0x00f5) +#define NT_STATUS_INVALID_PARAMETER_8 (0xC0000000 | 0x00f6) +#define NT_STATUS_INVALID_PARAMETER_9 (0xC0000000 | 0x00f7) +#define NT_STATUS_INVALID_PARAMETER_10 (0xC0000000 | 0x00f8) +#define NT_STATUS_INVALID_PARAMETER_11 (0xC0000000 | 0x00f9) +#define NT_STATUS_INVALID_PARAMETER_12 (0xC0000000 | 0x00fa) +#define NT_STATUS_REDIRECTOR_NOT_STARTED (0xC0000000 | 0x00fb) +#define NT_STATUS_REDIRECTOR_STARTED (0xC0000000 | 0x00fc) +#define NT_STATUS_STACK_OVERFLOW (0xC0000000 | 0x00fd) +#define NT_STATUS_NO_SUCH_PACKAGE (0xC0000000 | 0x00fe) +#define NT_STATUS_BAD_FUNCTION_TABLE (0xC0000000 | 0x00ff) +#define NT_STATUS_DIRECTORY_NOT_EMPTY (0xC0000000 | 0x0101) +#define NT_STATUS_FILE_CORRUPT_ERROR (0xC0000000 | 0x0102) +#define NT_STATUS_NOT_A_DIRECTORY (0xC0000000 | 0x0103) +#define NT_STATUS_BAD_LOGON_SESSION_STATE (0xC0000000 | 0x0104) +#define NT_STATUS_LOGON_SESSION_COLLISION (0xC0000000 | 0x0105) +#define NT_STATUS_NAME_TOO_LONG (0xC0000000 | 0x0106) +#define NT_STATUS_FILES_OPEN (0xC0000000 | 0x0107) +#define NT_STATUS_CONNECTION_IN_USE (0xC0000000 | 0x0108) +#define NT_STATUS_MESSAGE_NOT_FOUND (0xC0000000 | 0x0109) +#define NT_STATUS_PROCESS_IS_TERMINATING (0xC0000000 | 0x010a) +#define NT_STATUS_INVALID_LOGON_TYPE (0xC0000000 | 0x010b) +#define NT_STATUS_NO_GUID_TRANSLATION (0xC0000000 | 0x010c) +#define NT_STATUS_CANNOT_IMPERSONATE (0xC0000000 | 0x010d) +#define NT_STATUS_IMAGE_ALREADY_LOADED (0xC0000000 | 0x010e) +#define NT_STATUS_ABIOS_NOT_PRESENT (0xC0000000 | 0x010f) +#define NT_STATUS_ABIOS_LID_NOT_EXIST (0xC0000000 | 0x0110) +#define NT_STATUS_ABIOS_LID_ALREADY_OWNED (0xC0000000 | 0x0111) +#define NT_STATUS_ABIOS_NOT_LID_OWNER (0xC0000000 | 0x0112) +#define NT_STATUS_ABIOS_INVALID_COMMAND (0xC0000000 | 0x0113) +#define NT_STATUS_ABIOS_INVALID_LID (0xC0000000 | 0x0114) +#define NT_STATUS_ABIOS_SELECTOR_NOT_AVAILABLE (0xC0000000 | 0x0115) +#define NT_STATUS_ABIOS_INVALID_SELECTOR (0xC0000000 | 0x0116) +#define NT_STATUS_NO_LDT (0xC0000000 | 0x0117) +#define NT_STATUS_INVALID_LDT_SIZE (0xC0000000 | 0x0118) +#define NT_STATUS_INVALID_LDT_OFFSET (0xC0000000 | 0x0119) +#define NT_STATUS_INVALID_LDT_DESCRIPTOR (0xC0000000 | 0x011a) +#define NT_STATUS_INVALID_IMAGE_NE_FORMAT (0xC0000000 | 0x011b) +#define NT_STATUS_RXACT_INVALID_STATE (0xC0000000 | 0x011c) +#define NT_STATUS_RXACT_COMMIT_FAILURE (0xC0000000 | 0x011d) +#define NT_STATUS_MAPPED_FILE_SIZE_ZERO (0xC0000000 | 0x011e) +#define NT_STATUS_TOO_MANY_OPENED_FILES (0xC0000000 | 0x011f) +#define NT_STATUS_CANCELLED (0xC0000000 | 0x0120) +#define NT_STATUS_CANNOT_DELETE (0xC0000000 | 0x0121) +#define NT_STATUS_INVALID_COMPUTER_NAME (0xC0000000 | 0x0122) +#define NT_STATUS_FILE_DELETED (0xC0000000 | 0x0123) +#define NT_STATUS_SPECIAL_ACCOUNT (0xC0000000 | 0x0124) +#define NT_STATUS_SPECIAL_GROUP (0xC0000000 | 0x0125) +#define NT_STATUS_SPECIAL_USER (0xC0000000 | 0x0126) +#define NT_STATUS_MEMBERS_PRIMARY_GROUP (0xC0000000 | 0x0127) +#define NT_STATUS_FILE_CLOSED (0xC0000000 | 0x0128) +#define NT_STATUS_TOO_MANY_THREADS (0xC0000000 | 0x0129) +#define NT_STATUS_THREAD_NOT_IN_PROCESS (0xC0000000 | 0x012a) +#define NT_STATUS_TOKEN_ALREADY_IN_USE (0xC0000000 | 0x012b) +#define NT_STATUS_PAGEFILE_QUOTA_EXCEEDED (0xC0000000 | 0x012c) +#define NT_STATUS_COMMITMENT_LIMIT (0xC0000000 | 0x012d) +#define NT_STATUS_INVALID_IMAGE_LE_FORMAT (0xC0000000 | 0x012e) +#define NT_STATUS_INVALID_IMAGE_NOT_MZ (0xC0000000 | 0x012f) +#define NT_STATUS_INVALID_IMAGE_PROTECT (0xC0000000 | 0x0130) +#define NT_STATUS_INVALID_IMAGE_WIN_16 (0xC0000000 | 0x0131) +#define NT_STATUS_LOGON_SERVER_CONFLICT (0xC0000000 | 0x0132) +#define NT_STATUS_TIME_DIFFERENCE_AT_DC (0xC0000000 | 0x0133) +#define NT_STATUS_SYNCHRONIZATION_REQUIRED (0xC0000000 | 0x0134) +#define NT_STATUS_DLL_NOT_FOUND (0xC0000000 | 0x0135) +#define NT_STATUS_OPEN_FAILED (0xC0000000 | 0x0136) +#define NT_STATUS_IO_PRIVILEGE_FAILED (0xC0000000 | 0x0137) +#define NT_STATUS_ORDINAL_NOT_FOUND (0xC0000000 | 0x0138) +#define NT_STATUS_ENTRYPOINT_NOT_FOUND (0xC0000000 | 0x0139) +#define NT_STATUS_CONTROL_C_EXIT (0xC0000000 | 0x013a) +#define NT_STATUS_LOCAL_DISCONNECT (0xC0000000 | 0x013b) +#define NT_STATUS_REMOTE_DISCONNECT (0xC0000000 | 0x013c) +#define NT_STATUS_REMOTE_RESOURCES (0xC0000000 | 0x013d) +#define NT_STATUS_LINK_FAILED (0xC0000000 | 0x013e) +#define NT_STATUS_LINK_TIMEOUT (0xC0000000 | 0x013f) +#define NT_STATUS_INVALID_CONNECTION (0xC0000000 | 0x0140) +#define NT_STATUS_INVALID_ADDRESS (0xC0000000 | 0x0141) +#define NT_STATUS_DLL_INIT_FAILED (0xC0000000 | 0x0142) +#define NT_STATUS_MISSING_SYSTEMFILE (0xC0000000 | 0x0143) +#define NT_STATUS_UNHANDLED_EXCEPTION (0xC0000000 | 0x0144) +#define NT_STATUS_APP_INIT_FAILURE (0xC0000000 | 0x0145) +#define NT_STATUS_PAGEFILE_CREATE_FAILED (0xC0000000 | 0x0146) +#define NT_STATUS_NO_PAGEFILE (0xC0000000 | 0x0147) +#define NT_STATUS_INVALID_LEVEL (0xC0000000 | 0x0148) +#define NT_STATUS_WRONG_PASSWORD_CORE (0xC0000000 | 0x0149) +#define NT_STATUS_ILLEGAL_FLOAT_CONTEXT (0xC0000000 | 0x014a) +#define NT_STATUS_PIPE_BROKEN (0xC0000000 | 0x014b) +#define NT_STATUS_REGISTRY_CORRUPT (0xC0000000 | 0x014c) +#define NT_STATUS_REGISTRY_IO_FAILED (0xC0000000 | 0x014d) +#define NT_STATUS_NO_EVENT_PAIR (0xC0000000 | 0x014e) +#define NT_STATUS_UNRECOGNIZED_VOLUME (0xC0000000 | 0x014f) +#define NT_STATUS_SERIAL_NO_DEVICE_INITED (0xC0000000 | 0x0150) +#define NT_STATUS_NO_SUCH_ALIAS (0xC0000000 | 0x0151) +#define NT_STATUS_MEMBER_NOT_IN_ALIAS (0xC0000000 | 0x0152) +#define NT_STATUS_MEMBER_IN_ALIAS (0xC0000000 | 0x0153) +#define NT_STATUS_ALIAS_EXISTS (0xC0000000 | 0x0154) +#define NT_STATUS_LOGON_NOT_GRANTED (0xC0000000 | 0x0155) +#define NT_STATUS_TOO_MANY_SECRETS (0xC0000000 | 0x0156) +#define NT_STATUS_SECRET_TOO_LONG (0xC0000000 | 0x0157) +#define NT_STATUS_INTERNAL_DB_ERROR (0xC0000000 | 0x0158) +#define NT_STATUS_FULLSCREEN_MODE (0xC0000000 | 0x0159) +#define NT_STATUS_TOO_MANY_CONTEXT_IDS (0xC0000000 | 0x015a) +#define NT_STATUS_LOGON_TYPE_NOT_GRANTED (0xC0000000 | 0x015b) +#define NT_STATUS_NOT_REGISTRY_FILE (0xC0000000 | 0x015c) +#define NT_STATUS_NT_CROSS_ENCRYPTION_REQUIRED (0xC0000000 | 0x015d) +#define NT_STATUS_DOMAIN_CTRLR_CONFIG_ERROR (0xC0000000 | 0x015e) +#define NT_STATUS_FT_MISSING_MEMBER (0xC0000000 | 0x015f) +#define NT_STATUS_ILL_FORMED_SERVICE_ENTRY (0xC0000000 | 0x0160) +#define NT_STATUS_ILLEGAL_CHARACTER (0xC0000000 | 0x0161) +#define NT_STATUS_UNMAPPABLE_CHARACTER (0xC0000000 | 0x0162) +#define NT_STATUS_UNDEFINED_CHARACTER (0xC0000000 | 0x0163) +#define NT_STATUS_FLOPPY_VOLUME (0xC0000000 | 0x0164) +#define NT_STATUS_FLOPPY_ID_MARK_NOT_FOUND (0xC0000000 | 0x0165) +#define NT_STATUS_FLOPPY_WRONG_CYLINDER (0xC0000000 | 0x0166) +#define NT_STATUS_FLOPPY_UNKNOWN_ERROR (0xC0000000 | 0x0167) +#define NT_STATUS_FLOPPY_BAD_REGISTERS (0xC0000000 | 0x0168) +#define NT_STATUS_DISK_RECALIBRATE_FAILED (0xC0000000 | 0x0169) +#define NT_STATUS_DISK_OPERATION_FAILED (0xC0000000 | 0x016a) +#define NT_STATUS_DISK_RESET_FAILED (0xC0000000 | 0x016b) +#define NT_STATUS_SHARED_IRQ_BUSY (0xC0000000 | 0x016c) +#define NT_STATUS_FT_ORPHANING (0xC0000000 | 0x016d) +#define NT_STATUS_PARTITION_FAILURE (0xC0000000 | 0x0172) +#define NT_STATUS_INVALID_BLOCK_LENGTH (0xC0000000 | 0x0173) +#define NT_STATUS_DEVICE_NOT_PARTITIONED (0xC0000000 | 0x0174) +#define NT_STATUS_UNABLE_TO_LOCK_MEDIA (0xC0000000 | 0x0175) +#define NT_STATUS_UNABLE_TO_UNLOAD_MEDIA (0xC0000000 | 0x0176) +#define NT_STATUS_EOM_OVERFLOW (0xC0000000 | 0x0177) +#define NT_STATUS_NO_MEDIA (0xC0000000 | 0x0178) +#define NT_STATUS_NO_SUCH_MEMBER (0xC0000000 | 0x017a) +#define NT_STATUS_INVALID_MEMBER (0xC0000000 | 0x017b) +#define NT_STATUS_KEY_DELETED (0xC0000000 | 0x017c) +#define NT_STATUS_NO_LOG_SPACE (0xC0000000 | 0x017d) +#define NT_STATUS_TOO_MANY_SIDS (0xC0000000 | 0x017e) +#define NT_STATUS_LM_CROSS_ENCRYPTION_REQUIRED (0xC0000000 | 0x017f) +#define NT_STATUS_KEY_HAS_CHILDREN (0xC0000000 | 0x0180) +#define NT_STATUS_CHILD_MUST_BE_VOLATILE (0xC0000000 | 0x0181) +#define NT_STATUS_DEVICE_CONFIGURATION_ERROR (0xC0000000 | 0x0182) +#define NT_STATUS_DRIVER_INTERNAL_ERROR (0xC0000000 | 0x0183) +#define NT_STATUS_INVALID_DEVICE_STATE (0xC0000000 | 0x0184) +#define NT_STATUS_IO_DEVICE_ERROR (0xC0000000 | 0x0185) +#define NT_STATUS_DEVICE_PROTOCOL_ERROR (0xC0000000 | 0x0186) +#define NT_STATUS_BACKUP_CONTROLLER (0xC0000000 | 0x0187) +#define NT_STATUS_LOG_FILE_FULL (0xC0000000 | 0x0188) +#define NT_STATUS_TOO_LATE (0xC0000000 | 0x0189) +#define NT_STATUS_NO_TRUST_LSA_SECRET (0xC0000000 | 0x018a) +#define NT_STATUS_NO_TRUST_SAM_ACCOUNT (0xC0000000 | 0x018b) +#define NT_STATUS_TRUSTED_DOMAIN_FAILURE (0xC0000000 | 0x018c) +#define NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE (0xC0000000 | 0x018d) +#define NT_STATUS_EVENTLOG_FILE_CORRUPT (0xC0000000 | 0x018e) +#define NT_STATUS_EVENTLOG_CANT_START (0xC0000000 | 0x018f) +#define NT_STATUS_TRUST_FAILURE (0xC0000000 | 0x0190) +#define NT_STATUS_MUTANT_LIMIT_EXCEEDED (0xC0000000 | 0x0191) +#define NT_STATUS_NETLOGON_NOT_STARTED (0xC0000000 | 0x0192) +#define NT_STATUS_ACCOUNT_EXPIRED (0xC0000000 | 0x0193) +#define NT_STATUS_POSSIBLE_DEADLOCK (0xC0000000 | 0x0194) +#define NT_STATUS_NETWORK_CREDENTIAL_CONFLICT (0xC0000000 | 0x0195) +#define NT_STATUS_REMOTE_SESSION_LIMIT (0xC0000000 | 0x0196) +#define NT_STATUS_EVENTLOG_FILE_CHANGED (0xC0000000 | 0x0197) +#define NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT (0xC0000000 | 0x0198) +#define NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT (0xC0000000 | 0x0199) +#define NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT (0xC0000000 | 0x019a) +#define NT_STATUS_DOMAIN_TRUST_INCONSISTENT (0xC0000000 | 0x019b) +#define NT_STATUS_FS_DRIVER_REQUIRED (0xC0000000 | 0x019c) +#define NT_STATUS_NO_USER_SESSION_KEY (0xC0000000 | 0x0202) +#define NT_STATUS_USER_SESSION_DELETED (0xC0000000 | 0x0203) +#define NT_STATUS_RESOURCE_LANG_NOT_FOUND (0xC0000000 | 0x0204) +#define NT_STATUS_INSUFF_SERVER_RESOURCES (0xC0000000 | 0x0205) +#define NT_STATUS_INVALID_BUFFER_SIZE (0xC0000000 | 0x0206) +#define NT_STATUS_INVALID_ADDRESS_COMPONENT (0xC0000000 | 0x0207) +#define NT_STATUS_INVALID_ADDRESS_WILDCARD (0xC0000000 | 0x0208) +#define NT_STATUS_TOO_MANY_ADDRESSES (0xC0000000 | 0x0209) +#define NT_STATUS_ADDRESS_ALREADY_EXISTS (0xC0000000 | 0x020a) +#define NT_STATUS_ADDRESS_CLOSED (0xC0000000 | 0x020b) +#define NT_STATUS_CONNECTION_DISCONNECTED (0xC0000000 | 0x020c) +#define NT_STATUS_CONNECTION_RESET (0xC0000000 | 0x020d) +#define NT_STATUS_TOO_MANY_NODES (0xC0000000 | 0x020e) +#define NT_STATUS_TRANSACTION_ABORTED (0xC0000000 | 0x020f) +#define NT_STATUS_TRANSACTION_TIMED_OUT (0xC0000000 | 0x0210) +#define NT_STATUS_TRANSACTION_NO_RELEASE (0xC0000000 | 0x0211) +#define NT_STATUS_TRANSACTION_NO_MATCH (0xC0000000 | 0x0212) +#define NT_STATUS_TRANSACTION_RESPONDED (0xC0000000 | 0x0213) +#define NT_STATUS_TRANSACTION_INVALID_ID (0xC0000000 | 0x0214) +#define NT_STATUS_TRANSACTION_INVALID_TYPE (0xC0000000 | 0x0215) +#define NT_STATUS_NOT_SERVER_SESSION (0xC0000000 | 0x0216) +#define NT_STATUS_NOT_CLIENT_SESSION (0xC0000000 | 0x0217) +#define NT_STATUS_CANNOT_LOAD_REGISTRY_FILE (0xC0000000 | 0x0218) +#define NT_STATUS_DEBUG_ATTACH_FAILED (0xC0000000 | 0x0219) +#define NT_STATUS_SYSTEM_PROCESS_TERMINATED (0xC0000000 | 0x021a) +#define NT_STATUS_DATA_NOT_ACCEPTED (0xC0000000 | 0x021b) +#define NT_STATUS_NO_BROWSER_SERVERS_FOUND (0xC0000000 | 0x021c) +#define NT_STATUS_VDM_HARD_ERROR (0xC0000000 | 0x021d) +#define NT_STATUS_DRIVER_CANCEL_TIMEOUT (0xC0000000 | 0x021e) +#define NT_STATUS_REPLY_MESSAGE_MISMATCH (0xC0000000 | 0x021f) +#define NT_STATUS_MAPPED_ALIGNMENT (0xC0000000 | 0x0220) +#define NT_STATUS_IMAGE_CHECKSUM_MISMATCH (0xC0000000 | 0x0221) +#define NT_STATUS_LOST_WRITEBEHIND_DATA (0xC0000000 | 0x0222) +#define NT_STATUS_CLIENT_SERVER_PARAMETERS_INVALID (0xC0000000 | 0x0223) +#define NT_STATUS_PASSWORD_MUST_CHANGE (0xC0000000 | 0x0224) +#define NT_STATUS_NOT_FOUND (0xC0000000 | 0x0225) +#define NT_STATUS_NOT_TINY_STREAM (0xC0000000 | 0x0226) +#define NT_STATUS_RECOVERY_FAILURE (0xC0000000 | 0x0227) +#define NT_STATUS_STACK_OVERFLOW_READ (0xC0000000 | 0x0228) +#define NT_STATUS_FAIL_CHECK (0xC0000000 | 0x0229) +#define NT_STATUS_DUPLICATE_OBJECTID (0xC0000000 | 0x022a) +#define NT_STATUS_OBJECTID_EXISTS (0xC0000000 | 0x022b) +#define NT_STATUS_CONVERT_TO_LARGE (0xC0000000 | 0x022c) +#define NT_STATUS_RETRY (0xC0000000 | 0x022d) +#define NT_STATUS_FOUND_OUT_OF_SCOPE (0xC0000000 | 0x022e) +#define NT_STATUS_ALLOCATE_BUCKET (0xC0000000 | 0x022f) +#define NT_STATUS_PROPSET_NOT_FOUND (0xC0000000 | 0x0230) +#define NT_STATUS_MARSHALL_OVERFLOW (0xC0000000 | 0x0231) +#define NT_STATUS_INVALID_VARIANT (0xC0000000 | 0x0232) +#define NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xC0000000 | 0x0233) +#define NT_STATUS_ACCOUNT_LOCKED_OUT (0xC0000000 | 0x0234) +#define NT_STATUS_HANDLE_NOT_CLOSABLE (0xC0000000 | 0x0235) +#define NT_STATUS_CONNECTION_REFUSED (0xC0000000 | 0x0236) +#define NT_STATUS_GRACEFUL_DISCONNECT (0xC0000000 | 0x0237) +#define NT_STATUS_ADDRESS_ALREADY_ASSOCIATED (0xC0000000 | 0x0238) +#define NT_STATUS_ADDRESS_NOT_ASSOCIATED (0xC0000000 | 0x0239) +#define NT_STATUS_CONNECTION_INVALID (0xC0000000 | 0x023a) +#define NT_STATUS_CONNECTION_ACTIVE (0xC0000000 | 0x023b) +#define NT_STATUS_NETWORK_UNREACHABLE (0xC0000000 | 0x023c) +#define NT_STATUS_HOST_UNREACHABLE (0xC0000000 | 0x023d) +#define NT_STATUS_PROTOCOL_UNREACHABLE (0xC0000000 | 0x023e) +#define NT_STATUS_PORT_UNREACHABLE (0xC0000000 | 0x023f) +#define NT_STATUS_REQUEST_ABORTED (0xC0000000 | 0x0240) +#define NT_STATUS_CONNECTION_ABORTED (0xC0000000 | 0x0241) +#define NT_STATUS_BAD_COMPRESSION_BUFFER (0xC0000000 | 0x0242) +#define NT_STATUS_USER_MAPPED_FILE (0xC0000000 | 0x0243) +#define NT_STATUS_AUDIT_FAILED (0xC0000000 | 0x0244) +#define NT_STATUS_TIMER_RESOLUTION_NOT_SET (0xC0000000 | 0x0245) +#define NT_STATUS_CONNECTION_COUNT_LIMIT (0xC0000000 | 0x0246) +#define NT_STATUS_LOGIN_TIME_RESTRICTION (0xC0000000 | 0x0247) +#define NT_STATUS_LOGIN_WKSTA_RESTRICTION (0xC0000000 | 0x0248) +#define NT_STATUS_IMAGE_MP_UP_MISMATCH (0xC0000000 | 0x0249) +#define NT_STATUS_INSUFFICIENT_LOGON_INFO (0xC0000000 | 0x0250) +#define NT_STATUS_BAD_DLL_ENTRYPOINT (0xC0000000 | 0x0251) +#define NT_STATUS_BAD_SERVICE_ENTRYPOINT (0xC0000000 | 0x0252) +#define NT_STATUS_LPC_REPLY_LOST (0xC0000000 | 0x0253) +#define NT_STATUS_IP_ADDRESS_CONFLICT1 (0xC0000000 | 0x0254) +#define NT_STATUS_IP_ADDRESS_CONFLICT2 (0xC0000000 | 0x0255) +#define NT_STATUS_REGISTRY_QUOTA_LIMIT (0xC0000000 | 0x0256) +#define NT_STATUS_PATH_NOT_COVERED (0xC0000000 | 0x0257) +#define NT_STATUS_NO_CALLBACK_ACTIVE (0xC0000000 | 0x0258) +#define NT_STATUS_LICENSE_QUOTA_EXCEEDED (0xC0000000 | 0x0259) +#define NT_STATUS_PWD_TOO_SHORT (0xC0000000 | 0x025a) +#define NT_STATUS_PWD_TOO_RECENT (0xC0000000 | 0x025b) +#define NT_STATUS_PWD_HISTORY_CONFLICT (0xC0000000 | 0x025c) +#define NT_STATUS_PLUGPLAY_NO_DEVICE (0xC0000000 | 0x025e) +#define NT_STATUS_UNSUPPORTED_COMPRESSION (0xC0000000 | 0x025f) +#define NT_STATUS_INVALID_HW_PROFILE (0xC0000000 | 0x0260) +#define NT_STATUS_INVALID_PLUGPLAY_DEVICE_PATH (0xC0000000 | 0x0261) +#define NT_STATUS_DRIVER_ORDINAL_NOT_FOUND (0xC0000000 | 0x0262) +#define NT_STATUS_DRIVER_ENTRYPOINT_NOT_FOUND (0xC0000000 | 0x0263) +#define NT_STATUS_RESOURCE_NOT_OWNED (0xC0000000 | 0x0264) +#define NT_STATUS_TOO_MANY_LINKS (0xC0000000 | 0x0265) +#define NT_STATUS_QUOTA_LIST_INCONSISTENT (0xC0000000 | 0x0266) +#define NT_STATUS_FILE_IS_OFFLINE (0xC0000000 | 0x0267) +#define NT_STATUS_NETWORK_SESSION_EXPIRED (0xC0000000 | 0x035c) +#define NT_STATUS_NO_SUCH_JOB (0xC0000000 | 0xEDE) /* scheduler */ +#define NT_STATUS_NO_PREAUTH_INTEGRITY_HASH_OVERLAP (0xC0000000 | 0x5D0000) +#define NT_STATUS_PENDING 0x00000103 +#endif /* _NTERR_H */ diff --git a/fs/cifsd/ntlmssp.h b/fs/cifsd/ntlmssp.h new file mode 100644 index 000000000000..adaf4c0cbe8f --- /dev/null +++ b/fs/cifsd/ntlmssp.h @@ -0,0 +1,169 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ +/* + * Copyright (c) International Business Machines Corp., 2002,2007 + * Author(s): Steve French (sfrench@us.ibm.com) + */ + +#ifndef __KSMBD_NTLMSSP_H +#define __KSMBD_NTLMSSP_H + +#define NTLMSSP_SIGNATURE "NTLMSSP" + +/* Security blob target info data */ +#define TGT_Name "KSMBD" + +/* + * Size of the crypto key returned on the negotiate SMB in bytes + */ +#define CIFS_CRYPTO_KEY_SIZE (8) +#define CIFS_KEY_SIZE (40) + +/* + * Size of encrypted user password in bytes + */ +#define CIFS_ENCPWD_SIZE (16) +#define CIFS_CPHTXT_SIZE (16) + +/* Message Types */ +#define NtLmNegotiate cpu_to_le32(1) +#define NtLmChallenge cpu_to_le32(2) +#define NtLmAuthenticate cpu_to_le32(3) +#define UnknownMessage cpu_to_le32(8) + +/* Negotiate Flags */ +#define NTLMSSP_NEGOTIATE_UNICODE 0x01 /* Text strings are unicode */ +#define NTLMSSP_NEGOTIATE_OEM 0x02 /* Text strings are in OEM */ +#define NTLMSSP_REQUEST_TARGET 0x04 /* Srv returns its auth realm */ +/* define reserved9 0x08 */ +#define NTLMSSP_NEGOTIATE_SIGN 0x0010 /* Request signing capability */ +#define NTLMSSP_NEGOTIATE_SEAL 0x0020 /* Request confidentiality */ +#define NTLMSSP_NEGOTIATE_DGRAM 0x0040 +#define NTLMSSP_NEGOTIATE_LM_KEY 0x0080 /* Use LM session key */ +/* defined reserved 8 0x0100 */ +#define NTLMSSP_NEGOTIATE_NTLM 0x0200 /* NTLM authentication */ +#define NTLMSSP_NEGOTIATE_NT_ONLY 0x0400 /* Lanman not allowed */ +#define NTLMSSP_ANONYMOUS 0x0800 +#define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED 0x1000 /* reserved6 */ +#define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED 0x2000 +#define NTLMSSP_NEGOTIATE_LOCAL_CALL 0x4000 /* client/server same machine */ +#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x8000 /* Sign. All security levels */ +#define NTLMSSP_TARGET_TYPE_DOMAIN 0x10000 +#define NTLMSSP_TARGET_TYPE_SERVER 0x20000 +#define NTLMSSP_TARGET_TYPE_SHARE 0x40000 +#define NTLMSSP_NEGOTIATE_EXTENDED_SEC 0x80000 /* NB:not related to NTLMv2 pwd*/ +/* #define NTLMSSP_REQUEST_INIT_RESP 0x100000 */ +#define NTLMSSP_NEGOTIATE_IDENTIFY 0x100000 +#define NTLMSSP_REQUEST_ACCEPT_RESP 0x200000 /* reserved5 */ +#define NTLMSSP_REQUEST_NON_NT_KEY 0x400000 +#define NTLMSSP_NEGOTIATE_TARGET_INFO 0x800000 +/* #define reserved4 0x1000000 */ +#define NTLMSSP_NEGOTIATE_VERSION 0x2000000 /* we do not set */ +/* #define reserved3 0x4000000 */ +/* #define reserved2 0x8000000 */ +/* #define reserved1 0x10000000 */ +#define NTLMSSP_NEGOTIATE_128 0x20000000 +#define NTLMSSP_NEGOTIATE_KEY_XCH 0x40000000 +#define NTLMSSP_NEGOTIATE_56 0x80000000 + +/* Define AV Pair Field IDs */ +enum av_field_type { + NTLMSSP_AV_EOL = 0, + NTLMSSP_AV_NB_COMPUTER_NAME, + NTLMSSP_AV_NB_DOMAIN_NAME, + NTLMSSP_AV_DNS_COMPUTER_NAME, + NTLMSSP_AV_DNS_DOMAIN_NAME, + NTLMSSP_AV_DNS_TREE_NAME, + NTLMSSP_AV_FLAGS, + NTLMSSP_AV_TIMESTAMP, + NTLMSSP_AV_RESTRICTION, + NTLMSSP_AV_TARGET_NAME, + NTLMSSP_AV_CHANNEL_BINDINGS +}; + +/* Although typedefs are not commonly used for structure definitions */ +/* in the Linux kernel, in this particular case they are useful */ +/* to more closely match the standards document for NTLMSSP from */ +/* OpenGroup and to make the code more closely match the standard in */ +/* appearance */ + +struct security_buffer { + __le16 Length; + __le16 MaximumLength; + __le32 BufferOffset; /* offset to buffer */ +} __packed; + +struct target_info { + __le16 Type; + __le16 Length; + __u8 Content[0]; +} __packed; + +struct negotiate_message { + __u8 Signature[sizeof(NTLMSSP_SIGNATURE)]; + __le32 MessageType; /* NtLmNegotiate = 1 */ + __le32 NegotiateFlags; + struct security_buffer DomainName; /* RFC 1001 style and ASCII */ + struct security_buffer WorkstationName; /* RFC 1001 and ASCII */ + /* + * struct security_buffer for version info not present since we + * do not set the version is present flag + */ + char DomainString[0]; + /* followed by WorkstationString */ +} __packed; + +struct challenge_message { + __u8 Signature[sizeof(NTLMSSP_SIGNATURE)]; + __le32 MessageType; /* NtLmChallenge = 2 */ + struct security_buffer TargetName; + __le32 NegotiateFlags; + __u8 Challenge[CIFS_CRYPTO_KEY_SIZE]; + __u8 Reserved[8]; + struct security_buffer TargetInfoArray; + /* + * struct security_buffer for version info not present since we + * do not set the version is present flag + */ +} __packed; + +struct authenticate_message { + __u8 Signature[sizeof(NTLMSSP_SIGNATURE)]; + __le32 MessageType; /* NtLmsAuthenticate = 3 */ + struct security_buffer LmChallengeResponse; + struct security_buffer NtChallengeResponse; + struct security_buffer DomainName; + struct security_buffer UserName; + struct security_buffer WorkstationName; + struct security_buffer SessionKey; + __le32 NegotiateFlags; + /* + * struct security_buffer for version info not present since we + * do not set the version is present flag + */ + char UserString[0]; +} __packed; + +struct ntlmv2_resp { + char ntlmv2_hash[CIFS_ENCPWD_SIZE]; + __le32 blob_signature; + __u32 reserved; + __le64 time; + __u64 client_chal; /* random */ + __u32 reserved2; + /* array of name entries could follow ending in minimum 4 byte struct */ +} __packed; + +/* per smb session structure/fields */ +struct ntlmssp_auth { + /* whether session key is per smb session */ + bool sesskey_per_smbsess; + /* sent by client in type 1 ntlmsssp exchange */ + __u32 client_flags; + /* sent by server in type 2 ntlmssp exchange */ + __u32 conn_flags; + /* sent to server */ + unsigned char ciphertext[CIFS_CPHTXT_SIZE]; + /* used by ntlmssp */ + char cryptkey[CIFS_CRYPTO_KEY_SIZE]; +}; +#endif /* __KSMBD_NTLMSSP_H */ diff --git a/fs/cifsd/oplock.c b/fs/cifsd/oplock.c new file mode 100644 index 000000000000..6c3dbc71134e --- /dev/null +++ b/fs/cifsd/oplock.c @@ -0,0 +1,1693 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2016 Namjae Jeon linkinjeon@kernel.org + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#include <linux/moduleparam.h> + +#include "glob.h" +#include "oplock.h" + +#include "smb_common.h" +#include "smbstatus.h" +#include "buffer_pool.h" +#include "connection.h" +#include "mgmt/user_session.h" +#include "mgmt/share_config.h" +#include "mgmt/tree_connect.h" + +static LIST_HEAD(lease_table_list); +static DEFINE_RWLOCK(lease_list_lock); + +/** + * get_new_opinfo() - allocate a new opinfo object for oplock info + * @conn: connection instance + * @id: fid of open file + * @Tid: tree id of connection + * @lctx: lease context information + * + * Return: allocated opinfo object on success, otherwise NULL + */ +static struct oplock_info *alloc_opinfo(struct ksmbd_work *work, + uint64_t id, __u16 Tid) +{ + struct ksmbd_session *sess = work->sess; + struct oplock_info *opinfo; + + opinfo = kzalloc(sizeof(struct oplock_info), GFP_KERNEL); + if (!opinfo) + return NULL; + + opinfo->sess = sess; + opinfo->conn = sess->conn; + opinfo->level = OPLOCK_NONE; + opinfo->op_state = OPLOCK_STATE_NONE; + opinfo->pending_break = 0; + opinfo->fid = id; + opinfo->Tid = Tid; + INIT_LIST_HEAD(&opinfo->op_entry); + INIT_LIST_HEAD(&opinfo->interim_list); + init_waitqueue_head(&opinfo->oplock_q); + init_waitqueue_head(&opinfo->oplock_brk); + atomic_set(&opinfo->refcount, 1); + atomic_set(&opinfo->breaking_cnt, 0); + + return opinfo; +} + +static void lease_add_list(struct oplock_info *opinfo) +{ + struct lease_table *lb = opinfo->o_lease->l_lb; + + spin_lock(&lb->lb_lock); + list_add_rcu(&opinfo->lease_entry, &lb->lease_list); + spin_unlock(&lb->lb_lock); +} + +static void lease_del_list(struct oplock_info *opinfo) +{ + struct lease_table *lb = opinfo->o_lease->l_lb; + + if (!lb) + return; + + spin_lock(&lb->lb_lock); + if (list_empty(&opinfo->lease_entry)) { + spin_unlock(&lb->lb_lock); + return; + } + + list_del_init(&opinfo->lease_entry); + opinfo->o_lease->l_lb = NULL; + spin_unlock(&lb->lb_lock); +} + +static void lb_add(struct lease_table *lb) +{ + write_lock(&lease_list_lock); + list_add(&lb->l_entry, &lease_table_list); + write_unlock(&lease_list_lock); +} + +static int alloc_lease(struct oplock_info *opinfo, + struct lease_ctx_info *lctx) +{ + struct lease *lease; + + lease = kmalloc(sizeof(struct lease), GFP_KERNEL); + if (!lease) + return -ENOMEM; + + memcpy(lease->lease_key, lctx->lease_key, SMB2_LEASE_KEY_SIZE); + lease->state = lctx->req_state; + lease->new_state = 0; + lease->flags = lctx->flags; + lease->duration = lctx->duration; + INIT_LIST_HEAD(&opinfo->lease_entry); + opinfo->o_lease = lease; + + return 0; +} + +static void free_lease(struct oplock_info *opinfo) +{ + struct lease *lease; + + lease = opinfo->o_lease; + kfree(lease); +} + +static void free_opinfo(struct oplock_info *opinfo) +{ + if (opinfo->is_lease) + free_lease(opinfo); + kfree(opinfo); +} + +static inline void opinfo_free_rcu(struct rcu_head *rcu_head) +{ + struct oplock_info *opinfo; + + opinfo = container_of(rcu_head, struct oplock_info, rcu_head); + free_opinfo(opinfo); +} + +struct oplock_info *opinfo_get(struct ksmbd_file *fp) +{ + struct oplock_info *opinfo; + + rcu_read_lock(); + opinfo = rcu_dereference(fp->f_opinfo); + if (opinfo && !atomic_inc_not_zero(&opinfo->refcount)) + opinfo = NULL; + rcu_read_unlock(); + + return opinfo; +} + +static struct oplock_info *opinfo_get_list(struct ksmbd_inode *ci) +{ + struct oplock_info *opinfo; + + if (list_empty(&ci->m_op_list)) + return NULL; + + rcu_read_lock(); + opinfo = list_first_or_null_rcu(&ci->m_op_list, struct oplock_info, + op_entry); + if (opinfo && !atomic_inc_not_zero(&opinfo->refcount)) + opinfo = NULL; + rcu_read_unlock(); + + return opinfo; +} + +void opinfo_put(struct oplock_info *opinfo) +{ + if (!atomic_dec_and_test(&opinfo->refcount)) + return; + + call_rcu(&opinfo->rcu_head, opinfo_free_rcu); +} + +static void opinfo_add(struct oplock_info *opinfo) +{ + struct ksmbd_inode *ci = opinfo->o_fp->f_ci; + + write_lock(&ci->m_lock); + list_add_rcu(&opinfo->op_entry, &ci->m_op_list); + write_unlock(&ci->m_lock); +} + +static void opinfo_del(struct oplock_info *opinfo) +{ + struct ksmbd_inode *ci = opinfo->o_fp->f_ci; + + if (opinfo->is_lease) { + write_lock(&lease_list_lock); + lease_del_list(opinfo); + write_unlock(&lease_list_lock); + } + write_lock(&ci->m_lock); + list_del_rcu(&opinfo->op_entry); + write_unlock(&ci->m_lock); +} + +static unsigned long opinfo_count(struct ksmbd_file *fp) +{ + if (ksmbd_stream_fd(fp)) + return atomic_read(&fp->f_ci->sop_count); + else + return atomic_read(&fp->f_ci->op_count); +} + +static void opinfo_count_inc(struct ksmbd_file *fp) +{ + if (ksmbd_stream_fd(fp)) + return atomic_inc(&fp->f_ci->sop_count); + else + return atomic_inc(&fp->f_ci->op_count); +} + +static void opinfo_count_dec(struct ksmbd_file *fp) +{ + if (ksmbd_stream_fd(fp)) + return atomic_dec(&fp->f_ci->sop_count); + else + return atomic_dec(&fp->f_ci->op_count); +} + +/** + * opinfo_write_to_read() - convert a write oplock to read oplock + * @opinfo: current oplock info + * + * Return: 0 on success, otherwise -EINVAL + */ +int opinfo_write_to_read(struct oplock_info *opinfo) +{ + struct lease *lease = opinfo->o_lease; + + if (!((opinfo->level == SMB2_OPLOCK_LEVEL_BATCH) || + (opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE))) { + ksmbd_err("bad oplock(0x%x)\n", opinfo->level); + if (opinfo->is_lease) + ksmbd_err("lease state(0x%x)\n", lease->state); + return -EINVAL; + } + opinfo->level = SMB2_OPLOCK_LEVEL_II; + + if (opinfo->is_lease) + lease->state = lease->new_state; + return 0; +} + +/** + * opinfo_read_handle_to_read() - convert a read/handle oplock to read oplock + * @opinfo: current oplock info + * + * Return: 0 on success, otherwise -EINVAL + */ +int opinfo_read_handle_to_read(struct oplock_info *opinfo) +{ + struct lease *lease = opinfo->o_lease; + + lease->state = lease->new_state; + opinfo->level = SMB2_OPLOCK_LEVEL_II; + return 0; +} + +/** + * opinfo_write_to_none() - convert a write oplock to none + * @opinfo: current oplock info + * + * Return: 0 on success, otherwise -EINVAL + */ +int opinfo_write_to_none(struct oplock_info *opinfo) +{ + struct lease *lease = opinfo->o_lease; + + if (!((opinfo->level == SMB2_OPLOCK_LEVEL_BATCH) || + (opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE))) { + ksmbd_err("bad oplock(0x%x)\n", opinfo->level); + if (opinfo->is_lease) + ksmbd_err("lease state(0x%x)\n", + lease->state); + return -EINVAL; + } + opinfo->level = SMB2_OPLOCK_LEVEL_NONE; + if (opinfo->is_lease) + lease->state = lease->new_state; + return 0; +} + +/** + * opinfo_read_to_none() - convert a write read to none + * @opinfo: current oplock info + * + * Return: 0 on success, otherwise -EINVAL + */ +int opinfo_read_to_none(struct oplock_info *opinfo) +{ + struct lease *lease = opinfo->o_lease; + + if (opinfo->level != SMB2_OPLOCK_LEVEL_II) { + ksmbd_err("bad oplock(0x%x)\n", opinfo->level); + if (opinfo->is_lease) + ksmbd_err("lease state(0x%x)\n", lease->state); + return -EINVAL; + } + opinfo->level = SMB2_OPLOCK_LEVEL_NONE; + if (opinfo->is_lease) + lease->state = lease->new_state; + return 0; +} + +/** + * lease_read_to_write() - upgrade lease state from read to write + * @opinfo: current lease info + * + * Return: 0 on success, otherwise -EINVAL + */ +int lease_read_to_write(struct oplock_info *opinfo) +{ + struct lease *lease = opinfo->o_lease; + + if (!(lease->state & SMB2_LEASE_READ_CACHING_LE)) { + ksmbd_debug(OPLOCK, "bad lease state(0x%x)\n", + lease->state); + return -EINVAL; + } + + lease->new_state = SMB2_LEASE_NONE_LE; + lease->state |= SMB2_LEASE_WRITE_CACHING_LE; + if (lease->state & SMB2_LEASE_HANDLE_CACHING_LE) + opinfo->level = SMB2_OPLOCK_LEVEL_BATCH; + else + opinfo->level = SMB2_OPLOCK_LEVEL_EXCLUSIVE; + return 0; +} + +/** + * lease_none_upgrade() - upgrade lease state from none + * @opinfo: current lease info + * @new_state: new lease state + * + * Return: 0 on success, otherwise -EINVAL + */ +static int lease_none_upgrade(struct oplock_info *opinfo, + __le32 new_state) +{ + struct lease *lease = opinfo->o_lease; + + if (!(lease->state == SMB2_LEASE_NONE_LE)) { + ksmbd_debug(OPLOCK, "bad lease state(0x%x)\n", + lease->state); + return -EINVAL; + } + + lease->new_state = SMB2_LEASE_NONE_LE; + lease->state = new_state; + if (lease->state & SMB2_LEASE_HANDLE_CACHING_LE) + if (lease->state & SMB2_LEASE_WRITE_CACHING_LE) + opinfo->level = SMB2_OPLOCK_LEVEL_BATCH; + else + opinfo->level = SMB2_OPLOCK_LEVEL_II; + else if (lease->state & SMB2_LEASE_WRITE_CACHING_LE) + opinfo->level = SMB2_OPLOCK_LEVEL_EXCLUSIVE; + else if (lease->state & SMB2_LEASE_READ_CACHING_LE) + opinfo->level = SMB2_OPLOCK_LEVEL_II; + + return 0; +} + +/** + * close_id_del_oplock() - release oplock object at file close time + * @fp: ksmbd file pointer + */ +void close_id_del_oplock(struct ksmbd_file *fp) +{ + struct oplock_info *opinfo; + + if (S_ISDIR(file_inode(fp->filp)->i_mode)) + return; + + opinfo = opinfo_get(fp); + if (!opinfo) + return; + + opinfo_del(opinfo); + + rcu_assign_pointer(fp->f_opinfo, NULL); + if (opinfo->op_state == OPLOCK_ACK_WAIT) { + opinfo->op_state = OPLOCK_CLOSING; + wake_up_interruptible_all(&opinfo->oplock_q); + if (opinfo->is_lease) { + atomic_set(&opinfo->breaking_cnt, 0); + wake_up_interruptible_all(&opinfo->oplock_brk); + } + } + + opinfo_count_dec(fp); + atomic_dec(&opinfo->refcount); + opinfo_put(opinfo); +} + +/** + * grant_write_oplock() - grant exclusive/batch oplock or write lease + * @opinfo_new: new oplock info object + * @req_oplock: request oplock + * @lctx: lease context information + * + * Return: 0 + */ +static void grant_write_oplock(struct oplock_info *opinfo_new, int req_oplock, + struct lease_ctx_info *lctx) +{ + struct lease *lease = opinfo_new->o_lease; + + if (req_oplock == SMB2_OPLOCK_LEVEL_BATCH) + opinfo_new->level = SMB2_OPLOCK_LEVEL_BATCH; + else + opinfo_new->level = SMB2_OPLOCK_LEVEL_EXCLUSIVE; + + if (lctx) { + lease->state = lctx->req_state; + memcpy(lease->lease_key, lctx->lease_key, + SMB2_LEASE_KEY_SIZE); + } +} + +/** + * grant_read_oplock() - grant level2 oplock or read lease + * @opinfo_new: new oplock info object + * @lctx: lease context information + * + * Return: 0 + */ +static void grant_read_oplock(struct oplock_info *opinfo_new, + struct lease_ctx_info *lctx) +{ + struct lease *lease = opinfo_new->o_lease; + + opinfo_new->level = SMB2_OPLOCK_LEVEL_II; + + if (lctx) { + lease->state = SMB2_LEASE_READ_CACHING_LE; + if (lctx->req_state & SMB2_LEASE_HANDLE_CACHING_LE) + lease->state |= SMB2_LEASE_HANDLE_CACHING_LE; + memcpy(lease->lease_key, lctx->lease_key, + SMB2_LEASE_KEY_SIZE); + } +} + +/** + * grant_none_oplock() - grant none oplock or none lease + * @opinfo_new: new oplock info object + * @lctx: lease context information + * + * Return: 0 + */ +static void grant_none_oplock(struct oplock_info *opinfo_new, + struct lease_ctx_info *lctx) +{ + struct lease *lease = opinfo_new->o_lease; + + opinfo_new->level = SMB2_OPLOCK_LEVEL_NONE; + + if (lctx) { + lease->state = 0; + memcpy(lease->lease_key, lctx->lease_key, + SMB2_LEASE_KEY_SIZE); + } +} + +/** + * find_opinfo() - find lease object for given client guid and lease key + * @head: oplock list(read,write or none) head + * @guid1: client guid of matching lease owner + * @key1: lease key of matching lease owner + * + * Return: oplock(lease) object on success, otherwise NULL + */ +static inline int compare_guid_key(struct oplock_info *opinfo, + const char *guid1, const char *key1) +{ + const char *guid2, *key2; + + guid2 = opinfo->conn->ClientGUID; + key2 = opinfo->o_lease->lease_key; + if (!memcmp(guid1, guid2, SMB2_CLIENT_GUID_SIZE) && + !memcmp(key1, key2, SMB2_LEASE_KEY_SIZE)) + return 1; + + return 0; +} + +/** + * same_client_has_lease() - check whether current lease request is + * from lease owner of file + * @ci: master file pointer + * @client_guid: Client GUID + * @lctx: lease context information + * + * Return: oplock(lease) object on success, otherwise NULL + */ +static struct oplock_info *same_client_has_lease(struct ksmbd_inode *ci, + char *client_guid, struct lease_ctx_info *lctx) +{ + int ret; + struct lease *lease; + struct oplock_info *opinfo; + struct oplock_info *m_opinfo = NULL; + + if (!lctx) + return NULL; + + /* + * Compare lease key and client_guid to know request from same owner + * of same client + */ + read_lock(&ci->m_lock); + list_for_each_entry(opinfo, &ci->m_op_list, op_entry) { + if (!opinfo->is_lease) + continue; + read_unlock(&ci->m_lock); + lease = opinfo->o_lease; + + ret = compare_guid_key(opinfo, client_guid, lctx->lease_key); + if (ret) { + m_opinfo = opinfo; + /* skip upgrading lease about breaking lease */ + if (atomic_read(&opinfo->breaking_cnt)) { + read_lock(&ci->m_lock); + continue; + } + + /* upgrading lease */ + if ((atomic_read(&ci->op_count) + + atomic_read(&ci->sop_count)) == 1) { + if (lease->state == + (lctx->req_state & lease->state)) { + lease->state |= lctx->req_state; + if (lctx->req_state & + SMB2_LEASE_WRITE_CACHING_LE) + lease_read_to_write(opinfo); + } + } else if ((atomic_read(&ci->op_count) + + atomic_read(&ci->sop_count)) > 1) { + if (lctx->req_state == + (SMB2_LEASE_READ_CACHING_LE | + SMB2_LEASE_HANDLE_CACHING_LE)) + lease->state = lctx->req_state; + } + + if (lctx->req_state && lease->state == + SMB2_LEASE_NONE_LE) + lease_none_upgrade(opinfo, lctx->req_state); + } + read_lock(&ci->m_lock); + } + read_unlock(&ci->m_lock); + + return m_opinfo; +} + +static void wait_for_break_ack(struct oplock_info *opinfo) +{ + int rc = 0; + + rc = wait_event_interruptible_timeout(opinfo->oplock_q, + opinfo->op_state == OPLOCK_STATE_NONE || + opinfo->op_state == OPLOCK_CLOSING, + OPLOCK_WAIT_TIME); + + /* is this a timeout ? */ + if (!rc) { + if (opinfo->is_lease) + opinfo->o_lease->state = SMB2_LEASE_NONE_LE; + opinfo->level = SMB2_OPLOCK_LEVEL_NONE; + opinfo->op_state = OPLOCK_STATE_NONE; + } +} + +static void wake_up_oplock_break(struct oplock_info *opinfo) +{ + clear_bit_unlock(0, &opinfo->pending_break); + /* memory barrier is needed for wake_up_bit() */ + smp_mb__after_atomic(); + wake_up_bit(&opinfo->pending_break, 0); +} + +static int oplock_break_pending(struct oplock_info *opinfo, int req_op_level) +{ + while (test_and_set_bit(0, &opinfo->pending_break)) { + wait_on_bit(&opinfo->pending_break, 0, TASK_UNINTERRUPTIBLE); + + /* Not immediately break to none. */ + opinfo->open_trunc = 0; + + if (opinfo->op_state == OPLOCK_CLOSING) + return -ENOENT; + else if (!opinfo->is_lease && opinfo->level <= req_op_level) + return 1; + } + + if (!opinfo->is_lease && opinfo->level <= req_op_level) { + wake_up_oplock_break(opinfo); + return 1; + } + return 0; +} + +static inline int allocate_oplock_break_buf(struct ksmbd_work *work) +{ + work->response_buf = ksmbd_alloc_response(MAX_CIFS_SMALL_BUFFER_SIZE); + if (!work->response_buf) + return -ENOMEM; + work->response_sz = MAX_CIFS_SMALL_BUFFER_SIZE; + return 0; +} + +/** + * smb2_oplock_break_noti() - send smb2 oplock break cmd from conn + * to client + * @work: smb work object + * + * There are two ways this function can be called. 1- while file open we break + * from exclusive/batch lock to levelII oplock and 2- while file write/truncate + * we break from levelII oplock no oplock. + * REQUEST_BUF(work) contains oplock_info. + */ +static void __smb2_oplock_break_noti(struct work_struct *wk) +{ + struct smb2_oplock_break *rsp = NULL; + struct ksmbd_work *work = container_of(wk, struct ksmbd_work, work); + struct ksmbd_conn *conn = work->conn; + struct oplock_break_info *br_info = REQUEST_BUF(work); + struct smb2_hdr *rsp_hdr; + struct ksmbd_file *fp; + + fp = ksmbd_lookup_durable_fd(br_info->fid); + if (!fp) { + atomic_dec(&conn->r_count); + ksmbd_free_work_struct(work); + return; + } + + if (allocate_oplock_break_buf(work)) { + ksmbd_err("smb2_allocate_rsp_buf failed! "); + atomic_dec(&conn->r_count); + ksmbd_free_work_struct(work); + ksmbd_fd_put(work, fp); + return; + } + + rsp_hdr = RESPONSE_BUF(work); + memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2); + rsp_hdr->smb2_buf_length = cpu_to_be32(HEADER_SIZE_NO_BUF_LEN(conn)); + rsp_hdr->ProtocolId = SMB2_PROTO_NUMBER; + rsp_hdr->StructureSize = SMB2_HEADER_STRUCTURE_SIZE; + rsp_hdr->CreditRequest = cpu_to_le16(0); + rsp_hdr->Command = SMB2_OPLOCK_BREAK; + rsp_hdr->Flags = (SMB2_FLAGS_SERVER_TO_REDIR); + rsp_hdr->NextCommand = 0; + rsp_hdr->MessageId = cpu_to_le64(-1); + rsp_hdr->Id.SyncId.ProcessId = 0; + rsp_hdr->Id.SyncId.TreeId = 0; + rsp_hdr->SessionId = 0; + memset(rsp_hdr->Signature, 0, 16); + + + rsp = RESPONSE_BUF(work); + + rsp->StructureSize = cpu_to_le16(24); + if (!br_info->open_trunc && + (br_info->level == SMB2_OPLOCK_LEVEL_BATCH || + br_info->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE)) + rsp->OplockLevel = SMB2_OPLOCK_LEVEL_II; + else + rsp->OplockLevel = SMB2_OPLOCK_LEVEL_NONE; + rsp->Reserved = 0; + rsp->Reserved2 = 0; + rsp->PersistentFid = cpu_to_le64(fp->persistent_id); + rsp->VolatileFid = cpu_to_le64(fp->volatile_id); + + inc_rfc1001_len(rsp, 24); + + ksmbd_debug(OPLOCK, + "sending oplock break v_id %llu p_id = %llu lock level = %d\n", + rsp->VolatileFid, rsp->PersistentFid, rsp->OplockLevel); + + ksmbd_fd_put(work, fp); + ksmbd_conn_write(work); + ksmbd_free_work_struct(work); + atomic_dec(&conn->r_count); +} + +/** + * smb2_oplock_break() - send smb2 exclusive/batch to level2 oplock + * break command from server to client + * @opinfo: oplock info object + * @ack_required if requiring ack + * + * Return: 0 on success, otherwise error + */ +static int smb2_oplock_break_noti(struct oplock_info *opinfo) +{ + struct ksmbd_conn *conn = opinfo->conn; + struct oplock_break_info *br_info; + int ret = 0; + struct ksmbd_work *work = ksmbd_alloc_work_struct(); + + if (!work) + return -ENOMEM; + + br_info = kmalloc(sizeof(struct oplock_break_info), GFP_KERNEL); + if (!br_info) { + ksmbd_free_work_struct(work); + return -ENOMEM; + } + + br_info->level = opinfo->level; + br_info->fid = opinfo->fid; + br_info->open_trunc = opinfo->open_trunc; + + work->request_buf = (char *)br_info; + work->conn = conn; + work->sess = opinfo->sess; + + atomic_inc(&conn->r_count); + if (opinfo->op_state == OPLOCK_ACK_WAIT) { + INIT_WORK(&work->work, __smb2_oplock_break_noti); + ksmbd_queue_work(work); + + wait_for_break_ack(opinfo); + } else { + __smb2_oplock_break_noti(&work->work); + if (opinfo->level == SMB2_OPLOCK_LEVEL_II) + opinfo->level = SMB2_OPLOCK_LEVEL_NONE; + } + return ret; +} + +/** + * __smb2_lease_break_noti() - send lease break command from server + * to client + * @work: smb work object + */ +static void __smb2_lease_break_noti(struct work_struct *wk) +{ + struct smb2_lease_break *rsp = NULL; + struct ksmbd_work *work = container_of(wk, struct ksmbd_work, work); + struct lease_break_info *br_info = REQUEST_BUF(work); + struct ksmbd_conn *conn = work->conn; + struct smb2_hdr *rsp_hdr; + + if (allocate_oplock_break_buf(work)) { + ksmbd_debug(OPLOCK, "smb2_allocate_rsp_buf failed! "); + ksmbd_free_work_struct(work); + atomic_dec(&conn->r_count); + return; + } + + rsp_hdr = RESPONSE_BUF(work); + memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2); + rsp_hdr->smb2_buf_length = cpu_to_be32(HEADER_SIZE_NO_BUF_LEN(conn)); + rsp_hdr->ProtocolId = SMB2_PROTO_NUMBER; + rsp_hdr->StructureSize = SMB2_HEADER_STRUCTURE_SIZE; + rsp_hdr->CreditRequest = cpu_to_le16(0); + rsp_hdr->Command = SMB2_OPLOCK_BREAK; + rsp_hdr->Flags = (SMB2_FLAGS_SERVER_TO_REDIR); + rsp_hdr->NextCommand = 0; + rsp_hdr->MessageId = cpu_to_le64(-1); + rsp_hdr->Id.SyncId.ProcessId = 0; + rsp_hdr->Id.SyncId.TreeId = 0; + rsp_hdr->SessionId = 0; + memset(rsp_hdr->Signature, 0, 16); + + rsp = RESPONSE_BUF(work); + rsp->StructureSize = cpu_to_le16(44); + rsp->Reserved = 0; + rsp->Flags = 0; + + if (br_info->curr_state & (SMB2_LEASE_WRITE_CACHING_LE | + SMB2_LEASE_HANDLE_CACHING_LE)) + rsp->Flags = SMB2_NOTIFY_BREAK_LEASE_FLAG_ACK_REQUIRED; + + memcpy(rsp->LeaseKey, br_info->lease_key, SMB2_LEASE_KEY_SIZE); + rsp->CurrentLeaseState = br_info->curr_state; + rsp->NewLeaseState = br_info->new_state; + rsp->BreakReason = 0; + rsp->AccessMaskHint = 0; + rsp->ShareMaskHint = 0; + + inc_rfc1001_len(rsp, 44); + + ksmbd_conn_write(work); + ksmbd_free_work_struct(work); + atomic_dec(&conn->r_count); +} + +/** + * smb2_break_lease() - break lease when a new client request + * write lease + * @opinfo: conains lease state information + * @ack_required: if requring ack + * + * Return: 0 on success, otherwise error + */ +static int smb2_lease_break_noti(struct oplock_info *opinfo) +{ + struct ksmbd_conn *conn = opinfo->conn; + struct list_head *tmp, *t; + struct ksmbd_work *work; + struct lease_break_info *br_info; + struct lease *lease = opinfo->o_lease; + + work = ksmbd_alloc_work_struct(); + if (!work) + return -ENOMEM; + + br_info = kmalloc(sizeof(struct lease_break_info), GFP_KERNEL); + if (!br_info) { + ksmbd_free_work_struct(work); + return -ENOMEM; + } + + br_info->curr_state = lease->state; + br_info->new_state = lease->new_state; + memcpy(br_info->lease_key, lease->lease_key, SMB2_LEASE_KEY_SIZE); + + work->request_buf = (char *)br_info; + work->conn = conn; + work->sess = opinfo->sess; + + atomic_inc(&conn->r_count); + if (opinfo->op_state == OPLOCK_ACK_WAIT) { + list_for_each_safe(tmp, t, &opinfo->interim_list) { + struct ksmbd_work *in_work; + + in_work = list_entry(tmp, struct ksmbd_work, + interim_entry); + setup_async_work(in_work, NULL, NULL); + smb2_send_interim_resp(in_work, STATUS_PENDING); + list_del(&in_work->interim_entry); + } + INIT_WORK(&work->work, __smb2_lease_break_noti); + ksmbd_queue_work(work); + wait_for_break_ack(opinfo); + } else { + __smb2_lease_break_noti(&work->work); + if (opinfo->o_lease->new_state == SMB2_LEASE_NONE_LE) { + opinfo->level = SMB2_OPLOCK_LEVEL_NONE; + opinfo->o_lease->state = SMB2_LEASE_NONE_LE; + } + } + return 0; +} + +static void wait_lease_breaking(struct oplock_info *opinfo) +{ + if (!opinfo->is_lease) + return; + + wake_up_interruptible_all(&opinfo->oplock_brk); + if (atomic_read(&opinfo->breaking_cnt)) { + int ret = 0; + + ret = wait_event_interruptible_timeout( + opinfo->oplock_brk, + atomic_read(&opinfo->breaking_cnt) == 0, + HZ); + if (!ret) + atomic_set(&opinfo->breaking_cnt, 0); + } +} + +static int oplock_break(struct oplock_info *brk_opinfo, int req_op_level) +{ + int err = 0; + + /* Need to break exclusive/batch oplock, write lease or overwrite_if */ + ksmbd_debug(OPLOCK, + "request to send oplock(level : 0x%x) break notification\n", + brk_opinfo->level); + + if (brk_opinfo->is_lease) { + struct lease *lease = brk_opinfo->o_lease; + + atomic_inc(&brk_opinfo->breaking_cnt); + + err = oplock_break_pending(brk_opinfo, req_op_level); + if (err) + return err < 0 ? err : 0; + + if (brk_opinfo->open_trunc) { + /* + * Create overwrite break trigger the lease break to + * none. + */ + lease->new_state = SMB2_LEASE_NONE_LE; + } else { + if (lease->state & SMB2_LEASE_WRITE_CACHING_LE) { + if (lease->state & SMB2_LEASE_HANDLE_CACHING_LE) + lease->new_state = + SMB2_LEASE_READ_CACHING_LE | + SMB2_LEASE_HANDLE_CACHING_LE; + else + lease->new_state = + SMB2_LEASE_READ_CACHING_LE; + } else { + if (lease->state & SMB2_LEASE_HANDLE_CACHING_LE) + lease->new_state = + SMB2_LEASE_READ_CACHING_LE; + else + lease->new_state = SMB2_LEASE_NONE_LE; + } + } + + if (lease->state & (SMB2_LEASE_WRITE_CACHING_LE | + SMB2_LEASE_HANDLE_CACHING_LE)) + brk_opinfo->op_state = OPLOCK_ACK_WAIT; + else + atomic_dec(&brk_opinfo->breaking_cnt); + } else { + err = oplock_break_pending(brk_opinfo, req_op_level); + if (err) + return err < 0 ? err : 0; + + if (brk_opinfo->level == SMB2_OPLOCK_LEVEL_BATCH || + brk_opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE) + brk_opinfo->op_state = OPLOCK_ACK_WAIT; + } + + if (brk_opinfo->is_lease) + err = smb2_lease_break_noti(brk_opinfo); + else + err = smb2_oplock_break_noti(brk_opinfo); + + ksmbd_debug(OPLOCK, "oplock granted = %d\n", brk_opinfo->level); + if (brk_opinfo->op_state == OPLOCK_CLOSING) + err = -ENOENT; + wake_up_oplock_break(brk_opinfo); + + wait_lease_breaking(brk_opinfo); + + return err; +} + +void destroy_lease_table(struct ksmbd_conn *conn) +{ + struct lease_table *lb, *lbtmp; + struct oplock_info *opinfo; + + write_lock(&lease_list_lock); + if (list_empty(&lease_table_list)) { + write_unlock(&lease_list_lock); + return; + } + + list_for_each_entry_safe(lb, lbtmp, &lease_table_list, l_entry) { + if (conn && memcmp(lb->client_guid, conn->ClientGUID, + SMB2_CLIENT_GUID_SIZE)) + continue; +again: + rcu_read_lock(); + list_for_each_entry_rcu(opinfo, &lb->lease_list, + lease_entry) { + rcu_read_unlock(); + lease_del_list(opinfo); + goto again; + } + rcu_read_unlock(); + list_del(&lb->l_entry); + kfree(lb); + } + write_unlock(&lease_list_lock); +} + +int find_same_lease_key(struct ksmbd_session *sess, struct ksmbd_inode *ci, + struct lease_ctx_info *lctx) +{ + struct oplock_info *opinfo; + int err = 0; + struct lease_table *lb; + + if (!lctx) + return err; + + read_lock(&lease_list_lock); + if (list_empty(&lease_table_list)) { + read_unlock(&lease_list_lock); + return 0; + } + + list_for_each_entry(lb, &lease_table_list, l_entry) { + if (!memcmp(lb->client_guid, sess->conn->ClientGUID, + SMB2_CLIENT_GUID_SIZE)) + goto found; + } + read_unlock(&lease_list_lock); + + return 0; + +found: + rcu_read_lock(); + list_for_each_entry_rcu(opinfo, &lb->lease_list, + lease_entry) { + if (!atomic_inc_not_zero(&opinfo->refcount)) + continue; + rcu_read_unlock(); + if (opinfo->o_fp->f_ci == ci) + goto op_next; + err = compare_guid_key(opinfo, + sess->conn->ClientGUID, + lctx->lease_key); + if (err) { + err = -EINVAL; + ksmbd_debug(OPLOCK, + "found same lease key is already used in other files\n"); + opinfo_put(opinfo); + goto out; + } +op_next: + opinfo_put(opinfo); + rcu_read_lock(); + } + rcu_read_unlock(); + +out: + read_unlock(&lease_list_lock); + return err; +} + +static void copy_lease(struct oplock_info *op1, struct oplock_info *op2) +{ + struct lease *lease1 = op1->o_lease; + struct lease *lease2 = op2->o_lease; + + op2->level = op1->level; + lease2->state = lease1->state; + memcpy(lease2->lease_key, lease1->lease_key, + SMB2_LEASE_KEY_SIZE); + lease2->duration = lease1->duration; + lease2->flags = lease1->flags; +} + +static int add_lease_global_list(struct oplock_info *opinfo) +{ + struct lease_table *lb; + + read_lock(&lease_list_lock); + list_for_each_entry(lb, &lease_table_list, l_entry) { + if (!memcmp(lb->client_guid, opinfo->conn->ClientGUID, + SMB2_CLIENT_GUID_SIZE)) { + opinfo->o_lease->l_lb = lb; + lease_add_list(opinfo); + read_unlock(&lease_list_lock); + return 0; + } + } + read_unlock(&lease_list_lock); + + lb = kmalloc(sizeof(struct lease_table), GFP_KERNEL); + if (!lb) + return -ENOMEM; + + memcpy(lb->client_guid, opinfo->conn->ClientGUID, + SMB2_CLIENT_GUID_SIZE); + INIT_LIST_HEAD(&lb->lease_list); + spin_lock_init(&lb->lb_lock); + opinfo->o_lease->l_lb = lb; + lease_add_list(opinfo); + lb_add(lb); + return 0; +} + +static void set_oplock_level(struct oplock_info *opinfo, int level, + struct lease_ctx_info *lctx) +{ + switch (level) { + case SMB2_OPLOCK_LEVEL_BATCH: + case SMB2_OPLOCK_LEVEL_EXCLUSIVE: + grant_write_oplock(opinfo, + level, lctx); + break; + case SMB2_OPLOCK_LEVEL_II: + grant_read_oplock(opinfo, lctx); + break; + default: + grant_none_oplock(opinfo, lctx); + break; + } +} + +/** + * smb_grant_oplock() - handle oplock/lease request on file open + * @fp: ksmbd file pointer + * @oplock: granted oplock type + * @id: fid of open file + * @Tid: Tree id of connection + * @lctx: lease context information on file open + * @attr_only: attribute only file open type + * + * Return: 0 on success, otherwise error + */ +int smb_grant_oplock(struct ksmbd_work *work, + int req_op_level, + uint64_t pid, + struct ksmbd_file *fp, + __u16 tid, + struct lease_ctx_info *lctx, + int share_ret) +{ + struct ksmbd_session *sess = work->sess; + int err = 0; + struct oplock_info *opinfo = NULL, *prev_opinfo = NULL; + struct ksmbd_inode *ci = fp->f_ci; + bool prev_op_has_lease; + __le32 prev_op_state = 0; + + /* not support directory lease */ + if (S_ISDIR(file_inode(fp->filp)->i_mode)) { + if (lctx) + lctx->dlease = 1; + return 0; + } + + opinfo = alloc_opinfo(work, pid, tid); + if (!opinfo) + return -ENOMEM; + + if (lctx) { + err = alloc_lease(opinfo, lctx); + if (err) + goto err_out; + opinfo->is_lease = 1; + } + + /* ci does not have any oplock */ + if (!opinfo_count(fp)) + goto set_lev; + + /* grant none-oplock if second open is trunc */ + if (ATTR_FP(fp)) { + req_op_level = SMB2_OPLOCK_LEVEL_NONE; + goto set_lev; + } + + if (lctx) { + struct oplock_info *m_opinfo; + + /* is lease already granted ? */ + m_opinfo = same_client_has_lease(ci, sess->conn->ClientGUID, + lctx); + if (m_opinfo) { + copy_lease(m_opinfo, opinfo); + if (atomic_read(&m_opinfo->breaking_cnt)) + opinfo->o_lease->flags = + SMB2_LEASE_FLAG_BREAK_IN_PROGRESS_LE; + goto out; + } + } + prev_opinfo = opinfo_get_list(ci); + if (!prev_opinfo || + (prev_opinfo->level == SMB2_OPLOCK_LEVEL_NONE && lctx)) + goto set_lev; + prev_op_has_lease = prev_opinfo->is_lease; + if (prev_op_has_lease) + prev_op_state = prev_opinfo->o_lease->state; + + if (share_ret < 0 && + (prev_opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE)) { + err = share_ret; + opinfo_put(prev_opinfo); + goto err_out; + } + + if ((prev_opinfo->level != SMB2_OPLOCK_LEVEL_BATCH) && + (prev_opinfo->level != SMB2_OPLOCK_LEVEL_EXCLUSIVE)) { + opinfo_put(prev_opinfo); + goto op_break_not_needed; + } + + list_add(&work->interim_entry, &prev_opinfo->interim_list); + err = oplock_break(prev_opinfo, SMB2_OPLOCK_LEVEL_II); + opinfo_put(prev_opinfo); + if (err == -ENOENT) + goto set_lev; + /* Check all oplock was freed by close */ + else if (err < 0) + goto err_out; + +op_break_not_needed: + if (share_ret < 0) { + err = share_ret; + goto err_out; + } + + if (req_op_level != SMB2_OPLOCK_LEVEL_NONE) + req_op_level = SMB2_OPLOCK_LEVEL_II; + + /* grant fixed oplock on stacked locking between lease and oplock */ + if (prev_op_has_lease && !lctx) + if (prev_op_state & SMB2_LEASE_HANDLE_CACHING_LE) + req_op_level = SMB2_OPLOCK_LEVEL_NONE; + + if (!prev_op_has_lease && lctx) { + req_op_level = SMB2_OPLOCK_LEVEL_II; + lctx->req_state = SMB2_LEASE_READ_CACHING_LE; + } + +set_lev: + set_oplock_level(opinfo, req_op_level, lctx); + +out: + rcu_assign_pointer(fp->f_opinfo, opinfo); + opinfo->o_fp = fp; + + opinfo_count_inc(fp); + opinfo_add(opinfo); + if (opinfo->is_lease) { + err = add_lease_global_list(opinfo); + if (err) + goto err_out; + } + + return 0; +err_out: + free_opinfo(opinfo); + return err; +} + +/** + * smb_break_write_oplock() - break batch/exclusive oplock to level2 + * @work: smb work + * @fp: ksmbd file pointer + * @openfile: open file object + */ +static void smb_break_all_write_oplock(struct ksmbd_work *work, + struct ksmbd_file *fp, int is_trunc) +{ + struct oplock_info *brk_opinfo; + + brk_opinfo = opinfo_get_list(fp->f_ci); + if (!brk_opinfo) + return; + if (brk_opinfo->level != SMB2_OPLOCK_LEVEL_BATCH && + brk_opinfo->level != SMB2_OPLOCK_LEVEL_EXCLUSIVE) { + opinfo_put(brk_opinfo); + return; + } + + brk_opinfo->open_trunc = is_trunc; + list_add(&work->interim_entry, &brk_opinfo->interim_list); + oplock_break(brk_opinfo, SMB2_OPLOCK_LEVEL_II); + opinfo_put(brk_opinfo); +} + +/** + * smb_break_all_levII_oplock() - send level2 oplock or read lease break command + * from server to client + * @conn: connection instance + * @fp: ksmbd file pointer + * @is_trunc: truncate on open + */ +void smb_break_all_levII_oplock(struct ksmbd_work *work, + struct ksmbd_file *fp, int is_trunc) +{ + struct oplock_info *op, *brk_op; + struct ksmbd_inode *ci; + struct ksmbd_conn *conn = work->sess->conn; + + if (!test_share_config_flag(work->tcon->share_conf, + KSMBD_SHARE_FLAG_OPLOCKS)) { + return; + } + + ci = fp->f_ci; + op = opinfo_get(fp); + + rcu_read_lock(); + list_for_each_entry_rcu(brk_op, &ci->m_op_list, op_entry) { + if (!atomic_inc_not_zero(&brk_op->refcount)) + continue; + rcu_read_unlock(); + if (brk_op->is_lease && (brk_op->o_lease->state & + (~(SMB2_LEASE_READ_CACHING_LE | + SMB2_LEASE_HANDLE_CACHING_LE)))) { + ksmbd_debug(OPLOCK, "unexpected lease state(0x%x)\n", + brk_op->o_lease->state); + goto next; + } else if (brk_op->level != + SMB2_OPLOCK_LEVEL_II) { + ksmbd_debug(OPLOCK, "unexpected oplock(0x%x)\n", + brk_op->level); + goto next; + } + + /* Skip oplock being break to none */ + if (brk_op->is_lease && (brk_op->o_lease->new_state == + SMB2_LEASE_NONE_LE) && + atomic_read(&brk_op->breaking_cnt)) + goto next; + + if (op && op->is_lease && + brk_op->is_lease && + !memcmp(conn->ClientGUID, brk_op->conn->ClientGUID, + SMB2_CLIENT_GUID_SIZE) && + !memcmp(op->o_lease->lease_key, + brk_op->o_lease->lease_key, + SMB2_LEASE_KEY_SIZE)) + goto next; + brk_op->open_trunc = is_trunc; + oplock_break(brk_op, SMB2_OPLOCK_LEVEL_NONE); +next: + opinfo_put(brk_op); + rcu_read_lock(); + } + rcu_read_unlock(); + + if (op) + opinfo_put(op); +} + +/** + * smb_break_all_oplock() - break both batch/exclusive and level2 oplock + * @work: smb work + * @fp: ksmbd file pointer + */ +void smb_break_all_oplock(struct ksmbd_work *work, struct ksmbd_file *fp) +{ + if (!test_share_config_flag(work->tcon->share_conf, + KSMBD_SHARE_FLAG_OPLOCKS)) + return; + + smb_break_all_write_oplock(work, fp, 1); + smb_break_all_levII_oplock(work, fp, 1); +} + +/** + * smb2_map_lease_to_oplock() - map lease state to corresponding oplock type + * @lease_state: lease type + * + * Return: 0 if no mapping, otherwise corresponding oplock type + */ +__u8 smb2_map_lease_to_oplock(__le32 lease_state) +{ + if (lease_state == (SMB2_LEASE_HANDLE_CACHING_LE | + SMB2_LEASE_READ_CACHING_LE | SMB2_LEASE_WRITE_CACHING_LE)) + return SMB2_OPLOCK_LEVEL_BATCH; + else if (lease_state != SMB2_LEASE_WRITE_CACHING_LE && + lease_state & SMB2_LEASE_WRITE_CACHING_LE) { + if (!(lease_state & SMB2_LEASE_HANDLE_CACHING_LE)) + return SMB2_OPLOCK_LEVEL_EXCLUSIVE; + } else if (lease_state & SMB2_LEASE_READ_CACHING_LE) + return SMB2_OPLOCK_LEVEL_II; + return 0; +} + +/** + * create_lease_buf() - create lease context for open cmd response + * @rbuf: buffer to create lease context response + * @lreq: buffer to stored parsed lease state information + */ +void create_lease_buf(u8 *rbuf, struct lease *lease) +{ + struct create_lease *buf = (struct create_lease *)rbuf; + char *LeaseKey = (char *)&lease->lease_key; + + memset(buf, 0, sizeof(struct create_lease)); + buf->lcontext.LeaseKeyLow = *((__le64 *)LeaseKey); + buf->lcontext.LeaseKeyHigh = *((__le64 *)(LeaseKey + 8)); + buf->lcontext.LeaseFlags = lease->flags; + buf->lcontext.LeaseState = lease->state; + buf->ccontext.DataOffset = cpu_to_le16(offsetof + (struct create_lease, lcontext)); + buf->ccontext.DataLength = cpu_to_le32(sizeof(struct lease_context)); + buf->ccontext.NameOffset = cpu_to_le16(offsetof + (struct create_lease, Name)); + buf->ccontext.NameLength = cpu_to_le16(4); + buf->Name[0] = 'R'; + buf->Name[1] = 'q'; + buf->Name[2] = 'L'; + buf->Name[3] = 's'; +} + +/** + * parse_lease_state() - parse lease context containted in file open request + * @open_req: buffer containing smb2 file open(create) request + * @lreq: buffer to stored parsed lease state information + * + * Return: oplock state, -ENOENT if create lease context not found + */ +struct lease_ctx_info *parse_lease_state(void *open_req) +{ + char *data_offset; + struct create_context *cc; + unsigned int next = 0; + char *name; + bool found = false; + struct smb2_create_req *req = (struct smb2_create_req *)open_req; + struct lease_ctx_info *lreq = kzalloc(sizeof(struct lease_ctx_info), + GFP_KERNEL); + if (!lreq) + return NULL; + + data_offset = (char *)req + 4 + le32_to_cpu(req->CreateContextsOffset); + cc = (struct create_context *)data_offset; + do { + cc = (struct create_context *)((char *)cc + next); + name = le16_to_cpu(cc->NameOffset) + (char *)cc; + if (le16_to_cpu(cc->NameLength) != 4 || + strncmp(name, SMB2_CREATE_REQUEST_LEASE, 4)) { + next = le32_to_cpu(cc->Next); + continue; + } + found = true; + break; + } while (next != 0); + + if (found) { + struct create_lease *lc = (struct create_lease *)cc; + *((__le64 *)lreq->lease_key) = lc->lcontext.LeaseKeyLow; + *((__le64 *)(lreq->lease_key + 8)) = lc->lcontext.LeaseKeyHigh; + lreq->req_state = lc->lcontext.LeaseState; + lreq->flags = lc->lcontext.LeaseFlags; + lreq->duration = lc->lcontext.LeaseDuration; + return lreq; + } + + kfree(lreq); + return NULL; +} + +/** + * smb2_find_context_vals() - find a particular context info in open request + * @open_req: buffer containing smb2 file open(create) request + * @str: context name to search for + * + * Return: pointer to requested context, NULL if @str context not found + */ +struct create_context *smb2_find_context_vals(void *open_req, const char *tag) +{ + char *data_offset; + struct create_context *cc; + unsigned int next = 0; + char *name; + struct smb2_create_req *req = (struct smb2_create_req *)open_req; + + data_offset = (char *)req + 4 + le32_to_cpu(req->CreateContextsOffset); + cc = (struct create_context *)data_offset; + do { + int val; + + cc = (struct create_context *)((char *)cc + next); + name = le16_to_cpu(cc->NameOffset) + (char *)cc; + val = le16_to_cpu(cc->NameLength); + if (val < 4) + return ERR_PTR(-EINVAL); + + if (memcmp(name, tag, val) == 0) + return cc; + next = le32_to_cpu(cc->Next); + } while (next != 0); + + return ERR_PTR(-ENOENT); +} + +/** + * create_durable_buf() - create durable handle context + * @cc: buffer to create durable context response + */ +void create_durable_rsp_buf(char *cc) +{ + struct create_durable_rsp *buf; + + buf = (struct create_durable_rsp *)cc; + memset(buf, 0, sizeof(struct create_durable_rsp)); + buf->ccontext.DataOffset = cpu_to_le16(offsetof + (struct create_durable_rsp, Data)); + buf->ccontext.DataLength = cpu_to_le32(8); + buf->ccontext.NameOffset = cpu_to_le16(offsetof + (struct create_durable_rsp, Name)); + buf->ccontext.NameLength = cpu_to_le16(4); + /* SMB2_CREATE_DURABLE_HANDLE_RESPONSE is "DHnQ" */ + buf->Name[0] = 'D'; + buf->Name[1] = 'H'; + buf->Name[2] = 'n'; + buf->Name[3] = 'Q'; +} + +/** + * create_durable_buf() - create durable handle v2 context + * @cc: buffer to create durable context response + */ +void create_durable_v2_rsp_buf(char *cc, struct ksmbd_file *fp) +{ + struct create_durable_v2_rsp *buf; + + buf = (struct create_durable_v2_rsp *)cc; + memset(buf, 0, sizeof(struct create_durable_rsp)); + buf->ccontext.DataOffset = cpu_to_le16(offsetof + (struct create_durable_rsp, Data)); + buf->ccontext.DataLength = cpu_to_le32(8); + buf->ccontext.NameOffset = cpu_to_le16(offsetof + (struct create_durable_rsp, Name)); + buf->ccontext.NameLength = cpu_to_le16(4); + /* SMB2_CREATE_DURABLE_HANDLE_RESPONSE_V2 is "DH2Q" */ + buf->Name[0] = 'D'; + buf->Name[1] = 'H'; + buf->Name[2] = '2'; + buf->Name[3] = 'Q'; + + buf->Timeout = cpu_to_le32(fp->durable_timeout); + if (fp->is_persistent) + buf->Flags = SMB2_FLAGS_REPLAY_OPERATIONS; +} + +/** + * create_mxac_buf() - create query maximal access context + * @cc: buffer to create maximal access context response + */ +void create_mxac_rsp_buf(char *cc, int maximal_access) +{ + struct create_mxac_rsp *buf; + + buf = (struct create_mxac_rsp *)cc; + memset(buf, 0, sizeof(struct create_mxac_rsp)); + buf->ccontext.DataOffset = cpu_to_le16(offsetof + (struct create_mxac_rsp, QueryStatus)); + buf->ccontext.DataLength = cpu_to_le32(8); + buf->ccontext.NameOffset = cpu_to_le16(offsetof + (struct create_mxac_rsp, Name)); + buf->ccontext.NameLength = cpu_to_le16(4); + /* SMB2_CREATE_QUERY_MAXIMAL_ACCESS_RESPONSE is "MxAc" */ + buf->Name[0] = 'M'; + buf->Name[1] = 'x'; + buf->Name[2] = 'A'; + buf->Name[3] = 'c'; + + buf->QueryStatus = STATUS_SUCCESS; + buf->MaximalAccess = cpu_to_le32(maximal_access); +} + +/** + * create_mxac_buf() - create query maximal access context + * @cc: buffer to create query disk on id context response + */ +void create_disk_id_rsp_buf(char *cc, __u64 file_id, __u64 vol_id) +{ + struct create_disk_id_rsp *buf; + + buf = (struct create_disk_id_rsp *)cc; + memset(buf, 0, sizeof(struct create_disk_id_rsp)); + buf->ccontext.DataOffset = cpu_to_le16(offsetof + (struct create_disk_id_rsp, DiskFileId)); + buf->ccontext.DataLength = cpu_to_le32(32); + buf->ccontext.NameOffset = cpu_to_le16(offsetof + (struct create_mxac_rsp, Name)); + buf->ccontext.NameLength = cpu_to_le16(4); + /* SMB2_CREATE_QUERY_ON_DISK_ID_RESPONSE is "QFid" */ + buf->Name[0] = 'Q'; + buf->Name[1] = 'F'; + buf->Name[2] = 'i'; + buf->Name[3] = 'd'; + + buf->DiskFileId = cpu_to_le64(file_id); + buf->VolumeId = cpu_to_le64(vol_id); +} + +/** + * create_posix_buf() - create posix extension context + * @cc: buffer to create posix on posix response + */ +void create_posix_rsp_buf(char *cc, struct ksmbd_file *fp) +{ + struct create_posix_rsp *buf; + struct inode *inode = FP_INODE(fp); + + buf = (struct create_posix_rsp *)cc; + memset(buf, 0, sizeof(struct create_posix_rsp)); + buf->ccontext.DataOffset = cpu_to_le16(offsetof + (struct create_posix_rsp, nlink)); + buf->ccontext.DataLength = cpu_to_le32(52); + buf->ccontext.NameOffset = cpu_to_le16(offsetof + (struct create_posix_rsp, Name)); + buf->ccontext.NameLength = cpu_to_le16(POSIX_CTXT_DATA_LEN); + /* SMB2_CREATE_TAG_POSIX is "0x93AD25509CB411E7B42383DE968BCD7C" */ + buf->Name[0] = 0x93; + buf->Name[1] = 0xAD; + buf->Name[2] = 0x25; + buf->Name[3] = 0x50; + buf->Name[4] = 0x9C; + buf->Name[5] = 0xB4; + buf->Name[6] = 0x11; + buf->Name[7] = 0xE7; + buf->Name[8] = 0xB4; + buf->Name[9] = 0x23; + buf->Name[10] = 0x83; + buf->Name[11] = 0xDE; + buf->Name[12] = 0x96; + buf->Name[13] = 0x8B; + buf->Name[14] = 0xCD; + buf->Name[15] = 0x7C; + + buf->nlink = cpu_to_le32(inode->i_nlink); + buf->reparse_tag = cpu_to_le32(fp->volatile_id); + buf->mode = cpu_to_le32(inode->i_mode); + id_to_sid(from_kuid(&init_user_ns, inode->i_uid), + SIDNFS_USER, (struct smb_sid *)&buf->SidBuffer[0]); + id_to_sid(from_kgid(&init_user_ns, inode->i_gid), + SIDNFS_GROUP, (struct smb_sid *)&buf->SidBuffer[20]); +} + +/* + * Find lease object(opinfo) for given lease key/fid from lease + * break/file close path. + */ +/** + * lookup_lease_in_table() - find a matching lease info object + * @conn: connection instance + * @lease_key: lease key to be searched for + * + * Return: opinfo if found matching opinfo, otherwise NULL + */ +struct oplock_info *lookup_lease_in_table(struct ksmbd_conn *conn, + char *lease_key) +{ + struct oplock_info *opinfo = NULL, *ret_op = NULL; + struct lease_table *lt; + int ret; + + read_lock(&lease_list_lock); + list_for_each_entry(lt, &lease_table_list, l_entry) { + if (!memcmp(lt->client_guid, conn->ClientGUID, + SMB2_CLIENT_GUID_SIZE)) + goto found; + } + + read_unlock(&lease_list_lock); + return NULL; + +found: + rcu_read_lock(); + list_for_each_entry_rcu(opinfo, &lt->lease_list, lease_entry) { + if (!atomic_inc_not_zero(&opinfo->refcount)) + continue; + rcu_read_unlock(); + if (!opinfo->op_state || + opinfo->op_state == OPLOCK_CLOSING) + goto op_next; + if (!(opinfo->o_lease->state & + (SMB2_LEASE_HANDLE_CACHING_LE | + SMB2_LEASE_WRITE_CACHING_LE))) + goto op_next; + ret = compare_guid_key(opinfo, conn->ClientGUID, + lease_key); + if (ret) { + ksmbd_debug(OPLOCK, "found opinfo\n"); + ret_op = opinfo; + goto out; + } +op_next: + opinfo_put(opinfo); + rcu_read_lock(); + } + rcu_read_unlock(); + +out: + read_unlock(&lease_list_lock); + return ret_op; +} + +int smb2_check_durable_oplock(struct ksmbd_file *fp, + struct lease_ctx_info *lctx, char *name) +{ + struct oplock_info *opinfo = opinfo_get(fp); + int ret = 0; + + if (opinfo && opinfo->is_lease) { + if (!lctx) { + ksmbd_err("open does not include lease\n"); + ret = -EBADF; + goto out; + } + if (memcmp(opinfo->o_lease->lease_key, lctx->lease_key, + SMB2_LEASE_KEY_SIZE)) { + ksmbd_err("invalid lease key\n"); + ret = -EBADF; + goto out; + } + if (name && strcmp(fp->filename, name)) { + ksmbd_err("invalid name reconnect %s\n", name); + ret = -EINVAL; + goto out; + } + } +out: + if (opinfo) + opinfo_put(opinfo); + return ret; +} diff --git a/fs/cifsd/oplock.h b/fs/cifsd/oplock.h new file mode 100644 index 000000000000..b0e2e795f29a --- /dev/null +++ b/fs/cifsd/oplock.h @@ -0,0 +1,138 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2016 Namjae Jeon linkinjeon@kernel.org + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#ifndef __KSMBD_OPLOCK_H +#define __KSMBD_OPLOCK_H + +#include "smb_common.h" + +#define OPLOCK_WAIT_TIME (35*HZ) + +/* SMB Oplock levels */ +#define OPLOCK_NONE 0 +#define OPLOCK_EXCLUSIVE 1 +#define OPLOCK_BATCH 2 +#define OPLOCK_READ 3 /* level 2 oplock */ + +/* SMB2 Oplock levels */ +#define SMB2_OPLOCK_LEVEL_NONE 0x00 +#define SMB2_OPLOCK_LEVEL_II 0x01 +#define SMB2_OPLOCK_LEVEL_EXCLUSIVE 0x08 +#define SMB2_OPLOCK_LEVEL_BATCH 0x09 +#define SMB2_OPLOCK_LEVEL_LEASE 0xFF + +/* Oplock states */ +#define OPLOCK_STATE_NONE 0x00 +#define OPLOCK_ACK_WAIT 0x01 +#define OPLOCK_CLOSING 0x02 + +#define OPLOCK_WRITE_TO_READ 0x01 +#define OPLOCK_READ_HANDLE_TO_READ 0x02 +#define OPLOCK_WRITE_TO_NONE 0x04 +#define OPLOCK_READ_TO_NONE 0x08 + +#define SMB2_LEASE_KEY_SIZE 16 + +struct lease_ctx_info { + __u8 lease_key[SMB2_LEASE_KEY_SIZE]; + __le32 req_state; + __le32 flags; + __le64 duration; + int dlease; +}; + +struct lease_table { + char client_guid[SMB2_CLIENT_GUID_SIZE]; + struct list_head lease_list; + struct list_head l_entry; + spinlock_t lb_lock; +}; + +struct lease { + __u8 lease_key[SMB2_LEASE_KEY_SIZE]; + __le32 state; + __le32 new_state; + __le32 flags; + __le64 duration; + struct lease_table *l_lb; +}; + +struct oplock_info { + struct ksmbd_conn *conn; + struct ksmbd_session *sess; + struct ksmbd_work *work; + struct ksmbd_file *o_fp; + int level; + int op_state; + unsigned long pending_break; + uint64_t fid; + atomic_t breaking_cnt; + atomic_t refcount; + __u16 Tid; + bool is_lease; + bool open_trunc; /* truncate on open */ + struct lease *o_lease; + struct list_head interim_list; + struct list_head op_entry; + struct list_head lease_entry; + wait_queue_head_t oplock_q; /* Other server threads */ + wait_queue_head_t oplock_brk; /* oplock breaking wait */ + struct rcu_head rcu_head; +}; + +struct lease_break_info { + __le32 curr_state; + __le32 new_state; + char lease_key[SMB2_LEASE_KEY_SIZE]; +}; + +struct oplock_break_info { + int level; + int open_trunc; + int fid; +}; + +extern int smb_grant_oplock(struct ksmbd_work *work, int req_op_level, + uint64_t pid, struct ksmbd_file *fp, __u16 tid, + struct lease_ctx_info *lctx, int share_ret); +extern void smb_break_all_levII_oplock(struct ksmbd_work *work, + struct ksmbd_file *fp, int is_trunc); + +int opinfo_write_to_read(struct oplock_info *opinfo); +int opinfo_read_handle_to_read(struct oplock_info *opinfo); +int opinfo_write_to_none(struct oplock_info *opinfo); +int opinfo_read_to_none(struct oplock_info *opinfo); +void close_id_del_oplock(struct ksmbd_file *fp); +void smb_break_all_oplock(struct ksmbd_work *work, struct ksmbd_file *fp); +struct oplock_info *opinfo_get(struct ksmbd_file *fp); +void opinfo_put(struct oplock_info *opinfo); + +/* Lease related functions */ +void create_lease_buf(u8 *rbuf, struct lease *lease); +struct lease_ctx_info *parse_lease_state(void *open_req); +__u8 smb2_map_lease_to_oplock(__le32 lease_state); +int lease_read_to_write(struct oplock_info *opinfo); + +/* Durable related functions */ +void create_durable_rsp_buf(char *cc); +void create_durable_v2_rsp_buf(char *cc, struct ksmbd_file *fp); +void create_mxac_rsp_buf(char *cc, int maximal_access); +void create_disk_id_rsp_buf(char *cc, __u64 file_id, __u64 vol_id); +void create_posix_rsp_buf(char *cc, struct ksmbd_file *fp); +struct create_context *smb2_find_context_vals(void *open_req, const char *str); +int ksmbd_durable_verify_and_del_oplock(struct ksmbd_session *curr_sess, + struct ksmbd_session *prev_sess, + int fid, struct file **filp, + uint64_t sess_id); +struct oplock_info *lookup_lease_in_table(struct ksmbd_conn *conn, + char *lease_key); +int find_same_lease_key(struct ksmbd_session *sess, struct ksmbd_inode *ci, + struct lease_ctx_info *lctx); +void destroy_lease_table(struct ksmbd_conn *conn); +int smb2_check_durable_oplock(struct ksmbd_file *fp, + struct lease_ctx_info *lctx, char *name); + +#endif /* __KSMBD_OPLOCK_H */ diff --git a/fs/cifsd/smb2misc.c b/fs/cifsd/smb2misc.c new file mode 100644 index 000000000000..485f431c776c --- /dev/null +++ b/fs/cifsd/smb2misc.c @@ -0,0 +1,458 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2016 Namjae Jeon linkinjeon@kernel.org + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#include "glob.h" +#include "nterr.h" +#include "smb2pdu.h" +#include "smb_common.h" +#include "smbstatus.h" +#include "mgmt/user_session.h" +#include "connection.h" + +static int check_smb2_hdr(struct smb2_hdr *hdr) +{ + /* + * Make sure that this really is an SMB, that it is a response. + */ + if (hdr->Flags & SMB2_FLAGS_SERVER_TO_REDIR) + return 1; + return 0; +} + +/* + * The following table defines the expected "StructureSize" of SMB2 requests + * in order by SMB2 command. This is similar to "wct" in SMB/CIFS requests. + * + * Note that commands are defined in smb2pdu.h in le16 but the array below is + * indexed by command in host byte order + */ +static const __le16 smb2_req_struct_sizes[NUMBER_OF_SMB2_COMMANDS] = { + /* SMB2_NEGOTIATE */ cpu_to_le16(36), + /* SMB2_SESSION_SETUP */ cpu_to_le16(25), + /* SMB2_LOGOFF */ cpu_to_le16(4), + /* SMB2_TREE_CONNECT */ cpu_to_le16(9), + /* SMB2_TREE_DISCONNECT */ cpu_to_le16(4), + /* SMB2_CREATE */ cpu_to_le16(57), + /* SMB2_CLOSE */ cpu_to_le16(24), + /* SMB2_FLUSH */ cpu_to_le16(24), + /* SMB2_READ */ cpu_to_le16(49), + /* SMB2_WRITE */ cpu_to_le16(49), + /* SMB2_LOCK */ cpu_to_le16(48), + /* SMB2_IOCTL */ cpu_to_le16(57), + /* SMB2_CANCEL */ cpu_to_le16(4), + /* SMB2_ECHO */ cpu_to_le16(4), + /* SMB2_QUERY_DIRECTORY */ cpu_to_le16(33), + /* SMB2_CHANGE_NOTIFY */ cpu_to_le16(32), + /* SMB2_QUERY_INFO */ cpu_to_le16(41), + /* SMB2_SET_INFO */ cpu_to_le16(33), + /* use 44 for lease break */ + /* SMB2_OPLOCK_BREAK */ cpu_to_le16(36) +}; + +/* + * The size of the variable area depends on the offset and length fields + * located in different fields for various SMB2 requests. SMB2 requests + * with no variable length info, show an offset of zero for the offset field. + */ +static const bool has_smb2_data_area[NUMBER_OF_SMB2_COMMANDS] = { + /* SMB2_NEGOTIATE */ true, + /* SMB2_SESSION_SETUP */ true, + /* SMB2_LOGOFF */ false, + /* SMB2_TREE_CONNECT */ true, + /* SMB2_TREE_DISCONNECT */ false, + /* SMB2_CREATE */ true, + /* SMB2_CLOSE */ false, + /* SMB2_FLUSH */ false, + /* SMB2_READ */ true, + /* SMB2_WRITE */ true, + /* SMB2_LOCK */ true, + /* SMB2_IOCTL */ true, + /* SMB2_CANCEL */ false, /* BB CHECK this not listed in documentation */ + /* SMB2_ECHO */ false, + /* SMB2_QUERY_DIRECTORY */ true, + /* SMB2_CHANGE_NOTIFY */ false, + /* SMB2_QUERY_INFO */ true, + /* SMB2_SET_INFO */ true, + /* SMB2_OPLOCK_BREAK */ false +}; + +/* + * Returns the pointer to the beginning of the data area. Length of the data + * area and the offset to it (from the beginning of the smb are also returned. + */ +static char *smb2_get_data_area_len(int *off, int *len, struct smb2_hdr *hdr) +{ + *off = 0; + *len = 0; + + /* error reqeusts do not have data area */ + if (hdr->Status && hdr->Status != STATUS_MORE_PROCESSING_REQUIRED && + (((struct smb2_err_rsp *)hdr)->StructureSize) == + SMB2_ERROR_STRUCTURE_SIZE2_LE) + return NULL; + + /* + * Following commands have data areas so we have to get the location + * of the data buffer offset and data buffer length for the particular + * command. + */ + switch (hdr->Command) { + case SMB2_SESSION_SETUP: + *off = le16_to_cpu( + ((struct smb2_sess_setup_req *)hdr)->SecurityBufferOffset); + *len = le16_to_cpu( + ((struct smb2_sess_setup_req *)hdr)->SecurityBufferLength); + break; + case SMB2_TREE_CONNECT: + *off = le16_to_cpu( + ((struct smb2_tree_connect_req *)hdr)->PathOffset); + *len = le16_to_cpu( + ((struct smb2_tree_connect_req *)hdr)->PathLength); + break; + case SMB2_CREATE: + { + if (((struct smb2_create_req *)hdr)->CreateContextsLength) { + *off = le32_to_cpu(((struct smb2_create_req *) + hdr)->CreateContextsOffset); + *len = le32_to_cpu(((struct smb2_create_req *) + hdr)->CreateContextsLength); + break; + } + + *off = le16_to_cpu( + ((struct smb2_create_req *)hdr)->NameOffset); + *len = le16_to_cpu( + ((struct smb2_create_req *)hdr)->NameLength); + break; + } + case SMB2_QUERY_INFO: + *off = le16_to_cpu( + ((struct smb2_query_info_req *)hdr)->InputBufferOffset); + *len = le32_to_cpu( + ((struct smb2_query_info_req *)hdr)->InputBufferLength); + break; + case SMB2_SET_INFO: + *off = le16_to_cpu( + ((struct smb2_set_info_req *)hdr)->BufferOffset); + *len = le32_to_cpu( + ((struct smb2_set_info_req *)hdr)->BufferLength); + break; + case SMB2_READ: + *off = le16_to_cpu( + ((struct smb2_read_req *)hdr)->ReadChannelInfoOffset); + *len = le16_to_cpu( + ((struct smb2_read_req *)hdr)->ReadChannelInfoLength); + break; + case SMB2_WRITE: + if (((struct smb2_write_req *)hdr)->DataOffset) { + *off = le16_to_cpu( + ((struct smb2_write_req *)hdr)->DataOffset); + *len = le32_to_cpu( + ((struct smb2_write_req *)hdr)->Length); + break; + } + + *off = le16_to_cpu( + ((struct smb2_write_req *)hdr)->WriteChannelInfoOffset); + *len = le16_to_cpu( + ((struct smb2_write_req *)hdr)->WriteChannelInfoLength); + break; + case SMB2_QUERY_DIRECTORY: + *off = le16_to_cpu( + ((struct smb2_query_directory_req *)hdr)->FileNameOffset); + *len = le16_to_cpu( + ((struct smb2_query_directory_req *)hdr)->FileNameLength); + break; + case SMB2_LOCK: + { + int lock_count; + + /* + * smb2_lock request size is 48 included single + * smb2_lock_element structure size. + */ + lock_count = le16_to_cpu( + ((struct smb2_lock_req *)hdr)->LockCount) - 1; + if (lock_count > 0) { + *off = __SMB2_HEADER_STRUCTURE_SIZE + 48; + *len = sizeof(struct smb2_lock_element) * lock_count; + } + break; + } + case SMB2_IOCTL: + *off = le32_to_cpu( + ((struct smb2_ioctl_req *)hdr)->InputOffset); + *len = le32_to_cpu(((struct smb2_ioctl_req *)hdr)->InputCount); + + break; + default: + ksmbd_debug(SMB, "no length check for command\n"); + break; + } + + /* + * Invalid length or offset probably means data area is invalid, but + * we have little choice but to ignore the data area in this case. + */ + if (*off > 4096) { + ksmbd_debug(SMB, "offset %d too large, data area ignored\n", + *off); + *len = 0; + *off = 0; + } else if (*off < 0) { + ksmbd_debug(SMB, + "negative offset %d to data invalid ignore data area\n", + *off); + *off = 0; + *len = 0; + } else if (*len < 0) { + ksmbd_debug(SMB, + "negative data length %d invalid, data area ignored\n", + *len); + *len = 0; + } else if (*len > 128 * 1024) { + ksmbd_debug(SMB, "data area larger than 128K: %d\n", *len); + *len = 0; + } + + /* return pointer to beginning of data area, ie offset from SMB start */ + if ((*off != 0) && (*len != 0)) + return (char *)hdr + *off; + else + return NULL; +} + +/* + * Calculate the size of the SMB message based on the fixed header + * portion, the number of word parameters and the data portion of the message. + */ +static unsigned int smb2_calc_size(void *buf) +{ + struct smb2_pdu *pdu = (struct smb2_pdu *)buf; + struct smb2_hdr *hdr = &pdu->hdr; + int offset; /* the offset from the beginning of SMB to data area */ + int data_length; /* the length of the variable length data area */ + /* Structure Size has already been checked to make sure it is 64 */ + int len = le16_to_cpu(hdr->StructureSize); + + /* + * StructureSize2, ie length of fixed parameter area has already + * been checked to make sure it is the correct length. + */ + len += le16_to_cpu(pdu->StructureSize2); + + if (has_smb2_data_area[le16_to_cpu(hdr->Command)] == false) + goto calc_size_exit; + + smb2_get_data_area_len(&offset, &data_length, hdr); + ksmbd_debug(SMB, "SMB2 data length %d offset %d\n", data_length, + offset); + + if (data_length > 0) { + /* + * Check to make sure that data area begins after fixed area, + * Note that last byte of the fixed area is part of data area + * for some commands, typically those with odd StructureSize, + * so we must add one to the calculation. + */ + if (offset + 1 < len) + ksmbd_debug(SMB, + "data area offset %d overlaps SMB2 header %d\n", + offset + 1, len); + else + len = offset + data_length; + } +calc_size_exit: + ksmbd_debug(SMB, "SMB2 len %d\n", len); + return len; +} + +static inline int smb2_query_info_req_len(struct smb2_query_info_req *h) +{ + return le32_to_cpu(h->InputBufferLength) + + le32_to_cpu(h->OutputBufferLength); +} + +static inline int smb2_set_info_req_len(struct smb2_set_info_req *h) +{ + return le32_to_cpu(h->BufferLength); +} + +static inline int smb2_read_req_len(struct smb2_read_req *h) +{ + return le32_to_cpu(h->Length); +} + +static inline int smb2_write_req_len(struct smb2_write_req *h) +{ + return le32_to_cpu(h->Length); +} + +static inline int smb2_query_dir_req_len(struct smb2_query_directory_req *h) +{ + return le32_to_cpu(h->OutputBufferLength); +} + +static inline int smb2_ioctl_req_len(struct smb2_ioctl_req *h) +{ + return le32_to_cpu(h->InputCount) + + le32_to_cpu(h->OutputCount); +} + +static inline int smb2_ioctl_resp_len(struct smb2_ioctl_req *h) +{ + return le32_to_cpu(h->MaxInputResponse) + + le32_to_cpu(h->MaxOutputResponse); +} + +static int smb2_validate_credit_charge(struct smb2_hdr *hdr) +{ + int req_len = 0, expect_resp_len = 0, calc_credit_num, max_len; + int credit_charge = le16_to_cpu(hdr->CreditCharge); + void *__hdr = hdr; + + switch (hdr->Command) { + case SMB2_QUERY_INFO: + req_len = smb2_query_info_req_len(__hdr); + break; + case SMB2_SET_INFO: + req_len = smb2_set_info_req_len(__hdr); + break; + case SMB2_READ: + req_len = smb2_read_req_len(__hdr); + break; + case SMB2_WRITE: + req_len = smb2_write_req_len(__hdr); + break; + case SMB2_QUERY_DIRECTORY: + req_len = smb2_query_dir_req_len(__hdr); + break; + case SMB2_IOCTL: + req_len = smb2_ioctl_req_len(__hdr); + expect_resp_len = smb2_ioctl_resp_len(__hdr); + break; + default: + return 0; + } + + max_len = max(req_len, expect_resp_len); + calc_credit_num = DIV_ROUND_UP(max_len, SMB2_MAX_BUFFER_SIZE); + if (!credit_charge && max_len > SMB2_MAX_BUFFER_SIZE) { + ksmbd_err("credit charge is zero and payload size(%d) is bigger than 64K\n", + max_len); + return 1; + } else if (credit_charge < calc_credit_num) { + ksmbd_err("credit charge : %d, calc_credit_num : %d\n", + credit_charge, calc_credit_num); + return 1; + } + + return 0; +} + +int ksmbd_smb2_check_message(struct ksmbd_work *work) +{ + struct smb2_pdu *pdu = REQUEST_BUF(work); + struct smb2_hdr *hdr = &pdu->hdr; + int command; + __u32 clc_len; /* calculated length */ + __u32 len = get_rfc1002_len(pdu); + + if (work->next_smb2_rcv_hdr_off) { + pdu = REQUEST_BUF_NEXT(work); + hdr = &pdu->hdr; + } + + if (le32_to_cpu(hdr->NextCommand) > 0) + len = le32_to_cpu(hdr->NextCommand); + else if (work->next_smb2_rcv_hdr_off) { + len -= work->next_smb2_rcv_hdr_off; + len = round_up(len, 8); + } + + if (check_smb2_hdr(hdr)) + return 1; + + if (hdr->StructureSize != SMB2_HEADER_STRUCTURE_SIZE) { + ksmbd_debug(SMB, "Illegal structure size %u\n", + le16_to_cpu(hdr->StructureSize)); + return 1; + } + + command = le16_to_cpu(hdr->Command); + if (command >= NUMBER_OF_SMB2_COMMANDS) { + ksmbd_debug(SMB, "Illegal SMB2 command %d\n", command); + return 1; + } + + if (smb2_req_struct_sizes[command] != pdu->StructureSize2) { + if (command != SMB2_OPLOCK_BREAK_HE && (hdr->Status == 0 || + pdu->StructureSize2 != SMB2_ERROR_STRUCTURE_SIZE2_LE)) { + /* error packets have 9 byte structure size */ + ksmbd_debug(SMB, + "Illegal request size %u for command %d\n", + le16_to_cpu(pdu->StructureSize2), command); + return 1; + } else if (command == SMB2_OPLOCK_BREAK_HE + && (hdr->Status == 0) + && (le16_to_cpu(pdu->StructureSize2) != + OP_BREAK_STRUCT_SIZE_20) + && (le16_to_cpu(pdu->StructureSize2) != + OP_BREAK_STRUCT_SIZE_21)) { + /* special case for SMB2.1 lease break message */ + ksmbd_debug(SMB, + "Illegal request size %d for oplock break\n", + le16_to_cpu(pdu->StructureSize2)); + return 1; + } + } + + clc_len = smb2_calc_size(hdr); + if (len != clc_len) { + /* server can return one byte more due to implied bcc[0] */ + if (clc_len == len + 1) + return 0; + + /* + * Some windows servers (win2016) will pad also the final + * PDU in a compound to 8 bytes. + */ + if (ALIGN(clc_len, 8) == len) + return 0; + + /* + * windows client also pad up to 8 bytes when compounding. + * If pad is longer than eight bytes, log the server behavior + * (once), since may indicate a problem but allow it and + * continue since the frame is parseable. + */ + if (clc_len < len) { + ksmbd_debug(SMB, + "cli req padded more than expected. Length %d not %d for cmd:%d mid:%llu\n", + len, clc_len, command, + le64_to_cpu(hdr->MessageId)); + return 0; + } + + if (command == SMB2_LOCK_HE && len == 88) + return 0; + + ksmbd_debug(SMB, + "cli req too short, len %d not %d. cmd:%d mid:%llu\n", + len, clc_len, command, + le64_to_cpu(hdr->MessageId)); + + return 1; + } + + return work->conn->vals->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU ? + smb2_validate_credit_charge(hdr) : 0; +} + +int smb2_negotiate_request(struct ksmbd_work *work) +{ + return ksmbd_smb_negotiate_common(work, SMB2_NEGOTIATE_HE); +} diff --git a/fs/cifsd/smb2ops.c b/fs/cifsd/smb2ops.c new file mode 100644 index 000000000000..a47219ea3b80 --- /dev/null +++ b/fs/cifsd/smb2ops.c @@ -0,0 +1,300 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2016 Namjae Jeon linkinjeon@kernel.org + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#include <linux/slab.h> +#include "glob.h" +#include "smb2pdu.h" + +#include "auth.h" +#include "connection.h" +#include "smb_common.h" +#include "server.h" +#include "ksmbd_server.h" + +static struct smb_version_values smb21_server_values = { + .version_string = SMB21_VERSION_STRING, + .protocol_id = SMB21_PROT_ID, + .capabilities = SMB2_GLOBAL_CAP_LARGE_MTU, + .max_read_size = SMB21_DEFAULT_IOSIZE, + .max_write_size = SMB21_DEFAULT_IOSIZE, + .max_trans_size = SMB21_DEFAULT_IOSIZE, + .large_lock_type = 0, + .exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE, + .shared_lock_type = SMB2_LOCKFLAG_SHARED, + .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK, + .header_size = sizeof(struct smb2_hdr), + .max_header_size = MAX_SMB2_HDR_SIZE, + .read_rsp_size = sizeof(struct smb2_read_rsp) - 1, + .lock_cmd = SMB2_LOCK, + .cap_unix = 0, + .cap_nt_find = SMB2_NT_FIND, + .cap_large_files = SMB2_LARGE_FILES, + .create_lease_size = sizeof(struct create_lease), + .create_durable_size = sizeof(struct create_durable_rsp), + .create_mxac_size = sizeof(struct create_mxac_rsp), + .create_disk_id_size = sizeof(struct create_disk_id_rsp), + .create_posix_size = sizeof(struct create_posix_rsp), +}; + +static struct smb_version_values smb30_server_values = { + .version_string = SMB30_VERSION_STRING, + .protocol_id = SMB30_PROT_ID, + .capabilities = SMB2_GLOBAL_CAP_LARGE_MTU, + .max_read_size = SMB3_DEFAULT_IOSIZE, + .max_write_size = SMB3_DEFAULT_IOSIZE, + .max_trans_size = SMB3_DEFAULT_TRANS_SIZE, + .large_lock_type = 0, + .exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE, + .shared_lock_type = SMB2_LOCKFLAG_SHARED, + .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK, + .header_size = sizeof(struct smb2_hdr), + .max_header_size = MAX_SMB2_HDR_SIZE, + .read_rsp_size = sizeof(struct smb2_read_rsp) - 1, + .lock_cmd = SMB2_LOCK, + .cap_unix = 0, + .cap_nt_find = SMB2_NT_FIND, + .cap_large_files = SMB2_LARGE_FILES, + .create_lease_size = sizeof(struct create_lease), + .create_durable_size = sizeof(struct create_durable_rsp), + .create_durable_v2_size = sizeof(struct create_durable_v2_rsp), + .create_mxac_size = sizeof(struct create_mxac_rsp), + .create_disk_id_size = sizeof(struct create_disk_id_rsp), + .create_posix_size = sizeof(struct create_posix_rsp), +}; + +static struct smb_version_values smb302_server_values = { + .version_string = SMB302_VERSION_STRING, + .protocol_id = SMB302_PROT_ID, + .capabilities = SMB2_GLOBAL_CAP_LARGE_MTU, + .max_read_size = SMB3_DEFAULT_IOSIZE, + .max_write_size = SMB3_DEFAULT_IOSIZE, + .max_trans_size = SMB3_DEFAULT_TRANS_SIZE, + .large_lock_type = 0, + .exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE, + .shared_lock_type = SMB2_LOCKFLAG_SHARED, + .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK, + .header_size = sizeof(struct smb2_hdr), + .max_header_size = MAX_SMB2_HDR_SIZE, + .read_rsp_size = sizeof(struct smb2_read_rsp) - 1, + .lock_cmd = SMB2_LOCK, + .cap_unix = 0, + .cap_nt_find = SMB2_NT_FIND, + .cap_large_files = SMB2_LARGE_FILES, + .create_lease_size = sizeof(struct create_lease), + .create_durable_size = sizeof(struct create_durable_rsp), + .create_durable_v2_size = sizeof(struct create_durable_v2_rsp), + .create_mxac_size = sizeof(struct create_mxac_rsp), + .create_disk_id_size = sizeof(struct create_disk_id_rsp), + .create_posix_size = sizeof(struct create_posix_rsp), +}; + +static struct smb_version_values smb311_server_values = { + .version_string = SMB311_VERSION_STRING, + .protocol_id = SMB311_PROT_ID, + .capabilities = SMB2_GLOBAL_CAP_LARGE_MTU, + .max_read_size = SMB3_DEFAULT_IOSIZE, + .max_write_size = SMB3_DEFAULT_IOSIZE, + .max_trans_size = SMB3_DEFAULT_TRANS_SIZE, + .large_lock_type = 0, + .exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE, + .shared_lock_type = SMB2_LOCKFLAG_SHARED, + .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK, + .header_size = sizeof(struct smb2_hdr), + .max_header_size = MAX_SMB2_HDR_SIZE, + .read_rsp_size = sizeof(struct smb2_read_rsp) - 1, + .lock_cmd = SMB2_LOCK, + .cap_unix = 0, + .cap_nt_find = SMB2_NT_FIND, + .cap_large_files = SMB2_LARGE_FILES, + .create_lease_size = sizeof(struct create_lease), + .create_durable_size = sizeof(struct create_durable_rsp), + .create_durable_v2_size = sizeof(struct create_durable_v2_rsp), + .create_mxac_size = sizeof(struct create_mxac_rsp), + .create_disk_id_size = sizeof(struct create_disk_id_rsp), + .create_posix_size = sizeof(struct create_posix_rsp), +}; + +static struct smb_version_ops smb2_0_server_ops = { + .get_cmd_val = get_smb2_cmd_val, + .init_rsp_hdr = init_smb2_rsp_hdr, + .set_rsp_status = set_smb2_rsp_status, + .allocate_rsp_buf = smb2_allocate_rsp_buf, + .set_rsp_credits = smb2_set_rsp_credits, + .check_user_session = smb2_check_user_session, + .get_ksmbd_tcon = smb2_get_ksmbd_tcon, + .is_sign_req = smb2_is_sign_req, + .check_sign_req = smb2_check_sign_req, + .set_sign_rsp = smb2_set_sign_rsp +}; + +static struct smb_version_ops smb3_0_server_ops = { + .get_cmd_val = get_smb2_cmd_val, + .init_rsp_hdr = init_smb2_rsp_hdr, + .set_rsp_status = set_smb2_rsp_status, + .allocate_rsp_buf = smb2_allocate_rsp_buf, + .set_rsp_credits = smb2_set_rsp_credits, + .check_user_session = smb2_check_user_session, + .get_ksmbd_tcon = smb2_get_ksmbd_tcon, + .is_sign_req = smb2_is_sign_req, + .check_sign_req = smb3_check_sign_req, + .set_sign_rsp = smb3_set_sign_rsp, + .generate_signingkey = ksmbd_gen_smb30_signingkey, + .generate_encryptionkey = ksmbd_gen_smb30_encryptionkey, + .is_transform_hdr = smb3_is_transform_hdr, + .decrypt_req = smb3_decrypt_req, + .encrypt_resp = smb3_encrypt_resp +}; + +static struct smb_version_ops smb3_11_server_ops = { + .get_cmd_val = get_smb2_cmd_val, + .init_rsp_hdr = init_smb2_rsp_hdr, + .set_rsp_status = set_smb2_rsp_status, + .allocate_rsp_buf = smb2_allocate_rsp_buf, + .set_rsp_credits = smb2_set_rsp_credits, + .check_user_session = smb2_check_user_session, + .get_ksmbd_tcon = smb2_get_ksmbd_tcon, + .is_sign_req = smb2_is_sign_req, + .check_sign_req = smb3_check_sign_req, + .set_sign_rsp = smb3_set_sign_rsp, + .generate_signingkey = ksmbd_gen_smb311_signingkey, + .generate_encryptionkey = ksmbd_gen_smb311_encryptionkey, + .is_transform_hdr = smb3_is_transform_hdr, + .decrypt_req = smb3_decrypt_req, + .encrypt_resp = smb3_encrypt_resp +}; + +static struct smb_version_cmds smb2_0_server_cmds[NUMBER_OF_SMB2_COMMANDS] = { + [SMB2_NEGOTIATE_HE] = { .proc = smb2_negotiate_request, }, + [SMB2_SESSION_SETUP_HE] = { .proc = smb2_sess_setup, }, + [SMB2_TREE_CONNECT_HE] = { .proc = smb2_tree_connect,}, + [SMB2_TREE_DISCONNECT_HE] = { .proc = smb2_tree_disconnect,}, + [SMB2_LOGOFF_HE] = { .proc = smb2_session_logoff,}, + [SMB2_CREATE_HE] = { .proc = smb2_open}, + [SMB2_QUERY_INFO_HE] = { .proc = smb2_query_info}, + [SMB2_QUERY_DIRECTORY_HE] = { .proc = smb2_query_dir}, + [SMB2_CLOSE_HE] = { .proc = smb2_close}, + [SMB2_ECHO_HE] = { .proc = smb2_echo}, + [SMB2_SET_INFO_HE] = { .proc = smb2_set_info}, + [SMB2_READ_HE] = { .proc = smb2_read}, + [SMB2_WRITE_HE] = { .proc = smb2_write}, + [SMB2_FLUSH_HE] = { .proc = smb2_flush}, + [SMB2_CANCEL_HE] = { .proc = smb2_cancel}, + [SMB2_LOCK_HE] = { .proc = smb2_lock}, + [SMB2_IOCTL_HE] = { .proc = smb2_ioctl}, + [SMB2_OPLOCK_BREAK_HE] = { .proc = smb2_oplock_break}, + [SMB2_CHANGE_NOTIFY_HE] = { .proc = smb2_notify}, +}; + +int init_smb2_0_server(struct ksmbd_conn *conn) +{ + return -EOPNOTSUPP; +} + +/** + * init_smb2_1_server() - initialize a smb server connection with smb2.1 + * command dispatcher + * @conn: connection instance + */ +void init_smb2_1_server(struct ksmbd_conn *conn) +{ + conn->vals = &smb21_server_values; + conn->ops = &smb2_0_server_ops; + conn->cmds = smb2_0_server_cmds; + conn->max_cmds = ARRAY_SIZE(smb2_0_server_cmds); + conn->max_credits = SMB2_MAX_CREDITS; + + if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_LEASES) + conn->vals->capabilities |= SMB2_GLOBAL_CAP_LEASING; +} + +/** + * init_smb3_0_server() - initialize a smb server connection with smb3.0 + * command dispatcher + * @conn: connection instance + */ +void init_smb3_0_server(struct ksmbd_conn *conn) +{ + conn->vals = &smb30_server_values; + conn->ops = &smb3_0_server_ops; + conn->cmds = smb2_0_server_cmds; + conn->max_cmds = ARRAY_SIZE(smb2_0_server_cmds); + conn->max_credits = SMB2_MAX_CREDITS; + + if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_LEASES) + conn->vals->capabilities |= SMB2_GLOBAL_CAP_LEASING; + + if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION && + conn->cli_cap & SMB2_GLOBAL_CAP_ENCRYPTION) + conn->vals->capabilities |= SMB2_GLOBAL_CAP_ENCRYPTION; +} + +/** + * init_smb3_02_server() - initialize a smb server connection with smb3.02 + * command dispatcher + * @conn: connection instance + */ +void init_smb3_02_server(struct ksmbd_conn *conn) +{ + conn->vals = &smb302_server_values; + conn->ops = &smb3_0_server_ops; + conn->cmds = smb2_0_server_cmds; + conn->max_cmds = ARRAY_SIZE(smb2_0_server_cmds); + conn->max_credits = SMB2_MAX_CREDITS; + + if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_LEASES) + conn->vals->capabilities |= SMB2_GLOBAL_CAP_LEASING; + + if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION && + conn->cli_cap & SMB2_GLOBAL_CAP_ENCRYPTION) + conn->vals->capabilities |= SMB2_GLOBAL_CAP_ENCRYPTION; +} + +/** + * init_smb3_11_server() - initialize a smb server connection with smb3.11 + * command dispatcher + * @conn: connection instance + */ +int init_smb3_11_server(struct ksmbd_conn *conn) +{ + conn->vals = &smb311_server_values; + conn->ops = &smb3_11_server_ops; + conn->cmds = smb2_0_server_cmds; + conn->max_cmds = ARRAY_SIZE(smb2_0_server_cmds); + conn->max_credits = SMB2_MAX_CREDITS; + + if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_LEASES) + conn->vals->capabilities |= SMB2_GLOBAL_CAP_LEASING; + + if (conn->cipher_type) + conn->vals->capabilities |= SMB2_GLOBAL_CAP_ENCRYPTION; + + INIT_LIST_HEAD(&conn->preauth_sess_table); + return 0; +} + +void init_smb2_max_read_size(unsigned int sz) +{ + smb21_server_values.max_read_size = sz; + smb30_server_values.max_read_size = sz; + smb302_server_values.max_read_size = sz; + smb311_server_values.max_read_size = sz; +} + +void init_smb2_max_write_size(unsigned int sz) +{ + smb21_server_values.max_write_size = sz; + smb30_server_values.max_write_size = sz; + smb302_server_values.max_write_size = sz; + smb311_server_values.max_write_size = sz; +} + +void init_smb2_max_trans_size(unsigned int sz) +{ + smb21_server_values.max_trans_size = sz; + smb30_server_values.max_trans_size = sz; + smb302_server_values.max_trans_size = sz; + smb311_server_values.max_trans_size = sz; +} diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c new file mode 100644 index 000000000000..b20cc07ee809 --- /dev/null +++ b/fs/cifsd/smb2pdu.c @@ -0,0 +1,8486 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2016 Namjae Jeon linkinjeon@kernel.org + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#include <linux/inetdevice.h> +#include <net/addrconf.h> +#include <linux/syscalls.h> +#include <linux/namei.h> +#include <linux/statfs.h> +#include <linux/ethtool.h> + +#include "glob.h" +#include "smb2pdu.h" +#include "smbfsctl.h" +#include "oplock.h" +#include "smbacl.h" + +#include "auth.h" +#include "asn1.h" +#include "buffer_pool.h" +#include "connection.h" +#include "transport_ipc.h" +#include "vfs.h" +#include "vfs_cache.h" +#include "misc.h" + +#include "time_wrappers.h" +#include "server.h" +#include "smb_common.h" +#include "smbstatus.h" +#include "ksmbd_work.h" +#include "mgmt/user_config.h" +#include "mgmt/share_config.h" +#include "mgmt/tree_connect.h" +#include "mgmt/user_session.h" +#include "mgmt/ksmbd_ida.h" +#include "ndr.h" + +static void __wbuf(struct ksmbd_work *work, void **req, void **rsp) +{ + if (work->next_smb2_rcv_hdr_off) { + *req = REQUEST_BUF_NEXT(work); + *rsp = RESPONSE_BUF_NEXT(work); + } else { + *req = REQUEST_BUF(work); + *rsp = RESPONSE_BUF(work); + } +} + +#define WORK_BUFFERS(w, rq, rs) __wbuf((w), (void **)&(rq), (void **)&(rs)) + +/** + * check_session_id() - check for valid session id in smb header + * @conn: connection instance + * @id: session id from smb header + * + * Return: 1 if valid session id, otherwise 0 + */ +static inline int check_session_id(struct ksmbd_conn *conn, uint64_t id) +{ + struct ksmbd_session *sess; + + if (id == 0 || id == -1) + return 0; + + sess = ksmbd_session_lookup(conn, id); + if (sess) + return 1; + ksmbd_err("Invalid user session id: %llu\n", id); + return 0; +} + +struct channel *lookup_chann_list(struct ksmbd_session *sess) +{ + struct channel *chann; + struct list_head *t; + + list_for_each(t, &sess->ksmbd_chann_list) { + chann = list_entry(t, struct channel, chann_list); + if (chann && chann->conn == sess->conn) + return chann; + } + + return NULL; +} + +/** + * smb2_get_ksmbd_tcon() - get tree connection information for a tree id + * @sess: session containing tree list + * @tid: match tree connection with tree id + * + * Return: matching tree connection on success, otherwise error + */ +int smb2_get_ksmbd_tcon(struct ksmbd_work *work) +{ + struct smb2_hdr *req_hdr = REQUEST_BUF(work); + int tree_id; + + work->tcon = NULL; + if ((work->conn->ops->get_cmd_val(work) == SMB2_TREE_CONNECT_HE) || + (work->conn->ops->get_cmd_val(work) == SMB2_CANCEL_HE) || + (work->conn->ops->get_cmd_val(work) == SMB2_LOGOFF_HE)) { + ksmbd_debug(SMB, "skip to check tree connect request\n"); + return 0; + } + + if (list_empty(&work->sess->tree_conn_list)) { + ksmbd_debug(SMB, "NO tree connected\n"); + return -1; + } + + tree_id = le32_to_cpu(req_hdr->Id.SyncId.TreeId); + work->tcon = ksmbd_tree_conn_lookup(work->sess, tree_id); + if (!work->tcon) { + ksmbd_err("Invalid tid %d\n", tree_id); + return -1; + } + + return 1; +} + +/** + * smb2_set_err_rsp() - set error response code on smb response + * @work: smb work containing response buffer + */ +void smb2_set_err_rsp(struct ksmbd_work *work) +{ + struct smb2_err_rsp *err_rsp; + + if (work->next_smb2_rcv_hdr_off) + err_rsp = RESPONSE_BUF_NEXT(work); + else + err_rsp = RESPONSE_BUF(work); + + if (err_rsp->hdr.Status != STATUS_STOPPED_ON_SYMLINK) { + err_rsp->StructureSize = SMB2_ERROR_STRUCTURE_SIZE2_LE; + err_rsp->ErrorContextCount = 0; + err_rsp->Reserved = 0; + err_rsp->ByteCount = 0; + err_rsp->ErrorData[0] = 0; + inc_rfc1001_len(RESPONSE_BUF(work), SMB2_ERROR_STRUCTURE_SIZE2); + } +} + +/** + * is_smb2_neg_cmd() - is it smb2 negotiation command + * @work: smb work containing smb header + * + * Return: 1 if smb2 negotiation command, otherwise 0 + */ +int is_smb2_neg_cmd(struct ksmbd_work *work) +{ + struct smb2_hdr *hdr = REQUEST_BUF(work); + + /* is it SMB2 header ? */ + if (hdr->ProtocolId != SMB2_PROTO_NUMBER) + return 0; + + /* make sure it is request not response message */ + if (hdr->Flags & SMB2_FLAGS_SERVER_TO_REDIR) + return 0; + + if (hdr->Command != SMB2_NEGOTIATE) + return 0; + + return 1; +} + +/** + * is_smb2_rsp() - is it smb2 response + * @work: smb work containing smb response buffer + * + * Return: 1 if smb2 response, otherwise 0 + */ +int is_smb2_rsp(struct ksmbd_work *work) +{ + struct smb2_hdr *hdr = RESPONSE_BUF(work); + + /* is it SMB2 header ? */ + if (hdr->ProtocolId != SMB2_PROTO_NUMBER) + return 0; + + /* make sure it is response not request message */ + if (!(hdr->Flags & SMB2_FLAGS_SERVER_TO_REDIR)) + return 0; + + return 1; +} + +/** + * get_smb2_cmd_val() - get smb command code from smb header + * @work: smb work containing smb request buffer + * + * Return: smb2 request command value + */ +uint16_t get_smb2_cmd_val(struct ksmbd_work *work) +{ + struct smb2_hdr *rcv_hdr; + + if (work->next_smb2_rcv_hdr_off) + rcv_hdr = REQUEST_BUF_NEXT(work); + else + rcv_hdr = REQUEST_BUF(work); + return le16_to_cpu(rcv_hdr->Command); +} + +/** + * set_smb2_rsp_status() - set error response code on smb2 header + * @work: smb work containing response buffer + */ +void set_smb2_rsp_status(struct ksmbd_work *work, __le32 err) +{ + struct smb2_hdr *rsp_hdr; + + if (work->next_smb2_rcv_hdr_off) + rsp_hdr = RESPONSE_BUF_NEXT(work); + else + rsp_hdr = RESPONSE_BUF(work); + rsp_hdr->Status = err; + smb2_set_err_rsp(work); +} + +/** + * init_smb2_neg_rsp() - initialize smb2 response for negotiate command + * @work: smb work containing smb request buffer + * + * smb2 negotiate response is sent in reply of smb1 negotiate command for + * dialect auto-negotiation. + */ +int init_smb2_neg_rsp(struct ksmbd_work *work) +{ + struct smb2_hdr *rsp_hdr; + struct smb2_negotiate_rsp *rsp; + struct ksmbd_conn *conn = work->conn; + + if (conn->need_neg == false) + return -EINVAL; + if (!(conn->dialect >= SMB20_PROT_ID && + conn->dialect <= SMB311_PROT_ID)) + return -EINVAL; + + rsp_hdr = RESPONSE_BUF(work); + + memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2); + + rsp_hdr->smb2_buf_length = + cpu_to_be32(HEADER_SIZE_NO_BUF_LEN(conn)); + + rsp_hdr->ProtocolId = SMB2_PROTO_NUMBER; + rsp_hdr->StructureSize = SMB2_HEADER_STRUCTURE_SIZE; + rsp_hdr->CreditRequest = cpu_to_le16(2); + rsp_hdr->Command = SMB2_NEGOTIATE; + rsp_hdr->Flags = (SMB2_FLAGS_SERVER_TO_REDIR); + rsp_hdr->NextCommand = 0; + rsp_hdr->MessageId = 0; + rsp_hdr->Id.SyncId.ProcessId = 0; + rsp_hdr->Id.SyncId.TreeId = 0; + rsp_hdr->SessionId = 0; + memset(rsp_hdr->Signature, 0, 16); + + rsp = RESPONSE_BUF(work); + + WARN_ON(ksmbd_conn_good(work)); + + rsp->StructureSize = cpu_to_le16(65); + ksmbd_debug(SMB, "conn->dialect 0x%x\n", conn->dialect); + rsp->DialectRevision = cpu_to_le16(conn->dialect); + /* Not setting conn guid rsp->ServerGUID, as it + * not used by client for identifying connection + */ + rsp->Capabilities = cpu_to_le32(conn->vals->capabilities); + /* Default Max Message Size till SMB2.0, 64K*/ + rsp->MaxTransactSize = cpu_to_le32(conn->vals->max_trans_size); + rsp->MaxReadSize = cpu_to_le32(conn->vals->max_read_size); + rsp->MaxWriteSize = cpu_to_le32(conn->vals->max_write_size); + + rsp->SystemTime = cpu_to_le64(ksmbd_systime()); + rsp->ServerStartTime = 0; + + rsp->SecurityBufferOffset = cpu_to_le16(128); + rsp->SecurityBufferLength = cpu_to_le16(AUTH_GSS_LENGTH); + ksmbd_copy_gss_neg_header(((char *)(&rsp->hdr) + + sizeof(rsp->hdr.smb2_buf_length)) + + le16_to_cpu(rsp->SecurityBufferOffset)); + inc_rfc1001_len(rsp, sizeof(struct smb2_negotiate_rsp) - + sizeof(struct smb2_hdr) - sizeof(rsp->Buffer) + + AUTH_GSS_LENGTH); + rsp->SecurityMode = SMB2_NEGOTIATE_SIGNING_ENABLED_LE; + if (server_conf.signing == KSMBD_CONFIG_OPT_MANDATORY) + rsp->SecurityMode |= SMB2_NEGOTIATE_SIGNING_REQUIRED_LE; + conn->use_spnego = true; + + ksmbd_conn_set_need_negotiate(work); + return 0; +} + +static int smb2_consume_credit_charge(struct ksmbd_work *work, + unsigned short credit_charge) +{ + struct ksmbd_conn *conn = work->conn; + unsigned int rsp_credits = 1; + + if (!conn->total_credits) + return 0; + + if (credit_charge > 0) + rsp_credits = credit_charge; + + conn->total_credits -= rsp_credits; + return rsp_credits; +} + +/** + * smb2_set_rsp_credits() - set number of credits in response buffer + * @work: smb work containing smb response buffer + */ +int smb2_set_rsp_credits(struct ksmbd_work *work) +{ + struct smb2_hdr *req_hdr = REQUEST_BUF_NEXT(work); + struct smb2_hdr *hdr = RESPONSE_BUF_NEXT(work); + struct ksmbd_conn *conn = work->conn; + unsigned short credits_requested = le16_to_cpu(req_hdr->CreditRequest); + unsigned short credit_charge = 1, credits_granted = 0; + unsigned short aux_max, aux_credits, min_credits; + int rsp_credit_charge; + + if (hdr->Command == SMB2_CANCEL) + goto out; + + /* get default minimum credits by shifting maximum credits by 4 */ + min_credits = conn->max_credits >> 4; + + if (conn->total_credits >= conn->max_credits) { + ksmbd_err("Total credits overflow: %d\n", conn->total_credits); + conn->total_credits = min_credits; + } + + rsp_credit_charge = smb2_consume_credit_charge(work, + le16_to_cpu(req_hdr->CreditCharge)); + if (rsp_credit_charge < 0) + return -EINVAL; + + hdr->CreditCharge = cpu_to_le16(rsp_credit_charge); + + if (credits_requested > 0) { + aux_credits = credits_requested - 1; + aux_max = 32; + if (hdr->Command == SMB2_NEGOTIATE) + aux_max = 0; + aux_credits = (aux_credits < aux_max) ? aux_credits : aux_max; + credits_granted = aux_credits + credit_charge; + + /* if credits granted per client is getting bigger than default + * minimum credits then we should wrap it up within the limits. + */ + if ((conn->total_credits + credits_granted) > min_credits) + credits_granted = min_credits - conn->total_credits; + /* + * TODO: Need to adjuct CreditRequest value according to + * current cpu load + */ + } else if (conn->total_credits == 0) { + credits_granted = 1; + } + + conn->total_credits += credits_granted; + work->credits_granted += credits_granted; + + if (!req_hdr->NextCommand) { + /* Update CreditRequest in last request */ + hdr->CreditRequest = cpu_to_le16(work->credits_granted); + } +out: + ksmbd_debug(SMB, + "credits: requested[%d] granted[%d] total_granted[%d]\n", + credits_requested, credits_granted, + conn->total_credits); + return 0; +} + +/** + * init_chained_smb2_rsp() - initialize smb2 chained response + * @work: smb work containing smb response buffer + */ +static void init_chained_smb2_rsp(struct ksmbd_work *work) +{ + struct smb2_hdr *req = REQUEST_BUF_NEXT(work); + struct smb2_hdr *rsp = RESPONSE_BUF_NEXT(work); + struct smb2_hdr *rsp_hdr; + struct smb2_hdr *rcv_hdr; + int next_hdr_offset = 0; + int len, new_len; + + /* Len of this response = updated RFC len - offset of previous cmd + * in the compound rsp + */ + + /* Storing the current local FID which may be needed by subsequent + * command in the compound request + */ + if (req->Command == SMB2_CREATE && rsp->Status == STATUS_SUCCESS) { + work->compound_fid = + le64_to_cpu(((struct smb2_create_rsp *)rsp)-> + VolatileFileId); + work->compound_pfid = + le64_to_cpu(((struct smb2_create_rsp *)rsp)-> + PersistentFileId); + work->compound_sid = le64_to_cpu(rsp->SessionId); + } + + len = get_rfc1002_len(RESPONSE_BUF(work)) - work->next_smb2_rsp_hdr_off; + next_hdr_offset = le32_to_cpu(req->NextCommand); + + new_len = ALIGN(len, 8); + inc_rfc1001_len(RESPONSE_BUF(work), ((sizeof(struct smb2_hdr) - 4) + + new_len - len)); + rsp->NextCommand = cpu_to_le32(new_len); + + work->next_smb2_rcv_hdr_off += next_hdr_offset; + work->next_smb2_rsp_hdr_off += new_len; + ksmbd_debug(SMB, + "Compound req new_len = %d rcv off = %d rsp off = %d\n", + new_len, work->next_smb2_rcv_hdr_off, + work->next_smb2_rsp_hdr_off); + + rsp_hdr = RESPONSE_BUF_NEXT(work); + rcv_hdr = REQUEST_BUF_NEXT(work); + + if (!(rcv_hdr->Flags & SMB2_FLAGS_RELATED_OPERATIONS)) { + ksmbd_debug(SMB, "related flag should be set\n"); + work->compound_fid = KSMBD_NO_FID; + work->compound_pfid = KSMBD_NO_FID; + } + memset((char *)rsp_hdr + 4, 0, sizeof(struct smb2_hdr) + 2); + rsp_hdr->ProtocolId = rcv_hdr->ProtocolId; + rsp_hdr->StructureSize = SMB2_HEADER_STRUCTURE_SIZE; + rsp_hdr->Command = rcv_hdr->Command; + + /* + * Message is response. We don't grant oplock yet. + */ + rsp_hdr->Flags = (SMB2_FLAGS_SERVER_TO_REDIR | + SMB2_FLAGS_RELATED_OPERATIONS); + rsp_hdr->NextCommand = 0; + rsp_hdr->MessageId = rcv_hdr->MessageId; + rsp_hdr->Id.SyncId.ProcessId = rcv_hdr->Id.SyncId.ProcessId; + rsp_hdr->Id.SyncId.TreeId = rcv_hdr->Id.SyncId.TreeId; + rsp_hdr->SessionId = rcv_hdr->SessionId; + memcpy(rsp_hdr->Signature, rcv_hdr->Signature, 16); +} + +/** + * is_chained_smb2_message() - check for chained command + * @work: smb work containing smb request buffer + * + * Return: true if chained request, otherwise false + */ +bool is_chained_smb2_message(struct ksmbd_work *work) +{ + struct smb2_hdr *hdr = REQUEST_BUF(work); + unsigned int len; + + if (hdr->ProtocolId != SMB2_PROTO_NUMBER) + return false; + + hdr = REQUEST_BUF_NEXT(work); + if (le32_to_cpu(hdr->NextCommand) > 0) { + ksmbd_debug(SMB, "got SMB2 chained command\n"); + init_chained_smb2_rsp(work); + return true; + } else if (work->next_smb2_rcv_hdr_off) { + /* + * This is last request in chained command, + * align response to 8 byte + */ + len = ALIGN(get_rfc1002_len(RESPONSE_BUF(work)), 8); + len = len - get_rfc1002_len(RESPONSE_BUF(work)); + if (len) { + ksmbd_debug(SMB, "padding len %u\n", len); + inc_rfc1001_len(RESPONSE_BUF(work), len); + if (HAS_AUX_PAYLOAD(work)) + work->aux_payload_sz += len; + } + } + return false; +} + +/** + * init_smb2_rsp_hdr() - initialize smb2 response + * @work: smb work containing smb request buffer + * + * Return: 0 + */ +int init_smb2_rsp_hdr(struct ksmbd_work *work) +{ + struct smb2_hdr *rsp_hdr = RESPONSE_BUF(work); + struct smb2_hdr *rcv_hdr = REQUEST_BUF(work); + struct ksmbd_conn *conn = work->conn; + + memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2); + rsp_hdr->smb2_buf_length = cpu_to_be32(HEADER_SIZE_NO_BUF_LEN(conn)); + rsp_hdr->ProtocolId = rcv_hdr->ProtocolId; + rsp_hdr->StructureSize = SMB2_HEADER_STRUCTURE_SIZE; + rsp_hdr->Command = rcv_hdr->Command; + + /* + * Message is response. We don't grant oplock yet. + */ + rsp_hdr->Flags = (SMB2_FLAGS_SERVER_TO_REDIR); + rsp_hdr->NextCommand = 0; + rsp_hdr->MessageId = rcv_hdr->MessageId; + rsp_hdr->Id.SyncId.ProcessId = rcv_hdr->Id.SyncId.ProcessId; + rsp_hdr->Id.SyncId.TreeId = rcv_hdr->Id.SyncId.TreeId; + rsp_hdr->SessionId = rcv_hdr->SessionId; + memcpy(rsp_hdr->Signature, rcv_hdr->Signature, 16); + + work->syncronous = true; + if (work->async_id) { + ksmbd_release_id(conn->async_ida, work->async_id); + work->async_id = 0; + } + + return 0; +} + +/** + * smb2_allocate_rsp_buf() - allocate smb2 response buffer + * @work: smb work containing smb request buffer + * + * Return: 0 on success, otherwise -ENOMEM + */ +int smb2_allocate_rsp_buf(struct ksmbd_work *work) +{ + struct smb2_hdr *hdr = REQUEST_BUF(work); + size_t small_sz = MAX_CIFS_SMALL_BUFFER_SIZE; + size_t large_sz = work->conn->vals->max_trans_size + MAX_SMB2_HDR_SIZE; + size_t sz = small_sz; + int cmd = le16_to_cpu(hdr->Command); + + if (cmd == SMB2_IOCTL_HE || cmd == SMB2_QUERY_DIRECTORY_HE) { + sz = large_sz; + work->set_trans_buf = true; + } + + if (cmd == SMB2_QUERY_INFO_HE) { + struct smb2_query_info_req *req; + + req = REQUEST_BUF(work); + if (req->InfoType == SMB2_O_INFO_FILE && + (req->FileInfoClass == FILE_FULL_EA_INFORMATION || + req->FileInfoClass == FILE_ALL_INFORMATION)) { + sz = large_sz; + work->set_trans_buf = true; + } + } + + /* allocate large response buf for chained commands */ + if (le32_to_cpu(hdr->NextCommand) > 0) + sz = large_sz; + + if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_TBUF && + work->set_trans_buf) + work->response_buf = ksmbd_find_buffer(sz); + else + work->response_buf = ksmbd_alloc_response(sz); + + if (!RESPONSE_BUF(work)) { + ksmbd_err("Failed to allocate %zu bytes buffer\n", sz); + return -ENOMEM; + } + + work->response_sz = sz; + return 0; +} + +/** + * smb2_check_user_session() - check for valid session for a user + * @work: smb work containing smb request buffer + * + * Return: 0 on success, otherwise error + */ +int smb2_check_user_session(struct ksmbd_work *work) +{ + struct smb2_hdr *req_hdr = REQUEST_BUF(work); + struct ksmbd_conn *conn = work->conn; + unsigned int cmd = conn->ops->get_cmd_val(work); + unsigned long long sess_id; + + work->sess = NULL; + /* + * SMB2_ECHO, SMB2_NEGOTIATE, SMB2_SESSION_SETUP command do not + * require a session id, so no need to validate user session's for + * these commands. + */ + if (cmd == SMB2_ECHO_HE || cmd == SMB2_NEGOTIATE_HE || + cmd == SMB2_SESSION_SETUP_HE) + return 0; + + if (!ksmbd_conn_good(work)) + return -EINVAL; + + sess_id = le64_to_cpu(req_hdr->SessionId); + /* Check for validity of user session */ + work->sess = ksmbd_session_lookup(conn, sess_id); + if (work->sess) + return 1; + ksmbd_debug(SMB, "Invalid user session, Uid %llu\n", sess_id); + return -EINVAL; +} + +static void destroy_previous_session(struct ksmbd_user *user, uint64_t id) +{ + struct ksmbd_session *prev_sess = ksmbd_session_lookup_slowpath(id); + struct ksmbd_user *prev_user; + + if (!prev_sess) + return; + + prev_user = prev_sess->user; + + if (strcmp(user->name, prev_user->name) || + user->passkey_sz != prev_user->passkey_sz || + memcmp(user->passkey, prev_user->passkey, user->passkey_sz)) { + put_session(prev_sess); + return; + } + + put_session(prev_sess); + ksmbd_session_destroy(prev_sess); +} + +/** + * smb2_get_name() - get filename string from on the wire smb format + * @src: source buffer + * @maxlen: maxlen of source string + * @work: smb work containing smb request buffer + * + * Return: matching converted filename on success, otherwise error ptr + */ +static char * +smb2_get_name(struct ksmbd_share_config *share, + const char *src, + const int maxlen, + struct nls_table *local_nls) +{ + char *name, *unixname; + + name = smb_strndup_from_utf16(src, maxlen, 1, + local_nls); + if (IS_ERR(name)) { + ksmbd_err("failed to get name %ld\n", PTR_ERR(name)); + return name; + } + + /* change it to absolute unix name */ + ksmbd_conv_path_to_unix(name); + ksmbd_strip_last_slash(name); + + unixname = convert_to_unix_name(share, name); + kfree(name); + if (!unixname) { + ksmbd_err("can not convert absolute name\n"); + return ERR_PTR(-ENOMEM); + } + + ksmbd_debug(SMB, "absolute name = %s\n", unixname); + return unixname; +} + +/** + * smb2_put_name() - free memory allocated for filename + * @name: filename pointer to be freed + */ +static void smb2_put_name(void *name) +{ + if (!IS_ERR(name)) + kfree(name); +} + +int setup_async_work(struct ksmbd_work *work, void (*fn)(void **), void **arg) +{ + struct smb2_hdr *rsp_hdr; + struct ksmbd_conn *conn = work->conn; + int id; + + rsp_hdr = RESPONSE_BUF(work); + rsp_hdr->Flags |= SMB2_FLAGS_ASYNC_COMMAND; + + id = ksmbd_acquire_async_msg_id(conn->async_ida); + if (id < 0) { + ksmbd_err("Failed to alloc async message id\n"); + return id; + } + work->syncronous = false; + work->async_id = id; + rsp_hdr->Id.AsyncId = cpu_to_le64(id); + + ksmbd_debug(SMB, + "Send interim Response to inform async request id : %d\n", + work->async_id); + + work->cancel_fn = fn; + work->cancel_argv = arg; + + spin_lock(&conn->request_lock); + list_add_tail(&work->async_request_entry, &conn->async_requests); + spin_unlock(&conn->request_lock); + + return 0; +} + +void smb2_send_interim_resp(struct ksmbd_work *work, __le32 status) +{ + struct smb2_hdr *rsp_hdr; + + rsp_hdr = RESPONSE_BUF(work); + smb2_set_err_rsp(work); + rsp_hdr->Status = status; + + work->multiRsp = 1; + ksmbd_conn_write(work); + rsp_hdr->Status = 0; + work->multiRsp = 0; +} + +static __le32 smb2_get_reparse_tag_special_file(umode_t mode) +{ + if (S_ISDIR(mode) || S_ISREG(mode)) + return 0; + + if (S_ISLNK(mode)) + return IO_REPARSE_TAG_LX_SYMLINK_LE; + else if (S_ISFIFO(mode)) + return IO_REPARSE_TAG_LX_FIFO_LE; + else if (S_ISSOCK(mode)) + return IO_REPARSE_TAG_AF_UNIX_LE; + else if (S_ISCHR(mode)) + return IO_REPARSE_TAG_LX_CHR_LE; + else if (S_ISBLK(mode)) + return IO_REPARSE_TAG_LX_BLK_LE; + + return 0; +} + +/** + * smb2_get_dos_mode() - get file mode in dos format from unix mode + * @stat: kstat containing file mode + * + * Return: converted dos mode + */ +static int smb2_get_dos_mode(struct kstat *stat, int attribute) +{ + int attr = 0; + + if (S_ISDIR(stat->mode)) + attr = ATTR_DIRECTORY | + (attribute & (ATTR_HIDDEN | ATTR_SYSTEM)); + else { + attr = (attribute & 0x00005137) | ATTR_ARCHIVE; + attr &= ~(ATTR_DIRECTORY); + if (S_ISREG(stat->mode) && (server_conf.share_fake_fscaps & + FILE_SUPPORTS_SPARSE_FILES)) + attr |= ATTR_SPARSE; + + if (smb2_get_reparse_tag_special_file(stat->mode)) + attr |= ATTR_REPARSE; + } + + return attr; +} + +static void build_preauth_ctxt(struct smb2_preauth_neg_context *pneg_ctxt, + __le16 hash_id) +{ + pneg_ctxt->ContextType = SMB2_PREAUTH_INTEGRITY_CAPABILITIES; + pneg_ctxt->DataLength = cpu_to_le16(38); + pneg_ctxt->HashAlgorithmCount = cpu_to_le16(1); + pneg_ctxt->Reserved = cpu_to_le32(0); + pneg_ctxt->SaltLength = cpu_to_le16(SMB311_SALT_SIZE); + get_random_bytes(pneg_ctxt->Salt, SMB311_SALT_SIZE); + pneg_ctxt->HashAlgorithms = hash_id; +} + +static void build_encrypt_ctxt(struct smb2_encryption_neg_context *pneg_ctxt, + __le16 cipher_type) +{ + pneg_ctxt->ContextType = SMB2_ENCRYPTION_CAPABILITIES; + pneg_ctxt->DataLength = cpu_to_le16(4); + pneg_ctxt->Reserved = cpu_to_le32(0); + pneg_ctxt->CipherCount = cpu_to_le16(1); + pneg_ctxt->Ciphers[0] = cipher_type; +} + +static void build_compression_ctxt(struct smb2_compression_ctx *pneg_ctxt, + __le16 comp_algo) +{ + pneg_ctxt->ContextType = SMB2_COMPRESSION_CAPABILITIES; + pneg_ctxt->DataLength = + cpu_to_le16(sizeof(struct smb2_compression_ctx) + - sizeof(struct smb2_neg_context)); + pneg_ctxt->Reserved = cpu_to_le32(0); + pneg_ctxt->CompressionAlgorithmCount = cpu_to_le16(1); + pneg_ctxt->Reserved1 = cpu_to_le32(0); + pneg_ctxt->CompressionAlgorithms[0] = comp_algo; +} + +static void +build_posix_ctxt(struct smb2_posix_neg_context *pneg_ctxt) +{ + pneg_ctxt->ContextType = SMB2_POSIX_EXTENSIONS_AVAILABLE; + pneg_ctxt->DataLength = cpu_to_le16(POSIX_CTXT_DATA_LEN); + /* SMB2_CREATE_TAG_POSIX is "0x93AD25509CB411E7B42383DE968BCD7C" */ + pneg_ctxt->Name[0] = 0x93; + pneg_ctxt->Name[1] = 0xAD; + pneg_ctxt->Name[2] = 0x25; + pneg_ctxt->Name[3] = 0x50; + pneg_ctxt->Name[4] = 0x9C; + pneg_ctxt->Name[5] = 0xB4; + pneg_ctxt->Name[6] = 0x11; + pneg_ctxt->Name[7] = 0xE7; + pneg_ctxt->Name[8] = 0xB4; + pneg_ctxt->Name[9] = 0x23; + pneg_ctxt->Name[10] = 0x83; + pneg_ctxt->Name[11] = 0xDE; + pneg_ctxt->Name[12] = 0x96; + pneg_ctxt->Name[13] = 0x8B; + pneg_ctxt->Name[14] = 0xCD; + pneg_ctxt->Name[15] = 0x7C; +} + +static void +assemble_neg_contexts(struct ksmbd_conn *conn, + struct smb2_negotiate_rsp *rsp) +{ + /* +4 is to account for the RFC1001 len field */ + char *pneg_ctxt = (char *)rsp + + le32_to_cpu(rsp->NegotiateContextOffset) + 4; + int neg_ctxt_cnt = 1; + int ctxt_size; + + ksmbd_debug(SMB, + "assemble SMB2_PREAUTH_INTEGRITY_CAPABILITIES context\n"); + build_preauth_ctxt((struct smb2_preauth_neg_context *)pneg_ctxt, + conn->preauth_info->Preauth_HashId); + rsp->NegotiateContextCount = cpu_to_le16(neg_ctxt_cnt); + inc_rfc1001_len(rsp, AUTH_GSS_PADDING); + ctxt_size = sizeof(struct smb2_preauth_neg_context); + /* Round to 8 byte boundary */ + pneg_ctxt += round_up(sizeof(struct smb2_preauth_neg_context), 8); + + if (conn->cipher_type) { + ctxt_size = round_up(ctxt_size, 8); + ksmbd_debug(SMB, + "assemble SMB2_ENCRYPTION_CAPABILITIES context\n"); + build_encrypt_ctxt( + (struct smb2_encryption_neg_context *)pneg_ctxt, + conn->cipher_type); + rsp->NegotiateContextCount = cpu_to_le16(++neg_ctxt_cnt); + ctxt_size += sizeof(struct smb2_encryption_neg_context); + /* Round to 8 byte boundary */ + pneg_ctxt += + round_up(sizeof(struct smb2_encryption_neg_context), + 8); + } + + if (conn->compress_algorithm) { + ctxt_size = round_up(ctxt_size, 8); + ksmbd_debug(SMB, + "assemble SMB2_COMPRESSION_CAPABILITIES context\n"); + /* Temporarily set to SMB3_COMPRESS_NONE */ + build_compression_ctxt((struct smb2_compression_ctx *)pneg_ctxt, + conn->compress_algorithm); + rsp->NegotiateContextCount = cpu_to_le16(++neg_ctxt_cnt); + ctxt_size += sizeof(struct smb2_compression_ctx); + /* Round to 8 byte boundary */ + pneg_ctxt += round_up(sizeof(struct smb2_compression_ctx), 8); + } + + if (conn->posix_ext_supported) { + ctxt_size = round_up(ctxt_size, 8); + ksmbd_debug(SMB, + "assemble SMB2_POSIX_EXTENSIONS_AVAILABLE context\n"); + build_posix_ctxt((struct smb2_posix_neg_context *)pneg_ctxt); + rsp->NegotiateContextCount = cpu_to_le16(++neg_ctxt_cnt); + ctxt_size += sizeof(struct smb2_posix_neg_context); + } + + inc_rfc1001_len(rsp, ctxt_size); +} + +static __le32 +decode_preauth_ctxt(struct ksmbd_conn *conn, + struct smb2_preauth_neg_context *pneg_ctxt) +{ + __le32 err = STATUS_NO_PREAUTH_INTEGRITY_HASH_OVERLAP; + + if (pneg_ctxt->HashAlgorithms == + SMB2_PREAUTH_INTEGRITY_SHA512) { + conn->preauth_info->Preauth_HashId = + SMB2_PREAUTH_INTEGRITY_SHA512; + err = STATUS_SUCCESS; + } + + return err; +} + +static int decode_encrypt_ctxt(struct ksmbd_conn *conn, + struct smb2_encryption_neg_context *pneg_ctxt) +{ + int i; + int cph_cnt = le16_to_cpu(pneg_ctxt->CipherCount); + + conn->cipher_type = 0; + + if (!(server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION)) + goto out; + + for (i = 0; i < cph_cnt; i++) { + if (pneg_ctxt->Ciphers[i] == SMB2_ENCRYPTION_AES128_GCM || + pneg_ctxt->Ciphers[i] == SMB2_ENCRYPTION_AES128_CCM) { + ksmbd_debug(SMB, "Cipher ID = 0x%x\n", + pneg_ctxt->Ciphers[i]); + conn->cipher_type = pneg_ctxt->Ciphers[i]; + break; + } + } + +out: + /* + * Return encrypt context size in request. + * So need to plus extra number of ciphers size. + */ + return sizeof(struct smb2_encryption_neg_context) + + ((cph_cnt - 1) * 2); +} + +static int decode_compress_ctxt(struct ksmbd_conn *conn, + struct smb2_compression_ctx *pneg_ctxt) +{ + int algo_cnt = le16_to_cpu(pneg_ctxt->CompressionAlgorithmCount); + + conn->compress_algorithm = SMB3_COMPRESS_NONE; + + /* + * Return compression context size in request. + * So need to plus extra number of CompressionAlgorithms size. + */ + return sizeof(struct smb2_encryption_neg_context) + + ((algo_cnt - 1) * 2); +} + +static __le32 deassemble_neg_contexts(struct ksmbd_conn *conn, + struct smb2_negotiate_req *req) +{ + int i = 0; + __le32 status = 0; + /* +4 is to account for the RFC1001 len field */ + char *pneg_ctxt = (char *)req + + le32_to_cpu(req->NegotiateContextOffset) + 4; + __le16 *ContextType = (__le16 *)pneg_ctxt; + int neg_ctxt_cnt = le16_to_cpu(req->NegotiateContextCount); + int ctxt_size; + + ksmbd_debug(SMB, "negotiate context count = %d\n", neg_ctxt_cnt); + status = STATUS_INVALID_PARAMETER; + while (i++ < neg_ctxt_cnt) { + if (*ContextType == SMB2_PREAUTH_INTEGRITY_CAPABILITIES) { + ksmbd_debug(SMB, + "deassemble SMB2_PREAUTH_INTEGRITY_CAPABILITIES context\n"); + if (conn->preauth_info->Preauth_HashId) + break; + + status = decode_preauth_ctxt(conn, + (struct smb2_preauth_neg_context *)pneg_ctxt); + pneg_ctxt += DIV_ROUND_UP( + sizeof(struct smb2_preauth_neg_context), 8) * 8; + } else if (*ContextType == SMB2_ENCRYPTION_CAPABILITIES) { + ksmbd_debug(SMB, + "deassemble SMB2_ENCRYPTION_CAPABILITIES context\n"); + if (conn->cipher_type) + break; + + ctxt_size = decode_encrypt_ctxt(conn, + (struct smb2_encryption_neg_context *) + pneg_ctxt); + pneg_ctxt += DIV_ROUND_UP(ctxt_size, 8) * 8; + } else if (*ContextType == SMB2_COMPRESSION_CAPABILITIES) { + ksmbd_debug(SMB, + "deassemble SMB2_COMPRESSION_CAPABILITIES context\n"); + if (conn->compress_algorithm) + break; + + ctxt_size = decode_compress_ctxt(conn, + (struct smb2_compression_ctx *) + pneg_ctxt); + pneg_ctxt += DIV_ROUND_UP(ctxt_size, 8) * 8; + } else if (*ContextType == SMB2_NETNAME_NEGOTIATE_CONTEXT_ID) { + ksmbd_debug(SMB, + "deassemble SMB2_NETNAME_NEGOTIATE_CONTEXT_ID context\n"); + ctxt_size = sizeof(struct smb2_netname_neg_context); + ctxt_size += DIV_ROUND_UP( + le16_to_cpu(((struct smb2_netname_neg_context *) + pneg_ctxt)->DataLength), 8) * 8; + pneg_ctxt += ctxt_size; + } else if (*ContextType == SMB2_POSIX_EXTENSIONS_AVAILABLE) { + ksmbd_debug(SMB, + "deassemble SMB2_POSIX_EXTENSIONS_AVAILABLE context\n"); + conn->posix_ext_supported = true; + pneg_ctxt += DIV_ROUND_UP( + sizeof(struct smb2_posix_neg_context), 8) * 8; + } + ContextType = (__le16 *)pneg_ctxt; + + if (status != STATUS_SUCCESS) + break; + } + return status; +} + +/** + * smb2_handle_negotiate() - handler for smb2 negotiate command + * @work: smb work containing smb request buffer + * + * Return: 0 + */ +int smb2_handle_negotiate(struct ksmbd_work *work) +{ + struct ksmbd_conn *conn = work->conn; + struct smb2_negotiate_req *req = REQUEST_BUF(work); + struct smb2_negotiate_rsp *rsp = RESPONSE_BUF(work); + int rc = 0; + __le32 status; + + ksmbd_debug(SMB, "Received negotiate request\n"); + conn->need_neg = false; + if (ksmbd_conn_good(work)) { + ksmbd_err("conn->tcp_status is already in CifsGood State\n"); + work->send_no_response = 1; + return rc; + } + + if (req->DialectCount == 0) { + ksmbd_err("malformed packet\n"); + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + rc = -EINVAL; + goto err_out; + } + + conn->cli_cap = le32_to_cpu(req->Capabilities); + switch (conn->dialect) { + case SMB311_PROT_ID: + conn->preauth_info = + kzalloc(sizeof(struct preauth_integrity_info), + GFP_KERNEL); + if (!conn->preauth_info) { + rc = -ENOMEM; + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + goto err_out; + } + + status = deassemble_neg_contexts(conn, req); + if (status != STATUS_SUCCESS) { + ksmbd_err("deassemble_neg_contexts error(0x%x)\n", + status); + rsp->hdr.Status = status; + rc = -EINVAL; + goto err_out; + } + + rc = init_smb3_11_server(conn); + if (rc < 0) { + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + goto err_out; + } + + ksmbd_gen_preauth_integrity_hash(conn, + REQUEST_BUF(work), + conn->preauth_info->Preauth_HashValue); + rsp->NegotiateContextOffset = + cpu_to_le32(OFFSET_OF_NEG_CONTEXT); + assemble_neg_contexts(conn, rsp); + break; + case SMB302_PROT_ID: + init_smb3_02_server(conn); + break; + case SMB30_PROT_ID: + init_smb3_0_server(conn); + break; + case SMB21_PROT_ID: + init_smb2_1_server(conn); + break; + case SMB20_PROT_ID: + rc = init_smb2_0_server(conn); + if (rc) { + rsp->hdr.Status = STATUS_NOT_SUPPORTED; + goto err_out; + } + break; + case SMB2X_PROT_ID: + case BAD_PROT_ID: + default: + ksmbd_debug(SMB, "Server dialect :0x%x not supported\n", + conn->dialect); + rsp->hdr.Status = STATUS_NOT_SUPPORTED; + rc = -EINVAL; + goto err_out; + } + rsp->Capabilities = cpu_to_le32(conn->vals->capabilities); + + /* For stats */ + conn->connection_type = conn->dialect; + + rsp->MaxTransactSize = cpu_to_le32(conn->vals->max_trans_size); + rsp->MaxReadSize = cpu_to_le32(conn->vals->max_read_size); + rsp->MaxWriteSize = cpu_to_le32(conn->vals->max_write_size); + + if (conn->dialect > SMB20_PROT_ID) { + memcpy(conn->ClientGUID, req->ClientGUID, + SMB2_CLIENT_GUID_SIZE); + conn->cli_sec_mode = le16_to_cpu(req->SecurityMode); + } + + rsp->StructureSize = cpu_to_le16(65); + rsp->DialectRevision = cpu_to_le16(conn->dialect); + /* Not setting conn guid rsp->ServerGUID, as it + * not used by client for identifying server + */ + memset(rsp->ServerGUID, 0, SMB2_CLIENT_GUID_SIZE); + + rsp->SystemTime = cpu_to_le64(ksmbd_systime()); + rsp->ServerStartTime = 0; + ksmbd_debug(SMB, "negotiate context offset %d, count %d\n", + le32_to_cpu(rsp->NegotiateContextOffset), + le16_to_cpu(rsp->NegotiateContextCount)); + + rsp->SecurityBufferOffset = cpu_to_le16(128); + rsp->SecurityBufferLength = cpu_to_le16(AUTH_GSS_LENGTH); + ksmbd_copy_gss_neg_header(((char *)(&rsp->hdr) + + sizeof(rsp->hdr.smb2_buf_length)) + + le16_to_cpu(rsp->SecurityBufferOffset)); + inc_rfc1001_len(rsp, sizeof(struct smb2_negotiate_rsp) - + sizeof(struct smb2_hdr) - sizeof(rsp->Buffer) + + AUTH_GSS_LENGTH); + rsp->SecurityMode = SMB2_NEGOTIATE_SIGNING_ENABLED_LE; + conn->use_spnego = true; + + if ((server_conf.signing == KSMBD_CONFIG_OPT_AUTO || + server_conf.signing == KSMBD_CONFIG_OPT_DISABLED) && + req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED_LE) + conn->sign = true; + else if (server_conf.signing == KSMBD_CONFIG_OPT_MANDATORY) { + server_conf.enforced_signing = true; + rsp->SecurityMode |= SMB2_NEGOTIATE_SIGNING_REQUIRED_LE; + conn->sign = true; + } + + conn->srv_sec_mode = le16_to_cpu(rsp->SecurityMode); + ksmbd_conn_set_need_negotiate(work); + +err_out: + if (rc < 0) + smb2_set_err_rsp(work); + + return rc; +} + +static int alloc_preauth_hash(struct ksmbd_session *sess, + struct ksmbd_conn *conn) +{ + if (sess->Preauth_HashValue) + return 0; + + sess->Preauth_HashValue = ksmbd_alloc(PREAUTH_HASHVALUE_SIZE); + if (!sess->Preauth_HashValue) + return -ENOMEM; + + memcpy(sess->Preauth_HashValue, + conn->preauth_info->Preauth_HashValue, + PREAUTH_HASHVALUE_SIZE); + return 0; +} + +static int generate_preauth_hash(struct ksmbd_work *work) +{ + struct ksmbd_conn *conn = work->conn; + struct ksmbd_session *sess = work->sess; + + if (conn->dialect != SMB311_PROT_ID) + return 0; + + if (!sess->Preauth_HashValue) { + if (alloc_preauth_hash(sess, conn)) + return -ENOMEM; + } + + ksmbd_gen_preauth_integrity_hash(conn, + REQUEST_BUF(work), + sess->Preauth_HashValue); + return 0; +} + +static int decode_negotiation_token(struct ksmbd_work *work, + struct negotiate_message *negblob) +{ + struct ksmbd_conn *conn = work->conn; + struct smb2_sess_setup_req *req; + int sz; + + if (!conn->use_spnego) + return -EINVAL; + + req = REQUEST_BUF(work); + sz = le16_to_cpu(req->SecurityBufferLength); + + if (!ksmbd_decode_negTokenInit((char *)negblob, sz, conn)) { + if (!ksmbd_decode_negTokenTarg((char *)negblob, sz, conn)) { + conn->auth_mechs |= KSMBD_AUTH_NTLMSSP; + conn->preferred_auth_mech = KSMBD_AUTH_NTLMSSP; + conn->use_spnego = false; + } + } + return 0; +} + +static int ntlm_negotiate(struct ksmbd_work *work, + struct negotiate_message *negblob) +{ + struct smb2_sess_setup_req *req = REQUEST_BUF(work); + struct smb2_sess_setup_rsp *rsp = RESPONSE_BUF(work); + struct challenge_message *chgblob; + unsigned char *spnego_blob = NULL; + u16 spnego_blob_len; + char *neg_blob; + int sz, rc; + + ksmbd_debug(SMB, "negotiate phase\n"); + sz = le16_to_cpu(req->SecurityBufferLength); + rc = ksmbd_decode_ntlmssp_neg_blob(negblob, sz, work->sess); + if (rc) + return rc; + + sz = le16_to_cpu(rsp->SecurityBufferOffset); + chgblob = + (struct challenge_message *)((char *)&rsp->hdr.ProtocolId + sz); + memset(chgblob, 0, sizeof(struct challenge_message)); + + if (!work->conn->use_spnego) { + sz = ksmbd_build_ntlmssp_challenge_blob(chgblob, work->sess); + if (sz < 0) + return -ENOMEM; + + rsp->SecurityBufferLength = cpu_to_le16(sz); + return 0; + } + + sz = sizeof(struct challenge_message); + sz += (strlen(ksmbd_netbios_name()) * 2 + 1 + 4) * 6; + + neg_blob = kzalloc(sz, GFP_KERNEL); + if (!neg_blob) + return -ENOMEM; + + chgblob = (struct challenge_message *)neg_blob; + sz = ksmbd_build_ntlmssp_challenge_blob(chgblob, work->sess); + if (sz < 0) { + rc = -ENOMEM; + goto out; + } + + rc = build_spnego_ntlmssp_neg_blob(&spnego_blob, + &spnego_blob_len, + neg_blob, + sz); + if (rc) { + rc = -ENOMEM; + goto out; + } + + sz = le16_to_cpu(rsp->SecurityBufferOffset); + memcpy((char *)&rsp->hdr.ProtocolId + sz, spnego_blob, spnego_blob_len); + rsp->SecurityBufferLength = cpu_to_le16(spnego_blob_len); + +out: + kfree(spnego_blob); + kfree(neg_blob); + return rc; +} + +static struct authenticate_message *user_authblob(struct ksmbd_conn *conn, + struct smb2_sess_setup_req *req) +{ + int sz; + + if (conn->use_spnego && conn->mechToken) + return (struct authenticate_message *)conn->mechToken; + + sz = le16_to_cpu(req->SecurityBufferOffset); + return (struct authenticate_message *)((char *)&req->hdr.ProtocolId + + sz); +} + +static struct ksmbd_user *session_user(struct ksmbd_conn *conn, + struct smb2_sess_setup_req *req) +{ + struct authenticate_message *authblob; + struct ksmbd_user *user; + char *name; + int sz; + + authblob = user_authblob(conn, req); + sz = le32_to_cpu(authblob->UserName.BufferOffset); + name = smb_strndup_from_utf16((const char *)authblob + sz, + le16_to_cpu(authblob->UserName.Length), + true, + conn->local_nls); + if (IS_ERR(name)) { + ksmbd_err("cannot allocate memory\n"); + return NULL; + } + + ksmbd_debug(SMB, "session setup request for user %s\n", name); + user = ksmbd_login_user(name); + kfree(name); + return user; +} + +static int ntlm_authenticate(struct ksmbd_work *work) +{ + struct smb2_sess_setup_req *req = REQUEST_BUF(work); + struct smb2_sess_setup_rsp *rsp = RESPONSE_BUF(work); + struct ksmbd_conn *conn = work->conn; + struct ksmbd_session *sess = work->sess; + struct channel *chann = NULL; + struct ksmbd_user *user; + uint64_t prev_id; + int sz, rc; + + ksmbd_debug(SMB, "authenticate phase\n"); + if (conn->use_spnego) { + unsigned char *spnego_blob; + u16 spnego_blob_len; + + rc = build_spnego_ntlmssp_auth_blob(&spnego_blob, + &spnego_blob_len, + 0); + if (rc) + return -ENOMEM; + + sz = le16_to_cpu(rsp->SecurityBufferOffset); + memcpy((char *)&rsp->hdr.ProtocolId + sz, + spnego_blob, + spnego_blob_len); + rsp->SecurityBufferLength = cpu_to_le16(spnego_blob_len); + kfree(spnego_blob); + inc_rfc1001_len(rsp, spnego_blob_len - 1); + } + + user = session_user(conn, req); + if (!user) { + ksmbd_debug(SMB, "Unknown user name or an error\n"); + rsp->hdr.Status = STATUS_LOGON_FAILURE; + return -EINVAL; + } + + /* Check for previous session */ + prev_id = le64_to_cpu(req->PreviousSessionId); + if (prev_id && prev_id != sess->id) + destroy_previous_session(user, prev_id); + + if (sess->state == SMB2_SESSION_VALID) { + /* + * Reuse session if anonymous try to connect + * on reauthetication. + */ + if (ksmbd_anonymous_user(user)) { + ksmbd_free_user(user); + return 0; + } + ksmbd_free_user(sess->user); + } + + sess->user = user; + if (user_guest(sess->user)) { + if (conn->sign) { + ksmbd_debug(SMB, + "Guest login not allowed when signing enabled\n"); + rsp->hdr.Status = STATUS_LOGON_FAILURE; + return -EACCES; + } + + rsp->SessionFlags = SMB2_SESSION_FLAG_IS_GUEST_LE; + } else { + struct authenticate_message *authblob; + + authblob = user_authblob(conn, req); + sz = le16_to_cpu(req->SecurityBufferLength); + rc = ksmbd_decode_ntlmssp_auth_blob(authblob, sz, sess); + if (rc) { + set_user_flag(sess->user, KSMBD_USER_FLAG_BAD_PASSWORD); + ksmbd_debug(SMB, "authentication failed\n"); + rsp->hdr.Status = STATUS_LOGON_FAILURE; + return -EINVAL; + } + + /* + * If session state is SMB2_SESSION_VALID, We can assume + * that it is reauthentication. And the user/password + * has been verified, so return it here. + */ + if (sess->state == SMB2_SESSION_VALID) + return 0; + + if ((conn->sign || server_conf.enforced_signing) || + (req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) + sess->sign = true; + + if (conn->vals->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION && + conn->ops->generate_encryptionkey) { + rc = conn->ops->generate_encryptionkey(sess); + if (rc) { + ksmbd_debug(SMB, + "SMB3 encryption key generation failed\n"); + rsp->hdr.Status = STATUS_LOGON_FAILURE; + return rc; + } + sess->enc = true; + rsp->SessionFlags = SMB2_SESSION_FLAG_ENCRYPT_DATA_LE; + /* + * signing is disable if encryption is enable + * on this session + */ + sess->sign = false; + } + } + + if (conn->dialect >= SMB30_PROT_ID) { + chann = lookup_chann_list(sess); + if (!chann) { + chann = kmalloc(sizeof(struct channel), GFP_KERNEL); + if (!chann) + return -ENOMEM; + + chann->conn = conn; + INIT_LIST_HEAD(&chann->chann_list); + list_add(&chann->chann_list, &sess->ksmbd_chann_list); + } + } + + if (conn->ops->generate_signingkey) { + rc = conn->ops->generate_signingkey(sess); + if (rc) { + ksmbd_debug(SMB, + "SMB3 signing key generation failed\n"); + rsp->hdr.Status = STATUS_LOGON_FAILURE; + return rc; + } + } + + if (conn->dialect > SMB20_PROT_ID) { + if (!ksmbd_conn_lookup_dialect(conn)) { + ksmbd_err("fail to verify the dialect\n"); + rsp->hdr.Status = STATUS_USER_SESSION_DELETED; + return -EPERM; + } + } + return 0; +} + +#ifdef CONFIG_SMB_SERVER_KERBEROS5 +static int krb5_authenticate(struct ksmbd_work *work) +{ + struct smb2_sess_setup_req *req = REQUEST_BUF(work); + struct smb2_sess_setup_rsp *rsp = RESPONSE_BUF(work); + struct ksmbd_conn *conn = work->conn; + struct ksmbd_session *sess = work->sess; + char *in_blob, *out_blob; + struct channel *chann = NULL; + uint64_t prev_sess_id; + int in_len, out_len; + int retval; + + in_blob = (char *)&req->hdr.ProtocolId + + le16_to_cpu(req->SecurityBufferOffset); + in_len = le16_to_cpu(req->SecurityBufferLength); + out_blob = (char *)&rsp->hdr.ProtocolId + + le16_to_cpu(rsp->SecurityBufferOffset); + out_len = work->response_sz - + offsetof(struct smb2_hdr, smb2_buf_length) - + le16_to_cpu(rsp->SecurityBufferOffset); + + /* Check previous session */ + prev_sess_id = le64_to_cpu(req->PreviousSessionId); + if (prev_sess_id && prev_sess_id != sess->id) + destroy_previous_session(sess->user, prev_sess_id); + + if (sess->state == SMB2_SESSION_VALID) + ksmbd_free_user(sess->user); + + retval = ksmbd_krb5_authenticate(sess, in_blob, in_len, + out_blob, &out_len); + if (retval) { + ksmbd_debug(SMB, "krb5 authentication failed\n"); + rsp->hdr.Status = STATUS_LOGON_FAILURE; + return retval; + } + rsp->SecurityBufferLength = cpu_to_le16(out_len); + inc_rfc1001_len(rsp, out_len - 1); + + if ((conn->sign || server_conf.enforced_signing) || + (req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) + sess->sign = true; + + if ((conn->vals->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION) && + conn->ops->generate_encryptionkey) { + retval = conn->ops->generate_encryptionkey(sess); + if (retval) { + ksmbd_debug(SMB, + "SMB3 encryption key generation failed\n"); + rsp->hdr.Status = STATUS_LOGON_FAILURE; + return retval; + } + sess->enc = true; + rsp->SessionFlags = SMB2_SESSION_FLAG_ENCRYPT_DATA_LE; + sess->sign = false; + } + + if (conn->dialect >= SMB30_PROT_ID) { + chann = lookup_chann_list(sess); + if (!chann) { + chann = kmalloc(sizeof(struct channel), GFP_KERNEL); + if (!chann) + return -ENOMEM; + + chann->conn = conn; + INIT_LIST_HEAD(&chann->chann_list); + list_add(&chann->chann_list, &sess->ksmbd_chann_list); + } + } + + if (conn->ops->generate_signingkey) { + retval = conn->ops->generate_signingkey(sess); + if (retval) { + ksmbd_debug(SMB, + "SMB3 signing key generation failed\n"); + rsp->hdr.Status = STATUS_LOGON_FAILURE; + return retval; + } + } + + if (conn->dialect > SMB20_PROT_ID) { + if (!ksmbd_conn_lookup_dialect(conn)) { + ksmbd_err("fail to verify the dialect\n"); + rsp->hdr.Status = STATUS_USER_SESSION_DELETED; + return -EPERM; + } + } + return 0; +} +#else +static int krb5_authenticate(struct ksmbd_work *work) +{ + return -EOPNOTSUPP; +} +#endif + +int smb2_sess_setup(struct ksmbd_work *work) +{ + struct ksmbd_conn *conn = work->conn; + struct smb2_sess_setup_req *req = REQUEST_BUF(work); + struct smb2_sess_setup_rsp *rsp = RESPONSE_BUF(work); + struct ksmbd_session *sess; + struct negotiate_message *negblob; + int rc = 0; + + ksmbd_debug(SMB, "Received request for session setup\n"); + + rsp->StructureSize = cpu_to_le16(9); + rsp->SessionFlags = 0; + rsp->SecurityBufferOffset = cpu_to_le16(72); + rsp->SecurityBufferLength = 0; + inc_rfc1001_len(rsp, 9); + + if (!req->hdr.SessionId) { + sess = ksmbd_smb2_session_create(); + if (!sess) { + rc = -ENOMEM; + goto out_err; + } + rsp->hdr.SessionId = cpu_to_le64(sess->id); + ksmbd_session_register(conn, sess); + } else { + sess = ksmbd_session_lookup(conn, + le64_to_cpu(req->hdr.SessionId)); + if (!sess) { + rc = -ENOENT; + rsp->hdr.Status = STATUS_USER_SESSION_DELETED; + goto out_err; + } + } + work->sess = sess; + + if (sess->state == SMB2_SESSION_EXPIRED) + sess->state = SMB2_SESSION_IN_PROGRESS; + + negblob = (struct negotiate_message *)((char *)&req->hdr.ProtocolId + + le16_to_cpu(req->SecurityBufferOffset)); + + if (decode_negotiation_token(work, negblob) == 0) { + if (conn->mechToken) + negblob = (struct negotiate_message *)conn->mechToken; + } + + if (server_conf.auth_mechs & conn->auth_mechs) { + if (conn->preferred_auth_mech & + (KSMBD_AUTH_KRB5 | KSMBD_AUTH_MSKRB5)) { + rc = generate_preauth_hash(work); + if (rc) + goto out_err; + + rc = krb5_authenticate(work); + if (rc) { + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + goto out_err; + } + + ksmbd_conn_set_good(work); + sess->state = SMB2_SESSION_VALID; + ksmbd_free(sess->Preauth_HashValue); + sess->Preauth_HashValue = NULL; + } else if (conn->preferred_auth_mech == KSMBD_AUTH_NTLMSSP) { + rc = generate_preauth_hash(work); + if (rc) + goto out_err; + + if (negblob->MessageType == NtLmNegotiate) { + rc = ntlm_negotiate(work, negblob); + if (rc) + goto out_err; + rsp->hdr.Status = + STATUS_MORE_PROCESSING_REQUIRED; + /* + * Note: here total size -1 is done as an + * adjustment for 0 size blob + */ + inc_rfc1001_len(rsp, + le16_to_cpu(rsp->SecurityBufferLength) + - 1); + + } else if (negblob->MessageType == NtLmAuthenticate) { + rc = ntlm_authenticate(work); + if (rc) + goto out_err; + + ksmbd_conn_set_good(work); + sess->state = SMB2_SESSION_VALID; + ksmbd_free(sess->Preauth_HashValue); + sess->Preauth_HashValue = NULL; + } + } else { + /* TODO: need one more negotiation */ + ksmbd_err("Not support the preferred authentication\n"); + rc = -EINVAL; + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + } + } else { + ksmbd_err("Not support authentication\n"); + rc = -EINVAL; + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + } + +out_err: + if (conn->use_spnego && conn->mechToken) { + kfree(conn->mechToken); + conn->mechToken = NULL; + } + + if (rc < 0 && sess) { + ksmbd_session_destroy(sess); + work->sess = NULL; + } + + return rc; +} + +/** + * smb2_tree_connect() - handler for smb2 tree connect command + * @work: smb work containing smb request buffer + * + * Return: 0 on success, otherwise error + */ +int smb2_tree_connect(struct ksmbd_work *work) +{ + struct ksmbd_conn *conn = work->conn; + struct smb2_tree_connect_req *req = REQUEST_BUF(work); + struct smb2_tree_connect_rsp *rsp = RESPONSE_BUF(work); + struct ksmbd_session *sess = work->sess; + char *treename = NULL, *name = NULL; + struct ksmbd_tree_conn_status status; + struct ksmbd_share_config *share; + int rc = -EINVAL; + + treename = smb_strndup_from_utf16(req->Buffer, + le16_to_cpu(req->PathLength), true, conn->local_nls); + if (IS_ERR(treename)) { + ksmbd_err("treename is NULL\n"); + status.ret = KSMBD_TREE_CONN_STATUS_ERROR; + goto out_err1; + } + + name = extract_sharename(treename); + if (IS_ERR(name)) { + status.ret = KSMBD_TREE_CONN_STATUS_ERROR; + goto out_err1; + } + + ksmbd_debug(SMB, "tree connect request for tree %s treename %s\n", + name, treename); + + status = ksmbd_tree_conn_connect(sess, name); + if (status.ret == KSMBD_TREE_CONN_STATUS_OK) + rsp->hdr.Id.SyncId.TreeId = cpu_to_le32(status.tree_conn->id); + else + goto out_err1; + + share = status.tree_conn->share_conf; + if (test_share_config_flag(share, KSMBD_SHARE_FLAG_PIPE)) { + ksmbd_debug(SMB, "IPC share path request\n"); + rsp->ShareType = SMB2_SHARE_TYPE_PIPE; + rsp->MaximalAccess = FILE_READ_DATA_LE | FILE_READ_EA_LE | + FILE_EXECUTE_LE | FILE_READ_ATTRIBUTES_LE | + FILE_DELETE_LE | FILE_READ_CONTROL_LE | + FILE_WRITE_DAC_LE | FILE_WRITE_OWNER_LE | + FILE_SYNCHRONIZE_LE; + } else { + rsp->ShareType = SMB2_SHARE_TYPE_DISK; + rsp->MaximalAccess = FILE_READ_DATA_LE | FILE_READ_EA_LE | + FILE_EXECUTE_LE | FILE_READ_ATTRIBUTES_LE; + if (test_tree_conn_flag(status.tree_conn, + KSMBD_TREE_CONN_FLAG_WRITABLE)) { + rsp->MaximalAccess |= FILE_WRITE_DATA_LE | + FILE_APPEND_DATA_LE | FILE_WRITE_EA_LE | + FILE_DELETE_CHILD_LE | FILE_DELETE_LE | + FILE_WRITE_ATTRIBUTES_LE | FILE_DELETE_LE | + FILE_READ_CONTROL_LE | FILE_WRITE_DAC_LE | + FILE_WRITE_OWNER_LE | FILE_SYNCHRONIZE_LE; + } + } + + status.tree_conn->maximal_access = le32_to_cpu(rsp->MaximalAccess); + if (conn->posix_ext_supported) + status.tree_conn->posix_extensions = true; + +out_err1: + rsp->StructureSize = cpu_to_le16(16); + rsp->Capabilities = 0; + rsp->Reserved = 0; + /* default manual caching */ + rsp->ShareFlags = SMB2_SHAREFLAG_MANUAL_CACHING; + inc_rfc1001_len(rsp, 16); + + if (!IS_ERR(treename)) + kfree(treename); + if (!IS_ERR(name)) + kfree(name); + + switch (status.ret) { + case KSMBD_TREE_CONN_STATUS_OK: + rsp->hdr.Status = STATUS_SUCCESS; + rc = 0; + break; + case KSMBD_TREE_CONN_STATUS_NO_SHARE: + rsp->hdr.Status = STATUS_BAD_NETWORK_PATH; + break; + case -ENOMEM: + case KSMBD_TREE_CONN_STATUS_NOMEM: + rsp->hdr.Status = STATUS_NO_MEMORY; + break; + case KSMBD_TREE_CONN_STATUS_ERROR: + case KSMBD_TREE_CONN_STATUS_TOO_MANY_CONNS: + case KSMBD_TREE_CONN_STATUS_TOO_MANY_SESSIONS: + rsp->hdr.Status = STATUS_ACCESS_DENIED; + break; + case -EINVAL: + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + break; + default: + rsp->hdr.Status = STATUS_ACCESS_DENIED; + } + + return rc; +} + +/** + * smb2_create_open_flags() - convert smb open flags to unix open flags + * @file_present: is file already present + * @access: file access flags + * @disposition: file disposition flags + * @work: smb work containing smb request buffer + * + * Return: file open flags + */ +static int smb2_create_open_flags(bool file_present, __le32 access, + __le32 disposition) +{ + int oflags = O_NONBLOCK | O_LARGEFILE; + + if (access & FILE_READ_DESIRED_ACCESS_LE && + access & FILE_WRITE_DESIRE_ACCESS_LE) + oflags |= O_RDWR; + else if (access & FILE_WRITE_DESIRE_ACCESS_LE) + oflags |= O_WRONLY; + else + oflags |= O_RDONLY; + + if (access == FILE_READ_ATTRIBUTES_LE) + oflags |= O_PATH; + + if (file_present) { + switch (disposition & FILE_CREATE_MASK_LE) { + case FILE_OPEN_LE: + case FILE_CREATE_LE: + break; + case FILE_SUPERSEDE_LE: + case FILE_OVERWRITE_LE: + case FILE_OVERWRITE_IF_LE: + oflags |= O_TRUNC; + break; + default: + break; + } + } else { + switch (disposition & FILE_CREATE_MASK_LE) { + case FILE_SUPERSEDE_LE: + case FILE_CREATE_LE: + case FILE_OPEN_IF_LE: + case FILE_OVERWRITE_IF_LE: + oflags |= O_CREAT; + break; + case FILE_OPEN_LE: + case FILE_OVERWRITE_LE: + oflags &= ~O_CREAT; + break; + default: + break; + } + } + return oflags; +} + +/** + * smb2_tree_disconnect() - handler for smb tree connect request + * @work: smb work containing request buffer + * + * Return: 0 + */ +int smb2_tree_disconnect(struct ksmbd_work *work) +{ + struct smb2_tree_disconnect_rsp *rsp = RESPONSE_BUF(work); + struct ksmbd_session *sess = work->sess; + struct ksmbd_tree_connect *tcon = work->tcon; + + rsp->StructureSize = cpu_to_le16(4); + inc_rfc1001_len(rsp, 4); + + ksmbd_debug(SMB, "request\n"); + + if (!tcon) { + struct smb2_tree_disconnect_req *req = REQUEST_BUF(work); + + ksmbd_debug(SMB, "Invalid tid %d\n", req->hdr.Id.SyncId.TreeId); + rsp->hdr.Status = STATUS_NETWORK_NAME_DELETED; + smb2_set_err_rsp(work); + return 0; + } + + ksmbd_close_tree_conn_fds(work); + ksmbd_tree_conn_disconnect(sess, tcon); + return 0; +} + +/** + * smb2_session_logoff() - handler for session log off request + * @work: smb work containing request buffer + * + * Return: 0 + */ +int smb2_session_logoff(struct ksmbd_work *work) +{ + struct ksmbd_conn *conn = work->conn; + struct smb2_logoff_rsp *rsp = RESPONSE_BUF(work); + struct ksmbd_session *sess = work->sess; + + rsp->StructureSize = cpu_to_le16(4); + inc_rfc1001_len(rsp, 4); + + ksmbd_debug(SMB, "request\n"); + + /* Got a valid session, set connection state */ + WARN_ON(sess->conn != conn); + + /* setting CifsExiting here may race with start_tcp_sess */ + ksmbd_conn_set_need_reconnect(work); + ksmbd_close_session_fds(work); + ksmbd_conn_wait_idle(conn); + + if (ksmbd_tree_conn_session_logoff(sess)) { + struct smb2_logoff_req *req = REQUEST_BUF(work); + + ksmbd_debug(SMB, "Invalid tid %d\n", req->hdr.Id.SyncId.TreeId); + rsp->hdr.Status = STATUS_NETWORK_NAME_DELETED; + smb2_set_err_rsp(work); + return 0; + } + + ksmbd_destroy_file_table(&sess->file_table); + sess->state = SMB2_SESSION_EXPIRED; + + ksmbd_free_user(sess->user); + sess->user = NULL; + + /* let start_tcp_sess free connection info now */ + ksmbd_conn_set_need_negotiate(work); + return 0; +} + +/** + * create_smb2_pipe() - create IPC pipe + * @work: smb work containing request buffer + * + * Return: 0 on success, otherwise error + */ +static noinline int create_smb2_pipe(struct ksmbd_work *work) +{ + struct smb2_create_rsp *rsp = RESPONSE_BUF(work); + struct smb2_create_req *req = REQUEST_BUF(work); + int id; + int err; + char *name; + + name = smb_strndup_from_utf16(req->Buffer, le16_to_cpu(req->NameLength), + 1, work->conn->local_nls); + if (IS_ERR(name)) { + rsp->hdr.Status = STATUS_NO_MEMORY; + err = PTR_ERR(name); + goto out; + } + + id = ksmbd_session_rpc_open(work->sess, name); + if (id < 0) + ksmbd_err("Unable to open RPC pipe: %d\n", id); + + rsp->StructureSize = cpu_to_le16(89); + rsp->OplockLevel = SMB2_OPLOCK_LEVEL_NONE; + rsp->Reserved = 0; + rsp->CreateAction = cpu_to_le32(FILE_OPENED); + + rsp->CreationTime = cpu_to_le64(0); + rsp->LastAccessTime = cpu_to_le64(0); + rsp->ChangeTime = cpu_to_le64(0); + rsp->AllocationSize = cpu_to_le64(0); + rsp->EndofFile = cpu_to_le64(0); + rsp->FileAttributes = ATTR_NORMAL_LE; + rsp->Reserved2 = 0; + rsp->VolatileFileId = cpu_to_le64(id); + rsp->PersistentFileId = 0; + rsp->CreateContextsOffset = 0; + rsp->CreateContextsLength = 0; + + inc_rfc1001_len(rsp, 88); /* StructureSize - 1*/ + kfree(name); + return 0; + +out: + smb2_set_err_rsp(work); + return err; +} + +#define DURABLE_RECONN_V2 1 +#define DURABLE_RECONN 2 +#define DURABLE_REQ_V2 3 +#define DURABLE_REQ 4 +#define APP_INSTANCE_ID 5 + +struct durable_info { + struct ksmbd_file *fp; + int type; + int reconnected; + int persistent; + int timeout; + char *CreateGuid; + char *app_id; +}; + +static int parse_durable_handle_context(struct ksmbd_work *work, + struct smb2_create_req *req, struct lease_ctx_info *lc, + struct durable_info *d_info) +{ + struct ksmbd_conn *conn = work->conn; + struct create_context *context; + int i, err = 0; + uint64_t persistent_id = 0; + int req_op_level; + static const char * const durable_arr[] = {"DH2C", "DHnC", "DH2Q", + "DHnQ", SMB2_CREATE_APP_INSTANCE_ID}; + + req_op_level = req->RequestedOplockLevel; + for (i = 1; i <= 5; i++) { + context = smb2_find_context_vals(req, durable_arr[i - 1]); + if (IS_ERR(context)) { + err = PTR_ERR(context); + if (err == -EINVAL) { + ksmbd_err("bad name length\n"); + goto out; + } + err = 0; + continue; + } + + switch (i) { + case DURABLE_RECONN_V2: + { + struct create_durable_reconn_v2_req *recon_v2; + + recon_v2 = + (struct create_durable_reconn_v2_req *)context; + persistent_id = le64_to_cpu( + recon_v2->Fid.PersistentFileId); + d_info->fp = ksmbd_lookup_durable_fd(persistent_id); + if (!d_info->fp) { + ksmbd_err("Failed to get Durable handle state\n"); + err = -EBADF; + goto out; + } + + if (memcmp(d_info->fp->create_guid, + recon_v2->CreateGuid, + SMB2_CREATE_GUID_SIZE)) { + err = -EBADF; + goto out; + } + d_info->type = i; + d_info->reconnected = 1; + ksmbd_debug(SMB, + "reconnect v2 Persistent-id from reconnect = %llu\n", + persistent_id); + break; + } + case DURABLE_RECONN: + { + struct create_durable_reconn_req *recon; + + if (d_info->type == DURABLE_RECONN_V2 || + d_info->type == DURABLE_REQ_V2) { + err = -EINVAL; + goto out; + } + + recon = + (struct create_durable_reconn_req *)context; + persistent_id = le64_to_cpu( + recon->Data.Fid.PersistentFileId); + d_info->fp = ksmbd_lookup_durable_fd(persistent_id); + if (!d_info->fp) { + ksmbd_err("Failed to get Durable handle state\n"); + err = -EBADF; + goto out; + } + d_info->type = i; + d_info->reconnected = 1; + ksmbd_debug(SMB, + "reconnect Persistent-id from reconnect = %llu\n", + persistent_id); + break; + } + case DURABLE_REQ_V2: + { + struct create_durable_req_v2 *durable_v2_blob; + + if (d_info->type == DURABLE_RECONN || + d_info->type == DURABLE_RECONN_V2) { + err = -EINVAL; + goto out; + } + + durable_v2_blob = + (struct create_durable_req_v2 *)context; + ksmbd_debug(SMB, "Request for durable v2 open\n"); + d_info->fp = ksmbd_lookup_fd_cguid( + durable_v2_blob->CreateGuid); + if (d_info->fp) { + if (!memcmp(conn->ClientGUID, + d_info->fp->client_guid, + SMB2_CLIENT_GUID_SIZE)) { + if (!(req->hdr.Flags & + SMB2_FLAGS_REPLAY_OPERATIONS)) { + err = -ENOEXEC; + goto out; + } + + d_info->fp->conn = conn; + d_info->reconnected = 1; + goto out; + } + } + if (((lc && + (lc->req_state & + SMB2_LEASE_HANDLE_CACHING_LE)) || + (req_op_level == SMB2_OPLOCK_LEVEL_BATCH))) { + d_info->CreateGuid = + durable_v2_blob->CreateGuid; + d_info->persistent = + le32_to_cpu(durable_v2_blob->Flags); + d_info->timeout = + le32_to_cpu(durable_v2_blob->Timeout); + d_info->type = i; + } + break; + } + case DURABLE_REQ: + if (d_info->type == DURABLE_RECONN) + goto out; + if (d_info->type == DURABLE_RECONN_V2 || + d_info->type == DURABLE_REQ_V2) { + err = -EINVAL; + goto out; + } + + if (((lc && + (lc->req_state & + SMB2_LEASE_HANDLE_CACHING_LE)) || + (req_op_level == SMB2_OPLOCK_LEVEL_BATCH))) { + ksmbd_debug(SMB, "Request for durable open\n"); + d_info->type = i; + } + break; + case APP_INSTANCE_ID: + { + struct create_app_inst_id *inst_id; + + inst_id = (struct create_app_inst_id *)context; + ksmbd_close_fd_app_id(work, inst_id->AppInstanceId); + d_info->app_id = inst_id->AppInstanceId; + break; + } + default: + break; + } + } + +out: + + return err; +} + +/** + * smb2_set_ea() - handler for setting extended attributes using set + * info command + * @eabuf: set info command buffer + * @path: dentry path for get ea + * + * Return: 0 on success, otherwise error + */ +static int smb2_set_ea(struct smb2_ea_info *eabuf, struct path *path) +{ + char *attr_name = NULL, *value; + int rc = 0; + int next = 0; + + attr_name = kmalloc(XATTR_NAME_MAX + 1, GFP_KERNEL); + if (!attr_name) + return -ENOMEM; + + do { + if (!eabuf->EaNameLength) + goto next; + + ksmbd_debug(SMB, + "name : <%s>, name_len : %u, value_len : %u, next : %u\n", + eabuf->name, eabuf->EaNameLength, + le16_to_cpu(eabuf->EaValueLength), + le32_to_cpu(eabuf->NextEntryOffset)); + + if (eabuf->EaNameLength > + (XATTR_NAME_MAX - XATTR_USER_PREFIX_LEN)) { + rc = -EINVAL; + break; + } + + memcpy(attr_name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN); + memcpy(&attr_name[XATTR_USER_PREFIX_LEN], eabuf->name, + eabuf->EaNameLength); + attr_name[XATTR_USER_PREFIX_LEN + eabuf->EaNameLength] = '\0'; + value = (char *)&eabuf->name + eabuf->EaNameLength + 1; + + if (!eabuf->EaValueLength) { + rc = ksmbd_vfs_casexattr_len(path->dentry, + attr_name, + XATTR_USER_PREFIX_LEN + + eabuf->EaNameLength); + + /* delete the EA only when it exits */ + if (rc > 0) { + rc = ksmbd_vfs_remove_xattr(path->dentry, + attr_name); + + if (rc < 0) { + ksmbd_debug(SMB, + "remove xattr failed(%d)\n", + rc); + break; + } + } + + /* if the EA doesn't exist, just do nothing. */ + rc = 0; + } else { + rc = ksmbd_vfs_setxattr(path->dentry, attr_name, value, + le16_to_cpu(eabuf->EaValueLength), 0); + if (rc < 0) { + ksmbd_debug(SMB, + "ksmbd_vfs_setxattr is failed(%d)\n", + rc); + break; + } + } + +next: + next = le32_to_cpu(eabuf->NextEntryOffset); + eabuf = (struct smb2_ea_info *)((char *)eabuf + next); + } while (next != 0); + + kfree(attr_name); + return rc; +} + +static inline int check_context_err(void *ctx, char *str) +{ + int err; + + err = PTR_ERR(ctx); + ksmbd_debug(SMB, "find context %s err %d\n", str, err); + + if (err == -EINVAL) { + ksmbd_err("bad name length\n"); + return err; + } + + return 0; +} + +static noinline int smb2_set_stream_name_xattr(struct path *path, + struct ksmbd_file *fp, + char *stream_name, + int s_type) +{ + size_t xattr_stream_size; + char *xattr_stream_name; + int rc; + + rc = ksmbd_vfs_xattr_stream_name(stream_name, + &xattr_stream_name, + &xattr_stream_size, + s_type); + if (rc) + return rc; + + fp->stream.name = xattr_stream_name; + fp->stream.size = xattr_stream_size; + + /* Check if there is stream prefix in xattr space */ + rc = ksmbd_vfs_casexattr_len(path->dentry, + xattr_stream_name, + xattr_stream_size); + if (rc >= 0) + return 0; + + if (fp->cdoption == FILE_OPEN_LE) { + ksmbd_debug(SMB, "XATTR stream name lookup failed: %d\n", rc); + return -EBADF; + } + + rc = ksmbd_vfs_setxattr(path->dentry, xattr_stream_name, NULL, 0, 0); + if (rc < 0) + ksmbd_err("Failed to store XATTR stream name :%d\n", rc); + return 0; +} + +static int smb2_remove_smb_xattrs(struct dentry *dentry) +{ + char *name, *xattr_list = NULL; + ssize_t xattr_list_len; + int err = 0; + + xattr_list_len = ksmbd_vfs_listxattr(dentry, &xattr_list); + if (xattr_list_len < 0) { + goto out; + } else if (!xattr_list_len) { + ksmbd_debug(SMB, "empty xattr in the file\n"); + goto out; + } + + for (name = xattr_list; name - xattr_list < xattr_list_len; + name += strlen(name) + 1) { + ksmbd_debug(SMB, "%s, len %zd\n", name, strlen(name)); + + if (strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN) && + strncmp(&name[XATTR_USER_PREFIX_LEN], + DOS_ATTRIBUTE_PREFIX, + DOS_ATTRIBUTE_PREFIX_LEN) && + strncmp(&name[XATTR_USER_PREFIX_LEN], + STREAM_PREFIX, + STREAM_PREFIX_LEN)) + continue; + + err = ksmbd_vfs_remove_xattr(dentry, name); + if (err) + ksmbd_debug(SMB, "remove xattr failed : %s\n", name); + } +out: + ksmbd_vfs_xattr_free(xattr_list); + return err; +} + +static int smb2_create_truncate(struct path *path) +{ + int rc = vfs_truncate(path, 0); + + if (rc) { + ksmbd_err("vfs_truncate failed, rc %d\n", rc); + return rc; + } + + rc = smb2_remove_smb_xattrs(path->dentry); + if (rc == -EOPNOTSUPP) + rc = 0; + if (rc) + ksmbd_debug(SMB, + "ksmbd_truncate_stream_name_xattr failed, rc %d\n", + rc); + return rc; +} + +static void smb2_new_xattrs(struct ksmbd_tree_connect *tcon, + struct path *path, + struct ksmbd_file *fp) +{ + struct xattr_dos_attrib da = {0}; + int rc; + + if (!test_share_config_flag(tcon->share_conf, + KSMBD_SHARE_FLAG_STORE_DOS_ATTRS)) + return; + + da.version = 4; + da.attr = le32_to_cpu(fp->f_ci->m_fattr); + da.itime = da.create_time = fp->create_time; + da.flags = XATTR_DOSINFO_ATTRIB | XATTR_DOSINFO_CREATE_TIME | + XATTR_DOSINFO_ITIME; + + rc = ksmbd_vfs_set_dos_attrib_xattr(path->dentry, &da); + if (rc) + ksmbd_debug(SMB, "failed to store file attribute into xattr\n"); +} + +static void smb2_update_xattrs(struct ksmbd_tree_connect *tcon, + struct path *path, + struct ksmbd_file *fp) +{ + struct xattr_dos_attrib da; + int rc; + + fp->f_ci->m_fattr &= ~(ATTR_HIDDEN_LE | ATTR_SYSTEM_LE); + + /* get FileAttributes from XATTR_NAME_DOS_ATTRIBUTE */ + if (!test_share_config_flag(tcon->share_conf, + KSMBD_SHARE_FLAG_STORE_DOS_ATTRS)) + return; + + rc = ksmbd_vfs_get_dos_attrib_xattr(path->dentry, &da); + if (rc > 0) { + fp->f_ci->m_fattr = cpu_to_le32(da.attr); + fp->create_time = da.create_time; + fp->itime = da.itime; + } +} + +static int smb2_creat(struct ksmbd_work *work, + struct path *path, + char *name, + int open_flags, + umode_t posix_mode, + bool is_dir) +{ + struct ksmbd_tree_connect *tcon = work->tcon; + struct ksmbd_share_config *share = tcon->share_conf; + umode_t mode; + int rc; + + if (!(open_flags & O_CREAT)) + return -EBADF; + + ksmbd_debug(SMB, "file does not exist, so creating\n"); + if (is_dir == true) { + ksmbd_debug(SMB, "creating directory\n"); + + mode = share_config_directory_mode(share, posix_mode); + rc = ksmbd_vfs_mkdir(work, name, mode); + if (rc) + return rc; + } else { + ksmbd_debug(SMB, "creating regular file\n"); + + mode = share_config_create_mode(share, posix_mode); + rc = ksmbd_vfs_create(work, name, mode); + if (rc) + return rc; + } + + rc = ksmbd_vfs_kern_path(name, 0, path, 0); + if (rc) { + ksmbd_err("cannot get linux path (%s), err = %d\n", + name, rc); + return rc; + } + return 0; +} + +static int smb2_create_sd_buffer(struct ksmbd_work *work, + struct smb2_create_req *req, struct dentry *dentry) +{ + struct create_context *context; + int rc = -ENOENT; + + if (!req->CreateContextsOffset) + return rc; + + /* Parse SD BUFFER create contexts */ + context = smb2_find_context_vals(req, SMB2_CREATE_SD_BUFFER); + if (context && !IS_ERR(context)) { + struct create_sd_buf_req *sd_buf; + + ksmbd_debug(SMB, + "Set ACLs using SMB2_CREATE_SD_BUFFER context\n"); + sd_buf = (struct create_sd_buf_req *)context; + rc = set_info_sec(work->conn, work->tcon, dentry, &sd_buf->ntsd, + le32_to_cpu(sd_buf->ccontext.DataLength), true); + } + + return rc; +} + +/** + * smb2_open() - handler for smb file open request + * @work: smb work containing request buffer + * + * Return: 0 on success, otherwise error + */ +int smb2_open(struct ksmbd_work *work) +{ + struct ksmbd_conn *conn = work->conn; + struct ksmbd_session *sess = work->sess; + struct ksmbd_tree_connect *tcon = work->tcon; + struct smb2_create_req *req; + struct smb2_create_rsp *rsp, *rsp_org; + struct path path; + struct ksmbd_share_config *share = tcon->share_conf; + struct ksmbd_file *fp = NULL; + struct file *filp = NULL; + struct kstat stat; + struct create_context *context; + struct lease_ctx_info *lc = NULL; + struct create_ea_buf_req *ea_buf = NULL; + struct oplock_info *opinfo; + __le32 *next_ptr = NULL; + int req_op_level = 0, open_flags = 0, file_info = 0; + int rc = 0, len = 0; + int contxt_cnt = 0, query_disk_id = 0; + int maximal_access_ctxt = 0, posix_ctxt = 0; + int s_type = 0; + int next_off = 0; + char *name = NULL; + char *stream_name = NULL; + bool file_present = false, created = false, already_permitted = false; + struct durable_info d_info; + int share_ret, need_truncate = 0; + u64 time; + umode_t posix_mode = 0; + __le32 daccess, maximal_access = 0; + + rsp_org = RESPONSE_BUF(work); + WORK_BUFFERS(work, req, rsp); + + if (req->hdr.NextCommand && !work->next_smb2_rcv_hdr_off && + (req->hdr.Flags & SMB2_FLAGS_RELATED_OPERATIONS)) { + ksmbd_debug(SMB, "invalid flag in chained command\n"); + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + smb2_set_err_rsp(work); + return -EINVAL; + } + + if (test_share_config_flag(share, KSMBD_SHARE_FLAG_PIPE)) { + ksmbd_debug(SMB, "IPC pipe create request\n"); + return create_smb2_pipe(work); + } + + if (req->NameLength) { + if ((req->CreateOptions & FILE_DIRECTORY_FILE_LE) && + *(char *)req->Buffer == '\') { + ksmbd_err("not allow directory name included leadning slash\n"); + rc = -EINVAL; + goto err_out1; + } + + name = smb2_get_name(share, + req->Buffer, + le16_to_cpu(req->NameLength), + work->conn->local_nls); + if (IS_ERR(name)) { + rc = PTR_ERR(name); + if (rc != -ENOMEM) + rc = -ENOENT; + goto err_out1; + } + + ksmbd_debug(SMB, "converted name = %s\n", name); + if (strchr(name, ':')) { + if (!test_share_config_flag(work->tcon->share_conf, + KSMBD_SHARE_FLAG_STREAMS)) { + rc = -EBADF; + goto err_out1; + } + rc = parse_stream_name(name, &stream_name, &s_type); + if (rc < 0) + goto err_out1; + } + + rc = ksmbd_validate_filename(name); + if (rc < 0) + goto err_out1; + + if (ksmbd_share_veto_filename(share, name)) { + rc = -ENOENT; + ksmbd_debug(SMB, "Reject open(), vetoed file: %s\n", + name); + goto err_out1; + } + } else { + len = strlen(share->path); + ksmbd_debug(SMB, "share path len %d\n", len); + name = kmalloc(len + 1, GFP_KERNEL); + if (!name) { + rsp->hdr.Status = STATUS_NO_MEMORY; + rc = -ENOMEM; + goto err_out1; + } + + memcpy(name, share->path, len); + *(name + len) = '\0'; + } + + req_op_level = req->RequestedOplockLevel; + memset(&d_info, 0, sizeof(struct durable_info)); + if (server_conf.flags & KSMBD_GLOBAL_FLAG_DURABLE_HANDLE && + req->CreateContextsOffset) { + lc = parse_lease_state(req); + rc = parse_durable_handle_context(work, req, lc, &d_info); + if (rc) { + ksmbd_err("error parsing durable handle context\n"); + goto err_out1; + } + + if (d_info.reconnected) { + fp = d_info.fp; + rc = smb2_check_durable_oplock(d_info.fp, lc, name); + if (rc) + goto err_out1; + rc = ksmbd_reopen_durable_fd(work, d_info.fp); + if (rc) + goto err_out1; + if (ksmbd_override_fsids(work)) { + rc = -ENOMEM; + goto err_out1; + } + file_info = FILE_OPENED; + fp = d_info.fp; + goto reconnected; + } + } else { + if (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) + lc = parse_lease_state(req); + } + + if (le32_to_cpu(req->ImpersonationLevel) > + le32_to_cpu(IL_DELEGATE_LE)) { + ksmbd_err("Invalid impersonationlevel : 0x%x\n", + le32_to_cpu(req->ImpersonationLevel)); + rc = -EIO; + rsp->hdr.Status = STATUS_BAD_IMPERSONATION_LEVEL; + goto err_out1; + } + + if (req->CreateOptions && !(req->CreateOptions & CREATE_OPTIONS_MASK)) { + ksmbd_err("Invalid create options : 0x%x\n", + le32_to_cpu(req->CreateOptions)); + rc = -EINVAL; + goto err_out1; + } else { + + if (req->CreateOptions & FILE_SEQUENTIAL_ONLY_LE && + req->CreateOptions & FILE_RANDOM_ACCESS_LE) + req->CreateOptions = ~(FILE_SEQUENTIAL_ONLY_LE); + + if (req->CreateOptions & (FILE_OPEN_BY_FILE_ID_LE | + CREATE_TREE_CONNECTION | FILE_RESERVE_OPFILTER_LE)) { + rc = -EOPNOTSUPP; + goto err_out1; + } + + if (req->CreateOptions & FILE_DIRECTORY_FILE_LE) { + if (req->CreateOptions & FILE_NON_DIRECTORY_FILE_LE) { + rc = -EINVAL; + goto err_out1; + } else if (req->CreateOptions & FILE_NO_COMPRESSION_LE) + req->CreateOptions = ~(FILE_NO_COMPRESSION_LE); + } + } + + if (le32_to_cpu(req->CreateDisposition) > + le32_to_cpu(FILE_OVERWRITE_IF_LE)) { + ksmbd_err("Invalid create disposition : 0x%x\n", + le32_to_cpu(req->CreateDisposition)); + rc = -EINVAL; + goto err_out1; + } + + if (!(req->DesiredAccess & DESIRED_ACCESS_MASK)) { + ksmbd_err("Invalid disired access : 0x%x\n", + le32_to_cpu(req->DesiredAccess)); + rc = -EACCES; + goto err_out1; + } + + if (req->FileAttributes && + !(req->FileAttributes & ATTR_MASK_LE)) { + ksmbd_err("Invalid file attribute : 0x%x\n", + le32_to_cpu(req->FileAttributes)); + rc = -EINVAL; + goto err_out1; + } + + if (req->CreateContextsOffset) { + /* Parse non-durable handle create contexts */ + context = smb2_find_context_vals(req, SMB2_CREATE_EA_BUFFER); + if (IS_ERR(context)) { + rc = check_context_err(context, SMB2_CREATE_EA_BUFFER); + if (rc < 0) + goto err_out1; + } else { + ea_buf = (struct create_ea_buf_req *)context; + if (req->CreateOptions & FILE_NO_EA_KNOWLEDGE_LE) { + rsp->hdr.Status = STATUS_ACCESS_DENIED; + rc = -EACCES; + goto err_out1; + } + } + + context = smb2_find_context_vals(req, + SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST); + if (IS_ERR(context)) { + rc = check_context_err(context, + SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST); + if (rc < 0) + goto err_out1; + } else { + ksmbd_debug(SMB, + "get query maximal access context\n"); + maximal_access_ctxt = 1; + } + + context = smb2_find_context_vals(req, + SMB2_CREATE_TIMEWARP_REQUEST); + if (IS_ERR(context)) { + rc = check_context_err(context, + SMB2_CREATE_TIMEWARP_REQUEST); + if (rc < 0) + goto err_out1; + } else { + ksmbd_debug(SMB, "get timewarp context\n"); + rc = -EBADF; + goto err_out1; + } + + if (tcon->posix_extensions) { + context = smb2_find_context_vals(req, + SMB2_CREATE_TAG_POSIX); + if (IS_ERR(context)) { + rc = check_context_err(context, + SMB2_CREATE_TAG_POSIX); + if (rc < 0) + goto err_out1; + } else { + struct create_posix *posix = + (struct create_posix *)context; + ksmbd_debug(SMB, "get posix context\n"); + + posix_mode = le32_to_cpu(posix->Mode); + posix_ctxt = 1; + } + } + } + + if (ksmbd_override_fsids(work)) { + rc = -ENOMEM; + goto err_out1; + } + + if (req->CreateOptions & FILE_DELETE_ON_CLOSE_LE) { + /* + * On delete request, instead of following up, need to + * look the current entity + */ + rc = ksmbd_vfs_kern_path(name, 0, &path, 1); + if (!rc) { + /* + * If file exists with under flags, return access + * denied error. + */ + if (req->CreateDisposition == FILE_OVERWRITE_IF_LE || + req->CreateDisposition == FILE_OPEN_IF_LE) { + rc = -EACCES; + path_put(&path); + goto err_out; + } + + if (!test_tree_conn_flag(tcon, + KSMBD_TREE_CONN_FLAG_WRITABLE)) { + ksmbd_debug(SMB, + "User does not have write permission\n"); + rc = -EACCES; + path_put(&path); + goto err_out; + } + } + } else { + if (test_share_config_flag(work->tcon->share_conf, + KSMBD_SHARE_FLAG_FOLLOW_SYMLINKS)) { + /* + * Use LOOKUP_FOLLOW to follow the path of + * symlink in path buildup + */ + rc = ksmbd_vfs_kern_path(name, LOOKUP_FOLLOW, &path, 1); + if (rc) { /* Case for broken link ?*/ + rc = ksmbd_vfs_kern_path(name, 0, &path, 1); + } + } else { + rc = ksmbd_vfs_kern_path(name, 0, &path, 1); + if (!rc && d_is_symlink(path.dentry)) { + rc = -EACCES; + path_put(&path); + goto err_out; + } + } + } + + if (rc) { + if (rc == -EACCES) { + ksmbd_debug(SMB, + "User does not have right permission\n"); + goto err_out; + } + ksmbd_debug(SMB, "can not get linux path for %s, rc = %d\n", + name, rc); + rc = 0; + } else { + file_present = true; + generic_fillattr(&init_user_ns, d_inode(path.dentry), &stat); + } + if (stream_name) { + if (req->CreateOptions & FILE_DIRECTORY_FILE_LE) { + if (s_type == DATA_STREAM) { + rc = -EIO; + rsp->hdr.Status = STATUS_NOT_A_DIRECTORY; + } + } else { + if (S_ISDIR(stat.mode) && s_type == DATA_STREAM) { + rc = -EIO; + rsp->hdr.Status = STATUS_FILE_IS_A_DIRECTORY; + } + } + + if (req->CreateOptions & FILE_DIRECTORY_FILE_LE && + req->FileAttributes & ATTR_NORMAL_LE) { + rsp->hdr.Status = STATUS_NOT_A_DIRECTORY; + rc = -EIO; + } + + if (rc < 0) + goto err_out; + } + + if (file_present && req->CreateOptions & FILE_NON_DIRECTORY_FILE_LE + && S_ISDIR(stat.mode) && + !(req->CreateOptions & FILE_DELETE_ON_CLOSE_LE)) { + ksmbd_debug(SMB, "open() argument is a directory: %s, %x\n", + name, req->CreateOptions); + rsp->hdr.Status = STATUS_FILE_IS_A_DIRECTORY; + rc = -EIO; + goto err_out; + } + + if (file_present && (req->CreateOptions & FILE_DIRECTORY_FILE_LE) && + !(req->CreateDisposition == FILE_CREATE_LE) && + !S_ISDIR(stat.mode)) { + rsp->hdr.Status = STATUS_NOT_A_DIRECTORY; + rc = -EIO; + goto err_out; + } + + if (!stream_name && file_present && + (req->CreateDisposition == FILE_CREATE_LE)) { + rc = -EEXIST; + goto err_out; + } + + if (server_conf.flags & KSMBD_GLOBAL_FLAG_DURABLE_HANDLE && + file_present) + file_present = ksmbd_close_inode_fds(work, + d_inode(path.dentry)); + + daccess = smb_map_generic_desired_access(req->DesiredAccess); + + if (file_present && !(req->CreateOptions & FILE_DELETE_ON_CLOSE_LE)) { + rc = smb_check_perm_dacl(conn, path.dentry, &daccess, + sess->user->uid); + if (rc) + goto err_out; + } + + if (daccess & FILE_MAXIMAL_ACCESS_LE) { + if (!file_present) { + daccess = cpu_to_le32(GENERIC_ALL_FLAGS); + } else { + rc = ksmbd_vfs_query_maximal_access(path.dentry, + &daccess); + if (rc) + goto err_out; + already_permitted = true; + } + maximal_access = daccess; + } + + open_flags = smb2_create_open_flags(file_present, + daccess, req->CreateDisposition); + + if (!test_tree_conn_flag(tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { + if (open_flags & O_CREAT) { + ksmbd_debug(SMB, + "User does not have write permission\n"); + rc = -EACCES; + goto err_out; + } + } + + /*create file if not present */ + if (!file_present) { + rc = smb2_creat(work, &path, name, open_flags, posix_mode, + req->CreateOptions & FILE_DIRECTORY_FILE_LE); + if (rc) + goto err_out; + + created = true; + if (ea_buf) { + rc = smb2_set_ea(&ea_buf->ea, &path); + if (rc == -EOPNOTSUPP) + rc = 0; + else if (rc) + goto err_out; + } + } else if (!already_permitted) { + bool may_delete; + + may_delete = daccess & FILE_DELETE_LE || + req->CreateOptions & FILE_DELETE_ON_CLOSE_LE; + + /* FILE_READ_ATTRIBUTE is allowed without inode_permission, + * because execute(search) permission on a parent directory, + * is already granted. + */ + if (daccess & ~(FILE_READ_ATTRIBUTES_LE | + FILE_READ_CONTROL_LE)) { + if (ksmbd_vfs_inode_permission(path.dentry, + open_flags & O_ACCMODE, may_delete)) { + rc = -EACCES; + goto err_out; + } + } + } + + rc = ksmbd_query_inode_status(d_inode(path.dentry->d_parent)); + if (rc == KSMBD_INODE_STATUS_PENDING_DELETE) { + rc = -EBUSY; + goto err_out; + } + + rc = 0; + filp = dentry_open(&path, open_flags, current_cred()); + if (IS_ERR(filp)) { + rc = PTR_ERR(filp); + ksmbd_err("dentry open for dir failed, rc %d\n", rc); + goto err_out; + } + + if (file_present) { + if (!(open_flags & O_TRUNC)) + file_info = FILE_OPENED; + else + file_info = FILE_OVERWRITTEN; + + if ((req->CreateDisposition & FILE_CREATE_MASK_LE) + == FILE_SUPERSEDE_LE) + file_info = FILE_SUPERSEDED; + } else if (open_flags & O_CREAT) + file_info = FILE_CREATED; + + ksmbd_vfs_set_fadvise(filp, req->CreateOptions); + + /* Obtain Volatile-ID */ + fp = ksmbd_open_fd(work, filp); + if (IS_ERR(fp)) { + fput(filp); + rc = PTR_ERR(fp); + fp = NULL; + goto err_out; + } + + /* Get Persistent-ID */ + ksmbd_open_durable_fd(fp); + if (!HAS_FILE_ID(fp->persistent_id)) { + rc = -ENOMEM; + goto err_out; + } + + fp->filename = name; + fp->cdoption = req->CreateDisposition; + fp->daccess = daccess; + fp->saccess = req->ShareAccess; + fp->coption = req->CreateOptions; + + /* Set default windows and posix acls if creating new file */ + if (created) { + int posix_acl_rc; + struct inode *inode = path.dentry->d_inode; + + posix_acl_rc = ksmbd_vfs_inherit_posix_acl(inode, path.dentry->d_parent->d_inode); + if (posix_acl_rc) + ksmbd_debug(SMB, "inherit posix acl failed : %d\n", posix_acl_rc); + + if (test_share_config_flag(work->tcon->share_conf, + KSMBD_SHARE_FLAG_ACL_XATTR)) { + rc = smb_inherit_dacl(conn, path.dentry, sess->user->uid, + sess->user->gid); + } + + if (rc) { + rc = smb2_create_sd_buffer(work, req, path.dentry); + if (rc) { + if (posix_acl_rc) + ksmbd_vfs_set_init_posix_acl(inode); + + if (test_share_config_flag(work->tcon->share_conf, + KSMBD_SHARE_FLAG_ACL_XATTR)) { + struct smb_fattr fattr; + struct smb_ntsd *pntsd; + int pntsd_size, ace_num; + + fattr.cf_uid = inode->i_uid; + fattr.cf_gid = inode->i_gid; + fattr.cf_mode = inode->i_mode; + fattr.cf_dacls = NULL; + + fattr.cf_acls = ksmbd_vfs_get_acl(inode, ACL_TYPE_ACCESS); + ace_num = fattr.cf_acls->a_count; + if (S_ISDIR(inode->i_mode)) { + fattr.cf_dacls = + ksmbd_vfs_get_acl(inode, ACL_TYPE_DEFAULT); + ace_num += fattr.cf_dacls->a_count; + } + + pntsd = kmalloc(sizeof(struct smb_ntsd) + + sizeof(struct smb_sid)*3 + + sizeof(struct smb_acl) + + sizeof(struct smb_ace)*ace_num*2, + GFP_KERNEL); + if (!pntsd) + goto err_out; + + rc = build_sec_desc(pntsd, NULL, + OWNER_SECINFO | GROUP_SECINFO | DACL_SECINFO, + &pntsd_size, &fattr); + posix_acl_release(fattr.cf_acls); + posix_acl_release(fattr.cf_dacls); + + rc = ksmbd_vfs_set_sd_xattr(conn, + path.dentry, pntsd, pntsd_size); + if (rc) + ksmbd_err("failed to store ntacl in xattr : %d\n", + rc); + } + } + } + rc = 0; + } + + if (stream_name) { + rc = smb2_set_stream_name_xattr(&path, + fp, + stream_name, + s_type); + if (rc) + goto err_out; + file_info = FILE_CREATED; + } + + fp->attrib_only = !(req->DesiredAccess & ~(FILE_READ_ATTRIBUTES_LE | + FILE_WRITE_ATTRIBUTES_LE | FILE_SYNCHRONIZE_LE)); + if (!S_ISDIR(file_inode(filp)->i_mode) && open_flags & O_TRUNC + && !fp->attrib_only && !stream_name) { + smb_break_all_oplock(work, fp); + need_truncate = 1; + } + + /* fp should be searchable through ksmbd_inode.m_fp_list + * after daccess, saccess, attrib_only, and stream are + * initialized. + */ + write_lock(&fp->f_ci->m_lock); + list_add(&fp->node, &fp->f_ci->m_fp_list); + write_unlock(&fp->f_ci->m_lock); + + rc = ksmbd_vfs_getattr(&path, &stat); + if (rc) { + generic_fillattr(&init_user_ns, d_inode(path.dentry), &stat); + rc = 0; + } + + /* Check delete pending among previous fp before oplock break */ + if (ksmbd_inode_pending_delete(fp)) { + rc = -EBUSY; + goto err_out; + } + + share_ret = ksmbd_smb_check_shared_mode(fp->filp, fp); + if (!test_share_config_flag(work->tcon->share_conf, + KSMBD_SHARE_FLAG_OPLOCKS) || + (req_op_level == SMB2_OPLOCK_LEVEL_LEASE && + !(conn->vals->capabilities & SMB2_GLOBAL_CAP_LEASING))) { + if (share_ret < 0 && !S_ISDIR(FP_INODE(fp)->i_mode)) { + rc = share_ret; + goto err_out; + } + } else { + if (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) { + req_op_level = smb2_map_lease_to_oplock(lc->req_state); + ksmbd_debug(SMB, + "lease req for(%s) req oplock state 0x%x, lease state 0x%x\n", + name, req_op_level, lc->req_state); + rc = find_same_lease_key(sess, fp->f_ci, lc); + if (rc) + goto err_out; + } else if (open_flags == O_RDONLY && + (req_op_level == SMB2_OPLOCK_LEVEL_BATCH || + req_op_level == SMB2_OPLOCK_LEVEL_EXCLUSIVE)) + req_op_level = SMB2_OPLOCK_LEVEL_II; + + rc = smb_grant_oplock(work, req_op_level, + fp->persistent_id, fp, + le32_to_cpu(req->hdr.Id.SyncId.TreeId), + lc, share_ret); + if (rc < 0) + goto err_out; + } + + if (req->CreateOptions & FILE_DELETE_ON_CLOSE_LE) + ksmbd_fd_set_delete_on_close(fp, file_info); + + if (need_truncate) { + rc = smb2_create_truncate(&path); + if (rc) + goto err_out; + } + + if (req->CreateContextsOffset) { + struct create_alloc_size_req *az_req; + + az_req = (struct create_alloc_size_req *) + smb2_find_context_vals(req, + SMB2_CREATE_ALLOCATION_SIZE); + if (IS_ERR(az_req)) { + rc = check_context_err(az_req, + SMB2_CREATE_ALLOCATION_SIZE); + if (rc < 0) + goto err_out; + } else { + loff_t alloc_size = le64_to_cpu(az_req->AllocationSize); + int err; + + ksmbd_debug(SMB, + "request smb2 create allocate size : %llu\n", + alloc_size); + err = ksmbd_vfs_alloc_size(work, fp, alloc_size); + if (err < 0) + ksmbd_debug(SMB, + "ksmbd_vfs_alloc_size is failed : %d\n", + err); + } + + context = smb2_find_context_vals(req, + SMB2_CREATE_QUERY_ON_DISK_ID); + if (IS_ERR(context)) { + rc = check_context_err(context, + SMB2_CREATE_QUERY_ON_DISK_ID); + if (rc < 0) + goto err_out; + } else { + ksmbd_debug(SMB, "get query on disk id context\n"); + query_disk_id = 1; + } + } + + if (stat.result_mask & STATX_BTIME) + fp->create_time = ksmbd_UnixTimeToNT(stat.btime); + else + fp->create_time = ksmbd_UnixTimeToNT(stat.ctime); + if (req->FileAttributes || fp->f_ci->m_fattr == 0) + fp->f_ci->m_fattr = cpu_to_le32(smb2_get_dos_mode(&stat, + le32_to_cpu(req->FileAttributes))); + + if (!created) + smb2_update_xattrs(tcon, &path, fp); + else + smb2_new_xattrs(tcon, &path, fp); + + memcpy(fp->client_guid, conn->ClientGUID, SMB2_CLIENT_GUID_SIZE); + + if (d_info.type) { + if (d_info.type == DURABLE_REQ_V2 && + d_info.persistent) + fp->is_persistent = 1; + else + fp->is_durable = 1; + + if (d_info.type == DURABLE_REQ_V2) { + memcpy(fp->create_guid, d_info.CreateGuid, + SMB2_CREATE_GUID_SIZE); + if (d_info.timeout) + fp->durable_timeout = d_info.timeout; + else + fp->durable_timeout = 1600; + if (d_info.app_id) + memcpy(fp->app_instance_id, + d_info.app_id, 16); + } + } + +reconnected: + generic_fillattr(&init_user_ns, FP_INODE(fp), &stat); + + rsp->StructureSize = cpu_to_le16(89); + rcu_read_lock(); + opinfo = rcu_dereference(fp->f_opinfo); + rsp->OplockLevel = opinfo != NULL ? opinfo->level : 0; + rcu_read_unlock(); + rsp->Reserved = 0; + rsp->CreateAction = cpu_to_le32(file_info); + rsp->CreationTime = cpu_to_le64(fp->create_time); + time = ksmbd_UnixTimeToNT(stat.atime); + rsp->LastAccessTime = cpu_to_le64(time); + time = ksmbd_UnixTimeToNT(stat.mtime); + rsp->LastWriteTime = cpu_to_le64(time); + time = ksmbd_UnixTimeToNT(stat.ctime); + rsp->ChangeTime = cpu_to_le64(time); + rsp->AllocationSize = S_ISDIR(stat.mode) ? 0 : + cpu_to_le64(stat.blocks << 9); + rsp->EndofFile = S_ISDIR(stat.mode) ? 0 : cpu_to_le64(stat.size); + rsp->FileAttributes = fp->f_ci->m_fattr; + + rsp->Reserved2 = 0; + + rsp->PersistentFileId = cpu_to_le64(fp->persistent_id); + rsp->VolatileFileId = cpu_to_le64(fp->volatile_id); + + rsp->CreateContextsOffset = 0; + rsp->CreateContextsLength = 0; + inc_rfc1001_len(rsp_org, 88); /* StructureSize - 1*/ + + /* If lease is request send lease context response */ + if (opinfo && opinfo->is_lease) { + struct create_context *lease_ccontext; + + ksmbd_debug(SMB, "lease granted on(%s) lease state 0x%x\n", + name, opinfo->o_lease->state); + rsp->OplockLevel = SMB2_OPLOCK_LEVEL_LEASE; + + lease_ccontext = (struct create_context *)rsp->Buffer; + contxt_cnt++; + create_lease_buf(rsp->Buffer, opinfo->o_lease); + le32_add_cpu(&rsp->CreateContextsLength, + conn->vals->create_lease_size); + inc_rfc1001_len(rsp_org, conn->vals->create_lease_size); + next_ptr = &lease_ccontext->Next; + next_off = conn->vals->create_lease_size; + } + + if (d_info.type == DURABLE_REQ || d_info.type == DURABLE_REQ_V2) { + struct create_context *durable_ccontext; + + durable_ccontext = (struct create_context *)(rsp->Buffer + + le32_to_cpu(rsp->CreateContextsLength)); + contxt_cnt++; + if (d_info.type == DURABLE_REQ) { + create_durable_rsp_buf(rsp->Buffer + + le32_to_cpu(rsp->CreateContextsLength)); + le32_add_cpu(&rsp->CreateContextsLength, + conn->vals->create_durable_size); + inc_rfc1001_len(rsp_org, + conn->vals->create_durable_size); + } else { + create_durable_v2_rsp_buf(rsp->Buffer + + le32_to_cpu(rsp->CreateContextsLength), + fp); + le32_add_cpu(&rsp->CreateContextsLength, + conn->vals->create_durable_v2_size); + inc_rfc1001_len(rsp_org, + conn->vals->create_durable_v2_size); + } + + if (next_ptr) + *next_ptr = cpu_to_le32(next_off); + next_ptr = &durable_ccontext->Next; + next_off = conn->vals->create_durable_size; + } + + if (maximal_access_ctxt) { + struct create_context *mxac_ccontext; + + if (maximal_access == 0) + ksmbd_vfs_query_maximal_access(path.dentry, + &maximal_access); + mxac_ccontext = (struct create_context *)(rsp->Buffer + + le32_to_cpu(rsp->CreateContextsLength)); + contxt_cnt++; + create_mxac_rsp_buf(rsp->Buffer + + le32_to_cpu(rsp->CreateContextsLength), + le32_to_cpu(maximal_access)); + le32_add_cpu(&rsp->CreateContextsLength, + conn->vals->create_mxac_size); + inc_rfc1001_len(rsp_org, conn->vals->create_mxac_size); + if (next_ptr) + *next_ptr = cpu_to_le32(next_off); + next_ptr = &mxac_ccontext->Next; + next_off = conn->vals->create_mxac_size; + } + + if (query_disk_id) { + struct create_context *disk_id_ccontext; + + disk_id_ccontext = (struct create_context *)(rsp->Buffer + + le32_to_cpu(rsp->CreateContextsLength)); + contxt_cnt++; + create_disk_id_rsp_buf(rsp->Buffer + + le32_to_cpu(rsp->CreateContextsLength), + stat.ino, tcon->id); + le32_add_cpu(&rsp->CreateContextsLength, + conn->vals->create_disk_id_size); + inc_rfc1001_len(rsp_org, conn->vals->create_disk_id_size); + if (next_ptr) + *next_ptr = cpu_to_le32(next_off); + next_ptr = &disk_id_ccontext->Next; + next_off = conn->vals->create_disk_id_size; + } + + if (posix_ctxt) { + struct create_context *posix_ccontext; + + posix_ccontext = (struct create_context *)(rsp->Buffer + + le32_to_cpu(rsp->CreateContextsLength)); + contxt_cnt++; + create_posix_rsp_buf(rsp->Buffer + + le32_to_cpu(rsp->CreateContextsLength), + fp); + le32_add_cpu(&rsp->CreateContextsLength, + conn->vals->create_posix_size); + inc_rfc1001_len(rsp_org, conn->vals->create_posix_size); + if (next_ptr) + *next_ptr = cpu_to_le32(next_off); + } + + if (contxt_cnt > 0) { + rsp->CreateContextsOffset = + cpu_to_le32(offsetof(struct smb2_create_rsp, Buffer) + - 4); + } + +err_out: + if (file_present || created) + path_put(&path); + ksmbd_revert_fsids(work); +err_out1: + if (rc) { + if (rc == -EINVAL) + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + else if (rc == -EOPNOTSUPP) + rsp->hdr.Status = STATUS_NOT_SUPPORTED; + else if (rc == -EACCES) + rsp->hdr.Status = STATUS_ACCESS_DENIED; + else if (rc == -ENOENT) + rsp->hdr.Status = STATUS_OBJECT_NAME_INVALID; + else if (rc == -EPERM) + rsp->hdr.Status = STATUS_SHARING_VIOLATION; + else if (rc == -EBUSY) + rsp->hdr.Status = STATUS_DELETE_PENDING; + else if (rc == -EBADF) + rsp->hdr.Status = STATUS_OBJECT_NAME_NOT_FOUND; + else if (rc == -ENOEXEC) + rsp->hdr.Status = STATUS_DUPLICATE_OBJECTID; + else if (rc == -ENXIO) + rsp->hdr.Status = STATUS_NO_SUCH_DEVICE; + else if (rc == -EEXIST) + rsp->hdr.Status = STATUS_OBJECT_NAME_COLLISION; + else if (rc == -EMFILE) + rsp->hdr.Status = STATUS_INSUFFICIENT_RESOURCES; + if (!rsp->hdr.Status) + rsp->hdr.Status = STATUS_UNEXPECTED_IO_ERROR; + + if (!fp || !fp->filename) + kfree(name); + if (fp) + ksmbd_fd_put(work, fp); + smb2_set_err_rsp(work); + ksmbd_debug(SMB, "Error response: %x\n", rsp->hdr.Status); + } + + kfree(lc); + + return 0; +} + +static int readdir_info_level_struct_sz(int info_level) +{ + switch (info_level) { + case FILE_FULL_DIRECTORY_INFORMATION: + return sizeof(struct file_full_directory_info); + case FILE_BOTH_DIRECTORY_INFORMATION: + return sizeof(struct file_both_directory_info); + case FILE_DIRECTORY_INFORMATION: + return sizeof(struct file_directory_info); + case FILE_NAMES_INFORMATION: + return sizeof(struct file_names_info); + case FILEID_FULL_DIRECTORY_INFORMATION: + return sizeof(struct file_id_full_dir_info); + case FILEID_BOTH_DIRECTORY_INFORMATION: + return sizeof(struct file_id_both_directory_info); + case SMB_FIND_FILE_POSIX_INFO: + return sizeof(struct smb2_posix_info); + default: + return -EOPNOTSUPP; + } +} + +static int dentry_name(struct ksmbd_dir_info *d_info, int info_level) +{ + switch (info_level) { + case FILE_FULL_DIRECTORY_INFORMATION: + { + struct file_full_directory_info *ffdinfo; + + ffdinfo = (struct file_full_directory_info *)d_info->rptr; + d_info->rptr += le32_to_cpu(ffdinfo->NextEntryOffset); + d_info->name = ffdinfo->FileName; + d_info->name_len = le32_to_cpu(ffdinfo->FileNameLength); + return 0; + } + case FILE_BOTH_DIRECTORY_INFORMATION: + { + struct file_both_directory_info *fbdinfo; + + fbdinfo = (struct file_both_directory_info *)d_info->rptr; + d_info->rptr += le32_to_cpu(fbdinfo->NextEntryOffset); + d_info->name = fbdinfo->FileName; + d_info->name_len = le32_to_cpu(fbdinfo->FileNameLength); + return 0; + } + case FILE_DIRECTORY_INFORMATION: + { + struct file_directory_info *fdinfo; + + fdinfo = (struct file_directory_info *)d_info->rptr; + d_info->rptr += le32_to_cpu(fdinfo->NextEntryOffset); + d_info->name = fdinfo->FileName; + d_info->name_len = le32_to_cpu(fdinfo->FileNameLength); + return 0; + } + case FILE_NAMES_INFORMATION: + { + struct file_names_info *fninfo; + + fninfo = (struct file_names_info *)d_info->rptr; + d_info->rptr += le32_to_cpu(fninfo->NextEntryOffset); + d_info->name = fninfo->FileName; + d_info->name_len = le32_to_cpu(fninfo->FileNameLength); + return 0; + } + case FILEID_FULL_DIRECTORY_INFORMATION: + { + struct file_id_full_dir_info *dinfo; + + dinfo = (struct file_id_full_dir_info *)d_info->rptr; + d_info->rptr += le32_to_cpu(dinfo->NextEntryOffset); + d_info->name = dinfo->FileName; + d_info->name_len = le32_to_cpu(dinfo->FileNameLength); + return 0; + } + case FILEID_BOTH_DIRECTORY_INFORMATION: + { + struct file_id_both_directory_info *fibdinfo; + + fibdinfo = (struct file_id_both_directory_info *)d_info->rptr; + d_info->rptr += le32_to_cpu(fibdinfo->NextEntryOffset); + d_info->name = fibdinfo->FileName; + d_info->name_len = le32_to_cpu(fibdinfo->FileNameLength); + return 0; + } + case SMB_FIND_FILE_POSIX_INFO: + { + struct smb2_posix_info *posix_info; + + posix_info = (struct smb2_posix_info *)d_info->rptr; + d_info->rptr += le32_to_cpu(posix_info->NextEntryOffset); + d_info->name = posix_info->name; + d_info->name_len = le32_to_cpu(posix_info->name_len); + return 0; + } + default: + return -EINVAL; + } +} + +/** + * smb2_populate_readdir_entry() - encode directory entry in smb2 response + * buffer + * @conn: connection instance + * @info_level: smb information level + * @d_info: structure included variables for query dir + * @ksmbd_kstat: ksmbd wrapper of dirent stat information + * + * if directory has many entries, find first can't read it fully. + * find next might be called multiple times to read remaining dir entries + * + * Return: 0 on success, otherwise error + */ +static int smb2_populate_readdir_entry(struct ksmbd_conn *conn, + int info_level, + struct ksmbd_dir_info *d_info, + struct ksmbd_kstat *ksmbd_kstat) +{ + int next_entry_offset = 0; + char *conv_name; + int conv_len; + void *kstat; + int struct_sz; + + conv_name = ksmbd_convert_dir_info_name(d_info, + conn->local_nls, + &conv_len); + if (!conv_name) + return -ENOMEM; + + /* Somehow the name has only terminating NULL bytes */ + if (conv_len < 0) { + kfree(conv_name); + return -EINVAL; + } + + struct_sz = readdir_info_level_struct_sz(info_level); + next_entry_offset = ALIGN(struct_sz - 1 + conv_len, + KSMBD_DIR_INFO_ALIGNMENT); + + if (next_entry_offset > d_info->out_buf_len) { + d_info->out_buf_len = 0; + return -ENOSPC; + } + + kstat = d_info->wptr; + if (info_level != FILE_NAMES_INFORMATION) + kstat = ksmbd_vfs_init_kstat(&d_info->wptr, ksmbd_kstat); + + switch (info_level) { + case FILE_FULL_DIRECTORY_INFORMATION: + { + struct file_full_directory_info *ffdinfo; + + ffdinfo = (struct file_full_directory_info *)kstat; + ffdinfo->FileNameLength = cpu_to_le32(conv_len); + ffdinfo->EaSize = + smb2_get_reparse_tag_special_file(ksmbd_kstat->kstat->mode); + if (ffdinfo->EaSize) + ffdinfo->ExtFileAttributes = ATTR_REPARSE_POINT_LE; + if (d_info->hide_dot_file && d_info->name[0] == '.') + ffdinfo->ExtFileAttributes |= ATTR_HIDDEN_LE; + memcpy(ffdinfo->FileName, conv_name, conv_len); + ffdinfo->NextEntryOffset = cpu_to_le32(next_entry_offset); + break; + } + case FILE_BOTH_DIRECTORY_INFORMATION: + { + struct file_both_directory_info *fbdinfo; + + fbdinfo = (struct file_both_directory_info *)kstat; + fbdinfo->FileNameLength = cpu_to_le32(conv_len); + fbdinfo->EaSize = + smb2_get_reparse_tag_special_file(ksmbd_kstat->kstat->mode); + if (fbdinfo->EaSize) + fbdinfo->ExtFileAttributes = ATTR_REPARSE_POINT_LE; + fbdinfo->ShortNameLength = 0; + fbdinfo->Reserved = 0; + if (d_info->hide_dot_file && d_info->name[0] == '.') + fbdinfo->ExtFileAttributes |= ATTR_HIDDEN_LE; + memcpy(fbdinfo->FileName, conv_name, conv_len); + fbdinfo->NextEntryOffset = cpu_to_le32(next_entry_offset); + break; + } + case FILE_DIRECTORY_INFORMATION: + { + struct file_directory_info *fdinfo; + + fdinfo = (struct file_directory_info *)kstat; + fdinfo->FileNameLength = cpu_to_le32(conv_len); + if (d_info->hide_dot_file && d_info->name[0] == '.') + fdinfo->ExtFileAttributes |= ATTR_HIDDEN_LE; + memcpy(fdinfo->FileName, conv_name, conv_len); + fdinfo->NextEntryOffset = cpu_to_le32(next_entry_offset); + break; + } + case FILE_NAMES_INFORMATION: + { + struct file_names_info *fninfo; + + fninfo = (struct file_names_info *)kstat; + fninfo->FileNameLength = cpu_to_le32(conv_len); + memcpy(fninfo->FileName, conv_name, conv_len); + fninfo->NextEntryOffset = cpu_to_le32(next_entry_offset); + break; + } + case FILEID_FULL_DIRECTORY_INFORMATION: + { + struct file_id_full_dir_info *dinfo; + + dinfo = (struct file_id_full_dir_info *)kstat; + dinfo->FileNameLength = cpu_to_le32(conv_len); + dinfo->EaSize = + smb2_get_reparse_tag_special_file(ksmbd_kstat->kstat->mode); + if (dinfo->EaSize) + dinfo->ExtFileAttributes = ATTR_REPARSE_POINT_LE; + dinfo->Reserved = 0; + dinfo->UniqueId = cpu_to_le64(ksmbd_kstat->kstat->ino); + if (d_info->hide_dot_file && d_info->name[0] == '.') + dinfo->ExtFileAttributes |= ATTR_HIDDEN_LE; + memcpy(dinfo->FileName, conv_name, conv_len); + dinfo->NextEntryOffset = cpu_to_le32(next_entry_offset); + break; + } + case FILEID_BOTH_DIRECTORY_INFORMATION: + { + struct file_id_both_directory_info *fibdinfo; + + fibdinfo = (struct file_id_both_directory_info *)kstat; + fibdinfo->FileNameLength = cpu_to_le32(conv_len); + fibdinfo->EaSize = + smb2_get_reparse_tag_special_file(ksmbd_kstat->kstat->mode); + if (fibdinfo->EaSize) + fibdinfo->ExtFileAttributes = ATTR_REPARSE_POINT_LE; + fibdinfo->UniqueId = cpu_to_le64(ksmbd_kstat->kstat->ino); + fibdinfo->ShortNameLength = 0; + fibdinfo->Reserved = 0; + fibdinfo->Reserved2 = cpu_to_le16(0); + if (d_info->hide_dot_file && d_info->name[0] == '.') + fibdinfo->ExtFileAttributes |= ATTR_HIDDEN_LE; + memcpy(fibdinfo->FileName, conv_name, conv_len); + fibdinfo->NextEntryOffset = cpu_to_le32(next_entry_offset); + break; + } + case SMB_FIND_FILE_POSIX_INFO: + { + struct smb2_posix_info *posix_info; + u64 time; + + posix_info = (struct smb2_posix_info *)kstat; + posix_info->Ignored = 0; + posix_info->CreationTime = cpu_to_le64(ksmbd_kstat->create_time); + time = ksmbd_UnixTimeToNT(ksmbd_kstat->kstat->ctime); + posix_info->ChangeTime = cpu_to_le64(time); + time = ksmbd_UnixTimeToNT(ksmbd_kstat->kstat->atime); + posix_info->LastAccessTime = cpu_to_le64(time); + time = ksmbd_UnixTimeToNT(ksmbd_kstat->kstat->mtime); + posix_info->LastWriteTime = cpu_to_le64(time); + posix_info->EndOfFile = cpu_to_le64(ksmbd_kstat->kstat->size); + posix_info->AllocationSize = cpu_to_le64(ksmbd_kstat->kstat->blocks << 9); + posix_info->DeviceId = cpu_to_le32(ksmbd_kstat->kstat->rdev); + posix_info->HardLinks = cpu_to_le32(ksmbd_kstat->kstat->nlink); + posix_info->Mode = cpu_to_le32(ksmbd_kstat->kstat->mode); + posix_info->Inode = cpu_to_le64(ksmbd_kstat->kstat->ino); + posix_info->DosAttributes = + S_ISDIR(ksmbd_kstat->kstat->mode) ? ATTR_DIRECTORY_LE : ATTR_ARCHIVE_LE; + if (d_info->hide_dot_file && d_info->name[0] == '.') + posix_info->DosAttributes |= ATTR_HIDDEN_LE; + id_to_sid(from_kuid(&init_user_ns, ksmbd_kstat->kstat->uid), + SIDNFS_USER, (struct smb_sid *)&posix_info->SidBuffer[0]); + id_to_sid(from_kgid(&init_user_ns, ksmbd_kstat->kstat->gid), + SIDNFS_GROUP, (struct smb_sid *)&posix_info->SidBuffer[20]); + memcpy(posix_info->name, conv_name, conv_len); + posix_info->name_len = cpu_to_le32(conv_len); + posix_info->NextEntryOffset = cpu_to_le32(next_entry_offset); + break; + } + + } /* switch (info_level) */ + + d_info->last_entry_offset = d_info->data_count; + d_info->data_count += next_entry_offset; + d_info->wptr += next_entry_offset; + kfree(conv_name); + + ksmbd_debug(SMB, + "info_level : %d, buf_len :%d, next_offset : %d, data_count : %d\n", + info_level, d_info->out_buf_len, + next_entry_offset, d_info->data_count); + + return 0; +} + +struct smb2_query_dir_private { + struct ksmbd_work *work; + char *search_pattern; + struct ksmbd_file *dir_fp; + + struct ksmbd_dir_info *d_info; + int info_level; +}; + +static void lock_dir(struct ksmbd_file *dir_fp) +{ + struct dentry *dir = dir_fp->filp->f_path.dentry; + + inode_lock_nested(d_inode(dir), I_MUTEX_PARENT); +} + +static void unlock_dir(struct ksmbd_file *dir_fp) +{ + struct dentry *dir = dir_fp->filp->f_path.dentry; + + inode_unlock(d_inode(dir)); +} + +static int process_query_dir_entries(struct smb2_query_dir_private *priv) +{ + struct kstat kstat; + struct ksmbd_kstat ksmbd_kstat; + int rc; + int i; + + for (i = 0; i < priv->d_info->num_entry; i++) { + struct dentry *dent; + + if (dentry_name(priv->d_info, priv->info_level)) + return -EINVAL; + + lock_dir(priv->dir_fp); + dent = lookup_one_len(priv->d_info->name, + priv->dir_fp->filp->f_path.dentry, + priv->d_info->name_len); + unlock_dir(priv->dir_fp); + + if (IS_ERR(dent)) { + ksmbd_debug(SMB, "Cannot lookup `%s' [%ld]\n", + priv->d_info->name, + PTR_ERR(dent)); + continue; + } + if (unlikely(d_is_negative(dent))) { + dput(dent); + ksmbd_debug(SMB, "Negative dentry `%s'\n", + priv->d_info->name); + continue; + } + + ksmbd_kstat.kstat = &kstat; + if (priv->info_level != FILE_NAMES_INFORMATION) + ksmbd_vfs_fill_dentry_attrs(priv->work, + dent, + &ksmbd_kstat); + + rc = smb2_populate_readdir_entry(priv->work->conn, + priv->info_level, + priv->d_info, + &ksmbd_kstat); + dput(dent); + if (rc) + return rc; + } + return 0; +} + +static int reserve_populate_dentry(struct ksmbd_dir_info *d_info, + int info_level) +{ + int struct_sz; + int conv_len; + int next_entry_offset; + + struct_sz = readdir_info_level_struct_sz(info_level); + if (struct_sz == -EOPNOTSUPP) + return -EOPNOTSUPP; + + conv_len = (d_info->name_len + 1) * 2; + next_entry_offset = ALIGN(struct_sz - 1 + conv_len, + KSMBD_DIR_INFO_ALIGNMENT); + + if (next_entry_offset > d_info->out_buf_len) { + d_info->out_buf_len = 0; + return -ENOSPC; + } + + switch (info_level) { + case FILE_FULL_DIRECTORY_INFORMATION: + { + struct file_full_directory_info *ffdinfo; + + ffdinfo = (struct file_full_directory_info *)d_info->wptr; + memcpy(ffdinfo->FileName, d_info->name, d_info->name_len); + ffdinfo->FileName[d_info->name_len] = 0x00; + ffdinfo->FileNameLength = cpu_to_le32(d_info->name_len); + ffdinfo->NextEntryOffset = cpu_to_le32(next_entry_offset); + break; + } + case FILE_BOTH_DIRECTORY_INFORMATION: + { + struct file_both_directory_info *fbdinfo; + + fbdinfo = (struct file_both_directory_info *)d_info->wptr; + memcpy(fbdinfo->FileName, d_info->name, d_info->name_len); + fbdinfo->FileName[d_info->name_len] = 0x00; + fbdinfo->FileNameLength = cpu_to_le32(d_info->name_len); + fbdinfo->NextEntryOffset = cpu_to_le32(next_entry_offset); + break; + } + case FILE_DIRECTORY_INFORMATION: + { + struct file_directory_info *fdinfo; + + fdinfo = (struct file_directory_info *)d_info->wptr; + memcpy(fdinfo->FileName, d_info->name, d_info->name_len); + fdinfo->FileName[d_info->name_len] = 0x00; + fdinfo->FileNameLength = cpu_to_le32(d_info->name_len); + fdinfo->NextEntryOffset = cpu_to_le32(next_entry_offset); + break; + } + case FILE_NAMES_INFORMATION: + { + struct file_names_info *fninfo; + + fninfo = (struct file_names_info *)d_info->wptr; + memcpy(fninfo->FileName, d_info->name, d_info->name_len); + fninfo->FileName[d_info->name_len] = 0x00; + fninfo->FileNameLength = cpu_to_le32(d_info->name_len); + fninfo->NextEntryOffset = cpu_to_le32(next_entry_offset); + break; + } + case FILEID_FULL_DIRECTORY_INFORMATION: + { + struct file_id_full_dir_info *dinfo; + + dinfo = (struct file_id_full_dir_info *)d_info->wptr; + memcpy(dinfo->FileName, d_info->name, d_info->name_len); + dinfo->FileName[d_info->name_len] = 0x00; + dinfo->FileNameLength = cpu_to_le32(d_info->name_len); + dinfo->NextEntryOffset = cpu_to_le32(next_entry_offset); + break; + } + case FILEID_BOTH_DIRECTORY_INFORMATION: + { + struct file_id_both_directory_info *fibdinfo; + + fibdinfo = (struct file_id_both_directory_info *)d_info->wptr; + memcpy(fibdinfo->FileName, d_info->name, d_info->name_len); + fibdinfo->FileName[d_info->name_len] = 0x00; + fibdinfo->FileNameLength = cpu_to_le32(d_info->name_len); + fibdinfo->NextEntryOffset = cpu_to_le32(next_entry_offset); + break; + } + case SMB_FIND_FILE_POSIX_INFO: + { + struct smb2_posix_info *posix_info; + + posix_info = (struct smb2_posix_info *)d_info->wptr; + memcpy(posix_info->name, d_info->name, d_info->name_len); + posix_info->name[d_info->name_len] = 0x00; + posix_info->name_len = cpu_to_le32(d_info->name_len); + posix_info->NextEntryOffset = + cpu_to_le32(next_entry_offset); + break; + } + } /* switch (info_level) */ + + d_info->num_entry++; + d_info->out_buf_len -= next_entry_offset; + d_info->wptr += next_entry_offset; + return 0; +} + +static int __query_dir(struct dir_context *ctx, + const char *name, + int namlen, + loff_t offset, + u64 ino, + unsigned int d_type) +{ + struct ksmbd_readdir_data *buf; + struct smb2_query_dir_private *priv; + struct ksmbd_dir_info *d_info; + int rc; + + buf = container_of(ctx, struct ksmbd_readdir_data, ctx); + priv = buf->private; + d_info = priv->d_info; + + /* dot and dotdot entries are already reserved */ + if (!strcmp(".", name) || !strcmp("..", name)) + return 0; + if (ksmbd_share_veto_filename(priv->work->tcon->share_conf, name)) + return 0; + if (!match_pattern(name, priv->search_pattern)) + return 0; + + d_info->name = name; + d_info->name_len = namlen; + rc = reserve_populate_dentry(d_info, priv->info_level); + if (rc) + return rc; + if (d_info->flags & SMB2_RETURN_SINGLE_ENTRY) { + d_info->out_buf_len = 0; + return 0; + } + return 0; +} + +static void restart_ctx(struct dir_context *ctx) +{ + ctx->pos = 0; +} + +static int verify_info_level(int info_level) +{ + switch (info_level) { + case FILE_FULL_DIRECTORY_INFORMATION: + case FILE_BOTH_DIRECTORY_INFORMATION: + case FILE_DIRECTORY_INFORMATION: + case FILE_NAMES_INFORMATION: + case FILEID_FULL_DIRECTORY_INFORMATION: + case FILEID_BOTH_DIRECTORY_INFORMATION: + case SMB_FIND_FILE_POSIX_INFO: + break; + default: + return -EOPNOTSUPP; + } + + return 0; +} + +int smb2_query_dir(struct ksmbd_work *work) +{ + struct ksmbd_conn *conn = work->conn; + struct smb2_query_directory_req *req; + struct smb2_query_directory_rsp *rsp, *rsp_org; + struct ksmbd_share_config *share = work->tcon->share_conf; + struct ksmbd_file *dir_fp = NULL; + struct ksmbd_dir_info d_info; + int rc = 0; + char *srch_ptr = NULL; + unsigned char srch_flag; + int buffer_sz; + struct smb2_query_dir_private query_dir_private = {NULL, }; + + rsp_org = RESPONSE_BUF(work); + WORK_BUFFERS(work, req, rsp); + + if (ksmbd_override_fsids(work)) { + rsp->hdr.Status = STATUS_NO_MEMORY; + smb2_set_err_rsp(work); + return -ENOMEM; + } + + rc = verify_info_level(req->FileInformationClass); + if (rc) { + rc = -EFAULT; + goto err_out2; + } + + dir_fp = ksmbd_lookup_fd_slow(work, + le64_to_cpu(req->VolatileFileId), + le64_to_cpu(req->PersistentFileId)); + if (!dir_fp) { + rc = -EBADF; + goto err_out2; + } + + if (!(dir_fp->daccess & FILE_LIST_DIRECTORY_LE) || + inode_permission(&init_user_ns, file_inode(dir_fp->filp), + MAY_READ | MAY_EXEC)) { + ksmbd_err("no right to enumerate directory (%s)\n", + FP_FILENAME(dir_fp)); + rc = -EACCES; + goto err_out2; + } + + if (!S_ISDIR(file_inode(dir_fp->filp)->i_mode)) { + ksmbd_err("can't do query dir for a file\n"); + rc = -EINVAL; + goto err_out2; + } + + srch_flag = req->Flags; + srch_ptr = smb_strndup_from_utf16(req->Buffer, + le16_to_cpu(req->FileNameLength), 1, + conn->local_nls); + if (IS_ERR(srch_ptr)) { + ksmbd_debug(SMB, "Search Pattern not found\n"); + rc = -EINVAL; + goto err_out2; + } else + ksmbd_debug(SMB, "Search pattern is %s\n", srch_ptr); + + ksmbd_debug(SMB, "Directory name is %s\n", dir_fp->filename); + + if (srch_flag & SMB2_REOPEN || srch_flag & SMB2_RESTART_SCANS) { + ksmbd_debug(SMB, "Restart directory scan\n"); + generic_file_llseek(dir_fp->filp, 0, SEEK_SET); + restart_ctx(&dir_fp->readdir_data.ctx); + } + + memset(&d_info, 0, sizeof(struct ksmbd_dir_info)); + d_info.wptr = (char *)rsp->Buffer; + d_info.rptr = (char *)rsp->Buffer; + d_info.out_buf_len = (work->response_sz - + (get_rfc1002_len(rsp_org) + 4)); + d_info.out_buf_len = min_t(int, d_info.out_buf_len, + le32_to_cpu(req->OutputBufferLength)) - + sizeof(struct smb2_query_directory_rsp); + d_info.flags = srch_flag; + + /* + * reserve dot and dotdot entries in head of buffer + * in first response + */ + rc = ksmbd_populate_dot_dotdot_entries(work, req->FileInformationClass, + dir_fp, &d_info, srch_ptr, smb2_populate_readdir_entry); + if (rc == -ENOSPC) + rc = 0; + else if (rc) + goto err_out; + + if (test_share_config_flag(share, KSMBD_SHARE_FLAG_HIDE_DOT_FILES)) + d_info.hide_dot_file = true; + + buffer_sz = d_info.out_buf_len; + d_info.rptr = d_info.wptr; + query_dir_private.work = work; + query_dir_private.search_pattern = srch_ptr; + query_dir_private.dir_fp = dir_fp; + query_dir_private.d_info = &d_info; + query_dir_private.info_level = req->FileInformationClass; + dir_fp->readdir_data.private = &query_dir_private; + set_ctx_actor(&dir_fp->readdir_data.ctx, __query_dir); + + rc = ksmbd_vfs_readdir(dir_fp->filp, &dir_fp->readdir_data); + if (rc == 0) + restart_ctx(&dir_fp->readdir_data.ctx); + if (rc == -ENOSPC) + rc = 0; + if (rc) + goto err_out; + + d_info.wptr = d_info.rptr; + d_info.out_buf_len = buffer_sz; + rc = process_query_dir_entries(&query_dir_private); + if (rc) + goto err_out; + + if (!d_info.data_count && d_info.out_buf_len >= 0) { + if (srch_flag & SMB2_RETURN_SINGLE_ENTRY && !is_asterisk(srch_ptr)) + rsp->hdr.Status = STATUS_NO_SUCH_FILE; + else { + dir_fp->dot_dotdot[0] = dir_fp->dot_dotdot[1] = 0; + rsp->hdr.Status = STATUS_NO_MORE_FILES; + } + rsp->StructureSize = cpu_to_le16(9); + rsp->OutputBufferOffset = cpu_to_le16(0); + rsp->OutputBufferLength = cpu_to_le32(0); + rsp->Buffer[0] = 0; + inc_rfc1001_len(rsp_org, 9); + } else { + ((struct file_directory_info *) + ((char *)rsp->Buffer + d_info.last_entry_offset)) + ->NextEntryOffset = 0; + + rsp->StructureSize = cpu_to_le16(9); + rsp->OutputBufferOffset = cpu_to_le16(72); + rsp->OutputBufferLength = cpu_to_le32(d_info.data_count); + inc_rfc1001_len(rsp_org, 8 + d_info.data_count); + } + + kfree(srch_ptr); + ksmbd_fd_put(work, dir_fp); + ksmbd_revert_fsids(work); + return 0; + +err_out: + ksmbd_err("error while processing smb2 query dir rc = %d\n", rc); + kfree(srch_ptr); + +err_out2: + if (rc == -EINVAL) + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + else if (rc == -EACCES) + rsp->hdr.Status = STATUS_ACCESS_DENIED; + else if (rc == -ENOENT) + rsp->hdr.Status = STATUS_NO_SUCH_FILE; + else if (rc == -EBADF) + rsp->hdr.Status = STATUS_FILE_CLOSED; + else if (rc == -ENOMEM) + rsp->hdr.Status = STATUS_NO_MEMORY; + else if (rc == -EFAULT) + rsp->hdr.Status = STATUS_INVALID_INFO_CLASS; + if (!rsp->hdr.Status) + rsp->hdr.Status = STATUS_UNEXPECTED_IO_ERROR; + + smb2_set_err_rsp(work); + ksmbd_fd_put(work, dir_fp); + ksmbd_revert_fsids(work); + return 0; +} + +/** + * buffer_check_err() - helper function to check buffer errors + * @reqOutputBufferLength: max buffer length expected in command response + * @rsp: query info response buffer contains output buffer length + * @infoclass_size: query info class response buffer size + * + * Return: 0 on success, otherwise error + */ +static int buffer_check_err(int reqOutputBufferLength, + struct smb2_query_info_rsp *rsp, int infoclass_size) +{ + if (reqOutputBufferLength < le32_to_cpu(rsp->OutputBufferLength)) { + if (reqOutputBufferLength < infoclass_size) { + ksmbd_err("Invalid Buffer Size Requested\n"); + rsp->hdr.Status = STATUS_INFO_LENGTH_MISMATCH; + rsp->hdr.smb2_buf_length = cpu_to_be32( + sizeof(struct smb2_hdr) - 4); + return -EINVAL; + } + + ksmbd_debug(SMB, "Buffer Overflow\n"); + rsp->hdr.Status = STATUS_BUFFER_OVERFLOW; + rsp->hdr.smb2_buf_length = cpu_to_be32( + sizeof(struct smb2_hdr) - 4 + + reqOutputBufferLength); + rsp->OutputBufferLength = cpu_to_le32( + reqOutputBufferLength); + } + return 0; +} + +static void get_standard_info_pipe(struct smb2_query_info_rsp *rsp) +{ + struct smb2_file_standard_info *sinfo; + + sinfo = (struct smb2_file_standard_info *)rsp->Buffer; + + sinfo->AllocationSize = cpu_to_le64(4096); + sinfo->EndOfFile = cpu_to_le64(0); + sinfo->NumberOfLinks = cpu_to_le32(1); + sinfo->DeletePending = 1; + sinfo->Directory = 0; + rsp->OutputBufferLength = + cpu_to_le32(sizeof(struct smb2_file_standard_info)); + inc_rfc1001_len(rsp, sizeof(struct smb2_file_standard_info)); +} + +static void get_internal_info_pipe(struct smb2_query_info_rsp *rsp, + uint64_t num) +{ + struct smb2_file_internal_info *file_info; + + file_info = (struct smb2_file_internal_info *)rsp->Buffer; + + /* any unique number */ + file_info->IndexNumber = cpu_to_le64(num | (1ULL << 63)); + rsp->OutputBufferLength = + cpu_to_le32(sizeof(struct smb2_file_internal_info)); + inc_rfc1001_len(rsp, sizeof(struct smb2_file_internal_info)); +} + +/** + * smb2_info_file_pipe() - handler for smb2 query info on IPC pipe + * @work: smb work containing query info command buffer + * + * Return: 0 on success, otherwise error + */ +static int smb2_get_info_file_pipe(struct ksmbd_session *sess, + struct smb2_query_info_req *req, struct smb2_query_info_rsp *rsp) +{ + uint64_t id; + int rc; + + /* + * Windows can sometime send query file info request on + * pipe without opening it, checking error condition here + */ + id = le64_to_cpu(req->VolatileFileId); + if (!ksmbd_session_rpc_method(sess, id)) + return -ENOENT; + + ksmbd_debug(SMB, "FileInfoClass %u, FileId 0x%llx\n", + req->FileInfoClass, le64_to_cpu(req->VolatileFileId)); + + switch (req->FileInfoClass) { + case FILE_STANDARD_INFORMATION: + get_standard_info_pipe(rsp); + rc = buffer_check_err(le32_to_cpu(req->OutputBufferLength), + rsp, FILE_STANDARD_INFORMATION_SIZE); + break; + case FILE_INTERNAL_INFORMATION: + get_internal_info_pipe(rsp, id); + rc = buffer_check_err(le32_to_cpu(req->OutputBufferLength), + rsp, FILE_INTERNAL_INFORMATION_SIZE); + break; + default: + ksmbd_debug(SMB, "smb2_info_file_pipe for %u not supported\n", + req->FileInfoClass); + rc = -EOPNOTSUPP; + } + return rc; +} + +/** + * smb2_get_ea() - handler for smb2 get extended attribute command + * @work: smb work containing query info command buffer + * @path: path of file/dir to query info command + * @rq: get extended attribute request + * @resp: response buffer pointer + * @resp_org: base response buffer pointer in case of chained response + * + * Return: 0 on success, otherwise error + */ +static int smb2_get_ea(struct ksmbd_work *work, + struct ksmbd_file *fp, + struct smb2_query_info_req *req, + struct smb2_query_info_rsp *rsp, + void *rsp_org) +{ + struct smb2_ea_info *eainfo, *prev_eainfo; + char *name, *ptr, *xattr_list = NULL, *buf; + int rc, name_len, value_len, xattr_list_len, idx; + ssize_t buf_free_len, alignment_bytes, next_offset, rsp_data_cnt = 0; + struct smb2_ea_info_req *ea_req = NULL; + struct path *path; + + if (!(fp->daccess & FILE_READ_EA_LE)) { + ksmbd_err("Not permitted to read ext attr : 0x%x\n", + fp->daccess); + return -EACCES; + } + + path = &fp->filp->f_path; + /* single EA entry is requested with given user.* name */ + if (req->InputBufferLength) + ea_req = (struct smb2_ea_info_req *)req->Buffer; + else { + /* need to send all EAs, if no specific EA is requested*/ + if (le32_to_cpu(req->Flags) & SL_RETURN_SINGLE_ENTRY) + ksmbd_debug(SMB, + "All EAs are requested but need to send single EA entry in rsp flags 0x%x\n", + le32_to_cpu(req->Flags)); + } + + buf_free_len = work->response_sz - + (get_rfc1002_len(rsp_org) + 4) - + sizeof(struct smb2_query_info_rsp); + + if (le32_to_cpu(req->OutputBufferLength) < buf_free_len) + buf_free_len = le32_to_cpu(req->OutputBufferLength); + + rc = ksmbd_vfs_listxattr(path->dentry, &xattr_list); + if (rc < 0) { + rsp->hdr.Status = STATUS_INVALID_HANDLE; + goto out; + } else if (!rc) { /* there is no EA in the file */ + ksmbd_debug(SMB, "no ea data in the file\n"); + goto done; + } + xattr_list_len = rc; + + ptr = (char *)rsp->Buffer; + eainfo = (struct smb2_ea_info *)ptr; + prev_eainfo = eainfo; + idx = 0; + + while (idx < xattr_list_len) { + name = xattr_list + idx; + name_len = strlen(name); + + ksmbd_debug(SMB, "%s, len %d\n", name, name_len); + idx += name_len + 1; + + /* + * CIFS does not support EA other than user.* namespace, + * still keep the framework generic, to list other attrs + * in future. + */ + if (strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) + continue; + + if (!strncmp(&name[XATTR_USER_PREFIX_LEN], STREAM_PREFIX, + STREAM_PREFIX_LEN)) + continue; + + if (req->InputBufferLength && + (strncmp(&name[XATTR_USER_PREFIX_LEN], + ea_req->name, ea_req->EaNameLength))) + continue; + + if (!strncmp(&name[XATTR_USER_PREFIX_LEN], + DOS_ATTRIBUTE_PREFIX, DOS_ATTRIBUTE_PREFIX_LEN)) + continue; + + if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) + name_len -= XATTR_USER_PREFIX_LEN; + + ptr = (char *)(&eainfo->name + name_len + 1); + buf_free_len -= (offsetof(struct smb2_ea_info, name) + + name_len + 1); + /* bailout if xattr can't fit in buf_free_len */ + value_len = ksmbd_vfs_getxattr(path->dentry, name, &buf); + if (value_len <= 0) { + rc = -ENOENT; + rsp->hdr.Status = STATUS_INVALID_HANDLE; + goto out; + } + + buf_free_len -= value_len; + if (buf_free_len < 0) { + ksmbd_free(buf); + break; + } + + memcpy(ptr, buf, value_len); + ksmbd_free(buf); + + ptr += value_len; + eainfo->Flags = 0; + eainfo->EaNameLength = name_len; + + if (!strncmp(name, XATTR_USER_PREFIX, + XATTR_USER_PREFIX_LEN)) + memcpy(eainfo->name, &name[XATTR_USER_PREFIX_LEN], + name_len); + else + memcpy(eainfo->name, name, name_len); + + eainfo->name[name_len] = '\0'; + eainfo->EaValueLength = cpu_to_le16(value_len); + next_offset = offsetof(struct smb2_ea_info, name) + + name_len + 1 + value_len; + + /* align next xattr entry at 4 byte bundary */ + alignment_bytes = ((next_offset + 3) & ~3) - next_offset; + if (alignment_bytes) { + memset(ptr, '\0', alignment_bytes); + ptr += alignment_bytes; + next_offset += alignment_bytes; + buf_free_len -= alignment_bytes; + } + eainfo->NextEntryOffset = cpu_to_le32(next_offset); + prev_eainfo = eainfo; + eainfo = (struct smb2_ea_info *)ptr; + rsp_data_cnt += next_offset; + + if (req->InputBufferLength) { + ksmbd_debug(SMB, "single entry requested\n"); + break; + } + } + + /* no more ea entries */ + prev_eainfo->NextEntryOffset = 0; +done: + rc = 0; + if (rsp_data_cnt == 0) + rsp->hdr.Status = STATUS_NO_EAS_ON_FILE; + rsp->OutputBufferLength = cpu_to_le32(rsp_data_cnt); + inc_rfc1001_len(rsp_org, rsp_data_cnt); +out: + ksmbd_vfs_xattr_free(xattr_list); + return rc; +} + +static void get_file_access_info(struct smb2_query_info_rsp *rsp, + struct ksmbd_file *fp, + void *rsp_org) +{ + struct smb2_file_access_info *file_info; + + file_info = (struct smb2_file_access_info *)rsp->Buffer; + file_info->AccessFlags = fp->daccess; + rsp->OutputBufferLength = + cpu_to_le32(sizeof(struct smb2_file_access_info)); + inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_access_info)); +} + +static int get_file_basic_info(struct smb2_query_info_rsp *rsp, + struct ksmbd_file *fp, + void *rsp_org) +{ + struct smb2_file_all_info *basic_info; + struct kstat stat; + u64 time; + + if (!(fp->daccess & FILE_READ_ATTRIBUTES_LE)) { + ksmbd_err("no right to read the attributes : 0x%x\n", + fp->daccess); + return -EACCES; + } + + basic_info = (struct smb2_file_all_info *)rsp->Buffer; + generic_fillattr(&init_user_ns, FP_INODE(fp), &stat); + basic_info->CreationTime = cpu_to_le64(fp->create_time); + time = ksmbd_UnixTimeToNT(stat.atime); + basic_info->LastAccessTime = cpu_to_le64(time); + time = ksmbd_UnixTimeToNT(stat.mtime); + basic_info->LastWriteTime = cpu_to_le64(time); + time = ksmbd_UnixTimeToNT(stat.ctime); + basic_info->ChangeTime = cpu_to_le64(time); + basic_info->Attributes = fp->f_ci->m_fattr; + basic_info->Pad1 = 0; + rsp->OutputBufferLength = + cpu_to_le32(offsetof(struct smb2_file_all_info, + AllocationSize)); + inc_rfc1001_len(rsp_org, offsetof(struct smb2_file_all_info, + AllocationSize)); + return 0; +} + +static unsigned long long get_allocation_size(struct inode *inode, + struct kstat *stat) +{ + unsigned long long alloc_size = 0; + + if (!S_ISDIR(stat->mode)) { + if ((inode->i_blocks << 9) <= stat->size) + alloc_size = stat->size; + else + alloc_size = inode->i_blocks << 9; + + } + + return alloc_size; +} + +static void get_file_standard_info(struct smb2_query_info_rsp *rsp, + struct ksmbd_file *fp, + void *rsp_org) +{ + struct smb2_file_standard_info *sinfo; + unsigned int delete_pending; + struct inode *inode; + struct kstat stat; + + inode = FP_INODE(fp); + generic_fillattr(&init_user_ns, inode, &stat); + + sinfo = (struct smb2_file_standard_info *)rsp->Buffer; + delete_pending = ksmbd_inode_pending_delete(fp); + + sinfo->AllocationSize = cpu_to_le64(get_allocation_size(inode, &stat)); + sinfo->EndOfFile = S_ISDIR(stat.mode) ? 0 : cpu_to_le64(stat.size); + sinfo->NumberOfLinks = cpu_to_le32(get_nlink(&stat) - delete_pending); + sinfo->DeletePending = delete_pending; + sinfo->Directory = S_ISDIR(stat.mode) ? 1 : 0; + rsp->OutputBufferLength = + cpu_to_le32(sizeof(struct smb2_file_standard_info)); + inc_rfc1001_len(rsp_org, + sizeof(struct smb2_file_standard_info)); +} + +static void get_file_alignment_info(struct smb2_query_info_rsp *rsp, + void *rsp_org) +{ + struct smb2_file_alignment_info *file_info; + + file_info = (struct smb2_file_alignment_info *)rsp->Buffer; + file_info->AlignmentRequirement = 0; + rsp->OutputBufferLength = + cpu_to_le32(sizeof(struct smb2_file_alignment_info)); + inc_rfc1001_len(rsp_org, + sizeof(struct smb2_file_alignment_info)); +} + +static int get_file_all_info(struct ksmbd_work *work, + struct smb2_query_info_rsp *rsp, + struct ksmbd_file *fp, + void *rsp_org) +{ + struct ksmbd_conn *conn = work->conn; + struct smb2_file_all_info *file_info; + unsigned int delete_pending; + struct inode *inode; + struct kstat stat; + int conv_len; + char *filename; + u64 time; + + if (!(fp->daccess & FILE_READ_ATTRIBUTES_LE)) { + ksmbd_debug(SMB, "no right to read the attributes : 0x%x\n", + fp->daccess); + return -EACCES; + } + + filename = convert_to_nt_pathname(fp->filename, + work->tcon->share_conf->path); + if (!filename) + return -ENOMEM; + + inode = FP_INODE(fp); + generic_fillattr(&init_user_ns, inode, &stat); + + ksmbd_debug(SMB, "filename = %s\n", filename); + delete_pending = ksmbd_inode_pending_delete(fp); + file_info = (struct smb2_file_all_info *)rsp->Buffer; + + file_info->CreationTime = cpu_to_le64(fp->create_time); + time = ksmbd_UnixTimeToNT(stat.atime); + file_info->LastAccessTime = cpu_to_le64(time); + time = ksmbd_UnixTimeToNT(stat.mtime); + file_info->LastWriteTime = cpu_to_le64(time); + time = ksmbd_UnixTimeToNT(stat.ctime); + file_info->ChangeTime = cpu_to_le64(time); + file_info->Attributes = fp->f_ci->m_fattr; + file_info->Pad1 = 0; + file_info->AllocationSize = + cpu_to_le64(get_allocation_size(inode, &stat)); + file_info->EndOfFile = S_ISDIR(stat.mode) ? 0 : cpu_to_le64(stat.size); + file_info->NumberOfLinks = + cpu_to_le32(get_nlink(&stat) - delete_pending); + file_info->DeletePending = delete_pending; + file_info->Directory = S_ISDIR(stat.mode) ? 1 : 0; + file_info->Pad2 = 0; + file_info->IndexNumber = cpu_to_le64(stat.ino); + file_info->EASize = 0; + file_info->AccessFlags = fp->daccess; + file_info->CurrentByteOffset = cpu_to_le64(fp->filp->f_pos); + file_info->Mode = fp->coption; + file_info->AlignmentRequirement = 0; + conv_len = smbConvertToUTF16((__le16 *)file_info->FileName, + filename, + PATH_MAX, + conn->local_nls, + 0); + conv_len *= 2; + file_info->FileNameLength = cpu_to_le32(conv_len); + rsp->OutputBufferLength = + cpu_to_le32(sizeof(struct smb2_file_all_info) + conv_len - 1); + kfree(filename); + inc_rfc1001_len(rsp_org, le32_to_cpu(rsp->OutputBufferLength)); + return 0; +} + +static void get_file_alternate_info(struct ksmbd_work *work, + struct smb2_query_info_rsp *rsp, + struct ksmbd_file *fp, + void *rsp_org) +{ + struct ksmbd_conn *conn = work->conn; + struct smb2_file_alt_name_info *file_info; + int conv_len; + char *filename; + + filename = (char *)FP_FILENAME(fp); + file_info = (struct smb2_file_alt_name_info *)rsp->Buffer; + conv_len = ksmbd_extract_shortname(conn, + filename, + file_info->FileName); + file_info->FileNameLength = cpu_to_le32(conv_len); + rsp->OutputBufferLength = + cpu_to_le32(sizeof(struct smb2_file_alt_name_info) + conv_len); + inc_rfc1001_len(rsp_org, le32_to_cpu(rsp->OutputBufferLength)); +} + +static void get_file_stream_info(struct ksmbd_work *work, + struct smb2_query_info_rsp *rsp, + struct ksmbd_file *fp, + void *rsp_org) +{ + struct ksmbd_conn *conn = work->conn; + struct smb2_file_stream_info *file_info; + char *stream_name, *xattr_list = NULL, *stream_buf; + struct kstat stat; + struct path *path = &fp->filp->f_path; + ssize_t xattr_list_len; + int nbytes = 0, streamlen, stream_name_len, next, idx = 0; + + generic_fillattr(&init_user_ns, FP_INODE(fp), &stat); + file_info = (struct smb2_file_stream_info *)rsp->Buffer; + + xattr_list_len = ksmbd_vfs_listxattr(path->dentry, &xattr_list); + if (xattr_list_len < 0) { + goto out; + } else if (!xattr_list_len) { + ksmbd_debug(SMB, "empty xattr in the file\n"); + goto out; + } + + while (idx < xattr_list_len) { + stream_name = xattr_list + idx; + streamlen = strlen(stream_name); + idx += streamlen + 1; + + ksmbd_debug(SMB, "%s, len %d\n", stream_name, streamlen); + + if (strncmp(&stream_name[XATTR_USER_PREFIX_LEN], + STREAM_PREFIX, STREAM_PREFIX_LEN)) + continue; + + stream_name_len = streamlen - (XATTR_USER_PREFIX_LEN + + STREAM_PREFIX_LEN); + streamlen = stream_name_len; + + /* plus : size */ + streamlen += 1; + stream_buf = kmalloc(streamlen + 1, GFP_KERNEL); + if (!stream_buf) + break; + + streamlen = snprintf(stream_buf, streamlen + 1, + ":%s", &stream_name[XATTR_NAME_STREAM_LEN]); + + file_info = (struct smb2_file_stream_info *) + &rsp->Buffer[nbytes]; + streamlen = smbConvertToUTF16((__le16 *)file_info->StreamName, + stream_buf, + streamlen, + conn->local_nls, + 0); + streamlen *= 2; + kfree(stream_buf); + file_info->StreamNameLength = cpu_to_le32(streamlen); + file_info->StreamSize = cpu_to_le64(stream_name_len); + file_info->StreamAllocationSize = cpu_to_le64(stream_name_len); + + next = sizeof(struct smb2_file_stream_info) + streamlen; + nbytes += next; + file_info->NextEntryOffset = cpu_to_le32(next); + } + + if (nbytes) { + file_info = (struct smb2_file_stream_info *) + &rsp->Buffer[nbytes]; + streamlen = smbConvertToUTF16((__le16 *)file_info->StreamName, + "::$DATA", 7, conn->local_nls, 0); + streamlen *= 2; + file_info->StreamNameLength = cpu_to_le32(streamlen); + file_info->StreamSize = S_ISDIR(stat.mode) ? 0 : + cpu_to_le64(stat.size); + file_info->StreamAllocationSize = S_ISDIR(stat.mode) ? 0 : + cpu_to_le64(stat.size); + nbytes += sizeof(struct smb2_file_stream_info) + streamlen; + } + + /* last entry offset should be 0 */ + file_info->NextEntryOffset = 0; +out: + ksmbd_vfs_xattr_free(xattr_list); + + rsp->OutputBufferLength = cpu_to_le32(nbytes); + inc_rfc1001_len(rsp_org, nbytes); +} + +static void get_file_internal_info(struct smb2_query_info_rsp *rsp, + struct ksmbd_file *fp, + void *rsp_org) +{ + struct smb2_file_internal_info *file_info; + struct kstat stat; + + generic_fillattr(&init_user_ns, FP_INODE(fp), &stat); + file_info = (struct smb2_file_internal_info *)rsp->Buffer; + file_info->IndexNumber = cpu_to_le64(stat.ino); + rsp->OutputBufferLength = + cpu_to_le32(sizeof(struct smb2_file_internal_info)); + inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_internal_info)); +} + +static int get_file_network_open_info(struct smb2_query_info_rsp *rsp, + struct ksmbd_file *fp, + void *rsp_org) +{ + struct smb2_file_ntwrk_info *file_info; + struct inode *inode; + struct kstat stat; + u64 time; + + if (!(fp->daccess & FILE_READ_ATTRIBUTES_LE)) { + ksmbd_err("no right to read the attributes : 0x%x\n", + fp->daccess); + return -EACCES; + } + + file_info = (struct smb2_file_ntwrk_info *)rsp->Buffer; + + inode = FP_INODE(fp); + generic_fillattr(&init_user_ns, inode, &stat); + + file_info->CreationTime = cpu_to_le64(fp->create_time); + time = ksmbd_UnixTimeToNT(stat.atime); + file_info->LastAccessTime = cpu_to_le64(time); + time = ksmbd_UnixTimeToNT(stat.mtime); + file_info->LastWriteTime = cpu_to_le64(time); + time = ksmbd_UnixTimeToNT(stat.ctime); + file_info->ChangeTime = cpu_to_le64(time); + file_info->Attributes = fp->f_ci->m_fattr; + file_info->AllocationSize = + cpu_to_le64(get_allocation_size(inode, &stat)); + file_info->EndOfFile = S_ISDIR(stat.mode) ? 0 : cpu_to_le64(stat.size); + file_info->Reserved = cpu_to_le32(0); + rsp->OutputBufferLength = + cpu_to_le32(sizeof(struct smb2_file_ntwrk_info)); + inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_ntwrk_info)); + return 0; +} + +static void get_file_ea_info(struct smb2_query_info_rsp *rsp, + void *rsp_org) +{ + struct smb2_file_ea_info *file_info; + + file_info = (struct smb2_file_ea_info *)rsp->Buffer; + file_info->EASize = 0; + rsp->OutputBufferLength = + cpu_to_le32(sizeof(struct smb2_file_ea_info)); + inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_ea_info)); +} + +static void get_file_position_info(struct smb2_query_info_rsp *rsp, + struct ksmbd_file *fp, + void *rsp_org) +{ + struct smb2_file_pos_info *file_info; + + file_info = (struct smb2_file_pos_info *)rsp->Buffer; + file_info->CurrentByteOffset = cpu_to_le64(fp->filp->f_pos); + rsp->OutputBufferLength = + cpu_to_le32(sizeof(struct smb2_file_pos_info)); + inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_pos_info)); +} + +static void get_file_mode_info(struct smb2_query_info_rsp *rsp, + struct ksmbd_file *fp, + void *rsp_org) +{ + struct smb2_file_mode_info *file_info; + + file_info = (struct smb2_file_mode_info *)rsp->Buffer; + file_info->Mode = fp->coption & FILE_MODE_INFO_MASK; + rsp->OutputBufferLength = + cpu_to_le32(sizeof(struct smb2_file_mode_info)); + inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_mode_info)); +} + +static void get_file_compression_info(struct smb2_query_info_rsp *rsp, + struct ksmbd_file *fp, + void *rsp_org) +{ + struct smb2_file_comp_info *file_info; + struct kstat stat; + + generic_fillattr(&init_user_ns, FP_INODE(fp), &stat); + + file_info = (struct smb2_file_comp_info *)rsp->Buffer; + file_info->CompressedFileSize = cpu_to_le64(stat.blocks << 9); + file_info->CompressionFormat = COMPRESSION_FORMAT_NONE; + file_info->CompressionUnitShift = 0; + file_info->ChunkShift = 0; + file_info->ClusterShift = 0; + memset(&file_info->Reserved[0], 0, 3); + + rsp->OutputBufferLength = + cpu_to_le32(sizeof(struct smb2_file_comp_info)); + inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_comp_info)); +} + +static int get_file_attribute_tag_info(struct smb2_query_info_rsp *rsp, + struct ksmbd_file *fp, + void *rsp_org) +{ + struct smb2_file_attr_tag_info *file_info; + + if (!(fp->daccess & FILE_READ_ATTRIBUTES_LE)) { + ksmbd_err("no right to read the attributes : 0x%x\n", + fp->daccess); + return -EACCES; + } + + file_info = (struct smb2_file_attr_tag_info *)rsp->Buffer; + file_info->FileAttributes = fp->f_ci->m_fattr; + file_info->ReparseTag = 0; + rsp->OutputBufferLength = + cpu_to_le32(sizeof(struct smb2_file_attr_tag_info)); + inc_rfc1001_len(rsp_org, + sizeof(struct smb2_file_attr_tag_info)); + return 0; +} + +static int find_file_posix_info(struct smb2_query_info_rsp *rsp, + struct ksmbd_file *fp, + void *rsp_org) +{ + struct smb311_posix_qinfo *file_info; + struct inode *inode = FP_INODE(fp); + u64 time; + + file_info = (struct smb311_posix_qinfo *)rsp->Buffer; + file_info->CreationTime = cpu_to_le64(fp->create_time); + time = ksmbd_UnixTimeToNT(inode->i_atime); + file_info->LastAccessTime = cpu_to_le64(time); + time = ksmbd_UnixTimeToNT(inode->i_mtime); + file_info->LastWriteTime = cpu_to_le64(time); + time = ksmbd_UnixTimeToNT(inode->i_ctime); + file_info->ChangeTime = cpu_to_le64(time); + file_info->DosAttributes = fp->f_ci->m_fattr; + file_info->Inode = cpu_to_le64(inode->i_ino); + file_info->EndOfFile = cpu_to_le64(inode->i_size); + file_info->AllocationSize = cpu_to_le64(inode->i_blocks << 9); + file_info->HardLinks = cpu_to_le32(inode->i_nlink); + file_info->Mode = cpu_to_le32(inode->i_mode); + file_info->DeviceId = cpu_to_le32(inode->i_rdev); + rsp->OutputBufferLength = + cpu_to_le32(sizeof(struct smb311_posix_qinfo)); + inc_rfc1001_len(rsp_org, + sizeof(struct smb311_posix_qinfo)); + return 0; +} + +/** + * smb2_get_info_file() - handler for smb2 query info command + * @work: smb work containing query info request buffer + * + * Return: 0 on success, otherwise error + */ +static int smb2_get_info_file(struct ksmbd_work *work, + struct smb2_query_info_req *req, + struct smb2_query_info_rsp *rsp, + void *rsp_org) +{ + struct ksmbd_file *fp; + int fileinfoclass = 0; + int rc = 0; + int file_infoclass_size; + unsigned int id = KSMBD_NO_FID, pid = KSMBD_NO_FID; + + if (test_share_config_flag(work->tcon->share_conf, + KSMBD_SHARE_FLAG_PIPE)) { + /* smb2 info file called for pipe */ + return smb2_get_info_file_pipe(work->sess, req, rsp); + } + + if (work->next_smb2_rcv_hdr_off) { + if (!HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) { + ksmbd_debug(SMB, "Compound request set FID = %u\n", + work->compound_fid); + id = work->compound_fid; + pid = work->compound_pfid; + } + } + + if (!HAS_FILE_ID(id)) { + id = le64_to_cpu(req->VolatileFileId); + pid = le64_to_cpu(req->PersistentFileId); + } + + fp = ksmbd_lookup_fd_slow(work, id, pid); + if (!fp) + return -ENOENT; + + fileinfoclass = req->FileInfoClass; + + switch (fileinfoclass) { + case FILE_ACCESS_INFORMATION: + get_file_access_info(rsp, fp, rsp_org); + file_infoclass_size = FILE_ACCESS_INFORMATION_SIZE; + break; + + case FILE_BASIC_INFORMATION: + rc = get_file_basic_info(rsp, fp, rsp_org); + file_infoclass_size = FILE_BASIC_INFORMATION_SIZE; + break; + + case FILE_STANDARD_INFORMATION: + get_file_standard_info(rsp, fp, rsp_org); + file_infoclass_size = FILE_STANDARD_INFORMATION_SIZE; + break; + + case FILE_ALIGNMENT_INFORMATION: + get_file_alignment_info(rsp, rsp_org); + file_infoclass_size = FILE_ALIGNMENT_INFORMATION_SIZE; + break; + + case FILE_ALL_INFORMATION: + rc = get_file_all_info(work, rsp, fp, rsp_org); + file_infoclass_size = FILE_ALL_INFORMATION_SIZE; + break; + + case FILE_ALTERNATE_NAME_INFORMATION: + get_file_alternate_info(work, rsp, fp, rsp_org); + file_infoclass_size = FILE_ALTERNATE_NAME_INFORMATION_SIZE; + break; + + case FILE_STREAM_INFORMATION: + get_file_stream_info(work, rsp, fp, rsp_org); + file_infoclass_size = FILE_STREAM_INFORMATION_SIZE; + break; + + case FILE_INTERNAL_INFORMATION: + get_file_internal_info(rsp, fp, rsp_org); + file_infoclass_size = FILE_INTERNAL_INFORMATION_SIZE; + break; + + case FILE_NETWORK_OPEN_INFORMATION: + rc = get_file_network_open_info(rsp, fp, rsp_org); + file_infoclass_size = FILE_NETWORK_OPEN_INFORMATION_SIZE; + break; + + case FILE_EA_INFORMATION: + get_file_ea_info(rsp, rsp_org); + file_infoclass_size = FILE_EA_INFORMATION_SIZE; + break; + + case FILE_FULL_EA_INFORMATION: + rc = smb2_get_ea(work, fp, req, rsp, rsp_org); + file_infoclass_size = FILE_FULL_EA_INFORMATION_SIZE; + break; + + case FILE_POSITION_INFORMATION: + get_file_position_info(rsp, fp, rsp_org); + file_infoclass_size = FILE_POSITION_INFORMATION_SIZE; + break; + + case FILE_MODE_INFORMATION: + get_file_mode_info(rsp, fp, rsp_org); + file_infoclass_size = FILE_MODE_INFORMATION_SIZE; + break; + + case FILE_COMPRESSION_INFORMATION: + get_file_compression_info(rsp, fp, rsp_org); + file_infoclass_size = FILE_COMPRESSION_INFORMATION_SIZE; + break; + + case FILE_ATTRIBUTE_TAG_INFORMATION: + rc = get_file_attribute_tag_info(rsp, fp, rsp_org); + file_infoclass_size = FILE_ATTRIBUTE_TAG_INFORMATION_SIZE; + break; + case SMB_FIND_FILE_POSIX_INFO: + if (!work->tcon->posix_extensions) { + ksmbd_err("client doesn't negotiate with SMB3.1.1 POSIX Extensions\n"); + rc = -EOPNOTSUPP; + } else { + rc = find_file_posix_info(rsp, fp, rsp_org); + file_infoclass_size = sizeof(struct smb311_posix_qinfo); + } + break; + default: + ksmbd_debug(SMB, "fileinfoclass %d not supported yet\n", + fileinfoclass); + rc = -EOPNOTSUPP; + } + if (!rc) + rc = buffer_check_err(le32_to_cpu(req->OutputBufferLength), + rsp, + file_infoclass_size); + ksmbd_fd_put(work, fp); + return rc; +} + +/** + * smb2_get_info_filesystem() - handler for smb2 query info command + * @work: smb work containing query info request buffer + * + * Return: 0 on success, otherwise error + * TODO: need to implement STATUS_INFO_LENGTH_MISMATCH error handling + */ +static int smb2_get_info_filesystem(struct ksmbd_work *work, + struct smb2_query_info_req *req, + struct smb2_query_info_rsp *rsp, + void *rsp_org) +{ + struct ksmbd_session *sess = work->sess; + struct ksmbd_conn *conn = sess->conn; + struct ksmbd_share_config *share = work->tcon->share_conf; + int fsinfoclass = 0; + struct kstatfs stfs; + struct path path; + int rc = 0, len; + int fs_infoclass_size = 0; + + rc = ksmbd_vfs_kern_path(share->path, LOOKUP_FOLLOW, &path, 0); + if (rc) { + ksmbd_err("cannot create vfs path\n"); + return -EIO; + } + + rc = vfs_statfs(&path, &stfs); + if (rc) { + ksmbd_err("cannot do stat of path %s\n", share->path); + path_put(&path); + return -EIO; + } + + fsinfoclass = req->FileInfoClass; + + switch (fsinfoclass) { + case FS_DEVICE_INFORMATION: + { + struct filesystem_device_info *info; + + info = (struct filesystem_device_info *)rsp->Buffer; + + info->DeviceType = cpu_to_le32(stfs.f_type); + info->DeviceCharacteristics = cpu_to_le32(0x00000020); + rsp->OutputBufferLength = cpu_to_le32(8); + inc_rfc1001_len(rsp_org, 8); + fs_infoclass_size = FS_DEVICE_INFORMATION_SIZE; + break; + } + case FS_ATTRIBUTE_INFORMATION: + { + struct filesystem_attribute_info *info; + size_t sz; + + info = (struct filesystem_attribute_info *)rsp->Buffer; + info->Attributes = cpu_to_le32(FILE_SUPPORTS_OBJECT_IDS | + FILE_PERSISTENT_ACLS | + FILE_UNICODE_ON_DISK | + FILE_CASE_PRESERVED_NAMES | + FILE_CASE_SENSITIVE_SEARCH); + + info->Attributes |= cpu_to_le32(server_conf.share_fake_fscaps); + + info->MaxPathNameComponentLength = cpu_to_le32(stfs.f_namelen); + len = smbConvertToUTF16((__le16 *)info->FileSystemName, + "NTFS", PATH_MAX, conn->local_nls, 0); + len = len * 2; + info->FileSystemNameLen = cpu_to_le32(len); + sz = sizeof(struct filesystem_attribute_info) - 2 + len; + rsp->OutputBufferLength = cpu_to_le32(sz); + inc_rfc1001_len(rsp_org, sz); + fs_infoclass_size = FS_ATTRIBUTE_INFORMATION_SIZE; + break; + } + case FS_VOLUME_INFORMATION: + { + struct filesystem_vol_info *info; + size_t sz; + + info = (struct filesystem_vol_info *)(rsp->Buffer); + info->VolumeCreationTime = 0; + /* Taking dummy value of serial number*/ + info->SerialNumber = cpu_to_le32(0xbc3ac512); + len = smbConvertToUTF16((__le16 *)info->VolumeLabel, + share->name, PATH_MAX, + conn->local_nls, 0); + len = len * 2; + info->VolumeLabelSize = cpu_to_le32(len); + info->Reserved = 0; + sz = sizeof(struct filesystem_vol_info) - 2 + len; + rsp->OutputBufferLength = cpu_to_le32(sz); + inc_rfc1001_len(rsp_org, sz); + fs_infoclass_size = FS_VOLUME_INFORMATION_SIZE; + break; + } + case FS_SIZE_INFORMATION: + { + struct filesystem_info *info; + unsigned short logical_sector_size; + + info = (struct filesystem_info *)(rsp->Buffer); + logical_sector_size = + ksmbd_vfs_logical_sector_size(d_inode(path.dentry)); + + info->TotalAllocationUnits = cpu_to_le64(stfs.f_blocks); + info->FreeAllocationUnits = cpu_to_le64(stfs.f_bfree); + info->SectorsPerAllocationUnit = cpu_to_le32(stfs.f_bsize >> 9); + info->BytesPerSector = cpu_to_le32(logical_sector_size); + rsp->OutputBufferLength = cpu_to_le32(24); + inc_rfc1001_len(rsp_org, 24); + fs_infoclass_size = FS_SIZE_INFORMATION_SIZE; + break; + } + case FS_FULL_SIZE_INFORMATION: + { + struct smb2_fs_full_size_info *info; + unsigned short logical_sector_size; + + info = (struct smb2_fs_full_size_info *)(rsp->Buffer); + logical_sector_size = + ksmbd_vfs_logical_sector_size(d_inode(path.dentry)); + + info->TotalAllocationUnits = cpu_to_le64(stfs.f_blocks); + info->CallerAvailableAllocationUnits = + cpu_to_le64(stfs.f_bavail); + info->ActualAvailableAllocationUnits = + cpu_to_le64(stfs.f_bfree); + info->SectorsPerAllocationUnit = cpu_to_le32(stfs.f_bsize >> 9); + info->BytesPerSector = cpu_to_le32(logical_sector_size); + rsp->OutputBufferLength = cpu_to_le32(32); + inc_rfc1001_len(rsp_org, 32); + fs_infoclass_size = FS_FULL_SIZE_INFORMATION_SIZE; + break; + } + case FS_OBJECT_ID_INFORMATION: + { + struct object_id_info *info; + + info = (struct object_id_info *)(rsp->Buffer); + + if (!user_guest(sess->user)) + memcpy(info->objid, user_passkey(sess->user), 16); + else + memset(info->objid, 0, 16); + + info->extended_info.magic = cpu_to_le32(EXTENDED_INFO_MAGIC); + info->extended_info.version = cpu_to_le32(1); + info->extended_info.release = cpu_to_le32(1); + info->extended_info.rel_date = 0; + memcpy(info->extended_info.version_string, + "1.1.0", + strlen("1.1.0")); + rsp->OutputBufferLength = cpu_to_le32(64); + inc_rfc1001_len(rsp_org, 64); + fs_infoclass_size = FS_OBJECT_ID_INFORMATION_SIZE; + break; + } + case FS_SECTOR_SIZE_INFORMATION: + { + struct smb3_fs_ss_info *info; + struct ksmbd_fs_sector_size fs_ss; + + info = (struct smb3_fs_ss_info *)(rsp->Buffer); + ksmbd_vfs_smb2_sector_size(d_inode(path.dentry), &fs_ss); + + info->LogicalBytesPerSector = + cpu_to_le32(fs_ss.logical_sector_size); + info->PhysicalBytesPerSectorForAtomicity = + cpu_to_le32(fs_ss.physical_sector_size); + info->PhysicalBytesPerSectorForPerf = + cpu_to_le32(fs_ss.optimal_io_size); + info->FSEffPhysicalBytesPerSectorForAtomicity = + cpu_to_le32(fs_ss.optimal_io_size); + info->Flags = cpu_to_le32(SSINFO_FLAGS_ALIGNED_DEVICE | + SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE); + info->ByteOffsetForSectorAlignment = 0; + info->ByteOffsetForPartitionAlignment = 0; + rsp->OutputBufferLength = cpu_to_le32(28); + inc_rfc1001_len(rsp_org, 28); + fs_infoclass_size = FS_SECTOR_SIZE_INFORMATION_SIZE; + break; + } + case FS_CONTROL_INFORMATION: + { + /* + * TODO : The current implementation is based on + * test result with win7(NTFS) server. It's need to + * modify this to get valid Quota values + * from Linux kernel + */ + struct smb2_fs_control_info *info; + + info = (struct smb2_fs_control_info *)(rsp->Buffer); + info->FreeSpaceStartFiltering = 0; + info->FreeSpaceThreshold = 0; + info->FreeSpaceStopFiltering = 0; + info->DefaultQuotaThreshold = cpu_to_le64(SMB2_NO_FID); + info->DefaultQuotaLimit = cpu_to_le64(SMB2_NO_FID); + info->Padding = 0; + rsp->OutputBufferLength = cpu_to_le32(48); + inc_rfc1001_len(rsp_org, 48); + fs_infoclass_size = FS_CONTROL_INFORMATION_SIZE; + break; + } + case FS_POSIX_INFORMATION: + { + struct filesystem_posix_info *info; + unsigned short logical_sector_size; + + if (!work->tcon->posix_extensions) { + ksmbd_err("client doesn't negotiate with SMB3.1.1 POSIX Extensions\n"); + rc = -EOPNOTSUPP; + } else { + info = (struct filesystem_posix_info *)(rsp->Buffer); + logical_sector_size = + ksmbd_vfs_logical_sector_size(d_inode(path.dentry)); + info->OptimalTransferSize = cpu_to_le32(logical_sector_size); + info->BlockSize = cpu_to_le32(stfs.f_bsize); + info->TotalBlocks = cpu_to_le64(stfs.f_blocks); + info->BlocksAvail = cpu_to_le64(stfs.f_bfree); + info->UserBlocksAvail = cpu_to_le64(stfs.f_bavail); + info->TotalFileNodes = cpu_to_le64(stfs.f_files); + info->FreeFileNodes = cpu_to_le64(stfs.f_ffree); + rsp->OutputBufferLength = cpu_to_le32(56); + inc_rfc1001_len(rsp_org, 56); + fs_infoclass_size = FS_POSIX_INFORMATION_SIZE; + } + break; + } + default: + path_put(&path); + return -EOPNOTSUPP; + } + rc = buffer_check_err(le32_to_cpu(req->OutputBufferLength), + rsp, + fs_infoclass_size); + path_put(&path); + return rc; +} + +static int smb2_get_info_sec(struct ksmbd_work *work, + struct smb2_query_info_req *req, struct smb2_query_info_rsp *rsp, + void *rsp_org) +{ + struct ksmbd_file *fp; + struct smb_ntsd *pntsd = (struct smb_ntsd *)rsp->Buffer, *ppntsd = NULL; + struct smb_fattr fattr = {{0}}; + struct inode *inode; + __u32 secdesclen; + unsigned int id = KSMBD_NO_FID, pid = KSMBD_NO_FID; + int addition_info = le32_to_cpu(req->AdditionalInformation); + int rc; + + if (work->next_smb2_rcv_hdr_off) { + if (!HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) { + ksmbd_debug(SMB, "Compound request set FID = %u\n", + work->compound_fid); + id = work->compound_fid; + pid = work->compound_pfid; + } + } + + if (!HAS_FILE_ID(id)) { + id = le64_to_cpu(req->VolatileFileId); + pid = le64_to_cpu(req->PersistentFileId); + } + + fp = ksmbd_lookup_fd_slow(work, id, pid); + if (!fp) + return -ENOENT; + + inode = FP_INODE(fp); + fattr.cf_uid = inode->i_uid; + fattr.cf_gid = inode->i_gid; + fattr.cf_mode = inode->i_mode; + fattr.cf_dacls = NULL; + + fattr.cf_acls = ksmbd_vfs_get_acl(inode, ACL_TYPE_ACCESS); + if (S_ISDIR(inode->i_mode)) + fattr.cf_dacls = ksmbd_vfs_get_acl(inode, ACL_TYPE_DEFAULT); + + if (test_share_config_flag(work->tcon->share_conf, + KSMBD_SHARE_FLAG_ACL_XATTR)) + ksmbd_vfs_get_sd_xattr(work->conn, fp->filp->f_path.dentry, &ppntsd); + + rc = build_sec_desc(pntsd, ppntsd, addition_info, &secdesclen, &fattr); + posix_acl_release(fattr.cf_acls); + posix_acl_release(fattr.cf_dacls); + kfree(ppntsd); + ksmbd_fd_put(work, fp); + if (rc) + return rc; + + rsp->OutputBufferLength = cpu_to_le32(secdesclen); + inc_rfc1001_len(rsp_org, secdesclen); + return 0; +} + +/** + * smb2_query_info() - handler for smb2 query info command + * @work: smb work containing query info request buffer + * + * Return: 0 on success, otherwise error + */ +int smb2_query_info(struct ksmbd_work *work) +{ + struct smb2_query_info_req *req; + struct smb2_query_info_rsp *rsp, *rsp_org; + int rc = 0; + + rsp_org = RESPONSE_BUF(work); + WORK_BUFFERS(work, req, rsp); + + ksmbd_debug(SMB, "GOT query info request\n"); + + switch (req->InfoType) { + case SMB2_O_INFO_FILE: + ksmbd_debug(SMB, "GOT SMB2_O_INFO_FILE\n"); + rc = smb2_get_info_file(work, req, rsp, (void *)rsp_org); + break; + case SMB2_O_INFO_FILESYSTEM: + ksmbd_debug(SMB, "GOT SMB2_O_INFO_FILESYSTEM\n"); + rc = smb2_get_info_filesystem(work, req, rsp, (void *)rsp_org); + break; + case SMB2_O_INFO_SECURITY: + ksmbd_debug(SMB, "GOT SMB2_O_INFO_SECURITY\n"); + rc = smb2_get_info_sec(work, req, rsp, (void *)rsp_org); + break; + default: + ksmbd_debug(SMB, "InfoType %d not supported yet\n", + req->InfoType); + rc = -EOPNOTSUPP; + } + + if (rc < 0) { + if (rc == -EACCES) + rsp->hdr.Status = STATUS_ACCESS_DENIED; + else if (rc == -ENOENT) + rsp->hdr.Status = STATUS_FILE_CLOSED; + else if (rc == -EIO) + rsp->hdr.Status = STATUS_UNEXPECTED_IO_ERROR; + else if (rc == -EOPNOTSUPP || rsp->hdr.Status == 0) + rsp->hdr.Status = STATUS_INVALID_INFO_CLASS; + smb2_set_err_rsp(work); + + ksmbd_debug(SMB, "error while processing smb2 query rc = %d\n", + rc); + return rc; + } + rsp->StructureSize = cpu_to_le16(9); + rsp->OutputBufferOffset = cpu_to_le16(72); + inc_rfc1001_len(rsp_org, 8); + return 0; +} + +/** + * smb2_close_pipe() - handler for closing IPC pipe + * @work: smb work containing close request buffer + * + * Return: 0 + */ +static noinline int smb2_close_pipe(struct ksmbd_work *work) +{ + uint64_t id; + struct smb2_close_req *req = REQUEST_BUF(work); + struct smb2_close_rsp *rsp = RESPONSE_BUF(work); + + id = le64_to_cpu(req->VolatileFileId); + ksmbd_session_rpc_close(work->sess, id); + + rsp->StructureSize = cpu_to_le16(60); + rsp->Flags = 0; + rsp->Reserved = 0; + rsp->CreationTime = 0; + rsp->LastAccessTime = 0; + rsp->LastWriteTime = 0; + rsp->ChangeTime = 0; + rsp->AllocationSize = 0; + rsp->EndOfFile = 0; + rsp->Attributes = 0; + inc_rfc1001_len(rsp, 60); + return 0; +} + +/** + * smb2_close() - handler for smb2 close file command + * @work: smb work containing close request buffer + * + * Return: 0 + */ +int smb2_close(struct ksmbd_work *work) +{ + unsigned int volatile_id = KSMBD_NO_FID; + uint64_t sess_id; + struct smb2_close_req *req; + struct smb2_close_rsp *rsp; + struct smb2_close_rsp *rsp_org; + struct ksmbd_conn *conn = work->conn; + struct ksmbd_file *fp; + struct inode *inode; + u64 time; + int err = 0; + + rsp_org = RESPONSE_BUF(work); + WORK_BUFFERS(work, req, rsp); + + if (test_share_config_flag(work->tcon->share_conf, + KSMBD_SHARE_FLAG_PIPE)) { + ksmbd_debug(SMB, "IPC pipe close request\n"); + return smb2_close_pipe(work); + } + + sess_id = le64_to_cpu(req->hdr.SessionId); + if (req->hdr.Flags & SMB2_FLAGS_RELATED_OPERATIONS) + sess_id = work->compound_sid; + + work->compound_sid = 0; + if (check_session_id(conn, sess_id)) + work->compound_sid = sess_id; + else { + rsp->hdr.Status = STATUS_USER_SESSION_DELETED; + if (req->hdr.Flags & SMB2_FLAGS_RELATED_OPERATIONS) + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + err = -EBADF; + goto out; + } + + if (work->next_smb2_rcv_hdr_off && + !HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) { + if (!HAS_FILE_ID(work->compound_fid)) { + /* file already closed, return FILE_CLOSED */ + ksmbd_debug(SMB, "file already closed\n"); + rsp->hdr.Status = STATUS_FILE_CLOSED; + err = -EBADF; + goto out; + } else { + ksmbd_debug(SMB, "Compound request set FID = %u:%u\n", + work->compound_fid, + work->compound_pfid); + volatile_id = work->compound_fid; + + /* file closed, stored id is not valid anymore */ + work->compound_fid = KSMBD_NO_FID; + work->compound_pfid = KSMBD_NO_FID; + } + } else { + volatile_id = le64_to_cpu(req->VolatileFileId); + } + ksmbd_debug(SMB, "volatile_id = %u\n", volatile_id); + + rsp->StructureSize = cpu_to_le16(60); + rsp->Reserved = 0; + + if (req->Flags == SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB) { + fp = ksmbd_lookup_fd_fast(work, volatile_id); + if (!fp) { + err = -ENOENT; + goto out; + } + + inode = FP_INODE(fp); + rsp->Flags = SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB; + rsp->AllocationSize = S_ISDIR(inode->i_mode) ? 0 : + cpu_to_le64(inode->i_blocks << 9); + rsp->EndOfFile = cpu_to_le64(inode->i_size); + rsp->Attributes = fp->f_ci->m_fattr; + rsp->CreationTime = cpu_to_le64(fp->create_time); + time = ksmbd_UnixTimeToNT(inode->i_atime); + rsp->LastAccessTime = cpu_to_le64(time); + time = ksmbd_UnixTimeToNT(inode->i_mtime); + rsp->LastWriteTime = cpu_to_le64(time); + time = ksmbd_UnixTimeToNT(inode->i_ctime); + rsp->ChangeTime = cpu_to_le64(time); + ksmbd_fd_put(work, fp); + } else { + rsp->Flags = 0; + rsp->AllocationSize = 0; + rsp->EndOfFile = 0; + rsp->Attributes = 0; + rsp->CreationTime = 0; + rsp->LastAccessTime = 0; + rsp->LastWriteTime = 0; + rsp->ChangeTime = 0; + } + + err = ksmbd_close_fd(work, volatile_id); +out: + if (err) { + if (rsp->hdr.Status == 0) + rsp->hdr.Status = STATUS_FILE_CLOSED; + smb2_set_err_rsp(work); + } else { + inc_rfc1001_len(rsp_org, 60); + } + + return 0; +} + +/** + * smb2_echo() - handler for smb2 echo(ping) command + * @work: smb work containing echo request buffer + * + * Return: 0 + */ +int smb2_echo(struct ksmbd_work *work) +{ + struct smb2_echo_rsp *rsp = RESPONSE_BUF(work); + + rsp->StructureSize = cpu_to_le16(4); + rsp->Reserved = 0; + inc_rfc1001_len(rsp, 4); + return 0; +} + +/** + * smb2_rename() - handler for rename using smb2 setinfo command + * @work: smb work containing set info command buffer + * @filp: file pointer of source file + * @old_fid: file id of source file + * + * Return: 0 on success, otherwise error + */ +static int smb2_rename(struct ksmbd_work *work, struct ksmbd_file *fp, + struct smb2_file_rename_info *file_info, + struct nls_table *local_nls) +{ + struct ksmbd_share_config *share = fp->tcon->share_conf; + char *new_name = NULL, *abs_oldname = NULL, *old_name = NULL; + char *pathname = NULL; + struct path path; + bool file_present = true; + int rc; + + ksmbd_debug(SMB, "setting FILE_RENAME_INFO\n"); + pathname = kmalloc(PATH_MAX, GFP_KERNEL); + if (!pathname) + return -ENOMEM; + + abs_oldname = d_path(&fp->filp->f_path, pathname, PATH_MAX); + if (IS_ERR(abs_oldname)) { + rc = -EINVAL; + goto out; + } + old_name = strrchr(abs_oldname, '/'); + if (old_name && old_name[1] != '\0') + old_name++; + else { + ksmbd_debug(SMB, "can't get last component in path %s\n", + abs_oldname); + rc = -ENOENT; + goto out; + } + + new_name = smb2_get_name(share, + file_info->FileName, + le32_to_cpu(file_info->FileNameLength), + local_nls); + if (IS_ERR(new_name)) { + rc = PTR_ERR(new_name); + goto out; + } + + if (strchr(new_name, ':')) { + int s_type; + char *xattr_stream_name, *stream_name = NULL; + size_t xattr_stream_size; + int len; + + rc = parse_stream_name(new_name, &stream_name, &s_type); + if (rc < 0) + goto out; + + len = strlen(new_name); + if (new_name[len - 1] != '/') { + ksmbd_err("not allow base filename in rename\n"); + rc = -ESHARE; + goto out; + } + + rc = ksmbd_vfs_xattr_stream_name(stream_name, + &xattr_stream_name, + &xattr_stream_size, + s_type); + if (rc) + goto out; + + rc = ksmbd_vfs_setxattr(fp->filp->f_path.dentry, + xattr_stream_name, + NULL, 0, 0); + if (rc < 0) { + ksmbd_err("failed to store stream name in xattr: %d\n", + rc); + rc = -EINVAL; + goto out; + } + + goto out; + } + + ksmbd_debug(SMB, "new name %s\n", new_name); + rc = ksmbd_vfs_kern_path(new_name, 0, &path, 1); + if (rc) + file_present = false; + else + path_put(&path); + + if (ksmbd_share_veto_filename(share, new_name)) { + rc = -ENOENT; + ksmbd_debug(SMB, "Can't rename vetoed file: %s\n", new_name); + goto out; + } + + if (file_info->ReplaceIfExists) { + if (file_present) { + rc = ksmbd_vfs_remove_file(work, new_name); + if (rc) { + if (rc != -ENOTEMPTY) + rc = -EINVAL; + ksmbd_debug(SMB, "cannot delete %s, rc %d\n", + new_name, rc); + goto out; + } + } + } else { + if (file_present && + strncmp(old_name, path.dentry->d_name.name, + strlen(old_name))) { + rc = -EEXIST; + ksmbd_debug(SMB, + "cannot rename already existing file\n"); + goto out; + } + } + + rc = ksmbd_vfs_fp_rename(work, fp, new_name); +out: + kfree(pathname); + if (!IS_ERR(new_name)) + smb2_put_name(new_name); + return rc; +} + +/** + * smb2_create_link() - handler for creating hardlink using smb2 + * set info command + * @work: smb work containing set info command buffer + * @filp: file pointer of source file + * + * Return: 0 on success, otherwise error + */ +static int smb2_create_link(struct ksmbd_work *work, + struct ksmbd_share_config *share, + struct smb2_file_link_info *file_info, + struct file *filp, + struct nls_table *local_nls) +{ + char *link_name = NULL, *target_name = NULL, *pathname = NULL; + struct path path; + bool file_present = true; + int rc; + + ksmbd_debug(SMB, "setting FILE_LINK_INFORMATION\n"); + pathname = kmalloc(PATH_MAX, GFP_KERNEL); + if (!pathname) + return -ENOMEM; + + link_name = smb2_get_name(share, + file_info->FileName, + le32_to_cpu(file_info->FileNameLength), + local_nls); + if (IS_ERR(link_name) || S_ISDIR(file_inode(filp)->i_mode)) { + rc = -EINVAL; + goto out; + } + + ksmbd_debug(SMB, "link name is %s\n", link_name); + target_name = d_path(&filp->f_path, pathname, PATH_MAX); + if (IS_ERR(target_name)) { + rc = -EINVAL; + goto out; + } + + ksmbd_debug(SMB, "target name is %s\n", target_name); + rc = ksmbd_vfs_kern_path(link_name, 0, &path, 0); + if (rc) + file_present = false; + else + path_put(&path); + + if (file_info->ReplaceIfExists) { + if (file_present) { + rc = ksmbd_vfs_remove_file(work, link_name); + if (rc) { + rc = -EINVAL; + ksmbd_debug(SMB, "cannot delete %s\n", + link_name); + goto out; + } + } + } else { + if (file_present) { + rc = -EEXIST; + ksmbd_debug(SMB, "link already exists\n"); + goto out; + } + } + + rc = ksmbd_vfs_link(work, target_name, link_name); + if (rc) + rc = -EINVAL; +out: + if (!IS_ERR(link_name)) + smb2_put_name(link_name); + kfree(pathname); + return rc; +} + +static bool is_attributes_write_allowed(struct ksmbd_file *fp) +{ + return fp->daccess & FILE_WRITE_ATTRIBUTES_LE; +} + +static int set_file_basic_info(struct ksmbd_file *fp, + char *buf, + struct ksmbd_share_config *share) +{ + struct smb2_file_all_info *file_info; + struct iattr attrs; + struct iattr temp_attrs; + struct file *filp; + struct inode *inode; + int rc; + + if (!is_attributes_write_allowed(fp)) + return -EACCES; + + file_info = (struct smb2_file_all_info *)buf; + attrs.ia_valid = 0; + filp = fp->filp; + inode = file_inode(filp); + + if (file_info->CreationTime) + fp->create_time = le64_to_cpu(file_info->CreationTime); + + if (file_info->LastAccessTime) { + attrs.ia_atime = ksmbd_NTtimeToUnix(file_info->LastAccessTime); + attrs.ia_valid |= (ATTR_ATIME | ATTR_ATIME_SET); + } + + if (file_info->ChangeTime) { + temp_attrs.ia_ctime = ksmbd_NTtimeToUnix(file_info->ChangeTime); + attrs.ia_ctime = temp_attrs.ia_ctime; + attrs.ia_valid |= ATTR_CTIME; + } else + temp_attrs.ia_ctime = inode->i_ctime; + + if (file_info->LastWriteTime) { + attrs.ia_mtime = ksmbd_NTtimeToUnix(file_info->LastWriteTime); + attrs.ia_valid |= (ATTR_MTIME | ATTR_MTIME_SET); + } + + if (file_info->Attributes) { + if (!S_ISDIR(inode->i_mode) && + file_info->Attributes & ATTR_DIRECTORY_LE) { + ksmbd_err("can't change a file to a directory\n"); + return -EINVAL; + } + + if (!(S_ISDIR(inode->i_mode) && file_info->Attributes == ATTR_NORMAL_LE)) + fp->f_ci->m_fattr = file_info->Attributes | + (fp->f_ci->m_fattr & ATTR_DIRECTORY_LE); + } + + if (test_share_config_flag(share, KSMBD_SHARE_FLAG_STORE_DOS_ATTRS) && + (file_info->CreationTime || file_info->Attributes)) { + struct xattr_dos_attrib da = {0}; + + da.version = 4; + da.itime = fp->itime; + da.create_time = fp->create_time; + da.attr = le32_to_cpu(fp->f_ci->m_fattr); + da.flags = XATTR_DOSINFO_ATTRIB | XATTR_DOSINFO_CREATE_TIME | + XATTR_DOSINFO_ITIME; + + rc = ksmbd_vfs_set_dos_attrib_xattr(filp->f_path.dentry, &da); + if (rc) + ksmbd_debug(SMB, + "failed to restore file attribute in EA\n"); + rc = 0; + } + + /* + * HACK : set ctime here to avoid ctime changed + * when file_info->ChangeTime is zero. + */ + attrs.ia_ctime = temp_attrs.ia_ctime; + attrs.ia_valid |= ATTR_CTIME; + + if (attrs.ia_valid) { + struct dentry *dentry = filp->f_path.dentry; + struct inode *inode = d_inode(dentry); + + if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) + return -EACCES; + + rc = setattr_prepare(&init_user_ns, dentry, &attrs); + if (rc) + return -EINVAL; + + inode_lock(inode); + setattr_copy(&init_user_ns, inode, &attrs); + attrs.ia_valid &= ~ATTR_CTIME; + rc = notify_change(&init_user_ns, dentry, &attrs, NULL); + inode_unlock(inode); + } + return 0; +} + +static int set_file_allocation_info(struct ksmbd_work *work, + struct ksmbd_file *fp, + char *buf) +{ + /* + * TODO : It's working fine only when store dos attributes + * is not yes. need to implement a logic which works + * properly with any smb.conf option + */ + + struct smb2_file_alloc_info *file_alloc_info; + loff_t alloc_blks; + struct inode *inode; + int rc; + + if (!is_attributes_write_allowed(fp)) + return -EACCES; + + file_alloc_info = (struct smb2_file_alloc_info *)buf; + alloc_blks = (le64_to_cpu(file_alloc_info->AllocationSize) + 511) >> 9; + inode = file_inode(fp->filp); + + if (alloc_blks > inode->i_blocks) { + rc = ksmbd_vfs_alloc_size(work, fp, alloc_blks * 512); + if (rc && rc != -EOPNOTSUPP) { + ksmbd_err("ksmbd_vfs_alloc_size is failed : %d\n", rc); + return rc; + } + } else if (alloc_blks < inode->i_blocks) { + loff_t size; + + /* + * Allocation size could be smaller than original one + * which means allocated blocks in file should be + * deallocated. use truncate to cut out it, but inode + * size is also updated with truncate offset. + * inode size is retained by backup inode size. + */ + size = i_size_read(inode); + rc = ksmbd_vfs_truncate(work, NULL, fp, alloc_blks * 512); + if (rc) { + ksmbd_err("truncate failed! filename : %s, err %d\n", + fp->filename, rc); + return rc; + } + if (size < alloc_blks * 512) + i_size_write(inode, size); + } + return 0; +} + +static int set_end_of_file_info(struct ksmbd_work *work, + struct ksmbd_file *fp, + char *buf) +{ + struct smb2_file_eof_info *file_eof_info; + loff_t newsize; + struct inode *inode; + int rc; + + if (!is_attributes_write_allowed(fp)) + return -EACCES; + + file_eof_info = (struct smb2_file_eof_info *)buf; + newsize = le64_to_cpu(file_eof_info->EndOfFile); + inode = file_inode(fp->filp); + + /* + * If FILE_END_OF_FILE_INFORMATION of set_info_file is called + * on FAT32 shared device, truncate execution time is too long + * and network error could cause from windows client. because + * truncate of some filesystem like FAT32 fill zero data in + * truncated range. + */ + if (inode->i_sb->s_magic != MSDOS_SUPER_MAGIC) { + ksmbd_debug(SMB, "filename : %s truncated to newsize %lld\n", + fp->filename, newsize); + rc = ksmbd_vfs_truncate(work, NULL, fp, newsize); + if (rc) { + ksmbd_debug(SMB, + "truncate failed! filename : %s err %d\n", + fp->filename, rc); + if (rc != -EAGAIN) + rc = -EBADF; + return rc; + } + } + return 0; +} + +static int set_rename_info(struct ksmbd_work *work, + struct ksmbd_file *fp, + char *buf) +{ + struct ksmbd_file *parent_fp; + + if (!(fp->daccess & FILE_DELETE_LE)) { + ksmbd_err("no right to delete : 0x%x\n", fp->daccess); + return -EACCES; + } + + if (ksmbd_stream_fd(fp)) + goto next; + + parent_fp = ksmbd_lookup_fd_inode(PARENT_INODE(fp)); + if (parent_fp) { + if (parent_fp->daccess & FILE_DELETE_LE) { + ksmbd_err("parent dir is opened with delete access\n"); + return -ESHARE; + } + } +next: + return smb2_rename(work, fp, + (struct smb2_file_rename_info *)buf, + work->sess->conn->local_nls); +} + +static int set_file_disposition_info(struct ksmbd_file *fp, + char *buf) +{ + struct smb2_file_disposition_info *file_info; + struct inode *inode; + + if (!(fp->daccess & FILE_DELETE_LE)) { + ksmbd_err("no right to delete : 0x%x\n", fp->daccess); + return -EACCES; + } + + inode = file_inode(fp->filp); + file_info = (struct smb2_file_disposition_info *)buf; + if (file_info->DeletePending) { + if (S_ISDIR(inode->i_mode) && + ksmbd_vfs_empty_dir(fp) == -ENOTEMPTY) + return -EBUSY; + ksmbd_set_inode_pending_delete(fp); + } else { + ksmbd_clear_inode_pending_delete(fp); + } + return 0; +} + +static int set_file_position_info(struct ksmbd_file *fp, + char *buf) +{ + struct smb2_file_pos_info *file_info; + loff_t current_byte_offset; + unsigned short sector_size; + struct inode *inode; + + inode = file_inode(fp->filp); + file_info = (struct smb2_file_pos_info *)buf; + current_byte_offset = le64_to_cpu(file_info->CurrentByteOffset); + sector_size = ksmbd_vfs_logical_sector_size(inode); + + if (current_byte_offset < 0 || + (fp->coption == FILE_NO_INTERMEDIATE_BUFFERING_LE && + current_byte_offset & (sector_size-1))) { + ksmbd_err("CurrentByteOffset is not valid : %llu\n", + current_byte_offset); + return -EINVAL; + } + + fp->filp->f_pos = current_byte_offset; + return 0; +} + +static int set_file_mode_info(struct ksmbd_file *fp, + char *buf) +{ + struct smb2_file_mode_info *file_info; + __le32 mode; + + file_info = (struct smb2_file_mode_info *)buf; + mode = file_info->Mode; + + if ((mode & (~FILE_MODE_INFO_MASK)) || + (mode & FILE_SYNCHRONOUS_IO_ALERT_LE && + mode & FILE_SYNCHRONOUS_IO_NONALERT_LE)) { + ksmbd_err("Mode is not valid : 0x%x\n", le32_to_cpu(mode)); + return -EINVAL; + } + + /* + * TODO : need to implement consideration for + * FILE_SYNCHRONOUS_IO_ALERT and FILE_SYNCHRONOUS_IO_NONALERT + */ + ksmbd_vfs_set_fadvise(fp->filp, mode); + fp->coption = mode; + return 0; +} + +/** + * smb2_set_info_file() - handler for smb2 set info command + * @work: smb work containing set info command buffer + * + * Return: 0 on success, otherwise error + * TODO: need to implement an error handling for STATUS_INFO_LENGTH_MISMATCH + */ +static int smb2_set_info_file(struct ksmbd_work *work, + struct ksmbd_file *fp, + int info_class, + char *buf, + struct ksmbd_share_config *share) +{ + switch (info_class) { + case FILE_BASIC_INFORMATION: + return set_file_basic_info(fp, buf, share); + + case FILE_ALLOCATION_INFORMATION: + return set_file_allocation_info(work, fp, buf); + + case FILE_END_OF_FILE_INFORMATION: + return set_end_of_file_info(work, fp, buf); + + case FILE_RENAME_INFORMATION: + if (!test_tree_conn_flag(work->tcon, + KSMBD_TREE_CONN_FLAG_WRITABLE)) { + ksmbd_debug(SMB, + "User does not have write permission\n"); + return -EACCES; + } + return set_rename_info(work, fp, buf); + + case FILE_LINK_INFORMATION: + return smb2_create_link(work, work->tcon->share_conf, + (struct smb2_file_link_info *)buf, fp->filp, + work->sess->conn->local_nls); + + case FILE_DISPOSITION_INFORMATION: + if (!test_tree_conn_flag(work->tcon, + KSMBD_TREE_CONN_FLAG_WRITABLE)) { + ksmbd_debug(SMB, + "User does not have write permission\n"); + return -EACCES; + } + return set_file_disposition_info(fp, buf); + + case FILE_FULL_EA_INFORMATION: + { + if (!(fp->daccess & FILE_WRITE_EA_LE)) { + ksmbd_err("Not permitted to write ext attr: 0x%x\n", + fp->daccess); + return -EACCES; + } + + return smb2_set_ea((struct smb2_ea_info *)buf, + &fp->filp->f_path); + } + + case FILE_POSITION_INFORMATION: + return set_file_position_info(fp, buf); + + case FILE_MODE_INFORMATION: + return set_file_mode_info(fp, buf); + } + + ksmbd_err("Unimplemented Fileinfoclass :%d\n", info_class); + return -EOPNOTSUPP; +} + +static int smb2_set_info_sec(struct ksmbd_file *fp, + int addition_info, + char *buffer, + int buf_len) +{ + struct smb_ntsd *pntsd = (struct smb_ntsd *)buffer; + + fp->saccess |= FILE_SHARE_DELETE_LE; + + return set_info_sec(fp->conn, fp->tcon, fp->filp->f_path.dentry, pntsd, + buf_len, false); +} + +/** + * smb2_set_info() - handler for smb2 set info command handler + * @work: smb work containing set info request buffer + * + * Return: 0 on success, otherwise error + */ +int smb2_set_info(struct ksmbd_work *work) +{ + struct smb2_set_info_req *req; + struct smb2_set_info_rsp *rsp, *rsp_org; + struct ksmbd_file *fp; + int rc = 0; + unsigned int id = KSMBD_NO_FID, pid = KSMBD_NO_FID; + + ksmbd_debug(SMB, "Received set info request\n"); + + rsp_org = RESPONSE_BUF(work); + if (work->next_smb2_rcv_hdr_off) { + req = REQUEST_BUF_NEXT(work); + rsp = RESPONSE_BUF_NEXT(work); + if (!HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) { + ksmbd_debug(SMB, "Compound request set FID = %u\n", + work->compound_fid); + id = work->compound_fid; + pid = work->compound_pfid; + } + } else { + req = REQUEST_BUF(work); + rsp = RESPONSE_BUF(work); + } + + if (!HAS_FILE_ID(id)) { + id = le64_to_cpu(req->VolatileFileId); + pid = le64_to_cpu(req->PersistentFileId); + } + + fp = ksmbd_lookup_fd_slow(work, id, pid); + if (!fp) { + ksmbd_debug(SMB, "Invalid id for close: %u\n", id); + rc = -ENOENT; + goto err_out; + } + + switch (req->InfoType) { + case SMB2_O_INFO_FILE: + ksmbd_debug(SMB, "GOT SMB2_O_INFO_FILE\n"); + rc = smb2_set_info_file(work, fp, req->FileInfoClass, + req->Buffer, work->tcon->share_conf); + break; + case SMB2_O_INFO_SECURITY: + ksmbd_debug(SMB, "GOT SMB2_O_INFO_SECURITY\n"); + rc = smb2_set_info_sec(fp, + le32_to_cpu(req->AdditionalInformation), req->Buffer, + le32_to_cpu(req->BufferLength)); + break; + default: + rc = -EOPNOTSUPP; + } + + if (rc < 0) + goto err_out; + + rsp->StructureSize = cpu_to_le16(2); + inc_rfc1001_len(rsp_org, 2); + ksmbd_fd_put(work, fp); + return 0; + +err_out: + if (rc == -EACCES || rc == -EPERM) + rsp->hdr.Status = STATUS_ACCESS_DENIED; + else if (rc == -EINVAL) + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + else if (rc == -ESHARE) + rsp->hdr.Status = STATUS_SHARING_VIOLATION; + else if (rc == -ENOENT) + rsp->hdr.Status = STATUS_OBJECT_NAME_INVALID; + else if (rc == -EBUSY || rc == -ENOTEMPTY) + rsp->hdr.Status = STATUS_DIRECTORY_NOT_EMPTY; + else if (rc == -EAGAIN) + rsp->hdr.Status = STATUS_FILE_LOCK_CONFLICT; + else if (rc == -EBADF) + rsp->hdr.Status = STATUS_INVALID_HANDLE; + else if (rc == -EEXIST) + rsp->hdr.Status = STATUS_OBJECT_NAME_COLLISION; + else if (rsp->hdr.Status == 0 || rc == -EOPNOTSUPP) + rsp->hdr.Status = STATUS_INVALID_INFO_CLASS; + smb2_set_err_rsp(work); + ksmbd_fd_put(work, fp); + ksmbd_debug(SMB, "error while processing smb2 query rc = %d\n", + rc); + return rc; +} + +/** + * smb2_read_pipe() - handler for smb2 read from IPC pipe + * @work: smb work containing read IPC pipe command buffer + * + * Return: 0 on success, otherwise error + */ +static noinline int smb2_read_pipe(struct ksmbd_work *work) +{ + int nbytes = 0, err; + uint64_t id; + struct ksmbd_rpc_command *rpc_resp; + struct smb2_read_req *req = REQUEST_BUF(work); + struct smb2_read_rsp *rsp = RESPONSE_BUF(work); + + id = le64_to_cpu(req->VolatileFileId); + + inc_rfc1001_len(rsp, 16); + rpc_resp = ksmbd_rpc_read(work->sess, id); + if (rpc_resp) { + if (rpc_resp->flags != KSMBD_RPC_OK) { + err = -EINVAL; + goto out; + } + + work->aux_payload_buf = + ksmbd_alloc_response(rpc_resp->payload_sz); + if (!work->aux_payload_buf) { + err = -ENOMEM; + goto out; + } + + memcpy(work->aux_payload_buf, rpc_resp->payload, + rpc_resp->payload_sz); + + nbytes = rpc_resp->payload_sz; + work->resp_hdr_sz = get_rfc1002_len(rsp) + 4; + work->aux_payload_sz = nbytes; + ksmbd_free(rpc_resp); + } + + rsp->StructureSize = cpu_to_le16(17); + rsp->DataOffset = 80; + rsp->Reserved = 0; + rsp->DataLength = cpu_to_le32(nbytes); + rsp->DataRemaining = 0; + rsp->Reserved2 = 0; + inc_rfc1001_len(rsp, nbytes); + return 0; + +out: + rsp->hdr.Status = STATUS_UNEXPECTED_IO_ERROR; + smb2_set_err_rsp(work); + ksmbd_free(rpc_resp); + return err; +} + +static ssize_t smb2_read_rdma_channel(struct ksmbd_work *work, + struct smb2_read_req *req, + void *data_buf, size_t length) +{ + struct smb2_buffer_desc_v1 *desc = + (struct smb2_buffer_desc_v1 *)&req->Buffer[0]; + int err; + + if (work->conn->dialect == SMB30_PROT_ID + && req->Channel != SMB2_CHANNEL_RDMA_V1) + return -EINVAL; + + if (req->ReadChannelInfoOffset == 0 + || le16_to_cpu(req->ReadChannelInfoLength) < sizeof(*desc)) + return -EINVAL; + + work->need_invalidate_rkey = + (req->Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE); + work->remote_key = le32_to_cpu(desc->token); + + err = ksmbd_conn_rdma_write(work->conn, + data_buf, length, + le32_to_cpu(desc->token), + le64_to_cpu(desc->offset), + le32_to_cpu(desc->length)); + if (err) + return err; + + return length; +} + +/** + * smb2_read() - handler for smb2 read from file + * @work: smb work containing read command buffer + * + * Return: 0 on success, otherwise error + */ +int smb2_read(struct ksmbd_work *work) +{ + struct ksmbd_conn *conn = work->conn; + struct smb2_read_req *req; + struct smb2_read_rsp *rsp, *rsp_org; + struct ksmbd_file *fp; + loff_t offset; + size_t length, mincount; + ssize_t nbytes = 0, remain_bytes = 0; + int err = 0; + + rsp_org = RESPONSE_BUF(work); + WORK_BUFFERS(work, req, rsp); + + if (test_share_config_flag(work->tcon->share_conf, + KSMBD_SHARE_FLAG_PIPE)) { + ksmbd_debug(SMB, "IPC pipe read request\n"); + return smb2_read_pipe(work); + } + + fp = ksmbd_lookup_fd_slow(work, + le64_to_cpu(req->VolatileFileId), + le64_to_cpu(req->PersistentFileId)); + if (!fp) { + rsp->hdr.Status = STATUS_FILE_CLOSED; + return -ENOENT; + } + + if (!(fp->daccess & (FILE_READ_DATA_LE | FILE_READ_ATTRIBUTES_LE))) { + ksmbd_err("Not permitted to read : 0x%x\n", fp->daccess); + err = -EACCES; + goto out; + } + + offset = le64_to_cpu(req->Offset); + length = le32_to_cpu(req->Length); + mincount = le32_to_cpu(req->MinimumCount); + + if (length > conn->vals->max_read_size) { + ksmbd_debug(SMB, "limiting read size to max size(%u)\n", + conn->vals->max_read_size); + err = -EINVAL; + goto out; + } + + ksmbd_debug(SMB, "filename %s, offset %lld, len %zu\n", FP_FILENAME(fp), + offset, length); + + if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_RBUF) { + work->aux_payload_buf = + ksmbd_find_buffer(conn->vals->max_read_size); + work->set_read_buf = true; + } else { + work->aux_payload_buf = ksmbd_alloc_response(length); + } + if (!work->aux_payload_buf) { + err = nbytes; + goto out; + } + + nbytes = ksmbd_vfs_read(work, fp, length, &offset); + if (nbytes < 0) { + err = nbytes; + goto out; + } + + if ((nbytes == 0 && length != 0) || nbytes < mincount) { + if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_RBUF) + ksmbd_release_buffer(AUX_PAYLOAD(work)); + else + ksmbd_free_response(AUX_PAYLOAD(work)); + INIT_AUX_PAYLOAD(work); + rsp->hdr.Status = STATUS_END_OF_FILE; + smb2_set_err_rsp(work); + ksmbd_fd_put(work, fp); + return 0; + } + + ksmbd_debug(SMB, "nbytes %zu, offset %lld mincount %zu\n", + nbytes, offset, mincount); + + if (req->Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE || + req->Channel == SMB2_CHANNEL_RDMA_V1) { + /* write data to the client using rdma channel */ + remain_bytes = smb2_read_rdma_channel(work, req, + AUX_PAYLOAD(work), nbytes); + if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_RBUF) + ksmbd_release_buffer(AUX_PAYLOAD(work)); + else + ksmbd_free_response(AUX_PAYLOAD(work)); + INIT_AUX_PAYLOAD(work); + + nbytes = 0; + if (remain_bytes < 0) { + err = (int)remain_bytes; + goto out; + } + } + + rsp->StructureSize = cpu_to_le16(17); + rsp->DataOffset = 80; + rsp->Reserved = 0; + rsp->DataLength = cpu_to_le32(nbytes); + rsp->DataRemaining = cpu_to_le32(remain_bytes); + rsp->Reserved2 = 0; + inc_rfc1001_len(rsp_org, 16); + work->resp_hdr_sz = get_rfc1002_len(rsp_org) + 4; + work->aux_payload_sz = nbytes; + inc_rfc1001_len(rsp_org, nbytes); + ksmbd_fd_put(work, fp); + return 0; + +out: + if (err) { + if (err == -EISDIR) + rsp->hdr.Status = STATUS_INVALID_DEVICE_REQUEST; + else if (err == -EAGAIN) + rsp->hdr.Status = STATUS_FILE_LOCK_CONFLICT; + else if (err == -ENOENT) + rsp->hdr.Status = STATUS_FILE_CLOSED; + else if (err == -EACCES) + rsp->hdr.Status = STATUS_ACCESS_DENIED; + else if (err == -ESHARE) + rsp->hdr.Status = STATUS_SHARING_VIOLATION; + else if (err == -EINVAL) + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + else + rsp->hdr.Status = STATUS_INVALID_HANDLE; + + smb2_set_err_rsp(work); + } + ksmbd_fd_put(work, fp); + return err; +} + +/** + * smb2_write_pipe() - handler for smb2 write on IPC pipe + * @work: smb work containing write IPC pipe command buffer + * + * Return: 0 on success, otherwise error + */ +static noinline int smb2_write_pipe(struct ksmbd_work *work) +{ + struct smb2_write_req *req = REQUEST_BUF(work); + struct smb2_write_rsp *rsp = RESPONSE_BUF(work); + struct ksmbd_rpc_command *rpc_resp; + uint64_t id = 0; + int err = 0, ret = 0; + char *data_buf; + size_t length; + + length = le32_to_cpu(req->Length); + id = le64_to_cpu(req->VolatileFileId); + + if (le16_to_cpu(req->DataOffset) == + (offsetof(struct smb2_write_req, Buffer) - 4)) { + data_buf = (char *)&req->Buffer[0]; + } else { + if ((le16_to_cpu(req->DataOffset) > get_rfc1002_len(req)) || + (le16_to_cpu(req->DataOffset) + + length > get_rfc1002_len(req))) { + ksmbd_err("invalid write data offset %u, smb_len %u\n", + le16_to_cpu(req->DataOffset), + get_rfc1002_len(req)); + err = -EINVAL; + goto out; + } + + data_buf = (char *)(((char *)&req->hdr.ProtocolId) + + le16_to_cpu(req->DataOffset)); + } + + rpc_resp = ksmbd_rpc_write(work->sess, id, data_buf, length); + if (rpc_resp) { + if (rpc_resp->flags == KSMBD_RPC_ENOTIMPLEMENTED) { + rsp->hdr.Status = STATUS_NOT_SUPPORTED; + ksmbd_free(rpc_resp); + smb2_set_err_rsp(work); + return -EOPNOTSUPP; + } + if (rpc_resp->flags != KSMBD_RPC_OK) { + rsp->hdr.Status = STATUS_INVALID_HANDLE; + smb2_set_err_rsp(work); + ksmbd_free(rpc_resp); + return ret; + } + ksmbd_free(rpc_resp); + } + + rsp->StructureSize = cpu_to_le16(17); + rsp->DataOffset = 0; + rsp->Reserved = 0; + rsp->DataLength = cpu_to_le32(length); + rsp->DataRemaining = 0; + rsp->Reserved2 = 0; + inc_rfc1001_len(rsp, 16); + return 0; +out: + if (err) { + rsp->hdr.Status = STATUS_INVALID_HANDLE; + smb2_set_err_rsp(work); + } + + return err; +} + +static ssize_t smb2_write_rdma_channel(struct ksmbd_work *work, + struct smb2_write_req *req, struct ksmbd_file *fp, + loff_t offset, size_t length, bool sync) +{ + struct smb2_buffer_desc_v1 *desc; + char *data_buf; + int ret; + ssize_t nbytes; + + desc = (struct smb2_buffer_desc_v1 *)&req->Buffer[0]; + + if (work->conn->dialect == SMB30_PROT_ID && + req->Channel != SMB2_CHANNEL_RDMA_V1) + return -EINVAL; + + if (req->Length != 0 || req->DataOffset != 0) + return -EINVAL; + + if (req->WriteChannelInfoOffset == 0 + || le16_to_cpu(req->WriteChannelInfoLength) < sizeof(*desc)) + return -EINVAL; + + work->need_invalidate_rkey = + (req->Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE); + work->remote_key = le32_to_cpu(desc->token); + + data_buf = ksmbd_alloc_response(length); + if (!data_buf) + return -ENOMEM; + + ret = ksmbd_conn_rdma_read(work->conn, data_buf, length, + le32_to_cpu(desc->token), + le64_to_cpu(desc->offset), + le32_to_cpu(desc->length)); + + if (ret < 0) { + ksmbd_free_response(data_buf); + return ret; + } + + ret = ksmbd_vfs_write(work, fp, data_buf, length, &offset, + sync, &nbytes); + + ksmbd_free_response(data_buf); + if (ret < 0) + return ret; + + return nbytes; +} + +/** + * smb2_write() - handler for smb2 write from file + * @work: smb work containing write command buffer + * + * Return: 0 on success, otherwise error + */ +int smb2_write(struct ksmbd_work *work) +{ + struct smb2_write_req *req; + struct smb2_write_rsp *rsp, *rsp_org; + struct ksmbd_file *fp = NULL; + loff_t offset; + size_t length; + ssize_t nbytes; + char *data_buf; + bool writethrough = false; + int err = 0; + + rsp_org = RESPONSE_BUF(work); + WORK_BUFFERS(work, req, rsp); + + if (test_share_config_flag(work->tcon->share_conf, + KSMBD_SHARE_FLAG_PIPE)) { + ksmbd_debug(SMB, "IPC pipe write request\n"); + return smb2_write_pipe(work); + } + + if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { + ksmbd_debug(SMB, "User does not have write permission\n"); + err = -EACCES; + goto out; + } + + fp = ksmbd_lookup_fd_slow(work, + le64_to_cpu(req->VolatileFileId), + le64_to_cpu(req->PersistentFileId)); + if (!fp) { + rsp->hdr.Status = STATUS_FILE_CLOSED; + return -ENOENT; + } + + if (!(fp->daccess & (FILE_WRITE_DATA_LE | FILE_READ_ATTRIBUTES_LE))) { + ksmbd_err("Not permitted to write : 0x%x\n", fp->daccess); + err = -EACCES; + goto out; + } + + offset = le64_to_cpu(req->Offset); + length = le32_to_cpu(req->Length); + + if (length > work->conn->vals->max_write_size) { + ksmbd_debug(SMB, "limiting write size to max size(%u)\n", + work->conn->vals->max_write_size); + err = -EINVAL; + goto out; + } + + if (le32_to_cpu(req->Flags) & SMB2_WRITEFLAG_WRITE_THROUGH) + writethrough = true; + + if (req->Channel != SMB2_CHANNEL_RDMA_V1 && + req->Channel != SMB2_CHANNEL_RDMA_V1_INVALIDATE) { + + if (le16_to_cpu(req->DataOffset) == + (offsetof(struct smb2_write_req, Buffer) - 4)) { + data_buf = (char *)&req->Buffer[0]; + } else { + if ((le16_to_cpu(req->DataOffset) > + get_rfc1002_len(req)) || + (le16_to_cpu(req->DataOffset) + + length > get_rfc1002_len(req))) { + ksmbd_err("invalid write data offset %u, smb_len %u\n", + le16_to_cpu(req->DataOffset), + get_rfc1002_len(req)); + err = -EINVAL; + goto out; + } + + data_buf = (char *)(((char *)&req->hdr.ProtocolId) + + le16_to_cpu(req->DataOffset)); + } + + ksmbd_debug(SMB, "flags %u\n", le32_to_cpu(req->Flags)); + if (le32_to_cpu(req->Flags) & SMB2_WRITEFLAG_WRITE_THROUGH) + writethrough = true; + + ksmbd_debug(SMB, "filename %s, offset %lld, len %zu\n", + FP_FILENAME(fp), offset, length); + err = ksmbd_vfs_write(work, fp, data_buf, length, &offset, + writethrough, &nbytes); + if (err < 0) + goto out; + } else { + /* read data from the client using rdma channel, and + * write the data. + */ + nbytes = smb2_write_rdma_channel(work, req, fp, offset, + le32_to_cpu(req->RemainingBytes), + writethrough); + if (nbytes < 0) { + err = (int)nbytes; + goto out; + } + } + + rsp->StructureSize = cpu_to_le16(17); + rsp->DataOffset = 0; + rsp->Reserved = 0; + rsp->DataLength = cpu_to_le32(nbytes); + rsp->DataRemaining = 0; + rsp->Reserved2 = 0; + inc_rfc1001_len(rsp_org, 16); + ksmbd_fd_put(work, fp); + return 0; + +out: + if (err == -EAGAIN) + rsp->hdr.Status = STATUS_FILE_LOCK_CONFLICT; + else if (err == -ENOSPC || err == -EFBIG) + rsp->hdr.Status = STATUS_DISK_FULL; + else if (err == -ENOENT) + rsp->hdr.Status = STATUS_FILE_CLOSED; + else if (err == -EACCES) + rsp->hdr.Status = STATUS_ACCESS_DENIED; + else if (err == -ESHARE) + rsp->hdr.Status = STATUS_SHARING_VIOLATION; + else if (err == -EINVAL) + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + else + rsp->hdr.Status = STATUS_INVALID_HANDLE; + + smb2_set_err_rsp(work); + ksmbd_fd_put(work, fp); + return err; +} + +/** + * smb2_flush() - handler for smb2 flush file - fsync + * @work: smb work containing flush command buffer + * + * Return: 0 on success, otherwise error + */ +int smb2_flush(struct ksmbd_work *work) +{ + struct smb2_flush_req *req; + struct smb2_flush_rsp *rsp, *rsp_org; + int err; + + rsp_org = RESPONSE_BUF(work); + WORK_BUFFERS(work, req, rsp); + + ksmbd_debug(SMB, "SMB2_FLUSH called for fid %llu\n", + le64_to_cpu(req->VolatileFileId)); + + err = ksmbd_vfs_fsync(work, + le64_to_cpu(req->VolatileFileId), + le64_to_cpu(req->PersistentFileId)); + if (err) + goto out; + + rsp->StructureSize = cpu_to_le16(4); + rsp->Reserved = 0; + inc_rfc1001_len(rsp_org, 4); + return 0; + +out: + if (err) { + rsp->hdr.Status = STATUS_INVALID_HANDLE; + smb2_set_err_rsp(work); + } + + return err; +} + +/** + * smb2_cancel() - handler for smb2 cancel command + * @work: smb work containing cancel command buffer + * + * Return: 0 on success, otherwise error + */ +int smb2_cancel(struct ksmbd_work *work) +{ + struct ksmbd_conn *conn = work->conn; + struct smb2_hdr *hdr = REQUEST_BUF(work); + struct smb2_hdr *chdr; + struct ksmbd_work *cancel_work = NULL; + struct list_head *tmp; + int canceled = 0; + struct list_head *command_list; + + ksmbd_debug(SMB, "smb2 cancel called on mid %llu, async flags 0x%x\n", + hdr->MessageId, hdr->Flags); + + if (hdr->Flags & SMB2_FLAGS_ASYNC_COMMAND) { + command_list = &conn->async_requests; + + spin_lock(&conn->request_lock); + list_for_each(tmp, command_list) { + cancel_work = list_entry(tmp, struct ksmbd_work, + async_request_entry); + chdr = REQUEST_BUF(cancel_work); + + if (cancel_work->async_id != + le64_to_cpu(hdr->Id.AsyncId)) + continue; + + ksmbd_debug(SMB, + "smb2 with AsyncId %llu cancelled command = 0x%x\n", + le64_to_cpu(hdr->Id.AsyncId), + le16_to_cpu(chdr->Command)); + canceled = 1; + break; + } + spin_unlock(&conn->request_lock); + } else { + command_list = &conn->requests; + + spin_lock(&conn->request_lock); + list_for_each(tmp, command_list) { + cancel_work = list_entry(tmp, struct ksmbd_work, + request_entry); + chdr = REQUEST_BUF(cancel_work); + + if (chdr->MessageId != hdr->MessageId || + cancel_work == work) + continue; + + ksmbd_debug(SMB, + "smb2 with mid %llu cancelled command = 0x%x\n", + le64_to_cpu(hdr->MessageId), + le16_to_cpu(chdr->Command)); + canceled = 1; + break; + } + spin_unlock(&conn->request_lock); + } + + if (canceled) { + cancel_work->state = KSMBD_WORK_CANCELLED; + if (cancel_work->cancel_fn) + cancel_work->cancel_fn(cancel_work->cancel_argv); + } + + /* For SMB2_CANCEL command itself send no response*/ + work->send_no_response = 1; + return 0; +} + +struct file_lock *smb_flock_init(struct file *f) +{ + struct file_lock *fl; + + fl = locks_alloc_lock(); + if (!fl) + goto out; + + locks_init_lock(fl); + + fl->fl_owner = f; + fl->fl_pid = current->tgid; + fl->fl_file = f; + fl->fl_flags = FL_POSIX; + fl->fl_ops = NULL; + fl->fl_lmops = NULL; + +out: + return fl; +} + +static int smb2_set_flock_flags(struct file_lock *flock, int flags) +{ + int cmd = -EINVAL; + + /* Checking for wrong flag combination during lock request*/ + switch (flags) { + case SMB2_LOCKFLAG_SHARED: + ksmbd_debug(SMB, "received shared request\n"); + cmd = F_SETLKW; + flock->fl_type = F_RDLCK; + flock->fl_flags |= FL_SLEEP; + break; + case SMB2_LOCKFLAG_EXCLUSIVE: + ksmbd_debug(SMB, "received exclusive request\n"); + cmd = F_SETLKW; + flock->fl_type = F_WRLCK; + flock->fl_flags |= FL_SLEEP; + break; + case SMB2_LOCKFLAG_SHARED|SMB2_LOCKFLAG_FAIL_IMMEDIATELY: + ksmbd_debug(SMB, + "received shared & fail immediately request\n"); + cmd = F_SETLK; + flock->fl_type = F_RDLCK; + break; + case SMB2_LOCKFLAG_EXCLUSIVE|SMB2_LOCKFLAG_FAIL_IMMEDIATELY: + ksmbd_debug(SMB, + "received exclusive & fail immediately request\n"); + cmd = F_SETLK; + flock->fl_type = F_WRLCK; + break; + case SMB2_LOCKFLAG_UNLOCK: + ksmbd_debug(SMB, "received unlock request\n"); + flock->fl_type = F_UNLCK; + cmd = 0; + break; + } + + return cmd; +} + +static struct ksmbd_lock *smb2_lock_init(struct file_lock *flock, + unsigned int cmd, int flags, struct list_head *lock_list) +{ + struct ksmbd_lock *lock; + + lock = kzalloc(sizeof(struct ksmbd_lock), GFP_KERNEL); + if (!lock) + return NULL; + + lock->cmd = cmd; + lock->fl = flock; + lock->start = flock->fl_start; + lock->end = flock->fl_end; + lock->flags = flags; + if (lock->start == lock->end) + lock->zero_len = 1; + INIT_LIST_HEAD(&lock->llist); + INIT_LIST_HEAD(&lock->glist); + list_add_tail(&lock->llist, lock_list); + + return lock; +} + +static void smb2_remove_blocked_lock(void **argv) +{ + struct file_lock *flock = (struct file_lock *)argv[0]; + + ksmbd_vfs_posix_lock_unblock(flock); + wake_up(&flock->fl_wait); +} + +static inline bool lock_defer_pending(struct file_lock *fl) +{ + /* check pending lock waiters */ + return waitqueue_active(&fl->fl_wait); +} + +/** + * smb2_lock() - handler for smb2 file lock command + * @work: smb work containing lock command buffer + * + * Return: 0 on success, otherwise error + */ +int smb2_lock(struct ksmbd_work *work) +{ + struct smb2_lock_req *req = REQUEST_BUF(work); + struct smb2_lock_rsp *rsp = RESPONSE_BUF(work); + struct smb2_lock_element *lock_ele; + struct ksmbd_file *fp = NULL; + struct file_lock *flock = NULL; + struct file *filp = NULL; + int lock_count; + int flags = 0; + int cmd = 0; + int err = 0, i; + uint64_t lock_length; + struct ksmbd_lock *smb_lock = NULL, *cmp_lock, *tmp; + int nolock = 0; + LIST_HEAD(lock_list); + LIST_HEAD(rollback_list); + int prior_lock = 0; + + ksmbd_debug(SMB, "Received lock request\n"); + fp = ksmbd_lookup_fd_slow(work, + le64_to_cpu(req->VolatileFileId), + le64_to_cpu(req->PersistentFileId)); + if (!fp) { + ksmbd_debug(SMB, "Invalid file id for lock : %llu\n", + le64_to_cpu(req->VolatileFileId)); + rsp->hdr.Status = STATUS_FILE_CLOSED; + goto out2; + } + + filp = fp->filp; + lock_count = le16_to_cpu(req->LockCount); + lock_ele = req->locks; + + ksmbd_debug(SMB, "lock count is %d\n", lock_count); + if (!lock_count) { + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + goto out2; + } + + for (i = 0; i < lock_count; i++) { + flags = le32_to_cpu(lock_ele[i].Flags); + + flock = smb_flock_init(filp); + if (!flock) { + rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED; + goto out; + } + + cmd = smb2_set_flock_flags(flock, flags); + + flock->fl_start = le64_to_cpu(lock_ele[i].Offset); + if (flock->fl_start > OFFSET_MAX) { + ksmbd_err("Invalid lock range requested\n"); + rsp->hdr.Status = STATUS_INVALID_LOCK_RANGE; + goto out; + } + + lock_length = le64_to_cpu(lock_ele[i].Length); + if (lock_length > 0) { + if (lock_length > + OFFSET_MAX - flock->fl_start) { + ksmbd_debug(SMB, + "Invalid lock range requested\n"); + lock_length = OFFSET_MAX - flock->fl_start; + rsp->hdr.Status = STATUS_INVALID_LOCK_RANGE; + goto out; + } + } else + lock_length = 0; + + flock->fl_end = flock->fl_start + lock_length; + + if (flock->fl_end < flock->fl_start) { + ksmbd_debug(SMB, + "the end offset(%llx) is smaller than the start offset(%llx)\n", + flock->fl_end, flock->fl_start); + rsp->hdr.Status = STATUS_INVALID_LOCK_RANGE; + goto out; + } + + /* Check conflict locks in one request */ + list_for_each_entry(cmp_lock, &lock_list, llist) { + if (cmp_lock->fl->fl_start <= flock->fl_start && + cmp_lock->fl->fl_end >= flock->fl_end) { + if (cmp_lock->fl->fl_type != F_UNLCK && + flock->fl_type != F_UNLCK) { + ksmbd_err("conflict two locks in one request\n"); + rsp->hdr.Status = + STATUS_INVALID_PARAMETER; + goto out; + } + } + } + + smb_lock = smb2_lock_init(flock, cmd, flags, &lock_list); + if (!smb_lock) { + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + goto out; + } + } + + list_for_each_entry_safe(smb_lock, tmp, &lock_list, llist) { + if (smb_lock->cmd < 0) { + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + goto out; + } + + if (!(smb_lock->flags & SMB2_LOCKFLAG_MASK)) { + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + goto out; + } + + if ((prior_lock & (SMB2_LOCKFLAG_EXCLUSIVE | + SMB2_LOCKFLAG_SHARED) && + smb_lock->flags & SMB2_LOCKFLAG_UNLOCK) || + (prior_lock == SMB2_LOCKFLAG_UNLOCK && + !(smb_lock->flags & SMB2_LOCKFLAG_UNLOCK))) { + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + goto out; + } + + prior_lock = smb_lock->flags; + + if (!(smb_lock->flags & SMB2_LOCKFLAG_UNLOCK) && + !(smb_lock->flags & SMB2_LOCKFLAG_FAIL_IMMEDIATELY)) + goto no_check_gl; + + nolock = 1; + /* check locks in global list */ + list_for_each_entry(cmp_lock, &global_lock_list, glist) { + if (file_inode(cmp_lock->fl->fl_file) != + file_inode(smb_lock->fl->fl_file)) + continue; + + if (smb_lock->fl->fl_type == F_UNLCK) { + if (cmp_lock->fl->fl_file == + smb_lock->fl->fl_file && + cmp_lock->start == smb_lock->start && + cmp_lock->end == smb_lock->end && + !lock_defer_pending(cmp_lock->fl)) { + nolock = 0; + locks_free_lock(cmp_lock->fl); + list_del(&cmp_lock->glist); + kfree(cmp_lock); + break; + } + continue; + } + + if (cmp_lock->fl->fl_file == smb_lock->fl->fl_file) { + if (smb_lock->flags & SMB2_LOCKFLAG_SHARED) + continue; + } else { + if (cmp_lock->flags & SMB2_LOCKFLAG_SHARED) + continue; + } + + /* check zero byte lock range */ + if (cmp_lock->zero_len && !smb_lock->zero_len && + cmp_lock->start > smb_lock->start && + cmp_lock->start < smb_lock->end) { + ksmbd_err("previous lock conflict with zero byte lock range\n"); + rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED; + goto out; + } + + if (smb_lock->zero_len && !cmp_lock->zero_len && + smb_lock->start > cmp_lock->start && + smb_lock->start < cmp_lock->end) { + ksmbd_err("current lock conflict with zero byte lock range\n"); + rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED; + goto out; + } + + if (((cmp_lock->start <= smb_lock->start && + cmp_lock->end > smb_lock->start) || + (cmp_lock->start < smb_lock->end && + cmp_lock->end >= smb_lock->end)) && + !cmp_lock->zero_len && !smb_lock->zero_len) { + ksmbd_err("Not allow lock operation on exclusive lock range\n"); + rsp->hdr.Status = + STATUS_LOCK_NOT_GRANTED; + goto out; + } + } + + if (smb_lock->fl->fl_type == F_UNLCK && nolock) { + ksmbd_err("Try to unlock nolocked range\n"); + rsp->hdr.Status = STATUS_RANGE_NOT_LOCKED; + goto out; + } + +no_check_gl: + if (smb_lock->zero_len) { + err = 0; + goto skip; + } + + flock = smb_lock->fl; + list_del(&smb_lock->llist); +retry: + err = ksmbd_vfs_lock(filp, smb_lock->cmd, flock); +skip: + if (flags & SMB2_LOCKFLAG_UNLOCK) { + if (!err) + ksmbd_debug(SMB, "File unlocked\n"); + else if (err == -ENOENT) { + rsp->hdr.Status = STATUS_NOT_LOCKED; + goto out; + } + locks_free_lock(flock); + kfree(smb_lock); + } else { + if (err == FILE_LOCK_DEFERRED) { + void **argv; + + ksmbd_debug(SMB, + "would have to wait for getting lock\n"); + list_add_tail(&smb_lock->glist, + &global_lock_list); + list_add(&smb_lock->llist, &rollback_list); + + argv = kmalloc(sizeof(void *), GFP_KERNEL); + if (!argv) { + err = -ENOMEM; + goto out; + } + argv[0] = flock; + + err = setup_async_work(work, + smb2_remove_blocked_lock, argv); + if (err) { + rsp->hdr.Status = + STATUS_INSUFFICIENT_RESOURCES; + goto out; + } + spin_lock(&fp->f_lock); + list_add(&work->fp_entry, &fp->blocked_works); + spin_unlock(&fp->f_lock); + + smb2_send_interim_resp(work, STATUS_PENDING); + + err = ksmbd_vfs_posix_lock_wait(flock); + + if (!WORK_ACTIVE(work)) { + list_del(&smb_lock->llist); + list_del(&smb_lock->glist); + locks_free_lock(flock); + + if (WORK_CANCELLED(work)) { + spin_lock(&fp->f_lock); + list_del(&work->fp_entry); + spin_unlock(&fp->f_lock); + rsp->hdr.Status = + STATUS_CANCELLED; + kfree(smb_lock); + smb2_send_interim_resp(work, + STATUS_CANCELLED); + work->send_no_response = 1; + goto out; + } + init_smb2_rsp_hdr(work); + smb2_set_err_rsp(work); + rsp->hdr.Status = + STATUS_RANGE_NOT_LOCKED; + kfree(smb_lock); + goto out2; + } + + list_del(&smb_lock->llist); + list_del(&smb_lock->glist); + spin_lock(&fp->f_lock); + list_del(&work->fp_entry); + spin_unlock(&fp->f_lock); + goto retry; + } else if (!err) { + list_add_tail(&smb_lock->glist, + &global_lock_list); + list_add(&smb_lock->llist, &rollback_list); + ksmbd_debug(SMB, "successful in taking lock\n"); + } else { + rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED; + goto out; + } + } + } + + if (atomic_read(&fp->f_ci->op_count) > 1) + smb_break_all_oplock(work, fp); + + rsp->StructureSize = cpu_to_le16(4); + ksmbd_debug(SMB, "successful in taking lock\n"); + rsp->hdr.Status = STATUS_SUCCESS; + rsp->Reserved = 0; + inc_rfc1001_len(rsp, 4); + ksmbd_fd_put(work, fp); + return err; + +out: + list_for_each_entry_safe(smb_lock, tmp, &lock_list, llist) { + locks_free_lock(smb_lock->fl); + list_del(&smb_lock->llist); + kfree(smb_lock); + } + + list_for_each_entry_safe(smb_lock, tmp, &rollback_list, llist) { + struct file_lock *rlock = NULL; + + rlock = smb_flock_init(filp); + rlock->fl_type = F_UNLCK; + rlock->fl_start = smb_lock->start; + rlock->fl_end = smb_lock->end; + + err = ksmbd_vfs_lock(filp, 0, rlock); + if (err) + ksmbd_err("rollback unlock fail : %d\n", err); + list_del(&smb_lock->llist); + list_del(&smb_lock->glist); + locks_free_lock(smb_lock->fl); + locks_free_lock(rlock); + kfree(smb_lock); + } +out2: + ksmbd_debug(SMB, "failed in taking lock(flags : %x)\n", flags); + smb2_set_err_rsp(work); + ksmbd_fd_put(work, fp); + return 0; +} + +static int fsctl_copychunk(struct ksmbd_work *work, + struct smb2_ioctl_req *req, + struct smb2_ioctl_rsp *rsp) +{ + struct copychunk_ioctl_req *ci_req; + struct copychunk_ioctl_rsp *ci_rsp; + struct ksmbd_file *src_fp = NULL, *dst_fp = NULL; + struct srv_copychunk *chunks; + unsigned int i, chunk_count, chunk_count_written = 0; + unsigned int chunk_size_written = 0; + loff_t total_size_written = 0; + int ret, cnt_code; + + cnt_code = le32_to_cpu(req->CntCode); + ci_req = (struct copychunk_ioctl_req *)&req->Buffer[0]; + ci_rsp = (struct copychunk_ioctl_rsp *)&rsp->Buffer[0]; + + rsp->VolatileFileId = req->VolatileFileId; + rsp->PersistentFileId = req->PersistentFileId; + ci_rsp->ChunksWritten = cpu_to_le32( + ksmbd_server_side_copy_max_chunk_count()); + ci_rsp->ChunkBytesWritten = cpu_to_le32( + ksmbd_server_side_copy_max_chunk_size()); + ci_rsp->TotalBytesWritten = cpu_to_le32( + ksmbd_server_side_copy_max_total_size()); + + chunks = (struct srv_copychunk *)&ci_req->Chunks[0]; + chunk_count = le32_to_cpu(ci_req->ChunkCount); + total_size_written = 0; + + /* verify the SRV_COPYCHUNK_COPY packet */ + if (chunk_count > ksmbd_server_side_copy_max_chunk_count() || + le32_to_cpu(req->InputCount) < + offsetof(struct copychunk_ioctl_req, Chunks) + + chunk_count * sizeof(struct srv_copychunk)) { + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + return -EINVAL; + } + + for (i = 0; i < chunk_count; i++) { + if (le32_to_cpu(chunks[i].Length) == 0 || + le32_to_cpu(chunks[i].Length) > + ksmbd_server_side_copy_max_chunk_size()) + break; + total_size_written += le32_to_cpu(chunks[i].Length); + } + if (i < chunk_count || total_size_written > + ksmbd_server_side_copy_max_total_size()) { + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + return -EINVAL; + } + + src_fp = ksmbd_lookup_foreign_fd(work, + le64_to_cpu(ci_req->ResumeKey[0])); + dst_fp = ksmbd_lookup_fd_slow(work, + le64_to_cpu(req->VolatileFileId), + le64_to_cpu(req->PersistentFileId)); + + ret = -EINVAL; + if (!src_fp || src_fp->persistent_id != + le64_to_cpu(ci_req->ResumeKey[1])) { + rsp->hdr.Status = STATUS_OBJECT_NAME_NOT_FOUND; + goto out; + } + if (!dst_fp) { + rsp->hdr.Status = STATUS_FILE_CLOSED; + goto out; + } + + /* + * FILE_READ_DATA should only be included in + * the FSCTL_COPYCHUNK case + */ + if (cnt_code == FSCTL_COPYCHUNK && !(dst_fp->daccess & + (FILE_READ_DATA_LE | FILE_GENERIC_READ_LE))) { + rsp->hdr.Status = STATUS_ACCESS_DENIED; + goto out; + } + + ret = ksmbd_vfs_copy_file_ranges(work, src_fp, dst_fp, + chunks, chunk_count, + &chunk_count_written, &chunk_size_written, + &total_size_written); + if (ret < 0) { + if (ret == -EACCES) + rsp->hdr.Status = STATUS_ACCESS_DENIED; + if (ret == -EAGAIN) + rsp->hdr.Status = STATUS_FILE_LOCK_CONFLICT; + else if (ret == -EBADF) + rsp->hdr.Status = STATUS_INVALID_HANDLE; + else if (ret == -EFBIG || ret == -ENOSPC) + rsp->hdr.Status = STATUS_DISK_FULL; + else if (ret == -EINVAL) + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + else if (ret == -EISDIR) + rsp->hdr.Status = STATUS_FILE_IS_A_DIRECTORY; + else if (ret == -E2BIG) + rsp->hdr.Status = STATUS_INVALID_VIEW_SIZE; + else + rsp->hdr.Status = STATUS_UNEXPECTED_IO_ERROR; + } + + ci_rsp->ChunksWritten = cpu_to_le32(chunk_count_written); + ci_rsp->ChunkBytesWritten = cpu_to_le32(chunk_size_written); + ci_rsp->TotalBytesWritten = cpu_to_le32(total_size_written); +out: + ksmbd_fd_put(work, src_fp); + ksmbd_fd_put(work, dst_fp); + return ret; +} + +static __be32 idev_ipv4_address(struct in_device *idev) +{ + __be32 addr = 0; + + struct in_ifaddr *ifa; + + rcu_read_lock(); + in_dev_for_each_ifa_rcu(ifa, idev) { + if (ifa->ifa_flags & IFA_F_SECONDARY) + continue; + + addr = ifa->ifa_address; + break; + } + rcu_read_unlock(); + return addr; +} + +static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn, + struct smb2_ioctl_req *req, + struct smb2_ioctl_rsp *rsp) +{ + struct network_interface_info_ioctl_rsp *nii_rsp = NULL; + int nbytes = 0; + struct net_device *netdev; + struct sockaddr_storage_rsp *sockaddr_storage; + unsigned int flags; + unsigned long long speed; + + rtnl_lock(); + for_each_netdev(&init_net, netdev) { + if (unlikely(!netdev)) { + rtnl_unlock(); + return -EINVAL; + } + + if (netdev->type == ARPHRD_LOOPBACK) + continue; + + flags = dev_get_flags(netdev); + if (!(flags & IFF_RUNNING)) + continue; + + nii_rsp = (struct network_interface_info_ioctl_rsp *) + &rsp->Buffer[nbytes]; + nii_rsp->IfIndex = cpu_to_le32(netdev->ifindex); + + /* TODO: specify the RDMA capabilities */ + if (netdev->num_tx_queues > 1) + nii_rsp->Capability = cpu_to_le32(RSS_CAPABLE); + else + nii_rsp->Capability = 0; + + nii_rsp->Next = cpu_to_le32(152); + nii_rsp->Reserved = 0; + + if (netdev->ethtool_ops->get_link_ksettings) { + struct ethtool_link_ksettings cmd; + + netdev->ethtool_ops->get_link_ksettings(netdev, &cmd); + speed = cmd.base.speed; + } else { + ksmbd_err("%s %s %s\n", + netdev->name, + "speed is unknown,", + "defaulting to 1Gb/sec"); + speed = SPEED_1000; + } + + speed *= 1000000; + nii_rsp->LinkSpeed = cpu_to_le64(speed); + + sockaddr_storage = (struct sockaddr_storage_rsp *) + nii_rsp->SockAddr_Storage; + memset(sockaddr_storage, 0, 128); + + if (conn->peer_addr.ss_family == PF_INET) { + struct in_device *idev; + + sockaddr_storage->Family = cpu_to_le16(INTERNETWORK); + sockaddr_storage->addr4.Port = 0; + + idev = __in_dev_get_rtnl(netdev); + if (!idev) + continue; + sockaddr_storage->addr4.IPv4address = + idev_ipv4_address(idev); + } else { + struct inet6_dev *idev6; + struct inet6_ifaddr *ifa; + __u8 *ipv6_addr = sockaddr_storage->addr6.IPv6address; + + sockaddr_storage->Family = cpu_to_le16(INTERNETWORKV6); + sockaddr_storage->addr6.Port = 0; + sockaddr_storage->addr6.FlowInfo = 0; + + idev6 = __in6_dev_get(netdev); + if (!idev6) + continue; + + list_for_each_entry(ifa, &idev6->addr_list, if_list) { + if (ifa->flags & (IFA_F_TENTATIVE | + IFA_F_DEPRECATED)) + continue; + memcpy(ipv6_addr, ifa->addr.s6_addr, 16); + break; + } + sockaddr_storage->addr6.ScopeId = 0; + } + + nbytes += sizeof(struct network_interface_info_ioctl_rsp); + } + rtnl_unlock(); + + /* zero if this is last one */ + if (nii_rsp) + nii_rsp->Next = 0; + + if (!nbytes) { + rsp->hdr.Status = STATUS_BUFFER_TOO_SMALL; + return -EINVAL; + } + + rsp->PersistentFileId = cpu_to_le64(SMB2_NO_FID); + rsp->VolatileFileId = cpu_to_le64(SMB2_NO_FID); + return nbytes; +} + + +static int fsctl_validate_negotiate_info(struct ksmbd_conn *conn, + struct validate_negotiate_info_req *neg_req, + struct validate_negotiate_info_rsp *neg_rsp) +{ + int ret = 0; + int dialect; + + dialect = ksmbd_lookup_dialect_by_id(neg_req->Dialects, + neg_req->DialectCount); + if (dialect == BAD_PROT_ID || dialect != conn->dialect) { + ret = -EINVAL; + goto err_out; + } + + if (strncmp(neg_req->Guid, conn->ClientGUID, SMB2_CLIENT_GUID_SIZE)) { + ret = -EINVAL; + goto err_out; + } + + if (le16_to_cpu(neg_req->SecurityMode) != conn->cli_sec_mode) { + ret = -EINVAL; + goto err_out; + } + + if (le32_to_cpu(neg_req->Capabilities) != conn->cli_cap) { + ret = -EINVAL; + goto err_out; + } + + neg_rsp->Capabilities = cpu_to_le32(conn->vals->capabilities); + memset(neg_rsp->Guid, 0, SMB2_CLIENT_GUID_SIZE); + neg_rsp->SecurityMode = cpu_to_le16(conn->srv_sec_mode); + neg_rsp->Dialect = cpu_to_le16(conn->dialect); +err_out: + return ret; +} + +static int fsctl_query_allocated_ranges(struct ksmbd_work *work, uint64_t id, + struct file_allocated_range_buffer *qar_req, + struct file_allocated_range_buffer *qar_rsp, + int in_count, int *out_count) +{ + struct ksmbd_file *fp; + loff_t start, length; + int ret = 0; + + *out_count = 0; + if (in_count == 0) + return -EINVAL; + + fp = ksmbd_lookup_fd_fast(work, id); + if (!fp) + return -ENOENT; + + start = le64_to_cpu(qar_req->file_offset); + length = le64_to_cpu(qar_req->length); + + ret = ksmbd_vfs_fqar_lseek(fp, start, length, + qar_rsp, in_count, out_count); + if (ret && ret != -E2BIG) + *out_count = 0; + + ksmbd_fd_put(work, fp); + return ret; +} + +static int fsctl_pipe_transceive(struct ksmbd_work *work, uint64_t id, + int out_buf_len, struct smb2_ioctl_req *req, struct smb2_ioctl_rsp *rsp) +{ + struct ksmbd_rpc_command *rpc_resp; + char *data_buf = (char *)&req->Buffer[0]; + int nbytes = 0; + + rpc_resp = ksmbd_rpc_ioctl(work->sess, id, + data_buf, + le32_to_cpu(req->InputCount)); + if (rpc_resp) { + if (rpc_resp->flags == KSMBD_RPC_SOME_NOT_MAPPED) { + /* + * set STATUS_SOME_NOT_MAPPED response + * for unknown domain sid. + */ + rsp->hdr.Status = STATUS_SOME_NOT_MAPPED; + } else if (rpc_resp->flags == KSMBD_RPC_ENOTIMPLEMENTED) { + rsp->hdr.Status = STATUS_NOT_SUPPORTED; + goto out; + } else if (rpc_resp->flags != KSMBD_RPC_OK) { + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + goto out; + } + + nbytes = rpc_resp->payload_sz; + if (rpc_resp->payload_sz > out_buf_len) { + rsp->hdr.Status = STATUS_BUFFER_OVERFLOW; + nbytes = out_buf_len; + } + + if (!rpc_resp->payload_sz) { + rsp->hdr.Status = + STATUS_UNEXPECTED_IO_ERROR; + goto out; + } + + memcpy((char *)rsp->Buffer, rpc_resp->payload, nbytes); + } +out: + ksmbd_free(rpc_resp); + return nbytes; +} + +static inline int fsctl_set_sparse(struct ksmbd_work *work, uint64_t id, + struct file_sparse *sparse) +{ + struct ksmbd_file *fp; + int ret = 0; + __le32 old_fattr; + + fp = ksmbd_lookup_fd_fast(work, id); + if (!fp) + return -ENOENT; + + old_fattr = fp->f_ci->m_fattr; + if (sparse->SetSparse) + fp->f_ci->m_fattr |= ATTR_SPARSE_FILE_LE; + else + fp->f_ci->m_fattr &= ~ATTR_SPARSE_FILE_LE; + + if (fp->f_ci->m_fattr != old_fattr && + test_share_config_flag(work->tcon->share_conf, + KSMBD_SHARE_FLAG_STORE_DOS_ATTRS)) { + struct xattr_dos_attrib da; + + ret = ksmbd_vfs_get_dos_attrib_xattr(fp->filp->f_path.dentry, &da); + if (ret <= 0) + goto out; + + da.attr = le32_to_cpu(fp->f_ci->m_fattr); + ret = ksmbd_vfs_set_dos_attrib_xattr(fp->filp->f_path.dentry, &da); + if (ret) + fp->f_ci->m_fattr = old_fattr; + } + +out: + ksmbd_fd_put(work, fp); + return ret; +} + +static int fsctl_request_resume_key(struct ksmbd_work *work, + struct smb2_ioctl_req *req, struct resume_key_ioctl_rsp *key_rsp) +{ + struct ksmbd_file *fp; + + fp = ksmbd_lookup_fd_slow(work, + le64_to_cpu(req->VolatileFileId), + le64_to_cpu(req->PersistentFileId)); + if (!fp) + return -ENOENT; + + memset(key_rsp, 0, sizeof(*key_rsp)); + key_rsp->ResumeKey[0] = req->VolatileFileId; + key_rsp->ResumeKey[1] = req->PersistentFileId; + ksmbd_fd_put(work, fp); + + return 0; +} + +/** + * smb2_ioctl() - handler for smb2 ioctl command + * @work: smb work containing ioctl command buffer + * + * Return: 0 on success, otherwise error + */ +int smb2_ioctl(struct ksmbd_work *work) +{ + struct smb2_ioctl_req *req; + struct smb2_ioctl_rsp *rsp, *rsp_org; + int cnt_code, nbytes = 0; + int out_buf_len; + uint64_t id = KSMBD_NO_FID; + struct ksmbd_conn *conn = work->conn; + int ret = 0; + + rsp_org = RESPONSE_BUF(work); + if (work->next_smb2_rcv_hdr_off) { + req = REQUEST_BUF_NEXT(work); + rsp = RESPONSE_BUF_NEXT(work); + if (!HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) { + ksmbd_debug(SMB, "Compound request set FID = %u\n", + work->compound_fid); + id = work->compound_fid; + } + } else { + req = REQUEST_BUF(work); + rsp = RESPONSE_BUF(work); + } + + if (!HAS_FILE_ID(id)) + id = le64_to_cpu(req->VolatileFileId); + + if (req->Flags != cpu_to_le32(SMB2_0_IOCTL_IS_FSCTL)) { + rsp->hdr.Status = STATUS_NOT_SUPPORTED; + goto out; + } + + cnt_code = le32_to_cpu(req->CntCode); + out_buf_len = le32_to_cpu(req->MaxOutputResponse); + out_buf_len = min(KSMBD_IPC_MAX_PAYLOAD, out_buf_len); + + switch (cnt_code) { + case FSCTL_DFS_GET_REFERRALS: + case FSCTL_DFS_GET_REFERRALS_EX: + /* Not support DFS yet */ + rsp->hdr.Status = STATUS_FS_DRIVER_REQUIRED; + goto out; + case FSCTL_CREATE_OR_GET_OBJECT_ID: + { + struct file_object_buf_type1_ioctl_rsp *obj_buf; + + nbytes = sizeof(struct file_object_buf_type1_ioctl_rsp); + obj_buf = (struct file_object_buf_type1_ioctl_rsp *) + &rsp->Buffer[0]; + + /* + * TODO: This is dummy implementation to pass smbtorture + * Need to check correct response later + */ + memset(obj_buf->ObjectId, 0x0, 16); + memset(obj_buf->BirthVolumeId, 0x0, 16); + memset(obj_buf->BirthObjectId, 0x0, 16); + memset(obj_buf->DomainId, 0x0, 16); + + break; + } + case FSCTL_PIPE_TRANSCEIVE: + nbytes = fsctl_pipe_transceive(work, id, out_buf_len, req, rsp); + break; + case FSCTL_VALIDATE_NEGOTIATE_INFO: + if (conn->dialect < SMB30_PROT_ID) { + ret = -EOPNOTSUPP; + goto out; + } + + ret = fsctl_validate_negotiate_info(conn, + (struct validate_negotiate_info_req *)&req->Buffer[0], + (struct validate_negotiate_info_rsp *)&rsp->Buffer[0]); + if (ret < 0) + goto out; + + nbytes = sizeof(struct validate_negotiate_info_rsp); + rsp->PersistentFileId = cpu_to_le64(SMB2_NO_FID); + rsp->VolatileFileId = cpu_to_le64(SMB2_NO_FID); + break; + case FSCTL_QUERY_NETWORK_INTERFACE_INFO: + nbytes = fsctl_query_iface_info_ioctl(conn, req, rsp); + if (nbytes < 0) + goto out; + break; + case FSCTL_REQUEST_RESUME_KEY: + if (out_buf_len < sizeof(struct resume_key_ioctl_rsp)) { + ret = -EINVAL; + goto out; + } + + ret = fsctl_request_resume_key(work, req, + (struct resume_key_ioctl_rsp *)&rsp->Buffer[0]); + if (ret < 0) + goto out; + rsp->PersistentFileId = req->PersistentFileId; + rsp->VolatileFileId = req->VolatileFileId; + nbytes = sizeof(struct resume_key_ioctl_rsp); + break; + case FSCTL_COPYCHUNK: + case FSCTL_COPYCHUNK_WRITE: + if (!test_tree_conn_flag(work->tcon, + KSMBD_TREE_CONN_FLAG_WRITABLE)) { + ksmbd_debug(SMB, + "User does not have write permission\n"); + ret = -EACCES; + goto out; + } + + if (out_buf_len < sizeof(struct copychunk_ioctl_rsp)) { + ret = -EINVAL; + goto out; + } + + nbytes = sizeof(struct copychunk_ioctl_rsp); + fsctl_copychunk(work, req, rsp); + break; + case FSCTL_SET_SPARSE: + ret = fsctl_set_sparse(work, id, + (struct file_sparse *)&req->Buffer[0]); + if (ret < 0) + goto out; + break; + case FSCTL_SET_ZERO_DATA: + { + struct file_zero_data_information *zero_data; + struct ksmbd_file *fp; + loff_t off, len; + + if (!test_tree_conn_flag(work->tcon, + KSMBD_TREE_CONN_FLAG_WRITABLE)) { + ksmbd_debug(SMB, + "User does not have write permission\n"); + ret = -EACCES; + goto out; + } + + zero_data = + (struct file_zero_data_information *)&req->Buffer[0]; + + fp = ksmbd_lookup_fd_fast(work, id); + if (!fp) { + ret = -ENOENT; + goto out; + } + + off = le64_to_cpu(zero_data->FileOffset); + len = le64_to_cpu(zero_data->BeyondFinalZero) - off; + + ret = ksmbd_vfs_zero_data(work, fp, off, len); + ksmbd_fd_put(work, fp); + if (ret < 0) + goto out; + break; + } + case FSCTL_QUERY_ALLOCATED_RANGES: + ret = fsctl_query_allocated_ranges(work, id, + (struct file_allocated_range_buffer *)&req->Buffer[0], + (struct file_allocated_range_buffer *)&rsp->Buffer[0], + out_buf_len / + sizeof(struct file_allocated_range_buffer), &nbytes); + if (ret == -E2BIG) { + rsp->hdr.Status = STATUS_BUFFER_OVERFLOW; + } else if (ret < 0) { + nbytes = 0; + goto out; + } + + nbytes *= sizeof(struct file_allocated_range_buffer); + break; + case FSCTL_GET_REPARSE_POINT: + { + struct reparse_data_buffer *reparse_ptr; + struct ksmbd_file *fp; + + reparse_ptr = (struct reparse_data_buffer *)&rsp->Buffer[0]; + fp = ksmbd_lookup_fd_fast(work, id); + if (!fp) { + ksmbd_err("not found fp!!\n"); + ret = -ENOENT; + goto out; + } + + reparse_ptr->ReparseTag = + smb2_get_reparse_tag_special_file(FP_INODE(fp)->i_mode); + reparse_ptr->ReparseDataLength = 0; + ksmbd_fd_put(work, fp); + nbytes = sizeof(struct reparse_data_buffer); + break; + } + default: + ksmbd_debug(SMB, "not implemented yet ioctl command 0x%x\n", + cnt_code); + ret = -EOPNOTSUPP; + goto out; + } + + rsp->CntCode = cpu_to_le32(cnt_code); + rsp->InputCount = cpu_to_le32(0); + rsp->InputOffset = cpu_to_le32(112); + rsp->OutputOffset = cpu_to_le32(112); + rsp->OutputCount = cpu_to_le32(nbytes); + rsp->StructureSize = cpu_to_le16(49); + rsp->Reserved = cpu_to_le16(0); + rsp->Flags = cpu_to_le32(0); + rsp->Reserved2 = cpu_to_le32(0); + inc_rfc1001_len(rsp_org, 48 + nbytes); + + return 0; + +out: + if (ret == -EACCES) + rsp->hdr.Status = STATUS_ACCESS_DENIED; + else if (ret == -ENOENT) + rsp->hdr.Status = STATUS_OBJECT_NAME_NOT_FOUND; + else if (ret == -EOPNOTSUPP) + rsp->hdr.Status = STATUS_NOT_SUPPORTED; + else if (ret < 0 || rsp->hdr.Status == 0) + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + smb2_set_err_rsp(work); + return 0; +} + +/** + * smb20_oplock_break_ack() - handler for smb2.0 oplock break command + * @work: smb work containing oplock break command buffer + * + * Return: 0 + */ +static void smb20_oplock_break_ack(struct ksmbd_work *work) +{ + struct smb2_oplock_break *req = REQUEST_BUF(work); + struct smb2_oplock_break *rsp = RESPONSE_BUF(work); + struct ksmbd_file *fp; + struct oplock_info *opinfo = NULL; + __le32 err = 0; + int ret = 0; + uint64_t volatile_id, persistent_id; + char req_oplevel = 0, rsp_oplevel = 0; + unsigned int oplock_change_type; + + volatile_id = le64_to_cpu(req->VolatileFid); + persistent_id = le64_to_cpu(req->PersistentFid); + req_oplevel = req->OplockLevel; + ksmbd_debug(OPLOCK, "v_id %llu, p_id %llu request oplock level %d\n", + volatile_id, persistent_id, req_oplevel); + + fp = ksmbd_lookup_fd_slow(work, volatile_id, persistent_id); + if (!fp) { + rsp->hdr.Status = STATUS_FILE_CLOSED; + smb2_set_err_rsp(work); + return; + } + + opinfo = opinfo_get(fp); + if (!opinfo) { + ksmbd_err("unexpected null oplock_info\n"); + rsp->hdr.Status = STATUS_INVALID_OPLOCK_PROTOCOL; + smb2_set_err_rsp(work); + ksmbd_fd_put(work, fp); + return; + } + + if (opinfo->level == SMB2_OPLOCK_LEVEL_NONE) { + rsp->hdr.Status = STATUS_INVALID_OPLOCK_PROTOCOL; + goto err_out; + } + + if (opinfo->op_state == OPLOCK_STATE_NONE) { + ksmbd_debug(SMB, "unexpected oplock state 0x%x\n", opinfo->op_state); + rsp->hdr.Status = STATUS_UNSUCCESSFUL; + goto err_out; + } + + if (((opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE) || + (opinfo->level == SMB2_OPLOCK_LEVEL_BATCH)) && + ((req_oplevel != SMB2_OPLOCK_LEVEL_II) && + (req_oplevel != SMB2_OPLOCK_LEVEL_NONE))) { + err = STATUS_INVALID_OPLOCK_PROTOCOL; + oplock_change_type = OPLOCK_WRITE_TO_NONE; + } else if ((opinfo->level == SMB2_OPLOCK_LEVEL_II) && + (req_oplevel != SMB2_OPLOCK_LEVEL_NONE)) { + err = STATUS_INVALID_OPLOCK_PROTOCOL; + oplock_change_type = OPLOCK_READ_TO_NONE; + } else if ((req_oplevel == SMB2_OPLOCK_LEVEL_II) || + (req_oplevel == SMB2_OPLOCK_LEVEL_NONE)) { + err = STATUS_INVALID_DEVICE_STATE; + if (((opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE) || + (opinfo->level == SMB2_OPLOCK_LEVEL_BATCH)) && + (req_oplevel == SMB2_OPLOCK_LEVEL_II)) { + oplock_change_type = OPLOCK_WRITE_TO_READ; + } else if (((opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE) + || (opinfo->level == SMB2_OPLOCK_LEVEL_BATCH)) && + (req_oplevel == SMB2_OPLOCK_LEVEL_NONE)) { + oplock_change_type = OPLOCK_WRITE_TO_NONE; + } else if ((opinfo->level == SMB2_OPLOCK_LEVEL_II) && + (req_oplevel == SMB2_OPLOCK_LEVEL_NONE)) { + oplock_change_type = OPLOCK_READ_TO_NONE; + } else + oplock_change_type = 0; + } else + oplock_change_type = 0; + + switch (oplock_change_type) { + case OPLOCK_WRITE_TO_READ: + ret = opinfo_write_to_read(opinfo); + rsp_oplevel = SMB2_OPLOCK_LEVEL_II; + break; + case OPLOCK_WRITE_TO_NONE: + ret = opinfo_write_to_none(opinfo); + rsp_oplevel = SMB2_OPLOCK_LEVEL_NONE; + break; + case OPLOCK_READ_TO_NONE: + ret = opinfo_read_to_none(opinfo); + rsp_oplevel = SMB2_OPLOCK_LEVEL_NONE; + break; + default: + ksmbd_err("unknown oplock change 0x%x -> 0x%x\n", + opinfo->level, rsp_oplevel); + } + + if (ret < 0) { + rsp->hdr.Status = err; + goto err_out; + } + + opinfo_put(opinfo); + ksmbd_fd_put(work, fp); + opinfo->op_state = OPLOCK_STATE_NONE; + wake_up_interruptible_all(&opinfo->oplock_q); + + rsp->StructureSize = cpu_to_le16(24); + rsp->OplockLevel = rsp_oplevel; + rsp->Reserved = 0; + rsp->Reserved2 = 0; + rsp->VolatileFid = cpu_to_le64(volatile_id); + rsp->PersistentFid = cpu_to_le64(persistent_id); + inc_rfc1001_len(rsp, 24); + return; + +err_out: + opinfo->op_state = OPLOCK_STATE_NONE; + wake_up_interruptible_all(&opinfo->oplock_q); + + opinfo_put(opinfo); + ksmbd_fd_put(work, fp); + smb2_set_err_rsp(work); +} + +static int check_lease_state(struct lease *lease, __le32 req_state) +{ + if ((lease->new_state == + (SMB2_LEASE_READ_CACHING_LE | SMB2_LEASE_HANDLE_CACHING_LE)) + && !(req_state & SMB2_LEASE_WRITE_CACHING_LE)) { + lease->new_state = req_state; + return 0; + } + + if (lease->new_state == req_state) + return 0; + + return 1; +} + +/** + * smb21_lease_break_ack() - handler for smb2.1 lease break command + * @work: smb work containing lease break command buffer + * + * Return: 0 + */ +static void smb21_lease_break_ack(struct ksmbd_work *work) +{ + struct ksmbd_conn *conn = work->conn; + struct smb2_lease_ack *req = REQUEST_BUF(work); + struct smb2_lease_ack *rsp = RESPONSE_BUF(work); + struct oplock_info *opinfo; + __le32 err = 0; + int ret = 0; + unsigned int lease_change_type; + __le32 lease_state; + struct lease *lease; + + ksmbd_debug(OPLOCK, "smb21 lease break, lease state(0x%x)\n", + le32_to_cpu(req->LeaseState)); + opinfo = lookup_lease_in_table(conn, req->LeaseKey); + if (!opinfo) { + ksmbd_debug(OPLOCK, "file not opened\n"); + smb2_set_err_rsp(work); + rsp->hdr.Status = STATUS_UNSUCCESSFUL; + return; + } + lease = opinfo->o_lease; + + if (opinfo->op_state == OPLOCK_STATE_NONE) { + ksmbd_err("unexpected lease break state 0x%x\n", + opinfo->op_state); + rsp->hdr.Status = STATUS_UNSUCCESSFUL; + goto err_out; + } + + if (check_lease_state(lease, req->LeaseState)) { + rsp->hdr.Status = STATUS_REQUEST_NOT_ACCEPTED; + ksmbd_debug(OPLOCK, + "req lease state: 0x%x, expected state: 0x%x\n", + req->LeaseState, lease->new_state); + goto err_out; + } + + if (!atomic_read(&opinfo->breaking_cnt)) { + rsp->hdr.Status = STATUS_UNSUCCESSFUL; + goto err_out; + } + + /* check for bad lease state */ + if (req->LeaseState & (~(SMB2_LEASE_READ_CACHING_LE | + SMB2_LEASE_HANDLE_CACHING_LE))) { + err = STATUS_INVALID_OPLOCK_PROTOCOL; + if (lease->state & SMB2_LEASE_WRITE_CACHING_LE) + lease_change_type = OPLOCK_WRITE_TO_NONE; + else + lease_change_type = OPLOCK_READ_TO_NONE; + ksmbd_debug(OPLOCK, "handle bad lease state 0x%x -> 0x%x\n", + le32_to_cpu(lease->state), + le32_to_cpu(req->LeaseState)); + } else if ((lease->state == SMB2_LEASE_READ_CACHING_LE) && + (req->LeaseState != SMB2_LEASE_NONE_LE)) { + err = STATUS_INVALID_OPLOCK_PROTOCOL; + lease_change_type = OPLOCK_READ_TO_NONE; + ksmbd_debug(OPLOCK, "handle bad lease state 0x%x -> 0x%x\n", + le32_to_cpu(lease->state), + le32_to_cpu(req->LeaseState)); + } else { + /* valid lease state changes */ + err = STATUS_INVALID_DEVICE_STATE; + if (req->LeaseState == SMB2_LEASE_NONE_LE) { + if (lease->state & SMB2_LEASE_WRITE_CACHING_LE) + lease_change_type = OPLOCK_WRITE_TO_NONE; + else + lease_change_type = OPLOCK_READ_TO_NONE; + } else if (req->LeaseState & SMB2_LEASE_READ_CACHING_LE) { + if (lease->state & SMB2_LEASE_WRITE_CACHING_LE) + lease_change_type = OPLOCK_WRITE_TO_READ; + else + lease_change_type = OPLOCK_READ_HANDLE_TO_READ; + } else + lease_change_type = 0; + } + + switch (lease_change_type) { + case OPLOCK_WRITE_TO_READ: + ret = opinfo_write_to_read(opinfo); + break; + case OPLOCK_READ_HANDLE_TO_READ: + ret = opinfo_read_handle_to_read(opinfo); + break; + case OPLOCK_WRITE_TO_NONE: + ret = opinfo_write_to_none(opinfo); + break; + case OPLOCK_READ_TO_NONE: + ret = opinfo_read_to_none(opinfo); + break; + default: + ksmbd_debug(OPLOCK, "unknown lease change 0x%x -> 0x%x\n", + le32_to_cpu(lease->state), + le32_to_cpu(req->LeaseState)); + } + + lease_state = lease->state; + opinfo->op_state = OPLOCK_STATE_NONE; + wake_up_interruptible_all(&opinfo->oplock_q); + atomic_dec(&opinfo->breaking_cnt); + wake_up_interruptible_all(&opinfo->oplock_brk); + opinfo_put(opinfo); + + if (ret < 0) { + rsp->hdr.Status = err; + goto err_out; + } + + rsp->StructureSize = cpu_to_le16(36); + rsp->Reserved = 0; + rsp->Flags = 0; + memcpy(rsp->LeaseKey, req->LeaseKey, 16); + rsp->LeaseState = lease_state; + rsp->LeaseDuration = 0; + inc_rfc1001_len(rsp, 36); + return; + +err_out: + opinfo->op_state = OPLOCK_STATE_NONE; + wake_up_interruptible_all(&opinfo->oplock_q); + atomic_dec(&opinfo->breaking_cnt); + wake_up_interruptible_all(&opinfo->oplock_brk); + + opinfo_put(opinfo); + smb2_set_err_rsp(work); +} + +/** + * smb2_oplock_break() - dispatcher for smb2.0 and 2.1 oplock/lease break + * @work: smb work containing oplock/lease break command buffer + * + * Return: 0 + */ +int smb2_oplock_break(struct ksmbd_work *work) +{ + struct smb2_oplock_break *req = REQUEST_BUF(work); + struct smb2_oplock_break *rsp = RESPONSE_BUF(work); + + switch (le16_to_cpu(req->StructureSize)) { + case OP_BREAK_STRUCT_SIZE_20: + smb20_oplock_break_ack(work); + break; + case OP_BREAK_STRUCT_SIZE_21: + smb21_lease_break_ack(work); + break; + default: + ksmbd_debug(OPLOCK, "invalid break cmd %d\n", + le16_to_cpu(req->StructureSize)); + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + smb2_set_err_rsp(work); + } + + return 0; +} + +/** + * smb2_notify() - handler for smb2 notify request + * @ksmbd_work: smb work containing notify command buffer + * + * Return: 0 + */ +int smb2_notify(struct ksmbd_work *work) +{ + struct smb2_notify_req *req; + struct smb2_notify_rsp *rsp; + + WORK_BUFFERS(work, req, rsp); + + if (work->next_smb2_rcv_hdr_off && req->hdr.NextCommand) { + rsp->hdr.Status = STATUS_INTERNAL_ERROR; + smb2_set_err_rsp(work); + return 0; + } + + smb2_set_err_rsp(work); + rsp->hdr.Status = STATUS_NOT_IMPLEMENTED; + return 0; +} + +/** + * smb2_is_sign_req() - handler for checking packet signing status + * @work:smb work containing notify command buffer + * + * Return: true if packed is signed, false otherwise + */ +bool smb2_is_sign_req(struct ksmbd_work *work, unsigned int command) +{ + struct smb2_hdr *rcv_hdr2 = REQUEST_BUF(work); + + if ((rcv_hdr2->Flags & SMB2_FLAGS_SIGNED) && + command != SMB2_NEGOTIATE_HE && + command != SMB2_SESSION_SETUP_HE && + command != SMB2_OPLOCK_BREAK_HE) + return true; + + return 0; +} + +/** + * smb2_check_sign_req() - handler for req packet sign processing + * @work: smb work containing notify command buffer + * + * Return: 1 on success, 0 otherwise + */ +int smb2_check_sign_req(struct ksmbd_work *work) +{ + struct smb2_hdr *hdr, *hdr_org; + char signature_req[SMB2_SIGNATURE_SIZE]; + char signature[SMB2_HMACSHA256_SIZE]; + struct kvec iov[1]; + size_t len; + + hdr_org = hdr = REQUEST_BUF(work); + if (work->next_smb2_rcv_hdr_off) + hdr = REQUEST_BUF_NEXT(work); + + if (!hdr->NextCommand && !work->next_smb2_rcv_hdr_off) + len = be32_to_cpu(hdr_org->smb2_buf_length); + else if (hdr->NextCommand) + len = le32_to_cpu(hdr->NextCommand); + else + len = be32_to_cpu(hdr_org->smb2_buf_length) - + work->next_smb2_rcv_hdr_off; + + memcpy(signature_req, hdr->Signature, SMB2_SIGNATURE_SIZE); + memset(hdr->Signature, 0, SMB2_SIGNATURE_SIZE); + + iov[0].iov_base = (char *)&hdr->ProtocolId; + iov[0].iov_len = len; + + if (ksmbd_sign_smb2_pdu(work->conn, work->sess->sess_key, iov, 1, + signature)) + return 0; + + if (memcmp(signature, signature_req, SMB2_SIGNATURE_SIZE)) { + ksmbd_err("bad smb2 signature\n"); + return 0; + } + + return 1; +} + +/** + * smb2_set_sign_rsp() - handler for rsp packet sign processing + * @work: smb work containing notify command buffer + * + */ +void smb2_set_sign_rsp(struct ksmbd_work *work) +{ + struct smb2_hdr *hdr, *hdr_org; + struct smb2_hdr *req_hdr; + char signature[SMB2_HMACSHA256_SIZE]; + struct kvec iov[2]; + size_t len; + int n_vec = 1; + + hdr_org = hdr = RESPONSE_BUF(work); + if (work->next_smb2_rsp_hdr_off) + hdr = RESPONSE_BUF_NEXT(work); + + req_hdr = REQUEST_BUF_NEXT(work); + + if (!work->next_smb2_rsp_hdr_off) { + len = get_rfc1002_len(hdr_org); + if (req_hdr->NextCommand) + len = ALIGN(len, 8); + } else { + len = get_rfc1002_len(hdr_org) - work->next_smb2_rsp_hdr_off; + len = ALIGN(len, 8); + } + + if (req_hdr->NextCommand) + hdr->NextCommand = cpu_to_le32(len); + + hdr->Flags |= SMB2_FLAGS_SIGNED; + memset(hdr->Signature, 0, SMB2_SIGNATURE_SIZE); + + iov[0].iov_base = (char *)&hdr->ProtocolId; + iov[0].iov_len = len; + + if (HAS_AUX_PAYLOAD(work)) { + iov[0].iov_len -= AUX_PAYLOAD_SIZE(work); + + iov[1].iov_base = AUX_PAYLOAD(work); + iov[1].iov_len = AUX_PAYLOAD_SIZE(work); + n_vec++; + } + + if (!ksmbd_sign_smb2_pdu(work->conn, work->sess->sess_key, iov, n_vec, + signature)) + memcpy(hdr->Signature, signature, SMB2_SIGNATURE_SIZE); +} + +/** + * smb3_check_sign_req() - handler for req packet sign processing + * @work: smb work containing notify command buffer + * + * Return: 1 on success, 0 otherwise + */ +int smb3_check_sign_req(struct ksmbd_work *work) +{ + struct ksmbd_conn *conn; + char *signing_key; + struct smb2_hdr *hdr, *hdr_org; + struct channel *chann; + char signature_req[SMB2_SIGNATURE_SIZE]; + char signature[SMB2_CMACAES_SIZE]; + struct kvec iov[1]; + size_t len; + + hdr_org = hdr = REQUEST_BUF(work); + if (work->next_smb2_rcv_hdr_off) + hdr = REQUEST_BUF_NEXT(work); + + if (!hdr->NextCommand && !work->next_smb2_rcv_hdr_off) + len = be32_to_cpu(hdr_org->smb2_buf_length); + else if (hdr->NextCommand) + len = le32_to_cpu(hdr->NextCommand); + else + len = be32_to_cpu(hdr_org->smb2_buf_length) - + work->next_smb2_rcv_hdr_off; + + if (le16_to_cpu(hdr->Command) == SMB2_SESSION_SETUP_HE) { + signing_key = work->sess->smb3signingkey; + conn = work->sess->conn; + } else { + chann = lookup_chann_list(work->sess); + if (!chann) + return 0; + signing_key = chann->smb3signingkey; + conn = chann->conn; + } + + if (!signing_key) { + ksmbd_err("SMB3 signing key is not generated\n"); + return 0; + } + + memcpy(signature_req, hdr->Signature, SMB2_SIGNATURE_SIZE); + memset(hdr->Signature, 0, SMB2_SIGNATURE_SIZE); + iov[0].iov_base = (char *)&hdr->ProtocolId; + iov[0].iov_len = len; + + if (ksmbd_sign_smb3_pdu(conn, signing_key, iov, 1, signature)) + return 0; + + if (memcmp(signature, signature_req, SMB2_SIGNATURE_SIZE)) { + ksmbd_err("bad smb2 signature\n"); + return 0; + } + + return 1; +} + +/** + * smb3_set_sign_rsp() - handler for rsp packet sign processing + * @work: smb work containing notify command buffer + * + */ +void smb3_set_sign_rsp(struct ksmbd_work *work) +{ + struct ksmbd_conn *conn; + struct smb2_hdr *req_hdr; + struct smb2_hdr *hdr, *hdr_org; + struct channel *chann; + char signature[SMB2_CMACAES_SIZE]; + struct kvec iov[2]; + int n_vec = 1; + size_t len; + char *signing_key; + + hdr_org = hdr = RESPONSE_BUF(work); + if (work->next_smb2_rsp_hdr_off) + hdr = RESPONSE_BUF_NEXT(work); + + req_hdr = REQUEST_BUF_NEXT(work); + + if (!work->next_smb2_rsp_hdr_off) { + len = get_rfc1002_len(hdr_org); + if (req_hdr->NextCommand) + len = ALIGN(len, 8); + } else { + len = get_rfc1002_len(hdr_org) - work->next_smb2_rsp_hdr_off; + len = ALIGN(len, 8); + } + + if (le16_to_cpu(hdr->Command) == SMB2_SESSION_SETUP_HE) { + signing_key = work->sess->smb3signingkey; + conn = work->sess->conn; + } else { + chann = lookup_chann_list(work->sess); + if (!chann) + return; + signing_key = chann->smb3signingkey; + conn = chann->conn; + } + + if (!signing_key) + return; + + if (req_hdr->NextCommand) + hdr->NextCommand = cpu_to_le32(len); + + hdr->Flags |= SMB2_FLAGS_SIGNED; + memset(hdr->Signature, 0, SMB2_SIGNATURE_SIZE); + iov[0].iov_base = (char *)&hdr->ProtocolId; + iov[0].iov_len = len; + if (HAS_AUX_PAYLOAD(work)) { + iov[0].iov_len -= AUX_PAYLOAD_SIZE(work); + iov[1].iov_base = AUX_PAYLOAD(work); + iov[1].iov_len = AUX_PAYLOAD_SIZE(work); + n_vec++; + } + + if (!ksmbd_sign_smb3_pdu(conn, signing_key, iov, n_vec, signature)) + memcpy(hdr->Signature, signature, SMB2_SIGNATURE_SIZE); +} + +/** + * smb3_preauth_hash_rsp() - handler for computing preauth hash on response + * @work: smb work containing response buffer + * + */ +void smb3_preauth_hash_rsp(struct ksmbd_work *work) +{ + struct ksmbd_conn *conn = work->conn; + struct ksmbd_session *sess = work->sess; + struct smb2_hdr *req, *rsp; + + if (conn->dialect != SMB311_PROT_ID) + return; + + WORK_BUFFERS(work, req, rsp); + + if (le16_to_cpu(req->Command) == SMB2_NEGOTIATE_HE) + ksmbd_gen_preauth_integrity_hash(conn, (char *)rsp, + conn->preauth_info->Preauth_HashValue); + + if (le16_to_cpu(rsp->Command) == SMB2_SESSION_SETUP_HE && + sess && sess->state == SMB2_SESSION_IN_PROGRESS) { + __u8 *hash_value; + + hash_value = sess->Preauth_HashValue; + ksmbd_gen_preauth_integrity_hash(conn, (char *)rsp, + hash_value); + } +} + +static void fill_transform_hdr(struct smb2_transform_hdr *tr_hdr, + char *old_buf, + __le16 cipher_type) +{ + struct smb2_hdr *hdr = (struct smb2_hdr *)old_buf; + unsigned int orig_len = get_rfc1002_len(old_buf); + + memset(tr_hdr, 0, sizeof(struct smb2_transform_hdr)); + tr_hdr->ProtocolId = SMB2_TRANSFORM_PROTO_NUM; + tr_hdr->OriginalMessageSize = cpu_to_le32(orig_len); + tr_hdr->Flags = cpu_to_le16(0x01); + if (cipher_type == SMB2_ENCRYPTION_AES128_GCM) + get_random_bytes(&tr_hdr->Nonce, SMB3_AES128GCM_NONCE); + else + get_random_bytes(&tr_hdr->Nonce, SMB3_AES128CCM_NONCE); + memcpy(&tr_hdr->SessionId, &hdr->SessionId, 8); + inc_rfc1001_len(tr_hdr, sizeof(struct smb2_transform_hdr) - 4); + inc_rfc1001_len(tr_hdr, orig_len); +} + +int smb3_encrypt_resp(struct ksmbd_work *work) +{ + char *buf = RESPONSE_BUF(work); + struct smb2_transform_hdr *tr_hdr; + struct kvec iov[3]; + int rc = -ENOMEM; + int buf_size = 0, rq_nvec = 2 + (HAS_AUX_PAYLOAD(work) ? 1 : 0); + + if (ARRAY_SIZE(iov) < rq_nvec) + return -ENOMEM; + + tr_hdr = ksmbd_alloc_response(sizeof(struct smb2_transform_hdr)); + if (!tr_hdr) + return rc; + + /* fill transform header */ + fill_transform_hdr(tr_hdr, buf, work->conn->cipher_type); + + iov[0].iov_base = tr_hdr; + iov[0].iov_len = sizeof(struct smb2_transform_hdr); + buf_size += iov[0].iov_len - 4; + + iov[1].iov_base = buf + 4; + iov[1].iov_len = get_rfc1002_len(buf); + if (HAS_AUX_PAYLOAD(work)) { + iov[1].iov_len = RESP_HDR_SIZE(work) - 4; + + iov[2].iov_base = AUX_PAYLOAD(work); + iov[2].iov_len = AUX_PAYLOAD_SIZE(work); + buf_size += iov[2].iov_len; + } + buf_size += iov[1].iov_len; + work->resp_hdr_sz = iov[1].iov_len; + + rc = ksmbd_crypt_message(work->conn, iov, rq_nvec, 1); + if (rc) + return rc; + + memmove(buf, iov[1].iov_base, iov[1].iov_len); + tr_hdr->smb2_buf_length = cpu_to_be32(buf_size); + work->tr_buf = tr_hdr; + + return rc; +} + +int smb3_is_transform_hdr(void *buf) +{ + struct smb2_transform_hdr *trhdr = buf; + + return trhdr->ProtocolId == SMB2_TRANSFORM_PROTO_NUM; +} + +int smb3_decrypt_req(struct ksmbd_work *work) +{ + struct ksmbd_conn *conn = work->conn; + struct ksmbd_session *sess; + char *buf = REQUEST_BUF(work); + struct smb2_hdr *hdr; + unsigned int pdu_length = get_rfc1002_len(buf); + struct kvec iov[2]; + unsigned int buf_data_size = pdu_length + 4 - + sizeof(struct smb2_transform_hdr); + struct smb2_transform_hdr *tr_hdr = (struct smb2_transform_hdr *)buf; + unsigned int orig_len = le32_to_cpu(tr_hdr->OriginalMessageSize); + int rc = 0; + + sess = ksmbd_session_lookup(conn, le64_to_cpu(tr_hdr->SessionId)); + if (!sess) { + ksmbd_err("invalid session id(%llx) in transform header\n", + le64_to_cpu(tr_hdr->SessionId)); + return -ECONNABORTED; + } + + if (pdu_length + 4 < sizeof(struct smb2_transform_hdr) + + sizeof(struct smb2_hdr)) { + ksmbd_err("Transform message is too small (%u)\n", + pdu_length); + return -ECONNABORTED; + } + + if (pdu_length + 4 < orig_len + sizeof(struct smb2_transform_hdr)) { + ksmbd_err("Transform message is broken\n"); + return -ECONNABORTED; + } + + iov[0].iov_base = buf; + iov[0].iov_len = sizeof(struct smb2_transform_hdr); + iov[1].iov_base = buf + sizeof(struct smb2_transform_hdr); + iov[1].iov_len = buf_data_size; + rc = ksmbd_crypt_message(conn, iov, 2, 0); + if (rc) + return rc; + + memmove(buf + 4, iov[1].iov_base, buf_data_size); + hdr = (struct smb2_hdr *)buf; + hdr->smb2_buf_length = cpu_to_be32(buf_data_size); + + return rc; +} + +bool smb3_11_final_sess_setup_resp(struct ksmbd_work *work) +{ + struct ksmbd_conn *conn = work->conn; + struct smb2_hdr *rsp = RESPONSE_BUF(work); + + if (conn->dialect < SMB30_PROT_ID) + return false; + + if (work->next_smb2_rcv_hdr_off) + rsp = RESPONSE_BUF_NEXT(work); + + if (le16_to_cpu(rsp->Command) == SMB2_SESSION_SETUP_HE && + rsp->Status == STATUS_SUCCESS) + return true; + return false; +} diff --git a/fs/cifsd/smb2pdu.h b/fs/cifsd/smb2pdu.h new file mode 100644 index 000000000000..deb3d7444c2a --- /dev/null +++ b/fs/cifsd/smb2pdu.h @@ -0,0 +1,1649 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2016 Namjae Jeon linkinjeon@kernel.org + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#ifndef _SMB2PDU_H +#define _SMB2PDU_H + +#include "ntlmssp.h" +#include "smbacl.h" + +/* + * Note that, due to trying to use names similar to the protocol specifications, + * there are many mixed case field names in the structures below. Although + * this does not match typical Linux kernel style, it is necessary to be + * able to match against the protocol specfication. + * + * SMB2 commands + * Some commands have minimal (wct=0,bcc=0), or uninteresting, responses + * (ie no useful data other than the SMB error code itself) and are marked such. + * Knowing this helps avoid response buffer allocations and copy in some cases. + */ + +/* List of commands in host endian */ +#define SMB2_NEGOTIATE_HE 0x0000 +#define SMB2_SESSION_SETUP_HE 0x0001 +#define SMB2_LOGOFF_HE 0x0002 /* trivial request/resp */ +#define SMB2_TREE_CONNECT_HE 0x0003 +#define SMB2_TREE_DISCONNECT_HE 0x0004 /* trivial req/resp */ +#define SMB2_CREATE_HE 0x0005 +#define SMB2_CLOSE_HE 0x0006 +#define SMB2_FLUSH_HE 0x0007 /* trivial resp */ +#define SMB2_READ_HE 0x0008 +#define SMB2_WRITE_HE 0x0009 +#define SMB2_LOCK_HE 0x000A +#define SMB2_IOCTL_HE 0x000B +#define SMB2_CANCEL_HE 0x000C +#define SMB2_ECHO_HE 0x000D +#define SMB2_QUERY_DIRECTORY_HE 0x000E +#define SMB2_CHANGE_NOTIFY_HE 0x000F +#define SMB2_QUERY_INFO_HE 0x0010 +#define SMB2_SET_INFO_HE 0x0011 +#define SMB2_OPLOCK_BREAK_HE 0x0012 + +/* The same list in little endian */ +#define SMB2_NEGOTIATE cpu_to_le16(SMB2_NEGOTIATE_HE) +#define SMB2_SESSION_SETUP cpu_to_le16(SMB2_SESSION_SETUP_HE) +#define SMB2_LOGOFF cpu_to_le16(SMB2_LOGOFF_HE) +#define SMB2_TREE_CONNECT cpu_to_le16(SMB2_TREE_CONNECT_HE) +#define SMB2_TREE_DISCONNECT cpu_to_le16(SMB2_TREE_DISCONNECT_HE) +#define SMB2_CREATE cpu_to_le16(SMB2_CREATE_HE) +#define SMB2_CLOSE cpu_to_le16(SMB2_CLOSE_HE) +#define SMB2_FLUSH cpu_to_le16(SMB2_FLUSH_HE) +#define SMB2_READ cpu_to_le16(SMB2_READ_HE) +#define SMB2_WRITE cpu_to_le16(SMB2_WRITE_HE) +#define SMB2_LOCK cpu_to_le16(SMB2_LOCK_HE) +#define SMB2_IOCTL cpu_to_le16(SMB2_IOCTL_HE) +#define SMB2_CANCEL cpu_to_le16(SMB2_CANCEL_HE) +#define SMB2_ECHO cpu_to_le16(SMB2_ECHO_HE) +#define SMB2_QUERY_DIRECTORY cpu_to_le16(SMB2_QUERY_DIRECTORY_HE) +#define SMB2_CHANGE_NOTIFY cpu_to_le16(SMB2_CHANGE_NOTIFY_HE) +#define SMB2_QUERY_INFO cpu_to_le16(SMB2_QUERY_INFO_HE) +#define SMB2_SET_INFO cpu_to_le16(SMB2_SET_INFO_HE) +#define SMB2_OPLOCK_BREAK cpu_to_le16(SMB2_OPLOCK_BREAK_HE) + +/*Create Action Flags*/ +#define FILE_SUPERSEDED 0x00000000 +#define FILE_OPENED 0x00000001 +#define FILE_CREATED 0x00000002 +#define FILE_OVERWRITTEN 0x00000003 + +/* + * Size of the session key (crypto key encrypted with the password + */ +#define SMB2_NTLMV2_SESSKEY_SIZE 16 +#define SMB2_SIGNATURE_SIZE 16 +#define SMB2_HMACSHA256_SIZE 32 +#define SMB2_CMACAES_SIZE 16 + +/* + * Size of the smb3 signing key + */ +#define SMB3_SIGN_KEY_SIZE 16 + +#define CIFS_CLIENT_CHALLENGE_SIZE 8 +#define SMB_SERVER_CHALLENGE_SIZE 8 + +/* SMB2 Max Credits */ +#define SMB2_MAX_CREDITS 8192 + +#define SMB2_CLIENT_GUID_SIZE 16 +#define SMB2_CREATE_GUID_SIZE 16 + +/* Maximum buffer size value we can send with 1 credit */ +#define SMB2_MAX_BUFFER_SIZE 65536 + +#define NUMBER_OF_SMB2_COMMANDS 0x0013 + +/* BB FIXME - analyze following length BB */ +#define MAX_SMB2_HDR_SIZE 0x78 /* 4 len + 64 hdr + (2*24 wct) + 2 bct + 2 pad */ + +#define SMB2_PROTO_NUMBER cpu_to_le32(0x424d53fe) /* 'B''M''S' */ +#define SMB2_TRANSFORM_PROTO_NUM cpu_to_le32(0x424d53fd) + +#define SMB21_DEFAULT_IOSIZE (1024 * 1024) +#define SMB3_DEFAULT_IOSIZE (4 * 1024 * 1024) +#define SMB3_DEFAULT_TRANS_SIZE (1024 * 1024) + +/* + * SMB2 Header Definition + * + * "MBZ" : Must be Zero + * "BB" : BugBug, Something to check/review/analyze later + * "PDU" : "Protocol Data Unit" (ie a network "frame") + * + */ + +#define __SMB2_HEADER_STRUCTURE_SIZE 64 +#define SMB2_HEADER_STRUCTURE_SIZE \ + cpu_to_le16(__SMB2_HEADER_STRUCTURE_SIZE) + +struct smb2_hdr { + __be32 smb2_buf_length; /* big endian on wire */ + /* + * length is only two or three bytes - with + * one or two byte type preceding it that MBZ + */ + __le32 ProtocolId; /* 0xFE 'S' 'M' 'B' */ + __le16 StructureSize; /* 64 */ + __le16 CreditCharge; /* MBZ */ + __le32 Status; /* Error from server */ + __le16 Command; + __le16 CreditRequest; /* CreditResponse */ + __le32 Flags; + __le32 NextCommand; + __le64 MessageId; + union { + struct { + __le32 ProcessId; + __le32 TreeId; + } __packed SyncId; + __le64 AsyncId; + } __packed Id; + __le64 SessionId; + __u8 Signature[16]; +} __packed; + +struct smb2_pdu { + struct smb2_hdr hdr; + __le16 StructureSize2; /* size of wct area (varies, request specific) */ +} __packed; + +#define SMB3_AES128CCM_NONCE 11 +#define SMB3_AES128GCM_NONCE 12 + +struct smb2_transform_hdr { + __be32 smb2_buf_length; /* big endian on wire */ + /* + * length is only two or three bytes - with + * one or two byte type preceding it that MBZ + */ + __le32 ProtocolId; /* 0xFD 'S' 'M' 'B' */ + __u8 Signature[16]; + __u8 Nonce[16]; + __le32 OriginalMessageSize; + __u16 Reserved1; + __le16 Flags; /* EncryptionAlgorithm */ + __le64 SessionId; +} __packed; + +/* + * SMB2 flag definitions + */ +#define SMB2_FLAGS_SERVER_TO_REDIR cpu_to_le32(0x00000001) +#define SMB2_FLAGS_ASYNC_COMMAND cpu_to_le32(0x00000002) +#define SMB2_FLAGS_RELATED_OPERATIONS cpu_to_le32(0x00000004) +#define SMB2_FLAGS_SIGNED cpu_to_le32(0x00000008) +#define SMB2_FLAGS_DFS_OPERATIONS cpu_to_le32(0x10000000) +#define SMB2_FLAGS_REPLAY_OPERATIONS cpu_to_le32(0x20000000) + +/* + * Definitions for SMB2 Protocol Data Units (network frames) + * + * See MS-SMB2.PDF specification for protocol details. + * The Naming convention is the lower case version of the SMB2 + * command code name for the struct. Note that structures must be packed. + * + */ + +#define SMB2_ERROR_STRUCTURE_SIZE2 9 +#define SMB2_ERROR_STRUCTURE_SIZE2_LE cpu_to_le16(SMB2_ERROR_STRUCTURE_SIZE2) + +struct smb2_err_rsp { + struct smb2_hdr hdr; + __le16 StructureSize; + __u8 ErrorContextCount; + __u8 Reserved; + __le32 ByteCount; /* even if zero, at least one byte follows */ + __u8 ErrorData[1]; /* variable length */ +} __packed; + +struct smb2_negotiate_req { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 36 */ + __le16 DialectCount; + __le16 SecurityMode; + __le16 Reserved; /* MBZ */ + __le32 Capabilities; + __u8 ClientGUID[SMB2_CLIENT_GUID_SIZE]; + /* In SMB3.02 and earlier next three were MBZ le64 ClientStartTime */ + __le32 NegotiateContextOffset; /* SMB3.1.1 only. MBZ earlier */ + __le16 NegotiateContextCount; /* SMB3.1.1 only. MBZ earlier */ + __le16 Reserved2; + __le16 Dialects[1]; /* One dialect (vers=) at a time for now */ +} __packed; + +/* SecurityMode flags */ +#define SMB2_NEGOTIATE_SIGNING_ENABLED_LE cpu_to_le16(0x0001) +#define SMB2_NEGOTIATE_SIGNING_REQUIRED 0x0002 +#define SMB2_NEGOTIATE_SIGNING_REQUIRED_LE cpu_to_le16(0x0002) +/* Capabilities flags */ +#define SMB2_GLOBAL_CAP_DFS 0x00000001 +#define SMB2_GLOBAL_CAP_LEASING 0x00000002 /* Resp only New to SMB2.1 */ +#define SMB2_GLOBAL_CAP_LARGE_MTU 0X00000004 /* Resp only New to SMB2.1 */ +#define SMB2_GLOBAL_CAP_MULTI_CHANNEL 0x00000008 /* New to SMB3 */ +#define SMB2_GLOBAL_CAP_PERSISTENT_HANDLES 0x00000010 /* New to SMB3 */ +#define SMB2_GLOBAL_CAP_DIRECTORY_LEASING 0x00000020 /* New to SMB3 */ +#define SMB2_GLOBAL_CAP_ENCRYPTION 0x00000040 /* New to SMB3 */ +/* Internal types */ +#define SMB2_NT_FIND 0x00100000 +#define SMB2_LARGE_FILES 0x00200000 + +#define SMB311_SALT_SIZE 32 +/* Hash Algorithm Types */ +#define SMB2_PREAUTH_INTEGRITY_SHA512 cpu_to_le16(0x0001) + +#define PREAUTH_HASHVALUE_SIZE 64 + +struct preauth_integrity_info { + /* PreAuth integrity Hash ID */ + __le16 Preauth_HashId; + /* PreAuth integrity Hash Value */ + __u8 Preauth_HashValue[PREAUTH_HASHVALUE_SIZE]; +}; + +/* offset is sizeof smb2_negotiate_rsp - 4 but rounded up to 8 bytes. */ +#ifdef CONFIG_SMB_SERVER_KERBEROS5 +/* sizeof(struct smb2_negotiate_rsp) - 4 = + * header(64) + response(64) + GSS_LENGTH(96) + GSS_PADDING(0) + */ +#define OFFSET_OF_NEG_CONTEXT 0xe0 +#else +/* sizeof(struct smb2_negotiate_rsp) - 4 = + * header(64) + response(64) + GSS_LENGTH(74) + GSS_PADDING(6) + */ +#define OFFSET_OF_NEG_CONTEXT 0xd0 +#endif + +#define SMB2_PREAUTH_INTEGRITY_CAPABILITIES cpu_to_le16(1) +#define SMB2_ENCRYPTION_CAPABILITIES cpu_to_le16(2) +#define SMB2_COMPRESSION_CAPABILITIES cpu_to_le16(3) +#define SMB2_NETNAME_NEGOTIATE_CONTEXT_ID cpu_to_le16(5) +#define SMB2_POSIX_EXTENSIONS_AVAILABLE cpu_to_le16(0x100) + +struct smb2_neg_context { + __le16 ContextType; + __le16 DataLength; + __le32 Reserved; + /* Followed by array of data */ +} __packed; + +struct smb2_preauth_neg_context { + __le16 ContextType; /* 1 */ + __le16 DataLength; + __le32 Reserved; + __le16 HashAlgorithmCount; /* 1 */ + __le16 SaltLength; + __le16 HashAlgorithms; /* HashAlgorithms[0] since only one defined */ + __u8 Salt[SMB311_SALT_SIZE]; +} __packed; + +/* Encryption Algorithms Ciphers */ +#define SMB2_ENCRYPTION_AES128_CCM cpu_to_le16(0x0001) +#define SMB2_ENCRYPTION_AES128_GCM cpu_to_le16(0x0002) + +struct smb2_encryption_neg_context { + __le16 ContextType; /* 2 */ + __le16 DataLength; + __le32 Reserved; + __le16 CipherCount; /* AES-128-GCM and AES-128-CCM */ + __le16 Ciphers[1]; /* Ciphers[0] since only one used now */ +} __packed; + +#define SMB3_COMPRESS_NONE cpu_to_le16(0x0000) +#define SMB3_COMPRESS_LZNT1 cpu_to_le16(0x0001) +#define SMB3_COMPRESS_LZ77 cpu_to_le16(0x0002) +#define SMB3_COMPRESS_LZ77_HUFF cpu_to_le16(0x0003) + +struct smb2_compression_ctx { + __le16 ContextType; /* 3 */ + __le16 DataLength; + __le32 Reserved; + __le16 CompressionAlgorithmCount; + __u16 Padding; + __le32 Reserved1; + __le16 CompressionAlgorithms[1]; +} __packed; + +#define POSIX_CTXT_DATA_LEN 16 +struct smb2_posix_neg_context { + __le16 ContextType; /* 0x100 */ + __le16 DataLength; + __le32 Reserved; + __u8 Name[16]; /* POSIX ctxt GUID 93AD25509CB411E7B42383DE968BCD7C */ +} __packed; + +struct smb2_netname_neg_context { + __le16 ContextType; /* 0x100 */ + __le16 DataLength; + __le32 Reserved; + __le16 NetName[0]; /* hostname of target converted to UCS-2 */ +} __packed; + +struct smb2_negotiate_rsp { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 65 */ + __le16 SecurityMode; + __le16 DialectRevision; + __le16 NegotiateContextCount; /* Prior to SMB3.1.1 was Reserved & MBZ */ + __u8 ServerGUID[16]; + __le32 Capabilities; + __le32 MaxTransactSize; + __le32 MaxReadSize; + __le32 MaxWriteSize; + __le64 SystemTime; /* MBZ */ + __le64 ServerStartTime; + __le16 SecurityBufferOffset; + __le16 SecurityBufferLength; + __le32 NegotiateContextOffset; /* Pre:SMB3.1.1 was reserved/ignored */ + __u8 Buffer[1]; /* variable length GSS security buffer */ +} __packed; + +/* Flags */ +#define SMB2_SESSION_REQ_FLAG_BINDING 0x01 +#define SMB2_SESSION_REQ_FLAG_ENCRYPT_DATA 0x04 + +#define SMB2_SESSION_EXPIRED (0) +#define SMB2_SESSION_IN_PROGRESS (1 << 0) +#define SMB2_SESSION_VALID (1 << 1) + +/* Flags */ +#define SMB2_SESSION_REQ_FLAG_BINDING 0x01 +#define SMB2_SESSION_REQ_FLAG_ENCRYPT_DATA 0x04 + +struct smb2_sess_setup_req { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 25 */ + __u8 Flags; + __u8 SecurityMode; + __le32 Capabilities; + __le32 Channel; + __le16 SecurityBufferOffset; + __le16 SecurityBufferLength; + __le64 PreviousSessionId; + __u8 Buffer[1]; /* variable length GSS security buffer */ +} __packed; + +/* Flags/Reserved for SMB3.1.1 */ +#define SMB2_SHAREFLAG_CLUSTER_RECONNECT 0x0001 + +/* Currently defined SessionFlags */ +#define SMB2_SESSION_FLAG_IS_GUEST_LE cpu_to_le16(0x0001) +#define SMB2_SESSION_FLAG_IS_NULL_LE cpu_to_le16(0x0002) +#define SMB2_SESSION_FLAG_ENCRYPT_DATA_LE cpu_to_le16(0x0004) +struct smb2_sess_setup_rsp { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 9 */ + __le16 SessionFlags; + __le16 SecurityBufferOffset; + __le16 SecurityBufferLength; + __u8 Buffer[1]; /* variable length GSS security buffer */ +} __packed; + +struct smb2_logoff_req { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 4 */ + __le16 Reserved; +} __packed; + +struct smb2_logoff_rsp { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 4 */ + __le16 Reserved; +} __packed; + +struct smb2_tree_connect_req { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 9 */ + __le16 Reserved; /* Flags in SMB3.1.1 */ + __le16 PathOffset; + __le16 PathLength; + __u8 Buffer[1]; /* variable length */ +} __packed; + +struct smb2_tree_connect_rsp { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 16 */ + __u8 ShareType; /* see below */ + __u8 Reserved; + __le32 ShareFlags; /* see below */ + __le32 Capabilities; /* see below */ + __le32 MaximalAccess; +} __packed; + +/* Possible ShareType values */ +#define SMB2_SHARE_TYPE_DISK 0x01 +#define SMB2_SHARE_TYPE_PIPE 0x02 +#define SMB2_SHARE_TYPE_PRINT 0x03 + +/* + * Possible ShareFlags - exactly one and only one of the first 4 caching flags + * must be set (any of the remaining, SHI1005, flags may be set individually + * or in combination. + */ +#define SMB2_SHAREFLAG_MANUAL_CACHING 0x00000000 +#define SMB2_SHAREFLAG_AUTO_CACHING 0x00000010 +#define SMB2_SHAREFLAG_VDO_CACHING 0x00000020 +#define SMB2_SHAREFLAG_NO_CACHING 0x00000030 +#define SHI1005_FLAGS_DFS 0x00000001 +#define SHI1005_FLAGS_DFS_ROOT 0x00000002 +#define SHI1005_FLAGS_RESTRICT_EXCLUSIVE_OPENS 0x00000100 +#define SHI1005_FLAGS_FORCE_SHARED_DELETE 0x00000200 +#define SHI1005_FLAGS_ALLOW_NAMESPACE_CACHING 0x00000400 +#define SHI1005_FLAGS_ACCESS_BASED_DIRECTORY_ENUM 0x00000800 +#define SHI1005_FLAGS_FORCE_LEVELII_OPLOCK 0x00001000 +#define SHI1005_FLAGS_ENABLE_HASH 0x00002000 + +/* Possible share capabilities */ +#define SMB2_SHARE_CAP_DFS cpu_to_le32(0x00000008) + +struct smb2_tree_disconnect_req { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 4 */ + __le16 Reserved; +} __packed; + +struct smb2_tree_disconnect_rsp { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 4 */ + __le16 Reserved; +} __packed; + +#define ATTR_READONLY_LE cpu_to_le32(ATTR_READONLY) +#define ATTR_HIDDEN_LE cpu_to_le32(ATTR_HIDDEN) +#define ATTR_SYSTEM_LE cpu_to_le32(ATTR_SYSTEM) +#define ATTR_DIRECTORY_LE cpu_to_le32(ATTR_DIRECTORY) +#define ATTR_ARCHIVE_LE cpu_to_le32(ATTR_ARCHIVE) +#define ATTR_NORMAL_LE cpu_to_le32(ATTR_NORMAL) +#define ATTR_TEMPORARY_LE cpu_to_le32(ATTR_TEMPORARY) +#define ATTR_SPARSE_FILE_LE cpu_to_le32(ATTR_SPARSE) +#define ATTR_REPARSE_POINT_LE cpu_to_le32(ATTR_REPARSE) +#define ATTR_COMPRESSED_LE cpu_to_le32(ATTR_COMPRESSED) +#define ATTR_OFFLINE_LE cpu_to_le32(ATTR_OFFLINE) +#define ATTR_NOT_CONTENT_INDEXED_LE cpu_to_le32(ATTR_NOT_CONTENT_INDEXED) +#define ATTR_ENCRYPTED_LE cpu_to_le32(ATTR_ENCRYPTED) +#define ATTR_INTEGRITY_STREAML_LE cpu_to_le32(0x00008000) +#define ATTR_NO_SCRUB_DATA_LE cpu_to_le32(0x00020000) +#define ATTR_MASK_LE cpu_to_le32(0x00007FB7) + +/* Oplock levels */ +#define SMB2_OPLOCK_LEVEL_NONE 0x00 +#define SMB2_OPLOCK_LEVEL_II 0x01 +#define SMB2_OPLOCK_LEVEL_EXCLUSIVE 0x08 +#define SMB2_OPLOCK_LEVEL_BATCH 0x09 +#define SMB2_OPLOCK_LEVEL_LEASE 0xFF +/* Non-spec internal type */ +#define SMB2_OPLOCK_LEVEL_NOCHANGE 0x99 + +/* Desired Access Flags */ +#define FILE_READ_DATA_LE cpu_to_le32(0x00000001) +#define FILE_LIST_DIRECTORY_LE cpu_to_le32(0x00000001) +#define FILE_WRITE_DATA_LE cpu_to_le32(0x00000002) +#define FILE_ADD_FILE_LE cpu_to_le32(0x00000002) +#define FILE_APPEND_DATA_LE cpu_to_le32(0x00000004) +#define FILE_ADD_SUBDIRECTORY_LE cpu_to_le32(0x00000004) +#define FILE_READ_EA_LE cpu_to_le32(0x00000008) +#define FILE_WRITE_EA_LE cpu_to_le32(0x00000010) +#define FILE_EXECUTE_LE cpu_to_le32(0x00000020) +#define FILE_TRAVERSE_LE cpu_to_le32(0x00000020) +#define FILE_DELETE_CHILD_LE cpu_to_le32(0x00000040) +#define FILE_READ_ATTRIBUTES_LE cpu_to_le32(0x00000080) +#define FILE_WRITE_ATTRIBUTES_LE cpu_to_le32(0x00000100) +#define FILE_DELETE_LE cpu_to_le32(0x00010000) +#define FILE_READ_CONTROL_LE cpu_to_le32(0x00020000) +#define FILE_WRITE_DAC_LE cpu_to_le32(0x00040000) +#define FILE_WRITE_OWNER_LE cpu_to_le32(0x00080000) +#define FILE_SYNCHRONIZE_LE cpu_to_le32(0x00100000) +#define FILE_ACCESS_SYSTEM_SECURITY_LE cpu_to_le32(0x01000000) +#define FILE_MAXIMAL_ACCESS_LE cpu_to_le32(0x02000000) +#define FILE_GENERIC_ALL_LE cpu_to_le32(0x10000000) +#define FILE_GENERIC_EXECUTE_LE cpu_to_le32(0x20000000) +#define FILE_GENERIC_WRITE_LE cpu_to_le32(0x40000000) +#define FILE_GENERIC_READ_LE cpu_to_le32(0x80000000) +#define DESIRED_ACCESS_MASK cpu_to_le32(0xF21F01FF) + +/* ShareAccess Flags */ +#define FILE_SHARE_READ_LE cpu_to_le32(0x00000001) +#define FILE_SHARE_WRITE_LE cpu_to_le32(0x00000002) +#define FILE_SHARE_DELETE_LE cpu_to_le32(0x00000004) +#define FILE_SHARE_ALL_LE cpu_to_le32(0x00000007) + +/* CreateDisposition Flags */ +#define FILE_SUPERSEDE_LE cpu_to_le32(0x00000000) +#define FILE_OPEN_LE cpu_to_le32(0x00000001) +#define FILE_CREATE_LE cpu_to_le32(0x00000002) +#define FILE_OPEN_IF_LE cpu_to_le32(0x00000003) +#define FILE_OVERWRITE_LE cpu_to_le32(0x00000004) +#define FILE_OVERWRITE_IF_LE cpu_to_le32(0x00000005) +#define FILE_CREATE_MASK_LE cpu_to_le32(0x00000007) + +#define FILE_READ_DESIRED_ACCESS_LE (FILE_READ_DATA_LE | \ + FILE_READ_EA_LE | \ + FILE_GENERIC_READ_LE) +#define FILE_WRITE_DESIRE_ACCESS_LE (FILE_WRITE_DATA_LE | \ + FILE_APPEND_DATA_LE | \ + FILE_WRITE_EA_LE | \ + FILE_WRITE_ATTRIBUTES_LE | \ + FILE_GENERIC_WRITE_LE) + +/* Impersonation Levels */ +#define IL_ANONYMOUS_LE cpu_to_le32(0x00000000) +#define IL_IDENTIFICATION_LE cpu_to_le32(0x00000001) +#define IL_IMPERSONATION_LE cpu_to_le32(0x00000002) +#define IL_DELEGATE_LE cpu_to_le32(0x00000003) + +/* Create Context Values */ +#define SMB2_CREATE_EA_BUFFER "ExtA" /* extended attributes */ +#define SMB2_CREATE_SD_BUFFER "SecD" /* security descriptor */ +#define SMB2_CREATE_DURABLE_HANDLE_REQUEST "DHnQ" +#define SMB2_CREATE_DURABLE_HANDLE_RECONNECT "DHnC" +#define SMB2_CREATE_ALLOCATION_SIZE "AlSi" +#define SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST "MxAc" +#define SMB2_CREATE_TIMEWARP_REQUEST "TWrp" +#define SMB2_CREATE_QUERY_ON_DISK_ID "QFid" +#define SMB2_CREATE_REQUEST_LEASE "RqLs" +#define SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2 "DH2Q" +#define SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 "DH2C" +#define SMB2_CREATE_APP_INSTANCE_ID "\x45\xBC\xA6\x6A\xEF\xA7\xF7\x4A\x90\x08\xFA\x46\x2E\x14\x4D\x74" + #define SMB2_CREATE_APP_INSTANCE_VERSION "\xB9\x82\xD0\xB7\x3B\x56\x07\x4F\xA0\x7B\x52\x4A\x81\x16\xA0\x10" +#define SVHDX_OPEN_DEVICE_CONTEXT 0x83CE6F1AD851E0986E34401CC9BCFCE9 +#define SMB2_CREATE_TAG_POSIX "\x93\xAD\x25\x50\x9C\xB4\x11\xE7\xB4\x23\x83\xDE\x96\x8B\xCD\x7C" + +struct smb2_create_req { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 57 */ + __u8 SecurityFlags; + __u8 RequestedOplockLevel; + __le32 ImpersonationLevel; + __le64 SmbCreateFlags; + __le64 Reserved; + __le32 DesiredAccess; + __le32 FileAttributes; + __le32 ShareAccess; + __le32 CreateDisposition; + __le32 CreateOptions; + __le16 NameOffset; + __le16 NameLength; + __le32 CreateContextsOffset; + __le32 CreateContextsLength; + __u8 Buffer[0]; +} __packed; + +struct smb2_create_rsp { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 89 */ + __u8 OplockLevel; + __u8 Reserved; + __le32 CreateAction; + __le64 CreationTime; + __le64 LastAccessTime; + __le64 LastWriteTime; + __le64 ChangeTime; + __le64 AllocationSize; + __le64 EndofFile; + __le32 FileAttributes; + __le32 Reserved2; + __le64 PersistentFileId; + __le64 VolatileFileId; + __le32 CreateContextsOffset; + __le32 CreateContextsLength; + __u8 Buffer[1]; +} __packed; + +struct create_context { + __le32 Next; + __le16 NameOffset; + __le16 NameLength; + __le16 Reserved; + __le16 DataOffset; + __le32 DataLength; + __u8 Buffer[0]; +} __packed; + +struct create_durable_req_v2 { + struct create_context ccontext; + __u8 Name[8]; + __le32 Timeout; + __le32 Flags; + __u8 Reserved[8]; + __u8 CreateGuid[16]; +} __packed; + +struct create_durable_reconn_req { + struct create_context ccontext; + __u8 Name[8]; + union { + __u8 Reserved[16]; + struct { + __le64 PersistentFileId; + __le64 VolatileFileId; + } Fid; + } Data; +} __packed; + +struct create_durable_reconn_v2_req { + struct create_context ccontext; + __u8 Name[8]; + struct { + __le64 PersistentFileId; + __le64 VolatileFileId; + } Fid; + __u8 CreateGuid[16]; + __le32 Flags; +} __packed; + +struct create_app_inst_id { + struct create_context ccontext; + __u8 Name[8]; + __u8 Reserved[8]; + __u8 AppInstanceId[16]; +} __packed; + +struct create_app_inst_id_vers { + struct create_context ccontext; + __u8 Name[8]; + __u8 Reserved[2]; + __u8 Padding[4]; + __le64 AppInstanceVersionHigh; + __le64 AppInstanceVersionLow; +} __packed; + +struct create_mxac_req { + struct create_context ccontext; + __u8 Name[8]; + __le64 Timestamp; +} __packed; + +struct create_alloc_size_req { + struct create_context ccontext; + __u8 Name[8]; + __le64 AllocationSize; +} __packed; + +struct create_posix { + struct create_context ccontext; + __u8 Name[16]; + __le32 Mode; + __u32 Reserved; +} __packed; + +struct create_durable_rsp { + struct create_context ccontext; + __u8 Name[8]; + union { + __u8 Reserved[8]; + __u64 data; + } Data; +} __packed; + +struct create_durable_v2_rsp { + struct create_context ccontext; + __u8 Name[8]; + __le32 Timeout; + __le32 Flags; +} __packed; + +struct create_mxac_rsp { + struct create_context ccontext; + __u8 Name[8]; + __le32 QueryStatus; + __le32 MaximalAccess; +} __packed; + +struct create_disk_id_rsp { + struct create_context ccontext; + __u8 Name[8]; + __le64 DiskFileId; + __le64 VolumeId; + __u8 Reserved[16]; +} __packed; + +/* equivalent of the contents of SMB3.1.1 POSIX open context response */ +struct create_posix_rsp { + struct create_context ccontext; + __u8 Name[16]; + __le32 nlink; + __le32 reparse_tag; + __le32 mode; + u8 SidBuffer[40]; +} __packed; + +#define SMB2_LEASE_NONE_LE cpu_to_le32(0x00) +#define SMB2_LEASE_READ_CACHING_LE cpu_to_le32(0x01) +#define SMB2_LEASE_HANDLE_CACHING_LE cpu_to_le32(0x02) +#define SMB2_LEASE_WRITE_CACHING_LE cpu_to_le32(0x04) + +#define SMB2_LEASE_FLAG_BREAK_IN_PROGRESS_LE cpu_to_le32(0x02) + +struct lease_context { + __le64 LeaseKeyLow; + __le64 LeaseKeyHigh; + __le32 LeaseState; + __le32 LeaseFlags; + __le64 LeaseDuration; +} __packed; + +struct create_lease { + struct create_context ccontext; + __u8 Name[8]; + struct lease_context lcontext; +} __packed; + +/* Currently defined values for close flags */ +#define SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB cpu_to_le16(0x0001) +struct smb2_close_req { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 24 */ + __le16 Flags; + __le32 Reserved; + __le64 PersistentFileId; + __le64 VolatileFileId; +} __packed; + +struct smb2_close_rsp { + struct smb2_hdr hdr; + __le16 StructureSize; /* 60 */ + __le16 Flags; + __le32 Reserved; + __le64 CreationTime; + __le64 LastAccessTime; + __le64 LastWriteTime; + __le64 ChangeTime; + __le64 AllocationSize; /* Beginning of FILE_STANDARD_INFO equivalent */ + __le64 EndOfFile; + __le32 Attributes; +} __packed; + +struct smb2_flush_req { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 24 */ + __le16 Reserved1; + __le32 Reserved2; + __le64 PersistentFileId; + __le64 VolatileFileId; +} __packed; + +struct smb2_flush_rsp { + struct smb2_hdr hdr; + __le16 StructureSize; + __le16 Reserved; +} __packed; + +struct smb2_buffer_desc_v1 { + __le64 offset; + __le32 token; + __le32 length; +} __packed; + +#define SMB2_CHANNEL_NONE cpu_to_le32(0x00000000) +#define SMB2_CHANNEL_RDMA_V1 cpu_to_le32(0x00000001) +#define SMB2_CHANNEL_RDMA_V1_INVALIDATE cpu_to_le32(0x00000002) + +struct smb2_read_req { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 49 */ + __u8 Padding; /* offset from start of SMB2 header to place read */ + __u8 Reserved; + __le32 Length; + __le64 Offset; + __le64 PersistentFileId; + __le64 VolatileFileId; + __le32 MinimumCount; + __le32 Channel; /* Reserved MBZ */ + __le32 RemainingBytes; + __le16 ReadChannelInfoOffset; /* Reserved MBZ */ + __le16 ReadChannelInfoLength; /* Reserved MBZ */ + __u8 Buffer[1]; +} __packed; + +struct smb2_read_rsp { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 17 */ + __u8 DataOffset; + __u8 Reserved; + __le32 DataLength; + __le32 DataRemaining; + __u32 Reserved2; + __u8 Buffer[1]; +} __packed; + +/* For write request Flags field below the following flag is defined: */ +#define SMB2_WRITEFLAG_WRITE_THROUGH 0x00000001 + +struct smb2_write_req { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 49 */ + __le16 DataOffset; /* offset from start of SMB2 header to write data */ + __le32 Length; + __le64 Offset; + __le64 PersistentFileId; + __le64 VolatileFileId; + __le32 Channel; /* Reserved MBZ */ + __le32 RemainingBytes; + __le16 WriteChannelInfoOffset; /* Reserved MBZ */ + __le16 WriteChannelInfoLength; /* Reserved MBZ */ + __le32 Flags; + __u8 Buffer[1]; +} __packed; + +struct smb2_write_rsp { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 17 */ + __u8 DataOffset; + __u8 Reserved; + __le32 DataLength; + __le32 DataRemaining; + __u32 Reserved2; + __u8 Buffer[1]; +} __packed; + +#define SMB2_0_IOCTL_IS_FSCTL 0x00000001 + +struct smb2_ioctl_req { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 57 */ + __le16 Reserved; /* offset from start of SMB2 header to write data */ + __le32 CntCode; + __le64 PersistentFileId; + __le64 VolatileFileId; + __le32 InputOffset; /* Reserved MBZ */ + __le32 InputCount; + __le32 MaxInputResponse; + __le32 OutputOffset; + __le32 OutputCount; + __le32 MaxOutputResponse; + __le32 Flags; + __le32 Reserved2; + __u8 Buffer[1]; +} __packed; + +struct smb2_ioctl_rsp { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 49 */ + __le16 Reserved; /* offset from start of SMB2 header to write data */ + __le32 CntCode; + __le64 PersistentFileId; + __le64 VolatileFileId; + __le32 InputOffset; /* Reserved MBZ */ + __le32 InputCount; + __le32 OutputOffset; + __le32 OutputCount; + __le32 Flags; + __le32 Reserved2; + __u8 Buffer[1]; +} __packed; + +struct validate_negotiate_info_req { + __le32 Capabilities; + __u8 Guid[SMB2_CLIENT_GUID_SIZE]; + __le16 SecurityMode; + __le16 DialectCount; + __le16 Dialects[1]; /* dialect (someday maybe list) client asked for */ +} __packed; + +struct validate_negotiate_info_rsp { + __le32 Capabilities; + __u8 Guid[SMB2_CLIENT_GUID_SIZE]; + __le16 SecurityMode; + __le16 Dialect; /* Dialect in use for the connection */ +} __packed; + +struct smb_sockaddr_in { + __be16 Port; + __be32 IPv4address; + __u8 Reserved[8]; +} __packed; + +struct smb_sockaddr_in6 { + __be16 Port; + __be32 FlowInfo; + __u8 IPv6address[16]; + __be32 ScopeId; +} __packed; + +#define INTERNETWORK 0x0002 +#define INTERNETWORKV6 0x0017 + +struct sockaddr_storage_rsp { + __le16 Family; + union { + struct smb_sockaddr_in addr4; + struct smb_sockaddr_in6 addr6; + }; +} __packed; + +#define RSS_CAPABLE 0x00000001 +#define RDMA_CAPABLE 0x00000002 + +struct network_interface_info_ioctl_rsp { + __le32 Next; /* next interface. zero if this is last one */ + __le32 IfIndex; + __le32 Capability; /* RSS or RDMA Capable */ + __le32 Reserved; + __le64 LinkSpeed; + char SockAddr_Storage[128]; +} __packed; + +struct file_object_buf_type1_ioctl_rsp { + __u8 ObjectId[16]; + __u8 BirthVolumeId[16]; + __u8 BirthObjectId[16]; + __u8 DomainId[16]; +} __packed; + +struct resume_key_ioctl_rsp { + __le64 ResumeKey[3]; + __le32 ContextLength; + __u8 Context[4]; /* ignored, Windows sets to 4 bytes of zero */ +} __packed; + +struct copychunk_ioctl_req { + __le64 ResumeKey[3]; + __le32 ChunkCount; + __le32 Reserved; + __u8 Chunks[1]; /* array of srv_copychunk */ +} __packed; + +struct srv_copychunk { + __le64 SourceOffset; + __le64 TargetOffset; + __le32 Length; + __le32 Reserved; +} __packed; + +struct copychunk_ioctl_rsp { + __le32 ChunksWritten; + __le32 ChunkBytesWritten; + __le32 TotalBytesWritten; +} __packed; + +struct file_sparse { + __u8 SetSparse; +} __packed; + +struct file_zero_data_information { + __le64 FileOffset; + __le64 BeyondFinalZero; +} __packed; + +struct file_allocated_range_buffer { + __le64 file_offset; + __le64 length; +} __packed; + +struct reparse_data_buffer { + __le32 ReparseTag; + __le16 ReparseDataLength; + __u16 Reserved; + __u8 DataBuffer[]; /* Variable Length */ +} __packed; + +/* Completion Filter flags for Notify */ +#define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001 +#define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002 +#define FILE_NOTIFY_CHANGE_NAME 0x00000003 +#define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004 +#define FILE_NOTIFY_CHANGE_SIZE 0x00000008 +#define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010 +#define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020 +#define FILE_NOTIFY_CHANGE_CREATION 0x00000040 +#define FILE_NOTIFY_CHANGE_EA 0x00000080 +#define FILE_NOTIFY_CHANGE_SECURITY 0x00000100 +#define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200 +#define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400 +#define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800 + +/* Flags */ +#define SMB2_WATCH_TREE 0x0001 + +struct smb2_notify_req { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 32 */ + __le16 Flags; + __le32 OutputBufferLength; + __le64 PersistentFileId; + __le64 VolatileFileId; + __u32 CompletionFileter; + __u32 Reserved; +} __packed; + +struct smb2_notify_rsp { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 9 */ + __le16 OutputBufferOffset; + __le32 OutputBufferLength; + __u8 Buffer[1]; +} __packed; + +/* SMB2 Notify Action Flags */ +#define FILE_ACTION_ADDED 0x00000001 +#define FILE_ACTION_REMOVED 0x00000002 +#define FILE_ACTION_MODIFIED 0x00000003 +#define FILE_ACTION_RENAMED_OLD_NAME 0x00000004 +#define FILE_ACTION_RENAMED_NEW_NAME 0x00000005 +#define FILE_ACTION_ADDED_STREAM 0x00000006 +#define FILE_ACTION_REMOVED_STREAM 0x00000007 +#define FILE_ACTION_MODIFIED_STREAM 0x00000008 +#define FILE_ACTION_REMOVED_BY_DELETE 0x00000009 + +#define SMB2_LOCKFLAG_SHARED 0x0001 +#define SMB2_LOCKFLAG_EXCLUSIVE 0x0002 +#define SMB2_LOCKFLAG_UNLOCK 0x0004 +#define SMB2_LOCKFLAG_FAIL_IMMEDIATELY 0x0010 +#define SMB2_LOCKFLAG_MASK 0x0007 + +struct smb2_lock_element { + __le64 Offset; + __le64 Length; + __le32 Flags; + __le32 Reserved; +} __packed; + +struct smb2_lock_req { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 48 */ + __le16 LockCount; + __le32 Reserved; + __le64 PersistentFileId; + __le64 VolatileFileId; + /* Followed by at least one */ + struct smb2_lock_element locks[1]; +} __packed; + +struct smb2_lock_rsp { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 4 */ + __le16 Reserved; +} __packed; + +struct smb2_echo_req { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 4 */ + __u16 Reserved; +} __packed; + +struct smb2_echo_rsp { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 4 */ + __u16 Reserved; +} __packed; + +/* search (query_directory) Flags field */ +#define SMB2_RESTART_SCANS 0x01 +#define SMB2_RETURN_SINGLE_ENTRY 0x02 +#define SMB2_INDEX_SPECIFIED 0x04 +#define SMB2_REOPEN 0x10 + +struct smb2_query_directory_req { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 33 */ + __u8 FileInformationClass; + __u8 Flags; + __le32 FileIndex; + __le64 PersistentFileId; + __le64 VolatileFileId; + __le16 FileNameOffset; + __le16 FileNameLength; + __le32 OutputBufferLength; + __u8 Buffer[1]; +} __packed; + +struct smb2_query_directory_rsp { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 9 */ + __le16 OutputBufferOffset; + __le32 OutputBufferLength; + __u8 Buffer[1]; +} __packed; + +/* Possible InfoType values */ +#define SMB2_O_INFO_FILE 0x01 +#define SMB2_O_INFO_FILESYSTEM 0x02 +#define SMB2_O_INFO_SECURITY 0x03 +#define SMB2_O_INFO_QUOTA 0x04 + +/* Security info type additionalinfo flags. See MS-SMB2 (2.2.37) or MS-DTYP */ +#define OWNER_SECINFO 0x00000001 +#define GROUP_SECINFO 0x00000002 +#define DACL_SECINFO 0x00000004 +#define SACL_SECINFO 0x00000008 +#define LABEL_SECINFO 0x00000010 +#define ATTRIBUTE_SECINFO 0x00000020 +#define SCOPE_SECINFO 0x00000040 +#define BACKUP_SECINFO 0x00010000 +#define UNPROTECTED_SACL_SECINFO 0x10000000 +#define UNPROTECTED_DACL_SECINFO 0x20000000 +#define PROTECTED_SACL_SECINFO 0x40000000 +#define PROTECTED_DACL_SECINFO 0x80000000 + +struct smb2_query_info_req { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 41 */ + __u8 InfoType; + __u8 FileInfoClass; + __le32 OutputBufferLength; + __le16 InputBufferOffset; + __u16 Reserved; + __le32 InputBufferLength; + __le32 AdditionalInformation; + __le32 Flags; + __le64 PersistentFileId; + __le64 VolatileFileId; + __u8 Buffer[1]; +} __packed; + +struct smb2_query_info_rsp { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 9 */ + __le16 OutputBufferOffset; + __le32 OutputBufferLength; + __u8 Buffer[1]; +} __packed; + +struct smb2_set_info_req { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 33 */ + __u8 InfoType; + __u8 FileInfoClass; + __le32 BufferLength; + __le16 BufferOffset; + __u16 Reserved; + __le32 AdditionalInformation; + __le64 PersistentFileId; + __le64 VolatileFileId; + __u8 Buffer[1]; +} __packed; + +struct smb2_set_info_rsp { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 2 */ +} __packed; + + +/* FILE Info response size */ +#define FILE_DIRECTORY_INFORMATION_SIZE 1 +#define FILE_FULL_DIRECTORY_INFORMATION_SIZE 2 +#define FILE_BOTH_DIRECTORY_INFORMATION_SIZE 3 +#define FILE_BASIC_INFORMATION_SIZE 40 +#define FILE_STANDARD_INFORMATION_SIZE 24 +#define FILE_INTERNAL_INFORMATION_SIZE 8 +#define FILE_EA_INFORMATION_SIZE 4 +#define FILE_ACCESS_INFORMATION_SIZE 4 +#define FILE_NAME_INFORMATION_SIZE 9 +#define FILE_RENAME_INFORMATION_SIZE 10 +#define FILE_LINK_INFORMATION_SIZE 11 +#define FILE_NAMES_INFORMATION_SIZE 12 +#define FILE_DISPOSITION_INFORMATION_SIZE 13 +#define FILE_POSITION_INFORMATION_SIZE 14 +#define FILE_FULL_EA_INFORMATION_SIZE 15 +#define FILE_MODE_INFORMATION_SIZE 4 +#define FILE_ALIGNMENT_INFORMATION_SIZE 4 +#define FILE_ALL_INFORMATION_SIZE 104 +#define FILE_ALLOCATION_INFORMATION_SIZE 19 +#define FILE_END_OF_FILE_INFORMATION_SIZE 20 +#define FILE_ALTERNATE_NAME_INFORMATION_SIZE 8 +#define FILE_STREAM_INFORMATION_SIZE 32 +#define FILE_PIPE_INFORMATION_SIZE 23 +#define FILE_PIPE_LOCAL_INFORMATION_SIZE 24 +#define FILE_PIPE_REMOTE_INFORMATION_SIZE 25 +#define FILE_MAILSLOT_QUERY_INFORMATION_SIZE 26 +#define FILE_MAILSLOT_SET_INFORMATION_SIZE 27 +#define FILE_COMPRESSION_INFORMATION_SIZE 16 +#define FILE_OBJECT_ID_INFORMATION_SIZE 29 +/* Number 30 not defined in documents */ +#define FILE_MOVE_CLUSTER_INFORMATION_SIZE 31 +#define FILE_QUOTA_INFORMATION_SIZE 32 +#define FILE_REPARSE_POINT_INFORMATION_SIZE 33 +#define FILE_NETWORK_OPEN_INFORMATION_SIZE 56 +#define FILE_ATTRIBUTE_TAG_INFORMATION_SIZE 8 + + +/* FS Info response size */ +#define FS_DEVICE_INFORMATION_SIZE 8 +#define FS_ATTRIBUTE_INFORMATION_SIZE 16 +#define FS_VOLUME_INFORMATION_SIZE 24 +#define FS_SIZE_INFORMATION_SIZE 24 +#define FS_FULL_SIZE_INFORMATION_SIZE 32 +#define FS_SECTOR_SIZE_INFORMATION_SIZE 28 +#define FS_OBJECT_ID_INFORMATION_SIZE 64 +#define FS_CONTROL_INFORMATION_SIZE 48 +#define FS_POSIX_INFORMATION_SIZE 56 + +/* FS_ATTRIBUTE_File_System_Name */ +#define FS_TYPE_SUPPORT_SIZE 44 +struct fs_type_info { + char *fs_name; + long magic_number; +} __packed; + +struct smb2_oplock_break { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 24 */ + __u8 OplockLevel; + __u8 Reserved; + __le32 Reserved2; + __le64 PersistentFid; + __le64 VolatileFid; +} __packed; + +#define SMB2_NOTIFY_BREAK_LEASE_FLAG_ACK_REQUIRED cpu_to_le32(0x01) + +struct smb2_lease_break { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 44 */ + __le16 Reserved; + __le32 Flags; + __u8 LeaseKey[16]; + __le32 CurrentLeaseState; + __le32 NewLeaseState; + __le32 BreakReason; + __le32 AccessMaskHint; + __le32 ShareMaskHint; +} __packed; + +struct smb2_lease_ack { + struct smb2_hdr hdr; + __le16 StructureSize; /* Must be 36 */ + __le16 Reserved; + __le32 Flags; + __u8 LeaseKey[16]; + __le32 LeaseState; + __le64 LeaseDuration; +} __packed; + +/* + * PDU infolevel structure definitions + * BB consider moving to a different header + */ + +/* File System Information Classes */ +#define FS_VOLUME_INFORMATION 1 /* Query */ +#define FS_LABEL_INFORMATION 2 /* Set */ +#define FS_SIZE_INFORMATION 3 /* Query */ +#define FS_DEVICE_INFORMATION 4 /* Query */ +#define FS_ATTRIBUTE_INFORMATION 5 /* Query */ +#define FS_CONTROL_INFORMATION 6 /* Query, Set */ +#define FS_FULL_SIZE_INFORMATION 7 /* Query */ +#define FS_OBJECT_ID_INFORMATION 8 /* Query, Set */ +#define FS_DRIVER_PATH_INFORMATION 9 /* Query */ +#define FS_SECTOR_SIZE_INFORMATION 11 /* SMB3 or later. Query */ +#define FS_POSIX_INFORMATION 100 /* SMB3.1.1 POSIX. Query */ + +struct smb2_fs_full_size_info { + __le64 TotalAllocationUnits; + __le64 CallerAvailableAllocationUnits; + __le64 ActualAvailableAllocationUnits; + __le32 SectorsPerAllocationUnit; + __le32 BytesPerSector; +} __packed; + +#define SSINFO_FLAGS_ALIGNED_DEVICE 0x00000001 +#define SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE 0x00000002 +#define SSINFO_FLAGS_NO_SEEK_PENALTY 0x00000004 +#define SSINFO_FLAGS_TRIM_ENABLED 0x00000008 + +/* sector size info struct */ +struct smb3_fs_ss_info { + __le32 LogicalBytesPerSector; + __le32 PhysicalBytesPerSectorForAtomicity; + __le32 PhysicalBytesPerSectorForPerf; + __le32 FSEffPhysicalBytesPerSectorForAtomicity; + __le32 Flags; + __le32 ByteOffsetForSectorAlignment; + __le32 ByteOffsetForPartitionAlignment; +} __packed; + +/* File System Control Information */ +struct smb2_fs_control_info { + __le64 FreeSpaceStartFiltering; + __le64 FreeSpaceThreshold; + __le64 FreeSpaceStopFiltering; + __le64 DefaultQuotaThreshold; + __le64 DefaultQuotaLimit; + __le32 FileSystemControlFlags; + __le32 Padding; +} __packed; + +/* partial list of QUERY INFO levels */ +#define FILE_DIRECTORY_INFORMATION 1 +#define FILE_FULL_DIRECTORY_INFORMATION 2 +#define FILE_BOTH_DIRECTORY_INFORMATION 3 +#define FILE_BASIC_INFORMATION 4 +#define FILE_STANDARD_INFORMATION 5 +#define FILE_INTERNAL_INFORMATION 6 +#define FILE_EA_INFORMATION 7 +#define FILE_ACCESS_INFORMATION 8 +#define FILE_NAME_INFORMATION 9 +#define FILE_RENAME_INFORMATION 10 +#define FILE_LINK_INFORMATION 11 +#define FILE_NAMES_INFORMATION 12 +#define FILE_DISPOSITION_INFORMATION 13 +#define FILE_POSITION_INFORMATION 14 +#define FILE_FULL_EA_INFORMATION 15 +#define FILE_MODE_INFORMATION 16 +#define FILE_ALIGNMENT_INFORMATION 17 +#define FILE_ALL_INFORMATION 18 +#define FILE_ALLOCATION_INFORMATION 19 +#define FILE_END_OF_FILE_INFORMATION 20 +#define FILE_ALTERNATE_NAME_INFORMATION 21 +#define FILE_STREAM_INFORMATION 22 +#define FILE_PIPE_INFORMATION 23 +#define FILE_PIPE_LOCAL_INFORMATION 24 +#define FILE_PIPE_REMOTE_INFORMATION 25 +#define FILE_MAILSLOT_QUERY_INFORMATION 26 +#define FILE_MAILSLOT_SET_INFORMATION 27 +#define FILE_COMPRESSION_INFORMATION 28 +#define FILE_OBJECT_ID_INFORMATION 29 +/* Number 30 not defined in documents */ +#define FILE_MOVE_CLUSTER_INFORMATION 31 +#define FILE_QUOTA_INFORMATION 32 +#define FILE_REPARSE_POINT_INFORMATION 33 +#define FILE_NETWORK_OPEN_INFORMATION 34 +#define FILE_ATTRIBUTE_TAG_INFORMATION 35 +#define FILE_TRACKING_INFORMATION 36 +#define FILEID_BOTH_DIRECTORY_INFORMATION 37 +#define FILEID_FULL_DIRECTORY_INFORMATION 38 +#define FILE_VALID_DATA_LENGTH_INFORMATION 39 +#define FILE_SHORT_NAME_INFORMATION 40 +#define FILE_SFIO_RESERVE_INFORMATION 44 +#define FILE_SFIO_VOLUME_INFORMATION 45 +#define FILE_HARD_LINK_INFORMATION 46 +#define FILE_NORMALIZED_NAME_INFORMATION 48 +#define FILEID_GLOBAL_TX_DIRECTORY_INFORMATION 50 +#define FILE_STANDARD_LINK_INFORMATION 54 + +#define OP_BREAK_STRUCT_SIZE_20 24 +#define OP_BREAK_STRUCT_SIZE_21 36 + +struct smb2_file_access_info { + __le32 AccessFlags; +} __packed; + +struct smb2_file_alignment_info { + __le32 AlignmentRequirement; +} __packed; + +struct smb2_file_internal_info { + __le64 IndexNumber; +} __packed; /* level 6 Query */ + +struct smb2_file_rename_info { /* encoding of request for level 10 */ + __u8 ReplaceIfExists; /* 1 = replace existing target with new */ + /* 0 = fail if target already exists */ + __u8 Reserved[7]; + __u64 RootDirectory; /* MBZ for network operations (why says spec?) */ + __le32 FileNameLength; + char FileName[0]; /* New name to be assigned */ +} __packed; /* level 10 Set */ + +struct smb2_file_link_info { /* encoding of request for level 11 */ + __u8 ReplaceIfExists; /* 1 = replace existing link with new */ + /* 0 = fail if link already exists */ + __u8 Reserved[7]; + __u64 RootDirectory; /* MBZ for network operations (why says spec?) */ + __le32 FileNameLength; + char FileName[0]; /* Name to be assigned to new link */ +} __packed; /* level 11 Set */ + +/* + * This level 18, although with struct with same name is different from cifs + * level 0x107. Level 0x107 has an extra u64 between AccessFlags and + * CurrentByteOffset. + */ +struct smb2_file_all_info { /* data block encoding of response to level 18 */ + __le64 CreationTime; /* Beginning of FILE_BASIC_INFO equivalent */ + __le64 LastAccessTime; + __le64 LastWriteTime; + __le64 ChangeTime; + __le32 Attributes; + __u32 Pad1; /* End of FILE_BASIC_INFO_INFO equivalent */ + __le64 AllocationSize; /* Beginning of FILE_STANDARD_INFO equivalent */ + __le64 EndOfFile; /* size ie offset to first free byte in file */ + __le32 NumberOfLinks; /* hard links */ + __u8 DeletePending; + __u8 Directory; + __u16 Pad2; /* End of FILE_STANDARD_INFO equivalent */ + __le64 IndexNumber; + __le32 EASize; + __le32 AccessFlags; + __le64 CurrentByteOffset; + __le32 Mode; + __le32 AlignmentRequirement; + __le32 FileNameLength; + char FileName[1]; +} __packed; /* level 18 Query */ + +struct smb2_file_alt_name_info { + __le32 FileNameLength; + char FileName[0]; +} __packed; + +struct smb2_file_stream_info { + __le32 NextEntryOffset; + __le32 StreamNameLength; + __le64 StreamSize; + __le64 StreamAllocationSize; + char StreamName[0]; +} __packed; + +struct smb2_file_eof_info { /* encoding of request for level 10 */ + __le64 EndOfFile; /* new end of file value */ +} __packed; /* level 20 Set */ + +struct smb2_file_ntwrk_info { + __le64 CreationTime; + __le64 LastAccessTime; + __le64 LastWriteTime; + __le64 ChangeTime; + __le64 AllocationSize; + __le64 EndOfFile; + __le32 Attributes; + __le32 Reserved; +} __packed; + +struct smb2_file_standard_info { + __le64 AllocationSize; + __le64 EndOfFile; + __le32 NumberOfLinks; /* hard links */ + __u8 DeletePending; + __u8 Directory; + __le16 Reserved; +} __packed; /* level 18 Query */ + +struct smb2_file_ea_info { + __le32 EASize; +} __packed; + +struct smb2_file_alloc_info { + __le64 AllocationSize; +} __packed; + +struct smb2_file_disposition_info { + __u8 DeletePending; +} __packed; + +struct smb2_file_pos_info { + __le64 CurrentByteOffset; +} __packed; + +#define FILE_MODE_INFO_MASK cpu_to_le32(0x0000103e) + +struct smb2_file_mode_info { + __le32 Mode; +} __packed; + +#define COMPRESSION_FORMAT_NONE 0x0000 +#define COMPRESSION_FORMAT_LZNT1 0x0002 + +struct smb2_file_comp_info { + __le64 CompressedFileSize; + __le16 CompressionFormat; + __u8 CompressionUnitShift; + __u8 ChunkShift; + __u8 ClusterShift; + __u8 Reserved[3]; +} __packed; + +struct smb2_file_attr_tag_info { + __le32 FileAttributes; + __le32 ReparseTag; +} __packed; + +#define SL_RESTART_SCAN 0x00000001 +#define SL_RETURN_SINGLE_ENTRY 0x00000002 +#define SL_INDEX_SPECIFIED 0x00000004 + +struct smb2_ea_info_req { + __le32 NextEntryOffset; + __u8 EaNameLength; + char name[1]; +} __packed; /* level 15 Query */ + +struct smb2_ea_info { + __le32 NextEntryOffset; + __u8 Flags; + __u8 EaNameLength; + __le16 EaValueLength; + char name[1]; + /* optionally followed by value */ +} __packed; /* level 15 Query */ + +struct create_ea_buf_req { + struct create_context ccontext; + __u8 Name[8]; + struct smb2_ea_info ea; +} __packed; + +struct create_sd_buf_req { + struct create_context ccontext; + __u8 Name[8]; + struct smb_ntsd ntsd; +} __packed; + +/* Find File infolevels */ +#define SMB_FIND_FILE_POSIX_INFO 0x064 + +/* Level 100 query info */ +struct smb311_posix_qinfo { + __le64 CreationTime; + __le64 LastAccessTime; + __le64 LastWriteTime; + __le64 ChangeTime; + __le64 EndOfFile; + __le64 AllocationSize; + __le32 DosAttributes; + __le64 Inode; + __le32 DeviceId; + __le32 Zero; + /* beginning of POSIX Create Context Response */ + __le32 HardLinks; + __le32 ReparseTag; + __le32 Mode; + u8 Sids[]; + /* + * var sized owner SID + * var sized group SID + * le32 filenamelength + * u8 filename[] + */ +} __packed; + +struct smb2_posix_info { + __le32 NextEntryOffset; + __u32 Ignored; + __le64 CreationTime; + __le64 LastAccessTime; + __le64 LastWriteTime; + __le64 ChangeTime; + __le64 EndOfFile; + __le64 AllocationSize; + __le32 DosAttributes; + __le64 Inode; + __le32 DeviceId; + __le32 Zero; + /* beginning of POSIX Create Context Response */ + __le32 HardLinks; + __le32 ReparseTag; + __le32 Mode; + u8 SidBuffer[40]; + __le32 name_len; + u8 name[1]; + /* + * var sized owner SID + * var sized group SID + * le32 filenamelength + * u8 filename[] + */ +} __packed; + +/* functions */ + +extern int init_smb2_0_server(struct ksmbd_conn *conn); +extern void init_smb2_1_server(struct ksmbd_conn *conn); +extern void init_smb3_0_server(struct ksmbd_conn *conn); +extern void init_smb3_02_server(struct ksmbd_conn *conn); +extern int init_smb3_11_server(struct ksmbd_conn *conn); + +extern void init_smb2_max_read_size(unsigned int sz); +extern void init_smb2_max_write_size(unsigned int sz); +extern void init_smb2_max_trans_size(unsigned int sz); + +extern int is_smb2_neg_cmd(struct ksmbd_work *work); +extern int is_smb2_rsp(struct ksmbd_work *work); + +extern uint16_t get_smb2_cmd_val(struct ksmbd_work *work); +extern void set_smb2_rsp_status(struct ksmbd_work *work, __le32 err); +extern int init_smb2_rsp_hdr(struct ksmbd_work *work); +extern int smb2_allocate_rsp_buf(struct ksmbd_work *work); +extern bool is_chained_smb2_message(struct ksmbd_work *work); +extern int init_smb2_neg_rsp(struct ksmbd_work *work); +extern void smb2_set_err_rsp(struct ksmbd_work *work); +extern int smb2_check_user_session(struct ksmbd_work *work); +extern int smb2_get_ksmbd_tcon(struct ksmbd_work *work); +extern bool smb2_is_sign_req(struct ksmbd_work *work, unsigned int command); +extern int smb2_check_sign_req(struct ksmbd_work *work); +extern void smb2_set_sign_rsp(struct ksmbd_work *work); +extern int smb3_check_sign_req(struct ksmbd_work *work); +extern void smb3_set_sign_rsp(struct ksmbd_work *work); +extern int find_matching_smb2_dialect(int start_index, __le16 *cli_dialects, + __le16 dialects_count); +extern struct file_lock *smb_flock_init(struct file *f); +extern int setup_async_work(struct ksmbd_work *work, void (*fn)(void **), + void **arg); +extern void smb2_send_interim_resp(struct ksmbd_work *work, __le32 status); +extern struct channel *lookup_chann_list(struct ksmbd_session *sess); +extern void smb3_preauth_hash_rsp(struct ksmbd_work *work); +extern int smb3_is_transform_hdr(void *buf); +extern int smb3_decrypt_req(struct ksmbd_work *work); +extern int smb3_encrypt_resp(struct ksmbd_work *work); +extern bool smb3_11_final_sess_setup_resp(struct ksmbd_work *work); +extern int smb2_set_rsp_credits(struct ksmbd_work *work); + +/* smb2 misc functions */ +extern int ksmbd_smb2_check_message(struct ksmbd_work *work); + +/* smb2 command handlers */ +extern int smb2_handle_negotiate(struct ksmbd_work *work); +extern int smb2_negotiate_request(struct ksmbd_work *work); +extern int smb2_sess_setup(struct ksmbd_work *work); +extern int smb2_tree_connect(struct ksmbd_work *work); +extern int smb2_tree_disconnect(struct ksmbd_work *work); +extern int smb2_session_logoff(struct ksmbd_work *work); +extern int smb2_open(struct ksmbd_work *work); +extern int smb2_query_info(struct ksmbd_work *work); +extern int smb2_query_dir(struct ksmbd_work *work); +extern int smb2_close(struct ksmbd_work *work); +extern int smb2_echo(struct ksmbd_work *work); +extern int smb2_set_info(struct ksmbd_work *work); +extern int smb2_read(struct ksmbd_work *work); +extern int smb2_write(struct ksmbd_work *work); +extern int smb2_flush(struct ksmbd_work *work); +extern int smb2_cancel(struct ksmbd_work *work); +extern int smb2_lock(struct ksmbd_work *work); +extern int smb2_ioctl(struct ksmbd_work *work); +extern int smb2_oplock_break(struct ksmbd_work *work); +extern int smb2_notify(struct ksmbd_work *ksmbd_work); + +#endif /* _SMB2PDU_H */ diff --git a/fs/cifsd/smb_common.c b/fs/cifsd/smb_common.c new file mode 100644 index 000000000000..f7560b68b820 --- /dev/null +++ b/fs/cifsd/smb_common.c @@ -0,0 +1,668 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + * Copyright (C) 2018 Namjae Jeon linkinjeon@kernel.org + */ + +#include "smb_common.h" +#include "server.h" +#include "misc.h" +#include "smbstatus.h" +/* @FIXME */ +#include "connection.h" +#include "ksmbd_work.h" +#include "mgmt/user_session.h" +#include "mgmt/user_config.h" +#include "mgmt/tree_connect.h" +#include "mgmt/share_config.h" + +/*for shortname implementation */ +static const char basechars[43] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_-!@#$%"; +#define MANGLE_BASE (sizeof(basechars)/sizeof(char)-1) +#define MAGIC_CHAR '~' +#define PERIOD '.' +#define mangle(V) ((char)(basechars[(V) % MANGLE_BASE])) +#define KSMBD_MIN_SUPPORTED_HEADER_SIZE (sizeof(struct smb2_hdr)) + +LIST_HEAD(global_lock_list); + +struct smb_protocol { + int index; + char *name; + char *prot; + __u16 prot_id; +}; + +static struct smb_protocol smb_protos[] = { + { + SMB21_PROT, + "\2SMB 2.1", + "SMB2_10", + SMB21_PROT_ID + }, + { + SMB2X_PROT, + "\2SMB 2.???", + "SMB2_22", + SMB2X_PROT_ID + }, + { + SMB30_PROT, + "\2SMB 3.0", + "SMB3_00", + SMB30_PROT_ID + }, + { + SMB302_PROT, + "\2SMB 3.02", + "SMB3_02", + SMB302_PROT_ID + }, + { + SMB311_PROT, + "\2SMB 3.1.1", + "SMB3_11", + SMB311_PROT_ID + }, +}; + +unsigned int ksmbd_server_side_copy_max_chunk_count(void) +{ + return 256; +} + +unsigned int ksmbd_server_side_copy_max_chunk_size(void) +{ + return (2U << 30) - 1; +} + +unsigned int ksmbd_server_side_copy_max_total_size(void) +{ + return (2U << 30) - 1; +} + +inline int ksmbd_min_protocol(void) +{ + return SMB2_PROT; +} + +inline int ksmbd_max_protocol(void) +{ + return SMB311_PROT; +} + +int ksmbd_lookup_protocol_idx(char *str) +{ + int offt = ARRAY_SIZE(smb_protos) - 1; + int len = strlen(str); + + while (offt >= 0) { + if (!strncmp(str, smb_protos[offt].prot, len)) { + ksmbd_debug(SMB, "selected %s dialect idx = %d\n", + smb_protos[offt].prot, offt); + return smb_protos[offt].index; + } + offt--; + } + return -1; +} + +/** + * check_message() - check for valid smb2 request header + * @buf: smb2 header to be checked + * + * check for valid smb signature and packet direction(request/response) + * + * Return: 0 on success, otherwise 1 + */ +int ksmbd_verify_smb_message(struct ksmbd_work *work) +{ + struct smb2_hdr *smb2_hdr = REQUEST_BUF(work); + + if (smb2_hdr->ProtocolId == SMB2_PROTO_NUMBER) + return ksmbd_smb2_check_message(work); + + return 0; +} + +/** + * is_smb_request() - check for valid smb request type + * @conn: connection instance + * @type: smb request type + * + * Return: true on success, otherwise false + */ +bool ksmbd_smb_request(struct ksmbd_conn *conn) +{ + int type = *(char *)conn->request_buf; + + switch (type) { + case RFC1002_SESSION_MESSAGE: + /* Regular SMB request */ + return true; + case RFC1002_SESSION_KEEP_ALIVE: + ksmbd_debug(SMB, "RFC 1002 session keep alive\n"); + break; + default: + ksmbd_debug(SMB, "RFC 1002 unknown request type 0x%x\n", type); + } + + return false; +} + +static bool supported_protocol(int idx) +{ + if (idx == SMB2X_PROT && + (server_conf.min_protocol >= SMB21_PROT || + server_conf.max_protocol <= SMB311_PROT)) + return true; + + return (server_conf.min_protocol <= idx && + idx <= server_conf.max_protocol); +} + +static char *next_dialect(char *dialect, int *next_off) +{ + dialect = dialect + *next_off; + *next_off = strlen(dialect); + return dialect; +} + +static int ksmbd_lookup_dialect_by_name(char *cli_dialects, __le16 byte_count) +{ + int i, seq_num, bcount, next; + char *dialect; + + for (i = ARRAY_SIZE(smb_protos) - 1; i >= 0; i--) { + seq_num = 0; + next = 0; + dialect = cli_dialects; + bcount = le16_to_cpu(byte_count); + do { + dialect = next_dialect(dialect, &next); + ksmbd_debug(SMB, "client requested dialect %s\n", + dialect); + if (!strcmp(dialect, smb_protos[i].name)) { + if (supported_protocol(smb_protos[i].index)) { + ksmbd_debug(SMB, + "selected %s dialect\n", + smb_protos[i].name); + if (smb_protos[i].index == SMB1_PROT) + return seq_num; + return smb_protos[i].prot_id; + } + } + seq_num++; + bcount -= (++next); + } while (bcount > 0); + } + + return BAD_PROT_ID; +} + +int ksmbd_lookup_dialect_by_id(__le16 *cli_dialects, __le16 dialects_count) +{ + int i; + int count; + + for (i = ARRAY_SIZE(smb_protos) - 1; i >= 0; i--) { + count = le16_to_cpu(dialects_count); + while (--count >= 0) { + ksmbd_debug(SMB, "client requested dialect 0x%x\n", + le16_to_cpu(cli_dialects[count])); + if (le16_to_cpu(cli_dialects[count]) != + smb_protos[i].prot_id) + continue; + + if (supported_protocol(smb_protos[i].index)) { + ksmbd_debug(SMB, "selected %s dialect\n", + smb_protos[i].name); + return smb_protos[i].prot_id; + } + } + } + + return BAD_PROT_ID; +} + +int ksmbd_negotiate_smb_dialect(void *buf) +{ + __le32 proto; + + proto = ((struct smb2_hdr *)buf)->ProtocolId; + if (proto == SMB2_PROTO_NUMBER) { + struct smb2_negotiate_req *req; + + req = (struct smb2_negotiate_req *)buf; + return ksmbd_lookup_dialect_by_id(req->Dialects, + req->DialectCount); + } + + proto = *(__le32 *)((struct smb_hdr *)buf)->Protocol; + if (proto == SMB1_PROTO_NUMBER) { + struct smb_negotiate_req *req; + + req = (struct smb_negotiate_req *)buf; + return ksmbd_lookup_dialect_by_name(req->DialectsArray, + req->ByteCount); + } + + return BAD_PROT_ID; +} + +#define SMB_COM_NEGOTIATE 0x72 +int ksmbd_init_smb_server(struct ksmbd_work *work) +{ + struct ksmbd_conn *conn = work->conn; + + if (conn->need_neg == false) + return 0; + + init_smb3_11_server(conn); + + if (conn->ops->get_cmd_val(work) != SMB_COM_NEGOTIATE) + conn->need_neg = false; + return 0; +} + +bool ksmbd_pdu_size_has_room(unsigned int pdu) +{ + return (pdu >= KSMBD_MIN_SUPPORTED_HEADER_SIZE - 4); +} + +int ksmbd_populate_dot_dotdot_entries(struct ksmbd_work *work, + int info_level, + struct ksmbd_file *dir, + struct ksmbd_dir_info *d_info, + char *search_pattern, + int (*fn)(struct ksmbd_conn *, + int, + struct ksmbd_dir_info *, + struct ksmbd_kstat *)) +{ + int i, rc = 0; + struct ksmbd_conn *conn = work->conn; + + for (i = 0; i < 2; i++) { + struct kstat kstat; + struct ksmbd_kstat ksmbd_kstat; + + if (!dir->dot_dotdot[i]) { /* fill dot entry info */ + if (i == 0) { + d_info->name = "."; + d_info->name_len = 1; + } else { + d_info->name = ".."; + d_info->name_len = 2; + } + + if (!match_pattern(d_info->name, search_pattern)) { + dir->dot_dotdot[i] = 1; + continue; + } + + ksmbd_kstat.kstat = &kstat; + ksmbd_vfs_fill_dentry_attrs(work, + dir->filp->f_path.dentry->d_parent, + &ksmbd_kstat); + rc = fn(conn, info_level, d_info, &ksmbd_kstat); + if (rc) + break; + if (d_info->out_buf_len <= 0) + break; + + dir->dot_dotdot[i] = 1; + if (d_info->flags & SMB2_RETURN_SINGLE_ENTRY) { + d_info->out_buf_len = 0; + break; + } + } + } + + return rc; +} + +/** + * ksmbd_extract_shortname() - get shortname from long filename + * @conn: connection instance + * @longname: source long filename + * @shortname: destination short filename + * + * Return: shortname length or 0 when source long name is '.' or '..' + * TODO: Though this function comforms the restriction of 8.3 Filename spec, + * but the result is different with Windows 7's one. need to check. + */ +int ksmbd_extract_shortname(struct ksmbd_conn *conn, + const char *longname, + char *shortname) +{ + const char *p; + char base[9], extension[4]; + char out[13] = {0}; + int baselen = 0; + int extlen = 0, len = 0; + unsigned int csum = 0; + const unsigned char *ptr; + bool dot_present = true; + + p = longname; + if ((*p == '.') || (!(strcmp(p, "..")))) { + /*no mangling required */ + return 0; + } + + p = strrchr(longname, '.'); + if (p == longname) { /*name starts with a dot*/ + strscpy(extension, "___", strlen("___")); + } else { + if (p != NULL) { + p++; + while (*p && extlen < 3) { + if (*p != '.') + extension[extlen++] = toupper(*p); + p++; + } + extension[extlen] = '\0'; + } else + dot_present = false; + } + + p = longname; + if (*p == '.') { + p++; + longname++; + } + while (*p && (baselen < 5)) { + if (*p != '.') + base[baselen++] = toupper(*p); + p++; + } + + base[baselen] = MAGIC_CHAR; + memcpy(out, base, baselen+1); + + ptr = longname; + len = strlen(longname); + for (; len > 0; len--, ptr++) + csum += *ptr; + + csum = csum % (MANGLE_BASE * MANGLE_BASE); + out[baselen+1] = mangle(csum/MANGLE_BASE); + out[baselen+2] = mangle(csum); + out[baselen+3] = PERIOD; + + if (dot_present) + memcpy(&out[baselen+4], extension, 4); + else + out[baselen+4] = '\0'; + smbConvertToUTF16((__le16 *)shortname, out, PATH_MAX, + conn->local_nls, 0); + len = strlen(out) * 2; + return len; +} + +static int __smb2_negotiate(struct ksmbd_conn *conn) +{ + return (conn->dialect >= SMB20_PROT_ID && + conn->dialect <= SMB311_PROT_ID); +} + +static int smb_handle_negotiate(struct ksmbd_work *work) +{ + struct smb_negotiate_rsp *neg_rsp = RESPONSE_BUF(work); + + ksmbd_debug(SMB, "Unsupported SMB protocol\n"); + neg_rsp->hdr.Status.CifsError = STATUS_INVALID_LOGON_TYPE; + return -EINVAL; +} + +int ksmbd_smb_negotiate_common(struct ksmbd_work *work, unsigned int command) +{ + struct ksmbd_conn *conn = work->conn; + int ret; + + conn->dialect = ksmbd_negotiate_smb_dialect(REQUEST_BUF(work)); + ksmbd_debug(SMB, "conn->dialect 0x%x\n", conn->dialect); + + if (command == SMB2_NEGOTIATE_HE) { + struct smb2_hdr *smb2_hdr = REQUEST_BUF(work); + + if (smb2_hdr->ProtocolId != SMB2_PROTO_NUMBER) { + ksmbd_debug(SMB, "Downgrade to SMB1 negotiation\n"); + command = SMB_COM_NEGOTIATE; + } + } + + if (command == SMB2_NEGOTIATE_HE) { + ret = smb2_handle_negotiate(work); + init_smb2_neg_rsp(work); + return ret; + } + + if (command == SMB_COM_NEGOTIATE) { + if (__smb2_negotiate(conn)) { + conn->need_neg = true; + init_smb3_11_server(conn); + init_smb2_neg_rsp(work); + ksmbd_debug(SMB, "Upgrade to SMB2 negotiation\n"); + return 0; + } + return smb_handle_negotiate(work); + } + + ksmbd_err("Unknown SMB negotiation command: %u\n", command); + return -EINVAL; +} + +enum SHARED_MODE_ERRORS { + SHARE_DELETE_ERROR, + SHARE_READ_ERROR, + SHARE_WRITE_ERROR, + FILE_READ_ERROR, + FILE_WRITE_ERROR, + FILE_DELETE_ERROR, +}; + +static const char * const shared_mode_errors[] = { + "Current access mode does not permit SHARE_DELETE", + "Current access mode does not permit SHARE_READ", + "Current access mode does not permit SHARE_WRITE", + "Desired access mode does not permit FILE_READ", + "Desired access mode does not permit FILE_WRITE", + "Desired access mode does not permit FILE_DELETE", +}; + +static void smb_shared_mode_error(int error, + struct ksmbd_file *prev_fp, + struct ksmbd_file *curr_fp) +{ + ksmbd_debug(SMB, "%s\n", shared_mode_errors[error]); + ksmbd_debug(SMB, "Current mode: 0x%x Desired mode: 0x%x\n", + prev_fp->saccess, curr_fp->daccess); +} + +int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp) +{ + int rc = 0; + struct ksmbd_file *prev_fp; + struct list_head *cur; + + /* + * Lookup fp in master fp list, and check desired access and + * shared mode between previous open and current open. + */ + read_lock(&curr_fp->f_ci->m_lock); + list_for_each(cur, &curr_fp->f_ci->m_fp_list) { + prev_fp = list_entry(cur, struct ksmbd_file, node); + if (file_inode(filp) != FP_INODE(prev_fp)) + continue; + + if (filp == prev_fp->filp) + continue; + + if (ksmbd_stream_fd(prev_fp) && ksmbd_stream_fd(curr_fp)) + if (strcmp(prev_fp->stream.name, curr_fp->stream.name)) + continue; + + if (prev_fp->is_durable) { + prev_fp->is_durable = 0; + continue; + } + + if (prev_fp->attrib_only != curr_fp->attrib_only) + continue; + + if (!(prev_fp->saccess & FILE_SHARE_DELETE_LE) && + curr_fp->daccess & FILE_DELETE_LE) { + smb_shared_mode_error(SHARE_DELETE_ERROR, + prev_fp, + curr_fp); + rc = -EPERM; + break; + } + + /* + * Only check FILE_SHARE_DELETE if stream opened and + * normal file opened. + */ + if (ksmbd_stream_fd(prev_fp) && !ksmbd_stream_fd(curr_fp)) + continue; + + if (!(prev_fp->saccess & FILE_SHARE_READ_LE) && + curr_fp->daccess & (FILE_EXECUTE_LE | + FILE_READ_DATA_LE)) { + smb_shared_mode_error(SHARE_READ_ERROR, + prev_fp, + curr_fp); + rc = -EPERM; + break; + } + + if (!(prev_fp->saccess & FILE_SHARE_WRITE_LE) && + curr_fp->daccess & (FILE_WRITE_DATA_LE | + FILE_APPEND_DATA_LE)) { + smb_shared_mode_error(SHARE_WRITE_ERROR, + prev_fp, + curr_fp); + rc = -EPERM; + break; + } + + if (prev_fp->daccess & (FILE_EXECUTE_LE | + FILE_READ_DATA_LE) && + !(curr_fp->saccess & FILE_SHARE_READ_LE)) { + smb_shared_mode_error(FILE_READ_ERROR, + prev_fp, + curr_fp); + rc = -EPERM; + break; + } + + if (prev_fp->daccess & (FILE_WRITE_DATA_LE | + FILE_APPEND_DATA_LE) && + !(curr_fp->saccess & FILE_SHARE_WRITE_LE)) { + smb_shared_mode_error(FILE_WRITE_ERROR, + prev_fp, + curr_fp); + rc = -EPERM; + break; + } + + if (prev_fp->daccess & FILE_DELETE_LE && + !(curr_fp->saccess & FILE_SHARE_DELETE_LE)) { + smb_shared_mode_error(FILE_DELETE_ERROR, + prev_fp, + curr_fp); + rc = -EPERM; + break; + } + } + read_unlock(&curr_fp->f_ci->m_lock); + + return rc; +} + +bool is_asterisk(char *p) +{ + return p && p[0] == '*'; +} + +int ksmbd_override_fsids(struct ksmbd_work *work) +{ + struct ksmbd_session *sess = work->sess; + struct ksmbd_share_config *share = work->tcon->share_conf; + struct cred *cred; + struct group_info *gi; + unsigned int uid; + unsigned int gid; + + uid = user_uid(sess->user); + gid = user_gid(sess->user); + if (share->force_uid != KSMBD_SHARE_INVALID_UID) + uid = share->force_uid; + if (share->force_gid != KSMBD_SHARE_INVALID_GID) + gid = share->force_gid; + + cred = prepare_kernel_cred(NULL); + if (!cred) + return -ENOMEM; + + cred->fsuid = make_kuid(current_user_ns(), uid); + cred->fsgid = make_kgid(current_user_ns(), gid); + + gi = groups_alloc(0); + if (!gi) { + abort_creds(cred); + return -ENOMEM; + } + set_groups(cred, gi); + put_group_info(gi); + + if (!uid_eq(cred->fsuid, GLOBAL_ROOT_UID)) + cred->cap_effective = cap_drop_fs_set(cred->cap_effective); + + WARN_ON(work->saved_cred != NULL); + work->saved_cred = override_creds(cred); + if (!work->saved_cred) { + abort_creds(cred); + return -EINVAL; + } + return 0; +} + +void ksmbd_revert_fsids(struct ksmbd_work *work) +{ + const struct cred *cred; + + WARN_ON(work->saved_cred == NULL); + + cred = current_cred(); + revert_creds(work->saved_cred); + put_cred(cred); + work->saved_cred = NULL; +} + +__le32 smb_map_generic_desired_access(__le32 daccess) +{ + if (daccess & FILE_GENERIC_READ_LE) { + daccess |= cpu_to_le32(GENERIC_READ_FLAGS); + daccess &= ~FILE_GENERIC_READ_LE; + } + + if (daccess & FILE_GENERIC_WRITE_LE) { + daccess |= cpu_to_le32(GENERIC_WRITE_FLAGS); + daccess &= ~FILE_GENERIC_WRITE_LE; + } + + if (daccess & FILE_GENERIC_EXECUTE_LE) { + daccess |= cpu_to_le32(GENERIC_EXECUTE_FLAGS); + daccess &= ~FILE_GENERIC_EXECUTE_LE; + } + + if (daccess & FILE_GENERIC_ALL_LE) { + daccess |= cpu_to_le32(GENERIC_ALL_FLAGS); + daccess &= ~FILE_GENERIC_ALL_LE; + } + + return daccess; +} diff --git a/fs/cifsd/smb_common.h b/fs/cifsd/smb_common.h new file mode 100644 index 000000000000..ec954e6bc4ae --- /dev/null +++ b/fs/cifsd/smb_common.h @@ -0,0 +1,546 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#ifndef __SMB_COMMON_H__ +#define __SMB_COMMON_H__ + +#include <linux/kernel.h> + +#include "glob.h" +#include "nterr.h" +#include "smb2pdu.h" + +/* ksmbd's Specific ERRNO */ +#define ESHARE 50000 + +#define SMB1_PROT 0 +#define SMB2_PROT 1 +#define SMB21_PROT 2 +/* multi-protocol negotiate request */ +#define SMB2X_PROT 3 +#define SMB30_PROT 4 +#define SMB302_PROT 5 +#define SMB311_PROT 6 +#define BAD_PROT 0xFFFF + +#define SMB1_VERSION_STRING "1.0" +#define SMB20_VERSION_STRING "2.0" +#define SMB21_VERSION_STRING "2.1" +#define SMB30_VERSION_STRING "3.0" +#define SMB302_VERSION_STRING "3.02" +#define SMB311_VERSION_STRING "3.1.1" + +/* Dialects */ +#define SMB10_PROT_ID 0x00 +#define SMB20_PROT_ID 0x0202 +#define SMB21_PROT_ID 0x0210 +/* multi-protocol negotiate request */ +#define SMB2X_PROT_ID 0x02FF +#define SMB30_PROT_ID 0x0300 +#define SMB302_PROT_ID 0x0302 +#define SMB311_PROT_ID 0x0311 +#define BAD_PROT_ID 0xFFFF + +#define SMB_ECHO_INTERVAL (60*HZ) + +#define CIFS_DEFAULT_IOSIZE (64 * 1024) +#define MAX_CIFS_SMALL_BUFFER_SIZE 448 /* big enough for most */ + +extern struct list_head global_lock_list; + +#define IS_SMB2(x) ((x)->vals->protocol_id != SMB10_PROT_ID) + +#define HEADER_SIZE(conn) ((conn)->vals->header_size) +#define HEADER_SIZE_NO_BUF_LEN(conn) ((conn)->vals->header_size - 4) +#define MAX_HEADER_SIZE(conn) ((conn)->vals->max_header_size) + +/* RFC 1002 session packet types */ +#define RFC1002_SESSION_MESSAGE 0x00 +#define RFC1002_SESSION_REQUEST 0x81 +#define RFC1002_POSITIVE_SESSION_RESPONSE 0x82 +#define RFC1002_NEGATIVE_SESSION_RESPONSE 0x83 +#define RFC1002_RETARGET_SESSION_RESPONSE 0x84 +#define RFC1002_SESSION_KEEP_ALIVE 0x85 + +/* Responses when opening a file. */ +#define F_SUPERSEDED 0 +#define F_OPENED 1 +#define F_CREATED 2 +#define F_OVERWRITTEN 3 + +/* + * File Attribute flags + */ +#define ATTR_READONLY 0x0001 +#define ATTR_HIDDEN 0x0002 +#define ATTR_SYSTEM 0x0004 +#define ATTR_VOLUME 0x0008 +#define ATTR_DIRECTORY 0x0010 +#define ATTR_ARCHIVE 0x0020 +#define ATTR_DEVICE 0x0040 +#define ATTR_NORMAL 0x0080 +#define ATTR_TEMPORARY 0x0100 +#define ATTR_SPARSE 0x0200 +#define ATTR_REPARSE 0x0400 +#define ATTR_COMPRESSED 0x0800 +#define ATTR_OFFLINE 0x1000 +#define ATTR_NOT_CONTENT_INDEXED 0x2000 +#define ATTR_ENCRYPTED 0x4000 +#define ATTR_POSIX_SEMANTICS 0x01000000 +#define ATTR_BACKUP_SEMANTICS 0x02000000 +#define ATTR_DELETE_ON_CLOSE 0x04000000 +#define ATTR_SEQUENTIAL_SCAN 0x08000000 +#define ATTR_RANDOM_ACCESS 0x10000000 +#define ATTR_NO_BUFFERING 0x20000000 +#define ATTR_WRITE_THROUGH 0x80000000 + +#define ATTR_READONLY_LE cpu_to_le32(ATTR_READONLY) +#define ATTR_HIDDEN_LE cpu_to_le32(ATTR_HIDDEN) +#define ATTR_SYSTEM_LE cpu_to_le32(ATTR_SYSTEM) +#define ATTR_DIRECTORY_LE cpu_to_le32(ATTR_DIRECTORY) +#define ATTR_ARCHIVE_LE cpu_to_le32(ATTR_ARCHIVE) +#define ATTR_NORMAL_LE cpu_to_le32(ATTR_NORMAL) +#define ATTR_TEMPORARY_LE cpu_to_le32(ATTR_TEMPORARY) +#define ATTR_SPARSE_FILE_LE cpu_to_le32(ATTR_SPARSE) +#define ATTR_REPARSE_POINT_LE cpu_to_le32(ATTR_REPARSE) +#define ATTR_COMPRESSED_LE cpu_to_le32(ATTR_COMPRESSED) +#define ATTR_OFFLINE_LE cpu_to_le32(ATTR_OFFLINE) +#define ATTR_NOT_CONTENT_INDEXED_LE cpu_to_le32(ATTR_NOT_CONTENT_INDEXED) +#define ATTR_ENCRYPTED_LE cpu_to_le32(ATTR_ENCRYPTED) +#define ATTR_INTEGRITY_STREAML_LE cpu_to_le32(0x00008000) +#define ATTR_NO_SCRUB_DATA_LE cpu_to_le32(0x00020000) +#define ATTR_MASK_LE cpu_to_le32(0x00007FB7) + +/* List of FileSystemAttributes - see 2.5.1 of MS-FSCC */ +#define FILE_SUPPORTS_SPARSE_VDL 0x10000000 /* faster nonsparse extend */ +#define FILE_SUPPORTS_BLOCK_REFCOUNTING 0x08000000 /* allow ioctl dup extents */ +#define FILE_SUPPORT_INTEGRITY_STREAMS 0x04000000 +#define FILE_SUPPORTS_USN_JOURNAL 0x02000000 +#define FILE_SUPPORTS_OPEN_BY_FILE_ID 0x01000000 +#define FILE_SUPPORTS_EXTENDED_ATTRIBUTES 0x00800000 +#define FILE_SUPPORTS_HARD_LINKS 0x00400000 +#define FILE_SUPPORTS_TRANSACTIONS 0x00200000 +#define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000 +#define FILE_READ_ONLY_VOLUME 0x00080000 +#define FILE_NAMED_STREAMS 0x00040000 +#define FILE_SUPPORTS_ENCRYPTION 0x00020000 +#define FILE_SUPPORTS_OBJECT_IDS 0x00010000 +#define FILE_VOLUME_IS_COMPRESSED 0x00008000 +#define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100 +#define FILE_SUPPORTS_REPARSE_POINTS 0x00000080 +#define FILE_SUPPORTS_SPARSE_FILES 0x00000040 +#define FILE_VOLUME_QUOTAS 0x00000020 +#define FILE_FILE_COMPRESSION 0x00000010 +#define FILE_PERSISTENT_ACLS 0x00000008 +#define FILE_UNICODE_ON_DISK 0x00000004 +#define FILE_CASE_PRESERVED_NAMES 0x00000002 +#define FILE_CASE_SENSITIVE_SEARCH 0x00000001 + +#define FILE_READ_DATA 0x00000001 /* Data can be read from the file */ +#define FILE_WRITE_DATA 0x00000002 /* Data can be written to the file */ +#define FILE_APPEND_DATA 0x00000004 /* Data can be appended to the file */ +#define FILE_READ_EA 0x00000008 /* Extended attributes associated */ +/* with the file can be read */ +#define FILE_WRITE_EA 0x00000010 /* Extended attributes associated */ +/* with the file can be written */ +#define FILE_EXECUTE 0x00000020 /*Data can be read into memory from */ +/* the file using system paging I/O */ +#define FILE_DELETE_CHILD 0x00000040 +#define FILE_READ_ATTRIBUTES 0x00000080 /* Attributes associated with the */ +/* file can be read */ +#define FILE_WRITE_ATTRIBUTES 0x00000100 /* Attributes associated with the */ +/* file can be written */ +#define DELETE 0x00010000 /* The file can be deleted */ +#define READ_CONTROL 0x00020000 /* The access control list and */ +/* ownership associated with the */ +/* file can be read */ +#define WRITE_DAC 0x00040000 /* The access control list and */ +/* ownership associated with the */ +/* file can be written. */ +#define WRITE_OWNER 0x00080000 /* Ownership information associated */ +/* with the file can be written */ +#define SYNCHRONIZE 0x00100000 /* The file handle can waited on to */ +/* synchronize with the completion */ +/* of an input/output request */ +#define GENERIC_ALL 0x10000000 +#define GENERIC_EXECUTE 0x20000000 +#define GENERIC_WRITE 0x40000000 +#define GENERIC_READ 0x80000000 +/* In summary - Relevant file */ +/* access flags from CIFS are */ +/* file_read_data, file_write_data */ +/* file_execute, file_read_attributes*/ +/* write_dac, and delete. */ + +#define FILE_READ_RIGHTS (FILE_READ_DATA | FILE_READ_EA | FILE_READ_ATTRIBUTES) +#define FILE_WRITE_RIGHTS (FILE_WRITE_DATA | FILE_APPEND_DATA \ + | FILE_WRITE_EA | FILE_WRITE_ATTRIBUTES) +#define FILE_EXEC_RIGHTS (FILE_EXECUTE) + +#define SET_FILE_READ_RIGHTS (FILE_READ_DATA | FILE_READ_EA \ + | FILE_READ_ATTRIBUTES \ + | DELETE | READ_CONTROL | WRITE_DAC \ + | WRITE_OWNER | SYNCHRONIZE) +#define SET_FILE_WRITE_RIGHTS (FILE_WRITE_DATA | FILE_APPEND_DATA \ + | FILE_WRITE_EA \ + | FILE_DELETE_CHILD \ + | FILE_WRITE_ATTRIBUTES \ + | DELETE | READ_CONTROL | WRITE_DAC \ + | WRITE_OWNER | SYNCHRONIZE) +#define SET_FILE_EXEC_RIGHTS (FILE_READ_EA | FILE_WRITE_EA | FILE_EXECUTE \ + | FILE_READ_ATTRIBUTES \ + | FILE_WRITE_ATTRIBUTES \ + | DELETE | READ_CONTROL | WRITE_DAC \ + | WRITE_OWNER | SYNCHRONIZE) + +#define SET_MINIMUM_RIGHTS (FILE_READ_EA | FILE_READ_ATTRIBUTES \ + | READ_CONTROL | SYNCHRONIZE) + +/* generic flags for file open */ +#define GENERIC_READ_FLAGS (READ_CONTROL | FILE_READ_DATA | \ + FILE_READ_ATTRIBUTES | \ + FILE_READ_EA | SYNCHRONIZE) + +#define GENERIC_WRITE_FLAGS (READ_CONTROL | FILE_WRITE_DATA | \ + FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA | \ + FILE_APPEND_DATA | SYNCHRONIZE) + +#define GENERIC_EXECUTE_FLAGS (READ_CONTROL | FILE_EXECUTE | \ + FILE_READ_ATTRIBUTES | SYNCHRONIZE) + +#define GENERIC_ALL_FLAGS (DELETE | READ_CONTROL | WRITE_DAC | \ + WRITE_OWNER | SYNCHRONIZE | FILE_READ_DATA | \ + FILE_WRITE_DATA | FILE_APPEND_DATA | \ + FILE_READ_EA | FILE_WRITE_EA | \ + FILE_EXECUTE | FILE_DELETE_CHILD | \ + FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES) + +#define SMB1_PROTO_NUMBER cpu_to_le32(0x424d53ff) + +#define SMB1_CLIENT_GUID_SIZE (16) +struct smb_hdr { + __be32 smb_buf_length; + __u8 Protocol[4]; + __u8 Command; + union { + struct { + __u8 ErrorClass; + __u8 Reserved; + __le16 Error; + } __packed DosError; + __le32 CifsError; + } __packed Status; + __u8 Flags; + __le16 Flags2; /* note: le */ + __le16 PidHigh; + union { + struct { + __le32 SequenceNumber; /* le */ + __u32 Reserved; /* zero */ + } __packed Sequence; + __u8 SecuritySignature[8]; /* le */ + } __packed Signature; + __u8 pad[2]; + __le16 Tid; + __le16 Pid; + __le16 Uid; + __le16 Mid; + __u8 WordCount; +} __packed; + +struct smb_negotiate_req { + struct smb_hdr hdr; /* wct = 0 */ + __le16 ByteCount; + unsigned char DialectsArray[1]; +} __packed; + +struct smb_negotiate_rsp { + struct smb_hdr hdr; /* wct = 17 */ + __le16 DialectIndex; /* 0xFFFF = no dialect acceptable */ + __u8 SecurityMode; + __le16 MaxMpxCount; + __le16 MaxNumberVcs; + __le32 MaxBufferSize; + __le32 MaxRawSize; + __le32 SessionKey; + __le32 Capabilities; /* see below */ + __le32 SystemTimeLow; + __le32 SystemTimeHigh; + __le16 ServerTimeZone; + __u8 EncryptionKeyLength; + __le16 ByteCount; + union { + unsigned char EncryptionKey[8]; /* cap extended security off */ + /* followed by Domain name - if extended security is off */ + /* followed by 16 bytes of server GUID */ + /* then security blob if cap_extended_security negotiated */ + struct { + unsigned char GUID[SMB1_CLIENT_GUID_SIZE]; + unsigned char SecurityBlob[1]; + } __packed extended_response; + } __packed u; +} __packed; + +struct filesystem_attribute_info { + __le32 Attributes; + __le32 MaxPathNameComponentLength; + __le32 FileSystemNameLen; + __le16 FileSystemName[1]; /* do not have to save this - get subset? */ +} __packed; + +struct filesystem_device_info { + __le32 DeviceType; + __le32 DeviceCharacteristics; +} __packed; /* device info level 0x104 */ + +struct filesystem_vol_info { + __le64 VolumeCreationTime; + __le32 SerialNumber; + __le32 VolumeLabelSize; + __le16 Reserved; + __le16 VolumeLabel[1]; +} __packed; + +struct filesystem_info { + __le64 TotalAllocationUnits; + __le64 FreeAllocationUnits; + __le32 SectorsPerAllocationUnit; + __le32 BytesPerSector; +} __packed; /* size info, level 0x103 */ + +#define EXTENDED_INFO_MAGIC 0x43667364 /* Cfsd */ +#define STRING_LENGTH 28 + +struct fs_extended_info { + __le32 magic; + __le32 version; + __le32 release; + __u64 rel_date; + char version_string[STRING_LENGTH]; +} __packed; + +struct object_id_info { + char objid[16]; + struct fs_extended_info extended_info; +} __packed; + +struct file_directory_info { + __le32 NextEntryOffset; + __u32 FileIndex; + __le64 CreationTime; + __le64 LastAccessTime; + __le64 LastWriteTime; + __le64 ChangeTime; + __le64 EndOfFile; + __le64 AllocationSize; + __le32 ExtFileAttributes; + __le32 FileNameLength; + char FileName[1]; +} __packed; /* level 0x101 FF resp data */ + +struct file_names_info { + __le32 NextEntryOffset; + __u32 FileIndex; + __le32 FileNameLength; + char FileName[1]; +} __packed; /* level 0xc FF resp data */ + +struct file_full_directory_info { + __le32 NextEntryOffset; + __u32 FileIndex; + __le64 CreationTime; + __le64 LastAccessTime; + __le64 LastWriteTime; + __le64 ChangeTime; + __le64 EndOfFile; + __le64 AllocationSize; + __le32 ExtFileAttributes; + __le32 FileNameLength; + __le32 EaSize; + char FileName[1]; +} __packed; /* level 0x102 FF resp */ + +struct file_both_directory_info { + __le32 NextEntryOffset; + __u32 FileIndex; + __le64 CreationTime; + __le64 LastAccessTime; + __le64 LastWriteTime; + __le64 ChangeTime; + __le64 EndOfFile; + __le64 AllocationSize; + __le32 ExtFileAttributes; + __le32 FileNameLength; + __le32 EaSize; /* length of the xattrs */ + __u8 ShortNameLength; + __u8 Reserved; + __u8 ShortName[24]; + char FileName[1]; +} __packed; /* level 0x104 FFrsp data */ + +struct file_id_both_directory_info { + __le32 NextEntryOffset; + __u32 FileIndex; + __le64 CreationTime; + __le64 LastAccessTime; + __le64 LastWriteTime; + __le64 ChangeTime; + __le64 EndOfFile; + __le64 AllocationSize; + __le32 ExtFileAttributes; + __le32 FileNameLength; + __le32 EaSize; /* length of the xattrs */ + __u8 ShortNameLength; + __u8 Reserved; + __u8 ShortName[24]; + __le16 Reserved2; + __le64 UniqueId; + char FileName[1]; +} __packed; + +struct file_id_full_dir_info { + __le32 NextEntryOffset; + __u32 FileIndex; + __le64 CreationTime; + __le64 LastAccessTime; + __le64 LastWriteTime; + __le64 ChangeTime; + __le64 EndOfFile; + __le64 AllocationSize; + __le32 ExtFileAttributes; + __le32 FileNameLength; + __le32 EaSize; /* EA size */ + __le32 Reserved; + __le64 UniqueId; /* inode num - le since Samba puts ino in low 32 bit*/ + char FileName[1]; +} __packed; /* level 0x105 FF rsp data */ + +struct smb_version_values { + char *version_string; + __u16 protocol_id; + __le16 lock_cmd; + __u32 capabilities; + __u32 max_read_size; + __u32 max_write_size; + __u32 max_trans_size; + __u32 large_lock_type; + __u32 exclusive_lock_type; + __u32 shared_lock_type; + __u32 unlock_lock_type; + size_t header_size; + size_t max_header_size; + size_t read_rsp_size; + unsigned int cap_unix; + unsigned int cap_nt_find; + unsigned int cap_large_files; + __u16 signing_enabled; + __u16 signing_required; + size_t create_lease_size; + size_t create_durable_size; + size_t create_durable_v2_size; + size_t create_mxac_size; + size_t create_disk_id_size; + size_t create_posix_size; +}; + +struct filesystem_posix_info { + /* For undefined recommended transfer size return -1 in that field */ + __le32 OptimalTransferSize; /* bsize on some os, iosize on other os */ + __le32 BlockSize; + /* The next three fields are in terms of the block size. + * (above). If block size is unknown, 4096 would be a + * reasonable block size for a server to report. + * Note that returning the blocks/blocksavail removes need + * to make a second call (to QFSInfo level 0x103 to get this info. + * UserBlockAvail is typically less than or equal to BlocksAvail, + * if no distinction is made return the same value in each + */ + __le64 TotalBlocks; + __le64 BlocksAvail; /* bfree */ + __le64 UserBlocksAvail; /* bavail */ + /* For undefined Node fields or FSID return -1 */ + __le64 TotalFileNodes; + __le64 FreeFileNodes; + __le64 FileSysIdentifier; /* fsid */ + /* NB Namelen comes from FILE_SYSTEM_ATTRIBUTE_INFO call */ + /* NB flags can come from FILE_SYSTEM_DEVICE_INFO call */ +} __packed; + +struct smb_version_ops { + uint16_t (*get_cmd_val)(struct ksmbd_work *swork); + int (*init_rsp_hdr)(struct ksmbd_work *swork); + void (*set_rsp_status)(struct ksmbd_work *swork, __le32 err); + int (*allocate_rsp_buf)(struct ksmbd_work *work); + int (*set_rsp_credits)(struct ksmbd_work *work); + int (*check_user_session)(struct ksmbd_work *work); + int (*get_ksmbd_tcon)(struct ksmbd_work *work); + bool (*is_sign_req)(struct ksmbd_work *work, unsigned int command); + int (*check_sign_req)(struct ksmbd_work *work); + void (*set_sign_rsp)(struct ksmbd_work *work); + int (*generate_signingkey)(struct ksmbd_session *sess); + int (*generate_encryptionkey)(struct ksmbd_session *sess); + int (*is_transform_hdr)(void *buf); + int (*decrypt_req)(struct ksmbd_work *work); + int (*encrypt_resp)(struct ksmbd_work *work); +}; + +struct smb_version_cmds { + int (*proc)(struct ksmbd_work *swork); +}; + + + +int ksmbd_min_protocol(void); +int ksmbd_max_protocol(void); + +int ksmbd_lookup_protocol_idx(char *str); + +int ksmbd_verify_smb_message(struct ksmbd_work *work); +bool ksmbd_smb_request(struct ksmbd_conn *conn); + +int ksmbd_lookup_dialect_by_id(__le16 *cli_dialects, __le16 dialects_count); + +int ksmbd_negotiate_smb_dialect(void *buf); +int ksmbd_init_smb_server(struct ksmbd_work *work); + +bool ksmbd_pdu_size_has_room(unsigned int pdu); + +struct ksmbd_kstat; +int ksmbd_populate_dot_dotdot_entries(struct ksmbd_work *work, + int info_level, + struct ksmbd_file *dir, + struct ksmbd_dir_info *d_info, + char *search_pattern, + int (*fn)(struct ksmbd_conn *, + int, + struct ksmbd_dir_info *, + struct ksmbd_kstat *)); + +int ksmbd_extract_shortname(struct ksmbd_conn *conn, + const char *longname, + char *shortname); + +int ksmbd_smb_negotiate_common(struct ksmbd_work *work, unsigned int command); + +int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp); +int ksmbd_override_fsids(struct ksmbd_work *work); +void ksmbd_revert_fsids(struct ksmbd_work *work); + +unsigned int ksmbd_server_side_copy_max_chunk_count(void); +unsigned int ksmbd_server_side_copy_max_chunk_size(void); +unsigned int ksmbd_server_side_copy_max_total_size(void); +bool is_asterisk(char *p); +__le32 smb_map_generic_desired_access(__le32 daccess); + +static inline unsigned int get_rfc1002_len(void *buf) +{ + return be32_to_cpu(*((__be32 *)buf)) & 0xffffff; +} + +static inline void inc_rfc1001_len(void *buf, int count) +{ + be32_add_cpu((__be32 *)buf, count); +} +#endif /* __SMB_COMMON_H__ */ diff --git a/fs/cifsd/smbacl.c b/fs/cifsd/smbacl.c new file mode 100644 index 000000000000..8d8360ca4751 --- /dev/null +++ b/fs/cifsd/smbacl.c @@ -0,0 +1,1309 @@ +// SPDX-License-Identifier: LGPL-2.1+ +/* + * Copyright (C) International Business Machines Corp., 2007,2008 + * Author(s): Steve French (sfrench@us.ibm.com) + * Copyright (C) 2020 Samsung Electronics Co., Ltd. + * Author(s): Namjae Jeon linkinjeon@kernel.org + */ + +#include <linux/fs.h> +#include <linux/slab.h> +#include <linux/string.h> + +#include "smbacl.h" +#include "smb_common.h" +#include "server.h" +#include "misc.h" +#include "ksmbd_server.h" +#include "mgmt/share_config.h" + +static const struct smb_sid domain = {1, 4, {0, 0, 0, 0, 0, 5}, + {cpu_to_le32(21), cpu_to_le32(1), cpu_to_le32(2), cpu_to_le32(3), + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} }; + +/* security id for everyone/world system group */ +static const struct smb_sid creator_owner = { + 1, 1, {0, 0, 0, 0, 0, 3}, {0} }; +/* security id for everyone/world system group */ +static const struct smb_sid creator_group = { + 1, 1, {0, 0, 0, 0, 0, 3}, {cpu_to_le32(1)} }; + +/* security id for everyone/world system group */ +static const struct smb_sid sid_everyone = { + 1, 1, {0, 0, 0, 0, 0, 1}, {0} }; +/* security id for Authenticated Users system group */ +static const struct smb_sid sid_authusers = { + 1, 1, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(11)} }; + +/* S-1-22-1 Unmapped Unix users */ +static const struct smb_sid sid_unix_users = {1, 1, {0, 0, 0, 0, 0, 22}, + {cpu_to_le32(1), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} }; + +/* S-1-22-2 Unmapped Unix groups */ +static const struct smb_sid sid_unix_groups = { 1, 1, {0, 0, 0, 0, 0, 22}, + {cpu_to_le32(2), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} }; + +/* + * See http://technet.microsoft.com/en-us/library/hh509017(v=ws.10).aspx + */ + +/* S-1-5-88 MS NFS and Apple style UID/GID/mode */ + +/* S-1-5-88-1 Unix uid */ +static const struct smb_sid sid_unix_NFS_users = { 1, 2, {0, 0, 0, 0, 0, 5}, + {cpu_to_le32(88), + cpu_to_le32(1), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} }; + +/* S-1-5-88-2 Unix gid */ +static const struct smb_sid sid_unix_NFS_groups = { 1, 2, {0, 0, 0, 0, 0, 5}, + {cpu_to_le32(88), + cpu_to_le32(2), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} }; + +/* S-1-5-88-3 Unix mode */ +static const struct smb_sid sid_unix_NFS_mode = { 1, 2, {0, 0, 0, 0, 0, 5}, + {cpu_to_le32(88), + cpu_to_le32(3), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} }; + +/* + * if the two SIDs (roughly equivalent to a UUID for a user or group) are + * the same returns zero, if they do not match returns non-zero. + */ +int +compare_sids(const struct smb_sid *ctsid, const struct smb_sid *cwsid) +{ + int i; + int num_subauth, num_sat, num_saw; + + if ((!ctsid) || (!cwsid)) + return 1; + + /* compare the revision */ + if (ctsid->revision != cwsid->revision) { + if (ctsid->revision > cwsid->revision) + return 1; + else + return -1; + } + + /* compare all of the six auth values */ + for (i = 0; i < NUM_AUTHS; ++i) { + if (ctsid->authority[i] != cwsid->authority[i]) { + if (ctsid->authority[i] > cwsid->authority[i]) + return 1; + else + return -1; + } + } + + /* compare all of the subauth values if any */ + num_sat = ctsid->num_subauth; + num_saw = cwsid->num_subauth; + num_subauth = num_sat < num_saw ? num_sat : num_saw; + if (num_subauth) { + for (i = 0; i < num_subauth; ++i) { + if (ctsid->sub_auth[i] != cwsid->sub_auth[i]) { + if (le32_to_cpu(ctsid->sub_auth[i]) > + le32_to_cpu(cwsid->sub_auth[i])) + return 1; + else + return -1; + } + } + } + + return 0; /* sids compare/match */ +} + +static void +smb_copy_sid(struct smb_sid *dst, const struct smb_sid *src) +{ + int i; + + dst->revision = src->revision; + dst->num_subauth = min_t(u8, src->num_subauth, SID_MAX_SUB_AUTHORITIES); + for (i = 0; i < NUM_AUTHS; ++i) + dst->authority[i] = src->authority[i]; + for (i = 0; i < dst->num_subauth; ++i) + dst->sub_auth[i] = src->sub_auth[i]; +} + +/* + * change posix mode to reflect permissions + * pmode is the existing mode (we only want to overwrite part of this + * bits to set can be: S_IRWXU, S_IRWXG or S_IRWXO ie 00700 or 00070 or 00007 + */ +static umode_t access_flags_to_mode(struct smb_fattr *fattr, __le32 ace_flags, + int type) +{ + __u32 flags = le32_to_cpu(ace_flags); + umode_t mode = 0; + + if (flags & GENERIC_ALL) { + mode = 0777; + ksmbd_debug(SMB, "all perms\n"); + return mode; + } + + if ((flags & GENERIC_READ) || + (flags & FILE_READ_RIGHTS)) + mode = 0444; + if ((flags & GENERIC_WRITE) || + (flags & FILE_WRITE_RIGHTS)) { + mode |= 0222; + if (S_ISDIR(fattr->cf_mode)) + mode |= 0111; + } + if ((flags & GENERIC_EXECUTE) || + (flags & FILE_EXEC_RIGHTS)) + mode |= 0111; + + if (type == ACCESS_DENIED_ACE_TYPE || + type == ACCESS_DENIED_OBJECT_ACE_TYPE) + mode = ~mode; + + ksmbd_debug(SMB, "access flags 0x%x mode now %04o\n", flags, mode); + + return mode; +} + +/* + * Generate access flags to reflect permissions mode is the existing mode. + * This function is called for every ACE in the DACL whose SID matches + * with either owner or group or everyone. + */ +static void mode_to_access_flags(umode_t mode, umode_t bits_to_use, + __u32 *pace_flags) +{ + /* reset access mask */ + *pace_flags = 0x0; + + /* bits to use are either S_IRWXU or S_IRWXG or S_IRWXO */ + mode &= bits_to_use; + + /* + * check for R/W/X UGO since we do not know whose flags + * is this but we have cleared all the bits sans RWX for + * either user or group or other as per bits_to_use + */ + if (mode & 0444) + *pace_flags |= SET_FILE_READ_RIGHTS; + if (mode & 0222) + *pace_flags |= FILE_WRITE_RIGHTS; + if (mode & 0111) + *pace_flags |= SET_FILE_EXEC_RIGHTS; + + ksmbd_debug(SMB, "mode: %o, access flags now 0x%x\n", + mode, *pace_flags); +} + +static __u16 fill_ace_for_sid(struct smb_ace *pntace, + const struct smb_sid *psid, int type, int flags, + umode_t mode, umode_t bits) +{ + int i; + __u16 size = 0; + __u32 access_req = 0; + + pntace->type = type; + pntace->flags = flags; + mode_to_access_flags(mode, bits, &access_req); + if (!access_req) + access_req = SET_MINIMUM_RIGHTS; + pntace->access_req = cpu_to_le32(access_req); + + pntace->sid.revision = psid->revision; + pntace->sid.num_subauth = psid->num_subauth; + for (i = 0; i < NUM_AUTHS; i++) + pntace->sid.authority[i] = psid->authority[i]; + for (i = 0; i < psid->num_subauth; i++) + pntace->sid.sub_auth[i] = psid->sub_auth[i]; + + size = 1 + 1 + 2 + 4 + 1 + 1 + 6 + (psid->num_subauth * 4); + pntace->size = cpu_to_le16(size); + + return size; +} + +void id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid) +{ + switch (sidtype) { + case SIDOWNER: + smb_copy_sid(ssid, &server_conf.domain_sid); + break; + case SIDUNIX_USER: + smb_copy_sid(ssid, &sid_unix_users); + break; + case SIDUNIX_GROUP: + smb_copy_sid(ssid, &sid_unix_groups); + break; + case SIDCREATOR_OWNER: + smb_copy_sid(ssid, &creator_owner); + return; + case SIDCREATOR_GROUP: + smb_copy_sid(ssid, &creator_group); + return; + case SIDNFS_USER: + smb_copy_sid(ssid, &sid_unix_NFS_users); + break; + case SIDNFS_GROUP: + smb_copy_sid(ssid, &sid_unix_NFS_groups); + break; + case SIDNFS_MODE: + smb_copy_sid(ssid, &sid_unix_NFS_mode); + break; + default: + return; + } + + /* RID */ + ssid->sub_auth[ssid->num_subauth] = cpu_to_le32(cid); + ssid->num_subauth++; +} + +static int sid_to_id(struct smb_sid *psid, uint sidtype, + struct smb_fattr *fattr) +{ + int rc = -EINVAL; + + /* + * If we have too many subauthorities, then something is really wrong. + * Just return an error. + */ + if (unlikely(psid->num_subauth > SID_MAX_SUB_AUTHORITIES)) { + ksmbd_err("%s: %u subauthorities is too many!\n", + __func__, psid->num_subauth); + return -EIO; + } + + if (sidtype == SIDOWNER) { + kuid_t uid; + uid_t id; + + id = le32_to_cpu(psid->sub_auth[psid->num_subauth - 1]); + if (id > 0) { + uid = make_kuid(&init_user_ns, id); + if (uid_valid(uid) && + kuid_has_mapping(&init_user_ns, uid)) { + fattr->cf_uid = uid; + rc = 0; + } + } + } else { + kgid_t gid; + gid_t id; + + id = le32_to_cpu(psid->sub_auth[psid->num_subauth - 1]); + if (id > 0) { + gid = make_kgid(&init_user_ns, id); + if (gid_valid(gid) && + kgid_has_mapping(&init_user_ns, gid)) { + fattr->cf_gid = gid; + rc = 0; + } + } + } + + return rc; +} + +void posix_state_to_acl(struct posix_acl_state *state, + struct posix_acl_entry *pace) +{ + int i; + + pace->e_tag = ACL_USER_OBJ; + pace->e_perm = state->owner.allow; + for (i = 0; i < state->users->n; i++) { + pace++; + pace->e_tag = ACL_USER; + pace->e_uid = state->users->aces[i].uid; + pace->e_perm = state->users->aces[i].perms.allow; + } + + pace++; + pace->e_tag = ACL_GROUP_OBJ; + pace->e_perm = state->group.allow; + + for (i = 0; i < state->groups->n; i++) { + pace++; + pace->e_tag = ACL_GROUP; + pace->e_gid = state->groups->aces[i].gid; + pace->e_perm = state->groups->aces[i].perms.allow; + } + + if (state->users->n || state->groups->n) { + pace++; + pace->e_tag = ACL_MASK; + pace->e_perm = state->mask.allow; + } + + pace++; + pace->e_tag = ACL_OTHER; + pace->e_perm = state->other.allow; +} + +int init_acl_state(struct posix_acl_state *state, int cnt) +{ + int alloc; + + memset(state, 0, sizeof(struct posix_acl_state)); + /* + * In the worst case, each individual acl could be for a distinct + * named user or group, but we don't know which, so we allocate + * enough space for either: + */ + alloc = sizeof(struct posix_ace_state_array) + + cnt*sizeof(struct posix_user_ace_state); + state->users = kzalloc(alloc, GFP_KERNEL); + if (!state->users) + return -ENOMEM; + state->groups = kzalloc(alloc, GFP_KERNEL); + if (!state->groups) { + kfree(state->users); + return -ENOMEM; + } + return 0; +} + +void free_acl_state(struct posix_acl_state *state) +{ + kfree(state->users); + kfree(state->groups); +} + +static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl, + struct smb_sid *pownersid, struct smb_sid *pgrpsid, + struct smb_fattr *fattr) +{ + int i, ret; + int num_aces = 0; + int acl_size; + char *acl_base; + struct smb_ace **ppace; + struct posix_acl_entry *cf_pace, *cf_pdace; + struct posix_acl_state acl_state, default_acl_state; + umode_t mode = 0, acl_mode; + bool owner_found = false, group_found = false, others_found = false; + + if (!pdacl) + return; + + /* validate that we do not go past end of acl */ + if (end_of_acl < (char *)pdacl + le16_to_cpu(pdacl->size)) { + ksmbd_err("ACL too small to parse DACL\n"); + return; + } + + ksmbd_debug(SMB, "DACL revision %d size %d num aces %d\n", + le16_to_cpu(pdacl->revision), le16_to_cpu(pdacl->size), + le32_to_cpu(pdacl->num_aces)); + + acl_base = (char *)pdacl; + acl_size = sizeof(struct smb_acl); + + num_aces = le32_to_cpu(pdacl->num_aces); + if (num_aces <= 0) + return; + + if (num_aces > ULONG_MAX / sizeof(struct smb_ace *)) + return; + + ppace = kmalloc_array(num_aces, sizeof(struct smb_ace *), + GFP_KERNEL); + if (!ppace) + return; + + ret = init_acl_state(&acl_state, num_aces); + if (ret) + return; + ret = init_acl_state(&default_acl_state, num_aces); + if (ret) { + free_acl_state(&acl_state); + return; + } + + /* + * reset rwx permissions for user/group/other. + * Also, if num_aces is 0 i.e. DACL has no ACEs, + * user/group/other have no permissions + */ + for (i = 0; i < num_aces; ++i) { + ppace[i] = (struct smb_ace *) (acl_base + acl_size); + acl_base = (char *)ppace[i]; + acl_size = le16_to_cpu(ppace[i]->size); + ppace[i]->access_req = + smb_map_generic_desired_access(ppace[i]->access_req); + + if (!(compare_sids(&(ppace[i]->sid), &sid_unix_NFS_mode))) { + fattr->cf_mode = + le32_to_cpu(ppace[i]->sid.sub_auth[2]); + break; + } else if (!compare_sids(&(ppace[i]->sid), pownersid)) { + acl_mode = access_flags_to_mode(fattr, + ppace[i]->access_req, ppace[i]->type); + acl_mode &= 0700; + + if (!owner_found) { + mode &= ~(0700); + mode |= acl_mode; + } + owner_found = true; + } else if (!compare_sids(&(ppace[i]->sid), pgrpsid) || + ppace[i]->sid.sub_auth[ppace[i]->sid.num_subauth - 1] == + DOMAIN_USER_RID_LE) { + acl_mode = access_flags_to_mode(fattr, + ppace[i]->access_req, ppace[i]->type); + acl_mode &= 0070; + if (!group_found) { + mode &= ~(0070); + mode |= acl_mode; + } + group_found = true; + } else if (!compare_sids(&(ppace[i]->sid), &sid_everyone)) { + acl_mode = access_flags_to_mode(fattr, + ppace[i]->access_req, ppace[i]->type); + acl_mode &= 0007; + if (!others_found) { + mode &= ~(0007); + mode |= acl_mode; + } + others_found = true; + } else if (!compare_sids(&(ppace[i]->sid), &creator_owner)) + continue; + else if (!compare_sids(&(ppace[i]->sid), &creator_group)) + continue; + else if (!compare_sids(&(ppace[i]->sid), &sid_authusers)) + continue; + else { + struct smb_fattr temp_fattr; + + acl_mode = access_flags_to_mode(fattr, ppace[i]->access_req, + ppace[i]->type); + temp_fattr.cf_uid = INVALID_UID; + ret = sid_to_id(&ppace[i]->sid, SIDOWNER, &temp_fattr); + if (ret || uid_eq(temp_fattr.cf_uid, INVALID_UID)) { + ksmbd_err("%s: Error %d mapping Owner SID to uid\n", + __func__, ret); + continue; + } + + acl_state.owner.allow = ((acl_mode & 0700) >> 6) | 0004; + acl_state.users->aces[acl_state.users->n].uid = + temp_fattr.cf_uid; + acl_state.users->aces[acl_state.users->n++].perms.allow = + ((acl_mode & 0700) >> 6) | 0004; + default_acl_state.owner.allow = ((acl_mode & 0700) >> 6) | 0004; + default_acl_state.users->aces[default_acl_state.users->n].uid = + temp_fattr.cf_uid; + default_acl_state.users->aces[default_acl_state.users->n++].perms.allow = + ((acl_mode & 0700) >> 6) | 0004; + } + } + kfree(ppace); + + if (owner_found) { + /* The owner must be set to at least read-only. */ + acl_state.owner.allow = ((mode & 0700) >> 6) | 0004; + acl_state.users->aces[acl_state.users->n].uid = fattr->cf_uid; + acl_state.users->aces[acl_state.users->n++].perms.allow = + ((mode & 0700) >> 6) | 0004; + default_acl_state.owner.allow = ((mode & 0700) >> 6) | 0004; + default_acl_state.users->aces[default_acl_state.users->n].uid = + fattr->cf_uid; + default_acl_state.users->aces[default_acl_state.users->n++].perms.allow = + ((mode & 0700) >> 6) | 0004; + } + + if (group_found) { + acl_state.group.allow = (mode & 0070) >> 3; + acl_state.groups->aces[acl_state.groups->n].gid = + fattr->cf_gid; + acl_state.groups->aces[acl_state.groups->n++].perms.allow = + (mode & 0070) >> 3; + default_acl_state.group.allow = mode & 0070 >> 3; + default_acl_state.groups->aces[default_acl_state.groups->n].gid = + fattr->cf_gid; + default_acl_state.groups->aces[default_acl_state.groups->n++].perms.allow = + (mode & 0070) >> 3; + } + + if (others_found) { + fattr->cf_mode &= ~(0007); + fattr->cf_mode |= mode & 0007; + + acl_state.other.allow = mode & 0007; + default_acl_state.other.allow = mode & 0007; + } + + if (acl_state.users->n || acl_state.groups->n) { + acl_state.mask.allow = 0x07; + fattr->cf_acls = ksmbd_vfs_posix_acl_alloc(acl_state.users->n + + acl_state.groups->n + 4, GFP_KERNEL); + if (fattr->cf_acls) { + cf_pace = fattr->cf_acls->a_entries; + posix_state_to_acl(&acl_state, cf_pace); + } + } + + if (default_acl_state.users->n || default_acl_state.groups->n) { + default_acl_state.mask.allow = 0x07; + fattr->cf_dacls = + ksmbd_vfs_posix_acl_alloc(default_acl_state.users->n + + default_acl_state.groups->n + 4, GFP_KERNEL); + if (fattr->cf_dacls) { + cf_pdace = fattr->cf_dacls->a_entries; + posix_state_to_acl(&default_acl_state, cf_pdace); + } + } + free_acl_state(&acl_state); + free_acl_state(&default_acl_state); +} + +static void set_posix_acl_entries_dacl(struct smb_ace *pndace, + struct smb_fattr *fattr, u32 *num_aces, u16 *size, u32 nt_aces_num) +{ + struct posix_acl_entry *pace; + struct smb_sid *sid; + struct smb_ace *ntace; + int i, j; + + if (!fattr->cf_acls) + goto posix_default_acl; + + pace = fattr->cf_acls->a_entries; + for (i = 0; i < fattr->cf_acls->a_count; i++, pace++) { + int flags = 0; + + sid = kmalloc(sizeof(struct smb_sid), GFP_KERNEL); + if (!sid) + break; + + if (pace->e_tag == ACL_USER) { + uid_t uid; + unsigned int sid_type = SIDOWNER; + + uid = from_kuid(&init_user_ns, pace->e_uid); + if (!uid) + sid_type = SIDUNIX_USER; + id_to_sid(uid, sid_type, sid); + } else if (pace->e_tag == ACL_GROUP) { + gid_t gid; + + gid = from_kgid(&init_user_ns, pace->e_gid); + id_to_sid(gid, SIDUNIX_GROUP, sid); + } else if (pace->e_tag == ACL_OTHER && !nt_aces_num) { + smb_copy_sid(sid, &sid_everyone); + } else { + kfree(sid); + continue; + } + ntace = pndace; + for (j = 0; j < nt_aces_num; j++) { + if (ntace->sid.sub_auth[ntace->sid.num_subauth - 1] == + sid->sub_auth[sid->num_subauth - 1]) + goto pass_same_sid; + ntace = (struct smb_ace *)((char *)ntace + + le16_to_cpu(ntace->size)); + } + + if (S_ISDIR(fattr->cf_mode) && pace->e_tag == ACL_OTHER) + flags = 0x03; + + ntace = (struct smb_ace *) ((char *)pndace + *size); + *size += fill_ace_for_sid(ntace, sid, ACCESS_ALLOWED, flags, + pace->e_perm, 0777); + (*num_aces)++; + if (pace->e_tag == ACL_USER) + ntace->access_req |= + FILE_DELETE_LE | FILE_DELETE_CHILD_LE; + + if (S_ISDIR(fattr->cf_mode) && + (pace->e_tag == ACL_USER || pace->e_tag == ACL_GROUP)) { + ntace = (struct smb_ace *) ((char *)pndace + *size); + *size += fill_ace_for_sid(ntace, sid, ACCESS_ALLOWED, + 0x03, pace->e_perm, 0777); + (*num_aces)++; + if (pace->e_tag == ACL_USER) + ntace->access_req |= + FILE_DELETE_LE | FILE_DELETE_CHILD_LE; + } + +pass_same_sid: + kfree(sid); + } + + if (nt_aces_num) + return; + +posix_default_acl: + if (!fattr->cf_dacls) + return; + + pace = fattr->cf_dacls->a_entries; + for (i = 0; i < fattr->cf_dacls->a_count; i++, pace++) { + sid = kmalloc(sizeof(struct smb_sid), GFP_KERNEL); + if (!sid) + break; + + if (pace->e_tag == ACL_USER) { + uid_t uid; + + uid = from_kuid(&init_user_ns, pace->e_uid); + id_to_sid(uid, SIDCREATOR_OWNER, sid); + } else if (pace->e_tag == ACL_GROUP) { + gid_t gid; + + gid = from_kgid(&init_user_ns, pace->e_gid); + id_to_sid(gid, SIDCREATOR_GROUP, sid); + } else { + kfree(sid); + continue; + } + + ntace = (struct smb_ace *) ((char *)pndace + *size); + *size += fill_ace_for_sid(ntace, sid, ACCESS_ALLOWED, 0x0b, + pace->e_perm, 0777); + (*num_aces)++; + if (pace->e_tag == ACL_USER) + ntace->access_req |= + FILE_DELETE_LE | FILE_DELETE_CHILD_LE; + kfree(sid); + } +} + +static void set_ntacl_dacl(struct smb_acl *pndacl, struct smb_acl *nt_dacl, + const struct smb_sid *pownersid, const struct smb_sid *pgrpsid, + struct smb_fattr *fattr) +{ + struct smb_ace *ntace, *pndace; + int nt_num_aces = le32_to_cpu(nt_dacl->num_aces), num_aces = 0; + unsigned short size = 0; + int i; + + pndace = (struct smb_ace *)((char *)pndacl + sizeof(struct smb_acl)); + if (nt_num_aces) { + ntace = (struct smb_ace *)((char *)nt_dacl + sizeof(struct smb_acl)); + for (i = 0; i < nt_num_aces; i++) { + memcpy((char *)pndace + size, ntace, le16_to_cpu(ntace->size)); + size += le16_to_cpu(ntace->size); + ntace = (struct smb_ace *)((char *)ntace + le16_to_cpu(ntace->size)); + num_aces++; + } + } + + set_posix_acl_entries_dacl(pndace, fattr, &num_aces, &size, nt_num_aces); + pndacl->num_aces = cpu_to_le32(num_aces); + pndacl->size = cpu_to_le16(le16_to_cpu(pndacl->size) + size); +} + +static void set_mode_dacl(struct smb_acl *pndacl, struct smb_fattr *fattr) +{ + struct smb_ace *pace, *pndace; + u32 num_aces = 0; + u16 size = 0, ace_size = 0; + uid_t uid; + const struct smb_sid *sid; + + pace = pndace = (struct smb_ace *)((char *)pndacl + sizeof(struct smb_acl)); + + if (fattr->cf_acls) { + set_posix_acl_entries_dacl(pndace, fattr, &num_aces, &size, num_aces); + goto out; + } + + /* owner RID */ + uid = from_kuid(&init_user_ns, fattr->cf_uid); + if (uid) + sid = &server_conf.domain_sid; + else + sid = &sid_unix_users; + ace_size = fill_ace_for_sid(pace, sid, ACCESS_ALLOWED, 0, + fattr->cf_mode, 0700); + pace->sid.sub_auth[pace->sid.num_subauth++] = cpu_to_le32(uid); + pace->access_req |= FILE_DELETE_LE | FILE_DELETE_CHILD_LE; + pace->size = cpu_to_le16(ace_size + 4); + size += le16_to_cpu(pace->size); + pace = (struct smb_ace *)((char *)pndace + size); + + /* Group RID */ + ace_size = fill_ace_for_sid(pace, &sid_unix_groups, + ACCESS_ALLOWED, 0, fattr->cf_mode, 0070); + pace->sid.sub_auth[pace->sid.num_subauth++] = + cpu_to_le32(from_kgid(&init_user_ns, fattr->cf_gid)); + pace->size = cpu_to_le16(ace_size + 4); + size += le16_to_cpu(pace->size); + pace = (struct smb_ace *)((char *)pndace + size); + num_aces = 3; + + if (S_ISDIR(fattr->cf_mode)) { + pace = (struct smb_ace *)((char *)pndace + size); + + /* creator owner */ + size += fill_ace_for_sid(pace, &creator_owner, ACCESS_ALLOWED, + 0x0b, fattr->cf_mode, 0700); + pace->access_req |= FILE_DELETE_LE | FILE_DELETE_CHILD_LE; + pace = (struct smb_ace *)((char *)pndace + size); + + /* creator group */ + size += fill_ace_for_sid(pace, &creator_group, ACCESS_ALLOWED, + 0x0b, fattr->cf_mode, 0070); + pace = (struct smb_ace *)((char *)pndace + size); + num_aces = 5; + } + + /* other */ + size += fill_ace_for_sid(pace, &sid_everyone, ACCESS_ALLOWED, 0, + fattr->cf_mode, 0007); + +out: + pndacl->num_aces = cpu_to_le32(num_aces); + pndacl->size = cpu_to_le16(le16_to_cpu(pndacl->size) + size); +} + +static int parse_sid(struct smb_sid *psid, char *end_of_acl) +{ + /* + * validate that we do not go past end of ACL - sid must be at least 8 + * bytes long (assuming no sub-auths - e.g. the null SID + */ + if (end_of_acl < (char *)psid + 8) { + ksmbd_err("ACL too small to parse SID %p\n", psid); + return -EINVAL; + } + + return 0; +} + +/* Convert CIFS ACL to POSIX form */ +int parse_sec_desc(struct smb_ntsd *pntsd, int acl_len, + struct smb_fattr *fattr) +{ + int rc = 0; + struct smb_sid *owner_sid_ptr, *group_sid_ptr; + struct smb_acl *dacl_ptr; /* no need for SACL ptr */ + char *end_of_acl = ((char *)pntsd) + acl_len; + __u32 dacloffset; + int total_ace_size = 0, pntsd_type; + + if (pntsd == NULL) + return -EIO; + + owner_sid_ptr = (struct smb_sid *)((char *)pntsd + + le32_to_cpu(pntsd->osidoffset)); + group_sid_ptr = (struct smb_sid *)((char *)pntsd + + le32_to_cpu(pntsd->gsidoffset)); + dacloffset = le32_to_cpu(pntsd->dacloffset); + dacl_ptr = (struct smb_acl *)((char *)pntsd + dacloffset); + ksmbd_debug(SMB, + "revision %d type 0x%x ooffset 0x%x goffset 0x%x sacloffset 0x%x dacloffset 0x%x\n", + pntsd->revision, pntsd->type, le32_to_cpu(pntsd->osidoffset), + le32_to_cpu(pntsd->gsidoffset), + le32_to_cpu(pntsd->sacloffset), dacloffset); + + if (dacloffset && dacl_ptr) + total_ace_size = + le16_to_cpu(dacl_ptr->size) - sizeof(struct smb_acl); + + pntsd_type = le16_to_cpu(pntsd->type); + + if (!(pntsd_type & DACL_PRESENT)) { + ksmbd_debug(SMB, "DACL_PRESENT in DACL type is not set\n"); + return rc; + } + + pntsd->type = cpu_to_le16(DACL_PRESENT); + + if (pntsd->osidoffset) { + rc = parse_sid(owner_sid_ptr, end_of_acl); + if (rc) { + ksmbd_err("%s: Error %d parsing Owner SID\n", __func__, rc); + return rc; + } + + rc = sid_to_id(owner_sid_ptr, SIDOWNER, fattr); + if (rc) { + ksmbd_err("%s: Error %d mapping Owner SID to uid\n", + __func__, rc); + owner_sid_ptr = NULL; + } + } + + if (pntsd->gsidoffset) { + rc = parse_sid(group_sid_ptr, end_of_acl); + if (rc) { + ksmbd_err("%s: Error %d mapping Owner SID to gid\n", + __func__, rc); + return rc; + } + rc = sid_to_id(group_sid_ptr, SIDUNIX_GROUP, fattr); + if (rc) { + ksmbd_err("%s: Error %d mapping Group SID to gid\n", + __func__, rc); + group_sid_ptr = NULL; + } + } + + if ((pntsd_type & + (DACL_AUTO_INHERITED | DACL_AUTO_INHERIT_REQ)) == + (DACL_AUTO_INHERITED | DACL_AUTO_INHERIT_REQ)) + pntsd->type |= cpu_to_le16(DACL_AUTO_INHERITED); + if (pntsd_type & DACL_PROTECTED) + pntsd->type |= cpu_to_le16(DACL_PROTECTED); + + if (dacloffset) { + parse_dacl(dacl_ptr, end_of_acl, owner_sid_ptr, group_sid_ptr, + fattr); + } + + return 0; +} + +/* Convert permission bits from mode to equivalent CIFS ACL */ +int build_sec_desc(struct smb_ntsd *pntsd, struct smb_ntsd *ppntsd, + int addition_info, __u32 *secdesclen, struct smb_fattr *fattr) +{ + int rc = 0; + __u32 offset; + struct smb_sid *owner_sid_ptr, *group_sid_ptr; + struct smb_sid *nowner_sid_ptr, *ngroup_sid_ptr; + struct smb_acl *dacl_ptr = NULL; /* no need for SACL ptr */ + uid_t uid; + gid_t gid; + unsigned int sid_type = SIDOWNER; + + nowner_sid_ptr = kmalloc(sizeof(struct smb_sid), GFP_KERNEL); + if (!nowner_sid_ptr) + return -ENOMEM; + + uid = from_kuid(&init_user_ns, fattr->cf_uid); + if (!uid) + sid_type = SIDUNIX_USER; + id_to_sid(uid, sid_type, nowner_sid_ptr); + + ngroup_sid_ptr = kmalloc(sizeof(struct smb_sid), GFP_KERNEL); + if (!ngroup_sid_ptr) { + kfree(nowner_sid_ptr); + return -ENOMEM; + } + + gid = from_kgid(&init_user_ns, fattr->cf_gid); + id_to_sid(gid, SIDUNIX_GROUP, ngroup_sid_ptr); + + offset = sizeof(struct smb_ntsd); + pntsd->sacloffset = 0; + pntsd->revision = cpu_to_le16(1); + pntsd->type = cpu_to_le16(SELF_RELATIVE); + if (ppntsd) + pntsd->type |= ppntsd->type; + + if (addition_info & OWNER_SECINFO) { + pntsd->osidoffset = cpu_to_le32(offset); + owner_sid_ptr = (struct smb_sid *)((char *)pntsd + offset); + smb_copy_sid(owner_sid_ptr, nowner_sid_ptr); + offset += 1 + 1 + 6 + (nowner_sid_ptr->num_subauth * 4); + } + + if (addition_info & GROUP_SECINFO) { + pntsd->gsidoffset = cpu_to_le32(offset); + group_sid_ptr = (struct smb_sid *)((char *)pntsd + offset); + smb_copy_sid(group_sid_ptr, ngroup_sid_ptr); + offset += 1 + 1 + 6 + (ngroup_sid_ptr->num_subauth * 4); + } + + if (addition_info & DACL_SECINFO) { + pntsd->type |= cpu_to_le16(DACL_PRESENT); + dacl_ptr = (struct smb_acl *)((char *)pntsd + offset); + dacl_ptr->revision = cpu_to_le16(2); + dacl_ptr->size = cpu_to_le16(sizeof(struct smb_acl)); + dacl_ptr->num_aces = 0; + + if (!ppntsd) + set_mode_dacl(dacl_ptr, fattr); + else if (!ppntsd->dacloffset) + goto out; + else { + struct smb_acl *ppdacl_ptr; + + ppdacl_ptr = (struct smb_acl *)((char *)ppntsd + + le32_to_cpu(ppntsd->dacloffset)); + set_ntacl_dacl(dacl_ptr, ppdacl_ptr, nowner_sid_ptr, + ngroup_sid_ptr, fattr); + } + pntsd->dacloffset = cpu_to_le32(offset); + offset += le16_to_cpu(dacl_ptr->size); + } + +out: + kfree(nowner_sid_ptr); + kfree(ngroup_sid_ptr); + *secdesclen = offset; + return rc; +} + +static void smb_set_ace(struct smb_ace *ace, const struct smb_sid *sid, u8 type, + u8 flags, __le32 access_req) +{ + ace->type = type; + ace->flags = flags; + ace->access_req = access_req; + smb_copy_sid(&ace->sid, sid); + ace->size = cpu_to_le16(1 + 1 + 2 + 4 + 1 + 1 + 6 + (sid->num_subauth * 4)); +} + +int smb_inherit_dacl(struct ksmbd_conn *conn, struct dentry *dentry, + unsigned int uid, unsigned int gid) +{ + const struct smb_sid *psid, *creator = NULL; + struct smb_ace *parent_aces, *aces; + struct smb_acl *parent_pdacl; + struct smb_ntsd *parent_pntsd = NULL; + struct smb_sid owner_sid, group_sid; + struct dentry *parent = dentry->d_parent; + int inherited_flags = 0, flags = 0, i, ace_cnt = 0, nt_size = 0; + int rc = -ENOENT, num_aces, dacloffset, pntsd_type, acl_len; + char *aces_base; + bool is_dir = S_ISDIR(dentry->d_inode->i_mode); + + acl_len = ksmbd_vfs_get_sd_xattr(conn, parent, &parent_pntsd); + if (acl_len <= 0) + return rc; + dacloffset = le32_to_cpu(parent_pntsd->dacloffset); + if (!dacloffset) + goto out; + + parent_pdacl = (struct smb_acl *)((char *)parent_pntsd + dacloffset); + num_aces = le32_to_cpu(parent_pdacl->num_aces); + pntsd_type = le16_to_cpu(parent_pntsd->type); + + aces_base = kmalloc(sizeof(struct smb_ace) * num_aces * 2, GFP_KERNEL); + if (!aces_base) + goto out; + + aces = (struct smb_ace *)aces_base; + parent_aces = (struct smb_ace *)((char *)parent_pdacl + + sizeof(struct smb_acl)); + + if (pntsd_type & DACL_AUTO_INHERITED) + inherited_flags = INHERITED_ACE; + + for (i = 0; i < num_aces; i++) { + flags = parent_aces->flags; + if (!smb_inherit_flags(flags, is_dir)) + goto pass; + if (is_dir) { + flags &= ~(INHERIT_ONLY_ACE | INHERITED_ACE); + if (!(flags & CONTAINER_INHERIT_ACE)) + flags |= INHERIT_ONLY_ACE; + if (flags & NO_PROPAGATE_INHERIT_ACE) + flags = 0; + } else + flags = 0; + + if (!compare_sids(&creator_owner, &parent_aces->sid)) { + creator = &creator_owner; + id_to_sid(uid, SIDOWNER, &owner_sid); + psid = &owner_sid; + } else if (!compare_sids(&creator_group, &parent_aces->sid)) { + creator = &creator_group; + id_to_sid(gid, SIDUNIX_GROUP, &group_sid); + psid = &group_sid; + } else { + creator = NULL; + psid = &parent_aces->sid; + } + + if (is_dir && creator && flags & CONTAINER_INHERIT_ACE) { + smb_set_ace(aces, psid, parent_aces->type, inherited_flags, + parent_aces->access_req); + nt_size += le16_to_cpu(aces->size); + ace_cnt++; + aces = (struct smb_ace *)((char *)aces + le16_to_cpu(aces->size)); + flags |= INHERIT_ONLY_ACE; + psid = creator; + } else if (is_dir && !(parent_aces->flags & NO_PROPAGATE_INHERIT_ACE)) + psid = &parent_aces->sid; + + smb_set_ace(aces, psid, parent_aces->type, flags | inherited_flags, + parent_aces->access_req); + nt_size += le16_to_cpu(aces->size); + aces = (struct smb_ace *)((char *)aces + le16_to_cpu(aces->size)); + ace_cnt++; +pass: + parent_aces = + (struct smb_ace *)((char *)parent_aces + le16_to_cpu(parent_aces->size)); + } + + if (nt_size > 0) { + struct smb_ntsd *pntsd; + struct smb_acl *pdacl; + struct smb_sid *powner_sid = NULL, *pgroup_sid = NULL; + int powner_sid_size = 0, pgroup_sid_size = 0, pntsd_size; + + if (parent_pntsd->osidoffset) { + powner_sid = (struct smb_sid *)((char *)parent_pntsd + + le32_to_cpu(parent_pntsd->osidoffset)); + powner_sid_size = 1 + 1 + 6 + (powner_sid->num_subauth * 4); + } + if (parent_pntsd->gsidoffset) { + pgroup_sid = (struct smb_sid *)((char *)parent_pntsd + + le32_to_cpu(parent_pntsd->gsidoffset)); + pgroup_sid_size = 1 + 1 + 6 + (pgroup_sid->num_subauth * 4); + } + + pntsd = kzalloc(sizeof(struct smb_ntsd) + powner_sid_size + + pgroup_sid_size + sizeof(struct smb_acl) + + nt_size, GFP_KERNEL); + if (!pntsd) { + rc = -ENOMEM; + goto out; + } + + pntsd->revision = cpu_to_le16(1); + pntsd->type = cpu_to_le16(SELF_RELATIVE | DACL_PRESENT); + if (le16_to_cpu(parent_pntsd->type) & DACL_AUTO_INHERITED) + pntsd->type |= cpu_to_le16(DACL_AUTO_INHERITED); + pntsd_size = sizeof(struct smb_ntsd); + pntsd->osidoffset = parent_pntsd->osidoffset; + pntsd->gsidoffset = parent_pntsd->gsidoffset; + pntsd->dacloffset = parent_pntsd->dacloffset; + + if (pntsd->osidoffset) { + struct smb_sid *owner_sid = (struct smb_sid *)((char *)pntsd + + le32_to_cpu(pntsd->osidoffset)); + memcpy(owner_sid, powner_sid, powner_sid_size); + pntsd_size += powner_sid_size; + } + + if (pntsd->gsidoffset) { + struct smb_sid *group_sid = (struct smb_sid *)((char *)pntsd + + le32_to_cpu(pntsd->gsidoffset)); + memcpy(group_sid, pgroup_sid, pgroup_sid_size); + pntsd_size += pgroup_sid_size; + } + + if (pntsd->dacloffset) { + struct smb_ace *pace; + + pdacl = (struct smb_acl *)((char *)pntsd + le32_to_cpu(pntsd->dacloffset)); + pdacl->revision = cpu_to_le16(2); + pdacl->size = cpu_to_le16(sizeof(struct smb_acl) + nt_size); + pdacl->num_aces = cpu_to_le32(ace_cnt); + pace = (struct smb_ace *)((char *)pdacl + sizeof(struct smb_acl)); + memcpy(pace, aces_base, nt_size); + pntsd_size += sizeof(struct smb_acl) + nt_size; + } + + ksmbd_vfs_set_sd_xattr(conn, dentry, pntsd, pntsd_size); + kfree(pntsd); + rc = 0; + } + + kfree(aces_base); +out: + return rc; +} + +bool smb_inherit_flags(int flags, bool is_dir) +{ + if (!is_dir) + return (flags & OBJECT_INHERIT_ACE) != 0; + + if (flags & OBJECT_INHERIT_ACE && !(flags & NO_PROPAGATE_INHERIT_ACE)) + return true; + + if (flags & CONTAINER_INHERIT_ACE) + return true; + return false; +} + +int smb_check_perm_dacl(struct ksmbd_conn *conn, struct dentry *dentry, + __le32 *pdaccess, int uid) +{ + struct smb_ntsd *pntsd = NULL; + struct smb_acl *pdacl; + struct posix_acl *posix_acls; + int rc = 0, acl_size; + struct smb_sid sid; + int granted = le32_to_cpu(*pdaccess & ~FILE_MAXIMAL_ACCESS_LE); + struct smb_ace *ace; + int i, found = 0; + unsigned int access_bits = 0; + struct smb_ace *others_ace = NULL; + struct posix_acl_entry *pa_entry; + unsigned int sid_type = SIDOWNER; + + ksmbd_debug(SMB, "check permission using windows acl\n"); + acl_size = ksmbd_vfs_get_sd_xattr(conn, dentry, &pntsd); + if (acl_size <= 0 || (pntsd && !pntsd->dacloffset)) + return 0; + + pdacl = (struct smb_acl *)((char *)pntsd + le32_to_cpu(pntsd->dacloffset)); + if (!pdacl->num_aces) { + if (!(le16_to_cpu(pdacl->size) - sizeof(struct smb_acl)) && + *pdaccess & ~(FILE_READ_CONTROL_LE | FILE_WRITE_DAC_LE)) { + rc = -EACCES; + goto err_out; + } + kfree(pntsd); + return 0; + } + + if (*pdaccess & FILE_MAXIMAL_ACCESS_LE) { + granted = READ_CONTROL | WRITE_DAC | FILE_READ_ATTRIBUTES | + DELETE; + + ace = (struct smb_ace *)((char *)pdacl + sizeof(struct smb_acl)); + for (i = 0; i < le32_to_cpu(pdacl->num_aces); i++) { + granted |= le32_to_cpu(ace->access_req); + ace = (struct smb_ace *) ((char *)ace + le16_to_cpu(ace->size)); + } + + if (!pdacl->num_aces) + granted = GENERIC_ALL_FLAGS; + } + + if (!uid) + sid_type = SIDUNIX_USER; + id_to_sid(uid, sid_type, &sid); + + ace = (struct smb_ace *)((char *)pdacl + sizeof(struct smb_acl)); + for (i = 0; i < le32_to_cpu(pdacl->num_aces); i++) { + if (!compare_sids(&sid, &ace->sid) || + !compare_sids(&sid_unix_NFS_mode, &ace->sid)) { + found = 1; + break; + } + if (!compare_sids(&sid_everyone, &ace->sid)) + others_ace = ace; + + ace = (struct smb_ace *) ((char *)ace + le16_to_cpu(ace->size)); + } + + if (*pdaccess & FILE_MAXIMAL_ACCESS_LE && found) { + granted = READ_CONTROL | WRITE_DAC | FILE_READ_ATTRIBUTES | + DELETE; + + granted |= le32_to_cpu(ace->access_req); + + if (!pdacl->num_aces) + granted = GENERIC_ALL_FLAGS; + } + + posix_acls = ksmbd_vfs_get_acl(dentry->d_inode, ACL_TYPE_ACCESS); + if (posix_acls && !found) { + unsigned int id = -1; + + pa_entry = posix_acls->a_entries; + for (i = 0; i < posix_acls->a_count; i++, pa_entry++) { + if (pa_entry->e_tag == ACL_USER) + id = from_kuid(&init_user_ns, pa_entry->e_uid); + else if (pa_entry->e_tag == ACL_GROUP) + id = from_kgid(&init_user_ns, pa_entry->e_gid); + else + continue; + + if (id == uid) { + mode_to_access_flags(pa_entry->e_perm, 0777, &access_bits); + if (!access_bits) + access_bits = SET_MINIMUM_RIGHTS; + goto check_access_bits; + } + } + } + if (posix_acls) + posix_acl_release(posix_acls); + + if (!found) { + if (others_ace) + ace = others_ace; + else { + ksmbd_debug(SMB, "Can't find corresponding sid\n"); + rc = -EACCES; + goto err_out; + } + } + + switch (ace->type) { + case ACCESS_ALLOWED_ACE_TYPE: + access_bits = le32_to_cpu(ace->access_req); + break; + case ACCESS_DENIED_ACE_TYPE: + case ACCESS_DENIED_CALLBACK_ACE_TYPE: + access_bits = le32_to_cpu(~ace->access_req); + break; + } + +check_access_bits: + if (granted & ~(access_bits | FILE_READ_ATTRIBUTES | + READ_CONTROL | WRITE_DAC | DELETE)) { + ksmbd_debug(SMB, "Access denied with winACL, granted : %x, access_req : %x\n", + granted, le32_to_cpu(ace->access_req)); + rc = -EACCES; + goto err_out; + } + + *pdaccess = cpu_to_le32(granted); +err_out: + kfree(pntsd); + return rc; +} + +int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon, + struct dentry *dentry, struct smb_ntsd *pntsd, int ntsd_len, + bool type_check) +{ + int rc; + struct smb_fattr fattr = {{0}}; + struct inode *inode = dentry->d_inode; + + fattr.cf_uid = INVALID_UID; + fattr.cf_gid = INVALID_GID; + fattr.cf_mode = inode->i_mode; + + rc = parse_sec_desc(pntsd, ntsd_len, &fattr); + if (rc) + goto out; + + inode->i_mode = (inode->i_mode & ~0777) | (fattr.cf_mode & 0777); + if (!uid_eq(fattr.cf_uid, INVALID_UID)) + inode->i_uid = fattr.cf_uid; + if (!gid_eq(fattr.cf_gid, INVALID_GID)) + inode->i_gid = fattr.cf_gid; + mark_inode_dirty(inode); + + ksmbd_vfs_remove_acl_xattrs(dentry); + /* Update posix acls */ + if (fattr.cf_dacls) { + rc = ksmbd_vfs_set_posix_acl(inode, ACL_TYPE_ACCESS, + fattr.cf_acls); + if (S_ISDIR(inode->i_mode) && fattr.cf_dacls) + rc = ksmbd_vfs_set_posix_acl(inode, ACL_TYPE_DEFAULT, + fattr.cf_dacls); + } + + /* Check it only calling from SD BUFFER context */ + if (type_check && !(le16_to_cpu(pntsd->type) & DACL_PRESENT)) + goto out; + + if (test_share_config_flag(tcon->share_conf, + KSMBD_SHARE_FLAG_ACL_XATTR)) { + /* Update WinACL in xattr */ + ksmbd_vfs_remove_sd_xattrs(dentry); + ksmbd_vfs_set_sd_xattr(conn, dentry, pntsd, ntsd_len); + } + +out: + posix_acl_release(fattr.cf_acls); + posix_acl_release(fattr.cf_dacls); + mark_inode_dirty(inode); + return rc; +} + +void ksmbd_init_domain(u32 *sub_auth) +{ + int i; + + memcpy(&server_conf.domain_sid, &domain, sizeof(struct smb_sid)); + for (i = 0; i < 3; ++i) + server_conf.domain_sid.sub_auth[i + 1] = cpu_to_le32(sub_auth[i]); +} diff --git a/fs/cifsd/smbacl.h b/fs/cifsd/smbacl.h new file mode 100644 index 000000000000..9b22bff4191f --- /dev/null +++ b/fs/cifsd/smbacl.h @@ -0,0 +1,202 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ +/* + * Copyright (c) International Business Machines Corp., 2007 + * Author(s): Steve French (sfrench@us.ibm.com) + * Modified by Namjae Jeon (linkinjeon@kernel.org) + */ + +#ifndef _SMBACL_H +#define _SMBACL_H + +#include <linux/fs.h> +#include <linux/namei.h> +#include <linux/posix_acl.h> + +#include "mgmt/tree_connect.h" + +#define NUM_AUTHS (6) /* number of authority fields */ +#define SID_MAX_SUB_AUTHORITIES (15) /* max number of sub authority fields */ + +#define ACCESS_ALLOWED 0 +#define ACCESS_DENIED 1 + +#define SIDOWNER 1 +#define SIDGROUP 2 +#define SIDCREATOR_OWNER 3 +#define SIDCREATOR_GROUP 4 +#define SIDUNIX_USER 5 +#define SIDUNIX_GROUP 6 +#define SIDNFS_USER 7 +#define SIDNFS_GROUP 8 +#define SIDNFS_MODE 9 + +/* Revision for ACLs */ +#define SD_REVISION 1 + +/* Control flags for Security Descriptor */ +#define OWNER_DEFAULTED 0x0001 +#define GROUP_DEFAULTED 0x0002 +#define DACL_PRESENT 0x0004 +#define DACL_DEFAULTED 0x0008 +#define SACL_PRESENT 0x0010 +#define SACL_DEFAULTED 0x0020 +#define DACL_TRUSTED 0x0040 +#define SERVER_SECURITY 0x0080 +#define DACL_AUTO_INHERIT_REQ 0x0100 +#define SACL_AUTO_INHERIT_REQ 0x0200 +#define DACL_AUTO_INHERITED 0x0400 +#define SACL_AUTO_INHERITED 0x0800 +#define DACL_PROTECTED 0x1000 +#define SACL_PROTECTED 0x2000 +#define RM_CONTROL_VALID 0x4000 +#define SELF_RELATIVE 0x8000 + +/* ACE types - see MS-DTYP 2.4.4.1 */ +#define ACCESS_ALLOWED_ACE_TYPE 0x00 +#define ACCESS_DENIED_ACE_TYPE 0x01 +#define SYSTEM_AUDIT_ACE_TYPE 0x02 +#define SYSTEM_ALARM_ACE_TYPE 0x03 +#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE 0x04 +#define ACCESS_ALLOWED_OBJECT_ACE_TYPE 0x05 +#define ACCESS_DENIED_OBJECT_ACE_TYPE 0x06 +#define SYSTEM_AUDIT_OBJECT_ACE_TYPE 0x07 +#define SYSTEM_ALARM_OBJECT_ACE_TYPE 0x08 +#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE 0x09 +#define ACCESS_DENIED_CALLBACK_ACE_TYPE 0x0A +#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE 0x0B +#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE 0x0C +#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE 0x0D +#define SYSTEM_ALARM_CALLBACK_ACE_TYPE 0x0E /* Reserved */ +#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE 0x0F +#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE 0x10 /* reserved */ +#define SYSTEM_MANDATORY_LABEL_ACE_TYPE 0x11 +#define SYSTEM_RESOURCE_ATTRIBUTE_ACE_TYPE 0x12 +#define SYSTEM_SCOPED_POLICY_ID_ACE_TYPE 0x13 + +/* ACE flags */ +#define OBJECT_INHERIT_ACE 0x01 +#define CONTAINER_INHERIT_ACE 0x02 +#define NO_PROPAGATE_INHERIT_ACE 0x04 +#define INHERIT_ONLY_ACE 0x08 +#define INHERITED_ACE 0x10 +#define SUCCESSFUL_ACCESS_ACE_FLAG 0x40 +#define FAILED_ACCESS_ACE_FLAG 0x80 + +/* + * Maximum size of a string representation of a SID: + * + * The fields are unsigned values in decimal. So: + * + * u8: max 3 bytes in decimal + * u32: max 10 bytes in decimal + * + * "S-" + 3 bytes for version field + 15 for authority field + NULL terminator + * + * For authority field, max is when all 6 values are non-zero and it must be + * represented in hex. So "-0x" + 12 hex digits. + * + * Add 11 bytes for each subauthority field (10 bytes each + 1 for '-') + */ +#define SID_STRING_BASE_SIZE (2 + 3 + 15 + 1) +#define SID_STRING_SUBAUTH_SIZE (11) /* size of a single subauth string */ + +#define DOMAIN_USER_RID_LE cpu_to_le32(513) + +struct ksmbd_conn; + +struct smb_ntsd { + __le16 revision; /* revision level */ + __le16 type; + __le32 osidoffset; + __le32 gsidoffset; + __le32 sacloffset; + __le32 dacloffset; +} __packed; + +struct smb_sid { + __u8 revision; /* revision level */ + __u8 num_subauth; + __u8 authority[NUM_AUTHS]; + __le32 sub_auth[SID_MAX_SUB_AUTHORITIES]; /* sub_auth[num_subauth] */ +} __packed; + +/* size of a struct cifs_sid, sans sub_auth array */ +#define CIFS_SID_BASE_SIZE (1 + 1 + NUM_AUTHS) + +struct smb_acl { + __le16 revision; /* revision level */ + __le16 size; + __le32 num_aces; +} __packed; + +struct smb_ace { + __u8 type; + __u8 flags; + __le16 size; + __le32 access_req; + struct smb_sid sid; /* ie UUID of user or group who gets these perms */ +} __packed; + +struct smb_fattr { + kuid_t cf_uid; + kgid_t cf_gid; + umode_t cf_mode; + __le32 daccess; + struct posix_acl *cf_acls; + struct posix_acl *cf_dacls; +}; + +struct posix_ace_state { + u32 allow; + u32 deny; +}; + +struct posix_user_ace_state { + union { + kuid_t uid; + kgid_t gid; + }; + struct posix_ace_state perms; +}; + +struct posix_ace_state_array { + int n; + struct posix_user_ace_state aces[]; +}; + +/* + * while processing the nfsv4 ace, this maintains the partial permissions + * calculated so far: + */ + +struct posix_acl_state { + struct posix_ace_state owner; + struct posix_ace_state group; + struct posix_ace_state other; + struct posix_ace_state everyone; + struct posix_ace_state mask; /* deny unused in this case */ + struct posix_ace_state_array *users; + struct posix_ace_state_array *groups; +}; + +int parse_sec_desc(struct smb_ntsd *pntsd, int acl_len, + struct smb_fattr *fattr); +int build_sec_desc(struct smb_ntsd *pntsd, struct smb_ntsd *ppntsd, + int addition_info, __u32 *secdesclen, struct smb_fattr *fattr); +int init_acl_state(struct posix_acl_state *state, int cnt); +void free_acl_state(struct posix_acl_state *state); +void posix_state_to_acl(struct posix_acl_state *state, + struct posix_acl_entry *pace); +int compare_sids(const struct smb_sid *ctsid, const struct smb_sid *cwsid); +bool smb_inherit_flags(int flags, bool is_dir); +int smb_inherit_dacl(struct ksmbd_conn *conn, struct dentry *dentry, + unsigned int uid, unsigned int gid); +int smb_check_perm_dacl(struct ksmbd_conn *conn, struct dentry *dentry, + __le32 *pdaccess, int uid); +int store_init_posix_acl(struct inode *inode, umode_t perm); +int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon, + struct dentry *dentry, struct smb_ntsd *pntsd, int ntsd_len, + bool type_check); +void id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid); +void ksmbd_init_domain(u32 *sub_auth); +#endif /* _SMBACL_H */ diff --git a/fs/cifsd/smberr.h b/fs/cifsd/smberr.h new file mode 100644 index 000000000000..ce842303ae1f --- /dev/null +++ b/fs/cifsd/smberr.h @@ -0,0 +1,235 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ +/* + * Copyright (c) International Business Machines Corp., 2002,2004 + * Author(s): Steve French (sfrench@us.ibm.com) + * + * See Error Codes section of the SNIA CIFS Specification + * for more information + */ +#ifndef __KSMBD_SMBERR_H +#define __KSMBD_SMBERR_H + +#define SUCCESS 0x00 /* The request was successful. */ +#define ERRDOS 0x01 /* Error is from the core DOS operating system set */ +#define ERRSRV 0x02 /* Error is generated by the file server daemon */ +#define ERRHRD 0x03 /* Error is a hardware error. */ +#define ERRCMD 0xFF /* Command was not in the "SMB" format. */ + +/* The following error codes may be generated with the SUCCESS error class.*/ + +/*#define SUCCESS 0 The request was successful. */ + +/* The following error codes may be generated with the ERRDOS error class.*/ + +#define ERRbadfunc 1 /* + * Invalid function. The server did not + * recognize or could not perform a + * system call generated by the server, + * e.g., set the DIRECTORY attribute on + * a data file, invalid seek mode. + */ +#define ERRbadfile 2 /* + * File not found. The last component + * of a file's pathname could not be + * found. + */ +#define ERRbadpath 3 /* + * Directory invalid. A directory + * component in a pathname could not be + * found. + */ +#define ERRnofids 4 /* + * Too many open files. The server has + * no file handles available. + */ +#define ERRnoaccess 5 /* + * Access denied, the client's context + * does not permit the requested + * function. This includes the + * following conditions: invalid rename + * command, write to Fid open for read + * only, read on Fid open for write + * only, attempt to delete a non-empty + * directory + */ +#define ERRbadfid 6 /* + * Invalid file handle. The file handle + * specified was not recognized by the + * server. + */ +#define ERRbadmcb 7 /* Memory control blocks destroyed. */ +#define ERRnomem 8 /* + * Insufficient server memory to + * perform the requested function. + */ +#define ERRbadmem 9 /* Invalid memory block address. */ +#define ERRbadenv 10 /* Invalid environment. */ +#define ERRbadformat 11 /* Invalid format. */ +#define ERRbadaccess 12 /* Invalid open mode. */ +#define ERRbaddata 13 /* + * Invalid data (generated only by + * IOCTL calls within the server). + */ +#define ERRbaddrive 15 /* Invalid drive specified. */ +#define ERRremcd 16 /* + * A Delete Directory request attempted + * to remove the server's current + * directory. + */ +#define ERRdiffdevice 17 /* + * Not same device (e.g., a cross + * volume rename was attempted + */ +#define ERRnofiles 18 /* + * A File Search command can find no + * more files matching the specified + * criteria. + */ +#define ERRwriteprot 19 /* media is write protected */ +#define ERRgeneral 31 +#define ERRbadshare 32 /* + * The sharing mode specified for an + * Open conflicts with existing FIDs on + * the file. + */ +#define ERRlock 33 /* + * A Lock request conflicted with an + * existing lock or specified an + * invalid mode, or an Unlock requested + * attempted to remove a lock held by + * another process. + */ +#define ERRunsup 50 +#define ERRnosuchshare 67 +#define ERRfilexists 80 /* + * The file named in the request + * already exists. + */ +#define ERRinvparm 87 +#define ERRdiskfull 112 +#define ERRinvname 123 +#define ERRinvlevel 124 +#define ERRdirnotempty 145 +#define ERRnotlocked 158 +#define ERRcancelviolation 173 +#define ERRnoatomiclocks 174 +#define ERRalreadyexists 183 +#define ERRbadpipe 230 +#define ERRpipebusy 231 +#define ERRpipeclosing 232 +#define ERRnotconnected 233 +#define ERRmoredata 234 +#define ERReasnotsupported 282 +#define ErrQuota 0x200 /* + * The operation would cause a quota + * limit to be exceeded. + */ +#define ErrNotALink 0x201 /* + * A link operation was performed on a + * pathname that was not a link. + */ + +/* + * Below errors are used internally (do not come over the wire) for passthrough + * from STATUS codes to POSIX only + */ +#define ERRsymlink 0xFFFD +#define ErrTooManyLinks 0xFFFE + +/* Following error codes may be generated with the ERRSRV error class.*/ + +#define ERRerror 1 /* + * Non-specific error code. It is + * returned under the following + * conditions: resource other than disk + * space exhausted (e.g. TIDs), first + * SMB command was not negotiate, + * multiple negotiates attempted, and + * internal server error. + */ +#define ERRbadpw 2 /* + * Bad password - name/password pair in + * a TreeConnect or Session Setup are + * invalid. + */ +#define ERRbadtype 3 /* + * used for indicating DFS referral + * needed + */ +#define ERRaccess 4 /* + * The client does not have the + * necessary access rights within the + * specified context for requested + * function. + */ +#define ERRinvtid 5 /* + * The Tid specified in a command was + * invalid. + */ +#define ERRinvnetname 6 /* + * Invalid network name in tree + * connect. + */ +#define ERRinvdevice 7 /* + * Invalid device - printer request + * made to non-printer connection or + * non-printer request made to printer + * connection. + */ +#define ERRqfull 49 /* + * Print queue full (files) -- returned + * by open print file. + */ +#define ERRqtoobig 50 /* Print queue full -- no space. */ +#define ERRqeof 51 /* EOF on print queue dump */ +#define ERRinvpfid 52 /* Invalid print file FID. */ +#define ERRsmbcmd 64 /* + * The server did not recognize the + * command received. + */ +#define ERRsrverror 65 /* + * The server encountered an internal + * error, e.g., system file + * unavailable. + */ +#define ERRbadBID 66 /* (obsolete) */ +#define ERRfilespecs 67 /* + * The Fid and pathname parameters + * contained an invalid combination of + * values. + */ +#define ERRbadLink 68 /* (obsolete) */ +#define ERRbadpermits 69 /* + * The access permissions specified for + * a file or directory are not a valid + * combination. + */ +#define ERRbadPID 70 +#define ERRsetattrmode 71 /* attribute (mode) is invalid */ +#define ERRpaused 81 /* Server is paused */ +#define ERRmsgoff 82 /* reserved - messaging off */ +#define ERRnoroom 83 /* reserved - no room for message */ +#define ERRrmuns 87 /* reserved - too many remote names */ +#define ERRtimeout 88 /* operation timed out */ +#define ERRnoresource 89 /* No resources available for request */ +#define ERRtoomanyuids 90 /* + * Too many UIDs active on this session + */ +#define ERRbaduid 91 /* + * The UID is not known as a valid user + */ +#define ERRusempx 250 /* temporarily unable to use raw */ +#define ERRusestd 251 /* + * temporarily unable to use either raw + * or mpx + */ +#define ERR_NOTIFY_ENUM_DIR 1024 +#define ERRnoSuchUser 2238 /* user account does not exist */ +#define ERRaccountexpired 2239 +#define ERRbadclient 2240 /* can not logon from this client */ +#define ERRbadLogonTime 2241 /* logon hours do not allow this */ +#define ERRpasswordExpired 2242 +#define ERRnetlogonNotStarted 2455 +#define ERRnosupport 0xFFFF + +#endif /* __KSMBD_SMBERR_H */ diff --git a/fs/cifsd/smbfsctl.h b/fs/cifsd/smbfsctl.h new file mode 100644 index 000000000000..908c4e68a479 --- /dev/null +++ b/fs/cifsd/smbfsctl.h @@ -0,0 +1,90 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ +/* + * fs/cifs/smbfsctl.h: SMB, CIFS, SMB2 FSCTL definitions + * + * Copyright (c) International Business Machines Corp., 2002,2009 + * Author(s): Steve French (sfrench@us.ibm.com) + */ + +/* IOCTL information */ +/* + * List of ioctl/fsctl function codes that are or could be useful in the + * future to remote clients like cifs or SMB2 client. There is probably + * a slightly larger set of fsctls that NTFS local filesystem could handle, + * including the seven below that we do not have struct definitions for. + * Even with protocol definitions for most of these now available, we still + * need to do some experimentation to identify which are practical to do + * remotely. Some of the following, such as the encryption/compression ones + * could be invoked from tools via a specialized hook into the VFS rather + * than via the standard vfs entry points + */ + +#ifndef __KSMBD_SMBFSCTL_H +#define __KSMBD_SMBFSCTL_H + +#define FSCTL_DFS_GET_REFERRALS 0x00060194 +#define FSCTL_DFS_GET_REFERRALS_EX 0x000601B0 +#define FSCTL_REQUEST_OPLOCK_LEVEL_1 0x00090000 +#define FSCTL_REQUEST_OPLOCK_LEVEL_2 0x00090004 +#define FSCTL_REQUEST_BATCH_OPLOCK 0x00090008 +#define FSCTL_LOCK_VOLUME 0x00090018 +#define FSCTL_UNLOCK_VOLUME 0x0009001C +#define FSCTL_IS_PATHNAME_VALID 0x0009002C /* BB add struct */ +#define FSCTL_GET_COMPRESSION 0x0009003C /* BB add struct */ +#define FSCTL_SET_COMPRESSION 0x0009C040 /* BB add struct */ +#define FSCTL_QUERY_FAT_BPB 0x00090058 /* BB add struct */ +/* Verify the next FSCTL number, we had it as 0x00090090 before */ +#define FSCTL_FILESYSTEM_GET_STATS 0x00090060 /* BB add struct */ +#define FSCTL_GET_NTFS_VOLUME_DATA 0x00090064 /* BB add struct */ +#define FSCTL_GET_RETRIEVAL_POINTERS 0x00090073 /* BB add struct */ +#define FSCTL_IS_VOLUME_DIRTY 0x00090078 /* BB add struct */ +#define FSCTL_ALLOW_EXTENDED_DASD_IO 0x00090083 /* BB add struct */ +#define FSCTL_REQUEST_FILTER_OPLOCK 0x0009008C +#define FSCTL_FIND_FILES_BY_SID 0x0009008F /* BB add struct */ +#define FSCTL_SET_OBJECT_ID 0x00090098 /* BB add struct */ +#define FSCTL_GET_OBJECT_ID 0x0009009C /* BB add struct */ +#define FSCTL_DELETE_OBJECT_ID 0x000900A0 /* BB add struct */ +#define FSCTL_SET_REPARSE_POINT 0x000900A4 /* BB add struct */ +#define FSCTL_GET_REPARSE_POINT 0x000900A8 /* BB add struct */ +#define FSCTL_DELETE_REPARSE_POINT 0x000900AC /* BB add struct */ +#define FSCTL_SET_OBJECT_ID_EXTENDED 0x000900BC /* BB add struct */ +#define FSCTL_CREATE_OR_GET_OBJECT_ID 0x000900C0 /* BB add struct */ +#define FSCTL_SET_SPARSE 0x000900C4 /* BB add struct */ +#define FSCTL_SET_ZERO_DATA 0x000980C8 /* BB add struct */ +#define FSCTL_SET_ENCRYPTION 0x000900D7 /* BB add struct */ +#define FSCTL_ENCRYPTION_FSCTL_IO 0x000900DB /* BB add struct */ +#define FSCTL_WRITE_RAW_ENCRYPTED 0x000900DF /* BB add struct */ +#define FSCTL_READ_RAW_ENCRYPTED 0x000900E3 /* BB add struct */ +#define FSCTL_READ_FILE_USN_DATA 0x000900EB /* BB add struct */ +#define FSCTL_WRITE_USN_CLOSE_RECORD 0x000900EF /* BB add struct */ +#define FSCTL_SIS_COPYFILE 0x00090100 /* BB add struct */ +#define FSCTL_RECALL_FILE 0x00090117 /* BB add struct */ +#define FSCTL_QUERY_SPARING_INFO 0x00090138 /* BB add struct */ +#define FSCTL_SET_ZERO_ON_DEALLOC 0x00090194 /* BB add struct */ +#define FSCTL_SET_SHORT_NAME_BEHAVIOR 0x000901B4 /* BB add struct */ +#define FSCTL_QUERY_ALLOCATED_RANGES 0x000940CF /* BB add struct */ +#define FSCTL_SET_DEFECT_MANAGEMENT 0x00098134 /* BB add struct */ +#define FSCTL_SIS_LINK_FILES 0x0009C104 +#define FSCTL_PIPE_PEEK 0x0011400C /* BB add struct */ +#define FSCTL_PIPE_TRANSCEIVE 0x0011C017 /* BB add struct */ +/* strange that the number for this op is not sequential with previous op */ +#define FSCTL_PIPE_WAIT 0x00110018 /* BB add struct */ +#define FSCTL_REQUEST_RESUME_KEY 0x00140078 +#define FSCTL_LMR_GET_LINK_TRACK_INF 0x001400E8 /* BB add struct */ +#define FSCTL_LMR_SET_LINK_TRACK_INF 0x001400EC /* BB add struct */ +#define FSCTL_VALIDATE_NEGOTIATE_INFO 0x00140204 +#define FSCTL_QUERY_NETWORK_INTERFACE_INFO 0x001401FC +#define FSCTL_COPYCHUNK 0x001440F2 +#define FSCTL_COPYCHUNK_WRITE 0x001480F2 + +#define IO_REPARSE_TAG_MOUNT_POINT 0xA0000003 +#define IO_REPARSE_TAG_HSM 0xC0000004 +#define IO_REPARSE_TAG_SIS 0x80000007 + +/* WSL reparse tags */ +#define IO_REPARSE_TAG_LX_SYMLINK_LE cpu_to_le32(0xA000001D) +#define IO_REPARSE_TAG_AF_UNIX_LE cpu_to_le32(0x80000023) +#define IO_REPARSE_TAG_LX_FIFO_LE cpu_to_le32(0x80000024) +#define IO_REPARSE_TAG_LX_CHR_LE cpu_to_le32(0x80000025) +#define IO_REPARSE_TAG_LX_BLK_LE cpu_to_le32(0x80000026) +#endif /* __KSMBD_SMBFSCTL_H */ diff --git a/fs/cifsd/smbstatus.h b/fs/cifsd/smbstatus.h new file mode 100644 index 000000000000..108a8b6ed24a --- /dev/null +++ b/fs/cifsd/smbstatus.h @@ -0,0 +1,1822 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ +/* + * fs/cifs/smb2status.h + * + * SMB2 Status code (network error) definitions + * Definitions are from MS-ERREF + * + * Copyright (c) International Business Machines Corp., 2009,2011 + * Author(s): Steve French (sfrench@us.ibm.com) + */ + +/* + * 0 1 2 3 4 5 6 7 8 9 0 A B C D E F 0 1 2 3 4 5 6 7 8 9 A B C D E F + * SEV C N <-------Facility--------> <------Error Status Code------> + * + * C is set if "customer defined" error, N bit is reserved and MBZ + */ + +#define STATUS_SEVERITY_SUCCESS cpu_to_le32(0x0000) +#define STATUS_SEVERITY_INFORMATIONAL cpu_to_le32(0x0001) +#define STATUS_SEVERITY_WARNING cpu_to_le32(0x0002) +#define STATUS_SEVERITY_ERROR cpu_to_le32(0x0003) + +struct ntstatus { + /* Facility is the high 12 bits of the following field */ + __le32 Facility; /* low 2 bits Severity, next is Customer, then rsrvd */ + __le32 Code; +}; + +#define STATUS_SUCCESS 0x00000000 +#define STATUS_WAIT_0 cpu_to_le32(0x00000000) +#define STATUS_WAIT_1 cpu_to_le32(0x00000001) +#define STATUS_WAIT_2 cpu_to_le32(0x00000002) +#define STATUS_WAIT_3 cpu_to_le32(0x00000003) +#define STATUS_WAIT_63 cpu_to_le32(0x0000003F) +#define STATUS_ABANDONED cpu_to_le32(0x00000080) +#define STATUS_ABANDONED_WAIT_0 cpu_to_le32(0x00000080) +#define STATUS_ABANDONED_WAIT_63 cpu_to_le32(0x000000BF) +#define STATUS_USER_APC cpu_to_le32(0x000000C0) +#define STATUS_KERNEL_APC cpu_to_le32(0x00000100) +#define STATUS_ALERTED cpu_to_le32(0x00000101) +#define STATUS_TIMEOUT cpu_to_le32(0x00000102) +#define STATUS_PENDING cpu_to_le32(0x00000103) +#define STATUS_REPARSE cpu_to_le32(0x00000104) +#define STATUS_MORE_ENTRIES cpu_to_le32(0x00000105) +#define STATUS_NOT_ALL_ASSIGNED cpu_to_le32(0x00000106) +#define STATUS_SOME_NOT_MAPPED cpu_to_le32(0x00000107) +#define STATUS_OPLOCK_BREAK_IN_PROGRESS cpu_to_le32(0x00000108) +#define STATUS_VOLUME_MOUNTED cpu_to_le32(0x00000109) +#define STATUS_RXACT_COMMITTED cpu_to_le32(0x0000010A) +#define STATUS_NOTIFY_CLEANUP cpu_to_le32(0x0000010B) +#define STATUS_NOTIFY_ENUM_DIR cpu_to_le32(0x0000010C) +#define STATUS_NO_QUOTAS_FOR_ACCOUNT cpu_to_le32(0x0000010D) +#define STATUS_PRIMARY_TRANSPORT_CONNECT_FAILED cpu_to_le32(0x0000010E) +#define STATUS_PAGE_FAULT_TRANSITION cpu_to_le32(0x00000110) +#define STATUS_PAGE_FAULT_DEMAND_ZERO cpu_to_le32(0x00000111) +#define STATUS_PAGE_FAULT_COPY_ON_WRITE cpu_to_le32(0x00000112) +#define STATUS_PAGE_FAULT_GUARD_PAGE cpu_to_le32(0x00000113) +#define STATUS_PAGE_FAULT_PAGING_FILE cpu_to_le32(0x00000114) +#define STATUS_CACHE_PAGE_LOCKED cpu_to_le32(0x00000115) +#define STATUS_CRASH_DUMP cpu_to_le32(0x00000116) +#define STATUS_BUFFER_ALL_ZEROS cpu_to_le32(0x00000117) +#define STATUS_REPARSE_OBJECT cpu_to_le32(0x00000118) +#define STATUS_RESOURCE_REQUIREMENTS_CHANGED cpu_to_le32(0x00000119) +#define STATUS_TRANSLATION_COMPLETE cpu_to_le32(0x00000120) +#define STATUS_DS_MEMBERSHIP_EVALUATED_LOCALLY cpu_to_le32(0x00000121) +#define STATUS_NOTHING_TO_TERMINATE cpu_to_le32(0x00000122) +#define STATUS_PROCESS_NOT_IN_JOB cpu_to_le32(0x00000123) +#define STATUS_PROCESS_IN_JOB cpu_to_le32(0x00000124) +#define STATUS_VOLSNAP_HIBERNATE_READY cpu_to_le32(0x00000125) +#define STATUS_FSFILTER_OP_COMPLETED_SUCCESSFULLY cpu_to_le32(0x00000126) +#define STATUS_INTERRUPT_VECTOR_ALREADY_CONNECTED cpu_to_le32(0x00000127) +#define STATUS_INTERRUPT_STILL_CONNECTED cpu_to_le32(0x00000128) +#define STATUS_PROCESS_CLONED cpu_to_le32(0x00000129) +#define STATUS_FILE_LOCKED_WITH_ONLY_READERS cpu_to_le32(0x0000012A) +#define STATUS_FILE_LOCKED_WITH_WRITERS cpu_to_le32(0x0000012B) +#define STATUS_RESOURCEMANAGER_READ_ONLY cpu_to_le32(0x00000202) +#define STATUS_WAIT_FOR_OPLOCK cpu_to_le32(0x00000367) +#define DBG_EXCEPTION_HANDLED cpu_to_le32(0x00010001) +#define DBG_CONTINUE cpu_to_le32(0x00010002) +#define STATUS_FLT_IO_COMPLETE cpu_to_le32(0x001C0001) +#define STATUS_OBJECT_NAME_EXISTS cpu_to_le32(0x40000000) +#define STATUS_THREAD_WAS_SUSPENDED cpu_to_le32(0x40000001) +#define STATUS_WORKING_SET_LIMIT_RANGE cpu_to_le32(0x40000002) +#define STATUS_IMAGE_NOT_AT_BASE cpu_to_le32(0x40000003) +#define STATUS_RXACT_STATE_CREATED cpu_to_le32(0x40000004) +#define STATUS_SEGMENT_NOTIFICATION cpu_to_le32(0x40000005) +#define STATUS_LOCAL_USER_SESSION_KEY cpu_to_le32(0x40000006) +#define STATUS_BAD_CURRENT_DIRECTORY cpu_to_le32(0x40000007) +#define STATUS_SERIAL_MORE_WRITES cpu_to_le32(0x40000008) +#define STATUS_REGISTRY_RECOVERED cpu_to_le32(0x40000009) +#define STATUS_FT_READ_RECOVERY_FROM_BACKUP cpu_to_le32(0x4000000A) +#define STATUS_FT_WRITE_RECOVERY cpu_to_le32(0x4000000B) +#define STATUS_SERIAL_COUNTER_TIMEOUT cpu_to_le32(0x4000000C) +#define STATUS_NULL_LM_PASSWORD cpu_to_le32(0x4000000D) +#define STATUS_IMAGE_MACHINE_TYPE_MISMATCH cpu_to_le32(0x4000000E) +#define STATUS_RECEIVE_PARTIAL cpu_to_le32(0x4000000F) +#define STATUS_RECEIVE_EXPEDITED cpu_to_le32(0x40000010) +#define STATUS_RECEIVE_PARTIAL_EXPEDITED cpu_to_le32(0x40000011) +#define STATUS_EVENT_DONE cpu_to_le32(0x40000012) +#define STATUS_EVENT_PENDING cpu_to_le32(0x40000013) +#define STATUS_CHECKING_FILE_SYSTEM cpu_to_le32(0x40000014) +#define STATUS_FATAL_APP_EXIT cpu_to_le32(0x40000015) +#define STATUS_PREDEFINED_HANDLE cpu_to_le32(0x40000016) +#define STATUS_WAS_UNLOCKED cpu_to_le32(0x40000017) +#define STATUS_SERVICE_NOTIFICATION cpu_to_le32(0x40000018) +#define STATUS_WAS_LOCKED cpu_to_le32(0x40000019) +#define STATUS_LOG_HARD_ERROR cpu_to_le32(0x4000001A) +#define STATUS_ALREADY_WIN32 cpu_to_le32(0x4000001B) +#define STATUS_WX86_UNSIMULATE cpu_to_le32(0x4000001C) +#define STATUS_WX86_CONTINUE cpu_to_le32(0x4000001D) +#define STATUS_WX86_SINGLE_STEP cpu_to_le32(0x4000001E) +#define STATUS_WX86_BREAKPOINT cpu_to_le32(0x4000001F) +#define STATUS_WX86_EXCEPTION_CONTINUE cpu_to_le32(0x40000020) +#define STATUS_WX86_EXCEPTION_LASTCHANCE cpu_to_le32(0x40000021) +#define STATUS_WX86_EXCEPTION_CHAIN cpu_to_le32(0x40000022) +#define STATUS_IMAGE_MACHINE_TYPE_MISMATCH_EXE cpu_to_le32(0x40000023) +#define STATUS_NO_YIELD_PERFORMED cpu_to_le32(0x40000024) +#define STATUS_TIMER_RESUME_IGNORED cpu_to_le32(0x40000025) +#define STATUS_ARBITRATION_UNHANDLED cpu_to_le32(0x40000026) +#define STATUS_CARDBUS_NOT_SUPPORTED cpu_to_le32(0x40000027) +#define STATUS_WX86_CREATEWX86TIB cpu_to_le32(0x40000028) +#define STATUS_MP_PROCESSOR_MISMATCH cpu_to_le32(0x40000029) +#define STATUS_HIBERNATED cpu_to_le32(0x4000002A) +#define STATUS_RESUME_HIBERNATION cpu_to_le32(0x4000002B) +#define STATUS_FIRMWARE_UPDATED cpu_to_le32(0x4000002C) +#define STATUS_DRIVERS_LEAKING_LOCKED_PAGES cpu_to_le32(0x4000002D) +#define STATUS_MESSAGE_RETRIEVED cpu_to_le32(0x4000002E) +#define STATUS_SYSTEM_POWERSTATE_TRANSITION cpu_to_le32(0x4000002F) +#define STATUS_ALPC_CHECK_COMPLETION_LIST cpu_to_le32(0x40000030) +#define STATUS_SYSTEM_POWERSTATE_COMPLEX_TRANSITION cpu_to_le32(0x40000031) +#define STATUS_ACCESS_AUDIT_BY_POLICY cpu_to_le32(0x40000032) +#define STATUS_ABANDON_HIBERFILE cpu_to_le32(0x40000033) +#define STATUS_BIZRULES_NOT_ENABLED cpu_to_le32(0x40000034) +#define STATUS_WAKE_SYSTEM cpu_to_le32(0x40000294) +#define STATUS_DS_SHUTTING_DOWN cpu_to_le32(0x40000370) +#define DBG_REPLY_LATER cpu_to_le32(0x40010001) +#define DBG_UNABLE_TO_PROVIDE_HANDLE cpu_to_le32(0x40010002) +#define DBG_TERMINATE_THREAD cpu_to_le32(0x40010003) +#define DBG_TERMINATE_PROCESS cpu_to_le32(0x40010004) +#define DBG_CONTROL_C cpu_to_le32(0x40010005) +#define DBG_PRINTEXCEPTION_C cpu_to_le32(0x40010006) +#define DBG_RIPEXCEPTION cpu_to_le32(0x40010007) +#define DBG_CONTROL_BREAK cpu_to_le32(0x40010008) +#define DBG_COMMAND_EXCEPTION cpu_to_le32(0x40010009) +#define RPC_NT_UUID_LOCAL_ONLY cpu_to_le32(0x40020056) +#define RPC_NT_SEND_INCOMPLETE cpu_to_le32(0x400200AF) +#define STATUS_CTX_CDM_CONNECT cpu_to_le32(0x400A0004) +#define STATUS_CTX_CDM_DISCONNECT cpu_to_le32(0x400A0005) +#define STATUS_SXS_RELEASE_ACTIVATION_CONTEXT cpu_to_le32(0x4015000D) +#define STATUS_RECOVERY_NOT_NEEDED cpu_to_le32(0x40190034) +#define STATUS_RM_ALREADY_STARTED cpu_to_le32(0x40190035) +#define STATUS_LOG_NO_RESTART cpu_to_le32(0x401A000C) +#define STATUS_VIDEO_DRIVER_DEBUG_REPORT_REQUEST cpu_to_le32(0x401B00EC) +#define STATUS_GRAPHICS_PARTIAL_DATA_POPULATED cpu_to_le32(0x401E000A) +#define STATUS_GRAPHICS_DRIVER_MISMATCH cpu_to_le32(0x401E0117) +#define STATUS_GRAPHICS_MODE_NOT_PINNED cpu_to_le32(0x401E0307) +#define STATUS_GRAPHICS_NO_PREFERRED_MODE cpu_to_le32(0x401E031E) +#define STATUS_GRAPHICS_DATASET_IS_EMPTY cpu_to_le32(0x401E034B) +#define STATUS_GRAPHICS_NO_MORE_ELEMENTS_IN_DATASET cpu_to_le32(0x401E034C) +#define STATUS_GRAPHICS_PATH_CONTENT_GEOMETRY_TRANSFORMATION_NOT_PINNED \ + cpu_to_le32(0x401E0351) +#define STATUS_GRAPHICS_UNKNOWN_CHILD_STATUS cpu_to_le32(0x401E042F) +#define STATUS_GRAPHICS_LEADLINK_START_DEFERRED cpu_to_le32(0x401E0437) +#define STATUS_GRAPHICS_POLLING_TOO_FREQUENTLY cpu_to_le32(0x401E0439) +#define STATUS_GRAPHICS_START_DEFERRED cpu_to_le32(0x401E043A) +#define STATUS_NDIS_INDICATION_REQUIRED cpu_to_le32(0x40230001) +#define STATUS_GUARD_PAGE_VIOLATION cpu_to_le32(0x80000001) +#define STATUS_DATATYPE_MISALIGNMENT cpu_to_le32(0x80000002) +#define STATUS_BREAKPOINT cpu_to_le32(0x80000003) +#define STATUS_SINGLE_STEP cpu_to_le32(0x80000004) +#define STATUS_BUFFER_OVERFLOW cpu_to_le32(0x80000005) +#define STATUS_NO_MORE_FILES cpu_to_le32(0x80000006) +#define STATUS_WAKE_SYSTEM_DEBUGGER cpu_to_le32(0x80000007) +#define STATUS_HANDLES_CLOSED cpu_to_le32(0x8000000A) +#define STATUS_NO_INHERITANCE cpu_to_le32(0x8000000B) +#define STATUS_GUID_SUBSTITUTION_MADE cpu_to_le32(0x8000000C) +#define STATUS_PARTIAL_COPY cpu_to_le32(0x8000000D) +#define STATUS_DEVICE_PAPER_EMPTY cpu_to_le32(0x8000000E) +#define STATUS_DEVICE_POWERED_OFF cpu_to_le32(0x8000000F) +#define STATUS_DEVICE_OFF_LINE cpu_to_le32(0x80000010) +#define STATUS_DEVICE_BUSY cpu_to_le32(0x80000011) +#define STATUS_NO_MORE_EAS cpu_to_le32(0x80000012) +#define STATUS_INVALID_EA_NAME cpu_to_le32(0x80000013) +#define STATUS_EA_LIST_INCONSISTENT cpu_to_le32(0x80000014) +#define STATUS_INVALID_EA_FLAG cpu_to_le32(0x80000015) +#define STATUS_VERIFY_REQUIRED cpu_to_le32(0x80000016) +#define STATUS_EXTRANEOUS_INFORMATION cpu_to_le32(0x80000017) +#define STATUS_RXACT_COMMIT_NECESSARY cpu_to_le32(0x80000018) +#define STATUS_NO_MORE_ENTRIES cpu_to_le32(0x8000001A) +#define STATUS_FILEMARK_DETECTED cpu_to_le32(0x8000001B) +#define STATUS_MEDIA_CHANGED cpu_to_le32(0x8000001C) +#define STATUS_BUS_RESET cpu_to_le32(0x8000001D) +#define STATUS_END_OF_MEDIA cpu_to_le32(0x8000001E) +#define STATUS_BEGINNING_OF_MEDIA cpu_to_le32(0x8000001F) +#define STATUS_MEDIA_CHECK cpu_to_le32(0x80000020) +#define STATUS_SETMARK_DETECTED cpu_to_le32(0x80000021) +#define STATUS_NO_DATA_DETECTED cpu_to_le32(0x80000022) +#define STATUS_REDIRECTOR_HAS_OPEN_HANDLES cpu_to_le32(0x80000023) +#define STATUS_SERVER_HAS_OPEN_HANDLES cpu_to_le32(0x80000024) +#define STATUS_ALREADY_DISCONNECTED cpu_to_le32(0x80000025) +#define STATUS_LONGJUMP cpu_to_le32(0x80000026) +#define STATUS_CLEANER_CARTRIDGE_INSTALLED cpu_to_le32(0x80000027) +#define STATUS_PLUGPLAY_QUERY_VETOED cpu_to_le32(0x80000028) +#define STATUS_UNWIND_CONSOLIDATE cpu_to_le32(0x80000029) +#define STATUS_REGISTRY_HIVE_RECOVERED cpu_to_le32(0x8000002A) +#define STATUS_DLL_MIGHT_BE_INSECURE cpu_to_le32(0x8000002B) +#define STATUS_DLL_MIGHT_BE_INCOMPATIBLE cpu_to_le32(0x8000002C) +#define STATUS_STOPPED_ON_SYMLINK cpu_to_le32(0x8000002D) +#define STATUS_DEVICE_REQUIRES_CLEANING cpu_to_le32(0x80000288) +#define STATUS_DEVICE_DOOR_OPEN cpu_to_le32(0x80000289) +#define STATUS_DATA_LOST_REPAIR cpu_to_le32(0x80000803) +#define DBG_EXCEPTION_NOT_HANDLED cpu_to_le32(0x80010001) +#define STATUS_CLUSTER_NODE_ALREADY_UP cpu_to_le32(0x80130001) +#define STATUS_CLUSTER_NODE_ALREADY_DOWN cpu_to_le32(0x80130002) +#define STATUS_CLUSTER_NETWORK_ALREADY_ONLINE cpu_to_le32(0x80130003) +#define STATUS_CLUSTER_NETWORK_ALREADY_OFFLINE cpu_to_le32(0x80130004) +#define STATUS_CLUSTER_NODE_ALREADY_MEMBER cpu_to_le32(0x80130005) +#define STATUS_COULD_NOT_RESIZE_LOG cpu_to_le32(0x80190009) +#define STATUS_NO_TXF_METADATA cpu_to_le32(0x80190029) +#define STATUS_CANT_RECOVER_WITH_HANDLE_OPEN cpu_to_le32(0x80190031) +#define STATUS_TXF_METADATA_ALREADY_PRESENT cpu_to_le32(0x80190041) +#define STATUS_TRANSACTION_SCOPE_CALLBACKS_NOT_SET cpu_to_le32(0x80190042) +#define STATUS_VIDEO_HUNG_DISPLAY_DRIVER_THREAD_RECOVERED \ + cpu_to_le32(0x801B00EB) +#define STATUS_FLT_BUFFER_TOO_SMALL cpu_to_le32(0x801C0001) +#define STATUS_FVE_PARTIAL_METADATA cpu_to_le32(0x80210001) +#define STATUS_UNSUCCESSFUL cpu_to_le32(0xC0000001) +#define STATUS_NOT_IMPLEMENTED cpu_to_le32(0xC0000002) +#define STATUS_INVALID_INFO_CLASS cpu_to_le32(0xC0000003) +#define STATUS_INFO_LENGTH_MISMATCH cpu_to_le32(0xC0000004) +#define STATUS_ACCESS_VIOLATION cpu_to_le32(0xC0000005) +#define STATUS_IN_PAGE_ERROR cpu_to_le32(0xC0000006) +#define STATUS_PAGEFILE_QUOTA cpu_to_le32(0xC0000007) +#define STATUS_INVALID_HANDLE cpu_to_le32(0xC0000008) +#define STATUS_BAD_INITIAL_STACK cpu_to_le32(0xC0000009) +#define STATUS_BAD_INITIAL_PC cpu_to_le32(0xC000000A) +#define STATUS_INVALID_CID cpu_to_le32(0xC000000B) +#define STATUS_TIMER_NOT_CANCELED cpu_to_le32(0xC000000C) +#define STATUS_INVALID_PARAMETER cpu_to_le32(0xC000000D) +#define STATUS_NO_SUCH_DEVICE cpu_to_le32(0xC000000E) +#define STATUS_NO_SUCH_FILE cpu_to_le32(0xC000000F) +#define STATUS_INVALID_DEVICE_REQUEST cpu_to_le32(0xC0000010) +#define STATUS_END_OF_FILE cpu_to_le32(0xC0000011) +#define STATUS_WRONG_VOLUME cpu_to_le32(0xC0000012) +#define STATUS_NO_MEDIA_IN_DEVICE cpu_to_le32(0xC0000013) +#define STATUS_UNRECOGNIZED_MEDIA cpu_to_le32(0xC0000014) +#define STATUS_NONEXISTENT_SECTOR cpu_to_le32(0xC0000015) +#define STATUS_MORE_PROCESSING_REQUIRED cpu_to_le32(0xC0000016) +#define STATUS_NO_MEMORY cpu_to_le32(0xC0000017) +#define STATUS_CONFLICTING_ADDRESSES cpu_to_le32(0xC0000018) +#define STATUS_NOT_MAPPED_VIEW cpu_to_le32(0xC0000019) +#define STATUS_UNABLE_TO_FREE_VM cpu_to_le32(0xC000001A) +#define STATUS_UNABLE_TO_DELETE_SECTION cpu_to_le32(0xC000001B) +#define STATUS_INVALID_SYSTEM_SERVICE cpu_to_le32(0xC000001C) +#define STATUS_ILLEGAL_INSTRUCTION cpu_to_le32(0xC000001D) +#define STATUS_INVALID_LOCK_SEQUENCE cpu_to_le32(0xC000001E) +#define STATUS_INVALID_VIEW_SIZE cpu_to_le32(0xC000001F) +#define STATUS_INVALID_FILE_FOR_SECTION cpu_to_le32(0xC0000020) +#define STATUS_ALREADY_COMMITTED cpu_to_le32(0xC0000021) +#define STATUS_ACCESS_DENIED cpu_to_le32(0xC0000022) +#define STATUS_BUFFER_TOO_SMALL cpu_to_le32(0xC0000023) +#define STATUS_OBJECT_TYPE_MISMATCH cpu_to_le32(0xC0000024) +#define STATUS_NONCONTINUABLE_EXCEPTION cpu_to_le32(0xC0000025) +#define STATUS_INVALID_DISPOSITION cpu_to_le32(0xC0000026) +#define STATUS_UNWIND cpu_to_le32(0xC0000027) +#define STATUS_BAD_STACK cpu_to_le32(0xC0000028) +#define STATUS_INVALID_UNWIND_TARGET cpu_to_le32(0xC0000029) +#define STATUS_NOT_LOCKED cpu_to_le32(0xC000002A) +#define STATUS_PARITY_ERROR cpu_to_le32(0xC000002B) +#define STATUS_UNABLE_TO_DECOMMIT_VM cpu_to_le32(0xC000002C) +#define STATUS_NOT_COMMITTED cpu_to_le32(0xC000002D) +#define STATUS_INVALID_PORT_ATTRIBUTES cpu_to_le32(0xC000002E) +#define STATUS_PORT_MESSAGE_TOO_LONG cpu_to_le32(0xC000002F) +#define STATUS_INVALID_PARAMETER_MIX cpu_to_le32(0xC0000030) +#define STATUS_INVALID_QUOTA_LOWER cpu_to_le32(0xC0000031) +#define STATUS_DISK_CORRUPT_ERROR cpu_to_le32(0xC0000032) +#define STATUS_OBJECT_NAME_INVALID cpu_to_le32(0xC0000033) +#define STATUS_OBJECT_NAME_NOT_FOUND cpu_to_le32(0xC0000034) +#define STATUS_OBJECT_NAME_COLLISION cpu_to_le32(0xC0000035) +#define STATUS_PORT_DISCONNECTED cpu_to_le32(0xC0000037) +#define STATUS_DEVICE_ALREADY_ATTACHED cpu_to_le32(0xC0000038) +#define STATUS_OBJECT_PATH_INVALID cpu_to_le32(0xC0000039) +#define STATUS_OBJECT_PATH_NOT_FOUND cpu_to_le32(0xC000003A) +#define STATUS_OBJECT_PATH_SYNTAX_BAD cpu_to_le32(0xC000003B) +#define STATUS_DATA_OVERRUN cpu_to_le32(0xC000003C) +#define STATUS_DATA_LATE_ERROR cpu_to_le32(0xC000003D) +#define STATUS_DATA_ERROR cpu_to_le32(0xC000003E) +#define STATUS_CRC_ERROR cpu_to_le32(0xC000003F) +#define STATUS_SECTION_TOO_BIG cpu_to_le32(0xC0000040) +#define STATUS_PORT_CONNECTION_REFUSED cpu_to_le32(0xC0000041) +#define STATUS_INVALID_PORT_HANDLE cpu_to_le32(0xC0000042) +#define STATUS_SHARING_VIOLATION cpu_to_le32(0xC0000043) +#define STATUS_QUOTA_EXCEEDED cpu_to_le32(0xC0000044) +#define STATUS_INVALID_PAGE_PROTECTION cpu_to_le32(0xC0000045) +#define STATUS_MUTANT_NOT_OWNED cpu_to_le32(0xC0000046) +#define STATUS_SEMAPHORE_LIMIT_EXCEEDED cpu_to_le32(0xC0000047) +#define STATUS_PORT_ALREADY_SET cpu_to_le32(0xC0000048) +#define STATUS_SECTION_NOT_IMAGE cpu_to_le32(0xC0000049) +#define STATUS_SUSPEND_COUNT_EXCEEDED cpu_to_le32(0xC000004A) +#define STATUS_THREAD_IS_TERMINATING cpu_to_le32(0xC000004B) +#define STATUS_BAD_WORKING_SET_LIMIT cpu_to_le32(0xC000004C) +#define STATUS_INCOMPATIBLE_FILE_MAP cpu_to_le32(0xC000004D) +#define STATUS_SECTION_PROTECTION cpu_to_le32(0xC000004E) +#define STATUS_EAS_NOT_SUPPORTED cpu_to_le32(0xC000004F) +#define STATUS_EA_TOO_LARGE cpu_to_le32(0xC0000050) +#define STATUS_NONEXISTENT_EA_ENTRY cpu_to_le32(0xC0000051) +#define STATUS_NO_EAS_ON_FILE cpu_to_le32(0xC0000052) +#define STATUS_EA_CORRUPT_ERROR cpu_to_le32(0xC0000053) +#define STATUS_FILE_LOCK_CONFLICT cpu_to_le32(0xC0000054) +#define STATUS_LOCK_NOT_GRANTED cpu_to_le32(0xC0000055) +#define STATUS_DELETE_PENDING cpu_to_le32(0xC0000056) +#define STATUS_CTL_FILE_NOT_SUPPORTED cpu_to_le32(0xC0000057) +#define STATUS_UNKNOWN_REVISION cpu_to_le32(0xC0000058) +#define STATUS_REVISION_MISMATCH cpu_to_le32(0xC0000059) +#define STATUS_INVALID_OWNER cpu_to_le32(0xC000005A) +#define STATUS_INVALID_PRIMARY_GROUP cpu_to_le32(0xC000005B) +#define STATUS_NO_IMPERSONATION_TOKEN cpu_to_le32(0xC000005C) +#define STATUS_CANT_DISABLE_MANDATORY cpu_to_le32(0xC000005D) +#define STATUS_NO_LOGON_SERVERS cpu_to_le32(0xC000005E) +#define STATUS_NO_SUCH_LOGON_SESSION cpu_to_le32(0xC000005F) +#define STATUS_NO_SUCH_PRIVILEGE cpu_to_le32(0xC0000060) +#define STATUS_PRIVILEGE_NOT_HELD cpu_to_le32(0xC0000061) +#define STATUS_INVALID_ACCOUNT_NAME cpu_to_le32(0xC0000062) +#define STATUS_USER_EXISTS cpu_to_le32(0xC0000063) +#define STATUS_NO_SUCH_USER cpu_to_le32(0xC0000064) +#define STATUS_GROUP_EXISTS cpu_to_le32(0xC0000065) +#define STATUS_NO_SUCH_GROUP cpu_to_le32(0xC0000066) +#define STATUS_MEMBER_IN_GROUP cpu_to_le32(0xC0000067) +#define STATUS_MEMBER_NOT_IN_GROUP cpu_to_le32(0xC0000068) +#define STATUS_LAST_ADMIN cpu_to_le32(0xC0000069) +#define STATUS_WRONG_PASSWORD cpu_to_le32(0xC000006A) +#define STATUS_ILL_FORMED_PASSWORD cpu_to_le32(0xC000006B) +#define STATUS_PASSWORD_RESTRICTION cpu_to_le32(0xC000006C) +#define STATUS_LOGON_FAILURE cpu_to_le32(0xC000006D) +#define STATUS_ACCOUNT_RESTRICTION cpu_to_le32(0xC000006E) +#define STATUS_INVALID_LOGON_HOURS cpu_to_le32(0xC000006F) +#define STATUS_INVALID_WORKSTATION cpu_to_le32(0xC0000070) +#define STATUS_PASSWORD_EXPIRED cpu_to_le32(0xC0000071) +#define STATUS_ACCOUNT_DISABLED cpu_to_le32(0xC0000072) +#define STATUS_NONE_MAPPED cpu_to_le32(0xC0000073) +#define STATUS_TOO_MANY_LUIDS_REQUESTED cpu_to_le32(0xC0000074) +#define STATUS_LUIDS_EXHAUSTED cpu_to_le32(0xC0000075) +#define STATUS_INVALID_SUB_AUTHORITY cpu_to_le32(0xC0000076) +#define STATUS_INVALID_ACL cpu_to_le32(0xC0000077) +#define STATUS_INVALID_SID cpu_to_le32(0xC0000078) +#define STATUS_INVALID_SECURITY_DESCR cpu_to_le32(0xC0000079) +#define STATUS_PROCEDURE_NOT_FOUND cpu_to_le32(0xC000007A) +#define STATUS_INVALID_IMAGE_FORMAT cpu_to_le32(0xC000007B) +#define STATUS_NO_TOKEN cpu_to_le32(0xC000007C) +#define STATUS_BAD_INHERITANCE_ACL cpu_to_le32(0xC000007D) +#define STATUS_RANGE_NOT_LOCKED cpu_to_le32(0xC000007E) +#define STATUS_DISK_FULL cpu_to_le32(0xC000007F) +#define STATUS_SERVER_DISABLED cpu_to_le32(0xC0000080) +#define STATUS_SERVER_NOT_DISABLED cpu_to_le32(0xC0000081) +#define STATUS_TOO_MANY_GUIDS_REQUESTED cpu_to_le32(0xC0000082) +#define STATUS_GUIDS_EXHAUSTED cpu_to_le32(0xC0000083) +#define STATUS_INVALID_ID_AUTHORITY cpu_to_le32(0xC0000084) +#define STATUS_AGENTS_EXHAUSTED cpu_to_le32(0xC0000085) +#define STATUS_INVALID_VOLUME_LABEL cpu_to_le32(0xC0000086) +#define STATUS_SECTION_NOT_EXTENDED cpu_to_le32(0xC0000087) +#define STATUS_NOT_MAPPED_DATA cpu_to_le32(0xC0000088) +#define STATUS_RESOURCE_DATA_NOT_FOUND cpu_to_le32(0xC0000089) +#define STATUS_RESOURCE_TYPE_NOT_FOUND cpu_to_le32(0xC000008A) +#define STATUS_RESOURCE_NAME_NOT_FOUND cpu_to_le32(0xC000008B) +#define STATUS_ARRAY_BOUNDS_EXCEEDED cpu_to_le32(0xC000008C) +#define STATUS_FLOAT_DENORMAL_OPERAND cpu_to_le32(0xC000008D) +#define STATUS_FLOAT_DIVIDE_BY_ZERO cpu_to_le32(0xC000008E) +#define STATUS_FLOAT_INEXACT_RESULT cpu_to_le32(0xC000008F) +#define STATUS_FLOAT_INVALID_OPERATION cpu_to_le32(0xC0000090) +#define STATUS_FLOAT_OVERFLOW cpu_to_le32(0xC0000091) +#define STATUS_FLOAT_STACK_CHECK cpu_to_le32(0xC0000092) +#define STATUS_FLOAT_UNDERFLOW cpu_to_le32(0xC0000093) +#define STATUS_INTEGER_DIVIDE_BY_ZERO cpu_to_le32(0xC0000094) +#define STATUS_INTEGER_OVERFLOW cpu_to_le32(0xC0000095) +#define STATUS_PRIVILEGED_INSTRUCTION cpu_to_le32(0xC0000096) +#define STATUS_TOO_MANY_PAGING_FILES cpu_to_le32(0xC0000097) +#define STATUS_FILE_INVALID cpu_to_le32(0xC0000098) +#define STATUS_ALLOTTED_SPACE_EXCEEDED cpu_to_le32(0xC0000099) +#define STATUS_INSUFFICIENT_RESOURCES cpu_to_le32(0xC000009A) +#define STATUS_DFS_EXIT_PATH_FOUND cpu_to_le32(0xC000009B) +#define STATUS_DEVICE_DATA_ERROR cpu_to_le32(0xC000009C) +#define STATUS_DEVICE_NOT_CONNECTED cpu_to_le32(0xC000009D) +#define STATUS_DEVICE_POWER_FAILURE cpu_to_le32(0xC000009E) +#define STATUS_FREE_VM_NOT_AT_BASE cpu_to_le32(0xC000009F) +#define STATUS_MEMORY_NOT_ALLOCATED cpu_to_le32(0xC00000A0) +#define STATUS_WORKING_SET_QUOTA cpu_to_le32(0xC00000A1) +#define STATUS_MEDIA_WRITE_PROTECTED cpu_to_le32(0xC00000A2) +#define STATUS_DEVICE_NOT_READY cpu_to_le32(0xC00000A3) +#define STATUS_INVALID_GROUP_ATTRIBUTES cpu_to_le32(0xC00000A4) +#define STATUS_BAD_IMPERSONATION_LEVEL cpu_to_le32(0xC00000A5) +#define STATUS_CANT_OPEN_ANONYMOUS cpu_to_le32(0xC00000A6) +#define STATUS_BAD_VALIDATION_CLASS cpu_to_le32(0xC00000A7) +#define STATUS_BAD_TOKEN_TYPE cpu_to_le32(0xC00000A8) +#define STATUS_BAD_MASTER_BOOT_RECORD cpu_to_le32(0xC00000A9) +#define STATUS_INSTRUCTION_MISALIGNMENT cpu_to_le32(0xC00000AA) +#define STATUS_INSTANCE_NOT_AVAILABLE cpu_to_le32(0xC00000AB) +#define STATUS_PIPE_NOT_AVAILABLE cpu_to_le32(0xC00000AC) +#define STATUS_INVALID_PIPE_STATE cpu_to_le32(0xC00000AD) +#define STATUS_PIPE_BUSY cpu_to_le32(0xC00000AE) +#define STATUS_ILLEGAL_FUNCTION cpu_to_le32(0xC00000AF) +#define STATUS_PIPE_DISCONNECTED cpu_to_le32(0xC00000B0) +#define STATUS_PIPE_CLOSING cpu_to_le32(0xC00000B1) +#define STATUS_PIPE_CONNECTED cpu_to_le32(0xC00000B2) +#define STATUS_PIPE_LISTENING cpu_to_le32(0xC00000B3) +#define STATUS_INVALID_READ_MODE cpu_to_le32(0xC00000B4) +#define STATUS_IO_TIMEOUT cpu_to_le32(0xC00000B5) +#define STATUS_FILE_FORCED_CLOSED cpu_to_le32(0xC00000B6) +#define STATUS_PROFILING_NOT_STARTED cpu_to_le32(0xC00000B7) +#define STATUS_PROFILING_NOT_STOPPED cpu_to_le32(0xC00000B8) +#define STATUS_COULD_NOT_INTERPRET cpu_to_le32(0xC00000B9) +#define STATUS_FILE_IS_A_DIRECTORY cpu_to_le32(0xC00000BA) +#define STATUS_NOT_SUPPORTED cpu_to_le32(0xC00000BB) +#define STATUS_REMOTE_NOT_LISTENING cpu_to_le32(0xC00000BC) +#define STATUS_DUPLICATE_NAME cpu_to_le32(0xC00000BD) +#define STATUS_BAD_NETWORK_PATH cpu_to_le32(0xC00000BE) +#define STATUS_NETWORK_BUSY cpu_to_le32(0xC00000BF) +#define STATUS_DEVICE_DOES_NOT_EXIST cpu_to_le32(0xC00000C0) +#define STATUS_TOO_MANY_COMMANDS cpu_to_le32(0xC00000C1) +#define STATUS_ADAPTER_HARDWARE_ERROR cpu_to_le32(0xC00000C2) +#define STATUS_INVALID_NETWORK_RESPONSE cpu_to_le32(0xC00000C3) +#define STATUS_UNEXPECTED_NETWORK_ERROR cpu_to_le32(0xC00000C4) +#define STATUS_BAD_REMOTE_ADAPTER cpu_to_le32(0xC00000C5) +#define STATUS_PRINT_QUEUE_FULL cpu_to_le32(0xC00000C6) +#define STATUS_NO_SPOOL_SPACE cpu_to_le32(0xC00000C7) +#define STATUS_PRINT_CANCELLED cpu_to_le32(0xC00000C8) +#define STATUS_NETWORK_NAME_DELETED cpu_to_le32(0xC00000C9) +#define STATUS_NETWORK_ACCESS_DENIED cpu_to_le32(0xC00000CA) +#define STATUS_BAD_DEVICE_TYPE cpu_to_le32(0xC00000CB) +#define STATUS_BAD_NETWORK_NAME cpu_to_le32(0xC00000CC) +#define STATUS_TOO_MANY_NAMES cpu_to_le32(0xC00000CD) +#define STATUS_TOO_MANY_SESSIONS cpu_to_le32(0xC00000CE) +#define STATUS_SHARING_PAUSED cpu_to_le32(0xC00000CF) +#define STATUS_REQUEST_NOT_ACCEPTED cpu_to_le32(0xC00000D0) +#define STATUS_REDIRECTOR_PAUSED cpu_to_le32(0xC00000D1) +#define STATUS_NET_WRITE_FAULT cpu_to_le32(0xC00000D2) +#define STATUS_PROFILING_AT_LIMIT cpu_to_le32(0xC00000D3) +#define STATUS_NOT_SAME_DEVICE cpu_to_le32(0xC00000D4) +#define STATUS_FILE_RENAMED cpu_to_le32(0xC00000D5) +#define STATUS_VIRTUAL_CIRCUIT_CLOSED cpu_to_le32(0xC00000D6) +#define STATUS_NO_SECURITY_ON_OBJECT cpu_to_le32(0xC00000D7) +#define STATUS_CANT_WAIT cpu_to_le32(0xC00000D8) +#define STATUS_PIPE_EMPTY cpu_to_le32(0xC00000D9) +#define STATUS_CANT_ACCESS_DOMAIN_INFO cpu_to_le32(0xC00000DA) +#define STATUS_CANT_TERMINATE_SELF cpu_to_le32(0xC00000DB) +#define STATUS_INVALID_SERVER_STATE cpu_to_le32(0xC00000DC) +#define STATUS_INVALID_DOMAIN_STATE cpu_to_le32(0xC00000DD) +#define STATUS_INVALID_DOMAIN_ROLE cpu_to_le32(0xC00000DE) +#define STATUS_NO_SUCH_DOMAIN cpu_to_le32(0xC00000DF) +#define STATUS_DOMAIN_EXISTS cpu_to_le32(0xC00000E0) +#define STATUS_DOMAIN_LIMIT_EXCEEDED cpu_to_le32(0xC00000E1) +#define STATUS_OPLOCK_NOT_GRANTED cpu_to_le32(0xC00000E2) +#define STATUS_INVALID_OPLOCK_PROTOCOL cpu_to_le32(0xC00000E3) +#define STATUS_INTERNAL_DB_CORRUPTION cpu_to_le32(0xC00000E4) +#define STATUS_INTERNAL_ERROR cpu_to_le32(0xC00000E5) +#define STATUS_GENERIC_NOT_MAPPED cpu_to_le32(0xC00000E6) +#define STATUS_BAD_DESCRIPTOR_FORMAT cpu_to_le32(0xC00000E7) +#define STATUS_INVALID_USER_BUFFER cpu_to_le32(0xC00000E8) +#define STATUS_UNEXPECTED_IO_ERROR cpu_to_le32(0xC00000E9) +#define STATUS_UNEXPECTED_MM_CREATE_ERR cpu_to_le32(0xC00000EA) +#define STATUS_UNEXPECTED_MM_MAP_ERROR cpu_to_le32(0xC00000EB) +#define STATUS_UNEXPECTED_MM_EXTEND_ERR cpu_to_le32(0xC00000EC) +#define STATUS_NOT_LOGON_PROCESS cpu_to_le32(0xC00000ED) +#define STATUS_LOGON_SESSION_EXISTS cpu_to_le32(0xC00000EE) +#define STATUS_INVALID_PARAMETER_1 cpu_to_le32(0xC00000EF) +#define STATUS_INVALID_PARAMETER_2 cpu_to_le32(0xC00000F0) +#define STATUS_INVALID_PARAMETER_3 cpu_to_le32(0xC00000F1) +#define STATUS_INVALID_PARAMETER_4 cpu_to_le32(0xC00000F2) +#define STATUS_INVALID_PARAMETER_5 cpu_to_le32(0xC00000F3) +#define STATUS_INVALID_PARAMETER_6 cpu_to_le32(0xC00000F4) +#define STATUS_INVALID_PARAMETER_7 cpu_to_le32(0xC00000F5) +#define STATUS_INVALID_PARAMETER_8 cpu_to_le32(0xC00000F6) +#define STATUS_INVALID_PARAMETER_9 cpu_to_le32(0xC00000F7) +#define STATUS_INVALID_PARAMETER_10 cpu_to_le32(0xC00000F8) +#define STATUS_INVALID_PARAMETER_11 cpu_to_le32(0xC00000F9) +#define STATUS_INVALID_PARAMETER_12 cpu_to_le32(0xC00000FA) +#define STATUS_REDIRECTOR_NOT_STARTED cpu_to_le32(0xC00000FB) +#define STATUS_REDIRECTOR_STARTED cpu_to_le32(0xC00000FC) +#define STATUS_STACK_OVERFLOW cpu_to_le32(0xC00000FD) +#define STATUS_NO_SUCH_PACKAGE cpu_to_le32(0xC00000FE) +#define STATUS_BAD_FUNCTION_TABLE cpu_to_le32(0xC00000FF) +#define STATUS_VARIABLE_NOT_FOUND cpu_to_le32(0xC0000100) +#define STATUS_DIRECTORY_NOT_EMPTY cpu_to_le32(0xC0000101) +#define STATUS_FILE_CORRUPT_ERROR cpu_to_le32(0xC0000102) +#define STATUS_NOT_A_DIRECTORY cpu_to_le32(0xC0000103) +#define STATUS_BAD_LOGON_SESSION_STATE cpu_to_le32(0xC0000104) +#define STATUS_LOGON_SESSION_COLLISION cpu_to_le32(0xC0000105) +#define STATUS_NAME_TOO_LONG cpu_to_le32(0xC0000106) +#define STATUS_FILES_OPEN cpu_to_le32(0xC0000107) +#define STATUS_CONNECTION_IN_USE cpu_to_le32(0xC0000108) +#define STATUS_MESSAGE_NOT_FOUND cpu_to_le32(0xC0000109) +#define STATUS_PROCESS_IS_TERMINATING cpu_to_le32(0xC000010A) +#define STATUS_INVALID_LOGON_TYPE cpu_to_le32(0xC000010B) +#define STATUS_NO_GUID_TRANSLATION cpu_to_le32(0xC000010C) +#define STATUS_CANNOT_IMPERSONATE cpu_to_le32(0xC000010D) +#define STATUS_IMAGE_ALREADY_LOADED cpu_to_le32(0xC000010E) +#define STATUS_ABIOS_NOT_PRESENT cpu_to_le32(0xC000010F) +#define STATUS_ABIOS_LID_NOT_EXIST cpu_to_le32(0xC0000110) +#define STATUS_ABIOS_LID_ALREADY_OWNED cpu_to_le32(0xC0000111) +#define STATUS_ABIOS_NOT_LID_OWNER cpu_to_le32(0xC0000112) +#define STATUS_ABIOS_INVALID_COMMAND cpu_to_le32(0xC0000113) +#define STATUS_ABIOS_INVALID_LID cpu_to_le32(0xC0000114) +#define STATUS_ABIOS_SELECTOR_NOT_AVAILABLE cpu_to_le32(0xC0000115) +#define STATUS_ABIOS_INVALID_SELECTOR cpu_to_le32(0xC0000116) +#define STATUS_NO_LDT cpu_to_le32(0xC0000117) +#define STATUS_INVALID_LDT_SIZE cpu_to_le32(0xC0000118) +#define STATUS_INVALID_LDT_OFFSET cpu_to_le32(0xC0000119) +#define STATUS_INVALID_LDT_DESCRIPTOR cpu_to_le32(0xC000011A) +#define STATUS_INVALID_IMAGE_NE_FORMAT cpu_to_le32(0xC000011B) +#define STATUS_RXACT_INVALID_STATE cpu_to_le32(0xC000011C) +#define STATUS_RXACT_COMMIT_FAILURE cpu_to_le32(0xC000011D) +#define STATUS_MAPPED_FILE_SIZE_ZERO cpu_to_le32(0xC000011E) +#define STATUS_TOO_MANY_OPENED_FILES cpu_to_le32(0xC000011F) +#define STATUS_CANCELLED cpu_to_le32(0xC0000120) +#define STATUS_CANNOT_DELETE cpu_to_le32(0xC0000121) +#define STATUS_INVALID_COMPUTER_NAME cpu_to_le32(0xC0000122) +#define STATUS_FILE_DELETED cpu_to_le32(0xC0000123) +#define STATUS_SPECIAL_ACCOUNT cpu_to_le32(0xC0000124) +#define STATUS_SPECIAL_GROUP cpu_to_le32(0xC0000125) +#define STATUS_SPECIAL_USER cpu_to_le32(0xC0000126) +#define STATUS_MEMBERS_PRIMARY_GROUP cpu_to_le32(0xC0000127) +#define STATUS_FILE_CLOSED cpu_to_le32(0xC0000128) +#define STATUS_TOO_MANY_THREADS cpu_to_le32(0xC0000129) +#define STATUS_THREAD_NOT_IN_PROCESS cpu_to_le32(0xC000012A) +#define STATUS_TOKEN_ALREADY_IN_USE cpu_to_le32(0xC000012B) +#define STATUS_PAGEFILE_QUOTA_EXCEEDED cpu_to_le32(0xC000012C) +#define STATUS_COMMITMENT_LIMIT cpu_to_le32(0xC000012D) +#define STATUS_INVALID_IMAGE_LE_FORMAT cpu_to_le32(0xC000012E) +#define STATUS_INVALID_IMAGE_NOT_MZ cpu_to_le32(0xC000012F) +#define STATUS_INVALID_IMAGE_PROTECT cpu_to_le32(0xC0000130) +#define STATUS_INVALID_IMAGE_WIN_16 cpu_to_le32(0xC0000131) +#define STATUS_LOGON_SERVER_CONFLICT cpu_to_le32(0xC0000132) +#define STATUS_TIME_DIFFERENCE_AT_DC cpu_to_le32(0xC0000133) +#define STATUS_SYNCHRONIZATION_REQUIRED cpu_to_le32(0xC0000134) +#define STATUS_DLL_NOT_FOUND cpu_to_le32(0xC0000135) +#define STATUS_OPEN_FAILED cpu_to_le32(0xC0000136) +#define STATUS_IO_PRIVILEGE_FAILED cpu_to_le32(0xC0000137) +#define STATUS_ORDINAL_NOT_FOUND cpu_to_le32(0xC0000138) +#define STATUS_ENTRYPOINT_NOT_FOUND cpu_to_le32(0xC0000139) +#define STATUS_CONTROL_C_EXIT cpu_to_le32(0xC000013A) +#define STATUS_LOCAL_DISCONNECT cpu_to_le32(0xC000013B) +#define STATUS_REMOTE_DISCONNECT cpu_to_le32(0xC000013C) +#define STATUS_REMOTE_RESOURCES cpu_to_le32(0xC000013D) +#define STATUS_LINK_FAILED cpu_to_le32(0xC000013E) +#define STATUS_LINK_TIMEOUT cpu_to_le32(0xC000013F) +#define STATUS_INVALID_CONNECTION cpu_to_le32(0xC0000140) +#define STATUS_INVALID_ADDRESS cpu_to_le32(0xC0000141) +#define STATUS_DLL_INIT_FAILED cpu_to_le32(0xC0000142) +#define STATUS_MISSING_SYSTEMFILE cpu_to_le32(0xC0000143) +#define STATUS_UNHANDLED_EXCEPTION cpu_to_le32(0xC0000144) +#define STATUS_APP_INIT_FAILURE cpu_to_le32(0xC0000145) +#define STATUS_PAGEFILE_CREATE_FAILED cpu_to_le32(0xC0000146) +#define STATUS_NO_PAGEFILE cpu_to_le32(0xC0000147) +#define STATUS_INVALID_LEVEL cpu_to_le32(0xC0000148) +#define STATUS_WRONG_PASSWORD_CORE cpu_to_le32(0xC0000149) +#define STATUS_ILLEGAL_FLOAT_CONTEXT cpu_to_le32(0xC000014A) +#define STATUS_PIPE_BROKEN cpu_to_le32(0xC000014B) +#define STATUS_REGISTRY_CORRUPT cpu_to_le32(0xC000014C) +#define STATUS_REGISTRY_IO_FAILED cpu_to_le32(0xC000014D) +#define STATUS_NO_EVENT_PAIR cpu_to_le32(0xC000014E) +#define STATUS_UNRECOGNIZED_VOLUME cpu_to_le32(0xC000014F) +#define STATUS_SERIAL_NO_DEVICE_INITED cpu_to_le32(0xC0000150) +#define STATUS_NO_SUCH_ALIAS cpu_to_le32(0xC0000151) +#define STATUS_MEMBER_NOT_IN_ALIAS cpu_to_le32(0xC0000152) +#define STATUS_MEMBER_IN_ALIAS cpu_to_le32(0xC0000153) +#define STATUS_ALIAS_EXISTS cpu_to_le32(0xC0000154) +#define STATUS_LOGON_NOT_GRANTED cpu_to_le32(0xC0000155) +#define STATUS_TOO_MANY_SECRETS cpu_to_le32(0xC0000156) +#define STATUS_SECRET_TOO_LONG cpu_to_le32(0xC0000157) +#define STATUS_INTERNAL_DB_ERROR cpu_to_le32(0xC0000158) +#define STATUS_FULLSCREEN_MODE cpu_to_le32(0xC0000159) +#define STATUS_TOO_MANY_CONTEXT_IDS cpu_to_le32(0xC000015A) +#define STATUS_LOGON_TYPE_NOT_GRANTED cpu_to_le32(0xC000015B) +#define STATUS_NOT_REGISTRY_FILE cpu_to_le32(0xC000015C) +#define STATUS_NT_CROSS_ENCRYPTION_REQUIRED cpu_to_le32(0xC000015D) +#define STATUS_DOMAIN_CTRLR_CONFIG_ERROR cpu_to_le32(0xC000015E) +#define STATUS_FT_MISSING_MEMBER cpu_to_le32(0xC000015F) +#define STATUS_ILL_FORMED_SERVICE_ENTRY cpu_to_le32(0xC0000160) +#define STATUS_ILLEGAL_CHARACTER cpu_to_le32(0xC0000161) +#define STATUS_UNMAPPABLE_CHARACTER cpu_to_le32(0xC0000162) +#define STATUS_UNDEFINED_CHARACTER cpu_to_le32(0xC0000163) +#define STATUS_FLOPPY_VOLUME cpu_to_le32(0xC0000164) +#define STATUS_FLOPPY_ID_MARK_NOT_FOUND cpu_to_le32(0xC0000165) +#define STATUS_FLOPPY_WRONG_CYLINDER cpu_to_le32(0xC0000166) +#define STATUS_FLOPPY_UNKNOWN_ERROR cpu_to_le32(0xC0000167) +#define STATUS_FLOPPY_BAD_REGISTERS cpu_to_le32(0xC0000168) +#define STATUS_DISK_RECALIBRATE_FAILED cpu_to_le32(0xC0000169) +#define STATUS_DISK_OPERATION_FAILED cpu_to_le32(0xC000016A) +#define STATUS_DISK_RESET_FAILED cpu_to_le32(0xC000016B) +#define STATUS_SHARED_IRQ_BUSY cpu_to_le32(0xC000016C) +#define STATUS_FT_ORPHANING cpu_to_le32(0xC000016D) +#define STATUS_BIOS_FAILED_TO_CONNECT_INTERRUPT cpu_to_le32(0xC000016E) +#define STATUS_PARTITION_FAILURE cpu_to_le32(0xC0000172) +#define STATUS_INVALID_BLOCK_LENGTH cpu_to_le32(0xC0000173) +#define STATUS_DEVICE_NOT_PARTITIONED cpu_to_le32(0xC0000174) +#define STATUS_UNABLE_TO_LOCK_MEDIA cpu_to_le32(0xC0000175) +#define STATUS_UNABLE_TO_UNLOAD_MEDIA cpu_to_le32(0xC0000176) +#define STATUS_EOM_OVERFLOW cpu_to_le32(0xC0000177) +#define STATUS_NO_MEDIA cpu_to_le32(0xC0000178) +#define STATUS_NO_SUCH_MEMBER cpu_to_le32(0xC000017A) +#define STATUS_INVALID_MEMBER cpu_to_le32(0xC000017B) +#define STATUS_KEY_DELETED cpu_to_le32(0xC000017C) +#define STATUS_NO_LOG_SPACE cpu_to_le32(0xC000017D) +#define STATUS_TOO_MANY_SIDS cpu_to_le32(0xC000017E) +#define STATUS_LM_CROSS_ENCRYPTION_REQUIRED cpu_to_le32(0xC000017F) +#define STATUS_KEY_HAS_CHILDREN cpu_to_le32(0xC0000180) +#define STATUS_CHILD_MUST_BE_VOLATILE cpu_to_le32(0xC0000181) +#define STATUS_DEVICE_CONFIGURATION_ERROR cpu_to_le32(0xC0000182) +#define STATUS_DRIVER_INTERNAL_ERROR cpu_to_le32(0xC0000183) +#define STATUS_INVALID_DEVICE_STATE cpu_to_le32(0xC0000184) +#define STATUS_IO_DEVICE_ERROR cpu_to_le32(0xC0000185) +#define STATUS_DEVICE_PROTOCOL_ERROR cpu_to_le32(0xC0000186) +#define STATUS_BACKUP_CONTROLLER cpu_to_le32(0xC0000187) +#define STATUS_LOG_FILE_FULL cpu_to_le32(0xC0000188) +#define STATUS_TOO_LATE cpu_to_le32(0xC0000189) +#define STATUS_NO_TRUST_LSA_SECRET cpu_to_le32(0xC000018A) +#define STATUS_NO_TRUST_SAM_ACCOUNT cpu_to_le32(0xC000018B) +#define STATUS_TRUSTED_DOMAIN_FAILURE cpu_to_le32(0xC000018C) +#define STATUS_TRUSTED_RELATIONSHIP_FAILURE cpu_to_le32(0xC000018D) +#define STATUS_EVENTLOG_FILE_CORRUPT cpu_to_le32(0xC000018E) +#define STATUS_EVENTLOG_CANT_START cpu_to_le32(0xC000018F) +#define STATUS_TRUST_FAILURE cpu_to_le32(0xC0000190) +#define STATUS_MUTANT_LIMIT_EXCEEDED cpu_to_le32(0xC0000191) +#define STATUS_NETLOGON_NOT_STARTED cpu_to_le32(0xC0000192) +#define STATUS_ACCOUNT_EXPIRED cpu_to_le32(0xC0000193) +#define STATUS_POSSIBLE_DEADLOCK cpu_to_le32(0xC0000194) +#define STATUS_NETWORK_CREDENTIAL_CONFLICT cpu_to_le32(0xC0000195) +#define STATUS_REMOTE_SESSION_LIMIT cpu_to_le32(0xC0000196) +#define STATUS_EVENTLOG_FILE_CHANGED cpu_to_le32(0xC0000197) +#define STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT cpu_to_le32(0xC0000198) +#define STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT cpu_to_le32(0xC0000199) +#define STATUS_NOLOGON_SERVER_TRUST_ACCOUNT cpu_to_le32(0xC000019A) +#define STATUS_DOMAIN_TRUST_INCONSISTENT cpu_to_le32(0xC000019B) +#define STATUS_FS_DRIVER_REQUIRED cpu_to_le32(0xC000019C) +#define STATUS_IMAGE_ALREADY_LOADED_AS_DLL cpu_to_le32(0xC000019D) +#define STATUS_NETWORK_OPEN_RESTRICTION cpu_to_le32(0xC0000201) +#define STATUS_NO_USER_SESSION_KEY cpu_to_le32(0xC0000202) +#define STATUS_USER_SESSION_DELETED cpu_to_le32(0xC0000203) +#define STATUS_RESOURCE_LANG_NOT_FOUND cpu_to_le32(0xC0000204) +#define STATUS_INSUFF_SERVER_RESOURCES cpu_to_le32(0xC0000205) +#define STATUS_INVALID_BUFFER_SIZE cpu_to_le32(0xC0000206) +#define STATUS_INVALID_ADDRESS_COMPONENT cpu_to_le32(0xC0000207) +#define STATUS_INVALID_ADDRESS_WILDCARD cpu_to_le32(0xC0000208) +#define STATUS_TOO_MANY_ADDRESSES cpu_to_le32(0xC0000209) +#define STATUS_ADDRESS_ALREADY_EXISTS cpu_to_le32(0xC000020A) +#define STATUS_ADDRESS_CLOSED cpu_to_le32(0xC000020B) +#define STATUS_CONNECTION_DISCONNECTED cpu_to_le32(0xC000020C) +#define STATUS_CONNECTION_RESET cpu_to_le32(0xC000020D) +#define STATUS_TOO_MANY_NODES cpu_to_le32(0xC000020E) +#define STATUS_TRANSACTION_ABORTED cpu_to_le32(0xC000020F) +#define STATUS_TRANSACTION_TIMED_OUT cpu_to_le32(0xC0000210) +#define STATUS_TRANSACTION_NO_RELEASE cpu_to_le32(0xC0000211) +#define STATUS_TRANSACTION_NO_MATCH cpu_to_le32(0xC0000212) +#define STATUS_TRANSACTION_RESPONDED cpu_to_le32(0xC0000213) +#define STATUS_TRANSACTION_INVALID_ID cpu_to_le32(0xC0000214) +#define STATUS_TRANSACTION_INVALID_TYPE cpu_to_le32(0xC0000215) +#define STATUS_NOT_SERVER_SESSION cpu_to_le32(0xC0000216) +#define STATUS_NOT_CLIENT_SESSION cpu_to_le32(0xC0000217) +#define STATUS_CANNOT_LOAD_REGISTRY_FILE cpu_to_le32(0xC0000218) +#define STATUS_DEBUG_ATTACH_FAILED cpu_to_le32(0xC0000219) +#define STATUS_SYSTEM_PROCESS_TERMINATED cpu_to_le32(0xC000021A) +#define STATUS_DATA_NOT_ACCEPTED cpu_to_le32(0xC000021B) +#define STATUS_NO_BROWSER_SERVERS_FOUND cpu_to_le32(0xC000021C) +#define STATUS_VDM_HARD_ERROR cpu_to_le32(0xC000021D) +#define STATUS_DRIVER_CANCEL_TIMEOUT cpu_to_le32(0xC000021E) +#define STATUS_REPLY_MESSAGE_MISMATCH cpu_to_le32(0xC000021F) +#define STATUS_MAPPED_ALIGNMENT cpu_to_le32(0xC0000220) +#define STATUS_IMAGE_CHECKSUM_MISMATCH cpu_to_le32(0xC0000221) +#define STATUS_LOST_WRITEBEHIND_DATA cpu_to_le32(0xC0000222) +#define STATUS_CLIENT_SERVER_PARAMETERS_INVALID cpu_to_le32(0xC0000223) +#define STATUS_PASSWORD_MUST_CHANGE cpu_to_le32(0xC0000224) +#define STATUS_NOT_FOUND cpu_to_le32(0xC0000225) +#define STATUS_NOT_TINY_STREAM cpu_to_le32(0xC0000226) +#define STATUS_RECOVERY_FAILURE cpu_to_le32(0xC0000227) +#define STATUS_STACK_OVERFLOW_READ cpu_to_le32(0xC0000228) +#define STATUS_FAIL_CHECK cpu_to_le32(0xC0000229) +#define STATUS_DUPLICATE_OBJECTID cpu_to_le32(0xC000022A) +#define STATUS_OBJECTID_EXISTS cpu_to_le32(0xC000022B) +#define STATUS_CONVERT_TO_LARGE cpu_to_le32(0xC000022C) +#define STATUS_RETRY cpu_to_le32(0xC000022D) +#define STATUS_FOUND_OUT_OF_SCOPE cpu_to_le32(0xC000022E) +#define STATUS_ALLOCATE_BUCKET cpu_to_le32(0xC000022F) +#define STATUS_PROPSET_NOT_FOUND cpu_to_le32(0xC0000230) +#define STATUS_MARSHALL_OVERFLOW cpu_to_le32(0xC0000231) +#define STATUS_INVALID_VARIANT cpu_to_le32(0xC0000232) +#define STATUS_DOMAIN_CONTROLLER_NOT_FOUND cpu_to_le32(0xC0000233) +#define STATUS_ACCOUNT_LOCKED_OUT cpu_to_le32(0xC0000234) +#define STATUS_HANDLE_NOT_CLOSABLE cpu_to_le32(0xC0000235) +#define STATUS_CONNECTION_REFUSED cpu_to_le32(0xC0000236) +#define STATUS_GRACEFUL_DISCONNECT cpu_to_le32(0xC0000237) +#define STATUS_ADDRESS_ALREADY_ASSOCIATED cpu_to_le32(0xC0000238) +#define STATUS_ADDRESS_NOT_ASSOCIATED cpu_to_le32(0xC0000239) +#define STATUS_CONNECTION_INVALID cpu_to_le32(0xC000023A) +#define STATUS_CONNECTION_ACTIVE cpu_to_le32(0xC000023B) +#define STATUS_NETWORK_UNREACHABLE cpu_to_le32(0xC000023C) +#define STATUS_HOST_UNREACHABLE cpu_to_le32(0xC000023D) +#define STATUS_PROTOCOL_UNREACHABLE cpu_to_le32(0xC000023E) +#define STATUS_PORT_UNREACHABLE cpu_to_le32(0xC000023F) +#define STATUS_REQUEST_ABORTED cpu_to_le32(0xC0000240) +#define STATUS_CONNECTION_ABORTED cpu_to_le32(0xC0000241) +#define STATUS_BAD_COMPRESSION_BUFFER cpu_to_le32(0xC0000242) +#define STATUS_USER_MAPPED_FILE cpu_to_le32(0xC0000243) +#define STATUS_AUDIT_FAILED cpu_to_le32(0xC0000244) +#define STATUS_TIMER_RESOLUTION_NOT_SET cpu_to_le32(0xC0000245) +#define STATUS_CONNECTION_COUNT_LIMIT cpu_to_le32(0xC0000246) +#define STATUS_LOGIN_TIME_RESTRICTION cpu_to_le32(0xC0000247) +#define STATUS_LOGIN_WKSTA_RESTRICTION cpu_to_le32(0xC0000248) +#define STATUS_IMAGE_MP_UP_MISMATCH cpu_to_le32(0xC0000249) +#define STATUS_INSUFFICIENT_LOGON_INFO cpu_to_le32(0xC0000250) +#define STATUS_BAD_DLL_ENTRYPOINT cpu_to_le32(0xC0000251) +#define STATUS_BAD_SERVICE_ENTRYPOINT cpu_to_le32(0xC0000252) +#define STATUS_LPC_REPLY_LOST cpu_to_le32(0xC0000253) +#define STATUS_IP_ADDRESS_CONFLICT1 cpu_to_le32(0xC0000254) +#define STATUS_IP_ADDRESS_CONFLICT2 cpu_to_le32(0xC0000255) +#define STATUS_REGISTRY_QUOTA_LIMIT cpu_to_le32(0xC0000256) +#define STATUS_PATH_NOT_COVERED cpu_to_le32(0xC0000257) +#define STATUS_NO_CALLBACK_ACTIVE cpu_to_le32(0xC0000258) +#define STATUS_LICENSE_QUOTA_EXCEEDED cpu_to_le32(0xC0000259) +#define STATUS_PWD_TOO_SHORT cpu_to_le32(0xC000025A) +#define STATUS_PWD_TOO_RECENT cpu_to_le32(0xC000025B) +#define STATUS_PWD_HISTORY_CONFLICT cpu_to_le32(0xC000025C) +#define STATUS_PLUGPLAY_NO_DEVICE cpu_to_le32(0xC000025E) +#define STATUS_UNSUPPORTED_COMPRESSION cpu_to_le32(0xC000025F) +#define STATUS_INVALID_HW_PROFILE cpu_to_le32(0xC0000260) +#define STATUS_INVALID_PLUGPLAY_DEVICE_PATH cpu_to_le32(0xC0000261) +#define STATUS_DRIVER_ORDINAL_NOT_FOUND cpu_to_le32(0xC0000262) +#define STATUS_DRIVER_ENTRYPOINT_NOT_FOUND cpu_to_le32(0xC0000263) +#define STATUS_RESOURCE_NOT_OWNED cpu_to_le32(0xC0000264) +#define STATUS_TOO_MANY_LINKS cpu_to_le32(0xC0000265) +#define STATUS_QUOTA_LIST_INCONSISTENT cpu_to_le32(0xC0000266) +#define STATUS_FILE_IS_OFFLINE cpu_to_le32(0xC0000267) +#define STATUS_EVALUATION_EXPIRATION cpu_to_le32(0xC0000268) +#define STATUS_ILLEGAL_DLL_RELOCATION cpu_to_le32(0xC0000269) +#define STATUS_LICENSE_VIOLATION cpu_to_le32(0xC000026A) +#define STATUS_DLL_INIT_FAILED_LOGOFF cpu_to_le32(0xC000026B) +#define STATUS_DRIVER_UNABLE_TO_LOAD cpu_to_le32(0xC000026C) +#define STATUS_DFS_UNAVAILABLE cpu_to_le32(0xC000026D) +#define STATUS_VOLUME_DISMOUNTED cpu_to_le32(0xC000026E) +#define STATUS_WX86_INTERNAL_ERROR cpu_to_le32(0xC000026F) +#define STATUS_WX86_FLOAT_STACK_CHECK cpu_to_le32(0xC0000270) +#define STATUS_VALIDATE_CONTINUE cpu_to_le32(0xC0000271) +#define STATUS_NO_MATCH cpu_to_le32(0xC0000272) +#define STATUS_NO_MORE_MATCHES cpu_to_le32(0xC0000273) +#define STATUS_NOT_A_REPARSE_POINT cpu_to_le32(0xC0000275) +#define STATUS_IO_REPARSE_TAG_INVALID cpu_to_le32(0xC0000276) +#define STATUS_IO_REPARSE_TAG_MISMATCH cpu_to_le32(0xC0000277) +#define STATUS_IO_REPARSE_DATA_INVALID cpu_to_le32(0xC0000278) +#define STATUS_IO_REPARSE_TAG_NOT_HANDLED cpu_to_le32(0xC0000279) +#define STATUS_REPARSE_POINT_NOT_RESOLVED cpu_to_le32(0xC0000280) +#define STATUS_DIRECTORY_IS_A_REPARSE_POINT cpu_to_le32(0xC0000281) +#define STATUS_RANGE_LIST_CONFLICT cpu_to_le32(0xC0000282) +#define STATUS_SOURCE_ELEMENT_EMPTY cpu_to_le32(0xC0000283) +#define STATUS_DESTINATION_ELEMENT_FULL cpu_to_le32(0xC0000284) +#define STATUS_ILLEGAL_ELEMENT_ADDRESS cpu_to_le32(0xC0000285) +#define STATUS_MAGAZINE_NOT_PRESENT cpu_to_le32(0xC0000286) +#define STATUS_REINITIALIZATION_NEEDED cpu_to_le32(0xC0000287) +#define STATUS_ENCRYPTION_FAILED cpu_to_le32(0xC000028A) +#define STATUS_DECRYPTION_FAILED cpu_to_le32(0xC000028B) +#define STATUS_RANGE_NOT_FOUND cpu_to_le32(0xC000028C) +#define STATUS_NO_RECOVERY_POLICY cpu_to_le32(0xC000028D) +#define STATUS_NO_EFS cpu_to_le32(0xC000028E) +#define STATUS_WRONG_EFS cpu_to_le32(0xC000028F) +#define STATUS_NO_USER_KEYS cpu_to_le32(0xC0000290) +#define STATUS_FILE_NOT_ENCRYPTED cpu_to_le32(0xC0000291) +#define STATUS_NOT_EXPORT_FORMAT cpu_to_le32(0xC0000292) +#define STATUS_FILE_ENCRYPTED cpu_to_le32(0xC0000293) +#define STATUS_WMI_GUID_NOT_FOUND cpu_to_le32(0xC0000295) +#define STATUS_WMI_INSTANCE_NOT_FOUND cpu_to_le32(0xC0000296) +#define STATUS_WMI_ITEMID_NOT_FOUND cpu_to_le32(0xC0000297) +#define STATUS_WMI_TRY_AGAIN cpu_to_le32(0xC0000298) +#define STATUS_SHARED_POLICY cpu_to_le32(0xC0000299) +#define STATUS_POLICY_OBJECT_NOT_FOUND cpu_to_le32(0xC000029A) +#define STATUS_POLICY_ONLY_IN_DS cpu_to_le32(0xC000029B) +#define STATUS_VOLUME_NOT_UPGRADED cpu_to_le32(0xC000029C) +#define STATUS_REMOTE_STORAGE_NOT_ACTIVE cpu_to_le32(0xC000029D) +#define STATUS_REMOTE_STORAGE_MEDIA_ERROR cpu_to_le32(0xC000029E) +#define STATUS_NO_TRACKING_SERVICE cpu_to_le32(0xC000029F) +#define STATUS_SERVER_SID_MISMATCH cpu_to_le32(0xC00002A0) +#define STATUS_DS_NO_ATTRIBUTE_OR_VALUE cpu_to_le32(0xC00002A1) +#define STATUS_DS_INVALID_ATTRIBUTE_SYNTAX cpu_to_le32(0xC00002A2) +#define STATUS_DS_ATTRIBUTE_TYPE_UNDEFINED cpu_to_le32(0xC00002A3) +#define STATUS_DS_ATTRIBUTE_OR_VALUE_EXISTS cpu_to_le32(0xC00002A4) +#define STATUS_DS_BUSY cpu_to_le32(0xC00002A5) +#define STATUS_DS_UNAVAILABLE cpu_to_le32(0xC00002A6) +#define STATUS_DS_NO_RIDS_ALLOCATED cpu_to_le32(0xC00002A7) +#define STATUS_DS_NO_MORE_RIDS cpu_to_le32(0xC00002A8) +#define STATUS_DS_INCORRECT_ROLE_OWNER cpu_to_le32(0xC00002A9) +#define STATUS_DS_RIDMGR_INIT_ERROR cpu_to_le32(0xC00002AA) +#define STATUS_DS_OBJ_CLASS_VIOLATION cpu_to_le32(0xC00002AB) +#define STATUS_DS_CANT_ON_NON_LEAF cpu_to_le32(0xC00002AC) +#define STATUS_DS_CANT_ON_RDN cpu_to_le32(0xC00002AD) +#define STATUS_DS_CANT_MOD_OBJ_CLASS cpu_to_le32(0xC00002AE) +#define STATUS_DS_CROSS_DOM_MOVE_FAILED cpu_to_le32(0xC00002AF) +#define STATUS_DS_GC_NOT_AVAILABLE cpu_to_le32(0xC00002B0) +#define STATUS_DIRECTORY_SERVICE_REQUIRED cpu_to_le32(0xC00002B1) +#define STATUS_REPARSE_ATTRIBUTE_CONFLICT cpu_to_le32(0xC00002B2) +#define STATUS_CANT_ENABLE_DENY_ONLY cpu_to_le32(0xC00002B3) +#define STATUS_FLOAT_MULTIPLE_FAULTS cpu_to_le32(0xC00002B4) +#define STATUS_FLOAT_MULTIPLE_TRAPS cpu_to_le32(0xC00002B5) +#define STATUS_DEVICE_REMOVED cpu_to_le32(0xC00002B6) +#define STATUS_JOURNAL_DELETE_IN_PROGRESS cpu_to_le32(0xC00002B7) +#define STATUS_JOURNAL_NOT_ACTIVE cpu_to_le32(0xC00002B8) +#define STATUS_NOINTERFACE cpu_to_le32(0xC00002B9) +#define STATUS_DS_ADMIN_LIMIT_EXCEEDED cpu_to_le32(0xC00002C1) +#define STATUS_DRIVER_FAILED_SLEEP cpu_to_le32(0xC00002C2) +#define STATUS_MUTUAL_AUTHENTICATION_FAILED cpu_to_le32(0xC00002C3) +#define STATUS_CORRUPT_SYSTEM_FILE cpu_to_le32(0xC00002C4) +#define STATUS_DATATYPE_MISALIGNMENT_ERROR cpu_to_le32(0xC00002C5) +#define STATUS_WMI_READ_ONLY cpu_to_le32(0xC00002C6) +#define STATUS_WMI_SET_FAILURE cpu_to_le32(0xC00002C7) +#define STATUS_COMMITMENT_MINIMUM cpu_to_le32(0xC00002C8) +#define STATUS_REG_NAT_CONSUMPTION cpu_to_le32(0xC00002C9) +#define STATUS_TRANSPORT_FULL cpu_to_le32(0xC00002CA) +#define STATUS_DS_SAM_INIT_FAILURE cpu_to_le32(0xC00002CB) +#define STATUS_ONLY_IF_CONNECTED cpu_to_le32(0xC00002CC) +#define STATUS_DS_SENSITIVE_GROUP_VIOLATION cpu_to_le32(0xC00002CD) +#define STATUS_PNP_RESTART_ENUMERATION cpu_to_le32(0xC00002CE) +#define STATUS_JOURNAL_ENTRY_DELETED cpu_to_le32(0xC00002CF) +#define STATUS_DS_CANT_MOD_PRIMARYGROUPID cpu_to_le32(0xC00002D0) +#define STATUS_SYSTEM_IMAGE_BAD_SIGNATURE cpu_to_le32(0xC00002D1) +#define STATUS_PNP_REBOOT_REQUIRED cpu_to_le32(0xC00002D2) +#define STATUS_POWER_STATE_INVALID cpu_to_le32(0xC00002D3) +#define STATUS_DS_INVALID_GROUP_TYPE cpu_to_le32(0xC00002D4) +#define STATUS_DS_NO_NEST_GLOBALGROUP_IN_MIXEDDOMAIN cpu_to_le32(0xC00002D5) +#define STATUS_DS_NO_NEST_LOCALGROUP_IN_MIXEDDOMAIN cpu_to_le32(0xC00002D6) +#define STATUS_DS_GLOBAL_CANT_HAVE_LOCAL_MEMBER cpu_to_le32(0xC00002D7) +#define STATUS_DS_GLOBAL_CANT_HAVE_UNIVERSAL_MEMBER cpu_to_le32(0xC00002D8) +#define STATUS_DS_UNIVERSAL_CANT_HAVE_LOCAL_MEMBER cpu_to_le32(0xC00002D9) +#define STATUS_DS_GLOBAL_CANT_HAVE_CROSSDOMAIN_MEMBER cpu_to_le32(0xC00002DA) +#define STATUS_DS_LOCAL_CANT_HAVE_CROSSDOMAIN_LOCAL_MEMBER \ + cpu_to_le32(0xC00002DB) +#define STATUS_DS_HAVE_PRIMARY_MEMBERS cpu_to_le32(0xC00002DC) +#define STATUS_WMI_NOT_SUPPORTED cpu_to_le32(0xC00002DD) +#define STATUS_INSUFFICIENT_POWER cpu_to_le32(0xC00002DE) +#define STATUS_SAM_NEED_BOOTKEY_PASSWORD cpu_to_le32(0xC00002DF) +#define STATUS_SAM_NEED_BOOTKEY_FLOPPY cpu_to_le32(0xC00002E0) +#define STATUS_DS_CANT_START cpu_to_le32(0xC00002E1) +#define STATUS_DS_INIT_FAILURE cpu_to_le32(0xC00002E2) +#define STATUS_SAM_INIT_FAILURE cpu_to_le32(0xC00002E3) +#define STATUS_DS_GC_REQUIRED cpu_to_le32(0xC00002E4) +#define STATUS_DS_LOCAL_MEMBER_OF_LOCAL_ONLY cpu_to_le32(0xC00002E5) +#define STATUS_DS_NO_FPO_IN_UNIVERSAL_GROUPS cpu_to_le32(0xC00002E6) +#define STATUS_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED cpu_to_le32(0xC00002E7) +#define STATUS_MULTIPLE_FAULT_VIOLATION cpu_to_le32(0xC00002E8) +#define STATUS_CURRENT_DOMAIN_NOT_ALLOWED cpu_to_le32(0xC00002E9) +#define STATUS_CANNOT_MAKE cpu_to_le32(0xC00002EA) +#define STATUS_SYSTEM_SHUTDOWN cpu_to_le32(0xC00002EB) +#define STATUS_DS_INIT_FAILURE_CONSOLE cpu_to_le32(0xC00002EC) +#define STATUS_DS_SAM_INIT_FAILURE_CONSOLE cpu_to_le32(0xC00002ED) +#define STATUS_UNFINISHED_CONTEXT_DELETED cpu_to_le32(0xC00002EE) +#define STATUS_NO_TGT_REPLY cpu_to_le32(0xC00002EF) +#define STATUS_OBJECTID_NOT_FOUND cpu_to_le32(0xC00002F0) +#define STATUS_NO_IP_ADDRESSES cpu_to_le32(0xC00002F1) +#define STATUS_WRONG_CREDENTIAL_HANDLE cpu_to_le32(0xC00002F2) +#define STATUS_CRYPTO_SYSTEM_INVALID cpu_to_le32(0xC00002F3) +#define STATUS_MAX_REFERRALS_EXCEEDED cpu_to_le32(0xC00002F4) +#define STATUS_MUST_BE_KDC cpu_to_le32(0xC00002F5) +#define STATUS_STRONG_CRYPTO_NOT_SUPPORTED cpu_to_le32(0xC00002F6) +#define STATUS_TOO_MANY_PRINCIPALS cpu_to_le32(0xC00002F7) +#define STATUS_NO_PA_DATA cpu_to_le32(0xC00002F8) +#define STATUS_PKINIT_NAME_MISMATCH cpu_to_le32(0xC00002F9) +#define STATUS_SMARTCARD_LOGON_REQUIRED cpu_to_le32(0xC00002FA) +#define STATUS_KDC_INVALID_REQUEST cpu_to_le32(0xC00002FB) +#define STATUS_KDC_UNABLE_TO_REFER cpu_to_le32(0xC00002FC) +#define STATUS_KDC_UNKNOWN_ETYPE cpu_to_le32(0xC00002FD) +#define STATUS_SHUTDOWN_IN_PROGRESS cpu_to_le32(0xC00002FE) +#define STATUS_SERVER_SHUTDOWN_IN_PROGRESS cpu_to_le32(0xC00002FF) +#define STATUS_NOT_SUPPORTED_ON_SBS cpu_to_le32(0xC0000300) +#define STATUS_WMI_GUID_DISCONNECTED cpu_to_le32(0xC0000301) +#define STATUS_WMI_ALREADY_DISABLED cpu_to_le32(0xC0000302) +#define STATUS_WMI_ALREADY_ENABLED cpu_to_le32(0xC0000303) +#define STATUS_MFT_TOO_FRAGMENTED cpu_to_le32(0xC0000304) +#define STATUS_COPY_PROTECTION_FAILURE cpu_to_le32(0xC0000305) +#define STATUS_CSS_AUTHENTICATION_FAILURE cpu_to_le32(0xC0000306) +#define STATUS_CSS_KEY_NOT_PRESENT cpu_to_le32(0xC0000307) +#define STATUS_CSS_KEY_NOT_ESTABLISHED cpu_to_le32(0xC0000308) +#define STATUS_CSS_SCRAMBLED_SECTOR cpu_to_le32(0xC0000309) +#define STATUS_CSS_REGION_MISMATCH cpu_to_le32(0xC000030A) +#define STATUS_CSS_RESETS_EXHAUSTED cpu_to_le32(0xC000030B) +#define STATUS_PKINIT_FAILURE cpu_to_le32(0xC0000320) +#define STATUS_SMARTCARD_SUBSYSTEM_FAILURE cpu_to_le32(0xC0000321) +#define STATUS_NO_KERB_KEY cpu_to_le32(0xC0000322) +#define STATUS_HOST_DOWN cpu_to_le32(0xC0000350) +#define STATUS_UNSUPPORTED_PREAUTH cpu_to_le32(0xC0000351) +#define STATUS_EFS_ALG_BLOB_TOO_BIG cpu_to_le32(0xC0000352) +#define STATUS_PORT_NOT_SET cpu_to_le32(0xC0000353) +#define STATUS_DEBUGGER_INACTIVE cpu_to_le32(0xC0000354) +#define STATUS_DS_VERSION_CHECK_FAILURE cpu_to_le32(0xC0000355) +#define STATUS_AUDITING_DISABLED cpu_to_le32(0xC0000356) +#define STATUS_PRENT4_MACHINE_ACCOUNT cpu_to_le32(0xC0000357) +#define STATUS_DS_AG_CANT_HAVE_UNIVERSAL_MEMBER cpu_to_le32(0xC0000358) +#define STATUS_INVALID_IMAGE_WIN_32 cpu_to_le32(0xC0000359) +#define STATUS_INVALID_IMAGE_WIN_64 cpu_to_le32(0xC000035A) +#define STATUS_BAD_BINDINGS cpu_to_le32(0xC000035B) +#define STATUS_NETWORK_SESSION_EXPIRED cpu_to_le32(0xC000035C) +#define STATUS_APPHELP_BLOCK cpu_to_le32(0xC000035D) +#define STATUS_ALL_SIDS_FILTERED cpu_to_le32(0xC000035E) +#define STATUS_NOT_SAFE_MODE_DRIVER cpu_to_le32(0xC000035F) +#define STATUS_ACCESS_DISABLED_BY_POLICY_DEFAULT cpu_to_le32(0xC0000361) +#define STATUS_ACCESS_DISABLED_BY_POLICY_PATH cpu_to_le32(0xC0000362) +#define STATUS_ACCESS_DISABLED_BY_POLICY_PUBLISHER cpu_to_le32(0xC0000363) +#define STATUS_ACCESS_DISABLED_BY_POLICY_OTHER cpu_to_le32(0xC0000364) +#define STATUS_FAILED_DRIVER_ENTRY cpu_to_le32(0xC0000365) +#define STATUS_DEVICE_ENUMERATION_ERROR cpu_to_le32(0xC0000366) +#define STATUS_MOUNT_POINT_NOT_RESOLVED cpu_to_le32(0xC0000368) +#define STATUS_INVALID_DEVICE_OBJECT_PARAMETER cpu_to_le32(0xC0000369) +#define STATUS_MCA_OCCURRED cpu_to_le32(0xC000036A) +#define STATUS_DRIVER_BLOCKED_CRITICAL cpu_to_le32(0xC000036B) +#define STATUS_DRIVER_BLOCKED cpu_to_le32(0xC000036C) +#define STATUS_DRIVER_DATABASE_ERROR cpu_to_le32(0xC000036D) +#define STATUS_SYSTEM_HIVE_TOO_LARGE cpu_to_le32(0xC000036E) +#define STATUS_INVALID_IMPORT_OF_NON_DLL cpu_to_le32(0xC000036F) +#define STATUS_NO_SECRETS cpu_to_le32(0xC0000371) +#define STATUS_ACCESS_DISABLED_NO_SAFER_UI_BY_POLICY cpu_to_le32(0xC0000372) +#define STATUS_FAILED_STACK_SWITCH cpu_to_le32(0xC0000373) +#define STATUS_HEAP_CORRUPTION cpu_to_le32(0xC0000374) +#define STATUS_SMARTCARD_WRONG_PIN cpu_to_le32(0xC0000380) +#define STATUS_SMARTCARD_CARD_BLOCKED cpu_to_le32(0xC0000381) +#define STATUS_SMARTCARD_CARD_NOT_AUTHENTICATED cpu_to_le32(0xC0000382) +#define STATUS_SMARTCARD_NO_CARD cpu_to_le32(0xC0000383) +#define STATUS_SMARTCARD_NO_KEY_CONTAINER cpu_to_le32(0xC0000384) +#define STATUS_SMARTCARD_NO_CERTIFICATE cpu_to_le32(0xC0000385) +#define STATUS_SMARTCARD_NO_KEYSET cpu_to_le32(0xC0000386) +#define STATUS_SMARTCARD_IO_ERROR cpu_to_le32(0xC0000387) +#define STATUS_DOWNGRADE_DETECTED cpu_to_le32(0xC0000388) +#define STATUS_SMARTCARD_CERT_REVOKED cpu_to_le32(0xC0000389) +#define STATUS_ISSUING_CA_UNTRUSTED cpu_to_le32(0xC000038A) +#define STATUS_REVOCATION_OFFLINE_C cpu_to_le32(0xC000038B) +#define STATUS_PKINIT_CLIENT_FAILURE cpu_to_le32(0xC000038C) +#define STATUS_SMARTCARD_CERT_EXPIRED cpu_to_le32(0xC000038D) +#define STATUS_DRIVER_FAILED_PRIOR_UNLOAD cpu_to_le32(0xC000038E) +#define STATUS_SMARTCARD_SILENT_CONTEXT cpu_to_le32(0xC000038F) +#define STATUS_PER_USER_TRUST_QUOTA_EXCEEDED cpu_to_le32(0xC0000401) +#define STATUS_ALL_USER_TRUST_QUOTA_EXCEEDED cpu_to_le32(0xC0000402) +#define STATUS_USER_DELETE_TRUST_QUOTA_EXCEEDED cpu_to_le32(0xC0000403) +#define STATUS_DS_NAME_NOT_UNIQUE cpu_to_le32(0xC0000404) +#define STATUS_DS_DUPLICATE_ID_FOUND cpu_to_le32(0xC0000405) +#define STATUS_DS_GROUP_CONVERSION_ERROR cpu_to_le32(0xC0000406) +#define STATUS_VOLSNAP_PREPARE_HIBERNATE cpu_to_le32(0xC0000407) +#define STATUS_USER2USER_REQUIRED cpu_to_le32(0xC0000408) +#define STATUS_STACK_BUFFER_OVERRUN cpu_to_le32(0xC0000409) +#define STATUS_NO_S4U_PROT_SUPPORT cpu_to_le32(0xC000040A) +#define STATUS_CROSSREALM_DELEGATION_FAILURE cpu_to_le32(0xC000040B) +#define STATUS_REVOCATION_OFFLINE_KDC cpu_to_le32(0xC000040C) +#define STATUS_ISSUING_CA_UNTRUSTED_KDC cpu_to_le32(0xC000040D) +#define STATUS_KDC_CERT_EXPIRED cpu_to_le32(0xC000040E) +#define STATUS_KDC_CERT_REVOKED cpu_to_le32(0xC000040F) +#define STATUS_PARAMETER_QUOTA_EXCEEDED cpu_to_le32(0xC0000410) +#define STATUS_HIBERNATION_FAILURE cpu_to_le32(0xC0000411) +#define STATUS_DELAY_LOAD_FAILED cpu_to_le32(0xC0000412) +#define STATUS_AUTHENTICATION_FIREWALL_FAILED cpu_to_le32(0xC0000413) +#define STATUS_VDM_DISALLOWED cpu_to_le32(0xC0000414) +#define STATUS_HUNG_DISPLAY_DRIVER_THREAD cpu_to_le32(0xC0000415) +#define STATUS_INSUFFICIENT_RESOURCE_FOR_SPECIFIED_SHARED_SECTION_SIZE \ + cpu_to_le32(0xC0000416) +#define STATUS_INVALID_CRUNTIME_PARAMETER cpu_to_le32(0xC0000417) +#define STATUS_NTLM_BLOCKED cpu_to_le32(0xC0000418) +#define STATUS_ASSERTION_FAILURE cpu_to_le32(0xC0000420) +#define STATUS_VERIFIER_STOP cpu_to_le32(0xC0000421) +#define STATUS_CALLBACK_POP_STACK cpu_to_le32(0xC0000423) +#define STATUS_INCOMPATIBLE_DRIVER_BLOCKED cpu_to_le32(0xC0000424) +#define STATUS_HIVE_UNLOADED cpu_to_le32(0xC0000425) +#define STATUS_COMPRESSION_DISABLED cpu_to_le32(0xC0000426) +#define STATUS_FILE_SYSTEM_LIMITATION cpu_to_le32(0xC0000427) +#define STATUS_INVALID_IMAGE_HASH cpu_to_le32(0xC0000428) +#define STATUS_NOT_CAPABLE cpu_to_le32(0xC0000429) +#define STATUS_REQUEST_OUT_OF_SEQUENCE cpu_to_le32(0xC000042A) +#define STATUS_IMPLEMENTATION_LIMIT cpu_to_le32(0xC000042B) +#define STATUS_ELEVATION_REQUIRED cpu_to_le32(0xC000042C) +#define STATUS_BEYOND_VDL cpu_to_le32(0xC0000432) +#define STATUS_ENCOUNTERED_WRITE_IN_PROGRESS cpu_to_le32(0xC0000433) +#define STATUS_PTE_CHANGED cpu_to_le32(0xC0000434) +#define STATUS_PURGE_FAILED cpu_to_le32(0xC0000435) +#define STATUS_CRED_REQUIRES_CONFIRMATION cpu_to_le32(0xC0000440) +#define STATUS_CS_ENCRYPTION_INVALID_SERVER_RESPONSE cpu_to_le32(0xC0000441) +#define STATUS_CS_ENCRYPTION_UNSUPPORTED_SERVER cpu_to_le32(0xC0000442) +#define STATUS_CS_ENCRYPTION_EXISTING_ENCRYPTED_FILE cpu_to_le32(0xC0000443) +#define STATUS_CS_ENCRYPTION_NEW_ENCRYPTED_FILE cpu_to_le32(0xC0000444) +#define STATUS_CS_ENCRYPTION_FILE_NOT_CSE cpu_to_le32(0xC0000445) +#define STATUS_INVALID_LABEL cpu_to_le32(0xC0000446) +#define STATUS_DRIVER_PROCESS_TERMINATED cpu_to_le32(0xC0000450) +#define STATUS_AMBIGUOUS_SYSTEM_DEVICE cpu_to_le32(0xC0000451) +#define STATUS_SYSTEM_DEVICE_NOT_FOUND cpu_to_le32(0xC0000452) +#define STATUS_RESTART_BOOT_APPLICATION cpu_to_le32(0xC0000453) +#define STATUS_INVALID_TASK_NAME cpu_to_le32(0xC0000500) +#define STATUS_INVALID_TASK_INDEX cpu_to_le32(0xC0000501) +#define STATUS_THREAD_ALREADY_IN_TASK cpu_to_le32(0xC0000502) +#define STATUS_CALLBACK_BYPASS cpu_to_le32(0xC0000503) +#define STATUS_PORT_CLOSED cpu_to_le32(0xC0000700) +#define STATUS_MESSAGE_LOST cpu_to_le32(0xC0000701) +#define STATUS_INVALID_MESSAGE cpu_to_le32(0xC0000702) +#define STATUS_REQUEST_CANCELED cpu_to_le32(0xC0000703) +#define STATUS_RECURSIVE_DISPATCH cpu_to_le32(0xC0000704) +#define STATUS_LPC_RECEIVE_BUFFER_EXPECTED cpu_to_le32(0xC0000705) +#define STATUS_LPC_INVALID_CONNECTION_USAGE cpu_to_le32(0xC0000706) +#define STATUS_LPC_REQUESTS_NOT_ALLOWED cpu_to_le32(0xC0000707) +#define STATUS_RESOURCE_IN_USE cpu_to_le32(0xC0000708) +#define STATUS_HARDWARE_MEMORY_ERROR cpu_to_le32(0xC0000709) +#define STATUS_THREADPOOL_HANDLE_EXCEPTION cpu_to_le32(0xC000070A) +#define STATUS_THREADPOOL_SET_EVENT_ON_COMPLETION_FAILED cpu_to_le32(0xC000070B) +#define STATUS_THREADPOOL_RELEASE_SEMAPHORE_ON_COMPLETION_FAILED \ + cpu_to_le32(0xC000070C) +#define STATUS_THREADPOOL_RELEASE_MUTEX_ON_COMPLETION_FAILED \ + cpu_to_le32(0xC000070D) +#define STATUS_THREADPOOL_FREE_LIBRARY_ON_COMPLETION_FAILED \ + cpu_to_le32(0xC000070E) +#define STATUS_THREADPOOL_RELEASED_DURING_OPERATION cpu_to_le32(0xC000070F) +#define STATUS_CALLBACK_RETURNED_WHILE_IMPERSONATING cpu_to_le32(0xC0000710) +#define STATUS_APC_RETURNED_WHILE_IMPERSONATING cpu_to_le32(0xC0000711) +#define STATUS_PROCESS_IS_PROTECTED cpu_to_le32(0xC0000712) +#define STATUS_MCA_EXCEPTION cpu_to_le32(0xC0000713) +#define STATUS_CERTIFICATE_MAPPING_NOT_UNIQUE cpu_to_le32(0xC0000714) +#define STATUS_SYMLINK_CLASS_DISABLED cpu_to_le32(0xC0000715) +#define STATUS_INVALID_IDN_NORMALIZATION cpu_to_le32(0xC0000716) +#define STATUS_NO_UNICODE_TRANSLATION cpu_to_le32(0xC0000717) +#define STATUS_ALREADY_REGISTERED cpu_to_le32(0xC0000718) +#define STATUS_CONTEXT_MISMATCH cpu_to_le32(0xC0000719) +#define STATUS_PORT_ALREADY_HAS_COMPLETION_LIST cpu_to_le32(0xC000071A) +#define STATUS_CALLBACK_RETURNED_THREAD_PRIORITY cpu_to_le32(0xC000071B) +#define STATUS_INVALID_THREAD cpu_to_le32(0xC000071C) +#define STATUS_CALLBACK_RETURNED_TRANSACTION cpu_to_le32(0xC000071D) +#define STATUS_CALLBACK_RETURNED_LDR_LOCK cpu_to_le32(0xC000071E) +#define STATUS_CALLBACK_RETURNED_LANG cpu_to_le32(0xC000071F) +#define STATUS_CALLBACK_RETURNED_PRI_BACK cpu_to_le32(0xC0000720) +#define STATUS_CALLBACK_RETURNED_THREAD_AFFINITY cpu_to_le32(0xC0000721) +#define STATUS_DISK_REPAIR_DISABLED cpu_to_le32(0xC0000800) +#define STATUS_DS_DOMAIN_RENAME_IN_PROGRESS cpu_to_le32(0xC0000801) +#define STATUS_DISK_QUOTA_EXCEEDED cpu_to_le32(0xC0000802) +#define STATUS_CONTENT_BLOCKED cpu_to_le32(0xC0000804) +#define STATUS_BAD_CLUSTERS cpu_to_le32(0xC0000805) +#define STATUS_VOLUME_DIRTY cpu_to_le32(0xC0000806) +#define STATUS_FILE_CHECKED_OUT cpu_to_le32(0xC0000901) +#define STATUS_CHECKOUT_REQUIRED cpu_to_le32(0xC0000902) +#define STATUS_BAD_FILE_TYPE cpu_to_le32(0xC0000903) +#define STATUS_FILE_TOO_LARGE cpu_to_le32(0xC0000904) +#define STATUS_FORMS_AUTH_REQUIRED cpu_to_le32(0xC0000905) +#define STATUS_VIRUS_INFECTED cpu_to_le32(0xC0000906) +#define STATUS_VIRUS_DELETED cpu_to_le32(0xC0000907) +#define STATUS_BAD_MCFG_TABLE cpu_to_le32(0xC0000908) +#define STATUS_WOW_ASSERTION cpu_to_le32(0xC0009898) +#define STATUS_INVALID_SIGNATURE cpu_to_le32(0xC000A000) +#define STATUS_HMAC_NOT_SUPPORTED cpu_to_le32(0xC000A001) +#define STATUS_IPSEC_QUEUE_OVERFLOW cpu_to_le32(0xC000A010) +#define STATUS_ND_QUEUE_OVERFLOW cpu_to_le32(0xC000A011) +#define STATUS_HOPLIMIT_EXCEEDED cpu_to_le32(0xC000A012) +#define STATUS_PROTOCOL_NOT_SUPPORTED cpu_to_le32(0xC000A013) +#define STATUS_LOST_WRITEBEHIND_DATA_NETWORK_DISCONNECTED \ + cpu_to_le32(0xC000A080) +#define STATUS_LOST_WRITEBEHIND_DATA_NETWORK_SERVER_ERROR \ + cpu_to_le32(0xC000A081) +#define STATUS_LOST_WRITEBEHIND_DATA_LOCAL_DISK_ERROR cpu_to_le32(0xC000A082) +#define STATUS_XML_PARSE_ERROR cpu_to_le32(0xC000A083) +#define STATUS_XMLDSIG_ERROR cpu_to_le32(0xC000A084) +#define STATUS_WRONG_COMPARTMENT cpu_to_le32(0xC000A085) +#define STATUS_AUTHIP_FAILURE cpu_to_le32(0xC000A086) +#define DBG_NO_STATE_CHANGE cpu_to_le32(0xC0010001) +#define DBG_APP_NOT_IDLE cpu_to_le32(0xC0010002) +#define RPC_NT_INVALID_STRING_BINDING cpu_to_le32(0xC0020001) +#define RPC_NT_WRONG_KIND_OF_BINDING cpu_to_le32(0xC0020002) +#define RPC_NT_INVALID_BINDING cpu_to_le32(0xC0020003) +#define RPC_NT_PROTSEQ_NOT_SUPPORTED cpu_to_le32(0xC0020004) +#define RPC_NT_INVALID_RPC_PROTSEQ cpu_to_le32(0xC0020005) +#define RPC_NT_INVALID_STRING_UUID cpu_to_le32(0xC0020006) +#define RPC_NT_INVALID_ENDPOINT_FORMAT cpu_to_le32(0xC0020007) +#define RPC_NT_INVALID_NET_ADDR cpu_to_le32(0xC0020008) +#define RPC_NT_NO_ENDPOINT_FOUND cpu_to_le32(0xC0020009) +#define RPC_NT_INVALID_TIMEOUT cpu_to_le32(0xC002000A) +#define RPC_NT_OBJECT_NOT_FOUND cpu_to_le32(0xC002000B) +#define RPC_NT_ALREADY_REGISTERED cpu_to_le32(0xC002000C) +#define RPC_NT_TYPE_ALREADY_REGISTERED cpu_to_le32(0xC002000D) +#define RPC_NT_ALREADY_LISTENING cpu_to_le32(0xC002000E) +#define RPC_NT_NO_PROTSEQS_REGISTERED cpu_to_le32(0xC002000F) +#define RPC_NT_NOT_LISTENING cpu_to_le32(0xC0020010) +#define RPC_NT_UNKNOWN_MGR_TYPE cpu_to_le32(0xC0020011) +#define RPC_NT_UNKNOWN_IF cpu_to_le32(0xC0020012) +#define RPC_NT_NO_BINDINGS cpu_to_le32(0xC0020013) +#define RPC_NT_NO_PROTSEQS cpu_to_le32(0xC0020014) +#define RPC_NT_CANT_CREATE_ENDPOINT cpu_to_le32(0xC0020015) +#define RPC_NT_OUT_OF_RESOURCES cpu_to_le32(0xC0020016) +#define RPC_NT_SERVER_UNAVAILABLE cpu_to_le32(0xC0020017) +#define RPC_NT_SERVER_TOO_BUSY cpu_to_le32(0xC0020018) +#define RPC_NT_INVALID_NETWORK_OPTIONS cpu_to_le32(0xC0020019) +#define RPC_NT_NO_CALL_ACTIVE cpu_to_le32(0xC002001A) +#define RPC_NT_CALL_FAILED cpu_to_le32(0xC002001B) +#define RPC_NT_CALL_FAILED_DNE cpu_to_le32(0xC002001C) +#define RPC_NT_PROTOCOL_ERROR cpu_to_le32(0xC002001D) +#define RPC_NT_UNSUPPORTED_TRANS_SYN cpu_to_le32(0xC002001F) +#define RPC_NT_UNSUPPORTED_TYPE cpu_to_le32(0xC0020021) +#define RPC_NT_INVALID_TAG cpu_to_le32(0xC0020022) +#define RPC_NT_INVALID_BOUND cpu_to_le32(0xC0020023) +#define RPC_NT_NO_ENTRY_NAME cpu_to_le32(0xC0020024) +#define RPC_NT_INVALID_NAME_SYNTAX cpu_to_le32(0xC0020025) +#define RPC_NT_UNSUPPORTED_NAME_SYNTAX cpu_to_le32(0xC0020026) +#define RPC_NT_UUID_NO_ADDRESS cpu_to_le32(0xC0020028) +#define RPC_NT_DUPLICATE_ENDPOINT cpu_to_le32(0xC0020029) +#define RPC_NT_UNKNOWN_AUTHN_TYPE cpu_to_le32(0xC002002A) +#define RPC_NT_MAX_CALLS_TOO_SMALL cpu_to_le32(0xC002002B) +#define RPC_NT_STRING_TOO_LONG cpu_to_le32(0xC002002C) +#define RPC_NT_PROTSEQ_NOT_FOUND cpu_to_le32(0xC002002D) +#define RPC_NT_PROCNUM_OUT_OF_RANGE cpu_to_le32(0xC002002E) +#define RPC_NT_BINDING_HAS_NO_AUTH cpu_to_le32(0xC002002F) +#define RPC_NT_UNKNOWN_AUTHN_SERVICE cpu_to_le32(0xC0020030) +#define RPC_NT_UNKNOWN_AUTHN_LEVEL cpu_to_le32(0xC0020031) +#define RPC_NT_INVALID_AUTH_IDENTITY cpu_to_le32(0xC0020032) +#define RPC_NT_UNKNOWN_AUTHZ_SERVICE cpu_to_le32(0xC0020033) +#define EPT_NT_INVALID_ENTRY cpu_to_le32(0xC0020034) +#define EPT_NT_CANT_PERFORM_OP cpu_to_le32(0xC0020035) +#define EPT_NT_NOT_REGISTERED cpu_to_le32(0xC0020036) +#define RPC_NT_NOTHING_TO_EXPORT cpu_to_le32(0xC0020037) +#define RPC_NT_INCOMPLETE_NAME cpu_to_le32(0xC0020038) +#define RPC_NT_INVALID_VERS_OPTION cpu_to_le32(0xC0020039) +#define RPC_NT_NO_MORE_MEMBERS cpu_to_le32(0xC002003A) +#define RPC_NT_NOT_ALL_OBJS_UNEXPORTED cpu_to_le32(0xC002003B) +#define RPC_NT_INTERFACE_NOT_FOUND cpu_to_le32(0xC002003C) +#define RPC_NT_ENTRY_ALREADY_EXISTS cpu_to_le32(0xC002003D) +#define RPC_NT_ENTRY_NOT_FOUND cpu_to_le32(0xC002003E) +#define RPC_NT_NAME_SERVICE_UNAVAILABLE cpu_to_le32(0xC002003F) +#define RPC_NT_INVALID_NAF_ID cpu_to_le32(0xC0020040) +#define RPC_NT_CANNOT_SUPPORT cpu_to_le32(0xC0020041) +#define RPC_NT_NO_CONTEXT_AVAILABLE cpu_to_le32(0xC0020042) +#define RPC_NT_INTERNAL_ERROR cpu_to_le32(0xC0020043) +#define RPC_NT_ZERO_DIVIDE cpu_to_le32(0xC0020044) +#define RPC_NT_ADDRESS_ERROR cpu_to_le32(0xC0020045) +#define RPC_NT_FP_DIV_ZERO cpu_to_le32(0xC0020046) +#define RPC_NT_FP_UNDERFLOW cpu_to_le32(0xC0020047) +#define RPC_NT_FP_OVERFLOW cpu_to_le32(0xC0020048) +#define RPC_NT_CALL_IN_PROGRESS cpu_to_le32(0xC0020049) +#define RPC_NT_NO_MORE_BINDINGS cpu_to_le32(0xC002004A) +#define RPC_NT_GROUP_MEMBER_NOT_FOUND cpu_to_le32(0xC002004B) +#define EPT_NT_CANT_CREATE cpu_to_le32(0xC002004C) +#define RPC_NT_INVALID_OBJECT cpu_to_le32(0xC002004D) +#define RPC_NT_NO_INTERFACES cpu_to_le32(0xC002004F) +#define RPC_NT_CALL_CANCELLED cpu_to_le32(0xC0020050) +#define RPC_NT_BINDING_INCOMPLETE cpu_to_le32(0xC0020051) +#define RPC_NT_COMM_FAILURE cpu_to_le32(0xC0020052) +#define RPC_NT_UNSUPPORTED_AUTHN_LEVEL cpu_to_le32(0xC0020053) +#define RPC_NT_NO_PRINC_NAME cpu_to_le32(0xC0020054) +#define RPC_NT_NOT_RPC_ERROR cpu_to_le32(0xC0020055) +#define RPC_NT_SEC_PKG_ERROR cpu_to_le32(0xC0020057) +#define RPC_NT_NOT_CANCELLED cpu_to_le32(0xC0020058) +#define RPC_NT_INVALID_ASYNC_HANDLE cpu_to_le32(0xC0020062) +#define RPC_NT_INVALID_ASYNC_CALL cpu_to_le32(0xC0020063) +#define RPC_NT_PROXY_ACCESS_DENIED cpu_to_le32(0xC0020064) +#define RPC_NT_NO_MORE_ENTRIES cpu_to_le32(0xC0030001) +#define RPC_NT_SS_CHAR_TRANS_OPEN_FAIL cpu_to_le32(0xC0030002) +#define RPC_NT_SS_CHAR_TRANS_SHORT_FILE cpu_to_le32(0xC0030003) +#define RPC_NT_SS_IN_NULL_CONTEXT cpu_to_le32(0xC0030004) +#define RPC_NT_SS_CONTEXT_MISMATCH cpu_to_le32(0xC0030005) +#define RPC_NT_SS_CONTEXT_DAMAGED cpu_to_le32(0xC0030006) +#define RPC_NT_SS_HANDLES_MISMATCH cpu_to_le32(0xC0030007) +#define RPC_NT_SS_CANNOT_GET_CALL_HANDLE cpu_to_le32(0xC0030008) +#define RPC_NT_NULL_REF_POINTER cpu_to_le32(0xC0030009) +#define RPC_NT_ENUM_VALUE_OUT_OF_RANGE cpu_to_le32(0xC003000A) +#define RPC_NT_BYTE_COUNT_TOO_SMALL cpu_to_le32(0xC003000B) +#define RPC_NT_BAD_STUB_DATA cpu_to_le32(0xC003000C) +#define RPC_NT_INVALID_ES_ACTION cpu_to_le32(0xC0030059) +#define RPC_NT_WRONG_ES_VERSION cpu_to_le32(0xC003005A) +#define RPC_NT_WRONG_STUB_VERSION cpu_to_le32(0xC003005B) +#define RPC_NT_INVALID_PIPE_OBJECT cpu_to_le32(0xC003005C) +#define RPC_NT_INVALID_PIPE_OPERATION cpu_to_le32(0xC003005D) +#define RPC_NT_WRONG_PIPE_VERSION cpu_to_le32(0xC003005E) +#define RPC_NT_PIPE_CLOSED cpu_to_le32(0xC003005F) +#define RPC_NT_PIPE_DISCIPLINE_ERROR cpu_to_le32(0xC0030060) +#define RPC_NT_PIPE_EMPTY cpu_to_le32(0xC0030061) +#define STATUS_PNP_BAD_MPS_TABLE cpu_to_le32(0xC0040035) +#define STATUS_PNP_TRANSLATION_FAILED cpu_to_le32(0xC0040036) +#define STATUS_PNP_IRQ_TRANSLATION_FAILED cpu_to_le32(0xC0040037) +#define STATUS_PNP_INVALID_ID cpu_to_le32(0xC0040038) +#define STATUS_IO_REISSUE_AS_CACHED cpu_to_le32(0xC0040039) +#define STATUS_CTX_WINSTATION_NAME_INVALID cpu_to_le32(0xC00A0001) +#define STATUS_CTX_INVALID_PD cpu_to_le32(0xC00A0002) +#define STATUS_CTX_PD_NOT_FOUND cpu_to_le32(0xC00A0003) +#define STATUS_CTX_CLOSE_PENDING cpu_to_le32(0xC00A0006) +#define STATUS_CTX_NO_OUTBUF cpu_to_le32(0xC00A0007) +#define STATUS_CTX_MODEM_INF_NOT_FOUND cpu_to_le32(0xC00A0008) +#define STATUS_CTX_INVALID_MODEMNAME cpu_to_le32(0xC00A0009) +#define STATUS_CTX_RESPONSE_ERROR cpu_to_le32(0xC00A000A) +#define STATUS_CTX_MODEM_RESPONSE_TIMEOUT cpu_to_le32(0xC00A000B) +#define STATUS_CTX_MODEM_RESPONSE_NO_CARRIER cpu_to_le32(0xC00A000C) +#define STATUS_CTX_MODEM_RESPONSE_NO_DIALTONE cpu_to_le32(0xC00A000D) +#define STATUS_CTX_MODEM_RESPONSE_BUSY cpu_to_le32(0xC00A000E) +#define STATUS_CTX_MODEM_RESPONSE_VOICE cpu_to_le32(0xC00A000F) +#define STATUS_CTX_TD_ERROR cpu_to_le32(0xC00A0010) +#define STATUS_CTX_LICENSE_CLIENT_INVALID cpu_to_le32(0xC00A0012) +#define STATUS_CTX_LICENSE_NOT_AVAILABLE cpu_to_le32(0xC00A0013) +#define STATUS_CTX_LICENSE_EXPIRED cpu_to_le32(0xC00A0014) +#define STATUS_CTX_WINSTATION_NOT_FOUND cpu_to_le32(0xC00A0015) +#define STATUS_CTX_WINSTATION_NAME_COLLISION cpu_to_le32(0xC00A0016) +#define STATUS_CTX_WINSTATION_BUSY cpu_to_le32(0xC00A0017) +#define STATUS_CTX_BAD_VIDEO_MODE cpu_to_le32(0xC00A0018) +#define STATUS_CTX_GRAPHICS_INVALID cpu_to_le32(0xC00A0022) +#define STATUS_CTX_NOT_CONSOLE cpu_to_le32(0xC00A0024) +#define STATUS_CTX_CLIENT_QUERY_TIMEOUT cpu_to_le32(0xC00A0026) +#define STATUS_CTX_CONSOLE_DISCONNECT cpu_to_le32(0xC00A0027) +#define STATUS_CTX_CONSOLE_CONNECT cpu_to_le32(0xC00A0028) +#define STATUS_CTX_SHADOW_DENIED cpu_to_le32(0xC00A002A) +#define STATUS_CTX_WINSTATION_ACCESS_DENIED cpu_to_le32(0xC00A002B) +#define STATUS_CTX_INVALID_WD cpu_to_le32(0xC00A002E) +#define STATUS_CTX_WD_NOT_FOUND cpu_to_le32(0xC00A002F) +#define STATUS_CTX_SHADOW_INVALID cpu_to_le32(0xC00A0030) +#define STATUS_CTX_SHADOW_DISABLED cpu_to_le32(0xC00A0031) +#define STATUS_RDP_PROTOCOL_ERROR cpu_to_le32(0xC00A0032) +#define STATUS_CTX_CLIENT_LICENSE_NOT_SET cpu_to_le32(0xC00A0033) +#define STATUS_CTX_CLIENT_LICENSE_IN_USE cpu_to_le32(0xC00A0034) +#define STATUS_CTX_SHADOW_ENDED_BY_MODE_CHANGE cpu_to_le32(0xC00A0035) +#define STATUS_CTX_SHADOW_NOT_RUNNING cpu_to_le32(0xC00A0036) +#define STATUS_CTX_LOGON_DISABLED cpu_to_le32(0xC00A0037) +#define STATUS_CTX_SECURITY_LAYER_ERROR cpu_to_le32(0xC00A0038) +#define STATUS_TS_INCOMPATIBLE_SESSIONS cpu_to_le32(0xC00A0039) +#define STATUS_MUI_FILE_NOT_FOUND cpu_to_le32(0xC00B0001) +#define STATUS_MUI_INVALID_FILE cpu_to_le32(0xC00B0002) +#define STATUS_MUI_INVALID_RC_CONFIG cpu_to_le32(0xC00B0003) +#define STATUS_MUI_INVALID_LOCALE_NAME cpu_to_le32(0xC00B0004) +#define STATUS_MUI_INVALID_ULTIMATEFALLBACK_NAME cpu_to_le32(0xC00B0005) +#define STATUS_MUI_FILE_NOT_LOADED cpu_to_le32(0xC00B0006) +#define STATUS_RESOURCE_ENUM_USER_STOP cpu_to_le32(0xC00B0007) +#define STATUS_CLUSTER_INVALID_NODE cpu_to_le32(0xC0130001) +#define STATUS_CLUSTER_NODE_EXISTS cpu_to_le32(0xC0130002) +#define STATUS_CLUSTER_JOIN_IN_PROGRESS cpu_to_le32(0xC0130003) +#define STATUS_CLUSTER_NODE_NOT_FOUND cpu_to_le32(0xC0130004) +#define STATUS_CLUSTER_LOCAL_NODE_NOT_FOUND cpu_to_le32(0xC0130005) +#define STATUS_CLUSTER_NETWORK_EXISTS cpu_to_le32(0xC0130006) +#define STATUS_CLUSTER_NETWORK_NOT_FOUND cpu_to_le32(0xC0130007) +#define STATUS_CLUSTER_NETINTERFACE_EXISTS cpu_to_le32(0xC0130008) +#define STATUS_CLUSTER_NETINTERFACE_NOT_FOUND cpu_to_le32(0xC0130009) +#define STATUS_CLUSTER_INVALID_REQUEST cpu_to_le32(0xC013000A) +#define STATUS_CLUSTER_INVALID_NETWORK_PROVIDER cpu_to_le32(0xC013000B) +#define STATUS_CLUSTER_NODE_DOWN cpu_to_le32(0xC013000C) +#define STATUS_CLUSTER_NODE_UNREACHABLE cpu_to_le32(0xC013000D) +#define STATUS_CLUSTER_NODE_NOT_MEMBER cpu_to_le32(0xC013000E) +#define STATUS_CLUSTER_JOIN_NOT_IN_PROGRESS cpu_to_le32(0xC013000F) +#define STATUS_CLUSTER_INVALID_NETWORK cpu_to_le32(0xC0130010) +#define STATUS_CLUSTER_NO_NET_ADAPTERS cpu_to_le32(0xC0130011) +#define STATUS_CLUSTER_NODE_UP cpu_to_le32(0xC0130012) +#define STATUS_CLUSTER_NODE_PAUSED cpu_to_le32(0xC0130013) +#define STATUS_CLUSTER_NODE_NOT_PAUSED cpu_to_le32(0xC0130014) +#define STATUS_CLUSTER_NO_SECURITY_CONTEXT cpu_to_le32(0xC0130015) +#define STATUS_CLUSTER_NETWORK_NOT_INTERNAL cpu_to_le32(0xC0130016) +#define STATUS_CLUSTER_POISONED cpu_to_le32(0xC0130017) +#define STATUS_ACPI_INVALID_OPCODE cpu_to_le32(0xC0140001) +#define STATUS_ACPI_STACK_OVERFLOW cpu_to_le32(0xC0140002) +#define STATUS_ACPI_ASSERT_FAILED cpu_to_le32(0xC0140003) +#define STATUS_ACPI_INVALID_INDEX cpu_to_le32(0xC0140004) +#define STATUS_ACPI_INVALID_ARGUMENT cpu_to_le32(0xC0140005) +#define STATUS_ACPI_FATAL cpu_to_le32(0xC0140006) +#define STATUS_ACPI_INVALID_SUPERNAME cpu_to_le32(0xC0140007) +#define STATUS_ACPI_INVALID_ARGTYPE cpu_to_le32(0xC0140008) +#define STATUS_ACPI_INVALID_OBJTYPE cpu_to_le32(0xC0140009) +#define STATUS_ACPI_INVALID_TARGETTYPE cpu_to_le32(0xC014000A) +#define STATUS_ACPI_INCORRECT_ARGUMENT_COUNT cpu_to_le32(0xC014000B) +#define STATUS_ACPI_ADDRESS_NOT_MAPPED cpu_to_le32(0xC014000C) +#define STATUS_ACPI_INVALID_EVENTTYPE cpu_to_le32(0xC014000D) +#define STATUS_ACPI_HANDLER_COLLISION cpu_to_le32(0xC014000E) +#define STATUS_ACPI_INVALID_DATA cpu_to_le32(0xC014000F) +#define STATUS_ACPI_INVALID_REGION cpu_to_le32(0xC0140010) +#define STATUS_ACPI_INVALID_ACCESS_SIZE cpu_to_le32(0xC0140011) +#define STATUS_ACPI_ACQUIRE_GLOBAL_LOCK cpu_to_le32(0xC0140012) +#define STATUS_ACPI_ALREADY_INITIALIZED cpu_to_le32(0xC0140013) +#define STATUS_ACPI_NOT_INITIALIZED cpu_to_le32(0xC0140014) +#define STATUS_ACPI_INVALID_MUTEX_LEVEL cpu_to_le32(0xC0140015) +#define STATUS_ACPI_MUTEX_NOT_OWNED cpu_to_le32(0xC0140016) +#define STATUS_ACPI_MUTEX_NOT_OWNER cpu_to_le32(0xC0140017) +#define STATUS_ACPI_RS_ACCESS cpu_to_le32(0xC0140018) +#define STATUS_ACPI_INVALID_TABLE cpu_to_le32(0xC0140019) +#define STATUS_ACPI_REG_HANDLER_FAILED cpu_to_le32(0xC0140020) +#define STATUS_ACPI_POWER_REQUEST_FAILED cpu_to_le32(0xC0140021) +#define STATUS_SXS_SECTION_NOT_FOUND cpu_to_le32(0xC0150001) +#define STATUS_SXS_CANT_GEN_ACTCTX cpu_to_le32(0xC0150002) +#define STATUS_SXS_INVALID_ACTCTXDATA_FORMAT cpu_to_le32(0xC0150003) +#define STATUS_SXS_ASSEMBLY_NOT_FOUND cpu_to_le32(0xC0150004) +#define STATUS_SXS_MANIFEST_FORMAT_ERROR cpu_to_le32(0xC0150005) +#define STATUS_SXS_MANIFEST_PARSE_ERROR cpu_to_le32(0xC0150006) +#define STATUS_SXS_ACTIVATION_CONTEXT_DISABLED cpu_to_le32(0xC0150007) +#define STATUS_SXS_KEY_NOT_FOUND cpu_to_le32(0xC0150008) +#define STATUS_SXS_VERSION_CONFLICT cpu_to_le32(0xC0150009) +#define STATUS_SXS_WRONG_SECTION_TYPE cpu_to_le32(0xC015000A) +#define STATUS_SXS_THREAD_QUERIES_DISABLED cpu_to_le32(0xC015000B) +#define STATUS_SXS_ASSEMBLY_MISSING cpu_to_le32(0xC015000C) +#define STATUS_SXS_PROCESS_DEFAULT_ALREADY_SET cpu_to_le32(0xC015000E) +#define STATUS_SXS_EARLY_DEACTIVATION cpu_to_le32(0xC015000F) +#define STATUS_SXS_INVALID_DEACTIVATION cpu_to_le32(0xC0150010) +#define STATUS_SXS_MULTIPLE_DEACTIVATION cpu_to_le32(0xC0150011) +#define STATUS_SXS_SYSTEM_DEFAULT_ACTIVATION_CONTEXT_EMPTY \ + cpu_to_le32(0xC0150012) +#define STATUS_SXS_PROCESS_TERMINATION_REQUESTED cpu_to_le32(0xC0150013) +#define STATUS_SXS_CORRUPT_ACTIVATION_STACK cpu_to_le32(0xC0150014) +#define STATUS_SXS_CORRUPTION cpu_to_le32(0xC0150015) +#define STATUS_SXS_INVALID_IDENTITY_ATTRIBUTE_VALUE cpu_to_le32(0xC0150016) +#define STATUS_SXS_INVALID_IDENTITY_ATTRIBUTE_NAME cpu_to_le32(0xC0150017) +#define STATUS_SXS_IDENTITY_DUPLICATE_ATTRIBUTE cpu_to_le32(0xC0150018) +#define STATUS_SXS_IDENTITY_PARSE_ERROR cpu_to_le32(0xC0150019) +#define STATUS_SXS_COMPONENT_STORE_CORRUPT cpu_to_le32(0xC015001A) +#define STATUS_SXS_FILE_HASH_MISMATCH cpu_to_le32(0xC015001B) +#define STATUS_SXS_MANIFEST_IDENTITY_SAME_BUT_CONTENTS_DIFFERENT \ + cpu_to_le32(0xC015001C) +#define STATUS_SXS_IDENTITIES_DIFFERENT cpu_to_le32(0xC015001D) +#define STATUS_SXS_ASSEMBLY_IS_NOT_A_DEPLOYMENT cpu_to_le32(0xC015001E) +#define STATUS_SXS_FILE_NOT_PART_OF_ASSEMBLY cpu_to_le32(0xC015001F) +#define STATUS_ADVANCED_INSTALLER_FAILED cpu_to_le32(0xC0150020) +#define STATUS_XML_ENCODING_MISMATCH cpu_to_le32(0xC0150021) +#define STATUS_SXS_MANIFEST_TOO_BIG cpu_to_le32(0xC0150022) +#define STATUS_SXS_SETTING_NOT_REGISTERED cpu_to_le32(0xC0150023) +#define STATUS_SXS_TRANSACTION_CLOSURE_INCOMPLETE cpu_to_le32(0xC0150024) +#define STATUS_SMI_PRIMITIVE_INSTALLER_FAILED cpu_to_le32(0xC0150025) +#define STATUS_GENERIC_COMMAND_FAILED cpu_to_le32(0xC0150026) +#define STATUS_SXS_FILE_HASH_MISSING cpu_to_le32(0xC0150027) +#define STATUS_TRANSACTIONAL_CONFLICT cpu_to_le32(0xC0190001) +#define STATUS_INVALID_TRANSACTION cpu_to_le32(0xC0190002) +#define STATUS_TRANSACTION_NOT_ACTIVE cpu_to_le32(0xC0190003) +#define STATUS_TM_INITIALIZATION_FAILED cpu_to_le32(0xC0190004) +#define STATUS_RM_NOT_ACTIVE cpu_to_le32(0xC0190005) +#define STATUS_RM_METADATA_CORRUPT cpu_to_le32(0xC0190006) +#define STATUS_TRANSACTION_NOT_JOINED cpu_to_le32(0xC0190007) +#define STATUS_DIRECTORY_NOT_RM cpu_to_le32(0xC0190008) +#define STATUS_TRANSACTIONS_UNSUPPORTED_REMOTE cpu_to_le32(0xC019000A) +#define STATUS_LOG_RESIZE_INVALID_SIZE cpu_to_le32(0xC019000B) +#define STATUS_REMOTE_FILE_VERSION_MISMATCH cpu_to_le32(0xC019000C) +#define STATUS_CRM_PROTOCOL_ALREADY_EXISTS cpu_to_le32(0xC019000F) +#define STATUS_TRANSACTION_PROPAGATION_FAILED cpu_to_le32(0xC0190010) +#define STATUS_CRM_PROTOCOL_NOT_FOUND cpu_to_le32(0xC0190011) +#define STATUS_TRANSACTION_SUPERIOR_EXISTS cpu_to_le32(0xC0190012) +#define STATUS_TRANSACTION_REQUEST_NOT_VALID cpu_to_le32(0xC0190013) +#define STATUS_TRANSACTION_NOT_REQUESTED cpu_to_le32(0xC0190014) +#define STATUS_TRANSACTION_ALREADY_ABORTED cpu_to_le32(0xC0190015) +#define STATUS_TRANSACTION_ALREADY_COMMITTED cpu_to_le32(0xC0190016) +#define STATUS_TRANSACTION_INVALID_MARSHALL_BUFFER cpu_to_le32(0xC0190017) +#define STATUS_CURRENT_TRANSACTION_NOT_VALID cpu_to_le32(0xC0190018) +#define STATUS_LOG_GROWTH_FAILED cpu_to_le32(0xC0190019) +#define STATUS_OBJECT_NO_LONGER_EXISTS cpu_to_le32(0xC0190021) +#define STATUS_STREAM_MINIVERSION_NOT_FOUND cpu_to_le32(0xC0190022) +#define STATUS_STREAM_MINIVERSION_NOT_VALID cpu_to_le32(0xC0190023) +#define STATUS_MINIVERSION_INACCESSIBLE_FROM_SPECIFIED_TRANSACTION \ + cpu_to_le32(0xC0190024) +#define STATUS_CANT_OPEN_MINIVERSION_WITH_MODIFY_INTENT cpu_to_le32(0xC0190025) +#define STATUS_CANT_CREATE_MORE_STREAM_MINIVERSIONS cpu_to_le32(0xC0190026) +#define STATUS_HANDLE_NO_LONGER_VALID cpu_to_le32(0xC0190028) +#define STATUS_LOG_CORRUPTION_DETECTED cpu_to_le32(0xC0190030) +#define STATUS_RM_DISCONNECTED cpu_to_le32(0xC0190032) +#define STATUS_ENLISTMENT_NOT_SUPERIOR cpu_to_le32(0xC0190033) +#define STATUS_FILE_IDENTITY_NOT_PERSISTENT cpu_to_le32(0xC0190036) +#define STATUS_CANT_BREAK_TRANSACTIONAL_DEPENDENCY cpu_to_le32(0xC0190037) +#define STATUS_CANT_CROSS_RM_BOUNDARY cpu_to_le32(0xC0190038) +#define STATUS_TXF_DIR_NOT_EMPTY cpu_to_le32(0xC0190039) +#define STATUS_INDOUBT_TRANSACTIONS_EXIST cpu_to_le32(0xC019003A) +#define STATUS_TM_VOLATILE cpu_to_le32(0xC019003B) +#define STATUS_ROLLBACK_TIMER_EXPIRED cpu_to_le32(0xC019003C) +#define STATUS_TXF_ATTRIBUTE_CORRUPT cpu_to_le32(0xC019003D) +#define STATUS_EFS_NOT_ALLOWED_IN_TRANSACTION cpu_to_le32(0xC019003E) +#define STATUS_TRANSACTIONAL_OPEN_NOT_ALLOWED cpu_to_le32(0xC019003F) +#define STATUS_TRANSACTED_MAPPING_UNSUPPORTED_REMOTE cpu_to_le32(0xC0190040) +#define STATUS_TRANSACTION_REQUIRED_PROMOTION cpu_to_le32(0xC0190043) +#define STATUS_CANNOT_EXECUTE_FILE_IN_TRANSACTION cpu_to_le32(0xC0190044) +#define STATUS_TRANSACTIONS_NOT_FROZEN cpu_to_le32(0xC0190045) +#define STATUS_TRANSACTION_FREEZE_IN_PROGRESS cpu_to_le32(0xC0190046) +#define STATUS_NOT_SNAPSHOT_VOLUME cpu_to_le32(0xC0190047) +#define STATUS_NO_SAVEPOINT_WITH_OPEN_FILES cpu_to_le32(0xC0190048) +#define STATUS_SPARSE_NOT_ALLOWED_IN_TRANSACTION cpu_to_le32(0xC0190049) +#define STATUS_TM_IDENTITY_MISMATCH cpu_to_le32(0xC019004A) +#define STATUS_FLOATED_SECTION cpu_to_le32(0xC019004B) +#define STATUS_CANNOT_ACCEPT_TRANSACTED_WORK cpu_to_le32(0xC019004C) +#define STATUS_CANNOT_ABORT_TRANSACTIONS cpu_to_le32(0xC019004D) +#define STATUS_TRANSACTION_NOT_FOUND cpu_to_le32(0xC019004E) +#define STATUS_RESOURCEMANAGER_NOT_FOUND cpu_to_le32(0xC019004F) +#define STATUS_ENLISTMENT_NOT_FOUND cpu_to_le32(0xC0190050) +#define STATUS_TRANSACTIONMANAGER_NOT_FOUND cpu_to_le32(0xC0190051) +#define STATUS_TRANSACTIONMANAGER_NOT_ONLINE cpu_to_le32(0xC0190052) +#define STATUS_TRANSACTIONMANAGER_RECOVERY_NAME_COLLISION \ + cpu_to_le32(0xC0190053) +#define STATUS_TRANSACTION_NOT_ROOT cpu_to_le32(0xC0190054) +#define STATUS_TRANSACTION_OBJECT_EXPIRED cpu_to_le32(0xC0190055) +#define STATUS_COMPRESSION_NOT_ALLOWED_IN_TRANSACTION cpu_to_le32(0xC0190056) +#define STATUS_TRANSACTION_RESPONSE_NOT_ENLISTED cpu_to_le32(0xC0190057) +#define STATUS_TRANSACTION_RECORD_TOO_LONG cpu_to_le32(0xC0190058) +#define STATUS_NO_LINK_TRACKING_IN_TRANSACTION cpu_to_le32(0xC0190059) +#define STATUS_OPERATION_NOT_SUPPORTED_IN_TRANSACTION cpu_to_le32(0xC019005A) +#define STATUS_TRANSACTION_INTEGRITY_VIOLATED cpu_to_le32(0xC019005B) +#define STATUS_LOG_SECTOR_INVALID cpu_to_le32(0xC01A0001) +#define STATUS_LOG_SECTOR_PARITY_INVALID cpu_to_le32(0xC01A0002) +#define STATUS_LOG_SECTOR_REMAPPED cpu_to_le32(0xC01A0003) +#define STATUS_LOG_BLOCK_INCOMPLETE cpu_to_le32(0xC01A0004) +#define STATUS_LOG_INVALID_RANGE cpu_to_le32(0xC01A0005) +#define STATUS_LOG_BLOCKS_EXHAUSTED cpu_to_le32(0xC01A0006) +#define STATUS_LOG_READ_CONTEXT_INVALID cpu_to_le32(0xC01A0007) +#define STATUS_LOG_RESTART_INVALID cpu_to_le32(0xC01A0008) +#define STATUS_LOG_BLOCK_VERSION cpu_to_le32(0xC01A0009) +#define STATUS_LOG_BLOCK_INVALID cpu_to_le32(0xC01A000A) +#define STATUS_LOG_READ_MODE_INVALID cpu_to_le32(0xC01A000B) +#define STATUS_LOG_METADATA_CORRUPT cpu_to_le32(0xC01A000D) +#define STATUS_LOG_METADATA_INVALID cpu_to_le32(0xC01A000E) +#define STATUS_LOG_METADATA_INCONSISTENT cpu_to_le32(0xC01A000F) +#define STATUS_LOG_RESERVATION_INVALID cpu_to_le32(0xC01A0010) +#define STATUS_LOG_CANT_DELETE cpu_to_le32(0xC01A0011) +#define STATUS_LOG_CONTAINER_LIMIT_EXCEEDED cpu_to_le32(0xC01A0012) +#define STATUS_LOG_START_OF_LOG cpu_to_le32(0xC01A0013) +#define STATUS_LOG_POLICY_ALREADY_INSTALLED cpu_to_le32(0xC01A0014) +#define STATUS_LOG_POLICY_NOT_INSTALLED cpu_to_le32(0xC01A0015) +#define STATUS_LOG_POLICY_INVALID cpu_to_le32(0xC01A0016) +#define STATUS_LOG_POLICY_CONFLICT cpu_to_le32(0xC01A0017) +#define STATUS_LOG_PINNED_ARCHIVE_TAIL cpu_to_le32(0xC01A0018) +#define STATUS_LOG_RECORD_NONEXISTENT cpu_to_le32(0xC01A0019) +#define STATUS_LOG_RECORDS_RESERVED_INVALID cpu_to_le32(0xC01A001A) +#define STATUS_LOG_SPACE_RESERVED_INVALID cpu_to_le32(0xC01A001B) +#define STATUS_LOG_TAIL_INVALID cpu_to_le32(0xC01A001C) +#define STATUS_LOG_FULL cpu_to_le32(0xC01A001D) +#define STATUS_LOG_MULTIPLEXED cpu_to_le32(0xC01A001E) +#define STATUS_LOG_DEDICATED cpu_to_le32(0xC01A001F) +#define STATUS_LOG_ARCHIVE_NOT_IN_PROGRESS cpu_to_le32(0xC01A0020) +#define STATUS_LOG_ARCHIVE_IN_PROGRESS cpu_to_le32(0xC01A0021) +#define STATUS_LOG_EPHEMERAL cpu_to_le32(0xC01A0022) +#define STATUS_LOG_NOT_ENOUGH_CONTAINERS cpu_to_le32(0xC01A0023) +#define STATUS_LOG_CLIENT_ALREADY_REGISTERED cpu_to_le32(0xC01A0024) +#define STATUS_LOG_CLIENT_NOT_REGISTERED cpu_to_le32(0xC01A0025) +#define STATUS_LOG_FULL_HANDLER_IN_PROGRESS cpu_to_le32(0xC01A0026) +#define STATUS_LOG_CONTAINER_READ_FAILED cpu_to_le32(0xC01A0027) +#define STATUS_LOG_CONTAINER_WRITE_FAILED cpu_to_le32(0xC01A0028) +#define STATUS_LOG_CONTAINER_OPEN_FAILED cpu_to_le32(0xC01A0029) +#define STATUS_LOG_CONTAINER_STATE_INVALID cpu_to_le32(0xC01A002A) +#define STATUS_LOG_STATE_INVALID cpu_to_le32(0xC01A002B) +#define STATUS_LOG_PINNED cpu_to_le32(0xC01A002C) +#define STATUS_LOG_METADATA_FLUSH_FAILED cpu_to_le32(0xC01A002D) +#define STATUS_LOG_INCONSISTENT_SECURITY cpu_to_le32(0xC01A002E) +#define STATUS_LOG_APPENDED_FLUSH_FAILED cpu_to_le32(0xC01A002F) +#define STATUS_LOG_PINNED_RESERVATION cpu_to_le32(0xC01A0030) +#define STATUS_VIDEO_HUNG_DISPLAY_DRIVER_THREAD cpu_to_le32(0xC01B00EA) +#define STATUS_FLT_NO_HANDLER_DEFINED cpu_to_le32(0xC01C0001) +#define STATUS_FLT_CONTEXT_ALREADY_DEFINED cpu_to_le32(0xC01C0002) +#define STATUS_FLT_INVALID_ASYNCHRONOUS_REQUEST cpu_to_le32(0xC01C0003) +#define STATUS_FLT_DISALLOW_FAST_IO cpu_to_le32(0xC01C0004) +#define STATUS_FLT_INVALID_NAME_REQUEST cpu_to_le32(0xC01C0005) +#define STATUS_FLT_NOT_SAFE_TO_POST_OPERATION cpu_to_le32(0xC01C0006) +#define STATUS_FLT_NOT_INITIALIZED cpu_to_le32(0xC01C0007) +#define STATUS_FLT_FILTER_NOT_READY cpu_to_le32(0xC01C0008) +#define STATUS_FLT_POST_OPERATION_CLEANUP cpu_to_le32(0xC01C0009) +#define STATUS_FLT_INTERNAL_ERROR cpu_to_le32(0xC01C000A) +#define STATUS_FLT_DELETING_OBJECT cpu_to_le32(0xC01C000B) +#define STATUS_FLT_MUST_BE_NONPAGED_POOL cpu_to_le32(0xC01C000C) +#define STATUS_FLT_DUPLICATE_ENTRY cpu_to_le32(0xC01C000D) +#define STATUS_FLT_CBDQ_DISABLED cpu_to_le32(0xC01C000E) +#define STATUS_FLT_DO_NOT_ATTACH cpu_to_le32(0xC01C000F) +#define STATUS_FLT_DO_NOT_DETACH cpu_to_le32(0xC01C0010) +#define STATUS_FLT_INSTANCE_ALTITUDE_COLLISION cpu_to_le32(0xC01C0011) +#define STATUS_FLT_INSTANCE_NAME_COLLISION cpu_to_le32(0xC01C0012) +#define STATUS_FLT_FILTER_NOT_FOUND cpu_to_le32(0xC01C0013) +#define STATUS_FLT_VOLUME_NOT_FOUND cpu_to_le32(0xC01C0014) +#define STATUS_FLT_INSTANCE_NOT_FOUND cpu_to_le32(0xC01C0015) +#define STATUS_FLT_CONTEXT_ALLOCATION_NOT_FOUND cpu_to_le32(0xC01C0016) +#define STATUS_FLT_INVALID_CONTEXT_REGISTRATION cpu_to_le32(0xC01C0017) +#define STATUS_FLT_NAME_CACHE_MISS cpu_to_le32(0xC01C0018) +#define STATUS_FLT_NO_DEVICE_OBJECT cpu_to_le32(0xC01C0019) +#define STATUS_FLT_VOLUME_ALREADY_MOUNTED cpu_to_le32(0xC01C001A) +#define STATUS_FLT_ALREADY_ENLISTED cpu_to_le32(0xC01C001B) +#define STATUS_FLT_CONTEXT_ALREADY_LINKED cpu_to_le32(0xC01C001C) +#define STATUS_FLT_NO_WAITER_FOR_REPLY cpu_to_le32(0xC01C0020) +#define STATUS_MONITOR_NO_DESCRIPTOR cpu_to_le32(0xC01D0001) +#define STATUS_MONITOR_UNKNOWN_DESCRIPTOR_FORMAT cpu_to_le32(0xC01D0002) +#define STATUS_MONITOR_INVALID_DESCRIPTOR_CHECKSUM cpu_to_le32(0xC01D0003) +#define STATUS_MONITOR_INVALID_STANDARD_TIMING_BLOCK cpu_to_le32(0xC01D0004) +#define STATUS_MONITOR_WMI_DATABLOCK_REGISTRATION_FAILED cpu_to_le32(0xC01D0005) +#define STATUS_MONITOR_INVALID_SERIAL_NUMBER_MONDSC_BLOCK \ + cpu_to_le32(0xC01D0006) +#define STATUS_MONITOR_INVALID_USER_FRIENDLY_MONDSC_BLOCK \ + cpu_to_le32(0xC01D0007) +#define STATUS_MONITOR_NO_MORE_DESCRIPTOR_DATA cpu_to_le32(0xC01D0008) +#define STATUS_MONITOR_INVALID_DETAILED_TIMING_BLOCK cpu_to_le32(0xC01D0009) +#define STATUS_GRAPHICS_NOT_EXCLUSIVE_MODE_OWNER cpu_to_le32(0xC01E0000) +#define STATUS_GRAPHICS_INSUFFICIENT_DMA_BUFFER cpu_to_le32(0xC01E0001) +#define STATUS_GRAPHICS_INVALID_DISPLAY_ADAPTER cpu_to_le32(0xC01E0002) +#define STATUS_GRAPHICS_ADAPTER_WAS_RESET cpu_to_le32(0xC01E0003) +#define STATUS_GRAPHICS_INVALID_DRIVER_MODEL cpu_to_le32(0xC01E0004) +#define STATUS_GRAPHICS_PRESENT_MODE_CHANGED cpu_to_le32(0xC01E0005) +#define STATUS_GRAPHICS_PRESENT_OCCLUDED cpu_to_le32(0xC01E0006) +#define STATUS_GRAPHICS_PRESENT_DENIED cpu_to_le32(0xC01E0007) +#define STATUS_GRAPHICS_CANNOTCOLORCONVERT cpu_to_le32(0xC01E0008) +#define STATUS_GRAPHICS_NO_VIDEO_MEMORY cpu_to_le32(0xC01E0100) +#define STATUS_GRAPHICS_CANT_LOCK_MEMORY cpu_to_le32(0xC01E0101) +#define STATUS_GRAPHICS_ALLOCATION_BUSY cpu_to_le32(0xC01E0102) +#define STATUS_GRAPHICS_TOO_MANY_REFERENCES cpu_to_le32(0xC01E0103) +#define STATUS_GRAPHICS_TRY_AGAIN_LATER cpu_to_le32(0xC01E0104) +#define STATUS_GRAPHICS_TRY_AGAIN_NOW cpu_to_le32(0xC01E0105) +#define STATUS_GRAPHICS_ALLOCATION_INVALID cpu_to_le32(0xC01E0106) +#define STATUS_GRAPHICS_UNSWIZZLING_APERTURE_UNAVAILABLE cpu_to_le32(0xC01E0107) +#define STATUS_GRAPHICS_UNSWIZZLING_APERTURE_UNSUPPORTED cpu_to_le32(0xC01E0108) +#define STATUS_GRAPHICS_CANT_EVICT_PINNED_ALLOCATION cpu_to_le32(0xC01E0109) +#define STATUS_GRAPHICS_INVALID_ALLOCATION_USAGE cpu_to_le32(0xC01E0110) +#define STATUS_GRAPHICS_CANT_RENDER_LOCKED_ALLOCATION cpu_to_le32(0xC01E0111) +#define STATUS_GRAPHICS_ALLOCATION_CLOSED cpu_to_le32(0xC01E0112) +#define STATUS_GRAPHICS_INVALID_ALLOCATION_INSTANCE cpu_to_le32(0xC01E0113) +#define STATUS_GRAPHICS_INVALID_ALLOCATION_HANDLE cpu_to_le32(0xC01E0114) +#define STATUS_GRAPHICS_WRONG_ALLOCATION_DEVICE cpu_to_le32(0xC01E0115) +#define STATUS_GRAPHICS_ALLOCATION_CONTENT_LOST cpu_to_le32(0xC01E0116) +#define STATUS_GRAPHICS_GPU_EXCEPTION_ON_DEVICE cpu_to_le32(0xC01E0200) +#define STATUS_GRAPHICS_INVALID_VIDPN_TOPOLOGY cpu_to_le32(0xC01E0300) +#define STATUS_GRAPHICS_VIDPN_TOPOLOGY_NOT_SUPPORTED cpu_to_le32(0xC01E0301) +#define STATUS_GRAPHICS_VIDPN_TOPOLOGY_CURRENTLY_NOT_SUPPORTED \ + cpu_to_le32(0xC01E0302) +#define STATUS_GRAPHICS_INVALID_VIDPN cpu_to_le32(0xC01E0303) +#define STATUS_GRAPHICS_INVALID_VIDEO_PRESENT_SOURCE cpu_to_le32(0xC01E0304) +#define STATUS_GRAPHICS_INVALID_VIDEO_PRESENT_TARGET cpu_to_le32(0xC01E0305) +#define STATUS_GRAPHICS_VIDPN_MODALITY_NOT_SUPPORTED cpu_to_le32(0xC01E0306) +#define STATUS_GRAPHICS_INVALID_VIDPN_SOURCEMODESET cpu_to_le32(0xC01E0308) +#define STATUS_GRAPHICS_INVALID_VIDPN_TARGETMODESET cpu_to_le32(0xC01E0309) +#define STATUS_GRAPHICS_INVALID_FREQUENCY cpu_to_le32(0xC01E030A) +#define STATUS_GRAPHICS_INVALID_ACTIVE_REGION cpu_to_le32(0xC01E030B) +#define STATUS_GRAPHICS_INVALID_TOTAL_REGION cpu_to_le32(0xC01E030C) +#define STATUS_GRAPHICS_INVALID_VIDEO_PRESENT_SOURCE_MODE \ + cpu_to_le32(0xC01E0310) +#define STATUS_GRAPHICS_INVALID_VIDEO_PRESENT_TARGET_MODE \ + cpu_to_le32(0xC01E0311) +#define STATUS_GRAPHICS_PINNED_MODE_MUST_REMAIN_IN_SET cpu_to_le32(0xC01E0312) +#define STATUS_GRAPHICS_PATH_ALREADY_IN_TOPOLOGY cpu_to_le32(0xC01E0313) +#define STATUS_GRAPHICS_MODE_ALREADY_IN_MODESET cpu_to_le32(0xC01E0314) +#define STATUS_GRAPHICS_INVALID_VIDEOPRESENTSOURCESET cpu_to_le32(0xC01E0315) +#define STATUS_GRAPHICS_INVALID_VIDEOPRESENTTARGETSET cpu_to_le32(0xC01E0316) +#define STATUS_GRAPHICS_SOURCE_ALREADY_IN_SET cpu_to_le32(0xC01E0317) +#define STATUS_GRAPHICS_TARGET_ALREADY_IN_SET cpu_to_le32(0xC01E0318) +#define STATUS_GRAPHICS_INVALID_VIDPN_PRESENT_PATH cpu_to_le32(0xC01E0319) +#define STATUS_GRAPHICS_NO_RECOMMENDED_VIDPN_TOPOLOGY cpu_to_le32(0xC01E031A) +#define STATUS_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGESET \ + cpu_to_le32(0xC01E031B) +#define STATUS_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGE cpu_to_le32(0xC01E031C) +#define STATUS_GRAPHICS_FREQUENCYRANGE_NOT_IN_SET cpu_to_le32(0xC01E031D) +#define STATUS_GRAPHICS_FREQUENCYRANGE_ALREADY_IN_SET cpu_to_le32(0xC01E031F) +#define STATUS_GRAPHICS_STALE_MODESET cpu_to_le32(0xC01E0320) +#define STATUS_GRAPHICS_INVALID_MONITOR_SOURCEMODESET cpu_to_le32(0xC01E0321) +#define STATUS_GRAPHICS_INVALID_MONITOR_SOURCE_MODE cpu_to_le32(0xC01E0322) +#define STATUS_GRAPHICS_NO_RECOMMENDED_FUNCTIONAL_VIDPN cpu_to_le32(0xC01E0323) +#define STATUS_GRAPHICS_MODE_ID_MUST_BE_UNIQUE cpu_to_le32(0xC01E0324) +#define STATUS_GRAPHICS_EMPTY_ADAPTER_MONITOR_MODE_SUPPORT_INTERSECTION \ + cpu_to_le32(0xC01E0325) +#define STATUS_GRAPHICS_VIDEO_PRESENT_TARGETS_LESS_THAN_SOURCES \ + cpu_to_le32(0xC01E0326) +#define STATUS_GRAPHICS_PATH_NOT_IN_TOPOLOGY cpu_to_le32(0xC01E0327) +#define STATUS_GRAPHICS_ADAPTER_MUST_HAVE_AT_LEAST_ONE_SOURCE \ + cpu_to_le32(0xC01E0328) +#define STATUS_GRAPHICS_ADAPTER_MUST_HAVE_AT_LEAST_ONE_TARGET \ + cpu_to_le32(0xC01E0329) +#define STATUS_GRAPHICS_INVALID_MONITORDESCRIPTORSET cpu_to_le32(0xC01E032A) +#define STATUS_GRAPHICS_INVALID_MONITORDESCRIPTOR cpu_to_le32(0xC01E032B) +#define STATUS_GRAPHICS_MONITORDESCRIPTOR_NOT_IN_SET cpu_to_le32(0xC01E032C) +#define STATUS_GRAPHICS_MONITORDESCRIPTOR_ALREADY_IN_SET cpu_to_le32(0xC01E032D) +#define STATUS_GRAPHICS_MONITORDESCRIPTOR_ID_MUST_BE_UNIQUE \ + cpu_to_le32(0xC01E032E) +#define STATUS_GRAPHICS_INVALID_VIDPN_TARGET_SUBSET_TYPE cpu_to_le32(0xC01E032F) +#define STATUS_GRAPHICS_RESOURCES_NOT_RELATED cpu_to_le32(0xC01E0330) +#define STATUS_GRAPHICS_SOURCE_ID_MUST_BE_UNIQUE cpu_to_le32(0xC01E0331) +#define STATUS_GRAPHICS_TARGET_ID_MUST_BE_UNIQUE cpu_to_le32(0xC01E0332) +#define STATUS_GRAPHICS_NO_AVAILABLE_VIDPN_TARGET cpu_to_le32(0xC01E0333) +#define STATUS_GRAPHICS_MONITOR_COULD_NOT_BE_ASSOCIATED_WITH_ADAPTER \ + cpu_to_le32(0xC01E0334) +#define STATUS_GRAPHICS_NO_VIDPNMGR cpu_to_le32(0xC01E0335) +#define STATUS_GRAPHICS_NO_ACTIVE_VIDPN cpu_to_le32(0xC01E0336) +#define STATUS_GRAPHICS_STALE_VIDPN_TOPOLOGY cpu_to_le32(0xC01E0337) +#define STATUS_GRAPHICS_MONITOR_NOT_CONNECTED cpu_to_le32(0xC01E0338) +#define STATUS_GRAPHICS_SOURCE_NOT_IN_TOPOLOGY cpu_to_le32(0xC01E0339) +#define STATUS_GRAPHICS_INVALID_PRIMARYSURFACE_SIZE cpu_to_le32(0xC01E033A) +#define STATUS_GRAPHICS_INVALID_VISIBLEREGION_SIZE cpu_to_le32(0xC01E033B) +#define STATUS_GRAPHICS_INVALID_STRIDE cpu_to_le32(0xC01E033C) +#define STATUS_GRAPHICS_INVALID_PIXELFORMAT cpu_to_le32(0xC01E033D) +#define STATUS_GRAPHICS_INVALID_COLORBASIS cpu_to_le32(0xC01E033E) +#define STATUS_GRAPHICS_INVALID_PIXELVALUEACCESSMODE cpu_to_le32(0xC01E033F) +#define STATUS_GRAPHICS_TARGET_NOT_IN_TOPOLOGY cpu_to_le32(0xC01E0340) +#define STATUS_GRAPHICS_NO_DISPLAY_MODE_MANAGEMENT_SUPPORT \ + cpu_to_le32(0xC01E0341) +#define STATUS_GRAPHICS_VIDPN_SOURCE_IN_USE cpu_to_le32(0xC01E0342) +#define STATUS_GRAPHICS_CANT_ACCESS_ACTIVE_VIDPN cpu_to_le32(0xC01E0343) +#define STATUS_GRAPHICS_INVALID_PATH_IMPORTANCE_ORDINAL cpu_to_le32(0xC01E0344) +#define STATUS_GRAPHICS_INVALID_PATH_CONTENT_GEOMETRY_TRANSFORMATION \ + cpu_to_le32(0xC01E0345) +#define STATUS_GRAPHICS_PATH_CONTENT_GEOMETRY_TRANSFORMATION_NOT_SUPPORTED \ + cpu_to_le32(0xC01E0346) +#define STATUS_GRAPHICS_INVALID_GAMMA_RAMP cpu_to_le32(0xC01E0347) +#define STATUS_GRAPHICS_GAMMA_RAMP_NOT_SUPPORTED cpu_to_le32(0xC01E0348) +#define STATUS_GRAPHICS_MULTISAMPLING_NOT_SUPPORTED cpu_to_le32(0xC01E0349) +#define STATUS_GRAPHICS_MODE_NOT_IN_MODESET cpu_to_le32(0xC01E034A) +#define STATUS_GRAPHICS_INVALID_VIDPN_TOPOLOGY_RECOMMENDATION_REASON \ + cpu_to_le32(0xC01E034D) +#define STATUS_GRAPHICS_INVALID_PATH_CONTENT_TYPE cpu_to_le32(0xC01E034E) +#define STATUS_GRAPHICS_INVALID_COPYPROTECTION_TYPE cpu_to_le32(0xC01E034F) +#define STATUS_GRAPHICS_UNASSIGNED_MODESET_ALREADY_EXISTS \ + cpu_to_le32(0xC01E0350) +#define STATUS_GRAPHICS_INVALID_SCANLINE_ORDERING cpu_to_le32(0xC01E0352) +#define STATUS_GRAPHICS_TOPOLOGY_CHANGES_NOT_ALLOWED cpu_to_le32(0xC01E0353) +#define STATUS_GRAPHICS_NO_AVAILABLE_IMPORTANCE_ORDINALS cpu_to_le32(0xC01E0354) +#define STATUS_GRAPHICS_INCOMPATIBLE_PRIVATE_FORMAT cpu_to_le32(0xC01E0355) +#define STATUS_GRAPHICS_INVALID_MODE_PRUNING_ALGORITHM cpu_to_le32(0xC01E0356) +#define STATUS_GRAPHICS_INVALID_MONITOR_CAPABILITY_ORIGIN \ + cpu_to_le32(0xC01E0357) +#define STATUS_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGE_CONSTRAINT \ + cpu_to_le32(0xC01E0358) +#define STATUS_GRAPHICS_MAX_NUM_PATHS_REACHED cpu_to_le32(0xC01E0359) +#define STATUS_GRAPHICS_CANCEL_VIDPN_TOPOLOGY_AUGMENTATION \ + cpu_to_le32(0xC01E035A) +#define STATUS_GRAPHICS_INVALID_CLIENT_TYPE cpu_to_le32(0xC01E035B) +#define STATUS_GRAPHICS_CLIENTVIDPN_NOT_SET cpu_to_le32(0xC01E035C) +#define STATUS_GRAPHICS_SPECIFIED_CHILD_ALREADY_CONNECTED \ + cpu_to_le32(0xC01E0400) +#define STATUS_GRAPHICS_CHILD_DESCRIPTOR_NOT_SUPPORTED cpu_to_le32(0xC01E0401) +#define STATUS_GRAPHICS_NOT_A_LINKED_ADAPTER cpu_to_le32(0xC01E0430) +#define STATUS_GRAPHICS_LEADLINK_NOT_ENUMERATED cpu_to_le32(0xC01E0431) +#define STATUS_GRAPHICS_CHAINLINKS_NOT_ENUMERATED cpu_to_le32(0xC01E0432) +#define STATUS_GRAPHICS_ADAPTER_CHAIN_NOT_READY cpu_to_le32(0xC01E0433) +#define STATUS_GRAPHICS_CHAINLINKS_NOT_STARTED cpu_to_le32(0xC01E0434) +#define STATUS_GRAPHICS_CHAINLINKS_NOT_POWERED_ON cpu_to_le32(0xC01E0435) +#define STATUS_GRAPHICS_INCONSISTENT_DEVICE_LINK_STATE cpu_to_le32(0xC01E0436) +#define STATUS_GRAPHICS_NOT_POST_DEVICE_DRIVER cpu_to_le32(0xC01E0438) +#define STATUS_GRAPHICS_ADAPTER_ACCESS_NOT_EXCLUDED cpu_to_le32(0xC01E043B) +#define STATUS_GRAPHICS_OPM_PROTECTED_OUTPUT_DOES_NOT_HAVE_COPP_SEMANTICS \ + cpu_to_le32(0xC01E051C) +#define STATUS_GRAPHICS_OPM_INVALID_INFORMATION_REQUEST cpu_to_le32(0xC01E051D) +#define STATUS_GRAPHICS_OPM_DRIVER_INTERNAL_ERROR cpu_to_le32(0xC01E051E) +#define STATUS_GRAPHICS_OPM_PROTECTED_OUTPUT_DOES_NOT_HAVE_OPM_SEMANTICS \ + cpu_to_le32(0xC01E051F) +#define STATUS_GRAPHICS_OPM_SIGNALING_NOT_SUPPORTED cpu_to_le32(0xC01E0520) +#define STATUS_GRAPHICS_OPM_INVALID_CONFIGURATION_REQUEST \ + cpu_to_le32(0xC01E0521) +#define STATUS_GRAPHICS_OPM_NOT_SUPPORTED cpu_to_le32(0xC01E0500) +#define STATUS_GRAPHICS_COPP_NOT_SUPPORTED cpu_to_le32(0xC01E0501) +#define STATUS_GRAPHICS_UAB_NOT_SUPPORTED cpu_to_le32(0xC01E0502) +#define STATUS_GRAPHICS_OPM_INVALID_ENCRYPTED_PARAMETERS cpu_to_le32(0xC01E0503) +#define STATUS_GRAPHICS_OPM_PARAMETER_ARRAY_TOO_SMALL cpu_to_le32(0xC01E0504) +#define STATUS_GRAPHICS_OPM_NO_PROTECTED_OUTPUTS_EXIST cpu_to_le32(0xC01E0505) +#define STATUS_GRAPHICS_PVP_NO_DISPLAY_DEVICE_CORRESPONDS_TO_NAME \ + cpu_to_le32(0xC01E0506) +#define STATUS_GRAPHICS_PVP_DISPLAY_DEVICE_NOT_ATTACHED_TO_DESKTOP \ + cpu_to_le32(0xC01E0507) +#define STATUS_GRAPHICS_PVP_MIRRORING_DEVICES_NOT_SUPPORTED \ + cpu_to_le32(0xC01E0508) +#define STATUS_GRAPHICS_OPM_INVALID_POINTER cpu_to_le32(0xC01E050A) +#define STATUS_GRAPHICS_OPM_INTERNAL_ERROR cpu_to_le32(0xC01E050B) +#define STATUS_GRAPHICS_OPM_INVALID_HANDLE cpu_to_le32(0xC01E050C) +#define STATUS_GRAPHICS_PVP_NO_MONITORS_CORRESPOND_TO_DISPLAY_DEVICE \ + cpu_to_le32(0xC01E050D) +#define STATUS_GRAPHICS_PVP_INVALID_CERTIFICATE_LENGTH cpu_to_le32(0xC01E050E) +#define STATUS_GRAPHICS_OPM_SPANNING_MODE_ENABLED cpu_to_le32(0xC01E050F) +#define STATUS_GRAPHICS_OPM_THEATER_MODE_ENABLED cpu_to_le32(0xC01E0510) +#define STATUS_GRAPHICS_PVP_HFS_FAILED cpu_to_le32(0xC01E0511) +#define STATUS_GRAPHICS_OPM_INVALID_SRM cpu_to_le32(0xC01E0512) +#define STATUS_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_HDCP cpu_to_le32(0xC01E0513) +#define STATUS_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_ACP cpu_to_le32(0xC01E0514) +#define STATUS_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_CGMSA \ + cpu_to_le32(0xC01E0515) +#define STATUS_GRAPHICS_OPM_HDCP_SRM_NEVER_SET cpu_to_le32(0xC01E0516) +#define STATUS_GRAPHICS_OPM_RESOLUTION_TOO_HIGH cpu_to_le32(0xC01E0517) +#define STATUS_GRAPHICS_OPM_ALL_HDCP_HARDWARE_ALREADY_IN_USE \ + cpu_to_le32(0xC01E0518) +#define STATUS_GRAPHICS_OPM_PROTECTED_OUTPUT_NO_LONGER_EXISTS \ + cpu_to_le32(0xC01E051A) +#define STATUS_GRAPHICS_OPM_SESSION_TYPE_CHANGE_IN_PROGRESS \ + cpu_to_le32(0xC01E051B) +#define STATUS_GRAPHICS_I2C_NOT_SUPPORTED cpu_to_le32(0xC01E0580) +#define STATUS_GRAPHICS_I2C_DEVICE_DOES_NOT_EXIST cpu_to_le32(0xC01E0581) +#define STATUS_GRAPHICS_I2C_ERROR_TRANSMITTING_DATA cpu_to_le32(0xC01E0582) +#define STATUS_GRAPHICS_I2C_ERROR_RECEIVING_DATA cpu_to_le32(0xC01E0583) +#define STATUS_GRAPHICS_DDCCI_VCP_NOT_SUPPORTED cpu_to_le32(0xC01E0584) +#define STATUS_GRAPHICS_DDCCI_INVALID_DATA cpu_to_le32(0xC01E0585) +#define STATUS_GRAPHICS_DDCCI_MONITOR_RETURNED_INVALID_TIMING_STATUS_BYTE \ + cpu_to_le32(0xC01E0586) +#define STATUS_GRAPHICS_DDCCI_INVALID_CAPABILITIES_STRING \ + cpu_to_le32(0xC01E0587) +#define STATUS_GRAPHICS_MCA_INTERNAL_ERROR cpu_to_le32(0xC01E0588) +#define STATUS_GRAPHICS_DDCCI_INVALID_MESSAGE_COMMAND cpu_to_le32(0xC01E0589) +#define STATUS_GRAPHICS_DDCCI_INVALID_MESSAGE_LENGTH cpu_to_le32(0xC01E058A) +#define STATUS_GRAPHICS_DDCCI_INVALID_MESSAGE_CHECKSUM cpu_to_le32(0xC01E058B) +#define STATUS_GRAPHICS_INVALID_PHYSICAL_MONITOR_HANDLE cpu_to_le32(0xC01E058C) +#define STATUS_GRAPHICS_MONITOR_NO_LONGER_EXISTS cpu_to_le32(0xC01E058D) +#define STATUS_GRAPHICS_ONLY_CONSOLE_SESSION_SUPPORTED cpu_to_le32(0xC01E05E0) +#define STATUS_GRAPHICS_NO_DISPLAY_DEVICE_CORRESPONDS_TO_NAME \ + cpu_to_le32(0xC01E05E1) +#define STATUS_GRAPHICS_DISPLAY_DEVICE_NOT_ATTACHED_TO_DESKTOP \ + cpu_to_le32(0xC01E05E2) +#define STATUS_GRAPHICS_MIRRORING_DEVICES_NOT_SUPPORTED cpu_to_le32(0xC01E05E3) +#define STATUS_GRAPHICS_INVALID_POINTER cpu_to_le32(0xC01E05E4) +#define STATUS_GRAPHICS_NO_MONITORS_CORRESPOND_TO_DISPLAY_DEVICE \ + cpu_to_le32(0xC01E05E5) +#define STATUS_GRAPHICS_PARAMETER_ARRAY_TOO_SMALL cpu_to_le32(0xC01E05E6) +#define STATUS_GRAPHICS_INTERNAL_ERROR cpu_to_le32(0xC01E05E7) +#define STATUS_GRAPHICS_SESSION_TYPE_CHANGE_IN_PROGRESS cpu_to_le32(0xC01E05E8) +#define STATUS_FVE_LOCKED_VOLUME cpu_to_le32(0xC0210000) +#define STATUS_FVE_NOT_ENCRYPTED cpu_to_le32(0xC0210001) +#define STATUS_FVE_BAD_INFORMATION cpu_to_le32(0xC0210002) +#define STATUS_FVE_TOO_SMALL cpu_to_le32(0xC0210003) +#define STATUS_FVE_FAILED_WRONG_FS cpu_to_le32(0xC0210004) +#define STATUS_FVE_FAILED_BAD_FS cpu_to_le32(0xC0210005) +#define STATUS_FVE_FS_NOT_EXTENDED cpu_to_le32(0xC0210006) +#define STATUS_FVE_FS_MOUNTED cpu_to_le32(0xC0210007) +#define STATUS_FVE_NO_LICENSE cpu_to_le32(0xC0210008) +#define STATUS_FVE_ACTION_NOT_ALLOWED cpu_to_le32(0xC0210009) +#define STATUS_FVE_BAD_DATA cpu_to_le32(0xC021000A) +#define STATUS_FVE_VOLUME_NOT_BOUND cpu_to_le32(0xC021000B) +#define STATUS_FVE_NOT_DATA_VOLUME cpu_to_le32(0xC021000C) +#define STATUS_FVE_CONV_READ_ERROR cpu_to_le32(0xC021000D) +#define STATUS_FVE_CONV_WRITE_ERROR cpu_to_le32(0xC021000E) +#define STATUS_FVE_OVERLAPPED_UPDATE cpu_to_le32(0xC021000F) +#define STATUS_FVE_FAILED_SECTOR_SIZE cpu_to_le32(0xC0210010) +#define STATUS_FVE_FAILED_AUTHENTICATION cpu_to_le32(0xC0210011) +#define STATUS_FVE_NOT_OS_VOLUME cpu_to_le32(0xC0210012) +#define STATUS_FVE_KEYFILE_NOT_FOUND cpu_to_le32(0xC0210013) +#define STATUS_FVE_KEYFILE_INVALID cpu_to_le32(0xC0210014) +#define STATUS_FVE_KEYFILE_NO_VMK cpu_to_le32(0xC0210015) +#define STATUS_FVE_TPM_DISABLED cpu_to_le32(0xC0210016) +#define STATUS_FVE_TPM_SRK_AUTH_NOT_ZERO cpu_to_le32(0xC0210017) +#define STATUS_FVE_TPM_INVALID_PCR cpu_to_le32(0xC0210018) +#define STATUS_FVE_TPM_NO_VMK cpu_to_le32(0xC0210019) +#define STATUS_FVE_PIN_INVALID cpu_to_le32(0xC021001A) +#define STATUS_FVE_AUTH_INVALID_APPLICATION cpu_to_le32(0xC021001B) +#define STATUS_FVE_AUTH_INVALID_CONFIG cpu_to_le32(0xC021001C) +#define STATUS_FVE_DEBUGGER_ENABLED cpu_to_le32(0xC021001D) +#define STATUS_FVE_DRY_RUN_FAILED cpu_to_le32(0xC021001E) +#define STATUS_FVE_BAD_METADATA_POINTER cpu_to_le32(0xC021001F) +#define STATUS_FVE_OLD_METADATA_COPY cpu_to_le32(0xC0210020) +#define STATUS_FVE_REBOOT_REQUIRED cpu_to_le32(0xC0210021) +#define STATUS_FVE_RAW_ACCESS cpu_to_le32(0xC0210022) +#define STATUS_FVE_RAW_BLOCKED cpu_to_le32(0xC0210023) +#define STATUS_FWP_CALLOUT_NOT_FOUND cpu_to_le32(0xC0220001) +#define STATUS_FWP_CONDITION_NOT_FOUND cpu_to_le32(0xC0220002) +#define STATUS_FWP_FILTER_NOT_FOUND cpu_to_le32(0xC0220003) +#define STATUS_FWP_LAYER_NOT_FOUND cpu_to_le32(0xC0220004) +#define STATUS_FWP_PROVIDER_NOT_FOUND cpu_to_le32(0xC0220005) +#define STATUS_FWP_PROVIDER_CONTEXT_NOT_FOUND cpu_to_le32(0xC0220006) +#define STATUS_FWP_SUBLAYER_NOT_FOUND cpu_to_le32(0xC0220007) +#define STATUS_FWP_NOT_FOUND cpu_to_le32(0xC0220008) +#define STATUS_FWP_ALREADY_EXISTS cpu_to_le32(0xC0220009) +#define STATUS_FWP_IN_USE cpu_to_le32(0xC022000A) +#define STATUS_FWP_DYNAMIC_SESSION_IN_PROGRESS cpu_to_le32(0xC022000B) +#define STATUS_FWP_WRONG_SESSION cpu_to_le32(0xC022000C) +#define STATUS_FWP_NO_TXN_IN_PROGRESS cpu_to_le32(0xC022000D) +#define STATUS_FWP_TXN_IN_PROGRESS cpu_to_le32(0xC022000E) +#define STATUS_FWP_TXN_ABORTED cpu_to_le32(0xC022000F) +#define STATUS_FWP_SESSION_ABORTED cpu_to_le32(0xC0220010) +#define STATUS_FWP_INCOMPATIBLE_TXN cpu_to_le32(0xC0220011) +#define STATUS_FWP_TIMEOUT cpu_to_le32(0xC0220012) +#define STATUS_FWP_NET_EVENTS_DISABLED cpu_to_le32(0xC0220013) +#define STATUS_FWP_INCOMPATIBLE_LAYER cpu_to_le32(0xC0220014) +#define STATUS_FWP_KM_CLIENTS_ONLY cpu_to_le32(0xC0220015) +#define STATUS_FWP_LIFETIME_MISMATCH cpu_to_le32(0xC0220016) +#define STATUS_FWP_BUILTIN_OBJECT cpu_to_le32(0xC0220017) +#define STATUS_FWP_TOO_MANY_BOOTTIME_FILTERS cpu_to_le32(0xC0220018) +#define STATUS_FWP_TOO_MANY_CALLOUTS cpu_to_le32(0xC0220018) +#define STATUS_FWP_NOTIFICATION_DROPPED cpu_to_le32(0xC0220019) +#define STATUS_FWP_TRAFFIC_MISMATCH cpu_to_le32(0xC022001A) +#define STATUS_FWP_INCOMPATIBLE_SA_STATE cpu_to_le32(0xC022001B) +#define STATUS_FWP_NULL_POINTER cpu_to_le32(0xC022001C) +#define STATUS_FWP_INVALID_ENUMERATOR cpu_to_le32(0xC022001D) +#define STATUS_FWP_INVALID_FLAGS cpu_to_le32(0xC022001E) +#define STATUS_FWP_INVALID_NET_MASK cpu_to_le32(0xC022001F) +#define STATUS_FWP_INVALID_RANGE cpu_to_le32(0xC0220020) +#define STATUS_FWP_INVALID_INTERVAL cpu_to_le32(0xC0220021) +#define STATUS_FWP_ZERO_LENGTH_ARRAY cpu_to_le32(0xC0220022) +#define STATUS_FWP_NULL_DISPLAY_NAME cpu_to_le32(0xC0220023) +#define STATUS_FWP_INVALID_ACTION_TYPE cpu_to_le32(0xC0220024) +#define STATUS_FWP_INVALID_WEIGHT cpu_to_le32(0xC0220025) +#define STATUS_FWP_MATCH_TYPE_MISMATCH cpu_to_le32(0xC0220026) +#define STATUS_FWP_TYPE_MISMATCH cpu_to_le32(0xC0220027) +#define STATUS_FWP_OUT_OF_BOUNDS cpu_to_le32(0xC0220028) +#define STATUS_FWP_RESERVED cpu_to_le32(0xC0220029) +#define STATUS_FWP_DUPLICATE_CONDITION cpu_to_le32(0xC022002A) +#define STATUS_FWP_DUPLICATE_KEYMOD cpu_to_le32(0xC022002B) +#define STATUS_FWP_ACTION_INCOMPATIBLE_WITH_LAYER cpu_to_le32(0xC022002C) +#define STATUS_FWP_ACTION_INCOMPATIBLE_WITH_SUBLAYER cpu_to_le32(0xC022002D) +#define STATUS_FWP_CONTEXT_INCOMPATIBLE_WITH_LAYER cpu_to_le32(0xC022002E) +#define STATUS_FWP_CONTEXT_INCOMPATIBLE_WITH_CALLOUT cpu_to_le32(0xC022002F) +#define STATUS_FWP_INCOMPATIBLE_AUTH_METHOD cpu_to_le32(0xC0220030) +#define STATUS_FWP_INCOMPATIBLE_DH_GROUP cpu_to_le32(0xC0220031) +#define STATUS_FWP_EM_NOT_SUPPORTED cpu_to_le32(0xC0220032) +#define STATUS_FWP_NEVER_MATCH cpu_to_le32(0xC0220033) +#define STATUS_FWP_PROVIDER_CONTEXT_MISMATCH cpu_to_le32(0xC0220034) +#define STATUS_FWP_INVALID_PARAMETER cpu_to_le32(0xC0220035) +#define STATUS_FWP_TOO_MANY_SUBLAYERS cpu_to_le32(0xC0220036) +#define STATUS_FWP_CALLOUT_NOTIFICATION_FAILED cpu_to_le32(0xC0220037) +#define STATUS_FWP_INCOMPATIBLE_AUTH_CONFIG cpu_to_le32(0xC0220038) +#define STATUS_FWP_INCOMPATIBLE_CIPHER_CONFIG cpu_to_le32(0xC0220039) +#define STATUS_FWP_TCPIP_NOT_READY cpu_to_le32(0xC0220100) +#define STATUS_FWP_INJECT_HANDLE_CLOSING cpu_to_le32(0xC0220101) +#define STATUS_FWP_INJECT_HANDLE_STALE cpu_to_le32(0xC0220102) +#define STATUS_FWP_CANNOT_PEND cpu_to_le32(0xC0220103) +#define STATUS_NDIS_CLOSING cpu_to_le32(0xC0230002) +#define STATUS_NDIS_BAD_VERSION cpu_to_le32(0xC0230004) +#define STATUS_NDIS_BAD_CHARACTERISTICS cpu_to_le32(0xC0230005) +#define STATUS_NDIS_ADAPTER_NOT_FOUND cpu_to_le32(0xC0230006) +#define STATUS_NDIS_OPEN_FAILED cpu_to_le32(0xC0230007) +#define STATUS_NDIS_DEVICE_FAILED cpu_to_le32(0xC0230008) +#define STATUS_NDIS_MULTICAST_FULL cpu_to_le32(0xC0230009) +#define STATUS_NDIS_MULTICAST_EXISTS cpu_to_le32(0xC023000A) +#define STATUS_NDIS_MULTICAST_NOT_FOUND cpu_to_le32(0xC023000B) +#define STATUS_NDIS_REQUEST_ABORTED cpu_to_le32(0xC023000C) +#define STATUS_NDIS_RESET_IN_PROGRESS cpu_to_le32(0xC023000D) +#define STATUS_NDIS_INVALID_PACKET cpu_to_le32(0xC023000F) +#define STATUS_NDIS_INVALID_DEVICE_REQUEST cpu_to_le32(0xC0230010) +#define STATUS_NDIS_ADAPTER_NOT_READY cpu_to_le32(0xC0230011) +#define STATUS_NDIS_INVALID_LENGTH cpu_to_le32(0xC0230014) +#define STATUS_NDIS_INVALID_DATA cpu_to_le32(0xC0230015) +#define STATUS_NDIS_BUFFER_TOO_SHORT cpu_to_le32(0xC0230016) +#define STATUS_NDIS_INVALID_OID cpu_to_le32(0xC0230017) +#define STATUS_NDIS_ADAPTER_REMOVED cpu_to_le32(0xC0230018) +#define STATUS_NDIS_UNSUPPORTED_MEDIA cpu_to_le32(0xC0230019) +#define STATUS_NDIS_GROUP_ADDRESS_IN_USE cpu_to_le32(0xC023001A) +#define STATUS_NDIS_FILE_NOT_FOUND cpu_to_le32(0xC023001B) +#define STATUS_NDIS_ERROR_READING_FILE cpu_to_le32(0xC023001C) +#define STATUS_NDIS_ALREADY_MAPPED cpu_to_le32(0xC023001D) +#define STATUS_NDIS_RESOURCE_CONFLICT cpu_to_le32(0xC023001E) +#define STATUS_NDIS_MEDIA_DISCONNECTED cpu_to_le32(0xC023001F) +#define STATUS_NDIS_INVALID_ADDRESS cpu_to_le32(0xC0230022) +#define STATUS_NDIS_PAUSED cpu_to_le32(0xC023002A) +#define STATUS_NDIS_INTERFACE_NOT_FOUND cpu_to_le32(0xC023002B) +#define STATUS_NDIS_UNSUPPORTED_REVISION cpu_to_le32(0xC023002C) +#define STATUS_NDIS_INVALID_PORT cpu_to_le32(0xC023002D) +#define STATUS_NDIS_INVALID_PORT_STATE cpu_to_le32(0xC023002E) +#define STATUS_NDIS_LOW_POWER_STATE cpu_to_le32(0xC023002F) +#define STATUS_NDIS_NOT_SUPPORTED cpu_to_le32(0xC02300BB) +#define STATUS_NDIS_DOT11_AUTO_CONFIG_ENABLED cpu_to_le32(0xC0232000) +#define STATUS_NDIS_DOT11_MEDIA_IN_USE cpu_to_le32(0xC0232001) +#define STATUS_NDIS_DOT11_POWER_STATE_INVALID cpu_to_le32(0xC0232002) +#define STATUS_IPSEC_BAD_SPI cpu_to_le32(0xC0360001) +#define STATUS_IPSEC_SA_LIFETIME_EXPIRED cpu_to_le32(0xC0360002) +#define STATUS_IPSEC_WRONG_SA cpu_to_le32(0xC0360003) +#define STATUS_IPSEC_REPLAY_CHECK_FAILED cpu_to_le32(0xC0360004) +#define STATUS_IPSEC_INVALID_PACKET cpu_to_le32(0xC0360005) +#define STATUS_IPSEC_INTEGRITY_CHECK_FAILED cpu_to_le32(0xC0360006) +#define STATUS_IPSEC_CLEAR_TEXT_DROP cpu_to_le32(0xC0360007) + +#define STATUS_NO_PREAUTH_INTEGRITY_HASH_OVERLAP cpu_to_le32(0xC05D0000) +#define STATUS_INVALID_LOCK_RANGE cpu_to_le32(0xC00001a1) diff --git a/fs/cifsd/time_wrappers.h b/fs/cifsd/time_wrappers.h new file mode 100644 index 000000000000..a702ca96947e --- /dev/null +++ b/fs/cifsd/time_wrappers.h @@ -0,0 +1,34 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2019 Samsung Electronics Co., Ltd. + */ + +#ifndef __KSMBD_TIME_WRAPPERS_H +#define __KSMBD_TIME_WRAPPERS_H + +/* + * A bunch of ugly hacks to workaoround all the API differences + * between different kernel versions. + */ + +#define NTFS_TIME_OFFSET ((u64)(369*365 + 89) * 24 * 3600 * 10000000) + +/* Convert the Unix UTC into NT UTC. */ +static inline u64 ksmbd_UnixTimeToNT(struct timespec64 t) +{ + /* Convert to 100ns intervals and then add the NTFS time offset. */ + return (u64) t.tv_sec * 10000000 + t.tv_nsec / 100 + NTFS_TIME_OFFSET; +} + +struct timespec64 ksmbd_NTtimeToUnix(__le64 ntutc); + +#define KSMBD_TIME_TO_TM time64_to_tm + +static inline long long ksmbd_systime(void) +{ + struct timespec64 ts; + + ktime_get_real_ts64(&ts); + return ksmbd_UnixTimeToNT(ts); +} +#endif /* __KSMBD_TIME_WRAPPERS_H */ diff --git a/fs/cifsd/unicode.c b/fs/cifsd/unicode.c new file mode 100644 index 000000000000..22a4d10a2000 --- /dev/null +++ b/fs/cifsd/unicode.c @@ -0,0 +1,391 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Some of the source code in this file came from fs/cifs/cifs_unicode.c + * + * Copyright (c) International Business Machines Corp., 2000,2009 + * Modified by Steve French (sfrench@us.ibm.com) + * Modified by Namjae Jeon (linkinjeon@kernel.org) + */ +#include <linux/fs.h> +#include <linux/slab.h> +#include <asm/unaligned.h> +#include "glob.h" +#include "unicode.h" +#include "uniupr.h" +#include "smb_common.h" + +/* + * smb_utf16_bytes() - how long will a string be after conversion? + * @from: pointer to input string + * @maxbytes: don't go past this many bytes of input string + * @codepage: destination codepage + * + * Walk a utf16le string and return the number of bytes that the string will + * be after being converted to the given charset, not including any null + * termination required. Don't walk past maxbytes in the source buffer. + * + * Return: string length after conversion + */ +static int smb_utf16_bytes(const __le16 *from, + int maxbytes, + const struct nls_table *codepage) +{ + int i; + int charlen, outlen = 0; + int maxwords = maxbytes / 2; + char tmp[NLS_MAX_CHARSET_SIZE]; + __u16 ftmp; + + for (i = 0; i < maxwords; i++) { + ftmp = get_unaligned_le16(&from[i]); + if (ftmp == 0) + break; + + charlen = codepage->uni2char(ftmp, tmp, NLS_MAX_CHARSET_SIZE); + if (charlen > 0) + outlen += charlen; + else + outlen++; + } + + return outlen; +} + +/* + * cifs_mapchar() - convert a host-endian char to proper char in codepage + * @target: where converted character should be copied + * @src_char: 2 byte host-endian source character + * @cp: codepage to which character should be converted + * @mapchar: should character be mapped according to mapchars mount option? + * + * This function handles the conversion of a single character. It is the + * responsibility of the caller to ensure that the target buffer is large + * enough to hold the result of the conversion (at least NLS_MAX_CHARSET_SIZE). + * + * Return: string length after conversion + */ +static int +cifs_mapchar(char *target, const __u16 src_char, const struct nls_table *cp, + bool mapchar) +{ + int len = 1; + + if (!mapchar) + goto cp_convert; + + /* + * BB: Cannot handle remapping UNI_SLASH until all the calls to + * build_path_from_dentry are modified, as they use slash as + * separator. + */ + switch (src_char) { + case UNI_COLON: + *target = ':'; + break; + case UNI_ASTERISK: + *target = '*'; + break; + case UNI_QUESTION: + *target = '?'; + break; + case UNI_PIPE: + *target = '|'; + break; + case UNI_GRTRTHAN: + *target = '>'; + break; + case UNI_LESSTHAN: + *target = '<'; + break; + default: + goto cp_convert; + } + +out: + return len; + +cp_convert: + len = cp->uni2char(src_char, target, NLS_MAX_CHARSET_SIZE); + if (len <= 0) { + *target = '?'; + len = 1; + } + + goto out; +} + +/* + * is_char_allowed() - check for valid character + * @ch: input character to be checked + * + * Return: 1 if char is allowed, otherwise 0 + */ +static inline int is_char_allowed(char *ch) +{ + /* check for control chars, wildcards etc. */ + if (!(*ch & 0x80) && + (*ch <= 0x1f || + *ch == '?' || *ch == '"' || *ch == '<' || + *ch == '>' || *ch == '|')) + return 0; + + return 1; +} + +/* + * smb_from_utf16() - convert utf16le string to local charset + * @to: destination buffer + * @from: source buffer + * @tolen: destination buffer size (in bytes) + * @fromlen: source buffer size (in bytes) + * @codepage: codepage to which characters should be converted + * @mapchar: should characters be remapped according to the mapchars option? + * + * Convert a little-endian utf16le string (as sent by the server) to a string + * in the provided codepage. The tolen and fromlen parameters are to ensure + * that the code doesn't walk off of the end of the buffer (which is always + * a danger if the alignment of the source buffer is off). The destination + * string is always properly null terminated and fits in the destination + * buffer. Returns the length of the destination string in bytes (including + * null terminator). + * + * Note that some windows versions actually send multiword UTF-16 characters + * instead of straight UTF16-2. The linux nls routines however aren't able to + * deal with those characters properly. In the event that we get some of + * those characters, they won't be translated properly. + * + * Return: string length after conversion + */ +static int smb_from_utf16(char *to, + const __le16 *from, + int tolen, + int fromlen, + const struct nls_table *codepage, + bool mapchar) +{ + int i, charlen, safelen; + int outlen = 0; + int nullsize = nls_nullsize(codepage); + int fromwords = fromlen / 2; + char tmp[NLS_MAX_CHARSET_SIZE]; + __u16 ftmp; + + /* + * because the chars can be of varying widths, we need to take care + * not to overflow the destination buffer when we get close to the + * end of it. Until we get to this offset, we don't need to check + * for overflow however. + */ + safelen = tolen - (NLS_MAX_CHARSET_SIZE + nullsize); + + for (i = 0; i < fromwords; i++) { + ftmp = get_unaligned_le16(&from[i]); + if (ftmp == 0) + break; + + /* + * check to see if converting this character might make the + * conversion bleed into the null terminator + */ + if (outlen >= safelen) { + charlen = cifs_mapchar(tmp, ftmp, codepage, mapchar); + if ((outlen + charlen) > (tolen - nullsize)) + break; + } + + /* put converted char into 'to' buffer */ + charlen = cifs_mapchar(&to[outlen], ftmp, codepage, mapchar); + outlen += charlen; + } + + /* properly null-terminate string */ + for (i = 0; i < nullsize; i++) + to[outlen++] = 0; + + return outlen; +} + +/* + * smb_strtoUTF16() - Convert character string to unicode string + * @to: destination buffer + * @from: source buffer + * @len: destination buffer size (in bytes) + * @codepage: codepage to which characters should be converted + * + * Return: string length after conversion + */ +int +smb_strtoUTF16(__le16 *to, const char *from, int len, + const struct nls_table *codepage) +{ + int charlen; + int i; + wchar_t wchar_to; /* needed to quiet sparse */ + + /* special case for utf8 to handle no plane0 chars */ + if (!strcmp(codepage->charset, "utf8")) { + /* + * convert utf8 -> utf16, we assume we have enough space + * as caller should have assumed conversion does not overflow + * in destination len is length in wchar_t units (16bits) + */ + i = utf8s_to_utf16s(from, len, UTF16_LITTLE_ENDIAN, + (wchar_t *) to, len); + + /* if success terminate and exit */ + if (i >= 0) + goto success; + /* + * if fails fall back to UCS encoding as this + * function should not return negative values + * currently can fail only if source contains + * invalid encoded characters + */ + } + + for (i = 0; len > 0 && *from; i++, from += charlen, len -= charlen) { + charlen = codepage->char2uni(from, len, &wchar_to); + if (charlen < 1) { + /* A question mark */ + wchar_to = 0x003f; + charlen = 1; + } + put_unaligned_le16(wchar_to, &to[i]); + } + +success: + put_unaligned_le16(0, &to[i]); + return i; +} + +/* + * smb_strndup_from_utf16() - copy a string from wire format to the local + * codepage + * @src: source string + * @maxlen: don't walk past this many bytes in the source string + * @is_unicode: is this a unicode string? + * @codepage: destination codepage + * + * Take a string given by the server, convert it to the local codepage and + * put it in a new buffer. Returns a pointer to the new string or NULL on + * error. + * + * Return: destination string buffer or error ptr + */ +char * +smb_strndup_from_utf16(const char *src, const int maxlen, + const bool is_unicode, const struct nls_table *codepage) +{ + int len, ret; + char *dst; + + if (is_unicode) { + len = smb_utf16_bytes((__le16 *) src, maxlen, codepage); + len += nls_nullsize(codepage); + dst = kmalloc(len, GFP_KERNEL); + if (!dst) + return ERR_PTR(-ENOMEM); + ret = smb_from_utf16(dst, (__le16 *) src, len, maxlen, codepage, + false); + if (ret < 0) { + kfree(dst); + return ERR_PTR(-EINVAL); + } + } else { + len = strnlen(src, maxlen); + len++; + dst = kmalloc(len, GFP_KERNEL); + if (!dst) + return ERR_PTR(-ENOMEM); + strscpy(dst, src, len); + } + + return dst; +} + +/* + * Convert 16 bit Unicode pathname to wire format from string in current code + * page. Conversion may involve remapping up the six characters that are + * only legal in POSIX-like OS (if they are present in the string). Path + * names are little endian 16 bit Unicode on the wire + */ +/* + * smbConvertToUTF16() - convert string from local charset to utf16 + * @target: destination buffer + * @source: source buffer + * @srclen: source buffer size (in bytes) + * @cp: codepage to which characters should be converted + * @mapchar: should characters be remapped according to the mapchars option? + * + * Convert 16 bit Unicode pathname to wire format from string in current code + * page. Conversion may involve remapping up the six characters that are + * only legal in POSIX-like OS (if they are present in the string). Path + * names are little endian 16 bit Unicode on the wire + * + * Return: char length after conversion + */ +int +smbConvertToUTF16(__le16 *target, const char *source, int srclen, + const struct nls_table *cp, int mapchars) +{ + int i, j, charlen; + char src_char; + __le16 dst_char; + wchar_t tmp; + + if (!mapchars) + return smb_strtoUTF16(target, source, srclen, cp); + + for (i = 0, j = 0; i < srclen; j++) { + src_char = source[i]; + charlen = 1; + switch (src_char) { + case 0: + put_unaligned(0, &target[j]); + return j; + case ':': + dst_char = cpu_to_le16(UNI_COLON); + break; + case '*': + dst_char = cpu_to_le16(UNI_ASTERISK); + break; + case '?': + dst_char = cpu_to_le16(UNI_QUESTION); + break; + case '<': + dst_char = cpu_to_le16(UNI_LESSTHAN); + break; + case '>': + dst_char = cpu_to_le16(UNI_GRTRTHAN); + break; + case '|': + dst_char = cpu_to_le16(UNI_PIPE); + break; + /* + * FIXME: We can not handle remapping backslash (UNI_SLASH) + * until all the calls to build_path_from_dentry are modified, + * as they use backslash as separator. + */ + default: + charlen = cp->char2uni(source + i, srclen - i, &tmp); + dst_char = cpu_to_le16(tmp); + + /* + * if no match, use question mark, which at least in + * some cases serves as wild card + */ + if (charlen < 1) { + dst_char = cpu_to_le16(0x003f); + charlen = 1; + } + } + /* + * character may take more than one byte in the source string, + * but will take exactly two bytes in the target string + */ + i += charlen; + put_unaligned(dst_char, &target[j]); + } + + return j; +} diff --git a/fs/cifsd/unicode.h b/fs/cifsd/unicode.h new file mode 100644 index 000000000000..228a02c9b95d --- /dev/null +++ b/fs/cifsd/unicode.h @@ -0,0 +1,374 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Some of the source code in this file came from fs/cifs/cifs_unicode.c + * cifs_unicode: Unicode kernel case support + * + * Function: + * Convert a unicode character to upper or lower case using + * compressed tables. + * + * Copyright (c) International Business Machines Corp., 2000,2009 + * + * + * Notes: + * These APIs are based on the C library functions. The semantics + * should match the C functions but with expanded size operands. + * + * The upper/lower functions are based on a table created by mkupr. + * This is a compressed table of upper and lower case conversion. + * + */ +#ifndef _CIFS_UNICODE_H +#define _CIFS_UNICODE_H + +#include <asm/byteorder.h> +#include <linux/types.h> +#include <linux/nls.h> + +#define UNIUPR_NOLOWER /* Example to not expand lower case tables */ + +/* + * Windows maps these to the user defined 16 bit Unicode range since they are + * reserved symbols (along with \ and /), otherwise illegal to store + * in filenames in NTFS + */ +#define UNI_ASTERISK ((__u16) ('*' + 0xF000)) +#define UNI_QUESTION ((__u16) ('?' + 0xF000)) +#define UNI_COLON ((__u16) (':' + 0xF000)) +#define UNI_GRTRTHAN ((__u16) ('>' + 0xF000)) +#define UNI_LESSTHAN ((__u16) ('<' + 0xF000)) +#define UNI_PIPE ((__u16) ('|' + 0xF000)) +#define UNI_SLASH ((__u16) ('\' + 0xF000)) + +/* Just define what we want from uniupr.h. We don't want to define the tables + * in each source file. + */ +#ifndef UNICASERANGE_DEFINED +struct UniCaseRange { + wchar_t start; + wchar_t end; + signed char *table; +}; +#endif /* UNICASERANGE_DEFINED */ + +#ifndef UNIUPR_NOUPPER +extern signed char SmbUniUpperTable[512]; +extern const struct UniCaseRange SmbUniUpperRange[]; +#endif /* UNIUPR_NOUPPER */ + +#ifndef UNIUPR_NOLOWER +extern signed char CifsUniLowerTable[512]; +extern const struct UniCaseRange CifsUniLowerRange[]; +#endif /* UNIUPR_NOLOWER */ + +#ifdef __KERNEL__ +int smb_strtoUTF16(__le16 *to, const char *from, int len, + const struct nls_table *codepage); +char *smb_strndup_from_utf16(const char *src, const int maxlen, + const bool is_unicode, + const struct nls_table *codepage); +extern int smbConvertToUTF16(__le16 *target, const char *source, int srclen, + const struct nls_table *cp, int mapchars); +extern char *extract_sharename(char *treename); +#endif + +wchar_t cifs_toupper(wchar_t in); + +/* + * UniStrcat: Concatenate the second string to the first + * + * Returns: + * Address of the first string + */ + static inline wchar_t * +UniStrcat(wchar_t *ucs1, const wchar_t *ucs2) +{ + wchar_t *anchor = ucs1; /* save a pointer to start of ucs1 */ + + while (*ucs1++) + /*NULL*/; /* To end of first string */ + ucs1--; /* Return to the null */ + while ((*ucs1++ = *ucs2++)) + /*NULL*/; /* copy string 2 over */ + return anchor; +} + +/* + * UniStrchr: Find a character in a string + * + * Returns: + * Address of first occurrence of character in string + * or NULL if the character is not in the string + */ + static inline wchar_t * +UniStrchr(const wchar_t *ucs, wchar_t uc) +{ + while ((*ucs != uc) && *ucs) + ucs++; + + if (*ucs == uc) + return (wchar_t *) ucs; + return NULL; +} + +/* + * UniStrcmp: Compare two strings + * + * Returns: + * < 0: First string is less than second + * = 0: Strings are equal + * > 0: First string is greater than second + */ + static inline int +UniStrcmp(const wchar_t *ucs1, const wchar_t *ucs2) +{ + while ((*ucs1 == *ucs2) && *ucs1) { + ucs1++; + ucs2++; + } + return (int) *ucs1 - (int) *ucs2; +} + +/* + * UniStrcpy: Copy a string + */ + static inline wchar_t * +UniStrcpy(wchar_t *ucs1, const wchar_t *ucs2) +{ + wchar_t *anchor = ucs1; /* save the start of result string */ + + while ((*ucs1++ = *ucs2++)) + /*NULL*/; + return anchor; +} + +/* + * UniStrlen: Return the length of a string (in 16 bit Unicode chars not bytes) + */ + static inline size_t +UniStrlen(const wchar_t *ucs1) +{ + int i = 0; + + while (*ucs1++) + i++; + return i; +} + +/* + * UniStrnlen: Return the length (in 16 bit Unicode chars not bytes) of a + * string (length limited) + */ + static inline size_t +UniStrnlen(const wchar_t *ucs1, int maxlen) +{ + int i = 0; + + while (*ucs1++) { + i++; + if (i >= maxlen) + break; + } + return i; +} + +/* + * UniStrncat: Concatenate length limited string + */ + static inline wchar_t * +UniStrncat(wchar_t *ucs1, const wchar_t *ucs2, size_t n) +{ + wchar_t *anchor = ucs1; /* save pointer to string 1 */ + + while (*ucs1++) + /*NULL*/; + ucs1--; /* point to null terminator of s1 */ + while (n-- && (*ucs1 = *ucs2)) { /* copy s2 after s1 */ + ucs1++; + ucs2++; + } + *ucs1 = 0; /* Null terminate the result */ + return anchor; +} + +/* + * UniStrncmp: Compare length limited string + */ + static inline int +UniStrncmp(const wchar_t *ucs1, const wchar_t *ucs2, size_t n) +{ + if (!n) + return 0; /* Null strings are equal */ + while ((*ucs1 == *ucs2) && *ucs1 && --n) { + ucs1++; + ucs2++; + } + return (int) *ucs1 - (int) *ucs2; +} + +/* + * UniStrncmp_le: Compare length limited string - native to little-endian + */ + static inline int +UniStrncmp_le(const wchar_t *ucs1, const wchar_t *ucs2, size_t n) +{ + if (!n) + return 0; /* Null strings are equal */ + while ((*ucs1 == __le16_to_cpu(*ucs2)) && *ucs1 && --n) { + ucs1++; + ucs2++; + } + return (int) *ucs1 - (int) __le16_to_cpu(*ucs2); +} + +/* + * UniStrncpy: Copy length limited string with pad + */ + static inline wchar_t * +UniStrncpy(wchar_t *ucs1, const wchar_t *ucs2, size_t n) +{ + wchar_t *anchor = ucs1; + + while (n-- && *ucs2) /* Copy the strings */ + *ucs1++ = *ucs2++; + + n++; + while (n--) /* Pad with nulls */ + *ucs1++ = 0; + return anchor; +} + +/* + * UniStrncpy_le: Copy length limited string with pad to little-endian + */ + static inline wchar_t * +UniStrncpy_le(wchar_t *ucs1, const wchar_t *ucs2, size_t n) +{ + wchar_t *anchor = ucs1; + + while (n-- && *ucs2) /* Copy the strings */ + *ucs1++ = __le16_to_cpu(*ucs2++); + + n++; + while (n--) /* Pad with nulls */ + *ucs1++ = 0; + return anchor; +} + +/* + * UniStrstr: Find a string in a string + * + * Returns: + * Address of first match found + * NULL if no matching string is found + */ + static inline wchar_t * +UniStrstr(const wchar_t *ucs1, const wchar_t *ucs2) +{ + const wchar_t *anchor1 = ucs1; + const wchar_t *anchor2 = ucs2; + + while (*ucs1) { + if (*ucs1 == *ucs2) { + /* Partial match found */ + ucs1++; + ucs2++; + } else { + if (!*ucs2) /* Match found */ + return (wchar_t *) anchor1; + ucs1 = ++anchor1; /* No match */ + ucs2 = anchor2; + } + } + + if (!*ucs2) /* Both end together */ + return (wchar_t *) anchor1; /* Match found */ + return NULL; /* No match */ +} + +#ifndef UNIUPR_NOUPPER +/* + * UniToupper: Convert a unicode character to upper case + */ + static inline wchar_t +UniToupper(register wchar_t uc) +{ + register const struct UniCaseRange *rp; + + if (uc < sizeof(SmbUniUpperTable)) { + /* Latin characters */ + return uc + SmbUniUpperTable[uc]; /* Use base tables */ + } + + rp = SmbUniUpperRange; /* Use range tables */ + while (rp->start) { + if (uc < rp->start) /* Before start of range */ + return uc; /* Uppercase = input */ + if (uc <= rp->end) /* In range */ + return uc + rp->table[uc - rp->start]; + rp++; /* Try next range */ + } + return uc; /* Past last range */ +} + +/* + * UniStrupr: Upper case a unicode string + */ + static inline __le16 * +UniStrupr(register __le16 *upin) +{ + register __le16 *up; + + up = upin; + while (*up) { /* For all characters */ + *up = cpu_to_le16(UniToupper(le16_to_cpu(*up))); + up++; + } + return upin; /* Return input pointer */ +} +#endif /* UNIUPR_NOUPPER */ + +#ifndef UNIUPR_NOLOWER +/* + * UniTolower: Convert a unicode character to lower case + */ + static inline wchar_t +UniTolower(register wchar_t uc) +{ + register const struct UniCaseRange *rp; + + if (uc < sizeof(CifsUniLowerTable)) { + /* Latin characters */ + return uc + CifsUniLowerTable[uc]; /* Use base tables */ + } + + rp = CifsUniLowerRange; /* Use range tables */ + while (rp->start) { + if (uc < rp->start) /* Before start of range */ + return uc; /* Uppercase = input */ + if (uc <= rp->end) /* In range */ + return uc + rp->table[uc - rp->start]; + rp++; /* Try next range */ + } + return uc; /* Past last range */ +} + +/* + * UniStrlwr: Lower case a unicode string + */ + static inline wchar_t * +UniStrlwr(register wchar_t *upin) +{ + register wchar_t *up; + + up = upin; + while (*up) { /* For all characters */ + *up = UniTolower(*up); + up++; + } + return upin; /* Return input pointer */ +} + +#endif + +#endif /* _CIFS_UNICODE_H */ diff --git a/fs/cifsd/uniupr.h b/fs/cifsd/uniupr.h new file mode 100644 index 000000000000..26583b776897 --- /dev/null +++ b/fs/cifsd/uniupr.h @@ -0,0 +1,268 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Some of the source code in this file came from fs/cifs/uniupr.h + * Copyright (c) International Business Machines Corp., 2000,2002 + * + * uniupr.h - Unicode compressed case ranges + * + */ +#ifndef __KSMBD_UNIUPR_H +#define __KSMBD_UNIUPR_H + +#ifndef UNIUPR_NOUPPER +/* + * Latin upper case + */ +signed char SmbUniUpperTable[512] = { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 000-00f */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 010-01f */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 020-02f */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 030-03f */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 040-04f */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 050-05f */ + 0, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, + -32, -32, -32, -32, -32, /* 060-06f */ + -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, + -32, 0, 0, 0, 0, 0, /* 070-07f */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 080-08f */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 090-09f */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0a0-0af */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0b0-0bf */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0c0-0cf */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0d0-0df */ + -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, + -32, -32, -32, -32, -32, -32, /* 0e0-0ef */ + -32, -32, -32, -32, -32, -32, -32, 0, -32, -32, + -32, -32, -32, -32, -32, 121, /* 0f0-0ff */ + 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 100-10f */ + 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 110-11f */ + 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 120-12f */ + 0, 0, 0, -1, 0, -1, 0, -1, 0, 0, -1, 0, -1, 0, -1, 0, /* 130-13f */ + -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, 0, -1, 0, -1, 0, -1, /* 140-14f */ + 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 150-15f */ + 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 160-16f */ + 0, -1, 0, -1, 0, -1, 0, -1, 0, 0, -1, 0, -1, 0, -1, 0, /* 170-17f */ + 0, 0, 0, -1, 0, -1, 0, 0, -1, 0, 0, 0, -1, 0, 0, 0, /* 180-18f */ + 0, 0, -1, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, /* 190-19f */ + 0, -1, 0, -1, 0, -1, 0, 0, -1, 0, 0, 0, 0, -1, 0, 0, /* 1a0-1af */ + -1, 0, 0, 0, -1, 0, -1, 0, 0, -1, 0, 0, 0, -1, 0, 0, /* 1b0-1bf */ + 0, 0, 0, 0, 0, -1, -2, 0, -1, -2, 0, -1, -2, 0, -1, 0, /* 1c0-1cf */ + -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, -79, 0, -1, /* 1d0-1df */ + 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 1e0-1ef */ + 0, 0, -1, -2, 0, -1, 0, 0, 0, -1, 0, -1, 0, -1, 0, -1, /* 1f0-1ff */ +}; + +/* Upper case range - Greek */ +static signed char UniCaseRangeU03a0[47] = { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -38, -37, -37, -37, /* 3a0-3af */ + 0, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, + -32, -32, -32, -32, /* 3b0-3bf */ + -32, -32, -31, -32, -32, -32, -32, -32, -32, -32, -32, -32, -64, + -63, -63, +}; + +/* Upper case range - Cyrillic */ +static signed char UniCaseRangeU0430[48] = { + -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, + -32, -32, -32, -32, /* 430-43f */ + -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, + -32, -32, -32, -32, /* 440-44f */ + 0, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, + -80, -80, 0, -80, -80, /* 450-45f */ +}; + +/* Upper case range - Extended cyrillic */ +static signed char UniCaseRangeU0490[61] = { + 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 490-49f */ + 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 4a0-4af */ + 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 4b0-4bf */ + 0, 0, -1, 0, -1, 0, 0, 0, -1, 0, 0, 0, -1, +}; + +/* Upper case range - Extended latin and greek */ +static signed char UniCaseRangeU1e00[509] = { + 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 1e00-1e0f */ + 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 1e10-1e1f */ + 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 1e20-1e2f */ + 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 1e30-1e3f */ + 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 1e40-1e4f */ + 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 1e50-1e5f */ + 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 1e60-1e6f */ + 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 1e70-1e7f */ + 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 1e80-1e8f */ + 0, -1, 0, -1, 0, -1, 0, 0, 0, 0, 0, -59, 0, -1, 0, -1, /* 1e90-1e9f */ + 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 1ea0-1eaf */ + 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 1eb0-1ebf */ + 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 1ec0-1ecf */ + 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 1ed0-1edf */ + 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 1ee0-1eef */ + 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, 0, 0, 0, 0, 0, /* 1ef0-1eff */ + 8, 8, 8, 8, 8, 8, 8, 8, 0, 0, 0, 0, 0, 0, 0, 0, /* 1f00-1f0f */ + 8, 8, 8, 8, 8, 8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 1f10-1f1f */ + 8, 8, 8, 8, 8, 8, 8, 8, 0, 0, 0, 0, 0, 0, 0, 0, /* 1f20-1f2f */ + 8, 8, 8, 8, 8, 8, 8, 8, 0, 0, 0, 0, 0, 0, 0, 0, /* 1f30-1f3f */ + 8, 8, 8, 8, 8, 8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 1f40-1f4f */ + 0, 8, 0, 8, 0, 8, 0, 8, 0, 0, 0, 0, 0, 0, 0, 0, /* 1f50-1f5f */ + 8, 8, 8, 8, 8, 8, 8, 8, 0, 0, 0, 0, 0, 0, 0, 0, /* 1f60-1f6f */ + 74, 74, 86, 86, 86, 86, 100, 100, 0, 0, 112, 112, + 126, 126, 0, 0, /* 1f70-1f7f */ + 8, 8, 8, 8, 8, 8, 8, 8, 0, 0, 0, 0, 0, 0, 0, 0, /* 1f80-1f8f */ + 8, 8, 8, 8, 8, 8, 8, 8, 0, 0, 0, 0, 0, 0, 0, 0, /* 1f90-1f9f */ + 8, 8, 8, 8, 8, 8, 8, 8, 0, 0, 0, 0, 0, 0, 0, 0, /* 1fa0-1faf */ + 8, 8, 0, 9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 1fb0-1fbf */ + 0, 0, 0, 9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 1fc0-1fcf */ + 8, 8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 1fd0-1fdf */ + 8, 8, 0, 0, 0, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 1fe0-1fef */ + 0, 0, 0, 9, 0, 0, 0, 0, 0, 0, 0, 0, 0, +}; + +/* Upper case range - Wide latin */ +static signed char UniCaseRangeUff40[27] = { + 0, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, + -32, -32, -32, -32, -32, /* ff40-ff4f */ + -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, +}; + +/* + * Upper Case Range + */ +const struct UniCaseRange SmbUniUpperRange[] = { + {0x03a0, 0x03ce, UniCaseRangeU03a0}, + {0x0430, 0x045f, UniCaseRangeU0430}, + {0x0490, 0x04cc, UniCaseRangeU0490}, + {0x1e00, 0x1ffc, UniCaseRangeU1e00}, + {0xff40, 0xff5a, UniCaseRangeUff40}, + {0} +}; +#endif + +#ifndef UNIUPR_NOLOWER +/* + * Latin lower case + */ +signed char CifsUniLowerTable[512] = { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 000-00f */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 010-01f */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 020-02f */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 030-03f */ + 0, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, + 32, 32, 32, /* 040-04f */ + 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 0, 0, + 0, 0, 0, /* 050-05f */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 060-06f */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 070-07f */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 080-08f */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 090-09f */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0a0-0af */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0b0-0bf */ + 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, + 32, 32, 32, 32, /* 0c0-0cf */ + 32, 32, 32, 32, 32, 32, 32, 0, 32, 32, 32, 32, + 32, 32, 32, 0, /* 0d0-0df */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0e0-0ef */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0f0-0ff */ + 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 100-10f */ + 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 110-11f */ + 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 120-12f */ + 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 1, /* 130-13f */ + 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, /* 140-14f */ + 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 150-15f */ + 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 160-16f */ + 1, 0, 1, 0, 1, 0, 1, 0, -121, 1, 0, 1, 0, 1, 0, + 0, /* 170-17f */ + 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 79, + 0, /* 180-18f */ + 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, /* 190-19f */ + 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, /* 1a0-1af */ + 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, /* 1b0-1bf */ + 0, 0, 0, 0, 2, 1, 0, 2, 1, 0, 2, 1, 0, 1, 0, 1, /* 1c0-1cf */ + 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, /* 1d0-1df */ + 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 1e0-1ef */ + 0, 2, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 1f0-1ff */ +}; + +/* Lower case range - Greek */ +static signed char UniCaseRangeL0380[44] = { + 0, 0, 0, 0, 0, 0, 38, 0, 37, 37, 37, 0, 64, 0, 63, 63, /* 380-38f */ + 0, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, + 32, 32, 32, /* 390-39f */ + 32, 32, 0, 32, 32, 32, 32, 32, 32, 32, 32, 32, +}; + +/* Lower case range - Cyrillic */ +static signed char UniCaseRangeL0400[48] = { + 0, 80, 80, 80, 80, 80, 80, 80, 80, 80, 80, 80, 80, + 0, 80, 80, /* 400-40f */ + 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, + 32, 32, 32, /* 410-41f */ + 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, + 32, 32, 32, /* 420-42f */ +}; + +/* Lower case range - Extended cyrillic */ +static signed char UniCaseRangeL0490[60] = { + 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 490-49f */ + 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 4a0-4af */ + 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 4b0-4bf */ + 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, +}; + +/* Lower case range - Extended latin and greek */ +static signed char UniCaseRangeL1e00[504] = { + 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 1e00-1e0f */ + 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 1e10-1e1f */ + 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 1e20-1e2f */ + 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 1e30-1e3f */ + 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 1e40-1e4f */ + 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 1e50-1e5f */ + 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 1e60-1e6f */ + 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 1e70-1e7f */ + 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 1e80-1e8f */ + 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, /* 1e90-1e9f */ + 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 1ea0-1eaf */ + 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 1eb0-1ebf */ + 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 1ec0-1ecf */ + 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 1ed0-1edf */ + 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 1ee0-1eef */ + 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, /* 1ef0-1eff */ + 0, 0, 0, 0, 0, 0, 0, 0, -8, -8, -8, -8, -8, -8, -8, -8, /* 1f00-1f0f */ + 0, 0, 0, 0, 0, 0, 0, 0, -8, -8, -8, -8, -8, -8, 0, 0, /* 1f10-1f1f */ + 0, 0, 0, 0, 0, 0, 0, 0, -8, -8, -8, -8, -8, -8, -8, -8, /* 1f20-1f2f */ + 0, 0, 0, 0, 0, 0, 0, 0, -8, -8, -8, -8, -8, -8, -8, -8, /* 1f30-1f3f */ + 0, 0, 0, 0, 0, 0, 0, 0, -8, -8, -8, -8, -8, -8, 0, 0, /* 1f40-1f4f */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, -8, 0, -8, 0, -8, 0, -8, /* 1f50-1f5f */ + 0, 0, 0, 0, 0, 0, 0, 0, -8, -8, -8, -8, -8, -8, -8, -8, /* 1f60-1f6f */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 1f70-1f7f */ + 0, 0, 0, 0, 0, 0, 0, 0, -8, -8, -8, -8, -8, -8, -8, -8, /* 1f80-1f8f */ + 0, 0, 0, 0, 0, 0, 0, 0, -8, -8, -8, -8, -8, -8, -8, -8, /* 1f90-1f9f */ + 0, 0, 0, 0, 0, 0, 0, 0, -8, -8, -8, -8, -8, -8, -8, -8, /* 1fa0-1faf */ + 0, 0, 0, 0, 0, 0, 0, 0, -8, -8, -74, -74, -9, 0, 0, 0, /* 1fb0-1fbf */ + 0, 0, 0, 0, 0, 0, 0, 0, -86, -86, -86, -86, -9, 0, + 0, 0, /* 1fc0-1fcf */ + 0, 0, 0, 0, 0, 0, 0, 0, -8, -8, -100, -100, 0, 0, 0, 0, /* 1fd0-1fdf */ + 0, 0, 0, 0, 0, 0, 0, 0, -8, -8, -112, -112, -7, 0, + 0, 0, /* 1fe0-1fef */ + 0, 0, 0, 0, 0, 0, 0, 0, +}; + +/* Lower case range - Wide latin */ +static signed char UniCaseRangeLff20[27] = { + 0, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, + 32, /* ff20-ff2f */ + 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, +}; + +/* + * Lower Case Range + */ +const struct UniCaseRange CifsUniLowerRange[] = { + {0x0380, 0x03ab, UniCaseRangeL0380}, + {0x0400, 0x042f, UniCaseRangeL0400}, + {0x0490, 0x04cb, UniCaseRangeL0490}, + {0x1e00, 0x1ff7, UniCaseRangeL1e00}, + {0xff20, 0xff3a, UniCaseRangeLff20}, + {0} +}; +#endif + +#endif /* __KSMBD_UNIUPR_H */

From patchwork Mon Nov 14 12:48:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183099 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:12 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:12 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:12 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 003/308] cifsd: add file operations Date: Mon, 14 Nov 2022 20:48:32 +0800 Message-ID: 20221114125337.1831594-4-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 7b8cc0f0-ecb7-4957-b523-08dac63c415c X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.8511994 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit f44158485826c076335d6860d35872271a83791d category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/f44158485826

-------------------------------

This adds file operations and buffer pool for cifsd.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Sergey Senozhatsky sergey.senozhatsky@gmail.com Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Acked-by: Ronnie Sahlberg lsahlber@redhat.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/buffer_pool.c | 292 ++++++ fs/cifsd/buffer_pool.h | 28 + fs/cifsd/vfs.c | 1989 ++++++++++++++++++++++++++++++++++++++++ fs/cifsd/vfs.h | 314 +++++++ fs/cifsd/vfs_cache.c | 855 +++++++++++++++++ fs/cifsd/vfs_cache.h | 213 +++++ 6 files changed, 3691 insertions(+) create mode 100644 fs/cifsd/buffer_pool.c create mode 100644 fs/cifsd/buffer_pool.h create mode 100644 fs/cifsd/vfs.c create mode 100644 fs/cifsd/vfs.h create mode 100644 fs/cifsd/vfs_cache.c create mode 100644 fs/cifsd/vfs_cache.h

diff --git a/fs/cifsd/buffer_pool.c b/fs/cifsd/buffer_pool.c new file mode 100644 index 000000000000..864fea547c68 --- /dev/null +++ b/fs/cifsd/buffer_pool.c @@ -0,0 +1,292 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#include <linux/kernel.h> +#include <linux/wait.h> +#include <linux/sched.h> +#include <linux/mm.h> +#include <linux/slab.h> +#include <linux/vmalloc.h> +#include <linux/rwlock.h> + +#include "glob.h" +#include "buffer_pool.h" +#include "connection.h" +#include "mgmt/ksmbd_ida.h" + +static struct kmem_cache *filp_cache; + +struct wm { + struct list_head list; + unsigned int sz; + char buffer[0]; +}; + +struct wm_list { + struct list_head list; + unsigned int sz; + + spinlock_t wm_lock; + int avail_wm; + struct list_head idle_wm; + wait_queue_head_t wm_wait; +}; + +static LIST_HEAD(wm_lists); +static DEFINE_RWLOCK(wm_lists_lock); + +void *ksmbd_alloc(size_t size) +{ + return kvmalloc(size, GFP_KERNEL | __GFP_ZERO); +} + +void ksmbd_free(void *ptr) +{ + kvfree(ptr); +} + +static struct wm *wm_alloc(size_t sz, gfp_t flags) +{ + struct wm *wm; + size_t alloc_sz = sz + sizeof(struct wm); + + wm = kvmalloc(alloc_sz, flags); + if (!wm) + return NULL; + wm->sz = sz; + return wm; +} + +static int register_wm_size_class(size_t sz) +{ + struct wm_list *l, *nl; + + nl = kvmalloc(sizeof(struct wm_list), GFP_KERNEL); + if (!nl) + return -ENOMEM; + + nl->sz = sz; + spin_lock_init(&nl->wm_lock); + INIT_LIST_HEAD(&nl->idle_wm); + INIT_LIST_HEAD(&nl->list); + init_waitqueue_head(&nl->wm_wait); + nl->avail_wm = 0; + + write_lock(&wm_lists_lock); + list_for_each_entry(l, &wm_lists, list) { + if (l->sz == sz) { + write_unlock(&wm_lists_lock); + kvfree(nl); + return 0; + } + } + + list_add(&nl->list, &wm_lists); + write_unlock(&wm_lists_lock); + return 0; +} + +static struct wm_list *match_wm_list(size_t size) +{ + struct wm_list *l, *rl = NULL; + + read_lock(&wm_lists_lock); + list_for_each_entry(l, &wm_lists, list) { + if (l->sz == size) { + rl = l; + break; + } + } + read_unlock(&wm_lists_lock); + return rl; +} + +static struct wm *find_wm(size_t size) +{ + struct wm_list *wm_list; + struct wm *wm; + + wm_list = match_wm_list(size); + if (!wm_list) { + if (register_wm_size_class(size)) + return NULL; + wm_list = match_wm_list(size); + } + + if (!wm_list) + return NULL; + + while (1) { + spin_lock(&wm_list->wm_lock); + if (!list_empty(&wm_list->idle_wm)) { + wm = list_entry(wm_list->idle_wm.next, + struct wm, + list); + list_del(&wm->list); + spin_unlock(&wm_list->wm_lock); + return wm; + } + + if (wm_list->avail_wm > num_online_cpus()) { + spin_unlock(&wm_list->wm_lock); + wait_event(wm_list->wm_wait, + !list_empty(&wm_list->idle_wm)); + continue; + } + + wm_list->avail_wm++; + spin_unlock(&wm_list->wm_lock); + + wm = wm_alloc(size, GFP_KERNEL); + if (!wm) { + spin_lock(&wm_list->wm_lock); + wm_list->avail_wm--; + spin_unlock(&wm_list->wm_lock); + wait_event(wm_list->wm_wait, + !list_empty(&wm_list->idle_wm)); + continue; + } + break; + } + + return wm; +} + +static void release_wm(struct wm *wm, struct wm_list *wm_list) +{ + if (!wm) + return; + + spin_lock(&wm_list->wm_lock); + if (wm_list->avail_wm <= num_online_cpus()) { + list_add(&wm->list, &wm_list->idle_wm); + spin_unlock(&wm_list->wm_lock); + wake_up(&wm_list->wm_wait); + return; + } + + wm_list->avail_wm--; + spin_unlock(&wm_list->wm_lock); + ksmbd_free(wm); +} + +static void wm_list_free(struct wm_list *l) +{ + struct wm *wm; + + while (!list_empty(&l->idle_wm)) { + wm = list_entry(l->idle_wm.next, struct wm, list); + list_del(&wm->list); + kvfree(wm); + } + kvfree(l); +} + +static void wm_lists_destroy(void) +{ + struct wm_list *l; + + while (!list_empty(&wm_lists)) { + l = list_entry(wm_lists.next, struct wm_list, list); + list_del(&l->list); + wm_list_free(l); + } +} + +void ksmbd_free_request(void *addr) +{ + kvfree(addr); +} + +void *ksmbd_alloc_request(size_t size) +{ + return kvmalloc(size, GFP_KERNEL); +} + +void ksmbd_free_response(void *buffer) +{ + kvfree(buffer); +} + +void *ksmbd_alloc_response(size_t size) +{ + return kvmalloc(size, GFP_KERNEL | __GFP_ZERO); +} + +void *ksmbd_find_buffer(size_t size) +{ + struct wm *wm; + + wm = find_wm(size); + + WARN_ON(!wm); + if (wm) + return wm->buffer; + return NULL; +} + +void ksmbd_release_buffer(void *buffer) +{ + struct wm_list *wm_list; + struct wm *wm; + + if (!buffer) + return; + + wm = container_of(buffer, struct wm, buffer); + wm_list = match_wm_list(wm->sz); + WARN_ON(!wm_list); + if (wm_list) + release_wm(wm, wm_list); +} + +void *ksmbd_realloc_response(void *ptr, size_t old_sz, size_t new_sz) +{ + size_t sz = min(old_sz, new_sz); + void *nptr; + + nptr = ksmbd_alloc_response(new_sz); + if (!nptr) + return ptr; + memcpy(nptr, ptr, sz); + ksmbd_free_response(ptr); + return nptr; +} + +void ksmbd_free_file_struct(void *filp) +{ + kmem_cache_free(filp_cache, filp); +} + +void *ksmbd_alloc_file_struct(void) +{ + return kmem_cache_zalloc(filp_cache, GFP_KERNEL); +} + +void ksmbd_destroy_buffer_pools(void) +{ + wm_lists_destroy(); + ksmbd_work_pool_destroy(); + kmem_cache_destroy(filp_cache); +} + +int ksmbd_init_buffer_pools(void) +{ + if (ksmbd_work_pool_init()) + goto out; + + filp_cache = kmem_cache_create("ksmbd_file_cache", + sizeof(struct ksmbd_file), 0, + SLAB_HWCACHE_ALIGN, NULL); + if (!filp_cache) + goto out; + + return 0; + +out: + ksmbd_err("failed to allocate memory\n"); + ksmbd_destroy_buffer_pools(); + return -ENOMEM; +} diff --git a/fs/cifsd/buffer_pool.h b/fs/cifsd/buffer_pool.h new file mode 100644 index 000000000000..2b3d03afcf27 --- /dev/null +++ b/fs/cifsd/buffer_pool.h @@ -0,0 +1,28 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#ifndef __KSMBD_BUFFER_POOL_H__ +#define __KSMBD_BUFFER_POOL_H__ + +void *ksmbd_find_buffer(size_t size); +void ksmbd_release_buffer(void *buffer); + +void *ksmbd_alloc(size_t size); +void ksmbd_free(void *ptr); + +void ksmbd_free_request(void *addr); +void *ksmbd_alloc_request(size_t size); +void ksmbd_free_response(void *buffer); +void *ksmbd_alloc_response(size_t size); + +void *ksmbd_realloc_response(void *ptr, size_t old_sz, size_t new_sz); + +void ksmbd_free_file_struct(void *filp); +void *ksmbd_alloc_file_struct(void); + +void ksmbd_destroy_buffer_pools(void); +int ksmbd_init_buffer_pools(void); + +#endif /* __KSMBD_BUFFER_POOL_H__ */ diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c new file mode 100644 index 000000000000..00f80ca45690 --- /dev/null +++ b/fs/cifsd/vfs.c @@ -0,0 +1,1989 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2016 Namjae Jeon linkinjeon@kernel.org + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#include <linux/kernel.h> +#include <linux/fs.h> +#include <linux/uaccess.h> +#include <linux/backing-dev.h> +#include <linux/writeback.h> +#include <linux/version.h> +#include <linux/xattr.h> +#include <linux/falloc.h> +#include <linux/genhd.h> +#include <linux/blkdev.h> +#include <linux/fsnotify.h> +#include <linux/dcache.h> +#include <linux/slab.h> +#include <linux/vmalloc.h> +#include <linux/sched/xacct.h> +#include <linux/crc32c.h> + +#include "glob.h" +#include "oplock.h" +#include "connection.h" +#include "buffer_pool.h" +#include "vfs.h" +#include "vfs_cache.h" +#include "smbacl.h" +#include "ndr.h" +#include "auth.h" + +#include "time_wrappers.h" +#include "smb_common.h" +#include "mgmt/share_config.h" +#include "mgmt/tree_connect.h" +#include "mgmt/user_session.h" +#include "mgmt/user_config.h" + +static char *extract_last_component(char *path) +{ + char *p = strrchr(path, '/'); + + if (p && p[1] != '\0') { + *p = '\0'; + p++; + } else { + p = NULL; + ksmbd_err("Invalid path %s\n", path); + } + return p; +} + +static void rollback_path_modification(char *filename) +{ + if (filename) { + filename--; + *filename = '/'; + } +} + +static void ksmbd_vfs_inherit_owner(struct ksmbd_work *work, + struct inode *parent_inode, + struct inode *inode) +{ + if (!test_share_config_flag(work->tcon->share_conf, + KSMBD_SHARE_FLAG_INHERIT_OWNER)) + return; + + i_uid_write(inode, i_uid_read(parent_inode)); +} + +static void ksmbd_vfs_inherit_smack(struct ksmbd_work *work, + struct dentry *dir_dentry, + struct dentry *dentry) +{ + char *name, *xattr_list = NULL, *smack_buf; + int value_len, xattr_list_len; + + if (!test_share_config_flag(work->tcon->share_conf, + KSMBD_SHARE_FLAG_INHERIT_SMACK)) + return; + + xattr_list_len = ksmbd_vfs_listxattr(dir_dentry, &xattr_list); + if (xattr_list_len < 0) { + goto out; + } else if (!xattr_list_len) { + ksmbd_err("no ea data in the file\n"); + return; + } + + for (name = xattr_list; name - xattr_list < xattr_list_len; + name += strlen(name) + 1) { + int rc; + + ksmbd_debug(VFS, "%s, len %zd\n", name, strlen(name)); + if (strcmp(name, XATTR_NAME_SMACK)) + continue; + + value_len = ksmbd_vfs_getxattr(dir_dentry, name, &smack_buf); + if (value_len <= 0) + continue; + + rc = ksmbd_vfs_setxattr(dentry, XATTR_NAME_SMACK, smack_buf, + value_len, 0); + ksmbd_free(smack_buf); + if (rc < 0) + ksmbd_err("ksmbd_vfs_setxattr() failed: %d\n", rc); + } +out: + ksmbd_vfs_xattr_free(xattr_list); +} + +int ksmbd_vfs_inode_permission(struct dentry *dentry, int acc_mode, bool delete) +{ + int mask; + + mask = 0; + acc_mode &= O_ACCMODE; + + if (acc_mode == O_RDONLY) + mask = MAY_READ; + else if (acc_mode == O_WRONLY) + mask = MAY_WRITE; + else if (acc_mode == O_RDWR) + mask = MAY_READ | MAY_WRITE; + + if (inode_permission(&init_user_ns, d_inode(dentry), mask | MAY_OPEN)) + return -EACCES; + + if (delete) { + struct dentry *parent; + + parent = dget_parent(dentry); + if (!parent) + return -EINVAL; + + if (inode_permission(&init_user_ns, d_inode(parent), MAY_EXEC | MAY_WRITE)) { + dput(parent); + return -EACCES; + } + dput(parent); + } + return 0; +} + +int ksmbd_vfs_query_maximal_access(struct dentry *dentry, __le32 *daccess) +{ + struct dentry *parent; + + *daccess = cpu_to_le32(FILE_READ_ATTRIBUTES | READ_CONTROL); + + if (!inode_permission(&init_user_ns, d_inode(dentry), MAY_OPEN | MAY_WRITE)) + *daccess |= cpu_to_le32(WRITE_DAC | WRITE_OWNER | SYNCHRONIZE | + FILE_WRITE_DATA | FILE_APPEND_DATA | + FILE_WRITE_EA | FILE_WRITE_ATTRIBUTES | + FILE_DELETE_CHILD); + + if (!inode_permission(&init_user_ns, d_inode(dentry), MAY_OPEN | MAY_READ)) + *daccess |= FILE_READ_DATA_LE | FILE_READ_EA_LE; + + if (!inode_permission(&init_user_ns, d_inode(dentry), MAY_OPEN | MAY_EXEC)) + *daccess |= FILE_EXECUTE_LE; + + parent = dget_parent(dentry); + if (!parent) + return 0; + + if (!inode_permission(&init_user_ns, d_inode(parent), MAY_EXEC | MAY_WRITE)) + *daccess |= FILE_DELETE_LE; + dput(parent); + return 0; +} + + +/** + * ksmbd_vfs_create() - vfs helper for smb create file + * @work: work + * @name: file name + * @mode: file create mode + * + * Return: 0 on success, otherwise error + */ +int ksmbd_vfs_create(struct ksmbd_work *work, + const char *name, + umode_t mode) +{ + struct path path; + struct dentry *dentry; + int err; + + dentry = kern_path_create(AT_FDCWD, name, &path, 0); + if (IS_ERR(dentry)) { + err = PTR_ERR(dentry); + if (err != -ENOENT) + ksmbd_err("path create failed for %s, err %d\n", + name, err); + return err; + } + + mode |= S_IFREG; + err = vfs_create(&init_user_ns, d_inode(path.dentry), dentry, mode, true); + if (!err) { + ksmbd_vfs_inherit_owner(work, d_inode(path.dentry), + d_inode(dentry)); + ksmbd_vfs_inherit_smack(work, path.dentry, dentry); + } else { + ksmbd_err("File(%s): creation failed (err:%d)\n", name, err); + } + done_path_create(&path, dentry); + return err; +} + +/** + * ksmbd_vfs_mkdir() - vfs helper for smb create directory + * @work: work + * @name: directory name + * @mode: directory create mode + * + * Return: 0 on success, otherwise error + */ +int ksmbd_vfs_mkdir(struct ksmbd_work *work, + const char *name, + umode_t mode) +{ + struct path path; + struct dentry *dentry; + int err; + + dentry = kern_path_create(AT_FDCWD, name, &path, LOOKUP_DIRECTORY); + if (IS_ERR(dentry)) { + err = PTR_ERR(dentry); + if (err != -EEXIST) + ksmbd_debug(VFS, "path create failed for %s, err %d\n", + name, err); + return err; + } + + mode |= S_IFDIR; + err = vfs_mkdir(&init_user_ns, d_inode(path.dentry), dentry, mode); + if (!err) { + ksmbd_vfs_inherit_owner(work, d_inode(path.dentry), + d_inode(dentry)); + ksmbd_vfs_inherit_smack(work, path.dentry, dentry); + } else + ksmbd_err("mkdir(%s): creation failed (err:%d)\n", name, err); + + done_path_create(&path, dentry); + return err; +} + +static ssize_t ksmbd_vfs_getcasexattr(struct dentry *dentry, + char *attr_name, + int attr_name_len, + char **attr_value) +{ + char *name, *xattr_list = NULL; + ssize_t value_len = -ENOENT, xattr_list_len; + + xattr_list_len = ksmbd_vfs_listxattr(dentry, &xattr_list); + if (xattr_list_len <= 0) + goto out; + + for (name = xattr_list; name - xattr_list < xattr_list_len; + name += strlen(name) + 1) { + ksmbd_debug(VFS, "%s, len %zd\n", name, strlen(name)); + if (strncasecmp(attr_name, name, attr_name_len)) + continue; + + value_len = ksmbd_vfs_getxattr(dentry, + name, + attr_value); + if (value_len < 0) + ksmbd_err("failed to get xattr in file\n"); + break; + } + +out: + ksmbd_vfs_xattr_free(xattr_list); + return value_len; +} + +static int ksmbd_vfs_stream_read(struct ksmbd_file *fp, char *buf, loff_t *pos, + size_t count) +{ + ssize_t v_len; + char *stream_buf = NULL; + int err; + + ksmbd_debug(VFS, "read stream data pos : %llu, count : %zd\n", + *pos, count); + + v_len = ksmbd_vfs_getcasexattr(fp->filp->f_path.dentry, + fp->stream.name, + fp->stream.size, + &stream_buf); + if (v_len == -ENOENT) { + ksmbd_err("not found stream in xattr : %zd\n", v_len); + err = -ENOENT; + return err; + } + + memcpy(buf, &stream_buf[*pos], count); + return v_len > count ? count : v_len; +} + +/** + * check_lock_range() - vfs helper for smb byte range file locking + * @filp: the file to apply the lock to + * @start: lock start byte offset + * @end: lock end byte offset + * @type: byte range type read/write + * + * Return: 0 on success, otherwise error + */ +static int check_lock_range(struct file *filp, + loff_t start, + loff_t end, + unsigned char type) +{ + struct file_lock *flock; + struct file_lock_context *ctx = file_inode(filp)->i_flctx; + int error = 0; + + if (!ctx || list_empty_careful(&ctx->flc_posix)) + return 0; + + spin_lock(&ctx->flc_lock); + list_for_each_entry(flock, &ctx->flc_posix, fl_list) { + /* check conflict locks */ + if (flock->fl_end >= start && end >= flock->fl_start) { + if (flock->fl_type == F_RDLCK) { + if (type == WRITE) { + ksmbd_err("not allow write by shared lock\n"); + error = 1; + goto out; + } + } else if (flock->fl_type == F_WRLCK) { + /* check owner in lock */ + if (flock->fl_file != filp) { + error = 1; + ksmbd_err("not allow rw access by exclusive lock from other opens\n"); + goto out; + } + } + } + } +out: + spin_unlock(&ctx->flc_lock); + return error; +} + +/** + * ksmbd_vfs_read() - vfs helper for smb file read + * @work: smb work + * @fid: file id of open file + * @count: read byte count + * @pos: file pos + * + * Return: number of read bytes on success, otherwise error + */ +int ksmbd_vfs_read(struct ksmbd_work *work, + struct ksmbd_file *fp, + size_t count, + loff_t *pos) +{ + struct file *filp; + ssize_t nbytes = 0; + char *rbuf, *name; + struct inode *inode; + char namebuf[NAME_MAX]; + int ret; + + rbuf = AUX_PAYLOAD(work); + filp = fp->filp; + inode = d_inode(filp->f_path.dentry); + if (S_ISDIR(inode->i_mode)) + return -EISDIR; + + if (unlikely(count == 0)) + return 0; + + if (work->conn->connection_type) { + if (!(fp->daccess & (FILE_READ_DATA_LE | FILE_EXECUTE_LE))) { + ksmbd_err("no right to read(%s)\n", FP_FILENAME(fp)); + return -EACCES; + } + } + + if (ksmbd_stream_fd(fp)) + return ksmbd_vfs_stream_read(fp, rbuf, pos, count); + + ret = check_lock_range(filp, *pos, *pos + count - 1, + READ); + if (ret) { + ksmbd_err("unable to read due to lock\n"); + return -EAGAIN; + } + + nbytes = kernel_read(filp, rbuf, count, pos); + if (nbytes < 0) { + name = d_path(&filp->f_path, namebuf, sizeof(namebuf)); + if (IS_ERR(name)) + name = "(error)"; + ksmbd_err("smb read failed for (%s), err = %zd\n", + name, nbytes); + return nbytes; + } + + filp->f_pos = *pos; + return nbytes; +} + +static int ksmbd_vfs_stream_write(struct ksmbd_file *fp, char *buf, loff_t *pos, + size_t count) +{ + char *stream_buf = NULL, *wbuf; + size_t size, v_len; + int err = 0; + + ksmbd_debug(VFS, "write stream data pos : %llu, count : %zd\n", + *pos, count); + + size = *pos + count; + if (size > XATTR_SIZE_MAX) { + size = XATTR_SIZE_MAX; + count = (*pos + count) - XATTR_SIZE_MAX; + } + + v_len = ksmbd_vfs_getcasexattr(fp->filp->f_path.dentry, + fp->stream.name, + fp->stream.size, + &stream_buf); + if (v_len == -ENOENT) { + ksmbd_err("not found stream in xattr : %zd\n", v_len); + err = -ENOENT; + goto out; + } + + if (v_len < size) { + wbuf = ksmbd_alloc(size); + if (!wbuf) { + err = -ENOMEM; + goto out; + } + + if (v_len > 0) + memcpy(wbuf, stream_buf, v_len); + stream_buf = wbuf; + } + + memcpy(&stream_buf[*pos], buf, count); + + err = ksmbd_vfs_setxattr(fp->filp->f_path.dentry, + fp->stream.name, + (void *)stream_buf, + size, + 0); + if (err < 0) + goto out; + + fp->filp->f_pos = *pos; + err = 0; +out: + ksmbd_free(stream_buf); + return err; +} + +/** + * ksmbd_vfs_write() - vfs helper for smb file write + * @work: work + * @fid: file id of open file + * @buf: buf containing data for writing + * @count: read byte count + * @pos: file pos + * @sync: fsync after write + * @written: number of bytes written + * + * Return: 0 on success, otherwise error + */ +int ksmbd_vfs_write(struct ksmbd_work *work, struct ksmbd_file *fp, + char *buf, size_t count, loff_t *pos, bool sync, ssize_t *written) +{ + struct ksmbd_session *sess = work->sess; + struct file *filp; + loff_t offset = *pos; + int err = 0; + + if (sess->conn->connection_type) { + if (!(fp->daccess & FILE_WRITE_DATA_LE)) { + ksmbd_err("no right to write(%s)\n", FP_FILENAME(fp)); + err = -EACCES; + goto out; + } + } + + filp = fp->filp; + + if (ksmbd_stream_fd(fp)) { + err = ksmbd_vfs_stream_write(fp, buf, pos, count); + if (!err) + *written = count; + goto out; + } + + err = check_lock_range(filp, *pos, *pos + count - 1, WRITE); + if (err) { + ksmbd_err("unable to write due to lock\n"); + err = -EAGAIN; + goto out; + } + + /* Do we need to break any of a levelII oplock? */ + smb_break_all_levII_oplock(work, fp, 1); + + err = kernel_write(filp, buf, count, pos); + if (err < 0) { + ksmbd_debug(VFS, "smb write failed, err = %d\n", err); + goto out; + } + + filp->f_pos = *pos; + *written = err; + err = 0; + if (sync) { + err = vfs_fsync_range(filp, offset, offset + *written, 0); + if (err < 0) + ksmbd_err("fsync failed for filename = %s, err = %d\n", + FP_FILENAME(fp), err); + } + +out: + return err; +} + +/** + * ksmbd_vfs_getattr() - vfs helper for smb getattr + * @work: work + * @fid: file id of open file + * @attrs: inode attributes + * + * Return: 0 on success, otherwise error + */ +int ksmbd_vfs_getattr(struct path *path, struct kstat *stat) +{ + int err; + + err = vfs_getattr(path, stat, STATX_BTIME, AT_STATX_SYNC_AS_STAT); + if (err) + ksmbd_err("getattr failed, err %d\n", err); + return err; +} + +/** + * ksmbd_vfs_fsync() - vfs helper for smb fsync + * @work: work + * @fid: file id of open file + * + * Return: 0 on success, otherwise error + */ +int ksmbd_vfs_fsync(struct ksmbd_work *work, uint64_t fid, uint64_t p_id) +{ + struct ksmbd_file *fp; + int err; + + fp = ksmbd_lookup_fd_slow(work, fid, p_id); + if (!fp) { + ksmbd_err("failed to get filp for fid %llu\n", fid); + return -ENOENT; + } + err = vfs_fsync(fp->filp, 0); + if (err < 0) + ksmbd_err("smb fsync failed, err = %d\n", err); + ksmbd_fd_put(work, fp); + return err; +} + +/** + * ksmbd_vfs_remove_file() - vfs helper for smb rmdir or unlink + * @name: absolute directory or file name + * + * Return: 0 on success, otherwise error + */ +int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name) +{ + struct path parent; + struct dentry *dir, *dentry; + char *last; + int err = -ENOENT; + + last = extract_last_component(name); + if (!last) + return -ENOENT; + + if (ksmbd_override_fsids(work)) + return -ENOMEM; + + err = kern_path(name, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &parent); + if (err) { + ksmbd_debug(VFS, "can't get %s, err %d\n", name, err); + ksmbd_revert_fsids(work); + rollback_path_modification(last); + return err; + } + + dir = parent.dentry; + if (!d_inode(dir)) + goto out; + + inode_lock_nested(d_inode(dir), I_MUTEX_PARENT); + dentry = lookup_one_len(last, dir, strlen(last)); + if (IS_ERR(dentry)) { + err = PTR_ERR(dentry); + ksmbd_debug(VFS, "%s: lookup failed, err %d\n", last, err); + goto out_err; + } + + if (!d_inode(dentry) || !d_inode(dentry)->i_nlink) { + dput(dentry); + err = -ENOENT; + goto out_err; + } + + if (S_ISDIR(d_inode(dentry)->i_mode)) { + err = vfs_rmdir(&init_user_ns, d_inode(dir), dentry); + if (err && err != -ENOTEMPTY) + ksmbd_debug(VFS, "%s: rmdir failed, err %d\n", name, + err); + } else { + err = vfs_unlink(&init_user_ns, d_inode(dir), dentry, NULL); + if (err) + ksmbd_debug(VFS, "%s: unlink failed, err %d\n", name, + err); + } + + dput(dentry); +out_err: + inode_unlock(d_inode(dir)); +out: + rollback_path_modification(last); + path_put(&parent); + ksmbd_revert_fsids(work); + return err; +} + +/** + * ksmbd_vfs_link() - vfs helper for creating smb hardlink + * @oldname: source file name + * @newname: hardlink name + * + * Return: 0 on success, otherwise error + */ +int ksmbd_vfs_link(struct ksmbd_work *work, + const char *oldname, const char *newname) +{ + struct path oldpath, newpath; + struct dentry *dentry; + int err; + + if (ksmbd_override_fsids(work)) + return -ENOMEM; + + err = kern_path(oldname, LOOKUP_FOLLOW, &oldpath); + if (err) { + ksmbd_err("cannot get linux path for %s, err = %d\n", + oldname, err); + goto out1; + } + + dentry = kern_path_create(AT_FDCWD, newname, &newpath, + LOOKUP_FOLLOW | LOOKUP_REVAL); + if (IS_ERR(dentry)) { + err = PTR_ERR(dentry); + ksmbd_err("path create err for %s, err %d\n", newname, err); + goto out2; + } + + err = -EXDEV; + if (oldpath.mnt != newpath.mnt) { + ksmbd_err("vfs_link failed err %d\n", err); + goto out3; + } + + err = vfs_link(oldpath.dentry, &init_user_ns, d_inode(newpath.dentry), + dentry, NULL); + if (err) + ksmbd_debug(VFS, "vfs_link failed err %d\n", err); + +out3: + done_path_create(&newpath, dentry); +out2: + path_put(&oldpath); +out1: + ksmbd_revert_fsids(work); + return err; +} + +static int __ksmbd_vfs_rename(struct ksmbd_work *work, + struct dentry *src_dent_parent, + struct dentry *src_dent, + struct dentry *dst_dent_parent, + struct dentry *trap_dent, + char *dst_name) +{ + struct dentry *dst_dent; + int err; + + spin_lock(&src_dent->d_lock); + list_for_each_entry(dst_dent, &src_dent->d_subdirs, d_child) { + struct ksmbd_file *child_fp; + + if (d_really_is_negative(dst_dent)) + continue; + + child_fp = ksmbd_lookup_fd_inode(d_inode(dst_dent)); + if (child_fp) { + spin_unlock(&src_dent->d_lock); + ksmbd_debug(VFS, "Forbid rename, sub file/dir is in use\n"); + return -EACCES; + } + } + spin_unlock(&src_dent->d_lock); + + if (d_really_is_negative(src_dent_parent)) + return -ENOENT; + if (d_really_is_negative(dst_dent_parent)) + return -ENOENT; + if (d_really_is_negative(src_dent)) + return -ENOENT; + if (src_dent == trap_dent) + return -EINVAL; + + if (ksmbd_override_fsids(work)) + return -ENOMEM; + + dst_dent = lookup_one_len(dst_name, dst_dent_parent, strlen(dst_name)); + err = PTR_ERR(dst_dent); + if (IS_ERR(dst_dent)) { + ksmbd_err("lookup failed %s [%d]\n", dst_name, err); + goto out; + } + + err = -ENOTEMPTY; + if (dst_dent != trap_dent && !d_really_is_positive(dst_dent)) { + struct renamedata rd = { + .old_mnt_userns = &init_user_ns, + .old_dir = d_inode(src_dent_parent), + .old_dentry = src_dent, + .new_mnt_userns = &init_user_ns, + .new_dir = d_inode(dst_dent_parent), + .new_dentry = dst_dent, + }; + err = vfs_rename(&rd); + } + if (err) + ksmbd_err("vfs_rename failed err %d\n", err); + if (dst_dent) + dput(dst_dent); +out: + ksmbd_revert_fsids(work); + return err; +} + +int ksmbd_vfs_fp_rename(struct ksmbd_work *work, struct ksmbd_file *fp, + char *newname) +{ + struct path dst_path; + struct dentry *src_dent_parent, *dst_dent_parent; + struct dentry *src_dent, *trap_dent; + char *dst_name; + int err; + + dst_name = extract_last_component(newname); + if (!dst_name) + return -EINVAL; + + src_dent_parent = dget_parent(fp->filp->f_path.dentry); + if (!src_dent_parent) + return -EINVAL; + + src_dent = fp->filp->f_path.dentry; + dget(src_dent); + + err = kern_path(newname, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &dst_path); + if (err) { + ksmbd_debug(VFS, "Cannot get path for %s [%d]\n", newname, err); + goto out; + } + dst_dent_parent = dst_path.dentry; + dget(dst_dent_parent); + + trap_dent = lock_rename(src_dent_parent, dst_dent_parent); + err = __ksmbd_vfs_rename(work, + src_dent_parent, + src_dent, + dst_dent_parent, + trap_dent, + dst_name); + unlock_rename(src_dent_parent, dst_dent_parent); + dput(dst_dent_parent); + path_put(&dst_path); +out: + dput(src_dent); + dput(src_dent_parent); + return err; +} + +/** + * ksmbd_vfs_truncate() - vfs helper for smb file truncate + * @work: work + * @name: old filename + * @fid: file id of old file + * @size: truncate to given size + * + * Return: 0 on success, otherwise error + */ +int ksmbd_vfs_truncate(struct ksmbd_work *work, const char *name, + struct ksmbd_file *fp, loff_t size) +{ + struct path path; + int err = 0; + struct inode *inode; + + if (name) { + err = kern_path(name, 0, &path); + if (err) { + ksmbd_err("cannot get linux path for %s, err %d\n", + name, err); + return err; + } + err = vfs_truncate(&path, size); + if (err) + ksmbd_err("truncate failed for %s err %d\n", + name, err); + path_put(&path); + } else { + struct file *filp; + + filp = fp->filp; + + /* Do we need to break any of a levelII oplock? */ + smb_break_all_levII_oplock(work, fp, 1); + + inode = file_inode(filp); + if (size < inode->i_size) { + err = check_lock_range(filp, size, + inode->i_size - 1, WRITE); + } else { + err = check_lock_range(filp, inode->i_size, + size - 1, WRITE); + } + + if (err) { + ksmbd_err("failed due to lock\n"); + return -EAGAIN; + } + + err = vfs_truncate(&filp->f_path, size); + if (err) + ksmbd_err("truncate failed for filename : %s err %d\n", + fp->filename, err); + } + + return err; +} + +/** + * ksmbd_vfs_listxattr() - vfs helper for smb list extended attributes + * @dentry: dentry of file for listing xattrs + * @list: destination buffer + * @size: destination buffer length + * + * Return: xattr list length on success, otherwise error + */ +ssize_t ksmbd_vfs_listxattr(struct dentry *dentry, char **list) +{ + ssize_t size; + char *vlist = NULL; + + size = vfs_listxattr(dentry, NULL, 0); + if (size <= 0) + return size; + + vlist = ksmbd_alloc(size); + if (!vlist) + return -ENOMEM; + + *list = vlist; + size = vfs_listxattr(dentry, vlist, size); + if (size < 0) { + ksmbd_debug(VFS, "listxattr failed\n"); + ksmbd_vfs_xattr_free(vlist); + *list = NULL; + } + + return size; +} + +static ssize_t ksmbd_vfs_xattr_len(struct dentry *dentry, + char *xattr_name) +{ + return vfs_getxattr(&init_user_ns, dentry, xattr_name, NULL, 0); +} + +/** + * ksmbd_vfs_getxattr() - vfs helper for smb get extended attributes value + * @dentry: dentry of file for getting xattrs + * @xattr_name: name of xattr name to query + * @xattr_buf: destination buffer xattr value + * + * Return: read xattr value length on success, otherwise error + */ +ssize_t ksmbd_vfs_getxattr(struct dentry *dentry, + char *xattr_name, + char **xattr_buf) +{ + ssize_t xattr_len; + char *buf; + + *xattr_buf = NULL; + xattr_len = ksmbd_vfs_xattr_len(dentry, xattr_name); + if (xattr_len < 0) + return xattr_len; + + buf = kmalloc(xattr_len + 1, GFP_KERNEL); + if (!buf) + return -ENOMEM; + + xattr_len = vfs_getxattr(&init_user_ns, dentry, xattr_name, (void *)buf, + xattr_len); + if (xattr_len > 0) + *xattr_buf = buf; + else + kfree(buf); + return xattr_len; +} + +/** + * ksmbd_vfs_setxattr() - vfs helper for smb set extended attributes value + * @dentry: dentry to set XATTR at + * @name: xattr name for setxattr + * @value: xattr value to set + * @size: size of xattr value + * @flags: destination buffer length + * + * Return: 0 on success, otherwise error + */ +int ksmbd_vfs_setxattr(struct dentry *dentry, + const char *attr_name, + const void *attr_value, + size_t attr_size, + int flags) +{ + int err; + + err = vfs_setxattr(&init_user_ns, dentry, + attr_name, + attr_value, + attr_size, + flags); + if (err) + ksmbd_debug(VFS, "setxattr failed, err %d\n", err); + return err; +} + +/** + * ksmbd_vfs_set_fadvise() - convert smb IO caching options to linux options + * @filp: file pointer for IO + * @options: smb IO options + */ +void ksmbd_vfs_set_fadvise(struct file *filp, __le32 option) +{ + struct address_space *mapping; + + mapping = filp->f_mapping; + + if (!option || !mapping) + return; + + if (option & FILE_WRITE_THROUGH_LE) + filp->f_flags |= O_SYNC; + else if (option & FILE_SEQUENTIAL_ONLY_LE) { + filp->f_ra.ra_pages = inode_to_bdi(mapping->host)->ra_pages * 2; + spin_lock(&filp->f_lock); + filp->f_mode &= ~FMODE_RANDOM; + spin_unlock(&filp->f_lock); + } else if (option & FILE_RANDOM_ACCESS_LE) { + spin_lock(&filp->f_lock); + filp->f_mode |= FMODE_RANDOM; + spin_unlock(&filp->f_lock); + } +} + +/** + * ksmbd_vfs_lock() - vfs helper for smb file locking + * @filp: the file to apply the lock to + * @cmd: type of locking operation (F_SETLK, F_GETLK, etc.) + * @flock: The lock to be applied + * + * Return: 0 on success, otherwise error + */ +int ksmbd_vfs_lock(struct file *filp, int cmd, + struct file_lock *flock) +{ + ksmbd_debug(VFS, "calling vfs_lock_file\n"); + return vfs_lock_file(filp, cmd, flock, NULL); +} + +int ksmbd_vfs_readdir(struct file *file, struct ksmbd_readdir_data *rdata) +{ + return iterate_dir(file, &rdata->ctx); +} + +int ksmbd_vfs_alloc_size(struct ksmbd_work *work, + struct ksmbd_file *fp, + loff_t len) +{ + smb_break_all_levII_oplock(work, fp, 1); + return vfs_fallocate(fp->filp, FALLOC_FL_KEEP_SIZE, 0, len); +} + +int ksmbd_vfs_zero_data(struct ksmbd_work *work, + struct ksmbd_file *fp, + loff_t off, + loff_t len) +{ + smb_break_all_levII_oplock(work, fp, 1); + if (fp->f_ci->m_fattr & ATTR_SPARSE_FILE_LE) + return vfs_fallocate(fp->filp, + FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE, off, len); + + return vfs_fallocate(fp->filp, FALLOC_FL_ZERO_RANGE, off, len); +} + +int ksmbd_vfs_fqar_lseek(struct ksmbd_file *fp, loff_t start, loff_t length, + struct file_allocated_range_buffer *ranges, + int in_count, int *out_count) +{ + struct file *f = fp->filp; + struct inode *inode = FP_INODE(fp); + loff_t maxbytes = (u64)inode->i_sb->s_maxbytes, end; + loff_t extent_start, extent_end; + int ret = 0; + + if (start > maxbytes) + return -EFBIG; + + if (!in_count) + return 0; + + /* + * Shrink request scope to what the fs can actually handle. + */ + if (length > maxbytes || (maxbytes - length) < start) + length = maxbytes - start; + + if (start + length > inode->i_size) + length = inode->i_size - start; + + *out_count = 0; + end = start + length; + while (start < end && *out_count < in_count) { + extent_start = f->f_op->llseek(f, start, SEEK_DATA); + if (extent_start < 0) { + if (extent_start != -ENXIO) + ret = (int)extent_start; + break; + } + + if (extent_start >= end) + break; + + extent_end = f->f_op->llseek(f, extent_start, SEEK_HOLE); + if (extent_end < 0) { + if (extent_end != -ENXIO) + ret = (int)extent_end; + break; + } else if (extent_start >= extent_end) + break; + + ranges[*out_count].file_offset = cpu_to_le64(extent_start); + ranges[(*out_count)++].length = + cpu_to_le64(min(extent_end, end) - extent_start); + + start = extent_end; + } + + return ret; +} + +int ksmbd_vfs_remove_xattr(struct dentry *dentry, char *attr_name) +{ + return vfs_removexattr(&init_user_ns, dentry, attr_name); +} + +void ksmbd_vfs_xattr_free(char *xattr) +{ + ksmbd_free(xattr); +} + +int ksmbd_vfs_unlink(struct dentry *dir, struct dentry *dentry) +{ + int err = 0; + + dget(dentry); + inode_lock_nested(d_inode(dir), I_MUTEX_PARENT); + if (!d_inode(dentry) || !d_inode(dentry)->i_nlink) { + err = -ENOENT; + goto out; + } + + if (S_ISDIR(d_inode(dentry)->i_mode)) + err = vfs_rmdir(&init_user_ns, d_inode(dir), dentry); + else + err = vfs_unlink(&init_user_ns, d_inode(dir), dentry, NULL); + +out: + inode_unlock(d_inode(dir)); + dput(dentry); + if (err) + ksmbd_debug(VFS, "failed to delete, err %d\n", err); + + return err; +} + +/* + * ksmbd_vfs_get_logical_sector_size() - get logical sector size from inode + * @inode: inode + * + * Return: logical sector size + */ +unsigned short ksmbd_vfs_logical_sector_size(struct inode *inode) +{ + struct request_queue *q; + unsigned short ret_val = 512; + + if (!inode->i_sb->s_bdev) + return ret_val; + + q = inode->i_sb->s_bdev->bd_disk->queue; + + if (q && q->limits.logical_block_size) + ret_val = q->limits.logical_block_size; + + return ret_val; +} + +/* + * ksmbd_vfs_get_smb2_sector_size() - get fs sector sizes + * @inode: inode + * @fs_ss: fs sector size struct + */ +void ksmbd_vfs_smb2_sector_size(struct inode *inode, + struct ksmbd_fs_sector_size *fs_ss) +{ + struct request_queue *q; + + fs_ss->logical_sector_size = 512; + fs_ss->physical_sector_size = 512; + fs_ss->optimal_io_size = 512; + + if (!inode->i_sb->s_bdev) + return; + + q = inode->i_sb->s_bdev->bd_disk->queue; + + if (q) { + if (q->limits.logical_block_size) + fs_ss->logical_sector_size = + q->limits.logical_block_size; + if (q->limits.physical_block_size) + fs_ss->physical_sector_size = + q->limits.physical_block_size; + if (q->limits.io_opt) + fs_ss->optimal_io_size = q->limits.io_opt; + } +} + +static int __dir_empty(struct dir_context *ctx, + const char *name, + int namlen, + loff_t offset, + u64 ino, + unsigned int d_type) +{ + struct ksmbd_readdir_data *buf; + + buf = container_of(ctx, struct ksmbd_readdir_data, ctx); + buf->dirent_count++; + + if (buf->dirent_count > 2) + return -ENOTEMPTY; + return 0; +} + +/** + * ksmbd_vfs_empty_dir() - check for empty directory + * @fp: ksmbd file pointer + * + * Return: true if directory empty, otherwise false + */ +int ksmbd_vfs_empty_dir(struct ksmbd_file *fp) +{ + int err; + struct ksmbd_readdir_data readdir_data; + + memset(&readdir_data, 0, sizeof(struct ksmbd_readdir_data)); + + set_ctx_actor(&readdir_data.ctx, __dir_empty); + readdir_data.dirent_count = 0; + + err = ksmbd_vfs_readdir(fp->filp, &readdir_data); + if (readdir_data.dirent_count > 2) + err = -ENOTEMPTY; + else + err = 0; + return err; +} + +static int __caseless_lookup(struct dir_context *ctx, + const char *name, + int namlen, + loff_t offset, + u64 ino, + unsigned int d_type) +{ + struct ksmbd_readdir_data *buf; + + buf = container_of(ctx, struct ksmbd_readdir_data, ctx); + + if (buf->used != namlen) + return 0; + if (!strncasecmp((char *)buf->private, name, namlen)) { + memcpy((char *)buf->private, name, namlen); + buf->dirent_count = 1; + return -EEXIST; + } + return 0; +} + +/** + * ksmbd_vfs_lookup_in_dir() - lookup a file in a directory + * @dirname: directory name + * @filename: filename to lookup + * + * Return: 0 on success, otherwise error + */ +static int ksmbd_vfs_lookup_in_dir(char *dirname, char *filename) +{ + struct path dir_path; + int ret; + struct file *dfilp; + int flags = O_RDONLY|O_LARGEFILE; + int dirnamelen = strlen(dirname); + struct ksmbd_readdir_data readdir_data = { + .ctx.actor = __caseless_lookup, + .private = filename, + .used = strlen(filename), + }; + + ret = ksmbd_vfs_kern_path(dirname, 0, &dir_path, true); + if (ret) + goto error; + + dfilp = dentry_open(&dir_path, flags, current_cred()); + if (IS_ERR(dfilp)) { + path_put(&dir_path); + ksmbd_err("cannot open directory %s\n", dirname); + ret = -EINVAL; + goto error; + } + + ret = ksmbd_vfs_readdir(dfilp, &readdir_data); + if (readdir_data.dirent_count > 0) + ret = 0; + + fput(dfilp); + path_put(&dir_path); +error: + dirname[dirnamelen] = '/'; + return ret; +} + +/** + * ksmbd_vfs_kern_path() - lookup a file and get path info + * @name: name of file for lookup + * @flags: lookup flags + * @path: if lookup succeed, return path info + * @caseless: caseless filename lookup + * + * Return: 0 on success, otherwise error + */ +int ksmbd_vfs_kern_path(char *name, unsigned int flags, struct path *path, + bool caseless) +{ + char *filename = NULL; + int err; + + err = kern_path(name, flags, path); + if (!err) + return err; + + if (caseless) { + filename = extract_last_component(name); + if (!filename) + goto out; + + /* root reached */ + if (strlen(name) == 0) + goto out; + + err = ksmbd_vfs_lookup_in_dir(name, filename); + if (err) + goto out; + err = kern_path(name, flags, path); + } + +out: + rollback_path_modification(filename); + return err; +} + +int ksmbd_vfs_remove_acl_xattrs(struct dentry *dentry) +{ + char *name, *xattr_list = NULL; + ssize_t xattr_list_len; + int err = 0; + + xattr_list_len = ksmbd_vfs_listxattr(dentry, &xattr_list); + if (xattr_list_len < 0) { + goto out; + } else if (!xattr_list_len) { + ksmbd_debug(SMB, "empty xattr in the file\n"); + goto out; + } + + for (name = xattr_list; name - xattr_list < xattr_list_len; + name += strlen(name) + 1) { + ksmbd_debug(SMB, "%s, len %zd\n", name, strlen(name)); + + if (!strncmp(name, XATTR_NAME_POSIX_ACL_ACCESS, + sizeof(XATTR_NAME_POSIX_ACL_ACCESS)-1) || + !strncmp(name, XATTR_NAME_POSIX_ACL_DEFAULT, + sizeof(XATTR_NAME_POSIX_ACL_DEFAULT)-1)) { + err = ksmbd_vfs_remove_xattr(dentry, name); + if (err) + ksmbd_debug(SMB, + "remove acl xattr failed : %s\n", name); + } + } +out: + ksmbd_vfs_xattr_free(xattr_list); + return err; +} + +int ksmbd_vfs_remove_sd_xattrs(struct dentry *dentry) +{ + char *name, *xattr_list = NULL; + ssize_t xattr_list_len; + int err = 0; + + xattr_list_len = ksmbd_vfs_listxattr(dentry, &xattr_list); + if (xattr_list_len < 0) { + goto out; + } else if (!xattr_list_len) { + ksmbd_debug(SMB, "empty xattr in the file\n"); + goto out; + } + + for (name = xattr_list; name - xattr_list < xattr_list_len; + name += strlen(name) + 1) { + ksmbd_debug(SMB, "%s, len %zd\n", name, strlen(name)); + + if (!strncmp(name, XATTR_NAME_SD, XATTR_NAME_SD_LEN)) { + err = ksmbd_vfs_remove_xattr(dentry, name); + if (err) + ksmbd_debug(SMB, "remove xattr failed : %s\n", name); + } + } +out: + ksmbd_vfs_xattr_free(xattr_list); + return err; +} + +static struct xattr_smb_acl *ksmbd_vfs_make_xattr_posix_acl(struct inode *inode, + int acl_type) +{ + struct xattr_smb_acl *smb_acl = NULL; + struct posix_acl *posix_acls; + struct posix_acl_entry *pa_entry; + struct xattr_acl_entry *xa_entry; + int i; + + posix_acls = ksmbd_vfs_get_acl(inode, acl_type); + if (!posix_acls) + return NULL; + + smb_acl = kzalloc(sizeof(struct xattr_smb_acl) + + sizeof(struct xattr_acl_entry) * posix_acls->a_count, + GFP_KERNEL); + if (!smb_acl) + goto out; + + smb_acl->count = posix_acls->a_count; + pa_entry = posix_acls->a_entries; + xa_entry = smb_acl->entries; + for (i = 0; i < posix_acls->a_count; i++, pa_entry++, xa_entry++) { + switch (pa_entry->e_tag) { + case ACL_USER: + xa_entry->type = SMB_ACL_USER; + xa_entry->uid = from_kuid(&init_user_ns, pa_entry->e_uid); + break; + case ACL_USER_OBJ: + xa_entry->type = SMB_ACL_USER_OBJ; + break; + case ACL_GROUP: + xa_entry->type = SMB_ACL_GROUP; + xa_entry->gid = from_kgid(&init_user_ns, pa_entry->e_gid); + break; + case ACL_GROUP_OBJ: + xa_entry->type = SMB_ACL_GROUP_OBJ; + break; + case ACL_OTHER: + xa_entry->type = SMB_ACL_OTHER; + break; + case ACL_MASK: + xa_entry->type = SMB_ACL_MASK; + break; + default: + ksmbd_err("unknown type : 0x%x\n", pa_entry->e_tag); + goto out; + } + + if (pa_entry->e_perm & ACL_READ) + xa_entry->perm |= SMB_ACL_READ; + if (pa_entry->e_perm & ACL_WRITE) + xa_entry->perm |= SMB_ACL_WRITE; + if (pa_entry->e_perm & ACL_EXECUTE) + xa_entry->perm |= SMB_ACL_EXECUTE; + } +out: + posix_acl_release(posix_acls); + return smb_acl; +} + +int ksmbd_vfs_set_sd_xattr(struct ksmbd_conn *conn, struct dentry *dentry, + struct smb_ntsd *pntsd, int len) +{ + int rc; + struct ndr sd_ndr = {0}, acl_ndr = {0}; + struct xattr_ntacl acl = {0}; + struct xattr_smb_acl *smb_acl, *def_smb_acl = NULL; + struct inode *inode = dentry->d_inode; + + acl.version = 4; + acl.hash_type = XATTR_SD_HASH_TYPE_SHA256; + acl.current_time = ksmbd_UnixTimeToNT(current_time(dentry->d_inode)); + + memcpy(acl.desc, "posix_acl", 9); + acl.desc_len = 10; + + pntsd->osidoffset = + cpu_to_le32(le32_to_cpu(pntsd->osidoffset) + NDR_NTSD_OFFSETOF); + pntsd->gsidoffset = + cpu_to_le32(le32_to_cpu(pntsd->gsidoffset) + NDR_NTSD_OFFSETOF); + pntsd->dacloffset = + cpu_to_le32(le32_to_cpu(pntsd->dacloffset) + NDR_NTSD_OFFSETOF); + + acl.sd_buf = (char *)pntsd; + acl.sd_size = len; + + rc = ksmbd_gen_sd_hash(conn, acl.sd_buf, acl.sd_size, acl.hash); + if (rc) { + ksmbd_err("failed to generate hash for ndr acl\n"); + return rc; + } + + smb_acl = ksmbd_vfs_make_xattr_posix_acl(dentry->d_inode, ACL_TYPE_ACCESS); + if (S_ISDIR(inode->i_mode)) + def_smb_acl = ksmbd_vfs_make_xattr_posix_acl(dentry->d_inode, + ACL_TYPE_DEFAULT); + + rc = ndr_encode_posix_acl(&acl_ndr, inode, smb_acl, def_smb_acl); + if (rc) { + ksmbd_err("failed to encode ndr to posix acl\n"); + goto out; + } + + rc = ksmbd_gen_sd_hash(conn, acl_ndr.data, acl_ndr.offset, + acl.posix_acl_hash); + if (rc) { + ksmbd_err("failed to generate hash for ndr acl\n"); + goto out; + } + + rc = ndr_encode_v4_ntacl(&sd_ndr, &acl); + if (rc) { + ksmbd_err("failed to encode ndr to posix acl\n"); + goto out; + } + + rc = ksmbd_vfs_setxattr(dentry, XATTR_NAME_SD, sd_ndr.data, + sd_ndr.offset, 0); + if (rc < 0) + ksmbd_err("Failed to store XATTR ntacl :%d\n", rc); + + kfree(sd_ndr.data); +out: + kfree(acl_ndr.data); + kfree(smb_acl); + kfree(def_smb_acl); + return rc; +} + +int ksmbd_vfs_get_sd_xattr(struct ksmbd_conn *conn, struct dentry *dentry, + struct smb_ntsd **pntsd) +{ + int rc; + struct ndr n; + + rc = ksmbd_vfs_getxattr(dentry, XATTR_NAME_SD, &n.data); + if (rc > 0) { + struct inode *inode = dentry->d_inode; + struct ndr acl_ndr = {0}; + struct xattr_ntacl acl; + struct xattr_smb_acl *smb_acl = NULL, *def_smb_acl = NULL; + __u8 cmp_hash[XATTR_SD_HASH_SIZE] = {0}; + + n.length = rc; + rc = ndr_decode_v4_ntacl(&n, &acl); + if (rc) + return rc; + + smb_acl = ksmbd_vfs_make_xattr_posix_acl(inode, + ACL_TYPE_ACCESS); + if (S_ISDIR(inode->i_mode)) + def_smb_acl = ksmbd_vfs_make_xattr_posix_acl(inode, + ACL_TYPE_DEFAULT); + + rc = ndr_encode_posix_acl(&acl_ndr, inode, smb_acl, def_smb_acl); + if (rc) { + ksmbd_err("failed to encode ndr to posix acl\n"); + goto out; + } + + rc = ksmbd_gen_sd_hash(conn, acl_ndr.data, acl_ndr.offset, + cmp_hash); + if (rc) { + ksmbd_err("failed to generate hash for ndr acl\n"); + goto out; + } + + if (memcmp(cmp_hash, acl.posix_acl_hash, XATTR_SD_HASH_SIZE)) { + ksmbd_err("hash value diff\n"); + rc = -EINVAL; + goto out; + } + + *pntsd = acl.sd_buf; + (*pntsd)->osidoffset = + cpu_to_le32(le32_to_cpu((*pntsd)->osidoffset) - NDR_NTSD_OFFSETOF); + (*pntsd)->gsidoffset = + cpu_to_le32(le32_to_cpu((*pntsd)->gsidoffset) - NDR_NTSD_OFFSETOF); + (*pntsd)->dacloffset = + cpu_to_le32(le32_to_cpu((*pntsd)->dacloffset) - NDR_NTSD_OFFSETOF); + + rc = acl.sd_size; +out: + kfree(n.data); + kfree(acl_ndr.data); + kfree(smb_acl); + kfree(def_smb_acl); + } + + return rc; +} + +int ksmbd_vfs_set_dos_attrib_xattr(struct dentry *dentry, + struct xattr_dos_attrib *da) +{ + struct ndr n; + int err; + + err = ndr_encode_dos_attr(&n, da); + if (err) + return err; + + err = ksmbd_vfs_setxattr(dentry, + XATTR_NAME_DOS_ATTRIBUTE, + (void *)n.data, + n.offset, + 0); + if (err) + ksmbd_debug(SMB, "failed to store dos attribute in xattr\n"); + kfree(n.data); + + return err; +} + +int ksmbd_vfs_get_dos_attrib_xattr(struct dentry *dentry, + struct xattr_dos_attrib *da) +{ + struct ndr n; + int err; + + err = ksmbd_vfs_getxattr(dentry, + XATTR_NAME_DOS_ATTRIBUTE, + (char **)&n.data); + if (err > 0) { + n.length = err; + if (ndr_decode_dos_attr(&n, da)) + err = -EINVAL; + ksmbd_free(n.data); + } else + ksmbd_debug(SMB, "failed to load dos attribute in xattr\n"); + + return err; +} + +struct posix_acl *ksmbd_vfs_posix_acl_alloc(int count, gfp_t flags) +{ +#if IS_ENABLED(CONFIG_FS_POSIX_ACL) + return posix_acl_alloc(count, flags); +#else + return NULL; +#endif +} + +struct posix_acl *ksmbd_vfs_get_acl(struct inode *inode, int type) +{ +#if IS_ENABLED(CONFIG_FS_POSIX_ACL) + return get_acl(inode, type); +#else + return NULL; +#endif +} + +int ksmbd_vfs_set_posix_acl(struct inode *inode, int type, + struct posix_acl *acl) +{ +#if IS_ENABLED(CONFIG_FS_POSIX_ACL) + return set_posix_acl(&init_user_ns, inode, type, acl); +#else + return -EOPNOTSUPP; +#endif +} + +/** + * ksmbd_vfs_init_kstat() - convert unix stat information to smb stat format + * @p: destination buffer + * @ksmbd_kstat: ksmbd kstat wrapper + */ +void *ksmbd_vfs_init_kstat(char **p, struct ksmbd_kstat *ksmbd_kstat) +{ + struct file_directory_info *info = (struct file_directory_info *)(*p); + struct kstat *kstat = ksmbd_kstat->kstat; + u64 time; + + info->FileIndex = 0; + info->CreationTime = cpu_to_le64(ksmbd_kstat->create_time); + time = ksmbd_UnixTimeToNT(kstat->atime); + info->LastAccessTime = cpu_to_le64(time); + time = ksmbd_UnixTimeToNT(kstat->mtime); + info->LastWriteTime = cpu_to_le64(time); + time = ksmbd_UnixTimeToNT(kstat->ctime); + info->ChangeTime = cpu_to_le64(time); + + if (ksmbd_kstat->file_attributes & ATTR_DIRECTORY_LE) { + info->EndOfFile = 0; + info->AllocationSize = 0; + } else { + info->EndOfFile = cpu_to_le64(kstat->size); + info->AllocationSize = cpu_to_le64(kstat->blocks << 9); + } + info->ExtFileAttributes = ksmbd_kstat->file_attributes; + + return info; +} + +int ksmbd_vfs_fill_dentry_attrs(struct ksmbd_work *work, + struct dentry *dentry, + struct ksmbd_kstat *ksmbd_kstat) +{ + u64 time; + int rc; + + generic_fillattr(&init_user_ns, d_inode(dentry), ksmbd_kstat->kstat); + + time = ksmbd_UnixTimeToNT(ksmbd_kstat->kstat->ctime); + ksmbd_kstat->create_time = time; + + /* + * set default value for the case that store dos attributes is not yes + * or that acl is disable in server's filesystem and the config is yes. + */ + if (S_ISDIR(ksmbd_kstat->kstat->mode)) + ksmbd_kstat->file_attributes = ATTR_DIRECTORY_LE; + else + ksmbd_kstat->file_attributes = ATTR_ARCHIVE_LE; + + if (test_share_config_flag(work->tcon->share_conf, + KSMBD_SHARE_FLAG_STORE_DOS_ATTRS)) { + struct xattr_dos_attrib da; + + rc = ksmbd_vfs_get_dos_attrib_xattr(dentry, &da); + if (rc > 0) { + ksmbd_kstat->file_attributes = cpu_to_le32(da.attr); + ksmbd_kstat->create_time = da.create_time; + } else + ksmbd_debug(VFS, "fail to load dos attribute.\n"); + } + + return 0; +} + +ssize_t ksmbd_vfs_casexattr_len(struct dentry *dentry, + char *attr_name, + int attr_name_len) +{ + char *name, *xattr_list = NULL; + ssize_t value_len = -ENOENT, xattr_list_len; + + xattr_list_len = ksmbd_vfs_listxattr(dentry, &xattr_list); + if (xattr_list_len <= 0) + goto out; + + for (name = xattr_list; name - xattr_list < xattr_list_len; + name += strlen(name) + 1) { + ksmbd_debug(VFS, "%s, len %zd\n", name, strlen(name)); + if (strncasecmp(attr_name, name, attr_name_len)) + continue; + + value_len = ksmbd_vfs_xattr_len(dentry, name); + break; + } + +out: + ksmbd_vfs_xattr_free(xattr_list); + return value_len; +} + +int ksmbd_vfs_xattr_stream_name(char *stream_name, + char **xattr_stream_name, + size_t *xattr_stream_name_size, + int s_type) +{ + int stream_name_size; + char *xattr_stream_name_buf; + char *type; + int type_len; + + if (s_type == DIR_STREAM) + type = ":$INDEX_ALLOCATION"; + else + type = ":$DATA"; + + type_len = strlen(type); + stream_name_size = strlen(stream_name); + *xattr_stream_name_size = stream_name_size + XATTR_NAME_STREAM_LEN + 1; + xattr_stream_name_buf = kmalloc(*xattr_stream_name_size + type_len, + GFP_KERNEL); + if (!xattr_stream_name_buf) + return -ENOMEM; + + memcpy(xattr_stream_name_buf, + XATTR_NAME_STREAM, + XATTR_NAME_STREAM_LEN); + + if (stream_name_size) { + memcpy(&xattr_stream_name_buf[XATTR_NAME_STREAM_LEN], + stream_name, + stream_name_size); + } + memcpy(&xattr_stream_name_buf[*xattr_stream_name_size - 1], type, type_len); + *xattr_stream_name_size += type_len; + + xattr_stream_name_buf[*xattr_stream_name_size - 1] = '\0'; + *xattr_stream_name = xattr_stream_name_buf; + + return 0; +} + +static int ksmbd_vfs_copy_file_range(struct file *file_in, loff_t pos_in, + struct file *file_out, loff_t pos_out, + size_t len) +{ + struct inode *inode_in = file_inode(file_in); + struct inode *inode_out = file_inode(file_out); + int ret; + + ret = vfs_copy_file_range(file_in, pos_in, file_out, pos_out, len, 0); + /* do splice for the copy between different file systems */ + if (ret != -EXDEV) + return ret; + + if (S_ISDIR(inode_in->i_mode) || S_ISDIR(inode_out->i_mode)) + return -EISDIR; + if (!S_ISREG(inode_in->i_mode) || !S_ISREG(inode_out->i_mode)) + return -EINVAL; + + if (!(file_in->f_mode & FMODE_READ) || + !(file_out->f_mode & FMODE_WRITE)) + return -EBADF; + + if (len == 0) + return 0; + + file_start_write(file_out); + + /* + * skip the verification of the range of data. it will be done + * in do_splice_direct + */ + ret = do_splice_direct(file_in, &pos_in, file_out, &pos_out, + len > MAX_RW_COUNT ? MAX_RW_COUNT : len, 0); + if (ret > 0) { + fsnotify_access(file_in); + add_rchar(current, ret); + fsnotify_modify(file_out); + add_wchar(current, ret); + } + + inc_syscr(current); + inc_syscw(current); + + file_end_write(file_out); + return ret; +} + +int ksmbd_vfs_copy_file_ranges(struct ksmbd_work *work, + struct ksmbd_file *src_fp, + struct ksmbd_file *dst_fp, + struct srv_copychunk *chunks, + unsigned int chunk_count, + unsigned int *chunk_count_written, + unsigned int *chunk_size_written, + loff_t *total_size_written) +{ + unsigned int i; + loff_t src_off, dst_off, src_file_size; + size_t len; + int ret; + + *chunk_count_written = 0; + *chunk_size_written = 0; + *total_size_written = 0; + + if (!(src_fp->daccess & (FILE_READ_DATA_LE | FILE_EXECUTE_LE))) { + ksmbd_err("no right to read(%s)\n", FP_FILENAME(src_fp)); + return -EACCES; + } + if (!(dst_fp->daccess & (FILE_WRITE_DATA_LE | FILE_APPEND_DATA_LE))) { + ksmbd_err("no right to write(%s)\n", FP_FILENAME(dst_fp)); + return -EACCES; + } + + if (ksmbd_stream_fd(src_fp) || ksmbd_stream_fd(dst_fp)) + return -EBADF; + + smb_break_all_levII_oplock(work, dst_fp, 1); + + for (i = 0; i < chunk_count; i++) { + src_off = le64_to_cpu(chunks[i].SourceOffset); + dst_off = le64_to_cpu(chunks[i].TargetOffset); + len = le32_to_cpu(chunks[i].Length); + + if (check_lock_range(src_fp->filp, src_off, + src_off + len - 1, READ)) + return -EAGAIN; + if (check_lock_range(dst_fp->filp, dst_off, + dst_off + len - 1, WRITE)) + return -EAGAIN; + } + + src_file_size = i_size_read(file_inode(src_fp->filp)); + + for (i = 0; i < chunk_count; i++) { + src_off = le64_to_cpu(chunks[i].SourceOffset); + dst_off = le64_to_cpu(chunks[i].TargetOffset); + len = le32_to_cpu(chunks[i].Length); + + if (src_off + len > src_file_size) + return -E2BIG; + + ret = ksmbd_vfs_copy_file_range(src_fp->filp, src_off, + dst_fp->filp, dst_off, len); + if (ret < 0) + return ret; + + *chunk_count_written += 1; + *total_size_written += ret; + } + return 0; +} + +int ksmbd_vfs_posix_lock_wait(struct file_lock *flock) +{ + return wait_event_interruptible(flock->fl_wait, !flock->fl_blocker); +} + +int ksmbd_vfs_posix_lock_wait_timeout(struct file_lock *flock, long timeout) +{ + return wait_event_interruptible_timeout(flock->fl_wait, + !flock->fl_blocker, + timeout); +} + +void ksmbd_vfs_posix_lock_unblock(struct file_lock *flock) +{ + locks_delete_block(flock); +} + +int ksmbd_vfs_set_init_posix_acl(struct inode *inode) +{ + struct posix_acl_state acl_state; + struct posix_acl *acls; + int rc; + + ksmbd_debug(SMB, "Set posix acls\n"); + rc = init_acl_state(&acl_state, 1); + if (rc) + return rc; + + /* Set default owner group */ + acl_state.owner.allow = (inode->i_mode & 0700) >> 6; + acl_state.group.allow = (inode->i_mode & 0070) >> 3; + acl_state.other.allow = inode->i_mode & 0007; + acl_state.users->aces[acl_state.users->n].uid = inode->i_uid; + acl_state.users->aces[acl_state.users->n++].perms.allow = + acl_state.owner.allow; + acl_state.groups->aces[acl_state.groups->n].gid = inode->i_gid; + acl_state.groups->aces[acl_state.groups->n++].perms.allow = + acl_state.group.allow; + acl_state.mask.allow = 0x07; + + acls = ksmbd_vfs_posix_acl_alloc(6, GFP_KERNEL); + if (!acls) { + free_acl_state(&acl_state); + return -ENOMEM; + } + posix_state_to_acl(&acl_state, acls->a_entries); + rc = ksmbd_vfs_set_posix_acl(inode, ACL_TYPE_ACCESS, acls); + if (rc < 0) + ksmbd_debug(SMB, "Set posix acl(ACL_TYPE_ACCESS) failed, rc : %d\n", + rc); + else if (S_ISDIR(inode->i_mode)) { + posix_state_to_acl(&acl_state, acls->a_entries); + rc = ksmbd_vfs_set_posix_acl(inode, ACL_TYPE_DEFAULT, acls); + if (rc < 0) + ksmbd_debug(SMB, "Set posix acl(ACL_TYPE_DEFAULT) failed, rc : %d\n", + rc); + } + free_acl_state(&acl_state); + posix_acl_release(acls); + return rc; +} + +int ksmbd_vfs_inherit_posix_acl(struct inode *inode, struct inode *parent_inode) +{ + struct posix_acl *acls; + struct posix_acl_entry *pace; + int rc, i; + + acls = ksmbd_vfs_get_acl(parent_inode, ACL_TYPE_DEFAULT); + if (!acls) + return -ENOENT; + pace = acls->a_entries; + + for (i = 0; i < acls->a_count; i++, pace++) { + if (pace->e_tag == ACL_MASK) { + pace->e_perm = 0x07; + break; + } + } + + rc = ksmbd_vfs_set_posix_acl(inode, ACL_TYPE_ACCESS, acls); + if (rc < 0) + ksmbd_debug(SMB, "Set posix acl(ACL_TYPE_ACCESS) failed, rc : %d\n", + rc); + if (S_ISDIR(inode->i_mode)) { + rc = ksmbd_vfs_set_posix_acl(inode, ACL_TYPE_DEFAULT, acls); + if (rc < 0) + ksmbd_debug(SMB, "Set posix acl(ACL_TYPE_DEFAULT) failed, rc : %d\n", + rc); + } + posix_acl_release(acls); + return rc; +} diff --git a/fs/cifsd/vfs.h b/fs/cifsd/vfs.h new file mode 100644 index 000000000000..bbef5c20c146 --- /dev/null +++ b/fs/cifsd/vfs.h @@ -0,0 +1,314 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2016 Namjae Jeon linkinjeon@kernel.org + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#ifndef __KSMBD_VFS_H__ +#define __KSMBD_VFS_H__ + +#include <linux/file.h> +#include <linux/fs.h> +#include <linux/namei.h> +#include <uapi/linux/xattr.h> +#include <linux/posix_acl.h> + +#include "smbacl.h" + +/* STREAM XATTR PREFIX */ +#define STREAM_PREFIX "DosStream." +#define STREAM_PREFIX_LEN (sizeof(STREAM_PREFIX) - 1) +#define XATTR_NAME_STREAM (XATTR_USER_PREFIX STREAM_PREFIX) +#define XATTR_NAME_STREAM_LEN (sizeof(XATTR_NAME_STREAM) - 1) + +enum { + XATTR_DOSINFO_ATTRIB = 0x00000001, + XATTR_DOSINFO_EA_SIZE = 0x00000002, + XATTR_DOSINFO_SIZE = 0x00000004, + XATTR_DOSINFO_ALLOC_SIZE = 0x00000008, + XATTR_DOSINFO_CREATE_TIME = 0x00000010, + XATTR_DOSINFO_CHANGE_TIME = 0x00000020, + XATTR_DOSINFO_ITIME = 0x00000040 +}; + +struct xattr_dos_attrib { + __u16 version; + __u32 flags; + __u32 attr; + __u32 ea_size; + __u64 size; + __u64 alloc_size; + __u64 create_time; + __u64 change_time; + __u64 itime; +}; + +/* DOS ATTRIBUITE XATTR PREFIX */ +#define DOS_ATTRIBUTE_PREFIX "DOSATTRIB" +#define DOS_ATTRIBUTE_PREFIX_LEN (sizeof(DOS_ATTRIBUTE_PREFIX) - 1) +#define XATTR_NAME_DOS_ATTRIBUTE \ + (XATTR_USER_PREFIX DOS_ATTRIBUTE_PREFIX) +#define XATTR_NAME_DOS_ATTRIBUTE_LEN \ + (sizeof(XATTR_USER_PREFIX DOS_ATTRIBUTE_PREFIX) - 1) + +#define XATTR_SD_HASH_TYPE_SHA256 0x1 +#define XATTR_SD_HASH_SIZE 64 + +#define SMB_ACL_READ 4 +#define SMB_ACL_WRITE 2 +#define SMB_ACL_EXECUTE 1 + +enum { + SMB_ACL_TAG_INVALID = 0, + SMB_ACL_USER, + SMB_ACL_USER_OBJ, + SMB_ACL_GROUP, + SMB_ACL_GROUP_OBJ, + SMB_ACL_OTHER, + SMB_ACL_MASK +}; + +struct xattr_acl_entry { + int type; + uid_t uid; + gid_t gid; + mode_t perm; +}; + +struct xattr_smb_acl { + int count; + int next; + struct xattr_acl_entry entries[0]; +}; + +struct xattr_ntacl { + __u16 version; + void *sd_buf; + __u32 sd_size; + __u16 hash_type; + __u8 desc[10]; + __u16 desc_len; + __u64 current_time; + __u8 hash[XATTR_SD_HASH_SIZE]; + __u8 posix_acl_hash[XATTR_SD_HASH_SIZE]; +}; + +/* SECURITY DESCRIPTOR XATTR PREFIX */ +#define SD_PREFIX "NTACL" +#define SD_PREFIX_LEN (sizeof(SD_PREFIX) - 1) +#define XATTR_NAME_SD \ + (XATTR_SECURITY_PREFIX SD_PREFIX) +#define XATTR_NAME_SD_LEN \ + (sizeof(XATTR_SECURITY_PREFIX SD_PREFIX) - 1) + + +/* CreateOptions */ +/* Flag is set, it must not be a file , valid for directory only */ +#define FILE_DIRECTORY_FILE_LE cpu_to_le32(0x00000001) +#define FILE_WRITE_THROUGH_LE cpu_to_le32(0x00000002) +#define FILE_SEQUENTIAL_ONLY_LE cpu_to_le32(0x00000004) + +/* Should not buffer on server*/ +#define FILE_NO_INTERMEDIATE_BUFFERING_LE cpu_to_le32(0x00000008) +/* MBZ */ +#define FILE_SYNCHRONOUS_IO_ALERT_LE cpu_to_le32(0x00000010) +/* MBZ */ +#define FILE_SYNCHRONOUS_IO_NONALERT_LE cpu_to_le32(0x00000020) + +/* Flaf must not be set for directory */ +#define FILE_NON_DIRECTORY_FILE_LE cpu_to_le32(0x00000040) + +/* Should be zero */ +#define CREATE_TREE_CONNECTION cpu_to_le32(0x00000080) +#define FILE_COMPLETE_IF_OPLOCKED_LE cpu_to_le32(0x00000100) +#define FILE_NO_EA_KNOWLEDGE_LE cpu_to_le32(0x00000200) +#define FILE_OPEN_REMOTE_INSTANCE cpu_to_le32(0x00000400) + +/** + * Doc says this is obsolete "open for recovery" flag should be zero + * in any case. + */ +#define CREATE_OPEN_FOR_RECOVERY cpu_to_le32(0x00000400) +#define FILE_RANDOM_ACCESS_LE cpu_to_le32(0x00000800) +#define FILE_DELETE_ON_CLOSE_LE cpu_to_le32(0x00001000) +#define FILE_OPEN_BY_FILE_ID_LE cpu_to_le32(0x00002000) +#define FILE_OPEN_FOR_BACKUP_INTENT_LE cpu_to_le32(0x00004000) +#define FILE_NO_COMPRESSION_LE cpu_to_le32(0x00008000) + +/* Should be zero*/ +#define FILE_OPEN_REQUIRING_OPLOCK cpu_to_le32(0x00010000) +#define FILE_DISALLOW_EXCLUSIVE cpu_to_le32(0x00020000) +#define FILE_RESERVE_OPFILTER_LE cpu_to_le32(0x00100000) +#define FILE_OPEN_REPARSE_POINT_LE cpu_to_le32(0x00200000) +#define FILE_OPEN_NO_RECALL_LE cpu_to_le32(0x00400000) + +/* Should be zero */ +#define FILE_OPEN_FOR_FREE_SPACE_QUERY_LE cpu_to_le32(0x00800000) +#define CREATE_OPTIONS_MASK cpu_to_le32(0x00FFFFFF) +#define CREATE_OPTION_READONLY 0x10000000 +/* system. NB not sent over wire */ +#define CREATE_OPTION_SPECIAL 0x20000000 + +struct ksmbd_work; +struct ksmbd_file; +struct ksmbd_conn; + +struct ksmbd_dir_info { + const char *name; + char *wptr; + char *rptr; + int name_len; + int out_buf_len; + int num_entry; + int data_count; + int last_entry_offset; + bool hide_dot_file; + int flags; +}; + +struct ksmbd_readdir_data { + struct dir_context ctx; + union { + void *private; + char *dirent; + }; + + unsigned int used; + unsigned int dirent_count; + unsigned int file_attr; +}; + +/* ksmbd kstat wrapper to get valid create time when reading dir entry */ +struct ksmbd_kstat { + struct kstat *kstat; + unsigned long long create_time; + __le32 file_attributes; +}; + +struct ksmbd_fs_sector_size { + unsigned short logical_sector_size; + unsigned int physical_sector_size; + unsigned int optimal_io_size; +}; + +int ksmbd_vfs_inode_permission(struct dentry *dentry, int acc_mode, + bool delete); +int ksmbd_vfs_query_maximal_access(struct dentry *dentry, __le32 *daccess); +int ksmbd_vfs_create(struct ksmbd_work *work, const char *name, umode_t mode); +int ksmbd_vfs_mkdir(struct ksmbd_work *work, const char *name, umode_t mode); +int ksmbd_vfs_read(struct ksmbd_work *work, struct ksmbd_file *fp, + size_t count, loff_t *pos); +int ksmbd_vfs_write(struct ksmbd_work *work, struct ksmbd_file *fp, + char *buf, size_t count, loff_t *pos, bool sync, ssize_t *written); +int ksmbd_vfs_fsync(struct ksmbd_work *work, uint64_t fid, uint64_t p_id); +int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name); +int ksmbd_vfs_link(struct ksmbd_work *work, + const char *oldname, const char *newname); +int ksmbd_vfs_getattr(struct path *path, struct kstat *stat); +int ksmbd_vfs_symlink(const char *name, const char *symname); +int ksmbd_vfs_readlink(struct path *path, char *buf, int lenp); + +int ksmbd_vfs_fp_rename(struct ksmbd_work *work, struct ksmbd_file *fp, + char *newname); +int ksmbd_vfs_rename_slowpath(struct ksmbd_work *work, + char *oldname, char *newname); + +int ksmbd_vfs_truncate(struct ksmbd_work *work, const char *name, + struct ksmbd_file *fp, loff_t size); + +struct srv_copychunk; +int ksmbd_vfs_copy_file_ranges(struct ksmbd_work *work, + struct ksmbd_file *src_fp, + struct ksmbd_file *dst_fp, + struct srv_copychunk *chunks, + unsigned int chunk_count, + unsigned int *chunk_count_written, + unsigned int *chunk_size_written, + loff_t *total_size_written); + +struct ksmbd_file *ksmbd_vfs_dentry_open(struct ksmbd_work *work, + const struct path *path, + int flags, + __le32 option, + int fexist); + +ssize_t ksmbd_vfs_listxattr(struct dentry *dentry, char **list); +ssize_t ksmbd_vfs_getxattr(struct dentry *dentry, + char *xattr_name, + char **xattr_buf); + +ssize_t ksmbd_vfs_casexattr_len(struct dentry *dentry, + char *attr_name, + int attr_name_len); + +int ksmbd_vfs_setxattr(struct dentry *dentry, + const char *attr_name, + const void *attr_value, + size_t attr_size, + int flags); + +int ksmbd_vfs_fsetxattr(const char *filename, + const char *attr_name, + const void *attr_value, + size_t attr_size, + int flags); + +int ksmbd_vfs_xattr_stream_name(char *stream_name, + char **xattr_stream_name, + size_t *xattr_stream_name_size, + int s_type); + +int ksmbd_vfs_truncate_xattr(struct dentry *dentry, int wo_streams); +int ksmbd_vfs_remove_xattr(struct dentry *dentry, char *attr_name); +void ksmbd_vfs_xattr_free(char *xattr); + +int ksmbd_vfs_kern_path(char *name, unsigned int flags, struct path *path, + bool caseless); +int ksmbd_vfs_empty_dir(struct ksmbd_file *fp); +void ksmbd_vfs_set_fadvise(struct file *filp, __le32 option); +int ksmbd_vfs_lock(struct file *filp, int cmd, struct file_lock *flock); +int ksmbd_vfs_readdir(struct file *file, struct ksmbd_readdir_data *rdata); +int ksmbd_vfs_alloc_size(struct ksmbd_work *work, + struct ksmbd_file *fp, + loff_t len); +int ksmbd_vfs_zero_data(struct ksmbd_work *work, + struct ksmbd_file *fp, + loff_t off, + loff_t len); + +struct file_allocated_range_buffer; +int ksmbd_vfs_fqar_lseek(struct ksmbd_file *fp, loff_t start, loff_t length, + struct file_allocated_range_buffer *ranges, + int in_count, int *out_count); +int ksmbd_vfs_unlink(struct dentry *dir, struct dentry *dentry); +unsigned short ksmbd_vfs_logical_sector_size(struct inode *inode); +void ksmbd_vfs_smb2_sector_size(struct inode *inode, + struct ksmbd_fs_sector_size *fs_ss); +void *ksmbd_vfs_init_kstat(char **p, struct ksmbd_kstat *ksmbd_kstat); + +int ksmbd_vfs_fill_dentry_attrs(struct ksmbd_work *work, + struct dentry *dentry, + struct ksmbd_kstat *ksmbd_kstat); + +int ksmbd_vfs_posix_lock_wait(struct file_lock *flock); +int ksmbd_vfs_posix_lock_wait_timeout(struct file_lock *flock, long timeout); +void ksmbd_vfs_posix_lock_unblock(struct file_lock *flock); + +int ksmbd_vfs_remove_acl_xattrs(struct dentry *dentry); +int ksmbd_vfs_remove_sd_xattrs(struct dentry *dentry); +int ksmbd_vfs_set_sd_xattr(struct ksmbd_conn *conn, struct dentry *dentry, + struct smb_ntsd *pntsd, int len); +int ksmbd_vfs_get_sd_xattr(struct ksmbd_conn *conn, struct dentry *dentry, + struct smb_ntsd **pntsd); +int ksmbd_vfs_set_dos_attrib_xattr(struct dentry *dentry, + struct xattr_dos_attrib *da); +int ksmbd_vfs_get_dos_attrib_xattr(struct dentry *dentry, + struct xattr_dos_attrib *da); +struct posix_acl *ksmbd_vfs_posix_acl_alloc(int count, gfp_t flags); +struct posix_acl *ksmbd_vfs_get_acl(struct inode *inode, int type); +int ksmbd_vfs_set_posix_acl(struct inode *inode, int type, + struct posix_acl *acl); +int ksmbd_vfs_set_init_posix_acl(struct inode *inode); +int ksmbd_vfs_inherit_posix_acl(struct inode *inode, + struct inode *parent_inode); +#endif /* __KSMBD_VFS_H__ */ diff --git a/fs/cifsd/vfs_cache.c b/fs/cifsd/vfs_cache.c new file mode 100644 index 000000000000..8d8c4e373308 --- /dev/null +++ b/fs/cifsd/vfs_cache.c @@ -0,0 +1,855 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2016 Namjae Jeon linkinjeon@kernel.org + * Copyright (C) 2019 Samsung Electronics Co., Ltd. + */ + +#include <linux/fs.h> +#include <linux/slab.h> +#include <linux/vmalloc.h> + +/* @FIXME */ +#include "glob.h" +#include "vfs_cache.h" +#include "buffer_pool.h" + +#include "oplock.h" +#include "vfs.h" +#include "connection.h" +#include "mgmt/tree_connect.h" +#include "mgmt/user_session.h" + +/* @FIXME */ +#include "smb_common.h" + +#define S_DEL_PENDING 1 +#define S_DEL_ON_CLS 2 +#define S_DEL_ON_CLS_STREAM 8 + +static unsigned int inode_hash_mask __read_mostly; +static unsigned int inode_hash_shift __read_mostly; +static struct hlist_head *inode_hashtable __read_mostly; +static DEFINE_RWLOCK(inode_hash_lock); + +static struct ksmbd_file_table global_ft; +static atomic_long_t fd_limit; + +void ksmbd_set_fd_limit(unsigned long limit) +{ + limit = min(limit, get_max_files()); + atomic_long_set(&fd_limit, limit); +} + +static bool fd_limit_depleted(void) +{ + long v = atomic_long_dec_return(&fd_limit); + + if (v >= 0) + return false; + atomic_long_inc(&fd_limit); + return true; +} + +static void fd_limit_close(void) +{ + atomic_long_inc(&fd_limit); +} + +/* + * INODE hash + */ + +static unsigned long inode_hash(struct super_block *sb, unsigned long hashval) +{ + unsigned long tmp; + + tmp = (hashval * (unsigned long)sb) ^ (GOLDEN_RATIO_PRIME + hashval) / + L1_CACHE_BYTES; + tmp = tmp ^ ((tmp ^ GOLDEN_RATIO_PRIME) >> inode_hash_shift); + return tmp & inode_hash_mask; +} + +static struct ksmbd_inode *__ksmbd_inode_lookup(struct inode *inode) +{ + struct hlist_head *head = inode_hashtable + + inode_hash(inode->i_sb, inode->i_ino); + struct ksmbd_inode *ci = NULL, *ret_ci = NULL; + + hlist_for_each_entry(ci, head, m_hash) { + if (ci->m_inode == inode) { + if (atomic_inc_not_zero(&ci->m_count)) + ret_ci = ci; + break; + } + } + return ret_ci; +} + +static struct ksmbd_inode *ksmbd_inode_lookup(struct ksmbd_file *fp) +{ + return __ksmbd_inode_lookup(FP_INODE(fp)); +} + +static struct ksmbd_inode *ksmbd_inode_lookup_by_vfsinode(struct inode *inode) +{ + struct ksmbd_inode *ci; + + read_lock(&inode_hash_lock); + ci = __ksmbd_inode_lookup(inode); + read_unlock(&inode_hash_lock); + return ci; +} + +int ksmbd_query_inode_status(struct inode *inode) +{ + struct ksmbd_inode *ci; + int ret = KSMBD_INODE_STATUS_UNKNOWN; + + read_lock(&inode_hash_lock); + ci = __ksmbd_inode_lookup(inode); + if (ci) { + ret = KSMBD_INODE_STATUS_OK; + if (ci->m_flags & S_DEL_PENDING) + ret = KSMBD_INODE_STATUS_PENDING_DELETE; + atomic_dec(&ci->m_count); + } + read_unlock(&inode_hash_lock); + return ret; +} + +bool ksmbd_inode_pending_delete(struct ksmbd_file *fp) +{ + return (fp->f_ci->m_flags & S_DEL_PENDING); +} + +void ksmbd_set_inode_pending_delete(struct ksmbd_file *fp) +{ + fp->f_ci->m_flags |= S_DEL_PENDING; +} + +void ksmbd_clear_inode_pending_delete(struct ksmbd_file *fp) +{ + fp->f_ci->m_flags &= ~S_DEL_PENDING; +} + +void ksmbd_fd_set_delete_on_close(struct ksmbd_file *fp, + int file_info) +{ + if (ksmbd_stream_fd(fp)) { + fp->f_ci->m_flags |= S_DEL_ON_CLS_STREAM; + return; + } + + fp->f_ci->m_flags |= S_DEL_ON_CLS; +} + +static void ksmbd_inode_hash(struct ksmbd_inode *ci) +{ + struct hlist_head *b = inode_hashtable + + inode_hash(ci->m_inode->i_sb, ci->m_inode->i_ino); + + hlist_add_head(&ci->m_hash, b); +} + +static void ksmbd_inode_unhash(struct ksmbd_inode *ci) +{ + write_lock(&inode_hash_lock); + hlist_del_init(&ci->m_hash); + write_unlock(&inode_hash_lock); +} + +static int ksmbd_inode_init(struct ksmbd_inode *ci, struct ksmbd_file *fp) +{ + ci->m_inode = FP_INODE(fp); + atomic_set(&ci->m_count, 1); + atomic_set(&ci->op_count, 0); + atomic_set(&ci->sop_count, 0); + ci->m_flags = 0; + ci->m_fattr = 0; + INIT_LIST_HEAD(&ci->m_fp_list); + INIT_LIST_HEAD(&ci->m_op_list); + rwlock_init(&ci->m_lock); + return 0; +} + +static struct ksmbd_inode *ksmbd_inode_get(struct ksmbd_file *fp) +{ + struct ksmbd_inode *ci, *tmpci; + int rc; + + read_lock(&inode_hash_lock); + ci = ksmbd_inode_lookup(fp); + read_unlock(&inode_hash_lock); + if (ci) + return ci; + + ci = kmalloc(sizeof(struct ksmbd_inode), GFP_KERNEL); + if (!ci) + return NULL; + + rc = ksmbd_inode_init(ci, fp); + if (rc) { + ksmbd_err("inode initialized failed\n"); + kfree(ci); + return NULL; + } + + write_lock(&inode_hash_lock); + tmpci = ksmbd_inode_lookup(fp); + if (!tmpci) { + ksmbd_inode_hash(ci); + } else { + kfree(ci); + ci = tmpci; + } + write_unlock(&inode_hash_lock); + return ci; +} + +static void ksmbd_inode_free(struct ksmbd_inode *ci) +{ + ksmbd_inode_unhash(ci); + kfree(ci); +} + +static void ksmbd_inode_put(struct ksmbd_inode *ci) +{ + if (atomic_dec_and_test(&ci->m_count)) + ksmbd_inode_free(ci); +} + +int __init ksmbd_inode_hash_init(void) +{ + unsigned int loop; + unsigned long numentries = 16384; + unsigned long bucketsize = sizeof(struct hlist_head); + unsigned long size; + + inode_hash_shift = ilog2(numentries); + inode_hash_mask = (1 << inode_hash_shift) - 1; + + size = bucketsize << inode_hash_shift; + + /* init master fp hash table */ + inode_hashtable = vmalloc(size); + if (!inode_hashtable) + return -ENOMEM; + + for (loop = 0; loop < (1U << inode_hash_shift); loop++) + INIT_HLIST_HEAD(&inode_hashtable[loop]); + return 0; +} + +void __exit ksmbd_release_inode_hash(void) +{ + vfree(inode_hashtable); +} + +static void __ksmbd_inode_close(struct ksmbd_file *fp) +{ + struct dentry *dir, *dentry; + struct ksmbd_inode *ci = fp->f_ci; + int err; + struct file *filp; + + filp = fp->filp; + if (ksmbd_stream_fd(fp) && (ci->m_flags & S_DEL_ON_CLS_STREAM)) { + ci->m_flags &= ~S_DEL_ON_CLS_STREAM; + err = ksmbd_vfs_remove_xattr(filp->f_path.dentry, + fp->stream.name); + if (err) + ksmbd_err("remove xattr failed : %s\n", + fp->stream.name); + } + + if (atomic_dec_and_test(&ci->m_count)) { + write_lock(&ci->m_lock); + if (ci->m_flags & (S_DEL_ON_CLS | S_DEL_PENDING)) { + dentry = filp->f_path.dentry; + dir = dentry->d_parent; + ci->m_flags &= ~(S_DEL_ON_CLS | S_DEL_PENDING); + write_unlock(&ci->m_lock); + ksmbd_vfs_unlink(dir, dentry); + write_lock(&ci->m_lock); + } + write_unlock(&ci->m_lock); + + ksmbd_inode_free(ci); + } +} + +static void __ksmbd_remove_durable_fd(struct ksmbd_file *fp) +{ + if (!HAS_FILE_ID(fp->persistent_id)) + return; + + write_lock(&global_ft.lock); + idr_remove(global_ft.idr, fp->persistent_id); + write_unlock(&global_ft.lock); +} + +static void __ksmbd_remove_fd(struct ksmbd_file_table *ft, + struct ksmbd_file *fp) +{ + if (!HAS_FILE_ID(fp->volatile_id)) + return; + + write_lock(&fp->f_ci->m_lock); + list_del_init(&fp->node); + write_unlock(&fp->f_ci->m_lock); + + write_lock(&ft->lock); + idr_remove(ft->idr, fp->volatile_id); + write_unlock(&ft->lock); +} + +static void __ksmbd_close_fd(struct ksmbd_file_table *ft, + struct ksmbd_file *fp) +{ + struct file *filp; + + fd_limit_close(); + __ksmbd_remove_durable_fd(fp); + __ksmbd_remove_fd(ft, fp); + + close_id_del_oplock(fp); + filp = fp->filp; + + __ksmbd_inode_close(fp); + if (!IS_ERR_OR_NULL(filp)) + fput(filp); + kfree(fp->filename); + if (ksmbd_stream_fd(fp)) + kfree(fp->stream.name); + ksmbd_free_file_struct(fp); +} + +static struct ksmbd_file *ksmbd_fp_get(struct ksmbd_file *fp) +{ + if (!atomic_inc_not_zero(&fp->refcount)) + return NULL; + return fp; +} + +static struct ksmbd_file *__ksmbd_lookup_fd(struct ksmbd_file_table *ft, + unsigned int id) +{ + bool unclaimed = true; + struct ksmbd_file *fp; + + read_lock(&ft->lock); + fp = idr_find(ft->idr, id); + if (fp) + fp = ksmbd_fp_get(fp); + + if (fp && fp->f_ci) { + read_lock(&fp->f_ci->m_lock); + unclaimed = list_empty(&fp->node); + read_unlock(&fp->f_ci->m_lock); + } + read_unlock(&ft->lock); + + if (fp && unclaimed) { + atomic_dec(&fp->refcount); + return NULL; + } + return fp; +} + +static void __put_fd_final(struct ksmbd_work *work, + struct ksmbd_file *fp) +{ + __ksmbd_close_fd(&work->sess->file_table, fp); + atomic_dec(&work->conn->stats.open_files_count); +} + +static void set_close_state_blocked_works(struct ksmbd_file *fp) +{ + struct ksmbd_work *cancel_work, *ctmp; + + spin_lock(&fp->f_lock); + list_for_each_entry_safe(cancel_work, ctmp, &fp->blocked_works, + fp_entry) { + list_del(&cancel_work->fp_entry); + cancel_work->state = KSMBD_WORK_CLOSED; + cancel_work->cancel_fn(cancel_work->cancel_argv); + } + spin_unlock(&fp->f_lock); +} + +int ksmbd_close_fd(struct ksmbd_work *work, unsigned int id) +{ + struct ksmbd_file *fp; + struct ksmbd_file_table *ft; + + if (!HAS_FILE_ID(id)) + return 0; + + ft = &work->sess->file_table; + read_lock(&ft->lock); + fp = idr_find(ft->idr, id); + if (fp) { + set_close_state_blocked_works(fp); + + if (!atomic_dec_and_test(&fp->refcount)) + fp = NULL; + } + read_unlock(&ft->lock); + + if (!fp) + return -EINVAL; + + __put_fd_final(work, fp); + return 0; +} + +void ksmbd_fd_put(struct ksmbd_work *work, + struct ksmbd_file *fp) +{ + if (!fp) + return; + + if (!atomic_dec_and_test(&fp->refcount)) + return; + __put_fd_final(work, fp); +} + +static bool __sanity_check(struct ksmbd_tree_connect *tcon, + struct ksmbd_file *fp) +{ + if (!fp) + return false; + if (fp->tcon != tcon) + return false; + return true; +} + +struct ksmbd_file *ksmbd_lookup_foreign_fd(struct ksmbd_work *work, + unsigned int id) +{ + return __ksmbd_lookup_fd(&work->sess->file_table, id); +} + +struct ksmbd_file *ksmbd_lookup_fd_fast(struct ksmbd_work *work, + unsigned int id) +{ + struct ksmbd_file *fp = __ksmbd_lookup_fd(&work->sess->file_table, id); + + if (__sanity_check(work->tcon, fp)) + return fp; + + ksmbd_fd_put(work, fp); + return NULL; +} + +struct ksmbd_file *ksmbd_lookup_fd_slow(struct ksmbd_work *work, + unsigned int id, + unsigned int pid) +{ + struct ksmbd_file *fp; + + if (!HAS_FILE_ID(id)) { + id = work->compound_fid; + pid = work->compound_pfid; + } + + if (!HAS_FILE_ID(id)) + return NULL; + + fp = __ksmbd_lookup_fd(&work->sess->file_table, id); + if (!__sanity_check(work->tcon, fp)) { + ksmbd_fd_put(work, fp); + return NULL; + } + if (fp->persistent_id != pid) { + ksmbd_fd_put(work, fp); + return NULL; + } + return fp; +} + +struct ksmbd_file *ksmbd_lookup_durable_fd(unsigned long long id) +{ + return __ksmbd_lookup_fd(&global_ft, id); +} + +int ksmbd_close_fd_app_id(struct ksmbd_work *work, + char *app_id) +{ + struct ksmbd_file *fp = NULL; + unsigned int id; + + read_lock(&global_ft.lock); + idr_for_each_entry(global_ft.idr, fp, id) { + if (!memcmp(fp->app_instance_id, + app_id, + SMB2_CREATE_GUID_SIZE)) { + if (!atomic_dec_and_test(&fp->refcount)) + fp = NULL; + break; + } + } + read_unlock(&global_ft.lock); + + if (!fp) + return -EINVAL; + + __put_fd_final(work, fp); + return 0; +} + +struct ksmbd_file *ksmbd_lookup_fd_cguid(char *cguid) +{ + struct ksmbd_file *fp = NULL; + unsigned int id; + + read_lock(&global_ft.lock); + idr_for_each_entry(global_ft.idr, fp, id) { + if (!memcmp(fp->create_guid, + cguid, + SMB2_CREATE_GUID_SIZE)) { + fp = ksmbd_fp_get(fp); + break; + } + } + read_unlock(&global_ft.lock); + + return fp; +} + +struct ksmbd_file *ksmbd_lookup_fd_filename(struct ksmbd_work *work, + char *filename) +{ + struct ksmbd_file *fp = NULL; + unsigned int id; + + read_lock(&work->sess->file_table.lock); + idr_for_each_entry(work->sess->file_table.idr, fp, id) { + if (!strcmp(fp->filename, filename)) { + fp = ksmbd_fp_get(fp); + break; + } + } + read_unlock(&work->sess->file_table.lock); + + return fp; +} + +struct ksmbd_file *ksmbd_lookup_fd_inode(struct inode *inode) +{ + struct ksmbd_file *lfp; + struct ksmbd_inode *ci; + struct list_head *cur; + + ci = ksmbd_inode_lookup_by_vfsinode(inode); + if (!ci) + return NULL; + + read_lock(&ci->m_lock); + list_for_each(cur, &ci->m_fp_list) { + lfp = list_entry(cur, struct ksmbd_file, node); + if (inode == FP_INODE(lfp)) { + atomic_dec(&ci->m_count); + read_unlock(&ci->m_lock); + return lfp; + } + } + atomic_dec(&ci->m_count); + read_unlock(&ci->m_lock); + return NULL; +} + +#define OPEN_ID_TYPE_VOLATILE_ID (0) +#define OPEN_ID_TYPE_PERSISTENT_ID (1) + +static void __open_id_set(struct ksmbd_file *fp, unsigned int id, int type) +{ + if (type == OPEN_ID_TYPE_VOLATILE_ID) + fp->volatile_id = id; + if (type == OPEN_ID_TYPE_PERSISTENT_ID) + fp->persistent_id = id; +} + +static int __open_id(struct ksmbd_file_table *ft, + struct ksmbd_file *fp, + int type) +{ + unsigned int id = 0; + int ret; + + if (type == OPEN_ID_TYPE_VOLATILE_ID && fd_limit_depleted()) { + __open_id_set(fp, KSMBD_NO_FID, type); + return -EMFILE; + } + + idr_preload(GFP_KERNEL); + write_lock(&ft->lock); + ret = idr_alloc_cyclic(ft->idr, fp, 0, INT_MAX, GFP_NOWAIT); + if (ret >= 0) { + id = ret; + ret = 0; + } else { + id = KSMBD_NO_FID; + fd_limit_close(); + } + + __open_id_set(fp, id, type); + write_unlock(&ft->lock); + idr_preload_end(); + return ret; +} + +unsigned int ksmbd_open_durable_fd(struct ksmbd_file *fp) +{ + __open_id(&global_ft, fp, OPEN_ID_TYPE_PERSISTENT_ID); + return fp->persistent_id; +} + +struct ksmbd_file *ksmbd_open_fd(struct ksmbd_work *work, + struct file *filp) +{ + struct ksmbd_file *fp; + int ret; + + fp = ksmbd_alloc_file_struct(); + if (!fp) { + ksmbd_err("Failed to allocate memory\n"); + return ERR_PTR(-ENOMEM); + } + + INIT_LIST_HEAD(&fp->blocked_works); + INIT_LIST_HEAD(&fp->node); + spin_lock_init(&fp->f_lock); + atomic_set(&fp->refcount, 1); + + fp->filp = filp; + fp->conn = work->sess->conn; + fp->tcon = work->tcon; + fp->volatile_id = KSMBD_NO_FID; + fp->persistent_id = KSMBD_NO_FID; + fp->f_ci = ksmbd_inode_get(fp); + + if (!fp->f_ci) { + ksmbd_free_file_struct(fp); + return ERR_PTR(-ENOMEM); + } + + ret = __open_id(&work->sess->file_table, fp, OPEN_ID_TYPE_VOLATILE_ID); + if (ret) { + ksmbd_inode_put(fp->f_ci); + ksmbd_free_file_struct(fp); + return ERR_PTR(ret); + } + + atomic_inc(&work->conn->stats.open_files_count); + return fp; +} + +static inline bool is_reconnectable(struct ksmbd_file *fp) +{ + struct oplock_info *opinfo = opinfo_get(fp); + bool reconn = false; + + if (!opinfo) + return false; + + if (opinfo->op_state != OPLOCK_STATE_NONE) { + opinfo_put(opinfo); + return false; + } + + if (fp->is_resilient || fp->is_persistent) + reconn = true; + else if (fp->is_durable && opinfo->is_lease && + opinfo->o_lease->state & SMB2_LEASE_HANDLE_CACHING_LE) + reconn = true; + + else if (fp->is_durable && opinfo->level == SMB2_OPLOCK_LEVEL_BATCH) + reconn = true; + + opinfo_put(opinfo); + return reconn; +} + +static int +__close_file_table_ids(struct ksmbd_file_table *ft, + struct ksmbd_tree_connect *tcon, + bool (*skip)(struct ksmbd_tree_connect *tcon, + struct ksmbd_file *fp)) +{ + unsigned int id; + struct ksmbd_file *fp; + int num = 0; + + idr_for_each_entry(ft->idr, fp, id) { + if (skip(tcon, fp)) + continue; + + set_close_state_blocked_works(fp); + + if (!atomic_dec_and_test(&fp->refcount)) + continue; + __ksmbd_close_fd(ft, fp); + num++; + } + return num; +} + +static bool tree_conn_fd_check(struct ksmbd_tree_connect *tcon, + struct ksmbd_file *fp) +{ + return fp->tcon != tcon; +} + +static bool session_fd_check(struct ksmbd_tree_connect *tcon, + struct ksmbd_file *fp) +{ + if (!is_reconnectable(fp)) + return false; + + fp->conn = NULL; + fp->tcon = NULL; + fp->volatile_id = KSMBD_NO_FID; + return true; +} + +void ksmbd_close_tree_conn_fds(struct ksmbd_work *work) +{ + int num = __close_file_table_ids(&work->sess->file_table, + work->tcon, + tree_conn_fd_check); + + atomic_sub(num, &work->conn->stats.open_files_count); +} + +void ksmbd_close_session_fds(struct ksmbd_work *work) +{ + int num = __close_file_table_ids(&work->sess->file_table, + work->tcon, + session_fd_check); + + atomic_sub(num, &work->conn->stats.open_files_count); +} + +int ksmbd_init_global_file_table(void) +{ + return ksmbd_init_file_table(&global_ft); +} + +void ksmbd_free_global_file_table(void) +{ + struct ksmbd_file *fp = NULL; + unsigned int id; + + idr_for_each_entry(global_ft.idr, fp, id) { + __ksmbd_remove_durable_fd(fp); + ksmbd_free_file_struct(fp); + } + + ksmbd_destroy_file_table(&global_ft); +} + +int ksmbd_reopen_durable_fd(struct ksmbd_work *work, + struct ksmbd_file *fp) +{ + if (!fp->is_durable || fp->conn || fp->tcon) { + ksmbd_err("Invalid durable fd [%p:%p]\n", + fp->conn, fp->tcon); + return -EBADF; + } + + if (HAS_FILE_ID(fp->volatile_id)) { + ksmbd_err("Still in use durable fd: %u\n", fp->volatile_id); + return -EBADF; + } + + fp->conn = work->sess->conn; + fp->tcon = work->tcon; + + __open_id(&work->sess->file_table, fp, OPEN_ID_TYPE_VOLATILE_ID); + if (!HAS_FILE_ID(fp->volatile_id)) { + fp->conn = NULL; + fp->tcon = NULL; + return -EBADF; + } + return 0; +} + +static void close_fd_list(struct ksmbd_work *work, struct list_head *head) +{ + while (!list_empty(head)) { + struct ksmbd_file *fp; + + fp = list_first_entry(head, struct ksmbd_file, node); + list_del_init(&fp->node); + + __ksmbd_close_fd(&work->sess->file_table, fp); + } +} + +int ksmbd_close_inode_fds(struct ksmbd_work *work, struct inode *inode) +{ + struct ksmbd_inode *ci; + bool unlinked = true; + struct ksmbd_file *fp, *fptmp; + LIST_HEAD(dispose); + + ci = ksmbd_inode_lookup_by_vfsinode(inode); + if (!ci) + return true; + + if (ci->m_flags & (S_DEL_ON_CLS | S_DEL_PENDING)) + unlinked = false; + + write_lock(&ci->m_lock); + list_for_each_entry_safe(fp, fptmp, &ci->m_fp_list, node) { + if (fp->conn) + continue; + + list_del(&fp->node); + list_add(&fp->node, &dispose); + } + atomic_dec(&ci->m_count); + write_unlock(&ci->m_lock); + + close_fd_list(work, &dispose); + return unlinked; +} + +int ksmbd_file_table_flush(struct ksmbd_work *work) +{ + struct ksmbd_file *fp = NULL; + unsigned int id; + int ret; + + read_lock(&work->sess->file_table.lock); + idr_for_each_entry(work->sess->file_table.idr, fp, id) { + ret = ksmbd_vfs_fsync(work, fp->volatile_id, KSMBD_NO_FID); + if (ret) + break; + } + read_unlock(&work->sess->file_table.lock); + return ret; +} + +int ksmbd_init_file_table(struct ksmbd_file_table *ft) +{ + ft->idr = ksmbd_alloc(sizeof(struct idr)); + if (!ft->idr) + return -ENOMEM; + + idr_init(ft->idr); + rwlock_init(&ft->lock); + return 0; +} + +void ksmbd_destroy_file_table(struct ksmbd_file_table *ft) +{ + if (!ft->idr) + return; + + __close_file_table_ids(ft, NULL, session_fd_check); + idr_destroy(ft->idr); + ksmbd_free(ft->idr); + ft->idr = NULL; +} diff --git a/fs/cifsd/vfs_cache.h b/fs/cifsd/vfs_cache.h new file mode 100644 index 000000000000..7d23657c86c6 --- /dev/null +++ b/fs/cifsd/vfs_cache.h @@ -0,0 +1,213 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2019 Samsung Electronics Co., Ltd. + */ + +#ifndef __VFS_CACHE_H__ +#define __VFS_CACHE_H__ + +#include <linux/version.h> +#include <linux/file.h> +#include <linux/fs.h> +#include <linux/rwsem.h> +#include <linux/spinlock.h> +#include <linux/idr.h> +#include <linux/workqueue.h> + +#include "vfs.h" + +/* Windows style file permissions for extended response */ +#define FILE_GENERIC_ALL 0x1F01FF +#define FILE_GENERIC_READ 0x120089 +#define FILE_GENERIC_WRITE 0x120116 +#define FILE_GENERIC_EXECUTE 0X1200a0 + +#define KSMBD_START_FID 0 +#define KSMBD_NO_FID (UINT_MAX) +#define SMB2_NO_FID (0xFFFFFFFFFFFFFFFFULL) + +#define FP_FILENAME(fp) fp->filp->f_path.dentry->d_name.name +#define FP_INODE(fp) fp->filp->f_path.dentry->d_inode +#define PARENT_INODE(fp) fp->filp->f_path.dentry->d_parent->d_inode + +#define ATTR_FP(fp) (fp->attrib_only && \ + (fp->cdoption != FILE_OVERWRITE_IF_LE && \ + fp->cdoption != FILE_OVERWRITE_LE && \ + fp->cdoption != FILE_SUPERSEDE_LE)) + +struct ksmbd_conn; +struct ksmbd_session; + +struct ksmbd_lock { + struct file_lock *fl; + struct list_head glist; + struct list_head llist; + unsigned int flags; + int cmd; + int zero_len; + unsigned long long start; + unsigned long long end; +}; + +struct stream { + char *name; + ssize_t size; +}; + +struct ksmbd_inode { + rwlock_t m_lock; + atomic_t m_count; + atomic_t op_count; + /* opinfo count for streams */ + atomic_t sop_count; + struct inode *m_inode; + unsigned int m_flags; + struct hlist_node m_hash; + struct list_head m_fp_list; + struct list_head m_op_list; + struct oplock_info *m_opinfo; + __le32 m_fattr; +}; + +struct ksmbd_file { + struct file *filp; + char *filename; + unsigned int persistent_id; + unsigned int volatile_id; + + spinlock_t f_lock; + + struct ksmbd_inode *f_ci; + struct ksmbd_inode *f_parent_ci; + struct oplock_info __rcu *f_opinfo; + struct ksmbd_conn *conn; + struct ksmbd_tree_connect *tcon; + + atomic_t refcount; + __le32 daccess; + __le32 saccess; + __le32 coption; + __le32 cdoption; + __u64 create_time; + __u64 itime; + + bool is_durable; + bool is_resilient; + bool is_persistent; + bool is_nt_open; + bool attrib_only; + + char client_guid[16]; + char create_guid[16]; + char app_instance_id[16]; + + struct stream stream; + struct list_head node; + struct list_head blocked_works; + + int durable_timeout; + + /* for SMB1 */ + int pid; + + /* conflict lock fail count for SMB1 */ + unsigned int cflock_cnt; + /* last lock failure start offset for SMB1 */ + unsigned long long llock_fstart; + + int dirent_offset; + + /* if ls is happening on directory, below is valid*/ + struct ksmbd_readdir_data readdir_data; + int dot_dotdot[2]; +}; + +static inline void set_ctx_actor(struct dir_context *ctx, + filldir_t actor) +{ + ctx->actor = actor; +} + +#define KSMBD_NR_OPEN_DEFAULT BITS_PER_LONG + +struct ksmbd_file_table { + rwlock_t lock; + struct idr *idr; +}; + +static inline bool HAS_FILE_ID(unsigned long long req) +{ + unsigned int id = (unsigned int)req; + + return id < KSMBD_NO_FID; +} + +static inline bool ksmbd_stream_fd(struct ksmbd_file *fp) +{ + return fp->stream.name != NULL; +} + +int ksmbd_init_file_table(struct ksmbd_file_table *ft); +void ksmbd_destroy_file_table(struct ksmbd_file_table *ft); + +int ksmbd_close_fd(struct ksmbd_work *work, unsigned int id); + +struct ksmbd_file *ksmbd_lookup_fd_fast(struct ksmbd_work *work, + unsigned int id); +struct ksmbd_file *ksmbd_lookup_foreign_fd(struct ksmbd_work *work, + unsigned int id); +struct ksmbd_file *ksmbd_lookup_fd_slow(struct ksmbd_work *work, + unsigned int id, + unsigned int pid); + +void ksmbd_fd_put(struct ksmbd_work *work, struct ksmbd_file *fp); + +int ksmbd_close_fd_app_id(struct ksmbd_work *work, char *app_id); +struct ksmbd_file *ksmbd_lookup_durable_fd(unsigned long long id); +struct ksmbd_file *ksmbd_lookup_fd_cguid(char *cguid); +struct ksmbd_file *ksmbd_lookup_fd_filename(struct ksmbd_work *work, + char *filename); +struct ksmbd_file *ksmbd_lookup_fd_inode(struct inode *inode); + +unsigned int ksmbd_open_durable_fd(struct ksmbd_file *fp); + +struct ksmbd_file *ksmbd_open_fd(struct ksmbd_work *work, + struct file *filp); + +void ksmbd_close_tree_conn_fds(struct ksmbd_work *work); +void ksmbd_close_session_fds(struct ksmbd_work *work); + +int ksmbd_close_inode_fds(struct ksmbd_work *work, struct inode *inode); + +int ksmbd_reopen_durable_fd(struct ksmbd_work *work, + struct ksmbd_file *fp); + +int ksmbd_init_global_file_table(void); +void ksmbd_free_global_file_table(void); + +int ksmbd_file_table_flush(struct ksmbd_work *work); + +void ksmbd_set_fd_limit(unsigned long limit); + +/* + * INODE hash + */ + +int __init ksmbd_inode_hash_init(void); +void __exit ksmbd_release_inode_hash(void); + +enum KSMBD_INODE_STATUS { + KSMBD_INODE_STATUS_OK, + KSMBD_INODE_STATUS_UNKNOWN, + KSMBD_INODE_STATUS_PENDING_DELETE, +}; + +int ksmbd_query_inode_status(struct inode *inode); + +bool ksmbd_inode_pending_delete(struct ksmbd_file *fp); +void ksmbd_set_inode_pending_delete(struct ksmbd_file *fp); +void ksmbd_clear_inode_pending_delete(struct ksmbd_file *fp); + +void ksmbd_fd_set_delete_on_close(struct ksmbd_file *fp, + int file_info); +#endif /* __VFS_CACHE_H__ */

From patchwork Mon Nov 14 12:48:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183101 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:13 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:13 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:12 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 004/308] cifsd: uniquify extract_sharename() Date: Mon, 14 Nov 2022 20:48:33 +0800 Message-ID: 20221114125337.1831594-5-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: efc5a278-2b32-4750-f682-08dac63c41ae X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7073844 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Stephen Rothwell sfr@canb.auug.org.au

mainline inclusion from mainline-5.15-rc1 commit 36ba38663be0a1b34aee1c79f3bb359fcac96c55 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/36ba38663be0

-------------------------------

uniquify extract_sharename().

Signed-off-by: Stephen Rothwell sfr@canb.auug.org.au Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/misc.c | 4 ++-- fs/cifsd/misc.h | 2 +- fs/cifsd/smb2pdu.c | 2 +- fs/cifsd/unicode.h | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/fs/cifsd/misc.c b/fs/cifsd/misc.c index 9e689c33f7bb..68983b08d519 100644 --- a/fs/cifsd/misc.c +++ b/fs/cifsd/misc.c @@ -210,12 +210,12 @@ void ksmbd_conv_path_to_windows(char *path) }

/** - * extract_sharename() - get share name from tree connect request + * ksmbd_extract_sharename() - get share name from tree connect request * @treename: buffer containing tree name and share name * * Return: share name on success, otherwise error */ -char *extract_sharename(char *treename) +char *ksmbd_extract_sharename(char *treename) { char *name = treename; char *dst; diff --git a/fs/cifsd/misc.h b/fs/cifsd/misc.h index d67843aad509..41b3dac2f5fc 100644 --- a/fs/cifsd/misc.h +++ b/fs/cifsd/misc.h @@ -25,7 +25,7 @@ void ksmbd_conv_path_to_unix(char *path); void ksmbd_strip_last_slash(char *path); void ksmbd_conv_path_to_windows(char *path);

-char *extract_sharename(char *treename); +char *ksmbd_extract_sharename(char *treename);

char *convert_to_unix_name(struct ksmbd_share_config *share, char *name);

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index b20cc07ee809..a4e78ebb0773 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -1709,7 +1709,7 @@ int smb2_tree_connect(struct ksmbd_work *work) goto out_err1; }

- name = extract_sharename(treename); + name = ksmbd_extract_sharename(treename); if (IS_ERR(name)) { status.ret = KSMBD_TREE_CONN_STATUS_ERROR; goto out_err1; diff --git a/fs/cifsd/unicode.h b/fs/cifsd/unicode.h index 228a02c9b95d..7135d62bf9b0 100644 --- a/fs/cifsd/unicode.h +++ b/fs/cifsd/unicode.h @@ -69,7 +69,7 @@ char *smb_strndup_from_utf16(const char *src, const int maxlen, const struct nls_table *codepage); extern int smbConvertToUTF16(__le16 *target, const char *source, int srclen, const struct nls_table *cp, int mapchars); -extern char *extract_sharename(char *treename); +extern char *ksmbd_extract_sharename(char *treename); #endif

wchar_t cifs_toupper(wchar_t in);

From patchwork Mon Nov 14 12:48:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183102 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:13 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:13 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:13 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 005/308] cifsd: Fix a handful of spelling mistakes Date: Mon, 14 Nov 2022 20:48:34 +0800 Message-ID: 20221114125337.1831594-6-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 4818e0f9-7378-4c5c-8872-08dac63c41f7 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7125840 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Colin Ian King colin.king@canonical.com

mainline inclusion from mainline-5.15-rc1 commit 1e853b937b2fcc51ff3939c7ae657d0726681ca1 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/1e853b937b2f

-------------------------------

There are several spelling mistakes in various ksmbd_err and ksmbd_debug messages. Fix these.

Signed-off-by: Colin Ian King colin.king@canonical.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/ndr.c | 2 +- fs/cifsd/smb2pdu.c | 4 ++-- fs/cifsd/transport_rdma.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/fs/cifsd/ndr.c b/fs/cifsd/ndr.c index d96dcd9e43c6..aa0cb8fc555d 100644 --- a/fs/cifsd/ndr.c +++ b/fs/cifsd/ndr.c @@ -325,7 +325,7 @@ int ndr_decode_v4_ntacl(struct ndr *n, struct xattr_ntacl *acl)

ndr_read_bytes(n, acl->desc, 10); if (strncmp(acl->desc, "posix_acl", 9)) { - ksmbd_err("Invalid acl desciption : %s\n", acl->desc); + ksmbd_err("Invalid acl description : %s\n", acl->desc); return -EINVAL; }

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index a4e78ebb0773..730bddbc8152 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -2508,7 +2508,7 @@ int smb2_open(struct ksmbd_work *work) if (req->NameLength) { if ((req->CreateOptions & FILE_DIRECTORY_FILE_LE) && *(char *)req->Buffer == '\') { - ksmbd_err("not allow directory name included leadning slash\n"); + ksmbd_err("not allow directory name included leading slash\n"); rc = -EINVAL; goto err_out1; } @@ -2636,7 +2636,7 @@ int smb2_open(struct ksmbd_work *work) }

if (!(req->DesiredAccess & DESIRED_ACCESS_MASK)) { - ksmbd_err("Invalid disired access : 0x%x\n", + ksmbd_err("Invalid desired access : 0x%x\n", le32_to_cpu(req->DesiredAccess)); rc = -EACCES; goto err_out1; diff --git a/fs/cifsd/transport_rdma.c b/fs/cifsd/transport_rdma.c index 1698f7ed9c2f..4f4806d67ab0 100644 --- a/fs/cifsd/transport_rdma.c +++ b/fs/cifsd/transport_rdma.c @@ -485,7 +485,7 @@ static int smb_direct_check_recvmsg(struct smb_direct_recvmsg *recvmsg) struct smb2_hdr *hdr = (struct smb2_hdr *) (recvmsg->packet + le32_to_cpu(req->data_offset) - 4); ksmbd_debug(RDMA, - "CreditGranted: %u, CreditRequested: %u, DataLength: %u, RemaingDataLength: %u, SMB: %x, Command: %u\n", + "CreditGranted: %u, CreditRequested: %u, DataLength: %u, RemainingDataLength: %u, SMB: %x, Command: %u\n", le16_to_cpu(req->credits_granted), le16_to_cpu(req->credits_requested), req->data_length, req->remaining_data_length,

From patchwork Mon Nov 14 12:48:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183103 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:14 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:14 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:13 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 006/308] cifsd: fix a precedence bug in parse_dacl() Date: Mon, 14 Nov 2022 20:48:35 +0800 Message-ID: 20221114125337.1831594-7-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 22710a90-e440-44c5-4032-08dac63c4240 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6976017 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Dan Carpenter dan.carpenter@oracle.com

mainline inclusion from mainline-5.15-rc1 commit 86df49e105afa6a205abb7d90809c3c76136eaa9 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/86df49e105af

-------------------------------

The shift has higher precedence than mask so this doesn't work as intended.

Signed-off-by: Dan Carpenter dan.carpenter@oracle.com Reviewed-by: Sergey Senozhatsky sergey.senozhatsky@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smbacl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/cifsd/smbacl.c b/fs/cifsd/smbacl.c index 8d8360ca4751..294c5a8fe9af 100644 --- a/fs/cifsd/smbacl.c +++ b/fs/cifsd/smbacl.c @@ -520,7 +520,7 @@ static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl, fattr->cf_gid; acl_state.groups->aces[acl_state.groups->n++].perms.allow = (mode & 0070) >> 3; - default_acl_state.group.allow = mode & 0070 >> 3; + default_acl_state.group.allow = (mode & 0070) >> 3; default_acl_state.groups->aces[default_acl_state.groups->n].gid = fattr->cf_gid; default_acl_state.groups->aces[default_acl_state.groups->n++].perms.allow =

From patchwork Mon Nov 14 12:48:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183104 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:14 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:14 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:13 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 007/308] cifsd: fix a IS_ERR() vs NULL bug Date: Mon, 14 Nov 2022 20:48:36 +0800 Message-ID: 20221114125337.1831594-8-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 63ec9b29-8955-4210-2a9b-08dac63c428a X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7260184 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Dan Carpenter dan.carpenter@oracle.com

mainline inclusion from mainline-5.15-rc1 commit 8ef32967065737dac51974efae333436354bea0a category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/8ef329670657

-------------------------------

The smb_direct_alloc_sendmsg() function never returns NULL, it only returns error pointers so the check needs to be updated.

Signed-off-by: Dan Carpenter dan.carpenter@oracle.com Reviewed-by: Sergey Senozhatsky sergey.senozhatsky@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/transport_rdma.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/cifsd/transport_rdma.c b/fs/cifsd/transport_rdma.c index 4f4806d67ab0..d235051dc5b1 100644 --- a/fs/cifsd/transport_rdma.c +++ b/fs/cifsd/transport_rdma.c @@ -997,8 +997,8 @@ static int smb_direct_create_header(struct smb_direct_transport *t, int ret;

sendmsg = smb_direct_alloc_sendmsg(t); - if (!sendmsg) - return -ENOMEM; + if (IS_ERR(sendmsg)) + return PTR_ERR(sendmsg);

/* Fill in the packet header */ packet = (struct smb_direct_data_transfer *)sendmsg->packet;

From patchwork Mon Nov 14 12:48:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183105 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:15 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:15 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:14 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 008/308] cifsd: Fix a use after free on error path Date: Mon, 14 Nov 2022 20:48:37 +0800 Message-ID: 20221114125337.1831594-9-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 568d6f8a-038b-436b-1296-08dac63c42d4 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7053472 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Dan Carpenter dan.carpenter@oracle.com

mainline inclusion from mainline-5.15-rc1 commit a2ba2709f5e465b316ef1f18605190d249847aad category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/a2ba2709f5e4

-------------------------------

The ksmbd_free_work_struct() frees "work" so we need to swap the order of these two function calls to avoid a use after free.

Signed-off-by: Dan Carpenter dan.carpenter@oracle.com Reviewed-by: Sergey Senozhatsky sergey.senozhatsky@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/oplock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/cifsd/oplock.c b/fs/cifsd/oplock.c index 6c3dbc71134e..f694c14be0df 100644 --- a/fs/cifsd/oplock.c +++ b/fs/cifsd/oplock.c @@ -638,8 +638,8 @@ static void __smb2_oplock_break_noti(struct work_struct *wk) if (allocate_oplock_break_buf(work)) { ksmbd_err("smb2_allocate_rsp_buf failed! "); atomic_dec(&conn->r_count); - ksmbd_free_work_struct(work); ksmbd_fd_put(work, fp); + ksmbd_free_work_struct(work); return; }

From patchwork Mon Nov 14 12:48:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183106 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:15 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:15 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:14 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 009/308] cifsd: fix static checker warning from smb_direct_post_send_data() Date: Mon, 14 Nov 2022 20:48:38 +0800 Message-ID: 20221114125337.1831594-10-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 4b2c2481-f18e-454a-2240-08dac63c431e X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6775579 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit bc3fcc9462ef4ba3ae66593cbaf47bf7af703ed3 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/bc3fcc9462ef

-------------------------------

Dan reported static checker warning: fs/cifsd/transport_rdma.c:1168 smb_direct_post_send_data() warn: missing error code 'ret'

This patch add missing ret error code.

Reported-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/transport_rdma.c | 1 + 1 file changed, 1 insertion(+)

diff --git a/fs/cifsd/transport_rdma.c b/fs/cifsd/transport_rdma.c index d235051dc5b1..45b76847f1e7 100644 --- a/fs/cifsd/transport_rdma.c +++ b/fs/cifsd/transport_rdma.c @@ -1165,6 +1165,7 @@ static int smb_direct_post_send_data(struct smb_direct_transport *t, sg, SMB_DIRECT_MAX_SEND_SGES-1, DMA_TO_DEVICE); if (sg_cnt <= 0) { ksmbd_err("failed to map buffer\n"); + ret = -ENOMEM; goto err; } else if (sg_cnt + msg->num_sge > SMB_DIRECT_MAX_SEND_SGES-1) { ksmbd_err("buffer not fitted into sges\n");

From patchwork Mon Nov 14 12:48:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183107 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:16 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:15 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:15 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 010/308] cifsd: fix static checker warning from smb_check_perm_dacl() Date: Mon, 14 Nov 2022 20:48:39 +0800 Message-ID: 20221114125337.1831594-11-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 7f16bfe2-9dc2-4303-7d50-08dac63c4368 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7210129 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 50355b0b20103a2be39e269a92909fa69f16f2d0 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/50355b0b2010

-------------------------------

Dan reported static checker warning:

fs/cifsd/smbacl.c:1140 smb_check_perm_dacl() error: we previously assumed 'pntsd' could be null (see line 1137)

This patch validate bounds of pntsd buffer.

Reported-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smbacl.c | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/fs/cifsd/smbacl.c b/fs/cifsd/smbacl.c index 294c5a8fe9af..77c79cf4afd0 100644 --- a/fs/cifsd/smbacl.c +++ b/fs/cifsd/smbacl.c @@ -800,9 +800,13 @@ int parse_sec_desc(struct smb_ntsd *pntsd, int acl_len, le32_to_cpu(pntsd->gsidoffset), le32_to_cpu(pntsd->sacloffset), dacloffset);

- if (dacloffset && dacl_ptr) + if (dacloffset) { + if (end_of_acl <= (char *)dacl_ptr || + end_of_acl < (char *)dacl_ptr + le16_to_cpu(dacl_ptr->size)) + return -EIO; total_ace_size = le16_to_cpu(dacl_ptr->size) - sizeof(struct smb_acl); + }

pntsd_type = le16_to_cpu(pntsd->type);

@@ -1131,13 +1135,28 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, struct dentry *dentry, struct smb_ace *others_ace = NULL; struct posix_acl_entry *pa_entry; unsigned int sid_type = SIDOWNER; + char *end_of_acl;

ksmbd_debug(SMB, "check permission using windows acl\n"); acl_size = ksmbd_vfs_get_sd_xattr(conn, dentry, &pntsd); - if (acl_size <= 0 || (pntsd && !pntsd->dacloffset)) + if (acl_size <= 0 || !pntsd || !pntsd->dacloffset) { + kfree(pntsd); return 0; + }

pdacl = (struct smb_acl *)((char *)pntsd + le32_to_cpu(pntsd->dacloffset)); + end_of_acl = ((char *)pntsd) + acl_size; + if (end_of_acl <= (char *)pdacl) { + kfree(pntsd); + return 0; + } + + if (end_of_acl < (char *)pdacl + le16_to_cpu(pdacl->size) || + le16_to_cpu(pdacl->size) < sizeof(struct smb_acl)) { + kfree(pntsd); + return 0; + } + if (!pdacl->num_aces) { if (!(le16_to_cpu(pdacl->size) - sizeof(struct smb_acl)) && *pdaccess & ~(FILE_READ_CONTROL_LE | FILE_WRITE_DAC_LE)) { @@ -1156,6 +1175,8 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, struct dentry *dentry, for (i = 0; i < le32_to_cpu(pdacl->num_aces); i++) { granted |= le32_to_cpu(ace->access_req); ace = (struct smb_ace *) ((char *)ace + le16_to_cpu(ace->size)); + if (end_of_acl < (char *)ace) + goto err_out; }

if (!pdacl->num_aces) @@ -1177,6 +1198,8 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, struct dentry *dentry, others_ace = ace;

ace = (struct smb_ace *) ((char *)ace + le16_to_cpu(ace->size)); + if (end_of_acl < (char *)ace) + goto err_out; }

if (*pdaccess & FILE_MAXIMAL_ACCESS_LE && found) {

From patchwork Mon Nov 14 12:48:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183108 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:16 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:16 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:15 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 011/308] cifsd: remove unneeded FIXME comments Date: Mon, 14 Nov 2022 20:48:40 +0800 Message-ID: 20221114125337.1831594-12-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: db5b6905-b6de-4740-e91e-08dac63c43b0 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7011317 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Sergey Senozhatsky senozhatsky@chromium.org

mainline inclusion from mainline-5.15-rc1 commit 2e2b0dda188993c86490cca02892a9a6e1449f5d category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/2e2b0dda1889

-------------------------------

Remove unneeded FIXME comments.

Signed-off-by: Sergey Senozhatsky senozhatsky@chromium.org Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/mgmt/share_config.c | 1 - fs/cifsd/mgmt/share_config.h | 2 -- fs/cifsd/mgmt/tree_connect.c | 1 - fs/cifsd/mgmt/tree_connect.h | 2 +- fs/cifsd/mgmt/user_config.c | 1 - fs/cifsd/mgmt/user_config.h | 3 +-- fs/cifsd/mgmt/user_session.c | 1 - fs/cifsd/server.c | 2 -- fs/cifsd/smb_common.c | 1 - fs/cifsd/transport_ipc.c | 3 --- fs/cifsd/transport_ipc.h | 1 - fs/cifsd/vfs_cache.c | 4 ---- 12 files changed, 2 insertions(+), 20 deletions(-)

diff --git a/fs/cifsd/mgmt/share_config.c b/fs/cifsd/mgmt/share_config.c index 0593702babfe..9bc7f7555ee2 100644 --- a/fs/cifsd/mgmt/share_config.c +++ b/fs/cifsd/mgmt/share_config.c @@ -16,7 +16,6 @@ #include "user_session.h" #include "../buffer_pool.h" #include "../transport_ipc.h" -#include "../ksmbd_server.h" /* FIXME */

#define SHARE_HASH_BITS 3 static DEFINE_HASHTABLE(shares_table, SHARE_HASH_BITS); diff --git a/fs/cifsd/mgmt/share_config.h b/fs/cifsd/mgmt/share_config.h index c47b874bd80b..49ca89667991 100644 --- a/fs/cifsd/mgmt/share_config.h +++ b/fs/cifsd/mgmt/share_config.h @@ -10,8 +10,6 @@ #include <linux/hashtable.h> #include <linux/path.h>

-#include "../glob.h" /* FIXME */ - struct ksmbd_share_config { char *name; char *path; diff --git a/fs/cifsd/mgmt/tree_connect.c b/fs/cifsd/mgmt/tree_connect.c index 2be7b2e2e3cd..d5670f2596a3 100644 --- a/fs/cifsd/mgmt/tree_connect.c +++ b/fs/cifsd/mgmt/tree_connect.c @@ -6,7 +6,6 @@ #include <linux/list.h> #include <linux/slab.h>

-#include "../ksmbd_server.h" /* FIXME */ #include "../buffer_pool.h" #include "../transport_ipc.h" #include "../connection.h" diff --git a/fs/cifsd/mgmt/tree_connect.h b/fs/cifsd/mgmt/tree_connect.h index 46237cd05b9c..4e40ec3f4774 100644 --- a/fs/cifsd/mgmt/tree_connect.h +++ b/fs/cifsd/mgmt/tree_connect.h @@ -8,7 +8,7 @@

#include <linux/hashtable.h>

-#include "../ksmbd_server.h" /* FIXME */ +#include "../ksmbd_server.h"

struct ksmbd_share_config; struct ksmbd_user; diff --git a/fs/cifsd/mgmt/user_config.c b/fs/cifsd/mgmt/user_config.c index 1ab68f80f72e..a1a454bfb57b 100644 --- a/fs/cifsd/mgmt/user_config.c +++ b/fs/cifsd/mgmt/user_config.c @@ -8,7 +8,6 @@ #include "user_config.h" #include "../buffer_pool.h" #include "../transport_ipc.h" -#include "../ksmbd_server.h" /* FIXME */

struct ksmbd_user *ksmbd_login_user(const char *account) { diff --git a/fs/cifsd/mgmt/user_config.h b/fs/cifsd/mgmt/user_config.h index 5cda4a5d3e2f..b2bb074a0150 100644 --- a/fs/cifsd/mgmt/user_config.h +++ b/fs/cifsd/mgmt/user_config.h @@ -6,8 +6,7 @@ #ifndef __USER_CONFIG_MANAGEMENT_H__ #define __USER_CONFIG_MANAGEMENT_H__

-#include "../glob.h" /* FIXME */ -#include "../ksmbd_server.h" /* FIXME */ +#include "../glob.h"

struct ksmbd_user { unsigned short flags; diff --git a/fs/cifsd/mgmt/user_session.c b/fs/cifsd/mgmt/user_session.c index d9f6dbde850a..afcdf76a3851 100644 --- a/fs/cifsd/mgmt/user_session.c +++ b/fs/cifsd/mgmt/user_session.c @@ -14,7 +14,6 @@ #include "../transport_ipc.h" #include "../connection.h" #include "../buffer_pool.h" -#include "../ksmbd_server.h" /* FIXME */ #include "../vfs_cache.h"

static struct ksmbd_ida *session_ida; diff --git a/fs/cifsd/server.c b/fs/cifsd/server.c index b9e114f8a5d2..4db443cd6dd1 100644 --- a/fs/cifsd/server.c +++ b/fs/cifsd/server.c @@ -102,8 +102,6 @@ static inline int check_conn_state(struct ksmbd_work *work) return 0; }

-/* @FIXME what a mess... god help. */ - #define TCP_HANDLER_CONTINUE 0 #define TCP_HANDLER_ABORT 1

diff --git a/fs/cifsd/smb_common.c b/fs/cifsd/smb_common.c index f7560b68b820..7eb6d98656c7 100644 --- a/fs/cifsd/smb_common.c +++ b/fs/cifsd/smb_common.c @@ -8,7 +8,6 @@ #include "server.h" #include "misc.h" #include "smbstatus.h" -/* @FIXME */ #include "connection.h" #include "ksmbd_work.h" #include "mgmt/user_session.h" diff --git a/fs/cifsd/transport_ipc.c b/fs/cifsd/transport_ipc.c index b91fa265f85d..c49e46fda9b1 100644 --- a/fs/cifsd/transport_ipc.c +++ b/fs/cifsd/transport_ipc.c @@ -28,9 +28,6 @@ #include "connection.h" #include "transport_tcp.h"

-/* @FIXME fix this code */ -extern int get_protocol_idx(char *str); - #define IPC_WAIT_TIMEOUT (2 * HZ)

#define IPC_MSG_HASH_BITS 3 diff --git a/fs/cifsd/transport_ipc.h b/fs/cifsd/transport_ipc.h index 68c003027811..6ed7cbea727e 100644 --- a/fs/cifsd/transport_ipc.h +++ b/fs/cifsd/transport_ipc.h @@ -7,7 +7,6 @@ #define __KSMBD_TRANSPORT_IPC_H__

#include <linux/wait.h> -#include "ksmbd_server.h" /* FIXME */

#define KSMBD_IPC_MAX_PAYLOAD 4096

diff --git a/fs/cifsd/vfs_cache.c b/fs/cifsd/vfs_cache.c index 8d8c4e373308..af92fab5b7ae 100644 --- a/fs/cifsd/vfs_cache.c +++ b/fs/cifsd/vfs_cache.c @@ -8,18 +8,14 @@ #include <linux/slab.h> #include <linux/vmalloc.h>

-/* @FIXME */ #include "glob.h" #include "vfs_cache.h" #include "buffer_pool.h" - #include "oplock.h" #include "vfs.h" #include "connection.h" #include "mgmt/tree_connect.h" #include "mgmt/user_session.h" - -/* @FIXME */ #include "smb_common.h"

#define S_DEL_PENDING 1

From patchwork Mon Nov 14 12:48:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183109 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:17 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:16 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:16 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 012/308] cifsd: fix incorrect comments Date: Mon, 14 Nov 2022 20:48:41 +0800 Message-ID: 20221114125337.1831594-13-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 5c433ec2-3367-4eca-54bf-08dac63c43f9 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7122418 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit 95fa1ce947d60b1bb4a0b6c92989cbe3612c1e68 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/95fa1ce947d6

-------------------------------

kernel test bot reports some incorrect comments. This patch fixes these comments.

Reported-by: kernel test bot lkp@intel.com Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/oplock.c | 66 ++++++++++++++++------------------------ fs/cifsd/server.c | 6 ++-- fs/cifsd/smb2pdu.c | 60 +++++++++--------------------------- fs/cifsd/smb_common.c | 7 ++--- fs/cifsd/transport_tcp.c | 5 +-- 5 files changed, 51 insertions(+), 93 deletions(-)

diff --git a/fs/cifsd/oplock.c b/fs/cifsd/oplock.c index f694c14be0df..e56c938a8f7a 100644 --- a/fs/cifsd/oplock.c +++ b/fs/cifsd/oplock.c @@ -21,11 +21,10 @@ static LIST_HEAD(lease_table_list); static DEFINE_RWLOCK(lease_list_lock);

/** - * get_new_opinfo() - allocate a new opinfo object for oplock info - * @conn: connection instance + * alloc_opinfo() - allocate a new opinfo object for oplock info + * @work: smb work * @id: fid of open file * @Tid: tree id of connection - * @lctx: lease context information * * Return: allocated opinfo object on success, otherwise NULL */ @@ -462,14 +461,6 @@ static void grant_none_oplock(struct oplock_info *opinfo_new, } }

-/** - * find_opinfo() - find lease object for given client guid and lease key - * @head: oplock list(read,write or none) head - * @guid1: client guid of matching lease owner - * @key1: lease key of matching lease owner - * - * Return: oplock(lease) object on success, otherwise NULL - */ static inline int compare_guid_key(struct oplock_info *opinfo, const char *guid1, const char *key1) { @@ -610,9 +601,9 @@ static inline int allocate_oplock_break_buf(struct ksmbd_work *work) }

/** - * smb2_oplock_break_noti() - send smb2 oplock break cmd from conn + * __smb2_oplock_break_noti() - send smb2 oplock break cmd from conn * to client - * @work: smb work object + * @wk: smb work object * * There are two ways this function can be called. 1- while file open we break * from exclusive/batch lock to levelII oplock and 2- while file write/truncate @@ -686,10 +677,9 @@ static void __smb2_oplock_break_noti(struct work_struct *wk) }

/** - * smb2_oplock_break() - send smb2 exclusive/batch to level2 oplock + * smb2_oplock_break_noti() - send smb2 exclusive/batch to level2 oplock * break command from server to client * @opinfo: oplock info object - * @ack_required if requiring ack * * Return: 0 on success, otherwise error */ @@ -734,7 +724,7 @@ static int smb2_oplock_break_noti(struct oplock_info *opinfo) /** * __smb2_lease_break_noti() - send lease break command from server * to client - * @work: smb work object + * @wk: smb work object */ static void __smb2_lease_break_noti(struct work_struct *wk) { @@ -790,10 +780,9 @@ static void __smb2_lease_break_noti(struct work_struct *wk) }

/** - * smb2_break_lease() - break lease when a new client request + * smb2_lease_break_noti() - break lease when a new client request * write lease * @opinfo: conains lease state information - * @ack_required: if requring ack * * Return: 0 on success, otherwise error */ @@ -1085,12 +1074,13 @@ static void set_oplock_level(struct oplock_info *opinfo, int level,

/** * smb_grant_oplock() - handle oplock/lease request on file open - * @fp: ksmbd file pointer - * @oplock: granted oplock type - * @id: fid of open file - * @Tid: Tree id of connection - * @lctx: lease context information on file open - * @attr_only: attribute only file open type + * @work: smb work + * @req_op_level: oplock level + * @pid: id of open file + * @fp: ksmbd file pointer + * @tid: Tree id of connection + * @lctx: lease context information on file open + * @share_ret: share mode * * Return: 0 on success, otherwise error */ @@ -1222,10 +1212,10 @@ int smb_grant_oplock(struct ksmbd_work *work, }

/** - * smb_break_write_oplock() - break batch/exclusive oplock to level2 + * smb_break_all_write_oplock() - break batch/exclusive oplock to level2 * @work: smb work * @fp: ksmbd file pointer - * @openfile: open file object + * @is_trunc: truncate on open */ static void smb_break_all_write_oplock(struct ksmbd_work *work, struct ksmbd_file *fp, int is_trunc) @@ -1250,7 +1240,7 @@ static void smb_break_all_write_oplock(struct ksmbd_work *work, /** * smb_break_all_levII_oplock() - send level2 oplock or read lease break command * from server to client - * @conn: connection instance + * @work: smb work * @fp: ksmbd file pointer * @is_trunc: truncate on open */ @@ -1351,7 +1341,7 @@ __u8 smb2_map_lease_to_oplock(__le32 lease_state) /** * create_lease_buf() - create lease context for open cmd response * @rbuf: buffer to create lease context response - * @lreq: buffer to stored parsed lease state information + * @lease: buffer to stored parsed lease state information */ void create_lease_buf(u8 *rbuf, struct lease *lease) { @@ -1378,7 +1368,6 @@ void create_lease_buf(u8 *rbuf, struct lease *lease) /** * parse_lease_state() - parse lease context containted in file open request * @open_req: buffer containing smb2 file open(create) request - * @lreq: buffer to stored parsed lease state information * * Return: oplock state, -ENOENT if create lease context not found */ @@ -1426,7 +1415,7 @@ struct lease_ctx_info *parse_lease_state(void *open_req) /** * smb2_find_context_vals() - find a particular context info in open request * @open_req: buffer containing smb2 file open(create) request - * @str: context name to search for + * @tag: context name to search for * * Return: pointer to requested context, NULL if @str context not found */ @@ -1458,7 +1447,7 @@ struct create_context *smb2_find_context_vals(void *open_req, const char *tag) }

/** - * create_durable_buf() - create durable handle context + * create_durable_rsp__buf() - create durable handle context * @cc: buffer to create durable context response */ void create_durable_rsp_buf(char *cc) @@ -1481,8 +1470,9 @@ void create_durable_rsp_buf(char *cc) }

/** - * create_durable_buf() - create durable handle v2 context + * create_durable_v2_rsp_buf() - create durable handle v2 context * @cc: buffer to create durable context response + * @fp: ksmbd file pointer */ void create_durable_v2_rsp_buf(char *cc, struct ksmbd_file *fp) { @@ -1508,8 +1498,9 @@ void create_durable_v2_rsp_buf(char *cc, struct ksmbd_file *fp) }

/** - * create_mxac_buf() - create query maximal access context - * @cc: buffer to create maximal access context response + * create_mxac_rsp_buf() - create query maximal access context + * @cc: buffer to create maximal access context response + * @maximal_access: maximal access */ void create_mxac_rsp_buf(char *cc, int maximal_access) { @@ -1533,10 +1524,6 @@ void create_mxac_rsp_buf(char *cc, int maximal_access) buf->MaximalAccess = cpu_to_le32(maximal_access); }

-/** - * create_mxac_buf() - create query maximal access context - * @cc: buffer to create query disk on id context response - */ void create_disk_id_rsp_buf(char *cc, __u64 file_id, __u64 vol_id) { struct create_disk_id_rsp *buf; @@ -1560,8 +1547,9 @@ void create_disk_id_rsp_buf(char *cc, __u64 file_id, __u64 vol_id) }

/** - * create_posix_buf() - create posix extension context + * create_posix_rsp_buf() - create posix extension context * @cc: buffer to create posix on posix response + * @fp: ksmbd file pointer */ void create_posix_rsp_buf(char *cc, struct ksmbd_file *fp) { diff --git a/fs/cifsd/server.c b/fs/cifsd/server.c index 4db443cd6dd1..d222190a846b 100644 --- a/fs/cifsd/server.c +++ b/fs/cifsd/server.c @@ -86,7 +86,7 @@ char *ksmbd_work_group(void)

/** * check_conn_state() - check state of server thread connection - * @ksmbd_work: smb work containing server thread information + * @work: smb work containing server thread information * * Return: 0 on valid connection, otherwise 1 to reconnect */ @@ -248,7 +248,7 @@ static void __handle_ksmbd_work(struct ksmbd_work *work,

/** * handle_ksmbd_work() - process pending smb work requests - * @ksmbd_work: smb work containing request command buffer + * @wk: smb work containing request command buffer * * called by kworker threads to processing remaining smb work requests */ @@ -604,7 +604,7 @@ static int __init ksmbd_server_init(void) }

/** - * exit_smb_server() - shutdown forker thread and free memory at module exit + * ksmbd_server_exit() - shutdown forker thread and free memory at module exit */ static void __exit ksmbd_server_exit(void) { diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 730bddbc8152..e4b91838d35c 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -88,8 +88,7 @@ struct channel *lookup_chann_list(struct ksmbd_session *sess)

/** * smb2_get_ksmbd_tcon() - get tree connection information for a tree id - * @sess: session containing tree list - * @tid: match tree connection with tree id + * @work: smb work * * Return: matching tree connection on success, otherwise error */ @@ -209,6 +208,7 @@ uint16_t get_smb2_cmd_val(struct ksmbd_work *work) /** * set_smb2_rsp_status() - set error response code on smb2 header * @work: smb work containing response buffer + * @err: error response code */ void set_smb2_rsp_status(struct ksmbd_work *work, __le32 err) { @@ -633,9 +633,10 @@ static void destroy_previous_session(struct ksmbd_user *user, uint64_t id)

/** * smb2_get_name() - get filename string from on the wire smb format + * @share: ksmbd_share_config pointer * @src: source buffer * @maxlen: maxlen of source string - * @work: smb work containing smb request buffer + * @nls_table: nls_table pointer * * Return: matching converted filename on success, otherwise error ptr */ @@ -747,6 +748,7 @@ static __le32 smb2_get_reparse_tag_special_file(umode_t mode) /** * smb2_get_dos_mode() - get file mode in dos format from unix mode * @stat: kstat containing file mode + * @attribute: attribute flags * * Return: converted dos mode */ @@ -1797,7 +1799,6 @@ int smb2_tree_connect(struct ksmbd_work *work) * @file_present: is file already present * @access: file access flags * @disposition: file disposition flags - * @work: smb work containing smb request buffer * * Return: file open flags */ @@ -4112,12 +4113,6 @@ static void get_internal_info_pipe(struct smb2_query_info_rsp *rsp, inc_rfc1001_len(rsp, sizeof(struct smb2_file_internal_info)); }

-/** - * smb2_info_file_pipe() - handler for smb2 query info on IPC pipe - * @work: smb work containing query info command buffer - * - * Return: 0 on success, otherwise error - */ static int smb2_get_info_file_pipe(struct ksmbd_session *sess, struct smb2_query_info_req *req, struct smb2_query_info_rsp *rsp) { @@ -4157,10 +4152,10 @@ static int smb2_get_info_file_pipe(struct ksmbd_session *sess, /** * smb2_get_ea() - handler for smb2 get extended attribute command * @work: smb work containing query info command buffer - * @path: path of file/dir to query info command - * @rq: get extended attribute request - * @resp: response buffer pointer - * @resp_org: base response buffer pointer in case of chained response + * @fp: ksmbd_file pointer + * @req: get extended attribute request + * @rsp: response buffer pointer + * @rsp_org: base response buffer pointer in case of chained response * * Return: 0 on success, otherwise error */ @@ -4761,12 +4756,6 @@ static int find_file_posix_info(struct smb2_query_info_rsp *rsp, return 0; }

-/** - * smb2_get_info_file() - handler for smb2 query info command - * @work: smb work containing query info request buffer - * - * Return: 0 on success, otherwise error - */ static int smb2_get_info_file(struct ksmbd_work *work, struct smb2_query_info_req *req, struct smb2_query_info_rsp *rsp, @@ -4901,13 +4890,6 @@ static int smb2_get_info_file(struct ksmbd_work *work, return rc; }

-/** - * smb2_get_info_filesystem() - handler for smb2 query info command - * @work: smb work containing query info request buffer - * - * Return: 0 on success, otherwise error - * TODO: need to implement STATUS_INFO_LENGTH_MISMATCH error handling - */ static int smb2_get_info_filesystem(struct ksmbd_work *work, struct smb2_query_info_req *req, struct smb2_query_info_rsp *rsp, @@ -5416,14 +5398,6 @@ int smb2_echo(struct ksmbd_work *work) return 0; }

-/** - * smb2_rename() - handler for rename using smb2 setinfo command - * @work: smb work containing set info command buffer - * @filp: file pointer of source file - * @old_fid: file id of source file - * - * Return: 0 on success, otherwise error - */ static int smb2_rename(struct ksmbd_work *work, struct ksmbd_file *fp, struct smb2_file_rename_info *file_info, struct nls_table *local_nls) @@ -5544,14 +5518,6 @@ static int smb2_rename(struct ksmbd_work *work, struct ksmbd_file *fp, return rc; }

-/** - * smb2_create_link() - handler for creating hardlink using smb2 - * set info command - * @work: smb work containing set info command buffer - * @filp: file pointer of source file - * - * Return: 0 on success, otherwise error - */ static int smb2_create_link(struct ksmbd_work *work, struct ksmbd_share_config *share, struct smb2_file_link_info *file_info, @@ -5914,6 +5880,9 @@ static int set_file_mode_info(struct ksmbd_file *fp, /** * smb2_set_info_file() - handler for smb2 set info command * @work: smb work containing set info command buffer + * @fp: ksmbd_file pointer + * @info_class: smb2 set info class + * @share: ksmbd_share_config pointer * * Return: 0 on success, otherwise error * TODO: need to implement an error handling for STATUS_INFO_LENGTH_MISMATCH @@ -8057,7 +8026,7 @@ int smb2_oplock_break(struct ksmbd_work *work)

/** * smb2_notify() - handler for smb2 notify request - * @ksmbd_work: smb work containing notify command buffer + * @work: smb work containing notify command buffer * * Return: 0 */ @@ -8081,7 +8050,8 @@ int smb2_notify(struct ksmbd_work *work)

/** * smb2_is_sign_req() - handler for checking packet signing status - * @work:smb work containing notify command buffer + * @work: smb work containing notify command buffer + * @command: SMB2 command id * * Return: true if packed is signed, false otherwise */ diff --git a/fs/cifsd/smb_common.c b/fs/cifsd/smb_common.c index 7eb6d98656c7..f779aae3fd6c 100644 --- a/fs/cifsd/smb_common.c +++ b/fs/cifsd/smb_common.c @@ -107,8 +107,8 @@ int ksmbd_lookup_protocol_idx(char *str) }

/** - * check_message() - check for valid smb2 request header - * @buf: smb2 header to be checked + * ksmbd_verify_smb_message() - check for valid smb2 request header + * @work: smb work * * check for valid smb signature and packet direction(request/response) * @@ -125,9 +125,8 @@ int ksmbd_verify_smb_message(struct ksmbd_work *work) }

/** - * is_smb_request() - check for valid smb request type + * ksmbd_smb_request() - check for valid smb request type * @conn: connection instance - * @type: smb request type * * Return: true on success, otherwise false */ diff --git a/fs/cifsd/transport_tcp.c b/fs/cifsd/transport_tcp.c index 60ec9b2e0370..359401227d93 100644 --- a/fs/cifsd/transport_tcp.c +++ b/fs/cifsd/transport_tcp.c @@ -173,7 +173,7 @@ static unsigned short ksmbd_tcp_get_port(const struct sockaddr *sa)

/** * ksmbd_tcp_new_connection() - create a new tcp session on mount - * @sock: socket associated with new connection + * @client_sk: socket associated with new connection * * whenever a new connection is requested, create a conn thread * (session thread) to handle new incoming smb requests from the connection @@ -252,7 +252,8 @@ static int ksmbd_kthread_fn(void *p) }

/** - * ksmbd_create_ksmbd_kthread() - start forker thread + * ksmbd_tcp_run_kthread() - start forker thread + * @iface: pointer to struct interface * * start forker thread(ksmbd/0) at module init time to listen * on port 445 for new SMB connection requests. It creates per connection

From patchwork Mon Nov 14 12:48:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183110 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:17 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:17 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:16 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 013/308] cifsd: fix warning: variable 'total_ace_size' and 'posix_ccontext' set but not used Date: Mon, 14 Nov 2022 20:48:42 +0800 Message-ID: 20221114125337.1831594-14-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: ece37d63-aa11-4e34-32d8-08dac63c4442 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6822122 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 548e9ad317393b0439081454d2110f519431d5ef category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/548e9ad31739

-------------------------------

kernel test robot reported warnings:

fs/cifsd/smbacl.c: In function 'parse_sec_desc':

...

fs/cifsd/smbacl.c:786:6: warning: variable 'total_ace_size' set but

not used [-Wunused-but-set-variable] 786 | int total_ace_size = 0, pntsd_type; | ^~~~~~~~~~~~~~ --- fs/cifsd/smb2pdu.c: In function 'smb2_open':

...

fs/cifsd/smb2pdu.c:3285:26: warning: variable 'posix_ccontext' set but

not used [-Wunused-but-set-variable] 3285 | struct create_context *posix_ccontext; | ^~~~~~~~~~~~~~

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 4 ---- fs/cifsd/smbacl.c | 14 +++----------- 2 files changed, 3 insertions(+), 15 deletions(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index e4b91838d35c..4ec45c3fa00e 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -3283,10 +3283,6 @@ int smb2_open(struct ksmbd_work *work) }

if (posix_ctxt) { - struct create_context *posix_ccontext; - - posix_ccontext = (struct create_context *)(rsp->Buffer + - le32_to_cpu(rsp->CreateContextsLength)); contxt_cnt++; create_posix_rsp_buf(rsp->Buffer + le32_to_cpu(rsp->CreateContextsLength), diff --git a/fs/cifsd/smbacl.c b/fs/cifsd/smbacl.c index 77c79cf4afd0..7f6d5313a02c 100644 --- a/fs/cifsd/smbacl.c +++ b/fs/cifsd/smbacl.c @@ -389,7 +389,8 @@ static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl, return;

/* validate that we do not go past end of acl */ - if (end_of_acl < (char *)pdacl + le16_to_cpu(pdacl->size)) { + if (end_of_acl <= (char *)pdacl || + end_of_acl < (char *)pdacl + le16_to_cpu(pdacl->size)) { ksmbd_err("ACL too small to parse DACL\n"); return; } @@ -783,7 +784,7 @@ int parse_sec_desc(struct smb_ntsd *pntsd, int acl_len, struct smb_acl *dacl_ptr; /* no need for SACL ptr */ char *end_of_acl = ((char *)pntsd) + acl_len; __u32 dacloffset; - int total_ace_size = 0, pntsd_type; + int pntsd_type;

if (pntsd == NULL) return -EIO; @@ -800,16 +801,7 @@ int parse_sec_desc(struct smb_ntsd *pntsd, int acl_len, le32_to_cpu(pntsd->gsidoffset), le32_to_cpu(pntsd->sacloffset), dacloffset);

- if (dacloffset) { - if (end_of_acl <= (char *)dacl_ptr || - end_of_acl < (char *)dacl_ptr + le16_to_cpu(dacl_ptr->size)) - return -EIO; - total_ace_size = - le16_to_cpu(dacl_ptr->size) - sizeof(struct smb_acl); - } - pntsd_type = le16_to_cpu(pntsd->type); - if (!(pntsd_type & DACL_PRESENT)) { ksmbd_debug(SMB, "DACL_PRESENT in DACL type is not set\n"); return rc;

From patchwork Mon Nov 14 12:48:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183111 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:18 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:17 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:17 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 014/308] cifsd: Pass string length parameter to match_pattern() Date: Mon, 14 Nov 2022 20:48:43 +0800 Message-ID: 20221114125337.1831594-15-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 2d8481bd-faf1-462b-eae7-08dac63c448a X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7073721 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit b24c93358035e3c20630a45c0bcdbb45aad9707d category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/b24c93358035

-------------------------------

When iterating through a directory, a file's name may not be null-terminated (depending on the underlying filesystem implementation).

Modify match_pattern to take the string's length into account when matching it against the request pattern.

Signed-off-by: Marios Makassikis mmakassikis@freebox.fr Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/misc.c | 7 +++++-- fs/cifsd/misc.h | 2 +- fs/cifsd/smb2pdu.c | 2 +- fs/cifsd/smb_common.c | 3 ++- 4 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/fs/cifsd/misc.c b/fs/cifsd/misc.c index 68983b08d519..189b90414976 100644 --- a/fs/cifsd/misc.c +++ b/fs/cifsd/misc.c @@ -22,20 +22,22 @@ * TODO : implement consideration about DOS_DOT, DOS_QM and DOS_STAR * * @string: string to compare with a pattern + * @len: string length * @pattern: pattern string which might include wildcard '*' and '?' * * Return: 0 if pattern matched with the string, otherwise non zero value */ -int match_pattern(const char *str, const char *pattern) +int match_pattern(const char *str, size_t len, const char *pattern) { const char *s = str; const char *p = pattern; bool star = false;

- while (*s) { + while (*s && len) { switch (*p) { case '?': s++; + len--; p++; break; case '*': @@ -48,6 +50,7 @@ int match_pattern(const char *str, const char *pattern) default: if (tolower(*s) == tolower(*p)) { s++; + len--; p++; } else { if (!star) diff --git a/fs/cifsd/misc.h b/fs/cifsd/misc.h index 41b3dac2f5fc..73b21709b6c9 100644 --- a/fs/cifsd/misc.h +++ b/fs/cifsd/misc.h @@ -11,7 +11,7 @@ struct nls_table; struct kstat; struct ksmbd_file;

-int match_pattern(const char *str, const char *pattern); +int match_pattern(const char *str, size_t len, const char *pattern);

int ksmbd_validate_filename(char *filename);

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 4ec45c3fa00e..32816baa8a99 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -3837,7 +3837,7 @@ static int __query_dir(struct dir_context *ctx, return 0; if (ksmbd_share_veto_filename(priv->work->tcon->share_conf, name)) return 0; - if (!match_pattern(name, priv->search_pattern)) + if (!match_pattern(name, namlen, priv->search_pattern)) return 0;

d_info->name = name; diff --git a/fs/cifsd/smb_common.c b/fs/cifsd/smb_common.c index f779aae3fd6c..2f58ef003238 100644 --- a/fs/cifsd/smb_common.c +++ b/fs/cifsd/smb_common.c @@ -294,7 +294,8 @@ int ksmbd_populate_dot_dotdot_entries(struct ksmbd_work *work, d_info->name_len = 2; }

- if (!match_pattern(d_info->name, search_pattern)) { + if (!match_pattern(d_info->name, d_info->name_len, + search_pattern)) { dir->dot_dotdot[i] = 1; continue; }

From patchwork Mon Nov 14 12:48:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183112 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:18 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:18 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:17 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 015/308] cifsd: Fix an error code in smb2_read() Date: Mon, 14 Nov 2022 20:48:44 +0800 Message-ID: 20221114125337.1831594-16-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 73870316-d0cb-4f77-c904-08dac63c44d3 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6834675 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Dan Carpenter dan.carpenter@oracle.com

mainline inclusion from mainline-5.15-rc1 commit c1ea111fd1bb4c4020503f5c53cd05a703d1a30b category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/c1ea111fd1bb

-------------------------------

This code is assigning the wrong variable to "err" so it returns zero/success instead of -ENOMEM.

Fixes: 788b6f45c1d2 ("cifsd: add server-side procedures for SMB3") Signed-off-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 32816baa8a99..6770ebedc24a 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -6200,7 +6200,7 @@ int smb2_read(struct ksmbd_work *work) work->aux_payload_buf = ksmbd_alloc_response(length); } if (!work->aux_payload_buf) { - err = nbytes; + err = -ENOMEM; goto out; }

From patchwork Mon Nov 14 12:48:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183113 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:19 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:18 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:18 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 016/308] cifsd: fix error handling in ksmbd_server_init() Date: Mon, 14 Nov 2022 20:48:45 +0800 Message-ID: 20221114125337.1831594-17-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 3eef6d13-a311-4c06-b225-08dac63c451d X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7068589 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Dan Carpenter dan.carpenter@oracle.com

mainline inclusion from mainline-5.15-rc1 commit 849f59e1a18adecf0617afc82efbfc5d126c49f8 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/849f59e1a18a

-------------------------------

The error handling in ksmbd_server_init() uses "one function to free everything style" which is impossible to audit and leads to several canonical bugs. When we free something that wasn't allocated it may be uninitialized, an error pointer, freed in a different function or we try freeing "foo->bar" when "foo" is a NULL pointer. And since the code is impossible to audit then it leads to memory leaks.

In the ksmbd_server_init() function, every goto will lead to a crash because we have not allocated the work queue but we call ksmbd_workqueue_destroy() which tries to flush a NULL work queue. Another bug is if ksmbd_init_buffer_pools() fails then it leads to a double free because we free "work_cache" twice. A third type of bug is that we forgot to call ksmbd_release_inode_hash() so that is a resource leak.

A better way to write error handling is for every function to clean up after itself and never leave things partially allocated. Then we can use "free the last successfully allocated resource" style. That way when someone is reading the code they can just track the last resource in their head and verify that the goto matches what they expect.

In this patch I modified ksmbd_ipc_init() to clean up after itself and then I converted ksmbd_server_init() to use gotos to clean up.

Fixes: cabcebc31de4 ("cifsd: introduce SMB3 kernel server") Signed-off-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/server.c | 33 +++++++++++++++++++++++---------- fs/cifsd/transport_ipc.c | 14 +++++++++++--- fs/cifsd/vfs_cache.c | 2 +- fs/cifsd/vfs_cache.h | 2 +- 4 files changed, 36 insertions(+), 15 deletions(-)

diff --git a/fs/cifsd/server.c b/fs/cifsd/server.c index d222190a846b..048bbc66aa60 100644 --- a/fs/cifsd/server.c +++ b/fs/cifsd/server.c @@ -567,39 +567,52 @@ static int __init ksmbd_server_init(void)

ret = server_conf_init(); if (ret) - return ret; + goto err_unregister;

ret = ksmbd_init_buffer_pools(); if (ret) - return ret; + goto err_unregister;

ret = ksmbd_init_session_table(); if (ret) - goto error; + goto err_destroy_pools;

ret = ksmbd_ipc_init(); if (ret) - goto error; + goto err_free_session_table;

ret = ksmbd_init_global_file_table(); if (ret) - goto error; + goto err_ipc_release;

ret = ksmbd_inode_hash_init(); if (ret) - goto error; + goto err_destroy_file_table;

ret = ksmbd_crypto_create(); if (ret) - goto error; + goto err_release_inode_hash;

ret = ksmbd_workqueue_init(); if (ret) - goto error; + goto err_crypto_destroy; return 0;

-error: - ksmbd_server_shutdown(); +err_crypto_destroy: + ksmbd_crypto_destroy(); +err_release_inode_hash: + ksmbd_release_inode_hash(); +err_destroy_file_table: + ksmbd_free_global_file_table(); +err_ipc_release: + ksmbd_ipc_release(); +err_free_session_table: + ksmbd_free_session_table(); +err_destroy_pools: + ksmbd_destroy_buffer_pools(); +err_unregister: + class_unregister(&ksmbd_control_class); + return ret; }

diff --git a/fs/cifsd/transport_ipc.c b/fs/cifsd/transport_ipc.c index c49e46fda9b1..e5f4d97b2924 100644 --- a/fs/cifsd/transport_ipc.c +++ b/fs/cifsd/transport_ipc.c @@ -887,11 +887,19 @@ int ksmbd_ipc_init(void) if (ret) { ksmbd_err("Failed to register KSMBD netlink interface %d\n", ret); - return ret; + goto cancel_work; }

ida = ksmbd_ida_alloc(); - if (!ida) - return -ENOMEM; + if (!ida) { + ret = -ENOMEM; + goto unregister; + } return 0; + +unregister: + genl_unregister_family(&ksmbd_genl_family); +cancel_work: + cancel_delayed_work_sync(&ipc_timer_work); + return ret; } diff --git a/fs/cifsd/vfs_cache.c b/fs/cifsd/vfs_cache.c index af92fab5b7ae..34e045f27230 100644 --- a/fs/cifsd/vfs_cache.c +++ b/fs/cifsd/vfs_cache.c @@ -236,7 +236,7 @@ int __init ksmbd_inode_hash_init(void) return 0; }

-void __exit ksmbd_release_inode_hash(void) +void ksmbd_release_inode_hash(void) { vfree(inode_hashtable); } diff --git a/fs/cifsd/vfs_cache.h b/fs/cifsd/vfs_cache.h index 7d23657c86c6..04ab5967a9ae 100644 --- a/fs/cifsd/vfs_cache.h +++ b/fs/cifsd/vfs_cache.h @@ -194,7 +194,7 @@ void ksmbd_set_fd_limit(unsigned long limit); */

int __init ksmbd_inode_hash_init(void); -void __exit ksmbd_release_inode_hash(void); +void ksmbd_release_inode_hash(void);

enum KSMBD_INODE_STATUS { KSMBD_INODE_STATUS_OK,

From patchwork Mon Nov 14 12:48:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183114 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:19 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:19 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:18 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 017/308] cifsd: remove redundant assignment to variable err Date: Mon, 14 Nov 2022 20:48:46 +0800 Message-ID: 20221114125337.1831594-18-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: d7f64538-d9fe-4dc4-1dfd-08dac63c4566 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6999095 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Colin Ian King colin.king@canonical.com

mainline inclusion from mainline-5.15-rc1 commit 3161ad3a717e69b26ea3d73467ed8399023b5075 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/3161ad3a717e

-------------------------------

The variable err is being initialized with a value that is never read and it is being updated later with a new value. The initialization is redundant and can be removed.

Addresses-Coverity: ("Unused value") Signed-off-by: Colin Ian King colin.king@canonical.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/vfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index 00f80ca45690..3d7413b8f526 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -587,7 +587,7 @@ int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name) struct path parent; struct dentry *dir, *dentry; char *last; - int err = -ENOENT; + int err;

last = extract_last_component(name); if (!last)

From patchwork Mon Nov 14 12:48:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183115 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:19 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:19 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:19 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 018/308] cifsd: remove unneeded macros Date: Mon, 14 Nov 2022 20:48:47 +0800 Message-ID: 20221114125337.1831594-19-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 91ef09b4-fbe2-459a-2dcf-08dac63c45b0 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7053408 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit e5066499079de0e1dac094baf4cb62eb86cbdd4f category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/e5066499079d

-------------------------------

Remove unneeded RESPONSE_BUF, REQUEST_BUF, RESPONSE_SZ, INIT_AUX_PAYLOAD, HAS_AUX_PAYLOAD, AUX_PAYLOAD, AUX_PAYLOAD_SIZE, RESP_HDR_SIZE, HAS_TRANSFORM_BUF and TRANSFORM_BUF macros.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/connection.c | 15 ++- fs/cifsd/ksmbd_work.c | 12 +-- fs/cifsd/ksmbd_work.h | 24 +---- fs/cifsd/oplock.c | 14 +-- fs/cifsd/server.c | 4 +- fs/cifsd/smb2misc.c | 2 +- fs/cifsd/smb2pdu.c | 212 +++++++++++++++++++++--------------------- fs/cifsd/smb_common.c | 8 +- fs/cifsd/vfs.c | 2 +- 9 files changed, 139 insertions(+), 154 deletions(-)

diff --git a/fs/cifsd/connection.c b/fs/cifsd/connection.c index d27553dee2ad..bdfde5ca2ded 100644 --- a/fs/cifsd/connection.c +++ b/fs/cifsd/connection.c @@ -154,7 +154,7 @@ void ksmbd_conn_wait_idle(struct ksmbd_conn *conn) int ksmbd_conn_write(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; - struct smb_hdr *rsp_hdr = RESPONSE_BUF(work); + struct smb_hdr *rsp_hdr = work->response_buf; size_t len = 0; int sent; struct kvec iov[3]; @@ -166,21 +166,20 @@ int ksmbd_conn_write(struct ksmbd_work *work) return -EINVAL; }

- if (HAS_TRANSFORM_BUF(work)) { + if (work->tr_buf) { iov[iov_idx] = (struct kvec) { work->tr_buf, sizeof(struct smb2_transform_hdr) }; len += iov[iov_idx++].iov_len; }

- if (HAS_AUX_PAYLOAD(work)) { - iov[iov_idx] = (struct kvec) { rsp_hdr, RESP_HDR_SIZE(work) }; + if (work->aux_payload_sz) { + iov[iov_idx] = (struct kvec) { rsp_hdr, work->resp_hdr_sz }; len += iov[iov_idx++].iov_len; - iov[iov_idx] = (struct kvec) { AUX_PAYLOAD(work), - AUX_PAYLOAD_SIZE(work) }; + iov[iov_idx] = (struct kvec) { work->aux_payload_buf, work->aux_payload_sz }; len += iov[iov_idx++].iov_len; } else { - if (HAS_TRANSFORM_BUF(work)) - iov[iov_idx].iov_len = RESP_HDR_SIZE(work); + if (work->tr_buf) + iov[iov_idx].iov_len = work->resp_hdr_sz; else iov[iov_idx].iov_len = get_rfc1002_len(rsp_hdr) + 4; iov[iov_idx].iov_base = rsp_hdr; diff --git a/fs/cifsd/ksmbd_work.c b/fs/cifsd/ksmbd_work.c index 8cd5dff0762d..505e59df3071 100644 --- a/fs/cifsd/ksmbd_work.c +++ b/fs/cifsd/ksmbd_work.c @@ -40,18 +40,18 @@ void ksmbd_free_work_struct(struct ksmbd_work *work) WARN_ON(work->saved_cred != NULL); if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_TBUF && work->set_trans_buf) - ksmbd_release_buffer(RESPONSE_BUF(work)); + ksmbd_release_buffer(work->response_buf); else - ksmbd_free_response(RESPONSE_BUF(work)); + ksmbd_free_response(work->response_buf);

if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_RBUF && work->set_read_buf) - ksmbd_release_buffer(AUX_PAYLOAD(work)); + ksmbd_release_buffer(work->aux_payload_buf); else - ksmbd_free_response(AUX_PAYLOAD(work)); + ksmbd_free_response(work->aux_payload_buf);

- ksmbd_free_response(TRANSFORM_BUF(work)); - ksmbd_free_request(REQUEST_BUF(work)); + ksmbd_free_response(work->tr_buf); + ksmbd_free_request(work->request_buf); if (work->async_id) ksmbd_release_id(work->conn->async_ida, work->async_id); kmem_cache_free(work_cache, work); diff --git a/fs/cifsd/ksmbd_work.h b/fs/cifsd/ksmbd_work.h index 405434d4c8ab..28a1692ed37f 100644 --- a/fs/cifsd/ksmbd_work.h +++ b/fs/cifsd/ksmbd_work.h @@ -27,12 +27,12 @@ struct ksmbd_work { struct ksmbd_tree_connect *tcon;

/* Pointer to received SMB header */ - char *request_buf; + void *request_buf; /* Response buffer */ - char *response_buf; + void *response_buf;

/* Read data buffer */ - char *aux_payload_buf; + void *aux_payload_buf;

/* Next cmd hdr in compound req buf*/ int next_smb2_rcv_hdr_off; @@ -92,24 +92,10 @@ struct ksmbd_work { #define WORK_CLOSED(w) ((w)->state == KSMBD_WORK_CLOSED) #define WORK_ACTIVE(w) ((w)->state == KSMBD_WORK_ACTIVE)

-#define RESPONSE_BUF(w) ((void *)(w)->response_buf) -#define REQUEST_BUF(w) ((void *)(w)->request_buf) - #define RESPONSE_BUF_NEXT(w) \ - ((void *)((w)->response_buf + (w)->next_smb2_rsp_hdr_off)) + (((w)->response_buf + (w)->next_smb2_rsp_hdr_off)) #define REQUEST_BUF_NEXT(w) \ - ((void *)((w)->request_buf + (w)->next_smb2_rcv_hdr_off)) - -#define RESPONSE_SZ(w) ((w)->response_sz) - -#define INIT_AUX_PAYLOAD(w) ((w)->aux_payload_buf = NULL) -#define HAS_AUX_PAYLOAD(w) ((w)->aux_payload_sz != 0) -#define AUX_PAYLOAD(w) ((void *)((w)->aux_payload_buf)) -#define AUX_PAYLOAD_SIZE(w) ((w)->aux_payload_sz) -#define RESP_HDR_SIZE(w) ((w)->resp_hdr_sz) - -#define HAS_TRANSFORM_BUF(w) ((w)->tr_buf != NULL) -#define TRANSFORM_BUF(w) ((void *)((w)->tr_buf)) + (((w)->request_buf + (w)->next_smb2_rcv_hdr_off))

struct ksmbd_work *ksmbd_alloc_work_struct(void); void ksmbd_free_work_struct(struct ksmbd_work *work); diff --git a/fs/cifsd/oplock.c b/fs/cifsd/oplock.c index e56c938a8f7a..25823bb7d086 100644 --- a/fs/cifsd/oplock.c +++ b/fs/cifsd/oplock.c @@ -608,14 +608,14 @@ static inline int allocate_oplock_break_buf(struct ksmbd_work *work) * There are two ways this function can be called. 1- while file open we break * from exclusive/batch lock to levelII oplock and 2- while file write/truncate * we break from levelII oplock no oplock. - * REQUEST_BUF(work) contains oplock_info. + * work->request_buf contains oplock_info. */ static void __smb2_oplock_break_noti(struct work_struct *wk) { struct smb2_oplock_break *rsp = NULL; struct ksmbd_work *work = container_of(wk, struct ksmbd_work, work); struct ksmbd_conn *conn = work->conn; - struct oplock_break_info *br_info = REQUEST_BUF(work); + struct oplock_break_info *br_info = work->request_buf; struct smb2_hdr *rsp_hdr; struct ksmbd_file *fp;

@@ -634,7 +634,7 @@ static void __smb2_oplock_break_noti(struct work_struct *wk) return; }

- rsp_hdr = RESPONSE_BUF(work); + rsp_hdr = work->response_buf; memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2); rsp_hdr->smb2_buf_length = cpu_to_be32(HEADER_SIZE_NO_BUF_LEN(conn)); rsp_hdr->ProtocolId = SMB2_PROTO_NUMBER; @@ -650,7 +650,7 @@ static void __smb2_oplock_break_noti(struct work_struct *wk) memset(rsp_hdr->Signature, 0, 16);

- rsp = RESPONSE_BUF(work); + rsp = work->response_buf;

rsp->StructureSize = cpu_to_le16(24); if (!br_info->open_trunc && @@ -730,7 +730,7 @@ static void __smb2_lease_break_noti(struct work_struct *wk) { struct smb2_lease_break *rsp = NULL; struct ksmbd_work *work = container_of(wk, struct ksmbd_work, work); - struct lease_break_info *br_info = REQUEST_BUF(work); + struct lease_break_info *br_info = work->request_buf; struct ksmbd_conn *conn = work->conn; struct smb2_hdr *rsp_hdr;

@@ -741,7 +741,7 @@ static void __smb2_lease_break_noti(struct work_struct *wk) return; }

- rsp_hdr = RESPONSE_BUF(work); + rsp_hdr = work->response_buf; memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2); rsp_hdr->smb2_buf_length = cpu_to_be32(HEADER_SIZE_NO_BUF_LEN(conn)); rsp_hdr->ProtocolId = SMB2_PROTO_NUMBER; @@ -756,7 +756,7 @@ static void __smb2_lease_break_noti(struct work_struct *wk) rsp_hdr->SessionId = 0; memset(rsp_hdr->Signature, 0, 16);

- rsp = RESPONSE_BUF(work); + rsp = work->response_buf; rsp->StructureSize = cpu_to_le16(44); rsp->Reserved = 0; rsp->Flags = 0; diff --git a/fs/cifsd/server.c b/fs/cifsd/server.c index 048bbc66aa60..80f5229da3ac 100644 --- a/fs/cifsd/server.c +++ b/fs/cifsd/server.c @@ -95,7 +95,7 @@ static inline int check_conn_state(struct ksmbd_work *work) struct smb_hdr *rsp_hdr;

if (ksmbd_conn_exiting(work) || ksmbd_conn_need_reconnect(work)) { - rsp_hdr = RESPONSE_BUF(work); + rsp_hdr = work->response_buf; rsp_hdr->Status.CifsError = STATUS_CONNECTION_DISCONNECTED; return 1; } @@ -169,7 +169,7 @@ static void __handle_ksmbd_work(struct ksmbd_work *work, return;

if (conn->ops->is_transform_hdr && - conn->ops->is_transform_hdr(REQUEST_BUF(work))) { + conn->ops->is_transform_hdr(work->request_buf)) { rc = conn->ops->decrypt_req(work); if (rc < 0) { conn->ops->set_rsp_status(work, STATUS_DATA_ERROR); diff --git a/fs/cifsd/smb2misc.c b/fs/cifsd/smb2misc.c index 485f431c776c..e6b87d9d33ed 100644 --- a/fs/cifsd/smb2misc.c +++ b/fs/cifsd/smb2misc.c @@ -355,7 +355,7 @@ static int smb2_validate_credit_charge(struct smb2_hdr *hdr)

int ksmbd_smb2_check_message(struct ksmbd_work *work) { - struct smb2_pdu *pdu = REQUEST_BUF(work); + struct smb2_pdu *pdu = work->request_buf; struct smb2_hdr *hdr = &pdu->hdr; int command; __u32 clc_len; /* calculated length */ diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 6770ebedc24a..460d5ba275bf 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -44,8 +44,8 @@ static void __wbuf(struct ksmbd_work *work, void **req, void **rsp) *req = REQUEST_BUF_NEXT(work); *rsp = RESPONSE_BUF_NEXT(work); } else { - *req = REQUEST_BUF(work); - *rsp = RESPONSE_BUF(work); + *req = work->request_buf; + *rsp = work->response_buf; } }

@@ -94,7 +94,7 @@ struct channel *lookup_chann_list(struct ksmbd_session *sess) */ int smb2_get_ksmbd_tcon(struct ksmbd_work *work) { - struct smb2_hdr *req_hdr = REQUEST_BUF(work); + struct smb2_hdr *req_hdr = work->request_buf; int tree_id;

work->tcon = NULL; @@ -131,7 +131,7 @@ void smb2_set_err_rsp(struct ksmbd_work *work) if (work->next_smb2_rcv_hdr_off) err_rsp = RESPONSE_BUF_NEXT(work); else - err_rsp = RESPONSE_BUF(work); + err_rsp = work->response_buf;

if (err_rsp->hdr.Status != STATUS_STOPPED_ON_SYMLINK) { err_rsp->StructureSize = SMB2_ERROR_STRUCTURE_SIZE2_LE; @@ -139,7 +139,7 @@ void smb2_set_err_rsp(struct ksmbd_work *work) err_rsp->Reserved = 0; err_rsp->ByteCount = 0; err_rsp->ErrorData[0] = 0; - inc_rfc1001_len(RESPONSE_BUF(work), SMB2_ERROR_STRUCTURE_SIZE2); + inc_rfc1001_len(work->response_buf, SMB2_ERROR_STRUCTURE_SIZE2); } }

@@ -151,7 +151,7 @@ void smb2_set_err_rsp(struct ksmbd_work *work) */ int is_smb2_neg_cmd(struct ksmbd_work *work) { - struct smb2_hdr *hdr = REQUEST_BUF(work); + struct smb2_hdr *hdr = work->request_buf;

/* is it SMB2 header ? */ if (hdr->ProtocolId != SMB2_PROTO_NUMBER) @@ -175,7 +175,7 @@ int is_smb2_neg_cmd(struct ksmbd_work *work) */ int is_smb2_rsp(struct ksmbd_work *work) { - struct smb2_hdr *hdr = RESPONSE_BUF(work); + struct smb2_hdr *hdr = work->response_buf;

/* is it SMB2 header ? */ if (hdr->ProtocolId != SMB2_PROTO_NUMBER) @@ -201,7 +201,7 @@ uint16_t get_smb2_cmd_val(struct ksmbd_work *work) if (work->next_smb2_rcv_hdr_off) rcv_hdr = REQUEST_BUF_NEXT(work); else - rcv_hdr = REQUEST_BUF(work); + rcv_hdr = work->request_buf; return le16_to_cpu(rcv_hdr->Command); }

@@ -217,7 +217,7 @@ void set_smb2_rsp_status(struct ksmbd_work *work, __le32 err) if (work->next_smb2_rcv_hdr_off) rsp_hdr = RESPONSE_BUF_NEXT(work); else - rsp_hdr = RESPONSE_BUF(work); + rsp_hdr = work->response_buf; rsp_hdr->Status = err; smb2_set_err_rsp(work); } @@ -241,7 +241,7 @@ int init_smb2_neg_rsp(struct ksmbd_work *work) conn->dialect <= SMB311_PROT_ID)) return -EINVAL;

- rsp_hdr = RESPONSE_BUF(work); + rsp_hdr = work->response_buf;

memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2);

@@ -260,7 +260,7 @@ int init_smb2_neg_rsp(struct ksmbd_work *work) rsp_hdr->SessionId = 0; memset(rsp_hdr->Signature, 0, 16);

- rsp = RESPONSE_BUF(work); + rsp = work->response_buf;

WARN_ON(ksmbd_conn_good(work));

@@ -410,11 +410,11 @@ static void init_chained_smb2_rsp(struct ksmbd_work *work) work->compound_sid = le64_to_cpu(rsp->SessionId); }

- len = get_rfc1002_len(RESPONSE_BUF(work)) - work->next_smb2_rsp_hdr_off; + len = get_rfc1002_len(work->response_buf) - work->next_smb2_rsp_hdr_off; next_hdr_offset = le32_to_cpu(req->NextCommand);

new_len = ALIGN(len, 8); - inc_rfc1001_len(RESPONSE_BUF(work), ((sizeof(struct smb2_hdr) - 4) + inc_rfc1001_len(work->response_buf, ((sizeof(struct smb2_hdr) - 4) + new_len - len)); rsp->NextCommand = cpu_to_le32(new_len);

@@ -459,7 +459,7 @@ static void init_chained_smb2_rsp(struct ksmbd_work *work) */ bool is_chained_smb2_message(struct ksmbd_work *work) { - struct smb2_hdr *hdr = REQUEST_BUF(work); + struct smb2_hdr *hdr = work->request_buf; unsigned int len;

if (hdr->ProtocolId != SMB2_PROTO_NUMBER) @@ -475,12 +475,12 @@ bool is_chained_smb2_message(struct ksmbd_work *work) * This is last request in chained command, * align response to 8 byte */ - len = ALIGN(get_rfc1002_len(RESPONSE_BUF(work)), 8); - len = len - get_rfc1002_len(RESPONSE_BUF(work)); + len = ALIGN(get_rfc1002_len(work->response_buf), 8); + len = len - get_rfc1002_len(work->response_buf); if (len) { ksmbd_debug(SMB, "padding len %u\n", len); - inc_rfc1001_len(RESPONSE_BUF(work), len); - if (HAS_AUX_PAYLOAD(work)) + inc_rfc1001_len(work->response_buf, len); + if (work->aux_payload_sz) work->aux_payload_sz += len; } } @@ -495,8 +495,8 @@ bool is_chained_smb2_message(struct ksmbd_work *work) */ int init_smb2_rsp_hdr(struct ksmbd_work *work) { - struct smb2_hdr *rsp_hdr = RESPONSE_BUF(work); - struct smb2_hdr *rcv_hdr = REQUEST_BUF(work); + struct smb2_hdr *rsp_hdr = work->response_buf; + struct smb2_hdr *rcv_hdr = work->request_buf; struct ksmbd_conn *conn = work->conn;

memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2); @@ -533,7 +533,7 @@ int init_smb2_rsp_hdr(struct ksmbd_work *work) */ int smb2_allocate_rsp_buf(struct ksmbd_work *work) { - struct smb2_hdr *hdr = REQUEST_BUF(work); + struct smb2_hdr *hdr = work->request_buf; size_t small_sz = MAX_CIFS_SMALL_BUFFER_SIZE; size_t large_sz = work->conn->vals->max_trans_size + MAX_SMB2_HDR_SIZE; size_t sz = small_sz; @@ -547,7 +547,7 @@ int smb2_allocate_rsp_buf(struct ksmbd_work *work) if (cmd == SMB2_QUERY_INFO_HE) { struct smb2_query_info_req *req;

- req = REQUEST_BUF(work); + req = work->request_buf; if (req->InfoType == SMB2_O_INFO_FILE && (req->FileInfoClass == FILE_FULL_EA_INFORMATION || req->FileInfoClass == FILE_ALL_INFORMATION)) { @@ -566,7 +566,7 @@ int smb2_allocate_rsp_buf(struct ksmbd_work *work) else work->response_buf = ksmbd_alloc_response(sz);

- if (!RESPONSE_BUF(work)) { + if (!work->response_buf) { ksmbd_err("Failed to allocate %zu bytes buffer\n", sz); return -ENOMEM; } @@ -583,7 +583,7 @@ int smb2_allocate_rsp_buf(struct ksmbd_work *work) */ int smb2_check_user_session(struct ksmbd_work *work) { - struct smb2_hdr *req_hdr = REQUEST_BUF(work); + struct smb2_hdr *req_hdr = work->request_buf; struct ksmbd_conn *conn = work->conn; unsigned int cmd = conn->ops->get_cmd_val(work); unsigned long long sess_id; @@ -686,7 +686,7 @@ int setup_async_work(struct ksmbd_work *work, void (*fn)(void **), void **arg) struct ksmbd_conn *conn = work->conn; int id;

- rsp_hdr = RESPONSE_BUF(work); + rsp_hdr = work->response_buf; rsp_hdr->Flags |= SMB2_FLAGS_ASYNC_COMMAND;

id = ksmbd_acquire_async_msg_id(conn->async_ida); @@ -716,7 +716,7 @@ void smb2_send_interim_resp(struct ksmbd_work *work, __le32 status) { struct smb2_hdr *rsp_hdr;

- rsp_hdr = RESPONSE_BUF(work); + rsp_hdr = work->response_buf; smb2_set_err_rsp(work); rsp_hdr->Status = status;

@@ -1030,8 +1030,8 @@ static __le32 deassemble_neg_contexts(struct ksmbd_conn *conn, int smb2_handle_negotiate(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; - struct smb2_negotiate_req *req = REQUEST_BUF(work); - struct smb2_negotiate_rsp *rsp = RESPONSE_BUF(work); + struct smb2_negotiate_req *req = work->request_buf; + struct smb2_negotiate_rsp *rsp = work->response_buf; int rc = 0; __le32 status;

@@ -1078,7 +1078,7 @@ int smb2_handle_negotiate(struct ksmbd_work *work) }

ksmbd_gen_preauth_integrity_hash(conn, - REQUEST_BUF(work), + work->request_buf, conn->preauth_info->Preauth_HashValue); rsp->NegotiateContextOffset = cpu_to_le32(OFFSET_OF_NEG_CONTEXT); @@ -1198,7 +1198,7 @@ static int generate_preauth_hash(struct ksmbd_work *work) }

ksmbd_gen_preauth_integrity_hash(conn, - REQUEST_BUF(work), + work->request_buf, sess->Preauth_HashValue); return 0; } @@ -1213,7 +1213,7 @@ static int decode_negotiation_token(struct ksmbd_work *work, if (!conn->use_spnego) return -EINVAL;

- req = REQUEST_BUF(work); + req = work->request_buf; sz = le16_to_cpu(req->SecurityBufferLength);

if (!ksmbd_decode_negTokenInit((char *)negblob, sz, conn)) { @@ -1229,8 +1229,8 @@ static int decode_negotiation_token(struct ksmbd_work *work, static int ntlm_negotiate(struct ksmbd_work *work, struct negotiate_message *negblob) { - struct smb2_sess_setup_req *req = REQUEST_BUF(work); - struct smb2_sess_setup_rsp *rsp = RESPONSE_BUF(work); + struct smb2_sess_setup_req *req = work->request_buf; + struct smb2_sess_setup_rsp *rsp = work->response_buf; struct challenge_message *chgblob; unsigned char *spnego_blob = NULL; u16 spnego_blob_len; @@ -1330,8 +1330,8 @@ static struct ksmbd_user *session_user(struct ksmbd_conn *conn,

static int ntlm_authenticate(struct ksmbd_work *work) { - struct smb2_sess_setup_req *req = REQUEST_BUF(work); - struct smb2_sess_setup_rsp *rsp = RESPONSE_BUF(work); + struct smb2_sess_setup_req *req = work->request_buf; + struct smb2_sess_setup_rsp *rsp = work->response_buf; struct ksmbd_conn *conn = work->conn; struct ksmbd_session *sess = work->sess; struct channel *chann = NULL; @@ -1473,8 +1473,8 @@ static int ntlm_authenticate(struct ksmbd_work *work) #ifdef CONFIG_SMB_SERVER_KERBEROS5 static int krb5_authenticate(struct ksmbd_work *work) { - struct smb2_sess_setup_req *req = REQUEST_BUF(work); - struct smb2_sess_setup_rsp *rsp = RESPONSE_BUF(work); + struct smb2_sess_setup_req *req = work->request_buf; + struct smb2_sess_setup_rsp *rsp = work->response_buf; struct ksmbd_conn *conn = work->conn; struct ksmbd_session *sess = work->sess; char *in_blob, *out_blob; @@ -1570,8 +1570,8 @@ static int krb5_authenticate(struct ksmbd_work *work) int smb2_sess_setup(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; - struct smb2_sess_setup_req *req = REQUEST_BUF(work); - struct smb2_sess_setup_rsp *rsp = RESPONSE_BUF(work); + struct smb2_sess_setup_req *req = work->request_buf; + struct smb2_sess_setup_rsp *rsp = work->response_buf; struct ksmbd_session *sess; struct negotiate_message *negblob; int rc = 0; @@ -1695,8 +1695,8 @@ int smb2_sess_setup(struct ksmbd_work *work) int smb2_tree_connect(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; - struct smb2_tree_connect_req *req = REQUEST_BUF(work); - struct smb2_tree_connect_rsp *rsp = RESPONSE_BUF(work); + struct smb2_tree_connect_req *req = work->request_buf; + struct smb2_tree_connect_rsp *rsp = work->response_buf; struct ksmbd_session *sess = work->sess; char *treename = NULL, *name = NULL; struct ksmbd_tree_conn_status status; @@ -1858,7 +1858,7 @@ static int smb2_create_open_flags(bool file_present, __le32 access, */ int smb2_tree_disconnect(struct ksmbd_work *work) { - struct smb2_tree_disconnect_rsp *rsp = RESPONSE_BUF(work); + struct smb2_tree_disconnect_rsp *rsp = work->response_buf; struct ksmbd_session *sess = work->sess; struct ksmbd_tree_connect *tcon = work->tcon;

@@ -1868,7 +1868,7 @@ int smb2_tree_disconnect(struct ksmbd_work *work) ksmbd_debug(SMB, "request\n");

if (!tcon) { - struct smb2_tree_disconnect_req *req = REQUEST_BUF(work); + struct smb2_tree_disconnect_req *req = work->request_buf;

ksmbd_debug(SMB, "Invalid tid %d\n", req->hdr.Id.SyncId.TreeId); rsp->hdr.Status = STATUS_NETWORK_NAME_DELETED; @@ -1890,7 +1890,7 @@ int smb2_tree_disconnect(struct ksmbd_work *work) int smb2_session_logoff(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; - struct smb2_logoff_rsp *rsp = RESPONSE_BUF(work); + struct smb2_logoff_rsp *rsp = work->response_buf; struct ksmbd_session *sess = work->sess;

rsp->StructureSize = cpu_to_le16(4); @@ -1907,7 +1907,7 @@ int smb2_session_logoff(struct ksmbd_work *work) ksmbd_conn_wait_idle(conn);

if (ksmbd_tree_conn_session_logoff(sess)) { - struct smb2_logoff_req *req = REQUEST_BUF(work); + struct smb2_logoff_req *req = work->request_buf;

ksmbd_debug(SMB, "Invalid tid %d\n", req->hdr.Id.SyncId.TreeId); rsp->hdr.Status = STATUS_NETWORK_NAME_DELETED; @@ -1934,8 +1934,8 @@ int smb2_session_logoff(struct ksmbd_work *work) */ static noinline int create_smb2_pipe(struct ksmbd_work *work) { - struct smb2_create_rsp *rsp = RESPONSE_BUF(work); - struct smb2_create_req *req = REQUEST_BUF(work); + struct smb2_create_rsp *rsp = work->response_buf; + struct smb2_create_req *req = work->request_buf; int id; int err; char *name; @@ -2490,7 +2490,7 @@ int smb2_open(struct ksmbd_work *work) umode_t posix_mode = 0; __le32 daccess, maximal_access = 0;

- rsp_org = RESPONSE_BUF(work); + rsp_org = work->response_buf; WORK_BUFFERS(work, req, rsp);

if (req->hdr.NextCommand && !work->next_smb2_rcv_hdr_off && @@ -3889,7 +3889,7 @@ int smb2_query_dir(struct ksmbd_work *work) int buffer_sz; struct smb2_query_dir_private query_dir_private = {NULL, };

- rsp_org = RESPONSE_BUF(work); + rsp_org = work->response_buf; WORK_BUFFERS(work, req, rsp);

if (ksmbd_override_fsids(work)) { @@ -5190,7 +5190,7 @@ int smb2_query_info(struct ksmbd_work *work) struct smb2_query_info_rsp *rsp, *rsp_org; int rc = 0;

- rsp_org = RESPONSE_BUF(work); + rsp_org = work->response_buf; WORK_BUFFERS(work, req, rsp);

ksmbd_debug(SMB, "GOT query info request\n"); @@ -5244,8 +5244,8 @@ int smb2_query_info(struct ksmbd_work *work) static noinline int smb2_close_pipe(struct ksmbd_work *work) { uint64_t id; - struct smb2_close_req *req = REQUEST_BUF(work); - struct smb2_close_rsp *rsp = RESPONSE_BUF(work); + struct smb2_close_req *req = work->request_buf; + struct smb2_close_rsp *rsp = work->response_buf;

id = le64_to_cpu(req->VolatileFileId); ksmbd_session_rpc_close(work->sess, id); @@ -5283,7 +5283,7 @@ int smb2_close(struct ksmbd_work *work) u64 time; int err = 0;

- rsp_org = RESPONSE_BUF(work); + rsp_org = work->response_buf; WORK_BUFFERS(work, req, rsp);

if (test_share_config_flag(work->tcon->share_conf, @@ -5386,7 +5386,7 @@ int smb2_close(struct ksmbd_work *work) */ int smb2_echo(struct ksmbd_work *work) { - struct smb2_echo_rsp *rsp = RESPONSE_BUF(work); + struct smb2_echo_rsp *rsp = work->response_buf;

rsp->StructureSize = cpu_to_le16(4); rsp->Reserved = 0; @@ -5974,7 +5974,7 @@ int smb2_set_info(struct ksmbd_work *work)

ksmbd_debug(SMB, "Received set info request\n");

- rsp_org = RESPONSE_BUF(work); + rsp_org = work->response_buf; if (work->next_smb2_rcv_hdr_off) { req = REQUEST_BUF_NEXT(work); rsp = RESPONSE_BUF_NEXT(work); @@ -5985,8 +5985,8 @@ int smb2_set_info(struct ksmbd_work *work) pid = work->compound_pfid; } } else { - req = REQUEST_BUF(work); - rsp = RESPONSE_BUF(work); + req = work->request_buf; + rsp = work->response_buf; }

if (!HAS_FILE_ID(id)) { @@ -6062,8 +6062,8 @@ static noinline int smb2_read_pipe(struct ksmbd_work *work) int nbytes = 0, err; uint64_t id; struct ksmbd_rpc_command *rpc_resp; - struct smb2_read_req *req = REQUEST_BUF(work); - struct smb2_read_rsp *rsp = RESPONSE_BUF(work); + struct smb2_read_req *req = work->request_buf; + struct smb2_read_rsp *rsp = work->response_buf;

id = le64_to_cpu(req->VolatileFileId);

@@ -6155,7 +6155,7 @@ int smb2_read(struct ksmbd_work *work) ssize_t nbytes = 0, remain_bytes = 0; int err = 0;

- rsp_org = RESPONSE_BUF(work); + rsp_org = work->response_buf; WORK_BUFFERS(work, req, rsp);

if (test_share_config_flag(work->tcon->share_conf, @@ -6212,10 +6212,10 @@ int smb2_read(struct ksmbd_work *work)

if ((nbytes == 0 && length != 0) || nbytes < mincount) { if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_RBUF) - ksmbd_release_buffer(AUX_PAYLOAD(work)); + ksmbd_release_buffer(work->aux_payload_buf); else - ksmbd_free_response(AUX_PAYLOAD(work)); - INIT_AUX_PAYLOAD(work); + ksmbd_free_response(work->aux_payload_buf); + work->aux_payload_buf = NULL; rsp->hdr.Status = STATUS_END_OF_FILE; smb2_set_err_rsp(work); ksmbd_fd_put(work, fp); @@ -6229,12 +6229,12 @@ int smb2_read(struct ksmbd_work *work) req->Channel == SMB2_CHANNEL_RDMA_V1) { /* write data to the client using rdma channel */ remain_bytes = smb2_read_rdma_channel(work, req, - AUX_PAYLOAD(work), nbytes); + work->aux_payload_buf, nbytes); if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_RBUF) - ksmbd_release_buffer(AUX_PAYLOAD(work)); + ksmbd_release_buffer(work->aux_payload_buf); else - ksmbd_free_response(AUX_PAYLOAD(work)); - INIT_AUX_PAYLOAD(work); + ksmbd_free_response(work->aux_payload_buf); + work->aux_payload_buf = NULL;

nbytes = 0; if (remain_bytes < 0) { @@ -6287,8 +6287,8 @@ int smb2_read(struct ksmbd_work *work) */ static noinline int smb2_write_pipe(struct ksmbd_work *work) { - struct smb2_write_req *req = REQUEST_BUF(work); - struct smb2_write_rsp *rsp = RESPONSE_BUF(work); + struct smb2_write_req *req = work->request_buf; + struct smb2_write_rsp *rsp = work->response_buf; struct ksmbd_rpc_command *rpc_resp; uint64_t id = 0; int err = 0, ret = 0; @@ -6418,7 +6418,7 @@ int smb2_write(struct ksmbd_work *work) bool writethrough = false; int err = 0;

- rsp_org = RESPONSE_BUF(work); + rsp_org = work->response_buf; WORK_BUFFERS(work, req, rsp);

if (test_share_config_flag(work->tcon->share_conf, @@ -6548,7 +6548,7 @@ int smb2_flush(struct ksmbd_work *work) struct smb2_flush_rsp *rsp, *rsp_org; int err;

- rsp_org = RESPONSE_BUF(work); + rsp_org = work->response_buf; WORK_BUFFERS(work, req, rsp);

ksmbd_debug(SMB, "SMB2_FLUSH called for fid %llu\n", @@ -6583,7 +6583,7 @@ int smb2_flush(struct ksmbd_work *work) int smb2_cancel(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; - struct smb2_hdr *hdr = REQUEST_BUF(work); + struct smb2_hdr *hdr = work->request_buf; struct smb2_hdr *chdr; struct ksmbd_work *cancel_work = NULL; struct list_head *tmp; @@ -6600,7 +6600,7 @@ int smb2_cancel(struct ksmbd_work *work) list_for_each(tmp, command_list) { cancel_work = list_entry(tmp, struct ksmbd_work, async_request_entry); - chdr = REQUEST_BUF(cancel_work); + chdr = cancel_work->request_buf;

if (cancel_work->async_id != le64_to_cpu(hdr->Id.AsyncId)) @@ -6621,7 +6621,7 @@ int smb2_cancel(struct ksmbd_work *work) list_for_each(tmp, command_list) { cancel_work = list_entry(tmp, struct ksmbd_work, request_entry); - chdr = REQUEST_BUF(cancel_work); + chdr = cancel_work->request_buf;

if (chdr->MessageId != hdr->MessageId || cancel_work == work) @@ -6754,8 +6754,8 @@ static inline bool lock_defer_pending(struct file_lock *fl) */ int smb2_lock(struct ksmbd_work *work) { - struct smb2_lock_req *req = REQUEST_BUF(work); - struct smb2_lock_rsp *rsp = RESPONSE_BUF(work); + struct smb2_lock_req *req = work->request_buf; + struct smb2_lock_rsp *rsp = work->response_buf; struct smb2_lock_element *lock_ele; struct ksmbd_file *fp = NULL; struct file_lock *flock = NULL; @@ -7504,7 +7504,7 @@ int smb2_ioctl(struct ksmbd_work *work) struct ksmbd_conn *conn = work->conn; int ret = 0;

- rsp_org = RESPONSE_BUF(work); + rsp_org = work->response_buf; if (work->next_smb2_rcv_hdr_off) { req = REQUEST_BUF_NEXT(work); rsp = RESPONSE_BUF_NEXT(work); @@ -7514,8 +7514,8 @@ int smb2_ioctl(struct ksmbd_work *work) id = work->compound_fid; } } else { - req = REQUEST_BUF(work); - rsp = RESPONSE_BUF(work); + req = work->request_buf; + rsp = work->response_buf; }

if (!HAS_FILE_ID(id)) @@ -7725,8 +7725,8 @@ int smb2_ioctl(struct ksmbd_work *work) */ static void smb20_oplock_break_ack(struct ksmbd_work *work) { - struct smb2_oplock_break *req = REQUEST_BUF(work); - struct smb2_oplock_break *rsp = RESPONSE_BUF(work); + struct smb2_oplock_break *req = work->request_buf; + struct smb2_oplock_break *rsp = work->response_buf; struct ksmbd_file *fp; struct oplock_info *opinfo = NULL; __le32 err = 0; @@ -7867,8 +7867,8 @@ static int check_lease_state(struct lease *lease, __le32 req_state) static void smb21_lease_break_ack(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; - struct smb2_lease_ack *req = REQUEST_BUF(work); - struct smb2_lease_ack *rsp = RESPONSE_BUF(work); + struct smb2_lease_ack *req = work->request_buf; + struct smb2_lease_ack *rsp = work->response_buf; struct oplock_info *opinfo; __le32 err = 0; int ret = 0; @@ -8000,8 +8000,8 @@ static void smb21_lease_break_ack(struct ksmbd_work *work) */ int smb2_oplock_break(struct ksmbd_work *work) { - struct smb2_oplock_break *req = REQUEST_BUF(work); - struct smb2_oplock_break *rsp = RESPONSE_BUF(work); + struct smb2_oplock_break *req = work->request_buf; + struct smb2_oplock_break *rsp = work->response_buf;

switch (le16_to_cpu(req->StructureSize)) { case OP_BREAK_STRUCT_SIZE_20: @@ -8053,7 +8053,7 @@ int smb2_notify(struct ksmbd_work *work) */ bool smb2_is_sign_req(struct ksmbd_work *work, unsigned int command) { - struct smb2_hdr *rcv_hdr2 = REQUEST_BUF(work); + struct smb2_hdr *rcv_hdr2 = work->request_buf;

if ((rcv_hdr2->Flags & SMB2_FLAGS_SIGNED) && command != SMB2_NEGOTIATE_HE && @@ -8078,7 +8078,7 @@ int smb2_check_sign_req(struct ksmbd_work *work) struct kvec iov[1]; size_t len;

- hdr_org = hdr = REQUEST_BUF(work); + hdr_org = hdr = work->request_buf; if (work->next_smb2_rcv_hdr_off) hdr = REQUEST_BUF_NEXT(work);

@@ -8122,7 +8122,7 @@ void smb2_set_sign_rsp(struct ksmbd_work *work) size_t len; int n_vec = 1;

- hdr_org = hdr = RESPONSE_BUF(work); + hdr_org = hdr = work->response_buf; if (work->next_smb2_rsp_hdr_off) hdr = RESPONSE_BUF_NEXT(work);

@@ -8146,11 +8146,11 @@ void smb2_set_sign_rsp(struct ksmbd_work *work) iov[0].iov_base = (char *)&hdr->ProtocolId; iov[0].iov_len = len;

- if (HAS_AUX_PAYLOAD(work)) { - iov[0].iov_len -= AUX_PAYLOAD_SIZE(work); + if (work->aux_payload_sz) { + iov[0].iov_len -= work->aux_payload_sz;

- iov[1].iov_base = AUX_PAYLOAD(work); - iov[1].iov_len = AUX_PAYLOAD_SIZE(work); + iov[1].iov_base = work->aux_payload_buf; + iov[1].iov_len = work->aux_payload_sz; n_vec++; }

@@ -8176,7 +8176,7 @@ int smb3_check_sign_req(struct ksmbd_work *work) struct kvec iov[1]; size_t len;

- hdr_org = hdr = REQUEST_BUF(work); + hdr_org = hdr = work->request_buf; if (work->next_smb2_rcv_hdr_off) hdr = REQUEST_BUF_NEXT(work);

@@ -8237,7 +8237,7 @@ void smb3_set_sign_rsp(struct ksmbd_work *work) size_t len; char *signing_key;

- hdr_org = hdr = RESPONSE_BUF(work); + hdr_org = hdr = work->response_buf; if (work->next_smb2_rsp_hdr_off) hdr = RESPONSE_BUF_NEXT(work);

@@ -8273,10 +8273,10 @@ void smb3_set_sign_rsp(struct ksmbd_work *work) memset(hdr->Signature, 0, SMB2_SIGNATURE_SIZE); iov[0].iov_base = (char *)&hdr->ProtocolId; iov[0].iov_len = len; - if (HAS_AUX_PAYLOAD(work)) { - iov[0].iov_len -= AUX_PAYLOAD_SIZE(work); - iov[1].iov_base = AUX_PAYLOAD(work); - iov[1].iov_len = AUX_PAYLOAD_SIZE(work); + if (work->aux_payload_sz) { + iov[0].iov_len -= work->aux_payload_sz; + iov[1].iov_base = work->aux_payload_buf; + iov[1].iov_len = work->aux_payload_sz; n_vec++; }

@@ -8336,11 +8336,11 @@ static void fill_transform_hdr(struct smb2_transform_hdr *tr_hdr,

int smb3_encrypt_resp(struct ksmbd_work *work) { - char *buf = RESPONSE_BUF(work); + char *buf = work->response_buf; struct smb2_transform_hdr *tr_hdr; struct kvec iov[3]; int rc = -ENOMEM; - int buf_size = 0, rq_nvec = 2 + (HAS_AUX_PAYLOAD(work) ? 1 : 0); + int buf_size = 0, rq_nvec = 2 + (work->aux_payload_sz ? 1 : 0);

if (ARRAY_SIZE(iov) < rq_nvec) return -ENOMEM; @@ -8358,11 +8358,11 @@ int smb3_encrypt_resp(struct ksmbd_work *work)

iov[1].iov_base = buf + 4; iov[1].iov_len = get_rfc1002_len(buf); - if (HAS_AUX_PAYLOAD(work)) { - iov[1].iov_len = RESP_HDR_SIZE(work) - 4; + if (work->aux_payload_sz) { + iov[1].iov_len = work->resp_hdr_sz - 4;

- iov[2].iov_base = AUX_PAYLOAD(work); - iov[2].iov_len = AUX_PAYLOAD_SIZE(work); + iov[2].iov_base = work->aux_payload_buf; + iov[2].iov_len = work->aux_payload_sz; buf_size += iov[2].iov_len; } buf_size += iov[1].iov_len; @@ -8390,7 +8390,7 @@ int smb3_decrypt_req(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; struct ksmbd_session *sess; - char *buf = REQUEST_BUF(work); + char *buf = work->request_buf; struct smb2_hdr *hdr; unsigned int pdu_length = get_rfc1002_len(buf); struct kvec iov[2]; @@ -8437,7 +8437,7 @@ int smb3_decrypt_req(struct ksmbd_work *work) bool smb3_11_final_sess_setup_resp(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; - struct smb2_hdr *rsp = RESPONSE_BUF(work); + struct smb2_hdr *rsp = work->response_buf;

if (conn->dialect < SMB30_PROT_ID) return false; diff --git a/fs/cifsd/smb_common.c b/fs/cifsd/smb_common.c index 2f58ef003238..da1928b948f8 100644 --- a/fs/cifsd/smb_common.c +++ b/fs/cifsd/smb_common.c @@ -116,7 +116,7 @@ int ksmbd_lookup_protocol_idx(char *str) */ int ksmbd_verify_smb_message(struct ksmbd_work *work) { - struct smb2_hdr *smb2_hdr = REQUEST_BUF(work); + struct smb2_hdr *smb2_hdr = work->request_buf;

if (smb2_hdr->ProtocolId == SMB2_PROTO_NUMBER) return ksmbd_smb2_check_message(work); @@ -408,7 +408,7 @@ static int __smb2_negotiate(struct ksmbd_conn *conn)

static int smb_handle_negotiate(struct ksmbd_work *work) { - struct smb_negotiate_rsp *neg_rsp = RESPONSE_BUF(work); + struct smb_negotiate_rsp *neg_rsp = work->response_buf;

ksmbd_debug(SMB, "Unsupported SMB protocol\n"); neg_rsp->hdr.Status.CifsError = STATUS_INVALID_LOGON_TYPE; @@ -420,11 +420,11 @@ int ksmbd_smb_negotiate_common(struct ksmbd_work *work, unsigned int command) struct ksmbd_conn *conn = work->conn; int ret;

- conn->dialect = ksmbd_negotiate_smb_dialect(REQUEST_BUF(work)); + conn->dialect = ksmbd_negotiate_smb_dialect(work->request_buf); ksmbd_debug(SMB, "conn->dialect 0x%x\n", conn->dialect);

if (command == SMB2_NEGOTIATE_HE) { - struct smb2_hdr *smb2_hdr = REQUEST_BUF(work); + struct smb2_hdr *smb2_hdr = work->request_buf;

if (smb2_hdr->ProtocolId != SMB2_PROTO_NUMBER) { ksmbd_debug(SMB, "Downgrade to SMB1 negotiation\n"); diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index 3d7413b8f526..e860ff9145a7 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -372,7 +372,7 @@ int ksmbd_vfs_read(struct ksmbd_work *work, char namebuf[NAME_MAX]; int ret;

- rbuf = AUX_PAYLOAD(work); + rbuf = work->aux_payload_buf; filp = fp->filp; inode = d_inode(filp->f_path.dentry); if (S_ISDIR(inode->i_mode))

From patchwork Mon Nov 14 12:48:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183116 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:20 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:20 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:19 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 019/308] cifsd: fix wrong use of rw semaphore in __session_create() Date: Mon, 14 Nov 2022 20:48:48 +0800 Message-ID: 20221114125337.1831594-20-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: b314706b-939f-450f-5771-08dac63c45f9 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7164575 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 69f447be15130b57cc00fa0a5c2d3fa949a46165 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/69f447be1513

-------------------------------

Adding list to session table should be protected by down_write/up_write().

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/mgmt/user_session.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/cifsd/mgmt/user_session.c b/fs/cifsd/mgmt/user_session.c index afcdf76a3851..1b71a20dacdb 100644 --- a/fs/cifsd/mgmt/user_session.c +++ b/fs/cifsd/mgmt/user_session.c @@ -298,9 +298,9 @@ static struct ksmbd_session *__session_create(int protocol) goto error;

if (protocol == CIFDS_SESSION_FLAG_SMB2) { - down_read(&sessions_table_lock); + down_write(&sessions_table_lock); hash_add(sessions_table, &sess->hlist, sess->id); - up_read(&sessions_table_lock); + up_write(&sessions_table_lock); } return sess;

From patchwork Mon Nov 14 12:48:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183117 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:20 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:20 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:20 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 020/308] cifsd: use kmalloc() for small allocations Date: Mon, 14 Nov 2022 20:48:49 +0800 Message-ID: 20221114125337.1831594-21-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: cb7210a4-21b4-4368-1ab1-08dac63c4643 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7247924 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 20ea7fd2ac7513c90b5d0675360298ca6722593d category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/20ea7fd2ac75

-------------------------------

Just use kmalloc() for small allocations.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/buffer_pool.c | 2 +- fs/cifsd/mgmt/share_config.c | 4 ++-- fs/cifsd/mgmt/user_config.c | 4 ++-- fs/cifsd/mgmt/user_session.c | 4 ++-- fs/cifsd/oplock.c | 2 +- fs/cifsd/smb2pdu.c | 4 ++-- fs/cifsd/transport_tcp.c | 2 +- fs/cifsd/vfs_cache.c | 2 +- 8 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/fs/cifsd/buffer_pool.c b/fs/cifsd/buffer_pool.c index 864fea547c68..91c04879e931 100644 --- a/fs/cifsd/buffer_pool.c +++ b/fs/cifsd/buffer_pool.c @@ -63,7 +63,7 @@ static int register_wm_size_class(size_t sz) { struct wm_list *l, *nl;

- nl = kvmalloc(sizeof(struct wm_list), GFP_KERNEL); + nl = kmalloc(sizeof(struct wm_list), GFP_KERNEL); if (!nl) return -ENOMEM;

diff --git a/fs/cifsd/mgmt/share_config.c b/fs/cifsd/mgmt/share_config.c index 9bc7f7555ee2..db780febd692 100644 --- a/fs/cifsd/mgmt/share_config.c +++ b/fs/cifsd/mgmt/share_config.c @@ -92,7 +92,7 @@ static int parse_veto_list(struct ksmbd_share_config *share, while (veto_list_sz > 0) { struct ksmbd_veto_pattern *p;

- p = ksmbd_alloc(sizeof(struct ksmbd_veto_pattern)); + p = kzalloc(sizeof(struct ksmbd_veto_pattern), GFP_KERNEL); if (!p) return -ENOMEM;

@@ -129,7 +129,7 @@ static struct ksmbd_share_config *share_config_request(char *name) if (resp->flags == KSMBD_SHARE_FLAG_INVALID) goto out;

- share = ksmbd_alloc(sizeof(struct ksmbd_share_config)); + share = kzalloc(sizeof(struct ksmbd_share_config), GFP_KERNEL); if (!share) goto out;

diff --git a/fs/cifsd/mgmt/user_config.c b/fs/cifsd/mgmt/user_config.c index a1a454bfb57b..f0c2f8994a6b 100644 --- a/fs/cifsd/mgmt/user_config.c +++ b/fs/cifsd/mgmt/user_config.c @@ -31,7 +31,7 @@ struct ksmbd_user *ksmbd_alloc_user(struct ksmbd_login_response *resp) { struct ksmbd_user *user = NULL;

- user = ksmbd_alloc(sizeof(struct ksmbd_user)); + user = kmalloc(sizeof(struct ksmbd_user), GFP_KERNEL); if (!user) return NULL;

@@ -40,7 +40,7 @@ struct ksmbd_user *ksmbd_alloc_user(struct ksmbd_login_response *resp) user->gid = resp->gid; user->uid = resp->uid; user->passkey_sz = resp->hash_sz; - user->passkey = ksmbd_alloc(resp->hash_sz); + user->passkey = kmalloc(resp->hash_sz, GFP_KERNEL); if (user->passkey) memcpy(user->passkey, resp->hash, resp->hash_sz);

diff --git a/fs/cifsd/mgmt/user_session.c b/fs/cifsd/mgmt/user_session.c index 1b71a20dacdb..5a2113bf18ef 100644 --- a/fs/cifsd/mgmt/user_session.c +++ b/fs/cifsd/mgmt/user_session.c @@ -101,7 +101,7 @@ int ksmbd_session_rpc_open(struct ksmbd_session *sess, char *rpc_name) if (!method) return -EINVAL;

- entry = ksmbd_alloc(sizeof(struct ksmbd_session_rpc)); + entry = kzalloc(sizeof(struct ksmbd_session_rpc), GFP_KERNEL); if (!entry) return -EINVAL;

@@ -266,7 +266,7 @@ static struct ksmbd_session *__session_create(int protocol) struct ksmbd_session *sess; int ret;

- sess = ksmbd_alloc(sizeof(struct ksmbd_session)); + sess = kzalloc(sizeof(struct ksmbd_session), GFP_KERNEL); if (!sess) return NULL;

diff --git a/fs/cifsd/oplock.c b/fs/cifsd/oplock.c index 25823bb7d086..d76aa47e19e4 100644 --- a/fs/cifsd/oplock.c +++ b/fs/cifsd/oplock.c @@ -593,7 +593,7 @@ static int oplock_break_pending(struct oplock_info *opinfo, int req_op_level)

static inline int allocate_oplock_break_buf(struct ksmbd_work *work) { - work->response_buf = ksmbd_alloc_response(MAX_CIFS_SMALL_BUFFER_SIZE); + work->response_buf = kzalloc(MAX_CIFS_SMALL_BUFFER_SIZE, GFP_KERNEL); if (!work->response_buf) return -ENOMEM; work->response_sz = MAX_CIFS_SMALL_BUFFER_SIZE; diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 460d5ba275bf..a1aa42b52597 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -1174,7 +1174,7 @@ static int alloc_preauth_hash(struct ksmbd_session *sess, if (sess->Preauth_HashValue) return 0;

- sess->Preauth_HashValue = ksmbd_alloc(PREAUTH_HASHVALUE_SIZE); + sess->Preauth_HashValue = kmalloc(PREAUTH_HASHVALUE_SIZE, GFP_KERNEL); if (!sess->Preauth_HashValue) return -ENOMEM;

@@ -8345,7 +8345,7 @@ int smb3_encrypt_resp(struct ksmbd_work *work) if (ARRAY_SIZE(iov) < rq_nvec) return -ENOMEM;

- tr_hdr = ksmbd_alloc_response(sizeof(struct smb2_transform_hdr)); + tr_hdr = kzalloc(sizeof(struct smb2_transform_hdr), GFP_KERNEL); if (!tr_hdr) return rc;

diff --git a/fs/cifsd/transport_tcp.c b/fs/cifsd/transport_tcp.c index 359401227d93..5dd8641f66ba 100644 --- a/fs/cifsd/transport_tcp.c +++ b/fs/cifsd/transport_tcp.c @@ -569,7 +569,7 @@ static struct interface *alloc_iface(char *ifname) if (!ifname) return NULL;

- iface = ksmbd_alloc(sizeof(struct interface)); + iface = kzalloc(sizeof(struct interface), GFP_KERNEL); if (!iface) { kfree(ifname); return NULL; diff --git a/fs/cifsd/vfs_cache.c b/fs/cifsd/vfs_cache.c index 34e045f27230..2b38628e1cb8 100644 --- a/fs/cifsd/vfs_cache.c +++ b/fs/cifsd/vfs_cache.c @@ -830,7 +830,7 @@ int ksmbd_file_table_flush(struct ksmbd_work *work)

int ksmbd_init_file_table(struct ksmbd_file_table *ft) { - ft->idr = ksmbd_alloc(sizeof(struct idr)); + ft->idr = kzalloc(sizeof(struct idr), GFP_KERNEL); if (!ft->idr) return -ENOMEM;

From patchwork Mon Nov 14 12:48:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183118 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:21 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:21 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:20 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 021/308] cifsd: add the check to work file lock and rename behaviors like Windows unless POSIX extensions are negotiated Date: Mon, 14 Nov 2022 20:48:50 +0800 Message-ID: 20221114125337.1831594-22-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 8bdd7fb8-8ccf-45a9-f8b9-08dac63c468b X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7139324 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit c36fca8630dda0fba7b9672f3c99ac4e260a0fd0 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/c36fca8630dd

-------------------------------

This patch add the check to work file lock and rename behaviors like Windows if POSIX extensions are not negotiated.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/vfs.c | 101 +++++++++++++++++++++++++++---------------------- 1 file changed, 56 insertions(+), 45 deletions(-)

diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index e860ff9145a7..f93cc55ea153 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -370,7 +370,6 @@ int ksmbd_vfs_read(struct ksmbd_work *work, char *rbuf, *name; struct inode *inode; char namebuf[NAME_MAX]; - int ret;

rbuf = work->aux_payload_buf; filp = fp->filp; @@ -391,11 +390,15 @@ int ksmbd_vfs_read(struct ksmbd_work *work, if (ksmbd_stream_fd(fp)) return ksmbd_vfs_stream_read(fp, rbuf, pos, count);

- ret = check_lock_range(filp, *pos, *pos + count - 1, - READ); - if (ret) { - ksmbd_err("unable to read due to lock\n"); - return -EAGAIN; + if (!work->tcon->posix_extensions) { + int ret; + + ret = check_lock_range(filp, *pos, *pos + count - 1, + READ); + if (ret) { + ksmbd_err("unable to read due to lock\n"); + return -EAGAIN; + } }

nbytes = kernel_read(filp, rbuf, count, pos); @@ -504,11 +507,13 @@ int ksmbd_vfs_write(struct ksmbd_work *work, struct ksmbd_file *fp, goto out; }

- err = check_lock_range(filp, *pos, *pos + count - 1, WRITE); - if (err) { - ksmbd_err("unable to write due to lock\n"); - err = -EAGAIN; - goto out; + if (!work->tcon->posix_extensions) { + err = check_lock_range(filp, *pos, *pos + count - 1, WRITE); + if (err) { + ksmbd_err("unable to write due to lock\n"); + err = -EAGAIN; + goto out; + } }

/* Do we need to break any of a levelII oplock? */ @@ -706,21 +711,23 @@ static int __ksmbd_vfs_rename(struct ksmbd_work *work, struct dentry *dst_dent; int err;

- spin_lock(&src_dent->d_lock); - list_for_each_entry(dst_dent, &src_dent->d_subdirs, d_child) { - struct ksmbd_file *child_fp; + if (!work->tcon->posix_extensions) { + spin_lock(&src_dent->d_lock); + list_for_each_entry(dst_dent, &src_dent->d_subdirs, d_child) { + struct ksmbd_file *child_fp;

- if (d_really_is_negative(dst_dent)) - continue; + if (d_really_is_negative(dst_dent)) + continue;

- child_fp = ksmbd_lookup_fd_inode(d_inode(dst_dent)); - if (child_fp) { - spin_unlock(&src_dent->d_lock); - ksmbd_debug(VFS, "Forbid rename, sub file/dir is in use\n"); - return -EACCES; + child_fp = ksmbd_lookup_fd_inode(d_inode(dst_dent)); + if (child_fp) { + spin_unlock(&src_dent->d_lock); + ksmbd_debug(VFS, "Forbid rename, sub file/dir is in use\n"); + return -EACCES; + } } + spin_unlock(&src_dent->d_lock); } - spin_unlock(&src_dent->d_lock);

if (d_really_is_negative(src_dent_parent)) return -ENOENT; @@ -820,7 +827,6 @@ int ksmbd_vfs_truncate(struct ksmbd_work *work, const char *name, { struct path path; int err = 0; - struct inode *inode;

if (name) { err = kern_path(name, 0, &path); @@ -842,18 +848,21 @@ int ksmbd_vfs_truncate(struct ksmbd_work *work, const char *name, /* Do we need to break any of a levelII oplock? */ smb_break_all_levII_oplock(work, fp, 1);

- inode = file_inode(filp); - if (size < inode->i_size) { - err = check_lock_range(filp, size, - inode->i_size - 1, WRITE); - } else { - err = check_lock_range(filp, inode->i_size, - size - 1, WRITE); - } + if (!work->tcon->posix_extensions) { + struct inode *inode = file_inode(filp);

- if (err) { - ksmbd_err("failed due to lock\n"); - return -EAGAIN; + if (size < inode->i_size) { + err = check_lock_range(filp, size, + inode->i_size - 1, WRITE); + } else { + err = check_lock_range(filp, inode->i_size, + size - 1, WRITE); + } + + if (err) { + ksmbd_err("failed due to lock\n"); + return -EAGAIN; + } }

err = vfs_truncate(&filp->f_path, size); @@ -1860,17 +1869,19 @@ int ksmbd_vfs_copy_file_ranges(struct ksmbd_work *work,

smb_break_all_levII_oplock(work, dst_fp, 1);

- for (i = 0; i < chunk_count; i++) { - src_off = le64_to_cpu(chunks[i].SourceOffset); - dst_off = le64_to_cpu(chunks[i].TargetOffset); - len = le32_to_cpu(chunks[i].Length); - - if (check_lock_range(src_fp->filp, src_off, - src_off + len - 1, READ)) - return -EAGAIN; - if (check_lock_range(dst_fp->filp, dst_off, - dst_off + len - 1, WRITE)) - return -EAGAIN; + if (!work->tcon->posix_extensions) { + for (i = 0; i < chunk_count; i++) { + src_off = le64_to_cpu(chunks[i].SourceOffset); + dst_off = le64_to_cpu(chunks[i].TargetOffset); + len = le32_to_cpu(chunks[i].Length); + + if (check_lock_range(src_fp->filp, src_off, + src_off + len - 1, READ)) + return -EAGAIN; + if (check_lock_range(dst_fp->filp, dst_off, + dst_off + len - 1, WRITE)) + return -EAGAIN; + } }

src_file_size = i_size_read(file_inode(src_fp->filp));

From patchwork Mon Nov 14 12:48:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183119 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:21 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:21 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:21 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 022/308] cifsd: fix error return code in ksmbd_vfs_remove_file() Date: Mon, 14 Nov 2022 20:48:51 +0800 Message-ID: 20221114125337.1831594-23-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: cb86b2a2-649a-4552-fcc4-08dac63c46d4 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7000713 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 7cb82de3cdf2da0acd6fc3e670c7271ded37e116 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/7cb82de3cdf2

-------------------------------

Change -ENOENT error to -EINVAL to response STATUS_INVALID_PARAMETER.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/vfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index f93cc55ea153..da44d131e25b 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -596,7 +596,7 @@ int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name)

last = extract_last_component(name); if (!last) - return -ENOENT; + return -EINVAL;

if (ksmbd_override_fsids(work)) return -ENOMEM;

From patchwork Mon Nov 14 12:48:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183120 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:22 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:22 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:21 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 023/308] cifsd: clean-up codes using chechpatch.pl --strict Date: Mon, 14 Nov 2022 20:48:52 +0800 Message-ID: 20221114125337.1831594-24-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 9f3b704d-0bf3-47cb-5e4c-08dac63c4723 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.0594383 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 64b39f4a2fd293cf899dd8062c57ce3715dd7ee9 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/64b39f4a2fd2

-------------------------------

Dan Carpenter suggested to run chechpatch.pl --strict on ksmbd to fix check warnings. This patch does not fix all warnings but only things that I can understand.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/auth.c | 117 ++--- fs/cifsd/buffer_pool.c | 3 +- fs/cifsd/connection.c | 23 +- fs/cifsd/connection.h | 34 +- fs/cifsd/glob.h | 14 +- fs/cifsd/ksmbd_server.h | 94 ++-- fs/cifsd/mgmt/user_session.h | 4 +- fs/cifsd/misc.c | 9 +- fs/cifsd/ndr.c | 9 +- fs/cifsd/netmisc.c | 2 - fs/cifsd/oplock.c | 118 +++-- fs/cifsd/oplock.h | 24 +- fs/cifsd/server.c | 35 +- fs/cifsd/smb2misc.c | 81 ++-- fs/cifsd/smb2ops.c | 2 +- fs/cifsd/smb2pdu.c | 827 +++++++++++++++-------------------- fs/cifsd/smb2pdu.h | 129 +++--- fs/cifsd/smb_common.c | 68 ++- fs/cifsd/smb_common.h | 4 +- fs/cifsd/smbacl.c | 85 ++-- fs/cifsd/time_wrappers.h | 4 +- fs/cifsd/transport_ipc.c | 46 +- fs/cifsd/transport_ipc.h | 34 +- fs/cifsd/transport_rdma.c | 163 ++++--- fs/cifsd/transport_tcp.c | 27 +- fs/cifsd/unicode.c | 40 +- fs/cifsd/unicode.h | 80 ++-- fs/cifsd/vfs.c | 158 +++---- fs/cifsd/vfs.h | 89 ++-- fs/cifsd/vfs_cache.c | 57 +-- fs/cifsd/vfs_cache.h | 35 +- 31 files changed, 1011 insertions(+), 1404 deletions(-)

diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index 0a49c67a69d6..b9fd62f77e1c 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -64,7 +64,6 @@ static char NEGOTIATE_GSS_HEADER[AUTH_GSS_LENGTH] = { #endif };

- void ksmbd_copy_gss_neg_header(void *buf) { memcpy(buf, NEGOTIATE_GSS_HEADER, AUTH_GSS_LENGTH); @@ -107,9 +106,7 @@ smbhash(unsigned char *out, const unsigned char *in, unsigned char *key) return 0; }

-static int ksmbd_enc_p24(unsigned char *p21, - const unsigned char *c8, - unsigned char *p24) +static int ksmbd_enc_p24(unsigned char *p21, const unsigned char *c8, unsigned char *p24) { int rc;

@@ -124,9 +121,8 @@ static int ksmbd_enc_p24(unsigned char *p21, }

/* produce a md4 message digest from data of length n bytes */ -static int ksmbd_enc_md4(unsigned char *md4_hash, - unsigned char *link_str, - int link_len) +static int ksmbd_enc_md4(unsigned char *md4_hash, unsigned char *link_str, + int link_len) { int rc; struct ksmbd_crypto_ctx *ctx; @@ -157,10 +153,8 @@ static int ksmbd_enc_md4(unsigned char *md4_hash, return rc; }

-static int ksmbd_enc_update_sess_key(unsigned char *md5_hash, - char *nonce, - char *server_challenge, - int len) +static int ksmbd_enc_update_sess_key(unsigned char *md5_hash, char *nonce, + char *server_challenge, int len) { int rc; struct ksmbd_crypto_ctx *ctx; @@ -204,9 +198,8 @@ static int ksmbd_enc_update_sess_key(unsigned char *md5_hash, * @hmac: source hmac value to be used for finding session key * */ -static int ksmbd_gen_sess_key(struct ksmbd_session *sess, - char *hash, - char *hmac) +static int ksmbd_gen_sess_key(struct ksmbd_session *sess, char *hash, + char *hmac) { struct ksmbd_crypto_ctx *ctx; int rc = -EINVAL; @@ -251,7 +244,7 @@ static int ksmbd_gen_sess_key(struct ksmbd_session *sess, }

static int calc_ntlmv2_hash(struct ksmbd_session *sess, char *ntlmv2_hash, - char *dname) + char *dname) { int ret = -EINVAL, len; wchar_t *domain = NULL; @@ -361,8 +354,9 @@ int ksmbd_auth_ntlm(struct ksmbd_session *sess, char *pw_buf) if (strncmp(pw_buf, key, CIFS_AUTH_RESP_SIZE) != 0) { ksmbd_debug(AUTH, "ntlmv1 authentication failed\n"); rc = -EINVAL; - } else + } else { ksmbd_debug(AUTH, "ntlmv1 authentication pass\n"); + }

return rc; } @@ -376,10 +370,8 @@ int ksmbd_auth_ntlm(struct ksmbd_session *sess, char *pw_buf) * * Return: 0 on success, error number on error */ -int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, - struct ntlmv2_resp *ntlmv2, - int blen, - char *domain_name) +int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2, + int blen, char *domain_name) { char ntlmv2_hash[CIFS_ENCPWD_SIZE]; char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE]; @@ -457,9 +449,8 @@ int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, * * Return: 0 on success, error number on error */ -static int __ksmbd_auth_ntlmv2(struct ksmbd_session *sess, - char *client_nonce, - char *ntlm_resp) +static int __ksmbd_auth_ntlmv2(struct ksmbd_session *sess, char *client_nonce, + char *ntlm_resp) { char sess_key[CIFS_SMB1_SESSKEY_SIZE] = {0}; int rc; @@ -497,8 +488,7 @@ static int __ksmbd_auth_ntlmv2(struct ksmbd_session *sess, * Return: 0 on success, error number on error */ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, - int blob_len, - struct ksmbd_session *sess) + int blob_len, struct ksmbd_session *sess) { char *domain_name; unsigned int lm_off, nt_off; @@ -523,8 +513,8 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,

/* process NTLM authentication */ if (nt_len == CIFS_AUTH_RESP_SIZE) { - if (le32_to_cpu(authblob->NegotiateFlags) - & NTLMSSP_NEGOTIATE_EXTENDED_SEC) + if (le32_to_cpu(authblob->NegotiateFlags) & + NTLMSSP_NEGOTIATE_EXTENDED_SEC) return __ksmbd_auth_ntlmv2(sess, (char *)authblob + lm_off, (char *)authblob + nt_off); else @@ -533,8 +523,7 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, }

/* TODO : use domain name that imported from configuration file */ - domain_name = smb_strndup_from_utf16( - (const char *)authblob + + domain_name = smb_strndup_from_utf16((const char *)authblob + le32_to_cpu(authblob->DomainName.BufferOffset), le16_to_cpu(authblob->DomainName.Length), true, sess->conn->local_nls); @@ -561,8 +550,7 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, * */ int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob, - int blob_len, - struct ksmbd_session *sess) + int blob_len, struct ksmbd_session *sess) { if (blob_len < sizeof(struct negotiate_message)) { ksmbd_debug(AUTH, "negotiate blob len %d too small\n", @@ -618,7 +606,7 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, flags |= NTLMSSP_REQUEST_TARGET;

if (sess->conn->use_spnego && - (cflags & NTLMSSP_NEGOTIATE_EXTENDED_SEC)) + (cflags & NTLMSSP_NEGOTIATE_EXTENDED_SEC)) flags |= NTLMSSP_NEGOTIATE_EXTENDED_SEC;

chgblob->NegotiateFlags = cpu_to_le32(flags); @@ -675,9 +663,8 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, }

#ifdef CONFIG_SMB_SERVER_KERBEROS5 -int ksmbd_krb5_authenticate(struct ksmbd_session *sess, - char *in_blob, int in_len, - char *out_blob, int *out_len) +int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob, + int in_len, char *out_blob, int *out_len) { struct ksmbd_spnego_authen_response *resp; struct ksmbd_user *user = NULL; @@ -726,9 +713,8 @@ int ksmbd_krb5_authenticate(struct ksmbd_session *sess, return retval; } #else -int ksmbd_krb5_authenticate(struct ksmbd_session *sess, - char *in_blob, int in_len, - char *out_blob, int *out_len) +int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob, + int in_len, char *out_blob, int *out_len) { return -EOPNOTSUPP; } @@ -743,11 +729,8 @@ int ksmbd_krb5_authenticate(struct ksmbd_session *sess, * @sig: signature value generated for client request packet * */ -int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, - char *key, - struct kvec *iov, - int n_vec, - char *sig) +int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov, + int n_vec, char *sig) { struct ksmbd_crypto_ctx *ctx; int rc = -EINVAL; @@ -798,11 +781,8 @@ int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, * @sig: signature value generated for client request packet * */ -int ksmbd_sign_smb3_pdu(struct ksmbd_conn *conn, - char *key, - struct kvec *iov, - int n_vec, - char *sig) +int ksmbd_sign_smb3_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov, + int n_vec, char *sig) { struct ksmbd_crypto_ctx *ctx; int rc = -EINVAL; @@ -851,7 +831,7 @@ struct derivation { };

static int generate_key(struct ksmbd_session *sess, struct kvec label, - struct kvec context, __u8 *key, unsigned int key_size) + struct kvec context, __u8 *key, unsigned int key_size) { unsigned char zero = 0x0; __u8 i[4] = {0, 0, 0, 1}; @@ -931,7 +911,7 @@ static int generate_key(struct ksmbd_session *sess, struct kvec label, }

static int generate_smb3signingkey(struct ksmbd_session *sess, - const struct derivation *signing) + const struct derivation *signing) { int rc; struct channel *chann; @@ -995,7 +975,7 @@ struct derivation_twin { };

static int generate_smb3encryptionkey(struct ksmbd_session *sess, - const struct derivation_twin *ptwin) + const struct derivation_twin *ptwin) { int rc;

@@ -1062,9 +1042,8 @@ int ksmbd_gen_smb311_encryptionkey(struct ksmbd_session *sess) return generate_smb3encryptionkey(sess, &twin); }

-int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, - char *buf, - __u8 *pi_hash) +int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf, + __u8 *pi_hash) { int rc = -1; struct smb2_hdr *rcv_hdr = (struct smb2_hdr *)buf; @@ -1073,14 +1052,15 @@ int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, struct ksmbd_crypto_ctx *ctx = NULL;

if (conn->preauth_info->Preauth_HashId == - SMB2_PREAUTH_INTEGRITY_SHA512) { + SMB2_PREAUTH_INTEGRITY_SHA512) { ctx = ksmbd_crypto_ctx_find_sha512(); if (!ctx) { ksmbd_debug(AUTH, "could not alloc sha512 rc %d\n", rc); goto out; } - } else + } else { goto out; + }

rc = crypto_shash_init(CRYPTO_SHA512(ctx)); if (rc) { @@ -1144,10 +1124,8 @@ int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len, return rc; }

-static int ksmbd_get_encryption_key(struct ksmbd_conn *conn, - __u64 ses_id, - int enc, - u8 *key) +static int ksmbd_get_encryption_key(struct ksmbd_conn *conn, __u64 ses_id, + int enc, u8 *key) { struct ksmbd_session *sess; u8 *ses_enc_key; @@ -1175,9 +1153,8 @@ static inline void smb2_sg_set_buf(struct scatterlist *sg, const void *buf, sg_set_page(sg, addr, buflen, offset_in_page(buf)); }

-static struct scatterlist *ksmbd_init_sg(struct kvec *iov, - unsigned int nvec, - u8 *sign) +static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec, + u8 *sign) { struct scatterlist *sg; unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 24; @@ -1190,8 +1167,9 @@ static struct scatterlist *ksmbd_init_sg(struct kvec *iov, nr_entries[i] = ((kaddr + iov[i + 1].iov_len + PAGE_SIZE - 1) >> PAGE_SHIFT) - (kaddr >> PAGE_SHIFT); - } else + } else { nr_entries[i]++; + } total_entries += nr_entries[i]; }

@@ -1232,16 +1210,13 @@ static struct scatterlist *ksmbd_init_sg(struct kvec *iov, sg_set_page(&sg[sg_idx++], virt_to_page(data), len, offset_in_page(data)); } - } smb2_sg_set_buf(&sg[sg_idx], sign, SMB2_SIGNATURE_SIZE); return sg; }

-int ksmbd_crypt_message(struct ksmbd_conn *conn, - struct kvec *iov, - unsigned int nvec, - int enc) +int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov, + unsigned int nvec, int enc) { struct smb2_transform_hdr *tr_hdr = (struct smb2_transform_hdr *)iov[0].iov_base; @@ -1319,9 +1294,9 @@ int ksmbd_crypt_message(struct ksmbd_conn *conn, goto free_sg; }

- if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM) + if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM) { memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES128GCM_NONCE); - else { + } else { iv[0] = 3; memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES128CCM_NONCE); } diff --git a/fs/cifsd/buffer_pool.c b/fs/cifsd/buffer_pool.c index 91c04879e931..ad2a2c885a2c 100644 --- a/fs/cifsd/buffer_pool.c +++ b/fs/cifsd/buffer_pool.c @@ -278,8 +278,7 @@ int ksmbd_init_buffer_pools(void) goto out;

filp_cache = kmem_cache_create("ksmbd_file_cache", - sizeof(struct ksmbd_file), 0, - SLAB_HWCACHE_ALIGN, NULL); + sizeof(struct ksmbd_file), 0, SLAB_HWCACHE_ALIGN, NULL); if (!filp_cache) goto out;

diff --git a/fs/cifsd/connection.c b/fs/cifsd/connection.c index bdfde5ca2ded..df56e347b709 100644 --- a/fs/cifsd/connection.c +++ b/fs/cifsd/connection.c @@ -119,7 +119,7 @@ int ksmbd_conn_try_dequeue_request(struct ksmbd_work *work) int ret = 1;

if (list_empty(&work->request_entry) && - list_empty(&work->async_request_entry)) + list_empty(&work->async_request_entry)) return 0;

atomic_dec(&conn->req_running); @@ -201,10 +201,9 @@ int ksmbd_conn_write(struct ksmbd_work *work) return 0; }

-int ksmbd_conn_rdma_read(struct ksmbd_conn *conn, - void *buf, unsigned int buflen, - u32 remote_key, u64 remote_offset, - u32 remote_len) +int ksmbd_conn_rdma_read(struct ksmbd_conn *conn, void *buf, + unsigned int buflen, u32 remote_key, u64 remote_offset, + u32 remote_len) { int ret = -EINVAL;

@@ -216,10 +215,9 @@ int ksmbd_conn_rdma_read(struct ksmbd_conn *conn, return ret; }

-int ksmbd_conn_rdma_write(struct ksmbd_conn *conn, - void *buf, unsigned int buflen, - u32 remote_key, u64 remote_offset, - u32 remote_len) +int ksmbd_conn_rdma_write(struct ksmbd_conn *conn, void *buf, + unsigned int buflen, u32 remote_key, u64 remote_offset, + u32 remote_len) { int ret = -EINVAL;

@@ -251,7 +249,7 @@ bool ksmbd_conn_alive(struct ksmbd_conn *conn) * zero. */ if (server_conf.deadtime > 0 && - time_after(jiffies, conn->last_active + server_conf.deadtime)) { + time_after(jiffies, conn->last_active + server_conf.deadtime)) { ksmbd_debug(CONN, "No response from client in %lu minutes\n", server_conf.deadtime / SMB_ECHO_INTERVAL); return false; @@ -393,14 +391,13 @@ static void stop_sessions(void) task = conn->transport->handler; if (task) ksmbd_debug(CONN, "Stop session handler %s/%d\n", - task->comm, - task_pid_nr(task)); + task->comm, task_pid_nr(task)); conn->status = KSMBD_SESS_EXITING; } read_unlock(&conn_list_lock);

if (!list_empty(&conn_list)) { - schedule_timeout_interruptible(HZ/10); /* 100ms */ + schedule_timeout_interruptible(HZ / 10); /* 100ms */ goto again; } } diff --git a/fs/cifsd/connection.h b/fs/cifsd/connection.h index 179fb9278999..021dada3d76d 100644 --- a/fs/cifsd/connection.h +++ b/fs/cifsd/connection.h @@ -116,17 +116,15 @@ struct ksmbd_conn_ops { struct ksmbd_transport_ops { int (*prepare)(struct ksmbd_transport *t); void (*disconnect)(struct ksmbd_transport *t); - int (*read)(struct ksmbd_transport *t, - char *buf, unsigned int size); - int (*writev)(struct ksmbd_transport *t, - struct kvec *iovs, int niov, int size, - bool need_invalidate_rkey, unsigned int remote_key); - int (*rdma_read)(struct ksmbd_transport *t, - void *buf, unsigned int len, u32 remote_key, - u64 remote_offset, u32 remote_len); - int (*rdma_write)(struct ksmbd_transport *t, - void *buf, unsigned int len, u32 remote_key, - u64 remote_offset, u32 remote_len); + int (*read)(struct ksmbd_transport *t, char *buf, unsigned int size); + int (*writev)(struct ksmbd_transport *t, struct kvec *iovs, int niov, + int size, bool need_invalidate_rkey, + unsigned int remote_key); + int (*rdma_read)(struct ksmbd_transport *t, void *buf, unsigned int len, + u32 remote_key, u64 remote_offset, u32 remote_len); + int (*rdma_write)(struct ksmbd_transport *t, void *buf, + unsigned int len, u32 remote_key, u64 remote_offset, + u32 remote_len); };

struct ksmbd_transport { @@ -146,14 +144,12 @@ struct ksmbd_conn *ksmbd_conn_alloc(void); void ksmbd_conn_free(struct ksmbd_conn *conn); bool ksmbd_conn_lookup_dialect(struct ksmbd_conn *c); int ksmbd_conn_write(struct ksmbd_work *work); -int ksmbd_conn_rdma_read(struct ksmbd_conn *conn, - void *buf, unsigned int buflen, - u32 remote_key, u64 remote_offset, - u32 remote_len); -int ksmbd_conn_rdma_write(struct ksmbd_conn *conn, - void *buf, unsigned int buflen, - u32 remote_key, u64 remote_offset, - u32 remote_len); +int ksmbd_conn_rdma_read(struct ksmbd_conn *conn, void *buf, + unsigned int buflen, u32 remote_key, u64 remote_offset, + u32 remote_len); +int ksmbd_conn_rdma_write(struct ksmbd_conn *conn, void *buf, + unsigned int buflen, u32 remote_key, u64 remote_offset, + u32 remote_len);

void ksmbd_conn_enqueue_request(struct ksmbd_work *work); int ksmbd_conn_try_dequeue_request(struct ksmbd_work *work); diff --git a/fs/cifsd/glob.h b/fs/cifsd/glob.h index 2dc3f603e837..27500afbeaf5 100644 --- a/fs/cifsd/glob.h +++ b/fs/cifsd/glob.h @@ -24,13 +24,13 @@ extern int ksmbd_caseless_search; #define DATA_STREAM 1 #define DIR_STREAM 2

-#define KSMBD_DEBUG_SMB (1 << 0) -#define KSMBD_DEBUG_AUTH (1 << 1) -#define KSMBD_DEBUG_VFS (1 << 2) -#define KSMBD_DEBUG_OPLOCK (1 << 3) -#define KSMBD_DEBUG_IPC (1 << 4) -#define KSMBD_DEBUG_CONN (1 << 5) -#define KSMBD_DEBUG_RDMA (1 << 6) +#define KSMBD_DEBUG_SMB BIT(0) +#define KSMBD_DEBUG_AUTH BIT(1) +#define KSMBD_DEBUG_VFS BIT(2) +#define KSMBD_DEBUG_OPLOCK BIT(3) +#define KSMBD_DEBUG_IPC BIT(4) +#define KSMBD_DEBUG_CONN BIT(5) +#define KSMBD_DEBUG_RDMA BIT(6) #define KSMBD_DEBUG_ALL (KSMBD_DEBUG_SMB | KSMBD_DEBUG_AUTH | \ KSMBD_DEBUG_VFS | KSMBD_DEBUG_OPLOCK | \ KSMBD_DEBUG_IPC | KSMBD_DEBUG_CONN | \ diff --git a/fs/cifsd/ksmbd_server.h b/fs/cifsd/ksmbd_server.h index 01eaf9ec4fde..c5181a2702ff 100644 --- a/fs/cifsd/ksmbd_server.h +++ b/fs/cifsd/ksmbd_server.h @@ -29,11 +29,11 @@ struct ksmbd_heartbeat { * Global config flags. */ #define KSMBD_GLOBAL_FLAG_INVALID (0) -#define KSMBD_GLOBAL_FLAG_SMB2_LEASES (1 << 0) -#define KSMBD_GLOBAL_FLAG_CACHE_TBUF (1 << 1) -#define KSMBD_GLOBAL_FLAG_CACHE_RBUF (1 << 2) -#define KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION (1 << 3) -#define KSMBD_GLOBAL_FLAG_DURABLE_HANDLE (1 << 4) +#define KSMBD_GLOBAL_FLAG_SMB2_LEASES BIT(0) +#define KSMBD_GLOBAL_FLAG_CACHE_TBUF BIT(1) +#define KSMBD_GLOBAL_FLAG_CACHE_RBUF BIT(2) +#define KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION BIT(3) +#define KSMBD_GLOBAL_FLAG_DURABLE_HANDLE BIT(4)

struct ksmbd_startup_request { __u32 flags; @@ -204,66 +204,66 @@ enum KSMBD_TREE_CONN_STATUS { * User config flags. */ #define KSMBD_USER_FLAG_INVALID (0) -#define KSMBD_USER_FLAG_OK (1 << 0) -#define KSMBD_USER_FLAG_BAD_PASSWORD (1 << 1) -#define KSMBD_USER_FLAG_BAD_UID (1 << 2) -#define KSMBD_USER_FLAG_BAD_USER (1 << 3) -#define KSMBD_USER_FLAG_GUEST_ACCOUNT (1 << 4) +#define KSMBD_USER_FLAG_OK BIT(0) +#define KSMBD_USER_FLAG_BAD_PASSWORD BIT(1) +#define KSMBD_USER_FLAG_BAD_UID BIT(2) +#define KSMBD_USER_FLAG_BAD_USER BIT(3) +#define KSMBD_USER_FLAG_GUEST_ACCOUNT BIT(4)

/* * Share config flags. */ #define KSMBD_SHARE_FLAG_INVALID (0) -#define KSMBD_SHARE_FLAG_AVAILABLE (1 << 0) -#define KSMBD_SHARE_FLAG_BROWSEABLE (1 << 1) -#define KSMBD_SHARE_FLAG_WRITEABLE (1 << 2) -#define KSMBD_SHARE_FLAG_READONLY (1 << 3) -#define KSMBD_SHARE_FLAG_GUEST_OK (1 << 4) -#define KSMBD_SHARE_FLAG_GUEST_ONLY (1 << 5) -#define KSMBD_SHARE_FLAG_STORE_DOS_ATTRS (1 << 6) -#define KSMBD_SHARE_FLAG_OPLOCKS (1 << 7) -#define KSMBD_SHARE_FLAG_PIPE (1 << 8) -#define KSMBD_SHARE_FLAG_HIDE_DOT_FILES (1 << 9) -#define KSMBD_SHARE_FLAG_INHERIT_SMACK (1 << 10) -#define KSMBD_SHARE_FLAG_INHERIT_OWNER (1 << 11) -#define KSMBD_SHARE_FLAG_STREAMS (1 << 12) -#define KSMBD_SHARE_FLAG_FOLLOW_SYMLINKS (1 << 13) -#define KSMBD_SHARE_FLAG_ACL_XATTR (1 << 14) +#define KSMBD_SHARE_FLAG_AVAILABLE BIT(0) +#define KSMBD_SHARE_FLAG_BROWSEABLE BIT(1) +#define KSMBD_SHARE_FLAG_WRITEABLE BIT(2) +#define KSMBD_SHARE_FLAG_READONLY BIT(3) +#define KSMBD_SHARE_FLAG_GUEST_OK BIT(4) +#define KSMBD_SHARE_FLAG_GUEST_ONLY BIT(5) +#define KSMBD_SHARE_FLAG_STORE_DOS_ATTRS BIT(6) +#define KSMBD_SHARE_FLAG_OPLOCKS BIT(7) +#define KSMBD_SHARE_FLAG_PIPE BIT(8) +#define KSMBD_SHARE_FLAG_HIDE_DOT_FILES BIT(9) +#define KSMBD_SHARE_FLAG_INHERIT_SMACK BIT(10) +#define KSMBD_SHARE_FLAG_INHERIT_OWNER BIT(11) +#define KSMBD_SHARE_FLAG_STREAMS BIT(12) +#define KSMBD_SHARE_FLAG_FOLLOW_SYMLINKS BIT(13) +#define KSMBD_SHARE_FLAG_ACL_XATTR BIT(14)

/* * Tree connect request flags. */ #define KSMBD_TREE_CONN_FLAG_REQUEST_SMB1 (0) -#define KSMBD_TREE_CONN_FLAG_REQUEST_IPV6 (1 << 0) -#define KSMBD_TREE_CONN_FLAG_REQUEST_SMB2 (1 << 1) +#define KSMBD_TREE_CONN_FLAG_REQUEST_IPV6 BIT(0) +#define KSMBD_TREE_CONN_FLAG_REQUEST_SMB2 BIT(1)

/* * Tree connect flags. */ -#define KSMBD_TREE_CONN_FLAG_GUEST_ACCOUNT (1 << 0) -#define KSMBD_TREE_CONN_FLAG_READ_ONLY (1 << 1) -#define KSMBD_TREE_CONN_FLAG_WRITABLE (1 << 2) -#define KSMBD_TREE_CONN_FLAG_ADMIN_ACCOUNT (1 << 3) +#define KSMBD_TREE_CONN_FLAG_GUEST_ACCOUNT BIT(0) +#define KSMBD_TREE_CONN_FLAG_READ_ONLY BIT(1) +#define KSMBD_TREE_CONN_FLAG_WRITABLE BIT(2) +#define KSMBD_TREE_CONN_FLAG_ADMIN_ACCOUNT BIT(3)

/* * RPC over IPC. */ -#define KSMBD_RPC_METHOD_RETURN (1 << 0) -#define KSMBD_RPC_SRVSVC_METHOD_INVOKE (1 << 1) -#define KSMBD_RPC_SRVSVC_METHOD_RETURN ((1 << 1) | KSMBD_RPC_METHOD_RETURN) -#define KSMBD_RPC_WKSSVC_METHOD_INVOKE (1 << 2) -#define KSMBD_RPC_WKSSVC_METHOD_RETURN ((1 << 2) | KSMBD_RPC_METHOD_RETURN) -#define KSMBD_RPC_IOCTL_METHOD ((1 << 3) | KSMBD_RPC_METHOD_RETURN) -#define KSMBD_RPC_OPEN_METHOD (1 << 4) -#define KSMBD_RPC_WRITE_METHOD (1 << 5) -#define KSMBD_RPC_READ_METHOD ((1 << 6) | KSMBD_RPC_METHOD_RETURN) -#define KSMBD_RPC_CLOSE_METHOD (1 << 7) -#define KSMBD_RPC_RAP_METHOD ((1 << 8) | KSMBD_RPC_METHOD_RETURN) -#define KSMBD_RPC_RESTRICTED_CONTEXT (1 << 9) -#define KSMBD_RPC_SAMR_METHOD_INVOKE (1 << 10) -#define KSMBD_RPC_SAMR_METHOD_RETURN ((1 << 10) | KSMBD_RPC_METHOD_RETURN) -#define KSMBD_RPC_LSARPC_METHOD_INVOKE (1 << 11) -#define KSMBD_RPC_LSARPC_METHOD_RETURN ((1 << 11) | KSMBD_RPC_METHOD_RETURN) +#define KSMBD_RPC_METHOD_RETURN BIT(0) +#define KSMBD_RPC_SRVSVC_METHOD_INVOKE BIT(1) +#define KSMBD_RPC_SRVSVC_METHOD_RETURN (KSMBD_RPC_SRVSVC_METHOD_INVOKE | KSMBD_RPC_METHOD_RETURN) +#define KSMBD_RPC_WKSSVC_METHOD_INVOKE BIT(2) +#define KSMBD_RPC_WKSSVC_METHOD_RETURN (KSMBD_RPC_WKSSVC_METHOD_INVOKE | KSMBD_RPC_METHOD_RETURN) +#define KSMBD_RPC_IOCTL_METHOD (BIT(3) | KSMBD_RPC_METHOD_RETURN) +#define KSMBD_RPC_OPEN_METHOD BIT(4) +#define KSMBD_RPC_WRITE_METHOD BIT(5) +#define KSMBD_RPC_READ_METHOD (BIT(6) | KSMBD_RPC_METHOD_RETURN) +#define KSMBD_RPC_CLOSE_METHOD BIT(7) +#define KSMBD_RPC_RAP_METHOD (BIT(8) | KSMBD_RPC_METHOD_RETURN) +#define KSMBD_RPC_RESTRICTED_CONTEXT BIT(9) +#define KSMBD_RPC_SAMR_METHOD_INVOKE BIT(10) +#define KSMBD_RPC_SAMR_METHOD_RETURN (KSMBD_RPC_SAMR_METHOD_INVOKE | KSMBD_RPC_METHOD_RETURN) +#define KSMBD_RPC_LSARPC_METHOD_INVOKE BIT(11) +#define KSMBD_RPC_LSARPC_METHOD_RETURN (KSMBD_RPC_LSARPC_METHOD_INVOKE | KSMBD_RPC_METHOD_RETURN)

#define KSMBD_RPC_OK 0 #define KSMBD_RPC_EBAD_FUNC 0x00000001 diff --git a/fs/cifsd/mgmt/user_session.h b/fs/cifsd/mgmt/user_session.h index 0a6eb21647ab..68018f0f5c0b 100644 --- a/fs/cifsd/mgmt/user_session.h +++ b/fs/cifsd/mgmt/user_session.h @@ -26,12 +26,12 @@ struct channel {

struct preauth_session { __u8 Preauth_HashValue[PREAUTH_HASHVALUE_SIZE]; - uint64_t sess_id; + u64 sess_id; struct list_head list_entry; };

struct ksmbd_session { - uint64_t id; + u64 id;

struct ksmbd_user *user; struct ksmbd_conn *conn; diff --git a/fs/cifsd/misc.c b/fs/cifsd/misc.c index 189b90414976..b6f3f0818217 100644 --- a/fs/cifsd/misc.c +++ b/fs/cifsd/misc.c @@ -78,9 +78,9 @@ static inline int is_char_allowed(char ch) { /* check for control chars, wildcards etc. */ if (!(ch & 0x80) && - (ch <= 0x1f || - ch == '?' || ch == '"' || ch == '<' || - ch == '>' || ch == '|' || ch == '*')) + (ch <= 0x1f || + ch == '?' || ch == '"' || ch == '<' || + ch == '>' || ch == '|' || ch == '*')) return 0;

return 1; @@ -268,8 +268,7 @@ char *convert_to_unix_name(struct ksmbd_share_config *share, char *name) }

char *ksmbd_convert_dir_info_name(struct ksmbd_dir_info *d_info, - const struct nls_table *local_nls, - int *conv_len) + const struct nls_table *local_nls, int *conv_len) { char *conv; int sz = min(4 * d_info->name_len, PATH_MAX); diff --git a/fs/cifsd/ndr.c b/fs/cifsd/ndr.c index aa0cb8fc555d..1838fc2b1d7c 100644 --- a/fs/cifsd/ndr.c +++ b/fs/cifsd/ndr.c @@ -159,8 +159,9 @@ int ndr_encode_dos_attr(struct ndr *n, struct xattr_dos_attrib *da) ndr_write_int32(n, da->ea_size); ndr_write_int64(n, da->size); ndr_write_int64(n, da->alloc_size); - } else + } else { ndr_write_int64(n, da->itime); + } ndr_write_int64(n, da->create_time); if (da->version == 3) ndr_write_int64(n, da->change_time); @@ -248,15 +249,17 @@ int ndr_encode_posix_acl(struct ndr *n, struct inode *inode, /* ACL ACCESS */ ndr_write_int32(n, ref_id); ref_id += 4; - } else + } else { ndr_write_int32(n, 0); + }

if (def_acl) { /* DEFAULT ACL ACCESS */ ndr_write_int32(n, ref_id); ref_id += 4; - } else + } else { ndr_write_int32(n, 0); + }

ndr_write_int64(n, from_kuid(&init_user_ns, inode->i_uid)); ndr_write_int64(n, from_kgid(&init_user_ns, inode->i_gid)); diff --git a/fs/cifsd/netmisc.c b/fs/cifsd/netmisc.c index 6f7dd78348a3..55393667abcc 100644 --- a/fs/cifsd/netmisc.c +++ b/fs/cifsd/netmisc.c @@ -1,7 +1,5 @@ // SPDX-License-Identifier: GPL-2.0-or-later /* - * fs/ksmbd/netmisc.c - * * Copyright (c) International Business Machines Corp., 2002,2008 * Author(s): Steve French (sfrench@us.ibm.com) * diff --git a/fs/cifsd/oplock.c b/fs/cifsd/oplock.c index d76aa47e19e4..8e072c3e7b89 100644 --- a/fs/cifsd/oplock.c +++ b/fs/cifsd/oplock.c @@ -29,7 +29,7 @@ static DEFINE_RWLOCK(lease_list_lock); * Return: allocated opinfo object on success, otherwise NULL */ static struct oplock_info *alloc_opinfo(struct ksmbd_work *work, - uint64_t id, __u16 Tid) + u64 id, __u16 Tid) { struct ksmbd_session *sess = work->sess; struct oplock_info *opinfo; @@ -89,8 +89,7 @@ static void lb_add(struct lease_table *lb) write_unlock(&lease_list_lock); }

-static int alloc_lease(struct oplock_info *opinfo, - struct lease_ctx_info *lctx) +static int alloc_lease(struct oplock_info *opinfo, struct lease_ctx_info *lctx) { struct lease *lease;

@@ -227,8 +226,8 @@ int opinfo_write_to_read(struct oplock_info *opinfo) { struct lease *lease = opinfo->o_lease;

- if (!((opinfo->level == SMB2_OPLOCK_LEVEL_BATCH) || - (opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE))) { + if (!(opinfo->level == SMB2_OPLOCK_LEVEL_BATCH || + opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE)) { ksmbd_err("bad oplock(0x%x)\n", opinfo->level); if (opinfo->is_lease) ksmbd_err("lease state(0x%x)\n", lease->state); @@ -266,8 +265,8 @@ int opinfo_write_to_none(struct oplock_info *opinfo) { struct lease *lease = opinfo->o_lease;

- if (!((opinfo->level == SMB2_OPLOCK_LEVEL_BATCH) || - (opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE))) { + if (!(opinfo->level == SMB2_OPLOCK_LEVEL_BATCH || + opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE)) { ksmbd_err("bad oplock(0x%x)\n", opinfo->level); if (opinfo->is_lease) ksmbd_err("lease state(0x%x)\n", @@ -334,8 +333,7 @@ int lease_read_to_write(struct oplock_info *opinfo) * * Return: 0 on success, otherwise -EINVAL */ -static int lease_none_upgrade(struct oplock_info *opinfo, - __le32 new_state) +static int lease_none_upgrade(struct oplock_info *opinfo, __le32 new_state) { struct lease *lease = opinfo->o_lease;

@@ -401,7 +399,7 @@ void close_id_del_oplock(struct ksmbd_file *fp) * Return: 0 */ static void grant_write_oplock(struct oplock_info *opinfo_new, int req_oplock, - struct lease_ctx_info *lctx) + struct lease_ctx_info *lctx) { struct lease *lease = opinfo_new->o_lease;

@@ -425,7 +423,7 @@ static void grant_write_oplock(struct oplock_info *opinfo_new, int req_oplock, * Return: 0 */ static void grant_read_oplock(struct oplock_info *opinfo_new, - struct lease_ctx_info *lctx) + struct lease_ctx_info *lctx) { struct lease *lease = opinfo_new->o_lease;

@@ -448,7 +446,7 @@ static void grant_read_oplock(struct oplock_info *opinfo_new, * Return: 0 */ static void grant_none_oplock(struct oplock_info *opinfo_new, - struct lease_ctx_info *lctx) + struct lease_ctx_info *lctx) { struct lease *lease = opinfo_new->o_lease;

@@ -469,7 +467,7 @@ static inline int compare_guid_key(struct oplock_info *opinfo, guid2 = opinfo->conn->ClientGUID; key2 = opinfo->o_lease->lease_key; if (!memcmp(guid1, guid2, SMB2_CLIENT_GUID_SIZE) && - !memcmp(key1, key2, SMB2_LEASE_KEY_SIZE)) + !memcmp(key1, key2, SMB2_LEASE_KEY_SIZE)) return 1;

return 0; @@ -485,7 +483,7 @@ static inline int compare_guid_key(struct oplock_info *opinfo, * Return: oplock(lease) object on success, otherwise NULL */ static struct oplock_info *same_client_has_lease(struct ksmbd_inode *ci, - char *client_guid, struct lease_ctx_info *lctx) + char *client_guid, struct lease_ctx_info *lctx) { int ret; struct lease *lease; @@ -649,13 +647,12 @@ static void __smb2_oplock_break_noti(struct work_struct *wk) rsp_hdr->SessionId = 0; memset(rsp_hdr->Signature, 0, 16);

- rsp = work->response_buf;

rsp->StructureSize = cpu_to_le16(24); if (!br_info->open_trunc && - (br_info->level == SMB2_OPLOCK_LEVEL_BATCH || - br_info->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE)) + (br_info->level == SMB2_OPLOCK_LEVEL_BATCH || + br_info->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE)) rsp->OplockLevel = SMB2_OPLOCK_LEVEL_II; else rsp->OplockLevel = SMB2_OPLOCK_LEVEL_NONE; @@ -845,10 +842,8 @@ static void wait_lease_breaking(struct oplock_info *opinfo) if (atomic_read(&opinfo->breaking_cnt)) { int ret = 0;

- ret = wait_event_interruptible_timeout( - opinfo->oplock_brk, - atomic_read(&opinfo->breaking_cnt) == 0, - HZ); + ret = wait_event_interruptible_timeout(opinfo->oplock_brk, + atomic_read(&opinfo->breaking_cnt) == 0, HZ); if (!ret) atomic_set(&opinfo->breaking_cnt, 0); } @@ -907,7 +902,7 @@ static int oplock_break(struct oplock_info *brk_opinfo, int req_op_level) return err < 0 ? err : 0;

if (brk_opinfo->level == SMB2_OPLOCK_LEVEL_BATCH || - brk_opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE) + brk_opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE) brk_opinfo->op_state = OPLOCK_ACK_WAIT; }

@@ -939,7 +934,7 @@ void destroy_lease_table(struct ksmbd_conn *conn)

list_for_each_entry_safe(lb, lbtmp, &lease_table_list, l_entry) { if (conn && memcmp(lb->client_guid, conn->ClientGUID, - SMB2_CLIENT_GUID_SIZE)) + SMB2_CLIENT_GUID_SIZE)) continue; again: rcu_read_lock(); @@ -974,7 +969,7 @@ int find_same_lease_key(struct ksmbd_session *sess, struct ksmbd_inode *ci,

list_for_each_entry(lb, &lease_table_list, l_entry) { if (!memcmp(lb->client_guid, sess->conn->ClientGUID, - SMB2_CLIENT_GUID_SIZE)) + SMB2_CLIENT_GUID_SIZE)) goto found; } read_unlock(&lease_list_lock); @@ -1031,7 +1026,7 @@ static int add_lease_global_list(struct oplock_info *opinfo) read_lock(&lease_list_lock); list_for_each_entry(lb, &lease_table_list, l_entry) { if (!memcmp(lb->client_guid, opinfo->conn->ClientGUID, - SMB2_CLIENT_GUID_SIZE)) { + SMB2_CLIENT_GUID_SIZE)) { opinfo->o_lease->l_lb = lb; lease_add_list(opinfo); read_unlock(&lease_list_lock); @@ -1055,13 +1050,12 @@ static int add_lease_global_list(struct oplock_info *opinfo) }

static void set_oplock_level(struct oplock_info *opinfo, int level, - struct lease_ctx_info *lctx) + struct lease_ctx_info *lctx) { switch (level) { case SMB2_OPLOCK_LEVEL_BATCH: case SMB2_OPLOCK_LEVEL_EXCLUSIVE: - grant_write_oplock(opinfo, - level, lctx); + grant_write_oplock(opinfo, level, lctx); break; case SMB2_OPLOCK_LEVEL_II: grant_read_oplock(opinfo, lctx); @@ -1084,13 +1078,9 @@ static void set_oplock_level(struct oplock_info *opinfo, int level, * * Return: 0 on success, otherwise error */ -int smb_grant_oplock(struct ksmbd_work *work, - int req_op_level, - uint64_t pid, - struct ksmbd_file *fp, - __u16 tid, - struct lease_ctx_info *lctx, - int share_ret) +int smb_grant_oplock(struct ksmbd_work *work, int req_op_level, u64 pid, + struct ksmbd_file *fp, __u16 tid, struct lease_ctx_info *lctx, + int share_ret) { struct ksmbd_session *sess = work->sess; int err = 0; @@ -1150,14 +1140,14 @@ int smb_grant_oplock(struct ksmbd_work *work, prev_op_state = prev_opinfo->o_lease->state;

if (share_ret < 0 && - (prev_opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE)) { + prev_opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE) { err = share_ret; opinfo_put(prev_opinfo); goto err_out; }

- if ((prev_opinfo->level != SMB2_OPLOCK_LEVEL_BATCH) && - (prev_opinfo->level != SMB2_OPLOCK_LEVEL_EXCLUSIVE)) { + if (prev_opinfo->level != SMB2_OPLOCK_LEVEL_BATCH && + prev_opinfo->level != SMB2_OPLOCK_LEVEL_EXCLUSIVE) { opinfo_put(prev_opinfo); goto op_break_not_needed; } @@ -1218,7 +1208,7 @@ int smb_grant_oplock(struct ksmbd_work *work, * @is_trunc: truncate on open */ static void smb_break_all_write_oplock(struct ksmbd_work *work, - struct ksmbd_file *fp, int is_trunc) + struct ksmbd_file *fp, int is_trunc) { struct oplock_info *brk_opinfo;

@@ -1226,7 +1216,7 @@ static void smb_break_all_write_oplock(struct ksmbd_work *work, if (!brk_opinfo) return; if (brk_opinfo->level != SMB2_OPLOCK_LEVEL_BATCH && - brk_opinfo->level != SMB2_OPLOCK_LEVEL_EXCLUSIVE) { + brk_opinfo->level != SMB2_OPLOCK_LEVEL_EXCLUSIVE) { opinfo_put(brk_opinfo); return; } @@ -1244,17 +1234,16 @@ static void smb_break_all_write_oplock(struct ksmbd_work *work, * @fp: ksmbd file pointer * @is_trunc: truncate on open */ -void smb_break_all_levII_oplock(struct ksmbd_work *work, - struct ksmbd_file *fp, int is_trunc) +void smb_break_all_levII_oplock(struct ksmbd_work *work, struct ksmbd_file *fp, + int is_trunc) { struct oplock_info *op, *brk_op; struct ksmbd_inode *ci; struct ksmbd_conn *conn = work->sess->conn;

if (!test_share_config_flag(work->tcon->share_conf, - KSMBD_SHARE_FLAG_OPLOCKS)) { + KSMBD_SHARE_FLAG_OPLOCKS)) return; - }

ci = fp->f_ci; op = opinfo_get(fp); @@ -1283,13 +1272,11 @@ void smb_break_all_levII_oplock(struct ksmbd_work *work, atomic_read(&brk_op->breaking_cnt)) goto next;

- if (op && op->is_lease && - brk_op->is_lease && - !memcmp(conn->ClientGUID, brk_op->conn->ClientGUID, - SMB2_CLIENT_GUID_SIZE) && - !memcmp(op->o_lease->lease_key, - brk_op->o_lease->lease_key, - SMB2_LEASE_KEY_SIZE)) + if (op && op->is_lease && brk_op->is_lease && + !memcmp(conn->ClientGUID, brk_op->conn->ClientGUID, + SMB2_CLIENT_GUID_SIZE) && + !memcmp(op->o_lease->lease_key, brk_op->o_lease->lease_key, + SMB2_LEASE_KEY_SIZE)) goto next; brk_op->open_trunc = is_trunc; oplock_break(brk_op, SMB2_OPLOCK_LEVEL_NONE); @@ -1311,7 +1298,7 @@ void smb_break_all_levII_oplock(struct ksmbd_work *work, void smb_break_all_oplock(struct ksmbd_work *work, struct ksmbd_file *fp) { if (!test_share_config_flag(work->tcon->share_conf, - KSMBD_SHARE_FLAG_OPLOCKS)) + KSMBD_SHARE_FLAG_OPLOCKS)) return;

smb_break_all_write_oplock(work, fp, 1); @@ -1327,14 +1314,16 @@ void smb_break_all_oplock(struct ksmbd_work *work, struct ksmbd_file *fp) __u8 smb2_map_lease_to_oplock(__le32 lease_state) { if (lease_state == (SMB2_LEASE_HANDLE_CACHING_LE | - SMB2_LEASE_READ_CACHING_LE | SMB2_LEASE_WRITE_CACHING_LE)) + SMB2_LEASE_READ_CACHING_LE | + SMB2_LEASE_WRITE_CACHING_LE)) { return SMB2_OPLOCK_LEVEL_BATCH; - else if (lease_state != SMB2_LEASE_WRITE_CACHING_LE && - lease_state & SMB2_LEASE_WRITE_CACHING_LE) { + } else if (lease_state != SMB2_LEASE_WRITE_CACHING_LE && + lease_state & SMB2_LEASE_WRITE_CACHING_LE) { if (!(lease_state & SMB2_LEASE_HANDLE_CACHING_LE)) return SMB2_OPLOCK_LEVEL_EXCLUSIVE; - } else if (lease_state & SMB2_LEASE_READ_CACHING_LE) + } else if (lease_state & SMB2_LEASE_READ_CACHING_LE) { return SMB2_OPLOCK_LEVEL_II; + } return 0; }

@@ -1390,7 +1379,7 @@ struct lease_ctx_info *parse_lease_state(void *open_req) cc = (struct create_context *)((char *)cc + next); name = le16_to_cpu(cc->NameOffset) + (char *)cc; if (le16_to_cpu(cc->NameLength) != 4 || - strncmp(name, SMB2_CREATE_REQUEST_LEASE, 4)) { + strncmp(name, SMB2_CREATE_REQUEST_LEASE, 4)) { next = le32_to_cpu(cc->Next); continue; } @@ -1603,7 +1592,7 @@ void create_posix_rsp_buf(char *cc, struct ksmbd_file *fp) * Return: opinfo if found matching opinfo, otherwise NULL */ struct oplock_info *lookup_lease_in_table(struct ksmbd_conn *conn, - char *lease_key) + char *lease_key) { struct oplock_info *opinfo = NULL, *ret_op = NULL; struct lease_table *lt; @@ -1612,7 +1601,7 @@ struct oplock_info *lookup_lease_in_table(struct ksmbd_conn *conn, read_lock(&lease_list_lock); list_for_each_entry(lt, &lease_table_list, l_entry) { if (!memcmp(lt->client_guid, conn->ClientGUID, - SMB2_CLIENT_GUID_SIZE)) + SMB2_CLIENT_GUID_SIZE)) goto found; }

@@ -1625,12 +1614,11 @@ struct oplock_info *lookup_lease_in_table(struct ksmbd_conn *conn, if (!atomic_inc_not_zero(&opinfo->refcount)) continue; rcu_read_unlock(); - if (!opinfo->op_state || - opinfo->op_state == OPLOCK_CLOSING) + if (!opinfo->op_state || opinfo->op_state == OPLOCK_CLOSING) goto op_next; if (!(opinfo->o_lease->state & - (SMB2_LEASE_HANDLE_CACHING_LE | - SMB2_LEASE_WRITE_CACHING_LE))) + (SMB2_LEASE_HANDLE_CACHING_LE | + SMB2_LEASE_WRITE_CACHING_LE))) goto op_next; ret = compare_guid_key(opinfo, conn->ClientGUID, lease_key); @@ -1651,7 +1639,7 @@ struct oplock_info *lookup_lease_in_table(struct ksmbd_conn *conn, }

int smb2_check_durable_oplock(struct ksmbd_file *fp, - struct lease_ctx_info *lctx, char *name) + struct lease_ctx_info *lctx, char *name) { struct oplock_info *opinfo = opinfo_get(fp); int ret = 0; @@ -1663,7 +1651,7 @@ int smb2_check_durable_oplock(struct ksmbd_file *fp, goto out; } if (memcmp(opinfo->o_lease->lease_key, lctx->lease_key, - SMB2_LEASE_KEY_SIZE)) { + SMB2_LEASE_KEY_SIZE)) { ksmbd_err("invalid lease key\n"); ret = -EBADF; goto out; diff --git a/fs/cifsd/oplock.h b/fs/cifsd/oplock.h index b0e2e795f29a..5b6615f99c76 100644 --- a/fs/cifsd/oplock.h +++ b/fs/cifsd/oplock.h @@ -9,7 +9,7 @@

#include "smb_common.h"

-#define OPLOCK_WAIT_TIME (35*HZ) +#define OPLOCK_WAIT_TIME (35 * HZ)

/* SMB Oplock levels */ #define OPLOCK_NONE 0 @@ -68,7 +68,7 @@ struct oplock_info { int level; int op_state; unsigned long pending_break; - uint64_t fid; + u64 fid; atomic_t breaking_cnt; atomic_t refcount; __u16 Tid; @@ -95,11 +95,11 @@ struct oplock_break_info { int fid; };

-extern int smb_grant_oplock(struct ksmbd_work *work, int req_op_level, - uint64_t pid, struct ksmbd_file *fp, __u16 tid, +int smb_grant_oplock(struct ksmbd_work *work, int req_op_level, + u64 pid, struct ksmbd_file *fp, __u16 tid, struct lease_ctx_info *lctx, int share_ret); -extern void smb_break_all_levII_oplock(struct ksmbd_work *work, - struct ksmbd_file *fp, int is_trunc); +void smb_break_all_levII_oplock(struct ksmbd_work *work, + struct ksmbd_file *fp, int is_trunc);

int opinfo_write_to_read(struct oplock_info *opinfo); int opinfo_read_handle_to_read(struct oplock_info *opinfo); @@ -124,15 +124,13 @@ void create_disk_id_rsp_buf(char *cc, __u64 file_id, __u64 vol_id); void create_posix_rsp_buf(char *cc, struct ksmbd_file *fp); struct create_context *smb2_find_context_vals(void *open_req, const char *str); int ksmbd_durable_verify_and_del_oplock(struct ksmbd_session *curr_sess, - struct ksmbd_session *prev_sess, - int fid, struct file **filp, - uint64_t sess_id); + struct ksmbd_session *prev_sess, int fid, struct file **filp, + u64 sess_id); struct oplock_info *lookup_lease_in_table(struct ksmbd_conn *conn, - char *lease_key); + char *lease_key); int find_same_lease_key(struct ksmbd_session *sess, struct ksmbd_inode *ci, - struct lease_ctx_info *lctx); + struct lease_ctx_info *lctx); void destroy_lease_table(struct ksmbd_conn *conn); int smb2_check_durable_oplock(struct ksmbd_file *fp, - struct lease_ctx_info *lctx, char *name); - + struct lease_ctx_info *lctx, char *name); #endif /* __KSMBD_OPLOCK_H */ diff --git a/fs/cifsd/server.c b/fs/cifsd/server.c index 80f5229da3ac..04f959a88a1a 100644 --- a/fs/cifsd/server.c +++ b/fs/cifsd/server.c @@ -105,9 +105,8 @@ static inline int check_conn_state(struct ksmbd_work *work) #define TCP_HANDLER_CONTINUE 0 #define TCP_HANDLER_ABORT 1

-static int __process_request(struct ksmbd_work *work, - struct ksmbd_conn *conn, - uint16_t *cmd) +static int __process_request(struct ksmbd_work *work, struct ksmbd_conn *conn, + uint16_t *cmd) { struct smb_version_cmds *cmds; uint16_t command; @@ -160,16 +159,16 @@ static int __process_request(struct ksmbd_work *work, }

static void __handle_ksmbd_work(struct ksmbd_work *work, - struct ksmbd_conn *conn) + struct ksmbd_conn *conn) { - uint16_t command = 0; + u16 command = 0; int rc;

if (conn->ops->allocate_rsp_buf(work)) return;

if (conn->ops->is_transform_hdr && - conn->ops->is_transform_hdr(work->request_buf)) { + conn->ops->is_transform_hdr(work->request_buf)) { rc = conn->ops->decrypt_req(work); if (rc < 0) { conn->ops->set_rsp_status(work, STATUS_DATA_ERROR); @@ -224,7 +223,7 @@ static void __handle_ksmbd_work(struct ksmbd_work *work, }

if (work->sess && (work->sess->sign || - smb3_11_final_sess_setup_resp(work) || + smb3_11_final_sess_setup_resp(work) || conn->ops->is_sign_req(work, command))) conn->ops->set_sign_rsp(work); } while (is_chained_smb2_message(work)); @@ -235,7 +234,7 @@ static void __handle_ksmbd_work(struct ksmbd_work *work, send: smb3_preauth_hash_rsp(work); if (work->sess && work->sess->enc && work->encrypted && - conn->ops->encrypt_resp) { + conn->ops->encrypt_resp) { rc = conn->ops->encrypt_resp(work); if (rc < 0) { conn->ops->set_rsp_status(work, STATUS_DATA_ERROR); @@ -416,9 +415,8 @@ int server_queue_ctrl_reset_work(void) return __queue_ctrl_work(SERVER_CTRL_TYPE_RESET); }

-static ssize_t stats_show(struct class *class, - struct class_attribute *attr, - char *buf) +static ssize_t stats_show(struct class *class, struct class_attribute *attr, + char *buf) { /* * Inc this each time you change stats output format, @@ -443,9 +441,8 @@ static ssize_t stats_show(struct class *class, }

static ssize_t kill_server_store(struct class *class, - struct class_attribute *attr, - const char *buf, - size_t len) + struct class_attribute *attr, const char *buf, + size_t len) { if (!sysfs_streq(buf, "hard")) return len; @@ -464,8 +461,7 @@ static const char * const debug_type_strings[] = {"smb", "auth", "vfs", "oplock", "ipc", "conn", "rdma"};

-static ssize_t debug_show(struct class *class, - struct class_attribute *attr, +static ssize_t debug_show(struct class *class, struct class_attribute *attr, char *buf) { ssize_t sz = 0; @@ -484,16 +480,13 @@ static ssize_t debug_show(struct class *class, debug_type_strings[i]); } sz += pos; - } sz += scnprintf(buf + sz, PAGE_SIZE - sz, "\n"); return sz; }

-static ssize_t debug_store(struct class *class, - struct class_attribute *attr, - const char *buf, - size_t len) +static ssize_t debug_store(struct class *class, struct class_attribute *attr, + const char *buf, size_t len) { int i;

diff --git a/fs/cifsd/smb2misc.c b/fs/cifsd/smb2misc.c index e6b87d9d33ed..5a50c4ec43f2 100644 --- a/fs/cifsd/smb2misc.c +++ b/fs/cifsd/smb2misc.c @@ -90,8 +90,7 @@ static char *smb2_get_data_area_len(int *off, int *len, struct smb2_hdr *hdr)

/* error reqeusts do not have data area */ if (hdr->Status && hdr->Status != STATUS_MORE_PROCESSING_REQUIRED && - (((struct smb2_err_rsp *)hdr)->StructureSize) == - SMB2_ERROR_STRUCTURE_SIZE2_LE) + (((struct smb2_err_rsp *)hdr)->StructureSize) == SMB2_ERROR_STRUCTURE_SIZE2_LE) return NULL;

/* @@ -101,16 +100,12 @@ static char *smb2_get_data_area_len(int *off, int *len, struct smb2_hdr *hdr) */ switch (hdr->Command) { case SMB2_SESSION_SETUP: - *off = le16_to_cpu( - ((struct smb2_sess_setup_req *)hdr)->SecurityBufferOffset); - *len = le16_to_cpu( - ((struct smb2_sess_setup_req *)hdr)->SecurityBufferLength); + *off = le16_to_cpu(((struct smb2_sess_setup_req *)hdr)->SecurityBufferOffset); + *len = le16_to_cpu(((struct smb2_sess_setup_req *)hdr)->SecurityBufferLength); break; case SMB2_TREE_CONNECT: - *off = le16_to_cpu( - ((struct smb2_tree_connect_req *)hdr)->PathOffset); - *len = le16_to_cpu( - ((struct smb2_tree_connect_req *)hdr)->PathLength); + *off = le16_to_cpu(((struct smb2_tree_connect_req *)hdr)->PathOffset); + *len = le16_to_cpu(((struct smb2_tree_connect_req *)hdr)->PathLength); break; case SMB2_CREATE: { @@ -122,49 +117,35 @@ static char *smb2_get_data_area_len(int *off, int *len, struct smb2_hdr *hdr) break; }

- *off = le16_to_cpu( - ((struct smb2_create_req *)hdr)->NameOffset); - *len = le16_to_cpu( - ((struct smb2_create_req *)hdr)->NameLength); + *off = le16_to_cpu(((struct smb2_create_req *)hdr)->NameOffset); + *len = le16_to_cpu(((struct smb2_create_req *)hdr)->NameLength); break; } case SMB2_QUERY_INFO: - *off = le16_to_cpu( - ((struct smb2_query_info_req *)hdr)->InputBufferOffset); - *len = le32_to_cpu( - ((struct smb2_query_info_req *)hdr)->InputBufferLength); + *off = le16_to_cpu(((struct smb2_query_info_req *)hdr)->InputBufferOffset); + *len = le32_to_cpu(((struct smb2_query_info_req *)hdr)->InputBufferLength); break; case SMB2_SET_INFO: - *off = le16_to_cpu( - ((struct smb2_set_info_req *)hdr)->BufferOffset); - *len = le32_to_cpu( - ((struct smb2_set_info_req *)hdr)->BufferLength); + *off = le16_to_cpu(((struct smb2_set_info_req *)hdr)->BufferOffset); + *len = le32_to_cpu(((struct smb2_set_info_req *)hdr)->BufferLength); break; case SMB2_READ: - *off = le16_to_cpu( - ((struct smb2_read_req *)hdr)->ReadChannelInfoOffset); - *len = le16_to_cpu( - ((struct smb2_read_req *)hdr)->ReadChannelInfoLength); + *off = le16_to_cpu(((struct smb2_read_req *)hdr)->ReadChannelInfoOffset); + *len = le16_to_cpu(((struct smb2_read_req *)hdr)->ReadChannelInfoLength); break; case SMB2_WRITE: if (((struct smb2_write_req *)hdr)->DataOffset) { - *off = le16_to_cpu( - ((struct smb2_write_req *)hdr)->DataOffset); - *len = le32_to_cpu( - ((struct smb2_write_req *)hdr)->Length); + *off = le16_to_cpu(((struct smb2_write_req *)hdr)->DataOffset); + *len = le32_to_cpu(((struct smb2_write_req *)hdr)->Length); break; }

- *off = le16_to_cpu( - ((struct smb2_write_req *)hdr)->WriteChannelInfoOffset); - *len = le16_to_cpu( - ((struct smb2_write_req *)hdr)->WriteChannelInfoLength); + *off = le16_to_cpu(((struct smb2_write_req *)hdr)->WriteChannelInfoOffset); + *len = le16_to_cpu(((struct smb2_write_req *)hdr)->WriteChannelInfoLength); break; case SMB2_QUERY_DIRECTORY: - *off = le16_to_cpu( - ((struct smb2_query_directory_req *)hdr)->FileNameOffset); - *len = le16_to_cpu( - ((struct smb2_query_directory_req *)hdr)->FileNameLength); + *off = le16_to_cpu(((struct smb2_query_directory_req *)hdr)->FileNameOffset); + *len = le16_to_cpu(((struct smb2_query_directory_req *)hdr)->FileNameLength); break; case SMB2_LOCK: { @@ -174,8 +155,7 @@ static char *smb2_get_data_area_len(int *off, int *len, struct smb2_hdr *hdr) * smb2_lock request size is 48 included single * smb2_lock_element structure size. */ - lock_count = le16_to_cpu( - ((struct smb2_lock_req *)hdr)->LockCount) - 1; + lock_count = le16_to_cpu(((struct smb2_lock_req *)hdr)->LockCount) - 1; if (lock_count > 0) { *off = __SMB2_HEADER_STRUCTURE_SIZE + 48; *len = sizeof(struct smb2_lock_element) * lock_count; @@ -183,8 +163,7 @@ static char *smb2_get_data_area_len(int *off, int *len, struct smb2_hdr *hdr) break; } case SMB2_IOCTL: - *off = le32_to_cpu( - ((struct smb2_ioctl_req *)hdr)->InputOffset); + *off = le32_to_cpu(((struct smb2_ioctl_req *)hdr)->InputOffset); *len = le32_to_cpu(((struct smb2_ioctl_req *)hdr)->InputCount);

break; @@ -366,9 +345,9 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) hdr = &pdu->hdr; }

- if (le32_to_cpu(hdr->NextCommand) > 0) + if (le32_to_cpu(hdr->NextCommand) > 0) { len = le32_to_cpu(hdr->NextCommand); - else if (work->next_smb2_rcv_hdr_off) { + } else if (work->next_smb2_rcv_hdr_off) { len -= work->next_smb2_rcv_hdr_off; len = round_up(len, 8); } @@ -389,19 +368,17 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) }

if (smb2_req_struct_sizes[command] != pdu->StructureSize2) { - if (command != SMB2_OPLOCK_BREAK_HE && (hdr->Status == 0 || - pdu->StructureSize2 != SMB2_ERROR_STRUCTURE_SIZE2_LE)) { + if (command != SMB2_OPLOCK_BREAK_HE && + (hdr->Status == 0 || pdu->StructureSize2 != SMB2_ERROR_STRUCTURE_SIZE2_LE)) { /* error packets have 9 byte structure size */ ksmbd_debug(SMB, "Illegal request size %u for command %d\n", le16_to_cpu(pdu->StructureSize2), command); return 1; - } else if (command == SMB2_OPLOCK_BREAK_HE - && (hdr->Status == 0) - && (le16_to_cpu(pdu->StructureSize2) != - OP_BREAK_STRUCT_SIZE_20) - && (le16_to_cpu(pdu->StructureSize2) != - OP_BREAK_STRUCT_SIZE_21)) { + } else if (command == SMB2_OPLOCK_BREAK_HE && + hdr->Status == 0 && + le16_to_cpu(pdu->StructureSize2) != OP_BREAK_STRUCT_SIZE_20 && + le16_to_cpu(pdu->StructureSize2) != OP_BREAK_STRUCT_SIZE_21) { /* special case for SMB2.1 lease break message */ ksmbd_debug(SMB, "Illegal request size %d for oplock break\n", diff --git a/fs/cifsd/smb2ops.c b/fs/cifsd/smb2ops.c index a47219ea3b80..945bc6a78d3c 100644 --- a/fs/cifsd/smb2ops.c +++ b/fs/cifsd/smb2ops.c @@ -248,7 +248,7 @@ void init_smb3_02_server(struct ksmbd_conn *conn) conn->vals->capabilities |= SMB2_GLOBAL_CAP_LEASING;

if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION && - conn->cli_cap & SMB2_GLOBAL_CAP_ENCRYPTION) + conn->cli_cap & SMB2_GLOBAL_CAP_ENCRYPTION) conn->vals->capabilities |= SMB2_GLOBAL_CAP_ENCRYPTION; }

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index a1aa42b52597..3e8f1a3800dd 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -58,7 +58,7 @@ static void __wbuf(struct ksmbd_work *work, void **req, void **rsp) * * Return: 1 if valid session id, otherwise 0 */ -static inline int check_session_id(struct ksmbd_conn *conn, uint64_t id) +static inline int check_session_id(struct ksmbd_conn *conn, u64 id) { struct ksmbd_session *sess;

@@ -98,9 +98,9 @@ int smb2_get_ksmbd_tcon(struct ksmbd_work *work) int tree_id;

work->tcon = NULL; - if ((work->conn->ops->get_cmd_val(work) == SMB2_TREE_CONNECT_HE) || - (work->conn->ops->get_cmd_val(work) == SMB2_CANCEL_HE) || - (work->conn->ops->get_cmd_val(work) == SMB2_LOGOFF_HE)) { + if (work->conn->ops->get_cmd_val(work) == SMB2_TREE_CONNECT_HE || + work->conn->ops->get_cmd_val(work) == SMB2_CANCEL_HE || + work->conn->ops->get_cmd_val(work) == SMB2_LOGOFF_HE) { ksmbd_debug(SMB, "skip to check tree connect request\n"); return 0; } @@ -238,7 +238,7 @@ int init_smb2_neg_rsp(struct ksmbd_work *work) if (conn->need_neg == false) return -EINVAL; if (!(conn->dialect >= SMB20_PROT_ID && - conn->dialect <= SMB311_PROT_ID)) + conn->dialect <= SMB311_PROT_ID)) return -EINVAL;

rsp_hdr = work->response_buf; @@ -549,8 +549,8 @@ int smb2_allocate_rsp_buf(struct ksmbd_work *work)

req = work->request_buf; if (req->InfoType == SMB2_O_INFO_FILE && - (req->FileInfoClass == FILE_FULL_EA_INFORMATION || - req->FileInfoClass == FILE_ALL_INFORMATION)) { + (req->FileInfoClass == FILE_FULL_EA_INFORMATION || + req->FileInfoClass == FILE_ALL_INFORMATION)) { sz = large_sz; work->set_trans_buf = true; } @@ -595,7 +595,7 @@ int smb2_check_user_session(struct ksmbd_work *work) * these commands. */ if (cmd == SMB2_ECHO_HE || cmd == SMB2_NEGOTIATE_HE || - cmd == SMB2_SESSION_SETUP_HE) + cmd == SMB2_SESSION_SETUP_HE) return 0;

if (!ksmbd_conn_good(work)) @@ -610,7 +610,7 @@ int smb2_check_user_session(struct ksmbd_work *work) return -EINVAL; }

-static void destroy_previous_session(struct ksmbd_user *user, uint64_t id) +static void destroy_previous_session(struct ksmbd_user *user, u64 id) { struct ksmbd_session *prev_sess = ksmbd_session_lookup_slowpath(id); struct ksmbd_user *prev_user; @@ -641,15 +641,12 @@ static void destroy_previous_session(struct ksmbd_user *user, uint64_t id) * Return: matching converted filename on success, otherwise error ptr */ static char * -smb2_get_name(struct ksmbd_share_config *share, - const char *src, - const int maxlen, - struct nls_table *local_nls) +smb2_get_name(struct ksmbd_share_config *share, const char *src, + const int maxlen, struct nls_table *local_nls) { char *name, *unixname;

- name = smb_strndup_from_utf16(src, maxlen, 1, - local_nls); + name = smb_strndup_from_utf16(src, maxlen, 1, local_nls); if (IS_ERR(name)) { ksmbd_err("failed to get name %ld\n", PTR_ERR(name)); return name; @@ -756,10 +753,10 @@ static int smb2_get_dos_mode(struct kstat *stat, int attribute) { int attr = 0;

- if (S_ISDIR(stat->mode)) + if (S_ISDIR(stat->mode)) { attr = ATTR_DIRECTORY | (attribute & (ATTR_HIDDEN | ATTR_SYSTEM)); - else { + } else { attr = (attribute & 0x00005137) | ATTR_ARCHIVE; attr &= ~(ATTR_DIRECTORY); if (S_ISREG(stat->mode) && (server_conf.share_fake_fscaps & @@ -774,7 +771,7 @@ static int smb2_get_dos_mode(struct kstat *stat, int attribute) }

static void build_preauth_ctxt(struct smb2_preauth_neg_context *pneg_ctxt, - __le16 hash_id) + __le16 hash_id) { pneg_ctxt->ContextType = SMB2_PREAUTH_INTEGRITY_CAPABILITIES; pneg_ctxt->DataLength = cpu_to_le16(38); @@ -786,7 +783,7 @@ static void build_preauth_ctxt(struct smb2_preauth_neg_context *pneg_ctxt, }

static void build_encrypt_ctxt(struct smb2_encryption_neg_context *pneg_ctxt, - __le16 cipher_type) + __le16 cipher_type) { pneg_ctxt->ContextType = SMB2_ENCRYPTION_CAPABILITIES; pneg_ctxt->DataLength = cpu_to_le16(4); @@ -796,7 +793,7 @@ static void build_encrypt_ctxt(struct smb2_encryption_neg_context *pneg_ctxt, }

static void build_compression_ctxt(struct smb2_compression_ctx *pneg_ctxt, - __le16 comp_algo) + __le16 comp_algo) { pneg_ctxt->ContextType = SMB2_COMPRESSION_CAPABILITIES; pneg_ctxt->DataLength = @@ -808,8 +805,7 @@ static void build_compression_ctxt(struct smb2_compression_ctx *pneg_ctxt, pneg_ctxt->CompressionAlgorithms[0] = comp_algo; }

-static void -build_posix_ctxt(struct smb2_posix_neg_context *pneg_ctxt) +static void build_posix_ctxt(struct smb2_posix_neg_context *pneg_ctxt) { pneg_ctxt->ContextType = SMB2_POSIX_EXTENSIONS_AVAILABLE; pneg_ctxt->DataLength = cpu_to_le16(POSIX_CTXT_DATA_LEN); @@ -832,9 +828,8 @@ build_posix_ctxt(struct smb2_posix_neg_context *pneg_ctxt) pneg_ctxt->Name[15] = 0x7C; }

-static void -assemble_neg_contexts(struct ksmbd_conn *conn, - struct smb2_negotiate_rsp *rsp) +static void assemble_neg_contexts(struct ksmbd_conn *conn, + struct smb2_negotiate_rsp *rsp) { /* +4 is to account for the RFC1001 len field */ char *pneg_ctxt = (char *)rsp + @@ -856,8 +851,7 @@ assemble_neg_contexts(struct ksmbd_conn *conn, ctxt_size = round_up(ctxt_size, 8); ksmbd_debug(SMB, "assemble SMB2_ENCRYPTION_CAPABILITIES context\n"); - build_encrypt_ctxt( - (struct smb2_encryption_neg_context *)pneg_ctxt, + build_encrypt_ctxt((struct smb2_encryption_neg_context *)pneg_ctxt, conn->cipher_type); rsp->NegotiateContextCount = cpu_to_le16(++neg_ctxt_cnt); ctxt_size += sizeof(struct smb2_encryption_neg_context); @@ -892,9 +886,8 @@ assemble_neg_contexts(struct ksmbd_conn *conn, inc_rfc1001_len(rsp, ctxt_size); }

-static __le32 -decode_preauth_ctxt(struct ksmbd_conn *conn, - struct smb2_preauth_neg_context *pneg_ctxt) +static __le32 decode_preauth_ctxt(struct ksmbd_conn *conn, + struct smb2_preauth_neg_context *pneg_ctxt) { __le32 err = STATUS_NO_PREAUTH_INTEGRITY_HASH_OVERLAP;

@@ -909,7 +902,7 @@ decode_preauth_ctxt(struct ksmbd_conn *conn, }

static int decode_encrypt_ctxt(struct ksmbd_conn *conn, - struct smb2_encryption_neg_context *pneg_ctxt) + struct smb2_encryption_neg_context *pneg_ctxt) { int i; int cph_cnt = le16_to_cpu(pneg_ctxt->CipherCount); @@ -921,7 +914,7 @@ static int decode_encrypt_ctxt(struct ksmbd_conn *conn,

for (i = 0; i < cph_cnt; i++) { if (pneg_ctxt->Ciphers[i] == SMB2_ENCRYPTION_AES128_GCM || - pneg_ctxt->Ciphers[i] == SMB2_ENCRYPTION_AES128_CCM) { + pneg_ctxt->Ciphers[i] == SMB2_ENCRYPTION_AES128_CCM) { ksmbd_debug(SMB, "Cipher ID = 0x%x\n", pneg_ctxt->Ciphers[i]); conn->cipher_type = pneg_ctxt->Ciphers[i]; @@ -939,7 +932,7 @@ static int decode_encrypt_ctxt(struct ksmbd_conn *conn, }

static int decode_compress_ctxt(struct ksmbd_conn *conn, - struct smb2_compression_ctx *pneg_ctxt) + struct smb2_compression_ctx *pneg_ctxt) { int algo_cnt = le16_to_cpu(pneg_ctxt->CompressionAlgorithmCount);

@@ -954,7 +947,7 @@ static int decode_compress_ctxt(struct ksmbd_conn *conn, }

static __le32 deassemble_neg_contexts(struct ksmbd_conn *conn, - struct smb2_negotiate_req *req) + struct smb2_negotiate_req *req) { int i = 0; __le32 status = 0; @@ -976,8 +969,7 @@ static __le32 deassemble_neg_contexts(struct ksmbd_conn *conn,

status = decode_preauth_ctxt(conn, (struct smb2_preauth_neg_context *)pneg_ctxt); - pneg_ctxt += DIV_ROUND_UP( - sizeof(struct smb2_preauth_neg_context), 8) * 8; + pneg_ctxt += DIV_ROUND_UP(sizeof(struct smb2_preauth_neg_context), 8) * 8; } else if (*ContextType == SMB2_ENCRYPTION_CAPABILITIES) { ksmbd_debug(SMB, "deassemble SMB2_ENCRYPTION_CAPABILITIES context\n"); @@ -985,8 +977,7 @@ static __le32 deassemble_neg_contexts(struct ksmbd_conn *conn, break;

ctxt_size = decode_encrypt_ctxt(conn, - (struct smb2_encryption_neg_context *) - pneg_ctxt); + (struct smb2_encryption_neg_context *)pneg_ctxt); pneg_ctxt += DIV_ROUND_UP(ctxt_size, 8) * 8; } else if (*ContextType == SMB2_COMPRESSION_CAPABILITIES) { ksmbd_debug(SMB, @@ -995,23 +986,20 @@ static __le32 deassemble_neg_contexts(struct ksmbd_conn *conn, break;

ctxt_size = decode_compress_ctxt(conn, - (struct smb2_compression_ctx *) - pneg_ctxt); + (struct smb2_compression_ctx *) pneg_ctxt); pneg_ctxt += DIV_ROUND_UP(ctxt_size, 8) * 8; } else if (*ContextType == SMB2_NETNAME_NEGOTIATE_CONTEXT_ID) { ksmbd_debug(SMB, "deassemble SMB2_NETNAME_NEGOTIATE_CONTEXT_ID context\n"); ctxt_size = sizeof(struct smb2_netname_neg_context); - ctxt_size += DIV_ROUND_UP( - le16_to_cpu(((struct smb2_netname_neg_context *) + ctxt_size += DIV_ROUND_UP(le16_to_cpu(((struct smb2_netname_neg_context *) pneg_ctxt)->DataLength), 8) * 8; pneg_ctxt += ctxt_size; } else if (*ContextType == SMB2_POSIX_EXTENSIONS_AVAILABLE) { ksmbd_debug(SMB, "deassemble SMB2_POSIX_EXTENSIONS_AVAILABLE context\n"); conn->posix_ext_supported = true; - pneg_ctxt += DIV_ROUND_UP( - sizeof(struct smb2_posix_neg_context), 8) * 8; + pneg_ctxt += DIV_ROUND_UP(sizeof(struct smb2_posix_neg_context), 8) * 8; } ContextType = (__le16 *)pneg_ctxt;

@@ -1149,8 +1137,8 @@ int smb2_handle_negotiate(struct ksmbd_work *work) conn->use_spnego = true;

if ((server_conf.signing == KSMBD_CONFIG_OPT_AUTO || - server_conf.signing == KSMBD_CONFIG_OPT_DISABLED) && - req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED_LE) + server_conf.signing == KSMBD_CONFIG_OPT_DISABLED) && + req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED_LE) conn->sign = true; else if (server_conf.signing == KSMBD_CONFIG_OPT_MANDATORY) { server_conf.enforced_signing = true; @@ -1169,7 +1157,7 @@ int smb2_handle_negotiate(struct ksmbd_work *work) }

static int alloc_preauth_hash(struct ksmbd_session *sess, - struct ksmbd_conn *conn) + struct ksmbd_conn *conn) { if (sess->Preauth_HashValue) return 0; @@ -1204,7 +1192,7 @@ static int generate_preauth_hash(struct ksmbd_work *work) }

static int decode_negotiation_token(struct ksmbd_work *work, - struct negotiate_message *negblob) + struct negotiate_message *negblob) { struct ksmbd_conn *conn = work->conn; struct smb2_sess_setup_req *req; @@ -1227,7 +1215,7 @@ static int decode_negotiation_token(struct ksmbd_work *work, }

static int ntlm_negotiate(struct ksmbd_work *work, - struct negotiate_message *negblob) + struct negotiate_message *negblob) { struct smb2_sess_setup_req *req = work->request_buf; struct smb2_sess_setup_rsp *rsp = work->response_buf; @@ -1291,7 +1279,7 @@ static int ntlm_negotiate(struct ksmbd_work *work, }

static struct authenticate_message *user_authblob(struct ksmbd_conn *conn, - struct smb2_sess_setup_req *req) + struct smb2_sess_setup_req *req) { int sz;

@@ -1304,7 +1292,7 @@ static struct authenticate_message *user_authblob(struct ksmbd_conn *conn, }

static struct ksmbd_user *session_user(struct ksmbd_conn *conn, - struct smb2_sess_setup_req *req) + struct smb2_sess_setup_req *req) { struct authenticate_message *authblob; struct ksmbd_user *user; @@ -1336,7 +1324,7 @@ static int ntlm_authenticate(struct ksmbd_work *work) struct ksmbd_session *sess = work->sess; struct channel *chann = NULL; struct ksmbd_user *user; - uint64_t prev_id; + u64 prev_id; int sz, rc;

ksmbd_debug(SMB, "authenticate phase\n"); @@ -1351,9 +1339,7 @@ static int ntlm_authenticate(struct ksmbd_work *work) return -ENOMEM;

sz = le16_to_cpu(rsp->SecurityBufferOffset); - memcpy((char *)&rsp->hdr.ProtocolId + sz, - spnego_blob, - spnego_blob_len); + memcpy((char *)&rsp->hdr.ProtocolId + sz, spnego_blob, spnego_blob_len); rsp->SecurityBufferLength = cpu_to_le16(spnego_blob_len); kfree(spnego_blob); inc_rfc1001_len(rsp, spnego_blob_len - 1); @@ -1386,8 +1372,7 @@ static int ntlm_authenticate(struct ksmbd_work *work) sess->user = user; if (user_guest(sess->user)) { if (conn->sign) { - ksmbd_debug(SMB, - "Guest login not allowed when signing enabled\n"); + ksmbd_debug(SMB, "Guest login not allowed when signing enabled\n"); rsp->hdr.Status = STATUS_LOGON_FAILURE; return -EACCES; } @@ -1415,11 +1400,11 @@ static int ntlm_authenticate(struct ksmbd_work *work) return 0;

if ((conn->sign || server_conf.enforced_signing) || - (req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) + (req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) sess->sign = true;

if (conn->vals->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION && - conn->ops->generate_encryptionkey) { + conn->ops->generate_encryptionkey) { rc = conn->ops->generate_encryptionkey(sess); if (rc) { ksmbd_debug(SMB, @@ -1453,8 +1438,7 @@ static int ntlm_authenticate(struct ksmbd_work *work) if (conn->ops->generate_signingkey) { rc = conn->ops->generate_signingkey(sess); if (rc) { - ksmbd_debug(SMB, - "SMB3 signing key generation failed\n"); + ksmbd_debug(SMB, "SMB3 signing key generation failed\n"); rsp->hdr.Status = STATUS_LOGON_FAILURE; return rc; } @@ -1479,7 +1463,7 @@ static int krb5_authenticate(struct ksmbd_work *work) struct ksmbd_session *sess = work->sess; char *in_blob, *out_blob; struct channel *chann = NULL; - uint64_t prev_sess_id; + u64 prev_sess_id; int in_len, out_len; int retval;

@@ -1511,11 +1495,11 @@ static int krb5_authenticate(struct ksmbd_work *work) inc_rfc1001_len(rsp, out_len - 1);

if ((conn->sign || server_conf.enforced_signing) || - (req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) + (req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) sess->sign = true;

if ((conn->vals->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION) && - conn->ops->generate_encryptionkey) { + conn->ops->generate_encryptionkey) { retval = conn->ops->generate_encryptionkey(sess); if (retval) { ksmbd_debug(SMB, @@ -1544,8 +1528,7 @@ static int krb5_authenticate(struct ksmbd_work *work) if (conn->ops->generate_signingkey) { retval = conn->ops->generate_signingkey(sess); if (retval) { - ksmbd_debug(SMB, - "SMB3 signing key generation failed\n"); + ksmbd_debug(SMB, "SMB3 signing key generation failed\n"); rsp->hdr.Status = STATUS_LOGON_FAILURE; return retval; } @@ -1646,9 +1629,7 @@ int smb2_sess_setup(struct ksmbd_work *work) * Note: here total size -1 is done as an * adjustment for 0 size blob */ - inc_rfc1001_len(rsp, - le16_to_cpu(rsp->SecurityBufferLength) - - 1); + inc_rfc1001_len(rsp, le16_to_cpu(rsp->SecurityBufferLength) - 1);

} else if (negblob->MessageType == NtLmAuthenticate) { rc = ntlm_authenticate(work); @@ -1704,7 +1685,7 @@ int smb2_tree_connect(struct ksmbd_work *work) int rc = -EINVAL;

treename = smb_strndup_from_utf16(req->Buffer, - le16_to_cpu(req->PathLength), true, conn->local_nls); + le16_to_cpu(req->PathLength), true, conn->local_nls); if (IS_ERR(treename)) { ksmbd_err("treename is NULL\n"); status.ret = KSMBD_TREE_CONN_STATUS_ERROR; @@ -1808,7 +1789,7 @@ static int smb2_create_open_flags(bool file_present, __le32 access, int oflags = O_NONBLOCK | O_LARGEFILE;

if (access & FILE_READ_DESIRED_ACCESS_LE && - access & FILE_WRITE_DESIRE_ACCESS_LE) + access & FILE_WRITE_DESIRE_ACCESS_LE) oflags |= O_RDWR; else if (access & FILE_WRITE_DESIRE_ACCESS_LE) oflags |= O_WRONLY; @@ -1995,13 +1976,13 @@ struct durable_info { };

static int parse_durable_handle_context(struct ksmbd_work *work, - struct smb2_create_req *req, struct lease_ctx_info *lc, - struct durable_info *d_info) + struct smb2_create_req *req, struct lease_ctx_info *lc, + struct durable_info *d_info) { struct ksmbd_conn *conn = work->conn; struct create_context *context; int i, err = 0; - uint64_t persistent_id = 0; + u64 persistent_id = 0; int req_op_level; static const char * const durable_arr[] = {"DH2C", "DHnC", "DH2Q", "DHnQ", SMB2_CREATE_APP_INSTANCE_ID}; @@ -2026,8 +2007,7 @@ static int parse_durable_handle_context(struct ksmbd_work *work,

recon_v2 = (struct create_durable_reconn_v2_req *)context; - persistent_id = le64_to_cpu( - recon_v2->Fid.PersistentFileId); + persistent_id = le64_to_cpu(recon_v2->Fid.PersistentFileId); d_info->fp = ksmbd_lookup_durable_fd(persistent_id); if (!d_info->fp) { ksmbd_err("Failed to get Durable handle state\n"); @@ -2035,9 +2015,8 @@ static int parse_durable_handle_context(struct ksmbd_work *work, goto out; }

- if (memcmp(d_info->fp->create_guid, - recon_v2->CreateGuid, - SMB2_CREATE_GUID_SIZE)) { + if (memcmp(d_info->fp->create_guid, recon_v2->CreateGuid, + SMB2_CREATE_GUID_SIZE)) { err = -EBADF; goto out; } @@ -2053,15 +2032,14 @@ static int parse_durable_handle_context(struct ksmbd_work *work, struct create_durable_reconn_req *recon;

if (d_info->type == DURABLE_RECONN_V2 || - d_info->type == DURABLE_REQ_V2) { + d_info->type == DURABLE_REQ_V2) { err = -EINVAL; goto out; }

recon = (struct create_durable_reconn_req *)context; - persistent_id = le64_to_cpu( - recon->Data.Fid.PersistentFileId); + persistent_id = le64_to_cpu(recon->Data.Fid.PersistentFileId); d_info->fp = ksmbd_lookup_durable_fd(persistent_id); if (!d_info->fp) { ksmbd_err("Failed to get Durable handle state\n"); @@ -2080,7 +2058,7 @@ static int parse_durable_handle_context(struct ksmbd_work *work, struct create_durable_req_v2 *durable_v2_blob;

if (d_info->type == DURABLE_RECONN || - d_info->type == DURABLE_RECONN_V2) { + d_info->type == DURABLE_RECONN_V2) { err = -EINVAL; goto out; } @@ -2088,14 +2066,11 @@ static int parse_durable_handle_context(struct ksmbd_work *work, durable_v2_blob = (struct create_durable_req_v2 *)context; ksmbd_debug(SMB, "Request for durable v2 open\n"); - d_info->fp = ksmbd_lookup_fd_cguid( - durable_v2_blob->CreateGuid); + d_info->fp = ksmbd_lookup_fd_cguid(durable_v2_blob->CreateGuid); if (d_info->fp) { - if (!memcmp(conn->ClientGUID, - d_info->fp->client_guid, - SMB2_CLIENT_GUID_SIZE)) { - if (!(req->hdr.Flags & - SMB2_FLAGS_REPLAY_OPERATIONS)) { + if (!memcmp(conn->ClientGUID, d_info->fp->client_guid, + SMB2_CLIENT_GUID_SIZE)) { + if (!(req->hdr.Flags & SMB2_FLAGS_REPLAY_OPERATIONS)) { err = -ENOEXEC; goto out; } @@ -2105,10 +2080,8 @@ static int parse_durable_handle_context(struct ksmbd_work *work, goto out; } } - if (((lc && - (lc->req_state & - SMB2_LEASE_HANDLE_CACHING_LE)) || - (req_op_level == SMB2_OPLOCK_LEVEL_BATCH))) { + if (((lc && (lc->req_state & SMB2_LEASE_HANDLE_CACHING_LE)) || + req_op_level == SMB2_OPLOCK_LEVEL_BATCH)) { d_info->CreateGuid = durable_v2_blob->CreateGuid; d_info->persistent = @@ -2123,15 +2096,13 @@ static int parse_durable_handle_context(struct ksmbd_work *work, if (d_info->type == DURABLE_RECONN) goto out; if (d_info->type == DURABLE_RECONN_V2 || - d_info->type == DURABLE_REQ_V2) { + d_info->type == DURABLE_REQ_V2) { err = -EINVAL; goto out; }

- if (((lc && - (lc->req_state & - SMB2_LEASE_HANDLE_CACHING_LE)) || - (req_op_level == SMB2_OPLOCK_LEVEL_BATCH))) { + if (((lc && (lc->req_state & SMB2_LEASE_HANDLE_CACHING_LE)) || + req_op_level == SMB2_OPLOCK_LEVEL_BATCH)) { ksmbd_debug(SMB, "Request for durable open\n"); d_info->type = i; } @@ -2252,9 +2223,7 @@ static inline int check_context_err(void *ctx, char *str) }

static noinline int smb2_set_stream_name_xattr(struct path *path, - struct ksmbd_file *fp, - char *stream_name, - int s_type) + struct ksmbd_file *fp, char *stream_name, int s_type) { size_t xattr_stream_size; char *xattr_stream_name; @@ -2307,12 +2276,9 @@ static int smb2_remove_smb_xattrs(struct dentry *dentry) ksmbd_debug(SMB, "%s, len %zd\n", name, strlen(name));

if (strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN) && - strncmp(&name[XATTR_USER_PREFIX_LEN], - DOS_ATTRIBUTE_PREFIX, - DOS_ATTRIBUTE_PREFIX_LEN) && - strncmp(&name[XATTR_USER_PREFIX_LEN], - STREAM_PREFIX, - STREAM_PREFIX_LEN)) + strncmp(&name[XATTR_USER_PREFIX_LEN], DOS_ATTRIBUTE_PREFIX, + DOS_ATTRIBUTE_PREFIX_LEN) && + strncmp(&name[XATTR_USER_PREFIX_LEN], STREAM_PREFIX, STREAM_PREFIX_LEN)) continue;

err = ksmbd_vfs_remove_xattr(dentry, name); @@ -2343,9 +2309,8 @@ static int smb2_create_truncate(struct path *path) return rc; }

-static void smb2_new_xattrs(struct ksmbd_tree_connect *tcon, - struct path *path, - struct ksmbd_file *fp) +static void smb2_new_xattrs(struct ksmbd_tree_connect *tcon, struct path *path, + struct ksmbd_file *fp) { struct xattr_dos_attrib da = {0}; int rc; @@ -2366,8 +2331,7 @@ static void smb2_new_xattrs(struct ksmbd_tree_connect *tcon, }

static void smb2_update_xattrs(struct ksmbd_tree_connect *tcon, - struct path *path, - struct ksmbd_file *fp) + struct path *path, struct ksmbd_file *fp) { struct xattr_dos_attrib da; int rc; @@ -2376,7 +2340,7 @@ static void smb2_update_xattrs(struct ksmbd_tree_connect *tcon,

/* get FileAttributes from XATTR_NAME_DOS_ATTRIBUTE */ if (!test_share_config_flag(tcon->share_conf, - KSMBD_SHARE_FLAG_STORE_DOS_ATTRS)) + KSMBD_SHARE_FLAG_STORE_DOS_ATTRS)) return;

rc = ksmbd_vfs_get_dos_attrib_xattr(path->dentry, &da); @@ -2387,12 +2351,8 @@ static void smb2_update_xattrs(struct ksmbd_tree_connect *tcon, } }

-static int smb2_creat(struct ksmbd_work *work, - struct path *path, - char *name, - int open_flags, - umode_t posix_mode, - bool is_dir) +static int smb2_creat(struct ksmbd_work *work, struct path *path, char *name, + int open_flags, umode_t posix_mode, bool is_dir) { struct ksmbd_tree_connect *tcon = work->tcon; struct ksmbd_share_config *share = tcon->share_conf; @@ -2494,7 +2454,7 @@ int smb2_open(struct ksmbd_work *work) WORK_BUFFERS(work, req, rsp);

if (req->hdr.NextCommand && !work->next_smb2_rcv_hdr_off && - (req->hdr.Flags & SMB2_FLAGS_RELATED_OPERATIONS)) { + (req->hdr.Flags & SMB2_FLAGS_RELATED_OPERATIONS)) { ksmbd_debug(SMB, "invalid flag in chained command\n"); rsp->hdr.Status = STATUS_INVALID_PARAMETER; smb2_set_err_rsp(work); @@ -2508,7 +2468,7 @@ int smb2_open(struct ksmbd_work *work)

if (req->NameLength) { if ((req->CreateOptions & FILE_DIRECTORY_FILE_LE) && - *(char *)req->Buffer == '\') { + *(char *)req->Buffer == '\') { ksmbd_err("not allow directory name included leading slash\n"); rc = -EINVAL; goto err_out1; @@ -2528,7 +2488,7 @@ int smb2_open(struct ksmbd_work *work) ksmbd_debug(SMB, "converted name = %s\n", name); if (strchr(name, ':')) { if (!test_share_config_flag(work->tcon->share_conf, - KSMBD_SHARE_FLAG_STREAMS)) { + KSMBD_SHARE_FLAG_STREAMS)) { rc = -EBADF; goto err_out1; } @@ -2564,7 +2524,7 @@ int smb2_open(struct ksmbd_work *work) req_op_level = req->RequestedOplockLevel; memset(&d_info, 0, sizeof(struct durable_info)); if (server_conf.flags & KSMBD_GLOBAL_FLAG_DURABLE_HANDLE && - req->CreateContextsOffset) { + req->CreateContextsOffset) { lc = parse_lease_state(req); rc = parse_durable_handle_context(work, req, lc, &d_info); if (rc) { @@ -2593,8 +2553,7 @@ int smb2_open(struct ksmbd_work *work) lc = parse_lease_state(req); }

- if (le32_to_cpu(req->ImpersonationLevel) > - le32_to_cpu(IL_DELEGATE_LE)) { + if (le32_to_cpu(req->ImpersonationLevel) > le32_to_cpu(IL_DELEGATE_LE)) { ksmbd_err("Invalid impersonationlevel : 0x%x\n", le32_to_cpu(req->ImpersonationLevel)); rc = -EIO; @@ -2610,7 +2569,7 @@ int smb2_open(struct ksmbd_work *work) } else {

if (req->CreateOptions & FILE_SEQUENTIAL_ONLY_LE && - req->CreateOptions & FILE_RANDOM_ACCESS_LE) + req->CreateOptions & FILE_RANDOM_ACCESS_LE) req->CreateOptions = ~(FILE_SEQUENTIAL_ONLY_LE);

if (req->CreateOptions & (FILE_OPEN_BY_FILE_ID_LE | @@ -2623,8 +2582,9 @@ int smb2_open(struct ksmbd_work *work) if (req->CreateOptions & FILE_NON_DIRECTORY_FILE_LE) { rc = -EINVAL; goto err_out1; - } else if (req->CreateOptions & FILE_NO_COMPRESSION_LE) + } else if (req->CreateOptions & FILE_NO_COMPRESSION_LE) { req->CreateOptions = ~(FILE_NO_COMPRESSION_LE); + } } }

@@ -2643,8 +2603,7 @@ int smb2_open(struct ksmbd_work *work) goto err_out1; }

- if (req->FileAttributes && - !(req->FileAttributes & ATTR_MASK_LE)) { + if (req->FileAttributes && !(req->FileAttributes & ATTR_MASK_LE)) { ksmbd_err("Invalid file attribute : 0x%x\n", le32_to_cpu(req->FileAttributes)); rc = -EINVAL; @@ -2729,14 +2688,13 @@ int smb2_open(struct ksmbd_work *work) * denied error. */ if (req->CreateDisposition == FILE_OVERWRITE_IF_LE || - req->CreateDisposition == FILE_OPEN_IF_LE) { + req->CreateDisposition == FILE_OPEN_IF_LE) { rc = -EACCES; path_put(&path); goto err_out; }

- if (!test_tree_conn_flag(tcon, - KSMBD_TREE_CONN_FLAG_WRITABLE)) { + if (!test_tree_conn_flag(tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { ksmbd_debug(SMB, "User does not have write permission\n"); rc = -EACCES; @@ -2746,7 +2704,7 @@ int smb2_open(struct ksmbd_work *work) } } else { if (test_share_config_flag(work->tcon->share_conf, - KSMBD_SHARE_FLAG_FOLLOW_SYMLINKS)) { + KSMBD_SHARE_FLAG_FOLLOW_SYMLINKS)) { /* * Use LOOKUP_FOLLOW to follow the path of * symlink in path buildup @@ -2792,7 +2750,7 @@ int smb2_open(struct ksmbd_work *work) }

if (req->CreateOptions & FILE_DIRECTORY_FILE_LE && - req->FileAttributes & ATTR_NORMAL_LE) { + req->FileAttributes & ATTR_NORMAL_LE) { rsp->hdr.Status = STATUS_NOT_A_DIRECTORY; rc = -EIO; } @@ -2801,9 +2759,8 @@ int smb2_open(struct ksmbd_work *work) goto err_out; }

- if (file_present && req->CreateOptions & FILE_NON_DIRECTORY_FILE_LE - && S_ISDIR(stat.mode) && - !(req->CreateOptions & FILE_DELETE_ON_CLOSE_LE)) { + if (file_present && req->CreateOptions & FILE_NON_DIRECTORY_FILE_LE && + S_ISDIR(stat.mode) && !(req->CreateOptions & FILE_DELETE_ON_CLOSE_LE)) { ksmbd_debug(SMB, "open() argument is a directory: %s, %x\n", name, req->CreateOptions); rsp->hdr.Status = STATUS_FILE_IS_A_DIRECTORY; @@ -2812,21 +2769,21 @@ int smb2_open(struct ksmbd_work *work) }

if (file_present && (req->CreateOptions & FILE_DIRECTORY_FILE_LE) && - !(req->CreateDisposition == FILE_CREATE_LE) && - !S_ISDIR(stat.mode)) { + !(req->CreateDisposition == FILE_CREATE_LE) && + !S_ISDIR(stat.mode)) { rsp->hdr.Status = STATUS_NOT_A_DIRECTORY; rc = -EIO; goto err_out; }

if (!stream_name && file_present && - (req->CreateDisposition == FILE_CREATE_LE)) { + req->CreateDisposition == FILE_CREATE_LE) { rc = -EEXIST; goto err_out; }

if (server_conf.flags & KSMBD_GLOBAL_FLAG_DURABLE_HANDLE && - file_present) + file_present) file_present = ksmbd_close_inode_fds(work, d_inode(path.dentry));

@@ -2889,10 +2846,10 @@ int smb2_open(struct ksmbd_work *work) * because execute(search) permission on a parent directory, * is already granted. */ - if (daccess & ~(FILE_READ_ATTRIBUTES_LE | - FILE_READ_CONTROL_LE)) { + if (daccess & ~(FILE_READ_ATTRIBUTES_LE | FILE_READ_CONTROL_LE)) { if (ksmbd_vfs_inode_permission(path.dentry, - open_flags & O_ACCMODE, may_delete)) { + open_flags & O_ACCMODE, + may_delete)) { rc = -EACCES; goto err_out; } @@ -2922,8 +2879,9 @@ int smb2_open(struct ksmbd_work *work) if ((req->CreateDisposition & FILE_CREATE_MASK_LE) == FILE_SUPERSEDE_LE) file_info = FILE_SUPERSEDED; - } else if (open_flags & O_CREAT) + } else if (open_flags & O_CREAT) { file_info = FILE_CREATED; + }

ksmbd_vfs_set_fadvise(filp, req->CreateOptions);

@@ -2959,7 +2917,7 @@ int smb2_open(struct ksmbd_work *work) ksmbd_debug(SMB, "inherit posix acl failed : %d\n", posix_acl_rc);

if (test_share_config_flag(work->tcon->share_conf, - KSMBD_SHARE_FLAG_ACL_XATTR)) { + KSMBD_SHARE_FLAG_ACL_XATTR)) { rc = smb_inherit_dacl(conn, path.dentry, sess->user->uid, sess->user->gid); } @@ -2971,7 +2929,7 @@ int smb2_open(struct ksmbd_work *work) ksmbd_vfs_set_init_posix_acl(inode);

if (test_share_config_flag(work->tcon->share_conf, - KSMBD_SHARE_FLAG_ACL_XATTR)) { + KSMBD_SHARE_FLAG_ACL_XATTR)) { struct smb_fattr fattr; struct smb_ntsd *pntsd; int pntsd_size, ace_num; @@ -2990,9 +2948,9 @@ int smb2_open(struct ksmbd_work *work) }

pntsd = kmalloc(sizeof(struct smb_ntsd) + - sizeof(struct smb_sid)*3 + + sizeof(struct smb_sid) * 3 + sizeof(struct smb_acl) + - sizeof(struct smb_ace)*ace_num*2, + sizeof(struct smb_ace) * ace_num * 2, GFP_KERNEL); if (!pntsd) goto err_out; @@ -3026,8 +2984,8 @@ int smb2_open(struct ksmbd_work *work)

fp->attrib_only = !(req->DesiredAccess & ~(FILE_READ_ATTRIBUTES_LE | FILE_WRITE_ATTRIBUTES_LE | FILE_SYNCHRONIZE_LE)); - if (!S_ISDIR(file_inode(filp)->i_mode) && open_flags & O_TRUNC - && !fp->attrib_only && !stream_name) { + if (!S_ISDIR(file_inode(filp)->i_mode) && open_flags & O_TRUNC && + !fp->attrib_only && !stream_name) { smb_break_all_oplock(work, fp); need_truncate = 1; } @@ -3053,10 +3011,9 @@ int smb2_open(struct ksmbd_work *work) }

share_ret = ksmbd_smb_check_shared_mode(fp->filp, fp); - if (!test_share_config_flag(work->tcon->share_conf, - KSMBD_SHARE_FLAG_OPLOCKS) || - (req_op_level == SMB2_OPLOCK_LEVEL_LEASE && - !(conn->vals->capabilities & SMB2_GLOBAL_CAP_LEASING))) { + if (!test_share_config_flag(work->tcon->share_conf, KSMBD_SHARE_FLAG_OPLOCKS) || + (req_op_level == SMB2_OPLOCK_LEVEL_LEASE && + !(conn->vals->capabilities & SMB2_GLOBAL_CAP_LEASING))) { if (share_ret < 0 && !S_ISDIR(FP_INODE(fp)->i_mode)) { rc = share_ret; goto err_out; @@ -3071,8 +3028,8 @@ int smb2_open(struct ksmbd_work *work) if (rc) goto err_out; } else if (open_flags == O_RDONLY && - (req_op_level == SMB2_OPLOCK_LEVEL_BATCH || - req_op_level == SMB2_OPLOCK_LEVEL_EXCLUSIVE)) + (req_op_level == SMB2_OPLOCK_LEVEL_BATCH || + req_op_level == SMB2_OPLOCK_LEVEL_EXCLUSIVE)) req_op_level = SMB2_OPLOCK_LEVEL_II;

rc = smb_grant_oplock(work, req_op_level, @@ -3117,11 +3074,9 @@ int smb2_open(struct ksmbd_work *work) err); }

- context = smb2_find_context_vals(req, - SMB2_CREATE_QUERY_ON_DISK_ID); + context = smb2_find_context_vals(req, SMB2_CREATE_QUERY_ON_DISK_ID); if (IS_ERR(context)) { - rc = check_context_err(context, - SMB2_CREATE_QUERY_ON_DISK_ID); + rc = check_context_err(context, SMB2_CREATE_QUERY_ON_DISK_ID); if (rc < 0) goto err_out; } else { @@ -3146,8 +3101,7 @@ int smb2_open(struct ksmbd_work *work) memcpy(fp->client_guid, conn->ClientGUID, SMB2_CLIENT_GUID_SIZE);

if (d_info.type) { - if (d_info.type == DURABLE_REQ_V2 && - d_info.persistent) + if (d_info.type == DURABLE_REQ_V2 && d_info.persistent) fp->is_persistent = 1; else fp->is_durable = 1; @@ -3160,8 +3114,7 @@ int smb2_open(struct ksmbd_work *work) else fp->durable_timeout = 1600; if (d_info.app_id) - memcpy(fp->app_instance_id, - d_info.app_id, 16); + memcpy(fp->app_instance_id, d_info.app_id, 16); } }

@@ -3457,10 +3410,8 @@ static int dentry_name(struct ksmbd_dir_info *d_info, int info_level) * * Return: 0 on success, otherwise error */ -static int smb2_populate_readdir_entry(struct ksmbd_conn *conn, - int info_level, - struct ksmbd_dir_info *d_info, - struct ksmbd_kstat *ksmbd_kstat) +static int smb2_populate_readdir_entry(struct ksmbd_conn *conn, int info_level, + struct ksmbd_dir_info *d_info, struct ksmbd_kstat *ksmbd_kstat) { int next_entry_offset = 0; char *conv_name; @@ -3710,7 +3661,7 @@ static int process_query_dir_entries(struct smb2_query_dir_private *priv) }

static int reserve_populate_dentry(struct ksmbd_dir_info *d_info, - int info_level) + int info_level) { int struct_sz; int conv_len; @@ -3816,12 +3767,8 @@ static int reserve_populate_dentry(struct ksmbd_dir_info *d_info, return 0; }

-static int __query_dir(struct dir_context *ctx, - const char *name, - int namlen, - loff_t offset, - u64 ino, - unsigned int d_type) +static int __query_dir(struct dir_context *ctx, const char *name, int namlen, + loff_t offset, u64 ino, unsigned int d_type) { struct ksmbd_readdir_data *buf; struct smb2_query_dir_private *priv; @@ -3913,8 +3860,7 @@ int smb2_query_dir(struct ksmbd_work *work) }

if (!(dir_fp->daccess & FILE_LIST_DIRECTORY_LE) || - inode_permission(&init_user_ns, file_inode(dir_fp->filp), - MAY_READ | MAY_EXEC)) { + inode_permission(&init_user_ns, file_inode(dir_fp->filp), MAY_READ | MAY_EXEC)) { ksmbd_err("no right to enumerate directory (%s)\n", FP_FILENAME(dir_fp)); rc = -EACCES; @@ -3935,8 +3881,9 @@ int smb2_query_dir(struct ksmbd_work *work) ksmbd_debug(SMB, "Search Pattern not found\n"); rc = -EINVAL; goto err_out2; - } else + } else { ksmbd_debug(SMB, "Search pattern is %s\n", srch_ptr); + }

ksmbd_debug(SMB, "Directory name is %s\n", dir_fp->filename);

@@ -3949,11 +3896,9 @@ int smb2_query_dir(struct ksmbd_work *work) memset(&d_info, 0, sizeof(struct ksmbd_dir_info)); d_info.wptr = (char *)rsp->Buffer; d_info.rptr = (char *)rsp->Buffer; - d_info.out_buf_len = (work->response_sz - - (get_rfc1002_len(rsp_org) + 4)); + d_info.out_buf_len = (work->response_sz - (get_rfc1002_len(rsp_org) + 4)); d_info.out_buf_len = min_t(int, d_info.out_buf_len, - le32_to_cpu(req->OutputBufferLength)) - - sizeof(struct smb2_query_directory_rsp); + le32_to_cpu(req->OutputBufferLength)) - sizeof(struct smb2_query_directory_rsp); d_info.flags = srch_flag;

/* @@ -3995,9 +3940,9 @@ int smb2_query_dir(struct ksmbd_work *work) goto err_out;

if (!d_info.data_count && d_info.out_buf_len >= 0) { - if (srch_flag & SMB2_RETURN_SINGLE_ENTRY && !is_asterisk(srch_ptr)) + if (srch_flag & SMB2_RETURN_SINGLE_ENTRY && !is_asterisk(srch_ptr)) { rsp->hdr.Status = STATUS_NO_SUCH_FILE; - else { + } else { dir_fp->dot_dotdot[0] = dir_fp->dot_dotdot[1] = 0; rsp->hdr.Status = STATUS_NO_MORE_FILES; } @@ -4057,24 +4002,21 @@ int smb2_query_dir(struct ksmbd_work *work) * Return: 0 on success, otherwise error */ static int buffer_check_err(int reqOutputBufferLength, - struct smb2_query_info_rsp *rsp, int infoclass_size) + struct smb2_query_info_rsp *rsp, int infoclass_size) { if (reqOutputBufferLength < le32_to_cpu(rsp->OutputBufferLength)) { if (reqOutputBufferLength < infoclass_size) { ksmbd_err("Invalid Buffer Size Requested\n"); rsp->hdr.Status = STATUS_INFO_LENGTH_MISMATCH; - rsp->hdr.smb2_buf_length = cpu_to_be32( - sizeof(struct smb2_hdr) - 4); + rsp->hdr.smb2_buf_length = cpu_to_be32(sizeof(struct smb2_hdr) - 4); return -EINVAL; }

ksmbd_debug(SMB, "Buffer Overflow\n"); rsp->hdr.Status = STATUS_BUFFER_OVERFLOW; - rsp->hdr.smb2_buf_length = cpu_to_be32( - sizeof(struct smb2_hdr) - 4 - + reqOutputBufferLength); - rsp->OutputBufferLength = cpu_to_le32( - reqOutputBufferLength); + rsp->hdr.smb2_buf_length = cpu_to_be32(sizeof(struct smb2_hdr) - 4 + + reqOutputBufferLength); + rsp->OutputBufferLength = cpu_to_le32(reqOutputBufferLength); } return 0; } @@ -4096,7 +4038,7 @@ static void get_standard_info_pipe(struct smb2_query_info_rsp *rsp) }

static void get_internal_info_pipe(struct smb2_query_info_rsp *rsp, - uint64_t num) + u64 num) { struct smb2_file_internal_info *file_info;

@@ -4110,9 +4052,10 @@ static void get_internal_info_pipe(struct smb2_query_info_rsp *rsp, }

static int smb2_get_info_file_pipe(struct ksmbd_session *sess, - struct smb2_query_info_req *req, struct smb2_query_info_rsp *rsp) + struct smb2_query_info_req *req, + struct smb2_query_info_rsp *rsp) { - uint64_t id; + u64 id; int rc;

/* @@ -4155,11 +4098,9 @@ static int smb2_get_info_file_pipe(struct ksmbd_session *sess, * * Return: 0 on success, otherwise error */ -static int smb2_get_ea(struct ksmbd_work *work, - struct ksmbd_file *fp, - struct smb2_query_info_req *req, - struct smb2_query_info_rsp *rsp, - void *rsp_org) +static int smb2_get_ea(struct ksmbd_work *work, struct ksmbd_file *fp, + struct smb2_query_info_req *req, + struct smb2_query_info_rsp *rsp, void *rsp_org) { struct smb2_ea_info *eainfo, *prev_eainfo; char *name, *ptr, *xattr_list = NULL, *buf; @@ -4176,9 +4117,9 @@ static int smb2_get_ea(struct ksmbd_work *work,

path = &fp->filp->f_path; /* single EA entry is requested with given user.* name */ - if (req->InputBufferLength) + if (req->InputBufferLength) { ea_req = (struct smb2_ea_info_req *)req->Buffer; - else { + } else { /* need to send all EAs, if no specific EA is requested*/ if (le32_to_cpu(req->Flags) & SL_RETURN_SINGLE_ENTRY) ksmbd_debug(SMB, @@ -4224,16 +4165,16 @@ static int smb2_get_ea(struct ksmbd_work *work, continue;

if (!strncmp(&name[XATTR_USER_PREFIX_LEN], STREAM_PREFIX, - STREAM_PREFIX_LEN)) + STREAM_PREFIX_LEN)) continue;

if (req->InputBufferLength && - (strncmp(&name[XATTR_USER_PREFIX_LEN], - ea_req->name, ea_req->EaNameLength))) + strncmp(&name[XATTR_USER_PREFIX_LEN], ea_req->name, + ea_req->EaNameLength)) continue;

if (!strncmp(&name[XATTR_USER_PREFIX_LEN], - DOS_ATTRIBUTE_PREFIX, DOS_ATTRIBUTE_PREFIX_LEN)) + DOS_ATTRIBUTE_PREFIX, DOS_ATTRIBUTE_PREFIX_LEN)) continue;

if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) @@ -4263,8 +4204,7 @@ static int smb2_get_ea(struct ksmbd_work *work, eainfo->Flags = 0; eainfo->EaNameLength = name_len;

- if (!strncmp(name, XATTR_USER_PREFIX, - XATTR_USER_PREFIX_LEN)) + if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) memcpy(eainfo->name, &name[XATTR_USER_PREFIX_LEN], name_len); else @@ -4308,8 +4248,7 @@ static int smb2_get_ea(struct ksmbd_work *work, }

static void get_file_access_info(struct smb2_query_info_rsp *rsp, - struct ksmbd_file *fp, - void *rsp_org) + struct ksmbd_file *fp, void *rsp_org) { struct smb2_file_access_info *file_info;

@@ -4321,8 +4260,7 @@ static void get_file_access_info(struct smb2_query_info_rsp *rsp, }

static int get_file_basic_info(struct smb2_query_info_rsp *rsp, - struct ksmbd_file *fp, - void *rsp_org) + struct ksmbd_file *fp, void *rsp_org) { struct smb2_file_all_info *basic_info; struct kstat stat; @@ -4346,8 +4284,7 @@ static int get_file_basic_info(struct smb2_query_info_rsp *rsp, basic_info->Attributes = fp->f_ci->m_fattr; basic_info->Pad1 = 0; rsp->OutputBufferLength = - cpu_to_le32(offsetof(struct smb2_file_all_info, - AllocationSize)); + cpu_to_le32(offsetof(struct smb2_file_all_info, AllocationSize)); inc_rfc1001_len(rsp_org, offsetof(struct smb2_file_all_info, AllocationSize)); return 0; @@ -4363,15 +4300,13 @@ static unsigned long long get_allocation_size(struct inode *inode, alloc_size = stat->size; else alloc_size = inode->i_blocks << 9; - }

return alloc_size; }

static void get_file_standard_info(struct smb2_query_info_rsp *rsp, - struct ksmbd_file *fp, - void *rsp_org) + struct ksmbd_file *fp, void *rsp_org) { struct smb2_file_standard_info *sinfo; unsigned int delete_pending; @@ -4396,7 +4331,7 @@ static void get_file_standard_info(struct smb2_query_info_rsp *rsp, }

static void get_file_alignment_info(struct smb2_query_info_rsp *rsp, - void *rsp_org) + void *rsp_org) { struct smb2_file_alignment_info *file_info;

@@ -4409,9 +4344,8 @@ static void get_file_alignment_info(struct smb2_query_info_rsp *rsp, }

static int get_file_all_info(struct ksmbd_work *work, - struct smb2_query_info_rsp *rsp, - struct ksmbd_file *fp, - void *rsp_org) + struct smb2_query_info_rsp *rsp, struct ksmbd_file *fp, + void *rsp_org) { struct ksmbd_conn *conn = work->conn; struct smb2_file_all_info *file_info; @@ -4478,9 +4412,8 @@ static int get_file_all_info(struct ksmbd_work *work, }

static void get_file_alternate_info(struct ksmbd_work *work, - struct smb2_query_info_rsp *rsp, - struct ksmbd_file *fp, - void *rsp_org) + struct smb2_query_info_rsp *rsp, struct ksmbd_file *fp, + void *rsp_org) { struct ksmbd_conn *conn = work->conn; struct smb2_file_alt_name_info *file_info; @@ -4499,9 +4432,8 @@ static void get_file_alternate_info(struct ksmbd_work *work, }

static void get_file_stream_info(struct ksmbd_work *work, - struct smb2_query_info_rsp *rsp, - struct ksmbd_file *fp, - void *rsp_org) + struct smb2_query_info_rsp *rsp, struct ksmbd_file *fp, + void *rsp_org) { struct ksmbd_conn *conn = work->conn; struct smb2_file_stream_info *file_info; @@ -4530,7 +4462,7 @@ static void get_file_stream_info(struct ksmbd_work *work, ksmbd_debug(SMB, "%s, len %d\n", stream_name, streamlen);

if (strncmp(&stream_name[XATTR_USER_PREFIX_LEN], - STREAM_PREFIX, STREAM_PREFIX_LEN)) + STREAM_PREFIX, STREAM_PREFIX_LEN)) continue;

stream_name_len = streamlen - (XATTR_USER_PREFIX_LEN + @@ -4588,8 +4520,7 @@ static void get_file_stream_info(struct ksmbd_work *work, }

static void get_file_internal_info(struct smb2_query_info_rsp *rsp, - struct ksmbd_file *fp, - void *rsp_org) + struct ksmbd_file *fp, void *rsp_org) { struct smb2_file_internal_info *file_info; struct kstat stat; @@ -4603,8 +4534,7 @@ static void get_file_internal_info(struct smb2_query_info_rsp *rsp, }

static int get_file_network_open_info(struct smb2_query_info_rsp *rsp, - struct ksmbd_file *fp, - void *rsp_org) + struct ksmbd_file *fp, void *rsp_org) { struct smb2_file_ntwrk_info *file_info; struct inode *inode; @@ -4640,8 +4570,7 @@ static int get_file_network_open_info(struct smb2_query_info_rsp *rsp, return 0; }

-static void get_file_ea_info(struct smb2_query_info_rsp *rsp, - void *rsp_org) +static void get_file_ea_info(struct smb2_query_info_rsp *rsp, void *rsp_org) { struct smb2_file_ea_info *file_info;

@@ -4653,8 +4582,7 @@ static void get_file_ea_info(struct smb2_query_info_rsp *rsp, }

static void get_file_position_info(struct smb2_query_info_rsp *rsp, - struct ksmbd_file *fp, - void *rsp_org) + struct ksmbd_file *fp, void *rsp_org) { struct smb2_file_pos_info *file_info;

@@ -4666,8 +4594,7 @@ static void get_file_position_info(struct smb2_query_info_rsp *rsp, }

static void get_file_mode_info(struct smb2_query_info_rsp *rsp, - struct ksmbd_file *fp, - void *rsp_org) + struct ksmbd_file *fp, void *rsp_org) { struct smb2_file_mode_info *file_info;

@@ -4679,8 +4606,7 @@ static void get_file_mode_info(struct smb2_query_info_rsp *rsp, }

static void get_file_compression_info(struct smb2_query_info_rsp *rsp, - struct ksmbd_file *fp, - void *rsp_org) + struct ksmbd_file *fp, void *rsp_org) { struct smb2_file_comp_info *file_info; struct kstat stat; @@ -4701,8 +4627,7 @@ static void get_file_compression_info(struct smb2_query_info_rsp *rsp, }

static int get_file_attribute_tag_info(struct smb2_query_info_rsp *rsp, - struct ksmbd_file *fp, - void *rsp_org) + struct ksmbd_file *fp, void *rsp_org) { struct smb2_file_attr_tag_info *file_info;

@@ -4723,8 +4648,7 @@ static int get_file_attribute_tag_info(struct smb2_query_info_rsp *rsp, }

static int find_file_posix_info(struct smb2_query_info_rsp *rsp, - struct ksmbd_file *fp, - void *rsp_org) + struct ksmbd_file *fp, void *rsp_org) { struct smb311_posix_qinfo *file_info; struct inode *inode = FP_INODE(fp); @@ -4747,15 +4671,13 @@ static int find_file_posix_info(struct smb2_query_info_rsp *rsp, file_info->DeviceId = cpu_to_le32(inode->i_rdev); rsp->OutputBufferLength = cpu_to_le32(sizeof(struct smb311_posix_qinfo)); - inc_rfc1001_len(rsp_org, - sizeof(struct smb311_posix_qinfo)); + inc_rfc1001_len(rsp_org, sizeof(struct smb311_posix_qinfo)); return 0; }

static int smb2_get_info_file(struct ksmbd_work *work, - struct smb2_query_info_req *req, - struct smb2_query_info_rsp *rsp, - void *rsp_org) + struct smb2_query_info_req *req, + struct smb2_query_info_rsp *rsp, void *rsp_org) { struct ksmbd_file *fp; int fileinfoclass = 0; @@ -4764,7 +4686,7 @@ static int smb2_get_info_file(struct ksmbd_work *work, unsigned int id = KSMBD_NO_FID, pid = KSMBD_NO_FID;

if (test_share_config_flag(work->tcon->share_conf, - KSMBD_SHARE_FLAG_PIPE)) { + KSMBD_SHARE_FLAG_PIPE)) { /* smb2 info file called for pipe */ return smb2_get_info_file_pipe(work->sess, req, rsp); } @@ -4887,9 +4809,8 @@ static int smb2_get_info_file(struct ksmbd_work *work, }

static int smb2_get_info_filesystem(struct ksmbd_work *work, - struct smb2_query_info_req *req, - struct smb2_query_info_rsp *rsp, - void *rsp_org) + struct smb2_query_info_req *req, + struct smb2_query_info_rsp *rsp, void *rsp_org) { struct ksmbd_session *sess = work->sess; struct ksmbd_conn *conn = sess->conn; @@ -5029,9 +4950,7 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work, info->extended_info.version = cpu_to_le32(1); info->extended_info.release = cpu_to_le32(1); info->extended_info.rel_date = 0; - memcpy(info->extended_info.version_string, - "1.1.0", - strlen("1.1.0")); + memcpy(info->extended_info.version_string, "1.1.0", strlen("1.1.0")); rsp->OutputBufferLength = cpu_to_le32(64); inc_rfc1001_len(rsp_org, 64); fs_infoclass_size = FS_OBJECT_ID_INFORMATION_SIZE; @@ -5121,8 +5040,8 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work, }

static int smb2_get_info_sec(struct ksmbd_work *work, - struct smb2_query_info_req *req, struct smb2_query_info_rsp *rsp, - void *rsp_org) + struct smb2_query_info_req *req, + struct smb2_query_info_rsp *rsp, void *rsp_org) { struct ksmbd_file *fp; struct smb_ntsd *pntsd = (struct smb_ntsd *)rsp->Buffer, *ppntsd = NULL; @@ -5162,7 +5081,7 @@ static int smb2_get_info_sec(struct ksmbd_work *work, fattr.cf_dacls = ksmbd_vfs_get_acl(inode, ACL_TYPE_DEFAULT);

if (test_share_config_flag(work->tcon->share_conf, - KSMBD_SHARE_FLAG_ACL_XATTR)) + KSMBD_SHARE_FLAG_ACL_XATTR)) ksmbd_vfs_get_sd_xattr(work->conn, fp->filp->f_path.dentry, &ppntsd);

rc = build_sec_desc(pntsd, ppntsd, addition_info, &secdesclen, &fattr); @@ -5243,7 +5162,7 @@ int smb2_query_info(struct ksmbd_work *work) */ static noinline int smb2_close_pipe(struct ksmbd_work *work) { - uint64_t id; + u64 id; struct smb2_close_req *req = work->request_buf; struct smb2_close_rsp *rsp = work->response_buf;

@@ -5273,7 +5192,7 @@ static noinline int smb2_close_pipe(struct ksmbd_work *work) int smb2_close(struct ksmbd_work *work) { unsigned int volatile_id = KSMBD_NO_FID; - uint64_t sess_id; + u64 sess_id; struct smb2_close_req *req; struct smb2_close_rsp *rsp; struct smb2_close_rsp *rsp_org; @@ -5297,9 +5216,9 @@ int smb2_close(struct ksmbd_work *work) sess_id = work->compound_sid;

work->compound_sid = 0; - if (check_session_id(conn, sess_id)) + if (check_session_id(conn, sess_id)) { work->compound_sid = sess_id; - else { + } else { rsp->hdr.Status = STATUS_USER_SESSION_DELETED; if (req->hdr.Flags & SMB2_FLAGS_RELATED_OPERATIONS) rsp->hdr.Status = STATUS_INVALID_PARAMETER; @@ -5308,7 +5227,7 @@ int smb2_close(struct ksmbd_work *work) }

if (work->next_smb2_rcv_hdr_off && - !HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) { + !HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) { if (!HAS_FILE_ID(work->compound_fid)) { /* file already closed, return FILE_CLOSED */ ksmbd_debug(SMB, "file already closed\n"); @@ -5395,8 +5314,8 @@ int smb2_echo(struct ksmbd_work *work) }

static int smb2_rename(struct ksmbd_work *work, struct ksmbd_file *fp, - struct smb2_file_rename_info *file_info, - struct nls_table *local_nls) + struct smb2_file_rename_info *file_info, + struct nls_table *local_nls) { struct ksmbd_share_config *share = fp->tcon->share_conf; char *new_name = NULL, *abs_oldname = NULL, *old_name = NULL; @@ -5416,9 +5335,9 @@ static int smb2_rename(struct ksmbd_work *work, struct ksmbd_file *fp, goto out; } old_name = strrchr(abs_oldname, '/'); - if (old_name && old_name[1] != '\0') + if (old_name && old_name[1] != '\0') { old_name++; - else { + } else { ksmbd_debug(SMB, "can't get last component in path %s\n", abs_oldname); rc = -ENOENT; @@ -5497,8 +5416,7 @@ static int smb2_rename(struct ksmbd_work *work, struct ksmbd_file *fp, } } else { if (file_present && - strncmp(old_name, path.dentry->d_name.name, - strlen(old_name))) { + strncmp(old_name, path.dentry->d_name.name, strlen(old_name))) { rc = -EEXIST; ksmbd_debug(SMB, "cannot rename already existing file\n"); @@ -5515,10 +5433,9 @@ static int smb2_rename(struct ksmbd_work *work, struct ksmbd_file *fp, }

static int smb2_create_link(struct ksmbd_work *work, - struct ksmbd_share_config *share, - struct smb2_file_link_info *file_info, - struct file *filp, - struct nls_table *local_nls) + struct ksmbd_share_config *share, + struct smb2_file_link_info *file_info, struct file *filp, + struct nls_table *local_nls) { char *link_name = NULL, *target_name = NULL, *pathname = NULL; struct path path; @@ -5586,9 +5503,8 @@ static bool is_attributes_write_allowed(struct ksmbd_file *fp) return fp->daccess & FILE_WRITE_ATTRIBUTES_LE; }

-static int set_file_basic_info(struct ksmbd_file *fp, - char *buf, - struct ksmbd_share_config *share) +static int set_file_basic_info(struct ksmbd_file *fp, char *buf, + struct ksmbd_share_config *share) { struct smb2_file_all_info *file_info; struct iattr attrs; @@ -5617,8 +5533,9 @@ static int set_file_basic_info(struct ksmbd_file *fp, temp_attrs.ia_ctime = ksmbd_NTtimeToUnix(file_info->ChangeTime); attrs.ia_ctime = temp_attrs.ia_ctime; attrs.ia_valid |= ATTR_CTIME; - } else + } else { temp_attrs.ia_ctime = inode->i_ctime; + }

if (file_info->LastWriteTime) { attrs.ia_mtime = ksmbd_NTtimeToUnix(file_info->LastWriteTime); @@ -5627,7 +5544,7 @@ static int set_file_basic_info(struct ksmbd_file *fp,

if (file_info->Attributes) { if (!S_ISDIR(inode->i_mode) && - file_info->Attributes & ATTR_DIRECTORY_LE) { + file_info->Attributes & ATTR_DIRECTORY_LE) { ksmbd_err("can't change a file to a directory\n"); return -EINVAL; } @@ -5683,8 +5600,7 @@ static int set_file_basic_info(struct ksmbd_file *fp, }

static int set_file_allocation_info(struct ksmbd_work *work, - struct ksmbd_file *fp, - char *buf) + struct ksmbd_file *fp, char *buf) { /* * TODO : It's working fine only when store dos attributes @@ -5733,9 +5649,8 @@ static int set_file_allocation_info(struct ksmbd_work *work, return 0; }

-static int set_end_of_file_info(struct ksmbd_work *work, - struct ksmbd_file *fp, - char *buf) +static int set_end_of_file_info(struct ksmbd_work *work, struct ksmbd_file *fp, + char *buf) { struct smb2_file_eof_info *file_eof_info; loff_t newsize; @@ -5761,8 +5676,7 @@ static int set_end_of_file_info(struct ksmbd_work *work, fp->filename, newsize); rc = ksmbd_vfs_truncate(work, NULL, fp, newsize); if (rc) { - ksmbd_debug(SMB, - "truncate failed! filename : %s err %d\n", + ksmbd_debug(SMB, "truncate failed! filename : %s err %d\n", fp->filename, rc); if (rc != -EAGAIN) rc = -EBADF; @@ -5772,9 +5686,8 @@ static int set_end_of_file_info(struct ksmbd_work *work, return 0; }

-static int set_rename_info(struct ksmbd_work *work, - struct ksmbd_file *fp, - char *buf) +static int set_rename_info(struct ksmbd_work *work, struct ksmbd_file *fp, + char *buf) { struct ksmbd_file *parent_fp;

@@ -5799,8 +5712,7 @@ static int set_rename_info(struct ksmbd_work *work, work->sess->conn->local_nls); }

-static int set_file_disposition_info(struct ksmbd_file *fp, - char *buf) +static int set_file_disposition_info(struct ksmbd_file *fp, char *buf) { struct smb2_file_disposition_info *file_info; struct inode *inode; @@ -5814,7 +5726,7 @@ static int set_file_disposition_info(struct ksmbd_file *fp, file_info = (struct smb2_file_disposition_info *)buf; if (file_info->DeletePending) { if (S_ISDIR(inode->i_mode) && - ksmbd_vfs_empty_dir(fp) == -ENOTEMPTY) + ksmbd_vfs_empty_dir(fp) == -ENOTEMPTY) return -EBUSY; ksmbd_set_inode_pending_delete(fp); } else { @@ -5823,8 +5735,7 @@ static int set_file_disposition_info(struct ksmbd_file *fp, return 0; }

-static int set_file_position_info(struct ksmbd_file *fp, - char *buf) +static int set_file_position_info(struct ksmbd_file *fp, char *buf) { struct smb2_file_pos_info *file_info; loff_t current_byte_offset; @@ -5837,8 +5748,8 @@ static int set_file_position_info(struct ksmbd_file *fp, sector_size = ksmbd_vfs_logical_sector_size(inode);

if (current_byte_offset < 0 || - (fp->coption == FILE_NO_INTERMEDIATE_BUFFERING_LE && - current_byte_offset & (sector_size-1))) { + (fp->coption == FILE_NO_INTERMEDIATE_BUFFERING_LE && + current_byte_offset & (sector_size - 1))) { ksmbd_err("CurrentByteOffset is not valid : %llu\n", current_byte_offset); return -EINVAL; @@ -5848,8 +5759,7 @@ static int set_file_position_info(struct ksmbd_file *fp, return 0; }

-static int set_file_mode_info(struct ksmbd_file *fp, - char *buf) +static int set_file_mode_info(struct ksmbd_file *fp, char *buf) { struct smb2_file_mode_info *file_info; __le32 mode; @@ -5857,9 +5767,9 @@ static int set_file_mode_info(struct ksmbd_file *fp, file_info = (struct smb2_file_mode_info *)buf; mode = file_info->Mode;

- if ((mode & (~FILE_MODE_INFO_MASK)) || - (mode & FILE_SYNCHRONOUS_IO_ALERT_LE && - mode & FILE_SYNCHRONOUS_IO_NONALERT_LE)) { + if ((mode & ~FILE_MODE_INFO_MASK) || + (mode & FILE_SYNCHRONOUS_IO_ALERT_LE && + mode & FILE_SYNCHRONOUS_IO_NONALERT_LE)) { ksmbd_err("Mode is not valid : 0x%x\n", le32_to_cpu(mode)); return -EINVAL; } @@ -5883,11 +5793,8 @@ static int set_file_mode_info(struct ksmbd_file *fp, * Return: 0 on success, otherwise error * TODO: need to implement an error handling for STATUS_INFO_LENGTH_MISMATCH */ -static int smb2_set_info_file(struct ksmbd_work *work, - struct ksmbd_file *fp, - int info_class, - char *buf, - struct ksmbd_share_config *share) +static int smb2_set_info_file(struct ksmbd_work *work, struct ksmbd_file *fp, + int info_class, char *buf, struct ksmbd_share_config *share) { switch (info_class) { case FILE_BASIC_INFORMATION: @@ -5900,8 +5807,7 @@ static int smb2_set_info_file(struct ksmbd_work *work, return set_end_of_file_info(work, fp, buf);

case FILE_RENAME_INFORMATION: - if (!test_tree_conn_flag(work->tcon, - KSMBD_TREE_CONN_FLAG_WRITABLE)) { + if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { ksmbd_debug(SMB, "User does not have write permission\n"); return -EACCES; @@ -5914,8 +5820,7 @@ static int smb2_set_info_file(struct ksmbd_work *work, work->sess->conn->local_nls);

case FILE_DISPOSITION_INFORMATION: - if (!test_tree_conn_flag(work->tcon, - KSMBD_TREE_CONN_FLAG_WRITABLE)) { + if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { ksmbd_debug(SMB, "User does not have write permission\n"); return -EACCES; @@ -5945,10 +5850,8 @@ static int smb2_set_info_file(struct ksmbd_work *work, return -EOPNOTSUPP; }

-static int smb2_set_info_sec(struct ksmbd_file *fp, - int addition_info, - char *buffer, - int buf_len) +static int smb2_set_info_sec(struct ksmbd_file *fp, int addition_info, + char *buffer, int buf_len) { struct smb_ntsd *pntsd = (struct smb_ntsd *)buffer;

@@ -6060,7 +5963,7 @@ int smb2_set_info(struct ksmbd_work *work) static noinline int smb2_read_pipe(struct ksmbd_work *work) { int nbytes = 0, err; - uint64_t id; + u64 id; struct ksmbd_rpc_command *rpc_resp; struct smb2_read_req *req = work->request_buf; struct smb2_read_rsp *rsp = work->response_buf; @@ -6108,30 +6011,27 @@ static noinline int smb2_read_pipe(struct ksmbd_work *work) }

static ssize_t smb2_read_rdma_channel(struct ksmbd_work *work, - struct smb2_read_req *req, - void *data_buf, size_t length) + struct smb2_read_req *req, void *data_buf, size_t length) { struct smb2_buffer_desc_v1 *desc = (struct smb2_buffer_desc_v1 *)&req->Buffer[0]; int err;

- if (work->conn->dialect == SMB30_PROT_ID - && req->Channel != SMB2_CHANNEL_RDMA_V1) + if (work->conn->dialect == SMB30_PROT_ID && + req->Channel != SMB2_CHANNEL_RDMA_V1) return -EINVAL;

- if (req->ReadChannelInfoOffset == 0 - || le16_to_cpu(req->ReadChannelInfoLength) < sizeof(*desc)) + if (req->ReadChannelInfoOffset == 0 || + le16_to_cpu(req->ReadChannelInfoLength) < sizeof(*desc)) return -EINVAL;

work->need_invalidate_rkey = (req->Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE); work->remote_key = le32_to_cpu(desc->token);

- err = ksmbd_conn_rdma_write(work->conn, - data_buf, length, - le32_to_cpu(desc->token), - le64_to_cpu(desc->offset), - le32_to_cpu(desc->length)); + err = ksmbd_conn_rdma_write(work->conn, data_buf, length, + le32_to_cpu(desc->token), le64_to_cpu(desc->offset), + le32_to_cpu(desc->length)); if (err) return err;

@@ -6226,7 +6126,7 @@ int smb2_read(struct ksmbd_work *work) nbytes, offset, mincount);

if (req->Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE || - req->Channel == SMB2_CHANNEL_RDMA_V1) { + req->Channel == SMB2_CHANNEL_RDMA_V1) { /* write data to the client using rdma channel */ remain_bytes = smb2_read_rdma_channel(work, req, work->aux_payload_buf, nbytes); @@ -6290,7 +6190,7 @@ static noinline int smb2_write_pipe(struct ksmbd_work *work) struct smb2_write_req *req = work->request_buf; struct smb2_write_rsp *rsp = work->response_buf; struct ksmbd_rpc_command *rpc_resp; - uint64_t id = 0; + u64 id = 0; int err = 0, ret = 0; char *data_buf; size_t length; @@ -6299,15 +6199,13 @@ static noinline int smb2_write_pipe(struct ksmbd_work *work) id = le64_to_cpu(req->VolatileFileId);

if (le16_to_cpu(req->DataOffset) == - (offsetof(struct smb2_write_req, Buffer) - 4)) { + (offsetof(struct smb2_write_req, Buffer) - 4)) { data_buf = (char *)&req->Buffer[0]; } else { if ((le16_to_cpu(req->DataOffset) > get_rfc1002_len(req)) || - (le16_to_cpu(req->DataOffset) + - length > get_rfc1002_len(req))) { + (le16_to_cpu(req->DataOffset) + length > get_rfc1002_len(req))) { ksmbd_err("invalid write data offset %u, smb_len %u\n", - le16_to_cpu(req->DataOffset), - get_rfc1002_len(req)); + le16_to_cpu(req->DataOffset), get_rfc1002_len(req)); err = -EINVAL; goto out; } @@ -6351,8 +6249,8 @@ static noinline int smb2_write_pipe(struct ksmbd_work *work) }

static ssize_t smb2_write_rdma_channel(struct ksmbd_work *work, - struct smb2_write_req *req, struct ksmbd_file *fp, - loff_t offset, size_t length, bool sync) + struct smb2_write_req *req, struct ksmbd_file *fp, + loff_t offset, size_t length, bool sync) { struct smb2_buffer_desc_v1 *desc; char *data_buf; @@ -6362,14 +6260,14 @@ static ssize_t smb2_write_rdma_channel(struct ksmbd_work *work, desc = (struct smb2_buffer_desc_v1 *)&req->Buffer[0];

if (work->conn->dialect == SMB30_PROT_ID && - req->Channel != SMB2_CHANNEL_RDMA_V1) + req->Channel != SMB2_CHANNEL_RDMA_V1) return -EINVAL;

if (req->Length != 0 || req->DataOffset != 0) return -EINVAL;

- if (req->WriteChannelInfoOffset == 0 - || le16_to_cpu(req->WriteChannelInfoLength) < sizeof(*desc)) + if (req->WriteChannelInfoOffset == 0 || + le16_to_cpu(req->WriteChannelInfoLength) < sizeof(*desc)) return -EINVAL;

work->need_invalidate_rkey = @@ -6384,15 +6282,12 @@ static ssize_t smb2_write_rdma_channel(struct ksmbd_work *work, le32_to_cpu(desc->token), le64_to_cpu(desc->offset), le32_to_cpu(desc->length)); - if (ret < 0) { ksmbd_free_response(data_buf); return ret; }

- ret = ksmbd_vfs_write(work, fp, data_buf, length, &offset, - sync, &nbytes); - + ret = ksmbd_vfs_write(work, fp, data_buf, length, &offset, sync, &nbytes); ksmbd_free_response(data_buf); if (ret < 0) return ret; @@ -6421,8 +6316,7 @@ int smb2_write(struct ksmbd_work *work) rsp_org = work->response_buf; WORK_BUFFERS(work, req, rsp);

- if (test_share_config_flag(work->tcon->share_conf, - KSMBD_SHARE_FLAG_PIPE)) { + if (test_share_config_flag(work->tcon->share_conf, KSMBD_SHARE_FLAG_PIPE)) { ksmbd_debug(SMB, "IPC pipe write request\n"); return smb2_write_pipe(work); } @@ -6433,9 +6327,8 @@ int smb2_write(struct ksmbd_work *work) goto out; }

- fp = ksmbd_lookup_fd_slow(work, - le64_to_cpu(req->VolatileFileId), - le64_to_cpu(req->PersistentFileId)); + fp = ksmbd_lookup_fd_slow(work, le64_to_cpu(req->VolatileFileId), + le64_to_cpu(req->PersistentFileId)); if (!fp) { rsp->hdr.Status = STATUS_FILE_CLOSED; return -ENOENT; @@ -6461,16 +6354,13 @@ int smb2_write(struct ksmbd_work *work) writethrough = true;

if (req->Channel != SMB2_CHANNEL_RDMA_V1 && - req->Channel != SMB2_CHANNEL_RDMA_V1_INVALIDATE) { - + req->Channel != SMB2_CHANNEL_RDMA_V1_INVALIDATE) { if (le16_to_cpu(req->DataOffset) == (offsetof(struct smb2_write_req, Buffer) - 4)) { data_buf = (char *)&req->Buffer[0]; } else { - if ((le16_to_cpu(req->DataOffset) > - get_rfc1002_len(req)) || - (le16_to_cpu(req->DataOffset) + - length > get_rfc1002_len(req))) { + if ((le16_to_cpu(req->DataOffset) > get_rfc1002_len(req)) || + (le16_to_cpu(req->DataOffset) + length > get_rfc1002_len(req))) { ksmbd_err("invalid write data offset %u, smb_len %u\n", le16_to_cpu(req->DataOffset), get_rfc1002_len(req)); @@ -6603,7 +6493,7 @@ int smb2_cancel(struct ksmbd_work *work) chdr = cancel_work->request_buf;

if (cancel_work->async_id != - le64_to_cpu(hdr->Id.AsyncId)) + le64_to_cpu(hdr->Id.AsyncId)) continue;

ksmbd_debug(SMB, @@ -6624,7 +6514,7 @@ int smb2_cancel(struct ksmbd_work *work) chdr = cancel_work->request_buf;

if (chdr->MessageId != hdr->MessageId || - cancel_work == work) + cancel_work == work) continue;

ksmbd_debug(SMB, @@ -6687,13 +6577,13 @@ static int smb2_set_flock_flags(struct file_lock *flock, int flags) flock->fl_type = F_WRLCK; flock->fl_flags |= FL_SLEEP; break; - case SMB2_LOCKFLAG_SHARED|SMB2_LOCKFLAG_FAIL_IMMEDIATELY: + case SMB2_LOCKFLAG_SHARED | SMB2_LOCKFLAG_FAIL_IMMEDIATELY: ksmbd_debug(SMB, "received shared & fail immediately request\n"); cmd = F_SETLK; flock->fl_type = F_RDLCK; break; - case SMB2_LOCKFLAG_EXCLUSIVE|SMB2_LOCKFLAG_FAIL_IMMEDIATELY: + case SMB2_LOCKFLAG_EXCLUSIVE | SMB2_LOCKFLAG_FAIL_IMMEDIATELY: ksmbd_debug(SMB, "received exclusive & fail immediately request\n"); cmd = F_SETLK; @@ -6710,7 +6600,7 @@ static int smb2_set_flock_flags(struct file_lock *flock, int flags) }

static struct ksmbd_lock *smb2_lock_init(struct file_lock *flock, - unsigned int cmd, int flags, struct list_head *lock_list) + unsigned int cmd, int flags, struct list_head *lock_list) { struct ksmbd_lock *lock;

@@ -6764,7 +6654,7 @@ int smb2_lock(struct ksmbd_work *work) int flags = 0; int cmd = 0; int err = 0, i; - uint64_t lock_length; + u64 lock_length; struct ksmbd_lock *smb_lock = NULL, *cmp_lock, *tmp; int nolock = 0; LIST_HEAD(lock_list); @@ -6773,8 +6663,8 @@ int smb2_lock(struct ksmbd_work *work)

ksmbd_debug(SMB, "Received lock request\n"); fp = ksmbd_lookup_fd_slow(work, - le64_to_cpu(req->VolatileFileId), - le64_to_cpu(req->PersistentFileId)); + le64_to_cpu(req->VolatileFileId), + le64_to_cpu(req->PersistentFileId)); if (!fp) { ksmbd_debug(SMB, "Invalid file id for lock : %llu\n", le64_to_cpu(req->VolatileFileId)); @@ -6812,16 +6702,16 @@ int smb2_lock(struct ksmbd_work *work)

lock_length = le64_to_cpu(lock_ele[i].Length); if (lock_length > 0) { - if (lock_length > - OFFSET_MAX - flock->fl_start) { + if (lock_length > OFFSET_MAX - flock->fl_start) { ksmbd_debug(SMB, "Invalid lock range requested\n"); lock_length = OFFSET_MAX - flock->fl_start; rsp->hdr.Status = STATUS_INVALID_LOCK_RANGE; goto out; } - } else + } else { lock_length = 0; + }

flock->fl_end = flock->fl_start + lock_length;

@@ -6836,9 +6726,9 @@ int smb2_lock(struct ksmbd_work *work) /* Check conflict locks in one request */ list_for_each_entry(cmp_lock, &lock_list, llist) { if (cmp_lock->fl->fl_start <= flock->fl_start && - cmp_lock->fl->fl_end >= flock->fl_end) { + cmp_lock->fl->fl_end >= flock->fl_end) { if (cmp_lock->fl->fl_type != F_UNLCK && - flock->fl_type != F_UNLCK) { + flock->fl_type != F_UNLCK) { ksmbd_err("conflict two locks in one request\n"); rsp->hdr.Status = STATUS_INVALID_PARAMETER; @@ -6865,11 +6755,10 @@ int smb2_lock(struct ksmbd_work *work) goto out; }

- if ((prior_lock & (SMB2_LOCKFLAG_EXCLUSIVE | - SMB2_LOCKFLAG_SHARED) && - smb_lock->flags & SMB2_LOCKFLAG_UNLOCK) || - (prior_lock == SMB2_LOCKFLAG_UNLOCK && - !(smb_lock->flags & SMB2_LOCKFLAG_UNLOCK))) { + if ((prior_lock & (SMB2_LOCKFLAG_EXCLUSIVE | SMB2_LOCKFLAG_SHARED) && + smb_lock->flags & SMB2_LOCKFLAG_UNLOCK) || + (prior_lock == SMB2_LOCKFLAG_UNLOCK && + !(smb_lock->flags & SMB2_LOCKFLAG_UNLOCK))) { rsp->hdr.Status = STATUS_INVALID_PARAMETER; goto out; } @@ -6877,22 +6766,21 @@ int smb2_lock(struct ksmbd_work *work) prior_lock = smb_lock->flags;

if (!(smb_lock->flags & SMB2_LOCKFLAG_UNLOCK) && - !(smb_lock->flags & SMB2_LOCKFLAG_FAIL_IMMEDIATELY)) + !(smb_lock->flags & SMB2_LOCKFLAG_FAIL_IMMEDIATELY)) goto no_check_gl;

nolock = 1; /* check locks in global list */ list_for_each_entry(cmp_lock, &global_lock_list, glist) { if (file_inode(cmp_lock->fl->fl_file) != - file_inode(smb_lock->fl->fl_file)) + file_inode(smb_lock->fl->fl_file)) continue;

if (smb_lock->fl->fl_type == F_UNLCK) { - if (cmp_lock->fl->fl_file == - smb_lock->fl->fl_file && - cmp_lock->start == smb_lock->start && - cmp_lock->end == smb_lock->end && - !lock_defer_pending(cmp_lock->fl)) { + if (cmp_lock->fl->fl_file == smb_lock->fl->fl_file && + cmp_lock->start == smb_lock->start && + cmp_lock->end == smb_lock->end && + !lock_defer_pending(cmp_lock->fl)) { nolock = 0; locks_free_lock(cmp_lock->fl); list_del(&cmp_lock->glist); @@ -6912,26 +6800,25 @@ int smb2_lock(struct ksmbd_work *work)

/* check zero byte lock range */ if (cmp_lock->zero_len && !smb_lock->zero_len && - cmp_lock->start > smb_lock->start && - cmp_lock->start < smb_lock->end) { + cmp_lock->start > smb_lock->start && + cmp_lock->start < smb_lock->end) { ksmbd_err("previous lock conflict with zero byte lock range\n"); rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED; goto out; }

if (smb_lock->zero_len && !cmp_lock->zero_len && - smb_lock->start > cmp_lock->start && - smb_lock->start < cmp_lock->end) { + smb_lock->start > cmp_lock->start && + smb_lock->start < cmp_lock->end) { ksmbd_err("current lock conflict with zero byte lock range\n"); rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED; goto out; }

if (((cmp_lock->start <= smb_lock->start && - cmp_lock->end > smb_lock->start) || - (cmp_lock->start < smb_lock->end && - cmp_lock->end >= smb_lock->end)) && - !cmp_lock->zero_len && !smb_lock->zero_len) { + cmp_lock->end > smb_lock->start) || + (cmp_lock->start < smb_lock->end && cmp_lock->end >= smb_lock->end)) && + !cmp_lock->zero_len && !smb_lock->zero_len) { ksmbd_err("Not allow lock operation on exclusive lock range\n"); rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED; @@ -6957,9 +6844,9 @@ int smb2_lock(struct ksmbd_work *work) err = ksmbd_vfs_lock(filp, smb_lock->cmd, flock); skip: if (flags & SMB2_LOCKFLAG_UNLOCK) { - if (!err) + if (!err) { ksmbd_debug(SMB, "File unlocked\n"); - else if (err == -ENOENT) { + } else if (err == -ENOENT) { rsp->hdr.Status = STATUS_NOT_LOCKED; goto out; } @@ -7082,9 +6969,8 @@ int smb2_lock(struct ksmbd_work *work) return 0; }

-static int fsctl_copychunk(struct ksmbd_work *work, - struct smb2_ioctl_req *req, - struct smb2_ioctl_rsp *rsp) +static int fsctl_copychunk(struct ksmbd_work *work, struct smb2_ioctl_req *req, + struct smb2_ioctl_rsp *rsp) { struct copychunk_ioctl_req *ci_req; struct copychunk_ioctl_rsp *ci_rsp; @@ -7101,12 +6987,12 @@ static int fsctl_copychunk(struct ksmbd_work *work,

rsp->VolatileFileId = req->VolatileFileId; rsp->PersistentFileId = req->PersistentFileId; - ci_rsp->ChunksWritten = cpu_to_le32( - ksmbd_server_side_copy_max_chunk_count()); - ci_rsp->ChunkBytesWritten = cpu_to_le32( - ksmbd_server_side_copy_max_chunk_size()); - ci_rsp->TotalBytesWritten = cpu_to_le32( - ksmbd_server_side_copy_max_total_size()); + ci_rsp->ChunksWritten = + cpu_to_le32(ksmbd_server_side_copy_max_chunk_count()); + ci_rsp->ChunkBytesWritten = + cpu_to_le32(ksmbd_server_side_copy_max_chunk_size()); + ci_rsp->TotalBytesWritten = + cpu_to_le32(ksmbd_server_side_copy_max_total_size());

chunks = (struct srv_copychunk *)&ci_req->Chunks[0]; chunk_count = le32_to_cpu(ci_req->ChunkCount); @@ -7114,22 +7000,22 @@ static int fsctl_copychunk(struct ksmbd_work *work,

/* verify the SRV_COPYCHUNK_COPY packet */ if (chunk_count > ksmbd_server_side_copy_max_chunk_count() || - le32_to_cpu(req->InputCount) < - offsetof(struct copychunk_ioctl_req, Chunks) + - chunk_count * sizeof(struct srv_copychunk)) { + le32_to_cpu(req->InputCount) < + offsetof(struct copychunk_ioctl_req, Chunks) + + chunk_count * sizeof(struct srv_copychunk)) { rsp->hdr.Status = STATUS_INVALID_PARAMETER; return -EINVAL; }

for (i = 0; i < chunk_count; i++) { if (le32_to_cpu(chunks[i].Length) == 0 || - le32_to_cpu(chunks[i].Length) > - ksmbd_server_side_copy_max_chunk_size()) + le32_to_cpu(chunks[i].Length) > ksmbd_server_side_copy_max_chunk_size()) break; total_size_written += le32_to_cpu(chunks[i].Length); } - if (i < chunk_count || total_size_written > - ksmbd_server_side_copy_max_total_size()) { + + if (i < chunk_count || + total_size_written > ksmbd_server_side_copy_max_total_size()) { rsp->hdr.Status = STATUS_INVALID_PARAMETER; return -EINVAL; } @@ -7139,13 +7025,13 @@ static int fsctl_copychunk(struct ksmbd_work *work, dst_fp = ksmbd_lookup_fd_slow(work, le64_to_cpu(req->VolatileFileId), le64_to_cpu(req->PersistentFileId)); - ret = -EINVAL; - if (!src_fp || src_fp->persistent_id != - le64_to_cpu(ci_req->ResumeKey[1])) { + if (!src_fp || + src_fp->persistent_id != le64_to_cpu(ci_req->ResumeKey[1])) { rsp->hdr.Status = STATUS_OBJECT_NAME_NOT_FOUND; goto out; } + if (!dst_fp) { rsp->hdr.Status = STATUS_FILE_CLOSED; goto out; @@ -7212,8 +7098,7 @@ static __be32 idev_ipv4_address(struct in_device *idev) }

static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn, - struct smb2_ioctl_req *req, - struct smb2_ioctl_rsp *rsp) + struct smb2_ioctl_req *req, struct smb2_ioctl_rsp *rsp) { struct network_interface_info_ioctl_rsp *nii_rsp = NULL; int nbytes = 0; @@ -7255,10 +7140,8 @@ static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn, netdev->ethtool_ops->get_link_ksettings(netdev, &cmd); speed = cmd.base.speed; } else { - ksmbd_err("%s %s %s\n", - netdev->name, - "speed is unknown,", - "defaulting to 1Gb/sec"); + ksmbd_err("%s %s\n", netdev->name, + "speed is unknown, defaulting to 1Gb/sec"); speed = SPEED_1000; }

@@ -7321,10 +7204,9 @@ static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn, return nbytes; }

- static int fsctl_validate_negotiate_info(struct ksmbd_conn *conn, - struct validate_negotiate_info_req *neg_req, - struct validate_negotiate_info_rsp *neg_rsp) + struct validate_negotiate_info_req *neg_req, + struct validate_negotiate_info_rsp *neg_rsp) { int ret = 0; int dialect; @@ -7359,10 +7241,10 @@ static int fsctl_validate_negotiate_info(struct ksmbd_conn *conn, return ret; }

-static int fsctl_query_allocated_ranges(struct ksmbd_work *work, uint64_t id, - struct file_allocated_range_buffer *qar_req, - struct file_allocated_range_buffer *qar_rsp, - int in_count, int *out_count) +static int fsctl_query_allocated_ranges(struct ksmbd_work *work, u64 id, + struct file_allocated_range_buffer *qar_req, + struct file_allocated_range_buffer *qar_rsp, + int in_count, int *out_count) { struct ksmbd_file *fp; loff_t start, length; @@ -7388,15 +7270,15 @@ static int fsctl_query_allocated_ranges(struct ksmbd_work *work, uint64_t id, return ret; }

-static int fsctl_pipe_transceive(struct ksmbd_work *work, uint64_t id, - int out_buf_len, struct smb2_ioctl_req *req, struct smb2_ioctl_rsp *rsp) +static int fsctl_pipe_transceive(struct ksmbd_work *work, u64 id, + int out_buf_len, struct smb2_ioctl_req *req, + struct smb2_ioctl_rsp *rsp) { struct ksmbd_rpc_command *rpc_resp; char *data_buf = (char *)&req->Buffer[0]; int nbytes = 0;

- rpc_resp = ksmbd_rpc_ioctl(work->sess, id, - data_buf, + rpc_resp = ksmbd_rpc_ioctl(work->sess, id, data_buf, le32_to_cpu(req->InputCount)); if (rpc_resp) { if (rpc_resp->flags == KSMBD_RPC_SOME_NOT_MAPPED) { @@ -7432,8 +7314,8 @@ static int fsctl_pipe_transceive(struct ksmbd_work *work, uint64_t id, return nbytes; }

-static inline int fsctl_set_sparse(struct ksmbd_work *work, uint64_t id, - struct file_sparse *sparse) +static inline int fsctl_set_sparse(struct ksmbd_work *work, u64 id, + struct file_sparse *sparse) { struct ksmbd_file *fp; int ret = 0; @@ -7450,8 +7332,8 @@ static inline int fsctl_set_sparse(struct ksmbd_work *work, uint64_t id, fp->f_ci->m_fattr &= ~ATTR_SPARSE_FILE_LE;

if (fp->f_ci->m_fattr != old_fattr && - test_share_config_flag(work->tcon->share_conf, - KSMBD_SHARE_FLAG_STORE_DOS_ATTRS)) { + test_share_config_flag(work->tcon->share_conf, + KSMBD_SHARE_FLAG_STORE_DOS_ATTRS)) { struct xattr_dos_attrib da;

ret = ksmbd_vfs_get_dos_attrib_xattr(fp->filp->f_path.dentry, &da); @@ -7470,7 +7352,8 @@ static inline int fsctl_set_sparse(struct ksmbd_work *work, uint64_t id, }

static int fsctl_request_resume_key(struct ksmbd_work *work, - struct smb2_ioctl_req *req, struct resume_key_ioctl_rsp *key_rsp) + struct smb2_ioctl_req *req, + struct resume_key_ioctl_rsp *key_rsp) { struct ksmbd_file *fp;

@@ -7500,7 +7383,7 @@ int smb2_ioctl(struct ksmbd_work *work) struct smb2_ioctl_rsp *rsp, *rsp_org; int cnt_code, nbytes = 0; int out_buf_len; - uint64_t id = KSMBD_NO_FID; + u64 id = KSMBD_NO_FID; struct ksmbd_conn *conn = work->conn; int ret = 0;

@@ -7595,8 +7478,7 @@ int smb2_ioctl(struct ksmbd_work *work) break; case FSCTL_COPYCHUNK: case FSCTL_COPYCHUNK_WRITE: - if (!test_tree_conn_flag(work->tcon, - KSMBD_TREE_CONN_FLAG_WRITABLE)) { + if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { ksmbd_debug(SMB, "User does not have write permission\n"); ret = -EACCES; @@ -7623,8 +7505,7 @@ int smb2_ioctl(struct ksmbd_work *work) struct ksmbd_file *fp; loff_t off, len;

- if (!test_tree_conn_flag(work->tcon, - KSMBD_TREE_CONN_FLAG_WRITABLE)) { + if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { ksmbd_debug(SMB, "User does not have write permission\n"); ret = -EACCES; @@ -7731,7 +7612,7 @@ static void smb20_oplock_break_ack(struct ksmbd_work *work) struct oplock_info *opinfo = NULL; __le32 err = 0; int ret = 0; - uint64_t volatile_id, persistent_id; + u64 volatile_id, persistent_id; char req_oplevel = 0, rsp_oplevel = 0; unsigned int oplock_change_type;

@@ -7768,34 +7649,36 @@ static void smb20_oplock_break_ack(struct ksmbd_work *work) goto err_out; }

- if (((opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE) || - (opinfo->level == SMB2_OPLOCK_LEVEL_BATCH)) && - ((req_oplevel != SMB2_OPLOCK_LEVEL_II) && - (req_oplevel != SMB2_OPLOCK_LEVEL_NONE))) { + if ((opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE || + opinfo->level == SMB2_OPLOCK_LEVEL_BATCH) && + (req_oplevel != SMB2_OPLOCK_LEVEL_II && + req_oplevel != SMB2_OPLOCK_LEVEL_NONE)) { err = STATUS_INVALID_OPLOCK_PROTOCOL; oplock_change_type = OPLOCK_WRITE_TO_NONE; - } else if ((opinfo->level == SMB2_OPLOCK_LEVEL_II) && - (req_oplevel != SMB2_OPLOCK_LEVEL_NONE)) { + } else if (opinfo->level == SMB2_OPLOCK_LEVEL_II && + req_oplevel != SMB2_OPLOCK_LEVEL_NONE) { err = STATUS_INVALID_OPLOCK_PROTOCOL; oplock_change_type = OPLOCK_READ_TO_NONE; - } else if ((req_oplevel == SMB2_OPLOCK_LEVEL_II) || - (req_oplevel == SMB2_OPLOCK_LEVEL_NONE)) { + } else if (req_oplevel == SMB2_OPLOCK_LEVEL_II || + req_oplevel == SMB2_OPLOCK_LEVEL_NONE) { err = STATUS_INVALID_DEVICE_STATE; - if (((opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE) || - (opinfo->level == SMB2_OPLOCK_LEVEL_BATCH)) && - (req_oplevel == SMB2_OPLOCK_LEVEL_II)) { + if ((opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE || + opinfo->level == SMB2_OPLOCK_LEVEL_BATCH) && + req_oplevel == SMB2_OPLOCK_LEVEL_II) { oplock_change_type = OPLOCK_WRITE_TO_READ; - } else if (((opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE) - || (opinfo->level == SMB2_OPLOCK_LEVEL_BATCH)) && - (req_oplevel == SMB2_OPLOCK_LEVEL_NONE)) { + } else if ((opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE || + opinfo->level == SMB2_OPLOCK_LEVEL_BATCH) && + req_oplevel == SMB2_OPLOCK_LEVEL_NONE) { oplock_change_type = OPLOCK_WRITE_TO_NONE; - } else if ((opinfo->level == SMB2_OPLOCK_LEVEL_II) && - (req_oplevel == SMB2_OPLOCK_LEVEL_NONE)) { + } else if (opinfo->level == SMB2_OPLOCK_LEVEL_II && + req_oplevel == SMB2_OPLOCK_LEVEL_NONE) { oplock_change_type = OPLOCK_READ_TO_NONE; - } else + } else { oplock_change_type = 0; - } else + } + } else { oplock_change_type = 0; + }

switch (oplock_change_type) { case OPLOCK_WRITE_TO_READ: @@ -7846,8 +7729,8 @@ static void smb20_oplock_break_ack(struct ksmbd_work *work) static int check_lease_state(struct lease *lease, __le32 req_state) { if ((lease->new_state == - (SMB2_LEASE_READ_CACHING_LE | SMB2_LEASE_HANDLE_CACHING_LE)) - && !(req_state & SMB2_LEASE_WRITE_CACHING_LE)) { + (SMB2_LEASE_READ_CACHING_LE | SMB2_LEASE_HANDLE_CACHING_LE)) && + !(req_state & SMB2_LEASE_WRITE_CACHING_LE)) { lease->new_state = req_state; return 0; } @@ -7909,7 +7792,7 @@ static void smb21_lease_break_ack(struct ksmbd_work *work)

/* check for bad lease state */ if (req->LeaseState & (~(SMB2_LEASE_READ_CACHING_LE | - SMB2_LEASE_HANDLE_CACHING_LE))) { + SMB2_LEASE_HANDLE_CACHING_LE))) { err = STATUS_INVALID_OPLOCK_PROTOCOL; if (lease->state & SMB2_LEASE_WRITE_CACHING_LE) lease_change_type = OPLOCK_WRITE_TO_NONE; @@ -7918,8 +7801,8 @@ static void smb21_lease_break_ack(struct ksmbd_work *work) ksmbd_debug(OPLOCK, "handle bad lease state 0x%x -> 0x%x\n", le32_to_cpu(lease->state), le32_to_cpu(req->LeaseState)); - } else if ((lease->state == SMB2_LEASE_READ_CACHING_LE) && - (req->LeaseState != SMB2_LEASE_NONE_LE)) { + } else if (lease->state == SMB2_LEASE_READ_CACHING_LE && + req->LeaseState != SMB2_LEASE_NONE_LE) { err = STATUS_INVALID_OPLOCK_PROTOCOL; lease_change_type = OPLOCK_READ_TO_NONE; ksmbd_debug(OPLOCK, "handle bad lease state 0x%x -> 0x%x\n", @@ -7938,8 +7821,9 @@ static void smb21_lease_break_ack(struct ksmbd_work *work) lease_change_type = OPLOCK_WRITE_TO_READ; else lease_change_type = OPLOCK_READ_HANDLE_TO_READ; - } else + } else { lease_change_type = 0; + } }

switch (lease_change_type) { @@ -8056,9 +7940,9 @@ bool smb2_is_sign_req(struct ksmbd_work *work, unsigned int command) struct smb2_hdr *rcv_hdr2 = work->request_buf;

if ((rcv_hdr2->Flags & SMB2_FLAGS_SIGNED) && - command != SMB2_NEGOTIATE_HE && - command != SMB2_SESSION_SETUP_HE && - command != SMB2_OPLOCK_BREAK_HE) + command != SMB2_NEGOTIATE_HE && + command != SMB2_SESSION_SETUP_HE && + command != SMB2_OPLOCK_BREAK_HE) return true;

return 0; @@ -8097,7 +7981,7 @@ int smb2_check_sign_req(struct ksmbd_work *work) iov[0].iov_len = len;

if (ksmbd_sign_smb2_pdu(work->conn, work->sess->sess_key, iov, 1, - signature)) + signature)) return 0;

if (memcmp(signature, signature_req, SMB2_SIGNATURE_SIZE)) { @@ -8155,7 +8039,7 @@ void smb2_set_sign_rsp(struct ksmbd_work *work) }

if (!ksmbd_sign_smb2_pdu(work->conn, work->sess->sess_key, iov, n_vec, - signature)) + signature)) memcpy(hdr->Signature, signature, SMB2_SIGNATURE_SIZE); }

@@ -8305,7 +8189,7 @@ void smb3_preauth_hash_rsp(struct ksmbd_work *work) conn->preauth_info->Preauth_HashValue);

if (le16_to_cpu(rsp->Command) == SMB2_SESSION_SETUP_HE && - sess && sess->state == SMB2_SESSION_IN_PROGRESS) { + sess && sess->state == SMB2_SESSION_IN_PROGRESS) { __u8 *hash_value;

hash_value = sess->Preauth_HashValue; @@ -8314,9 +8198,8 @@ void smb3_preauth_hash_rsp(struct ksmbd_work *work) } }

-static void fill_transform_hdr(struct smb2_transform_hdr *tr_hdr, - char *old_buf, - __le16 cipher_type) +static void fill_transform_hdr(struct smb2_transform_hdr *tr_hdr, char *old_buf, + __le16 cipher_type) { struct smb2_hdr *hdr = (struct smb2_hdr *)old_buf; unsigned int orig_len = get_rfc1002_len(old_buf); @@ -8403,7 +8286,7 @@ int smb3_decrypt_req(struct ksmbd_work *work) sess = ksmbd_session_lookup(conn, le64_to_cpu(tr_hdr->SessionId)); if (!sess) { ksmbd_err("invalid session id(%llx) in transform header\n", - le64_to_cpu(tr_hdr->SessionId)); + le64_to_cpu(tr_hdr->SessionId)); return -ECONNABORTED; }

@@ -8446,7 +8329,7 @@ bool smb3_11_final_sess_setup_resp(struct ksmbd_work *work) rsp = RESPONSE_BUF_NEXT(work);

if (le16_to_cpu(rsp->Command) == SMB2_SESSION_SETUP_HE && - rsp->Status == STATUS_SUCCESS) + rsp->Status == STATUS_SUCCESS) return true; return false; } diff --git a/fs/cifsd/smb2pdu.h b/fs/cifsd/smb2pdu.h index deb3d7444c2a..156ff6a2968b 100644 --- a/fs/cifsd/smb2pdu.h +++ b/fs/cifsd/smb2pdu.h @@ -346,8 +346,8 @@ struct smb2_negotiate_rsp { #define SMB2_SESSION_REQ_FLAG_ENCRYPT_DATA 0x04

#define SMB2_SESSION_EXPIRED (0) -#define SMB2_SESSION_IN_PROGRESS (1 << 0) -#define SMB2_SESSION_VALID (1 << 1) +#define SMB2_SESSION_IN_PROGRESS BIT(0) +#define SMB2_SESSION_VALID BIT(1)

/* Flags */ #define SMB2_SESSION_REQ_FLAG_BINDING 0x01 @@ -1161,7 +1161,6 @@ struct smb2_set_info_rsp { __le16 StructureSize; /* Must be 2 */ } __packed;

- /* FILE Info response size */ #define FILE_DIRECTORY_INFORMATION_SIZE 1 #define FILE_FULL_DIRECTORY_INFORMATION_SIZE 2 @@ -1199,7 +1198,6 @@ struct smb2_set_info_rsp { #define FILE_NETWORK_OPEN_INFORMATION_SIZE 56 #define FILE_ATTRIBUTE_TAG_INFORMATION_SIZE 8

- /* FS Info response size */ #define FS_DEVICE_INFORMATION_SIZE 8 #define FS_ATTRIBUTE_INFORMATION_SIZE 16 @@ -1579,71 +1577,70 @@ struct smb2_posix_info { } __packed;

/* functions */ - -extern int init_smb2_0_server(struct ksmbd_conn *conn); -extern void init_smb2_1_server(struct ksmbd_conn *conn); -extern void init_smb3_0_server(struct ksmbd_conn *conn); -extern void init_smb3_02_server(struct ksmbd_conn *conn); -extern int init_smb3_11_server(struct ksmbd_conn *conn); - -extern void init_smb2_max_read_size(unsigned int sz); -extern void init_smb2_max_write_size(unsigned int sz); -extern void init_smb2_max_trans_size(unsigned int sz); - -extern int is_smb2_neg_cmd(struct ksmbd_work *work); -extern int is_smb2_rsp(struct ksmbd_work *work); - -extern uint16_t get_smb2_cmd_val(struct ksmbd_work *work); -extern void set_smb2_rsp_status(struct ksmbd_work *work, __le32 err); -extern int init_smb2_rsp_hdr(struct ksmbd_work *work); -extern int smb2_allocate_rsp_buf(struct ksmbd_work *work); -extern bool is_chained_smb2_message(struct ksmbd_work *work); -extern int init_smb2_neg_rsp(struct ksmbd_work *work); -extern void smb2_set_err_rsp(struct ksmbd_work *work); -extern int smb2_check_user_session(struct ksmbd_work *work); -extern int smb2_get_ksmbd_tcon(struct ksmbd_work *work); -extern bool smb2_is_sign_req(struct ksmbd_work *work, unsigned int command); -extern int smb2_check_sign_req(struct ksmbd_work *work); -extern void smb2_set_sign_rsp(struct ksmbd_work *work); -extern int smb3_check_sign_req(struct ksmbd_work *work); -extern void smb3_set_sign_rsp(struct ksmbd_work *work); -extern int find_matching_smb2_dialect(int start_index, __le16 *cli_dialects, - __le16 dialects_count); -extern struct file_lock *smb_flock_init(struct file *f); -extern int setup_async_work(struct ksmbd_work *work, void (*fn)(void **), - void **arg); -extern void smb2_send_interim_resp(struct ksmbd_work *work, __le32 status); -extern struct channel *lookup_chann_list(struct ksmbd_session *sess); -extern void smb3_preauth_hash_rsp(struct ksmbd_work *work); -extern int smb3_is_transform_hdr(void *buf); -extern int smb3_decrypt_req(struct ksmbd_work *work); -extern int smb3_encrypt_resp(struct ksmbd_work *work); -extern bool smb3_11_final_sess_setup_resp(struct ksmbd_work *work); -extern int smb2_set_rsp_credits(struct ksmbd_work *work); +int init_smb2_0_server(struct ksmbd_conn *conn); +void init_smb2_1_server(struct ksmbd_conn *conn); +void init_smb3_0_server(struct ksmbd_conn *conn); +void init_smb3_02_server(struct ksmbd_conn *conn); +int init_smb3_11_server(struct ksmbd_conn *conn); + +void init_smb2_max_read_size(unsigned int sz); +void init_smb2_max_write_size(unsigned int sz); +void init_smb2_max_trans_size(unsigned int sz); + +int is_smb2_neg_cmd(struct ksmbd_work *work); +int is_smb2_rsp(struct ksmbd_work *work); + +u16 get_smb2_cmd_val(struct ksmbd_work *work); +void set_smb2_rsp_status(struct ksmbd_work *work, __le32 err); +int init_smb2_rsp_hdr(struct ksmbd_work *work); +int smb2_allocate_rsp_buf(struct ksmbd_work *work); +bool is_chained_smb2_message(struct ksmbd_work *work); +int init_smb2_neg_rsp(struct ksmbd_work *work); +void smb2_set_err_rsp(struct ksmbd_work *work); +int smb2_check_user_session(struct ksmbd_work *work); +int smb2_get_ksmbd_tcon(struct ksmbd_work *work); +bool smb2_is_sign_req(struct ksmbd_work *work, unsigned int command); +int smb2_check_sign_req(struct ksmbd_work *work); +void smb2_set_sign_rsp(struct ksmbd_work *work); +int smb3_check_sign_req(struct ksmbd_work *work); +void smb3_set_sign_rsp(struct ksmbd_work *work); +int find_matching_smb2_dialect(int start_index, __le16 *cli_dialects, + __le16 dialects_count); +struct file_lock *smb_flock_init(struct file *f); +int setup_async_work(struct ksmbd_work *work, void (*fn)(void **), + void **arg); +void smb2_send_interim_resp(struct ksmbd_work *work, __le32 status); +struct channel *lookup_chann_list(struct ksmbd_session *sess); +void smb3_preauth_hash_rsp(struct ksmbd_work *work); +int smb3_is_transform_hdr(void *buf); +int smb3_decrypt_req(struct ksmbd_work *work); +int smb3_encrypt_resp(struct ksmbd_work *work); +bool smb3_11_final_sess_setup_resp(struct ksmbd_work *work); +int smb2_set_rsp_credits(struct ksmbd_work *work);

/* smb2 misc functions */ -extern int ksmbd_smb2_check_message(struct ksmbd_work *work); +int ksmbd_smb2_check_message(struct ksmbd_work *work);

/* smb2 command handlers */ -extern int smb2_handle_negotiate(struct ksmbd_work *work); -extern int smb2_negotiate_request(struct ksmbd_work *work); -extern int smb2_sess_setup(struct ksmbd_work *work); -extern int smb2_tree_connect(struct ksmbd_work *work); -extern int smb2_tree_disconnect(struct ksmbd_work *work); -extern int smb2_session_logoff(struct ksmbd_work *work); -extern int smb2_open(struct ksmbd_work *work); -extern int smb2_query_info(struct ksmbd_work *work); -extern int smb2_query_dir(struct ksmbd_work *work); -extern int smb2_close(struct ksmbd_work *work); -extern int smb2_echo(struct ksmbd_work *work); -extern int smb2_set_info(struct ksmbd_work *work); -extern int smb2_read(struct ksmbd_work *work); -extern int smb2_write(struct ksmbd_work *work); -extern int smb2_flush(struct ksmbd_work *work); -extern int smb2_cancel(struct ksmbd_work *work); -extern int smb2_lock(struct ksmbd_work *work); -extern int smb2_ioctl(struct ksmbd_work *work); -extern int smb2_oplock_break(struct ksmbd_work *work); -extern int smb2_notify(struct ksmbd_work *ksmbd_work); +int smb2_handle_negotiate(struct ksmbd_work *work); +int smb2_negotiate_request(struct ksmbd_work *work); +int smb2_sess_setup(struct ksmbd_work *work); +int smb2_tree_connect(struct ksmbd_work *work); +int smb2_tree_disconnect(struct ksmbd_work *work); +int smb2_session_logoff(struct ksmbd_work *work); +int smb2_open(struct ksmbd_work *work); +int smb2_query_info(struct ksmbd_work *work); +int smb2_query_dir(struct ksmbd_work *work); +int smb2_close(struct ksmbd_work *work); +int smb2_echo(struct ksmbd_work *work); +int smb2_set_info(struct ksmbd_work *work); +int smb2_read(struct ksmbd_work *work); +int smb2_write(struct ksmbd_work *work); +int smb2_flush(struct ksmbd_work *work); +int smb2_cancel(struct ksmbd_work *work); +int smb2_lock(struct ksmbd_work *work); +int smb2_ioctl(struct ksmbd_work *work); +int smb2_oplock_break(struct ksmbd_work *work); +int smb2_notify(struct ksmbd_work *ksmbd_work);

#endif /* _SMB2PDU_H */ diff --git a/fs/cifsd/smb_common.c b/fs/cifsd/smb_common.c index da1928b948f8..b0510213eb6d 100644 --- a/fs/cifsd/smb_common.c +++ b/fs/cifsd/smb_common.c @@ -17,7 +17,7 @@

/*for shortname implementation */ static const char basechars[43] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_-!@#$%"; -#define MANGLE_BASE (sizeof(basechars)/sizeof(char)-1) +#define MANGLE_BASE (sizeof(basechars) / sizeof(char) - 1) #define MAGIC_CHAR '~' #define PERIOD '.' #define mangle(V) ((char)(basechars[(V) % MANGLE_BASE])) @@ -268,15 +268,10 @@ bool ksmbd_pdu_size_has_room(unsigned int pdu) return (pdu >= KSMBD_MIN_SUPPORTED_HEADER_SIZE - 4); }

-int ksmbd_populate_dot_dotdot_entries(struct ksmbd_work *work, - int info_level, - struct ksmbd_file *dir, - struct ksmbd_dir_info *d_info, - char *search_pattern, - int (*fn)(struct ksmbd_conn *, - int, - struct ksmbd_dir_info *, - struct ksmbd_kstat *)) +int ksmbd_populate_dot_dotdot_entries(struct ksmbd_work *work, int info_level, + struct ksmbd_file *dir, struct ksmbd_dir_info *d_info, + char *search_pattern, int (*fn)(struct ksmbd_conn *, int, + struct ksmbd_dir_info *, struct ksmbd_kstat *)) { int i, rc = 0; struct ksmbd_conn *conn = work->conn; @@ -295,7 +290,7 @@ int ksmbd_populate_dot_dotdot_entries(struct ksmbd_work *work, }

if (!match_pattern(d_info->name, d_info->name_len, - search_pattern)) { + search_pattern)) { dir->dot_dotdot[i] = 1; continue; } @@ -331,9 +326,8 @@ int ksmbd_populate_dot_dotdot_entries(struct ksmbd_work *work, * TODO: Though this function comforms the restriction of 8.3 Filename spec, * but the result is different with Windows 7's one. need to check. */ -int ksmbd_extract_shortname(struct ksmbd_conn *conn, - const char *longname, - char *shortname) +int ksmbd_extract_shortname(struct ksmbd_conn *conn, const char *longname, + char *shortname) { const char *p; char base[9], extension[4]; @@ -354,7 +348,7 @@ int ksmbd_extract_shortname(struct ksmbd_conn *conn, if (p == longname) { /*name starts with a dot*/ strscpy(extension, "___", strlen("___")); } else { - if (p != NULL) { + if (p) { p++; while (*p && extlen < 3) { if (*p != '.') @@ -362,8 +356,9 @@ int ksmbd_extract_shortname(struct ksmbd_conn *conn, p++; } extension[extlen] = '\0'; - } else + } else { dot_present = false; + } }

p = longname; @@ -378,7 +373,7 @@ int ksmbd_extract_shortname(struct ksmbd_conn *conn, }

base[baselen] = MAGIC_CHAR; - memcpy(out, base, baselen+1); + memcpy(out, base, baselen + 1);

ptr = longname; len = strlen(longname); @@ -386,14 +381,14 @@ int ksmbd_extract_shortname(struct ksmbd_conn *conn, csum += *ptr;

csum = csum % (MANGLE_BASE * MANGLE_BASE); - out[baselen+1] = mangle(csum/MANGLE_BASE); - out[baselen+2] = mangle(csum); - out[baselen+3] = PERIOD; + out[baselen + 1] = mangle(csum / MANGLE_BASE); + out[baselen + 2] = mangle(csum); + out[baselen + 3] = PERIOD;

if (dot_present) - memcpy(&out[baselen+4], extension, 4); + memcpy(&out[baselen + 4], extension, 4); else - out[baselen+4] = '\0'; + out[baselen + 4] = '\0'; smbConvertToUTF16((__le16 *)shortname, out, PATH_MAX, conn->local_nls, 0); len = strlen(out) * 2; @@ -471,9 +466,8 @@ static const char * const shared_mode_errors[] = { "Desired access mode does not permit FILE_DELETE", };

-static void smb_shared_mode_error(int error, - struct ksmbd_file *prev_fp, - struct ksmbd_file *curr_fp) +static void smb_shared_mode_error(int error, struct ksmbd_file *prev_fp, + struct ksmbd_file *curr_fp) { ksmbd_debug(SMB, "%s\n", shared_mode_errors[error]); ksmbd_debug(SMB, "Current mode: 0x%x Desired mode: 0x%x\n", @@ -512,7 +506,7 @@ int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp) continue;

if (!(prev_fp->saccess & FILE_SHARE_DELETE_LE) && - curr_fp->daccess & FILE_DELETE_LE) { + curr_fp->daccess & FILE_DELETE_LE) { smb_shared_mode_error(SHARE_DELETE_ERROR, prev_fp, curr_fp); @@ -528,8 +522,7 @@ int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp) continue;

if (!(prev_fp->saccess & FILE_SHARE_READ_LE) && - curr_fp->daccess & (FILE_EXECUTE_LE | - FILE_READ_DATA_LE)) { + curr_fp->daccess & (FILE_EXECUTE_LE | FILE_READ_DATA_LE)) { smb_shared_mode_error(SHARE_READ_ERROR, prev_fp, curr_fp); @@ -538,8 +531,7 @@ int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp) }

if (!(prev_fp->saccess & FILE_SHARE_WRITE_LE) && - curr_fp->daccess & (FILE_WRITE_DATA_LE | - FILE_APPEND_DATA_LE)) { + curr_fp->daccess & (FILE_WRITE_DATA_LE | FILE_APPEND_DATA_LE)) { smb_shared_mode_error(SHARE_WRITE_ERROR, prev_fp, curr_fp); @@ -547,9 +539,8 @@ int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp) break; }

- if (prev_fp->daccess & (FILE_EXECUTE_LE | - FILE_READ_DATA_LE) && - !(curr_fp->saccess & FILE_SHARE_READ_LE)) { + if (prev_fp->daccess & (FILE_EXECUTE_LE | FILE_READ_DATA_LE) && + !(curr_fp->saccess & FILE_SHARE_READ_LE)) { smb_shared_mode_error(FILE_READ_ERROR, prev_fp, curr_fp); @@ -557,9 +548,8 @@ int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp) break; }

- if (prev_fp->daccess & (FILE_WRITE_DATA_LE | - FILE_APPEND_DATA_LE) && - !(curr_fp->saccess & FILE_SHARE_WRITE_LE)) { + if (prev_fp->daccess & (FILE_WRITE_DATA_LE | FILE_APPEND_DATA_LE) && + !(curr_fp->saccess & FILE_SHARE_WRITE_LE)) { smb_shared_mode_error(FILE_WRITE_ERROR, prev_fp, curr_fp); @@ -568,7 +558,7 @@ int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp) }

if (prev_fp->daccess & FILE_DELETE_LE && - !(curr_fp->saccess & FILE_SHARE_DELETE_LE)) { + !(curr_fp->saccess & FILE_SHARE_DELETE_LE)) { smb_shared_mode_error(FILE_DELETE_ERROR, prev_fp, curr_fp); @@ -620,7 +610,7 @@ int ksmbd_override_fsids(struct ksmbd_work *work) if (!uid_eq(cred->fsuid, GLOBAL_ROOT_UID)) cred->cap_effective = cap_drop_fs_set(cred->cap_effective);

- WARN_ON(work->saved_cred != NULL); + WARN_ON(work->saved_cred); work->saved_cred = override_creds(cred); if (!work->saved_cred) { abort_creds(cred); @@ -633,7 +623,7 @@ void ksmbd_revert_fsids(struct ksmbd_work *work) { const struct cred *cred;

- WARN_ON(work->saved_cred == NULL); + WARN_ON(!work->saved_cred);

cred = current_cred(); revert_creds(work->saved_cred); diff --git a/fs/cifsd/smb_common.h b/fs/cifsd/smb_common.h index ec954e6bc4ae..2d7b1c693ff4 100644 --- a/fs/cifsd/smb_common.h +++ b/fs/cifsd/smb_common.h @@ -43,7 +43,7 @@ #define SMB311_PROT_ID 0x0311 #define BAD_PROT_ID 0xFFFF

-#define SMB_ECHO_INTERVAL (60*HZ) +#define SMB_ECHO_INTERVAL (60 * HZ)

#define CIFS_DEFAULT_IOSIZE (64 * 1024) #define MAX_CIFS_SMALL_BUFFER_SIZE 448 /* big enough for most */ @@ -490,8 +490,6 @@ struct smb_version_cmds { int (*proc)(struct ksmbd_work *swork); };

- - int ksmbd_min_protocol(void); int ksmbd_max_protocol(void);

diff --git a/fs/cifsd/smbacl.c b/fs/cifsd/smbacl.c index 7f6d5313a02c..a3675aa837b9 100644 --- a/fs/cifsd/smbacl.c +++ b/fs/cifsd/smbacl.c @@ -68,13 +68,12 @@ static const struct smb_sid sid_unix_NFS_mode = { 1, 2, {0, 0, 0, 0, 0, 5}, * if the two SIDs (roughly equivalent to a UUID for a user or group) are * the same returns zero, if they do not match returns non-zero. */ -int -compare_sids(const struct smb_sid *ctsid, const struct smb_sid *cwsid) +int compare_sids(const struct smb_sid *ctsid, const struct smb_sid *cwsid) { int i; int num_subauth, num_sat, num_saw;

- if ((!ctsid) || (!cwsid)) + if (!ctsid || !cwsid) return 1;

/* compare the revision */ @@ -103,7 +102,7 @@ compare_sids(const struct smb_sid *ctsid, const struct smb_sid *cwsid) for (i = 0; i < num_subauth; ++i) { if (ctsid->sub_auth[i] != cwsid->sub_auth[i]) { if (le32_to_cpu(ctsid->sub_auth[i]) > - le32_to_cpu(cwsid->sub_auth[i])) + le32_to_cpu(cwsid->sub_auth[i])) return 1; else return -1; @@ -114,8 +113,7 @@ compare_sids(const struct smb_sid *ctsid, const struct smb_sid *cwsid) return 0; /* sids compare/match */ }

-static void -smb_copy_sid(struct smb_sid *dst, const struct smb_sid *src) +static void smb_copy_sid(struct smb_sid *dst, const struct smb_sid *src) { int i;

@@ -144,21 +142,17 @@ static umode_t access_flags_to_mode(struct smb_fattr *fattr, __le32 ace_flags, return mode; }

- if ((flags & GENERIC_READ) || - (flags & FILE_READ_RIGHTS)) + if ((flags & GENERIC_READ) || (flags & FILE_READ_RIGHTS)) mode = 0444; - if ((flags & GENERIC_WRITE) || - (flags & FILE_WRITE_RIGHTS)) { + if ((flags & GENERIC_WRITE) || (flags & FILE_WRITE_RIGHTS)) { mode |= 0222; if (S_ISDIR(fattr->cf_mode)) mode |= 0111; } - if ((flags & GENERIC_EXECUTE) || - (flags & FILE_EXEC_RIGHTS)) + if ((flags & GENERIC_EXECUTE) || (flags & FILE_EXEC_RIGHTS)) mode |= 0111;

- if (type == ACCESS_DENIED_ACE_TYPE || - type == ACCESS_DENIED_OBJECT_ACE_TYPE) + if (type == ACCESS_DENIED_ACE_TYPE || type == ACCESS_DENIED_OBJECT_ACE_TYPE) mode = ~mode;

ksmbd_debug(SMB, "access flags 0x%x mode now %04o\n", flags, mode); @@ -282,8 +276,7 @@ static int sid_to_id(struct smb_sid *psid, uint sidtype, id = le32_to_cpu(psid->sub_auth[psid->num_subauth - 1]); if (id > 0) { uid = make_kuid(&init_user_ns, id); - if (uid_valid(uid) && - kuid_has_mapping(&init_user_ns, uid)) { + if (uid_valid(uid) && kuid_has_mapping(&init_user_ns, uid)) { fattr->cf_uid = uid; rc = 0; } @@ -295,8 +288,7 @@ static int sid_to_id(struct smb_sid *psid, uint sidtype, id = le32_to_cpu(psid->sub_auth[psid->num_subauth - 1]); if (id > 0) { gid = make_kgid(&init_user_ns, id); - if (gid_valid(gid) && - kgid_has_mapping(&init_user_ns, gid)) { + if (gid_valid(gid) && kgid_has_mapping(&init_user_ns, gid)) { fattr->cf_gid = gid; rc = 0; } @@ -353,7 +345,7 @@ int init_acl_state(struct posix_acl_state *state, int cnt) * enough space for either: */ alloc = sizeof(struct posix_ace_state_array) - + cnt*sizeof(struct posix_user_ace_state); + + cnt * sizeof(struct posix_user_ace_state); state->users = kzalloc(alloc, GFP_KERNEL); if (!state->users) return -ENOMEM; @@ -429,17 +421,17 @@ static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl, * user/group/other have no permissions */ for (i = 0; i < num_aces; ++i) { - ppace[i] = (struct smb_ace *) (acl_base + acl_size); + ppace[i] = (struct smb_ace *)(acl_base + acl_size); acl_base = (char *)ppace[i]; acl_size = le16_to_cpu(ppace[i]->size); ppace[i]->access_req = smb_map_generic_desired_access(ppace[i]->access_req);

- if (!(compare_sids(&(ppace[i]->sid), &sid_unix_NFS_mode))) { + if (!(compare_sids(&ppace[i]->sid, &sid_unix_NFS_mode))) { fattr->cf_mode = le32_to_cpu(ppace[i]->sid.sub_auth[2]); break; - } else if (!compare_sids(&(ppace[i]->sid), pownersid)) { + } else if (!compare_sids(&ppace[i]->sid, pownersid)) { acl_mode = access_flags_to_mode(fattr, ppace[i]->access_req, ppace[i]->type); acl_mode &= 0700; @@ -449,9 +441,9 @@ static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl, mode |= acl_mode; } owner_found = true; - } else if (!compare_sids(&(ppace[i]->sid), pgrpsid) || - ppace[i]->sid.sub_auth[ppace[i]->sid.num_subauth - 1] == - DOMAIN_USER_RID_LE) { + } else if (!compare_sids(&ppace[i]->sid, pgrpsid) || + ppace[i]->sid.sub_auth[ppace[i]->sid.num_subauth - 1] == + DOMAIN_USER_RID_LE) { acl_mode = access_flags_to_mode(fattr, ppace[i]->access_req, ppace[i]->type); acl_mode &= 0070; @@ -460,7 +452,7 @@ static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl, mode |= acl_mode; } group_found = true; - } else if (!compare_sids(&(ppace[i]->sid), &sid_everyone)) { + } else if (!compare_sids(&ppace[i]->sid, &sid_everyone)) { acl_mode = access_flags_to_mode(fattr, ppace[i]->access_req, ppace[i]->type); acl_mode &= 0007; @@ -469,13 +461,13 @@ static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl, mode |= acl_mode; } others_found = true; - } else if (!compare_sids(&(ppace[i]->sid), &creator_owner)) + } else if (!compare_sids(&ppace[i]->sid, &creator_owner)) { continue; - else if (!compare_sids(&(ppace[i]->sid), &creator_group)) + } else if (!compare_sids(&ppace[i]->sid, &creator_group)) { continue; - else if (!compare_sids(&(ppace[i]->sid), &sid_authusers)) + } else if (!compare_sids(&ppace[i]->sid, &sid_authusers)) { continue; - else { + } else { struct smb_fattr temp_fattr;

acl_mode = access_flags_to_mode(fattr, ppace[i]->access_req, @@ -610,7 +602,7 @@ static void set_posix_acl_entries_dacl(struct smb_ace *pndace, if (S_ISDIR(fattr->cf_mode) && pace->e_tag == ACL_OTHER) flags = 0x03;

- ntace = (struct smb_ace *) ((char *)pndace + *size); + ntace = (struct smb_ace *)((char *)pndace + *size); *size += fill_ace_for_sid(ntace, sid, ACCESS_ALLOWED, flags, pace->e_perm, 0777); (*num_aces)++; @@ -619,8 +611,8 @@ static void set_posix_acl_entries_dacl(struct smb_ace *pndace, FILE_DELETE_LE | FILE_DELETE_CHILD_LE;

if (S_ISDIR(fattr->cf_mode) && - (pace->e_tag == ACL_USER || pace->e_tag == ACL_GROUP)) { - ntace = (struct smb_ace *) ((char *)pndace + *size); + (pace->e_tag == ACL_USER || pace->e_tag == ACL_GROUP)) { + ntace = (struct smb_ace *)((char *)pndace + *size); *size += fill_ace_for_sid(ntace, sid, ACCESS_ALLOWED, 0x03, pace->e_perm, 0777); (*num_aces)++; @@ -661,7 +653,7 @@ static void set_posix_acl_entries_dacl(struct smb_ace *pndace, continue; }

- ntace = (struct smb_ace *) ((char *)pndace + *size); + ntace = (struct smb_ace *)((char *)pndace + *size); *size += fill_ace_for_sid(ntace, sid, ACCESS_ALLOWED, 0x0b, pace->e_perm, 0777); (*num_aces)++; @@ -786,7 +778,7 @@ int parse_sec_desc(struct smb_ntsd *pntsd, int acl_len, __u32 dacloffset; int pntsd_type;

- if (pntsd == NULL) + if (!pntsd) return -EIO;

owner_sid_ptr = (struct smb_sid *)((char *)pntsd + @@ -913,11 +905,11 @@ int build_sec_desc(struct smb_ntsd *pntsd, struct smb_ntsd *ppntsd, dacl_ptr->size = cpu_to_le16(sizeof(struct smb_acl)); dacl_ptr->num_aces = 0;

- if (!ppntsd) + if (!ppntsd) { set_mode_dacl(dacl_ptr, fattr); - else if (!ppntsd->dacloffset) + } else if (!ppntsd->dacloffset) { goto out; - else { + } else { struct smb_acl *ppdacl_ptr;

ppdacl_ptr = (struct smb_acl *)((char *)ppntsd + @@ -992,8 +984,9 @@ int smb_inherit_dacl(struct ksmbd_conn *conn, struct dentry *dentry, flags |= INHERIT_ONLY_ACE; if (flags & NO_PROPAGATE_INHERIT_ACE) flags = 0; - } else + } else { flags = 0; + }

if (!compare_sids(&creator_owner, &parent_aces->sid)) { creator = &creator_owner; @@ -1016,8 +1009,9 @@ int smb_inherit_dacl(struct ksmbd_conn *conn, struct dentry *dentry, aces = (struct smb_ace *)((char *)aces + le16_to_cpu(aces->size)); flags |= INHERIT_ONLY_ACE; psid = creator; - } else if (is_dir && !(parent_aces->flags & NO_PROPAGATE_INHERIT_ACE)) + } else if (is_dir && !(parent_aces->flags & NO_PROPAGATE_INHERIT_ACE)) { psid = &parent_aces->sid; + }

smb_set_ace(aces, psid, parent_aces->type, flags | inherited_flags, parent_aces->access_req); @@ -1166,7 +1160,7 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, struct dentry *dentry, ace = (struct smb_ace *)((char *)pdacl + sizeof(struct smb_acl)); for (i = 0; i < le32_to_cpu(pdacl->num_aces); i++) { granted |= le32_to_cpu(ace->access_req); - ace = (struct smb_ace *) ((char *)ace + le16_to_cpu(ace->size)); + ace = (struct smb_ace *)((char *)ace + le16_to_cpu(ace->size)); if (end_of_acl < (char *)ace) goto err_out; } @@ -1189,7 +1183,7 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, struct dentry *dentry, if (!compare_sids(&sid_everyone, &ace->sid)) others_ace = ace;

- ace = (struct smb_ace *) ((char *)ace + le16_to_cpu(ace->size)); + ace = (struct smb_ace *)((char *)ace + le16_to_cpu(ace->size)); if (end_of_acl < (char *)ace) goto err_out; } @@ -1229,9 +1223,9 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, struct dentry *dentry, posix_acl_release(posix_acls);

if (!found) { - if (others_ace) + if (others_ace) { ace = others_ace; - else { + } else { ksmbd_debug(SMB, "Can't find corresponding sid\n"); rc = -EACCES; goto err_out; @@ -1300,8 +1294,7 @@ int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon, if (type_check && !(le16_to_cpu(pntsd->type) & DACL_PRESENT)) goto out;

- if (test_share_config_flag(tcon->share_conf, - KSMBD_SHARE_FLAG_ACL_XATTR)) { + if (test_share_config_flag(tcon->share_conf, KSMBD_SHARE_FLAG_ACL_XATTR)) { /* Update WinACL in xattr */ ksmbd_vfs_remove_sd_xattrs(dentry); ksmbd_vfs_set_sd_xattr(conn, dentry, pntsd, ntsd_len); diff --git a/fs/cifsd/time_wrappers.h b/fs/cifsd/time_wrappers.h index a702ca96947e..31bea2058f88 100644 --- a/fs/cifsd/time_wrappers.h +++ b/fs/cifsd/time_wrappers.h @@ -11,13 +11,13 @@ * between different kernel versions. */

-#define NTFS_TIME_OFFSET ((u64)(369*365 + 89) * 24 * 3600 * 10000000) +#define NTFS_TIME_OFFSET ((u64)(369 * 365 + 89) * 24 * 3600 * 10000000)

/* Convert the Unix UTC into NT UTC. */ static inline u64 ksmbd_UnixTimeToNT(struct timespec64 t) { /* Convert to 100ns intervals and then add the NTFS time offset. */ - return (u64) t.tv_sec * 10000000 + t.tv_nsec / 100 + NTFS_TIME_OFFSET; + return (u64)t.tv_sec * 10000000 + t.tv_nsec / 100 + NTFS_TIME_OFFSET; }

struct timespec64 ksmbd_NTtimeToUnix(__le64 ntutc); diff --git a/fs/cifsd/transport_ipc.c b/fs/cifsd/transport_ipc.c index e5f4d97b2924..1bbff53436b3 100644 --- a/fs/cifsd/transport_ipc.c +++ b/fs/cifsd/transport_ipc.c @@ -75,8 +75,7 @@ struct ipc_msg_table_entry { static struct delayed_work ipc_timer_work;

static int handle_startup_event(struct sk_buff *skb, struct genl_info *info); -static int handle_unsupported_event(struct sk_buff *skb, - struct genl_info *info); +static int handle_unsupported_event(struct sk_buff *skb, struct genl_info *info); static int handle_generic_event(struct sk_buff *skb, struct genl_info *info); static int ksmbd_ipc_heartbeat_request(void);

@@ -385,8 +384,7 @@ static int handle_startup_event(struct sk_buff *skb, struct genl_info *info) return ret; }

-static int handle_unsupported_event(struct sk_buff *skb, - struct genl_info *info) +static int handle_unsupported_event(struct sk_buff *skb, struct genl_info *info) { ksmbd_err("Unknown IPC event: %d, ignore.\n", info->genlhdr->cmd); return -EINVAL; @@ -453,8 +451,7 @@ static int ipc_msg_send(struct ksmbd_ipc_msg *msg) return ret; }

-static void *ipc_msg_send_request(struct ksmbd_ipc_msg *msg, - unsigned int handle) +static void *ipc_msg_send_request(struct ksmbd_ipc_msg *msg, unsigned int handle) { struct ipc_msg_table_entry entry; int ret; @@ -550,9 +547,9 @@ ksmbd_ipc_spnego_authen_request(const char *spnego_blob, int blob_len)

struct ksmbd_tree_connect_response * ksmbd_ipc_tree_connect_request(struct ksmbd_session *sess, - struct ksmbd_share_config *share, - struct ksmbd_tree_connect *tree_conn, - struct sockaddr *peer_addr) + struct ksmbd_share_config *share, + struct ksmbd_tree_connect *tree_conn, + struct sockaddr *peer_addr) { struct ksmbd_ipc_msg *msg; struct ksmbd_tree_connect_request *req; @@ -591,7 +588,7 @@ ksmbd_ipc_tree_connect_request(struct ksmbd_session *sess, }

int ksmbd_ipc_tree_disconnect_request(unsigned long long session_id, - unsigned long long connect_id) + unsigned long long connect_id) { struct ksmbd_ipc_msg *msg; struct ksmbd_tree_disconnect_request *req; @@ -658,8 +655,7 @@ ksmbd_ipc_share_config_request(const char *name) return resp; }

-struct ksmbd_rpc_command *ksmbd_rpc_open(struct ksmbd_session *sess, - int handle) +struct ksmbd_rpc_command *ksmbd_rpc_open(struct ksmbd_session *sess, int handle) { struct ksmbd_ipc_msg *msg; struct ksmbd_rpc_command *req; @@ -681,8 +677,7 @@ struct ksmbd_rpc_command *ksmbd_rpc_open(struct ksmbd_session *sess, return resp; }

-struct ksmbd_rpc_command *ksmbd_rpc_close(struct ksmbd_session *sess, - int handle) +struct ksmbd_rpc_command *ksmbd_rpc_close(struct ksmbd_session *sess, int handle) { struct ksmbd_ipc_msg *msg; struct ksmbd_rpc_command *req; @@ -704,10 +699,8 @@ struct ksmbd_rpc_command *ksmbd_rpc_close(struct ksmbd_session *sess, return resp; }

-struct ksmbd_rpc_command *ksmbd_rpc_write(struct ksmbd_session *sess, - int handle, - void *payload, - size_t payload_sz) +struct ksmbd_rpc_command *ksmbd_rpc_write(struct ksmbd_session *sess, int handle, + void *payload, size_t payload_sz) { struct ksmbd_ipc_msg *msg; struct ksmbd_rpc_command *req; @@ -731,8 +724,7 @@ struct ksmbd_rpc_command *ksmbd_rpc_write(struct ksmbd_session *sess, return resp; }

-struct ksmbd_rpc_command *ksmbd_rpc_read(struct ksmbd_session *sess, - int handle) +struct ksmbd_rpc_command *ksmbd_rpc_read(struct ksmbd_session *sess, int handle) { struct ksmbd_ipc_msg *msg; struct ksmbd_rpc_command *req; @@ -755,10 +747,8 @@ struct ksmbd_rpc_command *ksmbd_rpc_read(struct ksmbd_session *sess, return resp; }

-struct ksmbd_rpc_command *ksmbd_rpc_ioctl(struct ksmbd_session *sess, - int handle, - void *payload, - size_t payload_sz) +struct ksmbd_rpc_command *ksmbd_rpc_ioctl(struct ksmbd_session *sess, int handle, + void *payload, size_t payload_sz) { struct ksmbd_ipc_msg *msg; struct ksmbd_rpc_command *req; @@ -782,9 +772,8 @@ struct ksmbd_rpc_command *ksmbd_rpc_ioctl(struct ksmbd_session *sess, return resp; }

-struct ksmbd_rpc_command *ksmbd_rpc_rap(struct ksmbd_session *sess, - void *payload, - size_t payload_sz) +struct ksmbd_rpc_command *ksmbd_rpc_rap(struct ksmbd_session *sess, void *payload, + size_t payload_sz) { struct ksmbd_ipc_msg *msg; struct ksmbd_rpc_command *req; @@ -885,8 +874,7 @@ int ksmbd_ipc_init(void)

ret = genl_register_family(&ksmbd_genl_family); if (ret) { - ksmbd_err("Failed to register KSMBD netlink interface %d\n", - ret); + ksmbd_err("Failed to register KSMBD netlink interface %d\n", ret); goto cancel_work; }

diff --git a/fs/cifsd/transport_ipc.h b/fs/cifsd/transport_ipc.h index 6ed7cbea727e..c3744ed7a085 100644 --- a/fs/cifsd/transport_ipc.h +++ b/fs/cifsd/transport_ipc.h @@ -20,9 +20,9 @@ struct sockaddr;

struct ksmbd_tree_connect_response * ksmbd_ipc_tree_connect_request(struct ksmbd_session *sess, - struct ksmbd_share_config *share, - struct ksmbd_tree_connect *tree_conn, - struct sockaddr *peer_addr); + struct ksmbd_share_config *share, + struct ksmbd_tree_connect *tree_conn, + struct sockaddr *peer_addr);

int ksmbd_ipc_tree_disconnect_request(unsigned long long session_id, unsigned long long connect_id); @@ -37,24 +37,16 @@ ksmbd_ipc_spnego_authen_request(const char *spnego_blob, int blob_len); int ksmbd_ipc_id_alloc(void); void ksmbd_rpc_id_free(int handle);

-struct ksmbd_rpc_command *ksmbd_rpc_open(struct ksmbd_session *sess, - int handle); -struct ksmbd_rpc_command *ksmbd_rpc_close(struct ksmbd_session *sess, - int handle); - -struct ksmbd_rpc_command *ksmbd_rpc_write(struct ksmbd_session *sess, - int handle, - void *payload, - size_t payload_sz); -struct ksmbd_rpc_command *ksmbd_rpc_read(struct ksmbd_session *sess, - int handle); -struct ksmbd_rpc_command *ksmbd_rpc_ioctl(struct ksmbd_session *sess, - int handle, - void *payload, - size_t payload_sz); -struct ksmbd_rpc_command *ksmbd_rpc_rap(struct ksmbd_session *sess, - void *payload, - size_t payload_sz); +struct ksmbd_rpc_command *ksmbd_rpc_open(struct ksmbd_session *sess, int handle); +struct ksmbd_rpc_command *ksmbd_rpc_close(struct ksmbd_session *sess, int handle); + +struct ksmbd_rpc_command *ksmbd_rpc_write(struct ksmbd_session *sess, int handle, + void *payload, size_t payload_sz); +struct ksmbd_rpc_command *ksmbd_rpc_read(struct ksmbd_session *sess, int handle); +struct ksmbd_rpc_command *ksmbd_rpc_ioctl(struct ksmbd_session *sess, int handle, + void *payload, size_t payload_sz); +struct ksmbd_rpc_command *ksmbd_rpc_rap(struct ksmbd_session *sess, void *payload, + size_t payload_sz);

void ksmbd_ipc_release(void); void ksmbd_ipc_soft_reset(void); diff --git a/fs/cifsd/transport_rdma.c b/fs/cifsd/transport_rdma.c index 45b76847f1e7..8174a97bade4 100644 --- a/fs/cifsd/transport_rdma.c +++ b/fs/cifsd/transport_rdma.c @@ -85,7 +85,6 @@ static struct smb_direct_listener { struct rdma_cm_id *cm_id; } smb_direct_listener;

- static struct workqueue_struct *smb_direct_wq;

enum smb_direct_status { @@ -213,8 +212,8 @@ struct smb_direct_rdma_rw_msg { static void smb_direct_destroy_pools(struct smb_direct_transport *transport); static void smb_direct_post_recv_credits(struct work_struct *work); static int smb_direct_post_send_data(struct smb_direct_transport *t, - struct smb_direct_send_ctx *send_ctx, - struct kvec *iov, int niov, int remaining_data_length); + struct smb_direct_send_ctx *send_ctx, + struct kvec *iov, int niov, int remaining_data_length);

static inline void *smb_direct_recvmsg_payload(struct smb_direct_recvmsg *recvmsg) @@ -223,7 +222,7 @@ static inline void }

static inline bool is_receive_credit_post_required(int receive_credits, - int avail_recvmsg_count) + int avail_recvmsg_count) { return receive_credits <= (smb_direct_receive_credit_max >> 3) && avail_recvmsg_count >= (receive_credits >> 2); @@ -246,7 +245,7 @@ smb_direct_recvmsg *get_free_recvmsg(struct smb_direct_transport *t) }

static void put_recvmsg(struct smb_direct_transport *t, - struct smb_direct_recvmsg *recvmsg) + struct smb_direct_recvmsg *recvmsg) { ib_dma_unmap_single(t->cm_id->device, recvmsg->sge.addr, recvmsg->sge.length, DMA_FROM_DEVICE); @@ -254,7 +253,6 @@ static void put_recvmsg(struct smb_direct_transport *t, spin_lock(&t->recvmsg_queue_lock); list_add(&recvmsg->list, &t->recvmsg_queue); spin_unlock(&t->recvmsg_queue_lock); - }

static struct @@ -264,8 +262,7 @@ smb_direct_recvmsg *get_empty_recvmsg(struct smb_direct_transport *t)

spin_lock(&t->empty_recvmsg_queue_lock); if (!list_empty(&t->empty_recvmsg_queue)) { - recvmsg = list_first_entry( - &t->empty_recvmsg_queue, + recvmsg = list_first_entry(&t->empty_recvmsg_queue, struct smb_direct_recvmsg, list); list_del(&recvmsg->list); } @@ -274,7 +271,7 @@ smb_direct_recvmsg *get_empty_recvmsg(struct smb_direct_transport *t) }

static void put_empty_recvmsg(struct smb_direct_transport *t, - struct smb_direct_recvmsg *recvmsg) + struct smb_direct_recvmsg *recvmsg) { ib_dma_unmap_single(t->cm_id->device, recvmsg->sge.addr, recvmsg->sge.length, DMA_FROM_DEVICE); @@ -285,8 +282,7 @@ static void put_empty_recvmsg(struct smb_direct_transport *t, }

static void enqueue_reassembly(struct smb_direct_transport *t, - struct smb_direct_recvmsg *recvmsg, - int data_length) + struct smb_direct_recvmsg *recvmsg, int data_length) { spin_lock(&t->reassembly_queue_lock); list_add_tail(&recvmsg->list, &t->reassembly_queue); @@ -300,11 +296,9 @@ static void enqueue_reassembly(struct smb_direct_transport *t, virt_wmb(); t->reassembly_data_length += data_length; spin_unlock(&t->reassembly_queue_lock); - }

-static struct smb_direct_recvmsg *get_first_reassembly( - struct smb_direct_transport *t) +static struct smb_direct_recvmsg *get_first_reassembly(struct smb_direct_transport *t) { if (!list_empty(&t->reassembly_queue)) return list_first_entry(&t->reassembly_queue, @@ -423,11 +417,11 @@ static void free_transport(struct smb_direct_transport *t) recvmsg = get_first_reassembly(t); if (recvmsg) { list_del(&recvmsg->list); - spin_unlock( - &t->reassembly_queue_lock); + spin_unlock(&t->reassembly_queue_lock); put_recvmsg(t, recvmsg); - } else + } else { spin_unlock(&t->reassembly_queue_lock); + } } while (recvmsg); t->reassembly_data_length = 0;

@@ -460,7 +454,7 @@ static struct smb_direct_sendmsg }

static void smb_direct_free_sendmsg(struct smb_direct_transport *t, - struct smb_direct_sendmsg *msg) + struct smb_direct_sendmsg *msg) { int i;

@@ -481,8 +475,8 @@ static int smb_direct_check_recvmsg(struct smb_direct_recvmsg *recvmsg) switch (recvmsg->type) { case SMB_DIRECT_MSG_DATA_TRANSFER: { struct smb_direct_data_transfer *req = - (struct smb_direct_data_transfer *) recvmsg->packet; - struct smb2_hdr *hdr = (struct smb2_hdr *) (recvmsg->packet + (struct smb_direct_data_transfer *)recvmsg->packet; + struct smb2_hdr *hdr = (struct smb2_hdr *)(recvmsg->packet + le32_to_cpu(req->data_offset) - 4); ksmbd_debug(RDMA, "CreditGranted: %u, CreditRequested: %u, DataLength: %u, RemainingDataLength: %u, SMB: %x, Command: %u\n", @@ -504,12 +498,12 @@ static int smb_direct_check_recvmsg(struct smb_direct_recvmsg *recvmsg) le32_to_cpu(req->max_receive_size), le32_to_cpu(req->max_fragmented_size)); if (le16_to_cpu(req->min_version) > 0x0100 || - le16_to_cpu(req->max_version) < 0x0100) + le16_to_cpu(req->max_version) < 0x0100) return -EOPNOTSUPP; if (le16_to_cpu(req->credits_requested) <= 0 || - le32_to_cpu(req->max_receive_size) <= 128 || - le32_to_cpu(req->max_fragmented_size) <= - 128*1024) + le32_to_cpu(req->max_receive_size) <= 128 || + le32_to_cpu(req->max_fragmented_size) <= + 128 * 1024) return -ECONNABORTED;

break; @@ -595,8 +589,7 @@ static void recv_done(struct ib_cq *cq, struct ib_wc *wc) if (atomic_read(&t->send_credits) > 0) wake_up_interruptible(&t->wait_send_credits);

- if (is_receive_credit_post_required(receive_credits, - avail_recvmsg_count)) + if (is_receive_credit_post_required(receive_credits, avail_recvmsg_count)) mod_delayed_work(smb_direct_wq, &t->post_recv_credits_work, 0); break; @@ -607,7 +600,7 @@ static void recv_done(struct ib_cq *cq, struct ib_wc *wc) }

static int smb_direct_post_recv(struct smb_direct_transport *t, - struct smb_direct_recvmsg *recvmsg) + struct smb_direct_recvmsg *recvmsg) { struct ib_recv_wr wr; int ret; @@ -681,8 +674,7 @@ static int smb_direct_read(struct ksmbd_transport *t, char *buf, data_transfer = smb_direct_recvmsg_payload(recvmsg); data_length = le32_to_cpu(data_transfer->data_length); remaining_data_length = - le32_to_cpu( - data_transfer->remaining_data_length); + le32_to_cpu(data_transfer->remaining_data_length); data_offset = le32_to_cpu(data_transfer->data_offset);

/* @@ -706,9 +698,7 @@ static int smb_direct_read(struct ksmbd_transport *t, char *buf, }

to_copy = min_t(int, data_length - offset, to_read); - memcpy( - buf + data_read, - (char *)data_transfer + data_offset + offset, + memcpy(buf + data_read, (char *)data_transfer + data_offset + offset, to_copy);

/* move on to the next buffer? */ @@ -718,20 +708,19 @@ static int smb_direct_read(struct ksmbd_transport *t, char *buf, * No need to lock if we are not at the * end of the queue */ - if (queue_length) + if (queue_length) { list_del(&recvmsg->list); - else { - spin_lock_irq( - &st->reassembly_queue_lock); + } else { + spin_lock_irq(&st->reassembly_queue_lock); list_del(&recvmsg->list); - spin_unlock_irq( - &st->reassembly_queue_lock); + spin_unlock_irq(&st->reassembly_queue_lock); } queue_removed++; put_recvmsg(st, recvmsg); offset = 0; - } else + } else { offset += to_copy; + }

to_read -= to_copy; data_read += to_copy; @@ -744,13 +733,13 @@ static int smb_direct_read(struct ksmbd_transport *t, char *buf,

spin_lock(&st->receive_credit_lock); st->count_avail_recvmsg += queue_removed; - if (is_receive_credit_post_required(st->recv_credits, - st->count_avail_recvmsg)) { + if (is_receive_credit_post_required(st->recv_credits, st->count_avail_recvmsg)) { spin_unlock(&st->receive_credit_lock); mod_delayed_work(smb_direct_wq, &st->post_recv_credits_work, 0); - } else + } else { spin_unlock(&st->receive_credit_lock); + }

st->first_entry_offset = offset; ksmbd_debug(RDMA, @@ -762,10 +751,8 @@ static int smb_direct_read(struct ksmbd_transport *t, char *buf, }

ksmbd_debug(RDMA, "wait_event on more data\n"); - rc = wait_event_interruptible( - st->wait_reassembly_queue, - st->reassembly_data_length >= size || - st->status != SMB_DIRECT_CS_CONNECTED); + rc = wait_event_interruptible(st->wait_reassembly_queue, + st->reassembly_data_length >= size || st->status != SMB_DIRECT_CS_CONNECTED); if (rc) return -EINTR;

@@ -795,8 +782,9 @@ static void smb_direct_post_recv_credits(struct work_struct *work) if (use_free) { use_free = 0; continue; - } else + } else { break; + } }

recvmsg->type = SMB_DIRECT_MSG_DATA_TRANSFER; @@ -904,8 +892,8 @@ static int smb_direct_post_send(struct smb_direct_transport *t, }

static void smb_direct_send_ctx_init(struct smb_direct_transport *t, - struct smb_direct_send_ctx *send_ctx, - bool need_invalidate_rkey, unsigned int remote_key) + struct smb_direct_send_ctx *send_ctx, + bool need_invalidate_rkey, unsigned int remote_key) { INIT_LIST_HEAD(&send_ctx->msg_list); send_ctx->wr_cnt = 0; @@ -914,7 +902,7 @@ static void smb_direct_send_ctx_init(struct smb_direct_transport *t, }

static int smb_direct_flush_send_list(struct smb_direct_transport *t, - struct smb_direct_send_ctx *send_ctx, bool is_last) + struct smb_direct_send_ctx *send_ctx, bool is_last) { struct smb_direct_sendmsg *first, *last; int ret; @@ -973,12 +961,12 @@ static int wait_for_credits(struct smb_direct_transport *t, }

static int wait_for_send_credits(struct smb_direct_transport *t, - struct smb_direct_send_ctx *send_ctx) + struct smb_direct_send_ctx *send_ctx) { int ret;

if (send_ctx && (send_ctx->wr_cnt >= 16 || - atomic_read(&t->send_credits) <= 1)) { + atomic_read(&t->send_credits) <= 1)) { ret = smb_direct_flush_send_list(t, send_ctx, false); if (ret) return ret; @@ -1048,8 +1036,7 @@ static int smb_direct_create_header(struct smb_direct_transport *t, return 0; }

-static int get_sg_list(void *buf, int size, - struct scatterlist *sg_list, int nentries) +static int get_sg_list(void *buf, int size, struct scatterlist *sg_list, int nentries) { bool high = is_vmalloc_addr(buf); struct page *page; @@ -1082,8 +1069,8 @@ static int get_sg_list(void *buf, int size, }

static int get_mapped_sg_list(struct ib_device *device, void *buf, int size, - struct scatterlist *sg_list, int nentries, - enum dma_data_direction dir) + struct scatterlist *sg_list, int nentries, + enum dma_data_direction dir) { int npages;

@@ -1094,8 +1081,8 @@ static int get_mapped_sg_list(struct ib_device *device, void *buf, int size, }

static int post_sendmsg(struct smb_direct_transport *t, - struct smb_direct_send_ctx *send_ctx, - struct smb_direct_sendmsg *msg) + struct smb_direct_send_ctx *send_ctx, + struct smb_direct_sendmsg *msg) { int i;

@@ -1132,13 +1119,13 @@ static int post_sendmsg(struct smb_direct_transport *t, }

static int smb_direct_post_send_data(struct smb_direct_transport *t, - struct smb_direct_send_ctx *send_ctx, - struct kvec *iov, int niov, int remaining_data_length) + struct smb_direct_send_ctx *send_ctx, + struct kvec *iov, int niov, int remaining_data_length) { int i, j, ret; struct smb_direct_sendmsg *msg; int data_length; - struct scatterlist sg[SMB_DIRECT_MAX_SEND_SGES-1]; + struct scatterlist sg[SMB_DIRECT_MAX_SEND_SGES - 1];

ret = wait_for_send_credits(t, send_ctx); if (ret) @@ -1159,15 +1146,15 @@ static int smb_direct_post_send_data(struct smb_direct_transport *t, struct ib_sge *sge; int sg_cnt;

- sg_init_table(sg, SMB_DIRECT_MAX_SEND_SGES-1); + sg_init_table(sg, SMB_DIRECT_MAX_SEND_SGES - 1); sg_cnt = get_mapped_sg_list(t->cm_id->device, iov[i].iov_base, iov[i].iov_len, - sg, SMB_DIRECT_MAX_SEND_SGES-1, DMA_TO_DEVICE); + sg, SMB_DIRECT_MAX_SEND_SGES - 1, DMA_TO_DEVICE); if (sg_cnt <= 0) { ksmbd_err("failed to map buffer\n"); ret = -ENOMEM; goto err; - } else if (sg_cnt + msg->num_sge > SMB_DIRECT_MAX_SEND_SGES-1) { + } else if (sg_cnt + msg->num_sge > SMB_DIRECT_MAX_SEND_SGES - 1) { ksmbd_err("buffer not fitted into sges\n"); ret = -E2BIG; ib_dma_unmap_sg(t->cm_id->device, sg, sg_cnt, @@ -1195,8 +1182,8 @@ static int smb_direct_post_send_data(struct smb_direct_transport *t, }

static int smb_direct_writev(struct ksmbd_transport *t, - struct kvec *iov, int niovs, int buflen, - bool need_invalidate, unsigned int remote_key) + struct kvec *iov, int niovs, int buflen, + bool need_invalidate, unsigned int remote_key) { struct smb_direct_transport *st = SMB_DIRECT_TRANS(t); int remaining_data_length; @@ -1228,24 +1215,24 @@ static int smb_direct_writev(struct ksmbd_transport *t, if (buflen > max_iov_size) { if (i > start) { remaining_data_length -= - (buflen-iov[i].iov_len); + (buflen - iov[i].iov_len); ret = smb_direct_post_send_data(st, &send_ctx, - &iov[start], i-start, + &iov[start], i - start, remaining_data_length); if (ret) goto done; } else { /* iov[start] is too big, break it */ - int nvec = (buflen+max_iov_size-1) / + int nvec = (buflen + max_iov_size - 1) / max_iov_size;

for (j = 0; j < nvec; j++) { vec.iov_base = (char *)iov[start].iov_base + - j*max_iov_size; + j * max_iov_size; vec.iov_len = min_t(int, max_iov_size, - buflen - max_iov_size*j); + buflen - max_iov_size * j); remaining_data_length -= vec.iov_len; ret = smb_direct_post_send_data(st, &send_ctx, &vec, 1, @@ -1265,7 +1252,7 @@ static int smb_direct_writev(struct ksmbd_transport *t, /* send out all remaining vecs */ remaining_data_length -= buflen; ret = smb_direct_post_send_data(st, &send_ctx, - &iov[start], i-start, + &iov[start], i - start, remaining_data_length); if (ret) goto done; @@ -1290,7 +1277,7 @@ static int smb_direct_writev(struct ksmbd_transport *t, }

static void read_write_done(struct ib_cq *cq, struct ib_wc *wc, - enum dma_data_direction dir) + enum dma_data_direction dir) { struct smb_direct_rdma_rw_msg *msg = container_of(wc->wr_cqe, struct smb_direct_rdma_rw_msg, cqe); @@ -1323,8 +1310,8 @@ static void write_done(struct ib_cq *cq, struct ib_wc *wc) }

static int smb_direct_rdma_xmit(struct smb_direct_transport *t, void *buf, - int buf_len, u32 remote_key, u64 remote_offset, u32 remote_len, - bool is_read) + int buf_len, u32 remote_key, u64 remote_offset, u32 remote_len, + bool is_read) { struct smb_direct_rdma_rw_msg *msg; int ret; @@ -1392,23 +1379,20 @@ static int smb_direct_rdma_xmit(struct smb_direct_transport *t, void *buf, sg_free_table_chained(&msg->sgt, SG_CHUNK_SIZE); kfree(msg); return ret; - }

-static int smb_direct_rdma_write(struct ksmbd_transport *t, - void *buf, unsigned int buflen, - u32 remote_key, u64 remote_offset, - u32 remote_len) +static int smb_direct_rdma_write(struct ksmbd_transport *t, void *buf, + unsigned int buflen, u32 remote_key, u64 remote_offset, + u32 remote_len) { return smb_direct_rdma_xmit(SMB_DIRECT_TRANS(t), buf, buflen, remote_key, remote_offset, remote_len, false); }

-static int smb_direct_rdma_read(struct ksmbd_transport *t, - void *buf, unsigned int buflen, - u32 remote_key, u64 remote_offset, - u32 remote_len) +static int smb_direct_rdma_read(struct ksmbd_transport *t, void *buf, + unsigned int buflen, u32 remote_key, u64 remote_offset, + u32 remote_len) { return smb_direct_rdma_xmit(SMB_DIRECT_TRANS(t), buf, buflen, remote_key, remote_offset, @@ -1428,7 +1412,7 @@ static void smb_direct_disconnect(struct ksmbd_transport *t) }

static int smb_direct_cm_handler(struct rdma_cm_id *cm_id, - struct rdma_cm_event *event) + struct rdma_cm_event *event) { struct smb_direct_transport *t = cm_id->context;

@@ -1505,8 +1489,7 @@ static int smb_direct_send_negotiate_response(struct smb_direct_transport *t, resp->reserved = 0; resp->credits_requested = cpu_to_le16(t->send_credit_target); - resp->credits_granted = cpu_to_le16( - manage_credits_prior_sending(t)); + resp->credits_granted = cpu_to_le16(manage_credits_prior_sending(t)); resp->max_readwrite_size = cpu_to_le32(t->max_rdma_rw_size); resp->preferred_send_size = cpu_to_le32(t->max_send_size); resp->max_receive_size = cpu_to_le32(t->max_recv_size); @@ -1665,7 +1648,7 @@ static int smb_direct_init_params(struct smb_direct_transport *t,

max_send_wrs = smb_direct_send_credit_target + max_rw_wrs; if (max_send_wrs > device->attrs.max_cqe || - max_send_wrs > device->attrs.max_qp_wr) { + max_send_wrs > device->attrs.max_qp_wr) { ksmbd_err("consider lowering send_credit_target = %d, or max_outstanding_rw_ops = %d\n", smb_direct_send_credit_target, smb_direct_max_outstanding_rw_ops); @@ -1936,7 +1919,7 @@ static int smb_direct_handle_connect_request(struct rdma_cm_id *new_cm_id) }

static int smb_direct_listen_handler(struct rdma_cm_id *cm_id, - struct rdma_cm_event *event) + struct rdma_cm_event *event) { switch (event->event) { case RDMA_CM_EVENT_CONNECT_REQUEST: { @@ -2010,7 +1993,7 @@ int ksmbd_rdma_init(void) * for lack of credits */ smb_direct_wq = alloc_workqueue("ksmbd-smb_direct-wq", - WQ_HIGHPRI|WQ_MEM_RECLAIM, 0); + WQ_HIGHPRI | WQ_MEM_RECLAIM, 0); if (!smb_direct_wq) return -ENOMEM;

diff --git a/fs/cifsd/transport_tcp.c b/fs/cifsd/transport_tcp.c index 5dd8641f66ba..67163efcf472 100644 --- a/fs/cifsd/transport_tcp.c +++ b/fs/cifsd/transport_tcp.c @@ -13,8 +13,8 @@ #include "connection.h" #include "transport_tcp.h"

-#define IFACE_STATE_DOWN (1 << 0) -#define IFACE_STATE_CONFIGURED (1 << 1) +#define IFACE_STATE_DOWN BIT(0) +#define IFACE_STATE_CONFIGURED BIT(1)

struct interface { struct task_struct *ksmbd_kthread; @@ -113,7 +113,7 @@ static void free_transport(struct tcp_transport *t) * Return: Number of IO segments */ static unsigned int kvec_array_init(struct kvec *new, struct kvec *iov, - unsigned int nr_segs, size_t bytes) + unsigned int nr_segs, size_t bytes) { size_t base = 0;

@@ -142,8 +142,7 @@ static unsigned int kvec_array_init(struct kvec *new, struct kvec *iov, * * Return: return existing or newly allocate iovec */ -static struct kvec *get_conn_iovec(struct tcp_transport *t, - unsigned int nr_segs) +static struct kvec *get_conn_iovec(struct tcp_transport *t, unsigned int nr_segs) { struct kvec *new_iov;

@@ -287,10 +286,8 @@ static int ksmbd_tcp_run_kthread(struct interface *iface) * Return: on success return number of bytes read from socket, * otherwise return error number */ -static int ksmbd_tcp_readv(struct tcp_transport *t, - struct kvec *iov_orig, - unsigned int nr_segs, - unsigned int to_read) +static int ksmbd_tcp_readv(struct tcp_transport *t, struct kvec *iov_orig, + unsigned int nr_segs, unsigned int to_read) { int length = 0; int total_read; @@ -345,9 +342,7 @@ static int ksmbd_tcp_readv(struct tcp_transport *t, * Return: on success return number of bytes read from socket, * otherwise return error number */ -static int ksmbd_tcp_read(struct ksmbd_transport *t, - char *buf, - unsigned int to_read) +static int ksmbd_tcp_read(struct ksmbd_transport *t, char *buf, unsigned int to_read) { struct kvec iov;

@@ -357,9 +352,8 @@ static int ksmbd_tcp_read(struct ksmbd_transport *t, return ksmbd_tcp_readv(TCP_TRANS(t), &iov, 1, to_read); }

-static int ksmbd_tcp_writev(struct ksmbd_transport *t, - struct kvec *iov, int nvecs, int size, - bool need_invalidate, unsigned int remote_key) +static int ksmbd_tcp_writev(struct ksmbd_transport *t, struct kvec *iov, + int nvecs, int size, bool need_invalidate, unsigned int remote_key)

{ struct msghdr smb_msg = {.msg_flags = MSG_NOSIGNAL}; @@ -473,7 +467,7 @@ static int create_socket(struct interface *iface) }

static int ksmbd_netdev_event(struct notifier_block *nb, unsigned long event, - void *ptr) + void *ptr) { struct net_device *netdev = netdev_notifier_info_to_dev(ptr); struct interface *iface; @@ -523,7 +517,6 @@ static int ksmbd_netdev_event(struct notifier_block *nb, unsigned long event, }

return NOTIFY_DONE; - }

static struct notifier_block ksmbd_netdev_notifier = { diff --git a/fs/cifsd/unicode.c b/fs/cifsd/unicode.c index 22a4d10a2000..38bba50c4f16 100644 --- a/fs/cifsd/unicode.c +++ b/fs/cifsd/unicode.c @@ -26,9 +26,8 @@ * * Return: string length after conversion */ -static int smb_utf16_bytes(const __le16 *from, - int maxbytes, - const struct nls_table *codepage) +static int smb_utf16_bytes(const __le16 *from, int maxbytes, + const struct nls_table *codepage) { int i; int charlen, outlen = 0; @@ -66,7 +65,7 @@ static int smb_utf16_bytes(const __le16 *from, */ static int cifs_mapchar(char *target, const __u16 src_char, const struct nls_table *cp, - bool mapchar) + bool mapchar) { int len = 1;

@@ -124,9 +123,9 @@ static inline int is_char_allowed(char *ch) { /* check for control chars, wildcards etc. */ if (!(*ch & 0x80) && - (*ch <= 0x1f || - *ch == '?' || *ch == '"' || *ch == '<' || - *ch == '>' || *ch == '|')) + (*ch <= 0x1f || + *ch == '?' || *ch == '"' || *ch == '<' || + *ch == '>' || *ch == '|')) return 0;

return 1; @@ -156,12 +155,8 @@ static inline int is_char_allowed(char *ch) * * Return: string length after conversion */ -static int smb_from_utf16(char *to, - const __le16 *from, - int tolen, - int fromlen, - const struct nls_table *codepage, - bool mapchar) +static int smb_from_utf16(char *to, const __le16 *from, int tolen, int fromlen, + const struct nls_table *codepage, bool mapchar) { int i, charlen, safelen; int outlen = 0; @@ -214,8 +209,7 @@ static int smb_from_utf16(char *to, * * Return: string length after conversion */ -int -smb_strtoUTF16(__le16 *to, const char *from, int len, +int smb_strtoUTF16(__le16 *to, const char *from, int len, const struct nls_table *codepage) { int charlen; @@ -230,7 +224,7 @@ smb_strtoUTF16(__le16 *to, const char *from, int len, * in destination len is length in wchar_t units (16bits) */ i = utf8s_to_utf16s(from, len, UTF16_LITTLE_ENDIAN, - (wchar_t *) to, len); + (wchar_t *)to, len);

/* if success terminate and exit */ if (i >= 0) @@ -272,20 +266,19 @@ smb_strtoUTF16(__le16 *to, const char *from, int len, * * Return: destination string buffer or error ptr */ -char * -smb_strndup_from_utf16(const char *src, const int maxlen, - const bool is_unicode, const struct nls_table *codepage) +char *smb_strndup_from_utf16(const char *src, const int maxlen, + const bool is_unicode, const struct nls_table *codepage) { int len, ret; char *dst;

if (is_unicode) { - len = smb_utf16_bytes((__le16 *) src, maxlen, codepage); + len = smb_utf16_bytes((__le16 *)src, maxlen, codepage); len += nls_nullsize(codepage); dst = kmalloc(len, GFP_KERNEL); if (!dst) return ERR_PTR(-ENOMEM); - ret = smb_from_utf16(dst, (__le16 *) src, len, maxlen, codepage, + ret = smb_from_utf16(dst, (__le16 *)src, len, maxlen, codepage, false); if (ret < 0) { kfree(dst); @@ -324,9 +317,8 @@ smb_strndup_from_utf16(const char *src, const int maxlen, * * Return: char length after conversion */ -int -smbConvertToUTF16(__le16 *target, const char *source, int srclen, - const struct nls_table *cp, int mapchars) +int smbConvertToUTF16(__le16 *target, const char *source, int srclen, + const struct nls_table *cp, int mapchars) { int i, j, charlen; char src_char; diff --git a/fs/cifsd/unicode.h b/fs/cifsd/unicode.h index 7135d62bf9b0..c37d7024cf60 100644 --- a/fs/cifsd/unicode.h +++ b/fs/cifsd/unicode.h @@ -32,13 +32,13 @@ * reserved symbols (along with \ and /), otherwise illegal to store * in filenames in NTFS */ -#define UNI_ASTERISK ((__u16) ('*' + 0xF000)) -#define UNI_QUESTION ((__u16) ('?' + 0xF000)) -#define UNI_COLON ((__u16) (':' + 0xF000)) -#define UNI_GRTRTHAN ((__u16) ('>' + 0xF000)) -#define UNI_LESSTHAN ((__u16) ('<' + 0xF000)) -#define UNI_PIPE ((__u16) ('|' + 0xF000)) -#define UNI_SLASH ((__u16) ('\' + 0xF000)) +#define UNI_ASTERISK ((__u16)('*' + 0xF000)) +#define UNI_QUESTION ((__u16)('?' + 0xF000)) +#define UNI_COLON ((__u16)(':' + 0xF000)) +#define UNI_GRTRTHAN ((__u16)('>' + 0xF000)) +#define UNI_LESSTHAN ((__u16)('<' + 0xF000)) +#define UNI_PIPE ((__u16)('|' + 0xF000)) +#define UNI_SLASH ((__u16)('\' + 0xF000))

/* Just define what we want from uniupr.h. We don't want to define the tables * in each source file. @@ -63,13 +63,12 @@ extern const struct UniCaseRange CifsUniLowerRange[];

#ifdef __KERNEL__ int smb_strtoUTF16(__le16 *to, const char *from, int len, - const struct nls_table *codepage); -char *smb_strndup_from_utf16(const char *src, const int maxlen, - const bool is_unicode, const struct nls_table *codepage); -extern int smbConvertToUTF16(__le16 *target, const char *source, int srclen, +char *smb_strndup_from_utf16(const char *src, const int maxlen, + const bool is_unicode, const struct nls_table *codepage); +int smbConvertToUTF16(__le16 *target, const char *source, int srclen, const struct nls_table *cp, int mapchars); -extern char *ksmbd_extract_sharename(char *treename); +char *ksmbd_extract_sharename(char *treename); #endif

wchar_t cifs_toupper(wchar_t in); @@ -80,8 +79,7 @@ wchar_t cifs_toupper(wchar_t in); * Returns: * Address of the first string */ - static inline wchar_t * -UniStrcat(wchar_t *ucs1, const wchar_t *ucs2) +static inline wchar_t *UniStrcat(wchar_t *ucs1, const wchar_t *ucs2) { wchar_t *anchor = ucs1; /* save a pointer to start of ucs1 */

@@ -100,14 +98,13 @@ UniStrcat(wchar_t *ucs1, const wchar_t *ucs2) * Address of first occurrence of character in string * or NULL if the character is not in the string */ - static inline wchar_t * -UniStrchr(const wchar_t *ucs, wchar_t uc) +static inline wchar_t *UniStrchr(const wchar_t *ucs, wchar_t uc) { while ((*ucs != uc) && *ucs) ucs++;

if (*ucs == uc) - return (wchar_t *) ucs; + return (wchar_t *)ucs; return NULL; }

@@ -119,21 +116,19 @@ UniStrchr(const wchar_t *ucs, wchar_t uc) * = 0: Strings are equal * > 0: First string is greater than second */ - static inline int -UniStrcmp(const wchar_t *ucs1, const wchar_t *ucs2) +static inline int UniStrcmp(const wchar_t *ucs1, const wchar_t *ucs2) { while ((*ucs1 == *ucs2) && *ucs1) { ucs1++; ucs2++; } - return (int) *ucs1 - (int) *ucs2; + return (int)*ucs1 - (int)*ucs2; }

/* * UniStrcpy: Copy a string */ - static inline wchar_t * -UniStrcpy(wchar_t *ucs1, const wchar_t *ucs2) +static inline wchar_t *UniStrcpy(wchar_t *ucs1, const wchar_t *ucs2) { wchar_t *anchor = ucs1; /* save the start of result string */

@@ -145,8 +140,7 @@ UniStrcpy(wchar_t *ucs1, const wchar_t *ucs2) /* * UniStrlen: Return the length of a string (in 16 bit Unicode chars not bytes) */ - static inline size_t -UniStrlen(const wchar_t *ucs1) +static inline size_t UniStrlen(const wchar_t *ucs1) { int i = 0;

@@ -159,8 +153,7 @@ UniStrlen(const wchar_t *ucs1) * UniStrnlen: Return the length (in 16 bit Unicode chars not bytes) of a * string (length limited) */ - static inline size_t -UniStrnlen(const wchar_t *ucs1, int maxlen) +static inline size_t UniStrnlen(const wchar_t *ucs1, int maxlen) { int i = 0;

@@ -175,8 +168,7 @@ UniStrnlen(const wchar_t *ucs1, int maxlen) /* * UniStrncat: Concatenate length limited string */ - static inline wchar_t * -UniStrncat(wchar_t *ucs1, const wchar_t *ucs2, size_t n) +static inline wchar_t *UniStrncat(wchar_t *ucs1, const wchar_t *ucs2, size_t n) { wchar_t *anchor = ucs1; /* save pointer to string 1 */

@@ -194,8 +186,7 @@ UniStrncat(wchar_t *ucs1, const wchar_t *ucs2, size_t n) /* * UniStrncmp: Compare length limited string */ - static inline int -UniStrncmp(const wchar_t *ucs1, const wchar_t *ucs2, size_t n) +static inline int UniStrncmp(const wchar_t *ucs1, const wchar_t *ucs2, size_t n) { if (!n) return 0; /* Null strings are equal */ @@ -203,7 +194,7 @@ UniStrncmp(const wchar_t *ucs1, const wchar_t *ucs2, size_t n) ucs1++; ucs2++; } - return (int) *ucs1 - (int) *ucs2; + return (int)*ucs1 - (int)*ucs2; }

/* @@ -218,14 +209,13 @@ UniStrncmp_le(const wchar_t *ucs1, const wchar_t *ucs2, size_t n) ucs1++; ucs2++; } - return (int) *ucs1 - (int) __le16_to_cpu(*ucs2); + return (int)*ucs1 - (int)__le16_to_cpu(*ucs2); }

/* * UniStrncpy: Copy length limited string with pad */ - static inline wchar_t * -UniStrncpy(wchar_t *ucs1, const wchar_t *ucs2, size_t n) +static inline wchar_t *UniStrncpy(wchar_t *ucs1, const wchar_t *ucs2, size_t n) { wchar_t *anchor = ucs1;

@@ -241,8 +231,7 @@ UniStrncpy(wchar_t *ucs1, const wchar_t *ucs2, size_t n) /* * UniStrncpy_le: Copy length limited string with pad to little-endian */ - static inline wchar_t * -UniStrncpy_le(wchar_t *ucs1, const wchar_t *ucs2, size_t n) +static inline wchar_t *UniStrncpy_le(wchar_t *ucs1, const wchar_t *ucs2, size_t n) { wchar_t *anchor = ucs1;

@@ -262,8 +251,7 @@ UniStrncpy_le(wchar_t *ucs1, const wchar_t *ucs2, size_t n) * Address of first match found * NULL if no matching string is found */ - static inline wchar_t * -UniStrstr(const wchar_t *ucs1, const wchar_t *ucs2) +static inline wchar_t *UniStrstr(const wchar_t *ucs1, const wchar_t *ucs2) { const wchar_t *anchor1 = ucs1; const wchar_t *anchor2 = ucs2; @@ -275,14 +263,14 @@ UniStrstr(const wchar_t *ucs1, const wchar_t *ucs2) ucs2++; } else { if (!*ucs2) /* Match found */ - return (wchar_t *) anchor1; + return (wchar_t *)anchor1; ucs1 = ++anchor1; /* No match */ ucs2 = anchor2; } }

if (!*ucs2) /* Both end together */ - return (wchar_t *) anchor1; /* Match found */ + return (wchar_t *)anchor1; /* Match found */ return NULL; /* No match */ }

@@ -290,8 +278,7 @@ UniStrstr(const wchar_t *ucs1, const wchar_t *ucs2) /* * UniToupper: Convert a unicode character to upper case */ - static inline wchar_t -UniToupper(register wchar_t uc) +static inline wchar_t UniToupper(register wchar_t uc) { register const struct UniCaseRange *rp;

@@ -314,8 +301,7 @@ UniToupper(register wchar_t uc) /* * UniStrupr: Upper case a unicode string */ - static inline __le16 * -UniStrupr(register __le16 *upin) +static inline __le16 *UniStrupr(register __le16 *upin) { register __le16 *up;

@@ -332,8 +318,7 @@ UniStrupr(register __le16 *upin) /* * UniTolower: Convert a unicode character to lower case */ - static inline wchar_t -UniTolower(register wchar_t uc) +static inline wchar_t UniTolower(register wchar_t uc) { register const struct UniCaseRange *rp;

@@ -356,8 +341,7 @@ UniTolower(register wchar_t uc) /* * UniStrlwr: Lower case a unicode string */ - static inline wchar_t * -UniStrlwr(register wchar_t *upin) +static inline wchar_t *UniStrlwr(register wchar_t *upin) { register wchar_t *up;

diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index da44d131e25b..69dc1ee0fc75 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -61,19 +61,17 @@ static void rollback_path_modification(char *filename) }

static void ksmbd_vfs_inherit_owner(struct ksmbd_work *work, - struct inode *parent_inode, - struct inode *inode) + struct inode *parent_inode, struct inode *inode) { if (!test_share_config_flag(work->tcon->share_conf, - KSMBD_SHARE_FLAG_INHERIT_OWNER)) + KSMBD_SHARE_FLAG_INHERIT_OWNER)) return;

i_uid_write(inode, i_uid_read(parent_inode)); }

static void ksmbd_vfs_inherit_smack(struct ksmbd_work *work, - struct dentry *dir_dentry, - struct dentry *dentry) + struct dentry *dir_dentry, struct dentry *dentry) { char *name, *xattr_list = NULL, *smack_buf; int value_len, xattr_list_len; @@ -173,7 +171,6 @@ int ksmbd_vfs_query_maximal_access(struct dentry *dentry, __le32 *daccess) return 0; }

- /** * ksmbd_vfs_create() - vfs helper for smb create file * @work: work @@ -182,9 +179,7 @@ int ksmbd_vfs_query_maximal_access(struct dentry *dentry, __le32 *daccess) * * Return: 0 on success, otherwise error */ -int ksmbd_vfs_create(struct ksmbd_work *work, - const char *name, - umode_t mode) +int ksmbd_vfs_create(struct ksmbd_work *work, const char *name, umode_t mode) { struct path path; struct dentry *dentry; @@ -220,9 +215,7 @@ int ksmbd_vfs_create(struct ksmbd_work *work, * * Return: 0 on success, otherwise error */ -int ksmbd_vfs_mkdir(struct ksmbd_work *work, - const char *name, - umode_t mode) +int ksmbd_vfs_mkdir(struct ksmbd_work *work, const char *name, umode_t mode) { struct path path; struct dentry *dentry; @@ -243,17 +236,16 @@ int ksmbd_vfs_mkdir(struct ksmbd_work *work, ksmbd_vfs_inherit_owner(work, d_inode(path.dentry), d_inode(dentry)); ksmbd_vfs_inherit_smack(work, path.dentry, dentry); - } else + } else { ksmbd_err("mkdir(%s): creation failed (err:%d)\n", name, err); + }

done_path_create(&path, dentry); return err; }

-static ssize_t ksmbd_vfs_getcasexattr(struct dentry *dentry, - char *attr_name, - int attr_name_len, - char **attr_value) +static ssize_t ksmbd_vfs_getcasexattr(struct dentry *dentry, char *attr_name, + int attr_name_len, char **attr_value) { char *name, *xattr_list = NULL; ssize_t value_len = -ENOENT, xattr_list_len; @@ -282,7 +274,7 @@ static ssize_t ksmbd_vfs_getcasexattr(struct dentry *dentry, }

static int ksmbd_vfs_stream_read(struct ksmbd_file *fp, char *buf, loff_t *pos, - size_t count) + size_t count) { ssize_t v_len; char *stream_buf = NULL; @@ -314,10 +306,8 @@ static int ksmbd_vfs_stream_read(struct ksmbd_file *fp, char *buf, loff_t *pos, * * Return: 0 on success, otherwise error */ -static int check_lock_range(struct file *filp, - loff_t start, - loff_t end, - unsigned char type) +static int check_lock_range(struct file *filp, loff_t start, loff_t end, + unsigned char type) { struct file_lock *flock; struct file_lock_context *ctx = file_inode(filp)->i_flctx; @@ -360,9 +350,7 @@ static int check_lock_range(struct file *filp, * * Return: number of read bytes on success, otherwise error */ -int ksmbd_vfs_read(struct ksmbd_work *work, - struct ksmbd_file *fp, - size_t count, +int ksmbd_vfs_read(struct ksmbd_work *work, struct ksmbd_file *fp, size_t count, loff_t *pos) { struct file *filp; @@ -416,7 +404,7 @@ int ksmbd_vfs_read(struct ksmbd_work *work, }

static int ksmbd_vfs_stream_write(struct ksmbd_file *fp, char *buf, loff_t *pos, - size_t count) + size_t count) { char *stream_buf = NULL, *wbuf; size_t size, v_len; @@ -483,7 +471,8 @@ static int ksmbd_vfs_stream_write(struct ksmbd_file *fp, char *buf, loff_t *pos, * Return: 0 on success, otherwise error */ int ksmbd_vfs_write(struct ksmbd_work *work, struct ksmbd_file *fp, - char *buf, size_t count, loff_t *pos, bool sync, ssize_t *written) + char *buf, size_t count, loff_t *pos, bool sync, + ssize_t *written) { struct ksmbd_session *sess = work->sess; struct file *filp; @@ -564,7 +553,7 @@ int ksmbd_vfs_getattr(struct path *path, struct kstat *stat) * * Return: 0 on success, otherwise error */ -int ksmbd_vfs_fsync(struct ksmbd_work *work, uint64_t fid, uint64_t p_id) +int ksmbd_vfs_fsync(struct ksmbd_work *work, u64 fid, u64 p_id) { struct ksmbd_file *fp; int err; @@ -656,8 +645,8 @@ int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name) * * Return: 0 on success, otherwise error */ -int ksmbd_vfs_link(struct ksmbd_work *work, - const char *oldname, const char *newname) +int ksmbd_vfs_link(struct ksmbd_work *work, const char *oldname, + const char *newname) { struct path oldpath, newpath; struct dentry *dentry; @@ -702,11 +691,9 @@ int ksmbd_vfs_link(struct ksmbd_work *work, }

static int __ksmbd_vfs_rename(struct ksmbd_work *work, - struct dentry *src_dent_parent, - struct dentry *src_dent, - struct dentry *dst_dent_parent, - struct dentry *trap_dent, - char *dst_name) + struct dentry *src_dent_parent, struct dentry *src_dent, + struct dentry *dst_dent_parent, struct dentry *trap_dent, + char *dst_name) { struct dentry *dst_dent; int err; @@ -823,7 +810,7 @@ int ksmbd_vfs_fp_rename(struct ksmbd_work *work, struct ksmbd_file *fp, * Return: 0 on success, otherwise error */ int ksmbd_vfs_truncate(struct ksmbd_work *work, const char *name, - struct ksmbd_file *fp, loff_t size) + struct ksmbd_file *fp, loff_t size) { struct path path; int err = 0; @@ -906,8 +893,7 @@ ssize_t ksmbd_vfs_listxattr(struct dentry *dentry, char **list) return size; }

-static ssize_t ksmbd_vfs_xattr_len(struct dentry *dentry, - char *xattr_name) +static ssize_t ksmbd_vfs_xattr_len(struct dentry *dentry, char *xattr_name) { return vfs_getxattr(&init_user_ns, dentry, xattr_name, NULL, 0); } @@ -920,9 +906,8 @@ static ssize_t ksmbd_vfs_xattr_len(struct dentry *dentry, * * Return: read xattr value length on success, otherwise error */ -ssize_t ksmbd_vfs_getxattr(struct dentry *dentry, - char *xattr_name, - char **xattr_buf) +ssize_t ksmbd_vfs_getxattr(struct dentry *dentry, char *xattr_name, + char **xattr_buf) { ssize_t xattr_len; char *buf; @@ -955,11 +940,8 @@ ssize_t ksmbd_vfs_getxattr(struct dentry *dentry, * * Return: 0 on success, otherwise error */ -int ksmbd_vfs_setxattr(struct dentry *dentry, - const char *attr_name, - const void *attr_value, - size_t attr_size, - int flags) +int ksmbd_vfs_setxattr(struct dentry *dentry, const char *attr_name, + const void *attr_value, size_t attr_size, int flags) { int err;

@@ -987,9 +969,9 @@ void ksmbd_vfs_set_fadvise(struct file *filp, __le32 option) if (!option || !mapping) return;

- if (option & FILE_WRITE_THROUGH_LE) + if (option & FILE_WRITE_THROUGH_LE) { filp->f_flags |= O_SYNC; - else if (option & FILE_SEQUENTIAL_ONLY_LE) { + } else if (option & FILE_SEQUENTIAL_ONLY_LE) { filp->f_ra.ra_pages = inode_to_bdi(mapping->host)->ra_pages * 2; spin_lock(&filp->f_lock); filp->f_mode &= ~FMODE_RANDOM; @@ -1021,18 +1003,15 @@ int ksmbd_vfs_readdir(struct file *file, struct ksmbd_readdir_data *rdata) return iterate_dir(file, &rdata->ctx); }

-int ksmbd_vfs_alloc_size(struct ksmbd_work *work, - struct ksmbd_file *fp, - loff_t len) +int ksmbd_vfs_alloc_size(struct ksmbd_work *work, struct ksmbd_file *fp, + loff_t len) { smb_break_all_levII_oplock(work, fp, 1); return vfs_fallocate(fp->filp, FALLOC_FL_KEEP_SIZE, 0, len); }

-int ksmbd_vfs_zero_data(struct ksmbd_work *work, - struct ksmbd_file *fp, - loff_t off, - loff_t len) +int ksmbd_vfs_zero_data(struct ksmbd_work *work, struct ksmbd_file *fp, + loff_t off, loff_t len) { smb_break_all_levII_oplock(work, fp, 1); if (fp->f_ci->m_fattr & ATTR_SPARSE_FILE_LE) @@ -1085,8 +1064,9 @@ int ksmbd_vfs_fqar_lseek(struct ksmbd_file *fp, loff_t start, loff_t length, if (extent_end != -ENXIO) ret = (int)extent_end; break; - } else if (extent_start >= extent_end) + } else if (extent_start >= extent_end) { break; + }

ranges[*out_count].file_offset = cpu_to_le64(extent_start); ranges[(*out_count)++].length = @@ -1161,7 +1141,7 @@ unsigned short ksmbd_vfs_logical_sector_size(struct inode *inode) * @fs_ss: fs sector size struct */ void ksmbd_vfs_smb2_sector_size(struct inode *inode, - struct ksmbd_fs_sector_size *fs_ss) + struct ksmbd_fs_sector_size *fs_ss) { struct request_queue *q;

@@ -1186,12 +1166,8 @@ void ksmbd_vfs_smb2_sector_size(struct inode *inode, } }

-static int __dir_empty(struct dir_context *ctx, - const char *name, - int namlen, - loff_t offset, - u64 ino, - unsigned int d_type) +static int __dir_empty(struct dir_context *ctx, const char *name, int namlen, + loff_t offset, u64 ino, unsigned int d_type) { struct ksmbd_readdir_data *buf;

@@ -1227,12 +1203,8 @@ int ksmbd_vfs_empty_dir(struct ksmbd_file *fp) return err; }

-static int __caseless_lookup(struct dir_context *ctx, - const char *name, - int namlen, - loff_t offset, - u64 ino, - unsigned int d_type) +static int __caseless_lookup(struct dir_context *ctx, const char *name, + int namlen, loff_t offset, u64 ino, unsigned int d_type) { struct ksmbd_readdir_data *buf;

@@ -1260,7 +1232,7 @@ static int ksmbd_vfs_lookup_in_dir(char *dirname, char *filename) struct path dir_path; int ret; struct file *dfilp; - int flags = O_RDONLY|O_LARGEFILE; + int flags = O_RDONLY | O_LARGEFILE; int dirnamelen = strlen(dirname); struct ksmbd_readdir_data readdir_data = { .ctx.actor = __caseless_lookup, @@ -1349,9 +1321,9 @@ int ksmbd_vfs_remove_acl_xattrs(struct dentry *dentry) ksmbd_debug(SMB, "%s, len %zd\n", name, strlen(name));

if (!strncmp(name, XATTR_NAME_POSIX_ACL_ACCESS, - sizeof(XATTR_NAME_POSIX_ACL_ACCESS)-1) || + sizeof(XATTR_NAME_POSIX_ACL_ACCESS) - 1) || !strncmp(name, XATTR_NAME_POSIX_ACL_DEFAULT, - sizeof(XATTR_NAME_POSIX_ACL_DEFAULT)-1)) { + sizeof(XATTR_NAME_POSIX_ACL_DEFAULT) - 1)) { err = ksmbd_vfs_remove_xattr(dentry, name); if (err) ksmbd_debug(SMB, @@ -1621,8 +1593,9 @@ int ksmbd_vfs_get_dos_attrib_xattr(struct dentry *dentry, if (ndr_decode_dos_attr(&n, da)) err = -EINVAL; ksmbd_free(n.data); - } else + } else { ksmbd_debug(SMB, "failed to load dos attribute in xattr\n"); + }

return err; } @@ -1687,9 +1660,8 @@ void *ksmbd_vfs_init_kstat(char **p, struct ksmbd_kstat *ksmbd_kstat) return info; }

-int ksmbd_vfs_fill_dentry_attrs(struct ksmbd_work *work, - struct dentry *dentry, - struct ksmbd_kstat *ksmbd_kstat) +int ksmbd_vfs_fill_dentry_attrs(struct ksmbd_work *work, struct dentry *dentry, + struct ksmbd_kstat *ksmbd_kstat) { u64 time; int rc; @@ -1709,23 +1681,23 @@ int ksmbd_vfs_fill_dentry_attrs(struct ksmbd_work *work, ksmbd_kstat->file_attributes = ATTR_ARCHIVE_LE;

if (test_share_config_flag(work->tcon->share_conf, - KSMBD_SHARE_FLAG_STORE_DOS_ATTRS)) { + KSMBD_SHARE_FLAG_STORE_DOS_ATTRS)) { struct xattr_dos_attrib da;

rc = ksmbd_vfs_get_dos_attrib_xattr(dentry, &da); if (rc > 0) { ksmbd_kstat->file_attributes = cpu_to_le32(da.attr); ksmbd_kstat->create_time = da.create_time; - } else + } else { ksmbd_debug(VFS, "fail to load dos attribute.\n"); + } }

return 0; }

-ssize_t ksmbd_vfs_casexattr_len(struct dentry *dentry, - char *attr_name, - int attr_name_len) +ssize_t ksmbd_vfs_casexattr_len(struct dentry *dentry, char *attr_name, + int attr_name_len) { char *name, *xattr_list = NULL; ssize_t value_len = -ENOENT, xattr_list_len; @@ -1749,10 +1721,8 @@ ssize_t ksmbd_vfs_casexattr_len(struct dentry *dentry, return value_len; }

-int ksmbd_vfs_xattr_stream_name(char *stream_name, - char **xattr_stream_name, - size_t *xattr_stream_name_size, - int s_type) +int ksmbd_vfs_xattr_stream_name(char *stream_name, char **xattr_stream_name, + size_t *xattr_stream_name_size, int s_type) { int stream_name_size; char *xattr_stream_name_buf; @@ -1791,8 +1761,7 @@ int ksmbd_vfs_xattr_stream_name(char *stream_name, }

static int ksmbd_vfs_copy_file_range(struct file *file_in, loff_t pos_in, - struct file *file_out, loff_t pos_out, - size_t len) + struct file *file_out, loff_t pos_out, size_t len) { struct inode *inode_in = file_inode(file_in); struct inode *inode_out = file_inode(file_out); @@ -1838,13 +1807,10 @@ static int ksmbd_vfs_copy_file_range(struct file *file_in, loff_t pos_in, }

int ksmbd_vfs_copy_file_ranges(struct ksmbd_work *work, - struct ksmbd_file *src_fp, - struct ksmbd_file *dst_fp, - struct srv_copychunk *chunks, - unsigned int chunk_count, - unsigned int *chunk_count_written, - unsigned int *chunk_size_written, - loff_t *total_size_written) + struct ksmbd_file *src_fp, struct ksmbd_file *dst_fp, + struct srv_copychunk *chunks, unsigned int chunk_count, + unsigned int *chunk_count_written, + unsigned int *chunk_size_written, loff_t *total_size_written) { unsigned int i; loff_t src_off, dst_off, src_file_size; @@ -1876,10 +1842,10 @@ int ksmbd_vfs_copy_file_ranges(struct ksmbd_work *work, len = le32_to_cpu(chunks[i].Length);

if (check_lock_range(src_fp->filp, src_off, - src_off + len - 1, READ)) + src_off + len - 1, READ)) return -EAGAIN; if (check_lock_range(dst_fp->filp, dst_off, - dst_off + len - 1, WRITE)) + dst_off + len - 1, WRITE)) return -EAGAIN; } } diff --git a/fs/cifsd/vfs.h b/fs/cifsd/vfs.h index bbef5c20c146..e1ca9ac11ba5 100644 --- a/fs/cifsd/vfs.h +++ b/fs/cifsd/vfs.h @@ -101,7 +101,6 @@ struct xattr_ntacl { #define XATTR_NAME_SD_LEN \ (sizeof(XATTR_SECURITY_PREFIX SD_PREFIX) - 1)

- /* CreateOptions */ /* Flag is set, it must not be a file , valid for directory only */ #define FILE_DIRECTORY_FILE_LE cpu_to_le32(0x00000001) @@ -197,10 +196,11 @@ int ksmbd_vfs_query_maximal_access(struct dentry *dentry, __le32 *daccess); int ksmbd_vfs_create(struct ksmbd_work *work, const char *name, umode_t mode); int ksmbd_vfs_mkdir(struct ksmbd_work *work, const char *name, umode_t mode); int ksmbd_vfs_read(struct ksmbd_work *work, struct ksmbd_file *fp, - size_t count, loff_t *pos); + size_t count, loff_t *pos); int ksmbd_vfs_write(struct ksmbd_work *work, struct ksmbd_file *fp, - char *buf, size_t count, loff_t *pos, bool sync, ssize_t *written); -int ksmbd_vfs_fsync(struct ksmbd_work *work, uint64_t fid, uint64_t p_id); + char *buf, size_t count, loff_t *pos, bool sync, + ssize_t *written); +int ksmbd_vfs_fsync(struct ksmbd_work *work, u64 fid, u64 p_id); int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name); int ksmbd_vfs_link(struct ksmbd_work *work, const char *oldname, const char *newname); @@ -210,90 +210,53 @@ int ksmbd_vfs_readlink(struct path *path, char *buf, int lenp);

int ksmbd_vfs_fp_rename(struct ksmbd_work *work, struct ksmbd_file *fp, char *newname); -int ksmbd_vfs_rename_slowpath(struct ksmbd_work *work, - char *oldname, char *newname);

int ksmbd_vfs_truncate(struct ksmbd_work *work, const char *name, - struct ksmbd_file *fp, loff_t size); + struct ksmbd_file *fp, loff_t size);

struct srv_copychunk; int ksmbd_vfs_copy_file_ranges(struct ksmbd_work *work, - struct ksmbd_file *src_fp, - struct ksmbd_file *dst_fp, - struct srv_copychunk *chunks, - unsigned int chunk_count, - unsigned int *chunk_count_written, - unsigned int *chunk_size_written, - loff_t *total_size_written); - -struct ksmbd_file *ksmbd_vfs_dentry_open(struct ksmbd_work *work, - const struct path *path, - int flags, - __le32 option, - int fexist); + struct ksmbd_file *src_fp, struct ksmbd_file *dst_fp, + struct srv_copychunk *chunks, unsigned int chunk_count, + unsigned int *chunk_count_written, + unsigned int *chunk_size_written, loff_t *total_size_written);

ssize_t ksmbd_vfs_listxattr(struct dentry *dentry, char **list); -ssize_t ksmbd_vfs_getxattr(struct dentry *dentry, - char *xattr_name, - char **xattr_buf); - -ssize_t ksmbd_vfs_casexattr_len(struct dentry *dentry, - char *attr_name, - int attr_name_len); - -int ksmbd_vfs_setxattr(struct dentry *dentry, - const char *attr_name, - const void *attr_value, - size_t attr_size, - int flags); - -int ksmbd_vfs_fsetxattr(const char *filename, - const char *attr_name, - const void *attr_value, - size_t attr_size, - int flags); - -int ksmbd_vfs_xattr_stream_name(char *stream_name, - char **xattr_stream_name, - size_t *xattr_stream_name_size, - int s_type); - +ssize_t ksmbd_vfs_getxattr(struct dentry *dentry, char *xattr_name, + char **xattr_buf); +ssize_t ksmbd_vfs_casexattr_len(struct dentry *dentry, char *attr_name, + int attr_name_len); +int ksmbd_vfs_setxattr(struct dentry *dentry, const char *attr_name, + const void *attr_value, size_t attr_size, int flags); +int ksmbd_vfs_xattr_stream_name(char *stream_name, char **xattr_stream_name, + size_t *xattr_stream_name_size, int s_type); int ksmbd_vfs_truncate_xattr(struct dentry *dentry, int wo_streams); int ksmbd_vfs_remove_xattr(struct dentry *dentry, char *attr_name); void ksmbd_vfs_xattr_free(char *xattr); - int ksmbd_vfs_kern_path(char *name, unsigned int flags, struct path *path, bool caseless); int ksmbd_vfs_empty_dir(struct ksmbd_file *fp); void ksmbd_vfs_set_fadvise(struct file *filp, __le32 option); int ksmbd_vfs_lock(struct file *filp, int cmd, struct file_lock *flock); int ksmbd_vfs_readdir(struct file *file, struct ksmbd_readdir_data *rdata); -int ksmbd_vfs_alloc_size(struct ksmbd_work *work, - struct ksmbd_file *fp, - loff_t len); -int ksmbd_vfs_zero_data(struct ksmbd_work *work, - struct ksmbd_file *fp, - loff_t off, - loff_t len); - +int ksmbd_vfs_alloc_size(struct ksmbd_work *work, struct ksmbd_file *fp, + loff_t len); +int ksmbd_vfs_zero_data(struct ksmbd_work *work, struct ksmbd_file *fp, + loff_t off, loff_t len); struct file_allocated_range_buffer; int ksmbd_vfs_fqar_lseek(struct ksmbd_file *fp, loff_t start, loff_t length, - struct file_allocated_range_buffer *ranges, - int in_count, int *out_count); + struct file_allocated_range_buffer *ranges, + int in_count, int *out_count); int ksmbd_vfs_unlink(struct dentry *dir, struct dentry *dentry); unsigned short ksmbd_vfs_logical_sector_size(struct inode *inode); void ksmbd_vfs_smb2_sector_size(struct inode *inode, - struct ksmbd_fs_sector_size *fs_ss); + struct ksmbd_fs_sector_size *fs_ss); void *ksmbd_vfs_init_kstat(char **p, struct ksmbd_kstat *ksmbd_kstat); - -int ksmbd_vfs_fill_dentry_attrs(struct ksmbd_work *work, - struct dentry *dentry, - struct ksmbd_kstat *ksmbd_kstat); - +int ksmbd_vfs_fill_dentry_attrs(struct ksmbd_work *work, struct dentry *dentry, + struct ksmbd_kstat *ksmbd_kstat); int ksmbd_vfs_posix_lock_wait(struct file_lock *flock); int ksmbd_vfs_posix_lock_wait_timeout(struct file_lock *flock, long timeout); void ksmbd_vfs_posix_lock_unblock(struct file_lock *flock); - int ksmbd_vfs_remove_acl_xattrs(struct dentry *dentry); int ksmbd_vfs_remove_sd_xattrs(struct dentry *dentry); int ksmbd_vfs_set_sd_xattr(struct ksmbd_conn *conn, struct dentry *dentry, diff --git a/fs/cifsd/vfs_cache.c b/fs/cifsd/vfs_cache.c index 2b38628e1cb8..ec631dc6f1fb 100644 --- a/fs/cifsd/vfs_cache.c +++ b/fs/cifsd/vfs_cache.c @@ -284,8 +284,7 @@ static void __ksmbd_remove_durable_fd(struct ksmbd_file *fp) write_unlock(&global_ft.lock); }

-static void __ksmbd_remove_fd(struct ksmbd_file_table *ft, - struct ksmbd_file *fp) +static void __ksmbd_remove_fd(struct ksmbd_file_table *ft, struct ksmbd_file *fp) { if (!HAS_FILE_ID(fp->volatile_id)) return; @@ -299,8 +298,7 @@ static void __ksmbd_remove_fd(struct ksmbd_file_table *ft, write_unlock(&ft->lock); }

-static void __ksmbd_close_fd(struct ksmbd_file_table *ft, - struct ksmbd_file *fp) +static void __ksmbd_close_fd(struct ksmbd_file_table *ft, struct ksmbd_file *fp) { struct file *filp;

@@ -328,7 +326,7 @@ static struct ksmbd_file *ksmbd_fp_get(struct ksmbd_file *fp) }

static struct ksmbd_file *__ksmbd_lookup_fd(struct ksmbd_file_table *ft, - unsigned int id) + unsigned int id) { bool unclaimed = true; struct ksmbd_file *fp; @@ -352,8 +350,7 @@ static struct ksmbd_file *__ksmbd_lookup_fd(struct ksmbd_file_table *ft, return fp; }

-static void __put_fd_final(struct ksmbd_work *work, - struct ksmbd_file *fp) +static void __put_fd_final(struct ksmbd_work *work, struct ksmbd_file *fp) { __ksmbd_close_fd(&work->sess->file_table, fp); atomic_dec(&work->conn->stats.open_files_count); @@ -399,8 +396,7 @@ int ksmbd_close_fd(struct ksmbd_work *work, unsigned int id) return 0; }

-void ksmbd_fd_put(struct ksmbd_work *work, - struct ksmbd_file *fp) +void ksmbd_fd_put(struct ksmbd_work *work, struct ksmbd_file *fp) { if (!fp) return; @@ -410,8 +406,7 @@ void ksmbd_fd_put(struct ksmbd_work *work, __put_fd_final(work, fp); }

-static bool __sanity_check(struct ksmbd_tree_connect *tcon, - struct ksmbd_file *fp) +static bool __sanity_check(struct ksmbd_tree_connect *tcon, struct ksmbd_file *fp) { if (!fp) return false; @@ -420,14 +415,12 @@ static bool __sanity_check(struct ksmbd_tree_connect *tcon, return true; }

-struct ksmbd_file *ksmbd_lookup_foreign_fd(struct ksmbd_work *work, - unsigned int id) +struct ksmbd_file *ksmbd_lookup_foreign_fd(struct ksmbd_work *work, unsigned int id) { return __ksmbd_lookup_fd(&work->sess->file_table, id); }

-struct ksmbd_file *ksmbd_lookup_fd_fast(struct ksmbd_work *work, - unsigned int id) +struct ksmbd_file *ksmbd_lookup_fd_fast(struct ksmbd_work *work, unsigned int id) { struct ksmbd_file *fp = __ksmbd_lookup_fd(&work->sess->file_table, id);

@@ -438,9 +431,8 @@ struct ksmbd_file *ksmbd_lookup_fd_fast(struct ksmbd_work *work, return NULL; }

-struct ksmbd_file *ksmbd_lookup_fd_slow(struct ksmbd_work *work, - unsigned int id, - unsigned int pid) +struct ksmbd_file *ksmbd_lookup_fd_slow(struct ksmbd_work *work, unsigned int id, + unsigned int pid) { struct ksmbd_file *fp;

@@ -469,8 +461,7 @@ struct ksmbd_file *ksmbd_lookup_durable_fd(unsigned long long id) return __ksmbd_lookup_fd(&global_ft, id); }

-int ksmbd_close_fd_app_id(struct ksmbd_work *work, - char *app_id) +int ksmbd_close_fd_app_id(struct ksmbd_work *work, char *app_id) { struct ksmbd_file *fp = NULL; unsigned int id; @@ -513,8 +504,7 @@ struct ksmbd_file *ksmbd_lookup_fd_cguid(char *cguid) return fp; }

-struct ksmbd_file *ksmbd_lookup_fd_filename(struct ksmbd_work *work, - char *filename) +struct ksmbd_file *ksmbd_lookup_fd_filename(struct ksmbd_work *work, char *filename) { struct ksmbd_file *fp = NULL; unsigned int id; @@ -566,8 +556,7 @@ static void __open_id_set(struct ksmbd_file *fp, unsigned int id, int type) fp->persistent_id = id; }

-static int __open_id(struct ksmbd_file_table *ft, - struct ksmbd_file *fp, +static int __open_id(struct ksmbd_file_table *ft, struct ksmbd_file *fp, int type) { unsigned int id = 0; @@ -601,8 +590,7 @@ unsigned int ksmbd_open_durable_fd(struct ksmbd_file *fp) return fp->persistent_id; }

-struct ksmbd_file *ksmbd_open_fd(struct ksmbd_work *work, - struct file *filp) +struct ksmbd_file *ksmbd_open_fd(struct ksmbd_work *work, struct file *filp) { struct ksmbd_file *fp; int ret; @@ -657,7 +645,7 @@ static inline bool is_reconnectable(struct ksmbd_file *fp) if (fp->is_resilient || fp->is_persistent) reconn = true; else if (fp->is_durable && opinfo->is_lease && - opinfo->o_lease->state & SMB2_LEASE_HANDLE_CACHING_LE) + opinfo->o_lease->state & SMB2_LEASE_HANDLE_CACHING_LE) reconn = true;

else if (fp->is_durable && opinfo->level == SMB2_OPLOCK_LEVEL_BATCH) @@ -668,10 +656,8 @@ static inline bool is_reconnectable(struct ksmbd_file *fp) }

static int -__close_file_table_ids(struct ksmbd_file_table *ft, - struct ksmbd_tree_connect *tcon, - bool (*skip)(struct ksmbd_tree_connect *tcon, - struct ksmbd_file *fp)) +__close_file_table_ids(struct ksmbd_file_table *ft, struct ksmbd_tree_connect *tcon, + bool (*skip)(struct ksmbd_tree_connect *tcon, struct ksmbd_file *fp)) { unsigned int id; struct ksmbd_file *fp; @@ -691,14 +677,12 @@ __close_file_table_ids(struct ksmbd_file_table *ft, return num; }

-static bool tree_conn_fd_check(struct ksmbd_tree_connect *tcon, - struct ksmbd_file *fp) +static bool tree_conn_fd_check(struct ksmbd_tree_connect *tcon, struct ksmbd_file *fp) { return fp->tcon != tcon; }

-static bool session_fd_check(struct ksmbd_tree_connect *tcon, - struct ksmbd_file *fp) +static bool session_fd_check(struct ksmbd_tree_connect *tcon, struct ksmbd_file *fp) { if (!is_reconnectable(fp)) return false; @@ -745,8 +729,7 @@ void ksmbd_free_global_file_table(void) ksmbd_destroy_file_table(&global_ft); }

-int ksmbd_reopen_durable_fd(struct ksmbd_work *work, - struct ksmbd_file *fp) +int ksmbd_reopen_durable_fd(struct ksmbd_work *work, struct ksmbd_file *fp) { if (!fp->is_durable || fp->conn || fp->tcon) { ksmbd_err("Invalid durable fd [%p:%p]\n", diff --git a/fs/cifsd/vfs_cache.h b/fs/cifsd/vfs_cache.h index 04ab5967a9ae..318dcb1a297a 100644 --- a/fs/cifsd/vfs_cache.h +++ b/fs/cifsd/vfs_cache.h @@ -149,50 +149,31 @@ static inline bool ksmbd_stream_fd(struct ksmbd_file *fp)

int ksmbd_init_file_table(struct ksmbd_file_table *ft); void ksmbd_destroy_file_table(struct ksmbd_file_table *ft); - int ksmbd_close_fd(struct ksmbd_work *work, unsigned int id); - -struct ksmbd_file *ksmbd_lookup_fd_fast(struct ksmbd_work *work, - unsigned int id); -struct ksmbd_file *ksmbd_lookup_foreign_fd(struct ksmbd_work *work, - unsigned int id); -struct ksmbd_file *ksmbd_lookup_fd_slow(struct ksmbd_work *work, - unsigned int id, - unsigned int pid); - +struct ksmbd_file *ksmbd_lookup_fd_fast(struct ksmbd_work *work, unsigned int id); +struct ksmbd_file *ksmbd_lookup_foreign_fd(struct ksmbd_work *work, unsigned int id); +struct ksmbd_file *ksmbd_lookup_fd_slow(struct ksmbd_work *work, unsigned int id, + unsigned int pid); void ksmbd_fd_put(struct ksmbd_work *work, struct ksmbd_file *fp); - int ksmbd_close_fd_app_id(struct ksmbd_work *work, char *app_id); struct ksmbd_file *ksmbd_lookup_durable_fd(unsigned long long id); struct ksmbd_file *ksmbd_lookup_fd_cguid(char *cguid); -struct ksmbd_file *ksmbd_lookup_fd_filename(struct ksmbd_work *work, - char *filename); +struct ksmbd_file *ksmbd_lookup_fd_filename(struct ksmbd_work *work, char *filename); struct ksmbd_file *ksmbd_lookup_fd_inode(struct inode *inode); - unsigned int ksmbd_open_durable_fd(struct ksmbd_file *fp); - -struct ksmbd_file *ksmbd_open_fd(struct ksmbd_work *work, - struct file *filp); - +struct ksmbd_file *ksmbd_open_fd(struct ksmbd_work *work, struct file *filp); void ksmbd_close_tree_conn_fds(struct ksmbd_work *work); void ksmbd_close_session_fds(struct ksmbd_work *work); - int ksmbd_close_inode_fds(struct ksmbd_work *work, struct inode *inode); - -int ksmbd_reopen_durable_fd(struct ksmbd_work *work, - struct ksmbd_file *fp); - +int ksmbd_reopen_durable_fd(struct ksmbd_work *work, struct ksmbd_file *fp); int ksmbd_init_global_file_table(void); void ksmbd_free_global_file_table(void); - int ksmbd_file_table_flush(struct ksmbd_work *work); - void ksmbd_set_fd_limit(unsigned long limit);

/* * INODE hash */ - int __init ksmbd_inode_hash_init(void); void ksmbd_release_inode_hash(void);

@@ -203,11 +184,9 @@ enum KSMBD_INODE_STATUS { };

int ksmbd_query_inode_status(struct inode *inode); - bool ksmbd_inode_pending_delete(struct ksmbd_file *fp); void ksmbd_set_inode_pending_delete(struct ksmbd_file *fp); void ksmbd_clear_inode_pending_delete(struct ksmbd_file *fp); - void ksmbd_fd_set_delete_on_close(struct ksmbd_file *fp, int file_info); #endif /* __VFS_CACHE_H__ */

From patchwork Mon Nov 14 12:48:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183121 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:22 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:22 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:22 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 024/308] cifsd: merge time_wrappers.h into smb_common.h Date: Mon, 14 Nov 2022 20:48:53 +0800 Message-ID: 20221114125337.1831594-25-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: b92a385b-5bd6-4297-3e31-08dac63c477a X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7037939 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit a648d8aff84beedaff6302df47a947a56533ec41 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/a648d8aff84b

-------------------------------

This patch merge time_wrappers.h into smb_common.h.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/netmisc.c | 17 ++++++++++++++++- fs/cifsd/smb2pdu.c | 1 - fs/cifsd/smb_common.h | 6 ++++++ fs/cifsd/time_wrappers.h | 34 ---------------------------------- fs/cifsd/vfs.c | 1 - 5 files changed, 22 insertions(+), 37 deletions(-) delete mode 100644 fs/cifsd/time_wrappers.h

diff --git a/fs/cifsd/netmisc.c b/fs/cifsd/netmisc.c index 55393667abcc..5d0327d87397 100644 --- a/fs/cifsd/netmisc.c +++ b/fs/cifsd/netmisc.c @@ -10,7 +10,7 @@ #include "glob.h" #include "smberr.h" #include "nterr.h" -#include "time_wrappers.h" +#include "smb_common.h"

/* * Convert the NT UTC (based 1601-01-01, in hundred nanosecond units) @@ -42,3 +42,18 @@ struct timespec64 ksmbd_NTtimeToUnix(__le64 ntutc)

return ts; } + +/* Convert the Unix UTC into NT UTC. */ +inline u64 ksmbd_UnixTimeToNT(struct timespec64 t) +{ + /* Convert to 100ns intervals and then add the NTFS time offset. */ + return (u64)t.tv_sec * 10000000 + t.tv_nsec / 100 + NTFS_TIME_OFFSET; +} + +inline long long ksmbd_systime(void) +{ + struct timespec64 ts; + + ktime_get_real_ts64(&ts); + return ksmbd_UnixTimeToNT(ts); +} diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 3e8f1a3800dd..139041768f65 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -26,7 +26,6 @@ #include "vfs_cache.h" #include "misc.h"

-#include "time_wrappers.h" #include "server.h" #include "smb_common.h" #include "smbstatus.h" diff --git a/fs/cifsd/smb_common.h b/fs/cifsd/smb_common.h index 2d7b1c693ff4..2e171c9002b2 100644 --- a/fs/cifsd/smb_common.h +++ b/fs/cifsd/smb_common.h @@ -541,4 +541,10 @@ static inline void inc_rfc1001_len(void *buf, int count) { be32_add_cpu((__be32 *)buf, count); } + +#define NTFS_TIME_OFFSET ((u64)(369 * 365 + 89) * 24 * 3600 * 10000000) + +struct timespec64 ksmbd_NTtimeToUnix(__le64 ntutc); +u64 ksmbd_UnixTimeToNT(struct timespec64 t); +long long ksmbd_systime(void); #endif /* __SMB_COMMON_H__ */ diff --git a/fs/cifsd/time_wrappers.h b/fs/cifsd/time_wrappers.h deleted file mode 100644 index 31bea2058f88..000000000000 --- a/fs/cifsd/time_wrappers.h +++ /dev/null @@ -1,34 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0-or-later */ -/* - * Copyright (C) 2019 Samsung Electronics Co., Ltd. - */ - -#ifndef __KSMBD_TIME_WRAPPERS_H -#define __KSMBD_TIME_WRAPPERS_H - -/* - * A bunch of ugly hacks to workaoround all the API differences - * between different kernel versions. - */ - -#define NTFS_TIME_OFFSET ((u64)(369 * 365 + 89) * 24 * 3600 * 10000000) - -/* Convert the Unix UTC into NT UTC. */ -static inline u64 ksmbd_UnixTimeToNT(struct timespec64 t) -{ - /* Convert to 100ns intervals and then add the NTFS time offset. */ - return (u64)t.tv_sec * 10000000 + t.tv_nsec / 100 + NTFS_TIME_OFFSET; -} - -struct timespec64 ksmbd_NTtimeToUnix(__le64 ntutc); - -#define KSMBD_TIME_TO_TM time64_to_tm - -static inline long long ksmbd_systime(void) -{ - struct timespec64 ts; - - ktime_get_real_ts64(&ts); - return ksmbd_UnixTimeToNT(ts); -} -#endif /* __KSMBD_TIME_WRAPPERS_H */ diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index 69dc1ee0fc75..264f8932d40f 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -31,7 +31,6 @@ #include "ndr.h" #include "auth.h"

-#include "time_wrappers.h" #include "smb_common.h" #include "mgmt/share_config.h" #include "mgmt/tree_connect.h"

From patchwork Mon Nov 14 12:48:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183122 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:23 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:23 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:22 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 025/308] cifsd: fix wrong prototype in comment Date: Mon, 14 Nov 2022 20:48:54 +0800 Message-ID: 20221114125337.1831594-26-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: cfee76de-8888-4310-1c98-08dac63c47c3 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7098900 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 5365564901778d96a81e00e34c804d4fb05f0093 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/536556490177

-------------------------------

kernel test robot reported:

...

fs/cifsd/oplock.c:1454: warning: expecting prototype for

create_durable_rsp__buf(). Prototype was for create_durable_rsp_buf() instead

This patch fix wrong prototype in comment.

Reported-by: kernel test robot lkp@intel.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/oplock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/cifsd/oplock.c b/fs/cifsd/oplock.c index 8e072c3e7b89..4ff23aee69fa 100644 --- a/fs/cifsd/oplock.c +++ b/fs/cifsd/oplock.c @@ -1436,7 +1436,7 @@ struct create_context *smb2_find_context_vals(void *open_req, const char *tag) }

/** - * create_durable_rsp__buf() - create durable handle context + * create_durable_rsp_buf() - create durable handle context * @cc: buffer to create durable context response */ void create_durable_rsp_buf(char *cc)

From patchwork Mon Nov 14 12:48:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183123 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:23 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:23 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:23 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 026/308] cifsd: remove smack inherit leftovers Date: Mon, 14 Nov 2022 20:48:55 +0800 Message-ID: 20221114125337.1831594-27-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 6bb6816d-d067-4e69-063b-08dac63c480d X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6832120 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit d710f37c7bcd7f2cedab4762fff3e11c83aebf3f category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/d710f37c7bcd

-------------------------------

smack inherit was added for internal product beofre. It is no longer used. This patch remove it's left overs.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/ksmbd_server.h | 9 ++++----- fs/cifsd/vfs.c | 42 ----------------------------------------- 2 files changed, 4 insertions(+), 47 deletions(-)

diff --git a/fs/cifsd/ksmbd_server.h b/fs/cifsd/ksmbd_server.h index c5181a2702ff..e46be4084087 100644 --- a/fs/cifsd/ksmbd_server.h +++ b/fs/cifsd/ksmbd_server.h @@ -224,11 +224,10 @@ enum KSMBD_TREE_CONN_STATUS { #define KSMBD_SHARE_FLAG_OPLOCKS BIT(7) #define KSMBD_SHARE_FLAG_PIPE BIT(8) #define KSMBD_SHARE_FLAG_HIDE_DOT_FILES BIT(9) -#define KSMBD_SHARE_FLAG_INHERIT_SMACK BIT(10) -#define KSMBD_SHARE_FLAG_INHERIT_OWNER BIT(11) -#define KSMBD_SHARE_FLAG_STREAMS BIT(12) -#define KSMBD_SHARE_FLAG_FOLLOW_SYMLINKS BIT(13) -#define KSMBD_SHARE_FLAG_ACL_XATTR BIT(14) +#define KSMBD_SHARE_FLAG_INHERIT_OWNER BIT(10) +#define KSMBD_SHARE_FLAG_STREAMS BIT(11) +#define KSMBD_SHARE_FLAG_FOLLOW_SYMLINKS BIT(12) +#define KSMBD_SHARE_FLAG_ACL_XATTR BIT(13)

/* * Tree connect request flags. diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index 264f8932d40f..0ecdb5121c3a 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -69,46 +69,6 @@ static void ksmbd_vfs_inherit_owner(struct ksmbd_work *work, i_uid_write(inode, i_uid_read(parent_inode)); }

-static void ksmbd_vfs_inherit_smack(struct ksmbd_work *work, - struct dentry *dir_dentry, struct dentry *dentry) -{ - char *name, *xattr_list = NULL, *smack_buf; - int value_len, xattr_list_len; - - if (!test_share_config_flag(work->tcon->share_conf, - KSMBD_SHARE_FLAG_INHERIT_SMACK)) - return; - - xattr_list_len = ksmbd_vfs_listxattr(dir_dentry, &xattr_list); - if (xattr_list_len < 0) { - goto out; - } else if (!xattr_list_len) { - ksmbd_err("no ea data in the file\n"); - return; - } - - for (name = xattr_list; name - xattr_list < xattr_list_len; - name += strlen(name) + 1) { - int rc; - - ksmbd_debug(VFS, "%s, len %zd\n", name, strlen(name)); - if (strcmp(name, XATTR_NAME_SMACK)) - continue; - - value_len = ksmbd_vfs_getxattr(dir_dentry, name, &smack_buf); - if (value_len <= 0) - continue; - - rc = ksmbd_vfs_setxattr(dentry, XATTR_NAME_SMACK, smack_buf, - value_len, 0); - ksmbd_free(smack_buf); - if (rc < 0) - ksmbd_err("ksmbd_vfs_setxattr() failed: %d\n", rc); - } -out: - ksmbd_vfs_xattr_free(xattr_list); -} - int ksmbd_vfs_inode_permission(struct dentry *dentry, int acc_mode, bool delete) { int mask; @@ -198,7 +158,6 @@ int ksmbd_vfs_create(struct ksmbd_work *work, const char *name, umode_t mode) if (!err) { ksmbd_vfs_inherit_owner(work, d_inode(path.dentry), d_inode(dentry)); - ksmbd_vfs_inherit_smack(work, path.dentry, dentry); } else { ksmbd_err("File(%s): creation failed (err:%d)\n", name, err); } @@ -234,7 +193,6 @@ int ksmbd_vfs_mkdir(struct ksmbd_work *work, const char *name, umode_t mode) if (!err) { ksmbd_vfs_inherit_owner(work, d_inode(path.dentry), d_inode(dentry)); - ksmbd_vfs_inherit_smack(work, path.dentry, dentry); } else { ksmbd_err("mkdir(%s): creation failed (err:%d)\n", name, err); }

From patchwork Mon Nov 14 12:48:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183124 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:24 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:24 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:23 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 027/308] cifsd: remove calling d_path in error paths Date: Mon, 14 Nov 2022 20:48:56 +0800 Message-ID: 20221114125337.1831594-28-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 1503914c-89b9-4d08-e3b0-08dac63c4855 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6903094 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit 96a34377dc5a0969b7b0404fce84159b7c8f89d7 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/96a34377dc5a

-------------------------------

calling d_path is excessive in error paths.

Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/vfs.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index 0ecdb5121c3a..b509c90d911f 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -312,9 +312,8 @@ int ksmbd_vfs_read(struct ksmbd_work *work, struct ksmbd_file *fp, size_t count, { struct file *filp; ssize_t nbytes = 0; - char *rbuf, *name; + char *rbuf; struct inode *inode; - char namebuf[NAME_MAX];

rbuf = work->aux_payload_buf; filp = fp->filp; @@ -348,11 +347,8 @@ int ksmbd_vfs_read(struct ksmbd_work *work, struct ksmbd_file *fp, size_t count,

nbytes = kernel_read(filp, rbuf, count, pos); if (nbytes < 0) { - name = d_path(&filp->f_path, namebuf, sizeof(namebuf)); - if (IS_ERR(name)) - name = "(error)"; ksmbd_err("smb read failed for (%s), err = %zd\n", - name, nbytes); + fp->filename, nbytes); return nbytes; }

From patchwork Mon Nov 14 12:48:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183125 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:24 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:24 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:24 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 028/308] cifsd: handle unhashed dentry in ksmbd_vfs_mkdir Date: Mon, 14 Nov 2022 20:48:57 +0800 Message-ID: 20221114125337.1831594-29-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: dea61c5f-d308-43eb-2981-08dac63c489e X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6834585 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit 1637023594c1fd11fa4d77dd0c9493a864aa0d17 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/1637023594c1

-------------------------------

vfs_mkdir could return the dentry left unhashed negative on success.

Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/vfs.c | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index b509c90d911f..bdc30a7b6d52 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -190,14 +190,32 @@ int ksmbd_vfs_mkdir(struct ksmbd_work *work, const char *name, umode_t mode)

mode |= S_IFDIR; err = vfs_mkdir(&init_user_ns, d_inode(path.dentry), dentry, mode); - if (!err) { + if (err) + goto out; + else if (d_unhashed(dentry)) { + struct dentry *d; + + d = lookup_one_len(dentry->d_name.name, + dentry->d_parent, + dentry->d_name.len); + if (IS_ERR(d)) { + err = PTR_ERR(d); + goto out; + } + if (unlikely(d_is_negative(d))) { + dput(d); + err = -ENOENT; + goto out; + } + ksmbd_vfs_inherit_owner(work, d_inode(path.dentry), - d_inode(dentry)); - } else { - ksmbd_err("mkdir(%s): creation failed (err:%d)\n", name, err); + d_inode(d)); + dput(d); } - +out: done_path_create(&path, dentry); + if (err) + ksmbd_err("mkdir(%s): creation failed (err:%d)\n", name, err); return err; }

From patchwork Mon Nov 14 12:48:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183126 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:25 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:25 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:24 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 029/308] cifsd: use file_inode() instead of d_inode() Date: Mon, 14 Nov 2022 20:48:58 +0800 Message-ID: 20221114125337.1831594-30-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 9efdcf63-c6cb-4d29-1265-08dac63c48e8 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6876691 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit d2f72ed8fa0c0e6c90af8ee0bbb39d41ab2d5465 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/d2f72ed8fa0c

-------------------------------

use file_inode() to get layerd filesystems right.

Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/vfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index bdc30a7b6d52..6313d5ca4b46 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -335,7 +335,7 @@ int ksmbd_vfs_read(struct ksmbd_work *work, struct ksmbd_file *fp, size_t count,

rbuf = work->aux_payload_buf; filp = fp->filp; - inode = d_inode(filp->f_path.dentry); + inode = file_inode(filp); if (S_ISDIR(inode->i_mode)) return -EISDIR;

From patchwork Mon Nov 14 12:48:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183127 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:25 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:25 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:25 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 030/308] cifsd: remove useless error handling in ksmbd_vfs_read Date: Mon, 14 Nov 2022 20:48:59 +0800 Message-ID: 20221114125337.1831594-31-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: ccf3d24c-4b3f-492b-b0d8-08dac63c4931 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7431741 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit 8044ee8e64b4fdb068e504ec3ade597d1ccad456 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/8044ee8e64b4

-------------------------------

dentry->d_inode never happen to be NULL if we hold the dentry.

Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/vfs.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index 6313d5ca4b46..ef823679f6be 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -550,7 +550,7 @@ int ksmbd_vfs_fsync(struct ksmbd_work *work, u64 fid, u64 p_id) int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name) { struct path parent; - struct dentry *dir, *dentry; + struct dentry *dentry; char *last; int err;

@@ -569,12 +569,8 @@ int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name) return err; }

- dir = parent.dentry; - if (!d_inode(dir)) - goto out; - - inode_lock_nested(d_inode(dir), I_MUTEX_PARENT); - dentry = lookup_one_len(last, dir, strlen(last)); + inode_lock_nested(d_inode(parent.dentry), I_MUTEX_PARENT); + dentry = lookup_one_len(last, parent.dentry, strlen(last)); if (IS_ERR(dentry)) { err = PTR_ERR(dentry); ksmbd_debug(VFS, "%s: lookup failed, err %d\n", last, err); @@ -588,12 +584,12 @@ int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name) }

if (S_ISDIR(d_inode(dentry)->i_mode)) { - err = vfs_rmdir(&init_user_ns, d_inode(dir), dentry); + err = vfs_rmdir(&init_user_ns, d_inode(parent.dentry), dentry); if (err && err != -ENOTEMPTY) ksmbd_debug(VFS, "%s: rmdir failed, err %d\n", name, err); } else { - err = vfs_unlink(&init_user_ns, d_inode(dir), dentry, NULL); + err = vfs_unlink(&init_user_ns, d_inode(parent.dentry), dentry, NULL); if (err) ksmbd_debug(VFS, "%s: unlink failed, err %d\n", name, err); @@ -601,8 +597,7 @@ int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name)

dput(dentry); out_err: - inode_unlock(d_inode(dir)); -out: + inode_unlock(d_inode(parent.dentry)); rollback_path_modification(last); path_put(&parent); ksmbd_revert_fsids(work);

From patchwork Mon Nov 14 12:49:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183128 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:26 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:26 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:25 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 031/308] cifsd: use xarray instead of linked list for tree connect list Date: Mon, 14 Nov 2022 20:49:00 +0800 Message-ID: 20221114125337.1831594-32-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: a7030dad-00ad-484f-40f4-08dac63c497a X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7081186 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 02b68b2065c91ce706f462fd509032a77db5d9dc category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/02b68b2065c9

-------------------------------

Matthew suggest to change linked list of tree connect list to xarray. It will be tree connect lookup in O(log(n)) time instead of O(n) time.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/mgmt/tree_connect.c | 35 +++++++++++++++-------------------- fs/cifsd/mgmt/user_session.c | 4 +++- fs/cifsd/mgmt/user_session.h | 6 +++++- fs/cifsd/smb2pdu.c | 2 +- 4 files changed, 24 insertions(+), 23 deletions(-)

diff --git a/fs/cifsd/mgmt/tree_connect.c b/fs/cifsd/mgmt/tree_connect.c index d5670f2596a3..0c8374e8240f 100644 --- a/fs/cifsd/mgmt/tree_connect.c +++ b/fs/cifsd/mgmt/tree_connect.c @@ -5,6 +5,8 @@

#include <linux/list.h> #include <linux/slab.h> +#include <linux/version.h> +#include <linux/xarray.h>

#include "../buffer_pool.h" #include "../transport_ipc.h" @@ -23,6 +25,7 @@ ksmbd_tree_conn_connect(struct ksmbd_session *sess, char *share_name) struct ksmbd_share_config *sc; struct ksmbd_tree_connect *tree_conn = NULL; struct sockaddr *peer_addr; + int ret;

sc = ksmbd_share_config_get(share_name); if (!sc) @@ -59,8 +62,12 @@ ksmbd_tree_conn_connect(struct ksmbd_session *sess, char *share_name) tree_conn->share_conf = sc; status.tree_conn = tree_conn;

- list_add(&tree_conn->list, &sess->tree_conn_list); - + ret = xa_err(xa_store(&sess->tree_conns, tree_conn->id, tree_conn, + GFP_KERNEL)); + if (ret) { + status.ret = -ENOMEM; + goto out_error; + } ksmbd_free(resp); return status;

@@ -80,7 +87,7 @@ int ksmbd_tree_conn_disconnect(struct ksmbd_session *sess,

ret = ksmbd_ipc_tree_disconnect_request(sess->id, tree_conn->id); ksmbd_release_tree_conn_id(sess, tree_conn->id); - list_del(&tree_conn->list); + xa_erase(&sess->tree_conns, tree_conn->id); ksmbd_share_config_put(tree_conn->share_conf); ksmbd_free(tree_conn); return ret; @@ -89,15 +96,7 @@ int ksmbd_tree_conn_disconnect(struct ksmbd_session *sess, struct ksmbd_tree_connect *ksmbd_tree_conn_lookup(struct ksmbd_session *sess, unsigned int id) { - struct ksmbd_tree_connect *tree_conn; - struct list_head *tmp; - - list_for_each(tmp, &sess->tree_conn_list) { - tree_conn = list_entry(tmp, struct ksmbd_tree_connect, list); - if (tree_conn->id == id) - return tree_conn; - } - return NULL; + return xa_load(&sess->tree_conns, id); }

struct ksmbd_share_config *ksmbd_tree_conn_share(struct ksmbd_session *sess, @@ -114,15 +113,11 @@ struct ksmbd_share_config *ksmbd_tree_conn_share(struct ksmbd_session *sess, int ksmbd_tree_conn_session_logoff(struct ksmbd_session *sess) { int ret = 0; + struct ksmbd_tree_connect *tc; + unsigned long id;

- while (!list_empty(&sess->tree_conn_list)) { - struct ksmbd_tree_connect *tc; - - tc = list_entry(sess->tree_conn_list.next, - struct ksmbd_tree_connect, - list); + xa_for_each(&sess->tree_conns, id, tc) ret |= ksmbd_tree_conn_disconnect(sess, tc); - } - + xa_destroy(&sess->tree_conns); return ret; } diff --git a/fs/cifsd/mgmt/user_session.c b/fs/cifsd/mgmt/user_session.c index 5a2113bf18ef..f5cc7a62d848 100644 --- a/fs/cifsd/mgmt/user_session.c +++ b/fs/cifsd/mgmt/user_session.c @@ -6,6 +6,8 @@ #include <linux/list.h> #include <linux/slab.h> #include <linux/rwsem.h> +#include <linux/version.h> +#include <linux/xarray.h>

#include "ksmbd_ida.h" #include "user_session.h" @@ -275,7 +277,7 @@ static struct ksmbd_session *__session_create(int protocol)

set_session_flag(sess, protocol); INIT_LIST_HEAD(&sess->sessions_entry); - INIT_LIST_HEAD(&sess->tree_conn_list); + xa_init(&sess->tree_conns); INIT_LIST_HEAD(&sess->ksmbd_chann_list); INIT_LIST_HEAD(&sess->rpc_handle_list); sess->sequence_number = 1; diff --git a/fs/cifsd/mgmt/user_session.h b/fs/cifsd/mgmt/user_session.h index 68018f0f5c0b..1a97c851f2fc 100644 --- a/fs/cifsd/mgmt/user_session.h +++ b/fs/cifsd/mgmt/user_session.h @@ -7,6 +7,8 @@ #define __USER_SESSION_MANAGEMENT_H__

#include <linux/hashtable.h> +#include <linux/version.h> +#include <linux/xarray.h>

#include "../smb_common.h" #include "../ntlmssp.h" @@ -50,10 +52,12 @@ struct ksmbd_session {

struct hlist_node hlist; struct list_head ksmbd_chann_list; - struct list_head tree_conn_list; + struct xarray tree_conns; struct ksmbd_ida *tree_conn_ida; struct list_head rpc_handle_list;

+ + __u8 smb3encryptionkey[SMB3_SIGN_KEY_SIZE]; __u8 smb3decryptionkey[SMB3_SIGN_KEY_SIZE]; __u8 smb3signingkey[SMB3_SIGN_KEY_SIZE]; diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 139041768f65..0b7199444f73 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -104,7 +104,7 @@ int smb2_get_ksmbd_tcon(struct ksmbd_work *work) return 0; }

- if (list_empty(&work->sess->tree_conn_list)) { + if (xa_empty(&work->sess->tree_conns)) { ksmbd_debug(SMB, "NO tree connected\n"); return -1; }

From patchwork Mon Nov 14 12:49:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183129 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:26 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:26 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:26 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 032/308] cifsd: remove stale prototype and variables Date: Mon, 14 Nov 2022 20:49:01 +0800 Message-ID: 20221114125337.1831594-33-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 4a365331-fd47-439f-041b-08dac63c49c4 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6983889 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Gibeom Kim gibeomii.kim@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 5da64d8784d36c0601743a5159a598f5888089c7 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/5da64d8784d3

-------------------------------

Remove unused function prototype and variables.

Signed-off-by: Gibeom Kim gibeomii.kim@samsung.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/glob.h | 1 - fs/cifsd/oplock.h | 3 --- fs/cifsd/server.h | 2 -- fs/cifsd/smbacl.h | 1 - fs/cifsd/unicode.h | 2 -- fs/cifsd/vfs.h | 3 --- 6 files changed, 12 deletions(-)

diff --git a/fs/cifsd/glob.h b/fs/cifsd/glob.h index 27500afbeaf5..d0bc6edd0477 100644 --- a/fs/cifsd/glob.h +++ b/fs/cifsd/glob.h @@ -19,7 +19,6 @@ /* @FIXME clean up this code */

extern int ksmbd_debug_types; -extern int ksmbd_caseless_search;

#define DATA_STREAM 1 #define DIR_STREAM 2 diff --git a/fs/cifsd/oplock.h b/fs/cifsd/oplock.h index 5b6615f99c76..f8b4b486eb93 100644 --- a/fs/cifsd/oplock.h +++ b/fs/cifsd/oplock.h @@ -123,9 +123,6 @@ void create_mxac_rsp_buf(char *cc, int maximal_access); void create_disk_id_rsp_buf(char *cc, __u64 file_id, __u64 vol_id); void create_posix_rsp_buf(char *cc, struct ksmbd_file *fp); struct create_context *smb2_find_context_vals(void *open_req, const char *str); -int ksmbd_durable_verify_and_del_oplock(struct ksmbd_session *curr_sess, - struct ksmbd_session *prev_sess, int fid, struct file **filp, - u64 sess_id); struct oplock_info *lookup_lease_in_table(struct ksmbd_conn *conn, char *lease_key); int find_same_lease_key(struct ksmbd_session *sess, struct ksmbd_inode *ci, diff --git a/fs/cifsd/server.h b/fs/cifsd/server.h index 7b2f6318fcff..b682d28963e8 100644 --- a/fs/cifsd/server.h +++ b/fs/cifsd/server.h @@ -17,8 +17,6 @@ #define SERVER_CONF_SERVER_STRING 1 #define SERVER_CONF_WORK_GROUP 2

-extern int ksmbd_debugging; - struct ksmbd_server_config { unsigned int flags; unsigned int state; diff --git a/fs/cifsd/smbacl.h b/fs/cifsd/smbacl.h index 9b22bff4191f..032b6a3ec6f4 100644 --- a/fs/cifsd/smbacl.h +++ b/fs/cifsd/smbacl.h @@ -193,7 +193,6 @@ int smb_inherit_dacl(struct ksmbd_conn *conn, struct dentry *dentry, unsigned int uid, unsigned int gid); int smb_check_perm_dacl(struct ksmbd_conn *conn, struct dentry *dentry, __le32 *pdaccess, int uid); -int store_init_posix_acl(struct inode *inode, umode_t perm); int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon, struct dentry *dentry, struct smb_ntsd *pntsd, int ntsd_len, bool type_check); diff --git a/fs/cifsd/unicode.h b/fs/cifsd/unicode.h index c37d7024cf60..68f1c8290911 100644 --- a/fs/cifsd/unicode.h +++ b/fs/cifsd/unicode.h @@ -71,8 +71,6 @@ int smbConvertToUTF16(__le16 *target, const char *source, int srclen, char *ksmbd_extract_sharename(char *treename); #endif

-wchar_t cifs_toupper(wchar_t in); - /* * UniStrcat: Concatenate the second string to the first * diff --git a/fs/cifsd/vfs.h b/fs/cifsd/vfs.h index e1ca9ac11ba5..b41b23d40636 100644 --- a/fs/cifsd/vfs.h +++ b/fs/cifsd/vfs.h @@ -205,8 +205,6 @@ int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name); int ksmbd_vfs_link(struct ksmbd_work *work, const char *oldname, const char *newname); int ksmbd_vfs_getattr(struct path *path, struct kstat *stat); -int ksmbd_vfs_symlink(const char *name, const char *symname); -int ksmbd_vfs_readlink(struct path *path, char *buf, int lenp);

int ksmbd_vfs_fp_rename(struct ksmbd_work *work, struct ksmbd_file *fp, char *newname); @@ -230,7 +228,6 @@ int ksmbd_vfs_setxattr(struct dentry *dentry, const char *attr_name, const void *attr_value, size_t attr_size, int flags); int ksmbd_vfs_xattr_stream_name(char *stream_name, char **xattr_stream_name, size_t *xattr_stream_name_size, int s_type); -int ksmbd_vfs_truncate_xattr(struct dentry *dentry, int wo_streams); int ksmbd_vfs_remove_xattr(struct dentry *dentry, char *attr_name); void ksmbd_vfs_xattr_free(char *xattr); int ksmbd_vfs_kern_path(char *name, unsigned int flags, struct path *path,

From patchwork Mon Nov 14 12:49:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183130 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:27 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:27 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:26 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 033/308] cifsd: fix memory leak when loop ends Date: Mon, 14 Nov 2022 20:49:02 +0800 Message-ID: 20221114125337.1831594-34-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: f06a0938-fd8e-4154-bbe9-08dac63c4a0c X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6784936 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Muhammad Usama Anjum musamaanjum@gmail.com

mainline inclusion from mainline-5.15-rc1 commit c250e8f5566f2e1a0ea177837520eff8e59c0b7d category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/c250e8f5566f

-------------------------------

Memory is being allocated and if veto_list is zero, the loop breaks without cleaning up the allocated memory. In this patch, the length check has been moved before allocation. If loop breaks, the memory isn't allocated in the first place. Thus the memory is being protected from leaking.

Reported-by: coverity-bot keescook+coverity-bot@chromium.org Addresses-Coverity-ID: 1503590 ("Resource leaks") Signed-off-by: Muhammad Usama Anjum musamaanjum@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/mgmt/share_config.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/fs/cifsd/mgmt/share_config.c b/fs/cifsd/mgmt/share_config.c index db780febd692..b2bd789af945 100644 --- a/fs/cifsd/mgmt/share_config.c +++ b/fs/cifsd/mgmt/share_config.c @@ -92,14 +92,14 @@ static int parse_veto_list(struct ksmbd_share_config *share, while (veto_list_sz > 0) { struct ksmbd_veto_pattern *p;

- p = kzalloc(sizeof(struct ksmbd_veto_pattern), GFP_KERNEL); - if (!p) - return -ENOMEM; - sz = strlen(veto_list); if (!sz) break;

+ p = kzalloc(sizeof(struct ksmbd_veto_pattern), GFP_KERNEL); + if (!p) + return -ENOMEM; + p->pattern = kstrdup(veto_list, GFP_KERNEL); if (!p->pattern) { ksmbd_free(p);

From patchwork Mon Nov 14 12:49:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183131 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:27 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:27 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:27 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 034/308] cifsd: use kfree to free memory allocated by kmalloc or kzalloc Date: Mon, 14 Nov 2022 20:49:03 +0800 Message-ID: 20221114125337.1831594-35-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 2b6c10f7-8c60-4b7b-01a3-08dac63c4a55 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7668788 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Muhammad Usama Anjum musamaanjum@gmail.com

mainline inclusion from mainline-5.15-rc1 commit 822bc8ea514ecd4a8bbb86237858146ca8845eba category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/822bc8ea514e

-------------------------------

kfree should be used to free memory allocated by kmalloc or kzalloc to avoid any overhead and for maintaining consistency.

Signed-off-by: Muhammad Usama Anjum musamaanjum@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/buffer_pool.c | 4 ++-- fs/cifsd/mgmt/share_config.c | 2 +- fs/cifsd/mgmt/user_config.c | 8 ++++---- fs/cifsd/mgmt/user_session.c | 6 +++--- fs/cifsd/smb2pdu.c | 4 ++-- fs/cifsd/transport_tcp.c | 2 +- fs/cifsd/vfs_cache.c | 2 +- 7 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/fs/cifsd/buffer_pool.c b/fs/cifsd/buffer_pool.c index ad2a2c885a2c..a9ef3e703232 100644 --- a/fs/cifsd/buffer_pool.c +++ b/fs/cifsd/buffer_pool.c @@ -78,7 +78,7 @@ static int register_wm_size_class(size_t sz) list_for_each_entry(l, &wm_lists, list) { if (l->sz == sz) { write_unlock(&wm_lists_lock); - kvfree(nl); + kfree(nl); return 0; } } @@ -181,7 +181,7 @@ static void wm_list_free(struct wm_list *l) list_del(&wm->list); kvfree(wm); } - kvfree(l); + kfree(l); }

static void wm_lists_destroy(void) diff --git a/fs/cifsd/mgmt/share_config.c b/fs/cifsd/mgmt/share_config.c index b2bd789af945..11abdbc8a533 100644 --- a/fs/cifsd/mgmt/share_config.c +++ b/fs/cifsd/mgmt/share_config.c @@ -102,7 +102,7 @@ static int parse_veto_list(struct ksmbd_share_config *share,

p->pattern = kstrdup(veto_list, GFP_KERNEL); if (!p->pattern) { - ksmbd_free(p); + kfree(p); return -ENOMEM; }

diff --git a/fs/cifsd/mgmt/user_config.c b/fs/cifsd/mgmt/user_config.c index f0c2f8994a6b..c31e2c4d2d6f 100644 --- a/fs/cifsd/mgmt/user_config.c +++ b/fs/cifsd/mgmt/user_config.c @@ -46,8 +46,8 @@ struct ksmbd_user *ksmbd_alloc_user(struct ksmbd_login_response *resp)

if (!user->name || !user->passkey) { kfree(user->name); - ksmbd_free(user->passkey); - ksmbd_free(user); + kfree(user->passkey); + kfree(user); user = NULL; } return user; @@ -57,8 +57,8 @@ void ksmbd_free_user(struct ksmbd_user *user) { ksmbd_ipc_logout_request(user->name); kfree(user->name); - ksmbd_free(user->passkey); - ksmbd_free(user); + kfree(user->passkey); + kfree(user); }

int ksmbd_anonymous_user(struct ksmbd_user *user) diff --git a/fs/cifsd/mgmt/user_session.c b/fs/cifsd/mgmt/user_session.c index f5cc7a62d848..9dfe222e51ab 100644 --- a/fs/cifsd/mgmt/user_session.c +++ b/fs/cifsd/mgmt/user_session.c @@ -55,7 +55,7 @@ static void __session_rpc_close(struct ksmbd_session *sess,

ksmbd_free(resp); ksmbd_rpc_id_free(entry->id); - ksmbd_free(entry); + kfree(entry); }

static void ksmbd_session_rpc_clear_list(struct ksmbd_session *sess) @@ -121,7 +121,7 @@ int ksmbd_session_rpc_open(struct ksmbd_session *sess, char *rpc_name) return entry->id; error: list_del(&entry->list); - ksmbd_free(entry); + kfree(entry); return -EINVAL; }

@@ -176,7 +176,7 @@ void ksmbd_session_destroy(struct ksmbd_session *sess) ksmbd_release_id(session_ida, sess->id);

ksmbd_ida_free(sess->tree_conn_ida); - ksmbd_free(sess); + kfree(sess); }

static struct ksmbd_session *__session_lookup(unsigned long long id) diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 0b7199444f73..7549b35bb792 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -1611,7 +1611,7 @@ int smb2_sess_setup(struct ksmbd_work *work)

ksmbd_conn_set_good(work); sess->state = SMB2_SESSION_VALID; - ksmbd_free(sess->Preauth_HashValue); + kfree(sess->Preauth_HashValue); sess->Preauth_HashValue = NULL; } else if (conn->preferred_auth_mech == KSMBD_AUTH_NTLMSSP) { rc = generate_preauth_hash(work); @@ -1637,7 +1637,7 @@ int smb2_sess_setup(struct ksmbd_work *work)

ksmbd_conn_set_good(work); sess->state = SMB2_SESSION_VALID; - ksmbd_free(sess->Preauth_HashValue); + kfree(sess->Preauth_HashValue); sess->Preauth_HashValue = NULL; } } else { diff --git a/fs/cifsd/transport_tcp.c b/fs/cifsd/transport_tcp.c index 67163efcf472..040881893417 100644 --- a/fs/cifsd/transport_tcp.c +++ b/fs/cifsd/transport_tcp.c @@ -551,7 +551,7 @@ void ksmbd_tcp_destroy(void) list_for_each_entry_safe(iface, tmp, &iface_list, entry) { list_del(&iface->entry); kfree(iface->name); - ksmbd_free(iface); + kfree(iface); } }

diff --git a/fs/cifsd/vfs_cache.c b/fs/cifsd/vfs_cache.c index ec631dc6f1fb..f2a863542dc7 100644 --- a/fs/cifsd/vfs_cache.c +++ b/fs/cifsd/vfs_cache.c @@ -829,6 +829,6 @@ void ksmbd_destroy_file_table(struct ksmbd_file_table *ft)

__close_file_table_ids(ft, NULL, session_fd_check); idr_destroy(ft->idr); - ksmbd_free(ft->idr); + kfree(ft->idr); ft->idr = NULL; }

From patchwork Mon Nov 14 12:49:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183132 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:28 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:28 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:27 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 035/308] cifsd: fix memdup.cocci warnings Date: Mon, 14 Nov 2022 20:49:04 +0800 Message-ID: 20221114125337.1831594-36-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 060aa6ee-f3ad-4812-e000-08dac63c4a9d X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6845608 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: kernel test robot lkp@intel.com

mainline inclusion from mainline-5.15-rc1 commit 86f52978465b8f4e384880a5fd0543e9e455fb62 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/86f52978465b

-------------------------------

fs/cifsd/smb2pdu.c:1177:27-34: WARNING opportunity for kmemdup

Use kmemdup rather than duplicating its implementation

Generated by: scripts/coccinelle/api/memdup.cocci

Reported-by: kernel test robot lkp@intel.com Signed-off-by: kernel test robot lkp@intel.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 7549b35bb792..e6cdc3b89d85 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -1161,13 +1161,11 @@ static int alloc_preauth_hash(struct ksmbd_session *sess, if (sess->Preauth_HashValue) return 0;

- sess->Preauth_HashValue = kmalloc(PREAUTH_HASHVALUE_SIZE, GFP_KERNEL); + sess->Preauth_HashValue = kmemdup(conn->preauth_info->Preauth_HashValue, + PREAUTH_HASHVALUE_SIZE, GFP_KERNEL); if (!sess->Preauth_HashValue) return -ENOMEM;

- memcpy(sess->Preauth_HashValue, - conn->preauth_info->Preauth_HashValue, - PREAUTH_HASHVALUE_SIZE); return 0; }

From patchwork Mon Nov 14 12:49:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183133 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:28 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:28 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:28 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 036/308] cifsd: remove wrappers of kvmalloc/kvfree Date: Mon, 14 Nov 2022 20:49:05 +0800 Message-ID: 20221114125337.1831594-37-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 76d26842-2093-418f-e416-08dac63c4ae6 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7260012 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 79f6b11a104f3a32f4f4a6f7808a02c301c19710 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/79f6b11a104f

-------------------------------

Do directly call kvmalloc/kvfree().

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/auth.c | 2 +- fs/cifsd/buffer_pool.c | 36 +++------------------------------- fs/cifsd/buffer_pool.h | 8 -------- fs/cifsd/connection.c | 6 +++--- fs/cifsd/crypto_ctx.c | 4 ++-- fs/cifsd/ksmbd_work.c | 8 ++++---- fs/cifsd/mgmt/share_config.c | 3 ++- fs/cifsd/mgmt/tree_connect.c | 10 +++++----- fs/cifsd/mgmt/user_config.c | 3 ++- fs/cifsd/mgmt/user_session.c | 4 ++-- fs/cifsd/smb2pdu.c | 38 ++++++++++++++++++------------------ fs/cifsd/transport_ipc.c | 6 +++--- fs/cifsd/vfs.c | 23 +++++++++------------- fs/cifsd/vfs.h | 1 - 14 files changed, 55 insertions(+), 97 deletions(-)

diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index b9fd62f77e1c..437e58a0826d 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -709,7 +709,7 @@ int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob, *out_len = resp->spnego_blob_len; retval = 0; out: - ksmbd_free(resp); + kvfree(resp); return retval; } #else diff --git a/fs/cifsd/buffer_pool.c b/fs/cifsd/buffer_pool.c index a9ef3e703232..caf22c190634 100644 --- a/fs/cifsd/buffer_pool.c +++ b/fs/cifsd/buffer_pool.c @@ -37,16 +37,6 @@ struct wm_list { static LIST_HEAD(wm_lists); static DEFINE_RWLOCK(wm_lists_lock);

-void *ksmbd_alloc(size_t size) -{ - return kvmalloc(size, GFP_KERNEL | __GFP_ZERO); -} - -void ksmbd_free(void *ptr) -{ - kvfree(ptr); -} - static struct wm *wm_alloc(size_t sz, gfp_t flags) { struct wm *wm; @@ -169,7 +159,7 @@ static void release_wm(struct wm *wm, struct wm_list *wm_list)

wm_list->avail_wm--; spin_unlock(&wm_list->wm_lock); - ksmbd_free(wm); + kvfree(wm); }

static void wm_list_free(struct wm_list *l) @@ -195,26 +185,6 @@ static void wm_lists_destroy(void) } }

-void ksmbd_free_request(void *addr) -{ - kvfree(addr); -} - -void *ksmbd_alloc_request(size_t size) -{ - return kvmalloc(size, GFP_KERNEL); -} - -void ksmbd_free_response(void *buffer) -{ - kvfree(buffer); -} - -void *ksmbd_alloc_response(size_t size) -{ - return kvmalloc(size, GFP_KERNEL | __GFP_ZERO); -} - void *ksmbd_find_buffer(size_t size) { struct wm *wm; @@ -247,11 +217,11 @@ void *ksmbd_realloc_response(void *ptr, size_t old_sz, size_t new_sz) size_t sz = min(old_sz, new_sz); void *nptr;

- nptr = ksmbd_alloc_response(new_sz); + nptr = kvmalloc(new_sz, GFP_KERNEL | __GFP_ZERO); if (!nptr) return ptr; memcpy(nptr, ptr, sz); - ksmbd_free_response(ptr); + kvfree(ptr); return nptr; }

diff --git a/fs/cifsd/buffer_pool.h b/fs/cifsd/buffer_pool.h index 2b3d03afcf27..f7157144a92f 100644 --- a/fs/cifsd/buffer_pool.h +++ b/fs/cifsd/buffer_pool.h @@ -9,14 +9,6 @@ void *ksmbd_find_buffer(size_t size); void ksmbd_release_buffer(void *buffer);

-void *ksmbd_alloc(size_t size); -void ksmbd_free(void *ptr); - -void ksmbd_free_request(void *addr); -void *ksmbd_alloc_request(size_t size); -void ksmbd_free_response(void *buffer); -void *ksmbd_alloc_response(size_t size); - void *ksmbd_realloc_response(void *ptr, size_t old_sz, size_t new_sz);

void ksmbd_free_file_struct(void *filp); diff --git a/fs/cifsd/connection.c b/fs/cifsd/connection.c index df56e347b709..e1814492fb58 100644 --- a/fs/cifsd/connection.c +++ b/fs/cifsd/connection.c @@ -37,7 +37,7 @@ void ksmbd_conn_free(struct ksmbd_conn *conn) list_del(&conn->conns_list); write_unlock(&conn_list_lock);

- ksmbd_free_request(conn->request_buf); + kvfree(conn->request_buf); ksmbd_ida_free(conn->async_ida); kfree(conn->preauth_info); kfree(conn); @@ -284,7 +284,7 @@ int ksmbd_conn_handler_loop(void *p) if (try_to_freeze()) continue;

- ksmbd_free_request(conn->request_buf); + kvfree(conn->request_buf); conn->request_buf = NULL;

size = t->ops->read(t, hdr_buf, sizeof(hdr_buf)); @@ -303,7 +303,7 @@ int ksmbd_conn_handler_loop(void *p)

/* 4 for rfc1002 length field */ size = pdu_size + 4; - conn->request_buf = ksmbd_alloc_request(size); + conn->request_buf = kvmalloc(size, GFP_KERNEL); if (!conn->request_buf) continue;

diff --git a/fs/cifsd/crypto_ctx.c b/fs/cifsd/crypto_ctx.c index 15d7e2f7c3d7..2c31e8b32de7 100644 --- a/fs/cifsd/crypto_ctx.c +++ b/fs/cifsd/crypto_ctx.c @@ -105,7 +105,7 @@ static struct shash_desc *alloc_shash_desc(int id)

static struct ksmbd_crypto_ctx *ctx_alloc(void) { - return ksmbd_alloc(sizeof(struct ksmbd_crypto_ctx)); + return kzalloc(sizeof(struct ksmbd_crypto_ctx), GFP_KERNEL); }

static void ctx_free(struct ksmbd_crypto_ctx *ctx) @@ -116,7 +116,7 @@ static void ctx_free(struct ksmbd_crypto_ctx *ctx) free_shash(ctx->desc[i]); for (i = 0; i < CRYPTO_AEAD_MAX; i++) free_aead(ctx->ccmaes[i]); - ksmbd_free(ctx); + kfree(ctx); }

static struct ksmbd_crypto_ctx *ksmbd_find_crypto_ctx(void) diff --git a/fs/cifsd/ksmbd_work.c b/fs/cifsd/ksmbd_work.c index 505e59df3071..33ee52c1829f 100644 --- a/fs/cifsd/ksmbd_work.c +++ b/fs/cifsd/ksmbd_work.c @@ -42,16 +42,16 @@ void ksmbd_free_work_struct(struct ksmbd_work *work) work->set_trans_buf) ksmbd_release_buffer(work->response_buf); else - ksmbd_free_response(work->response_buf); + kvfree(work->response_buf);

if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_RBUF && work->set_read_buf) ksmbd_release_buffer(work->aux_payload_buf); else - ksmbd_free_response(work->aux_payload_buf); + kvfree(work->aux_payload_buf);

- ksmbd_free_response(work->tr_buf); - ksmbd_free_request(work->request_buf); + kfree(work->tr_buf); + kvfree(work->request_buf); if (work->async_id) ksmbd_release_id(work->conn->async_ida, work->async_id); kmem_cache_free(work_cache, work); diff --git a/fs/cifsd/mgmt/share_config.c b/fs/cifsd/mgmt/share_config.c index 11abdbc8a533..910d03516b73 100644 --- a/fs/cifsd/mgmt/share_config.c +++ b/fs/cifsd/mgmt/share_config.c @@ -10,6 +10,7 @@ #include <linux/parser.h> #include <linux/namei.h> #include <linux/sched.h> +#include <linux/mm.h>

#include "share_config.h" #include "user_config.h" @@ -182,7 +183,7 @@ static struct ksmbd_share_config *share_config_request(char *name) up_write(&shares_table_lock);

out: - ksmbd_free(resp); + kvfree(resp); return share; }

diff --git a/fs/cifsd/mgmt/tree_connect.c b/fs/cifsd/mgmt/tree_connect.c index 0c8374e8240f..d3f28b10db4b 100644 --- a/fs/cifsd/mgmt/tree_connect.c +++ b/fs/cifsd/mgmt/tree_connect.c @@ -31,7 +31,7 @@ ksmbd_tree_conn_connect(struct ksmbd_session *sess, char *share_name) if (!sc) return status;

- tree_conn = ksmbd_alloc(sizeof(struct ksmbd_tree_connect)); + tree_conn = kzalloc(sizeof(struct ksmbd_tree_connect), GFP_KERNEL); if (!tree_conn) { status.ret = -ENOMEM; goto out_error; @@ -68,15 +68,15 @@ ksmbd_tree_conn_connect(struct ksmbd_session *sess, char *share_name) status.ret = -ENOMEM; goto out_error; } - ksmbd_free(resp); + kvfree(resp); return status;

out_error: if (tree_conn) ksmbd_release_tree_conn_id(sess, tree_conn->id); ksmbd_share_config_put(sc); - ksmbd_free(tree_conn); - ksmbd_free(resp); + kfree(tree_conn); + kvfree(resp); return status; }

@@ -89,7 +89,7 @@ int ksmbd_tree_conn_disconnect(struct ksmbd_session *sess, ksmbd_release_tree_conn_id(sess, tree_conn->id); xa_erase(&sess->tree_conns, tree_conn->id); ksmbd_share_config_put(tree_conn->share_conf); - ksmbd_free(tree_conn); + kfree(tree_conn); return ret; }

diff --git a/fs/cifsd/mgmt/user_config.c b/fs/cifsd/mgmt/user_config.c index c31e2c4d2d6f..7f898c5bda25 100644 --- a/fs/cifsd/mgmt/user_config.c +++ b/fs/cifsd/mgmt/user_config.c @@ -4,6 +4,7 @@ */

#include <linux/slab.h> +#include <linux/mm.h>

#include "user_config.h" #include "../buffer_pool.h" @@ -23,7 +24,7 @@ struct ksmbd_user *ksmbd_login_user(const char *account)

user = ksmbd_alloc_user(resp); out: - ksmbd_free(resp); + kvfree(resp); return user; }

diff --git a/fs/cifsd/mgmt/user_session.c b/fs/cifsd/mgmt/user_session.c index 9dfe222e51ab..bd5789b7e08e 100644 --- a/fs/cifsd/mgmt/user_session.c +++ b/fs/cifsd/mgmt/user_session.c @@ -53,7 +53,7 @@ static void __session_rpc_close(struct ksmbd_session *sess, if (!resp) pr_err("Unable to close RPC pipe %d\n", entry->id);

- ksmbd_free(resp); + kvfree(resp); ksmbd_rpc_id_free(entry->id); kfree(entry); } @@ -117,7 +117,7 @@ int ksmbd_session_rpc_open(struct ksmbd_session *sess, char *rpc_name) if (!resp) goto error;

- ksmbd_free(resp); + kvfree(resp); return entry->id; error: list_del(&entry->list); diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index e6cdc3b89d85..c1f6361603b9 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -563,7 +563,7 @@ int smb2_allocate_rsp_buf(struct ksmbd_work *work) work->set_trans_buf) work->response_buf = ksmbd_find_buffer(sz); else - work->response_buf = ksmbd_alloc_response(sz); + work->response_buf = kvmalloc(sz, GFP_KERNEL | __GFP_ZERO);

if (!work->response_buf) { ksmbd_err("Failed to allocate %zu bytes buffer\n", sz); @@ -2283,7 +2283,7 @@ static int smb2_remove_smb_xattrs(struct dentry *dentry) ksmbd_debug(SMB, "remove xattr failed : %s\n", name); } out: - ksmbd_vfs_xattr_free(xattr_list); + kvfree(xattr_list); return err; }

@@ -4190,12 +4190,12 @@ static int smb2_get_ea(struct ksmbd_work *work, struct ksmbd_file *fp,

buf_free_len -= value_len; if (buf_free_len < 0) { - ksmbd_free(buf); + kfree(buf); break; }

memcpy(ptr, buf, value_len); - ksmbd_free(buf); + kfree(buf);

ptr += value_len; eainfo->Flags = 0; @@ -4240,7 +4240,7 @@ static int smb2_get_ea(struct ksmbd_work *work, struct ksmbd_file *fp, rsp->OutputBufferLength = cpu_to_le32(rsp_data_cnt); inc_rfc1001_len(rsp_org, rsp_data_cnt); out: - ksmbd_vfs_xattr_free(xattr_list); + kvfree(xattr_list); return rc; }

@@ -4510,7 +4510,7 @@ static void get_file_stream_info(struct ksmbd_work *work, /* last entry offset should be 0 */ file_info->NextEntryOffset = 0; out: - ksmbd_vfs_xattr_free(xattr_list); + kvfree(xattr_list);

rsp->OutputBufferLength = cpu_to_le32(nbytes); inc_rfc1001_len(rsp_org, nbytes); @@ -5976,7 +5976,7 @@ static noinline int smb2_read_pipe(struct ksmbd_work *work) }

work->aux_payload_buf = - ksmbd_alloc_response(rpc_resp->payload_sz); + kvmalloc(rpc_resp->payload_sz, GFP_KERNEL | __GFP_ZERO); if (!work->aux_payload_buf) { err = -ENOMEM; goto out; @@ -5988,7 +5988,7 @@ static noinline int smb2_read_pipe(struct ksmbd_work *work) nbytes = rpc_resp->payload_sz; work->resp_hdr_sz = get_rfc1002_len(rsp) + 4; work->aux_payload_sz = nbytes; - ksmbd_free(rpc_resp); + kvfree(rpc_resp); }

rsp->StructureSize = cpu_to_le16(17); @@ -6003,7 +6003,7 @@ static noinline int smb2_read_pipe(struct ksmbd_work *work) out: rsp->hdr.Status = STATUS_UNEXPECTED_IO_ERROR; smb2_set_err_rsp(work); - ksmbd_free(rpc_resp); + kvfree(rpc_resp); return err; }

@@ -6094,7 +6094,7 @@ int smb2_read(struct ksmbd_work *work) ksmbd_find_buffer(conn->vals->max_read_size); work->set_read_buf = true; } else { - work->aux_payload_buf = ksmbd_alloc_response(length); + work->aux_payload_buf = kvmalloc(length, GFP_KERNEL | __GFP_ZERO); } if (!work->aux_payload_buf) { err = -ENOMEM; @@ -6111,7 +6111,7 @@ int smb2_read(struct ksmbd_work *work) if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_RBUF) ksmbd_release_buffer(work->aux_payload_buf); else - ksmbd_free_response(work->aux_payload_buf); + kvfree(work->aux_payload_buf); work->aux_payload_buf = NULL; rsp->hdr.Status = STATUS_END_OF_FILE; smb2_set_err_rsp(work); @@ -6130,7 +6130,7 @@ int smb2_read(struct ksmbd_work *work) if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_RBUF) ksmbd_release_buffer(work->aux_payload_buf); else - ksmbd_free_response(work->aux_payload_buf); + kvfree(work->aux_payload_buf); work->aux_payload_buf = NULL;

nbytes = 0; @@ -6215,17 +6215,17 @@ static noinline int smb2_write_pipe(struct ksmbd_work *work) if (rpc_resp) { if (rpc_resp->flags == KSMBD_RPC_ENOTIMPLEMENTED) { rsp->hdr.Status = STATUS_NOT_SUPPORTED; - ksmbd_free(rpc_resp); + kvfree(rpc_resp); smb2_set_err_rsp(work); return -EOPNOTSUPP; } if (rpc_resp->flags != KSMBD_RPC_OK) { rsp->hdr.Status = STATUS_INVALID_HANDLE; smb2_set_err_rsp(work); - ksmbd_free(rpc_resp); + kvfree(rpc_resp); return ret; } - ksmbd_free(rpc_resp); + kvfree(rpc_resp); }

rsp->StructureSize = cpu_to_le16(17); @@ -6271,7 +6271,7 @@ static ssize_t smb2_write_rdma_channel(struct ksmbd_work *work, (req->Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE); work->remote_key = le32_to_cpu(desc->token);

- data_buf = ksmbd_alloc_response(length); + data_buf = kvmalloc(length, GFP_KERNEL | __GFP_ZERO); if (!data_buf) return -ENOMEM;

@@ -6280,12 +6280,12 @@ static ssize_t smb2_write_rdma_channel(struct ksmbd_work *work, le64_to_cpu(desc->offset), le32_to_cpu(desc->length)); if (ret < 0) { - ksmbd_free_response(data_buf); + kvfree(data_buf); return ret; }

ret = ksmbd_vfs_write(work, fp, data_buf, length, &offset, sync, &nbytes); - ksmbd_free_response(data_buf); + kvfree(data_buf); if (ret < 0) return ret;

@@ -7307,7 +7307,7 @@ static int fsctl_pipe_transceive(struct ksmbd_work *work, u64 id, memcpy((char *)rsp->Buffer, rpc_resp->payload, nbytes); } out: - ksmbd_free(rpc_resp); + kvfree(rpc_resp); return nbytes; }

diff --git a/fs/cifsd/transport_ipc.c b/fs/cifsd/transport_ipc.c index 1bbff53436b3..60c0289402c1 100644 --- a/fs/cifsd/transport_ipc.c +++ b/fs/cifsd/transport_ipc.c @@ -233,7 +233,7 @@ static struct ksmbd_ipc_msg *ipc_msg_alloc(size_t sz) struct ksmbd_ipc_msg *msg; size_t msg_sz = sz + sizeof(struct ksmbd_ipc_msg);

- msg = ksmbd_alloc(msg_sz); + msg = kvmalloc(msg_sz, GFP_KERNEL | __GFP_ZERO); if (msg) msg->sz = sz; return msg; @@ -241,7 +241,7 @@ static struct ksmbd_ipc_msg *ipc_msg_alloc(size_t sz)

static void ipc_msg_free(struct ksmbd_ipc_msg *msg) { - ksmbd_free(msg); + kvfree(msg); }

static void ipc_msg_handle_free(int handle) @@ -272,7 +272,7 @@ static int handle_response(int type, void *payload, size_t sz) entry->type + 1, type); }

- entry->response = ksmbd_alloc(sz); + entry->response = kvmalloc(sz, GFP_KERNEL | __GFP_ZERO); if (!entry->response) { ret = -ENOMEM; break; diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index ef823679f6be..d3882208a259 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -244,7 +244,7 @@ static ssize_t ksmbd_vfs_getcasexattr(struct dentry *dentry, char *attr_name, }

out: - ksmbd_vfs_xattr_free(xattr_list); + kvfree(xattr_list); return value_len; }

@@ -401,7 +401,7 @@ static int ksmbd_vfs_stream_write(struct ksmbd_file *fp, char *buf, loff_t *pos, }

if (v_len < size) { - wbuf = ksmbd_alloc(size); + wbuf = kvmalloc(size, GFP_KERNEL | __GFP_ZERO); if (!wbuf) { err = -ENOMEM; goto out; @@ -425,7 +425,7 @@ static int ksmbd_vfs_stream_write(struct ksmbd_file *fp, char *buf, loff_t *pos, fp->filp->f_pos = *pos; err = 0; out: - ksmbd_free(stream_buf); + kvfree(stream_buf); return err; }

@@ -844,7 +844,7 @@ ssize_t ksmbd_vfs_listxattr(struct dentry *dentry, char **list) if (size <= 0) return size;

- vlist = ksmbd_alloc(size); + vlist = kvmalloc(size, GFP_KERNEL | __GFP_ZERO); if (!vlist) return -ENOMEM;

@@ -852,7 +852,7 @@ ssize_t ksmbd_vfs_listxattr(struct dentry *dentry, char **list) size = vfs_listxattr(dentry, vlist, size); if (size < 0) { ksmbd_debug(VFS, "listxattr failed\n"); - ksmbd_vfs_xattr_free(vlist); + kvfree(vlist); *list = NULL; }

@@ -1049,11 +1049,6 @@ int ksmbd_vfs_remove_xattr(struct dentry *dentry, char *attr_name) return vfs_removexattr(&init_user_ns, dentry, attr_name); }

-void ksmbd_vfs_xattr_free(char *xattr) -{ - ksmbd_free(xattr); -} - int ksmbd_vfs_unlink(struct dentry *dir, struct dentry *dentry) { int err = 0; @@ -1297,7 +1292,7 @@ int ksmbd_vfs_remove_acl_xattrs(struct dentry *dentry) } } out: - ksmbd_vfs_xattr_free(xattr_list); + kvfree(xattr_list); return err; }

@@ -1326,7 +1321,7 @@ int ksmbd_vfs_remove_sd_xattrs(struct dentry *dentry) } } out: - ksmbd_vfs_xattr_free(xattr_list); + kvfree(xattr_list); return err; }

@@ -1558,7 +1553,7 @@ int ksmbd_vfs_get_dos_attrib_xattr(struct dentry *dentry, n.length = err; if (ndr_decode_dos_attr(&n, da)) err = -EINVAL; - ksmbd_free(n.data); + kfree(n.data); } else { ksmbd_debug(SMB, "failed to load dos attribute in xattr\n"); } @@ -1683,7 +1678,7 @@ ssize_t ksmbd_vfs_casexattr_len(struct dentry *dentry, char *attr_name, }

out: - ksmbd_vfs_xattr_free(xattr_list); + kvfree(xattr_list); return value_len; }

diff --git a/fs/cifsd/vfs.h b/fs/cifsd/vfs.h index b41b23d40636..0163be4297de 100644 --- a/fs/cifsd/vfs.h +++ b/fs/cifsd/vfs.h @@ -229,7 +229,6 @@ int ksmbd_vfs_setxattr(struct dentry *dentry, const char *attr_name, int ksmbd_vfs_xattr_stream_name(char *stream_name, char **xattr_stream_name, size_t *xattr_stream_name_size, int s_type); int ksmbd_vfs_remove_xattr(struct dentry *dentry, char *attr_name); -void ksmbd_vfs_xattr_free(char *xattr); int ksmbd_vfs_kern_path(char *name, unsigned int flags, struct path *path, bool caseless); int ksmbd_vfs_empty_dir(struct ksmbd_file *fp);

From patchwork Mon Nov 14 12:49:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183134 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:29 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:29 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:28 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 037/308] cifsd: prevent a integer overflow in wm_alloc() Date: Mon, 14 Nov 2022 20:49:06 +0800 Message-ID: 20221114125337.1831594-38-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 935ec38d-f772-4725-9cd3-08dac63c4b2f X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7199482 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 4030b278368d89bba99a31e87766968cbf7909d2 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/4030b278368d

-------------------------------

Dan Carpenter pointed out that there there is a possibility of integer overflow. This patch prevent a integer overflow in wm_alloc().

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/buffer_pool.c | 3 +++ 1 file changed, 3 insertions(+)

diff --git a/fs/cifsd/buffer_pool.c b/fs/cifsd/buffer_pool.c index caf22c190634..1ee1feef1bb4 100644 --- a/fs/cifsd/buffer_pool.c +++ b/fs/cifsd/buffer_pool.c @@ -42,6 +42,9 @@ static struct wm *wm_alloc(size_t sz, gfp_t flags) struct wm *wm; size_t alloc_sz = sz + sizeof(struct wm);

+ if (sz > SIZE_MAX - sizeof(struct wm)) + return NULL; + wm = kvmalloc(alloc_sz, flags); if (!wm) return NULL;

From patchwork Mon Nov 14 12:49:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183135 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:29 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:29 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:28 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 038/308] cifsd: remove unused including <linux/version.h> Date: Mon, 14 Nov 2022 20:49:07 +0800 Message-ID: 20221114125337.1831594-39-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 87b01901-f448-4f7b-5ebd-08dac63c4b79 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7032996 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Tian Tao tiantao6@hisilicon.com

mainline inclusion from mainline-5.15-rc1 commit 1920bb1f8022202530eeae3e488d6f5156799faf category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/1920bb1f8022

-------------------------------

Remove including <linux/version.h> that don't need it.

Signed-off-by: Tian Tao tiantao6@hisilicon.com Signed-off-by: Zhiqi Song songzhiqi1@huawei.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/crypto_ctx.c | 1 - fs/cifsd/glob.h | 1 - fs/cifsd/mgmt/tree_connect.c | 1 - fs/cifsd/mgmt/user_session.c | 1 - fs/cifsd/mgmt/user_session.h | 1 - fs/cifsd/misc.c | 1 - fs/cifsd/vfs.c | 1 - fs/cifsd/vfs_cache.h | 1 - 8 files changed, 8 deletions(-)

diff --git a/fs/cifsd/crypto_ctx.c b/fs/cifsd/crypto_ctx.c index 2c31e8b32de7..8322b0f7a7fc 100644 --- a/fs/cifsd/crypto_ctx.c +++ b/fs/cifsd/crypto_ctx.c @@ -9,7 +9,6 @@ #include <linux/slab.h> #include <linux/wait.h> #include <linux/sched.h> -#include <linux/version.h>

#include "glob.h" #include "crypto_ctx.h" diff --git a/fs/cifsd/glob.h b/fs/cifsd/glob.h index d0bc6edd0477..9d70093a837a 100644 --- a/fs/cifsd/glob.h +++ b/fs/cifsd/glob.h @@ -8,7 +8,6 @@ #define __KSMBD_GLOB_H

#include <linux/ctype.h> -#include <linux/version.h>

#include "unicode.h" #include "vfs_cache.h" diff --git a/fs/cifsd/mgmt/tree_connect.c b/fs/cifsd/mgmt/tree_connect.c index d3f28b10db4b..b9cd8fc46e5e 100644 --- a/fs/cifsd/mgmt/tree_connect.c +++ b/fs/cifsd/mgmt/tree_connect.c @@ -5,7 +5,6 @@

#include <linux/list.h> #include <linux/slab.h> -#include <linux/version.h> #include <linux/xarray.h>

#include "../buffer_pool.h" diff --git a/fs/cifsd/mgmt/user_session.c b/fs/cifsd/mgmt/user_session.c index bd5789b7e08e..52c5c036ecf9 100644 --- a/fs/cifsd/mgmt/user_session.c +++ b/fs/cifsd/mgmt/user_session.c @@ -6,7 +6,6 @@ #include <linux/list.h> #include <linux/slab.h> #include <linux/rwsem.h> -#include <linux/version.h> #include <linux/xarray.h>

#include "ksmbd_ida.h" diff --git a/fs/cifsd/mgmt/user_session.h b/fs/cifsd/mgmt/user_session.h index 1a97c851f2fc..ad5c0430b62a 100644 --- a/fs/cifsd/mgmt/user_session.h +++ b/fs/cifsd/mgmt/user_session.h @@ -7,7 +7,6 @@ #define __USER_SESSION_MANAGEMENT_H__

#include <linux/hashtable.h> -#include <linux/version.h> #include <linux/xarray.h>

#include "../smb_common.h" diff --git a/fs/cifsd/misc.c b/fs/cifsd/misc.c index b6f3f0818217..cbaaecf2eca1 100644 --- a/fs/cifsd/misc.c +++ b/fs/cifsd/misc.c @@ -5,7 +5,6 @@ */

#include <linux/kernel.h> -#include <linux/version.h> #include <linux/xattr.h> #include <linux/fs.h>

diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index d3882208a259..5985d2d1f276 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -9,7 +9,6 @@ #include <linux/uaccess.h> #include <linux/backing-dev.h> #include <linux/writeback.h> -#include <linux/version.h> #include <linux/xattr.h> #include <linux/falloc.h> #include <linux/genhd.h> diff --git a/fs/cifsd/vfs_cache.h b/fs/cifsd/vfs_cache.h index 318dcb1a297a..8226fdf882e4 100644 --- a/fs/cifsd/vfs_cache.h +++ b/fs/cifsd/vfs_cache.h @@ -6,7 +6,6 @@ #ifndef __VFS_CACHE_H__ #define __VFS_CACHE_H__

-#include <linux/version.h> #include <linux/file.h> #include <linux/fs.h> #include <linux/rwsem.h>

From patchwork Mon Nov 14 12:49:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183136 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:30 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:30 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:29 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 039/308] cifsd: declare ida statically Date: Mon, 14 Nov 2022 20:49:08 +0800 Message-ID: 20221114125337.1831594-40-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 7d4294d6-c6fe-4660-16c9-08dac63c4bc2 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7164172 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit d40012a83f87f47967ad0b3c346179c7e5339ae7 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/d40012a83f87

-------------------------------

Matthew pointed out that embedding struct ida into the struct is better than having a pointer to it. This patch initialise it statically using DEFINE_IDA() or ida_init() and remove ksmbd_ida_alloc/free().

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/connection.c | 3 +-- fs/cifsd/connection.h | 2 +- fs/cifsd/ksmbd_work.c | 2 +- fs/cifsd/mgmt/ksmbd_ida.c | 45 ++++++++++-------------------------- fs/cifsd/mgmt/ksmbd_ida.h | 17 ++++---------- fs/cifsd/mgmt/user_session.c | 29 +++++------------------ fs/cifsd/mgmt/user_session.h | 7 +----- fs/cifsd/server.c | 7 ------ fs/cifsd/smb2pdu.c | 4 ++-- fs/cifsd/transport_ipc.c | 34 +++++++++------------------ 10 files changed, 40 insertions(+), 110 deletions(-)

diff --git a/fs/cifsd/connection.c b/fs/cifsd/connection.c index e1814492fb58..4785dd59fcc5 100644 --- a/fs/cifsd/connection.c +++ b/fs/cifsd/connection.c @@ -38,7 +38,6 @@ void ksmbd_conn_free(struct ksmbd_conn *conn) write_unlock(&conn_list_lock);

kvfree(conn->request_buf); - ksmbd_ida_free(conn->async_ida); kfree(conn->preauth_info); kfree(conn); } @@ -70,7 +69,7 @@ struct ksmbd_conn *ksmbd_conn_alloc(void) INIT_LIST_HEAD(&conn->async_requests); spin_lock_init(&conn->request_lock); spin_lock_init(&conn->credits_lock); - conn->async_ida = ksmbd_ida_alloc(); + ida_init(&conn->async_ida);

write_lock(&conn_list_lock); list_add(&conn->conns_list, &conn_list); diff --git a/fs/cifsd/connection.h b/fs/cifsd/connection.h index 021dada3d76d..00ede7a67199 100644 --- a/fs/cifsd/connection.h +++ b/fs/cifsd/connection.h @@ -101,7 +101,7 @@ struct ksmbd_conn { struct sockaddr_storage peer_addr;

/* Identifier for async message */ - struct ksmbd_ida *async_ida; + struct ida async_ida;

__le16 cipher_type; __le16 compress_algorithm; diff --git a/fs/cifsd/ksmbd_work.c b/fs/cifsd/ksmbd_work.c index 33ee52c1829f..eb8c8a34acab 100644 --- a/fs/cifsd/ksmbd_work.c +++ b/fs/cifsd/ksmbd_work.c @@ -53,7 +53,7 @@ void ksmbd_free_work_struct(struct ksmbd_work *work) kfree(work->tr_buf); kvfree(work->request_buf); if (work->async_id) - ksmbd_release_id(work->conn->async_ida, work->async_id); + ksmbd_release_id(&work->conn->async_ida, work->async_id); kmem_cache_free(work_cache, work); }

diff --git a/fs/cifsd/mgmt/ksmbd_ida.c b/fs/cifsd/mgmt/ksmbd_ida.c index cbc9fd049852..3dbc27cb5385 100644 --- a/fs/cifsd/mgmt/ksmbd_ida.c +++ b/fs/cifsd/mgmt/ksmbd_ida.c @@ -5,65 +5,44 @@

#include "ksmbd_ida.h"

-struct ksmbd_ida *ksmbd_ida_alloc(void) +static inline int __acquire_id(struct ida *ida, int from, int to) { - struct ksmbd_ida *ida; - - ida = kmalloc(sizeof(struct ksmbd_ida), GFP_KERNEL); - if (!ida) - return NULL; - - ida_init(&ida->map); - return ida; -} - -void ksmbd_ida_free(struct ksmbd_ida *ida) -{ - if (!ida) - return; - - ida_destroy(&ida->map); - kfree(ida); -} - -static inline int __acquire_id(struct ksmbd_ida *ida, int from, int to) -{ - return ida_simple_get(&ida->map, from, to, GFP_KERNEL); + return ida_simple_get(ida, from, to, GFP_KERNEL); }

-int ksmbd_acquire_smb2_tid(struct ksmbd_ida *ida) +int ksmbd_acquire_smb2_tid(struct ida *ida) { int id;

- do { + id = __acquire_id(ida, 0, 0); + if (id == 0xFFFF) id = __acquire_id(ida, 0, 0); - } while (id == 0xFFFF);

return id; }

-int ksmbd_acquire_smb2_uid(struct ksmbd_ida *ida) +int ksmbd_acquire_smb2_uid(struct ida *ida) { int id;

- do { + id = __acquire_id(ida, 1, 0); + if (id == 0xFFFE) id = __acquire_id(ida, 1, 0); - } while (id == 0xFFFE);

return id; }

-int ksmbd_acquire_async_msg_id(struct ksmbd_ida *ida) +int ksmbd_acquire_async_msg_id(struct ida *ida) { return __acquire_id(ida, 1, 0); }

-int ksmbd_acquire_id(struct ksmbd_ida *ida) +int ksmbd_acquire_id(struct ida *ida) { return __acquire_id(ida, 0, 0); }

-void ksmbd_release_id(struct ksmbd_ida *ida, int id) +void ksmbd_release_id(struct ida *ida, int id) { - ida_simple_remove(&ida->map, id); + ida_simple_remove(ida, id); } diff --git a/fs/cifsd/mgmt/ksmbd_ida.h b/fs/cifsd/mgmt/ksmbd_ida.h index b075156adf23..2bc07b16cfde 100644 --- a/fs/cifsd/mgmt/ksmbd_ida.h +++ b/fs/cifsd/mgmt/ksmbd_ida.h @@ -9,13 +9,6 @@ #include <linux/slab.h> #include <linux/idr.h>

-struct ksmbd_ida { - struct ida map; -}; - -struct ksmbd_ida *ksmbd_ida_alloc(void); -void ksmbd_ida_free(struct ksmbd_ida *ida); - /* * 2.2.1.6.7 TID Generation * The value 0xFFFF MUST NOT be used as a valid TID. All other @@ -23,7 +16,7 @@ void ksmbd_ida_free(struct ksmbd_ida *ida); * The value 0xFFFF is used to specify all TIDs or no TID, * depending upon the context in which it is used. */ -int ksmbd_acquire_smb2_tid(struct ksmbd_ida *ida); +int ksmbd_acquire_smb2_tid(struct ida *ida);

/* * 2.2.1.6.8 UID Generation @@ -32,10 +25,10 @@ int ksmbd_acquire_smb2_tid(struct ksmbd_ida *ida); * valid UID.<21> All other possible values for a UID, excluding * zero (0x0000), are valid. */ -int ksmbd_acquire_smb2_uid(struct ksmbd_ida *ida); -int ksmbd_acquire_async_msg_id(struct ksmbd_ida *ida); +int ksmbd_acquire_smb2_uid(struct ida *ida); +int ksmbd_acquire_async_msg_id(struct ida *ida);

-int ksmbd_acquire_id(struct ksmbd_ida *ida); +int ksmbd_acquire_id(struct ida *ida);

-void ksmbd_release_id(struct ksmbd_ida *ida, int id); +void ksmbd_release_id(struct ida *ida, int id); #endif /* __KSMBD_IDA_MANAGEMENT_H__ */ diff --git a/fs/cifsd/mgmt/user_session.c b/fs/cifsd/mgmt/user_session.c index 52c5c036ecf9..739588a6c96a 100644 --- a/fs/cifsd/mgmt/user_session.c +++ b/fs/cifsd/mgmt/user_session.c @@ -17,7 +17,7 @@ #include "../buffer_pool.h" #include "../vfs_cache.h"

-static struct ksmbd_ida *session_ida; +static DEFINE_IDA(session_ida);

#define SESSION_HASH_BITS 3 static DEFINE_HASHTABLE(sessions_table, SESSION_HASH_BITS); @@ -172,9 +172,7 @@ void ksmbd_session_destroy(struct ksmbd_session *sess) ksmbd_session_rpc_clear_list(sess); free_channel_list(sess); kfree(sess->Preauth_HashValue); - ksmbd_release_id(session_ida, sess->id); - - ksmbd_ida_free(sess->tree_conn_ida); + ksmbd_release_id(&session_ida, sess->id); kfree(sess); }

@@ -254,7 +252,7 @@ struct ksmbd_session *ksmbd_session_lookup_slowpath(unsigned long long id)

static int __init_smb2_session(struct ksmbd_session *sess) { - int id = ksmbd_acquire_smb2_uid(session_ida); + int id = ksmbd_acquire_smb2_uid(&session_ida);

if (id < 0) return -EINVAL; @@ -294,9 +292,7 @@ static struct ksmbd_session *__session_create(int protocol) if (ret) goto error;

- sess->tree_conn_ida = ksmbd_ida_alloc(); - if (!sess->tree_conn_ida) - goto error; + ida_init(&sess->tree_conn_ida);

if (protocol == CIFDS_SESSION_FLAG_SMB2) { down_write(&sessions_table_lock); @@ -320,7 +316,7 @@ int ksmbd_acquire_tree_conn_id(struct ksmbd_session *sess) int id = -EINVAL;

if (test_session_flag(sess, CIFDS_SESSION_FLAG_SMB2)) - id = ksmbd_acquire_smb2_tid(sess->tree_conn_ida); + id = ksmbd_acquire_smb2_tid(&sess->tree_conn_ida);

return id; } @@ -328,18 +324,5 @@ int ksmbd_acquire_tree_conn_id(struct ksmbd_session *sess) void ksmbd_release_tree_conn_id(struct ksmbd_session *sess, int id) { if (id >= 0) - ksmbd_release_id(sess->tree_conn_ida, id); -} - -int ksmbd_init_session_table(void) -{ - session_ida = ksmbd_ida_alloc(); - if (!session_ida) - return -ENOMEM; - return 0; -} - -void ksmbd_free_session_table(void) -{ - ksmbd_ida_free(session_ida); + ksmbd_release_id(&sess->tree_conn_ida, id); } diff --git a/fs/cifsd/mgmt/user_session.h b/fs/cifsd/mgmt/user_session.h index ad5c0430b62a..72b40348bdc4 100644 --- a/fs/cifsd/mgmt/user_session.h +++ b/fs/cifsd/mgmt/user_session.h @@ -16,7 +16,6 @@

#define PREAUTH_HASHVALUE_SIZE 64

-struct ksmbd_ida; struct ksmbd_file_table;

struct channel { @@ -52,7 +51,7 @@ struct ksmbd_session { struct hlist_node hlist; struct list_head ksmbd_chann_list; struct xarray tree_conns; - struct ksmbd_ida *tree_conn_ida; + struct ida tree_conn_ida; struct list_head rpc_handle_list;

@@ -101,8 +100,4 @@ void ksmbd_session_rpc_close(struct ksmbd_session *sess, int id); int ksmbd_session_rpc_method(struct ksmbd_session *sess, int id); int get_session(struct ksmbd_session *sess); void put_session(struct ksmbd_session *sess); - -int ksmbd_init_session_table(void); -void ksmbd_free_session_table(void); - #endif /* __USER_SESSION_MANAGEMENT_H__ */ diff --git a/fs/cifsd/server.c b/fs/cifsd/server.c index 04f959a88a1a..4aff89ce1464 100644 --- a/fs/cifsd/server.c +++ b/fs/cifsd/server.c @@ -537,7 +537,6 @@ static int ksmbd_server_shutdown(void) ksmbd_workqueue_destroy(); ksmbd_ipc_release(); ksmbd_conn_transport_destroy(); - ksmbd_free_session_table(); ksmbd_crypto_destroy(); ksmbd_free_global_file_table(); destroy_lease_table(NULL); @@ -566,10 +565,6 @@ static int __init ksmbd_server_init(void) if (ret) goto err_unregister;

- ret = ksmbd_init_session_table(); - if (ret) - goto err_destroy_pools; - ret = ksmbd_ipc_init(); if (ret) goto err_free_session_table; @@ -600,8 +595,6 @@ static int __init ksmbd_server_init(void) err_ipc_release: ksmbd_ipc_release(); err_free_session_table: - ksmbd_free_session_table(); -err_destroy_pools: ksmbd_destroy_buffer_pools(); err_unregister: class_unregister(&ksmbd_control_class); diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index c1f6361603b9..cc4e8f11c487 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -517,7 +517,7 @@ int init_smb2_rsp_hdr(struct ksmbd_work *work)

work->syncronous = true; if (work->async_id) { - ksmbd_release_id(conn->async_ida, work->async_id); + ksmbd_release_id(&conn->async_ida, work->async_id); work->async_id = 0; }

@@ -685,7 +685,7 @@ int setup_async_work(struct ksmbd_work *work, void (*fn)(void **), void **arg) rsp_hdr = work->response_buf; rsp_hdr->Flags |= SMB2_FLAGS_ASYNC_COMMAND;

- id = ksmbd_acquire_async_msg_id(conn->async_ida); + id = ksmbd_acquire_async_msg_id(&conn->async_ida); if (id < 0) { ksmbd_err("Failed to alloc async message id\n"); return id; diff --git a/fs/cifsd/transport_ipc.c b/fs/cifsd/transport_ipc.c index 60c0289402c1..78061fecf816 100644 --- a/fs/cifsd/transport_ipc.c +++ b/fs/cifsd/transport_ipc.c @@ -35,7 +35,7 @@ static DEFINE_HASHTABLE(ipc_msg_table, IPC_MSG_HASH_BITS); static DECLARE_RWSEM(ipc_msg_table_lock); static DEFINE_MUTEX(startup_lock);

-static struct ksmbd_ida *ida; +static DEFINE_IDA(ipc_ida);

static unsigned int ksmbd_tools_pid;

@@ -247,7 +247,7 @@ static void ipc_msg_free(struct ksmbd_ipc_msg *msg) static void ipc_msg_handle_free(int handle) { if (handle >= 0) - ksmbd_release_id(ida, handle); + ksmbd_release_id(&ipc_ida, handle); }

static int handle_response(int type, void *payload, size_t sz) @@ -512,7 +512,7 @@ struct ksmbd_login_response *ksmbd_ipc_login_request(const char *account)

msg->type = KSMBD_EVENT_LOGIN_REQUEST; req = KSMBD_IPC_MSG_PAYLOAD(msg); - req->handle = ksmbd_acquire_id(ida); + req->handle = ksmbd_acquire_id(&ipc_ida); strscpy(req->account, account, KSMBD_REQ_MAX_ACCOUNT_NAME_SZ);

resp = ipc_msg_send_request(msg, req->handle); @@ -535,7 +535,7 @@ ksmbd_ipc_spnego_authen_request(const char *spnego_blob, int blob_len)

msg->type = KSMBD_EVENT_SPNEGO_AUTHEN_REQUEST; req = KSMBD_IPC_MSG_PAYLOAD(msg); - req->handle = ksmbd_acquire_id(ida); + req->handle = ksmbd_acquire_id(&ipc_ida); req->spnego_blob_len = blob_len; memcpy(req->spnego_blob, spnego_blob, blob_len);

@@ -568,7 +568,7 @@ ksmbd_ipc_tree_connect_request(struct ksmbd_session *sess, msg->type = KSMBD_EVENT_TREE_CONNECT_REQUEST; req = KSMBD_IPC_MSG_PAYLOAD(msg);

- req->handle = ksmbd_acquire_id(ida); + req->handle = ksmbd_acquire_id(&ipc_ida); req->account_flags = sess->user->flags; req->session_id = sess->id; req->connect_id = tree_conn->id; @@ -646,7 +646,7 @@ ksmbd_ipc_share_config_request(const char *name)

msg->type = KSMBD_EVENT_SHARE_CONFIG_REQUEST; req = KSMBD_IPC_MSG_PAYLOAD(msg); - req->handle = ksmbd_acquire_id(ida); + req->handle = ksmbd_acquire_id(&ipc_ida); strscpy(req->share_name, name, KSMBD_REQ_MAX_SHARE_NAME);

resp = ipc_msg_send_request(msg, req->handle); @@ -785,7 +785,7 @@ struct ksmbd_rpc_command *ksmbd_rpc_rap(struct ksmbd_session *sess, void *payloa

msg->type = KSMBD_EVENT_RPC_REQUEST; req = KSMBD_IPC_MSG_PAYLOAD(msg); - req->handle = ksmbd_acquire_id(ida); + req->handle = ksmbd_acquire_id(&ipc_ida); req->flags = rpc_context_flags(sess); req->flags |= KSMBD_RPC_RAP_METHOD; req->payload_sz = payload_sz; @@ -842,18 +842,17 @@ static void ipc_timer_heartbeat(struct work_struct *w)

int ksmbd_ipc_id_alloc(void) { - return ksmbd_acquire_id(ida); + return ksmbd_acquire_id(&ipc_ida); }

void ksmbd_rpc_id_free(int handle) { - ksmbd_release_id(ida, handle); + ksmbd_release_id(&ipc_ida, handle); }

void ksmbd_ipc_release(void) { cancel_delayed_work_sync(&ipc_timer_work); - ksmbd_ida_free(ida); genl_unregister_family(&ksmbd_genl_family); }

@@ -867,7 +866,7 @@ void ksmbd_ipc_soft_reset(void)

int ksmbd_ipc_init(void) { - int ret; + int ret = 0;

ksmbd_nl_init_fixup(); INIT_DELAYED_WORK(&ipc_timer_work, ipc_timer_heartbeat); @@ -875,19 +874,8 @@ int ksmbd_ipc_init(void) ret = genl_register_family(&ksmbd_genl_family); if (ret) { ksmbd_err("Failed to register KSMBD netlink interface %d\n", ret); - goto cancel_work; + cancel_delayed_work_sync(&ipc_timer_work); }

- ida = ksmbd_ida_alloc(); - if (!ida) { - ret = -ENOMEM; - goto unregister; - } - return 0; - -unregister: - genl_unregister_family(&ksmbd_genl_family); -cancel_work: - cancel_delayed_work_sync(&ipc_timer_work); return ret; }

From patchwork Mon Nov 14 12:49:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183137 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:30 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:30 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:29 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 040/308] cifsd: add the check if parent is stable by unexpected rename Date: Mon, 14 Nov 2022 20:49:09 +0800 Message-ID: 20221114125337.1831594-41-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 8944c1d3-c0d5-4de0-a8bc-08dac63c4c0a X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7155905 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit ff1d57272552e4d48e0aab015a457d0297915e0b category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/ff1d57272552

-------------------------------

This patch add the check if parent is stable by unexpected rename.

Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 12 +++--- fs/cifsd/vfs.c | 98 +++++++++++++++++++++++++++++++++++----------- 2 files changed, 80 insertions(+), 30 deletions(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index cc4e8f11c487..3fbd8e4925bb 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -2844,12 +2844,10 @@ int smb2_open(struct ksmbd_work *work) * is already granted. */ if (daccess & ~(FILE_READ_ATTRIBUTES_LE | FILE_READ_CONTROL_LE)) { - if (ksmbd_vfs_inode_permission(path.dentry, - open_flags & O_ACCMODE, - may_delete)) { - rc = -EACCES; + rc = ksmbd_vfs_inode_permission(path.dentry, + open_flags & O_ACCMODE, may_delete); + if (rc) goto err_out; - } } }

@@ -3260,7 +3258,7 @@ int smb2_open(struct ksmbd_work *work) rsp->hdr.Status = STATUS_INVALID_PARAMETER; else if (rc == -EOPNOTSUPP) rsp->hdr.Status = STATUS_NOT_SUPPORTED; - else if (rc == -EACCES) + else if (rc == -EACCES || rc == -ESTALE) rsp->hdr.Status = STATUS_ACCESS_DENIED; else if (rc == -ENOENT) rsp->hdr.Status = STATUS_OBJECT_NAME_INVALID; @@ -5938,7 +5936,7 @@ int smb2_set_info(struct ksmbd_work *work) rsp->hdr.Status = STATUS_DIRECTORY_NOT_EMPTY; else if (rc == -EAGAIN) rsp->hdr.Status = STATUS_FILE_LOCK_CONFLICT; - else if (rc == -EBADF) + else if (rc == -EBADF || rc == -ESTALE) rsp->hdr.Status = STATUS_INVALID_HANDLE; else if (rc == -EEXIST) rsp->hdr.Status = STATUS_OBJECT_NAME_COLLISION; diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index 5985d2d1f276..f818aeff244f 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -70,7 +70,7 @@ static void ksmbd_vfs_inherit_owner(struct ksmbd_work *work,

int ksmbd_vfs_inode_permission(struct dentry *dentry, int acc_mode, bool delete) { - int mask; + int mask, ret = 0;

mask = 0; acc_mode &= O_ACCMODE; @@ -86,24 +86,39 @@ int ksmbd_vfs_inode_permission(struct dentry *dentry, int acc_mode, bool delete) return -EACCES;

if (delete) { - struct dentry *parent; + struct dentry *child, *parent;

parent = dget_parent(dentry); - if (!parent) - return -EINVAL; + inode_lock_nested(d_inode(parent), I_MUTEX_PARENT); + child = lookup_one_len(dentry->d_name.name, parent, + dentry->d_name.len); + if (IS_ERR(child)) { + ret = PTR_ERR(child); + goto out_lock; + } + + if (child != dentry) { + ret = -ESTALE; + dput(child); + goto out_lock; + } + dput(child);

if (inode_permission(&init_user_ns, d_inode(parent), MAY_EXEC | MAY_WRITE)) { - dput(parent); - return -EACCES; + ret = -EACCES; + goto out_lock; } +out_lock: + inode_unlock(d_inode(parent)); dput(parent); } - return 0; + return ret; }

int ksmbd_vfs_query_maximal_access(struct dentry *dentry, __le32 *daccess) { - struct dentry *parent; + struct dentry *parent, *child; + int ret = 0;

*daccess = cpu_to_le32(FILE_READ_ATTRIBUTES | READ_CONTROL);

@@ -120,13 +135,28 @@ int ksmbd_vfs_query_maximal_access(struct dentry *dentry, __le32 *daccess) *daccess |= FILE_EXECUTE_LE;

parent = dget_parent(dentry); - if (!parent) - return 0; + inode_lock_nested(d_inode(parent), I_MUTEX_PARENT); + child = lookup_one_len(dentry->d_name.name, parent, + dentry->d_name.len); + if (IS_ERR(child)) { + ret = PTR_ERR(child); + goto out_lock; + } + + if (child != dentry) { + ret = -ESTALE; + dput(child); + goto out_lock; + } + dput(child);

if (!inode_permission(&init_user_ns, d_inode(parent), MAY_EXEC | MAY_WRITE)) *daccess |= FILE_DELETE_LE; + +out_lock: + inode_unlock(d_inode(parent)); dput(parent); - return 0; + return ret; }

/** @@ -726,7 +756,7 @@ int ksmbd_vfs_fp_rename(struct ksmbd_work *work, struct ksmbd_file *fp, { struct path dst_path; struct dentry *src_dent_parent, *dst_dent_parent; - struct dentry *src_dent, *trap_dent; + struct dentry *src_dent, *trap_dent, *src_child; char *dst_name; int err;

@@ -735,11 +765,7 @@ int ksmbd_vfs_fp_rename(struct ksmbd_work *work, struct ksmbd_file *fp, return -EINVAL;

src_dent_parent = dget_parent(fp->filp->f_path.dentry); - if (!src_dent_parent) - return -EINVAL; - src_dent = fp->filp->f_path.dentry; - dget(src_dent);

err = kern_path(newname, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &dst_path); if (err) { @@ -747,20 +773,36 @@ int ksmbd_vfs_fp_rename(struct ksmbd_work *work, struct ksmbd_file *fp, goto out; } dst_dent_parent = dst_path.dentry; - dget(dst_dent_parent);

trap_dent = lock_rename(src_dent_parent, dst_dent_parent); + dget(src_dent); + dget(dst_dent_parent); + src_child = lookup_one_len(src_dent->d_name.name, src_dent_parent, + src_dent->d_name.len); + if (IS_ERR(src_child)) { + err = PTR_ERR(src_child); + goto out_lock; + } + + if (src_child != src_dent) { + err = -ESTALE; + dput(src_child); + goto out_lock; + } + dput(src_child); + err = __ksmbd_vfs_rename(work, src_dent_parent, src_dent, dst_dent_parent, trap_dent, dst_name); - unlock_rename(src_dent_parent, dst_dent_parent); +out_lock: + dput(src_dent); dput(dst_dent_parent); + unlock_rename(src_dent_parent, dst_dent_parent); path_put(&dst_path); out: - dput(src_dent); dput(src_dent_parent); return err; } @@ -1050,23 +1092,33 @@ int ksmbd_vfs_remove_xattr(struct dentry *dentry, char *attr_name)

int ksmbd_vfs_unlink(struct dentry *dir, struct dentry *dentry) { + struct dentry *child; int err = 0;

- dget(dentry); inode_lock_nested(d_inode(dir), I_MUTEX_PARENT); - if (!d_inode(dentry) || !d_inode(dentry)->i_nlink) { - err = -ENOENT; + dget(dentry); + child = lookup_one_len(dentry->d_name.name, dir, + dentry->d_name.len); + if (IS_ERR(child)) { + err = PTR_ERR(child); goto out; }

+ if (child != dentry) { + err = -ESTALE; + dput(child); + goto out; + } + dput(child); + if (S_ISDIR(d_inode(dentry)->i_mode)) err = vfs_rmdir(&init_user_ns, d_inode(dir), dentry); else err = vfs_unlink(&init_user_ns, d_inode(dir), dentry, NULL);

out: - inode_unlock(d_inode(dir)); dput(dentry); + inode_unlock(d_inode(dir)); if (err) ksmbd_debug(VFS, "failed to delete, err %d\n", err);

From patchwork Mon Nov 14 12:49:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183138 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:31 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:30 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:30 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 041/308] cifsd: get parent dentry from child in ksmbd_vfs_remove_file() Date: Mon, 14 Nov 2022 20:49:10 +0800 Message-ID: 20221114125337.1831594-42-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 01ce8f9b-4b4f-4ee3-acd2-08dac63c4c53 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6905770 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 7c3d3e99ca29f0abd5443353fe018a1368f08c43 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/7c3d3e99ca29

-------------------------------

To remove the file, We have parsed full pathname to divide parent path and filename. It is a better way to get parent dentry from child dentry that obtained by lookup with given pathname.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/vfs.c | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-)

diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index f818aeff244f..010dfddb6240 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -578,31 +578,28 @@ int ksmbd_vfs_fsync(struct ksmbd_work *work, u64 fid, u64 p_id) */ int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name) { - struct path parent; - struct dentry *dentry; - char *last; + struct path path; + struct dentry *dentry, *parent; int err;

- last = extract_last_component(name); - if (!last) - return -EINVAL; - if (ksmbd_override_fsids(work)) return -ENOMEM;

- err = kern_path(name, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &parent); + err = kern_path(name, LOOKUP_FOLLOW, &path); if (err) { ksmbd_debug(VFS, "can't get %s, err %d\n", name, err); ksmbd_revert_fsids(work); - rollback_path_modification(last); return err; }

- inode_lock_nested(d_inode(parent.dentry), I_MUTEX_PARENT); - dentry = lookup_one_len(last, parent.dentry, strlen(last)); + parent = dget_parent(path.dentry); + inode_lock_nested(d_inode(parent), I_MUTEX_PARENT); + dentry = lookup_one_len(path.dentry->d_name.name, parent, + strlen(path.dentry->d_name.name)); if (IS_ERR(dentry)) { err = PTR_ERR(dentry); - ksmbd_debug(VFS, "%s: lookup failed, err %d\n", last, err); + ksmbd_debug(VFS, "%s: lookup failed, err %d\n", + path.dentry->d_name.name, err); goto out_err; }

@@ -613,12 +610,12 @@ int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name) }

if (S_ISDIR(d_inode(dentry)->i_mode)) { - err = vfs_rmdir(&init_user_ns, d_inode(parent.dentry), dentry); + err = vfs_rmdir(&init_user_ns, d_inode(parent), dentry); if (err && err != -ENOTEMPTY) ksmbd_debug(VFS, "%s: rmdir failed, err %d\n", name, err); } else { - err = vfs_unlink(&init_user_ns, d_inode(parent.dentry), dentry, NULL); + err = vfs_unlink(&init_user_ns, d_inode(parent), dentry, NULL); if (err) ksmbd_debug(VFS, "%s: unlink failed, err %d\n", name, err); @@ -626,9 +623,9 @@ int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name)

dput(dentry); out_err: - inode_unlock(d_inode(parent.dentry)); - rollback_path_modification(last); - path_put(&parent); + inode_unlock(d_inode(parent)); + dput(parent); + path_put(&path); ksmbd_revert_fsids(work); return err; }

From patchwork Mon Nov 14 12:49:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183139 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:31 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:31 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:30 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 042/308] cifsd: re-implement ksmbd_vfs_kern_path Date: Mon, 14 Nov 2022 20:49:11 +0800 Message-ID: 20221114125337.1831594-43-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: d9bcfa1a-7e5d-4194-8aee-08dac63c4c9c X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7289007 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit 3c20378325c710e7257b22ba333310771be51192 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/3c20378325c7

-------------------------------

re-implement ksmbd_vfs_kern_path() to change recursion to iteration.

Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/vfs.c | 103 +++++++++++++++++++++++++++++-------------------- 1 file changed, 61 insertions(+), 42 deletions(-)

diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index 010dfddb6240..d8259ca2493e 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -50,14 +50,6 @@ static char *extract_last_component(char *path) return p; }

-static void rollback_path_modification(char *filename) -{ - if (filename) { - filename--; - *filename = '/'; - } -} - static void ksmbd_vfs_inherit_owner(struct ksmbd_work *work, struct inode *parent_inode, struct inode *inode) { @@ -1231,44 +1223,32 @@ static int __caseless_lookup(struct dir_context *ctx, const char *name,

/** * ksmbd_vfs_lookup_in_dir() - lookup a file in a directory - * @dirname: directory name - * @filename: filename to lookup + * @dir: path info + * @name: filename to lookup + * @namelen: filename length * * Return: 0 on success, otherwise error */ -static int ksmbd_vfs_lookup_in_dir(char *dirname, char *filename) +static int ksmbd_vfs_lookup_in_dir(struct path *dir, char *name, size_t namelen) { - struct path dir_path; int ret; struct file *dfilp; int flags = O_RDONLY | O_LARGEFILE; - int dirnamelen = strlen(dirname); struct ksmbd_readdir_data readdir_data = { .ctx.actor = __caseless_lookup, - .private = filename, - .used = strlen(filename), + .private = name, + .used = namelen, + .dirent_count = 0, };

- ret = ksmbd_vfs_kern_path(dirname, 0, &dir_path, true); - if (ret) - goto error; - - dfilp = dentry_open(&dir_path, flags, current_cred()); - if (IS_ERR(dfilp)) { - path_put(&dir_path); - ksmbd_err("cannot open directory %s\n", dirname); - ret = -EINVAL; - goto error; - } + dfilp = dentry_open(dir, flags, current_cred()); + if (IS_ERR(dfilp)) + return PTR_ERR(dfilp);

ret = ksmbd_vfs_readdir(dfilp, &readdir_data); if (readdir_data.dirent_count > 0) ret = 0; - fput(dfilp); - path_put(&dir_path); -error: - dirname[dirnamelen] = '/'; return ret; }

@@ -1284,30 +1264,69 @@ static int ksmbd_vfs_lookup_in_dir(char *dirname, char *filename) int ksmbd_vfs_kern_path(char *name, unsigned int flags, struct path *path, bool caseless) { - char *filename = NULL; int err;

+ if (name[0] != '/') + return -EINVAL; + err = kern_path(name, flags, path); if (!err) - return err; + return 0;

if (caseless) { - filename = extract_last_component(name); - if (!filename) - goto out; + char *filepath; + struct path parent; + size_t path_len, remain_len;

- /* root reached */ - if (strlen(name) == 0) - goto out; + filepath = kstrdup(name, GFP_KERNEL); + if (!filepath) + return -ENOMEM; + + path_len = strlen(filepath); + remain_len = path_len - 1;

- err = ksmbd_vfs_lookup_in_dir(name, filename); + err = kern_path("/", flags, &parent); if (err) goto out; - err = kern_path(name, flags, path); - }

+ while (d_can_lookup(parent.dentry)) { + char *filename = filepath + path_len - remain_len; + char *next = strchrnul(filename, '/'); + size_t filename_len = next - filename; + bool is_last = !next[0]; + + if (filename_len == 0) + break; + + err = ksmbd_vfs_lookup_in_dir(&parent, filename, + filename_len); + if (err) { + path_put(&parent); + goto out; + } + + path_put(&parent); + next[0] = '\0'; + + err = kern_path(filepath, flags, &parent); + if (err) + goto out; + + if (is_last) { + path->mnt = parent.mnt; + path->dentry = parent.dentry; + goto out; + } + + next[0] = '/'; + remain_len -= filename_len + 1; + } + + path_put(&parent); + err = -EINVAL; out: - rollback_path_modification(filename); + kfree(filepath); + } return err; }

From patchwork Mon Nov 14 12:49:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183140 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:32 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:31 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:31 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 043/308] cifsd: fix reference count decrement of unclaimed file in __ksmbd_lookup_fd Date: Mon, 14 Nov 2022 20:49:12 +0800 Message-ID: 20221114125337.1831594-44-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: e6d9c7db-3e1a-41d9-1d0e-08dac63c4ce5 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6958624 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit 24b626967d9574a477acf2ab94f55c847d04939a category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/24b626967d95

-------------------------------

__ksmbd_lookup_fd could decrement the reference count of unclaimed ksmbd_file to 0 but not release this ksmbd_file.

ksmbd_file cannot be unclaimed except ksmbd_close_inode_fds(), because ksmbd_file is only removed from the m_fp_list list after the reference count of ksmbd_file becomes 0. And if the count is 0, __ksmbd_lookup_fd does not use ksmbd_file found from idr due to atomic_inc_not_zero.

Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 5 ----- fs/cifsd/vfs_cache.c | 53 -------------------------------------------- 2 files changed, 58 deletions(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 3fbd8e4925bb..08b06ec97e22 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -2779,11 +2779,6 @@ int smb2_open(struct ksmbd_work *work) goto err_out; }

- if (server_conf.flags & KSMBD_GLOBAL_FLAG_DURABLE_HANDLE && - file_present) - file_present = ksmbd_close_inode_fds(work, - d_inode(path.dentry)); - daccess = smb_map_generic_desired_access(req->DesiredAccess);

if (file_present && !(req->CreateOptions & FILE_DELETE_ON_CLOSE_LE)) { diff --git a/fs/cifsd/vfs_cache.c b/fs/cifsd/vfs_cache.c index f2a863542dc7..3ab06e0b723c 100644 --- a/fs/cifsd/vfs_cache.c +++ b/fs/cifsd/vfs_cache.c @@ -328,25 +328,13 @@ static struct ksmbd_file *ksmbd_fp_get(struct ksmbd_file *fp) static struct ksmbd_file *__ksmbd_lookup_fd(struct ksmbd_file_table *ft, unsigned int id) { - bool unclaimed = true; struct ksmbd_file *fp;

read_lock(&ft->lock); fp = idr_find(ft->idr, id); if (fp) fp = ksmbd_fp_get(fp); - - if (fp && fp->f_ci) { - read_lock(&fp->f_ci->m_lock); - unclaimed = list_empty(&fp->node); - read_unlock(&fp->f_ci->m_lock); - } read_unlock(&ft->lock); - - if (fp && unclaimed) { - atomic_dec(&fp->refcount); - return NULL; - } return fp; }

@@ -754,47 +742,6 @@ int ksmbd_reopen_durable_fd(struct ksmbd_work *work, struct ksmbd_file *fp) return 0; }

-static void close_fd_list(struct ksmbd_work *work, struct list_head *head) -{ - while (!list_empty(head)) { - struct ksmbd_file *fp; - - fp = list_first_entry(head, struct ksmbd_file, node); - list_del_init(&fp->node); - - __ksmbd_close_fd(&work->sess->file_table, fp); - } -} - -int ksmbd_close_inode_fds(struct ksmbd_work *work, struct inode *inode) -{ - struct ksmbd_inode *ci; - bool unlinked = true; - struct ksmbd_file *fp, *fptmp; - LIST_HEAD(dispose); - - ci = ksmbd_inode_lookup_by_vfsinode(inode); - if (!ci) - return true; - - if (ci->m_flags & (S_DEL_ON_CLS | S_DEL_PENDING)) - unlinked = false; - - write_lock(&ci->m_lock); - list_for_each_entry_safe(fp, fptmp, &ci->m_fp_list, node) { - if (fp->conn) - continue; - - list_del(&fp->node); - list_add(&fp->node, &dispose); - } - atomic_dec(&ci->m_count); - write_unlock(&ci->m_lock); - - close_fd_list(work, &dispose); - return unlinked; -} - int ksmbd_file_table_flush(struct ksmbd_work *work) { struct ksmbd_file *fp = NULL;

From patchwork Mon Nov 14 12:49:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183141 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:32 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:32 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:31 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 044/308] cifsd: Remove smb2_put_name() Date: Mon, 14 Nov 2022 20:49:13 +0800 Message-ID: 20221114125337.1831594-45-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 60945999-a68b-4633-fad9-08dac63c4d2d X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6929266 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Marios Makassikis mmakassikis@freebox.fr

mainline inclusion from mainline-5.15-rc1 commit 915f570a971b4e5abd95e8b169dd41c120ab5a5b category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/915f570a971b

-------------------------------

smb2_put_name() is called twice, and both call sites do the IS_ERR() check before.

Signed-off-by: Marios Makassikis mmakassikis@freebox.fr Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 08b06ec97e22..1ff0b20ff7b8 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -666,16 +666,6 @@ smb2_get_name(struct ksmbd_share_config *share, const char *src, return unixname; }

-/** - * smb2_put_name() - free memory allocated for filename - * @name: filename pointer to be freed - */ -static void smb2_put_name(void *name) -{ - if (!IS_ERR(name)) - kfree(name); -} - int setup_async_work(struct ksmbd_work *work, void (*fn)(void **), void **arg) { struct smb2_hdr *rsp_hdr; @@ -5418,7 +5408,7 @@ static int smb2_rename(struct ksmbd_work *work, struct ksmbd_file *fp, out: kfree(pathname); if (!IS_ERR(new_name)) - smb2_put_name(new_name); + kfree(new_name); return rc; }

@@ -5483,7 +5473,7 @@ static int smb2_create_link(struct ksmbd_work *work, rc = -EINVAL; out: if (!IS_ERR(link_name)) - smb2_put_name(link_name); + kfree(link_name); kfree(pathname); return rc; }

From patchwork Mon Nov 14 12:49:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183142 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:33 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:32 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:32 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 045/308] cifsd: remove unused smberr.h Date: Mon, 14 Nov 2022 20:49:14 +0800 Message-ID: 20221114125337.1831594-46-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: af7dda38-2b9a-46a7-1a5f-08dac63c4d76 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7110645 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 7e8094a73e522635a85fb5ad82847b544f4448bf category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/7e8094a73e52

-------------------------------

smberr.h is a leftover of SMB1. This patch remove unused smberr.h.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/glob.h | 1 - fs/cifsd/netmisc.c | 1 - fs/cifsd/smberr.h | 235 --------------------------------------------- 3 files changed, 237 deletions(-) delete mode 100644 fs/cifsd/smberr.h

diff --git a/fs/cifsd/glob.h b/fs/cifsd/glob.h index 9d70093a837a..ffeaf8aa5595 100644 --- a/fs/cifsd/glob.h +++ b/fs/cifsd/glob.h @@ -11,7 +11,6 @@

#include "unicode.h" #include "vfs_cache.h" -#include "smberr.h"

#define KSMBD_VERSION "3.1.9"

diff --git a/fs/cifsd/netmisc.c b/fs/cifsd/netmisc.c index 5d0327d87397..8f052434b64c 100644 --- a/fs/cifsd/netmisc.c +++ b/fs/cifsd/netmisc.c @@ -8,7 +8,6 @@ */

#include "glob.h" -#include "smberr.h" #include "nterr.h" #include "smb_common.h"

diff --git a/fs/cifsd/smberr.h b/fs/cifsd/smberr.h deleted file mode 100644 index ce842303ae1f..000000000000 --- a/fs/cifsd/smberr.h +++ /dev/null @@ -1,235 +0,0 @@ -/* SPDX-License-Identifier: LGPL-2.1+ */ -/* - * Copyright (c) International Business Machines Corp., 2002,2004 - * Author(s): Steve French (sfrench@us.ibm.com) - * - * See Error Codes section of the SNIA CIFS Specification - * for more information - */ -#ifndef __KSMBD_SMBERR_H -#define __KSMBD_SMBERR_H - -#define SUCCESS 0x00 /* The request was successful. */ -#define ERRDOS 0x01 /* Error is from the core DOS operating system set */ -#define ERRSRV 0x02 /* Error is generated by the file server daemon */ -#define ERRHRD 0x03 /* Error is a hardware error. */ -#define ERRCMD 0xFF /* Command was not in the "SMB" format. */ - -/* The following error codes may be generated with the SUCCESS error class.*/ - -/*#define SUCCESS 0 The request was successful. */ - -/* The following error codes may be generated with the ERRDOS error class.*/ - -#define ERRbadfunc 1 /* - * Invalid function. The server did not - * recognize or could not perform a - * system call generated by the server, - * e.g., set the DIRECTORY attribute on - * a data file, invalid seek mode. - */ -#define ERRbadfile 2 /* - * File not found. The last component - * of a file's pathname could not be - * found. - */ -#define ERRbadpath 3 /* - * Directory invalid. A directory - * component in a pathname could not be - * found. - */ -#define ERRnofids 4 /* - * Too many open files. The server has - * no file handles available. - */ -#define ERRnoaccess 5 /* - * Access denied, the client's context - * does not permit the requested - * function. This includes the - * following conditions: invalid rename - * command, write to Fid open for read - * only, read on Fid open for write - * only, attempt to delete a non-empty - * directory - */ -#define ERRbadfid 6 /* - * Invalid file handle. The file handle - * specified was not recognized by the - * server. - */ -#define ERRbadmcb 7 /* Memory control blocks destroyed. */ -#define ERRnomem 8 /* - * Insufficient server memory to - * perform the requested function. - */ -#define ERRbadmem 9 /* Invalid memory block address. */ -#define ERRbadenv 10 /* Invalid environment. */ -#define ERRbadformat 11 /* Invalid format. */ -#define ERRbadaccess 12 /* Invalid open mode. */ -#define ERRbaddata 13 /* - * Invalid data (generated only by - * IOCTL calls within the server). - */ -#define ERRbaddrive 15 /* Invalid drive specified. */ -#define ERRremcd 16 /* - * A Delete Directory request attempted - * to remove the server's current - * directory. - */ -#define ERRdiffdevice 17 /* - * Not same device (e.g., a cross - * volume rename was attempted - */ -#define ERRnofiles 18 /* - * A File Search command can find no - * more files matching the specified - * criteria. - */ -#define ERRwriteprot 19 /* media is write protected */ -#define ERRgeneral 31 -#define ERRbadshare 32 /* - * The sharing mode specified for an - * Open conflicts with existing FIDs on - * the file. - */ -#define ERRlock 33 /* - * A Lock request conflicted with an - * existing lock or specified an - * invalid mode, or an Unlock requested - * attempted to remove a lock held by - * another process. - */ -#define ERRunsup 50 -#define ERRnosuchshare 67 -#define ERRfilexists 80 /* - * The file named in the request - * already exists. - */ -#define ERRinvparm 87 -#define ERRdiskfull 112 -#define ERRinvname 123 -#define ERRinvlevel 124 -#define ERRdirnotempty 145 -#define ERRnotlocked 158 -#define ERRcancelviolation 173 -#define ERRnoatomiclocks 174 -#define ERRalreadyexists 183 -#define ERRbadpipe 230 -#define ERRpipebusy 231 -#define ERRpipeclosing 232 -#define ERRnotconnected 233 -#define ERRmoredata 234 -#define ERReasnotsupported 282 -#define ErrQuota 0x200 /* - * The operation would cause a quota - * limit to be exceeded. - */ -#define ErrNotALink 0x201 /* - * A link operation was performed on a - * pathname that was not a link. - */ - -/* - * Below errors are used internally (do not come over the wire) for passthrough - * from STATUS codes to POSIX only - */ -#define ERRsymlink 0xFFFD -#define ErrTooManyLinks 0xFFFE - -/* Following error codes may be generated with the ERRSRV error class.*/ - -#define ERRerror 1 /* - * Non-specific error code. It is - * returned under the following - * conditions: resource other than disk - * space exhausted (e.g. TIDs), first - * SMB command was not negotiate, - * multiple negotiates attempted, and - * internal server error. - */ -#define ERRbadpw 2 /* - * Bad password - name/password pair in - * a TreeConnect or Session Setup are - * invalid. - */ -#define ERRbadtype 3 /* - * used for indicating DFS referral - * needed - */ -#define ERRaccess 4 /* - * The client does not have the - * necessary access rights within the - * specified context for requested - * function. - */ -#define ERRinvtid 5 /* - * The Tid specified in a command was - * invalid. - */ -#define ERRinvnetname 6 /* - * Invalid network name in tree - * connect. - */ -#define ERRinvdevice 7 /* - * Invalid device - printer request - * made to non-printer connection or - * non-printer request made to printer - * connection. - */ -#define ERRqfull 49 /* - * Print queue full (files) -- returned - * by open print file. - */ -#define ERRqtoobig 50 /* Print queue full -- no space. */ -#define ERRqeof 51 /* EOF on print queue dump */ -#define ERRinvpfid 52 /* Invalid print file FID. */ -#define ERRsmbcmd 64 /* - * The server did not recognize the - * command received. - */ -#define ERRsrverror 65 /* - * The server encountered an internal - * error, e.g., system file - * unavailable. - */ -#define ERRbadBID 66 /* (obsolete) */ -#define ERRfilespecs 67 /* - * The Fid and pathname parameters - * contained an invalid combination of - * values. - */ -#define ERRbadLink 68 /* (obsolete) */ -#define ERRbadpermits 69 /* - * The access permissions specified for - * a file or directory are not a valid - * combination. - */ -#define ERRbadPID 70 -#define ERRsetattrmode 71 /* attribute (mode) is invalid */ -#define ERRpaused 81 /* Server is paused */ -#define ERRmsgoff 82 /* reserved - messaging off */ -#define ERRnoroom 83 /* reserved - no room for message */ -#define ERRrmuns 87 /* reserved - too many remote names */ -#define ERRtimeout 88 /* operation timed out */ -#define ERRnoresource 89 /* No resources available for request */ -#define ERRtoomanyuids 90 /* - * Too many UIDs active on this session - */ -#define ERRbaduid 91 /* - * The UID is not known as a valid user - */ -#define ERRusempx 250 /* temporarily unable to use raw */ -#define ERRusestd 251 /* - * temporarily unable to use either raw - * or mpx - */ -#define ERR_NOTIFY_ENUM_DIR 1024 -#define ERRnoSuchUser 2238 /* user account does not exist */ -#define ERRaccountexpired 2239 -#define ERRbadclient 2240 /* can not logon from this client */ -#define ERRbadLogonTime 2241 /* logon hours do not allow this */ -#define ERRpasswordExpired 2242 -#define ERRnetlogonNotStarted 2455 -#define ERRnosupport 0xFFFF - -#endif /* __KSMBD_SMBERR_H */

From patchwork Mon Nov 14 12:49:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183143 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:33 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:33 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:32 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 046/308] cifsd: remove unused nterr.c file Date: Mon, 14 Nov 2022 20:49:15 +0800 Message-ID: 20221114125337.1831594-47-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: bddb25dd-168f-46bd-913e-08dac63c4dbf X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7262994 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 2efec2dee861000263d255a24f7a7c6d82c749d1 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/2efec2dee861

-------------------------------

Remove unused nterr.c file.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/nterr.c | 674 ----------------------------------------------- fs/cifsd/nterr.h | 7 - 2 files changed, 681 deletions(-) delete mode 100644 fs/cifsd/nterr.c

diff --git a/fs/cifsd/nterr.c b/fs/cifsd/nterr.c deleted file mode 100644 index 358a766375b4..000000000000 --- a/fs/cifsd/nterr.c +++ /dev/null @@ -1,674 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0-or-later -/* - * Unix SMB/Netbios implementation. - * Version 1.9. - * RPC Pipe client / server routines - * Copyright (C) Luke Kenneth Casson Leighton 1997-2001. - */ - -/* NT error codes - see nterr.h */ -#include <linux/types.h> -#include <linux/fs.h> -#include "nterr.h" - -const struct nt_err_code_struct nt_errs[] = { - {"NT_STATUS_OK", NT_STATUS_OK}, - {"NT_STATUS_UNSUCCESSFUL", NT_STATUS_UNSUCCESSFUL}, - {"NT_STATUS_NOT_IMPLEMENTED", NT_STATUS_NOT_IMPLEMENTED}, - {"NT_STATUS_INVALID_INFO_CLASS", NT_STATUS_INVALID_INFO_CLASS}, - {"NT_STATUS_INFO_LENGTH_MISMATCH", NT_STATUS_INFO_LENGTH_MISMATCH}, - {"NT_STATUS_ACCESS_VIOLATION", NT_STATUS_ACCESS_VIOLATION}, - {"NT_STATUS_BUFFER_OVERFLOW", NT_STATUS_BUFFER_OVERFLOW}, - {"NT_STATUS_IN_PAGE_ERROR", NT_STATUS_IN_PAGE_ERROR}, - {"NT_STATUS_PAGEFILE_QUOTA", NT_STATUS_PAGEFILE_QUOTA}, - {"NT_STATUS_INVALID_HANDLE", NT_STATUS_INVALID_HANDLE}, - {"NT_STATUS_BAD_INITIAL_STACK", NT_STATUS_BAD_INITIAL_STACK}, - {"NT_STATUS_BAD_INITIAL_PC", NT_STATUS_BAD_INITIAL_PC}, - {"NT_STATUS_INVALID_CID", NT_STATUS_INVALID_CID}, - {"NT_STATUS_TIMER_NOT_CANCELED", NT_STATUS_TIMER_NOT_CANCELED}, - {"NT_STATUS_INVALID_PARAMETER", NT_STATUS_INVALID_PARAMETER}, - {"NT_STATUS_NO_SUCH_DEVICE", NT_STATUS_NO_SUCH_DEVICE}, - {"NT_STATUS_NO_SUCH_FILE", NT_STATUS_NO_SUCH_FILE}, - {"NT_STATUS_INVALID_DEVICE_REQUEST", - NT_STATUS_INVALID_DEVICE_REQUEST}, - {"NT_STATUS_END_OF_FILE", NT_STATUS_END_OF_FILE}, - {"NT_STATUS_WRONG_VOLUME", NT_STATUS_WRONG_VOLUME}, - {"NT_STATUS_NO_MEDIA_IN_DEVICE", NT_STATUS_NO_MEDIA_IN_DEVICE}, - {"NT_STATUS_UNRECOGNIZED_MEDIA", NT_STATUS_UNRECOGNIZED_MEDIA}, - {"NT_STATUS_NONEXISTENT_SECTOR", NT_STATUS_NONEXISTENT_SECTOR}, - {"NT_STATUS_MORE_PROCESSING_REQUIRED", - NT_STATUS_MORE_PROCESSING_REQUIRED}, - {"NT_STATUS_NO_MEMORY", NT_STATUS_NO_MEMORY}, - {"NT_STATUS_CONFLICTING_ADDRESSES", - NT_STATUS_CONFLICTING_ADDRESSES}, - {"NT_STATUS_NOT_MAPPED_VIEW", NT_STATUS_NOT_MAPPED_VIEW}, - {"NT_STATUS_UNABLE_TO_FREE_VM", NT_STATUS_UNABLE_TO_FREE_VM}, - {"NT_STATUS_UNABLE_TO_DELETE_SECTION", - NT_STATUS_UNABLE_TO_DELETE_SECTION}, - {"NT_STATUS_INVALID_SYSTEM_SERVICE", - NT_STATUS_INVALID_SYSTEM_SERVICE}, - {"NT_STATUS_ILLEGAL_INSTRUCTION", NT_STATUS_ILLEGAL_INSTRUCTION}, - {"NT_STATUS_INVALID_LOCK_SEQUENCE", - NT_STATUS_INVALID_LOCK_SEQUENCE}, - {"NT_STATUS_INVALID_VIEW_SIZE", NT_STATUS_INVALID_VIEW_SIZE}, - {"NT_STATUS_INVALID_FILE_FOR_SECTION", - NT_STATUS_INVALID_FILE_FOR_SECTION}, - {"NT_STATUS_ALREADY_COMMITTED", NT_STATUS_ALREADY_COMMITTED}, - {"NT_STATUS_ACCESS_DENIED", NT_STATUS_ACCESS_DENIED}, - {"NT_STATUS_BUFFER_TOO_SMALL", NT_STATUS_BUFFER_TOO_SMALL}, - {"NT_STATUS_OBJECT_TYPE_MISMATCH", NT_STATUS_OBJECT_TYPE_MISMATCH}, - {"NT_STATUS_NONCONTINUABLE_EXCEPTION", - NT_STATUS_NONCONTINUABLE_EXCEPTION}, - {"NT_STATUS_INVALID_DISPOSITION", NT_STATUS_INVALID_DISPOSITION}, - {"NT_STATUS_UNWIND", NT_STATUS_UNWIND}, - {"NT_STATUS_BAD_STACK", NT_STATUS_BAD_STACK}, - {"NT_STATUS_INVALID_UNWIND_TARGET", - NT_STATUS_INVALID_UNWIND_TARGET}, - {"NT_STATUS_NOT_LOCKED", NT_STATUS_NOT_LOCKED}, - {"NT_STATUS_PARITY_ERROR", NT_STATUS_PARITY_ERROR}, - {"NT_STATUS_UNABLE_TO_DECOMMIT_VM", - NT_STATUS_UNABLE_TO_DECOMMIT_VM}, - {"NT_STATUS_NOT_COMMITTED", NT_STATUS_NOT_COMMITTED}, - {"NT_STATUS_INVALID_PORT_ATTRIBUTES", - NT_STATUS_INVALID_PORT_ATTRIBUTES}, - {"NT_STATUS_PORT_MESSAGE_TOO_LONG", - NT_STATUS_PORT_MESSAGE_TOO_LONG}, - {"NT_STATUS_INVALID_PARAMETER_MIX", - NT_STATUS_INVALID_PARAMETER_MIX}, - {"NT_STATUS_INVALID_QUOTA_LOWER", NT_STATUS_INVALID_QUOTA_LOWER}, - {"NT_STATUS_DISK_CORRUPT_ERROR", NT_STATUS_DISK_CORRUPT_ERROR}, - {"NT_STATUS_OBJECT_NAME_INVALID", NT_STATUS_OBJECT_NAME_INVALID}, - {"NT_STATUS_OBJECT_NAME_NOT_FOUND", - NT_STATUS_OBJECT_NAME_NOT_FOUND}, - {"NT_STATUS_OBJECT_NAME_COLLISION", - NT_STATUS_OBJECT_NAME_COLLISION}, - {"NT_STATUS_HANDLE_NOT_WAITABLE", NT_STATUS_HANDLE_NOT_WAITABLE}, - {"NT_STATUS_PORT_DISCONNECTED", NT_STATUS_PORT_DISCONNECTED}, - {"NT_STATUS_DEVICE_ALREADY_ATTACHED", - NT_STATUS_DEVICE_ALREADY_ATTACHED}, - {"NT_STATUS_OBJECT_PATH_INVALID", NT_STATUS_OBJECT_PATH_INVALID}, - {"NT_STATUS_OBJECT_PATH_NOT_FOUND", - NT_STATUS_OBJECT_PATH_NOT_FOUND}, - {"NT_STATUS_OBJECT_PATH_SYNTAX_BAD", - NT_STATUS_OBJECT_PATH_SYNTAX_BAD}, - {"NT_STATUS_DATA_OVERRUN", NT_STATUS_DATA_OVERRUN}, - {"NT_STATUS_DATA_LATE_ERROR", NT_STATUS_DATA_LATE_ERROR}, - {"NT_STATUS_DATA_ERROR", NT_STATUS_DATA_ERROR}, - {"NT_STATUS_CRC_ERROR", NT_STATUS_CRC_ERROR}, - {"NT_STATUS_SECTION_TOO_BIG", NT_STATUS_SECTION_TOO_BIG}, - {"NT_STATUS_PORT_CONNECTION_REFUSED", - NT_STATUS_PORT_CONNECTION_REFUSED}, - {"NT_STATUS_INVALID_PORT_HANDLE", NT_STATUS_INVALID_PORT_HANDLE}, - {"NT_STATUS_SHARING_VIOLATION", NT_STATUS_SHARING_VIOLATION}, - {"NT_STATUS_QUOTA_EXCEEDED", NT_STATUS_QUOTA_EXCEEDED}, - {"NT_STATUS_INVALID_PAGE_PROTECTION", - NT_STATUS_INVALID_PAGE_PROTECTION}, - {"NT_STATUS_MUTANT_NOT_OWNED", NT_STATUS_MUTANT_NOT_OWNED}, - {"NT_STATUS_SEMAPHORE_LIMIT_EXCEEDED", - NT_STATUS_SEMAPHORE_LIMIT_EXCEEDED}, - {"NT_STATUS_PORT_ALREADY_SET", NT_STATUS_PORT_ALREADY_SET}, - {"NT_STATUS_SECTION_NOT_IMAGE", NT_STATUS_SECTION_NOT_IMAGE}, - {"NT_STATUS_SUSPEND_COUNT_EXCEEDED", - NT_STATUS_SUSPEND_COUNT_EXCEEDED}, - {"NT_STATUS_THREAD_IS_TERMINATING", - NT_STATUS_THREAD_IS_TERMINATING}, - {"NT_STATUS_BAD_WORKING_SET_LIMIT", - NT_STATUS_BAD_WORKING_SET_LIMIT}, - {"NT_STATUS_INCOMPATIBLE_FILE_MAP", - NT_STATUS_INCOMPATIBLE_FILE_MAP}, - {"NT_STATUS_SECTION_PROTECTION", NT_STATUS_SECTION_PROTECTION}, - {"NT_STATUS_EAS_NOT_SUPPORTED", NT_STATUS_EAS_NOT_SUPPORTED}, - {"NT_STATUS_EA_TOO_LARGE", NT_STATUS_EA_TOO_LARGE}, - {"NT_STATUS_NONEXISTENT_EA_ENTRY", NT_STATUS_NONEXISTENT_EA_ENTRY}, - {"NT_STATUS_NO_EAS_ON_FILE", NT_STATUS_NO_EAS_ON_FILE}, - {"NT_STATUS_EA_CORRUPT_ERROR", NT_STATUS_EA_CORRUPT_ERROR}, - {"NT_STATUS_FILE_LOCK_CONFLICT", NT_STATUS_FILE_LOCK_CONFLICT}, - {"NT_STATUS_LOCK_NOT_GRANTED", NT_STATUS_LOCK_NOT_GRANTED}, - {"NT_STATUS_DELETE_PENDING", NT_STATUS_DELETE_PENDING}, - {"NT_STATUS_CTL_FILE_NOT_SUPPORTED", - NT_STATUS_CTL_FILE_NOT_SUPPORTED}, - {"NT_STATUS_UNKNOWN_REVISION", NT_STATUS_UNKNOWN_REVISION}, - {"NT_STATUS_REVISION_MISMATCH", NT_STATUS_REVISION_MISMATCH}, - {"NT_STATUS_INVALID_OWNER", NT_STATUS_INVALID_OWNER}, - {"NT_STATUS_INVALID_PRIMARY_GROUP", - NT_STATUS_INVALID_PRIMARY_GROUP}, - {"NT_STATUS_NO_IMPERSONATION_TOKEN", - NT_STATUS_NO_IMPERSONATION_TOKEN}, - {"NT_STATUS_CANT_DISABLE_MANDATORY", - NT_STATUS_CANT_DISABLE_MANDATORY}, - {"NT_STATUS_NO_LOGON_SERVERS", NT_STATUS_NO_LOGON_SERVERS}, - {"NT_STATUS_NO_SUCH_LOGON_SESSION", - NT_STATUS_NO_SUCH_LOGON_SESSION}, - {"NT_STATUS_NO_SUCH_PRIVILEGE", NT_STATUS_NO_SUCH_PRIVILEGE}, - {"NT_STATUS_PRIVILEGE_NOT_HELD", NT_STATUS_PRIVILEGE_NOT_HELD}, - {"NT_STATUS_INVALID_ACCOUNT_NAME", NT_STATUS_INVALID_ACCOUNT_NAME}, - {"NT_STATUS_USER_EXISTS", NT_STATUS_USER_EXISTS}, - {"NT_STATUS_NO_SUCH_USER", NT_STATUS_NO_SUCH_USER}, - {"NT_STATUS_GROUP_EXISTS", NT_STATUS_GROUP_EXISTS}, - {"NT_STATUS_NO_SUCH_GROUP", NT_STATUS_NO_SUCH_GROUP}, - {"NT_STATUS_MEMBER_IN_GROUP", NT_STATUS_MEMBER_IN_GROUP}, - {"NT_STATUS_MEMBER_NOT_IN_GROUP", NT_STATUS_MEMBER_NOT_IN_GROUP}, - {"NT_STATUS_LAST_ADMIN", NT_STATUS_LAST_ADMIN}, - {"NT_STATUS_WRONG_PASSWORD", NT_STATUS_WRONG_PASSWORD}, - {"NT_STATUS_ILL_FORMED_PASSWORD", NT_STATUS_ILL_FORMED_PASSWORD}, - {"NT_STATUS_PASSWORD_RESTRICTION", NT_STATUS_PASSWORD_RESTRICTION}, - {"NT_STATUS_LOGON_FAILURE", NT_STATUS_LOGON_FAILURE}, - {"NT_STATUS_ACCOUNT_RESTRICTION", NT_STATUS_ACCOUNT_RESTRICTION}, - {"NT_STATUS_INVALID_LOGON_HOURS", NT_STATUS_INVALID_LOGON_HOURS}, - {"NT_STATUS_INVALID_WORKSTATION", NT_STATUS_INVALID_WORKSTATION}, - {"NT_STATUS_PASSWORD_EXPIRED", NT_STATUS_PASSWORD_EXPIRED}, - {"NT_STATUS_ACCOUNT_DISABLED", NT_STATUS_ACCOUNT_DISABLED}, - {"NT_STATUS_NONE_MAPPED", NT_STATUS_NONE_MAPPED}, - {"NT_STATUS_TOO_MANY_LUIDS_REQUESTED", - NT_STATUS_TOO_MANY_LUIDS_REQUESTED}, - {"NT_STATUS_LUIDS_EXHAUSTED", NT_STATUS_LUIDS_EXHAUSTED}, - {"NT_STATUS_INVALID_SUB_AUTHORITY", - NT_STATUS_INVALID_SUB_AUTHORITY}, - {"NT_STATUS_INVALID_ACL", NT_STATUS_INVALID_ACL}, - {"NT_STATUS_INVALID_SID", NT_STATUS_INVALID_SID}, - {"NT_STATUS_INVALID_SECURITY_DESCR", - NT_STATUS_INVALID_SECURITY_DESCR}, - {"NT_STATUS_PROCEDURE_NOT_FOUND", NT_STATUS_PROCEDURE_NOT_FOUND}, - {"NT_STATUS_INVALID_IMAGE_FORMAT", NT_STATUS_INVALID_IMAGE_FORMAT}, - {"NT_STATUS_NO_TOKEN", NT_STATUS_NO_TOKEN}, - {"NT_STATUS_BAD_INHERITANCE_ACL", NT_STATUS_BAD_INHERITANCE_ACL}, - {"NT_STATUS_RANGE_NOT_LOCKED", NT_STATUS_RANGE_NOT_LOCKED}, - {"NT_STATUS_DISK_FULL", NT_STATUS_DISK_FULL}, - {"NT_STATUS_SERVER_DISABLED", NT_STATUS_SERVER_DISABLED}, - {"NT_STATUS_SERVER_NOT_DISABLED", NT_STATUS_SERVER_NOT_DISABLED}, - {"NT_STATUS_TOO_MANY_GUIDS_REQUESTED", - NT_STATUS_TOO_MANY_GUIDS_REQUESTED}, - {"NT_STATUS_GUIDS_EXHAUSTED", NT_STATUS_GUIDS_EXHAUSTED}, - {"NT_STATUS_INVALID_ID_AUTHORITY", NT_STATUS_INVALID_ID_AUTHORITY}, - {"NT_STATUS_AGENTS_EXHAUSTED", NT_STATUS_AGENTS_EXHAUSTED}, - {"NT_STATUS_INVALID_VOLUME_LABEL", NT_STATUS_INVALID_VOLUME_LABEL}, - {"NT_STATUS_SECTION_NOT_EXTENDED", NT_STATUS_SECTION_NOT_EXTENDED}, - {"NT_STATUS_NOT_MAPPED_DATA", NT_STATUS_NOT_MAPPED_DATA}, - {"NT_STATUS_RESOURCE_DATA_NOT_FOUND", - NT_STATUS_RESOURCE_DATA_NOT_FOUND}, - {"NT_STATUS_RESOURCE_TYPE_NOT_FOUND", - NT_STATUS_RESOURCE_TYPE_NOT_FOUND}, - {"NT_STATUS_RESOURCE_NAME_NOT_FOUND", - NT_STATUS_RESOURCE_NAME_NOT_FOUND}, - {"NT_STATUS_ARRAY_BOUNDS_EXCEEDED", - NT_STATUS_ARRAY_BOUNDS_EXCEEDED}, - {"NT_STATUS_FLOAT_DENORMAL_OPERAND", - NT_STATUS_FLOAT_DENORMAL_OPERAND}, - {"NT_STATUS_FLOAT_DIVIDE_BY_ZERO", NT_STATUS_FLOAT_DIVIDE_BY_ZERO}, - {"NT_STATUS_FLOAT_INEXACT_RESULT", NT_STATUS_FLOAT_INEXACT_RESULT}, - {"NT_STATUS_FLOAT_INVALID_OPERATION", - NT_STATUS_FLOAT_INVALID_OPERATION}, - {"NT_STATUS_FLOAT_OVERFLOW", NT_STATUS_FLOAT_OVERFLOW}, - {"NT_STATUS_FLOAT_STACK_CHECK", NT_STATUS_FLOAT_STACK_CHECK}, - {"NT_STATUS_FLOAT_UNDERFLOW", NT_STATUS_FLOAT_UNDERFLOW}, - {"NT_STATUS_INTEGER_DIVIDE_BY_ZERO", - NT_STATUS_INTEGER_DIVIDE_BY_ZERO}, - {"NT_STATUS_INTEGER_OVERFLOW", NT_STATUS_INTEGER_OVERFLOW}, - {"NT_STATUS_PRIVILEGED_INSTRUCTION", - NT_STATUS_PRIVILEGED_INSTRUCTION}, - {"NT_STATUS_TOO_MANY_PAGING_FILES", - NT_STATUS_TOO_MANY_PAGING_FILES}, - {"NT_STATUS_FILE_INVALID", NT_STATUS_FILE_INVALID}, - {"NT_STATUS_ALLOTTED_SPACE_EXCEEDED", - NT_STATUS_ALLOTTED_SPACE_EXCEEDED}, - {"NT_STATUS_INSUFFICIENT_RESOURCES", - NT_STATUS_INSUFFICIENT_RESOURCES}, - {"NT_STATUS_DFS_EXIT_PATH_FOUND", NT_STATUS_DFS_EXIT_PATH_FOUND}, - {"NT_STATUS_DEVICE_DATA_ERROR", NT_STATUS_DEVICE_DATA_ERROR}, - {"NT_STATUS_DEVICE_NOT_CONNECTED", NT_STATUS_DEVICE_NOT_CONNECTED}, - {"NT_STATUS_DEVICE_POWER_FAILURE", NT_STATUS_DEVICE_POWER_FAILURE}, - {"NT_STATUS_FREE_VM_NOT_AT_BASE", NT_STATUS_FREE_VM_NOT_AT_BASE}, - {"NT_STATUS_MEMORY_NOT_ALLOCATED", NT_STATUS_MEMORY_NOT_ALLOCATED}, - {"NT_STATUS_WORKING_SET_QUOTA", NT_STATUS_WORKING_SET_QUOTA}, - {"NT_STATUS_MEDIA_WRITE_PROTECTED", - NT_STATUS_MEDIA_WRITE_PROTECTED}, - {"NT_STATUS_DEVICE_NOT_READY", NT_STATUS_DEVICE_NOT_READY}, - {"NT_STATUS_INVALID_GROUP_ATTRIBUTES", - NT_STATUS_INVALID_GROUP_ATTRIBUTES}, - {"NT_STATUS_BAD_IMPERSONATION_LEVEL", - NT_STATUS_BAD_IMPERSONATION_LEVEL}, - {"NT_STATUS_CANT_OPEN_ANONYMOUS", NT_STATUS_CANT_OPEN_ANONYMOUS}, - {"NT_STATUS_BAD_VALIDATION_CLASS", NT_STATUS_BAD_VALIDATION_CLASS}, - {"NT_STATUS_BAD_TOKEN_TYPE", NT_STATUS_BAD_TOKEN_TYPE}, - {"NT_STATUS_BAD_MASTER_BOOT_RECORD", - NT_STATUS_BAD_MASTER_BOOT_RECORD}, - {"NT_STATUS_INSTRUCTION_MISALIGNMENT", - NT_STATUS_INSTRUCTION_MISALIGNMENT}, - {"NT_STATUS_INSTANCE_NOT_AVAILABLE", - NT_STATUS_INSTANCE_NOT_AVAILABLE}, - {"NT_STATUS_PIPE_NOT_AVAILABLE", NT_STATUS_PIPE_NOT_AVAILABLE}, - {"NT_STATUS_INVALID_PIPE_STATE", NT_STATUS_INVALID_PIPE_STATE}, - {"NT_STATUS_PIPE_BUSY", NT_STATUS_PIPE_BUSY}, - {"NT_STATUS_ILLEGAL_FUNCTION", NT_STATUS_ILLEGAL_FUNCTION}, - {"NT_STATUS_PIPE_DISCONNECTED", NT_STATUS_PIPE_DISCONNECTED}, - {"NT_STATUS_PIPE_CLOSING", NT_STATUS_PIPE_CLOSING}, - {"NT_STATUS_PIPE_CONNECTED", NT_STATUS_PIPE_CONNECTED}, - {"NT_STATUS_PIPE_LISTENING", NT_STATUS_PIPE_LISTENING}, - {"NT_STATUS_INVALID_READ_MODE", NT_STATUS_INVALID_READ_MODE}, - {"NT_STATUS_IO_TIMEOUT", NT_STATUS_IO_TIMEOUT}, - {"NT_STATUS_FILE_FORCED_CLOSED", NT_STATUS_FILE_FORCED_CLOSED}, - {"NT_STATUS_PROFILING_NOT_STARTED", - NT_STATUS_PROFILING_NOT_STARTED}, - {"NT_STATUS_PROFILING_NOT_STOPPED", - NT_STATUS_PROFILING_NOT_STOPPED}, - {"NT_STATUS_COULD_NOT_INTERPRET", NT_STATUS_COULD_NOT_INTERPRET}, - {"NT_STATUS_FILE_IS_A_DIRECTORY", NT_STATUS_FILE_IS_A_DIRECTORY}, - {"NT_STATUS_NOT_SUPPORTED", NT_STATUS_NOT_SUPPORTED}, - {"NT_STATUS_REMOTE_NOT_LISTENING", NT_STATUS_REMOTE_NOT_LISTENING}, - {"NT_STATUS_DUPLICATE_NAME", NT_STATUS_DUPLICATE_NAME}, - {"NT_STATUS_BAD_NETWORK_PATH", NT_STATUS_BAD_NETWORK_PATH}, - {"NT_STATUS_NETWORK_BUSY", NT_STATUS_NETWORK_BUSY}, - {"NT_STATUS_DEVICE_DOES_NOT_EXIST", - NT_STATUS_DEVICE_DOES_NOT_EXIST}, - {"NT_STATUS_TOO_MANY_COMMANDS", NT_STATUS_TOO_MANY_COMMANDS}, - {"NT_STATUS_ADAPTER_HARDWARE_ERROR", - NT_STATUS_ADAPTER_HARDWARE_ERROR}, - {"NT_STATUS_INVALID_NETWORK_RESPONSE", - NT_STATUS_INVALID_NETWORK_RESPONSE}, - {"NT_STATUS_UNEXPECTED_NETWORK_ERROR", - NT_STATUS_UNEXPECTED_NETWORK_ERROR}, - {"NT_STATUS_BAD_REMOTE_ADAPTER", NT_STATUS_BAD_REMOTE_ADAPTER}, - {"NT_STATUS_PRINT_QUEUE_FULL", NT_STATUS_PRINT_QUEUE_FULL}, - {"NT_STATUS_NO_SPOOL_SPACE", NT_STATUS_NO_SPOOL_SPACE}, - {"NT_STATUS_PRINT_CANCELLED", NT_STATUS_PRINT_CANCELLED}, - {"NT_STATUS_NETWORK_NAME_DELETED", NT_STATUS_NETWORK_NAME_DELETED}, - {"NT_STATUS_NETWORK_ACCESS_DENIED", - NT_STATUS_NETWORK_ACCESS_DENIED}, - {"NT_STATUS_BAD_DEVICE_TYPE", NT_STATUS_BAD_DEVICE_TYPE}, - {"NT_STATUS_BAD_NETWORK_NAME", NT_STATUS_BAD_NETWORK_NAME}, - {"NT_STATUS_TOO_MANY_NAMES", NT_STATUS_TOO_MANY_NAMES}, - {"NT_STATUS_TOO_MANY_SESSIONS", NT_STATUS_TOO_MANY_SESSIONS}, - {"NT_STATUS_SHARING_PAUSED", NT_STATUS_SHARING_PAUSED}, - {"NT_STATUS_REQUEST_NOT_ACCEPTED", NT_STATUS_REQUEST_NOT_ACCEPTED}, - {"NT_STATUS_REDIRECTOR_PAUSED", NT_STATUS_REDIRECTOR_PAUSED}, - {"NT_STATUS_NET_WRITE_FAULT", NT_STATUS_NET_WRITE_FAULT}, - {"NT_STATUS_PROFILING_AT_LIMIT", NT_STATUS_PROFILING_AT_LIMIT}, - {"NT_STATUS_NOT_SAME_DEVICE", NT_STATUS_NOT_SAME_DEVICE}, - {"NT_STATUS_FILE_RENAMED", NT_STATUS_FILE_RENAMED}, - {"NT_STATUS_VIRTUAL_CIRCUIT_CLOSED", - NT_STATUS_VIRTUAL_CIRCUIT_CLOSED}, - {"NT_STATUS_NO_SECURITY_ON_OBJECT", - NT_STATUS_NO_SECURITY_ON_OBJECT}, - {"NT_STATUS_CANT_WAIT", NT_STATUS_CANT_WAIT}, - {"NT_STATUS_PIPE_EMPTY", NT_STATUS_PIPE_EMPTY}, - {"NT_STATUS_CANT_ACCESS_DOMAIN_INFO", - NT_STATUS_CANT_ACCESS_DOMAIN_INFO}, - {"NT_STATUS_CANT_TERMINATE_SELF", NT_STATUS_CANT_TERMINATE_SELF}, - {"NT_STATUS_INVALID_SERVER_STATE", NT_STATUS_INVALID_SERVER_STATE}, - {"NT_STATUS_INVALID_DOMAIN_STATE", NT_STATUS_INVALID_DOMAIN_STATE}, - {"NT_STATUS_INVALID_DOMAIN_ROLE", NT_STATUS_INVALID_DOMAIN_ROLE}, - {"NT_STATUS_NO_SUCH_DOMAIN", NT_STATUS_NO_SUCH_DOMAIN}, - {"NT_STATUS_DOMAIN_EXISTS", NT_STATUS_DOMAIN_EXISTS}, - {"NT_STATUS_DOMAIN_LIMIT_EXCEEDED", - NT_STATUS_DOMAIN_LIMIT_EXCEEDED}, - {"NT_STATUS_OPLOCK_NOT_GRANTED", NT_STATUS_OPLOCK_NOT_GRANTED}, - {"NT_STATUS_INVALID_OPLOCK_PROTOCOL", - NT_STATUS_INVALID_OPLOCK_PROTOCOL}, - {"NT_STATUS_INTERNAL_DB_CORRUPTION", - NT_STATUS_INTERNAL_DB_CORRUPTION}, - {"NT_STATUS_INTERNAL_ERROR", NT_STATUS_INTERNAL_ERROR}, - {"NT_STATUS_GENERIC_NOT_MAPPED", NT_STATUS_GENERIC_NOT_MAPPED}, - {"NT_STATUS_BAD_DESCRIPTOR_FORMAT", - NT_STATUS_BAD_DESCRIPTOR_FORMAT}, - {"NT_STATUS_INVALID_USER_BUFFER", NT_STATUS_INVALID_USER_BUFFER}, - {"NT_STATUS_UNEXPECTED_IO_ERROR", NT_STATUS_UNEXPECTED_IO_ERROR}, - {"NT_STATUS_UNEXPECTED_MM_CREATE_ERR", - NT_STATUS_UNEXPECTED_MM_CREATE_ERR}, - {"NT_STATUS_UNEXPECTED_MM_MAP_ERROR", - NT_STATUS_UNEXPECTED_MM_MAP_ERROR}, - {"NT_STATUS_UNEXPECTED_MM_EXTEND_ERR", - NT_STATUS_UNEXPECTED_MM_EXTEND_ERR}, - {"NT_STATUS_NOT_LOGON_PROCESS", NT_STATUS_NOT_LOGON_PROCESS}, - {"NT_STATUS_LOGON_SESSION_EXISTS", NT_STATUS_LOGON_SESSION_EXISTS}, - {"NT_STATUS_INVALID_PARAMETER_1", NT_STATUS_INVALID_PARAMETER_1}, - {"NT_STATUS_INVALID_PARAMETER_2", NT_STATUS_INVALID_PARAMETER_2}, - {"NT_STATUS_INVALID_PARAMETER_3", NT_STATUS_INVALID_PARAMETER_3}, - {"NT_STATUS_INVALID_PARAMETER_4", NT_STATUS_INVALID_PARAMETER_4}, - {"NT_STATUS_INVALID_PARAMETER_5", NT_STATUS_INVALID_PARAMETER_5}, - {"NT_STATUS_INVALID_PARAMETER_6", NT_STATUS_INVALID_PARAMETER_6}, - {"NT_STATUS_INVALID_PARAMETER_7", NT_STATUS_INVALID_PARAMETER_7}, - {"NT_STATUS_INVALID_PARAMETER_8", NT_STATUS_INVALID_PARAMETER_8}, - {"NT_STATUS_INVALID_PARAMETER_9", NT_STATUS_INVALID_PARAMETER_9}, - {"NT_STATUS_INVALID_PARAMETER_10", NT_STATUS_INVALID_PARAMETER_10}, - {"NT_STATUS_INVALID_PARAMETER_11", NT_STATUS_INVALID_PARAMETER_11}, - {"NT_STATUS_INVALID_PARAMETER_12", NT_STATUS_INVALID_PARAMETER_12}, - {"NT_STATUS_REDIRECTOR_NOT_STARTED", - NT_STATUS_REDIRECTOR_NOT_STARTED}, - {"NT_STATUS_REDIRECTOR_STARTED", NT_STATUS_REDIRECTOR_STARTED}, - {"NT_STATUS_STACK_OVERFLOW", NT_STATUS_STACK_OVERFLOW}, - {"NT_STATUS_NO_SUCH_PACKAGE", NT_STATUS_NO_SUCH_PACKAGE}, - {"NT_STATUS_BAD_FUNCTION_TABLE", NT_STATUS_BAD_FUNCTION_TABLE}, - {"NT_STATUS_DIRECTORY_NOT_EMPTY", NT_STATUS_DIRECTORY_NOT_EMPTY}, - {"NT_STATUS_FILE_CORRUPT_ERROR", NT_STATUS_FILE_CORRUPT_ERROR}, - {"NT_STATUS_NOT_A_DIRECTORY", NT_STATUS_NOT_A_DIRECTORY}, - {"NT_STATUS_BAD_LOGON_SESSION_STATE", - NT_STATUS_BAD_LOGON_SESSION_STATE}, - {"NT_STATUS_LOGON_SESSION_COLLISION", - NT_STATUS_LOGON_SESSION_COLLISION}, - {"NT_STATUS_NAME_TOO_LONG", NT_STATUS_NAME_TOO_LONG}, - {"NT_STATUS_FILES_OPEN", NT_STATUS_FILES_OPEN}, - {"NT_STATUS_CONNECTION_IN_USE", NT_STATUS_CONNECTION_IN_USE}, - {"NT_STATUS_MESSAGE_NOT_FOUND", NT_STATUS_MESSAGE_NOT_FOUND}, - {"NT_STATUS_PROCESS_IS_TERMINATING", - NT_STATUS_PROCESS_IS_TERMINATING}, - {"NT_STATUS_INVALID_LOGON_TYPE", NT_STATUS_INVALID_LOGON_TYPE}, - {"NT_STATUS_NO_GUID_TRANSLATION", NT_STATUS_NO_GUID_TRANSLATION}, - {"NT_STATUS_CANNOT_IMPERSONATE", NT_STATUS_CANNOT_IMPERSONATE}, - {"NT_STATUS_IMAGE_ALREADY_LOADED", NT_STATUS_IMAGE_ALREADY_LOADED}, - {"NT_STATUS_ABIOS_NOT_PRESENT", NT_STATUS_ABIOS_NOT_PRESENT}, - {"NT_STATUS_ABIOS_LID_NOT_EXIST", NT_STATUS_ABIOS_LID_NOT_EXIST}, - {"NT_STATUS_ABIOS_LID_ALREADY_OWNED", - NT_STATUS_ABIOS_LID_ALREADY_OWNED}, - {"NT_STATUS_ABIOS_NOT_LID_OWNER", NT_STATUS_ABIOS_NOT_LID_OWNER}, - {"NT_STATUS_ABIOS_INVALID_COMMAND", - NT_STATUS_ABIOS_INVALID_COMMAND}, - {"NT_STATUS_ABIOS_INVALID_LID", NT_STATUS_ABIOS_INVALID_LID}, - {"NT_STATUS_ABIOS_SELECTOR_NOT_AVAILABLE", - NT_STATUS_ABIOS_SELECTOR_NOT_AVAILABLE}, - {"NT_STATUS_ABIOS_INVALID_SELECTOR", - NT_STATUS_ABIOS_INVALID_SELECTOR}, - {"NT_STATUS_NO_LDT", NT_STATUS_NO_LDT}, - {"NT_STATUS_INVALID_LDT_SIZE", NT_STATUS_INVALID_LDT_SIZE}, - {"NT_STATUS_INVALID_LDT_OFFSET", NT_STATUS_INVALID_LDT_OFFSET}, - {"NT_STATUS_INVALID_LDT_DESCRIPTOR", - NT_STATUS_INVALID_LDT_DESCRIPTOR}, - {"NT_STATUS_INVALID_IMAGE_NE_FORMAT", - NT_STATUS_INVALID_IMAGE_NE_FORMAT}, - {"NT_STATUS_RXACT_INVALID_STATE", NT_STATUS_RXACT_INVALID_STATE}, - {"NT_STATUS_RXACT_COMMIT_FAILURE", NT_STATUS_RXACT_COMMIT_FAILURE}, - {"NT_STATUS_MAPPED_FILE_SIZE_ZERO", - NT_STATUS_MAPPED_FILE_SIZE_ZERO}, - {"NT_STATUS_TOO_MANY_OPENED_FILES", - NT_STATUS_TOO_MANY_OPENED_FILES}, - {"NT_STATUS_CANCELLED", NT_STATUS_CANCELLED}, - {"NT_STATUS_CANNOT_DELETE", NT_STATUS_CANNOT_DELETE}, - {"NT_STATUS_INVALID_COMPUTER_NAME", - NT_STATUS_INVALID_COMPUTER_NAME}, - {"NT_STATUS_FILE_DELETED", NT_STATUS_FILE_DELETED}, - {"NT_STATUS_SPECIAL_ACCOUNT", NT_STATUS_SPECIAL_ACCOUNT}, - {"NT_STATUS_SPECIAL_GROUP", NT_STATUS_SPECIAL_GROUP}, - {"NT_STATUS_SPECIAL_USER", NT_STATUS_SPECIAL_USER}, - {"NT_STATUS_MEMBERS_PRIMARY_GROUP", - NT_STATUS_MEMBERS_PRIMARY_GROUP}, - {"NT_STATUS_FILE_CLOSED", NT_STATUS_FILE_CLOSED}, - {"NT_STATUS_TOO_MANY_THREADS", NT_STATUS_TOO_MANY_THREADS}, - {"NT_STATUS_THREAD_NOT_IN_PROCESS", - NT_STATUS_THREAD_NOT_IN_PROCESS}, - {"NT_STATUS_TOKEN_ALREADY_IN_USE", NT_STATUS_TOKEN_ALREADY_IN_USE}, - {"NT_STATUS_PAGEFILE_QUOTA_EXCEEDED", - NT_STATUS_PAGEFILE_QUOTA_EXCEEDED}, - {"NT_STATUS_COMMITMENT_LIMIT", NT_STATUS_COMMITMENT_LIMIT}, - {"NT_STATUS_INVALID_IMAGE_LE_FORMAT", - NT_STATUS_INVALID_IMAGE_LE_FORMAT}, - {"NT_STATUS_INVALID_IMAGE_NOT_MZ", NT_STATUS_INVALID_IMAGE_NOT_MZ}, - {"NT_STATUS_INVALID_IMAGE_PROTECT", - NT_STATUS_INVALID_IMAGE_PROTECT}, - {"NT_STATUS_INVALID_IMAGE_WIN_16", NT_STATUS_INVALID_IMAGE_WIN_16}, - {"NT_STATUS_LOGON_SERVER_CONFLICT", - NT_STATUS_LOGON_SERVER_CONFLICT}, - {"NT_STATUS_TIME_DIFFERENCE_AT_DC", - NT_STATUS_TIME_DIFFERENCE_AT_DC}, - {"NT_STATUS_SYNCHRONIZATION_REQUIRED", - NT_STATUS_SYNCHRONIZATION_REQUIRED}, - {"NT_STATUS_DLL_NOT_FOUND", NT_STATUS_DLL_NOT_FOUND}, - {"NT_STATUS_OPEN_FAILED", NT_STATUS_OPEN_FAILED}, - {"NT_STATUS_IO_PRIVILEGE_FAILED", NT_STATUS_IO_PRIVILEGE_FAILED}, - {"NT_STATUS_ORDINAL_NOT_FOUND", NT_STATUS_ORDINAL_NOT_FOUND}, - {"NT_STATUS_ENTRYPOINT_NOT_FOUND", NT_STATUS_ENTRYPOINT_NOT_FOUND}, - {"NT_STATUS_CONTROL_C_EXIT", NT_STATUS_CONTROL_C_EXIT}, - {"NT_STATUS_LOCAL_DISCONNECT", NT_STATUS_LOCAL_DISCONNECT}, - {"NT_STATUS_REMOTE_DISCONNECT", NT_STATUS_REMOTE_DISCONNECT}, - {"NT_STATUS_REMOTE_RESOURCES", NT_STATUS_REMOTE_RESOURCES}, - {"NT_STATUS_LINK_FAILED", NT_STATUS_LINK_FAILED}, - {"NT_STATUS_LINK_TIMEOUT", NT_STATUS_LINK_TIMEOUT}, - {"NT_STATUS_INVALID_CONNECTION", NT_STATUS_INVALID_CONNECTION}, - {"NT_STATUS_INVALID_ADDRESS", NT_STATUS_INVALID_ADDRESS}, - {"NT_STATUS_DLL_INIT_FAILED", NT_STATUS_DLL_INIT_FAILED}, - {"NT_STATUS_MISSING_SYSTEMFILE", NT_STATUS_MISSING_SYSTEMFILE}, - {"NT_STATUS_UNHANDLED_EXCEPTION", NT_STATUS_UNHANDLED_EXCEPTION}, - {"NT_STATUS_APP_INIT_FAILURE", NT_STATUS_APP_INIT_FAILURE}, - {"NT_STATUS_PAGEFILE_CREATE_FAILED", - NT_STATUS_PAGEFILE_CREATE_FAILED}, - {"NT_STATUS_NO_PAGEFILE", NT_STATUS_NO_PAGEFILE}, - {"NT_STATUS_INVALID_LEVEL", NT_STATUS_INVALID_LEVEL}, - {"NT_STATUS_WRONG_PASSWORD_CORE", NT_STATUS_WRONG_PASSWORD_CORE}, - {"NT_STATUS_ILLEGAL_FLOAT_CONTEXT", - NT_STATUS_ILLEGAL_FLOAT_CONTEXT}, - {"NT_STATUS_PIPE_BROKEN", NT_STATUS_PIPE_BROKEN}, - {"NT_STATUS_REGISTRY_CORRUPT", NT_STATUS_REGISTRY_CORRUPT}, - {"NT_STATUS_REGISTRY_IO_FAILED", NT_STATUS_REGISTRY_IO_FAILED}, - {"NT_STATUS_NO_EVENT_PAIR", NT_STATUS_NO_EVENT_PAIR}, - {"NT_STATUS_UNRECOGNIZED_VOLUME", NT_STATUS_UNRECOGNIZED_VOLUME}, - {"NT_STATUS_SERIAL_NO_DEVICE_INITED", - NT_STATUS_SERIAL_NO_DEVICE_INITED}, - {"NT_STATUS_NO_SUCH_ALIAS", NT_STATUS_NO_SUCH_ALIAS}, - {"NT_STATUS_MEMBER_NOT_IN_ALIAS", NT_STATUS_MEMBER_NOT_IN_ALIAS}, - {"NT_STATUS_MEMBER_IN_ALIAS", NT_STATUS_MEMBER_IN_ALIAS}, - {"NT_STATUS_ALIAS_EXISTS", NT_STATUS_ALIAS_EXISTS}, - {"NT_STATUS_LOGON_NOT_GRANTED", NT_STATUS_LOGON_NOT_GRANTED}, - {"NT_STATUS_TOO_MANY_SECRETS", NT_STATUS_TOO_MANY_SECRETS}, - {"NT_STATUS_SECRET_TOO_LONG", NT_STATUS_SECRET_TOO_LONG}, - {"NT_STATUS_INTERNAL_DB_ERROR", NT_STATUS_INTERNAL_DB_ERROR}, - {"NT_STATUS_FULLSCREEN_MODE", NT_STATUS_FULLSCREEN_MODE}, - {"NT_STATUS_TOO_MANY_CONTEXT_IDS", NT_STATUS_TOO_MANY_CONTEXT_IDS}, - {"NT_STATUS_LOGON_TYPE_NOT_GRANTED", - NT_STATUS_LOGON_TYPE_NOT_GRANTED}, - {"NT_STATUS_NOT_REGISTRY_FILE", NT_STATUS_NOT_REGISTRY_FILE}, - {"NT_STATUS_NT_CROSS_ENCRYPTION_REQUIRED", - NT_STATUS_NT_CROSS_ENCRYPTION_REQUIRED}, - {"NT_STATUS_DOMAIN_CTRLR_CONFIG_ERROR", - NT_STATUS_DOMAIN_CTRLR_CONFIG_ERROR}, - {"NT_STATUS_FT_MISSING_MEMBER", NT_STATUS_FT_MISSING_MEMBER}, - {"NT_STATUS_ILL_FORMED_SERVICE_ENTRY", - NT_STATUS_ILL_FORMED_SERVICE_ENTRY}, - {"NT_STATUS_ILLEGAL_CHARACTER", NT_STATUS_ILLEGAL_CHARACTER}, - {"NT_STATUS_UNMAPPABLE_CHARACTER", NT_STATUS_UNMAPPABLE_CHARACTER}, - {"NT_STATUS_UNDEFINED_CHARACTER", NT_STATUS_UNDEFINED_CHARACTER}, - {"NT_STATUS_FLOPPY_VOLUME", NT_STATUS_FLOPPY_VOLUME}, - {"NT_STATUS_FLOPPY_ID_MARK_NOT_FOUND", - NT_STATUS_FLOPPY_ID_MARK_NOT_FOUND}, - {"NT_STATUS_FLOPPY_WRONG_CYLINDER", - NT_STATUS_FLOPPY_WRONG_CYLINDER}, - {"NT_STATUS_FLOPPY_UNKNOWN_ERROR", NT_STATUS_FLOPPY_UNKNOWN_ERROR}, - {"NT_STATUS_FLOPPY_BAD_REGISTERS", NT_STATUS_FLOPPY_BAD_REGISTERS}, - {"NT_STATUS_DISK_RECALIBRATE_FAILED", - NT_STATUS_DISK_RECALIBRATE_FAILED}, - {"NT_STATUS_DISK_OPERATION_FAILED", - NT_STATUS_DISK_OPERATION_FAILED}, - {"NT_STATUS_DISK_RESET_FAILED", NT_STATUS_DISK_RESET_FAILED}, - {"NT_STATUS_SHARED_IRQ_BUSY", NT_STATUS_SHARED_IRQ_BUSY}, - {"NT_STATUS_FT_ORPHANING", NT_STATUS_FT_ORPHANING}, - {"NT_STATUS_PARTITION_FAILURE", NT_STATUS_PARTITION_FAILURE}, - {"NT_STATUS_INVALID_BLOCK_LENGTH", NT_STATUS_INVALID_BLOCK_LENGTH}, - {"NT_STATUS_DEVICE_NOT_PARTITIONED", - NT_STATUS_DEVICE_NOT_PARTITIONED}, - {"NT_STATUS_UNABLE_TO_LOCK_MEDIA", NT_STATUS_UNABLE_TO_LOCK_MEDIA}, - {"NT_STATUS_UNABLE_TO_UNLOAD_MEDIA", - NT_STATUS_UNABLE_TO_UNLOAD_MEDIA}, - {"NT_STATUS_EOM_OVERFLOW", NT_STATUS_EOM_OVERFLOW}, - {"NT_STATUS_NO_MEDIA", NT_STATUS_NO_MEDIA}, - {"NT_STATUS_NO_SUCH_MEMBER", NT_STATUS_NO_SUCH_MEMBER}, - {"NT_STATUS_INVALID_MEMBER", NT_STATUS_INVALID_MEMBER}, - {"NT_STATUS_KEY_DELETED", NT_STATUS_KEY_DELETED}, - {"NT_STATUS_NO_LOG_SPACE", NT_STATUS_NO_LOG_SPACE}, - {"NT_STATUS_TOO_MANY_SIDS", NT_STATUS_TOO_MANY_SIDS}, - {"NT_STATUS_LM_CROSS_ENCRYPTION_REQUIRED", - NT_STATUS_LM_CROSS_ENCRYPTION_REQUIRED}, - {"NT_STATUS_KEY_HAS_CHILDREN", NT_STATUS_KEY_HAS_CHILDREN}, - {"NT_STATUS_CHILD_MUST_BE_VOLATILE", - NT_STATUS_CHILD_MUST_BE_VOLATILE}, - {"NT_STATUS_DEVICE_CONFIGURATION_ERROR", - NT_STATUS_DEVICE_CONFIGURATION_ERROR}, - {"NT_STATUS_DRIVER_INTERNAL_ERROR", - NT_STATUS_DRIVER_INTERNAL_ERROR}, - {"NT_STATUS_INVALID_DEVICE_STATE", NT_STATUS_INVALID_DEVICE_STATE}, - {"NT_STATUS_IO_DEVICE_ERROR", NT_STATUS_IO_DEVICE_ERROR}, - {"NT_STATUS_DEVICE_PROTOCOL_ERROR", - NT_STATUS_DEVICE_PROTOCOL_ERROR}, - {"NT_STATUS_BACKUP_CONTROLLER", NT_STATUS_BACKUP_CONTROLLER}, - {"NT_STATUS_LOG_FILE_FULL", NT_STATUS_LOG_FILE_FULL}, - {"NT_STATUS_TOO_LATE", NT_STATUS_TOO_LATE}, - {"NT_STATUS_NO_TRUST_LSA_SECRET", NT_STATUS_NO_TRUST_LSA_SECRET}, - {"NT_STATUS_NO_TRUST_SAM_ACCOUNT", NT_STATUS_NO_TRUST_SAM_ACCOUNT}, - {"NT_STATUS_TRUSTED_DOMAIN_FAILURE", - NT_STATUS_TRUSTED_DOMAIN_FAILURE}, - {"NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE", - NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE}, - {"NT_STATUS_EVENTLOG_FILE_CORRUPT", - NT_STATUS_EVENTLOG_FILE_CORRUPT}, - {"NT_STATUS_EVENTLOG_CANT_START", NT_STATUS_EVENTLOG_CANT_START}, - {"NT_STATUS_TRUST_FAILURE", NT_STATUS_TRUST_FAILURE}, - {"NT_STATUS_MUTANT_LIMIT_EXCEEDED", - NT_STATUS_MUTANT_LIMIT_EXCEEDED}, - {"NT_STATUS_NETLOGON_NOT_STARTED", NT_STATUS_NETLOGON_NOT_STARTED}, - {"NT_STATUS_ACCOUNT_EXPIRED", NT_STATUS_ACCOUNT_EXPIRED}, - {"NT_STATUS_POSSIBLE_DEADLOCK", NT_STATUS_POSSIBLE_DEADLOCK}, - {"NT_STATUS_NETWORK_CREDENTIAL_CONFLICT", - NT_STATUS_NETWORK_CREDENTIAL_CONFLICT}, - {"NT_STATUS_REMOTE_SESSION_LIMIT", NT_STATUS_REMOTE_SESSION_LIMIT}, - {"NT_STATUS_EVENTLOG_FILE_CHANGED", - NT_STATUS_EVENTLOG_FILE_CHANGED}, - {"NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT", - NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT}, - {"NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT", - NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT}, - {"NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT", - NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT}, - {"NT_STATUS_DOMAIN_TRUST_INCONSISTENT", - NT_STATUS_DOMAIN_TRUST_INCONSISTENT}, - {"NT_STATUS_FS_DRIVER_REQUIRED", NT_STATUS_FS_DRIVER_REQUIRED}, - {"NT_STATUS_NO_USER_SESSION_KEY", NT_STATUS_NO_USER_SESSION_KEY}, - {"NT_STATUS_USER_SESSION_DELETED", NT_STATUS_USER_SESSION_DELETED}, - {"NT_STATUS_RESOURCE_LANG_NOT_FOUND", - NT_STATUS_RESOURCE_LANG_NOT_FOUND}, - {"NT_STATUS_INSUFF_SERVER_RESOURCES", - NT_STATUS_INSUFF_SERVER_RESOURCES}, - {"NT_STATUS_INVALID_BUFFER_SIZE", NT_STATUS_INVALID_BUFFER_SIZE}, - {"NT_STATUS_INVALID_ADDRESS_COMPONENT", - NT_STATUS_INVALID_ADDRESS_COMPONENT}, - {"NT_STATUS_INVALID_ADDRESS_WILDCARD", - NT_STATUS_INVALID_ADDRESS_WILDCARD}, - {"NT_STATUS_TOO_MANY_ADDRESSES", NT_STATUS_TOO_MANY_ADDRESSES}, - {"NT_STATUS_ADDRESS_ALREADY_EXISTS", - NT_STATUS_ADDRESS_ALREADY_EXISTS}, - {"NT_STATUS_ADDRESS_CLOSED", NT_STATUS_ADDRESS_CLOSED}, - {"NT_STATUS_CONNECTION_DISCONNECTED", - NT_STATUS_CONNECTION_DISCONNECTED}, - {"NT_STATUS_CONNECTION_RESET", NT_STATUS_CONNECTION_RESET}, - {"NT_STATUS_TOO_MANY_NODES", NT_STATUS_TOO_MANY_NODES}, - {"NT_STATUS_TRANSACTION_ABORTED", NT_STATUS_TRANSACTION_ABORTED}, - {"NT_STATUS_TRANSACTION_TIMED_OUT", - NT_STATUS_TRANSACTION_TIMED_OUT}, - {"NT_STATUS_TRANSACTION_NO_RELEASE", - NT_STATUS_TRANSACTION_NO_RELEASE}, - {"NT_STATUS_TRANSACTION_NO_MATCH", NT_STATUS_TRANSACTION_NO_MATCH}, - {"NT_STATUS_TRANSACTION_RESPONDED", - NT_STATUS_TRANSACTION_RESPONDED}, - {"NT_STATUS_TRANSACTION_INVALID_ID", - NT_STATUS_TRANSACTION_INVALID_ID}, - {"NT_STATUS_TRANSACTION_INVALID_TYPE", - NT_STATUS_TRANSACTION_INVALID_TYPE}, - {"NT_STATUS_NOT_SERVER_SESSION", NT_STATUS_NOT_SERVER_SESSION}, - {"NT_STATUS_NOT_CLIENT_SESSION", NT_STATUS_NOT_CLIENT_SESSION}, - {"NT_STATUS_CANNOT_LOAD_REGISTRY_FILE", - NT_STATUS_CANNOT_LOAD_REGISTRY_FILE}, - {"NT_STATUS_DEBUG_ATTACH_FAILED", NT_STATUS_DEBUG_ATTACH_FAILED}, - {"NT_STATUS_SYSTEM_PROCESS_TERMINATED", - NT_STATUS_SYSTEM_PROCESS_TERMINATED}, - {"NT_STATUS_DATA_NOT_ACCEPTED", NT_STATUS_DATA_NOT_ACCEPTED}, - {"NT_STATUS_NO_BROWSER_SERVERS_FOUND", - NT_STATUS_NO_BROWSER_SERVERS_FOUND}, - {"NT_STATUS_VDM_HARD_ERROR", NT_STATUS_VDM_HARD_ERROR}, - {"NT_STATUS_DRIVER_CANCEL_TIMEOUT", - NT_STATUS_DRIVER_CANCEL_TIMEOUT}, - {"NT_STATUS_REPLY_MESSAGE_MISMATCH", - NT_STATUS_REPLY_MESSAGE_MISMATCH}, - {"NT_STATUS_MAPPED_ALIGNMENT", NT_STATUS_MAPPED_ALIGNMENT}, - {"NT_STATUS_IMAGE_CHECKSUM_MISMATCH", - NT_STATUS_IMAGE_CHECKSUM_MISMATCH}, - {"NT_STATUS_LOST_WRITEBEHIND_DATA", - NT_STATUS_LOST_WRITEBEHIND_DATA}, - {"NT_STATUS_CLIENT_SERVER_PARAMETERS_INVALID", - NT_STATUS_CLIENT_SERVER_PARAMETERS_INVALID}, - {"NT_STATUS_PASSWORD_MUST_CHANGE", NT_STATUS_PASSWORD_MUST_CHANGE}, - {"NT_STATUS_NOT_FOUND", NT_STATUS_NOT_FOUND}, - {"NT_STATUS_NOT_TINY_STREAM", NT_STATUS_NOT_TINY_STREAM}, - {"NT_STATUS_RECOVERY_FAILURE", NT_STATUS_RECOVERY_FAILURE}, - {"NT_STATUS_STACK_OVERFLOW_READ", NT_STATUS_STACK_OVERFLOW_READ}, - {"NT_STATUS_FAIL_CHECK", NT_STATUS_FAIL_CHECK}, - {"NT_STATUS_DUPLICATE_OBJECTID", NT_STATUS_DUPLICATE_OBJECTID}, - {"NT_STATUS_OBJECTID_EXISTS", NT_STATUS_OBJECTID_EXISTS}, - {"NT_STATUS_CONVERT_TO_LARGE", NT_STATUS_CONVERT_TO_LARGE}, - {"NT_STATUS_RETRY", NT_STATUS_RETRY}, - {"NT_STATUS_FOUND_OUT_OF_SCOPE", NT_STATUS_FOUND_OUT_OF_SCOPE}, - {"NT_STATUS_ALLOCATE_BUCKET", NT_STATUS_ALLOCATE_BUCKET}, - {"NT_STATUS_PROPSET_NOT_FOUND", NT_STATUS_PROPSET_NOT_FOUND}, - {"NT_STATUS_MARSHALL_OVERFLOW", NT_STATUS_MARSHALL_OVERFLOW}, - {"NT_STATUS_INVALID_VARIANT", NT_STATUS_INVALID_VARIANT}, - {"NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND", - NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND}, - {"NT_STATUS_ACCOUNT_LOCKED_OUT", NT_STATUS_ACCOUNT_LOCKED_OUT}, - {"NT_STATUS_HANDLE_NOT_CLOSABLE", NT_STATUS_HANDLE_NOT_CLOSABLE}, - {"NT_STATUS_CONNECTION_REFUSED", NT_STATUS_CONNECTION_REFUSED}, - {"NT_STATUS_GRACEFUL_DISCONNECT", NT_STATUS_GRACEFUL_DISCONNECT}, - {"NT_STATUS_ADDRESS_ALREADY_ASSOCIATED", - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED}, - {"NT_STATUS_ADDRESS_NOT_ASSOCIATED", - NT_STATUS_ADDRESS_NOT_ASSOCIATED}, - {"NT_STATUS_CONNECTION_INVALID", NT_STATUS_CONNECTION_INVALID}, - {"NT_STATUS_CONNECTION_ACTIVE", NT_STATUS_CONNECTION_ACTIVE}, - {"NT_STATUS_NETWORK_UNREACHABLE", NT_STATUS_NETWORK_UNREACHABLE}, - {"NT_STATUS_HOST_UNREACHABLE", NT_STATUS_HOST_UNREACHABLE}, - {"NT_STATUS_PROTOCOL_UNREACHABLE", NT_STATUS_PROTOCOL_UNREACHABLE}, - {"NT_STATUS_PORT_UNREACHABLE", NT_STATUS_PORT_UNREACHABLE}, - {"NT_STATUS_REQUEST_ABORTED", NT_STATUS_REQUEST_ABORTED}, - {"NT_STATUS_CONNECTION_ABORTED", NT_STATUS_CONNECTION_ABORTED}, - {"NT_STATUS_BAD_COMPRESSION_BUFFER", - NT_STATUS_BAD_COMPRESSION_BUFFER}, - {"NT_STATUS_USER_MAPPED_FILE", NT_STATUS_USER_MAPPED_FILE}, - {"NT_STATUS_AUDIT_FAILED", NT_STATUS_AUDIT_FAILED}, - {"NT_STATUS_TIMER_RESOLUTION_NOT_SET", - NT_STATUS_TIMER_RESOLUTION_NOT_SET}, - {"NT_STATUS_CONNECTION_COUNT_LIMIT", - NT_STATUS_CONNECTION_COUNT_LIMIT}, - {"NT_STATUS_LOGIN_TIME_RESTRICTION", - NT_STATUS_LOGIN_TIME_RESTRICTION}, - {"NT_STATUS_LOGIN_WKSTA_RESTRICTION", - NT_STATUS_LOGIN_WKSTA_RESTRICTION}, - {"NT_STATUS_IMAGE_MP_UP_MISMATCH", NT_STATUS_IMAGE_MP_UP_MISMATCH}, - {"NT_STATUS_INSUFFICIENT_LOGON_INFO", - NT_STATUS_INSUFFICIENT_LOGON_INFO}, - {"NT_STATUS_BAD_DLL_ENTRYPOINT", NT_STATUS_BAD_DLL_ENTRYPOINT}, - {"NT_STATUS_BAD_SERVICE_ENTRYPOINT", - NT_STATUS_BAD_SERVICE_ENTRYPOINT}, - {"NT_STATUS_LPC_REPLY_LOST", NT_STATUS_LPC_REPLY_LOST}, - {"NT_STATUS_IP_ADDRESS_CONFLICT1", NT_STATUS_IP_ADDRESS_CONFLICT1}, - {"NT_STATUS_IP_ADDRESS_CONFLICT2", NT_STATUS_IP_ADDRESS_CONFLICT2}, - {"NT_STATUS_REGISTRY_QUOTA_LIMIT", NT_STATUS_REGISTRY_QUOTA_LIMIT}, - {"NT_STATUS_PATH_NOT_COVERED", NT_STATUS_PATH_NOT_COVERED}, - {"NT_STATUS_NO_CALLBACK_ACTIVE", NT_STATUS_NO_CALLBACK_ACTIVE}, - {"NT_STATUS_LICENSE_QUOTA_EXCEEDED", - NT_STATUS_LICENSE_QUOTA_EXCEEDED}, - {"NT_STATUS_PWD_TOO_SHORT", NT_STATUS_PWD_TOO_SHORT}, - {"NT_STATUS_PWD_TOO_RECENT", NT_STATUS_PWD_TOO_RECENT}, - {"NT_STATUS_PWD_HISTORY_CONFLICT", NT_STATUS_PWD_HISTORY_CONFLICT}, - {"NT_STATUS_PLUGPLAY_NO_DEVICE", NT_STATUS_PLUGPLAY_NO_DEVICE}, - {"NT_STATUS_UNSUPPORTED_COMPRESSION", - NT_STATUS_UNSUPPORTED_COMPRESSION}, - {"NT_STATUS_INVALID_HW_PROFILE", NT_STATUS_INVALID_HW_PROFILE}, - {"NT_STATUS_INVALID_PLUGPLAY_DEVICE_PATH", - NT_STATUS_INVALID_PLUGPLAY_DEVICE_PATH}, - {"NT_STATUS_DRIVER_ORDINAL_NOT_FOUND", - NT_STATUS_DRIVER_ORDINAL_NOT_FOUND}, - {"NT_STATUS_DRIVER_ENTRYPOINT_NOT_FOUND", - NT_STATUS_DRIVER_ENTRYPOINT_NOT_FOUND}, - {"NT_STATUS_RESOURCE_NOT_OWNED", NT_STATUS_RESOURCE_NOT_OWNED}, - {"NT_STATUS_TOO_MANY_LINKS", NT_STATUS_TOO_MANY_LINKS}, - {"NT_STATUS_QUOTA_LIST_INCONSISTENT", - NT_STATUS_QUOTA_LIST_INCONSISTENT}, - {"NT_STATUS_FILE_IS_OFFLINE", NT_STATUS_FILE_IS_OFFLINE}, - {"NT_STATUS_NO_MORE_ENTRIES", NT_STATUS_NO_MORE_ENTRIES}, - {"NT_STATUS_MORE_ENTRIES", NT_STATUS_MORE_ENTRIES}, - {"NT_STATUS_SOME_UNMAPPED", NT_STATUS_SOME_UNMAPPED}, - {NULL, 0} -}; diff --git a/fs/cifsd/nterr.h b/fs/cifsd/nterr.h index 9f5004b69d30..a66100e74741 100644 --- a/fs/cifsd/nterr.h +++ b/fs/cifsd/nterr.h @@ -14,13 +14,6 @@ #ifndef _NTERR_H #define _NTERR_H

-struct nt_err_code_struct { - char *nt_errstr; - __u32 nt_errcode; -}; - -extern const struct nt_err_code_struct nt_errs[]; - /* Win32 Status codes. */ #define NT_STATUS_MORE_ENTRIES 0x0105 #define NT_ERROR_INVALID_PARAMETER 0x0057

From patchwork Mon Nov 14 12:49:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183144 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:33 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:33 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:33 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 047/308] cifsd: move nt time functions to misc.c Date: Mon, 14 Nov 2022 20:49:16 +0800 Message-ID: 20221114125337.1831594-48-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 2c9230ed-8060-4d1d-6f13-08dac63c4e08 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6923692 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 5626518ecaa50ffa5797e516a47a0b1392db1aa9 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/5626518ecaa5

-------------------------------

Move nt time functions in netmisc.c to misc.c to remove netmisc.c file.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/misc.c | 46 ++++++++++++++++++++++++++++++++++ fs/cifsd/misc.h | 6 +++++ fs/cifsd/netmisc.c | 58 ------------------------------------------- fs/cifsd/smb_common.h | 6 ----- fs/cifsd/vfs.c | 1 + 5 files changed, 53 insertions(+), 64 deletions(-) delete mode 100644 fs/cifsd/netmisc.c

diff --git a/fs/cifsd/misc.c b/fs/cifsd/misc.c index cbaaecf2eca1..7fa6649fadfd 100644 --- a/fs/cifsd/misc.c +++ b/fs/cifsd/misc.c @@ -292,3 +292,49 @@ char *ksmbd_convert_dir_info_name(struct ksmbd_dir_info *d_info, conv[*conv_len + 1] = 0x00; return conv; } + +/* + * Convert the NT UTC (based 1601-01-01, in hundred nanosecond units) + * into Unix UTC (based 1970-01-01, in seconds). + */ +struct timespec64 ksmbd_NTtimeToUnix(__le64 ntutc) +{ + struct timespec64 ts; + + /* Subtract the NTFS time offset, then convert to 1s intervals. */ + s64 t = le64_to_cpu(ntutc) - NTFS_TIME_OFFSET; + u64 abs_t; + + /* + * Unfortunately can not use normal 64 bit division on 32 bit arch, but + * the alternative, do_div, does not work with negative numbers so have + * to special case them + */ + if (t < 0) { + abs_t = -t; + ts.tv_nsec = do_div(abs_t, 10000000) * 100; + ts.tv_nsec = -ts.tv_nsec; + ts.tv_sec = -abs_t; + } else { + abs_t = t; + ts.tv_nsec = do_div(abs_t, 10000000) * 100; + ts.tv_sec = abs_t; + } + + return ts; +} + +/* Convert the Unix UTC into NT UTC. */ +inline u64 ksmbd_UnixTimeToNT(struct timespec64 t) +{ + /* Convert to 100ns intervals and then add the NTFS time offset. */ + return (u64)t.tv_sec * 10000000 + t.tv_nsec / 100 + NTFS_TIME_OFFSET; +} + +inline long long ksmbd_systime(void) +{ + struct timespec64 ts; + + ktime_get_real_ts64(&ts); + return ksmbd_UnixTimeToNT(ts); +} diff --git a/fs/cifsd/misc.h b/fs/cifsd/misc.h index 73b21709b6c9..e4bd02a8d45f 100644 --- a/fs/cifsd/misc.h +++ b/fs/cifsd/misc.h @@ -35,4 +35,10 @@ struct ksmbd_dir_info; char *ksmbd_convert_dir_info_name(struct ksmbd_dir_info *d_info, const struct nls_table *local_nls, int *conv_len); + +#define NTFS_TIME_OFFSET ((u64)(369 * 365 + 89) * 24 * 3600 * 10000000) + +struct timespec64 ksmbd_NTtimeToUnix(__le64 ntutc); +u64 ksmbd_UnixTimeToNT(struct timespec64 t); +long long ksmbd_systime(void); #endif /* __KSMBD_MISC_H__ */ diff --git a/fs/cifsd/netmisc.c b/fs/cifsd/netmisc.c deleted file mode 100644 index 8f052434b64c..000000000000 --- a/fs/cifsd/netmisc.c +++ /dev/null @@ -1,58 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0-or-later -/* - * Copyright (c) International Business Machines Corp., 2002,2008 - * Author(s): Steve French (sfrench@us.ibm.com) - * - * Error mapping routines from Samba libsmb/errormap.c - * Copyright (C) Andrew Tridgell 2001 - */ - -#include "glob.h" -#include "nterr.h" -#include "smb_common.h" - -/* - * Convert the NT UTC (based 1601-01-01, in hundred nanosecond units) - * into Unix UTC (based 1970-01-01, in seconds). - */ -struct timespec64 ksmbd_NTtimeToUnix(__le64 ntutc) -{ - struct timespec64 ts; - - /* Subtract the NTFS time offset, then convert to 1s intervals. */ - s64 t = le64_to_cpu(ntutc) - NTFS_TIME_OFFSET; - u64 abs_t; - - /* - * Unfortunately can not use normal 64 bit division on 32 bit arch, but - * the alternative, do_div, does not work with negative numbers so have - * to special case them - */ - if (t < 0) { - abs_t = -t; - ts.tv_nsec = do_div(abs_t, 10000000) * 100; - ts.tv_nsec = -ts.tv_nsec; - ts.tv_sec = -abs_t; - } else { - abs_t = t; - ts.tv_nsec = do_div(abs_t, 10000000) * 100; - ts.tv_sec = abs_t; - } - - return ts; -} - -/* Convert the Unix UTC into NT UTC. */ -inline u64 ksmbd_UnixTimeToNT(struct timespec64 t) -{ - /* Convert to 100ns intervals and then add the NTFS time offset. */ - return (u64)t.tv_sec * 10000000 + t.tv_nsec / 100 + NTFS_TIME_OFFSET; -} - -inline long long ksmbd_systime(void) -{ - struct timespec64 ts; - - ktime_get_real_ts64(&ts); - return ksmbd_UnixTimeToNT(ts); -} diff --git a/fs/cifsd/smb_common.h b/fs/cifsd/smb_common.h index 2e171c9002b2..2d7b1c693ff4 100644 --- a/fs/cifsd/smb_common.h +++ b/fs/cifsd/smb_common.h @@ -541,10 +541,4 @@ static inline void inc_rfc1001_len(void *buf, int count) { be32_add_cpu((__be32 *)buf, count); } - -#define NTFS_TIME_OFFSET ((u64)(369 * 365 + 89) * 24 * 3600 * 10000000) - -struct timespec64 ksmbd_NTtimeToUnix(__le64 ntutc); -u64 ksmbd_UnixTimeToNT(struct timespec64 t); -long long ksmbd_systime(void); #endif /* __SMB_COMMON_H__ */ diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index d8259ca2493e..7c8ab19ab014 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -29,6 +29,7 @@ #include "smbacl.h" #include "ndr.h" #include "auth.h" +#include "misc.h"

#include "smb_common.h" #include "mgmt/share_config.h"

From patchwork Mon Nov 14 12:49:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183145 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:34 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:34 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:33 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 048/308] cifsd: Fix potential null-ptr-deref in smb2_open() Date: Mon, 14 Nov 2022 20:49:17 +0800 Message-ID: 20221114125337.1831594-49-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 3592b69e-6196-4767-7e9e-08dac63c4e52 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6844183 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Marios Makassikis mmakassikis@freebox.fr

mainline inclusion from mainline-5.15-rc1 commit e6b1059ffaeac794bf1a76fd35947c7c6ac4cb57 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/e6b1059ffaea

-------------------------------

Fix potential null-ptr-deref in smb2_open().

Signed-off-by: Marios Makassikis mmakassikis@freebox.fr Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 1ff0b20ff7b8..ba552b8f2127 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -2918,13 +2918,16 @@ int smb2_open(struct ksmbd_work *work) fattr.cf_gid = inode->i_gid; fattr.cf_mode = inode->i_mode; fattr.cf_dacls = NULL; + ace_num = 0;

fattr.cf_acls = ksmbd_vfs_get_acl(inode, ACL_TYPE_ACCESS); - ace_num = fattr.cf_acls->a_count; + if (fattr.cf_acls) + ace_num = fattr.cf_acls->a_count; if (S_ISDIR(inode->i_mode)) { fattr.cf_dacls = ksmbd_vfs_get_acl(inode, ACL_TYPE_DEFAULT); - ace_num += fattr.cf_dacls->a_count; + if (fattr.cf_dacls) + ace_num += fattr.cf_dacls->a_count; }

pntsd = kmalloc(sizeof(struct smb_ntsd) +

From patchwork Mon Nov 14 12:49:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183146 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:34 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:34 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:34 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 049/308] cifsd: use d_inode() Date: Mon, 14 Nov 2022 20:49:18 +0800 Message-ID: 20221114125337.1831594-50-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 9ed89f24-2fbf-4908-ea39-08dac63c4e9a X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7098137 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit fba08fa005e44b18d6956de3abbe104f45e74697 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/fba08fa005e4

-------------------------------

Use d_inode().

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 4 ++-- fs/cifsd/smbacl.c | 6 +++--- fs/cifsd/vfs.c | 10 +++++----- fs/cifsd/vfs_cache.h | 4 ++-- 4 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index ba552b8f2127..7d6013ea23e7 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -2890,9 +2890,9 @@ int smb2_open(struct ksmbd_work *work) /* Set default windows and posix acls if creating new file */ if (created) { int posix_acl_rc; - struct inode *inode = path.dentry->d_inode; + struct inode *inode = d_inode(path.dentry);

- posix_acl_rc = ksmbd_vfs_inherit_posix_acl(inode, path.dentry->d_parent->d_inode); + posix_acl_rc = ksmbd_vfs_inherit_posix_acl(inode, d_inode(path.dentry->d_parent)); if (posix_acl_rc) ksmbd_debug(SMB, "inherit posix acl failed : %d\n", posix_acl_rc);

diff --git a/fs/cifsd/smbacl.c b/fs/cifsd/smbacl.c index a3675aa837b9..d65e853ab00f 100644 --- a/fs/cifsd/smbacl.c +++ b/fs/cifsd/smbacl.c @@ -950,7 +950,7 @@ int smb_inherit_dacl(struct ksmbd_conn *conn, struct dentry *dentry, int inherited_flags = 0, flags = 0, i, ace_cnt = 0, nt_size = 0; int rc = -ENOENT, num_aces, dacloffset, pntsd_type, acl_len; char *aces_base; - bool is_dir = S_ISDIR(dentry->d_inode->i_mode); + bool is_dir = S_ISDIR(d_inode(dentry)->i_mode);

acl_len = ksmbd_vfs_get_sd_xattr(conn, parent, &parent_pntsd); if (acl_len <= 0) @@ -1198,7 +1198,7 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, struct dentry *dentry, granted = GENERIC_ALL_FLAGS; }

- posix_acls = ksmbd_vfs_get_acl(dentry->d_inode, ACL_TYPE_ACCESS); + posix_acls = ksmbd_vfs_get_acl(d_inode(dentry), ACL_TYPE_ACCESS); if (posix_acls && !found) { unsigned int id = -1;

@@ -1263,7 +1263,7 @@ int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon, { int rc; struct smb_fattr fattr = {{0}}; - struct inode *inode = dentry->d_inode; + struct inode *inode = d_inode(dentry);

fattr.cf_uid = INVALID_UID; fattr.cf_gid = INVALID_GID; diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index 7c8ab19ab014..29f31db4e07e 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -1461,11 +1461,11 @@ int ksmbd_vfs_set_sd_xattr(struct ksmbd_conn *conn, struct dentry *dentry, struct ndr sd_ndr = {0}, acl_ndr = {0}; struct xattr_ntacl acl = {0}; struct xattr_smb_acl *smb_acl, *def_smb_acl = NULL; - struct inode *inode = dentry->d_inode; + struct inode *inode = d_inode(dentry);

acl.version = 4; acl.hash_type = XATTR_SD_HASH_TYPE_SHA256; - acl.current_time = ksmbd_UnixTimeToNT(current_time(dentry->d_inode)); + acl.current_time = ksmbd_UnixTimeToNT(current_time(inode));

memcpy(acl.desc, "posix_acl", 9); acl.desc_len = 10; @@ -1486,9 +1486,9 @@ int ksmbd_vfs_set_sd_xattr(struct ksmbd_conn *conn, struct dentry *dentry, return rc; }

- smb_acl = ksmbd_vfs_make_xattr_posix_acl(dentry->d_inode, ACL_TYPE_ACCESS); + smb_acl = ksmbd_vfs_make_xattr_posix_acl(inode, ACL_TYPE_ACCESS); if (S_ISDIR(inode->i_mode)) - def_smb_acl = ksmbd_vfs_make_xattr_posix_acl(dentry->d_inode, + def_smb_acl = ksmbd_vfs_make_xattr_posix_acl(inode, ACL_TYPE_DEFAULT);

rc = ndr_encode_posix_acl(&acl_ndr, inode, smb_acl, def_smb_acl); @@ -1531,7 +1531,7 @@ int ksmbd_vfs_get_sd_xattr(struct ksmbd_conn *conn, struct dentry *dentry,

rc = ksmbd_vfs_getxattr(dentry, XATTR_NAME_SD, &n.data); if (rc > 0) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_inode(dentry); struct ndr acl_ndr = {0}; struct xattr_ntacl acl; struct xattr_smb_acl *smb_acl = NULL, *def_smb_acl = NULL; diff --git a/fs/cifsd/vfs_cache.h b/fs/cifsd/vfs_cache.h index 8226fdf882e4..ce2047dda36a 100644 --- a/fs/cifsd/vfs_cache.h +++ b/fs/cifsd/vfs_cache.h @@ -26,8 +26,8 @@ #define SMB2_NO_FID (0xFFFFFFFFFFFFFFFFULL)

#define FP_FILENAME(fp) fp->filp->f_path.dentry->d_name.name -#define FP_INODE(fp) fp->filp->f_path.dentry->d_inode -#define PARENT_INODE(fp) fp->filp->f_path.dentry->d_parent->d_inode +#define FP_INODE(fp) d_inode(fp->filp->f_path.dentry) +#define PARENT_INODE(fp) d_inode(fp->filp->f_path.dentry->d_parent)

#define ATTR_FP(fp) (fp->attrib_only && \ (fp->cdoption != FILE_OVERWRITE_IF_LE && \

From patchwork Mon Nov 14 12:49:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183147 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:35 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:35 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:34 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 050/308] cifsd: remove the dead code of unimplemented durable handle Date: Mon, 14 Nov 2022 20:49:19 +0800 Message-ID: 20221114125337.1831594-51-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 1508bf2e-b339-4aa1-86f3-08dac63c4ee4 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6999668 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 73f9dad511e8c5d53a6565192eb0b3a213863563 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/73f9dad511e8

-------------------------------

Remove the dead code of unimplemented durable handle.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/ksmbd_server.h | 1 - fs/cifsd/oplock.c | 2 - fs/cifsd/smb2pdu.c | 246 +--------------------------------------- fs/cifsd/smb_common.c | 5 - fs/cifsd/vfs_cache.c | 100 +--------------- fs/cifsd/vfs_cache.h | 6 - 6 files changed, 2 insertions(+), 358 deletions(-)

diff --git a/fs/cifsd/ksmbd_server.h b/fs/cifsd/ksmbd_server.h index e46be4084087..442077a1e77b 100644 --- a/fs/cifsd/ksmbd_server.h +++ b/fs/cifsd/ksmbd_server.h @@ -33,7 +33,6 @@ struct ksmbd_heartbeat { #define KSMBD_GLOBAL_FLAG_CACHE_TBUF BIT(1) #define KSMBD_GLOBAL_FLAG_CACHE_RBUF BIT(2) #define KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION BIT(3) -#define KSMBD_GLOBAL_FLAG_DURABLE_HANDLE BIT(4)

struct ksmbd_startup_request { __u32 flags; diff --git a/fs/cifsd/oplock.c b/fs/cifsd/oplock.c index 4ff23aee69fa..e77f1385a8c1 100644 --- a/fs/cifsd/oplock.c +++ b/fs/cifsd/oplock.c @@ -1482,8 +1482,6 @@ void create_durable_v2_rsp_buf(char *cc, struct ksmbd_file *fp) buf->Name[3] = 'Q';

buf->Timeout = cpu_to_le32(fp->durable_timeout); - if (fp->is_persistent) - buf->Flags = SMB2_FLAGS_REPLAY_OPERATIONS; }

/** diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 7d6013ea23e7..343e96ccdd4c 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -1946,173 +1946,6 @@ static noinline int create_smb2_pipe(struct ksmbd_work *work) return err; }

-#define DURABLE_RECONN_V2 1 -#define DURABLE_RECONN 2 -#define DURABLE_REQ_V2 3 -#define DURABLE_REQ 4 -#define APP_INSTANCE_ID 5 - -struct durable_info { - struct ksmbd_file *fp; - int type; - int reconnected; - int persistent; - int timeout; - char *CreateGuid; - char *app_id; -}; - -static int parse_durable_handle_context(struct ksmbd_work *work, - struct smb2_create_req *req, struct lease_ctx_info *lc, - struct durable_info *d_info) -{ - struct ksmbd_conn *conn = work->conn; - struct create_context *context; - int i, err = 0; - u64 persistent_id = 0; - int req_op_level; - static const char * const durable_arr[] = {"DH2C", "DHnC", "DH2Q", - "DHnQ", SMB2_CREATE_APP_INSTANCE_ID}; - - req_op_level = req->RequestedOplockLevel; - for (i = 1; i <= 5; i++) { - context = smb2_find_context_vals(req, durable_arr[i - 1]); - if (IS_ERR(context)) { - err = PTR_ERR(context); - if (err == -EINVAL) { - ksmbd_err("bad name length\n"); - goto out; - } - err = 0; - continue; - } - - switch (i) { - case DURABLE_RECONN_V2: - { - struct create_durable_reconn_v2_req *recon_v2; - - recon_v2 = - (struct create_durable_reconn_v2_req *)context; - persistent_id = le64_to_cpu(recon_v2->Fid.PersistentFileId); - d_info->fp = ksmbd_lookup_durable_fd(persistent_id); - if (!d_info->fp) { - ksmbd_err("Failed to get Durable handle state\n"); - err = -EBADF; - goto out; - } - - if (memcmp(d_info->fp->create_guid, recon_v2->CreateGuid, - SMB2_CREATE_GUID_SIZE)) { - err = -EBADF; - goto out; - } - d_info->type = i; - d_info->reconnected = 1; - ksmbd_debug(SMB, - "reconnect v2 Persistent-id from reconnect = %llu\n", - persistent_id); - break; - } - case DURABLE_RECONN: - { - struct create_durable_reconn_req *recon; - - if (d_info->type == DURABLE_RECONN_V2 || - d_info->type == DURABLE_REQ_V2) { - err = -EINVAL; - goto out; - } - - recon = - (struct create_durable_reconn_req *)context; - persistent_id = le64_to_cpu(recon->Data.Fid.PersistentFileId); - d_info->fp = ksmbd_lookup_durable_fd(persistent_id); - if (!d_info->fp) { - ksmbd_err("Failed to get Durable handle state\n"); - err = -EBADF; - goto out; - } - d_info->type = i; - d_info->reconnected = 1; - ksmbd_debug(SMB, - "reconnect Persistent-id from reconnect = %llu\n", - persistent_id); - break; - } - case DURABLE_REQ_V2: - { - struct create_durable_req_v2 *durable_v2_blob; - - if (d_info->type == DURABLE_RECONN || - d_info->type == DURABLE_RECONN_V2) { - err = -EINVAL; - goto out; - } - - durable_v2_blob = - (struct create_durable_req_v2 *)context; - ksmbd_debug(SMB, "Request for durable v2 open\n"); - d_info->fp = ksmbd_lookup_fd_cguid(durable_v2_blob->CreateGuid); - if (d_info->fp) { - if (!memcmp(conn->ClientGUID, d_info->fp->client_guid, - SMB2_CLIENT_GUID_SIZE)) { - if (!(req->hdr.Flags & SMB2_FLAGS_REPLAY_OPERATIONS)) { - err = -ENOEXEC; - goto out; - } - - d_info->fp->conn = conn; - d_info->reconnected = 1; - goto out; - } - } - if (((lc && (lc->req_state & SMB2_LEASE_HANDLE_CACHING_LE)) || - req_op_level == SMB2_OPLOCK_LEVEL_BATCH)) { - d_info->CreateGuid = - durable_v2_blob->CreateGuid; - d_info->persistent = - le32_to_cpu(durable_v2_blob->Flags); - d_info->timeout = - le32_to_cpu(durable_v2_blob->Timeout); - d_info->type = i; - } - break; - } - case DURABLE_REQ: - if (d_info->type == DURABLE_RECONN) - goto out; - if (d_info->type == DURABLE_RECONN_V2 || - d_info->type == DURABLE_REQ_V2) { - err = -EINVAL; - goto out; - } - - if (((lc && (lc->req_state & SMB2_LEASE_HANDLE_CACHING_LE)) || - req_op_level == SMB2_OPLOCK_LEVEL_BATCH)) { - ksmbd_debug(SMB, "Request for durable open\n"); - d_info->type = i; - } - break; - case APP_INSTANCE_ID: - { - struct create_app_inst_id *inst_id; - - inst_id = (struct create_app_inst_id *)context; - ksmbd_close_fd_app_id(work, inst_id->AppInstanceId); - d_info->app_id = inst_id->AppInstanceId; - break; - } - default: - break; - } - } - -out: - - return err; -} - /** * smb2_set_ea() - handler for setting extended attributes using set * info command @@ -2431,7 +2264,6 @@ int smb2_open(struct ksmbd_work *work) char *name = NULL; char *stream_name = NULL; bool file_present = false, created = false, already_permitted = false; - struct durable_info d_info; int share_ret, need_truncate = 0; u64 time; umode_t posix_mode = 0; @@ -2509,36 +2341,8 @@ int smb2_open(struct ksmbd_work *work) }

req_op_level = req->RequestedOplockLevel; - memset(&d_info, 0, sizeof(struct durable_info)); - if (server_conf.flags & KSMBD_GLOBAL_FLAG_DURABLE_HANDLE && - req->CreateContextsOffset) { + if (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) lc = parse_lease_state(req); - rc = parse_durable_handle_context(work, req, lc, &d_info); - if (rc) { - ksmbd_err("error parsing durable handle context\n"); - goto err_out1; - } - - if (d_info.reconnected) { - fp = d_info.fp; - rc = smb2_check_durable_oplock(d_info.fp, lc, name); - if (rc) - goto err_out1; - rc = ksmbd_reopen_durable_fd(work, d_info.fp); - if (rc) - goto err_out1; - if (ksmbd_override_fsids(work)) { - rc = -ENOMEM; - goto err_out1; - } - file_info = FILE_OPENED; - fp = d_info.fp; - goto reconnected; - } - } else { - if (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) - lc = parse_lease_state(req); - }

if (le32_to_cpu(req->ImpersonationLevel) > le32_to_cpu(IL_DELEGATE_LE)) { ksmbd_err("Invalid impersonationlevel : 0x%x\n", @@ -3083,25 +2887,6 @@ int smb2_open(struct ksmbd_work *work)

memcpy(fp->client_guid, conn->ClientGUID, SMB2_CLIENT_GUID_SIZE);

- if (d_info.type) { - if (d_info.type == DURABLE_REQ_V2 && d_info.persistent) - fp->is_persistent = 1; - else - fp->is_durable = 1; - - if (d_info.type == DURABLE_REQ_V2) { - memcpy(fp->create_guid, d_info.CreateGuid, - SMB2_CREATE_GUID_SIZE); - if (d_info.timeout) - fp->durable_timeout = d_info.timeout; - else - fp->durable_timeout = 1600; - if (d_info.app_id) - memcpy(fp->app_instance_id, d_info.app_id, 16); - } - } - -reconnected: generic_fillattr(&init_user_ns, FP_INODE(fp), &stat);

rsp->StructureSize = cpu_to_le16(89); @@ -3150,35 +2935,6 @@ int smb2_open(struct ksmbd_work *work) next_off = conn->vals->create_lease_size; }

- if (d_info.type == DURABLE_REQ || d_info.type == DURABLE_REQ_V2) { - struct create_context *durable_ccontext; - - durable_ccontext = (struct create_context *)(rsp->Buffer + - le32_to_cpu(rsp->CreateContextsLength)); - contxt_cnt++; - if (d_info.type == DURABLE_REQ) { - create_durable_rsp_buf(rsp->Buffer + - le32_to_cpu(rsp->CreateContextsLength)); - le32_add_cpu(&rsp->CreateContextsLength, - conn->vals->create_durable_size); - inc_rfc1001_len(rsp_org, - conn->vals->create_durable_size); - } else { - create_durable_v2_rsp_buf(rsp->Buffer + - le32_to_cpu(rsp->CreateContextsLength), - fp); - le32_add_cpu(&rsp->CreateContextsLength, - conn->vals->create_durable_v2_size); - inc_rfc1001_len(rsp_org, - conn->vals->create_durable_v2_size); - } - - if (next_ptr) - *next_ptr = cpu_to_le32(next_off); - next_ptr = &durable_ccontext->Next; - next_off = conn->vals->create_durable_size; - } - if (maximal_access_ctxt) { struct create_context *mxac_ccontext;

diff --git a/fs/cifsd/smb_common.c b/fs/cifsd/smb_common.c index b0510213eb6d..985171cbf192 100644 --- a/fs/cifsd/smb_common.c +++ b/fs/cifsd/smb_common.c @@ -497,11 +497,6 @@ int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp) if (strcmp(prev_fp->stream.name, curr_fp->stream.name)) continue;

- if (prev_fp->is_durable) { - prev_fp->is_durable = 0; - continue; - } - if (prev_fp->attrib_only != curr_fp->attrib_only) continue;

diff --git a/fs/cifsd/vfs_cache.c b/fs/cifsd/vfs_cache.c index 3ab06e0b723c..3286e74e2a56 100644 --- a/fs/cifsd/vfs_cache.c +++ b/fs/cifsd/vfs_cache.c @@ -449,30 +449,6 @@ struct ksmbd_file *ksmbd_lookup_durable_fd(unsigned long long id) return __ksmbd_lookup_fd(&global_ft, id); }

-int ksmbd_close_fd_app_id(struct ksmbd_work *work, char *app_id) -{ - struct ksmbd_file *fp = NULL; - unsigned int id; - - read_lock(&global_ft.lock); - idr_for_each_entry(global_ft.idr, fp, id) { - if (!memcmp(fp->app_instance_id, - app_id, - SMB2_CREATE_GUID_SIZE)) { - if (!atomic_dec_and_test(&fp->refcount)) - fp = NULL; - break; - } - } - read_unlock(&global_ft.lock); - - if (!fp) - return -EINVAL; - - __put_fd_final(work, fp); - return 0; -} - struct ksmbd_file *ksmbd_lookup_fd_cguid(char *cguid) { struct ksmbd_file *fp = NULL; @@ -492,23 +468,6 @@ struct ksmbd_file *ksmbd_lookup_fd_cguid(char *cguid) return fp; }

-struct ksmbd_file *ksmbd_lookup_fd_filename(struct ksmbd_work *work, char *filename) -{ - struct ksmbd_file *fp = NULL; - unsigned int id; - - read_lock(&work->sess->file_table.lock); - idr_for_each_entry(work->sess->file_table.idr, fp, id) { - if (!strcmp(fp->filename, filename)) { - fp = ksmbd_fp_get(fp); - break; - } - } - read_unlock(&work->sess->file_table.lock); - - return fp; -} - struct ksmbd_file *ksmbd_lookup_fd_inode(struct inode *inode) { struct ksmbd_file *lfp; @@ -617,32 +576,6 @@ struct ksmbd_file *ksmbd_open_fd(struct ksmbd_work *work, struct file *filp) return fp; }

-static inline bool is_reconnectable(struct ksmbd_file *fp) -{ - struct oplock_info *opinfo = opinfo_get(fp); - bool reconn = false; - - if (!opinfo) - return false; - - if (opinfo->op_state != OPLOCK_STATE_NONE) { - opinfo_put(opinfo); - return false; - } - - if (fp->is_resilient || fp->is_persistent) - reconn = true; - else if (fp->is_durable && opinfo->is_lease && - opinfo->o_lease->state & SMB2_LEASE_HANDLE_CACHING_LE) - reconn = true; - - else if (fp->is_durable && opinfo->level == SMB2_OPLOCK_LEVEL_BATCH) - reconn = true; - - opinfo_put(opinfo); - return reconn; -} - static int __close_file_table_ids(struct ksmbd_file_table *ft, struct ksmbd_tree_connect *tcon, bool (*skip)(struct ksmbd_tree_connect *tcon, struct ksmbd_file *fp)) @@ -672,13 +605,7 @@ static bool tree_conn_fd_check(struct ksmbd_tree_connect *tcon, struct ksmbd_fil

static bool session_fd_check(struct ksmbd_tree_connect *tcon, struct ksmbd_file *fp) { - if (!is_reconnectable(fp)) - return false; - - fp->conn = NULL; - fp->tcon = NULL; - fp->volatile_id = KSMBD_NO_FID; - return true; + return false; }

void ksmbd_close_tree_conn_fds(struct ksmbd_work *work) @@ -717,31 +644,6 @@ void ksmbd_free_global_file_table(void) ksmbd_destroy_file_table(&global_ft); }

-int ksmbd_reopen_durable_fd(struct ksmbd_work *work, struct ksmbd_file *fp) -{ - if (!fp->is_durable || fp->conn || fp->tcon) { - ksmbd_err("Invalid durable fd [%p:%p]\n", - fp->conn, fp->tcon); - return -EBADF; - } - - if (HAS_FILE_ID(fp->volatile_id)) { - ksmbd_err("Still in use durable fd: %u\n", fp->volatile_id); - return -EBADF; - } - - fp->conn = work->sess->conn; - fp->tcon = work->tcon; - - __open_id(&work->sess->file_table, fp, OPEN_ID_TYPE_VOLATILE_ID); - if (!HAS_FILE_ID(fp->volatile_id)) { - fp->conn = NULL; - fp->tcon = NULL; - return -EBADF; - } - return 0; -} - int ksmbd_file_table_flush(struct ksmbd_work *work) { struct ksmbd_file *fp = NULL; diff --git a/fs/cifsd/vfs_cache.h b/fs/cifsd/vfs_cache.h index ce2047dda36a..5638641dd0cf 100644 --- a/fs/cifsd/vfs_cache.h +++ b/fs/cifsd/vfs_cache.h @@ -90,9 +90,6 @@ struct ksmbd_file { __u64 create_time; __u64 itime;

- bool is_durable; - bool is_resilient; - bool is_persistent; bool is_nt_open; bool attrib_only;

@@ -154,17 +151,14 @@ struct ksmbd_file *ksmbd_lookup_foreign_fd(struct ksmbd_work *work, unsigned int struct ksmbd_file *ksmbd_lookup_fd_slow(struct ksmbd_work *work, unsigned int id, unsigned int pid); void ksmbd_fd_put(struct ksmbd_work *work, struct ksmbd_file *fp); -int ksmbd_close_fd_app_id(struct ksmbd_work *work, char *app_id); struct ksmbd_file *ksmbd_lookup_durable_fd(unsigned long long id); struct ksmbd_file *ksmbd_lookup_fd_cguid(char *cguid); -struct ksmbd_file *ksmbd_lookup_fd_filename(struct ksmbd_work *work, char *filename); struct ksmbd_file *ksmbd_lookup_fd_inode(struct inode *inode); unsigned int ksmbd_open_durable_fd(struct ksmbd_file *fp); struct ksmbd_file *ksmbd_open_fd(struct ksmbd_work *work, struct file *filp); void ksmbd_close_tree_conn_fds(struct ksmbd_work *work); void ksmbd_close_session_fds(struct ksmbd_work *work); int ksmbd_close_inode_fds(struct ksmbd_work *work, struct inode *inode); -int ksmbd_reopen_durable_fd(struct ksmbd_work *work, struct ksmbd_file *fp); int ksmbd_init_global_file_table(void); void ksmbd_free_global_file_table(void); int ksmbd_file_table_flush(struct ksmbd_work *work);

From patchwork Mon Nov 14 12:49:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183148 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:35 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:35 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:35 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 051/308] cifsd: Update access check in set_file_allocation_info/set_end_of_file_info Date: Mon, 14 Nov 2022 20:49:20 +0800 Message-ID: 20221114125337.1831594-52-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 5bef3da9-5ad1-4fe1-f33c-08dac63c4f2c X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6891068 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Marios Makassikis mmakassikis@freebox.fr

mainline inclusion from mainline-5.15-rc1 commit a299669b2c3d26cdb787ba4a87603f6de4fd7714 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/a299669b2c3d

-------------------------------

[MS-SMB2] 3.3.5.21.1 If the object store supports security and FileInfoClass is FileAllocationInformation, FileEndOfFileInformation, or FileValidDataLengthInformation, and Open.GrantedAccess does not include FILE_WRITE_DATA, the server MUST fail the request with STATUS_ACCESS_DENIED.

Signed-off-by: Marios Makassikis mmakassikis@freebox.fr Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 343e96ccdd4c..73c6154170cf 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -5352,7 +5352,7 @@ static int set_file_allocation_info(struct ksmbd_work *work, struct inode *inode; int rc;

- if (!is_attributes_write_allowed(fp)) + if (!(fp->daccess & FILE_WRITE_DATA_LE)) return -EACCES;

file_alloc_info = (struct smb2_file_alloc_info *)buf; @@ -5396,7 +5396,7 @@ static int set_end_of_file_info(struct ksmbd_work *work, struct ksmbd_file *fp, struct inode *inode; int rc;

- if (!is_attributes_write_allowed(fp)) + if (!(fp->daccess & FILE_WRITE_DATA_LE)) return -EACCES;

file_eof_info = (struct smb2_file_eof_info *)buf;

From patchwork Mon Nov 14 12:49:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183149 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:36 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:36 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:35 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 052/308] cifsd: Remove is_attributes_write_allowed() wrapper Date: Mon, 14 Nov 2022 20:49:21 +0800 Message-ID: 20221114125337.1831594-53-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 52689609-f20e-4942-849c-08dac63c4f75 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6991101 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Marios Makassikis mmakassikis@freebox.fr

mainline inclusion from mainline-5.15-rc1 commit 7adfd4f6f78eb1c2561bcfdc20f7cc39f2d89437 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/7adfd4f6f78e

-------------------------------

Inline it in the only place it is used and remove it.

Signed-off-by: Marios Makassikis mmakassikis@freebox.fr Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 73c6154170cf..eeb3f09e8765 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -5237,11 +5237,6 @@ static int smb2_create_link(struct ksmbd_work *work, return rc; }

-static bool is_attributes_write_allowed(struct ksmbd_file *fp) -{ - return fp->daccess & FILE_WRITE_ATTRIBUTES_LE; -} - static int set_file_basic_info(struct ksmbd_file *fp, char *buf, struct ksmbd_share_config *share) { @@ -5252,7 +5247,7 @@ static int set_file_basic_info(struct ksmbd_file *fp, char *buf, struct inode *inode; int rc;

- if (!is_attributes_write_allowed(fp)) + if (!(fp->daccess & FILE_WRITE_ATTRIBUTES_LE)) return -EACCES;

file_info = (struct smb2_file_all_info *)buf;

From patchwork Mon Nov 14 12:49:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183150 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:36 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:36 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:36 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 053/308] cifsd: Fix regression in smb2_get_info Date: Mon, 14 Nov 2022 20:49:22 +0800 Message-ID: 20221114125337.1831594-54-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 2e550a78-de3b-4ff8-174f-08dac63c4fbe X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6872460 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Sebastian Gottschall s.gottschall@dd-wrt.com

mainline inclusion from mainline-5.15-rc1 commit ced2b26a76cd1db0b6ccb39e0bc873177c9bda21 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/ced2b26a76cd

-------------------------------

a Windows 10 client isn't able to store files from ksmbd servers due unknown local permission problems (code 0x8007003A) if smb3 encryption is enabled. Windows 10 is requesting for ATTRIBUTE_SECINFO (mask 0x20) which is not yet handled by ksmbd, this leads to a invalid response. For now we just reintroduce the old check to avoid processing of unhandled flags until ATTRIBUTE_SECINFO is properly handled.

Signed-off-by: Sebastian Gottschall s.gottschall@dd-wrt.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index eeb3f09e8765..3b8da5dfd4a1 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -4791,6 +4791,24 @@ static int smb2_get_info_sec(struct ksmbd_work *work, int addition_info = le32_to_cpu(req->AdditionalInformation); int rc;

+ if (addition_info & ~(OWNER_SECINFO | GROUP_SECINFO | DACL_SECINFO)) { + ksmbd_debug(SMB, "Unsupported addition info: 0x%x)\n", + addition_info); + + pntsd->revision = cpu_to_le16(1); + pntsd->type = cpu_to_le16(SELF_RELATIVE | DACL_PROTECTED); + pntsd->osidoffset = 0; + pntsd->gsidoffset = 0; + pntsd->sacloffset = 0; + pntsd->dacloffset = 0; + + secdesclen = sizeof(struct smb_ntsd); + rsp->OutputBufferLength = cpu_to_le32(secdesclen); + inc_rfc1001_len(rsp_org, secdesclen); + + return 0; + } + if (work->next_smb2_rcv_hdr_off) { if (!HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) { ksmbd_debug(SMB, "Compound request set FID = %u\n",

From patchwork Mon Nov 14 12:49:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183151 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:37 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:37 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:36 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 054/308] cifsd: Call smb2_set_err_rsp() in smb2_read/smb2_write error path Date: Mon, 14 Nov 2022 20:49:23 +0800 Message-ID: 20221114125337.1831594-55-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 5f28818a-ddd6-4aae-f449-08dac63c5006 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6973526 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Marios Makassikis mmakassikis@freebox.fr

mainline inclusion from mainline-5.15-rc1 commit a4382db9bac314440f662be91ec8010465e67603 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/a4382db9bac3

-------------------------------

Call smb2_set_err_rsp() in smb2_read/smb2_write error path.

Signed-off-by: Marios Makassikis mmakassikis@freebox.fr Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 3b8da5dfd4a1..e5aff1ca11e1 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -5820,8 +5820,8 @@ int smb2_read(struct ksmbd_work *work) le64_to_cpu(req->VolatileFileId), le64_to_cpu(req->PersistentFileId)); if (!fp) { - rsp->hdr.Status = STATUS_FILE_CLOSED; - return -ENOENT; + err = -ENOENT; + goto out; }

if (!(fp->daccess & (FILE_READ_DATA_LE | FILE_READ_ATTRIBUTES_LE))) { @@ -6057,7 +6057,7 @@ int smb2_write(struct ksmbd_work *work) { struct smb2_write_req *req; struct smb2_write_rsp *rsp, *rsp_org; - struct ksmbd_file *fp = NULL; + struct ksmbd_file *fp; loff_t offset; size_t length; ssize_t nbytes; @@ -6082,8 +6082,8 @@ int smb2_write(struct ksmbd_work *work) fp = ksmbd_lookup_fd_slow(work, le64_to_cpu(req->VolatileFileId), le64_to_cpu(req->PersistentFileId)); if (!fp) { - rsp->hdr.Status = STATUS_FILE_CLOSED; - return -ENOENT; + err = -ENOENT; + goto out; }

if (!(fp->daccess & (FILE_WRITE_DATA_LE | FILE_READ_ATTRIBUTES_LE))) {

From patchwork Mon Nov 14 12:49:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183152 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:37 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:37 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:37 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 055/308] cifsd: Handle ksmbd_session_rpc_open() failure in create_smb2_pipe() Date: Mon, 14 Nov 2022 20:49:24 +0800 Message-ID: 20221114125337.1831594-56-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 8f7591f7-16ad-4875-5fff-08dac63c504f X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6984349 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Marios Makassikis mmakassikis@freebox.fr

mainline inclusion from mainline-5.15-rc1 commit 79caa9606df1504b3b5104457cbb5d759f0e5fae category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/79caa9606df1

-------------------------------

Currently, a SMB2 client does not receive an error message if ksmbd_session_rpc_open() fails when opening a pipe. Fix this by responding with STATUS_NO_MEMORY or STATUS_INVALID_PARAMETER depending on the error that occurred.

Signed-off-by: Marios Makassikis mmakassikis@freebox.fr Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index e5aff1ca11e1..fec385318ff3 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -1917,9 +1917,13 @@ static noinline int create_smb2_pipe(struct ksmbd_work *work) }

id = ksmbd_session_rpc_open(work->sess, name); - if (id < 0) + if (id < 0) { ksmbd_err("Unable to open RPC pipe: %d\n", id); + err = id; + goto out; + }

+ rsp->hdr.Status = STATUS_SUCCESS; rsp->StructureSize = cpu_to_le16(89); rsp->OplockLevel = SMB2_OPLOCK_LEVEL_NONE; rsp->Reserved = 0; @@ -1942,6 +1946,19 @@ static noinline int create_smb2_pipe(struct ksmbd_work *work) return 0;

out: + switch (err) { + case -EINVAL: + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + break; + case -ENOSPC: + case -ENOMEM: + rsp->hdr.Status = STATUS_NO_MEMORY; + break; + } + + if (!IS_ERR(name)) + kfree(name); + smb2_set_err_rsp(work); return err; }

From patchwork Mon Nov 14 12:49:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183153 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:38 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:38 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:37 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 056/308] cifsd: Update out_buf_len in smb2_populate_readdir_entry() Date: Mon, 14 Nov 2022 20:49:25 +0800 Message-ID: 20221114125337.1831594-57-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: da713069-2842-46b8-f1c3-08dac63c5097 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6914779 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Marios Makassikis mmakassikis@freebox.fr

mainline inclusion from mainline-5.15-rc1 commit e7735c854880084a6d97e60465f19daa42842eff category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/e7735c854880

-------------------------------

When processing a SMB2 QUERY_DIRECTORY request, smb2_populate_readdir_entry() is called first to fill the dot/dotdot entries. This moves the d_info->wptr pointer but out_buf_len remains unchanged. As a result, reserve_populate_dentry() may end up writing past the end of the buffer since the bounds checking is done on invalid values.

Signed-off-by: Marios Makassikis mmakassikis@freebox.fr Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 1 + 1 file changed, 1 insertion(+)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index fec385318ff3..54df9a30bd23 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -3333,6 +3333,7 @@ static int smb2_populate_readdir_entry(struct ksmbd_conn *conn, int info_level,

d_info->last_entry_offset = d_info->data_count; d_info->data_count += next_entry_offset; + d_info->out_buf_len -= next_entry_offset; d_info->wptr += next_entry_offset; kfree(conv_name);

From patchwork Mon Nov 14 12:49:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183154 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:38 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:38 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:38 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 057/308] cifsd: Fix potential null-ptr-deref in destroy_previous_session() Date: Mon, 14 Nov 2022 20:49:26 +0800 Message-ID: 20221114125337.1831594-58-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: cc2f5a90-8d61-4c5e-8e8b-08dac63c50e1 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7068411 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Marios Makassikis mmakassikis@freebox.fr

mainline inclusion from mainline-5.15-rc1 commit 1fca8038e9f10bc14eb3484d212b3f03b49ac3f5 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/1fca8038e9f1

-------------------------------

The user field in the session structure is allocated when the client is authenticated. If the client explicitly logs off, the user field is freed, but the session is kept around in case the user reconnects. If the TCP connection hasn't been closed and the client sends a session setup with a PreviousSessionId set, destroy_previous_session() will be called to check if the session needs to be cleaned up.

Signed-off-by: Marios Makassikis mmakassikis@freebox.fr Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 54df9a30bd23..ebae992f88a0 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -619,7 +619,8 @@ static void destroy_previous_session(struct ksmbd_user *user, u64 id)

prev_user = prev_sess->user;

- if (strcmp(user->name, prev_user->name) || + if (!prev_user || + strcmp(user->name, prev_user->name) || user->passkey_sz != prev_user->passkey_sz || memcmp(user->passkey, prev_user->passkey, user->passkey_sz)) { put_session(prev_sess);

From patchwork Mon Nov 14 12:49:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183155 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:39 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:39 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:38 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 058/308] cifsd: add support for AES256 encryption Date: Mon, 14 Nov 2022 20:49:27 +0800 Message-ID: 20221114125337.1831594-59-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 16761a57-423a-41c0-92e5-08dac63c512a X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6717882 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 5a0ca7700591a5275875920cf0c3113435e4b6f7 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/5a0ca7700591

-------------------------------

Now that 256 bit encryption can be negotiated, update names of the nonces to match the updated official protocol documentation (e.g. AES_GCM_NONCE instead of AES_128GCM_NONCE) since they apply to both 128 bit and 256 bit encryption. update smb encryption code to set 32 byte key length and to set gcm256/ccm256 when requested on mount.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/auth.c | 53 +++++++++++++++++++++++++----------- fs/cifsd/crypto_ctx.c | 8 +++--- fs/cifsd/crypto_ctx.h | 8 +++--- fs/cifsd/mgmt/user_session.h | 4 +-- fs/cifsd/smb2pdu.c | 11 +++++--- fs/cifsd/smb2pdu.h | 18 +++++++++--- 6 files changed, 68 insertions(+), 34 deletions(-)

diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index 437e58a0826d..6b90aac86fcc 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -835,7 +835,8 @@ static int generate_key(struct ksmbd_session *sess, struct kvec label, { unsigned char zero = 0x0; __u8 i[4] = {0, 0, 0, 1}; - __u8 L[4] = {0, 0, 0, 128}; + __u8 L128[4] = {0, 0, 0, 128}; + __u8 L256[4] = {0, 0, 1, 0}; int rc = -EINVAL; unsigned char prfhash[SMB2_HMACSHA256_SIZE]; unsigned char *hashptr = prfhash; @@ -890,7 +891,11 @@ static int generate_key(struct ksmbd_session *sess, struct kvec label, goto smb3signkey_ret; }

- rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L, 4); + if (sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM || + sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) + rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L256, 4); + else + rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L128, 4); if (rc) { ksmbd_debug(AUTH, "could not update with L\n"); goto smb3signkey_ret; @@ -981,24 +986,33 @@ static int generate_smb3encryptionkey(struct ksmbd_session *sess,

rc = generate_key(sess, ptwin->encryption.label, ptwin->encryption.context, sess->smb3encryptionkey, - SMB3_SIGN_KEY_SIZE); + SMB3_ENC_DEC_KEY_SIZE); if (rc) return rc;

rc = generate_key(sess, ptwin->decryption.label, ptwin->decryption.context, - sess->smb3decryptionkey, SMB3_SIGN_KEY_SIZE); + sess->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE); if (rc) return rc;

ksmbd_debug(AUTH, "dumping generated AES encryption keys\n"); + ksmbd_debug(AUTH, "Cipher type %d\n", sess->conn->cipher_type); ksmbd_debug(AUTH, "Session Id %llu\n", sess->id); ksmbd_debug(AUTH, "Session Key %*ph\n", SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key); - ksmbd_debug(AUTH, "ServerIn Key %*ph\n", - SMB3_SIGN_KEY_SIZE, sess->smb3encryptionkey); - ksmbd_debug(AUTH, "ServerOut Key %*ph\n", - SMB3_SIGN_KEY_SIZE, sess->smb3decryptionkey); + if (sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM || + sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) { + ksmbd_debug(AUTH, "ServerIn Key %*ph\n", + SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3encryptionkey); + ksmbd_debug(AUTH, "ServerOut Key %*ph\n", + SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3decryptionkey); + } else { + ksmbd_debug(AUTH, "ServerIn Key %*ph\n", + SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3encryptionkey); + ksmbd_debug(AUTH, "ServerOut Key %*ph\n", + SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3decryptionkey); + } return rc; }

@@ -1136,7 +1150,7 @@ static int ksmbd_get_encryption_key(struct ksmbd_conn *conn, __u64 ses_id,

ses_enc_key = enc ? sess->smb3encryptionkey : sess->smb3decryptionkey; - memcpy(key, ses_enc_key, SMB3_SIGN_KEY_SIZE); + memcpy(key, ses_enc_key, SMB3_ENC_DEC_KEY_SIZE);

return 0; } @@ -1224,7 +1238,7 @@ int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov, int rc = 0; struct scatterlist *sg; u8 sign[SMB2_SIGNATURE_SIZE] = {}; - u8 key[SMB3_SIGN_KEY_SIZE]; + u8 key[SMB3_ENC_DEC_KEY_SIZE]; struct aead_request *req; char *iv; unsigned int iv_len; @@ -1241,7 +1255,8 @@ int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov, return 0; }

- if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM) + if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM || + conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) ctx = ksmbd_crypto_ctx_find_gcm(); else ctx = ksmbd_crypto_ctx_find_ccm(); @@ -1250,12 +1265,17 @@ int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov, return -EINVAL; }

- if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM) + if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM || + conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) tfm = CRYPTO_GCM(ctx); else tfm = CRYPTO_CCM(ctx);

- rc = crypto_aead_setkey(tfm, key, SMB3_SIGN_KEY_SIZE); + if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM || + conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) + rc = crypto_aead_setkey(tfm, key, SMB3_GCM256_CRYPTKEY_SIZE); + else + rc = crypto_aead_setkey(tfm, key, SMB3_GCM128_CRYPTKEY_SIZE); if (rc) { ksmbd_err("Failed to set aead key %d\n", rc); goto free_ctx; @@ -1294,11 +1314,12 @@ int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov, goto free_sg; }

- if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM) { - memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES128GCM_NONCE); + if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM || + conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) { + memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES_GCM_NONCE); } else { iv[0] = 3; - memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES128CCM_NONCE); + memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES_CCM_NONCE); }

aead_request_set_crypt(req, sg, sg, crypt_len, iv); diff --git a/fs/cifsd/crypto_ctx.c b/fs/cifsd/crypto_ctx.c index 8322b0f7a7fc..1830ae1b5ed3 100644 --- a/fs/cifsd/crypto_ctx.c +++ b/fs/cifsd/crypto_ctx.c @@ -42,10 +42,10 @@ static struct crypto_aead *alloc_aead(int id) struct crypto_aead *tfm = NULL;

switch (id) { - case CRYPTO_AEAD_AES128_GCM: + case CRYPTO_AEAD_AES_GCM: tfm = crypto_alloc_aead("gcm(aes)", 0, 0); break; - case CRYPTO_AEAD_AES128_CCM: + case CRYPTO_AEAD_AES_CCM: tfm = crypto_alloc_aead("ccm(aes)", 0, 0); break; default: @@ -248,12 +248,12 @@ static struct ksmbd_crypto_ctx *____crypto_aead_ctx_find(int id)

struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_gcm(void) { - return ____crypto_aead_ctx_find(CRYPTO_AEAD_AES128_GCM); + return ____crypto_aead_ctx_find(CRYPTO_AEAD_AES_GCM); }

struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_ccm(void) { - return ____crypto_aead_ctx_find(CRYPTO_AEAD_AES128_CCM); + return ____crypto_aead_ctx_find(CRYPTO_AEAD_AES_CCM); }

void ksmbd_crypto_destroy(void) diff --git a/fs/cifsd/crypto_ctx.h b/fs/cifsd/crypto_ctx.h index 64a11dfd6c83..b0d3cd650485 100644 --- a/fs/cifsd/crypto_ctx.h +++ b/fs/cifsd/crypto_ctx.h @@ -21,8 +21,8 @@ enum { };

enum { - CRYPTO_AEAD_AES128_GCM = 16, - CRYPTO_AEAD_AES128_CCM, + CRYPTO_AEAD_AES_GCM = 16, + CRYPTO_AEAD_AES_CCM, CRYPTO_AEAD_MAX, };

@@ -55,8 +55,8 @@ struct ksmbd_crypto_ctx { #define CRYPTO_MD4_TFM(c) ((c)->desc[CRYPTO_SHASH_MD4]->tfm) #define CRYPTO_MD5_TFM(c) ((c)->desc[CRYPTO_SHASH_MD5]->tfm)

-#define CRYPTO_GCM(c) ((c)->ccmaes[CRYPTO_AEAD_AES128_GCM]) -#define CRYPTO_CCM(c) ((c)->ccmaes[CRYPTO_AEAD_AES128_CCM]) +#define CRYPTO_GCM(c) ((c)->ccmaes[CRYPTO_AEAD_AES_GCM]) +#define CRYPTO_CCM(c) ((c)->ccmaes[CRYPTO_AEAD_AES_CCM])

void ksmbd_release_crypto_ctx(struct ksmbd_crypto_ctx *ctx);

diff --git a/fs/cifsd/mgmt/user_session.h b/fs/cifsd/mgmt/user_session.h index 72b40348bdc4..1709563d718b 100644 --- a/fs/cifsd/mgmt/user_session.h +++ b/fs/cifsd/mgmt/user_session.h @@ -56,8 +56,8 @@ struct ksmbd_session {

- __u8 smb3encryptionkey[SMB3_SIGN_KEY_SIZE]; - __u8 smb3decryptionkey[SMB3_SIGN_KEY_SIZE]; + __u8 smb3encryptionkey[SMB3_ENC_DEC_KEY_SIZE]; + __u8 smb3decryptionkey[SMB3_ENC_DEC_KEY_SIZE]; __u8 smb3signingkey[SMB3_SIGN_KEY_SIZE];

struct list_head sessions_entry; diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index ebae992f88a0..d07d7c45f899 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -904,7 +904,9 @@ static int decode_encrypt_ctxt(struct ksmbd_conn *conn,

for (i = 0; i < cph_cnt; i++) { if (pneg_ctxt->Ciphers[i] == SMB2_ENCRYPTION_AES128_GCM || - pneg_ctxt->Ciphers[i] == SMB2_ENCRYPTION_AES128_CCM) { + pneg_ctxt->Ciphers[i] == SMB2_ENCRYPTION_AES128_CCM || + pneg_ctxt->Ciphers[i] == SMB2_ENCRYPTION_AES256_CCM || + pneg_ctxt->Ciphers[i] == SMB2_ENCRYPTION_AES256_GCM) { ksmbd_debug(SMB, "Cipher ID = 0x%x\n", pneg_ctxt->Ciphers[i]); conn->cipher_type = pneg_ctxt->Ciphers[i]; @@ -7979,10 +7981,11 @@ static void fill_transform_hdr(struct smb2_transform_hdr *tr_hdr, char *old_buf, tr_hdr->ProtocolId = SMB2_TRANSFORM_PROTO_NUM; tr_hdr->OriginalMessageSize = cpu_to_le32(orig_len); tr_hdr->Flags = cpu_to_le16(0x01); - if (cipher_type == SMB2_ENCRYPTION_AES128_GCM) - get_random_bytes(&tr_hdr->Nonce, SMB3_AES128GCM_NONCE); + if (cipher_type == SMB2_ENCRYPTION_AES128_GCM || + cipher_type == SMB2_ENCRYPTION_AES256_GCM) + get_random_bytes(&tr_hdr->Nonce, SMB3_AES_GCM_NONCE); else - get_random_bytes(&tr_hdr->Nonce, SMB3_AES128CCM_NONCE); + get_random_bytes(&tr_hdr->Nonce, SMB3_AES_CCM_NONCE); memcpy(&tr_hdr->SessionId, &hdr->SessionId, 8); inc_rfc1001_len(tr_hdr, sizeof(struct smb2_transform_hdr) - 4); inc_rfc1001_len(tr_hdr, orig_len); diff --git a/fs/cifsd/smb2pdu.h b/fs/cifsd/smb2pdu.h index 156ff6a2968b..c5c32610aafe 100644 --- a/fs/cifsd/smb2pdu.h +++ b/fs/cifsd/smb2pdu.h @@ -77,6 +77,13 @@ #define SMB2_SIGNATURE_SIZE 16 #define SMB2_HMACSHA256_SIZE 32 #define SMB2_CMACAES_SIZE 16 +#define SMB3_GCM128_CRYPTKEY_SIZE 16 +#define SMB3_GCM256_CRYPTKEY_SIZE 32 + +/* + * Size of the smb3 encryption/decryption keys + */ +#define SMB3_ENC_DEC_KEY_SIZE 32

/* * Size of the smb3 signing key @@ -151,8 +158,8 @@ struct smb2_pdu { __le16 StructureSize2; /* size of wct area (varies, request specific) */ } __packed;

-#define SMB3_AES128CCM_NONCE 11 -#define SMB3_AES128GCM_NONCE 12 +#define SMB3_AES_CCM_NONCE 11 +#define SMB3_AES_GCM_NONCE 12

struct smb2_transform_hdr { __be32 smb2_buf_length; /* big endian on wire */ @@ -283,13 +290,16 @@ struct smb2_preauth_neg_context { /* Encryption Algorithms Ciphers */ #define SMB2_ENCRYPTION_AES128_CCM cpu_to_le16(0x0001) #define SMB2_ENCRYPTION_AES128_GCM cpu_to_le16(0x0002) +#define SMB2_ENCRYPTION_AES256_CCM cpu_to_le16(0x0003) +#define SMB2_ENCRYPTION_AES256_GCM cpu_to_le16(0x0004)

struct smb2_encryption_neg_context { __le16 ContextType; /* 2 */ __le16 DataLength; __le32 Reserved; - __le16 CipherCount; /* AES-128-GCM and AES-128-CCM */ - __le16 Ciphers[1]; /* Ciphers[0] since only one used now */ + /* CipherCount usally 2, but can be 3 when AES256-GCM enabled */ + __le16 CipherCount; /* AES-128-GCM and AES-128-CCM by default */ + __le16 Ciphers[1]; } __packed;

#define SMB3_COMPRESS_NONE cpu_to_le16(0x0000)

From patchwork Mon Nov 14 12:49:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183156 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:39 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:39 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:39 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 059/308] cifsd: fix invalid memory access in smb2_write() Date: Mon, 14 Nov 2022 20:49:28 +0800 Message-ID: 20221114125337.1831594-60-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: f8697506-7de9-4994-249b-08dac63c5173 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6920488 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit bcd62a368314deeea8bd0823399b649a236b7d5b category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/bcd62a368314

-------------------------------

Add missing fp initialzation to prevent invalid memory access in smb2_write().

Reported-by: Coverity Scan scan-admin@coverity.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index d07d7c45f899..18de8a763209 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -6078,7 +6078,7 @@ int smb2_write(struct ksmbd_work *work) { struct smb2_write_req *req; struct smb2_write_rsp *rsp, *rsp_org; - struct ksmbd_file *fp; + struct ksmbd_file *fp = NULL; loff_t offset; size_t length; ssize_t nbytes;

From patchwork Mon Nov 14 12:49:29 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183157 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:40 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:40 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:39 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 060/308] cifsd: decoding gss token using lib/asn1_decoder.c Date: Mon, 14 Nov 2022 20:49:29 +0800 Message-ID: 20221114125337.1831594-61-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: efd33fd1-b9aa-4163-cc89-08dac63c51bd X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7155463 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit fad4161b5cd01a24202234976ebbb133f7adc0b5 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/fad4161b5cd0

-------------------------------

Decode gss token of SMB2_SESSSION_SETUP using lib/asn1_decoder.c

Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/asn1.c | 614 +++++++----------------------- fs/cifsd/smb2pdu.c | 4 +- fs/cifsd/spnego_negtokeninit.asn1 | 43 +++ fs/cifsd/spnego_negtokentarg.asn1 | 19 + 4 files changed, 196 insertions(+), 484 deletions(-) create mode 100644 fs/cifsd/spnego_negtokeninit.asn1 create mode 100644 fs/cifsd/spnego_negtokentarg.asn1

diff --git a/fs/cifsd/asn1.c b/fs/cifsd/asn1.c index aa702b665849..aa6ea855c422 100644 --- a/fs/cifsd/asn1.c +++ b/fs/cifsd/asn1.c @@ -11,61 +11,15 @@ #include <linux/kernel.h> #include <linux/mm.h> #include <linux/slab.h> +#include <linux/oid_registry.h>

#include "glob.h"

#include "asn1.h" #include "connection.h" #include "auth.h" - -/***************************************************************************** - * - * Basic ASN.1 decoding routines (gxsnmp author Dirk Wisse) - * - *****************************************************************************/ - -/* Class */ -#define ASN1_UNI 0 /* Universal */ -#define ASN1_APL 1 /* Application */ -#define ASN1_CTX 2 /* Context */ -#define ASN1_PRV 3 /* Private */ - -/* Tag */ -#define ASN1_EOC 0 /* End Of Contents or N/A */ -#define ASN1_BOL 1 /* Boolean */ -#define ASN1_INT 2 /* Integer */ -#define ASN1_BTS 3 /* Bit String */ -#define ASN1_OTS 4 /* Octet String */ -#define ASN1_NUL 5 /* Null */ -#define ASN1_OJI 6 /* Object Identifier */ -#define ASN1_OJD 7 /* Object Description */ -#define ASN1_EXT 8 /* External */ -#define ASN1_ENUM 10 /* Enumerated */ -#define ASN1_SEQ 16 /* Sequence */ -#define ASN1_SET 17 /* Set */ -#define ASN1_NUMSTR 18 /* Numerical String */ -#define ASN1_PRNSTR 19 /* Printable String */ -#define ASN1_TEXSTR 20 /* Teletext String */ -#define ASN1_VIDSTR 21 /* Video String */ -#define ASN1_IA5STR 22 /* IA5 String */ -#define ASN1_UNITIM 23 /* Universal Time */ -#define ASN1_GENTIM 24 /* General Time */ -#define ASN1_GRASTR 25 /* Graphical String */ -#define ASN1_VISSTR 26 /* Visible String */ -#define ASN1_GENSTR 27 /* General String */ - -/* Primitive / Constructed methods*/ -#define ASN1_PRI 0 /* Primitive */ -#define ASN1_CON 1 /* Constructed */ - -/* - * Error codes. - */ -#define ASN1_ERR_NOERROR 0 -#define ASN1_ERR_DEC_EMPTY 2 -#define ASN1_ERR_DEC_EOC_MISMATCH 3 -#define ASN1_ERR_DEC_LENGTH_MISMATCH 4 -#define ASN1_ERR_DEC_BADVALUE 5 +#include "spnego_negtokeninit.asn1.h" +#include "spnego_negtokentarg.asn1.h"

#define SPNEGO_OID_LEN 7 #define NTLMSSP_OID_LEN 10 @@ -81,212 +35,49 @@ static unsigned long MSKRB5_OID[7] = { 1, 2, 840, 48018, 1, 2, 2 }; static char NTLMSSP_OID_STR[NTLMSSP_OID_LEN] = { 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x02, 0x0a };

-/* - * ASN.1 context. - */ -struct asn1_ctx { - int error; /* Error condition */ - unsigned char *pointer; /* Octet just to be decoded */ - unsigned char *begin; /* First octet */ - unsigned char *end; /* Octet after last octet */ -}; - -/* - * Octet string (not null terminated) - */ -struct asn1_octstr { - unsigned char *data; - unsigned int len; -}; - -static void -asn1_open(struct asn1_ctx *ctx, unsigned char *buf, unsigned int len) -{ - ctx->begin = buf; - ctx->end = buf + len; - ctx->pointer = buf; - ctx->error = ASN1_ERR_NOERROR; -} - -static unsigned char -asn1_octet_decode(struct asn1_ctx *ctx, unsigned char *ch) -{ - if (ctx->pointer >= ctx->end) { - ctx->error = ASN1_ERR_DEC_EMPTY; - return 0; - } - *ch = *(ctx->pointer)++; - return 1; -} - -static unsigned char -asn1_tag_decode(struct asn1_ctx *ctx, unsigned int *tag) -{ - unsigned char ch; - - *tag = 0; - - do { - if (!asn1_octet_decode(ctx, &ch)) - return 0; - *tag <<= 7; - *tag |= ch & 0x7F; - } while ((ch & 0x80) == 0x80); - return 1; -} - -static unsigned char -asn1_id_decode(struct asn1_ctx *ctx, - unsigned int *cls, unsigned int *con, unsigned int *tag) -{ - unsigned char ch; - - if (!asn1_octet_decode(ctx, &ch)) - return 0; - - *cls = (ch & 0xC0) >> 6; - *con = (ch & 0x20) >> 5; - *tag = (ch & 0x1F); - - if (*tag == 0x1F) { - if (!asn1_tag_decode(ctx, tag)) - return 0; - } - return 1; -} - -static unsigned char -asn1_length_decode(struct asn1_ctx *ctx, unsigned int *def, unsigned int *len) -{ - unsigned char ch, cnt; - - if (!asn1_octet_decode(ctx, &ch)) - return 0; - - if (ch == 0x80) - *def = 0; - else { - *def = 1; - - if (ch < 0x80) - *len = ch; - else { - cnt = (unsigned char) (ch & 0x7F); - *len = 0; - - while (cnt > 0) { - if (!asn1_octet_decode(ctx, &ch)) - return 0; - *len <<= 8; - *len |= ch; - cnt--; - } - } - } - - /* don't trust len bigger than ctx buffer */ - if (*len > ctx->end - ctx->pointer) - return 0; - - return 1; -} - -static unsigned char -asn1_header_decode(struct asn1_ctx *ctx, - unsigned char **eoc, - unsigned int *cls, unsigned int *con, unsigned int *tag) -{ - unsigned int def = 0; - unsigned int len = 0; - - if (!asn1_id_decode(ctx, cls, con, tag)) - return 0; - - if (!asn1_length_decode(ctx, &def, &len)) - return 0; - - /* primitive shall be definite, indefinite shall be constructed */ - if (*con == ASN1_PRI && !def) - return 0; - - if (def) - *eoc = ctx->pointer + len; - else - *eoc = NULL; - return 1; -} - -static unsigned char -asn1_eoc_decode(struct asn1_ctx *ctx, unsigned char *eoc) -{ - unsigned char ch; - - if (!eoc) { - if (!asn1_octet_decode(ctx, &ch)) - return 0; - - if (ch != 0x00) { - ctx->error = ASN1_ERR_DEC_EOC_MISMATCH; - return 0; - } - - if (!asn1_octet_decode(ctx, &ch)) - return 0; - - if (ch != 0x00) { - ctx->error = ASN1_ERR_DEC_EOC_MISMATCH; - return 0; - } - } else { - if (ctx->pointer != eoc) { - ctx->error = ASN1_ERR_DEC_LENGTH_MISMATCH; - return 0; - } - } - return 1; -} - -static unsigned char -asn1_subid_decode(struct asn1_ctx *ctx, unsigned long *subid) +static bool +asn1_subid_decode(const unsigned char **begin, const unsigned char *end, + unsigned long *subid) { + const unsigned char *ptr = *begin; unsigned char ch;

*subid = 0;

do { - if (!asn1_octet_decode(ctx, &ch)) - return 0; + if (ptr >= end) + return false;

+ ch = *ptr++; *subid <<= 7; *subid |= ch & 0x7F; } while ((ch & 0x80) == 0x80); - return 1; + + *begin = ptr; + return true; }

-static int -asn1_oid_decode(struct asn1_ctx *ctx, - unsigned char *eoc, unsigned long **oid, unsigned int *len) +static bool asn1_oid_decode(const unsigned char *value, size_t vlen, + unsigned long **oid, size_t *oidlen) { - unsigned long subid; - unsigned int size; + const unsigned char *iptr = value, *end = value + vlen; unsigned long *optr; + unsigned long subid;

- size = eoc - ctx->pointer + 1; - - /* first subid actually encodes first two subids */ - if (size < 2 || size > UINT_MAX/sizeof(unsigned long)) - return 0; + vlen += 1; + if (vlen < 2 || vlen > UINT_MAX/sizeof(unsigned long)) + return false;

- *oid = kmalloc(size * sizeof(unsigned long), GFP_KERNEL); + *oid = kmalloc(vlen * sizeof(unsigned long), GFP_KERNEL); if (!*oid) - return 0; + return false;

optr = *oid;

- if (!asn1_subid_decode(ctx, &subid)) { + if (!asn1_subid_decode(&iptr, end, &subid)) { kfree(*oid); *oid = NULL; - return 0; + return false; }

if (subid < 40) { @@ -300,285 +91,55 @@ asn1_oid_decode(struct asn1_ctx *ctx, optr[1] = subid - 80; }

- *len = 2; + *oidlen = 2; optr += 2;

- while (ctx->pointer < eoc) { - if (++(*len) > size) { - ctx->error = ASN1_ERR_DEC_BADVALUE; + while (iptr < end) { + if (++(*oidlen) > vlen) { kfree(*oid); *oid = NULL; - return 0; + return false; }

- if (!asn1_subid_decode(ctx, optr++)) { + if (!asn1_subid_decode(&iptr, end, optr++)) { kfree(*oid); *oid = NULL; - return 0; + return false; } } - return 1; + return true; }

-static int -compare_oid(unsigned long *oid1, unsigned int oid1len, - unsigned long *oid2, unsigned int oid2len) +static bool +oid_eq(unsigned long *oid1, unsigned int oid1len, + unsigned long *oid2, unsigned int oid2len) { unsigned int i;

if (oid1len != oid2len) - return 0; + return false;

for (i = 0; i < oid1len; i++) { if (oid1[i] != oid2[i]) - return 0; + return false; } - return 1; + return true; }

-/* BB check for endian conversion issues here */ - int ksmbd_decode_negTokenInit(unsigned char *security_blob, int length, - struct ksmbd_conn *conn) + struct ksmbd_conn *conn) { - struct asn1_ctx ctx; - unsigned char *end; - unsigned char *sequence_end; - unsigned long *oid = NULL; - unsigned int cls, con, tag, oidlen, rc, mechTokenlen; - unsigned int mech_type; - - ksmbd_debug(AUTH, "Received SecBlob: length %d\n", length); - - asn1_open(&ctx, security_blob, length); - - /* GSSAPI header */ - if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) { - ksmbd_debug(AUTH, "Error decoding negTokenInit header\n"); - return 0; - } else if ((cls != ASN1_APL) || (con != ASN1_CON) - || (tag != ASN1_EOC)) { - ksmbd_debug(AUTH, "cls = %d con = %d tag = %d\n", cls, con, - tag); - return 0; - } - - /* Check for SPNEGO OID -- remember to free obj->oid */ - rc = asn1_header_decode(&ctx, &end, &cls, &con, &tag); - if (rc) { - if ((tag == ASN1_OJI) && (con == ASN1_PRI) && - (cls == ASN1_UNI)) { - rc = asn1_oid_decode(&ctx, end, &oid, &oidlen); - if (rc) { - rc = compare_oid(oid, oidlen, SPNEGO_OID, - SPNEGO_OID_LEN); - kfree(oid); - } - } else - rc = 0; - } - - /* SPNEGO OID not present or garbled -- bail out */ - if (!rc) { - ksmbd_debug(AUTH, "Error decoding negTokenInit header\n"); - return 0; - } - - /* SPNEGO */ - if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) { - ksmbd_debug(AUTH, "Error decoding negTokenInit\n"); - return 0; - } else if ((cls != ASN1_CTX) || (con != ASN1_CON) - || (tag != ASN1_EOC)) { - ksmbd_debug(AUTH, - "cls = %d con = %d tag = %d end = %p (%d) exit 0\n", - cls, con, tag, end, *end); - return 0; - } - - /* negTokenInit */ - if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) { - ksmbd_debug(AUTH, "Error decoding negTokenInit\n"); - return 0; - } else if ((cls != ASN1_UNI) || (con != ASN1_CON) - || (tag != ASN1_SEQ)) { - ksmbd_debug(AUTH, - "cls = %d con = %d tag = %d end = %p (%d) exit 1\n", - cls, con, tag, end, *end); - return 0; - } - - /* sequence */ - if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) { - ksmbd_debug(AUTH, "Error decoding 2nd part of negTokenInit\n"); - return 0; - } else if ((cls != ASN1_CTX) || (con != ASN1_CON) - || (tag != ASN1_EOC)) { - ksmbd_debug(AUTH, - "cls = %d con = %d tag = %d end = %p (%d) exit 0\n", - cls, con, tag, end, *end); - return 0; - } - - /* sequence of */ - if (asn1_header_decode - (&ctx, &sequence_end, &cls, &con, &tag) == 0) { - ksmbd_debug(AUTH, "Error decoding 2nd part of negTokenInit\n"); - return 0; - } else if ((cls != ASN1_UNI) || (con != ASN1_CON) - || (tag != ASN1_SEQ)) { - ksmbd_debug(AUTH, - "cls = %d con = %d tag = %d end = %p (%d) exit 1\n", - cls, con, tag, end, *end); - return 0; - } - - /* list of security mechanisms */ - while (!asn1_eoc_decode(&ctx, sequence_end)) { - rc = asn1_header_decode(&ctx, &end, &cls, &con, &tag); - if (!rc) { - ksmbd_debug(AUTH, - "Error decoding negTokenInit hdr exit2\n"); - return 0; - } - if ((tag == ASN1_OJI) && (con == ASN1_PRI)) { - if (asn1_oid_decode(&ctx, end, &oid, &oidlen)) { - if (compare_oid(oid, oidlen, MSKRB5_OID, - MSKRB5_OID_LEN)) - mech_type = KSMBD_AUTH_MSKRB5; - else if (compare_oid(oid, oidlen, KRB5U2U_OID, - KRB5U2U_OID_LEN)) - mech_type = KSMBD_AUTH_KRB5U2U; - else if (compare_oid(oid, oidlen, KRB5_OID, - KRB5_OID_LEN)) - mech_type = KSMBD_AUTH_KRB5; - else if (compare_oid(oid, oidlen, NTLMSSP_OID, - NTLMSSP_OID_LEN)) - mech_type = KSMBD_AUTH_NTLMSSP; - else { - kfree(oid); - continue; - } - - conn->auth_mechs |= mech_type; - if (conn->preferred_auth_mech == 0) - conn->preferred_auth_mech = mech_type; - kfree(oid); - } - } else { - ksmbd_debug(AUTH, - "Should be an oid what is going on?\n"); - } - } - - /* sequence */ - if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) { - ksmbd_debug(AUTH, "Error decoding 2nd part of negTokenInit\n"); - return 0; - } else if ((cls != ASN1_CTX) || (con != ASN1_CON) - || (tag != ASN1_INT)) { - ksmbd_debug(AUTH, - "cls = %d con = %d tag = %d end = %p (%d) exit 0\n", - cls, con, tag, end, *end); - return 0; - } - - /* sequence of */ - if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) { - ksmbd_debug(AUTH, "Error decoding 2nd part of negTokenInit\n"); - return 0; - } else if ((cls != ASN1_UNI) || (con != ASN1_PRI) - || (tag != ASN1_OTS)) { - ksmbd_debug(AUTH, - "cls = %d con = %d tag = %d end = %p (%d) exit 0\n", - cls, con, tag, end, *end); - return 0; - } - - mechTokenlen = ctx.end - ctx.pointer; - conn->mechToken = kmalloc(mechTokenlen + 1, GFP_KERNEL); - if (!conn->mechToken) { - ksmbd_err("memory allocation error\n"); - return 0; - } - - memcpy(conn->mechToken, ctx.pointer, mechTokenlen); - conn->mechToken[mechTokenlen] = '\0'; - - return 1; + return asn1_ber_decoder(&spnego_negtokeninit_decoder, conn, + security_blob, length); }

int ksmbd_decode_negTokenTarg(unsigned char *security_blob, int length, - struct ksmbd_conn *conn) + struct ksmbd_conn *conn) { - struct asn1_ctx ctx; - unsigned char *end; - unsigned int cls, con, tag, mechTokenlen; - - ksmbd_debug(AUTH, "Received Auth SecBlob: length %d\n", length); - - asn1_open(&ctx, security_blob, length); - - /* GSSAPI header */ - if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) { - ksmbd_debug(AUTH, "Error decoding negTokenInit header\n"); - return 0; - } else if ((cls != ASN1_CTX) || (con != ASN1_CON) - || (tag != ASN1_BOL)) { - ksmbd_debug(AUTH, "cls = %d con = %d tag = %d\n", cls, con, - tag); - return 0; - } - - /* SPNEGO */ - if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) { - ksmbd_debug(AUTH, "Error decoding negTokenInit\n"); - return 0; - } else if ((cls != ASN1_UNI) || (con != ASN1_CON) - || (tag != ASN1_SEQ)) { - ksmbd_debug(AUTH, - "cls = %d con = %d tag = %d end = %p (%d) exit 0\n", - cls, con, tag, end, *end); - return 0; - } - - /* negTokenTarg */ - if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) { - ksmbd_debug(AUTH, "Error decoding negTokenInit\n"); - return 0; - } else if ((cls != ASN1_CTX) || (con != ASN1_CON) - || (tag != ASN1_INT)) { - ksmbd_debug(AUTH, - "cls = %d con = %d tag = %d end = %p (%d) exit 1\n", - cls, con, tag, end, *end); - return 0; - } - - /* negTokenTarg */ - if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) { - ksmbd_debug(AUTH, "Error decoding negTokenInit\n"); - return 0; - } else if ((cls != ASN1_UNI) || (con != ASN1_PRI) - || (tag != ASN1_OTS)) { - ksmbd_debug(AUTH, - "cls = %d con = %d tag = %d end = %p (%d) exit 1\n", - cls, con, tag, end, *end); - return 0; - } - - mechTokenlen = ctx.end - ctx.pointer; - conn->mechToken = kmalloc(mechTokenlen + 1, GFP_KERNEL); - if (!conn->mechToken) { - ksmbd_err("memory allocation error\n"); - return 0; - } - - memcpy(conn->mechToken, ctx.pointer, mechTokenlen); - conn->mechToken[mechTokenlen] = '\0'; - - return 1; + return asn1_ber_decoder(&spnego_negtokentarg_decoder, conn, + security_blob, length); }

static int compute_asn_hdr_len_bytes(int len) @@ -700,3 +261,92 @@ int build_spnego_ntlmssp_auth_blob(unsigned char **pbuffer, u16 *buflen, *buflen = total_len; return 0; } + +int gssapi_this_mech(void *context, size_t hdrlen, + unsigned char tag, const void *value, size_t vlen) +{ + unsigned long *oid; + size_t oidlen; + int err = 0; + + if (!asn1_oid_decode(value, vlen, &oid, &oidlen)) { + err = -EBADMSG; + goto out; + } + + if (!oid_eq(oid, oidlen, SPNEGO_OID, SPNEGO_OID_LEN)) + err = -EBADMSG; + kfree(oid); +out: + if (err) { + char buf[50]; + + sprint_oid(value, vlen, buf, sizeof(buf)); + ksmbd_debug(AUTH, "Unexpected OID: %s\n", buf); + } + return err; +} + +int neg_token_init_mech_type(void *context, size_t hdrlen, + unsigned char tag, const void *value, size_t vlen) +{ + struct ksmbd_conn *conn = context; + unsigned long *oid; + size_t oidlen; + int mech_type; + + if (!asn1_oid_decode(value, vlen, &oid, &oidlen)) { + char buf[50]; + + sprint_oid(value, vlen, buf, sizeof(buf)); + ksmbd_debug(AUTH, "Unexpected OID: %s\n", buf); + return -EBADMSG; + } + + if (oid_eq(oid, oidlen, NTLMSSP_OID, NTLMSSP_OID_LEN)) + mech_type = KSMBD_AUTH_NTLMSSP; + else if (oid_eq(oid, oidlen, MSKRB5_OID, MSKRB5_OID_LEN)) + mech_type = KSMBD_AUTH_MSKRB5; + else if (oid_eq(oid, oidlen, KRB5_OID, KRB5_OID_LEN)) + mech_type = KSMBD_AUTH_KRB5; + else if (oid_eq(oid, oidlen, KRB5U2U_OID, KRB5U2U_OID_LEN)) + mech_type = KSMBD_AUTH_KRB5U2U; + else + goto out; + + conn->auth_mechs |= mech_type; + if (conn->preferred_auth_mech == 0) + conn->preferred_auth_mech = mech_type; + +out: + kfree(oid); + return 0; +} + +int neg_token_init_mech_token(void *context, size_t hdrlen, + unsigned char tag, const void *value, size_t vlen) +{ + struct ksmbd_conn *conn = context; + + conn->mechToken = kmalloc(vlen + 1, GFP_KERNEL); + if (!conn->mechToken) + return -ENOMEM; + + memcpy(conn->mechToken, value, vlen); + conn->mechToken[vlen] = '\0'; + return 0; +} + +int neg_token_targ_resp_token(void *context, size_t hdrlen, + unsigned char tag, const void *value, size_t vlen) +{ + struct ksmbd_conn *conn = context; + + conn->mechToken = kmalloc(vlen + 1, GFP_KERNEL); + if (!conn->mechToken) + return -ENOMEM; + + memcpy(conn->mechToken, value, vlen); + conn->mechToken[vlen] = '\0'; + return 0; +} diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 18de8a763209..92b5020ae778 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -1194,8 +1194,8 @@ static int decode_negotiation_token(struct ksmbd_work *work, req = work->request_buf; sz = le16_to_cpu(req->SecurityBufferLength);

- if (!ksmbd_decode_negTokenInit((char *)negblob, sz, conn)) { - if (!ksmbd_decode_negTokenTarg((char *)negblob, sz, conn)) { + if (ksmbd_decode_negTokenInit((char *)negblob, sz, conn)) { + if (ksmbd_decode_negTokenTarg((char *)negblob, sz, conn)) { conn->auth_mechs |= KSMBD_AUTH_NTLMSSP; conn->preferred_auth_mech = KSMBD_AUTH_NTLMSSP; conn->use_spnego = false; diff --git a/fs/cifsd/spnego_negtokeninit.asn1 b/fs/cifsd/spnego_negtokeninit.asn1 new file mode 100644 index 000000000000..1b153cb6a39e --- /dev/null +++ b/fs/cifsd/spnego_negtokeninit.asn1 @@ -0,0 +1,43 @@ +GSSAPI ::= + [APPLICATION 0] IMPLICIT SEQUENCE { + thisMech + OBJECT IDENTIFIER ({gssapi_this_mech}), + negotiationToken + NegotiationToken + } + +MechType ::= OBJECT IDENTIFIER ({neg_token_init_mech_type}) + +MechTypeList ::= SEQUENCE OF MechType + +NegTokenInit ::= + SEQUENCE { + mechTypes + [0] MechTypeList, + reqFlags + [1] BIT STRING OPTIONAL, + mechToken + [2] OCTET STRING OPTIONAL ({neg_token_init_mech_token}), + mechListMIC + [3] OCTET STRING OPTIONAL + } + +NegTokenTarg ::= + SEQUENCE { + negResult + [0] ENUMERATED OPTIONAL, + supportedMech + [1] OBJECT IDENTIFIER OPTIONAL, + responseToken + [2] OCTET STRING OPTIONAL ({neg_token_targ_resp_token}), + mechListMIC + [3] OCTET STRING OPTIONAL + } + +NegotiationToken ::= + CHOICE { + negTokenInit + [0] NegTokenInit, + negTokenTarg + [1] ANY + } diff --git a/fs/cifsd/spnego_negtokentarg.asn1 b/fs/cifsd/spnego_negtokentarg.asn1 new file mode 100644 index 000000000000..8324bcd1bbd7 --- /dev/null +++ b/fs/cifsd/spnego_negtokentarg.asn1 @@ -0,0 +1,19 @@ +GSSAPI ::= + CHOICE { + negTokenInit + [0] ANY, + negTokenTarg + [1] NegTokenTarg + } + +NegTokenTarg ::= + SEQUENCE { + negResult + [0] ENUMERATED OPTIONAL, + supportedMech + [1] OBJECT IDENTIFIER OPTIONAL, + responseToken + [2] OCTET STRING OPTIONAL ({neg_token_targ_resp_token}), + mechListMIC + [3] OCTET STRING OPTIONAL + }

From patchwork Mon Nov 14 12:49:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183158 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:40 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:40 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:39 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 061/308] cifsd: fix WARNING: Possible unnecessary 'out of memory' message Date: Mon, 14 Nov 2022 20:49:30 +0800 Message-ID: 20221114125337.1831594-62-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 94ed6599-4603-4e69-3849-08dac63c5206 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7055836 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 63c454f8392832a770d9cfcf9baa1733959b71e3 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/63c454f83928

-------------------------------

WARNING: Possible unnecessary 'out of memory' message 902: FILE: fs/cifsd/smb2pdu.c:569: + if (!work->response_buf) { + ksmbd_err("Failed to allocate %zu bytes buffer\n", sz);

Fix a warning from checkpatch.pl.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 92b5020ae778..a18792ce96be 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -565,10 +565,8 @@ int smb2_allocate_rsp_buf(struct ksmbd_work *work) else work->response_buf = kvmalloc(sz, GFP_KERNEL | __GFP_ZERO);

- if (!work->response_buf) { - ksmbd_err("Failed to allocate %zu bytes buffer\n", sz); + if (!work->response_buf) return -ENOMEM; - }

work->response_sz = sz; return 0;

From patchwork Mon Nov 14 12:49:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183159 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:41 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:41 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:40 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 062/308] cifsd: fix WARNING: Too many leading tabs Date: Mon, 14 Nov 2022 20:49:31 +0800 Message-ID: 20221114125337.1831594-63-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 747a8fb0-630e-4469-fb2d-08dac63c524f X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7309682 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 3d47e54623897020e996b952bdf3ed9df447b5bf category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/3d47e5462389

-------------------------------

WARNING: Too many leading tabs - consider code refactoring 3066: FILE: fs/cifsd/smb2pdu.c:2733: + if (fattr.cf_dacls)

Fix a warning from checkpatch.pl.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 41 +++++++++++++++++++---------------------- 1 file changed, 19 insertions(+), 22 deletions(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index a18792ce96be..18576148f530 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -2250,6 +2250,19 @@ static int smb2_create_sd_buffer(struct ksmbd_work *work, return rc; }

+ +static void ksmbd_acls_fattr(struct smb_fattr *fattr, struct inode *inode) +{ + fattr->cf_uid = inode->i_uid; + fattr->cf_gid = inode->i_gid; + fattr->cf_mode = inode->i_mode; + fattr->cf_dacls = NULL; + + fattr->cf_acls = ksmbd_vfs_get_acl(inode, ACL_TYPE_ACCESS); + if (S_ISDIR(inode->i_mode)) + fattr->cf_dacls = ksmbd_vfs_get_acl(inode, ACL_TYPE_DEFAULT); +} + /** * smb2_open() - handler for smb file open request * @work: smb work containing request buffer @@ -2734,23 +2747,13 @@ int smb2_open(struct ksmbd_work *work) KSMBD_SHARE_FLAG_ACL_XATTR)) { struct smb_fattr fattr; struct smb_ntsd *pntsd; - int pntsd_size, ace_num; - - fattr.cf_uid = inode->i_uid; - fattr.cf_gid = inode->i_gid; - fattr.cf_mode = inode->i_mode; - fattr.cf_dacls = NULL; - ace_num = 0; + int pntsd_size, ace_num = 0;

- fattr.cf_acls = ksmbd_vfs_get_acl(inode, ACL_TYPE_ACCESS); + ksmbd_acls_fattr(&fattr, inode); if (fattr.cf_acls) ace_num = fattr.cf_acls->a_count; - if (S_ISDIR(inode->i_mode)) { - fattr.cf_dacls = - ksmbd_vfs_get_acl(inode, ACL_TYPE_DEFAULT); - if (fattr.cf_dacls) - ace_num += fattr.cf_dacls->a_count; - } + if (fattr.cf_dacls) + ace_num += fattr.cf_dacls->a_count;

pntsd = kmalloc(sizeof(struct smb_ntsd) + sizeof(struct smb_sid) * 3 + @@ -2768,6 +2771,7 @@ int smb2_open(struct ksmbd_work *work)

rc = ksmbd_vfs_set_sd_xattr(conn, path.dentry, pntsd, pntsd_size); + kfree(pntsd); if (rc) ksmbd_err("failed to store ntacl in xattr : %d\n", rc); @@ -4847,14 +4851,7 @@ static int smb2_get_info_sec(struct ksmbd_work *work, return -ENOENT;

inode = FP_INODE(fp); - fattr.cf_uid = inode->i_uid; - fattr.cf_gid = inode->i_gid; - fattr.cf_mode = inode->i_mode; - fattr.cf_dacls = NULL; - - fattr.cf_acls = ksmbd_vfs_get_acl(inode, ACL_TYPE_ACCESS); - if (S_ISDIR(inode->i_mode)) - fattr.cf_dacls = ksmbd_vfs_get_acl(inode, ACL_TYPE_DEFAULT); + ksmbd_acls_fattr(&fattr, inode);

if (test_share_config_flag(work->tcon->share_conf, KSMBD_SHARE_FLAG_ACL_XATTR))

From patchwork Mon Nov 14 12:49:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183160 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:41 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:41 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:40 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 063/308] cifsd: fix boolreturn.cocci warnings Date: Mon, 14 Nov 2022 20:49:32 +0800 Message-ID: 20221114125337.1831594-64-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 7912e75c-3e26-4c86-8cfe-08dac63c5298 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7179997 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: kernel test robot lkp@intel.com

mainline inclusion from mainline-5.15-rc1 commit 5616015f548a9beda791d8d607e1b17ebdc1e09d category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/5616015f548a

-------------------------------

fs/cifsd/smb2pdu.c:8098:8-9: WARNING: return of 0/1 in function 'smb2_is_sign_req' with return type bool

Return statements in functions returning bool should use true/false instead of 1/0. Generated by: scripts/coccinelle/misc/boolreturn.cocci

Reported-by: kernel test robot lkp@intel.com Signed-off-by: kernel test robot lkp@intel.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 18576148f530..e17ad2032fc7 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -7713,7 +7713,7 @@ bool smb2_is_sign_req(struct ksmbd_work *work, unsigned int command) command != SMB2_OPLOCK_BREAK_HE) return true;

- return 0; + return false; }

/**

From patchwork Mon Nov 14 12:49:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183161 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:42 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:41 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:41 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 064/308] cifsd: fix xfstests generic/504 test failure Date: Mon, 14 Nov 2022 20:49:33 +0800 Message-ID: 20221114125337.1831594-65-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: a27db963-bf77-4401-0eb6-08dac63c52e3 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6973391 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 50bf80a553ccb5eca0bc2426e5a082eaf65cb602 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/50bf80a553cc

-------------------------------

If lock length in smb2 lock request from client is over flock max length size, lock length is changed to flock max length and don't return error response.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index e17ad2032fc7..3fd266a94996 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -6422,7 +6422,7 @@ int smb2_lock(struct ksmbd_work *work) int flags = 0; int cmd = 0; int err = 0, i; - u64 lock_length; + u64 lock_start, lock_length; struct ksmbd_lock *smb_lock = NULL, *cmp_lock, *tmp; int nolock = 0; LIST_HEAD(lock_list); @@ -6461,25 +6461,22 @@ int smb2_lock(struct ksmbd_work *work)

cmd = smb2_set_flock_flags(flock, flags);

- flock->fl_start = le64_to_cpu(lock_ele[i].Offset); - if (flock->fl_start > OFFSET_MAX) { + lock_start = le64_to_cpu(lock_ele[i].Offset); + lock_length = le64_to_cpu(lock_ele[i].Length); + if (lock_start > U64_MAX - lock_length) { ksmbd_err("Invalid lock range requested\n"); rsp->hdr.Status = STATUS_INVALID_LOCK_RANGE; goto out; }

+ if (lock_start > OFFSET_MAX) + flock->fl_start = OFFSET_MAX; + else + flock->fl_start = lock_start; + lock_length = le64_to_cpu(lock_ele[i].Length); - if (lock_length > 0) { - if (lock_length > OFFSET_MAX - flock->fl_start) { - ksmbd_debug(SMB, - "Invalid lock range requested\n"); - lock_length = OFFSET_MAX - flock->fl_start; - rsp->hdr.Status = STATUS_INVALID_LOCK_RANGE; - goto out; - } - } else { - lock_length = 0; - } + if (lock_length > OFFSET_MAX - flock->fl_start) + lock_length = OFFSET_MAX - flock->fl_start;

flock->fl_end = flock->fl_start + lock_length;

From patchwork Mon Nov 14 12:49:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183162 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:42 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:42 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:41 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 065/308] cifsd: Do not use 0 or 0xFFFFFFFF for TreeID Date: Mon, 14 Nov 2022 20:49:34 +0800 Message-ID: 20221114125337.1831594-66-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: fbf9362f-74df-4896-a179-08dac63c532b X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6964179 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Marios Makassikis mmakassikis@freebox.fr

mainline inclusion from mainline-5.15-rc1 commit 8602c3e2ceef5f50f5718e8442a8ea17530101b4 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/8602c3e2ceef

-------------------------------

Returning TreeID=0 is valid behaviour according to [MS-SMB2] 2.2.1.2:

TreeId (4 bytes): Uniquely identifies the tree connect for the command. This MUST be 0 for the SMB2 TREE_CONNECT Request. The TreeId can be any unsigned 32-bit integer that is received from a previous SMB2 TREE_CONNECT Response. TreeId SHOULD be set to 0 for the following commands: [...]

However, some client implementations reject it as invalid. Windows10 assigns ids starting from 1, and samba4 returns a random uint32_t which suggests there may be other clients that consider it is invalid behaviour.

Signed-off-by: Marios Makassikis mmakassikis@freebox.fr Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/mgmt/ksmbd_ida.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/fs/cifsd/mgmt/ksmbd_ida.c b/fs/cifsd/mgmt/ksmbd_ida.c index 3dbc27cb5385..54194d959a5e 100644 --- a/fs/cifsd/mgmt/ksmbd_ida.c +++ b/fs/cifsd/mgmt/ksmbd_ida.c @@ -14,9 +14,7 @@ int ksmbd_acquire_smb2_tid(struct ida *ida) { int id;

- id = __acquire_id(ida, 0, 0); - if (id == 0xFFFF) - id = __acquire_id(ida, 0, 0); + id = __acquire_id(ida, 1, 0xFFFFFFFF);

return id; }

From patchwork Mon Nov 14 12:49:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183163 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:43 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:42 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:42 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 066/308] cifsd: add support for FSCTL_DUPLICATE_EXTENTS_TO_FILE Date: Mon, 14 Nov 2022 20:49:35 +0800 Message-ID: 20221114125337.1831594-67-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 1c46c516-ae47-4a7c-5874-08dac63c5374 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6884650 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit eb817368f50c1cbe1bd07044124aad7db6330e3a category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/eb817368f50c

-------------------------------

Add support for FSCTL_DUPLICATE_EXTENTS_TO_FILE in smb2 ioctl.

Reviewed-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 52 ++++++++++++++++++++++++++++++++++++++++++++- fs/cifsd/smb2pdu.h | 8 +++++++ fs/cifsd/smbfsctl.h | 1 + fs/cifsd/vfs.c | 2 +- fs/cifsd/vfs.h | 3 ++- 5 files changed, 63 insertions(+), 3 deletions(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 3fd266a94996..e5d3a5790a81 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -4622,7 +4622,8 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work, FILE_PERSISTENT_ACLS | FILE_UNICODE_ON_DISK | FILE_CASE_PRESERVED_NAMES | - FILE_CASE_SENSITIVE_SEARCH); + FILE_CASE_SENSITIVE_SEARCH | + FILE_SUPPORTS_BLOCK_REFCOUNTING);

info->Attributes |= cpu_to_le32(server_conf.share_fake_fscaps);

@@ -7330,6 +7331,55 @@ int smb2_ioctl(struct ksmbd_work *work) nbytes = sizeof(struct reparse_data_buffer); break; } + case FSCTL_DUPLICATE_EXTENTS_TO_FILE: + { + struct ksmbd_file *fp_in, *fp_out = NULL; + struct duplicate_extents_to_file *dup_ext; + loff_t src_off, dst_off, length, cloned; + + dup_ext = (struct duplicate_extents_to_file *)&req->Buffer[0]; + + fp_in = ksmbd_lookup_fd_slow(work, dup_ext->VolatileFileHandle, + dup_ext->PersistentFileHandle); + if (!fp_in) { + ksmbd_err("not found file handle in duplicate extent to file\n"); + ret = -ENOENT; + goto out; + } + + fp_out = ksmbd_lookup_fd_fast(work, id); + if (!fp_out) { + ksmbd_err("not found fp\n"); + ret = -ENOENT; + goto dup_ext_out; + } + + src_off = le64_to_cpu(dup_ext->SourceFileOffset); + dst_off = le64_to_cpu(dup_ext->TargetFileOffset); + length = le64_to_cpu(dup_ext->ByteCount); + cloned = vfs_clone_file_range(fp_in->filp, src_off, fp_out->filp, + dst_off, length, 0); + if (cloned == -EXDEV || cloned == -EOPNOTSUPP) { + ret = -EOPNOTSUPP; + goto dup_ext_out; + } else if (cloned != length) { + cloned = ksmbd_vfs_copy_file_range(fp_in->filp, src_off, + fp_out->filp, dst_off, length); + if (cloned != length) { + if (cloned < 0) + ret = cloned; + else + ret = -EINVAL; + } + } + +dup_ext_out: + ksmbd_fd_put(work, fp_in); + ksmbd_fd_put(work, fp_out); + if (ret < 0) + goto out; + break; + } default: ksmbd_debug(SMB, "not implemented yet ioctl command 0x%x\n", cnt_code); diff --git a/fs/cifsd/smb2pdu.h b/fs/cifsd/smb2pdu.h index c5c32610aafe..1a8da2122b75 100644 --- a/fs/cifsd/smb2pdu.h +++ b/fs/cifsd/smb2pdu.h @@ -851,6 +851,14 @@ struct smb2_write_rsp {

#define SMB2_0_IOCTL_IS_FSCTL 0x00000001

+struct duplicate_extents_to_file { + __u64 PersistentFileHandle; /* source file handle, opaque endianness */ + __u64 VolatileFileHandle; + __le64 SourceFileOffset; + __le64 TargetFileOffset; + __le64 ByteCount; /* Bytes to be copied */ +} __packed; + struct smb2_ioctl_req { struct smb2_hdr hdr; __le16 StructureSize; /* Must be 57 */ diff --git a/fs/cifsd/smbfsctl.h b/fs/cifsd/smbfsctl.h index 908c4e68a479..b98418aae20c 100644 --- a/fs/cifsd/smbfsctl.h +++ b/fs/cifsd/smbfsctl.h @@ -64,6 +64,7 @@ #define FSCTL_SET_SHORT_NAME_BEHAVIOR 0x000901B4 /* BB add struct */ #define FSCTL_QUERY_ALLOCATED_RANGES 0x000940CF /* BB add struct */ #define FSCTL_SET_DEFECT_MANAGEMENT 0x00098134 /* BB add struct */ +#define FSCTL_DUPLICATE_EXTENTS_TO_FILE 0x00098344 #define FSCTL_SIS_LINK_FILES 0x0009C104 #define FSCTL_PIPE_PEEK 0x0011400C /* BB add struct */ #define FSCTL_PIPE_TRANSCEIVE 0x0011C017 /* BB add struct */ diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index 29f31db4e07e..cdbb844fddad 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -1789,7 +1789,7 @@ int ksmbd_vfs_xattr_stream_name(char *stream_name, char **xattr_stream_name, return 0; }

-static int ksmbd_vfs_copy_file_range(struct file *file_in, loff_t pos_in, +int ksmbd_vfs_copy_file_range(struct file *file_in, loff_t pos_in, struct file *file_out, loff_t pos_out, size_t len) { struct inode *inode_in = file_inode(file_in); diff --git a/fs/cifsd/vfs.h b/fs/cifsd/vfs.h index 0163be4297de..2d19e2bac33a 100644 --- a/fs/cifsd/vfs.h +++ b/fs/cifsd/vfs.h @@ -218,7 +218,8 @@ int ksmbd_vfs_copy_file_ranges(struct ksmbd_work *work, struct srv_copychunk *chunks, unsigned int chunk_count, unsigned int *chunk_count_written, unsigned int *chunk_size_written, loff_t *total_size_written); - +int ksmbd_vfs_copy_file_range(struct file *file_in, loff_t pos_in, + struct file *file_out, loff_t pos_out, size_t len); ssize_t ksmbd_vfs_listxattr(struct dentry *dentry, char **list); ssize_t ksmbd_vfs_getxattr(struct dentry *dentry, char *xattr_name, char **xattr_buf);

From patchwork Mon Nov 14 12:49:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183164 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:43 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:43 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:42 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 067/308] cifsd: add goto fail in asn1_oid_decode() Date: Mon, 14 Nov 2022 20:49:36 +0800 Message-ID: 20221114125337.1831594-68-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 27604c49-17d9-43b3-3701-08dac63c53bd X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6995817 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit cdd10398e71a1843ef99ed545bbb872b6cb9d249 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/cdd10398e71a

-------------------------------

Add goto fail in asn1_oid_decode() to clean-up exception handling code.

Reviewed-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/asn1.c | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-)

diff --git a/fs/cifsd/asn1.c b/fs/cifsd/asn1.c index aa6ea855c422..f2628dc3490f 100644 --- a/fs/cifsd/asn1.c +++ b/fs/cifsd/asn1.c @@ -74,11 +74,8 @@ static bool asn1_oid_decode(const unsigned char *value, size_t vlen,

optr = *oid;

- if (!asn1_subid_decode(&iptr, end, &subid)) { - kfree(*oid); - *oid = NULL; - return false; - } + if (!asn1_subid_decode(&iptr, end, &subid)) + goto fail;

if (subid < 40) { optr[0] = 0; @@ -95,19 +92,18 @@ static bool asn1_oid_decode(const unsigned char *value, size_t vlen, optr += 2;

while (iptr < end) { - if (++(*oidlen) > vlen) { - kfree(*oid); - *oid = NULL; - return false; - } + if (++(*oidlen) > vlen) + goto fail;

- if (!asn1_subid_decode(&iptr, end, optr++)) { - kfree(*oid); - *oid = NULL; - return false; - } + if (!asn1_subid_decode(&iptr, end, optr++)) + goto fail; } return true; + +fail: + kfree(*oid); + *oid = NULL; + return false; }

static bool

From patchwork Mon Nov 14 12:49:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183165 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:44 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:43 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:43 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 068/308] cifsd: use memcmp instead of for loop check in oid_eq() Date: Mon, 14 Nov 2022 20:49:37 +0800 Message-ID: 20221114125337.1831594-69-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: f33574dd-7653-498c-c8cb-08dac63c5405 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6857101 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 3566a2b0f73a46eb93beafd70b8386a3b59d5acb category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/3566a2b0f73a

-------------------------------

Use memcmp instead of for loop check in oid_eq().

Reviewed-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/asn1.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/fs/cifsd/asn1.c b/fs/cifsd/asn1.c index f2628dc3490f..a7db37eef2a9 100644 --- a/fs/cifsd/asn1.c +++ b/fs/cifsd/asn1.c @@ -110,16 +110,10 @@ static bool oid_eq(unsigned long *oid1, unsigned int oid1len, unsigned long *oid2, unsigned int oid2len) { - unsigned int i; - if (oid1len != oid2len) return false;

- for (i = 0; i < oid1len; i++) { - if (oid1[i] != oid2[i]) - return false; - } - return true; + return memcmp(oid1, oid2, oid1len) == 0; }

int

From patchwork Mon Nov 14 12:49:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183166 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:44 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:44 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:43 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 069/308] cifsd: add goto fail in neg_token_init_mech_type() Date: Mon, 14 Nov 2022 20:49:38 +0800 Message-ID: 20221114125337.1831594-70-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: a2e7cc01-03c3-43bd-edd6-08dac63c5451 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7080949 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 8bae4419ce636f6f8414193a206a2dc2e6dd37db category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/8bae4419ce63

-------------------------------

Add goto fail in neg_token_init_mech_type().

Reviewed-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/asn1.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/fs/cifsd/asn1.c b/fs/cifsd/asn1.c index a7db37eef2a9..769fa328c020 100644 --- a/fs/cifsd/asn1.c +++ b/fs/cifsd/asn1.c @@ -284,14 +284,10 @@ int neg_token_init_mech_type(void *context, size_t hdrlen, unsigned long *oid; size_t oidlen; int mech_type; + char buf[50];

- if (!asn1_oid_decode(value, vlen, &oid, &oidlen)) { - char buf[50]; - - sprint_oid(value, vlen, buf, sizeof(buf)); - ksmbd_debug(AUTH, "Unexpected OID: %s\n", buf); - return -EBADMSG; - } + if (!asn1_oid_decode(value, vlen, &oid, &oidlen)) + goto fail;

if (oid_eq(oid, oidlen, NTLMSSP_OID, NTLMSSP_OID_LEN)) mech_type = KSMBD_AUTH_NTLMSSP; @@ -302,15 +298,20 @@ int neg_token_init_mech_type(void *context, size_t hdrlen, else if (oid_eq(oid, oidlen, KRB5U2U_OID, KRB5U2U_OID_LEN)) mech_type = KSMBD_AUTH_KRB5U2U; else - goto out; + goto fail;

conn->auth_mechs |= mech_type; if (conn->preferred_auth_mech == 0) conn->preferred_auth_mech = mech_type;

-out: kfree(oid); return 0; + +fail: + kfree(oid); + sprint_oid(value, vlen, buf, sizeof(buf)); + ksmbd_debug(AUTH, "Unexpected OID: %s\n", buf); + return -EBADMSG; }

int neg_token_init_mech_token(void *context, size_t hdrlen,

From patchwork Mon Nov 14 12:49:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183170 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:46 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:46 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:44 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 070/308] cifsd: move fips_enabled check before the str_to_key() Date: Mon, 14 Nov 2022 20:49:39 +0800 Message-ID: 20221114125337.1831594-71-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: c64d4b58-3d4f-4b69-b27f-08dac63c549a X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:02.4638033 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 94096702376ecb99c86cbee9dd95fc3675231b8a category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/94096702376e

-------------------------------

Move fips_enabled check before the str_to_key().

Reviewed-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/auth.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index 6b90aac86fcc..9263c9ce2dd2 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -92,14 +92,13 @@ smbhash(unsigned char *out, const unsigned char *in, unsigned char *key) unsigned char key2[8]; struct des_ctx ctx;

- str_to_key(key, key2); - if (fips_enabled) { ksmbd_debug(AUTH, "FIPS compliance enabled: DES not permitted\n"); return -ENOENT; }

+ str_to_key(key, key2); des_expand_key(&ctx, key2, DES_KEY_SIZE); des_encrypt(&ctx, out, in); memzero_explicit(&ctx, sizeof(ctx));

From patchwork Mon Nov 14 12:49:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183167 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:45 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:45 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:44 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 071/308] cifsd: just return smbhash() instead of using rc return value Date: Mon, 14 Nov 2022 20:49:40 +0800 Message-ID: 20221114125337.1831594-72-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 7db09d26-64a7-4cf3-01b8-08dac63c54e5 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6919793 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit fd43cbbe0af5e528ec7e1f85e6e942d1b77ff781 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/fd43cbbe0af5

-------------------------------

Just return smbhash() instead of using rc return value.

Reviewed-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/auth.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index 9263c9ce2dd2..ab698093f728 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -115,8 +115,7 @@ static int ksmbd_enc_p24(unsigned char *p21, const unsigned char *c8, unsigned c rc = smbhash(p24 + 8, c8, p21 + 7); if (rc) return rc; - rc = smbhash(p24 + 16, c8, p21 + 14); - return rc; + return smbhash(p24 + 16, c8, p21 + 14); }

/* produce a md4 message digest from data of length n bytes */

From patchwork Mon Nov 14 12:49:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183168 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:45 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:45 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:45 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 072/308] cifsd: move ret check before the out label Date: Mon, 14 Nov 2022 20:49:41 +0800 Message-ID: 20221114125337.1831594-73-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 22fadc25-052c-4aa3-9e4d-08dac63c552e X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6993107 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 7e38ea254c8274ea25ffc28df65ac2683c5f8a72 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/7e38ea254c82

-------------------------------

Move ret check before the out label.

Reviewed-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index ab698093f728..092db15e4234 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -311,9 +311,9 @@ static int calc_ntlmv2_hash(struct ksmbd_session *sess, char *ntlmv2_hash, }

ret = crypto_shash_final(CRYPTO_HMACMD5(ctx), ntlmv2_hash); -out: if (ret) ksmbd_debug(AUTH, "Could not generate md5 hash\n"); +out: kfree(uniname); kfree(domain); ksmbd_release_crypto_ctx(ctx);

From patchwork Mon Nov 14 12:49:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183169 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:46 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:46 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:45 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 073/308] cifsd: simplify error handling in ksmbd_auth_ntlm() Date: Mon, 14 Nov 2022 20:49:42 +0800 Message-ID: 20221114125337.1831594-74-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 609c437e-22b4-4e48-ae04-08dac63c5578 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6414094 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 4a6b02282632f0b4e88a85f26266f7674e0ce288 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/4a6b02282632

-------------------------------

simplify error handling in ksmbd_auth_ntlm().

Reviewed-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/auth.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index 092db15e4234..7771429f55a4 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -351,12 +351,11 @@ int ksmbd_auth_ntlm(struct ksmbd_session *sess, char *pw_buf)

if (strncmp(pw_buf, key, CIFS_AUTH_RESP_SIZE) != 0) { ksmbd_debug(AUTH, "ntlmv1 authentication failed\n"); - rc = -EINVAL; - } else { - ksmbd_debug(AUTH, "ntlmv1 authentication pass\n"); + return -EINVAL; }

- return rc; + ksmbd_debug(AUTH, "ntlmv1 authentication pass\n"); + return 0; }

/**

From patchwork Mon Nov 14 12:49:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183171 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:46 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:46 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:46 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 074/308] cifsd: remove unneeded type casting Date: Mon, 14 Nov 2022 20:49:43 +0800 Message-ID: 20221114125337.1831594-75-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 7e20588a-d509-4f03-4a69-08dac63c55c2 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.5915361 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 192cc732c65a7c22da77cf21baba5e8a3efdea29 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/192cc732c65a

-------------------------------

Remove unneeded type casting.

Reviewed-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/auth.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index 7771429f55a4..ed32052fbf93 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -410,8 +410,7 @@ int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2, }

memcpy(construct, sess->ntlmssp.cryptkey, CIFS_CRYPTO_KEY_SIZE); - memcpy(construct + CIFS_CRYPTO_KEY_SIZE, - (char *)(&ntlmv2->blob_signature), blen); + memcpy(construct + CIFS_CRYPTO_KEY_SIZE, &ntlmv2->blob_signature, blen);

rc = crypto_shash_update(CRYPTO_HMACMD5(ctx), construct, len); if (rc) {

From patchwork Mon Nov 14 12:49:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183172 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:47 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:47 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:46 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 075/308] cifsd: set error return value for memcmp() difference Date: Mon, 14 Nov 2022 20:49:44 +0800 Message-ID: 20221114125337.1831594-76-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 2f9e8ba8-6510-47dc-236d-08dac63c560e X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7062463 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit b72802aa77dc2729b848057e96b6a2126182f75e category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/b72802aa77dc

-------------------------------

Set error return value for memcmp() difference.

Reviewed-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/auth.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index ed32052fbf93..adfb3b33f2e5 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -430,7 +430,8 @@ int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2, goto out; }

- rc = memcmp(ntlmv2->ntlmv2_hash, ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE); + if (memcmp(ntlmv2->ntlmv2_hash, ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE) != 0) + rc = -EINVAL; out: ksmbd_release_crypto_ctx(ctx); kfree(construct); @@ -469,7 +470,8 @@ static int __ksmbd_auth_ntlmv2(struct ksmbd_session *sess, char *client_nonce, goto out; }

- rc = memcmp(ntlm_resp, key, CIFS_AUTH_RESP_SIZE); + if (memcmp(ntlm_resp, key, CIFS_AUTH_RESP_SIZE) != 0) + rc = -EINVAL; out: return rc; }

From patchwork Mon Nov 14 12:49:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183173 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:47 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:47 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:47 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 076/308] cifsd: return zero in always success case Date: Mon, 14 Nov 2022 20:49:45 +0800 Message-ID: 20221114125337.1831594-77-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 3455cb64-529c-460d-01a5-08dac63c5657 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6947272 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 876edcc4cffd26f83eae591e906384dab7f25a51 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/876edcc4cffd

-------------------------------

Return zero in always success case.

Reviewed-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/auth.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index adfb3b33f2e5..a89de24aa576 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -943,7 +943,7 @@ static int generate_smb3signingkey(struct ksmbd_session *sess, SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key); ksmbd_debug(AUTH, "Signing Key %*ph\n", SMB3_SIGN_KEY_SIZE, key); - return rc; + return 0; }

int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess) @@ -1011,7 +1011,7 @@ static int generate_smb3encryptionkey(struct ksmbd_session *sess, ksmbd_debug(AUTH, "ServerOut Key %*ph\n", SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3decryptionkey); } - return rc; + return 0; }

int ksmbd_gen_smb30_encryptionkey(struct ksmbd_session *sess)

From patchwork Mon Nov 14 12:49:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183174 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:48 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:48 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:47 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 077/308] cifsd: never return 1 on failure Date: Mon, 14 Nov 2022 20:49:46 +0800 Message-ID: 20221114125337.1831594-78-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: d15b2eb7-e1cb-455e-1c1c-08dac63c56a2 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6901303 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 522dcc76269fcc27a3a0128ca7699270fae61b60 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/522dcc76269f

-------------------------------

Never return 1 on failure.

Reviewed-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index a89de24aa576..7e56966f87d4 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -1144,7 +1144,7 @@ static int ksmbd_get_encryption_key(struct ksmbd_conn *conn, __u64 ses_id,

sess = ksmbd_session_lookup(conn, ses_id); if (!sess) - return 1; + return -EINVAL;

ses_enc_key = enc ? sess->smb3encryptionkey : sess->smb3decryptionkey;

From patchwork Mon Nov 14 12:49:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183175 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:48 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:48 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:48 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 078/308] cifsd: add the check if nvec is zero Date: Mon, 14 Nov 2022 20:49:47 +0800 Message-ID: 20221114125337.1831594-79-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: a539fd86-a490-4465-b9a6-08dac63c56eb X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6895444 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 41a7848a01b3f4401b8b87815e643584b86895f2 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/41a7848a01b3

-------------------------------

Dan Carpenter pointed out that memory can be corrupted when nvec is zero. This patch add the check to prevent it.

Reviewed-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/auth.c | 3 +++ 1 file changed, 3 insertions(+)

diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index 7e56966f87d4..9f957c8c123c 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -1172,6 +1172,9 @@ static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec, unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 24; int i, nr_entries[3] = {0}, total_entries = 0, sg_idx = 0;

+ if (!nvec) + return NULL; + for (i = 0; i < nvec - 1; i++) { unsigned long kaddr = (unsigned long)iov[i + 1].iov_base;

From patchwork Mon Nov 14 12:49:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183176 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:49 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:49 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:48 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 079/308] cifsd: len can never be negative in ksmbd_init_sg() Date: Mon, 14 Nov 2022 20:49:48 +0800 Message-ID: 20221114125337.1831594-80-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: cab09624-1388-4b6b-ee50-08dac63c5735 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7059040 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 08591ccfdd4f237b3d931e0ebf05690b1ab91399 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/08591ccfdd4f

-------------------------------

Dan pointed out len can not be negative. This patch remove unneeded negative check in loop.

Reviewed-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index 9f957c8c123c..9af1b334be82 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -1207,7 +1207,7 @@ static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec, for (j = 0; j < nr_entries[i]; j++) { unsigned int bytes = PAGE_SIZE - offset;

- if (len <= 0) + if (!len) break;

if (bytes > len)

From patchwork Mon Nov 14 12:49:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183177 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:49 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:49 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:49 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 080/308] cifsd: remove unneeded initialization of rc variable in ksmbd_crypt_message() Date: Mon, 14 Nov 2022 20:49:49 +0800 Message-ID: 20221114125337.1831594-81-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: b7a334d5-02b2-4c48-d723-08dac63c577f X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7033106 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 03f1c3d38887803266ec4d5a820b08b01b2766d8 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/03f1c3d38887

-------------------------------

Remove unneeded initialization of rc variable in ksmbd_crypt_message().

Reviewed-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index 9af1b334be82..711f8dec38e1 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -1236,7 +1236,7 @@ int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov, struct smb2_transform_hdr *tr_hdr = (struct smb2_transform_hdr *)iov[0].iov_base; unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 24; - int rc = 0; + int rc; struct scatterlist *sg; u8 sign[SMB2_SIGNATURE_SIZE] = {}; u8 key[SMB3_ENC_DEC_KEY_SIZE];

From patchwork Mon Nov 14 12:49:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183178 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:50 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:50 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:49 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 081/308] cifsd: fix wrong return value in ksmbd_crypt_message() Date: Mon, 14 Nov 2022 20:49:50 +0800 Message-ID: 20221114125337.1831594-82-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: e900da02-a24b-4af5-32f2-08dac63c57ca X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7106455 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 27aa646db0f0465c5abf8e5cd545e070e7f14120 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/27aa646db0f0

-------------------------------

Change error return instead of returning always success return.

Reviewed-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index 711f8dec38e1..5a56dd65fa06 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -1253,7 +1253,7 @@ int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov, key); if (rc) { ksmbd_err("Could not get %scryption key\n", enc ? "en" : "de"); - return 0; + return rc; }

if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||

From patchwork Mon Nov 14 12:49:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183179 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:50 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:50 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:50 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 082/308] cifsd: change success handling to failure handling Date: Mon, 14 Nov 2022 20:49:51 +0800 Message-ID: 20221114125337.1831594-83-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: cc95641d-3680-4e1f-a979-08dac63c5813 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6989097 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 73b8b08539423a888ed76b53401a6366e0e2af2b category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/73b8b0853942

-------------------------------

Change success handling to failure handling in ksmbd_crypt_message().

Reviewed-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/auth.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index 5a56dd65fa06..b0a9e4591fa5 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -1331,9 +1331,13 @@ int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov, rc = crypto_aead_encrypt(req); else rc = crypto_aead_decrypt(req); - if (!rc && enc) + if (rc) + goto free_iv; + + if (enc) memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);

+free_iv: kfree(iv); free_sg: kfree(sg);

From patchwork Mon Nov 14 12:49:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183180 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:51 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:51 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:50 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 083/308] cifsd: add default case in switch statment in alloc_shash_desc() Date: Mon, 14 Nov 2022 20:49:52 +0800 Message-ID: 20221114125337.1831594-84-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: e34523eb-96b9-4fbf-9381-08dac63c585d X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6950911 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 533a45da1a8900267a667648450976bc334b71a8 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/533a45da1a89

-------------------------------

Add default case in switch statment in alloc_shash_desc().

Reviewed-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/crypto_ctx.c | 2 ++ 1 file changed, 2 insertions(+)

diff --git a/fs/cifsd/crypto_ctx.c b/fs/cifsd/crypto_ctx.c index 1830ae1b5ed3..dbfe36ee9be1 100644 --- a/fs/cifsd/crypto_ctx.c +++ b/fs/cifsd/crypto_ctx.c @@ -88,6 +88,8 @@ static struct shash_desc *alloc_shash_desc(int id) case CRYPTO_SHASH_MD5: tfm = crypto_alloc_shash("md5", 0, 0); break; + default: + return NULL; }

if (IS_ERR(tfm))

From patchwork Mon Nov 14 12:49:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183181 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:51 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:51 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:51 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 084/308] cifsd: call kzalloc() directly instead of wrapper Date: Mon, 14 Nov 2022 20:49:53 +0800 Message-ID: 20221114125337.1831594-85-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 22403bcf-0c5d-4e81-569f-08dac63c58a7 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7145683 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 12fc704441ad86a0a29e60708490109954f097fa category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/12fc704441ad

-------------------------------

Call kzalloc() directly instead of wrapper function.

Reviewed-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/crypto_ctx.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/fs/cifsd/crypto_ctx.c b/fs/cifsd/crypto_ctx.c index dbfe36ee9be1..9685bf963702 100644 --- a/fs/cifsd/crypto_ctx.c +++ b/fs/cifsd/crypto_ctx.c @@ -104,11 +104,6 @@ static struct shash_desc *alloc_shash_desc(int id) return shash; }

-static struct ksmbd_crypto_ctx *ctx_alloc(void) -{ - return kzalloc(sizeof(struct ksmbd_crypto_ctx), GFP_KERNEL); -} - static void ctx_free(struct ksmbd_crypto_ctx *ctx) { int i; @@ -145,7 +140,7 @@ static struct ksmbd_crypto_ctx *ksmbd_find_crypto_ctx(void) ctx_list.avail_ctx++; spin_unlock(&ctx_list.ctx_lock);

- ctx = ctx_alloc(); + ctx = kzalloc(sizeof(struct ksmbd_crypto_ctx), GFP_KERNEL); if (!ctx) { spin_lock(&ctx_list.ctx_lock); ctx_list.avail_ctx--; @@ -280,7 +275,7 @@ int ksmbd_crypto_create(void) init_waitqueue_head(&ctx_list.ctx_wait); ctx_list.avail_ctx = 1;

- ctx = ctx_alloc(); + ctx = kzalloc(sizeof(struct ksmbd_crypto_ctx), GFP_KERNEL); if (!ctx) return -ENOMEM; list_add(&ctx->list, &ctx_list.idle_ctx);

From patchwork Mon Nov 14 12:49:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183182 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:52 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:52 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:51 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 085/308] cifsd: simplify error handling in ksmbd_gen_preauth_integrity_hash() Date: Mon, 14 Nov 2022 20:49:54 +0800 Message-ID: 20221114125337.1831594-86-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 0f9d4860-ef25-4e0f-5ab2-08dac63c58f0 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6243256 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit d3cd8c491559ca9eb7ce81242df3b3927466e6d9 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/d3cd8c491559

-------------------------------

Simplify error handling in ksmbd_gen_preauth_integrity_hash().

Reviewed-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/auth.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index b0a9e4591fa5..1d4c4e6d28cd 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -1063,14 +1063,13 @@ int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf, int msg_size = be32_to_cpu(rcv_hdr->smb2_buf_length); struct ksmbd_crypto_ctx *ctx = NULL;

- if (conn->preauth_info->Preauth_HashId == - SMB2_PREAUTH_INTEGRITY_SHA512) { - ctx = ksmbd_crypto_ctx_find_sha512(); - if (!ctx) { - ksmbd_debug(AUTH, "could not alloc sha512 rc %d\n", rc); - goto out; - } - } else { + if (conn->preauth_info->Preauth_HashId != + SMB2_PREAUTH_INTEGRITY_SHA512) + return -EINVAL; + + ctx = ksmbd_crypto_ctx_find_sha512(); + if (!ctx) { + ksmbd_debug(AUTH, "could not alloc sha512 rc %d\n", rc); goto out; }

From patchwork Mon Nov 14 12:49:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183183 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:52 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:52 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:52 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 086/308] cifsd: return -ENOMEM about error from ksmbd_crypto_ctx_find_xxx calls Date: Mon, 14 Nov 2022 20:49:55 +0800 Message-ID: 20221114125337.1831594-87-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 6085825d-bd03-4193-5f10-08dac63c5939 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6988805 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 0e579cd17f8e9c2e70a68edb66a1457b2c6e9926 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/0e579cd17f8e

-------------------------------

Return -ENOMEM about error from ksmbd_crypto_ctx_find_xxx calls. And remove unneeded return value print in debug message.

Reviewed-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/auth.c | 56 ++++++++++++++++++++++++------------------------- 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index 1d4c4e6d28cd..cc13d0eedd80 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -128,7 +128,7 @@ static int ksmbd_enc_md4(unsigned char *md4_hash, unsigned char *link_str, ctx = ksmbd_crypto_ctx_find_md4(); if (!ctx) { ksmbd_debug(AUTH, "Crypto md4 allocation error\n"); - return -EINVAL; + return -ENOMEM; }

rc = crypto_shash_init(CRYPTO_MD4(ctx)); @@ -160,7 +160,7 @@ static int ksmbd_enc_update_sess_key(unsigned char *md5_hash, char *nonce, ctx = ksmbd_crypto_ctx_find_md5(); if (!ctx) { ksmbd_debug(AUTH, "Crypto md5 allocation error\n"); - return -EINVAL; + return -ENOMEM; }

rc = crypto_shash_init(CRYPTO_MD5(ctx)); @@ -200,11 +200,13 @@ static int ksmbd_gen_sess_key(struct ksmbd_session *sess, char *hash, char *hmac) { struct ksmbd_crypto_ctx *ctx; - int rc = -EINVAL; + int rc;

ctx = ksmbd_crypto_ctx_find_hmacmd5(); - if (!ctx) - goto out; + if (!ctx) { + ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n"); + return -ENOMEM; + }

rc = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx), hash, @@ -244,7 +246,7 @@ static int ksmbd_gen_sess_key(struct ksmbd_session *sess, char *hash, static int calc_ntlmv2_hash(struct ksmbd_session *sess, char *ntlmv2_hash, char *dname) { - int ret = -EINVAL, len; + int ret, len; wchar_t *domain = NULL; __le16 *uniname = NULL; struct ksmbd_crypto_ctx *ctx; @@ -252,7 +254,7 @@ static int calc_ntlmv2_hash(struct ksmbd_session *sess, char *ntlmv2_hash, ctx = ksmbd_crypto_ctx_find_hmacmd5(); if (!ctx) { ksmbd_debug(AUTH, "can't generate ntlmv2 hash\n"); - goto out; + return -ENOMEM; }

ret = crypto_shash_setkey(CRYPTO_HMACMD5_TFM(ctx), @@ -374,12 +376,12 @@ int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2, char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE]; struct ksmbd_crypto_ctx *ctx; char *construct = NULL; - int rc = -EINVAL, len; + int rc, len;

ctx = ksmbd_crypto_ctx_find_hmacmd5(); if (!ctx) { - ksmbd_debug(AUTH, "could not crypto alloc hmacmd5 rc %d\n", rc); - goto out; + ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n"); + return -ENOMEM; }

rc = calc_ntlmv2_hash(sess, ntlmv2_hash, domain_name); @@ -731,13 +733,12 @@ int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov, int n_vec, char *sig) { struct ksmbd_crypto_ctx *ctx; - int rc = -EINVAL; - int i; + int rc, i;

ctx = ksmbd_crypto_ctx_find_hmacsha256(); if (!ctx) { - ksmbd_debug(AUTH, "could not crypto alloc hmacmd5 rc %d\n", rc); - goto out; + ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n"); + return -ENOMEM; }

rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx), @@ -783,13 +784,12 @@ int ksmbd_sign_smb3_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov, int n_vec, char *sig) { struct ksmbd_crypto_ctx *ctx; - int rc = -EINVAL; - int i; + int rc, i;

ctx = ksmbd_crypto_ctx_find_cmacaes(); if (!ctx) { - ksmbd_debug(AUTH, "could not crypto alloc cmac rc %d\n", rc); - goto out; + ksmbd_debug(AUTH, "could not crypto alloc cmac\n"); + return -ENOMEM; }

rc = crypto_shash_setkey(CRYPTO_CMACAES_TFM(ctx), @@ -835,7 +835,7 @@ static int generate_key(struct ksmbd_session *sess, struct kvec label, __u8 i[4] = {0, 0, 0, 1}; __u8 L128[4] = {0, 0, 0, 128}; __u8 L256[4] = {0, 0, 1, 0}; - int rc = -EINVAL; + int rc; unsigned char prfhash[SMB2_HMACSHA256_SIZE]; unsigned char *hashptr = prfhash; struct ksmbd_crypto_ctx *ctx; @@ -845,8 +845,8 @@ static int generate_key(struct ksmbd_session *sess, struct kvec label,

ctx = ksmbd_crypto_ctx_find_hmacsha256(); if (!ctx) { - ksmbd_debug(AUTH, "could not crypto alloc hmacmd5 rc %d\n", rc); - goto smb3signkey_ret; + ksmbd_debug(AUTH, "could not crypto alloc hmacmd5\n"); + return -ENOMEM; }

rc = crypto_shash_setkey(CRYPTO_HMACSHA256_TFM(ctx), @@ -1057,7 +1057,7 @@ int ksmbd_gen_smb311_encryptionkey(struct ksmbd_session *sess) int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf, __u8 *pi_hash) { - int rc = -1; + int rc; struct smb2_hdr *rcv_hdr = (struct smb2_hdr *)buf; char *all_bytes_msg = (char *)&rcv_hdr->ProtocolId; int msg_size = be32_to_cpu(rcv_hdr->smb2_buf_length); @@ -1069,8 +1069,8 @@ int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf,

ctx = ksmbd_crypto_ctx_find_sha512(); if (!ctx) { - ksmbd_debug(AUTH, "could not alloc sha512 rc %d\n", rc); - goto out; + ksmbd_debug(AUTH, "could not alloc sha512\n"); + return -ENOMEM; }

rc = crypto_shash_init(CRYPTO_SHA512(ctx)); @@ -1104,13 +1104,13 @@ int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf, int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len, __u8 *pi_hash) { - int rc = -1; + int rc; struct ksmbd_crypto_ctx *ctx = NULL;

ctx = ksmbd_crypto_ctx_find_sha256(); if (!ctx) { - ksmbd_debug(AUTH, "could not alloc sha256 rc %d\n", rc); - goto out; + ksmbd_debug(AUTH, "could not alloc sha256\n"); + return -ENOMEM; }

rc = crypto_shash_init(CRYPTO_SHA256(ctx)); @@ -1262,7 +1262,7 @@ int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov, ctx = ksmbd_crypto_ctx_find_ccm(); if (!ctx) { ksmbd_err("crypto alloc failed\n"); - return -EINVAL; + return -ENOMEM; }

if (conn->cipher_type == SMB2_ENCRYPTION_AES128_GCM ||

From patchwork Mon Nov 14 12:49:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183184 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:53 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:53 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:52 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 087/308] cifsd: alignment match open parenthesis Date: Mon, 14 Nov 2022 20:49:56 +0800 Message-ID: 20221114125337.1831594-88-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 6543fd4d-a026-4d77-165c-08dac63c5982 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6909241 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 70478059762688d9a975477cf6903cc170901c4c category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/704780597626

-------------------------------

Alignment match open parenthesis.

Reviewed-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/auth.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index cc13d0eedd80..8c80f918c8d7 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -596,7 +596,7 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, if (cflags & NTLMSSP_NEGOTIATE_SIGN) { flags |= NTLMSSP_NEGOTIATE_SIGN; flags |= cflags & (NTLMSSP_NEGOTIATE_128 | - NTLMSSP_NEGOTIATE_56); + NTLMSSP_NEGOTIATE_56); }

if (cflags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN) @@ -641,7 +641,7 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, chgblob->TargetInfoArray.Length = 0; /* Add target info list for NetBIOS/DNS settings */ for (type = NTLMSSP_AV_NB_COMPUTER_NAME; - type <= NTLMSSP_AV_DNS_DOMAIN_NAME; type++) { + type <= NTLMSSP_AV_DNS_DOMAIN_NAME; type++) { tinfo->Type = cpu_to_le16(type); tinfo->Length = cpu_to_le16(len); memcpy(tinfo->Content, name, len);

From patchwork Mon Nov 14 12:49:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183185 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:53 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:53 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:53 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 088/308] cifsd: add the check to prevent potential overflow with smb_strtoUTF16() and UNICODE_LEN() Date: Mon, 14 Nov 2022 20:49:57 +0800 Message-ID: 20221114125337.1831594-89-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: da6c2e6d-f770-404d-5bcd-08dac63c59ca X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6959082 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit a2d0b5034a5fff029ec1be08d3264f8407d47602 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/a2d0b5034a5f

-------------------------------

Add the check to prevent potential overflow with smb_strtoUTF16() and UNICODE_LEN().

Reviewed-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/auth.c | 50 ++++++++++++++++++++++++++++++------------------- 1 file changed, 31 insertions(+), 19 deletions(-)

diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index 8c80f918c8d7..f742870a930b 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -246,7 +246,7 @@ static int ksmbd_gen_sess_key(struct ksmbd_session *sess, char *hash, static int calc_ntlmv2_hash(struct ksmbd_session *sess, char *ntlmv2_hash, char *dname) { - int ret, len; + int ret, len, conv_len; wchar_t *domain = NULL; __le16 *uniname = NULL; struct ksmbd_crypto_ctx *ctx; @@ -279,15 +279,17 @@ static int calc_ntlmv2_hash(struct ksmbd_session *sess, char *ntlmv2_hash, goto out; }

- if (len) { - len = smb_strtoUTF16(uniname, user_name(sess->user), len, + conv_len = smb_strtoUTF16(uniname, user_name(sess->user), len, sess->conn->local_nls); - UniStrupr(uniname); + if (conv_len < 0 || conv_len > len) { + ret = -EINVAL; + goto out; } + UniStrupr(uniname);

ret = crypto_shash_update(CRYPTO_HMACMD5(ctx), (char *)uniname, - UNICODE_LEN(len)); + UNICODE_LEN(conv_len)); if (ret) { ksmbd_debug(AUTH, "Could not update with user\n"); goto out; @@ -301,12 +303,16 @@ static int calc_ntlmv2_hash(struct ksmbd_session *sess, char *ntlmv2_hash, goto out; }

- len = smb_strtoUTF16((__le16 *)domain, dname, len, + conv_len = smb_strtoUTF16((__le16 *)domain, dname, len, sess->conn->local_nls); + if (conv_len < 0 || conv_len > len) { + ret = -EINVAL; + goto out; + }

ret = crypto_shash_update(CRYPTO_HMACMD5(ctx), (char *)domain, - UNICODE_LEN(len)); + UNICODE_LEN(conv_len)); if (ret) { ksmbd_debug(AUTH, "Could not update with domain\n"); goto out; @@ -584,6 +590,7 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, wchar_t *name; __u8 *target_name; unsigned int len, flags, blob_off, blob_len, type, target_info_len = 0; + unsigned int uni_len, conv_len; int cflags = sess->ntlmssp.client_flags;

memcpy(chgblob->Signature, NTLMSSP_SIGNATURE, 8); @@ -611,19 +618,24 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob,

chgblob->NegotiateFlags = cpu_to_le32(flags); len = strlen(ksmbd_netbios_name()); - name = kmalloc(2 + (len * 2), GFP_KERNEL); + name = kmalloc(2 + UNICODE_LEN(len), GFP_KERNEL); if (!name) return -ENOMEM;

- len = smb_strtoUTF16((__le16 *)name, ksmbd_netbios_name(), len, + conv_len = smb_strtoUTF16((__le16 *)name, ksmbd_netbios_name(), len, sess->conn->local_nls); - len = UNICODE_LEN(len); + if (conv_len < 0 || conv_len > len) { + kfree(name); + return -EINVAL; + } + + uni_len = UNICODE_LEN(conv_len);

blob_off = sizeof(struct challenge_message); - blob_len = blob_off + len; + blob_len = blob_off + uni_len;

- chgblob->TargetName.Length = cpu_to_le16(len); - chgblob->TargetName.MaximumLength = cpu_to_le16(len); + chgblob->TargetName.Length = cpu_to_le16(uni_len); + chgblob->TargetName.MaximumLength = cpu_to_le16(uni_len); chgblob->TargetName.BufferOffset = cpu_to_le32(blob_off);

/* Initialize random conn challenge */ @@ -635,18 +647,18 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, chgblob->TargetInfoArray.BufferOffset = cpu_to_le32(blob_len);

target_name = (__u8 *)chgblob + blob_off; - memcpy(target_name, name, len); - tinfo = (struct target_info *)(target_name + len); + memcpy(target_name, name, uni_len); + tinfo = (struct target_info *)(target_name + uni_len);

chgblob->TargetInfoArray.Length = 0; /* Add target info list for NetBIOS/DNS settings */ for (type = NTLMSSP_AV_NB_COMPUTER_NAME; type <= NTLMSSP_AV_DNS_DOMAIN_NAME; type++) { tinfo->Type = cpu_to_le16(type); - tinfo->Length = cpu_to_le16(len); - memcpy(tinfo->Content, name, len); - tinfo = (struct target_info *)((char *)tinfo + 4 + len); - target_info_len += 4 + len; + tinfo->Length = cpu_to_le16(uni_len); + memcpy(tinfo->Content, name, uni_len); + tinfo = (struct target_info *)((char *)tinfo + 4 + uni_len); + target_info_len += 4 + uni_len; }

/* Add terminator subblock */

From patchwork Mon Nov 14 12:49:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183186 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:54 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:54 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:53 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 089/308] cifsd: braces {} should be used on all arms of this statement Date: Mon, 14 Nov 2022 20:49:58 +0800 Message-ID: 20221114125337.1831594-90-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: abd2cc08-1afb-4e9c-144d-08dac63c5a13 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6960865 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit a2d6321b459aee5f2b4380271a79668c24165c56 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/a2d6321b459a

-------------------------------

Fix "CHECK: braces {} should be used on all arms of this statement" from checkpatch.pl --strict.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/asn1.c | 8 ++++---- fs/cifsd/vfs.c | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/fs/cifsd/asn1.c b/fs/cifsd/asn1.c index 769fa328c020..479a9c1fcbbe 100644 --- a/fs/cifsd/asn1.c +++ b/fs/cifsd/asn1.c @@ -160,9 +160,9 @@ static void encode_asn_tag(char *buf, /* insert tag */ buf[index++] = tag;

- if (!hdr_len) + if (!hdr_len) { buf[index++] = len; - else { + } else { buf[index++] = 0x80 | hdr_len; for (i = hdr_len - 1; i >= 0; i--) buf[index++] = (len >> (i * 8)) & 0xFF; @@ -172,9 +172,9 @@ static void encode_asn_tag(char *buf, len = len - (index - *ofs); buf[index++] = seq;

- if (!hdr_len) + if (!hdr_len) { buf[index++] = len; - else { + } else { buf[index++] = 0x80 | hdr_len; for (i = hdr_len - 1; i >= 0; i--) buf[index++] = (len >> (i * 8)) & 0xFF; diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index cdbb844fddad..e1295b72c410 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -212,9 +212,9 @@ int ksmbd_vfs_mkdir(struct ksmbd_work *work, const char *name, umode_t mode)

mode |= S_IFDIR; err = vfs_mkdir(&init_user_ns, d_inode(path.dentry), dentry, mode); - if (err) + if (err) { goto out; - else if (d_unhashed(dentry)) { + } else if (d_unhashed(dentry)) { struct dentry *d;

d = lookup_one_len(dentry->d_name.name,

From patchwork Mon Nov 14 12:49:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183187 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:54 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:54 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:53 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 090/308] cifsd: spaces preferred around that '/' Date: Mon, 14 Nov 2022 20:49:59 +0800 Message-ID: 20221114125337.1831594-91-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 92ac1ff5-30e0-453f-a5be-08dac63c5a5b X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6931512 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit c8ed11522b4acbe378687b6388ceffd72e72d736 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/c8ed11522b4a

-------------------------------

Fix "CHECK: paces preferred around that '/' from checkpatch.pl --strict.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/asn1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/cifsd/asn1.c b/fs/cifsd/asn1.c index 479a9c1fcbbe..846f4e73abbf 100644 --- a/fs/cifsd/asn1.c +++ b/fs/cifsd/asn1.c @@ -65,7 +65,7 @@ static bool asn1_oid_decode(const unsigned char *value, size_t vlen, unsigned long subid;

vlen += 1; - if (vlen < 2 || vlen > UINT_MAX/sizeof(unsigned long)) + if (vlen < 2 || vlen > UINT_MAX / sizeof(unsigned long)) return false;

*oid = kmalloc(vlen * sizeof(unsigned long), GFP_KERNEL);

From patchwork Mon Nov 14 12:50:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183188 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:55 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:54 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:54 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 091/308] cifsd: don't use multiple blank lines Date: Mon, 14 Nov 2022 20:50:00 +0800 Message-ID: 20221114125337.1831594-92-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 98b516f1-96f2-46f0-b565-08dac63c5aa5 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6984750 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 2f5205c2377c0a3c501a33092c91a45e074bfc04 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/2f5205c2377c

-------------------------------

don't use multiple blank lines.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/nterr.h | 2 -- fs/cifsd/smb2pdu.c | 1 - 2 files changed, 3 deletions(-)

diff --git a/fs/cifsd/nterr.h b/fs/cifsd/nterr.h index a66100e74741..2f358f88a018 100644 --- a/fs/cifsd/nterr.h +++ b/fs/cifsd/nterr.h @@ -9,8 +9,6 @@ * Copyright (C) Paul Ashton 1998-2000 */

- - #ifndef _NTERR_H #define _NTERR_H

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index e5d3a5790a81..c0c0cf600ce7 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -2250,7 +2250,6 @@ static int smb2_create_sd_buffer(struct ksmbd_work *work, return rc; }

- static void ksmbd_acls_fattr(struct smb_fattr *fattr, struct inode *inode) { fattr->cf_uid = inode->i_uid;

From patchwork Mon Nov 14 12:50:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183189 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:55 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:55 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:54 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 092/308] cifsd: No space is necessary after a cast Date: Mon, 14 Nov 2022 20:50:01 +0800 Message-ID: 20221114125337.1831594-93-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: d59663df-2d6d-4f2b-c4ca-08dac63c5aef X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7188527 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 10268f7d5755f42e50e862505e7bac992d284546 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/10268f7d5755

-------------------------------

No space is necessary after a cast.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index c0c0cf600ce7..bdaa69facee5 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -976,7 +976,7 @@ static __le32 deassemble_neg_contexts(struct ksmbd_conn *conn, break;

ctxt_size = decode_compress_ctxt(conn, - (struct smb2_compression_ctx *) pneg_ctxt); + (struct smb2_compression_ctx *)pneg_ctxt); pneg_ctxt += DIV_ROUND_UP(ctxt_size, 8) * 8; } else if (*ContextType == SMB2_NETNAME_NEGOTIATE_CONTEXT_ID) { ksmbd_debug(SMB,

From patchwork Mon Nov 14 12:50:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183190 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:56 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:55 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:55 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 093/308] cifsd: Blank lines aren't necessary after an open brace '{' Date: Mon, 14 Nov 2022 20:50:02 +0800 Message-ID: 20221114125337.1831594-94-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: abd7e39e-9841-4828-ae0a-08dac63c5b39 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7071205 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit fe30ea69ff81f99607b0e4002ef9ae12e4694b31 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/fe30ea69ff81

-------------------------------

Blank lines aren't necessary after an open brace '{'.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 1 - 1 file changed, 1 deletion(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index bdaa69facee5..16290ad710fa 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -2388,7 +2388,6 @@ int smb2_open(struct ksmbd_work *work) rc = -EINVAL; goto err_out1; } else { - if (req->CreateOptions & FILE_SEQUENTIAL_ONLY_LE && req->CreateOptions & FILE_RANDOM_ACCESS_LE) req->CreateOptions = ~(FILE_SEQUENTIAL_ONLY_LE);

From patchwork Mon Nov 14 12:50:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183191 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:56 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:56 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:55 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 094/308] cifsd: Alignment should match open parenthesis Date: Mon, 14 Nov 2022 20:50:03 +0800 Message-ID: 20221114125337.1831594-95-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 36e2b19a-714c-43cf-3673-08dac63c5b88 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.0745227 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 070fb21e5912b6aa22509083aaca030d1f4e7d57 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/070fb21e5912

-------------------------------

Fix warnings "Alignment should match open parenthesis" from checkpatch.pl --strict.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/asn1.c | 38 +- fs/cifsd/asn1.h | 18 +- fs/cifsd/auth.c | 115 +++---- fs/cifsd/auth.h | 57 +-- fs/cifsd/buffer_pool.c | 3 +- fs/cifsd/buffer_pool.h | 3 - fs/cifsd/connection.c | 24 +- fs/cifsd/connection.h | 22 +- fs/cifsd/crypto_ctx.c | 4 +- fs/cifsd/crypto_ctx.h | 3 - fs/cifsd/ksmbd_work.c | 8 +- fs/cifsd/misc.c | 12 +- fs/cifsd/misc.h | 9 - fs/cifsd/ndr.c | 7 +- fs/cifsd/ndr.h | 3 +- fs/cifsd/oplock.c | 108 +++--- fs/cifsd/oplock.h | 13 +- fs/cifsd/server.c | 32 +- fs/cifsd/smb2misc.c | 42 +-- fs/cifsd/smb2pdu.c | 707 +++++++++++++++++++------------------- fs/cifsd/smb_common.c | 37 +- fs/cifsd/smbacl.c | 106 +++--- fs/cifsd/transport_ipc.c | 21 +- fs/cifsd/transport_ipc.h | 13 +- fs/cifsd/transport_rdma.c | 358 +++++++++---------- fs/cifsd/transport_tcp.c | 26 +- fs/cifsd/unicode.c | 17 +- fs/cifsd/unicode.h | 9 +- fs/cifsd/vfs.c | 196 ++++++----- fs/cifsd/vfs.h | 65 ++-- fs/cifsd/vfs_cache.c | 14 +- fs/cifsd/vfs_cache.h | 2 +- 32 files changed, 1021 insertions(+), 1071 deletions(-)

diff --git a/fs/cifsd/asn1.c b/fs/cifsd/asn1.c index 846f4e73abbf..1be3072fee1a 100644 --- a/fs/cifsd/asn1.c +++ b/fs/cifsd/asn1.c @@ -37,7 +37,7 @@ static char NTLMSSP_OID_STR[NTLMSSP_OID_LEN] = { 0x2b, 0x06, 0x01, 0x04, 0x01,

static bool asn1_subid_decode(const unsigned char **begin, const unsigned char *end, - unsigned long *subid) + unsigned long *subid) { const unsigned char *ptr = *begin; unsigned char ch; @@ -58,7 +58,7 @@ asn1_subid_decode(const unsigned char **begin, const unsigned char *end, }

static bool asn1_oid_decode(const unsigned char *value, size_t vlen, - unsigned long **oid, size_t *oidlen) + unsigned long **oid, size_t *oidlen) { const unsigned char *iptr = value, *end = value + vlen; unsigned long *optr; @@ -106,9 +106,8 @@ static bool asn1_oid_decode(const unsigned char *value, size_t vlen, return false; }

-static bool -oid_eq(unsigned long *oid1, unsigned int oid1len, - unsigned long *oid2, unsigned int oid2len) +static bool oid_eq(unsigned long *oid1, unsigned int oid1len, + unsigned long *oid2, unsigned int oid2len) { if (oid1len != oid2len) return false; @@ -118,7 +117,7 @@ oid_eq(unsigned long *oid1, unsigned int oid1len,

int ksmbd_decode_negTokenInit(unsigned char *security_blob, int length, - struct ksmbd_conn *conn) + struct ksmbd_conn *conn) { return asn1_ber_decoder(&spnego_negtokeninit_decoder, conn, security_blob, length); @@ -126,7 +125,7 @@ ksmbd_decode_negTokenInit(unsigned char *security_blob, int length,

int ksmbd_decode_negTokenTarg(unsigned char *security_blob, int length, - struct ksmbd_conn *conn) + struct ksmbd_conn *conn) { return asn1_ber_decoder(&spnego_negtokentarg_decoder, conn, security_blob, length); @@ -146,10 +145,7 @@ static int compute_asn_hdr_len_bytes(int len) return 0; }

-static void encode_asn_tag(char *buf, - unsigned int *ofs, - char tag, - char seq, +static void encode_asn_tag(char *buf, unsigned int *ofs, char tag, char seq, int length) { int i; @@ -184,7 +180,7 @@ static void encode_asn_tag(char *buf, }

int build_spnego_ntlmssp_neg_blob(unsigned char **pbuffer, u16 *buflen, - char *ntlm_blob, int ntlm_blob_len) + char *ntlm_blob, int ntlm_blob_len) { char *buf; unsigned int ofs = 0; @@ -225,7 +221,7 @@ int build_spnego_ntlmssp_neg_blob(unsigned char **pbuffer, u16 *buflen, }

int build_spnego_ntlmssp_auth_blob(unsigned char **pbuffer, u16 *buflen, - int neg_result) + int neg_result) { char *buf; unsigned int ofs = 0; @@ -252,8 +248,8 @@ int build_spnego_ntlmssp_auth_blob(unsigned char **pbuffer, u16 *buflen, return 0; }

-int gssapi_this_mech(void *context, size_t hdrlen, - unsigned char tag, const void *value, size_t vlen) +int gssapi_this_mech(void *context, size_t hdrlen, unsigned char tag, + const void *value, size_t vlen) { unsigned long *oid; size_t oidlen; @@ -277,8 +273,8 @@ int gssapi_this_mech(void *context, size_t hdrlen, return err; }

-int neg_token_init_mech_type(void *context, size_t hdrlen, - unsigned char tag, const void *value, size_t vlen) +int neg_token_init_mech_type(void *context, size_t hdrlen, unsigned char tag, + const void *value, size_t vlen) { struct ksmbd_conn *conn = context; unsigned long *oid; @@ -314,8 +310,8 @@ int neg_token_init_mech_type(void *context, size_t hdrlen, return -EBADMSG; }

-int neg_token_init_mech_token(void *context, size_t hdrlen, - unsigned char tag, const void *value, size_t vlen) +int neg_token_init_mech_token(void *context, size_t hdrlen, unsigned char tag, + const void *value, size_t vlen) { struct ksmbd_conn *conn = context;

@@ -328,8 +324,8 @@ int neg_token_init_mech_token(void *context, size_t hdrlen, return 0; }

-int neg_token_targ_resp_token(void *context, size_t hdrlen, - unsigned char tag, const void *value, size_t vlen) +int neg_token_targ_resp_token(void *context, size_t hdrlen, unsigned char tag, + const void *value, size_t vlen) { struct ksmbd_conn *conn = context;

diff --git a/fs/cifsd/asn1.h b/fs/cifsd/asn1.h index ff2692b502d6..ce105f4ce305 100644 --- a/fs/cifsd/asn1.h +++ b/fs/cifsd/asn1.h @@ -10,20 +10,12 @@ #ifndef __ASN1_H__ #define __ASN1_H__

-int ksmbd_decode_negTokenInit(unsigned char *security_blob, - int length, +int ksmbd_decode_negTokenInit(unsigned char *security_blob, int length, struct ksmbd_conn *conn); - -int ksmbd_decode_negTokenTarg(unsigned char *security_blob, - int length, +int ksmbd_decode_negTokenTarg(unsigned char *security_blob, int length, struct ksmbd_conn *conn); - -int build_spnego_ntlmssp_neg_blob(unsigned char **pbuffer, - u16 *buflen, - char *ntlm_blob, - int ntlm_blob_len); - -int build_spnego_ntlmssp_auth_blob(unsigned char **pbuffer, - u16 *buflen, +int build_spnego_ntlmssp_neg_blob(unsigned char **pbuffer, u16 *buflen, + char *ntlm_blob, int ntlm_blob_len); +int build_spnego_ntlmssp_auth_blob(unsigned char **pbuffer, u16 *buflen, int neg_result); #endif /* __ASN1_H__ */ diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index f742870a930b..9b86cf4fd73f 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -93,8 +93,7 @@ smbhash(unsigned char *out, const unsigned char *in, unsigned char *key) struct des_ctx ctx;

if (fips_enabled) { - ksmbd_debug(AUTH, - "FIPS compliance enabled: DES not permitted\n"); + ksmbd_debug(AUTH, "FIPS compliance enabled: DES not permitted\n"); return -ENOENT; }

@@ -120,7 +119,7 @@ static int ksmbd_enc_p24(unsigned char *p21, const unsigned char *c8, unsigned c

/* produce a md4 message digest from data of length n bytes */ static int ksmbd_enc_md4(unsigned char *md4_hash, unsigned char *link_str, - int link_len) + int link_len) { int rc; struct ksmbd_crypto_ctx *ctx; @@ -152,7 +151,7 @@ static int ksmbd_enc_md4(unsigned char *md4_hash, unsigned char *link_str, }

static int ksmbd_enc_update_sess_key(unsigned char *md5_hash, char *nonce, - char *server_challenge, int len) + char *server_challenge, int len) { int rc; struct ksmbd_crypto_ctx *ctx; @@ -197,7 +196,7 @@ static int ksmbd_enc_update_sess_key(unsigned char *md5_hash, char *nonce, * */ static int ksmbd_gen_sess_key(struct ksmbd_session *sess, char *hash, - char *hmac) + char *hmac) { struct ksmbd_crypto_ctx *ctx; int rc; @@ -226,15 +225,13 @@ static int ksmbd_gen_sess_key(struct ksmbd_session *sess, char *hash, hmac, SMB2_NTLMV2_SESSKEY_SIZE); if (rc) { - ksmbd_debug(AUTH, "Could not update with response error %d\n", - rc); + ksmbd_debug(AUTH, "Could not update with response error %d\n", rc); goto out; }

rc = crypto_shash_final(CRYPTO_HMACMD5(ctx), sess->sess_key); if (rc) { - ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n", - rc); + ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n", rc); goto out; }

@@ -244,7 +241,7 @@ static int ksmbd_gen_sess_key(struct ksmbd_session *sess, char *hash, }

static int calc_ntlmv2_hash(struct ksmbd_session *sess, char *ntlmv2_hash, - char *dname) + char *dname) { int ret, len, conv_len; wchar_t *domain = NULL; @@ -280,7 +277,7 @@ static int calc_ntlmv2_hash(struct ksmbd_session *sess, char *ntlmv2_hash, }

conv_len = smb_strtoUTF16(uniname, user_name(sess->user), len, - sess->conn->local_nls); + sess->conn->local_nls); if (conv_len < 0 || conv_len > len) { ret = -EINVAL; goto out; @@ -304,7 +301,7 @@ static int calc_ntlmv2_hash(struct ksmbd_session *sess, char *ntlmv2_hash, }

conv_len = smb_strtoUTF16((__le16 *)domain, dname, len, - sess->conn->local_nls); + sess->conn->local_nls); if (conv_len < 0 || conv_len > len) { ret = -EINVAL; goto out; @@ -350,11 +347,10 @@ int ksmbd_auth_ntlm(struct ksmbd_session *sess, char *pw_buf) return rc; }

- ksmbd_enc_md4(sess->sess_key, - user_passkey(sess->user), - CIFS_SMB1_SESSKEY_SIZE); + ksmbd_enc_md4(sess->sess_key, user_passkey(sess->user), + CIFS_SMB1_SESSKEY_SIZE); memcpy(sess->sess_key + CIFS_SMB1_SESSKEY_SIZE, key, - CIFS_AUTH_RESP_SIZE); + CIFS_AUTH_RESP_SIZE); sess->sequence_number = 1;

if (strncmp(pw_buf, key, CIFS_AUTH_RESP_SIZE) != 0) { @@ -376,7 +372,7 @@ int ksmbd_auth_ntlm(struct ksmbd_session *sess, char *pw_buf) * Return: 0 on success, error number on error */ int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2, - int blen, char *domain_name) + int blen, char *domain_name) { char ntlmv2_hash[CIFS_ENCPWD_SIZE]; char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE]; @@ -455,7 +451,7 @@ int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2, * Return: 0 on success, error number on error */ static int __ksmbd_auth_ntlmv2(struct ksmbd_session *sess, char *client_nonce, - char *ntlm_resp) + char *ntlm_resp) { char sess_key[CIFS_SMB1_SESSKEY_SIZE] = {0}; int rc; @@ -494,7 +490,7 @@ static int __ksmbd_auth_ntlmv2(struct ksmbd_session *sess, char *client_nonce, * Return: 0 on success, error number on error */ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, - int blob_len, struct ksmbd_session *sess) + int blob_len, struct ksmbd_session *sess) { char *domain_name; unsigned int lm_off, nt_off; @@ -503,13 +499,13 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,

if (blob_len < sizeof(struct authenticate_message)) { ksmbd_debug(AUTH, "negotiate blob len %d too small\n", - blob_len); + blob_len); return -EINVAL; }

if (memcmp(authblob->Signature, "NTLMSSP", 8)) { ksmbd_debug(AUTH, "blob signature incorrect %s\n", - authblob->Signature); + authblob->Signature); return -EINVAL; }

@@ -538,11 +534,10 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,

/* process NTLMv2 authentication */ ksmbd_debug(AUTH, "decode_ntlmssp_authenticate_blob dname%s\n", - domain_name); - ret = ksmbd_auth_ntlmv2(sess, - (struct ntlmv2_resp *)((char *)authblob + nt_off), - nt_len - CIFS_ENCPWD_SIZE, - domain_name); + domain_name); + ret = ksmbd_auth_ntlmv2(sess, (struct ntlmv2_resp *)((char *)authblob + nt_off), + nt_len - CIFS_ENCPWD_SIZE, + domain_name); kfree(domain_name); return ret; } @@ -556,17 +551,17 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, * */ int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob, - int blob_len, struct ksmbd_session *sess) + int blob_len, struct ksmbd_session *sess) { if (blob_len < sizeof(struct negotiate_message)) { ksmbd_debug(AUTH, "negotiate blob len %d too small\n", - blob_len); + blob_len); return -EINVAL; }

if (memcmp(negblob->Signature, "NTLMSSP", 8)) { ksmbd_debug(AUTH, "blob signature incorrect %s\n", - negblob->Signature); + negblob->Signature); return -EINVAL; }

@@ -584,7 +579,7 @@ int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob, */ unsigned int ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, - struct ksmbd_session *sess) + struct ksmbd_session *sess) { struct target_info *tinfo; wchar_t *name; @@ -623,7 +618,7 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, return -ENOMEM;

conv_len = smb_strtoUTF16((__le16 *)name, ksmbd_netbios_name(), len, - sess->conn->local_nls); + sess->conn->local_nls); if (conv_len < 0 || conv_len > len) { kfree(name); return -EINVAL; @@ -641,7 +636,7 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, /* Initialize random conn challenge */ get_random_bytes(sess->ntlmssp.cryptkey, sizeof(__u64)); memcpy(chgblob->Challenge, sess->ntlmssp.cryptkey, - CIFS_CRYPTO_KEY_SIZE); + CIFS_CRYPTO_KEY_SIZE);

/* Add Target Information to security buffer */ chgblob->TargetInfoArray.BufferOffset = cpu_to_le32(blob_len); @@ -676,7 +671,7 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob,

#ifdef CONFIG_SMB_SERVER_KERBEROS5 int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob, - int in_len, char *out_blob, int *out_len) + int in_len, char *out_blob, int *out_len) { struct ksmbd_spnego_authen_response *resp; struct ksmbd_user *user = NULL; @@ -696,7 +691,7 @@ int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,

if (*out_len <= resp->spnego_blob_len) { ksmbd_debug(AUTH, "buf len %d, but blob len %d\n", - *out_len, resp->spnego_blob_len); + *out_len, resp->spnego_blob_len); retval = -EINVAL; goto out; } @@ -717,7 +712,7 @@ int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob,

memcpy(sess->sess_key, resp->payload, resp->session_key_len); memcpy(out_blob, resp->payload + resp->session_key_len, - resp->spnego_blob_len); + resp->spnego_blob_len); *out_len = resp->spnego_blob_len; retval = 0; out: @@ -726,7 +721,7 @@ int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob, } #else int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob, - int in_len, char *out_blob, int *out_len) + int in_len, char *out_blob, int *out_len) { return -EOPNOTSUPP; } @@ -742,7 +737,7 @@ int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob, * */ int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov, - int n_vec, char *sig) + int n_vec, char *sig) { struct ksmbd_crypto_ctx *ctx; int rc, i; @@ -793,7 +788,7 @@ int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov, * */ int ksmbd_sign_smb3_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov, - int n_vec, char *sig) + int n_vec, char *sig) { struct ksmbd_crypto_ctx *ctx; int rc, i; @@ -841,7 +836,7 @@ struct derivation { };

static int generate_key(struct ksmbd_session *sess, struct kvec label, - struct kvec context, __u8 *key, unsigned int key_size) + struct kvec context, __u8 *key, unsigned int key_size) { unsigned char zero = 0x0; __u8 i[4] = {0, 0, 0, 1}; @@ -914,7 +909,7 @@ static int generate_key(struct ksmbd_session *sess, struct kvec label, rc = crypto_shash_final(CRYPTO_HMACSHA256(ctx), hashptr); if (rc) { ksmbd_debug(AUTH, "Could not generate hmacmd5 hash error %d\n", - rc); + rc); goto smb3signkey_ret; }

@@ -926,7 +921,7 @@ static int generate_key(struct ksmbd_session *sess, struct kvec label, }

static int generate_smb3signingkey(struct ksmbd_session *sess, - const struct derivation *signing) + const struct derivation *signing) { int rc; struct channel *chann; @@ -942,7 +937,7 @@ static int generate_smb3signingkey(struct ksmbd_session *sess, key = sess->smb3signingkey;

rc = generate_key(sess, signing->label, signing->context, key, - SMB3_SIGN_KEY_SIZE); + SMB3_SIGN_KEY_SIZE); if (rc) return rc;

@@ -952,9 +947,9 @@ static int generate_smb3signingkey(struct ksmbd_session *sess, ksmbd_debug(AUTH, "dumping generated AES signing keys\n"); ksmbd_debug(AUTH, "Session Id %llu\n", sess->id); ksmbd_debug(AUTH, "Session Key %*ph\n", - SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key); + SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key); ksmbd_debug(AUTH, "Signing Key %*ph\n", - SMB3_SIGN_KEY_SIZE, key); + SMB3_SIGN_KEY_SIZE, key); return 0; }

@@ -990,19 +985,19 @@ struct derivation_twin { };

static int generate_smb3encryptionkey(struct ksmbd_session *sess, - const struct derivation_twin *ptwin) + const struct derivation_twin *ptwin) { int rc;

rc = generate_key(sess, ptwin->encryption.label, - ptwin->encryption.context, sess->smb3encryptionkey, - SMB3_ENC_DEC_KEY_SIZE); + ptwin->encryption.context, sess->smb3encryptionkey, + SMB3_ENC_DEC_KEY_SIZE); if (rc) return rc;

rc = generate_key(sess, ptwin->decryption.label, - ptwin->decryption.context, - sess->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE); + ptwin->decryption.context, + sess->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE); if (rc) return rc;

@@ -1010,18 +1005,18 @@ static int generate_smb3encryptionkey(struct ksmbd_session *sess, ksmbd_debug(AUTH, "Cipher type %d\n", sess->conn->cipher_type); ksmbd_debug(AUTH, "Session Id %llu\n", sess->id); ksmbd_debug(AUTH, "Session Key %*ph\n", - SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key); + SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key); if (sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM || sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) { ksmbd_debug(AUTH, "ServerIn Key %*ph\n", - SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3encryptionkey); + SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3encryptionkey); ksmbd_debug(AUTH, "ServerOut Key %*ph\n", - SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3decryptionkey); + SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3decryptionkey); } else { ksmbd_debug(AUTH, "ServerIn Key %*ph\n", - SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3encryptionkey); + SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3encryptionkey); ksmbd_debug(AUTH, "ServerOut Key %*ph\n", - SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3decryptionkey); + SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3decryptionkey); } return 0; } @@ -1067,7 +1062,7 @@ int ksmbd_gen_smb311_encryptionkey(struct ksmbd_session *sess) }

int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf, - __u8 *pi_hash) + __u8 *pi_hash) { int rc; struct smb2_hdr *rcv_hdr = (struct smb2_hdr *)buf; @@ -1114,7 +1109,7 @@ int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf, }

int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len, - __u8 *pi_hash) + __u8 *pi_hash) { int rc; struct ksmbd_crypto_ctx *ctx = NULL; @@ -1148,7 +1143,7 @@ int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len, }

static int ksmbd_get_encryption_key(struct ksmbd_conn *conn, __u64 ses_id, - int enc, u8 *key) + int enc, u8 *key) { struct ksmbd_session *sess; u8 *ses_enc_key; @@ -1165,7 +1160,7 @@ static int ksmbd_get_encryption_key(struct ksmbd_conn *conn, __u64 ses_id, }

static inline void smb2_sg_set_buf(struct scatterlist *sg, const void *buf, - unsigned int buflen) + unsigned int buflen) { void *addr;

@@ -1177,7 +1172,7 @@ static inline void smb2_sg_set_buf(struct scatterlist *sg, const void *buf, }

static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec, - u8 *sign) + u8 *sign) { struct scatterlist *sg; unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 24; @@ -1242,7 +1237,7 @@ static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec, }

int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov, - unsigned int nvec, int enc) + unsigned int nvec, int enc) { struct smb2_transform_hdr *tr_hdr = (struct smb2_transform_hdr *)iov[0].iov_base; diff --git a/fs/cifsd/auth.h b/fs/cifsd/auth.h index 6fcfad5e7e1f..650bd7dd6750 100644 --- a/fs/cifsd/auth.h +++ b/fs/cifsd/auth.h @@ -35,56 +35,31 @@ struct ksmbd_session; struct ksmbd_conn; struct kvec;

-int ksmbd_crypt_message(struct ksmbd_conn *conn, - struct kvec *iov, - unsigned int nvec, - int enc); - +int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov, + unsigned int nvec, int enc); void ksmbd_copy_gss_neg_header(void *buf); - -int ksmbd_auth_ntlm(struct ksmbd_session *sess, - char *pw_buf); - -int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, - struct ntlmv2_resp *ntlmv2, - int blen, - char *domain_name); - +int ksmbd_auth_ntlm(struct ksmbd_session *sess, char *pw_buf); +int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2, + int blen, char *domain_name); int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, - int blob_len, - struct ksmbd_session *sess); - + int blob_len, struct ksmbd_session *sess); int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob, - int blob_len, - struct ksmbd_session *sess); - + int blob_len, struct ksmbd_session *sess); unsigned int ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, - struct ksmbd_session *sess); - -int ksmbd_krb5_authenticate(struct ksmbd_session *sess, - char *in_blob, int in_len, - char *out_blob, int *out_len); - -int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, - char *key, - struct kvec *iov, - int n_vec, - char *sig); -int ksmbd_sign_smb3_pdu(struct ksmbd_conn *conn, - char *key, - struct kvec *iov, - int n_vec, - char *sig); - + struct ksmbd_session *sess); +int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob, + int in_len, char *out_blob, int *out_len); +int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov, + int n_vec, char *sig); +int ksmbd_sign_smb3_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov, + int n_vec, char *sig); int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess); int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess); int ksmbd_gen_smb30_encryptionkey(struct ksmbd_session *sess); int ksmbd_gen_smb311_encryptionkey(struct ksmbd_session *sess); - -int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, - char *buf, +int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf, __u8 *pi_hash); int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len, - __u8 *pi_hash); + __u8 *pi_hash); #endif diff --git a/fs/cifsd/buffer_pool.c b/fs/cifsd/buffer_pool.c index 1ee1feef1bb4..ea7d2d1a056a 100644 --- a/fs/cifsd/buffer_pool.c +++ b/fs/cifsd/buffer_pool.c @@ -251,7 +251,8 @@ int ksmbd_init_buffer_pools(void) goto out;

filp_cache = kmem_cache_create("ksmbd_file_cache", - sizeof(struct ksmbd_file), 0, SLAB_HWCACHE_ALIGN, NULL); + sizeof(struct ksmbd_file), 0, + SLAB_HWCACHE_ALIGN, NULL); if (!filp_cache) goto out;

diff --git a/fs/cifsd/buffer_pool.h b/fs/cifsd/buffer_pool.h index f7157144a92f..088aa07ba09b 100644 --- a/fs/cifsd/buffer_pool.h +++ b/fs/cifsd/buffer_pool.h @@ -8,12 +8,9 @@

void *ksmbd_find_buffer(size_t size); void ksmbd_release_buffer(void *buffer); - void *ksmbd_realloc_response(void *ptr, size_t old_sz, size_t new_sz); - void ksmbd_free_file_struct(void *filp); void *ksmbd_alloc_file_struct(void); - void ksmbd_destroy_buffer_pools(void); int ksmbd_init_buffer_pools(void);

diff --git a/fs/cifsd/connection.c b/fs/cifsd/connection.c index 4785dd59fcc5..06c42309be72 100644 --- a/fs/cifsd/connection.c +++ b/fs/cifsd/connection.c @@ -201,30 +201,30 @@ int ksmbd_conn_write(struct ksmbd_work *work) }

int ksmbd_conn_rdma_read(struct ksmbd_conn *conn, void *buf, - unsigned int buflen, u32 remote_key, u64 remote_offset, - u32 remote_len) + unsigned int buflen, u32 remote_key, u64 remote_offset, + u32 remote_len) { int ret = -EINVAL;

if (conn->transport->ops->rdma_read) ret = conn->transport->ops->rdma_read(conn->transport, - buf, buflen, - remote_key, remote_offset, - remote_len); + buf, buflen, + remote_key, remote_offset, + remote_len); return ret; }

int ksmbd_conn_rdma_write(struct ksmbd_conn *conn, void *buf, - unsigned int buflen, u32 remote_key, u64 remote_offset, - u32 remote_len) + unsigned int buflen, u32 remote_key, + u64 remote_offset, u32 remote_len) { int ret = -EINVAL;

if (conn->transport->ops->rdma_write) ret = conn->transport->ops->rdma_write(conn->transport, - buf, buflen, - remote_key, remote_offset, - remote_len); + buf, buflen, + remote_key, remote_offset, + remote_len); return ret; }

@@ -250,7 +250,7 @@ bool ksmbd_conn_alive(struct ksmbd_conn *conn) if (server_conf.deadtime > 0 && time_after(jiffies, conn->last_active + server_conf.deadtime)) { ksmbd_debug(CONN, "No response from client in %lu minutes\n", - server_conf.deadtime / SMB_ECHO_INTERVAL); + server_conf.deadtime / SMB_ECHO_INTERVAL); return false; } return true; @@ -390,7 +390,7 @@ static void stop_sessions(void) task = conn->transport->handler; if (task) ksmbd_debug(CONN, "Stop session handler %s/%d\n", - task->comm, task_pid_nr(task)); + task->comm, task_pid_nr(task)); conn->status = KSMBD_SESS_EXITING; } read_unlock(&conn_list_lock); diff --git a/fs/cifsd/connection.h b/fs/cifsd/connection.h index 00ede7a67199..1658442b27b0 100644 --- a/fs/cifsd/connection.h +++ b/fs/cifsd/connection.h @@ -118,13 +118,13 @@ struct ksmbd_transport_ops { void (*disconnect)(struct ksmbd_transport *t); int (*read)(struct ksmbd_transport *t, char *buf, unsigned int size); int (*writev)(struct ksmbd_transport *t, struct kvec *iovs, int niov, - int size, bool need_invalidate_rkey, - unsigned int remote_key); + int size, bool need_invalidate_rkey, + unsigned int remote_key); int (*rdma_read)(struct ksmbd_transport *t, void *buf, unsigned int len, - u32 remote_key, u64 remote_offset, u32 remote_len); + u32 remote_key, u64 remote_offset, u32 remote_len); int (*rdma_write)(struct ksmbd_transport *t, void *buf, - unsigned int len, u32 remote_key, u64 remote_offset, - u32 remote_len); + unsigned int len, u32 remote_key, u64 remote_offset, + u32 remote_len); };

struct ksmbd_transport { @@ -139,24 +139,20 @@ struct ksmbd_transport {

bool ksmbd_conn_alive(struct ksmbd_conn *conn); void ksmbd_conn_wait_idle(struct ksmbd_conn *conn); - struct ksmbd_conn *ksmbd_conn_alloc(void); void ksmbd_conn_free(struct ksmbd_conn *conn); bool ksmbd_conn_lookup_dialect(struct ksmbd_conn *c); int ksmbd_conn_write(struct ksmbd_work *work); int ksmbd_conn_rdma_read(struct ksmbd_conn *conn, void *buf, - unsigned int buflen, u32 remote_key, u64 remote_offset, - u32 remote_len); + unsigned int buflen, u32 remote_key, u64 remote_offset, + u32 remote_len); int ksmbd_conn_rdma_write(struct ksmbd_conn *conn, void *buf, - unsigned int buflen, u32 remote_key, u64 remote_offset, - u32 remote_len); - + unsigned int buflen, u32 remote_key, u64 remote_offset, + u32 remote_len); void ksmbd_conn_enqueue_request(struct ksmbd_work *work); int ksmbd_conn_try_dequeue_request(struct ksmbd_work *work); void ksmbd_conn_init_server_callbacks(struct ksmbd_conn_ops *ops); - int ksmbd_conn_handler_loop(void *p); - int ksmbd_conn_transport_init(void); void ksmbd_conn_transport_destroy(void);

diff --git a/fs/cifsd/crypto_ctx.c b/fs/cifsd/crypto_ctx.c index 9685bf963702..cfea4c4db30f 100644 --- a/fs/cifsd/crypto_ctx.c +++ b/fs/cifsd/crypto_ctx.c @@ -123,8 +123,8 @@ static struct ksmbd_crypto_ctx *ksmbd_find_crypto_ctx(void) spin_lock(&ctx_list.ctx_lock); if (!list_empty(&ctx_list.idle_ctx)) { ctx = list_entry(ctx_list.idle_ctx.next, - struct ksmbd_crypto_ctx, - list); + struct ksmbd_crypto_ctx, + list); list_del(&ctx->list); spin_unlock(&ctx_list.ctx_lock); return ctx; diff --git a/fs/cifsd/crypto_ctx.h b/fs/cifsd/crypto_ctx.h index b0d3cd650485..ef11154b43df 100644 --- a/fs/cifsd/crypto_ctx.h +++ b/fs/cifsd/crypto_ctx.h @@ -59,7 +59,6 @@ struct ksmbd_crypto_ctx { #define CRYPTO_CCM(c) ((c)->ccmaes[CRYPTO_AEAD_AES_CCM])

void ksmbd_release_crypto_ctx(struct ksmbd_crypto_ctx *ctx); - struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_hmacmd5(void); struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_hmacsha256(void); struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_cmacaes(void); @@ -67,10 +66,8 @@ struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_sha512(void); struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_sha256(void); struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_md4(void); struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_md5(void); - struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_gcm(void); struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_ccm(void); - void ksmbd_crypto_destroy(void); int ksmbd_crypto_create(void);

diff --git a/fs/cifsd/ksmbd_work.c b/fs/cifsd/ksmbd_work.c index eb8c8a34acab..f284a2a803d6 100644 --- a/fs/cifsd/ksmbd_work.c +++ b/fs/cifsd/ksmbd_work.c @@ -39,13 +39,13 @@ void ksmbd_free_work_struct(struct ksmbd_work *work) { WARN_ON(work->saved_cred != NULL); if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_TBUF && - work->set_trans_buf) + work->set_trans_buf) ksmbd_release_buffer(work->response_buf); else kvfree(work->response_buf);

if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_RBUF && - work->set_read_buf) + work->set_read_buf) ksmbd_release_buffer(work->aux_payload_buf); else kvfree(work->aux_payload_buf); @@ -65,8 +65,8 @@ void ksmbd_work_pool_destroy(void) int ksmbd_work_pool_init(void) { work_cache = kmem_cache_create("ksmbd_work_cache", - sizeof(struct ksmbd_work), 0, - SLAB_HWCACHE_ALIGN, NULL); + sizeof(struct ksmbd_work), 0, + SLAB_HWCACHE_ALIGN, NULL); if (!work_cache) return -ENOMEM; return 0; diff --git a/fs/cifsd/misc.c b/fs/cifsd/misc.c index 7fa6649fadfd..1c6ed20f4a18 100644 --- a/fs/cifsd/misc.c +++ b/fs/cifsd/misc.c @@ -135,7 +135,7 @@ int parse_stream_name(char *filename, char **stream_name, int *s_type) }

ksmbd_debug(SMB, "stream name : %s, stream type : %s\n", s_name, - stream_type); + stream_type); if (!strncasecmp("$data", stream_type, 5)) *s_type = DATA_STREAM; else if (!strncasecmp("$index_allocation", stream_type, 17)) @@ -267,7 +267,8 @@ char *convert_to_unix_name(struct ksmbd_share_config *share, char *name) }

char *ksmbd_convert_dir_info_name(struct ksmbd_dir_info *d_info, - const struct nls_table *local_nls, int *conv_len) + const struct nls_table *local_nls, + int *conv_len) { char *conv; int sz = min(4 * d_info->name_len, PATH_MAX); @@ -280,11 +281,8 @@ char *ksmbd_convert_dir_info_name(struct ksmbd_dir_info *d_info, return NULL;

/* XXX */ - *conv_len = smbConvertToUTF16((__le16 *)conv, - d_info->name, - d_info->name_len, - local_nls, - 0); + *conv_len = smbConvertToUTF16((__le16 *)conv, d_info->name, + d_info->name_len, local_nls, 0); *conv_len *= 2;

/* We allocate buffer twice bigger than needed. */ diff --git a/fs/cifsd/misc.h b/fs/cifsd/misc.h index e4bd02a8d45f..af8717d4d85b 100644 --- a/fs/cifsd/misc.h +++ b/fs/cifsd/misc.h @@ -12,32 +12,23 @@ struct kstat; struct ksmbd_file;

int match_pattern(const char *str, size_t len, const char *pattern); - int ksmbd_validate_filename(char *filename); - int parse_stream_name(char *filename, char **stream_name, int *s_type); - char *convert_to_nt_pathname(char *filename, char *sharepath); - int get_nlink(struct kstat *st); - void ksmbd_conv_path_to_unix(char *path); void ksmbd_strip_last_slash(char *path); void ksmbd_conv_path_to_windows(char *path); - char *ksmbd_extract_sharename(char *treename); - char *convert_to_unix_name(struct ksmbd_share_config *share, char *name);

#define KSMBD_DIR_INFO_ALIGNMENT 8 - struct ksmbd_dir_info; char *ksmbd_convert_dir_info_name(struct ksmbd_dir_info *d_info, const struct nls_table *local_nls, int *conv_len);

#define NTFS_TIME_OFFSET ((u64)(369 * 365 + 89) * 24 * 3600 * 10000000) - struct timespec64 ksmbd_NTtimeToUnix(__le64 ntutc); u64 ksmbd_UnixTimeToNT(struct timespec64 t); long long ksmbd_systime(void); diff --git a/fs/cifsd/ndr.c b/fs/cifsd/ndr.c index 1838fc2b1d7c..14189832c65e 100644 --- a/fs/cifsd/ndr.c +++ b/fs/cifsd/ndr.c @@ -185,7 +185,7 @@ int ndr_decode_dos_attr(struct ndr *n, struct xattr_dos_attrib *da) version2 = ndr_read_int32(n); if (da->version != version2) { ksmbd_err("ndr version mismatched(version: %d, version2: %d)\n", - da->version, version2); + da->version, version2); return -EINVAL; }

@@ -235,7 +235,8 @@ static int ndr_encode_posix_acl_entry(struct ndr *n, struct xattr_smb_acl *acl) }

int ndr_encode_posix_acl(struct ndr *n, struct inode *inode, - struct xattr_smb_acl *acl, struct xattr_smb_acl *def_acl) + struct xattr_smb_acl *acl, + struct xattr_smb_acl *def_acl) { int ref_id = 0x00020000;

@@ -315,7 +316,7 @@ int ndr_decode_v4_ntacl(struct ndr *n, struct xattr_ntacl *acl) version2 = ndr_read_int32(n); if (acl->version != version2) { ksmbd_err("ndr version mismatched(version: %d, version2: %d)\n", - acl->version, version2); + acl->version, version2); return -EINVAL; }

diff --git a/fs/cifsd/ndr.h b/fs/cifsd/ndr.h index a9db968b78ac..77b2d1ac93a0 100644 --- a/fs/cifsd/ndr.h +++ b/fs/cifsd/ndr.h @@ -15,7 +15,8 @@ struct ndr { int ndr_encode_dos_attr(struct ndr *n, struct xattr_dos_attrib *da); int ndr_decode_dos_attr(struct ndr *n, struct xattr_dos_attrib *da); int ndr_encode_posix_acl(struct ndr *n, struct inode *inode, - struct xattr_smb_acl *acl, struct xattr_smb_acl *def_acl); + struct xattr_smb_acl *acl, + struct xattr_smb_acl *def_acl); int ndr_encode_v4_ntacl(struct ndr *n, struct xattr_ntacl *acl); int ndr_encode_v3_ntacl(struct ndr *n, struct xattr_ntacl *acl); int ndr_decode_v4_ntacl(struct ndr *n, struct xattr_ntacl *acl); diff --git a/fs/cifsd/oplock.c b/fs/cifsd/oplock.c index e77f1385a8c1..56c68e9cb7ff 100644 --- a/fs/cifsd/oplock.c +++ b/fs/cifsd/oplock.c @@ -29,7 +29,7 @@ static DEFINE_RWLOCK(lease_list_lock); * Return: allocated opinfo object on success, otherwise NULL */ static struct oplock_info *alloc_opinfo(struct ksmbd_work *work, - u64 id, __u16 Tid) + u64 id, __u16 Tid) { struct ksmbd_session *sess = work->sess; struct oplock_info *opinfo; @@ -153,7 +153,7 @@ static struct oplock_info *opinfo_get_list(struct ksmbd_inode *ci)

rcu_read_lock(); opinfo = list_first_or_null_rcu(&ci->m_op_list, struct oplock_info, - op_entry); + op_entry); if (opinfo && !atomic_inc_not_zero(&opinfo->refcount)) opinfo = NULL; rcu_read_unlock(); @@ -269,8 +269,7 @@ int opinfo_write_to_none(struct oplock_info *opinfo) opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE)) { ksmbd_err("bad oplock(0x%x)\n", opinfo->level); if (opinfo->is_lease) - ksmbd_err("lease state(0x%x)\n", - lease->state); + ksmbd_err("lease state(0x%x)\n", lease->state); return -EINVAL; } opinfo->level = SMB2_OPLOCK_LEVEL_NONE; @@ -312,8 +311,7 @@ int lease_read_to_write(struct oplock_info *opinfo) struct lease *lease = opinfo->o_lease;

if (!(lease->state & SMB2_LEASE_READ_CACHING_LE)) { - ksmbd_debug(OPLOCK, "bad lease state(0x%x)\n", - lease->state); + ksmbd_debug(OPLOCK, "bad lease state(0x%x)\n", lease->state); return -EINVAL; }

@@ -338,8 +336,7 @@ static int lease_none_upgrade(struct oplock_info *opinfo, __le32 new_state) struct lease *lease = opinfo->o_lease;

if (!(lease->state == SMB2_LEASE_NONE_LE)) { - ksmbd_debug(OPLOCK, "bad lease state(0x%x)\n", - lease->state); + ksmbd_debug(OPLOCK, "bad lease state(0x%x)\n", lease->state); return -EINVAL; }

@@ -399,7 +396,7 @@ void close_id_del_oplock(struct ksmbd_file *fp) * Return: 0 */ static void grant_write_oplock(struct oplock_info *opinfo_new, int req_oplock, - struct lease_ctx_info *lctx) + struct lease_ctx_info *lctx) { struct lease *lease = opinfo_new->o_lease;

@@ -410,8 +407,7 @@ static void grant_write_oplock(struct oplock_info *opinfo_new, int req_oplock,

if (lctx) { lease->state = lctx->req_state; - memcpy(lease->lease_key, lctx->lease_key, - SMB2_LEASE_KEY_SIZE); + memcpy(lease->lease_key, lctx->lease_key, SMB2_LEASE_KEY_SIZE); } }

@@ -423,7 +419,7 @@ static void grant_write_oplock(struct oplock_info *opinfo_new, int req_oplock, * Return: 0 */ static void grant_read_oplock(struct oplock_info *opinfo_new, - struct lease_ctx_info *lctx) + struct lease_ctx_info *lctx) { struct lease *lease = opinfo_new->o_lease;

@@ -433,8 +429,7 @@ static void grant_read_oplock(struct oplock_info *opinfo_new, lease->state = SMB2_LEASE_READ_CACHING_LE; if (lctx->req_state & SMB2_LEASE_HANDLE_CACHING_LE) lease->state |= SMB2_LEASE_HANDLE_CACHING_LE; - memcpy(lease->lease_key, lctx->lease_key, - SMB2_LEASE_KEY_SIZE); + memcpy(lease->lease_key, lctx->lease_key, SMB2_LEASE_KEY_SIZE); } }

@@ -446,7 +441,7 @@ static void grant_read_oplock(struct oplock_info *opinfo_new, * Return: 0 */ static void grant_none_oplock(struct oplock_info *opinfo_new, - struct lease_ctx_info *lctx) + struct lease_ctx_info *lctx) { struct lease *lease = opinfo_new->o_lease;

@@ -454,13 +449,12 @@ static void grant_none_oplock(struct oplock_info *opinfo_new,

if (lctx) { lease->state = 0; - memcpy(lease->lease_key, lctx->lease_key, - SMB2_LEASE_KEY_SIZE); + memcpy(lease->lease_key, lctx->lease_key, SMB2_LEASE_KEY_SIZE); } }

static inline int compare_guid_key(struct oplock_info *opinfo, - const char *guid1, const char *key1) + const char *guid1, const char *key1) { const char *guid2, *key2;

@@ -483,7 +477,8 @@ static inline int compare_guid_key(struct oplock_info *opinfo, * Return: oplock(lease) object on success, otherwise NULL */ static struct oplock_info *same_client_has_lease(struct ksmbd_inode *ci, - char *client_guid, struct lease_ctx_info *lctx) + char *client_guid, + struct lease_ctx_info *lctx) { int ret; struct lease *lease; @@ -517,7 +512,7 @@ static struct oplock_info *same_client_has_lease(struct ksmbd_inode *ci, if ((atomic_read(&ci->op_count) + atomic_read(&ci->sop_count)) == 1) { if (lease->state == - (lctx->req_state & lease->state)) { + (lctx->req_state & lease->state)) { lease->state |= lctx->req_state; if (lctx->req_state & SMB2_LEASE_WRITE_CACHING_LE) @@ -526,13 +521,13 @@ static struct oplock_info *same_client_has_lease(struct ksmbd_inode *ci, } else if ((atomic_read(&ci->op_count) + atomic_read(&ci->sop_count)) > 1) { if (lctx->req_state == - (SMB2_LEASE_READ_CACHING_LE | - SMB2_LEASE_HANDLE_CACHING_LE)) + (SMB2_LEASE_READ_CACHING_LE | + SMB2_LEASE_HANDLE_CACHING_LE)) lease->state = lctx->req_state; }

if (lctx->req_state && lease->state == - SMB2_LEASE_NONE_LE) + SMB2_LEASE_NONE_LE) lease_none_upgrade(opinfo, lctx->req_state); } read_lock(&ci->m_lock); @@ -547,9 +542,9 @@ static void wait_for_break_ack(struct oplock_info *opinfo) int rc = 0;

rc = wait_event_interruptible_timeout(opinfo->oplock_q, - opinfo->op_state == OPLOCK_STATE_NONE || - opinfo->op_state == OPLOCK_CLOSING, - OPLOCK_WAIT_TIME); + opinfo->op_state == OPLOCK_STATE_NONE || + opinfo->op_state == OPLOCK_CLOSING, + OPLOCK_WAIT_TIME);

/* is this a timeout ? */ if (!rc) { @@ -664,8 +659,8 @@ static void __smb2_oplock_break_noti(struct work_struct *wk) inc_rfc1001_len(rsp, 24);

ksmbd_debug(OPLOCK, - "sending oplock break v_id %llu p_id = %llu lock level = %d\n", - rsp->VolatileFid, rsp->PersistentFid, rsp->OplockLevel); + "sending oplock break v_id %llu p_id = %llu lock level = %d\n", + rsp->VolatileFid, rsp->PersistentFid, rsp->OplockLevel);

ksmbd_fd_put(work, fp); ksmbd_conn_write(work); @@ -815,7 +810,7 @@ static int smb2_lease_break_noti(struct oplock_info *opinfo) struct ksmbd_work *in_work;

in_work = list_entry(tmp, struct ksmbd_work, - interim_entry); + interim_entry); setup_async_work(in_work, NULL, NULL); smb2_send_interim_resp(in_work, STATUS_PENDING); list_del(&in_work->interim_entry); @@ -843,7 +838,8 @@ static void wait_lease_breaking(struct oplock_info *opinfo) int ret = 0;

ret = wait_event_interruptible_timeout(opinfo->oplock_brk, - atomic_read(&opinfo->breaking_cnt) == 0, HZ); + atomic_read(&opinfo->breaking_cnt) == 0, + HZ); if (!ret) atomic_set(&opinfo->breaking_cnt, 0); } @@ -855,8 +851,8 @@ static int oplock_break(struct oplock_info *brk_opinfo, int req_op_level)

/* Need to break exclusive/batch oplock, write lease or overwrite_if */ ksmbd_debug(OPLOCK, - "request to send oplock(level : 0x%x) break notification\n", - brk_opinfo->level); + "request to send oplock(level : 0x%x) break notification\n", + brk_opinfo->level);

if (brk_opinfo->is_lease) { struct lease *lease = brk_opinfo->o_lease; @@ -939,7 +935,7 @@ void destroy_lease_table(struct ksmbd_conn *conn) again: rcu_read_lock(); list_for_each_entry_rcu(opinfo, &lb->lease_list, - lease_entry) { + lease_entry) { rcu_read_unlock(); lease_del_list(opinfo); goto again; @@ -952,7 +948,7 @@ void destroy_lease_table(struct ksmbd_conn *conn) }

int find_same_lease_key(struct ksmbd_session *sess, struct ksmbd_inode *ci, - struct lease_ctx_info *lctx) + struct lease_ctx_info *lctx) { struct oplock_info *opinfo; int err = 0; @@ -978,20 +974,18 @@ int find_same_lease_key(struct ksmbd_session *sess, struct ksmbd_inode *ci,

found: rcu_read_lock(); - list_for_each_entry_rcu(opinfo, &lb->lease_list, - lease_entry) { + list_for_each_entry_rcu(opinfo, &lb->lease_list, lease_entry) { if (!atomic_inc_not_zero(&opinfo->refcount)) continue; rcu_read_unlock(); if (opinfo->o_fp->f_ci == ci) goto op_next; - err = compare_guid_key(opinfo, - sess->conn->ClientGUID, - lctx->lease_key); + err = compare_guid_key(opinfo, sess->conn->ClientGUID, + lctx->lease_key); if (err) { err = -EINVAL; ksmbd_debug(OPLOCK, - "found same lease key is already used in other files\n"); + "found same lease key is already used in other files\n"); opinfo_put(opinfo); goto out; } @@ -1014,7 +1008,7 @@ static void copy_lease(struct oplock_info *op1, struct oplock_info *op2) op2->level = op1->level; lease2->state = lease1->state; memcpy(lease2->lease_key, lease1->lease_key, - SMB2_LEASE_KEY_SIZE); + SMB2_LEASE_KEY_SIZE); lease2->duration = lease1->duration; lease2->flags = lease1->flags; } @@ -1040,7 +1034,7 @@ static int add_lease_global_list(struct oplock_info *opinfo) return -ENOMEM;

memcpy(lb->client_guid, opinfo->conn->ClientGUID, - SMB2_CLIENT_GUID_SIZE); + SMB2_CLIENT_GUID_SIZE); INIT_LIST_HEAD(&lb->lease_list); spin_lock_init(&lb->lb_lock); opinfo->o_lease->l_lb = lb; @@ -1050,7 +1044,7 @@ static int add_lease_global_list(struct oplock_info *opinfo) }

static void set_oplock_level(struct oplock_info *opinfo, int level, - struct lease_ctx_info *lctx) + struct lease_ctx_info *lctx) { switch (level) { case SMB2_OPLOCK_LEVEL_BATCH: @@ -1079,8 +1073,8 @@ static void set_oplock_level(struct oplock_info *opinfo, int level, * Return: 0 on success, otherwise error */ int smb_grant_oplock(struct ksmbd_work *work, int req_op_level, u64 pid, - struct ksmbd_file *fp, __u16 tid, struct lease_ctx_info *lctx, - int share_ret) + struct ksmbd_file *fp, __u16 tid, + struct lease_ctx_info *lctx, int share_ret) { struct ksmbd_session *sess = work->sess; int err = 0; @@ -1122,7 +1116,7 @@ int smb_grant_oplock(struct ksmbd_work *work, int req_op_level, u64 pid,

/* is lease already granted ? */ m_opinfo = same_client_has_lease(ci, sess->conn->ClientGUID, - lctx); + lctx); if (m_opinfo) { copy_lease(m_opinfo, opinfo); if (atomic_read(&m_opinfo->breaking_cnt)) @@ -1208,7 +1202,7 @@ int smb_grant_oplock(struct ksmbd_work *work, int req_op_level, u64 pid, * @is_trunc: truncate on open */ static void smb_break_all_write_oplock(struct ksmbd_work *work, - struct ksmbd_file *fp, int is_trunc) + struct ksmbd_file *fp, int is_trunc) { struct oplock_info *brk_opinfo;

@@ -1235,7 +1229,7 @@ static void smb_break_all_write_oplock(struct ksmbd_work *work, * @is_trunc: truncate on open */ void smb_break_all_levII_oplock(struct ksmbd_work *work, struct ksmbd_file *fp, - int is_trunc) + int is_trunc) { struct oplock_info *op, *brk_op; struct ksmbd_inode *ci; @@ -1257,18 +1251,18 @@ void smb_break_all_levII_oplock(struct ksmbd_work *work, struct ksmbd_file *fp, (~(SMB2_LEASE_READ_CACHING_LE | SMB2_LEASE_HANDLE_CACHING_LE)))) { ksmbd_debug(OPLOCK, "unexpected lease state(0x%x)\n", - brk_op->o_lease->state); + brk_op->o_lease->state); goto next; } else if (brk_op->level != SMB2_OPLOCK_LEVEL_II) { ksmbd_debug(OPLOCK, "unexpected oplock(0x%x)\n", - brk_op->level); + brk_op->level); goto next; }

/* Skip oplock being break to none */ - if (brk_op->is_lease && (brk_op->o_lease->new_state == - SMB2_LEASE_NONE_LE) && + if (brk_op->is_lease && + (brk_op->o_lease->new_state == SMB2_LEASE_NONE_LE) && atomic_read(&brk_op->breaking_cnt)) goto next;

@@ -1573,9 +1567,9 @@ void create_posix_rsp_buf(char *cc, struct ksmbd_file *fp) buf->reparse_tag = cpu_to_le32(fp->volatile_id); buf->mode = cpu_to_le32(inode->i_mode); id_to_sid(from_kuid(&init_user_ns, inode->i_uid), - SIDNFS_USER, (struct smb_sid *)&buf->SidBuffer[0]); + SIDNFS_USER, (struct smb_sid *)&buf->SidBuffer[0]); id_to_sid(from_kgid(&init_user_ns, inode->i_gid), - SIDNFS_GROUP, (struct smb_sid *)&buf->SidBuffer[20]); + SIDNFS_GROUP, (struct smb_sid *)&buf->SidBuffer[20]); }

/* @@ -1590,7 +1584,7 @@ void create_posix_rsp_buf(char *cc, struct ksmbd_file *fp) * Return: opinfo if found matching opinfo, otherwise NULL */ struct oplock_info *lookup_lease_in_table(struct ksmbd_conn *conn, - char *lease_key) + char *lease_key) { struct oplock_info *opinfo = NULL, *ret_op = NULL; struct lease_table *lt; @@ -1619,7 +1613,7 @@ struct oplock_info *lookup_lease_in_table(struct ksmbd_conn *conn, SMB2_LEASE_WRITE_CACHING_LE))) goto op_next; ret = compare_guid_key(opinfo, conn->ClientGUID, - lease_key); + lease_key); if (ret) { ksmbd_debug(OPLOCK, "found opinfo\n"); ret_op = opinfo; @@ -1637,7 +1631,7 @@ struct oplock_info *lookup_lease_in_table(struct ksmbd_conn *conn, }

int smb2_check_durable_oplock(struct ksmbd_file *fp, - struct lease_ctx_info *lctx, char *name) + struct lease_ctx_info *lctx, char *name) { struct oplock_info *opinfo = opinfo_get(fp); int ret = 0; diff --git a/fs/cifsd/oplock.h b/fs/cifsd/oplock.h index f8b4b486eb93..0abd26123f6d 100644 --- a/fs/cifsd/oplock.h +++ b/fs/cifsd/oplock.h @@ -96,11 +96,10 @@ struct oplock_break_info { };

int smb_grant_oplock(struct ksmbd_work *work, int req_op_level, - u64 pid, struct ksmbd_file *fp, __u16 tid, - struct lease_ctx_info *lctx, int share_ret); + u64 pid, struct ksmbd_file *fp, __u16 tid, + struct lease_ctx_info *lctx, int share_ret); void smb_break_all_levII_oplock(struct ksmbd_work *work, - struct ksmbd_file *fp, int is_trunc); - + struct ksmbd_file *fp, int is_trunc); int opinfo_write_to_read(struct oplock_info *opinfo); int opinfo_read_handle_to_read(struct oplock_info *opinfo); int opinfo_write_to_none(struct oplock_info *opinfo); @@ -124,10 +123,10 @@ void create_disk_id_rsp_buf(char *cc, __u64 file_id, __u64 vol_id); void create_posix_rsp_buf(char *cc, struct ksmbd_file *fp); struct create_context *smb2_find_context_vals(void *open_req, const char *str); struct oplock_info *lookup_lease_in_table(struct ksmbd_conn *conn, - char *lease_key); + char *lease_key); int find_same_lease_key(struct ksmbd_session *sess, struct ksmbd_inode *ci, - struct lease_ctx_info *lctx); + struct lease_ctx_info *lctx); void destroy_lease_table(struct ksmbd_conn *conn); int smb2_check_durable_oplock(struct ksmbd_file *fp, - struct lease_ctx_info *lctx, char *name); + struct lease_ctx_info *lctx, char *name); #endif /* __KSMBD_OPLOCK_H */ diff --git a/fs/cifsd/server.c b/fs/cifsd/server.c index 4aff89ce1464..87838f76a348 100644 --- a/fs/cifsd/server.c +++ b/fs/cifsd/server.c @@ -106,7 +106,7 @@ static inline int check_conn_state(struct ksmbd_work *work) #define TCP_HANDLER_ABORT 1

static int __process_request(struct ksmbd_work *work, struct ksmbd_conn *conn, - uint16_t *cmd) + uint16_t *cmd) { struct smb_version_cmds *cmds; uint16_t command; @@ -159,7 +159,7 @@ static int __process_request(struct ksmbd_work *work, struct ksmbd_conn *conn, }

static void __handle_ksmbd_work(struct ksmbd_work *work, - struct ksmbd_conn *conn) + struct ksmbd_conn *conn) { u16 command = 0; int rc; @@ -222,8 +222,8 @@ static void __handle_ksmbd_work(struct ksmbd_work *work, } }

- if (work->sess && (work->sess->sign || - smb3_11_final_sess_setup_resp(work) || + if (work->sess && + (work->sess->sign || smb3_11_final_sess_setup_resp(work) || conn->ops->is_sign_req(work, command))) conn->ops->set_sign_rsp(work); } while (is_chained_smb2_message(work)); @@ -416,7 +416,7 @@ int server_queue_ctrl_reset_work(void) }

static ssize_t stats_show(struct class *class, struct class_attribute *attr, - char *buf) + char *buf) { /* * Inc this each time you change stats output format, @@ -430,19 +430,15 @@ static ssize_t stats_show(struct class *class, struct class_attribute *attr, "shutdown" };

- ssize_t sz = scnprintf(buf, - PAGE_SIZE, - "%d %s %d %lu\n", - stats_version, - state[server_conf.state], - server_conf.tcp_port, - server_conf.ipc_last_active / HZ); + ssize_t sz = scnprintf(buf, PAGE_SIZE, "%d %s %d %lu\n", stats_version, + state[server_conf.state], server_conf.tcp_port, + server_conf.ipc_last_active / HZ); return sz; }

static ssize_t kill_server_store(struct class *class, - struct class_attribute *attr, const char *buf, - size_t len) + struct class_attribute *attr, const char *buf, + size_t len) { if (!sysfs_streq(buf, "hard")) return len; @@ -458,11 +454,11 @@ static ssize_t kill_server_store(struct class *class, }

static const char * const debug_type_strings[] = {"smb", "auth", "vfs", - "oplock", "ipc", "conn", - "rdma"}; + "oplock", "ipc", "conn", + "rdma"};

static ssize_t debug_show(struct class *class, struct class_attribute *attr, - char *buf) + char *buf) { ssize_t sz = 0; int i, pos = 0; @@ -486,7 +482,7 @@ static ssize_t debug_show(struct class *class, struct class_attribute *attr, }

static ssize_t debug_store(struct class *class, struct class_attribute *attr, - const char *buf, size_t len) + const char *buf, size_t len) { int i;

diff --git a/fs/cifsd/smb2misc.c b/fs/cifsd/smb2misc.c index 5a50c4ec43f2..c4b870dbf683 100644 --- a/fs/cifsd/smb2misc.c +++ b/fs/cifsd/smb2misc.c @@ -178,19 +178,19 @@ static char *smb2_get_data_area_len(int *off, int *len, struct smb2_hdr *hdr) */ if (*off > 4096) { ksmbd_debug(SMB, "offset %d too large, data area ignored\n", - *off); + *off); *len = 0; *off = 0; } else if (*off < 0) { ksmbd_debug(SMB, - "negative offset %d to data invalid ignore data area\n", - *off); + "negative offset %d to data invalid ignore data area\n", + *off); *off = 0; *len = 0; } else if (*len < 0) { ksmbd_debug(SMB, - "negative data length %d invalid, data area ignored\n", - *len); + "negative data length %d invalid, data area ignored\n", + *len); *len = 0; } else if (*len > 128 * 1024) { ksmbd_debug(SMB, "data area larger than 128K: %d\n", *len); @@ -228,7 +228,7 @@ static unsigned int smb2_calc_size(void *buf)

smb2_get_data_area_len(&offset, &data_length, hdr); ksmbd_debug(SMB, "SMB2 data length %d offset %d\n", data_length, - offset); + offset);

if (data_length > 0) { /* @@ -239,8 +239,8 @@ static unsigned int smb2_calc_size(void *buf) */ if (offset + 1 < len) ksmbd_debug(SMB, - "data area offset %d overlaps SMB2 header %d\n", - offset + 1, len); + "data area offset %d overlaps SMB2 header %d\n", + offset + 1, len); else len = offset + data_length; } @@ -321,11 +321,11 @@ static int smb2_validate_credit_charge(struct smb2_hdr *hdr) calc_credit_num = DIV_ROUND_UP(max_len, SMB2_MAX_BUFFER_SIZE); if (!credit_charge && max_len > SMB2_MAX_BUFFER_SIZE) { ksmbd_err("credit charge is zero and payload size(%d) is bigger than 64K\n", - max_len); + max_len); return 1; } else if (credit_charge < calc_credit_num) { ksmbd_err("credit charge : %d, calc_credit_num : %d\n", - credit_charge, calc_credit_num); + credit_charge, calc_credit_num); return 1; }

@@ -357,7 +357,7 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work)

if (hdr->StructureSize != SMB2_HEADER_STRUCTURE_SIZE) { ksmbd_debug(SMB, "Illegal structure size %u\n", - le16_to_cpu(hdr->StructureSize)); + le16_to_cpu(hdr->StructureSize)); return 1; }

@@ -372,8 +372,8 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) (hdr->Status == 0 || pdu->StructureSize2 != SMB2_ERROR_STRUCTURE_SIZE2_LE)) { /* error packets have 9 byte structure size */ ksmbd_debug(SMB, - "Illegal request size %u for command %d\n", - le16_to_cpu(pdu->StructureSize2), command); + "Illegal request size %u for command %d\n", + le16_to_cpu(pdu->StructureSize2), command); return 1; } else if (command == SMB2_OPLOCK_BREAK_HE && hdr->Status == 0 && @@ -381,8 +381,8 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) le16_to_cpu(pdu->StructureSize2) != OP_BREAK_STRUCT_SIZE_21) { /* special case for SMB2.1 lease break message */ ksmbd_debug(SMB, - "Illegal request size %d for oplock break\n", - le16_to_cpu(pdu->StructureSize2)); + "Illegal request size %d for oplock break\n", + le16_to_cpu(pdu->StructureSize2)); return 1; } } @@ -408,9 +408,9 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) */ if (clc_len < len) { ksmbd_debug(SMB, - "cli req padded more than expected. Length %d not %d for cmd:%d mid:%llu\n", - len, clc_len, command, - le64_to_cpu(hdr->MessageId)); + "cli req padded more than expected. Length %d not %d for cmd:%d mid:%llu\n", + len, clc_len, command, + le64_to_cpu(hdr->MessageId)); return 0; }

@@ -418,9 +418,9 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) return 0;

ksmbd_debug(SMB, - "cli req too short, len %d not %d. cmd:%d mid:%llu\n", - len, clc_len, command, - le64_to_cpu(hdr->MessageId)); + "cli req too short, len %d not %d. cmd:%d mid:%llu\n", + len, clc_len, command, + le64_to_cpu(hdr->MessageId));

return 1; } diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 16290ad710fa..84b243b3895a 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -296,7 +296,7 @@ int init_smb2_neg_rsp(struct ksmbd_work *work) }

static int smb2_consume_credit_charge(struct ksmbd_work *work, - unsigned short credit_charge) + unsigned short credit_charge) { struct ksmbd_conn *conn = work->conn; unsigned int rsp_credits = 1; @@ -336,8 +336,8 @@ int smb2_set_rsp_credits(struct ksmbd_work *work) conn->total_credits = min_credits; }

- rsp_credit_charge = smb2_consume_credit_charge(work, - le16_to_cpu(req_hdr->CreditCharge)); + rsp_credit_charge = + smb2_consume_credit_charge(work, le16_to_cpu(req_hdr->CreditCharge)); if (rsp_credit_charge < 0) return -EINVAL;

@@ -373,9 +373,9 @@ int smb2_set_rsp_credits(struct ksmbd_work *work) } out: ksmbd_debug(SMB, - "credits: requested[%d] granted[%d] total_granted[%d]\n", - credits_requested, credits_granted, - conn->total_credits); + "credits: requested[%d] granted[%d] total_granted[%d]\n", + credits_requested, credits_granted, + conn->total_credits); return 0; }

@@ -420,9 +420,9 @@ static void init_chained_smb2_rsp(struct ksmbd_work *work) work->next_smb2_rcv_hdr_off += next_hdr_offset; work->next_smb2_rsp_hdr_off += new_len; ksmbd_debug(SMB, - "Compound req new_len = %d rcv off = %d rsp off = %d\n", - new_len, work->next_smb2_rcv_hdr_off, - work->next_smb2_rsp_hdr_off); + "Compound req new_len = %d rcv off = %d rsp off = %d\n", + new_len, work->next_smb2_rcv_hdr_off, + work->next_smb2_rsp_hdr_off);

rsp_hdr = RESPONSE_BUF_NEXT(work); rcv_hdr = REQUEST_BUF_NEXT(work); @@ -640,7 +640,7 @@ static void destroy_previous_session(struct ksmbd_user *user, u64 id) */ static char * smb2_get_name(struct ksmbd_share_config *share, const char *src, - const int maxlen, struct nls_table *local_nls) + const int maxlen, struct nls_table *local_nls) { char *name, *unixname;

@@ -684,8 +684,8 @@ int setup_async_work(struct ksmbd_work *work, void (*fn)(void **), void **arg) rsp_hdr->Id.AsyncId = cpu_to_le64(id);

ksmbd_debug(SMB, - "Send interim Response to inform async request id : %d\n", - work->async_id); + "Send interim Response to inform async request id : %d\n", + work->async_id);

work->cancel_fn = fn; work->cancel_argv = arg; @@ -759,7 +759,7 @@ static int smb2_get_dos_mode(struct kstat *stat, int attribute) }

static void build_preauth_ctxt(struct smb2_preauth_neg_context *pneg_ctxt, - __le16 hash_id) + __le16 hash_id) { pneg_ctxt->ContextType = SMB2_PREAUTH_INTEGRITY_CAPABILITIES; pneg_ctxt->DataLength = cpu_to_le16(38); @@ -771,7 +771,7 @@ static void build_preauth_ctxt(struct smb2_preauth_neg_context *pneg_ctxt, }

static void build_encrypt_ctxt(struct smb2_encryption_neg_context *pneg_ctxt, - __le16 cipher_type) + __le16 cipher_type) { pneg_ctxt->ContextType = SMB2_ENCRYPTION_CAPABILITIES; pneg_ctxt->DataLength = cpu_to_le16(4); @@ -781,7 +781,7 @@ static void build_encrypt_ctxt(struct smb2_encryption_neg_context *pneg_ctxt, }

static void build_compression_ctxt(struct smb2_compression_ctx *pneg_ctxt, - __le16 comp_algo) + __le16 comp_algo) { pneg_ctxt->ContextType = SMB2_COMPRESSION_CAPABILITIES; pneg_ctxt->DataLength = @@ -817,7 +817,7 @@ static void build_posix_ctxt(struct smb2_posix_neg_context *pneg_ctxt) }

static void assemble_neg_contexts(struct ksmbd_conn *conn, - struct smb2_negotiate_rsp *rsp) + struct smb2_negotiate_rsp *rsp) { /* +4 is to account for the RFC1001 len field */ char *pneg_ctxt = (char *)rsp + @@ -826,9 +826,9 @@ static void assemble_neg_contexts(struct ksmbd_conn *conn, int ctxt_size;

ksmbd_debug(SMB, - "assemble SMB2_PREAUTH_INTEGRITY_CAPABILITIES context\n"); + "assemble SMB2_PREAUTH_INTEGRITY_CAPABILITIES context\n"); build_preauth_ctxt((struct smb2_preauth_neg_context *)pneg_ctxt, - conn->preauth_info->Preauth_HashId); + conn->preauth_info->Preauth_HashId); rsp->NegotiateContextCount = cpu_to_le16(neg_ctxt_cnt); inc_rfc1001_len(rsp, AUTH_GSS_PADDING); ctxt_size = sizeof(struct smb2_preauth_neg_context); @@ -838,9 +838,9 @@ static void assemble_neg_contexts(struct ksmbd_conn *conn, if (conn->cipher_type) { ctxt_size = round_up(ctxt_size, 8); ksmbd_debug(SMB, - "assemble SMB2_ENCRYPTION_CAPABILITIES context\n"); + "assemble SMB2_ENCRYPTION_CAPABILITIES context\n"); build_encrypt_ctxt((struct smb2_encryption_neg_context *)pneg_ctxt, - conn->cipher_type); + conn->cipher_type); rsp->NegotiateContextCount = cpu_to_le16(++neg_ctxt_cnt); ctxt_size += sizeof(struct smb2_encryption_neg_context); /* Round to 8 byte boundary */ @@ -852,10 +852,10 @@ static void assemble_neg_contexts(struct ksmbd_conn *conn, if (conn->compress_algorithm) { ctxt_size = round_up(ctxt_size, 8); ksmbd_debug(SMB, - "assemble SMB2_COMPRESSION_CAPABILITIES context\n"); + "assemble SMB2_COMPRESSION_CAPABILITIES context\n"); /* Temporarily set to SMB3_COMPRESS_NONE */ build_compression_ctxt((struct smb2_compression_ctx *)pneg_ctxt, - conn->compress_algorithm); + conn->compress_algorithm); rsp->NegotiateContextCount = cpu_to_le16(++neg_ctxt_cnt); ctxt_size += sizeof(struct smb2_compression_ctx); /* Round to 8 byte boundary */ @@ -865,7 +865,7 @@ static void assemble_neg_contexts(struct ksmbd_conn *conn, if (conn->posix_ext_supported) { ctxt_size = round_up(ctxt_size, 8); ksmbd_debug(SMB, - "assemble SMB2_POSIX_EXTENSIONS_AVAILABLE context\n"); + "assemble SMB2_POSIX_EXTENSIONS_AVAILABLE context\n"); build_posix_ctxt((struct smb2_posix_neg_context *)pneg_ctxt); rsp->NegotiateContextCount = cpu_to_le16(++neg_ctxt_cnt); ctxt_size += sizeof(struct smb2_posix_neg_context); @@ -875,12 +875,11 @@ static void assemble_neg_contexts(struct ksmbd_conn *conn, }

static __le32 decode_preauth_ctxt(struct ksmbd_conn *conn, - struct smb2_preauth_neg_context *pneg_ctxt) + struct smb2_preauth_neg_context *pneg_ctxt) { __le32 err = STATUS_NO_PREAUTH_INTEGRITY_HASH_OVERLAP;

- if (pneg_ctxt->HashAlgorithms == - SMB2_PREAUTH_INTEGRITY_SHA512) { + if (pneg_ctxt->HashAlgorithms == SMB2_PREAUTH_INTEGRITY_SHA512) { conn->preauth_info->Preauth_HashId = SMB2_PREAUTH_INTEGRITY_SHA512; err = STATUS_SUCCESS; @@ -890,7 +889,7 @@ static __le32 decode_preauth_ctxt(struct ksmbd_conn *conn, }

static int decode_encrypt_ctxt(struct ksmbd_conn *conn, - struct smb2_encryption_neg_context *pneg_ctxt) + struct smb2_encryption_neg_context *pneg_ctxt) { int i; int cph_cnt = le16_to_cpu(pneg_ctxt->CipherCount); @@ -906,7 +905,7 @@ static int decode_encrypt_ctxt(struct ksmbd_conn *conn, pneg_ctxt->Ciphers[i] == SMB2_ENCRYPTION_AES256_CCM || pneg_ctxt->Ciphers[i] == SMB2_ENCRYPTION_AES256_GCM) { ksmbd_debug(SMB, "Cipher ID = 0x%x\n", - pneg_ctxt->Ciphers[i]); + pneg_ctxt->Ciphers[i]); conn->cipher_type = pneg_ctxt->Ciphers[i]; break; } @@ -922,7 +921,7 @@ static int decode_encrypt_ctxt(struct ksmbd_conn *conn, }

static int decode_compress_ctxt(struct ksmbd_conn *conn, - struct smb2_compression_ctx *pneg_ctxt) + struct smb2_compression_ctx *pneg_ctxt) { int algo_cnt = le16_to_cpu(pneg_ctxt->CompressionAlgorithmCount);

@@ -937,7 +936,7 @@ static int decode_compress_ctxt(struct ksmbd_conn *conn, }

static __le32 deassemble_neg_contexts(struct ksmbd_conn *conn, - struct smb2_negotiate_req *req) + struct smb2_negotiate_req *req) { int i = 0; __le32 status = 0; @@ -953,16 +952,16 @@ static __le32 deassemble_neg_contexts(struct ksmbd_conn *conn, while (i++ < neg_ctxt_cnt) { if (*ContextType == SMB2_PREAUTH_INTEGRITY_CAPABILITIES) { ksmbd_debug(SMB, - "deassemble SMB2_PREAUTH_INTEGRITY_CAPABILITIES context\n"); + "deassemble SMB2_PREAUTH_INTEGRITY_CAPABILITIES context\n"); if (conn->preauth_info->Preauth_HashId) break;

status = decode_preauth_ctxt(conn, - (struct smb2_preauth_neg_context *)pneg_ctxt); + (struct smb2_preauth_neg_context *)pneg_ctxt); pneg_ctxt += DIV_ROUND_UP(sizeof(struct smb2_preauth_neg_context), 8) * 8; } else if (*ContextType == SMB2_ENCRYPTION_CAPABILITIES) { ksmbd_debug(SMB, - "deassemble SMB2_ENCRYPTION_CAPABILITIES context\n"); + "deassemble SMB2_ENCRYPTION_CAPABILITIES context\n"); if (conn->cipher_type) break;

@@ -971,7 +970,7 @@ static __le32 deassemble_neg_contexts(struct ksmbd_conn *conn, pneg_ctxt += DIV_ROUND_UP(ctxt_size, 8) * 8; } else if (*ContextType == SMB2_COMPRESSION_CAPABILITIES) { ksmbd_debug(SMB, - "deassemble SMB2_COMPRESSION_CAPABILITIES context\n"); + "deassemble SMB2_COMPRESSION_CAPABILITIES context\n"); if (conn->compress_algorithm) break;

@@ -980,14 +979,14 @@ static __le32 deassemble_neg_contexts(struct ksmbd_conn *conn, pneg_ctxt += DIV_ROUND_UP(ctxt_size, 8) * 8; } else if (*ContextType == SMB2_NETNAME_NEGOTIATE_CONTEXT_ID) { ksmbd_debug(SMB, - "deassemble SMB2_NETNAME_NEGOTIATE_CONTEXT_ID context\n"); + "deassemble SMB2_NETNAME_NEGOTIATE_CONTEXT_ID context\n"); ctxt_size = sizeof(struct smb2_netname_neg_context); ctxt_size += DIV_ROUND_UP(le16_to_cpu(((struct smb2_netname_neg_context *) - pneg_ctxt)->DataLength), 8) * 8; + pneg_ctxt)->DataLength), 8) * 8; pneg_ctxt += ctxt_size; } else if (*ContextType == SMB2_POSIX_EXTENSIONS_AVAILABLE) { ksmbd_debug(SMB, - "deassemble SMB2_POSIX_EXTENSIONS_AVAILABLE context\n"); + "deassemble SMB2_POSIX_EXTENSIONS_AVAILABLE context\n"); conn->posix_ext_supported = true; pneg_ctxt += DIV_ROUND_UP(sizeof(struct smb2_posix_neg_context), 8) * 8; } @@ -1033,7 +1032,7 @@ int smb2_handle_negotiate(struct ksmbd_work *work) case SMB311_PROT_ID: conn->preauth_info = kzalloc(sizeof(struct preauth_integrity_info), - GFP_KERNEL); + GFP_KERNEL); if (!conn->preauth_info) { rc = -ENOMEM; rsp->hdr.Status = STATUS_INVALID_PARAMETER; @@ -1043,7 +1042,7 @@ int smb2_handle_negotiate(struct ksmbd_work *work) status = deassemble_neg_contexts(conn, req); if (status != STATUS_SUCCESS) { ksmbd_err("deassemble_neg_contexts error(0x%x)\n", - status); + status); rsp->hdr.Status = status; rc = -EINVAL; goto err_out; @@ -1056,8 +1055,8 @@ int smb2_handle_negotiate(struct ksmbd_work *work) }

ksmbd_gen_preauth_integrity_hash(conn, - work->request_buf, - conn->preauth_info->Preauth_HashValue); + work->request_buf, + conn->preauth_info->Preauth_HashValue); rsp->NegotiateContextOffset = cpu_to_le32(OFFSET_OF_NEG_CONTEXT); assemble_neg_contexts(conn, rsp); @@ -1082,7 +1081,7 @@ int smb2_handle_negotiate(struct ksmbd_work *work) case BAD_PROT_ID: default: ksmbd_debug(SMB, "Server dialect :0x%x not supported\n", - conn->dialect); + conn->dialect); rsp->hdr.Status = STATUS_NOT_SUPPORTED; rc = -EINVAL; goto err_out; @@ -1098,7 +1097,7 @@ int smb2_handle_negotiate(struct ksmbd_work *work)

if (conn->dialect > SMB20_PROT_ID) { memcpy(conn->ClientGUID, req->ClientGUID, - SMB2_CLIENT_GUID_SIZE); + SMB2_CLIENT_GUID_SIZE); conn->cli_sec_mode = le16_to_cpu(req->SecurityMode); }

@@ -1112,17 +1111,17 @@ int smb2_handle_negotiate(struct ksmbd_work *work) rsp->SystemTime = cpu_to_le64(ksmbd_systime()); rsp->ServerStartTime = 0; ksmbd_debug(SMB, "negotiate context offset %d, count %d\n", - le32_to_cpu(rsp->NegotiateContextOffset), - le16_to_cpu(rsp->NegotiateContextCount)); + le32_to_cpu(rsp->NegotiateContextOffset), + le16_to_cpu(rsp->NegotiateContextCount));

rsp->SecurityBufferOffset = cpu_to_le16(128); rsp->SecurityBufferLength = cpu_to_le16(AUTH_GSS_LENGTH); ksmbd_copy_gss_neg_header(((char *)(&rsp->hdr) + - sizeof(rsp->hdr.smb2_buf_length)) + - le16_to_cpu(rsp->SecurityBufferOffset)); + sizeof(rsp->hdr.smb2_buf_length)) + + le16_to_cpu(rsp->SecurityBufferOffset)); inc_rfc1001_len(rsp, sizeof(struct smb2_negotiate_rsp) - - sizeof(struct smb2_hdr) - sizeof(rsp->Buffer) + - AUTH_GSS_LENGTH); + sizeof(struct smb2_hdr) - sizeof(rsp->Buffer) + + AUTH_GSS_LENGTH); rsp->SecurityMode = SMB2_NEGOTIATE_SIGNING_ENABLED_LE; conn->use_spnego = true;

@@ -1147,13 +1146,13 @@ int smb2_handle_negotiate(struct ksmbd_work *work) }

static int alloc_preauth_hash(struct ksmbd_session *sess, - struct ksmbd_conn *conn) + struct ksmbd_conn *conn) { if (sess->Preauth_HashValue) return 0;

sess->Preauth_HashValue = kmemdup(conn->preauth_info->Preauth_HashValue, - PREAUTH_HASHVALUE_SIZE, GFP_KERNEL); + PREAUTH_HASHVALUE_SIZE, GFP_KERNEL); if (!sess->Preauth_HashValue) return -ENOMEM;

@@ -1180,7 +1179,7 @@ static int generate_preauth_hash(struct ksmbd_work *work) }

static int decode_negotiation_token(struct ksmbd_work *work, - struct negotiate_message *negblob) + struct negotiate_message *negblob) { struct ksmbd_conn *conn = work->conn; struct smb2_sess_setup_req *req; @@ -1203,7 +1202,7 @@ static int decode_negotiation_token(struct ksmbd_work *work, }

static int ntlm_negotiate(struct ksmbd_work *work, - struct negotiate_message *negblob) + struct negotiate_message *negblob) { struct smb2_sess_setup_req *req = work->request_buf; struct smb2_sess_setup_rsp *rsp = work->response_buf; @@ -1247,10 +1246,8 @@ static int ntlm_negotiate(struct ksmbd_work *work, goto out; }

- rc = build_spnego_ntlmssp_neg_blob(&spnego_blob, - &spnego_blob_len, - neg_blob, - sz); + rc = build_spnego_ntlmssp_neg_blob(&spnego_blob, &spnego_blob_len, + neg_blob, sz); if (rc) { rc = -ENOMEM; goto out; @@ -1267,7 +1264,7 @@ static int ntlm_negotiate(struct ksmbd_work *work, }

static struct authenticate_message *user_authblob(struct ksmbd_conn *conn, - struct smb2_sess_setup_req *req) + struct smb2_sess_setup_req *req) { int sz;

@@ -1280,7 +1277,7 @@ static struct authenticate_message *user_authblob(struct ksmbd_conn *conn, }

static struct ksmbd_user *session_user(struct ksmbd_conn *conn, - struct smb2_sess_setup_req *req) + struct smb2_sess_setup_req *req) { struct authenticate_message *authblob; struct ksmbd_user *user; @@ -1396,7 +1393,7 @@ static int ntlm_authenticate(struct ksmbd_work *work) rc = conn->ops->generate_encryptionkey(sess); if (rc) { ksmbd_debug(SMB, - "SMB3 encryption key generation failed\n"); + "SMB3 encryption key generation failed\n"); rsp->hdr.Status = STATUS_LOGON_FAILURE; return rc; } @@ -1473,7 +1470,7 @@ static int krb5_authenticate(struct ksmbd_work *work) ksmbd_free_user(sess->user);

retval = ksmbd_krb5_authenticate(sess, in_blob, in_len, - out_blob, &out_len); + out_blob, &out_len); if (retval) { ksmbd_debug(SMB, "krb5 authentication failed\n"); rsp->hdr.Status = STATUS_LOGON_FAILURE; @@ -1491,7 +1488,7 @@ static int krb5_authenticate(struct ksmbd_work *work) retval = conn->ops->generate_encryptionkey(sess); if (retval) { ksmbd_debug(SMB, - "SMB3 encryption key generation failed\n"); + "SMB3 encryption key generation failed\n"); rsp->hdr.Status = STATUS_LOGON_FAILURE; return retval; } @@ -1565,7 +1562,7 @@ int smb2_sess_setup(struct ksmbd_work *work) ksmbd_session_register(conn, sess); } else { sess = ksmbd_session_lookup(conn, - le64_to_cpu(req->hdr.SessionId)); + le64_to_cpu(req->hdr.SessionId)); if (!sess) { rc = -ENOENT; rsp->hdr.Status = STATUS_USER_SESSION_DELETED; @@ -1673,7 +1670,8 @@ int smb2_tree_connect(struct ksmbd_work *work) int rc = -EINVAL;

treename = smb_strndup_from_utf16(req->Buffer, - le16_to_cpu(req->PathLength), true, conn->local_nls); + le16_to_cpu(req->PathLength), true, + conn->local_nls); if (IS_ERR(treename)) { ksmbd_err("treename is NULL\n"); status.ret = KSMBD_TREE_CONN_STATUS_ERROR; @@ -1687,7 +1685,7 @@ int smb2_tree_connect(struct ksmbd_work *work) }

ksmbd_debug(SMB, "tree connect request for tree %s treename %s\n", - name, treename); + name, treename);

status = ksmbd_tree_conn_connect(sess, name); if (status.ret == KSMBD_TREE_CONN_STATUS_OK) @@ -1772,7 +1770,7 @@ int smb2_tree_connect(struct ksmbd_work *work) * Return: file open flags */ static int smb2_create_open_flags(bool file_present, __le32 access, - __le32 disposition) + __le32 disposition) { int oflags = O_NONBLOCK | O_LARGEFILE;

@@ -1910,7 +1908,7 @@ static noinline int create_smb2_pipe(struct ksmbd_work *work) char *name;

name = smb_strndup_from_utf16(req->Buffer, le16_to_cpu(req->NameLength), - 1, work->conn->local_nls); + 1, work->conn->local_nls); if (IS_ERR(name)) { rsp->hdr.Status = STATUS_NO_MEMORY; err = PTR_ERR(name); @@ -1987,20 +1985,20 @@ static int smb2_set_ea(struct smb2_ea_info *eabuf, struct path *path) goto next;

ksmbd_debug(SMB, - "name : <%s>, name_len : %u, value_len : %u, next : %u\n", - eabuf->name, eabuf->EaNameLength, - le16_to_cpu(eabuf->EaValueLength), - le32_to_cpu(eabuf->NextEntryOffset)); + "name : <%s>, name_len : %u, value_len : %u, next : %u\n", + eabuf->name, eabuf->EaNameLength, + le16_to_cpu(eabuf->EaValueLength), + le32_to_cpu(eabuf->NextEntryOffset));

if (eabuf->EaNameLength > - (XATTR_NAME_MAX - XATTR_USER_PREFIX_LEN)) { + (XATTR_NAME_MAX - XATTR_USER_PREFIX_LEN)) { rc = -EINVAL; break; }

memcpy(attr_name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN); memcpy(&attr_name[XATTR_USER_PREFIX_LEN], eabuf->name, - eabuf->EaNameLength); + eabuf->EaNameLength); attr_name[XATTR_USER_PREFIX_LEN + eabuf->EaNameLength] = '\0'; value = (char *)&eabuf->name + eabuf->EaNameLength + 1;

@@ -2017,8 +2015,8 @@ static int smb2_set_ea(struct smb2_ea_info *eabuf, struct path *path)

if (rc < 0) { ksmbd_debug(SMB, - "remove xattr failed(%d)\n", - rc); + "remove xattr failed(%d)\n", + rc); break; } } @@ -2027,11 +2025,11 @@ static int smb2_set_ea(struct smb2_ea_info *eabuf, struct path *path) rc = 0; } else { rc = ksmbd_vfs_setxattr(path->dentry, attr_name, value, - le16_to_cpu(eabuf->EaValueLength), 0); + le16_to_cpu(eabuf->EaValueLength), 0); if (rc < 0) { ksmbd_debug(SMB, - "ksmbd_vfs_setxattr is failed(%d)\n", - rc); + "ksmbd_vfs_setxattr is failed(%d)\n", + rc); break; } } @@ -2061,7 +2059,8 @@ static inline int check_context_err(void *ctx, char *str) }

static noinline int smb2_set_stream_name_xattr(struct path *path, - struct ksmbd_file *fp, char *stream_name, int s_type) + struct ksmbd_file *fp, + char *stream_name, int s_type) { size_t xattr_stream_size; char *xattr_stream_name; @@ -2142,13 +2141,13 @@ static int smb2_create_truncate(struct path *path) rc = 0; if (rc) ksmbd_debug(SMB, - "ksmbd_truncate_stream_name_xattr failed, rc %d\n", - rc); + "ksmbd_truncate_stream_name_xattr failed, rc %d\n", + rc); return rc; }

static void smb2_new_xattrs(struct ksmbd_tree_connect *tcon, struct path *path, - struct ksmbd_file *fp) + struct ksmbd_file *fp) { struct xattr_dos_attrib da = {0}; int rc; @@ -2169,7 +2168,7 @@ static void smb2_new_xattrs(struct ksmbd_tree_connect *tcon, struct path *path, }

static void smb2_update_xattrs(struct ksmbd_tree_connect *tcon, - struct path *path, struct ksmbd_file *fp) + struct path *path, struct ksmbd_file *fp) { struct xattr_dos_attrib da; int rc; @@ -2190,7 +2189,7 @@ static void smb2_update_xattrs(struct ksmbd_tree_connect *tcon, }

static int smb2_creat(struct ksmbd_work *work, struct path *path, char *name, - int open_flags, umode_t posix_mode, bool is_dir) + int open_flags, umode_t posix_mode, bool is_dir) { struct ksmbd_tree_connect *tcon = work->tcon; struct ksmbd_share_config *share = tcon->share_conf; @@ -2220,14 +2219,15 @@ static int smb2_creat(struct ksmbd_work *work, struct path *path, char *name, rc = ksmbd_vfs_kern_path(name, 0, path, 0); if (rc) { ksmbd_err("cannot get linux path (%s), err = %d\n", - name, rc); + name, rc); return rc; } return 0; }

static int smb2_create_sd_buffer(struct ksmbd_work *work, - struct smb2_create_req *req, struct dentry *dentry) + struct smb2_create_req *req, + struct dentry *dentry) { struct create_context *context; int rc = -ENOENT; @@ -2241,10 +2241,10 @@ static int smb2_create_sd_buffer(struct ksmbd_work *work, struct create_sd_buf_req *sd_buf;

ksmbd_debug(SMB, - "Set ACLs using SMB2_CREATE_SD_BUFFER context\n"); + "Set ACLs using SMB2_CREATE_SD_BUFFER context\n"); sd_buf = (struct create_sd_buf_req *)context; rc = set_info_sec(work->conn, work->tcon, dentry, &sd_buf->ntsd, - le32_to_cpu(sd_buf->ccontext.DataLength), true); + le32_to_cpu(sd_buf->ccontext.DataLength), true); }

return rc; @@ -2353,7 +2353,7 @@ int smb2_open(struct ksmbd_work *work) if (ksmbd_share_veto_filename(share, name)) { rc = -ENOENT; ksmbd_debug(SMB, "Reject open(), vetoed file: %s\n", - name); + name); goto err_out1; } } else { @@ -2376,7 +2376,7 @@ int smb2_open(struct ksmbd_work *work)

if (le32_to_cpu(req->ImpersonationLevel) > le32_to_cpu(IL_DELEGATE_LE)) { ksmbd_err("Invalid impersonationlevel : 0x%x\n", - le32_to_cpu(req->ImpersonationLevel)); + le32_to_cpu(req->ImpersonationLevel)); rc = -EIO; rsp->hdr.Status = STATUS_BAD_IMPERSONATION_LEVEL; goto err_out1; @@ -2384,7 +2384,7 @@ int smb2_open(struct ksmbd_work *work)

if (req->CreateOptions && !(req->CreateOptions & CREATE_OPTIONS_MASK)) { ksmbd_err("Invalid create options : 0x%x\n", - le32_to_cpu(req->CreateOptions)); + le32_to_cpu(req->CreateOptions)); rc = -EINVAL; goto err_out1; } else { @@ -2392,8 +2392,9 @@ int smb2_open(struct ksmbd_work *work) req->CreateOptions & FILE_RANDOM_ACCESS_LE) req->CreateOptions = ~(FILE_SEQUENTIAL_ONLY_LE);

- if (req->CreateOptions & (FILE_OPEN_BY_FILE_ID_LE | - CREATE_TREE_CONNECTION | FILE_RESERVE_OPFILTER_LE)) { + if (req->CreateOptions & + (FILE_OPEN_BY_FILE_ID_LE | CREATE_TREE_CONNECTION | + FILE_RESERVE_OPFILTER_LE)) { rc = -EOPNOTSUPP; goto err_out1; } @@ -2409,23 +2410,23 @@ int smb2_open(struct ksmbd_work *work) }

if (le32_to_cpu(req->CreateDisposition) > - le32_to_cpu(FILE_OVERWRITE_IF_LE)) { + le32_to_cpu(FILE_OVERWRITE_IF_LE)) { ksmbd_err("Invalid create disposition : 0x%x\n", - le32_to_cpu(req->CreateDisposition)); + le32_to_cpu(req->CreateDisposition)); rc = -EINVAL; goto err_out1; }

if (!(req->DesiredAccess & DESIRED_ACCESS_MASK)) { ksmbd_err("Invalid desired access : 0x%x\n", - le32_to_cpu(req->DesiredAccess)); + le32_to_cpu(req->DesiredAccess)); rc = -EACCES; goto err_out1; }

if (req->FileAttributes && !(req->FileAttributes & ATTR_MASK_LE)) { ksmbd_err("Invalid file attribute : 0x%x\n", - le32_to_cpu(req->FileAttributes)); + le32_to_cpu(req->FileAttributes)); rc = -EINVAL; goto err_out1; } @@ -2447,23 +2448,23 @@ int smb2_open(struct ksmbd_work *work) }

context = smb2_find_context_vals(req, - SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST); + SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST); if (IS_ERR(context)) { rc = check_context_err(context, - SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST); + SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST); if (rc < 0) goto err_out1; } else { ksmbd_debug(SMB, - "get query maximal access context\n"); + "get query maximal access context\n"); maximal_access_ctxt = 1; }

context = smb2_find_context_vals(req, - SMB2_CREATE_TIMEWARP_REQUEST); + SMB2_CREATE_TIMEWARP_REQUEST); if (IS_ERR(context)) { rc = check_context_err(context, - SMB2_CREATE_TIMEWARP_REQUEST); + SMB2_CREATE_TIMEWARP_REQUEST); if (rc < 0) goto err_out1; } else { @@ -2474,10 +2475,10 @@ int smb2_open(struct ksmbd_work *work)

if (tcon->posix_extensions) { context = smb2_find_context_vals(req, - SMB2_CREATE_TAG_POSIX); + SMB2_CREATE_TAG_POSIX); if (IS_ERR(context)) { rc = check_context_err(context, - SMB2_CREATE_TAG_POSIX); + SMB2_CREATE_TAG_POSIX); if (rc < 0) goto err_out1; } else { @@ -2516,7 +2517,7 @@ int smb2_open(struct ksmbd_work *work)

if (!test_tree_conn_flag(tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { ksmbd_debug(SMB, - "User does not have write permission\n"); + "User does not have write permission\n"); rc = -EACCES; path_put(&path); goto err_out; @@ -2546,11 +2547,11 @@ int smb2_open(struct ksmbd_work *work) if (rc) { if (rc == -EACCES) { ksmbd_debug(SMB, - "User does not have right permission\n"); + "User does not have right permission\n"); goto err_out; } ksmbd_debug(SMB, "can not get linux path for %s, rc = %d\n", - name, rc); + name, rc); rc = 0; } else { file_present = true; @@ -2582,7 +2583,7 @@ int smb2_open(struct ksmbd_work *work) if (file_present && req->CreateOptions & FILE_NON_DIRECTORY_FILE_LE && S_ISDIR(stat.mode) && !(req->CreateOptions & FILE_DELETE_ON_CLOSE_LE)) { ksmbd_debug(SMB, "open() argument is a directory: %s, %x\n", - name, req->CreateOptions); + name, req->CreateOptions); rsp->hdr.Status = STATUS_FILE_IS_A_DIRECTORY; rc = -EIO; goto err_out; @@ -2606,7 +2607,7 @@ int smb2_open(struct ksmbd_work *work)

if (file_present && !(req->CreateOptions & FILE_DELETE_ON_CLOSE_LE)) { rc = smb_check_perm_dacl(conn, path.dentry, &daccess, - sess->user->uid); + sess->user->uid); if (rc) goto err_out; } @@ -2624,13 +2625,13 @@ int smb2_open(struct ksmbd_work *work) maximal_access = daccess; }

- open_flags = smb2_create_open_flags(file_present, - daccess, req->CreateDisposition); + open_flags = smb2_create_open_flags(file_present, daccess, + req->CreateDisposition);

if (!test_tree_conn_flag(tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { if (open_flags & O_CREAT) { ksmbd_debug(SMB, - "User does not have write permission\n"); + "User does not have write permission\n"); rc = -EACCES; goto err_out; } @@ -2639,7 +2640,7 @@ int smb2_open(struct ksmbd_work *work) /*create file if not present */ if (!file_present) { rc = smb2_creat(work, &path, name, open_flags, posix_mode, - req->CreateOptions & FILE_DIRECTORY_FILE_LE); + req->CreateOptions & FILE_DIRECTORY_FILE_LE); if (rc) goto err_out;

@@ -2663,7 +2664,8 @@ int smb2_open(struct ksmbd_work *work) */ if (daccess & ~(FILE_READ_ATTRIBUTES_LE | FILE_READ_CONTROL_LE)) { rc = ksmbd_vfs_inode_permission(path.dentry, - open_flags & O_ACCMODE, may_delete); + open_flags & O_ACCMODE, + may_delete); if (rc) goto err_out; } @@ -2689,8 +2691,8 @@ int smb2_open(struct ksmbd_work *work) else file_info = FILE_OVERWRITTEN;

- if ((req->CreateDisposition & FILE_CREATE_MASK_LE) - == FILE_SUPERSEDE_LE) + if ((req->CreateDisposition & FILE_CREATE_MASK_LE) == + FILE_SUPERSEDE_LE) file_info = FILE_SUPERSEDED; } else if (open_flags & O_CREAT) { file_info = FILE_CREATED; @@ -2732,7 +2734,7 @@ int smb2_open(struct ksmbd_work *work) if (test_share_config_flag(work->tcon->share_conf, KSMBD_SHARE_FLAG_ACL_XATTR)) { rc = smb_inherit_dacl(conn, path.dentry, sess->user->uid, - sess->user->gid); + sess->user->gid); }

if (rc) { @@ -2762,17 +2764,21 @@ int smb2_open(struct ksmbd_work *work) goto err_out;

rc = build_sec_desc(pntsd, NULL, - OWNER_SECINFO | GROUP_SECINFO | DACL_SECINFO, - &pntsd_size, &fattr); + OWNER_SECINFO | + GROUP_SECINFO | + DACL_SECINFO, + &pntsd_size, &fattr); posix_acl_release(fattr.cf_acls); posix_acl_release(fattr.cf_dacls);

rc = ksmbd_vfs_set_sd_xattr(conn, - path.dentry, pntsd, pntsd_size); + path.dentry, + pntsd, + pntsd_size); kfree(pntsd); if (rc) ksmbd_err("failed to store ntacl in xattr : %d\n", - rc); + rc); } } } @@ -2829,8 +2835,8 @@ int smb2_open(struct ksmbd_work *work) if (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) { req_op_level = smb2_map_lease_to_oplock(lc->req_state); ksmbd_debug(SMB, - "lease req for(%s) req oplock state 0x%x, lease state 0x%x\n", - name, req_op_level, lc->req_state); + "lease req for(%s) req oplock state 0x%x, lease state 0x%x\n", + name, req_op_level, lc->req_state); rc = find_same_lease_key(sess, fp->f_ci, lc); if (rc) goto err_out; @@ -2859,12 +2865,11 @@ int smb2_open(struct ksmbd_work *work) if (req->CreateContextsOffset) { struct create_alloc_size_req *az_req;

- az_req = (struct create_alloc_size_req *) - smb2_find_context_vals(req, - SMB2_CREATE_ALLOCATION_SIZE); + az_req = (struct create_alloc_size_req *)smb2_find_context_vals(req, + SMB2_CREATE_ALLOCATION_SIZE); if (IS_ERR(az_req)) { rc = check_context_err(az_req, - SMB2_CREATE_ALLOCATION_SIZE); + SMB2_CREATE_ALLOCATION_SIZE); if (rc < 0) goto err_out; } else { @@ -2872,13 +2877,13 @@ int smb2_open(struct ksmbd_work *work) int err;

ksmbd_debug(SMB, - "request smb2 create allocate size : %llu\n", - alloc_size); + "request smb2 create allocate size : %llu\n", + alloc_size); err = ksmbd_vfs_alloc_size(work, fp, alloc_size); if (err < 0) ksmbd_debug(SMB, - "ksmbd_vfs_alloc_size is failed : %d\n", - err); + "ksmbd_vfs_alloc_size is failed : %d\n", + err); }

context = smb2_find_context_vals(req, SMB2_CREATE_QUERY_ON_DISK_ID); @@ -2897,8 +2902,8 @@ int smb2_open(struct ksmbd_work *work) else fp->create_time = ksmbd_UnixTimeToNT(stat.ctime); if (req->FileAttributes || fp->f_ci->m_fattr == 0) - fp->f_ci->m_fattr = cpu_to_le32(smb2_get_dos_mode(&stat, - le32_to_cpu(req->FileAttributes))); + fp->f_ci->m_fattr = + cpu_to_le32(smb2_get_dos_mode(&stat, le32_to_cpu(req->FileAttributes)));

if (!created) smb2_update_xattrs(tcon, &path, fp); @@ -2942,7 +2947,7 @@ int smb2_open(struct ksmbd_work *work) struct create_context *lease_ccontext;

ksmbd_debug(SMB, "lease granted on(%s) lease state 0x%x\n", - name, opinfo->o_lease->state); + name, opinfo->o_lease->state); rsp->OplockLevel = SMB2_OPLOCK_LEVEL_LEASE;

lease_ccontext = (struct create_context *)rsp->Buffer; @@ -3170,7 +3175,8 @@ static int dentry_name(struct ksmbd_dir_info *d_info, int info_level) * Return: 0 on success, otherwise error */ static int smb2_populate_readdir_entry(struct ksmbd_conn *conn, int info_level, - struct ksmbd_dir_info *d_info, struct ksmbd_kstat *ksmbd_kstat) + struct ksmbd_dir_info *d_info, + struct ksmbd_kstat *ksmbd_kstat) { int next_entry_offset = 0; char *conv_name; @@ -3323,9 +3329,9 @@ static int smb2_populate_readdir_entry(struct ksmbd_conn *conn, int info_level, if (d_info->hide_dot_file && d_info->name[0] == '.') posix_info->DosAttributes |= ATTR_HIDDEN_LE; id_to_sid(from_kuid(&init_user_ns, ksmbd_kstat->kstat->uid), - SIDNFS_USER, (struct smb_sid *)&posix_info->SidBuffer[0]); + SIDNFS_USER, (struct smb_sid *)&posix_info->SidBuffer[0]); id_to_sid(from_kgid(&init_user_ns, ksmbd_kstat->kstat->gid), - SIDNFS_GROUP, (struct smb_sid *)&posix_info->SidBuffer[20]); + SIDNFS_GROUP, (struct smb_sid *)&posix_info->SidBuffer[20]); memcpy(posix_info->name, conv_name, conv_len); posix_info->name_len = cpu_to_le32(conv_len); posix_info->NextEntryOffset = cpu_to_le32(next_entry_offset); @@ -3341,9 +3347,9 @@ static int smb2_populate_readdir_entry(struct ksmbd_conn *conn, int info_level, kfree(conv_name);

ksmbd_debug(SMB, - "info_level : %d, buf_len :%d, next_offset : %d, data_count : %d\n", - info_level, d_info->out_buf_len, - next_entry_offset, d_info->data_count); + "info_level : %d, buf_len :%d, next_offset : %d, data_count : %d\n", + info_level, d_info->out_buf_len, + next_entry_offset, d_info->data_count);

return 0; } @@ -3392,8 +3398,8 @@ static int process_query_dir_entries(struct smb2_query_dir_private *priv)

if (IS_ERR(dent)) { ksmbd_debug(SMB, "Cannot lookup `%s' [%ld]\n", - priv->d_info->name, - PTR_ERR(dent)); + priv->d_info->name, + PTR_ERR(dent)); continue; } if (unlikely(d_is_negative(dent))) { @@ -3421,7 +3427,7 @@ static int process_query_dir_entries(struct smb2_query_dir_private *priv) }

static int reserve_populate_dentry(struct ksmbd_dir_info *d_info, - int info_level) + int info_level) { int struct_sz; int conv_len; @@ -3528,7 +3534,7 @@ static int reserve_populate_dentry(struct ksmbd_dir_info *d_info, }

static int __query_dir(struct dir_context *ctx, const char *name, int namlen, - loff_t offset, u64 ino, unsigned int d_type) + loff_t offset, u64 ino, unsigned int d_type) { struct ksmbd_readdir_data *buf; struct smb2_query_dir_private *priv; @@ -3612,17 +3618,18 @@ int smb2_query_dir(struct ksmbd_work *work) }

dir_fp = ksmbd_lookup_fd_slow(work, - le64_to_cpu(req->VolatileFileId), - le64_to_cpu(req->PersistentFileId)); + le64_to_cpu(req->VolatileFileId), + le64_to_cpu(req->PersistentFileId)); if (!dir_fp) { rc = -EBADF; goto err_out2; }

if (!(dir_fp->daccess & FILE_LIST_DIRECTORY_LE) || - inode_permission(&init_user_ns, file_inode(dir_fp->filp), MAY_READ | MAY_EXEC)) { + inode_permission(&init_user_ns, file_inode(dir_fp->filp), + MAY_READ | MAY_EXEC)) { ksmbd_err("no right to enumerate directory (%s)\n", - FP_FILENAME(dir_fp)); + FP_FILENAME(dir_fp)); rc = -EACCES; goto err_out2; } @@ -3635,8 +3642,8 @@ int smb2_query_dir(struct ksmbd_work *work)

srch_flag = req->Flags; srch_ptr = smb_strndup_from_utf16(req->Buffer, - le16_to_cpu(req->FileNameLength), 1, - conn->local_nls); + le16_to_cpu(req->FileNameLength), 1, + conn->local_nls); if (IS_ERR(srch_ptr)) { ksmbd_debug(SMB, "Search Pattern not found\n"); rc = -EINVAL; @@ -3657,8 +3664,8 @@ int smb2_query_dir(struct ksmbd_work *work) d_info.wptr = (char *)rsp->Buffer; d_info.rptr = (char *)rsp->Buffer; d_info.out_buf_len = (work->response_sz - (get_rfc1002_len(rsp_org) + 4)); - d_info.out_buf_len = min_t(int, d_info.out_buf_len, - le32_to_cpu(req->OutputBufferLength)) - sizeof(struct smb2_query_directory_rsp); + d_info.out_buf_len = min_t(int, d_info.out_buf_len, le32_to_cpu(req->OutputBufferLength)) - + sizeof(struct smb2_query_directory_rsp); d_info.flags = srch_flag;

/* @@ -3666,7 +3673,8 @@ int smb2_query_dir(struct ksmbd_work *work) * in first response */ rc = ksmbd_populate_dot_dotdot_entries(work, req->FileInformationClass, - dir_fp, &d_info, srch_ptr, smb2_populate_readdir_entry); + dir_fp, &d_info, srch_ptr, + smb2_populate_readdir_entry); if (rc == -ENOSPC) rc = 0; else if (rc) @@ -3762,7 +3770,7 @@ int smb2_query_dir(struct ksmbd_work *work) * Return: 0 on success, otherwise error */ static int buffer_check_err(int reqOutputBufferLength, - struct smb2_query_info_rsp *rsp, int infoclass_size) + struct smb2_query_info_rsp *rsp, int infoclass_size) { if (reqOutputBufferLength < le32_to_cpu(rsp->OutputBufferLength)) { if (reqOutputBufferLength < infoclass_size) { @@ -3797,8 +3805,7 @@ static void get_standard_info_pipe(struct smb2_query_info_rsp *rsp) inc_rfc1001_len(rsp, sizeof(struct smb2_file_standard_info)); }

-static void get_internal_info_pipe(struct smb2_query_info_rsp *rsp, - u64 num) +static void get_internal_info_pipe(struct smb2_query_info_rsp *rsp, u64 num) { struct smb2_file_internal_info *file_info;

@@ -3812,8 +3819,8 @@ static void get_internal_info_pipe(struct smb2_query_info_rsp *rsp, }

static int smb2_get_info_file_pipe(struct ksmbd_session *sess, - struct smb2_query_info_req *req, - struct smb2_query_info_rsp *rsp) + struct smb2_query_info_req *req, + struct smb2_query_info_rsp *rsp) { u64 id; int rc; @@ -3827,22 +3834,22 @@ static int smb2_get_info_file_pipe(struct ksmbd_session *sess, return -ENOENT;

ksmbd_debug(SMB, "FileInfoClass %u, FileId 0x%llx\n", - req->FileInfoClass, le64_to_cpu(req->VolatileFileId)); + req->FileInfoClass, le64_to_cpu(req->VolatileFileId));

switch (req->FileInfoClass) { case FILE_STANDARD_INFORMATION: get_standard_info_pipe(rsp); rc = buffer_check_err(le32_to_cpu(req->OutputBufferLength), - rsp, FILE_STANDARD_INFORMATION_SIZE); + rsp, FILE_STANDARD_INFORMATION_SIZE); break; case FILE_INTERNAL_INFORMATION: get_internal_info_pipe(rsp, id); rc = buffer_check_err(le32_to_cpu(req->OutputBufferLength), - rsp, FILE_INTERNAL_INFORMATION_SIZE); + rsp, FILE_INTERNAL_INFORMATION_SIZE); break; default: ksmbd_debug(SMB, "smb2_info_file_pipe for %u not supported\n", - req->FileInfoClass); + req->FileInfoClass); rc = -EOPNOTSUPP; } return rc; @@ -3859,8 +3866,8 @@ static int smb2_get_info_file_pipe(struct ksmbd_session *sess, * Return: 0 on success, otherwise error */ static int smb2_get_ea(struct ksmbd_work *work, struct ksmbd_file *fp, - struct smb2_query_info_req *req, - struct smb2_query_info_rsp *rsp, void *rsp_org) + struct smb2_query_info_req *req, + struct smb2_query_info_rsp *rsp, void *rsp_org) { struct smb2_ea_info *eainfo, *prev_eainfo; char *name, *ptr, *xattr_list = NULL, *buf; @@ -3883,8 +3890,8 @@ static int smb2_get_ea(struct ksmbd_work *work, struct ksmbd_file *fp, /* need to send all EAs, if no specific EA is requested*/ if (le32_to_cpu(req->Flags) & SL_RETURN_SINGLE_ENTRY) ksmbd_debug(SMB, - "All EAs are requested but need to send single EA entry in rsp flags 0x%x\n", - le32_to_cpu(req->Flags)); + "All EAs are requested but need to send single EA entry in rsp flags 0x%x\n", + le32_to_cpu(req->Flags)); }

buf_free_len = work->response_sz - @@ -3966,7 +3973,7 @@ static int smb2_get_ea(struct ksmbd_work *work, struct ksmbd_file *fp,

if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) memcpy(eainfo->name, &name[XATTR_USER_PREFIX_LEN], - name_len); + name_len); else memcpy(eainfo->name, name, name_len);

@@ -4008,7 +4015,7 @@ static int smb2_get_ea(struct ksmbd_work *work, struct ksmbd_file *fp, }

static void get_file_access_info(struct smb2_query_info_rsp *rsp, - struct ksmbd_file *fp, void *rsp_org) + struct ksmbd_file *fp, void *rsp_org) { struct smb2_file_access_info *file_info;

@@ -4020,7 +4027,7 @@ static void get_file_access_info(struct smb2_query_info_rsp *rsp, }

static int get_file_basic_info(struct smb2_query_info_rsp *rsp, - struct ksmbd_file *fp, void *rsp_org) + struct ksmbd_file *fp, void *rsp_org) { struct smb2_file_all_info *basic_info; struct kstat stat; @@ -4028,7 +4035,7 @@ static int get_file_basic_info(struct smb2_query_info_rsp *rsp,

if (!(fp->daccess & FILE_READ_ATTRIBUTES_LE)) { ksmbd_err("no right to read the attributes : 0x%x\n", - fp->daccess); + fp->daccess); return -EACCES; }

@@ -4051,7 +4058,7 @@ static int get_file_basic_info(struct smb2_query_info_rsp *rsp, }

static unsigned long long get_allocation_size(struct inode *inode, - struct kstat *stat) + struct kstat *stat) { unsigned long long alloc_size = 0;

@@ -4066,7 +4073,7 @@ static unsigned long long get_allocation_size(struct inode *inode, }

static void get_file_standard_info(struct smb2_query_info_rsp *rsp, - struct ksmbd_file *fp, void *rsp_org) + struct ksmbd_file *fp, void *rsp_org) { struct smb2_file_standard_info *sinfo; unsigned int delete_pending; @@ -4091,7 +4098,7 @@ static void get_file_standard_info(struct smb2_query_info_rsp *rsp, }

static void get_file_alignment_info(struct smb2_query_info_rsp *rsp, - void *rsp_org) + void *rsp_org) { struct smb2_file_alignment_info *file_info;

@@ -4104,8 +4111,9 @@ static void get_file_alignment_info(struct smb2_query_info_rsp *rsp, }

static int get_file_all_info(struct ksmbd_work *work, - struct smb2_query_info_rsp *rsp, struct ksmbd_file *fp, - void *rsp_org) + struct smb2_query_info_rsp *rsp, + struct ksmbd_file *fp, + void *rsp_org) { struct ksmbd_conn *conn = work->conn; struct smb2_file_all_info *file_info; @@ -4118,7 +4126,7 @@ static int get_file_all_info(struct ksmbd_work *work,

if (!(fp->daccess & FILE_READ_ATTRIBUTES_LE)) { ksmbd_debug(SMB, "no right to read the attributes : 0x%x\n", - fp->daccess); + fp->daccess); return -EACCES; }

@@ -4157,11 +4165,8 @@ static int get_file_all_info(struct ksmbd_work *work, file_info->CurrentByteOffset = cpu_to_le64(fp->filp->f_pos); file_info->Mode = fp->coption; file_info->AlignmentRequirement = 0; - conv_len = smbConvertToUTF16((__le16 *)file_info->FileName, - filename, - PATH_MAX, - conn->local_nls, - 0); + conv_len = smbConvertToUTF16((__le16 *)file_info->FileName, filename, + PATH_MAX, conn->local_nls, 0); conv_len *= 2; file_info->FileNameLength = cpu_to_le32(conv_len); rsp->OutputBufferLength = @@ -4172,8 +4177,9 @@ static int get_file_all_info(struct ksmbd_work *work, }

static void get_file_alternate_info(struct ksmbd_work *work, - struct smb2_query_info_rsp *rsp, struct ksmbd_file *fp, - void *rsp_org) + struct smb2_query_info_rsp *rsp, + struct ksmbd_file *fp, + void *rsp_org) { struct ksmbd_conn *conn = work->conn; struct smb2_file_alt_name_info *file_info; @@ -4192,8 +4198,9 @@ static void get_file_alternate_info(struct ksmbd_work *work, }

static void get_file_stream_info(struct ksmbd_work *work, - struct smb2_query_info_rsp *rsp, struct ksmbd_file *fp, - void *rsp_org) + struct smb2_query_info_rsp *rsp, + struct ksmbd_file *fp, + void *rsp_org) { struct ksmbd_conn *conn = work->conn; struct smb2_file_stream_info *file_info; @@ -4236,15 +4243,12 @@ static void get_file_stream_info(struct ksmbd_work *work, break;

streamlen = snprintf(stream_buf, streamlen + 1, - ":%s", &stream_name[XATTR_NAME_STREAM_LEN]); + ":%s", &stream_name[XATTR_NAME_STREAM_LEN]);

- file_info = (struct smb2_file_stream_info *) - &rsp->Buffer[nbytes]; + file_info = (struct smb2_file_stream_info *)&rsp->Buffer[nbytes]; streamlen = smbConvertToUTF16((__le16 *)file_info->StreamName, - stream_buf, - streamlen, - conn->local_nls, - 0); + stream_buf, streamlen, + conn->local_nls, 0); streamlen *= 2; kfree(stream_buf); file_info->StreamNameLength = cpu_to_le32(streamlen); @@ -4260,7 +4264,7 @@ static void get_file_stream_info(struct ksmbd_work *work, file_info = (struct smb2_file_stream_info *) &rsp->Buffer[nbytes]; streamlen = smbConvertToUTF16((__le16 *)file_info->StreamName, - "::$DATA", 7, conn->local_nls, 0); + "::$DATA", 7, conn->local_nls, 0); streamlen *= 2; file_info->StreamNameLength = cpu_to_le32(streamlen); file_info->StreamSize = S_ISDIR(stat.mode) ? 0 : @@ -4280,7 +4284,7 @@ static void get_file_stream_info(struct ksmbd_work *work, }

static void get_file_internal_info(struct smb2_query_info_rsp *rsp, - struct ksmbd_file *fp, void *rsp_org) + struct ksmbd_file *fp, void *rsp_org) { struct smb2_file_internal_info *file_info; struct kstat stat; @@ -4294,7 +4298,7 @@ static void get_file_internal_info(struct smb2_query_info_rsp *rsp, }

static int get_file_network_open_info(struct smb2_query_info_rsp *rsp, - struct ksmbd_file *fp, void *rsp_org) + struct ksmbd_file *fp, void *rsp_org) { struct smb2_file_ntwrk_info *file_info; struct inode *inode; @@ -4342,7 +4346,7 @@ static void get_file_ea_info(struct smb2_query_info_rsp *rsp, void *rsp_org) }

static void get_file_position_info(struct smb2_query_info_rsp *rsp, - struct ksmbd_file *fp, void *rsp_org) + struct ksmbd_file *fp, void *rsp_org) { struct smb2_file_pos_info *file_info;

@@ -4354,7 +4358,7 @@ static void get_file_position_info(struct smb2_query_info_rsp *rsp, }

static void get_file_mode_info(struct smb2_query_info_rsp *rsp, - struct ksmbd_file *fp, void *rsp_org) + struct ksmbd_file *fp, void *rsp_org) { struct smb2_file_mode_info *file_info;

@@ -4366,7 +4370,7 @@ static void get_file_mode_info(struct smb2_query_info_rsp *rsp, }

static void get_file_compression_info(struct smb2_query_info_rsp *rsp, - struct ksmbd_file *fp, void *rsp_org) + struct ksmbd_file *fp, void *rsp_org) { struct smb2_file_comp_info *file_info; struct kstat stat; @@ -4387,7 +4391,7 @@ static void get_file_compression_info(struct smb2_query_info_rsp *rsp, }

static int get_file_attribute_tag_info(struct smb2_query_info_rsp *rsp, - struct ksmbd_file *fp, void *rsp_org) + struct ksmbd_file *fp, void *rsp_org) { struct smb2_file_attr_tag_info *file_info;

@@ -4402,13 +4406,12 @@ static int get_file_attribute_tag_info(struct smb2_query_info_rsp *rsp, file_info->ReparseTag = 0; rsp->OutputBufferLength = cpu_to_le32(sizeof(struct smb2_file_attr_tag_info)); - inc_rfc1001_len(rsp_org, - sizeof(struct smb2_file_attr_tag_info)); + inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_attr_tag_info)); return 0; }

static int find_file_posix_info(struct smb2_query_info_rsp *rsp, - struct ksmbd_file *fp, void *rsp_org) + struct ksmbd_file *fp, void *rsp_org) { struct smb311_posix_qinfo *file_info; struct inode *inode = FP_INODE(fp); @@ -4436,8 +4439,8 @@ static int find_file_posix_info(struct smb2_query_info_rsp *rsp, }

static int smb2_get_info_file(struct ksmbd_work *work, - struct smb2_query_info_req *req, - struct smb2_query_info_rsp *rsp, void *rsp_org) + struct smb2_query_info_req *req, + struct smb2_query_info_rsp *rsp, void *rsp_org) { struct ksmbd_file *fp; int fileinfoclass = 0; @@ -4454,7 +4457,7 @@ static int smb2_get_info_file(struct ksmbd_work *work, if (work->next_smb2_rcv_hdr_off) { if (!HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) { ksmbd_debug(SMB, "Compound request set FID = %u\n", - work->compound_fid); + work->compound_fid); id = work->compound_fid; pid = work->compound_pfid; } @@ -4569,8 +4572,8 @@ static int smb2_get_info_file(struct ksmbd_work *work, }

static int smb2_get_info_filesystem(struct ksmbd_work *work, - struct smb2_query_info_req *req, - struct smb2_query_info_rsp *rsp, void *rsp_org) + struct smb2_query_info_req *req, + struct smb2_query_info_rsp *rsp, void *rsp_org) { struct ksmbd_session *sess = work->sess; struct ksmbd_conn *conn = sess->conn; @@ -4801,8 +4804,8 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work, }

static int smb2_get_info_sec(struct ksmbd_work *work, - struct smb2_query_info_req *req, - struct smb2_query_info_rsp *rsp, void *rsp_org) + struct smb2_query_info_req *req, + struct smb2_query_info_rsp *rsp, void *rsp_org) { struct ksmbd_file *fp; struct smb_ntsd *pntsd = (struct smb_ntsd *)rsp->Buffer, *ppntsd = NULL; @@ -4815,7 +4818,7 @@ static int smb2_get_info_sec(struct ksmbd_work *work,

if (addition_info & ~(OWNER_SECINFO | GROUP_SECINFO | DACL_SECINFO)) { ksmbd_debug(SMB, "Unsupported addition info: 0x%x)\n", - addition_info); + addition_info);

pntsd->revision = cpu_to_le16(1); pntsd->type = cpu_to_le16(SELF_RELATIVE | DACL_PROTECTED); @@ -4834,7 +4837,7 @@ static int smb2_get_info_sec(struct ksmbd_work *work, if (work->next_smb2_rcv_hdr_off) { if (!HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) { ksmbd_debug(SMB, "Compound request set FID = %u\n", - work->compound_fid); + work->compound_fid); id = work->compound_fid; pid = work->compound_pfid; } @@ -4901,7 +4904,7 @@ int smb2_query_info(struct ksmbd_work *work) break; default: ksmbd_debug(SMB, "InfoType %d not supported yet\n", - req->InfoType); + req->InfoType); rc = -EOPNOTSUPP; }

@@ -4917,7 +4920,7 @@ int smb2_query_info(struct ksmbd_work *work) smb2_set_err_rsp(work);

ksmbd_debug(SMB, "error while processing smb2 query rc = %d\n", - rc); + rc); return rc; } rsp->StructureSize = cpu_to_le16(9); @@ -5008,8 +5011,8 @@ int smb2_close(struct ksmbd_work *work) goto out; } else { ksmbd_debug(SMB, "Compound request set FID = %u:%u\n", - work->compound_fid, - work->compound_pfid); + work->compound_fid, + work->compound_pfid); volatile_id = work->compound_fid;

/* file closed, stored id is not valid anymore */ @@ -5086,8 +5089,8 @@ int smb2_echo(struct ksmbd_work *work) }

static int smb2_rename(struct ksmbd_work *work, struct ksmbd_file *fp, - struct smb2_file_rename_info *file_info, - struct nls_table *local_nls) + struct smb2_file_rename_info *file_info, + struct nls_table *local_nls) { struct ksmbd_share_config *share = fp->tcon->share_conf; char *new_name = NULL, *abs_oldname = NULL, *old_name = NULL; @@ -5111,7 +5114,7 @@ static int smb2_rename(struct ksmbd_work *work, struct ksmbd_file *fp, old_name++; } else { ksmbd_debug(SMB, "can't get last component in path %s\n", - abs_oldname); + abs_oldname); rc = -ENOENT; goto out; } @@ -5154,7 +5157,7 @@ static int smb2_rename(struct ksmbd_work *work, struct ksmbd_file *fp, NULL, 0, 0); if (rc < 0) { ksmbd_err("failed to store stream name in xattr: %d\n", - rc); + rc); rc = -EINVAL; goto out; } @@ -5182,7 +5185,7 @@ static int smb2_rename(struct ksmbd_work *work, struct ksmbd_file *fp, if (rc != -ENOTEMPTY) rc = -EINVAL; ksmbd_debug(SMB, "cannot delete %s, rc %d\n", - new_name, rc); + new_name, rc); goto out; } } @@ -5191,7 +5194,7 @@ static int smb2_rename(struct ksmbd_work *work, struct ksmbd_file *fp, strncmp(old_name, path.dentry->d_name.name, strlen(old_name))) { rc = -EEXIST; ksmbd_debug(SMB, - "cannot rename already existing file\n"); + "cannot rename already existing file\n"); goto out; } } @@ -5205,9 +5208,10 @@ static int smb2_rename(struct ksmbd_work *work, struct ksmbd_file *fp, }

static int smb2_create_link(struct ksmbd_work *work, - struct ksmbd_share_config *share, - struct smb2_file_link_info *file_info, struct file *filp, - struct nls_table *local_nls) + struct ksmbd_share_config *share, + struct smb2_file_link_info *file_info, + struct file *filp, + struct nls_table *local_nls) { char *link_name = NULL, *target_name = NULL, *pathname = NULL; struct path path; @@ -5248,7 +5252,7 @@ static int smb2_create_link(struct ksmbd_work *work, if (rc) { rc = -EINVAL; ksmbd_debug(SMB, "cannot delete %s\n", - link_name); + link_name); goto out; } } @@ -5271,7 +5275,7 @@ static int smb2_create_link(struct ksmbd_work *work, }

static int set_file_basic_info(struct ksmbd_file *fp, char *buf, - struct ksmbd_share_config *share) + struct ksmbd_share_config *share) { struct smb2_file_all_info *file_info; struct iattr attrs; @@ -5335,7 +5339,7 @@ static int set_file_basic_info(struct ksmbd_file *fp, char *buf, rc = ksmbd_vfs_set_dos_attrib_xattr(filp->f_path.dentry, &da); if (rc) ksmbd_debug(SMB, - "failed to restore file attribute in EA\n"); + "failed to restore file attribute in EA\n"); rc = 0; }

@@ -5367,7 +5371,7 @@ static int set_file_basic_info(struct ksmbd_file *fp, char *buf, }

static int set_file_allocation_info(struct ksmbd_work *work, - struct ksmbd_file *fp, char *buf) + struct ksmbd_file *fp, char *buf) { /* * TODO : It's working fine only when store dos attributes @@ -5417,7 +5421,7 @@ static int set_file_allocation_info(struct ksmbd_work *work, }

static int set_end_of_file_info(struct ksmbd_work *work, struct ksmbd_file *fp, - char *buf) + char *buf) { struct smb2_file_eof_info *file_eof_info; loff_t newsize; @@ -5440,11 +5444,11 @@ static int set_end_of_file_info(struct ksmbd_work *work, struct ksmbd_file *fp, */ if (inode->i_sb->s_magic != MSDOS_SUPER_MAGIC) { ksmbd_debug(SMB, "filename : %s truncated to newsize %lld\n", - fp->filename, newsize); + fp->filename, newsize); rc = ksmbd_vfs_truncate(work, NULL, fp, newsize); if (rc) { ksmbd_debug(SMB, "truncate failed! filename : %s err %d\n", - fp->filename, rc); + fp->filename, rc); if (rc != -EAGAIN) rc = -EBADF; return rc; @@ -5454,7 +5458,7 @@ static int set_end_of_file_info(struct ksmbd_work *work, struct ksmbd_file *fp, }

static int set_rename_info(struct ksmbd_work *work, struct ksmbd_file *fp, - char *buf) + char *buf) { struct ksmbd_file *parent_fp;

@@ -5518,7 +5522,7 @@ static int set_file_position_info(struct ksmbd_file *fp, char *buf) (fp->coption == FILE_NO_INTERMEDIATE_BUFFERING_LE && current_byte_offset & (sector_size - 1))) { ksmbd_err("CurrentByteOffset is not valid : %llu\n", - current_byte_offset); + current_byte_offset); return -EINVAL; }

@@ -5561,7 +5565,8 @@ static int set_file_mode_info(struct ksmbd_file *fp, char *buf) * TODO: need to implement an error handling for STATUS_INFO_LENGTH_MISMATCH */ static int smb2_set_info_file(struct ksmbd_work *work, struct ksmbd_file *fp, - int info_class, char *buf, struct ksmbd_share_config *share) + int info_class, char *buf, + struct ksmbd_share_config *share) { switch (info_class) { case FILE_BASIC_INFORMATION: @@ -5576,20 +5581,20 @@ static int smb2_set_info_file(struct ksmbd_work *work, struct ksmbd_file *fp, case FILE_RENAME_INFORMATION: if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { ksmbd_debug(SMB, - "User does not have write permission\n"); + "User does not have write permission\n"); return -EACCES; } return set_rename_info(work, fp, buf);

case FILE_LINK_INFORMATION: return smb2_create_link(work, work->tcon->share_conf, - (struct smb2_file_link_info *)buf, fp->filp, - work->sess->conn->local_nls); + (struct smb2_file_link_info *)buf, fp->filp, + work->sess->conn->local_nls);

case FILE_DISPOSITION_INFORMATION: if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { ksmbd_debug(SMB, - "User does not have write permission\n"); + "User does not have write permission\n"); return -EACCES; } return set_file_disposition_info(fp, buf); @@ -5618,7 +5623,7 @@ static int smb2_set_info_file(struct ksmbd_work *work, struct ksmbd_file *fp, }

static int smb2_set_info_sec(struct ksmbd_file *fp, int addition_info, - char *buffer, int buf_len) + char *buffer, int buf_len) { struct smb_ntsd *pntsd = (struct smb_ntsd *)buffer;

@@ -5650,7 +5655,7 @@ int smb2_set_info(struct ksmbd_work *work) rsp = RESPONSE_BUF_NEXT(work); if (!HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) { ksmbd_debug(SMB, "Compound request set FID = %u\n", - work->compound_fid); + work->compound_fid); id = work->compound_fid; pid = work->compound_pfid; } @@ -5680,8 +5685,9 @@ int smb2_set_info(struct ksmbd_work *work) case SMB2_O_INFO_SECURITY: ksmbd_debug(SMB, "GOT SMB2_O_INFO_SECURITY\n"); rc = smb2_set_info_sec(fp, - le32_to_cpu(req->AdditionalInformation), req->Buffer, - le32_to_cpu(req->BufferLength)); + le32_to_cpu(req->AdditionalInformation), + req->Buffer, + le32_to_cpu(req->BufferLength)); break; default: rc = -EOPNOTSUPP; @@ -5716,8 +5722,7 @@ int smb2_set_info(struct ksmbd_work *work) rsp->hdr.Status = STATUS_INVALID_INFO_CLASS; smb2_set_err_rsp(work); ksmbd_fd_put(work, fp); - ksmbd_debug(SMB, "error while processing smb2 query rc = %d\n", - rc); + ksmbd_debug(SMB, "error while processing smb2 query rc = %d\n", rc); return rc; }

@@ -5753,7 +5758,7 @@ static noinline int smb2_read_pipe(struct ksmbd_work *work) }

memcpy(work->aux_payload_buf, rpc_resp->payload, - rpc_resp->payload_sz); + rpc_resp->payload_sz);

nbytes = rpc_resp->payload_sz; work->resp_hdr_sz = get_rfc1002_len(rsp) + 4; @@ -5778,7 +5783,8 @@ static noinline int smb2_read_pipe(struct ksmbd_work *work) }

static ssize_t smb2_read_rdma_channel(struct ksmbd_work *work, - struct smb2_read_req *req, void *data_buf, size_t length) + struct smb2_read_req *req, void *data_buf, + size_t length) { struct smb2_buffer_desc_v1 *desc = (struct smb2_buffer_desc_v1 *)&req->Buffer[0]; @@ -5797,8 +5803,9 @@ static ssize_t smb2_read_rdma_channel(struct ksmbd_work *work, work->remote_key = le32_to_cpu(desc->token);

err = ksmbd_conn_rdma_write(work->conn, data_buf, length, - le32_to_cpu(desc->token), le64_to_cpu(desc->offset), - le32_to_cpu(desc->length)); + le32_to_cpu(desc->token), + le64_to_cpu(desc->offset), + le32_to_cpu(desc->length)); if (err) return err;

@@ -5831,9 +5838,8 @@ int smb2_read(struct ksmbd_work *work) return smb2_read_pipe(work); }

- fp = ksmbd_lookup_fd_slow(work, - le64_to_cpu(req->VolatileFileId), - le64_to_cpu(req->PersistentFileId)); + fp = ksmbd_lookup_fd_slow(work, le64_to_cpu(req->VolatileFileId), + le64_to_cpu(req->PersistentFileId)); if (!fp) { err = -ENOENT; goto out; @@ -5857,7 +5863,7 @@ int smb2_read(struct ksmbd_work *work) }

ksmbd_debug(SMB, "filename %s, offset %lld, len %zu\n", FP_FILENAME(fp), - offset, length); + offset, length);

if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_RBUF) { work->aux_payload_buf = @@ -5890,13 +5896,14 @@ int smb2_read(struct ksmbd_work *work) }

ksmbd_debug(SMB, "nbytes %zu, offset %lld mincount %zu\n", - nbytes, offset, mincount); + nbytes, offset, mincount);

if (req->Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE || req->Channel == SMB2_CHANNEL_RDMA_V1) { /* write data to the client using rdma channel */ remain_bytes = smb2_read_rdma_channel(work, req, - work->aux_payload_buf, nbytes); + work->aux_payload_buf, + nbytes); if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_RBUF) ksmbd_release_buffer(work->aux_payload_buf); else @@ -5972,7 +5979,8 @@ static noinline int smb2_write_pipe(struct ksmbd_work *work) if ((le16_to_cpu(req->DataOffset) > get_rfc1002_len(req)) || (le16_to_cpu(req->DataOffset) + length > get_rfc1002_len(req))) { ksmbd_err("invalid write data offset %u, smb_len %u\n", - le16_to_cpu(req->DataOffset), get_rfc1002_len(req)); + le16_to_cpu(req->DataOffset), + get_rfc1002_len(req)); err = -EINVAL; goto out; } @@ -6016,8 +6024,9 @@ static noinline int smb2_write_pipe(struct ksmbd_work *work) }

static ssize_t smb2_write_rdma_channel(struct ksmbd_work *work, - struct smb2_write_req *req, struct ksmbd_file *fp, - loff_t offset, size_t length, bool sync) + struct smb2_write_req *req, + struct ksmbd_file *fp, + loff_t offset, size_t length, bool sync) { struct smb2_buffer_desc_v1 *desc; char *data_buf; @@ -6046,9 +6055,9 @@ static ssize_t smb2_write_rdma_channel(struct ksmbd_work *work, return -ENOMEM;

ret = ksmbd_conn_rdma_read(work->conn, data_buf, length, - le32_to_cpu(desc->token), - le64_to_cpu(desc->offset), - le32_to_cpu(desc->length)); + le32_to_cpu(desc->token), + le64_to_cpu(desc->offset), + le32_to_cpu(desc->length)); if (ret < 0) { kvfree(data_buf); return ret; @@ -6095,7 +6104,7 @@ int smb2_write(struct ksmbd_work *work) }

fp = ksmbd_lookup_fd_slow(work, le64_to_cpu(req->VolatileFileId), - le64_to_cpu(req->PersistentFileId)); + le64_to_cpu(req->PersistentFileId)); if (!fp) { err = -ENOENT; goto out; @@ -6123,14 +6132,14 @@ int smb2_write(struct ksmbd_work *work) if (req->Channel != SMB2_CHANNEL_RDMA_V1 && req->Channel != SMB2_CHANNEL_RDMA_V1_INVALIDATE) { if (le16_to_cpu(req->DataOffset) == - (offsetof(struct smb2_write_req, Buffer) - 4)) { + (offsetof(struct smb2_write_req, Buffer) - 4)) { data_buf = (char *)&req->Buffer[0]; } else { if ((le16_to_cpu(req->DataOffset) > get_rfc1002_len(req)) || (le16_to_cpu(req->DataOffset) + length > get_rfc1002_len(req))) { ksmbd_err("invalid write data offset %u, smb_len %u\n", - le16_to_cpu(req->DataOffset), - get_rfc1002_len(req)); + le16_to_cpu(req->DataOffset), + get_rfc1002_len(req)); err = -EINVAL; goto out; } @@ -6144,7 +6153,7 @@ int smb2_write(struct ksmbd_work *work) writethrough = true;

ksmbd_debug(SMB, "filename %s, offset %lld, len %zu\n", - FP_FILENAME(fp), offset, length); + FP_FILENAME(fp), offset, length); err = ksmbd_vfs_write(work, fp, data_buf, length, &offset, writethrough, &nbytes); if (err < 0) @@ -6154,8 +6163,8 @@ int smb2_write(struct ksmbd_work *work) * write the data. */ nbytes = smb2_write_rdma_channel(work, req, fp, offset, - le32_to_cpu(req->RemainingBytes), - writethrough); + le32_to_cpu(req->RemainingBytes), + writethrough); if (nbytes < 0) { err = (int)nbytes; goto out; @@ -6209,7 +6218,7 @@ int smb2_flush(struct ksmbd_work *work) WORK_BUFFERS(work, req, rsp);

ksmbd_debug(SMB, "SMB2_FLUSH called for fid %llu\n", - le64_to_cpu(req->VolatileFileId)); + le64_to_cpu(req->VolatileFileId));

err = ksmbd_vfs_fsync(work, le64_to_cpu(req->VolatileFileId), @@ -6248,7 +6257,7 @@ int smb2_cancel(struct ksmbd_work *work) struct list_head *command_list;

ksmbd_debug(SMB, "smb2 cancel called on mid %llu, async flags 0x%x\n", - hdr->MessageId, hdr->Flags); + hdr->MessageId, hdr->Flags);

if (hdr->Flags & SMB2_FLAGS_ASYNC_COMMAND) { command_list = &conn->async_requests; @@ -6256,7 +6265,7 @@ int smb2_cancel(struct ksmbd_work *work) spin_lock(&conn->request_lock); list_for_each(tmp, command_list) { cancel_work = list_entry(tmp, struct ksmbd_work, - async_request_entry); + async_request_entry); chdr = cancel_work->request_buf;

if (cancel_work->async_id != @@ -6264,9 +6273,9 @@ int smb2_cancel(struct ksmbd_work *work) continue;

ksmbd_debug(SMB, - "smb2 with AsyncId %llu cancelled command = 0x%x\n", - le64_to_cpu(hdr->Id.AsyncId), - le16_to_cpu(chdr->Command)); + "smb2 with AsyncId %llu cancelled command = 0x%x\n", + le64_to_cpu(hdr->Id.AsyncId), + le16_to_cpu(chdr->Command)); canceled = 1; break; } @@ -6277,7 +6286,7 @@ int smb2_cancel(struct ksmbd_work *work) spin_lock(&conn->request_lock); list_for_each(tmp, command_list) { cancel_work = list_entry(tmp, struct ksmbd_work, - request_entry); + request_entry); chdr = cancel_work->request_buf;

if (chdr->MessageId != hdr->MessageId || @@ -6285,9 +6294,9 @@ int smb2_cancel(struct ksmbd_work *work) continue;

ksmbd_debug(SMB, - "smb2 with mid %llu cancelled command = 0x%x\n", - le64_to_cpu(hdr->MessageId), - le16_to_cpu(chdr->Command)); + "smb2 with mid %llu cancelled command = 0x%x\n", + le64_to_cpu(hdr->MessageId), + le16_to_cpu(chdr->Command)); canceled = 1; break; } @@ -6346,13 +6355,13 @@ static int smb2_set_flock_flags(struct file_lock *flock, int flags) break; case SMB2_LOCKFLAG_SHARED | SMB2_LOCKFLAG_FAIL_IMMEDIATELY: ksmbd_debug(SMB, - "received shared & fail immediately request\n"); + "received shared & fail immediately request\n"); cmd = F_SETLK; flock->fl_type = F_RDLCK; break; case SMB2_LOCKFLAG_EXCLUSIVE | SMB2_LOCKFLAG_FAIL_IMMEDIATELY: ksmbd_debug(SMB, - "received exclusive & fail immediately request\n"); + "received exclusive & fail immediately request\n"); cmd = F_SETLK; flock->fl_type = F_WRLCK; break; @@ -6367,7 +6376,8 @@ static int smb2_set_flock_flags(struct file_lock *flock, int flags) }

static struct ksmbd_lock *smb2_lock_init(struct file_lock *flock, - unsigned int cmd, int flags, struct list_head *lock_list) + unsigned int cmd, int flags, + struct list_head *lock_list) { struct ksmbd_lock *lock;

@@ -6430,11 +6440,11 @@ int smb2_lock(struct ksmbd_work *work)

ksmbd_debug(SMB, "Received lock request\n"); fp = ksmbd_lookup_fd_slow(work, - le64_to_cpu(req->VolatileFileId), - le64_to_cpu(req->PersistentFileId)); + le64_to_cpu(req->VolatileFileId), + le64_to_cpu(req->PersistentFileId)); if (!fp) { ksmbd_debug(SMB, "Invalid file id for lock : %llu\n", - le64_to_cpu(req->VolatileFileId)); + le64_to_cpu(req->VolatileFileId)); rsp->hdr.Status = STATUS_FILE_CLOSED; goto out2; } @@ -6444,7 +6454,7 @@ int smb2_lock(struct ksmbd_work *work) lock_ele = req->locks;

ksmbd_debug(SMB, "lock count is %d\n", lock_count); - if (!lock_count) { + if (!lock_count) { rsp->hdr.Status = STATUS_INVALID_PARAMETER; goto out2; } @@ -6481,8 +6491,8 @@ int smb2_lock(struct ksmbd_work *work)

if (flock->fl_end < flock->fl_start) { ksmbd_debug(SMB, - "the end offset(%llx) is smaller than the start offset(%llx)\n", - flock->fl_end, flock->fl_start); + "the end offset(%llx) is smaller than the start offset(%llx)\n", + flock->fl_end, flock->fl_start); rsp->hdr.Status = STATUS_INVALID_LOCK_RANGE; goto out; } @@ -6621,9 +6631,9 @@ int smb2_lock(struct ksmbd_work *work) void **argv;

ksmbd_debug(SMB, - "would have to wait for getting lock\n"); + "would have to wait for getting lock\n"); list_add_tail(&smb_lock->glist, - &global_lock_list); + &global_lock_list); list_add(&smb_lock->llist, &rollback_list);

argv = kmalloc(sizeof(void *), GFP_KERNEL); @@ -6634,7 +6644,8 @@ int smb2_lock(struct ksmbd_work *work) argv[0] = flock;

err = setup_async_work(work, - smb2_remove_blocked_lock, argv); + smb2_remove_blocked_lock, + argv); if (err) { rsp->hdr.Status = STATUS_INSUFFICIENT_RESOURCES; @@ -6661,7 +6672,7 @@ int smb2_lock(struct ksmbd_work *work) STATUS_CANCELLED; kfree(smb_lock); smb2_send_interim_resp(work, - STATUS_CANCELLED); + STATUS_CANCELLED); work->send_no_response = 1; goto out; } @@ -6681,7 +6692,7 @@ int smb2_lock(struct ksmbd_work *work) goto retry; } else if (!err) { list_add_tail(&smb_lock->glist, - &global_lock_list); + &global_lock_list); list_add(&smb_lock->llist, &rollback_list); ksmbd_debug(SMB, "successful in taking lock\n"); } else { @@ -6734,7 +6745,7 @@ int smb2_lock(struct ksmbd_work *work) }

static int fsctl_copychunk(struct ksmbd_work *work, struct smb2_ioctl_req *req, - struct smb2_ioctl_rsp *rsp) + struct smb2_ioctl_rsp *rsp) { struct copychunk_ioctl_req *ci_req; struct copychunk_ioctl_rsp *ci_rsp; @@ -6785,10 +6796,10 @@ static int fsctl_copychunk(struct ksmbd_work *work, struct smb2_ioctl_req *req, }

src_fp = ksmbd_lookup_foreign_fd(work, - le64_to_cpu(ci_req->ResumeKey[0])); + le64_to_cpu(ci_req->ResumeKey[0])); dst_fp = ksmbd_lookup_fd_slow(work, - le64_to_cpu(req->VolatileFileId), - le64_to_cpu(req->PersistentFileId)); + le64_to_cpu(req->VolatileFileId), + le64_to_cpu(req->PersistentFileId)); ret = -EINVAL; if (!src_fp || src_fp->persistent_id != le64_to_cpu(ci_req->ResumeKey[1])) { @@ -6805,16 +6816,17 @@ static int fsctl_copychunk(struct ksmbd_work *work, struct smb2_ioctl_req *req, * FILE_READ_DATA should only be included in * the FSCTL_COPYCHUNK case */ - if (cnt_code == FSCTL_COPYCHUNK && !(dst_fp->daccess & - (FILE_READ_DATA_LE | FILE_GENERIC_READ_LE))) { + if (cnt_code == FSCTL_COPYCHUNK && + !(dst_fp->daccess & (FILE_READ_DATA_LE | FILE_GENERIC_READ_LE))) { rsp->hdr.Status = STATUS_ACCESS_DENIED; goto out; }

ret = ksmbd_vfs_copy_file_ranges(work, src_fp, dst_fp, - chunks, chunk_count, - &chunk_count_written, &chunk_size_written, - &total_size_written); + chunks, chunk_count, + &chunk_count_written, + &chunk_size_written, + &total_size_written); if (ret < 0) { if (ret == -EACCES) rsp->hdr.Status = STATUS_ACCESS_DENIED; @@ -6862,7 +6874,8 @@ static __be32 idev_ipv4_address(struct in_device *idev) }

static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn, - struct smb2_ioctl_req *req, struct smb2_ioctl_rsp *rsp) + struct smb2_ioctl_req *req, + struct smb2_ioctl_rsp *rsp) { struct network_interface_info_ioctl_rsp *nii_rsp = NULL; int nbytes = 0; @@ -6905,7 +6918,7 @@ static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn, speed = cmd.base.speed; } else { ksmbd_err("%s %s\n", netdev->name, - "speed is unknown, defaulting to 1Gb/sec"); + "speed is unknown, defaulting to 1Gb/sec"); speed = SPEED_1000; }

@@ -6969,14 +6982,14 @@ static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn, }

static int fsctl_validate_negotiate_info(struct ksmbd_conn *conn, - struct validate_negotiate_info_req *neg_req, - struct validate_negotiate_info_rsp *neg_rsp) + struct validate_negotiate_info_req *neg_req, + struct validate_negotiate_info_rsp *neg_rsp) { int ret = 0; int dialect;

dialect = ksmbd_lookup_dialect_by_id(neg_req->Dialects, - neg_req->DialectCount); + neg_req->DialectCount); if (dialect == BAD_PROT_ID || dialect != conn->dialect) { ret = -EINVAL; goto err_out; @@ -7006,9 +7019,9 @@ static int fsctl_validate_negotiate_info(struct ksmbd_conn *conn, }

static int fsctl_query_allocated_ranges(struct ksmbd_work *work, u64 id, - struct file_allocated_range_buffer *qar_req, - struct file_allocated_range_buffer *qar_rsp, - int in_count, int *out_count) + struct file_allocated_range_buffer *qar_req, + struct file_allocated_range_buffer *qar_rsp, + int in_count, int *out_count) { struct ksmbd_file *fp; loff_t start, length; @@ -7026,7 +7039,7 @@ static int fsctl_query_allocated_ranges(struct ksmbd_work *work, u64 id, length = le64_to_cpu(qar_req->length);

ret = ksmbd_vfs_fqar_lseek(fp, start, length, - qar_rsp, in_count, out_count); + qar_rsp, in_count, out_count); if (ret && ret != -E2BIG) *out_count = 0;

@@ -7035,15 +7048,15 @@ static int fsctl_query_allocated_ranges(struct ksmbd_work *work, u64 id, }

static int fsctl_pipe_transceive(struct ksmbd_work *work, u64 id, - int out_buf_len, struct smb2_ioctl_req *req, - struct smb2_ioctl_rsp *rsp) + int out_buf_len, struct smb2_ioctl_req *req, + struct smb2_ioctl_rsp *rsp) { struct ksmbd_rpc_command *rpc_resp; char *data_buf = (char *)&req->Buffer[0]; int nbytes = 0;

rpc_resp = ksmbd_rpc_ioctl(work->sess, id, data_buf, - le32_to_cpu(req->InputCount)); + le32_to_cpu(req->InputCount)); if (rpc_resp) { if (rpc_resp->flags == KSMBD_RPC_SOME_NOT_MAPPED) { /* @@ -7079,7 +7092,7 @@ static int fsctl_pipe_transceive(struct ksmbd_work *work, u64 id, }

static inline int fsctl_set_sparse(struct ksmbd_work *work, u64 id, - struct file_sparse *sparse) + struct file_sparse *sparse) { struct ksmbd_file *fp; int ret = 0; @@ -7116,14 +7129,14 @@ static inline int fsctl_set_sparse(struct ksmbd_work *work, u64 id, }

static int fsctl_request_resume_key(struct ksmbd_work *work, - struct smb2_ioctl_req *req, - struct resume_key_ioctl_rsp *key_rsp) + struct smb2_ioctl_req *req, + struct resume_key_ioctl_rsp *key_rsp) { struct ksmbd_file *fp;

fp = ksmbd_lookup_fd_slow(work, - le64_to_cpu(req->VolatileFileId), - le64_to_cpu(req->PersistentFileId)); + le64_to_cpu(req->VolatileFileId), + le64_to_cpu(req->PersistentFileId)); if (!fp) return -ENOENT;

@@ -7157,7 +7170,7 @@ int smb2_ioctl(struct ksmbd_work *work) rsp = RESPONSE_BUF_NEXT(work); if (!HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) { ksmbd_debug(SMB, "Compound request set FID = %u\n", - work->compound_fid); + work->compound_fid); id = work->compound_fid; } } else { @@ -7233,7 +7246,7 @@ int smb2_ioctl(struct ksmbd_work *work) }

ret = fsctl_request_resume_key(work, req, - (struct resume_key_ioctl_rsp *)&rsp->Buffer[0]); + (struct resume_key_ioctl_rsp *)&rsp->Buffer[0]); if (ret < 0) goto out; rsp->PersistentFileId = req->PersistentFileId; @@ -7244,7 +7257,7 @@ int smb2_ioctl(struct ksmbd_work *work) case FSCTL_COPYCHUNK_WRITE: if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { ksmbd_debug(SMB, - "User does not have write permission\n"); + "User does not have write permission\n"); ret = -EACCES; goto out; } @@ -7259,7 +7272,7 @@ int smb2_ioctl(struct ksmbd_work *work) break; case FSCTL_SET_SPARSE: ret = fsctl_set_sparse(work, id, - (struct file_sparse *)&req->Buffer[0]); + (struct file_sparse *)&req->Buffer[0]); if (ret < 0) goto out; break; @@ -7271,7 +7284,7 @@ int smb2_ioctl(struct ksmbd_work *work)

if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { ksmbd_debug(SMB, - "User does not have write permission\n"); + "User does not have write permission\n"); ret = -EACCES; goto out; } @@ -7338,7 +7351,7 @@ int smb2_ioctl(struct ksmbd_work *work) dup_ext = (struct duplicate_extents_to_file *)&req->Buffer[0];

fp_in = ksmbd_lookup_fd_slow(work, dup_ext->VolatileFileHandle, - dup_ext->PersistentFileHandle); + dup_ext->PersistentFileHandle); if (!fp_in) { ksmbd_err("not found file handle in duplicate extent to file\n"); ret = -ENOENT; @@ -7356,13 +7369,13 @@ int smb2_ioctl(struct ksmbd_work *work) dst_off = le64_to_cpu(dup_ext->TargetFileOffset); length = le64_to_cpu(dup_ext->ByteCount); cloned = vfs_clone_file_range(fp_in->filp, src_off, fp_out->filp, - dst_off, length, 0); + dst_off, length, 0); if (cloned == -EXDEV || cloned == -EOPNOTSUPP) { ret = -EOPNOTSUPP; goto dup_ext_out; } else if (cloned != length) { cloned = ksmbd_vfs_copy_file_range(fp_in->filp, src_off, - fp_out->filp, dst_off, length); + fp_out->filp, dst_off, length); if (cloned != length) { if (cloned < 0) ret = cloned; @@ -7380,7 +7393,7 @@ int smb2_ioctl(struct ksmbd_work *work) } default: ksmbd_debug(SMB, "not implemented yet ioctl command 0x%x\n", - cnt_code); + cnt_code); ret = -EOPNOTSUPP; goto out; } @@ -7508,7 +7521,7 @@ static void smb20_oplock_break_ack(struct ksmbd_work *work) break; default: ksmbd_err("unknown oplock change 0x%x -> 0x%x\n", - opinfo->level, rsp_oplevel); + opinfo->level, rsp_oplevel); }

if (ret < 0) { @@ -7573,7 +7586,7 @@ static void smb21_lease_break_ack(struct ksmbd_work *work) struct lease *lease;

ksmbd_debug(OPLOCK, "smb21 lease break, lease state(0x%x)\n", - le32_to_cpu(req->LeaseState)); + le32_to_cpu(req->LeaseState)); opinfo = lookup_lease_in_table(conn, req->LeaseKey); if (!opinfo) { ksmbd_debug(OPLOCK, "file not opened\n"); @@ -7585,7 +7598,7 @@ static void smb21_lease_break_ack(struct ksmbd_work *work)

if (opinfo->op_state == OPLOCK_STATE_NONE) { ksmbd_err("unexpected lease break state 0x%x\n", - opinfo->op_state); + opinfo->op_state); rsp->hdr.Status = STATUS_UNSUCCESSFUL; goto err_out; } @@ -7593,8 +7606,8 @@ static void smb21_lease_break_ack(struct ksmbd_work *work) if (check_lease_state(lease, req->LeaseState)) { rsp->hdr.Status = STATUS_REQUEST_NOT_ACCEPTED; ksmbd_debug(OPLOCK, - "req lease state: 0x%x, expected state: 0x%x\n", - req->LeaseState, lease->new_state); + "req lease state: 0x%x, expected state: 0x%x\n", + req->LeaseState, lease->new_state); goto err_out; }

@@ -7604,23 +7617,23 @@ static void smb21_lease_break_ack(struct ksmbd_work *work) }

/* check for bad lease state */ - if (req->LeaseState & (~(SMB2_LEASE_READ_CACHING_LE | - SMB2_LEASE_HANDLE_CACHING_LE))) { + if (req->LeaseState & + (~(SMB2_LEASE_READ_CACHING_LE | SMB2_LEASE_HANDLE_CACHING_LE))) { err = STATUS_INVALID_OPLOCK_PROTOCOL; if (lease->state & SMB2_LEASE_WRITE_CACHING_LE) lease_change_type = OPLOCK_WRITE_TO_NONE; else lease_change_type = OPLOCK_READ_TO_NONE; ksmbd_debug(OPLOCK, "handle bad lease state 0x%x -> 0x%x\n", - le32_to_cpu(lease->state), - le32_to_cpu(req->LeaseState)); + le32_to_cpu(lease->state), + le32_to_cpu(req->LeaseState)); } else if (lease->state == SMB2_LEASE_READ_CACHING_LE && req->LeaseState != SMB2_LEASE_NONE_LE) { err = STATUS_INVALID_OPLOCK_PROTOCOL; lease_change_type = OPLOCK_READ_TO_NONE; ksmbd_debug(OPLOCK, "handle bad lease state 0x%x -> 0x%x\n", - le32_to_cpu(lease->state), - le32_to_cpu(req->LeaseState)); + le32_to_cpu(lease->state), + le32_to_cpu(req->LeaseState)); } else { /* valid lease state changes */ err = STATUS_INVALID_DEVICE_STATE; @@ -7654,8 +7667,8 @@ static void smb21_lease_break_ack(struct ksmbd_work *work) break; default: ksmbd_debug(OPLOCK, "unknown lease change 0x%x -> 0x%x\n", - le32_to_cpu(lease->state), - le32_to_cpu(req->LeaseState)); + le32_to_cpu(lease->state), + le32_to_cpu(req->LeaseState)); }

lease_state = lease->state; @@ -7709,7 +7722,7 @@ int smb2_oplock_break(struct ksmbd_work *work) break; default: ksmbd_debug(OPLOCK, "invalid break cmd %d\n", - le16_to_cpu(req->StructureSize)); + le16_to_cpu(req->StructureSize)); rsp->hdr.Status = STATUS_INVALID_PARAMETER; smb2_set_err_rsp(work); } @@ -7999,7 +8012,7 @@ void smb3_preauth_hash_rsp(struct ksmbd_work *work)

if (le16_to_cpu(req->Command) == SMB2_NEGOTIATE_HE) ksmbd_gen_preauth_integrity_hash(conn, (char *)rsp, - conn->preauth_info->Preauth_HashValue); + conn->preauth_info->Preauth_HashValue);

if (le16_to_cpu(rsp->Command) == SMB2_SESSION_SETUP_HE && sess && sess->state == SMB2_SESSION_IN_PROGRESS) { @@ -8007,12 +8020,12 @@ void smb3_preauth_hash_rsp(struct ksmbd_work *work)

hash_value = sess->Preauth_HashValue; ksmbd_gen_preauth_integrity_hash(conn, (char *)rsp, - hash_value); + hash_value); } }

static void fill_transform_hdr(struct smb2_transform_hdr *tr_hdr, char *old_buf, - __le16 cipher_type) + __le16 cipher_type) { struct smb2_hdr *hdr = (struct smb2_hdr *)old_buf; unsigned int orig_len = get_rfc1002_len(old_buf); @@ -8100,14 +8113,14 @@ int smb3_decrypt_req(struct ksmbd_work *work) sess = ksmbd_session_lookup(conn, le64_to_cpu(tr_hdr->SessionId)); if (!sess) { ksmbd_err("invalid session id(%llx) in transform header\n", - le64_to_cpu(tr_hdr->SessionId)); + le64_to_cpu(tr_hdr->SessionId)); return -ECONNABORTED; }

- if (pdu_length + 4 < sizeof(struct smb2_transform_hdr) + - sizeof(struct smb2_hdr)) { + if (pdu_length + 4 < + sizeof(struct smb2_transform_hdr) + sizeof(struct smb2_hdr)) { ksmbd_err("Transform message is too small (%u)\n", - pdu_length); + pdu_length); return -ECONNABORTED; }

diff --git a/fs/cifsd/smb_common.c b/fs/cifsd/smb_common.c index 985171cbf192..039030968b50 100644 --- a/fs/cifsd/smb_common.c +++ b/fs/cifsd/smb_common.c @@ -98,7 +98,7 @@ int ksmbd_lookup_protocol_idx(char *str) while (offt >= 0) { if (!strncmp(str, smb_protos[offt].prot, len)) { ksmbd_debug(SMB, "selected %s dialect idx = %d\n", - smb_protos[offt].prot, offt); + smb_protos[offt].prot, offt); return smb_protos[offt].index; } offt--; @@ -156,7 +156,7 @@ static bool supported_protocol(int idx) return true;

return (server_conf.min_protocol <= idx && - idx <= server_conf.max_protocol); + idx <= server_conf.max_protocol); }

static char *next_dialect(char *dialect, int *next_off) @@ -179,12 +179,12 @@ static int ksmbd_lookup_dialect_by_name(char *cli_dialects, __le16 byte_count) do { dialect = next_dialect(dialect, &next); ksmbd_debug(SMB, "client requested dialect %s\n", - dialect); + dialect); if (!strcmp(dialect, smb_protos[i].name)) { if (supported_protocol(smb_protos[i].index)) { ksmbd_debug(SMB, - "selected %s dialect\n", - smb_protos[i].name); + "selected %s dialect\n", + smb_protos[i].name); if (smb_protos[i].index == SMB1_PROT) return seq_num; return smb_protos[i].prot_id; @@ -207,14 +207,14 @@ int ksmbd_lookup_dialect_by_id(__le16 *cli_dialects, __le16 dialects_count) count = le16_to_cpu(dialects_count); while (--count >= 0) { ksmbd_debug(SMB, "client requested dialect 0x%x\n", - le16_to_cpu(cli_dialects[count])); + le16_to_cpu(cli_dialects[count])); if (le16_to_cpu(cli_dialects[count]) != smb_protos[i].prot_id) continue;

if (supported_protocol(smb_protos[i].index)) { ksmbd_debug(SMB, "selected %s dialect\n", - smb_protos[i].name); + smb_protos[i].name); return smb_protos[i].prot_id; } } @@ -269,9 +269,12 @@ bool ksmbd_pdu_size_has_room(unsigned int pdu) }

int ksmbd_populate_dot_dotdot_entries(struct ksmbd_work *work, int info_level, - struct ksmbd_file *dir, struct ksmbd_dir_info *d_info, - char *search_pattern, int (*fn)(struct ksmbd_conn *, int, - struct ksmbd_dir_info *, struct ksmbd_kstat *)) + struct ksmbd_file *dir, + struct ksmbd_dir_info *d_info, + char *search_pattern, + int (*fn)(struct ksmbd_conn *, int, + struct ksmbd_dir_info *, + struct ksmbd_kstat *)) { int i, rc = 0; struct ksmbd_conn *conn = work->conn; @@ -297,8 +300,8 @@ int ksmbd_populate_dot_dotdot_entries(struct ksmbd_work *work, int info_level,

ksmbd_kstat.kstat = &kstat; ksmbd_vfs_fill_dentry_attrs(work, - dir->filp->f_path.dentry->d_parent, - &ksmbd_kstat); + dir->filp->f_path.dentry->d_parent, + &ksmbd_kstat); rc = fn(conn, info_level, d_info, &ksmbd_kstat); if (rc) break; @@ -327,7 +330,7 @@ int ksmbd_populate_dot_dotdot_entries(struct ksmbd_work *work, int info_level, * but the result is different with Windows 7's one. need to check. */ int ksmbd_extract_shortname(struct ksmbd_conn *conn, const char *longname, - char *shortname) + char *shortname) { const char *p; char base[9], extension[4]; @@ -390,7 +393,7 @@ int ksmbd_extract_shortname(struct ksmbd_conn *conn, const char *longname, else out[baselen + 4] = '\0'; smbConvertToUTF16((__le16 *)shortname, out, PATH_MAX, - conn->local_nls, 0); + conn->local_nls, 0); len = strlen(out) * 2; return len; } @@ -398,7 +401,7 @@ int ksmbd_extract_shortname(struct ksmbd_conn *conn, const char *longname, static int __smb2_negotiate(struct ksmbd_conn *conn) { return (conn->dialect >= SMB20_PROT_ID && - conn->dialect <= SMB311_PROT_ID); + conn->dialect <= SMB311_PROT_ID); }

static int smb_handle_negotiate(struct ksmbd_work *work) @@ -467,11 +470,11 @@ static const char * const shared_mode_errors[] = { };

static void smb_shared_mode_error(int error, struct ksmbd_file *prev_fp, - struct ksmbd_file *curr_fp) + struct ksmbd_file *curr_fp) { ksmbd_debug(SMB, "%s\n", shared_mode_errors[error]); ksmbd_debug(SMB, "Current mode: 0x%x Desired mode: 0x%x\n", - prev_fp->saccess, curr_fp->daccess); + prev_fp->saccess, curr_fp->daccess); }

int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp) diff --git a/fs/cifsd/smbacl.c b/fs/cifsd/smbacl.c index d65e853ab00f..63db8c015f9d 100644 --- a/fs/cifsd/smbacl.c +++ b/fs/cifsd/smbacl.c @@ -131,7 +131,7 @@ static void smb_copy_sid(struct smb_sid *dst, const struct smb_sid *src) * bits to set can be: S_IRWXU, S_IRWXG or S_IRWXO ie 00700 or 00070 or 00007 */ static umode_t access_flags_to_mode(struct smb_fattr *fattr, __le32 ace_flags, - int type) + int type) { __u32 flags = le32_to_cpu(ace_flags); umode_t mode = 0; @@ -166,7 +166,7 @@ static umode_t access_flags_to_mode(struct smb_fattr *fattr, __le32 ace_flags, * with either owner or group or everyone. */ static void mode_to_access_flags(umode_t mode, umode_t bits_to_use, - __u32 *pace_flags) + __u32 *pace_flags) { /* reset access mask */ *pace_flags = 0x0; @@ -187,12 +187,12 @@ static void mode_to_access_flags(umode_t mode, umode_t bits_to_use, *pace_flags |= SET_FILE_EXEC_RIGHTS;

ksmbd_debug(SMB, "mode: %o, access flags now 0x%x\n", - mode, *pace_flags); + mode, *pace_flags); }

static __u16 fill_ace_for_sid(struct smb_ace *pntace, - const struct smb_sid *psid, int type, int flags, - umode_t mode, umode_t bits) + const struct smb_sid *psid, int type, int flags, + umode_t mode, umode_t bits) { int i; __u16 size = 0; @@ -255,7 +255,7 @@ void id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid) }

static int sid_to_id(struct smb_sid *psid, uint sidtype, - struct smb_fattr *fattr) + struct smb_fattr *fattr) { int rc = -EINVAL;

@@ -265,7 +265,7 @@ static int sid_to_id(struct smb_sid *psid, uint sidtype, */ if (unlikely(psid->num_subauth > SID_MAX_SUB_AUTHORITIES)) { ksmbd_err("%s: %u subauthorities is too many!\n", - __func__, psid->num_subauth); + __func__, psid->num_subauth); return -EIO; }

@@ -299,7 +299,7 @@ static int sid_to_id(struct smb_sid *psid, uint sidtype, }

void posix_state_to_acl(struct posix_acl_state *state, - struct posix_acl_entry *pace) + struct posix_acl_entry *pace) { int i;

@@ -364,8 +364,8 @@ void free_acl_state(struct posix_acl_state *state) }

static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl, - struct smb_sid *pownersid, struct smb_sid *pgrpsid, - struct smb_fattr *fattr) + struct smb_sid *pownersid, struct smb_sid *pgrpsid, + struct smb_fattr *fattr) { int i, ret; int num_aces = 0; @@ -388,8 +388,8 @@ static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl, }

ksmbd_debug(SMB, "DACL revision %d size %d num aces %d\n", - le16_to_cpu(pdacl->revision), le16_to_cpu(pdacl->size), - le32_to_cpu(pdacl->num_aces)); + le16_to_cpu(pdacl->revision), le16_to_cpu(pdacl->size), + le32_to_cpu(pdacl->num_aces));

acl_base = (char *)pdacl; acl_size = sizeof(struct smb_acl); @@ -401,8 +401,7 @@ static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl, if (num_aces > ULONG_MAX / sizeof(struct smb_ace *)) return;

- ppace = kmalloc_array(num_aces, sizeof(struct smb_ace *), - GFP_KERNEL); + ppace = kmalloc_array(num_aces, sizeof(struct smb_ace *), GFP_KERNEL); if (!ppace) return;

@@ -433,7 +432,8 @@ static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl, break; } else if (!compare_sids(&ppace[i]->sid, pownersid)) { acl_mode = access_flags_to_mode(fattr, - ppace[i]->access_req, ppace[i]->type); + ppace[i]->access_req, + ppace[i]->type); acl_mode &= 0700;

if (!owner_found) { @@ -445,7 +445,8 @@ static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl, ppace[i]->sid.sub_auth[ppace[i]->sid.num_subauth - 1] == DOMAIN_USER_RID_LE) { acl_mode = access_flags_to_mode(fattr, - ppace[i]->access_req, ppace[i]->type); + ppace[i]->access_req, + ppace[i]->type); acl_mode &= 0070; if (!group_found) { mode &= ~(0070); @@ -454,7 +455,8 @@ static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl, group_found = true; } else if (!compare_sids(&ppace[i]->sid, &sid_everyone)) { acl_mode = access_flags_to_mode(fattr, - ppace[i]->access_req, ppace[i]->type); + ppace[i]->access_req, + ppace[i]->type); acl_mode &= 0007; if (!others_found) { mode &= ~(0007); @@ -471,12 +473,12 @@ static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl, struct smb_fattr temp_fattr;

acl_mode = access_flags_to_mode(fattr, ppace[i]->access_req, - ppace[i]->type); + ppace[i]->type); temp_fattr.cf_uid = INVALID_UID; ret = sid_to_id(&ppace[i]->sid, SIDOWNER, &temp_fattr); if (ret || uid_eq(temp_fattr.cf_uid, INVALID_UID)) { ksmbd_err("%s: Error %d mapping Owner SID to uid\n", - __func__, ret); + __func__, ret); continue; }

@@ -553,7 +555,8 @@ static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl, }

static void set_posix_acl_entries_dacl(struct smb_ace *pndace, - struct smb_fattr *fattr, u32 *num_aces, u16 *size, u32 nt_aces_num) + struct smb_fattr *fattr, u32 *num_aces, + u16 *size, u32 nt_aces_num) { struct posix_acl_entry *pace; struct smb_sid *sid; @@ -665,8 +668,9 @@ static void set_posix_acl_entries_dacl(struct smb_ace *pndace, }

static void set_ntacl_dacl(struct smb_acl *pndacl, struct smb_acl *nt_dacl, - const struct smb_sid *pownersid, const struct smb_sid *pgrpsid, - struct smb_fattr *fattr) + const struct smb_sid *pownersid, + const struct smb_sid *pgrpsid, + struct smb_fattr *fattr) { struct smb_ace *ntace, *pndace; int nt_num_aces = le32_to_cpu(nt_dacl->num_aces), num_aces = 0; @@ -711,7 +715,7 @@ static void set_mode_dacl(struct smb_acl *pndacl, struct smb_fattr *fattr) else sid = &sid_unix_users; ace_size = fill_ace_for_sid(pace, sid, ACCESS_ALLOWED, 0, - fattr->cf_mode, 0700); + fattr->cf_mode, 0700); pace->sid.sub_auth[pace->sid.num_subauth++] = cpu_to_le32(uid); pace->access_req |= FILE_DELETE_LE | FILE_DELETE_CHILD_LE; pace->size = cpu_to_le16(ace_size + 4); @@ -720,7 +724,7 @@ static void set_mode_dacl(struct smb_acl *pndacl, struct smb_fattr *fattr)

/* Group RID */ ace_size = fill_ace_for_sid(pace, &sid_unix_groups, - ACCESS_ALLOWED, 0, fattr->cf_mode, 0070); + ACCESS_ALLOWED, 0, fattr->cf_mode, 0070); pace->sid.sub_auth[pace->sid.num_subauth++] = cpu_to_le32(from_kgid(&init_user_ns, fattr->cf_gid)); pace->size = cpu_to_le16(ace_size + 4); @@ -733,20 +737,20 @@ static void set_mode_dacl(struct smb_acl *pndacl, struct smb_fattr *fattr)

/* creator owner */ size += fill_ace_for_sid(pace, &creator_owner, ACCESS_ALLOWED, - 0x0b, fattr->cf_mode, 0700); + 0x0b, fattr->cf_mode, 0700); pace->access_req |= FILE_DELETE_LE | FILE_DELETE_CHILD_LE; pace = (struct smb_ace *)((char *)pndace + size);

/* creator group */ size += fill_ace_for_sid(pace, &creator_group, ACCESS_ALLOWED, - 0x0b, fattr->cf_mode, 0070); + 0x0b, fattr->cf_mode, 0070); pace = (struct smb_ace *)((char *)pndace + size); num_aces = 5; }

/* other */ size += fill_ace_for_sid(pace, &sid_everyone, ACCESS_ALLOWED, 0, - fattr->cf_mode, 0007); + fattr->cf_mode, 0007);

out: pndacl->num_aces = cpu_to_le32(num_aces); @@ -769,7 +773,7 @@ static int parse_sid(struct smb_sid *psid, char *end_of_acl)

/* Convert CIFS ACL to POSIX form */ int parse_sec_desc(struct smb_ntsd *pntsd, int acl_len, - struct smb_fattr *fattr) + struct smb_fattr *fattr) { int rc = 0; struct smb_sid *owner_sid_ptr, *group_sid_ptr; @@ -788,10 +792,10 @@ int parse_sec_desc(struct smb_ntsd *pntsd, int acl_len, dacloffset = le32_to_cpu(pntsd->dacloffset); dacl_ptr = (struct smb_acl *)((char *)pntsd + dacloffset); ksmbd_debug(SMB, - "revision %d type 0x%x ooffset 0x%x goffset 0x%x sacloffset 0x%x dacloffset 0x%x\n", - pntsd->revision, pntsd->type, le32_to_cpu(pntsd->osidoffset), - le32_to_cpu(pntsd->gsidoffset), - le32_to_cpu(pntsd->sacloffset), dacloffset); + "revision %d type 0x%x ooffset 0x%x goffset 0x%x sacloffset 0x%x dacloffset 0x%x\n", + pntsd->revision, pntsd->type, le32_to_cpu(pntsd->osidoffset), + le32_to_cpu(pntsd->gsidoffset), + le32_to_cpu(pntsd->sacloffset), dacloffset);

pntsd_type = le16_to_cpu(pntsd->type); if (!(pntsd_type & DACL_PRESENT)) { @@ -811,7 +815,7 @@ int parse_sec_desc(struct smb_ntsd *pntsd, int acl_len, rc = sid_to_id(owner_sid_ptr, SIDOWNER, fattr); if (rc) { ksmbd_err("%s: Error %d mapping Owner SID to uid\n", - __func__, rc); + __func__, rc); owner_sid_ptr = NULL; } } @@ -820,19 +824,18 @@ int parse_sec_desc(struct smb_ntsd *pntsd, int acl_len, rc = parse_sid(group_sid_ptr, end_of_acl); if (rc) { ksmbd_err("%s: Error %d mapping Owner SID to gid\n", - __func__, rc); + __func__, rc); return rc; } rc = sid_to_id(group_sid_ptr, SIDUNIX_GROUP, fattr); if (rc) { ksmbd_err("%s: Error %d mapping Group SID to gid\n", - __func__, rc); + __func__, rc); group_sid_ptr = NULL; } }

- if ((pntsd_type & - (DACL_AUTO_INHERITED | DACL_AUTO_INHERIT_REQ)) == + if ((pntsd_type & (DACL_AUTO_INHERITED | DACL_AUTO_INHERIT_REQ)) == (DACL_AUTO_INHERITED | DACL_AUTO_INHERIT_REQ)) pntsd->type |= cpu_to_le16(DACL_AUTO_INHERITED); if (pntsd_type & DACL_PROTECTED) @@ -840,7 +843,7 @@ int parse_sec_desc(struct smb_ntsd *pntsd, int acl_len,

if (dacloffset) { parse_dacl(dacl_ptr, end_of_acl, owner_sid_ptr, group_sid_ptr, - fattr); + fattr); }

return 0; @@ -848,7 +851,8 @@ int parse_sec_desc(struct smb_ntsd *pntsd, int acl_len,

/* Convert permission bits from mode to equivalent CIFS ACL */ int build_sec_desc(struct smb_ntsd *pntsd, struct smb_ntsd *ppntsd, - int addition_info, __u32 *secdesclen, struct smb_fattr *fattr) + int addition_info, __u32 *secdesclen, + struct smb_fattr *fattr) { int rc = 0; __u32 offset; @@ -929,7 +933,7 @@ int build_sec_desc(struct smb_ntsd *pntsd, struct smb_ntsd *ppntsd, }

static void smb_set_ace(struct smb_ace *ace, const struct smb_sid *sid, u8 type, - u8 flags, __le32 access_req) + u8 flags, __le32 access_req) { ace->type = type; ace->flags = flags; @@ -939,7 +943,7 @@ static void smb_set_ace(struct smb_ace *ace, const struct smb_sid *sid, u8 type, }

int smb_inherit_dacl(struct ksmbd_conn *conn, struct dentry *dentry, - unsigned int uid, unsigned int gid) + unsigned int uid, unsigned int gid) { const struct smb_sid *psid, *creator = NULL; struct smb_ace *parent_aces, *aces; @@ -1003,7 +1007,7 @@ int smb_inherit_dacl(struct ksmbd_conn *conn, struct dentry *dentry,

if (is_dir && creator && flags & CONTAINER_INHERIT_ACE) { smb_set_ace(aces, psid, parent_aces->type, inherited_flags, - parent_aces->access_req); + parent_aces->access_req); nt_size += le16_to_cpu(aces->size); ace_cnt++; aces = (struct smb_ace *)((char *)aces + le16_to_cpu(aces->size)); @@ -1014,7 +1018,7 @@ int smb_inherit_dacl(struct ksmbd_conn *conn, struct dentry *dentry, }

smb_set_ace(aces, psid, parent_aces->type, flags | inherited_flags, - parent_aces->access_req); + parent_aces->access_req); nt_size += le16_to_cpu(aces->size); aces = (struct smb_ace *)((char *)aces + le16_to_cpu(aces->size)); ace_cnt++; @@ -1107,7 +1111,7 @@ bool smb_inherit_flags(int flags, bool is_dir) }

int smb_check_perm_dacl(struct ksmbd_conn *conn, struct dentry *dentry, - __le32 *pdaccess, int uid) + __le32 *pdaccess, int uid) { struct smb_ntsd *pntsd = NULL; struct smb_acl *pdacl; @@ -1243,10 +1247,10 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, struct dentry *dentry, }

check_access_bits: - if (granted & ~(access_bits | FILE_READ_ATTRIBUTES | - READ_CONTROL | WRITE_DAC | DELETE)) { + if (granted & + ~(access_bits | FILE_READ_ATTRIBUTES | READ_CONTROL | WRITE_DAC | DELETE)) { ksmbd_debug(SMB, "Access denied with winACL, granted : %x, access_req : %x\n", - granted, le32_to_cpu(ace->access_req)); + granted, le32_to_cpu(ace->access_req)); rc = -EACCES; goto err_out; } @@ -1258,8 +1262,8 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, struct dentry *dentry, }

int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon, - struct dentry *dentry, struct smb_ntsd *pntsd, int ntsd_len, - bool type_check) + struct dentry *dentry, struct smb_ntsd *pntsd, int ntsd_len, + bool type_check) { int rc; struct smb_fattr fattr = {{0}}; @@ -1284,10 +1288,10 @@ int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon, /* Update posix acls */ if (fattr.cf_dacls) { rc = ksmbd_vfs_set_posix_acl(inode, ACL_TYPE_ACCESS, - fattr.cf_acls); + fattr.cf_acls); if (S_ISDIR(inode->i_mode) && fattr.cf_dacls) rc = ksmbd_vfs_set_posix_acl(inode, ACL_TYPE_DEFAULT, - fattr.cf_dacls); + fattr.cf_dacls); }

/* Check it only calling from SD BUFFER context */ diff --git a/fs/cifsd/transport_ipc.c b/fs/cifsd/transport_ipc.c index 78061fecf816..b09df832431f 100644 --- a/fs/cifsd/transport_ipc.c +++ b/fs/cifsd/transport_ipc.c @@ -269,7 +269,7 @@ static int handle_response(int type, void *payload, size_t sz) */ if (entry->type + 1 != type) { ksmbd_err("Waiting for IPC type %d, got %d. Ignore.\n", - entry->type + 1, type); + entry->type + 1, type); }

entry->response = kvmalloc(sz, GFP_KERNEL | __GFP_ZERO); @@ -315,9 +315,8 @@ static int ipc_server_config_on_startup(struct ksmbd_startup_request *req) req->ifc_list_sz); if (ret) { ksmbd_err("Server configuration error: %s %s %s\n", - req->netbios_name, - req->server_string, - req->work_group); + req->netbios_name, req->server_string, + req->work_group); return ret; }

@@ -547,9 +546,9 @@ ksmbd_ipc_spnego_authen_request(const char *spnego_blob, int blob_len)

struct ksmbd_tree_connect_response * ksmbd_ipc_tree_connect_request(struct ksmbd_session *sess, - struct ksmbd_share_config *share, - struct ksmbd_tree_connect *tree_conn, - struct sockaddr *peer_addr) + struct ksmbd_share_config *share, + struct ksmbd_tree_connect *tree_conn, + struct sockaddr *peer_addr) { struct ksmbd_ipc_msg *msg; struct ksmbd_tree_connect_request *req; @@ -588,7 +587,7 @@ ksmbd_ipc_tree_connect_request(struct ksmbd_session *sess, }

int ksmbd_ipc_tree_disconnect_request(unsigned long long session_id, - unsigned long long connect_id) + unsigned long long connect_id) { struct ksmbd_ipc_msg *msg; struct ksmbd_tree_disconnect_request *req; @@ -700,7 +699,7 @@ struct ksmbd_rpc_command *ksmbd_rpc_close(struct ksmbd_session *sess, int handle }

struct ksmbd_rpc_command *ksmbd_rpc_write(struct ksmbd_session *sess, int handle, - void *payload, size_t payload_sz) + void *payload, size_t payload_sz) { struct ksmbd_ipc_msg *msg; struct ksmbd_rpc_command *req; @@ -748,7 +747,7 @@ struct ksmbd_rpc_command *ksmbd_rpc_read(struct ksmbd_session *sess, int handle) }

struct ksmbd_rpc_command *ksmbd_rpc_ioctl(struct ksmbd_session *sess, int handle, - void *payload, size_t payload_sz) + void *payload, size_t payload_sz) { struct ksmbd_ipc_msg *msg; struct ksmbd_rpc_command *req; @@ -773,7 +772,7 @@ struct ksmbd_rpc_command *ksmbd_rpc_ioctl(struct ksmbd_session *sess, int handle }

struct ksmbd_rpc_command *ksmbd_rpc_rap(struct ksmbd_session *sess, void *payload, - size_t payload_sz) + size_t payload_sz) { struct ksmbd_ipc_msg *msg; struct ksmbd_rpc_command *req; diff --git a/fs/cifsd/transport_ipc.h b/fs/cifsd/transport_ipc.h index c3744ed7a085..523b4df2c783 100644 --- a/fs/cifsd/transport_ipc.h +++ b/fs/cifsd/transport_ipc.h @@ -23,31 +23,24 @@ ksmbd_ipc_tree_connect_request(struct ksmbd_session *sess, struct ksmbd_share_config *share, struct ksmbd_tree_connect *tree_conn, struct sockaddr *peer_addr); - int ksmbd_ipc_tree_disconnect_request(unsigned long long session_id, unsigned long long connect_id); int ksmbd_ipc_logout_request(const char *account); - struct ksmbd_share_config_response * ksmbd_ipc_share_config_request(const char *name); - struct ksmbd_spnego_authen_response * ksmbd_ipc_spnego_authen_request(const char *spnego_blob, int blob_len); - int ksmbd_ipc_id_alloc(void); void ksmbd_rpc_id_free(int handle); - struct ksmbd_rpc_command *ksmbd_rpc_open(struct ksmbd_session *sess, int handle); struct ksmbd_rpc_command *ksmbd_rpc_close(struct ksmbd_session *sess, int handle); - struct ksmbd_rpc_command *ksmbd_rpc_write(struct ksmbd_session *sess, int handle, - void *payload, size_t payload_sz); + void *payload, size_t payload_sz); struct ksmbd_rpc_command *ksmbd_rpc_read(struct ksmbd_session *sess, int handle); struct ksmbd_rpc_command *ksmbd_rpc_ioctl(struct ksmbd_session *sess, int handle, - void *payload, size_t payload_sz); + void *payload, size_t payload_sz); struct ksmbd_rpc_command *ksmbd_rpc_rap(struct ksmbd_session *sess, void *payload, - size_t payload_sz); - + size_t payload_sz); void ksmbd_ipc_release(void); void ksmbd_ipc_soft_reset(void); int ksmbd_ipc_init(void); diff --git a/fs/cifsd/transport_rdma.c b/fs/cifsd/transport_rdma.c index 8174a97bade4..efaa9776841f 100644 --- a/fs/cifsd/transport_rdma.c +++ b/fs/cifsd/transport_rdma.c @@ -212,8 +212,9 @@ struct smb_direct_rdma_rw_msg { static void smb_direct_destroy_pools(struct smb_direct_transport *transport); static void smb_direct_post_recv_credits(struct work_struct *work); static int smb_direct_post_send_data(struct smb_direct_transport *t, - struct smb_direct_send_ctx *send_ctx, - struct kvec *iov, int niov, int remaining_data_length); + struct smb_direct_send_ctx *send_ctx, + struct kvec *iov, int niov, + int remaining_data_length);

static inline void *smb_direct_recvmsg_payload(struct smb_direct_recvmsg *recvmsg) @@ -222,7 +223,7 @@ static inline void }

static inline bool is_receive_credit_post_required(int receive_credits, - int avail_recvmsg_count) + int avail_recvmsg_count) { return receive_credits <= (smb_direct_receive_credit_max >> 3) && avail_recvmsg_count >= (receive_credits >> 2); @@ -245,10 +246,10 @@ smb_direct_recvmsg *get_free_recvmsg(struct smb_direct_transport *t) }

static void put_recvmsg(struct smb_direct_transport *t, - struct smb_direct_recvmsg *recvmsg) + struct smb_direct_recvmsg *recvmsg) { ib_dma_unmap_single(t->cm_id->device, recvmsg->sge.addr, - recvmsg->sge.length, DMA_FROM_DEVICE); + recvmsg->sge.length, DMA_FROM_DEVICE);

spin_lock(&t->recvmsg_queue_lock); list_add(&recvmsg->list, &t->recvmsg_queue); @@ -263,7 +264,7 @@ smb_direct_recvmsg *get_empty_recvmsg(struct smb_direct_transport *t) spin_lock(&t->empty_recvmsg_queue_lock); if (!list_empty(&t->empty_recvmsg_queue)) { recvmsg = list_first_entry(&t->empty_recvmsg_queue, - struct smb_direct_recvmsg, list); + struct smb_direct_recvmsg, list); list_del(&recvmsg->list); } spin_unlock(&t->empty_recvmsg_queue_lock); @@ -271,10 +272,10 @@ smb_direct_recvmsg *get_empty_recvmsg(struct smb_direct_transport *t) }

static void put_empty_recvmsg(struct smb_direct_transport *t, - struct smb_direct_recvmsg *recvmsg) + struct smb_direct_recvmsg *recvmsg) { ib_dma_unmap_single(t->cm_id->device, recvmsg->sge.addr, - recvmsg->sge.length, DMA_FROM_DEVICE); + recvmsg->sge.length, DMA_FROM_DEVICE);

spin_lock(&t->empty_recvmsg_queue_lock); list_add_tail(&recvmsg->list, &t->empty_recvmsg_queue); @@ -282,7 +283,8 @@ static void put_empty_recvmsg(struct smb_direct_transport *t, }

static void enqueue_reassembly(struct smb_direct_transport *t, - struct smb_direct_recvmsg *recvmsg, int data_length) + struct smb_direct_recvmsg *recvmsg, + int data_length) { spin_lock(&t->reassembly_queue_lock); list_add_tail(&recvmsg->list, &t->reassembly_queue); @@ -398,9 +400,9 @@ static void free_transport(struct smb_direct_transport *t)

ksmbd_debug(RDMA, "wait for all send posted to IB to finish\n"); wait_event(t->wait_send_payload_pending, - atomic_read(&t->send_payload_pending) == 0); + atomic_read(&t->send_payload_pending) == 0); wait_event(t->wait_send_pending, - atomic_read(&t->send_pending) == 0); + atomic_read(&t->send_pending) == 0);

cancel_work_sync(&t->disconnect_work); cancel_delayed_work_sync(&t->post_recv_credits_work); @@ -454,18 +456,18 @@ static struct smb_direct_sendmsg }

static void smb_direct_free_sendmsg(struct smb_direct_transport *t, - struct smb_direct_sendmsg *msg) + struct smb_direct_sendmsg *msg) { int i;

if (msg->num_sge > 0) { ib_dma_unmap_single(t->cm_id->device, - msg->sge[0].addr, msg->sge[0].length, - DMA_TO_DEVICE); + msg->sge[0].addr, msg->sge[0].length, + DMA_TO_DEVICE); for (i = 1; i < msg->num_sge; i++) ib_dma_unmap_page(t->cm_id->device, - msg->sge[i].addr, msg->sge[i].length, - DMA_TO_DEVICE); + msg->sge[i].addr, msg->sge[i].length, + DMA_TO_DEVICE); } mempool_free(msg, t->sendmsg_mempool); } @@ -479,24 +481,24 @@ static int smb_direct_check_recvmsg(struct smb_direct_recvmsg *recvmsg) struct smb2_hdr *hdr = (struct smb2_hdr *)(recvmsg->packet + le32_to_cpu(req->data_offset) - 4); ksmbd_debug(RDMA, - "CreditGranted: %u, CreditRequested: %u, DataLength: %u, RemainingDataLength: %u, SMB: %x, Command: %u\n", - le16_to_cpu(req->credits_granted), - le16_to_cpu(req->credits_requested), - req->data_length, req->remaining_data_length, - hdr->ProtocolId, hdr->Command); + "CreditGranted: %u, CreditRequested: %u, DataLength: %u, RemainingDataLength: %u, SMB: %x, Command: %u\n", + le16_to_cpu(req->credits_granted), + le16_to_cpu(req->credits_requested), + req->data_length, req->remaining_data_length, + hdr->ProtocolId, hdr->Command); break; } case SMB_DIRECT_MSG_NEGOTIATE_REQ: { struct smb_direct_negotiate_req *req = (struct smb_direct_negotiate_req *)recvmsg->packet; ksmbd_debug(RDMA, - "MinVersion: %u, MaxVersion: %u, CreditRequested: %u, MaxSendSize: %u, MaxRecvSize: %u, MaxFragmentedSize: %u\n", - le16_to_cpu(req->min_version), - le16_to_cpu(req->max_version), - le16_to_cpu(req->credits_requested), - le32_to_cpu(req->preferred_send_size), - le32_to_cpu(req->max_receive_size), - le32_to_cpu(req->max_fragmented_size)); + "MinVersion: %u, MaxVersion: %u, CreditRequested: %u, MaxSendSize: %u, MaxRecvSize: %u, MaxFragmentedSize: %u\n", + le16_to_cpu(req->min_version), + le16_to_cpu(req->max_version), + le16_to_cpu(req->credits_requested), + le32_to_cpu(req->preferred_send_size), + le32_to_cpu(req->max_receive_size), + le32_to_cpu(req->max_fragmented_size)); if (le16_to_cpu(req->min_version) > 0x0100 || le16_to_cpu(req->max_version) < 0x0100) return -EOPNOTSUPP; @@ -525,8 +527,8 @@ static void recv_done(struct ib_cq *cq, struct ib_wc *wc) if (wc->status != IB_WC_SUCCESS || wc->opcode != IB_WC_RECV) { if (wc->status != IB_WC_WR_FLUSH_ERR) { ksmbd_err("Recv error. status='%s (%d)' opcode=%d\n", - ib_wc_status_msg(wc->status), wc->status, - wc->opcode); + ib_wc_status_msg(wc->status), wc->status, + wc->opcode); smb_direct_disconnect_rdma_connection(t); } put_empty_recvmsg(t, recvmsg); @@ -534,11 +536,11 @@ static void recv_done(struct ib_cq *cq, struct ib_wc *wc) }

ksmbd_debug(RDMA, "Recv completed. status='%s (%d)', opcode=%d\n", - ib_wc_status_msg(wc->status), wc->status, - wc->opcode); + ib_wc_status_msg(wc->status), wc->status, + wc->opcode);

ib_dma_sync_single_for_cpu(wc->qp->device, recvmsg->sge.addr, - recvmsg->sge.length, DMA_FROM_DEVICE); + recvmsg->sge.length, DMA_FROM_DEVICE);

switch (recvmsg->type) { case SMB_DIRECT_MSG_NEGOTIATE_REQ: @@ -580,10 +582,10 @@ static void recv_done(struct ib_cq *cq, struct ib_wc *wc) t->recv_credit_target = le16_to_cpu(data_transfer->credits_requested); atomic_add(le16_to_cpu(data_transfer->credits_granted), - &t->send_credits); + &t->send_credits);

if (le16_to_cpu(data_transfer->flags) & - SMB_DIRECT_RESPONSE_REQUESTED) + SMB_DIRECT_RESPONSE_REQUESTED) queue_work(smb_direct_wq, &t->send_immediate_work);

if (atomic_read(&t->send_credits) > 0) @@ -591,7 +593,7 @@ static void recv_done(struct ib_cq *cq, struct ib_wc *wc)

if (is_receive_credit_post_required(receive_credits, avail_recvmsg_count)) mod_delayed_work(smb_direct_wq, - &t->post_recv_credits_work, 0); + &t->post_recv_credits_work, 0); break; } default: @@ -600,14 +602,14 @@ static void recv_done(struct ib_cq *cq, struct ib_wc *wc) }

static int smb_direct_post_recv(struct smb_direct_transport *t, - struct smb_direct_recvmsg *recvmsg) + struct smb_direct_recvmsg *recvmsg) { struct ib_recv_wr wr; int ret;

recvmsg->sge.addr = ib_dma_map_single(t->cm_id->device, - recvmsg->packet, t->max_recv_size, - DMA_FROM_DEVICE); + recvmsg->packet, t->max_recv_size, + DMA_FROM_DEVICE); ret = ib_dma_mapping_error(t->cm_id->device, recvmsg->sge.addr); if (ret) return ret; @@ -624,8 +626,8 @@ static int smb_direct_post_recv(struct smb_direct_transport *t, if (ret) { ksmbd_err("Can't post recv: %d\n", ret); ib_dma_unmap_single(t->cm_id->device, - recvmsg->sge.addr, recvmsg->sge.length, - DMA_FROM_DEVICE); + recvmsg->sge.addr, recvmsg->sge.length, + DMA_FROM_DEVICE); smb_direct_disconnect_rdma_connection(t); return ret; } @@ -633,7 +635,7 @@ static int smb_direct_post_recv(struct smb_direct_transport *t, }

static int smb_direct_read(struct ksmbd_transport *t, char *buf, - unsigned int size) + unsigned int size) { struct smb_direct_recvmsg *recvmsg; struct smb_direct_data_transfer *data_transfer; @@ -692,14 +694,14 @@ static int smb_direct_read(struct ksmbd_transport *t, char *buf, data_read = 4; recvmsg->first_segment = false; ksmbd_debug(RDMA, - "returning rfc1002 length %d\n", - rfc1002_len); + "returning rfc1002 length %d\n", + rfc1002_len); goto read_rfc1002_done; }

to_copy = min_t(int, data_length - offset, to_read); memcpy(buf + data_read, (char *)data_transfer + data_offset + offset, - to_copy); + to_copy);

/* move on to the next buffer? */ if (to_copy == data_length - offset) { @@ -736,23 +738,24 @@ static int smb_direct_read(struct ksmbd_transport *t, char *buf, if (is_receive_credit_post_required(st->recv_credits, st->count_avail_recvmsg)) { spin_unlock(&st->receive_credit_lock); mod_delayed_work(smb_direct_wq, - &st->post_recv_credits_work, 0); + &st->post_recv_credits_work, 0); } else { spin_unlock(&st->receive_credit_lock); }

st->first_entry_offset = offset; ksmbd_debug(RDMA, - "returning to thread data_read=%d reassembly_data_length=%d first_entry_offset=%d\n", - data_read, st->reassembly_data_length, - st->first_entry_offset); + "returning to thread data_read=%d reassembly_data_length=%d first_entry_offset=%d\n", + data_read, st->reassembly_data_length, + st->first_entry_offset); read_rfc1002_done: return data_read; }

ksmbd_debug(RDMA, "wait_event on more data\n"); rc = wait_event_interruptible(st->wait_reassembly_queue, - st->reassembly_data_length >= size || st->status != SMB_DIRECT_CS_CONNECTED); + st->reassembly_data_length >= size || + st->status != SMB_DIRECT_CS_CONNECTED); if (rc) return -EINTR;

@@ -823,13 +826,13 @@ static void send_done(struct ib_cq *cq, struct ib_wc *wc) t = sendmsg->transport;

ksmbd_debug(RDMA, "Send completed. status='%s (%d)', opcode=%d\n", - ib_wc_status_msg(wc->status), wc->status, - wc->opcode); + ib_wc_status_msg(wc->status), wc->status, + wc->opcode);

if (wc->status != IB_WC_SUCCESS || wc->opcode != IB_WC_SEND) { ksmbd_err("Send error. status='%s (%d)', opcode=%d\n", - ib_wc_status_msg(wc->status), wc->status, - wc->opcode); + ib_wc_status_msg(wc->status), wc->status, + wc->opcode); smb_direct_disconnect_rdma_connection(t); }

@@ -845,7 +848,7 @@ static void send_done(struct ib_cq *cq, struct ib_wc *wc) * is invalid. */ for (pos = &sendmsg->list, prev = pos->prev, end = sendmsg->list.next; - prev != end; pos = prev, prev = prev->prev) { + prev != end; pos = prev, prev = prev->prev) { sibling = container_of(pos, struct smb_direct_sendmsg, list); smb_direct_free_sendmsg(t, sibling); } @@ -867,7 +870,7 @@ static int manage_credits_prior_sending(struct smb_direct_transport *t) }

static int smb_direct_post_send(struct smb_direct_transport *t, - struct ib_send_wr *wr) + struct ib_send_wr *wr) { int ret;

@@ -892,8 +895,9 @@ static int smb_direct_post_send(struct smb_direct_transport *t, }

static void smb_direct_send_ctx_init(struct smb_direct_transport *t, - struct smb_direct_send_ctx *send_ctx, - bool need_invalidate_rkey, unsigned int remote_key) + struct smb_direct_send_ctx *send_ctx, + bool need_invalidate_rkey, + unsigned int remote_key) { INIT_LIST_HEAD(&send_ctx->msg_list); send_ctx->wr_cnt = 0; @@ -902,7 +906,8 @@ static void smb_direct_send_ctx_init(struct smb_direct_transport *t, }

static int smb_direct_flush_send_list(struct smb_direct_transport *t, - struct smb_direct_send_ctx *send_ctx, bool is_last) + struct smb_direct_send_ctx *send_ctx, + bool is_last) { struct smb_direct_sendmsg *first, *last; int ret; @@ -911,11 +916,11 @@ static int smb_direct_flush_send_list(struct smb_direct_transport *t, return 0;

first = list_first_entry(&send_ctx->msg_list, - struct smb_direct_sendmsg, - list); + struct smb_direct_sendmsg, + list); last = list_last_entry(&send_ctx->msg_list, - struct smb_direct_sendmsg, - list); + struct smb_direct_sendmsg, + list);

last->wr.send_flags = IB_SEND_SIGNALED; last->wr.wr_cqe = &last->cqe; @@ -927,12 +932,13 @@ static int smb_direct_flush_send_list(struct smb_direct_transport *t, ret = smb_direct_post_send(t, &first->wr); if (!ret) { smb_direct_send_ctx_init(t, send_ctx, - send_ctx->need_invalidate_rkey, send_ctx->remote_key); + send_ctx->need_invalidate_rkey, + send_ctx->remote_key); } else { atomic_add(send_ctx->wr_cnt, &t->send_credits); wake_up(&t->wait_send_credits); list_for_each_entry_safe(first, last, &send_ctx->msg_list, - list) { + list) { smb_direct_free_sendmsg(t, first); } } @@ -940,7 +946,7 @@ static int smb_direct_flush_send_list(struct smb_direct_transport *t, }

static int wait_for_credits(struct smb_direct_transport *t, - wait_queue_head_t *waitq, atomic_t *credits) + wait_queue_head_t *waitq, atomic_t *credits) { int ret;

@@ -950,8 +956,8 @@ static int wait_for_credits(struct smb_direct_transport *t,

atomic_inc(credits); ret = wait_event_interruptible(*waitq, - atomic_read(credits) > 0 || - t->status != SMB_DIRECT_CS_CONNECTED); + atomic_read(credits) > 0 || + t->status != SMB_DIRECT_CS_CONNECTED);

if (t->status != SMB_DIRECT_CS_CONNECTED) return -ENOTCONN; @@ -961,12 +967,12 @@ static int wait_for_credits(struct smb_direct_transport *t, }

static int wait_for_send_credits(struct smb_direct_transport *t, - struct smb_direct_send_ctx *send_ctx) + struct smb_direct_send_ctx *send_ctx) { int ret;

- if (send_ctx && (send_ctx->wr_cnt >= 16 || - atomic_read(&t->send_credits) <= 1)) { + if (send_ctx && + (send_ctx->wr_cnt >= 16 || atomic_read(&t->send_credits) <= 1)) { ret = smb_direct_flush_send_list(t, send_ctx, false); if (ret) return ret; @@ -976,8 +982,8 @@ static int wait_for_send_credits(struct smb_direct_transport *t, }

static int smb_direct_create_header(struct smb_direct_transport *t, - int size, int remaining_data_length, - struct smb_direct_sendmsg **sendmsg_out) + int size, int remaining_data_length, + struct smb_direct_sendmsg **sendmsg_out) { struct smb_direct_sendmsg *sendmsg; struct smb_direct_data_transfer *packet; @@ -1004,12 +1010,12 @@ static int smb_direct_create_header(struct smb_direct_transport *t, packet->padding = 0;

ksmbd_debug(RDMA, - "credits_requested=%d credits_granted=%d data_offset=%d data_length=%d remaining_data_length=%d\n", - le16_to_cpu(packet->credits_requested), - le16_to_cpu(packet->credits_granted), - le32_to_cpu(packet->data_offset), - le32_to_cpu(packet->data_length), - le32_to_cpu(packet->remaining_data_length)); + "credits_requested=%d credits_granted=%d data_offset=%d data_length=%d remaining_data_length=%d\n", + le16_to_cpu(packet->credits_requested), + le16_to_cpu(packet->credits_granted), + le32_to_cpu(packet->data_offset), + le32_to_cpu(packet->data_length), + le32_to_cpu(packet->remaining_data_length));

/* Map the packet to DMA */ header_length = sizeof(struct smb_direct_data_transfer); @@ -1069,8 +1075,8 @@ static int get_sg_list(void *buf, int size, struct scatterlist *sg_list, int nen }

static int get_mapped_sg_list(struct ib_device *device, void *buf, int size, - struct scatterlist *sg_list, int nentries, - enum dma_data_direction dir) + struct scatterlist *sg_list, int nentries, + enum dma_data_direction dir) { int npages;

@@ -1081,15 +1087,15 @@ static int get_mapped_sg_list(struct ib_device *device, void *buf, int size, }

static int post_sendmsg(struct smb_direct_transport *t, - struct smb_direct_send_ctx *send_ctx, - struct smb_direct_sendmsg *msg) + struct smb_direct_send_ctx *send_ctx, + struct smb_direct_sendmsg *msg) { int i;

for (i = 0; i < msg->num_sge; i++) ib_dma_sync_single_for_device(t->cm_id->device, - msg->sge[i].addr, msg->sge[i].length, - DMA_TO_DEVICE); + msg->sge[i].addr, msg->sge[i].length, + DMA_TO_DEVICE);

msg->cqe.done = send_done; msg->wr.opcode = IB_WR_SEND; @@ -1119,8 +1125,9 @@ static int post_sendmsg(struct smb_direct_transport *t, }

static int smb_direct_post_send_data(struct smb_direct_transport *t, - struct smb_direct_send_ctx *send_ctx, - struct kvec *iov, int niov, int remaining_data_length) + struct smb_direct_send_ctx *send_ctx, + struct kvec *iov, int niov, + int remaining_data_length) { int i, j, ret; struct smb_direct_sendmsg *msg; @@ -1148,8 +1155,9 @@ static int smb_direct_post_send_data(struct smb_direct_transport *t,

sg_init_table(sg, SMB_DIRECT_MAX_SEND_SGES - 1); sg_cnt = get_mapped_sg_list(t->cm_id->device, - iov[i].iov_base, iov[i].iov_len, - sg, SMB_DIRECT_MAX_SEND_SGES - 1, DMA_TO_DEVICE); + iov[i].iov_base, iov[i].iov_len, + sg, SMB_DIRECT_MAX_SEND_SGES - 1, + DMA_TO_DEVICE); if (sg_cnt <= 0) { ksmbd_err("failed to map buffer\n"); ret = -ENOMEM; @@ -1182,8 +1190,8 @@ static int smb_direct_post_send_data(struct smb_direct_transport *t, }

static int smb_direct_writev(struct ksmbd_transport *t, - struct kvec *iov, int niovs, int buflen, - bool need_invalidate, unsigned int remote_key) + struct kvec *iov, int niovs, int buflen, + bool need_invalidate, unsigned int remote_key) { struct smb_direct_transport *st = SMB_DIRECT_TRANS(t); int remaining_data_length; @@ -1217,8 +1225,8 @@ static int smb_direct_writev(struct ksmbd_transport *t, remaining_data_length -= (buflen - iov[i].iov_len); ret = smb_direct_post_send_data(st, &send_ctx, - &iov[start], i - start, - remaining_data_length); + &iov[start], i - start, + remaining_data_length); if (ret) goto done; } else { @@ -1232,11 +1240,10 @@ static int smb_direct_writev(struct ksmbd_transport *t, j * max_iov_size; vec.iov_len = min_t(int, max_iov_size, - buflen - max_iov_size * j); + buflen - max_iov_size * j); remaining_data_length -= vec.iov_len; - ret = smb_direct_post_send_data(st, - &send_ctx, &vec, 1, - remaining_data_length); + ret = smb_direct_post_send_data(st, &send_ctx, &vec, 1, + remaining_data_length); if (ret) goto done; } @@ -1252,8 +1259,8 @@ static int smb_direct_writev(struct ksmbd_transport *t, /* send out all remaining vecs */ remaining_data_length -= buflen; ret = smb_direct_post_send_data(st, &send_ctx, - &iov[start], i - start, - remaining_data_length); + &iov[start], i - start, + remaining_data_length); if (ret) goto done; break; @@ -1272,20 +1279,20 @@ static int smb_direct_writev(struct ksmbd_transport *t, */

wait_event(st->wait_send_payload_pending, - atomic_read(&st->send_payload_pending) == 0); + atomic_read(&st->send_payload_pending) == 0); return ret; }

static void read_write_done(struct ib_cq *cq, struct ib_wc *wc, - enum dma_data_direction dir) + enum dma_data_direction dir) { struct smb_direct_rdma_rw_msg *msg = container_of(wc->wr_cqe, - struct smb_direct_rdma_rw_msg, cqe); + struct smb_direct_rdma_rw_msg, cqe); struct smb_direct_transport *t = msg->t;

if (wc->status != IB_WC_SUCCESS) { ksmbd_err("read/write error. opcode = %d, status = %s(%d)\n", - wc->opcode, ib_wc_status_msg(wc->status), wc->status); + wc->opcode, ib_wc_status_msg(wc->status), wc->status); smb_direct_disconnect_rdma_connection(t); }

@@ -1293,7 +1300,7 @@ static void read_write_done(struct ib_cq *cq, struct ib_wc *wc, wake_up(&t->wait_rw_avail_ops);

rdma_rw_ctx_destroy(&msg->rw_ctx, t->qp, t->qp->port, - msg->sg_list, msg->sgt.nents, dir); + msg->sg_list, msg->sgt.nents, dir); sg_free_table_chained(&msg->sgt, SG_CHUNK_SIZE); complete(msg->completion); kfree(msg); @@ -1310,8 +1317,8 @@ static void write_done(struct ib_cq *cq, struct ib_wc *wc) }

static int smb_direct_rdma_xmit(struct smb_direct_transport *t, void *buf, - int buf_len, u32 remote_key, u64 remote_offset, u32 remote_len, - bool is_read) + int buf_len, u32 remote_key, u64 remote_offset, + u32 remote_len, bool is_read) { struct smb_direct_rdma_rw_msg *msg; int ret; @@ -1324,7 +1331,7 @@ static int smb_direct_rdma_xmit(struct smb_direct_transport *t, void *buf,

/* TODO: mempool */ msg = kmalloc(offsetof(struct smb_direct_rdma_rw_msg, sg_list) + - sizeof(struct scatterlist) * SG_CHUNK_SIZE, GFP_KERNEL); + sizeof(struct scatterlist) * SG_CHUNK_SIZE, GFP_KERNEL); if (!msg) { atomic_inc(&t->rw_avail_ops); return -ENOMEM; @@ -1332,8 +1339,8 @@ static int smb_direct_rdma_xmit(struct smb_direct_transport *t, void *buf,

msg->sgt.sgl = &msg->sg_list[0]; ret = sg_alloc_table_chained(&msg->sgt, - BUFFER_NR_PAGES(buf, buf_len), - msg->sg_list, SG_CHUNK_SIZE); + BUFFER_NR_PAGES(buf, buf_len), + msg->sg_list, SG_CHUNK_SIZE); if (ret) { atomic_inc(&t->rw_avail_ops); kfree(msg); @@ -1347,9 +1354,9 @@ static int smb_direct_rdma_xmit(struct smb_direct_transport *t, void *buf, }

ret = rdma_rw_ctx_init(&msg->rw_ctx, t->qp, t->qp->port, - msg->sg_list, BUFFER_NR_PAGES(buf, buf_len), - 0, remote_offset, remote_key, - is_read ? DMA_FROM_DEVICE : DMA_TO_DEVICE); + msg->sg_list, BUFFER_NR_PAGES(buf, buf_len), + 0, remote_offset, remote_key, + is_read ? DMA_FROM_DEVICE : DMA_TO_DEVICE); if (ret < 0) { ksmbd_err("failed to init rdma_rw_ctx: %d\n", ret); goto err; @@ -1359,7 +1366,7 @@ static int smb_direct_rdma_xmit(struct smb_direct_transport *t, void *buf, msg->cqe.done = is_read ? read_done : write_done; msg->completion = &completion; first_wr = rdma_rw_ctx_wrs(&msg->rw_ctx, t->qp, t->qp->port, - &msg->cqe, NULL); + &msg->cqe, NULL);

ret = ib_post_send(t->qp, first_wr, NULL); if (ret) { @@ -1374,29 +1381,29 @@ static int smb_direct_rdma_xmit(struct smb_direct_transport *t, void *buf, atomic_inc(&t->rw_avail_ops); if (first_wr) rdma_rw_ctx_destroy(&msg->rw_ctx, t->qp, t->qp->port, - msg->sg_list, msg->sgt.nents, - is_read ? DMA_FROM_DEVICE : DMA_TO_DEVICE); + msg->sg_list, msg->sgt.nents, + is_read ? DMA_FROM_DEVICE : DMA_TO_DEVICE); sg_free_table_chained(&msg->sgt, SG_CHUNK_SIZE); kfree(msg); return ret; }

static int smb_direct_rdma_write(struct ksmbd_transport *t, void *buf, - unsigned int buflen, u32 remote_key, u64 remote_offset, - u32 remote_len) + unsigned int buflen, u32 remote_key, + u64 remote_offset, u32 remote_len) { return smb_direct_rdma_xmit(SMB_DIRECT_TRANS(t), buf, buflen, - remote_key, remote_offset, - remote_len, false); + remote_key, remote_offset, + remote_len, false); }

static int smb_direct_rdma_read(struct ksmbd_transport *t, void *buf, - unsigned int buflen, u32 remote_key, u64 remote_offset, - u32 remote_len) + unsigned int buflen, u32 remote_key, + u64 remote_offset, u32 remote_len) { return smb_direct_rdma_xmit(SMB_DIRECT_TRANS(t), buf, buflen, - remote_key, remote_offset, - remote_len, true); + remote_key, remote_offset, + remote_len, true); }

static void smb_direct_disconnect(struct ksmbd_transport *t) @@ -1407,17 +1414,17 @@ static void smb_direct_disconnect(struct ksmbd_transport *t)

smb_direct_disconnect_rdma_connection(st); wait_event_interruptible(st->wait_status, - st->status == SMB_DIRECT_CS_DISCONNECTED); + st->status == SMB_DIRECT_CS_DISCONNECTED); free_transport(st); }

static int smb_direct_cm_handler(struct rdma_cm_id *cm_id, - struct rdma_cm_event *event) + struct rdma_cm_event *event) { struct smb_direct_transport *t = cm_id->context;

ksmbd_debug(RDMA, "RDMA CM event. cm_id=%p event=%s (%d)\n", - cm_id, rdma_event_msg(event->event), event->event); + cm_id, rdma_event_msg(event->event), event->event);

switch (event->event) { case RDMA_CM_EVENT_ESTABLISHED: { @@ -1440,8 +1447,8 @@ static int smb_direct_cm_handler(struct rdma_cm_id *cm_id, } default: ksmbd_err("Unexpected RDMA CM event. cm_id=%p, event=%s (%d)\n", - cm_id, rdma_event_msg(event->event), - event->event); + cm_id, rdma_event_msg(event->event), + event->event); break; } return 0; @@ -1452,7 +1459,7 @@ static void smb_direct_qpair_handler(struct ib_event *event, void *context) struct smb_direct_transport *t = context;

ksmbd_debug(RDMA, "Received QP event. cm_id=%p, event=%s (%d)\n", - t->cm_id, ib_event_msg(event->event), event->event); + t->cm_id, ib_event_msg(event->event), event->event);

switch (event->event) { case IB_EVENT_CQ_ERR: @@ -1465,7 +1472,7 @@ static void smb_direct_qpair_handler(struct ib_event *event, void *context) }

static int smb_direct_send_negotiate_response(struct smb_direct_transport *t, - int failed) + int failed) { struct smb_direct_sendmsg *sendmsg; struct smb_direct_negotiate_resp *resp; @@ -1498,9 +1505,9 @@ static int smb_direct_send_negotiate_response(struct smb_direct_transport *t, }

sendmsg->sge[0].addr = ib_dma_map_single(t->cm_id->device, - (void *)resp, sizeof(*resp), DMA_TO_DEVICE); - ret = ib_dma_mapping_error(t->cm_id->device, - sendmsg->sge[0].addr); + (void *)resp, sizeof(*resp), + DMA_TO_DEVICE); + ret = ib_dma_mapping_error(t->cm_id->device, sendmsg->sge[0].addr); if (ret) { smb_direct_free_sendmsg(t, sendmsg); return ret; @@ -1517,7 +1524,7 @@ static int smb_direct_send_negotiate_response(struct smb_direct_transport *t, }

wait_event(t->wait_send_pending, - atomic_read(&t->send_pending) == 0); + atomic_read(&t->send_pending) == 0); return 0; }

@@ -1529,13 +1536,13 @@ static int smb_direct_accept_client(struct smb_direct_transport *t) int ret;

memset(&conn_param, 0, sizeof(conn_param)); - conn_param.initiator_depth = min_t(u8, - t->cm_id->device->attrs.max_qp_rd_atom, - SMB_DIRECT_CM_INITIATOR_DEPTH); + conn_param.initiator_depth = min_t(u8, t->cm_id->device->attrs.max_qp_rd_atom, + SMB_DIRECT_CM_INITIATOR_DEPTH); conn_param.responder_resources = 0;

t->cm_id->device->ops.get_port_immutable(t->cm_id->device, - t->cm_id->port_num, &port_immutable); + t->cm_id->port_num, + &port_immutable); if (port_immutable.core_cap_flags & RDMA_CORE_PORT_IWARP) { ird_ord_hdr[0] = conn_param.responder_resources; ird_ord_hdr[1] = 1; @@ -1590,9 +1597,9 @@ static int smb_direct_negotiate(struct smb_direct_transport *t)

ksmbd_debug(RDMA, "Waiting for SMB_DIRECT negotiate request\n"); ret = wait_event_interruptible_timeout(t->wait_status, - t->negotiation_requested || - t->status == SMB_DIRECT_CS_DISCONNECTED, - SMB_DIRECT_NEGOTIATE_TIMEOUT * HZ); + t->negotiation_requested || + t->status == SMB_DIRECT_CS_DISCONNECTED, + SMB_DIRECT_NEGOTIATE_TIMEOUT * HZ); if (ret <= 0 || t->status == SMB_DIRECT_CS_DISCONNECTED) { ret = ret < 0 ? ret : -ETIMEDOUT; goto out; @@ -1604,9 +1611,9 @@ static int smb_direct_negotiate(struct smb_direct_transport *t)

req = (struct smb_direct_negotiate_req *)recvmsg->packet; t->max_recv_size = min_t(int, t->max_recv_size, - le32_to_cpu(req->preferred_send_size)); + le32_to_cpu(req->preferred_send_size)); t->max_send_size = min_t(int, t->max_send_size, - le32_to_cpu(req->max_receive_size)); + le32_to_cpu(req->max_receive_size)); t->max_fragmented_send_size = le32_to_cpu(req->max_fragmented_size);

@@ -1618,7 +1625,7 @@ static int smb_direct_negotiate(struct smb_direct_transport *t) }

static int smb_direct_init_params(struct smb_direct_transport *t, - struct ib_qp_cap *cap) + struct ib_qp_cap *cap) { struct ib_device *device = t->cm_id->device; int max_send_sges, max_pages, max_rw_wrs, max_send_wrs; @@ -1650,30 +1657,30 @@ static int smb_direct_init_params(struct smb_direct_transport *t, if (max_send_wrs > device->attrs.max_cqe || max_send_wrs > device->attrs.max_qp_wr) { ksmbd_err("consider lowering send_credit_target = %d, or max_outstanding_rw_ops = %d\n", - smb_direct_send_credit_target, - smb_direct_max_outstanding_rw_ops); + smb_direct_send_credit_target, + smb_direct_max_outstanding_rw_ops); ksmbd_err("Possible CQE overrun, device reporting max_cqe %d max_qp_wr %d\n", - device->attrs.max_cqe, device->attrs.max_qp_wr); + device->attrs.max_cqe, device->attrs.max_qp_wr); return -EINVAL; }

if (smb_direct_receive_credit_max > device->attrs.max_cqe || smb_direct_receive_credit_max > device->attrs.max_qp_wr) { ksmbd_err("consider lowering receive_credit_max = %d\n", - smb_direct_receive_credit_max); + smb_direct_receive_credit_max); ksmbd_err("Possible CQE overrun, device reporting max_cpe %d max_qp_wr %d\n", - device->attrs.max_cqe, device->attrs.max_qp_wr); + device->attrs.max_cqe, device->attrs.max_qp_wr); return -EINVAL; }

if (device->attrs.max_send_sge < SMB_DIRECT_MAX_SEND_SGES) { ksmbd_err("warning: device max_send_sge = %d too small\n", - device->attrs.max_send_sge); + device->attrs.max_send_sge); return -EINVAL; } if (device->attrs.max_recv_sge < SMB_DIRECT_MAX_RECV_SGES) { ksmbd_err("warning: device max_recv_sge = %d too small\n", - device->attrs.max_recv_sge); + device->attrs.max_recv_sge); return -EINVAL; }

@@ -1731,29 +1738,29 @@ static int smb_direct_create_pools(struct smb_direct_transport *t)

snprintf(name, sizeof(name), "smb_direct_rqst_pool_%p", t); t->sendmsg_cache = kmem_cache_create(name, - sizeof(struct smb_direct_sendmsg) + - sizeof(struct smb_direct_negotiate_resp), - 0, SLAB_HWCACHE_ALIGN, NULL); + sizeof(struct smb_direct_sendmsg) + + sizeof(struct smb_direct_negotiate_resp), + 0, SLAB_HWCACHE_ALIGN, NULL); if (!t->sendmsg_cache) return -ENOMEM;

t->sendmsg_mempool = mempool_create(t->send_credit_target, - mempool_alloc_slab, mempool_free_slab, - t->sendmsg_cache); + mempool_alloc_slab, mempool_free_slab, + t->sendmsg_cache); if (!t->sendmsg_mempool) goto err;

snprintf(name, sizeof(name), "smb_direct_resp_%p", t); t->recvmsg_cache = kmem_cache_create(name, - sizeof(struct smb_direct_recvmsg) + - t->max_recv_size, - 0, SLAB_HWCACHE_ALIGN, NULL); + sizeof(struct smb_direct_recvmsg) + + t->max_recv_size, + 0, SLAB_HWCACHE_ALIGN, NULL); if (!t->recvmsg_cache) goto err;

t->recvmsg_mempool = mempool_create(t->recv_credit_max, mempool_alloc_slab, - mempool_free_slab, t->recvmsg_cache); + mempool_free_slab, t->recvmsg_cache); if (!t->recvmsg_mempool) goto err;

@@ -1775,7 +1782,7 @@ static int smb_direct_create_pools(struct smb_direct_transport *t) }

static int smb_direct_create_qpair(struct smb_direct_transport *t, - struct ib_qp_cap *cap) + struct ib_qp_cap *cap) { int ret; struct ib_qp_init_attr qp_attr; @@ -1789,7 +1796,7 @@ static int smb_direct_create_qpair(struct smb_direct_transport *t, }

t->send_cq = ib_alloc_cq(t->cm_id->device, t, - t->send_credit_target, 0, IB_POLL_WORKQUEUE); + t->send_credit_target, 0, IB_POLL_WORKQUEUE); if (IS_ERR(t->send_cq)) { ksmbd_err("Can't create RDMA send CQ\n"); ret = PTR_ERR(t->send_cq); @@ -1798,8 +1805,8 @@ static int smb_direct_create_qpair(struct smb_direct_transport *t, }

t->recv_cq = ib_alloc_cq(t->cm_id->device, t, - cap->max_send_wr + cap->max_rdma_ctxs, - 0, IB_POLL_WORKQUEUE); + cap->max_send_wr + cap->max_rdma_ctxs, + 0, IB_POLL_WORKQUEUE); if (IS_ERR(t->recv_cq)) { ksmbd_err("Can't create RDMA recv CQ\n"); ret = PTR_ERR(t->recv_cq); @@ -1896,8 +1903,8 @@ static int smb_direct_handle_connect_request(struct rdma_cm_id *new_cm_id)

if (!rdma_frwr_is_supported(&new_cm_id->device->attrs)) { ksmbd_debug(RDMA, - "Fast Registration Work Requests is not supported. device capabilities=%llx\n", - new_cm_id->device->attrs.device_cap_flags); + "Fast Registration Work Requests is not supported. device capabilities=%llx\n", + new_cm_id->device->attrs.device_cap_flags); return -EPROTONOSUPPORT; }

@@ -1906,7 +1913,8 @@ static int smb_direct_handle_connect_request(struct rdma_cm_id *new_cm_id) return -ENOMEM;

KSMBD_TRANS(t)->handler = kthread_run(ksmbd_conn_handler_loop, - KSMBD_TRANS(t)->conn, "ksmbd:r%u", SMB_DIRECT_PORT); + KSMBD_TRANS(t)->conn, "ksmbd:r%u", + SMB_DIRECT_PORT); if (IS_ERR(KSMBD_TRANS(t)->handler)) { int ret = PTR_ERR(KSMBD_TRANS(t)->handler);

@@ -1919,7 +1927,7 @@ static int smb_direct_handle_connect_request(struct rdma_cm_id *new_cm_id) }

static int smb_direct_listen_handler(struct rdma_cm_id *cm_id, - struct rdma_cm_event *event) + struct rdma_cm_event *event) { switch (event->event) { case RDMA_CM_EVENT_CONNECT_REQUEST: { @@ -1931,13 +1939,12 @@ static int smb_direct_listen_handler(struct rdma_cm_id *cm_id, }

ksmbd_debug(RDMA, "Received connection request. cm_id=%p\n", - cm_id); + cm_id); break; } default: ksmbd_err("Unexpected listen event. cm_id=%p, event=%s (%d)\n", - cm_id, - rdma_event_msg(event->event), event->event); + cm_id, rdma_event_msg(event->event), event->event); break; } return 0; @@ -1954,10 +1961,9 @@ static int smb_direct_listen(int port) };

cm_id = rdma_create_id(&init_net, smb_direct_listen_handler, - &smb_direct_listener, RDMA_PS_TCP, IB_QPT_RC); + &smb_direct_listener, RDMA_PS_TCP, IB_QPT_RC); if (IS_ERR(cm_id)) { - ksmbd_err("Can't create cm id: %ld\n", - PTR_ERR(cm_id)); + ksmbd_err("Can't create cm id: %ld\n", PTR_ERR(cm_id)); return PTR_ERR(cm_id); }

@@ -1993,7 +1999,7 @@ int ksmbd_rdma_init(void) * for lack of credits */ smb_direct_wq = alloc_workqueue("ksmbd-smb_direct-wq", - WQ_HIGHPRI | WQ_MEM_RECLAIM, 0); + WQ_HIGHPRI | WQ_MEM_RECLAIM, 0); if (!smb_direct_wq) return -ENOMEM;

@@ -2006,7 +2012,7 @@ int ksmbd_rdma_init(void) }

ksmbd_debug(RDMA, "init RDMA listener. cm_id=%p\n", - smb_direct_listener.cm_id); + smb_direct_listener.cm_id); return 0; }

diff --git a/fs/cifsd/transport_tcp.c b/fs/cifsd/transport_tcp.c index 040881893417..5bd332a58596 100644 --- a/fs/cifsd/transport_tcp.c +++ b/fs/cifsd/transport_tcp.c @@ -113,7 +113,7 @@ static void free_transport(struct tcp_transport *t) * Return: Number of IO segments */ static unsigned int kvec_array_init(struct kvec *new, struct kvec *iov, - unsigned int nr_segs, size_t bytes) + unsigned int nr_segs, size_t bytes) { size_t base = 0;

@@ -197,8 +197,9 @@ static int ksmbd_tcp_new_connection(struct socket *client_sk) }

KSMBD_TRANS(t)->handler = kthread_run(ksmbd_conn_handler_loop, - KSMBD_TRANS(t)->conn, - "ksmbd:%u", ksmbd_tcp_get_port(csin)); + KSMBD_TRANS(t)->conn, + "ksmbd:%u", + ksmbd_tcp_get_port(csin)); if (IS_ERR(KSMBD_TRANS(t)->handler)) { ksmbd_err("cannot start conn thread\n"); rc = PTR_ERR(KSMBD_TRANS(t)->handler); @@ -230,7 +231,7 @@ static int ksmbd_kthread_fn(void *p) break; } ret = kernel_accept(iface->ksmbd_socket, &client_sk, - O_NONBLOCK); + O_NONBLOCK); mutex_unlock(&iface->sock_release_lock); if (ret) { if (ret == -EAGAIN) @@ -265,8 +266,8 @@ static int ksmbd_tcp_run_kthread(struct interface *iface) int rc; struct task_struct *kthread;

- kthread = kthread_run(ksmbd_kthread_fn, (void *)iface, - "ksmbd-%s", iface->name); + kthread = kthread_run(ksmbd_kthread_fn, (void *)iface, "ksmbd-%s", + iface->name); if (IS_ERR(kthread)) { rc = PTR_ERR(kthread); return rc; @@ -287,7 +288,7 @@ static int ksmbd_tcp_run_kthread(struct interface *iface) * otherwise return error number */ static int ksmbd_tcp_readv(struct tcp_transport *t, struct kvec *iov_orig, - unsigned int nr_segs, unsigned int to_read) + unsigned int nr_segs, unsigned int to_read) { int length = 0; int total_read; @@ -353,7 +354,8 @@ static int ksmbd_tcp_read(struct ksmbd_transport *t, char *buf, unsigned int to_ }

static int ksmbd_tcp_writev(struct ksmbd_transport *t, struct kvec *iov, - int nvecs, int size, bool need_invalidate, unsigned int remote_key) + int nvecs, int size, bool need_invalidate, + unsigned int remote_key)

{ struct msghdr smb_msg = {.msg_flags = MSG_NOSIGNAL}; @@ -401,7 +403,7 @@ static int create_socket(struct interface *iface) if (ret) { ksmbd_err("Can't create socket for ipv6, try ipv4: %d\n", ret); ret = sock_create(PF_INET, SOCK_STREAM, IPPROTO_TCP, - &ksmbd_socket); + &ksmbd_socket); if (ret) { ksmbd_err("Can't create socket for ipv4: %d\n", ret); goto out_error; @@ -432,10 +434,10 @@ static int create_socket(struct interface *iface)

if (ipv4) ret = kernel_bind(ksmbd_socket, (struct sockaddr *)&sin, - sizeof(sin)); + sizeof(sin)); else ret = kernel_bind(ksmbd_socket, (struct sockaddr *)&sin6, - sizeof(sin6)); + sizeof(sin6)); if (ret) { ksmbd_err("Failed to bind socket: %d\n", ret); goto out_error; @@ -467,7 +469,7 @@ static int create_socket(struct interface *iface) }

static int ksmbd_netdev_event(struct notifier_block *nb, unsigned long event, - void *ptr) + void *ptr) { struct net_device *netdev = netdev_notifier_info_to_dev(ptr); struct interface *iface; diff --git a/fs/cifsd/unicode.c b/fs/cifsd/unicode.c index 38bba50c4f16..a0db699ddafd 100644 --- a/fs/cifsd/unicode.c +++ b/fs/cifsd/unicode.c @@ -27,7 +27,7 @@ * Return: string length after conversion */ static int smb_utf16_bytes(const __le16 *from, int maxbytes, - const struct nls_table *codepage) + const struct nls_table *codepage) { int i; int charlen, outlen = 0; @@ -65,7 +65,7 @@ static int smb_utf16_bytes(const __le16 *from, int maxbytes, */ static int cifs_mapchar(char *target, const __u16 src_char, const struct nls_table *cp, - bool mapchar) + bool mapchar) { int len = 1;

@@ -156,7 +156,7 @@ static inline int is_char_allowed(char *ch) * Return: string length after conversion */ static int smb_from_utf16(char *to, const __le16 *from, int tolen, int fromlen, - const struct nls_table *codepage, bool mapchar) + const struct nls_table *codepage, bool mapchar) { int i, charlen, safelen; int outlen = 0; @@ -210,7 +210,7 @@ static int smb_from_utf16(char *to, const __le16 *from, int tolen, int fromlen, * Return: string length after conversion */ int smb_strtoUTF16(__le16 *to, const char *from, int len, - const struct nls_table *codepage) + const struct nls_table *codepage) { int charlen; int i; @@ -224,7 +224,7 @@ int smb_strtoUTF16(__le16 *to, const char *from, int len, * in destination len is length in wchar_t units (16bits) */ i = utf8s_to_utf16s(from, len, UTF16_LITTLE_ENDIAN, - (wchar_t *)to, len); + (wchar_t *)to, len);

/* if success terminate and exit */ if (i >= 0) @@ -267,7 +267,8 @@ int smb_strtoUTF16(__le16 *to, const char *from, int len, * Return: destination string buffer or error ptr */ char *smb_strndup_from_utf16(const char *src, const int maxlen, - const bool is_unicode, const struct nls_table *codepage) + const bool is_unicode, + const struct nls_table *codepage) { int len, ret; char *dst; @@ -279,7 +280,7 @@ char *smb_strndup_from_utf16(const char *src, const int maxlen, if (!dst) return ERR_PTR(-ENOMEM); ret = smb_from_utf16(dst, (__le16 *)src, len, maxlen, codepage, - false); + false); if (ret < 0) { kfree(dst); return ERR_PTR(-EINVAL); @@ -318,7 +319,7 @@ char *smb_strndup_from_utf16(const char *src, const int maxlen, * Return: char length after conversion */ int smbConvertToUTF16(__le16 *target, const char *source, int srclen, - const struct nls_table *cp, int mapchars) + const struct nls_table *cp, int mapchars) { int i, j, charlen; char src_char; diff --git a/fs/cifsd/unicode.h b/fs/cifsd/unicode.h index 68f1c8290911..5593024230ae 100644 --- a/fs/cifsd/unicode.h +++ b/fs/cifsd/unicode.h @@ -63,11 +63,12 @@ extern const struct UniCaseRange CifsUniLowerRange[];

#ifdef __KERNEL__ int smb_strtoUTF16(__le16 *to, const char *from, int len, - const struct nls_table *codepage); + const struct nls_table *codepage); char *smb_strndup_from_utf16(const char *src, const int maxlen, - const bool is_unicode, const struct nls_table *codepage); + const bool is_unicode, + const struct nls_table *codepage); int smbConvertToUTF16(__le16 *target, const char *source, int srclen, - const struct nls_table *cp, int mapchars); + const struct nls_table *cp, int mapchars); char *ksmbd_extract_sharename(char *treename); #endif

@@ -198,7 +199,7 @@ static inline int UniStrncmp(const wchar_t *ucs1, const wchar_t *ucs2, size_t n) /* * UniStrncmp_le: Compare length limited string - native to little-endian */ - static inline int +static inline int UniStrncmp_le(const wchar_t *ucs1, const wchar_t *ucs2, size_t n) { if (!n) diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index e1295b72c410..355e1a5a893b 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -52,7 +52,8 @@ static char *extract_last_component(char *path) }

static void ksmbd_vfs_inherit_owner(struct ksmbd_work *work, - struct inode *parent_inode, struct inode *inode) + struct inode *parent_inode, + struct inode *inode) { if (!test_share_config_flag(work->tcon->share_conf, KSMBD_SHARE_FLAG_INHERIT_OWNER)) @@ -84,7 +85,7 @@ int ksmbd_vfs_inode_permission(struct dentry *dentry, int acc_mode, bool delete) parent = dget_parent(dentry); inode_lock_nested(d_inode(parent), I_MUTEX_PARENT); child = lookup_one_len(dentry->d_name.name, parent, - dentry->d_name.len); + dentry->d_name.len); if (IS_ERR(child)) { ret = PTR_ERR(child); goto out_lock; @@ -130,7 +131,7 @@ int ksmbd_vfs_query_maximal_access(struct dentry *dentry, __le32 *daccess) parent = dget_parent(dentry); inode_lock_nested(d_inode(parent), I_MUTEX_PARENT); child = lookup_one_len(dentry->d_name.name, parent, - dentry->d_name.len); + dentry->d_name.len); if (IS_ERR(child)) { ret = PTR_ERR(child); goto out_lock; @@ -171,7 +172,7 @@ int ksmbd_vfs_create(struct ksmbd_work *work, const char *name, umode_t mode) err = PTR_ERR(dentry); if (err != -ENOENT) ksmbd_err("path create failed for %s, err %d\n", - name, err); + name, err); return err; }

@@ -179,7 +180,7 @@ int ksmbd_vfs_create(struct ksmbd_work *work, const char *name, umode_t mode) err = vfs_create(&init_user_ns, d_inode(path.dentry), dentry, mode, true); if (!err) { ksmbd_vfs_inherit_owner(work, d_inode(path.dentry), - d_inode(dentry)); + d_inode(dentry)); } else { ksmbd_err("File(%s): creation failed (err:%d)\n", name, err); } @@ -206,7 +207,7 @@ int ksmbd_vfs_mkdir(struct ksmbd_work *work, const char *name, umode_t mode) err = PTR_ERR(dentry); if (err != -EEXIST) ksmbd_debug(VFS, "path create failed for %s, err %d\n", - name, err); + name, err); return err; }

@@ -217,9 +218,8 @@ int ksmbd_vfs_mkdir(struct ksmbd_work *work, const char *name, umode_t mode) } else if (d_unhashed(dentry)) { struct dentry *d;

- d = lookup_one_len(dentry->d_name.name, - dentry->d_parent, - dentry->d_name.len); + d = lookup_one_len(dentry->d_name.name, dentry->d_parent, + dentry->d_name.len); if (IS_ERR(d)) { err = PTR_ERR(d); goto out; @@ -230,8 +230,7 @@ int ksmbd_vfs_mkdir(struct ksmbd_work *work, const char *name, umode_t mode) goto out; }

- ksmbd_vfs_inherit_owner(work, d_inode(path.dentry), - d_inode(d)); + ksmbd_vfs_inherit_owner(work, d_inode(path.dentry), d_inode(d)); dput(d); } out: @@ -242,7 +241,7 @@ int ksmbd_vfs_mkdir(struct ksmbd_work *work, const char *name, umode_t mode) }

static ssize_t ksmbd_vfs_getcasexattr(struct dentry *dentry, char *attr_name, - int attr_name_len, char **attr_value) + int attr_name_len, char **attr_value) { char *name, *xattr_list = NULL; ssize_t value_len = -ENOENT, xattr_list_len; @@ -271,14 +270,14 @@ static ssize_t ksmbd_vfs_getcasexattr(struct dentry *dentry, char *attr_name, }

static int ksmbd_vfs_stream_read(struct ksmbd_file *fp, char *buf, loff_t *pos, - size_t count) + size_t count) { ssize_t v_len; char *stream_buf = NULL; int err;

ksmbd_debug(VFS, "read stream data pos : %llu, count : %zd\n", - *pos, count); + *pos, count);

v_len = ksmbd_vfs_getcasexattr(fp->filp->f_path.dentry, fp->stream.name, @@ -304,7 +303,7 @@ static int ksmbd_vfs_stream_read(struct ksmbd_file *fp, char *buf, loff_t *pos, * Return: 0 on success, otherwise error */ static int check_lock_range(struct file *filp, loff_t start, loff_t end, - unsigned char type) + unsigned char type) { struct file_lock *flock; struct file_lock_context *ctx = file_inode(filp)->i_flctx; @@ -348,7 +347,7 @@ static int check_lock_range(struct file *filp, loff_t start, loff_t end, * Return: number of read bytes on success, otherwise error */ int ksmbd_vfs_read(struct ksmbd_work *work, struct ksmbd_file *fp, size_t count, - loff_t *pos) + loff_t *pos) { struct file *filp; ssize_t nbytes = 0; @@ -377,8 +376,7 @@ int ksmbd_vfs_read(struct ksmbd_work *work, struct ksmbd_file *fp, size_t count, if (!work->tcon->posix_extensions) { int ret;

- ret = check_lock_range(filp, *pos, *pos + count - 1, - READ); + ret = check_lock_range(filp, *pos, *pos + count - 1, READ); if (ret) { ksmbd_err("unable to read due to lock\n"); return -EAGAIN; @@ -388,7 +386,7 @@ int ksmbd_vfs_read(struct ksmbd_work *work, struct ksmbd_file *fp, size_t count, nbytes = kernel_read(filp, rbuf, count, pos); if (nbytes < 0) { ksmbd_err("smb read failed for (%s), err = %zd\n", - fp->filename, nbytes); + fp->filename, nbytes); return nbytes; }

@@ -397,14 +395,14 @@ int ksmbd_vfs_read(struct ksmbd_work *work, struct ksmbd_file *fp, size_t count, }

static int ksmbd_vfs_stream_write(struct ksmbd_file *fp, char *buf, loff_t *pos, - size_t count) + size_t count) { char *stream_buf = NULL, *wbuf; size_t size, v_len; int err = 0;

ksmbd_debug(VFS, "write stream data pos : %llu, count : %zd\n", - *pos, count); + *pos, count);

size = *pos + count; if (size > XATTR_SIZE_MAX) { @@ -464,8 +462,8 @@ static int ksmbd_vfs_stream_write(struct ksmbd_file *fp, char *buf, loff_t *pos, * Return: 0 on success, otherwise error */ int ksmbd_vfs_write(struct ksmbd_work *work, struct ksmbd_file *fp, - char *buf, size_t count, loff_t *pos, bool sync, - ssize_t *written) + char *buf, size_t count, loff_t *pos, bool sync, + ssize_t *written) { struct ksmbd_session *sess = work->sess; struct file *filp; @@ -514,7 +512,7 @@ int ksmbd_vfs_write(struct ksmbd_work *work, struct ksmbd_file *fp, err = vfs_fsync_range(filp, offset, offset + *written, 0); if (err < 0) ksmbd_err("fsync failed for filename = %s, err = %d\n", - FP_FILENAME(fp), err); + FP_FILENAME(fp), err); }

out: @@ -588,11 +586,11 @@ int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name) parent = dget_parent(path.dentry); inode_lock_nested(d_inode(parent), I_MUTEX_PARENT); dentry = lookup_one_len(path.dentry->d_name.name, parent, - strlen(path.dentry->d_name.name)); + strlen(path.dentry->d_name.name)); if (IS_ERR(dentry)) { err = PTR_ERR(dentry); ksmbd_debug(VFS, "%s: lookup failed, err %d\n", - path.dentry->d_name.name, err); + path.dentry->d_name.name, err); goto out_err; }

@@ -606,12 +604,12 @@ int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name) err = vfs_rmdir(&init_user_ns, d_inode(parent), dentry); if (err && err != -ENOTEMPTY) ksmbd_debug(VFS, "%s: rmdir failed, err %d\n", name, - err); + err); } else { err = vfs_unlink(&init_user_ns, d_inode(parent), dentry, NULL); if (err) ksmbd_debug(VFS, "%s: unlink failed, err %d\n", name, - err); + err); }

dput(dentry); @@ -631,7 +629,7 @@ int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name) * Return: 0 on success, otherwise error */ int ksmbd_vfs_link(struct ksmbd_work *work, const char *oldname, - const char *newname) + const char *newname) { struct path oldpath, newpath; struct dentry *dentry; @@ -643,12 +641,12 @@ int ksmbd_vfs_link(struct ksmbd_work *work, const char *oldname, err = kern_path(oldname, LOOKUP_FOLLOW, &oldpath); if (err) { ksmbd_err("cannot get linux path for %s, err = %d\n", - oldname, err); + oldname, err); goto out1; }

dentry = kern_path_create(AT_FDCWD, newname, &newpath, - LOOKUP_FOLLOW | LOOKUP_REVAL); + LOOKUP_FOLLOW | LOOKUP_REVAL); if (IS_ERR(dentry)) { err = PTR_ERR(dentry); ksmbd_err("path create err for %s, err %d\n", newname, err); @@ -662,7 +660,7 @@ int ksmbd_vfs_link(struct ksmbd_work *work, const char *oldname, }

err = vfs_link(oldpath.dentry, &init_user_ns, d_inode(newpath.dentry), - dentry, NULL); + dentry, NULL); if (err) ksmbd_debug(VFS, "vfs_link failed err %d\n", err);

@@ -676,9 +674,11 @@ int ksmbd_vfs_link(struct ksmbd_work *work, const char *oldname, }

static int __ksmbd_vfs_rename(struct ksmbd_work *work, - struct dentry *src_dent_parent, struct dentry *src_dent, - struct dentry *dst_dent_parent, struct dentry *trap_dent, - char *dst_name) + struct dentry *src_dent_parent, + struct dentry *src_dent, + struct dentry *dst_dent_parent, + struct dentry *trap_dent, + char *dst_name) { struct dentry *dst_dent; int err; @@ -742,7 +742,7 @@ static int __ksmbd_vfs_rename(struct ksmbd_work *work, }

int ksmbd_vfs_fp_rename(struct ksmbd_work *work, struct ksmbd_file *fp, - char *newname) + char *newname) { struct path dst_path; struct dentry *src_dent_parent, *dst_dent_parent; @@ -768,7 +768,7 @@ int ksmbd_vfs_fp_rename(struct ksmbd_work *work, struct ksmbd_file *fp, dget(src_dent); dget(dst_dent_parent); src_child = lookup_one_len(src_dent->d_name.name, src_dent_parent, - src_dent->d_name.len); + src_dent->d_name.len); if (IS_ERR(src_child)) { err = PTR_ERR(src_child); goto out_lock; @@ -807,7 +807,7 @@ int ksmbd_vfs_fp_rename(struct ksmbd_work *work, struct ksmbd_file *fp, * Return: 0 on success, otherwise error */ int ksmbd_vfs_truncate(struct ksmbd_work *work, const char *name, - struct ksmbd_file *fp, loff_t size) + struct ksmbd_file *fp, loff_t size) { struct path path; int err = 0; @@ -816,13 +816,13 @@ int ksmbd_vfs_truncate(struct ksmbd_work *work, const char *name, err = kern_path(name, 0, &path); if (err) { ksmbd_err("cannot get linux path for %s, err %d\n", - name, err); + name, err); return err; } err = vfs_truncate(&path, size); if (err) ksmbd_err("truncate failed for %s err %d\n", - name, err); + name, err); path_put(&path); } else { struct file *filp; @@ -837,10 +837,10 @@ int ksmbd_vfs_truncate(struct ksmbd_work *work, const char *name,

if (size < inode->i_size) { err = check_lock_range(filp, size, - inode->i_size - 1, WRITE); + inode->i_size - 1, WRITE); } else { err = check_lock_range(filp, inode->i_size, - size - 1, WRITE); + size - 1, WRITE); }

if (err) { @@ -852,7 +852,7 @@ int ksmbd_vfs_truncate(struct ksmbd_work *work, const char *name, err = vfs_truncate(&filp->f_path, size); if (err) ksmbd_err("truncate failed for filename : %s err %d\n", - fp->filename, err); + fp->filename, err); }

return err; @@ -904,7 +904,7 @@ static ssize_t ksmbd_vfs_xattr_len(struct dentry *dentry, char *xattr_name) * Return: read xattr value length on success, otherwise error */ ssize_t ksmbd_vfs_getxattr(struct dentry *dentry, char *xattr_name, - char **xattr_buf) + char **xattr_buf) { ssize_t xattr_len; char *buf; @@ -938,7 +938,7 @@ ssize_t ksmbd_vfs_getxattr(struct dentry *dentry, char *xattr_name, * Return: 0 on success, otherwise error */ int ksmbd_vfs_setxattr(struct dentry *dentry, const char *attr_name, - const void *attr_value, size_t attr_size, int flags) + const void *attr_value, size_t attr_size, int flags) { int err;

@@ -988,8 +988,7 @@ void ksmbd_vfs_set_fadvise(struct file *filp, __le32 option) * * Return: 0 on success, otherwise error */ -int ksmbd_vfs_lock(struct file *filp, int cmd, - struct file_lock *flock) +int ksmbd_vfs_lock(struct file *filp, int cmd, struct file_lock *flock) { ksmbd_debug(VFS, "calling vfs_lock_file\n"); return vfs_lock_file(filp, cmd, flock, NULL); @@ -1001,26 +1000,27 @@ int ksmbd_vfs_readdir(struct file *file, struct ksmbd_readdir_data *rdata) }

int ksmbd_vfs_alloc_size(struct ksmbd_work *work, struct ksmbd_file *fp, - loff_t len) + loff_t len) { smb_break_all_levII_oplock(work, fp, 1); return vfs_fallocate(fp->filp, FALLOC_FL_KEEP_SIZE, 0, len); }

int ksmbd_vfs_zero_data(struct ksmbd_work *work, struct ksmbd_file *fp, - loff_t off, loff_t len) + loff_t off, loff_t len) { smb_break_all_levII_oplock(work, fp, 1); if (fp->f_ci->m_fattr & ATTR_SPARSE_FILE_LE) return vfs_fallocate(fp->filp, - FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE, off, len); + FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE, + off, len);

return vfs_fallocate(fp->filp, FALLOC_FL_ZERO_RANGE, off, len); }

int ksmbd_vfs_fqar_lseek(struct ksmbd_file *fp, loff_t start, loff_t length, - struct file_allocated_range_buffer *ranges, - int in_count, int *out_count) + struct file_allocated_range_buffer *ranges, + int in_count, int *out_count) { struct file *f = fp->filp; struct inode *inode = FP_INODE(fp); @@ -1087,8 +1087,7 @@ int ksmbd_vfs_unlink(struct dentry *dir, struct dentry *dentry)

inode_lock_nested(d_inode(dir), I_MUTEX_PARENT); dget(dentry); - child = lookup_one_len(dentry->d_name.name, dir, - dentry->d_name.len); + child = lookup_one_len(dentry->d_name.name, dir, dentry->d_name.len); if (IS_ERR(child)) { err = PTR_ERR(child); goto out; @@ -1143,7 +1142,7 @@ unsigned short ksmbd_vfs_logical_sector_size(struct inode *inode) * @fs_ss: fs sector size struct */ void ksmbd_vfs_smb2_sector_size(struct inode *inode, - struct ksmbd_fs_sector_size *fs_ss) + struct ksmbd_fs_sector_size *fs_ss) { struct request_queue *q;

@@ -1169,7 +1168,7 @@ void ksmbd_vfs_smb2_sector_size(struct inode *inode, }

static int __dir_empty(struct dir_context *ctx, const char *name, int namlen, - loff_t offset, u64 ino, unsigned int d_type) + loff_t offset, u64 ino, unsigned int d_type) { struct ksmbd_readdir_data *buf;

@@ -1206,7 +1205,8 @@ int ksmbd_vfs_empty_dir(struct ksmbd_file *fp) }

static int __caseless_lookup(struct dir_context *ctx, const char *name, - int namlen, loff_t offset, u64 ino, unsigned int d_type) + int namlen, loff_t offset, u64 ino, + unsigned int d_type) { struct ksmbd_readdir_data *buf;

@@ -1263,7 +1263,7 @@ static int ksmbd_vfs_lookup_in_dir(struct path *dir, char *name, size_t namelen) * Return: 0 on success, otherwise error */ int ksmbd_vfs_kern_path(char *name, unsigned int flags, struct path *path, - bool caseless) + bool caseless) { int err;

@@ -1346,7 +1346,7 @@ int ksmbd_vfs_remove_acl_xattrs(struct dentry *dentry) }

for (name = xattr_list; name - xattr_list < xattr_list_len; - name += strlen(name) + 1) { + name += strlen(name) + 1) { ksmbd_debug(SMB, "%s, len %zd\n", name, strlen(name));

if (!strncmp(name, XATTR_NAME_POSIX_ACL_ACCESS, @@ -1356,7 +1356,7 @@ int ksmbd_vfs_remove_acl_xattrs(struct dentry *dentry) err = ksmbd_vfs_remove_xattr(dentry, name); if (err) ksmbd_debug(SMB, - "remove acl xattr failed : %s\n", name); + "remove acl xattr failed : %s\n", name); } } out: @@ -1394,7 +1394,7 @@ int ksmbd_vfs_remove_sd_xattrs(struct dentry *dentry) }

static struct xattr_smb_acl *ksmbd_vfs_make_xattr_posix_acl(struct inode *inode, - int acl_type) + int acl_type) { struct xattr_smb_acl *smb_acl = NULL; struct posix_acl *posix_acls; @@ -1455,7 +1455,7 @@ static struct xattr_smb_acl *ksmbd_vfs_make_xattr_posix_acl(struct inode *inode, }

int ksmbd_vfs_set_sd_xattr(struct ksmbd_conn *conn, struct dentry *dentry, - struct smb_ntsd *pntsd, int len) + struct smb_ntsd *pntsd, int len) { int rc; struct ndr sd_ndr = {0}, acl_ndr = {0}; @@ -1489,7 +1489,7 @@ int ksmbd_vfs_set_sd_xattr(struct ksmbd_conn *conn, struct dentry *dentry, smb_acl = ksmbd_vfs_make_xattr_posix_acl(inode, ACL_TYPE_ACCESS); if (S_ISDIR(inode->i_mode)) def_smb_acl = ksmbd_vfs_make_xattr_posix_acl(inode, - ACL_TYPE_DEFAULT); + ACL_TYPE_DEFAULT);

rc = ndr_encode_posix_acl(&acl_ndr, inode, smb_acl, def_smb_acl); if (rc) { @@ -1498,7 +1498,7 @@ int ksmbd_vfs_set_sd_xattr(struct ksmbd_conn *conn, struct dentry *dentry, }

rc = ksmbd_gen_sd_hash(conn, acl_ndr.data, acl_ndr.offset, - acl.posix_acl_hash); + acl.posix_acl_hash); if (rc) { ksmbd_err("failed to generate hash for ndr acl\n"); goto out; @@ -1511,7 +1511,7 @@ int ksmbd_vfs_set_sd_xattr(struct ksmbd_conn *conn, struct dentry *dentry, }

rc = ksmbd_vfs_setxattr(dentry, XATTR_NAME_SD, sd_ndr.data, - sd_ndr.offset, 0); + sd_ndr.offset, 0); if (rc < 0) ksmbd_err("Failed to store XATTR ntacl :%d\n", rc);

@@ -1524,7 +1524,7 @@ int ksmbd_vfs_set_sd_xattr(struct ksmbd_conn *conn, struct dentry *dentry, }

int ksmbd_vfs_get_sd_xattr(struct ksmbd_conn *conn, struct dentry *dentry, - struct smb_ntsd **pntsd) + struct smb_ntsd **pntsd) { int rc; struct ndr n; @@ -1543,10 +1543,10 @@ int ksmbd_vfs_get_sd_xattr(struct ksmbd_conn *conn, struct dentry *dentry, return rc;

smb_acl = ksmbd_vfs_make_xattr_posix_acl(inode, - ACL_TYPE_ACCESS); + ACL_TYPE_ACCESS); if (S_ISDIR(inode->i_mode)) def_smb_acl = ksmbd_vfs_make_xattr_posix_acl(inode, - ACL_TYPE_DEFAULT); + ACL_TYPE_DEFAULT);

rc = ndr_encode_posix_acl(&acl_ndr, inode, smb_acl, def_smb_acl); if (rc) { @@ -1555,7 +1555,7 @@ int ksmbd_vfs_get_sd_xattr(struct ksmbd_conn *conn, struct dentry *dentry, }

rc = ksmbd_gen_sd_hash(conn, acl_ndr.data, acl_ndr.offset, - cmp_hash); + cmp_hash); if (rc) { ksmbd_err("failed to generate hash for ndr acl\n"); goto out; @@ -1587,7 +1587,7 @@ int ksmbd_vfs_get_sd_xattr(struct ksmbd_conn *conn, struct dentry *dentry, }

int ksmbd_vfs_set_dos_attrib_xattr(struct dentry *dentry, - struct xattr_dos_attrib *da) + struct xattr_dos_attrib *da) { struct ndr n; int err; @@ -1596,11 +1596,8 @@ int ksmbd_vfs_set_dos_attrib_xattr(struct dentry *dentry, if (err) return err;

- err = ksmbd_vfs_setxattr(dentry, - XATTR_NAME_DOS_ATTRIBUTE, - (void *)n.data, - n.offset, - 0); + err = ksmbd_vfs_setxattr(dentry, XATTR_NAME_DOS_ATTRIBUTE, + (void *)n.data, n.offset, 0); if (err) ksmbd_debug(SMB, "failed to store dos attribute in xattr\n"); kfree(n.data); @@ -1609,14 +1606,13 @@ int ksmbd_vfs_set_dos_attrib_xattr(struct dentry *dentry, }

int ksmbd_vfs_get_dos_attrib_xattr(struct dentry *dentry, - struct xattr_dos_attrib *da) + struct xattr_dos_attrib *da) { struct ndr n; int err;

- err = ksmbd_vfs_getxattr(dentry, - XATTR_NAME_DOS_ATTRIBUTE, - (char **)&n.data); + err = ksmbd_vfs_getxattr(dentry, XATTR_NAME_DOS_ATTRIBUTE, + (char **)&n.data); if (err > 0) { n.length = err; if (ndr_decode_dos_attr(&n, da)) @@ -1648,7 +1644,7 @@ struct posix_acl *ksmbd_vfs_get_acl(struct inode *inode, int type) }

int ksmbd_vfs_set_posix_acl(struct inode *inode, int type, - struct posix_acl *acl) + struct posix_acl *acl) { #if IS_ENABLED(CONFIG_FS_POSIX_ACL) return set_posix_acl(&init_user_ns, inode, type, acl); @@ -1690,7 +1686,7 @@ void *ksmbd_vfs_init_kstat(char **p, struct ksmbd_kstat *ksmbd_kstat) }

int ksmbd_vfs_fill_dentry_attrs(struct ksmbd_work *work, struct dentry *dentry, - struct ksmbd_kstat *ksmbd_kstat) + struct ksmbd_kstat *ksmbd_kstat) { u64 time; int rc; @@ -1726,7 +1722,7 @@ int ksmbd_vfs_fill_dentry_attrs(struct ksmbd_work *work, struct dentry *dentry, }

ssize_t ksmbd_vfs_casexattr_len(struct dentry *dentry, char *attr_name, - int attr_name_len) + int attr_name_len) { char *name, *xattr_list = NULL; ssize_t value_len = -ENOENT, xattr_list_len; @@ -1751,7 +1747,7 @@ ssize_t ksmbd_vfs_casexattr_len(struct dentry *dentry, char *attr_name, }

int ksmbd_vfs_xattr_stream_name(char *stream_name, char **xattr_stream_name, - size_t *xattr_stream_name_size, int s_type) + size_t *xattr_stream_name_size, int s_type) { int stream_name_size; char *xattr_stream_name_buf; @@ -1767,18 +1763,15 @@ int ksmbd_vfs_xattr_stream_name(char *stream_name, char **xattr_stream_name, stream_name_size = strlen(stream_name); *xattr_stream_name_size = stream_name_size + XATTR_NAME_STREAM_LEN + 1; xattr_stream_name_buf = kmalloc(*xattr_stream_name_size + type_len, - GFP_KERNEL); + GFP_KERNEL); if (!xattr_stream_name_buf) return -ENOMEM;

- memcpy(xattr_stream_name_buf, - XATTR_NAME_STREAM, - XATTR_NAME_STREAM_LEN); + memcpy(xattr_stream_name_buf, XATTR_NAME_STREAM, XATTR_NAME_STREAM_LEN);

if (stream_name_size) { memcpy(&xattr_stream_name_buf[XATTR_NAME_STREAM_LEN], - stream_name, - stream_name_size); + stream_name, stream_name_size); } memcpy(&xattr_stream_name_buf[*xattr_stream_name_size - 1], type, type_len); *xattr_stream_name_size += type_len; @@ -1790,7 +1783,7 @@ int ksmbd_vfs_xattr_stream_name(char *stream_name, char **xattr_stream_name, }

int ksmbd_vfs_copy_file_range(struct file *file_in, loff_t pos_in, - struct file *file_out, loff_t pos_out, size_t len) + struct file *file_out, loff_t pos_out, size_t len) { struct inode *inode_in = file_inode(file_in); struct inode *inode_out = file_inode(file_out); @@ -1820,7 +1813,7 @@ int ksmbd_vfs_copy_file_range(struct file *file_in, loff_t pos_in, * in do_splice_direct */ ret = do_splice_direct(file_in, &pos_in, file_out, &pos_out, - len > MAX_RW_COUNT ? MAX_RW_COUNT : len, 0); + len > MAX_RW_COUNT ? MAX_RW_COUNT : len, 0); if (ret > 0) { fsnotify_access(file_in); add_rchar(current, ret); @@ -1836,10 +1829,13 @@ int ksmbd_vfs_copy_file_range(struct file *file_in, loff_t pos_in, }

int ksmbd_vfs_copy_file_ranges(struct ksmbd_work *work, - struct ksmbd_file *src_fp, struct ksmbd_file *dst_fp, - struct srv_copychunk *chunks, unsigned int chunk_count, - unsigned int *chunk_count_written, - unsigned int *chunk_size_written, loff_t *total_size_written) + struct ksmbd_file *src_fp, + struct ksmbd_file *dst_fp, + struct srv_copychunk *chunks, + unsigned int chunk_count, + unsigned int *chunk_count_written, + unsigned int *chunk_size_written, + loff_t *total_size_written) { unsigned int i; loff_t src_off, dst_off, src_file_size; @@ -1890,7 +1886,7 @@ int ksmbd_vfs_copy_file_ranges(struct ksmbd_work *work, return -E2BIG;

ret = ksmbd_vfs_copy_file_range(src_fp->filp, src_off, - dst_fp->filp, dst_off, len); + dst_fp->filp, dst_off, len); if (ret < 0) return ret;

@@ -1949,13 +1945,13 @@ int ksmbd_vfs_set_init_posix_acl(struct inode *inode) rc = ksmbd_vfs_set_posix_acl(inode, ACL_TYPE_ACCESS, acls); if (rc < 0) ksmbd_debug(SMB, "Set posix acl(ACL_TYPE_ACCESS) failed, rc : %d\n", - rc); + rc); else if (S_ISDIR(inode->i_mode)) { posix_state_to_acl(&acl_state, acls->a_entries); rc = ksmbd_vfs_set_posix_acl(inode, ACL_TYPE_DEFAULT, acls); if (rc < 0) ksmbd_debug(SMB, "Set posix acl(ACL_TYPE_DEFAULT) failed, rc : %d\n", - rc); + rc); } free_acl_state(&acl_state); posix_acl_release(acls); @@ -1983,12 +1979,12 @@ int ksmbd_vfs_inherit_posix_acl(struct inode *inode, struct inode *parent_inode) rc = ksmbd_vfs_set_posix_acl(inode, ACL_TYPE_ACCESS, acls); if (rc < 0) ksmbd_debug(SMB, "Set posix acl(ACL_TYPE_ACCESS) failed, rc : %d\n", - rc); + rc); if (S_ISDIR(inode->i_mode)) { rc = ksmbd_vfs_set_posix_acl(inode, ACL_TYPE_DEFAULT, acls); if (rc < 0) ksmbd_debug(SMB, "Set posix acl(ACL_TYPE_DEFAULT) failed, rc : %d\n", - rc); + rc); } posix_acl_release(acls); return rc; diff --git a/fs/cifsd/vfs.h b/fs/cifsd/vfs.h index 2d19e2bac33a..5db1e9e2a754 100644 --- a/fs/cifsd/vfs.h +++ b/fs/cifsd/vfs.h @@ -191,84 +191,85 @@ struct ksmbd_fs_sector_size { };

int ksmbd_vfs_inode_permission(struct dentry *dentry, int acc_mode, - bool delete); + bool delete); int ksmbd_vfs_query_maximal_access(struct dentry *dentry, __le32 *daccess); int ksmbd_vfs_create(struct ksmbd_work *work, const char *name, umode_t mode); int ksmbd_vfs_mkdir(struct ksmbd_work *work, const char *name, umode_t mode); int ksmbd_vfs_read(struct ksmbd_work *work, struct ksmbd_file *fp, - size_t count, loff_t *pos); + size_t count, loff_t *pos); int ksmbd_vfs_write(struct ksmbd_work *work, struct ksmbd_file *fp, - char *buf, size_t count, loff_t *pos, bool sync, - ssize_t *written); + char *buf, size_t count, loff_t *pos, bool sync, + ssize_t *written); int ksmbd_vfs_fsync(struct ksmbd_work *work, u64 fid, u64 p_id); int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name); int ksmbd_vfs_link(struct ksmbd_work *work, - const char *oldname, const char *newname); + const char *oldname, const char *newname); int ksmbd_vfs_getattr(struct path *path, struct kstat *stat); - int ksmbd_vfs_fp_rename(struct ksmbd_work *work, struct ksmbd_file *fp, - char *newname); - + char *newname); int ksmbd_vfs_truncate(struct ksmbd_work *work, const char *name, - struct ksmbd_file *fp, loff_t size); - + struct ksmbd_file *fp, loff_t size); struct srv_copychunk; int ksmbd_vfs_copy_file_ranges(struct ksmbd_work *work, - struct ksmbd_file *src_fp, struct ksmbd_file *dst_fp, - struct srv_copychunk *chunks, unsigned int chunk_count, - unsigned int *chunk_count_written, - unsigned int *chunk_size_written, loff_t *total_size_written); + struct ksmbd_file *src_fp, + struct ksmbd_file *dst_fp, + struct srv_copychunk *chunks, + unsigned int chunk_count, + unsigned int *chunk_count_written, + unsigned int *chunk_size_written, + loff_t *total_size_written); int ksmbd_vfs_copy_file_range(struct file *file_in, loff_t pos_in, - struct file *file_out, loff_t pos_out, size_t len); + struct file *file_out, loff_t pos_out, + size_t len); ssize_t ksmbd_vfs_listxattr(struct dentry *dentry, char **list); ssize_t ksmbd_vfs_getxattr(struct dentry *dentry, char *xattr_name, - char **xattr_buf); + char **xattr_buf); ssize_t ksmbd_vfs_casexattr_len(struct dentry *dentry, char *attr_name, - int attr_name_len); + int attr_name_len); int ksmbd_vfs_setxattr(struct dentry *dentry, const char *attr_name, - const void *attr_value, size_t attr_size, int flags); + const void *attr_value, size_t attr_size, int flags); int ksmbd_vfs_xattr_stream_name(char *stream_name, char **xattr_stream_name, - size_t *xattr_stream_name_size, int s_type); + size_t *xattr_stream_name_size, int s_type); int ksmbd_vfs_remove_xattr(struct dentry *dentry, char *attr_name); int ksmbd_vfs_kern_path(char *name, unsigned int flags, struct path *path, - bool caseless); + bool caseless); int ksmbd_vfs_empty_dir(struct ksmbd_file *fp); void ksmbd_vfs_set_fadvise(struct file *filp, __le32 option); int ksmbd_vfs_lock(struct file *filp, int cmd, struct file_lock *flock); int ksmbd_vfs_readdir(struct file *file, struct ksmbd_readdir_data *rdata); int ksmbd_vfs_alloc_size(struct ksmbd_work *work, struct ksmbd_file *fp, - loff_t len); + loff_t len); int ksmbd_vfs_zero_data(struct ksmbd_work *work, struct ksmbd_file *fp, - loff_t off, loff_t len); + loff_t off, loff_t len); struct file_allocated_range_buffer; int ksmbd_vfs_fqar_lseek(struct ksmbd_file *fp, loff_t start, loff_t length, - struct file_allocated_range_buffer *ranges, - int in_count, int *out_count); + struct file_allocated_range_buffer *ranges, + int in_count, int *out_count); int ksmbd_vfs_unlink(struct dentry *dir, struct dentry *dentry); unsigned short ksmbd_vfs_logical_sector_size(struct inode *inode); void ksmbd_vfs_smb2_sector_size(struct inode *inode, - struct ksmbd_fs_sector_size *fs_ss); + struct ksmbd_fs_sector_size *fs_ss); void *ksmbd_vfs_init_kstat(char **p, struct ksmbd_kstat *ksmbd_kstat); int ksmbd_vfs_fill_dentry_attrs(struct ksmbd_work *work, struct dentry *dentry, - struct ksmbd_kstat *ksmbd_kstat); + struct ksmbd_kstat *ksmbd_kstat); int ksmbd_vfs_posix_lock_wait(struct file_lock *flock); int ksmbd_vfs_posix_lock_wait_timeout(struct file_lock *flock, long timeout); void ksmbd_vfs_posix_lock_unblock(struct file_lock *flock); int ksmbd_vfs_remove_acl_xattrs(struct dentry *dentry); int ksmbd_vfs_remove_sd_xattrs(struct dentry *dentry); int ksmbd_vfs_set_sd_xattr(struct ksmbd_conn *conn, struct dentry *dentry, - struct smb_ntsd *pntsd, int len); + struct smb_ntsd *pntsd, int len); int ksmbd_vfs_get_sd_xattr(struct ksmbd_conn *conn, struct dentry *dentry, - struct smb_ntsd **pntsd); + struct smb_ntsd **pntsd); int ksmbd_vfs_set_dos_attrib_xattr(struct dentry *dentry, - struct xattr_dos_attrib *da); + struct xattr_dos_attrib *da); int ksmbd_vfs_get_dos_attrib_xattr(struct dentry *dentry, - struct xattr_dos_attrib *da); + struct xattr_dos_attrib *da); struct posix_acl *ksmbd_vfs_posix_acl_alloc(int count, gfp_t flags); struct posix_acl *ksmbd_vfs_get_acl(struct inode *inode, int type); int ksmbd_vfs_set_posix_acl(struct inode *inode, int type, - struct posix_acl *acl); + struct posix_acl *acl); int ksmbd_vfs_set_init_posix_acl(struct inode *inode); int ksmbd_vfs_inherit_posix_acl(struct inode *inode, - struct inode *parent_inode); + struct inode *parent_inode); #endif /* __KSMBD_VFS_H__ */ diff --git a/fs/cifsd/vfs_cache.c b/fs/cifsd/vfs_cache.c index 3286e74e2a56..6ea09fe82814 100644 --- a/fs/cifsd/vfs_cache.c +++ b/fs/cifsd/vfs_cache.c @@ -255,7 +255,7 @@ static void __ksmbd_inode_close(struct ksmbd_file *fp) fp->stream.name); if (err) ksmbd_err("remove xattr failed : %s\n", - fp->stream.name); + fp->stream.name); }

if (atomic_dec_and_test(&ci->m_count)) { @@ -326,7 +326,7 @@ static struct ksmbd_file *ksmbd_fp_get(struct ksmbd_file *fp) }

static struct ksmbd_file *__ksmbd_lookup_fd(struct ksmbd_file_table *ft, - unsigned int id) + unsigned int id) { struct ksmbd_file *fp;

@@ -350,7 +350,7 @@ static void set_close_state_blocked_works(struct ksmbd_file *fp)

spin_lock(&fp->f_lock); list_for_each_entry_safe(cancel_work, ctmp, &fp->blocked_works, - fp_entry) { + fp_entry) { list_del(&cancel_work->fp_entry); cancel_work->state = KSMBD_WORK_CLOSED; cancel_work->cancel_fn(cancel_work->cancel_argv); @@ -420,7 +420,7 @@ struct ksmbd_file *ksmbd_lookup_fd_fast(struct ksmbd_work *work, unsigned int id }

struct ksmbd_file *ksmbd_lookup_fd_slow(struct ksmbd_work *work, unsigned int id, - unsigned int pid) + unsigned int pid) { struct ksmbd_file *fp;

@@ -577,8 +577,10 @@ struct ksmbd_file *ksmbd_open_fd(struct ksmbd_work *work, struct file *filp) }

static int -__close_file_table_ids(struct ksmbd_file_table *ft, struct ksmbd_tree_connect *tcon, - bool (*skip)(struct ksmbd_tree_connect *tcon, struct ksmbd_file *fp)) +__close_file_table_ids(struct ksmbd_file_table *ft, + struct ksmbd_tree_connect *tcon, + bool (*skip)(struct ksmbd_tree_connect *tcon, + struct ksmbd_file *fp)) { unsigned int id; struct ksmbd_file *fp; diff --git a/fs/cifsd/vfs_cache.h b/fs/cifsd/vfs_cache.h index 5638641dd0cf..823fcb257a42 100644 --- a/fs/cifsd/vfs_cache.h +++ b/fs/cifsd/vfs_cache.h @@ -149,7 +149,7 @@ int ksmbd_close_fd(struct ksmbd_work *work, unsigned int id); struct ksmbd_file *ksmbd_lookup_fd_fast(struct ksmbd_work *work, unsigned int id); struct ksmbd_file *ksmbd_lookup_foreign_fd(struct ksmbd_work *work, unsigned int id); struct ksmbd_file *ksmbd_lookup_fd_slow(struct ksmbd_work *work, unsigned int id, - unsigned int pid); + unsigned int pid); void ksmbd_fd_put(struct ksmbd_work *work, struct ksmbd_file *fp); struct ksmbd_file *ksmbd_lookup_durable_fd(unsigned long long id); struct ksmbd_file *ksmbd_lookup_fd_cguid(char *cguid);

From patchwork Mon Nov 14 12:50:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183192 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:57 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:57 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:56 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 095/308] cifsd: remove unnecessary parentheses around Date: Mon, 14 Nov 2022 20:50:04 +0800 Message-ID: 20221114125337.1831594-96-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: cd8aabf0-f149-401e-e5a4-08dac63c5be4 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7059632 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit c986ed981ae6a622a453c533389994b6aed6359b category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/c986ed981ae6

-------------------------------

Fix warnings from checkpatch.pl --strict :

CHECK: Unnecessary parentheses around 'brk_op->o_lease->new_state == SMB2_LEASE_NONE_LE' #1511: FILE: oplock.c:1511: + if (brk_op->is_lease && + (brk_op->o_lease->new_state == SMB2_LEASE_NONE_LE) && + atomic_read(&brk_op->breaking_cnt))

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/oplock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/cifsd/oplock.c b/fs/cifsd/oplock.c index 56c68e9cb7ff..f76de7861e7b 100644 --- a/fs/cifsd/oplock.c +++ b/fs/cifsd/oplock.c @@ -1262,7 +1262,7 @@ void smb_break_all_levII_oplock(struct ksmbd_work *work, struct ksmbd_file *fp,

/* Skip oplock being break to none */ if (brk_op->is_lease && - (brk_op->o_lease->new_state == SMB2_LEASE_NONE_LE) && + brk_op->o_lease->new_state == SMB2_LEASE_NONE_LE && atomic_read(&brk_op->breaking_cnt)) goto next;

From patchwork Mon Nov 14 12:50:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183193 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:57 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:57 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:57 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 096/308] cifsd: Prefer kernel type 'u16' over 'uint16_t' Date: Mon, 14 Nov 2022 20:50:05 +0800 Message-ID: 20221114125337.1831594-97-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 08b78a66-3a01-4957-cdea-08dac63c5c2e X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7374899 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit fc2d1b58c4f2c7240093d738ca99cfcf7a8b3107 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/fc2d1b58c4f2

-------------------------------

Fix a warning from checkpatch.pl --strict:

CHECK: Prefer kernel type 'u16' over 'uint16_t' #112: FILE: server.c:112: + uint16_t command;

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/server.c | 4 ++-- fs/cifsd/smb2pdu.c | 2 +- fs/cifsd/smb_common.h | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/fs/cifsd/server.c b/fs/cifsd/server.c index 87838f76a348..a71fafa176b3 100644 --- a/fs/cifsd/server.c +++ b/fs/cifsd/server.c @@ -106,10 +106,10 @@ static inline int check_conn_state(struct ksmbd_work *work) #define TCP_HANDLER_ABORT 1

static int __process_request(struct ksmbd_work *work, struct ksmbd_conn *conn, - uint16_t *cmd) + u16 *cmd) { struct smb_version_cmds *cmds; - uint16_t command; + u16 command; int ret;

if (check_conn_state(work)) diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 84b243b3895a..212cdffd27bc 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -193,7 +193,7 @@ int is_smb2_rsp(struct ksmbd_work *work) * * Return: smb2 request command value */ -uint16_t get_smb2_cmd_val(struct ksmbd_work *work) +u16 get_smb2_cmd_val(struct ksmbd_work *work) { struct smb2_hdr *rcv_hdr;

diff --git a/fs/cifsd/smb_common.h b/fs/cifsd/smb_common.h index 2d7b1c693ff4..6e7404b8db96 100644 --- a/fs/cifsd/smb_common.h +++ b/fs/cifsd/smb_common.h @@ -469,7 +469,7 @@ struct filesystem_posix_info { } __packed;

struct smb_version_ops { - uint16_t (*get_cmd_val)(struct ksmbd_work *swork); + u16 (*get_cmd_val)(struct ksmbd_work *swork); int (*init_rsp_hdr)(struct ksmbd_work *swork); void (*set_rsp_status)(struct ksmbd_work *swork, __le32 err); int (*allocate_rsp_buf)(struct ksmbd_work *work);

From patchwork Mon Nov 14 12:50:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183194 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:58 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:58 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:57 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 097/308] cifsd: lookup a file with LOOKUP_FOLLOW only if 'follow symlinks = yes' Date: Mon, 14 Nov 2022 20:50:06 +0800 Message-ID: 20221114125337.1831594-98-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: f9ff9ffe-defe-46a0-86ab-08dac63c5c77 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6873815 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit a6a5fa77805b291afc90291a6ae705b1759b9735 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/a6a5fa77805b

-------------------------------

Some vfs help functions lookup a file with LOOKUP_FOLLOW regardless of the "follow symlinks" option.

Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 6 +++++- fs/cifsd/vfs.c | 24 ++++++++++++++++++++---- 2 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 212cdffd27bc..f68e2638d629 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -4583,8 +4583,12 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work, struct path path; int rc = 0, len; int fs_infoclass_size = 0; + int lookup_flags = 0;

- rc = ksmbd_vfs_kern_path(share->path, LOOKUP_FOLLOW, &path, 0); + if (test_share_config_flag(share, KSMBD_SHARE_FLAG_FOLLOW_SYMLINKS)) + lookup_flags = LOOKUP_FOLLOW; + + rc = ksmbd_vfs_kern_path(share->path, lookup_flags, &path, 0); if (rc) { ksmbd_err("cannot create vfs path\n"); return -EIO; diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index 355e1a5a893b..291953eff5fa 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -572,11 +572,16 @@ int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name) struct path path; struct dentry *dentry, *parent; int err; + int flags = 0;

if (ksmbd_override_fsids(work)) return -ENOMEM;

- err = kern_path(name, LOOKUP_FOLLOW, &path); + if (test_share_config_flag(work->tcon->share_conf, + KSMBD_SHARE_FLAG_FOLLOW_SYMLINKS)) + flags = LOOKUP_FOLLOW; + + err = kern_path(name, flags, &path); if (err) { ksmbd_debug(VFS, "can't get %s, err %d\n", name, err); ksmbd_revert_fsids(work); @@ -634,11 +639,16 @@ int ksmbd_vfs_link(struct ksmbd_work *work, const char *oldname, struct path oldpath, newpath; struct dentry *dentry; int err; + int flags = 0;

if (ksmbd_override_fsids(work)) return -ENOMEM;

- err = kern_path(oldname, LOOKUP_FOLLOW, &oldpath); + if (test_share_config_flag(work->tcon->share_conf, + KSMBD_SHARE_FLAG_FOLLOW_SYMLINKS)) + flags = LOOKUP_FOLLOW; + + err = kern_path(oldname, flags, &oldpath); if (err) { ksmbd_err("cannot get linux path for %s, err = %d\n", oldname, err); @@ -646,7 +656,7 @@ int ksmbd_vfs_link(struct ksmbd_work *work, const char *oldname, }

dentry = kern_path_create(AT_FDCWD, newname, &newpath, - LOOKUP_FOLLOW | LOOKUP_REVAL); + flags | LOOKUP_REVAL); if (IS_ERR(dentry)) { err = PTR_ERR(dentry); ksmbd_err("path create err for %s, err %d\n", newname, err); @@ -749,6 +759,7 @@ int ksmbd_vfs_fp_rename(struct ksmbd_work *work, struct ksmbd_file *fp, struct dentry *src_dent, *trap_dent, *src_child; char *dst_name; int err; + int flags;

dst_name = extract_last_component(newname); if (!dst_name) @@ -757,7 +768,12 @@ int ksmbd_vfs_fp_rename(struct ksmbd_work *work, struct ksmbd_file *fp, src_dent_parent = dget_parent(fp->filp->f_path.dentry); src_dent = fp->filp->f_path.dentry;

- err = kern_path(newname, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &dst_path); + flags = LOOKUP_DIRECTORY; + if (test_share_config_flag(work->tcon->share_conf, + KSMBD_SHARE_FLAG_FOLLOW_SYMLINKS)) + flags |= LOOKUP_FOLLOW; + + err = kern_path(newname, flags, &dst_path); if (err) { ksmbd_debug(VFS, "Cannot get path for %s [%d]\n", newname, err); goto out;

From patchwork Mon Nov 14 12:50:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183195 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:58 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:58 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:57 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 098/308] cifsd: fix Control flow issues in ksmbd_build_ntlmssp_challenge_blob() Date: Mon, 14 Nov 2022 20:50:07 +0800 Message-ID: 20221114125337.1831594-99-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: b5eb0e7d-dae6-43b8-a556-08dac63c5cbf X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7095314 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 152de8c68d13845592e8e511136842bcdb691063 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/152de8c68d13

-------------------------------

Fix a defect reported by Coverity Scan.

*** CID 1504970: Control flow issues (NO_EFFECT) /fs/cifsd/auth.c: 622 in ksmbd_build_ntlmssp_challenge_blob() 616 name = kmalloc(2 + UNICODE_LEN(len), GFP_KERNEL); 617 if (!name) 618 return -ENOMEM; 619 620 conv_len = smb_strtoUTF16((__le16 *)name, ksmbd_netbios_name(), len, 621 sess->conn->local_nls);

...

...

CID 1504970:  Control flow issues  (NO_EFFECT)
This less-than-zero comparison of an unsigned value is never true.

622 if (conv_len < 0 || conv_len > len) { 623 kfree(name); 624 return -EINVAL; 625 } 626 627 uni_len = UNICODE_LEN(conv_len);

Reported-by: Coverity Scan scan-admin@coverity.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/auth.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index 9b86cf4fd73f..5f47de49c05d 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -584,8 +584,8 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, struct target_info *tinfo; wchar_t *name; __u8 *target_name; - unsigned int len, flags, blob_off, blob_len, type, target_info_len = 0; - unsigned int uni_len, conv_len; + unsigned int flags, blob_off, blob_len, type, target_info_len = 0; + int len, uni_len, conv_len; int cflags = sess->ntlmssp.client_flags;

memcpy(chgblob->Signature, NTLMSSP_SIGNATURE, 8);

From patchwork Mon Nov 14 12:50:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183196 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:59 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:58 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:58 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 099/308] cifsd: enclose macro variables in parenthesis Date: Mon, 14 Nov 2022 20:50:08 +0800 Message-ID: 20221114125337.1831594-100-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: a214912b-7281-4cec-1121-08dac63c5d08 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6021188 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit 40c594b647660bf91bc95fe7c9358bff7f56cf2e category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/40c594b64766

-------------------------------

checkpatch.pl complains as the following:

CHECK: Macro argument 'fp' may be better as '(fp)' to avoid precedence issues.

Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/vfs_cache.h | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/fs/cifsd/vfs_cache.h b/fs/cifsd/vfs_cache.h index 823fcb257a42..635eedbd497c 100644 --- a/fs/cifsd/vfs_cache.h +++ b/fs/cifsd/vfs_cache.h @@ -25,14 +25,14 @@ #define KSMBD_NO_FID (UINT_MAX) #define SMB2_NO_FID (0xFFFFFFFFFFFFFFFFULL)

-#define FP_FILENAME(fp) fp->filp->f_path.dentry->d_name.name -#define FP_INODE(fp) d_inode(fp->filp->f_path.dentry) -#define PARENT_INODE(fp) d_inode(fp->filp->f_path.dentry->d_parent) - -#define ATTR_FP(fp) (fp->attrib_only && \ - (fp->cdoption != FILE_OVERWRITE_IF_LE && \ - fp->cdoption != FILE_OVERWRITE_LE && \ - fp->cdoption != FILE_SUPERSEDE_LE)) +#define FP_FILENAME(fp) ((fp)->filp->f_path.dentry->d_name.name) +#define FP_INODE(fp) d_inode((fp)->filp->f_path.dentry) +#define PARENT_INODE(fp) d_inode((fp)->filp->f_path.dentry->d_parent) + +#define ATTR_FP(fp) ((fp)->attrib_only && \ + ((fp)->cdoption != FILE_OVERWRITE_IF_LE && \ + (fp)->cdoption != FILE_OVERWRITE_LE && \ + (fp)->cdoption != FILE_SUPERSEDE_LE))

struct ksmbd_conn; struct ksmbd_session;

From patchwork Mon Nov 14 12:50:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183197 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:32:59 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:59 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:58 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 100/308] cifsd: make alignment match open parenthesis Date: Mon, 14 Nov 2022 20:50:09 +0800 Message-ID: 20221114125337.1831594-101-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 5dc90734-022a-45ec-a328-08dac63c5d50 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6975243 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit d7e5852b4deb121e2c929b2bb7440c5db3e2f90a category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/d7e5852b4deb

-------------------------------

checkpatch.pl complains as the following:

Alignment should match open parenthesis.

Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2ops.c | 2 +- fs/cifsd/smb2pdu.c | 2 +- fs/cifsd/smb2pdu.h | 4 ++-- fs/cifsd/smbacl.h | 15 ++++++++------- fs/cifsd/transport_ipc.h | 6 +++--- fs/cifsd/transport_tcp.c | 8 ++++---- fs/cifsd/vfs.c | 4 ++-- 7 files changed, 21 insertions(+), 20 deletions(-)

diff --git a/fs/cifsd/smb2ops.c b/fs/cifsd/smb2ops.c index 945bc6a78d3c..c47d60bce9d4 100644 --- a/fs/cifsd/smb2ops.c +++ b/fs/cifsd/smb2ops.c @@ -227,7 +227,7 @@ void init_smb3_0_server(struct ksmbd_conn *conn) conn->vals->capabilities |= SMB2_GLOBAL_CAP_LEASING;

if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION && - conn->cli_cap & SMB2_GLOBAL_CAP_ENCRYPTION) + conn->cli_cap & SMB2_GLOBAL_CAP_ENCRYPTION) conn->vals->capabilities |= SMB2_GLOBAL_CAP_ENCRYPTION; }

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index f68e2638d629..3e112fbdc2d9 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -560,7 +560,7 @@ int smb2_allocate_rsp_buf(struct ksmbd_work *work) sz = large_sz;

if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_TBUF && - work->set_trans_buf) + work->set_trans_buf) work->response_buf = ksmbd_find_buffer(sz); else work->response_buf = kvmalloc(sz, GFP_KERNEL | __GFP_ZERO); diff --git a/fs/cifsd/smb2pdu.h b/fs/cifsd/smb2pdu.h index 1a8da2122b75..b3d3365d7070 100644 --- a/fs/cifsd/smb2pdu.h +++ b/fs/cifsd/smb2pdu.h @@ -1623,10 +1623,10 @@ void smb2_set_sign_rsp(struct ksmbd_work *work); int smb3_check_sign_req(struct ksmbd_work *work); void smb3_set_sign_rsp(struct ksmbd_work *work); int find_matching_smb2_dialect(int start_index, __le16 *cli_dialects, - __le16 dialects_count); + __le16 dialects_count); struct file_lock *smb_flock_init(struct file *f); int setup_async_work(struct ksmbd_work *work, void (*fn)(void **), - void **arg); + void **arg); void smb2_send_interim_resp(struct ksmbd_work *work, __le32 status); struct channel *lookup_chann_list(struct ksmbd_session *sess); void smb3_preauth_hash_rsp(struct ksmbd_work *work); diff --git a/fs/cifsd/smbacl.h b/fs/cifsd/smbacl.h index 032b6a3ec6f4..fb5480f0aa89 100644 --- a/fs/cifsd/smbacl.h +++ b/fs/cifsd/smbacl.h @@ -180,22 +180,23 @@ struct posix_acl_state { };

int parse_sec_desc(struct smb_ntsd *pntsd, int acl_len, - struct smb_fattr *fattr); + struct smb_fattr *fattr); int build_sec_desc(struct smb_ntsd *pntsd, struct smb_ntsd *ppntsd, - int addition_info, __u32 *secdesclen, struct smb_fattr *fattr); + int addition_info, __u32 *secdesclen, + struct smb_fattr *fattr); int init_acl_state(struct posix_acl_state *state, int cnt); void free_acl_state(struct posix_acl_state *state); void posix_state_to_acl(struct posix_acl_state *state, - struct posix_acl_entry *pace); + struct posix_acl_entry *pace); int compare_sids(const struct smb_sid *ctsid, const struct smb_sid *cwsid); bool smb_inherit_flags(int flags, bool is_dir); int smb_inherit_dacl(struct ksmbd_conn *conn, struct dentry *dentry, - unsigned int uid, unsigned int gid); + unsigned int uid, unsigned int gid); int smb_check_perm_dacl(struct ksmbd_conn *conn, struct dentry *dentry, - __le32 *pdaccess, int uid); + __le32 *pdaccess, int uid); int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon, - struct dentry *dentry, struct smb_ntsd *pntsd, int ntsd_len, - bool type_check); + struct dentry *dentry, struct smb_ntsd *pntsd, int ntsd_len, + bool type_check); void id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid); void ksmbd_init_domain(u32 *sub_auth); #endif /* _SMBACL_H */ diff --git a/fs/cifsd/transport_ipc.h b/fs/cifsd/transport_ipc.h index 523b4df2c783..9eacc895ffdb 100644 --- a/fs/cifsd/transport_ipc.h +++ b/fs/cifsd/transport_ipc.h @@ -20,9 +20,9 @@ struct sockaddr;

struct ksmbd_tree_connect_response * ksmbd_ipc_tree_connect_request(struct ksmbd_session *sess, - struct ksmbd_share_config *share, - struct ksmbd_tree_connect *tree_conn, - struct sockaddr *peer_addr); + struct ksmbd_share_config *share, + struct ksmbd_tree_connect *tree_conn, + struct sockaddr *peer_addr); int ksmbd_ipc_tree_disconnect_request(unsigned long long session_id, unsigned long long connect_id); int ksmbd_ipc_logout_request(const char *account); diff --git a/fs/cifsd/transport_tcp.c b/fs/cifsd/transport_tcp.c index 5bd332a58596..d6d5c0038dea 100644 --- a/fs/cifsd/transport_tcp.c +++ b/fs/cifsd/transport_tcp.c @@ -423,10 +423,10 @@ static int create_socket(struct interface *iface) ksmbd_tcp_reuseaddr(ksmbd_socket);

ret = sock_setsockopt(ksmbd_socket, - SOL_SOCKET, - SO_BINDTODEVICE, - KERNEL_SOCKPTR(iface->name), - strlen(iface->name)); + SOL_SOCKET, + SO_BINDTODEVICE, + KERNEL_SOCKPTR(iface->name), + strlen(iface->name)); if (ret != -ENODEV && ret < 0) { ksmbd_err("Failed to set SO_BINDTODEVICE: %d\n", ret); goto out_error; diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index 291953eff5fa..cd037594f486 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -934,8 +934,8 @@ ssize_t ksmbd_vfs_getxattr(struct dentry *dentry, char *xattr_name, if (!buf) return -ENOMEM;

- xattr_len = vfs_getxattr(&init_user_ns, dentry, xattr_name, (void *)buf, - xattr_len); + xattr_len = vfs_getxattr(&init_user_ns, dentry, xattr_name, + (void *)buf, xattr_len); if (xattr_len > 0) *xattr_buf = buf; else

From patchwork Mon Nov 14 12:50:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183198 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:00 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:59 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:59 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 101/308] cifsd: fix memleak in ksmbd_vfs_stream_write() Date: Mon, 14 Nov 2022 20:50:10 +0800 Message-ID: 20221114125337.1831594-102-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 763a1acf-0e4a-48ab-5a78-08dac63c5d99 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7197834 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Yang Yingliang yangyingliang@huawei.com

mainline inclusion from mainline-5.15-rc1 commit 113ef68d47f5d36611c16a6ef4bd2a837aa344ab category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/113ef68d47f5

-------------------------------

Before assigning wbuf to stream_buf, memory allocate in ksmbd_vfs_getcasexattr() need be freed.

Signed-off-by: Yang Yingliang yangyingliang@huawei.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/vfs.c | 1 + 1 file changed, 1 insertion(+)

diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index cd037594f486..e70b67e41cd4 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -429,6 +429,7 @@ static int ksmbd_vfs_stream_write(struct ksmbd_file *fp, char *buf, loff_t *pos,

if (v_len > 0) memcpy(wbuf, stream_buf, v_len); + kvfree(stream_buf); stream_buf = wbuf; }

From patchwork Mon Nov 14 12:50:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183199 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:00 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:00 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:32:59 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 102/308] cifsd: fix memleak in ksmbd_vfs_stream_read() Date: Mon, 14 Nov 2022 20:50:11 +0800 Message-ID: 20221114125337.1831594-103-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: c543fa15-71f1-4349-1d3f-08dac63c5de3 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7080445 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Yang Yingliang yangyingliang@huawei.com

mainline inclusion from mainline-5.15-rc1 commit 673b9ba7a1404fa5beda936b8ad509b70a516b52 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/673b9ba7a140

-------------------------------

Before ksmbd_vfs_stream_read() return, memory allocate in ksmbd_vfs_getcasexattr() need be freed.

Signed-off-by: Yang Yingliang yangyingliang@huawei.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/vfs.c | 1 + 1 file changed, 1 insertion(+)

diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index e70b67e41cd4..85872416bf9b 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -290,6 +290,7 @@ static int ksmbd_vfs_stream_read(struct ksmbd_file *fp, char *buf, loff_t *pos, }

memcpy(buf, &stream_buf[*pos], count); + kvfree(stream_buf); return v_len > count ? count : v_len; }

From patchwork Mon Nov 14 12:50:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183200 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:01 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:00 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:00 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 103/308] cifsd: check return value of ksmbd_vfs_getcasexattr() correctly Date: Mon, 14 Nov 2022 20:50:12 +0800 Message-ID: 20221114125337.1831594-104-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 71188157-21f1-43cb-2c9a-08dac63c5e2d X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7023299 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Yang Yingliang yangyingliang@huawei.com

mainline inclusion from mainline-5.15-rc1 commit fd6de099d7fabc2b86f51dc622453eb279f7cce9 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/fd6de099d7fa

-------------------------------

If ksmbd_vfs_getcasexattr() returns -ENOMEM, stream_buf is NULL, it will cause null-ptr-deref when using it to copy memory. So we need check the return value of ksmbd_vfs_getcasexattr() by comparing with 0.

Signed-off-by: Yang Yingliang yangyingliang@huawei.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/vfs.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index 85872416bf9b..56b1091473b9 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -274,7 +274,6 @@ static int ksmbd_vfs_stream_read(struct ksmbd_file *fp, char *buf, loff_t *pos, { ssize_t v_len; char *stream_buf = NULL; - int err;

ksmbd_debug(VFS, "read stream data pos : %llu, count : %zd\n", *pos, count); @@ -283,11 +282,8 @@ static int ksmbd_vfs_stream_read(struct ksmbd_file *fp, char *buf, loff_t *pos, fp->stream.name, fp->stream.size, &stream_buf); - if (v_len == -ENOENT) { - ksmbd_err("not found stream in xattr : %zd\n", v_len); - err = -ENOENT; - return err; - } + if ((int)v_len <= 0) + return (int)v_len;

memcpy(buf, &stream_buf[*pos], count); kvfree(stream_buf); @@ -415,9 +411,9 @@ static int ksmbd_vfs_stream_write(struct ksmbd_file *fp, char *buf, loff_t *pos, fp->stream.name, fp->stream.size, &stream_buf); - if (v_len == -ENOENT) { + if ((int)v_len < 0) { ksmbd_err("not found stream in xattr : %zd\n", v_len); - err = -ENOENT; + err = (int)v_len; goto out; }

From patchwork Mon Nov 14 12:50:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183201 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:01 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:01 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:00 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 104/308] cifsd: fix potential read overflow in ksmbd_vfs_stream_read() Date: Mon, 14 Nov 2022 20:50:13 +0800 Message-ID: 20221114125337.1831594-105-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 39e76e5a-bb8c-405f-bf0b-08dac63c5e75 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7154502 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 2ae1a6cc43027d84e33819ac4376c5e5e11b4152 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/2ae1a6cc4302

-------------------------------

If *pos or *pos + count is greater than v_len, It will read beyond the stream_buf buffer. This patch add the check and cut down count with size of the buffer.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/vfs.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index 56b1091473b9..9111b485d611 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -285,9 +285,19 @@ static int ksmbd_vfs_stream_read(struct ksmbd_file *fp, char *buf, loff_t *pos, if ((int)v_len <= 0) return (int)v_len;

+ if (v_len <= *pos) { + count = -EINVAL; + goto free_buf; + } + + if (v_len - *pos < count) + count = v_len - *pos; + memcpy(buf, &stream_buf[*pos], count); + +free_buf: kvfree(stream_buf); - return v_len > count ? count : v_len; + return count; }

/**

From patchwork Mon Nov 14 12:50:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183202 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:02 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:01 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:01 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 105/308] cifsd: fix additional warnings from checkpatch.pl --strict Date: Mon, 14 Nov 2022 20:50:14 +0800 Message-ID: 20221114125337.1831594-106-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 4e566618-29dc-47cb-f42c-08dac63c5ebf X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7108502 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 97d7f3d3e0e719db42c4f413531e4e417fadf0c1 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/97d7f3d3e0e7

-------------------------------

Fix additional warnings from checkpatch.pl --strict.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/mgmt/share_config.c | 2 +- fs/cifsd/mgmt/share_config.h | 6 +++--- fs/cifsd/mgmt/tree_connect.c | 2 +- fs/cifsd/mgmt/user_session.h | 4 +--- 4 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/fs/cifsd/mgmt/share_config.c b/fs/cifsd/mgmt/share_config.c index 910d03516b73..bcc4ae4381b9 100644 --- a/fs/cifsd/mgmt/share_config.c +++ b/fs/cifsd/mgmt/share_config.c @@ -157,7 +157,7 @@ static struct ksmbd_share_config *share_config_request(char *name) ret = kern_path(share->path, 0, &share->vfs_path); if (ret) { ksmbd_debug(SMB, "failed to access '%s'\n", - share->path); + share->path); /* Avoid put_path() */ kfree(share->path); share->path = NULL; diff --git a/fs/cifsd/mgmt/share_config.h b/fs/cifsd/mgmt/share_config.h index 49ca89667991..953befc94e84 100644 --- a/fs/cifsd/mgmt/share_config.h +++ b/fs/cifsd/mgmt/share_config.h @@ -34,7 +34,7 @@ struct ksmbd_share_config { #define KSMBD_SHARE_INVALID_GID ((__u16)-1)

static inline int share_config_create_mode(struct ksmbd_share_config *share, - umode_t posix_mode) + umode_t posix_mode) { if (!share->force_create_mode) { if (!posix_mode) @@ -46,7 +46,7 @@ static inline int share_config_create_mode(struct ksmbd_share_config *share, }

static inline int share_config_directory_mode(struct ksmbd_share_config *share, - umode_t posix_mode) + umode_t posix_mode) { if (!share->force_directory_mode) { if (!posix_mode) @@ -64,7 +64,7 @@ static inline int test_share_config_flag(struct ksmbd_share_config *share, return share->flags & flag; }

-extern void __ksmbd_share_config_put(struct ksmbd_share_config *share); +void __ksmbd_share_config_put(struct ksmbd_share_config *share);

static inline void ksmbd_share_config_put(struct ksmbd_share_config *share) { diff --git a/fs/cifsd/mgmt/tree_connect.c b/fs/cifsd/mgmt/tree_connect.c index b9cd8fc46e5e..029a9e81e844 100644 --- a/fs/cifsd/mgmt/tree_connect.c +++ b/fs/cifsd/mgmt/tree_connect.c @@ -62,7 +62,7 @@ ksmbd_tree_conn_connect(struct ksmbd_session *sess, char *share_name) status.tree_conn = tree_conn;

ret = xa_err(xa_store(&sess->tree_conns, tree_conn->id, tree_conn, - GFP_KERNEL)); + GFP_KERNEL)); if (ret) { status.ret = -ENOMEM; goto out_error; diff --git a/fs/cifsd/mgmt/user_session.h b/fs/cifsd/mgmt/user_session.h index 1709563d718b..761bf4776cf1 100644 --- a/fs/cifsd/mgmt/user_session.h +++ b/fs/cifsd/mgmt/user_session.h @@ -12,7 +12,7 @@ #include "../smb_common.h" #include "../ntlmssp.h"

-#define CIFDS_SESSION_FLAG_SMB2 (1 << 1) +#define CIFDS_SESSION_FLAG_SMB2 BIT(1)

#define PREAUTH_HASHVALUE_SIZE 64

@@ -54,8 +54,6 @@ struct ksmbd_session { struct ida tree_conn_ida; struct list_head rpc_handle_list;

- - __u8 smb3encryptionkey[SMB3_ENC_DEC_KEY_SIZE]; __u8 smb3decryptionkey[SMB3_ENC_DEC_KEY_SIZE]; __u8 smb3signingkey[SMB3_SIGN_KEY_SIZE];

From patchwork Mon Nov 14 12:50:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183203 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:02 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:02 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:01 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 106/308] cifsd: fix list_add double add BUG_ON trap in setup_async_work() Date: Mon, 14 Nov 2022 20:50:15 +0800 Message-ID: 20221114125337.1831594-107-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: da7b2b30-6622-4110-452d-08dac63c5f09 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6879579 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 6c4e675ad3594526d6604a7d30f1defdd08a42e4 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/6c4e675ad359

-------------------------------

BUG_ON trap is coming when running xfstests generic/591 and smb2 leases = yes in smb.conf.

[ 597.224978] list_add double add: new=ffff9110d292bb20, prev=ffff9110d292bb20, next=ffff9110d6c389e8. [ 597.225073] ------------[ cut here ]------------ [ 597.225077] kernel BUG at lib/list_debug.c:31! [ 597.225090] invalid opcode: 0000 [#1] SMP PTI [ 597.225095] CPU: 2 PID: 501 Comm: kworker/2:3 Tainted: G OE 5.13.0-rc1+ #2 [ 597.225099] Hardware name: SAMSUNG ELECTRONICS CO., LTD. Samsung DeskTop System/SAMSUNG_DT1234567890, BIOS P04KBM.022.121023.SK 10/23/2012 [ 597.225102] Workqueue: ksmbd-io handle_ksmbd_work [ksmbd] [ 597.225125] RIP: 0010:__list_add_valid+0x66/0x70 [ 597.225132] Code: 0b 48 89 c1 4c 89 c6 48 c7 c7 c8 08 c0 95 e8 fd 54 66 00 0f 0b 48 89 f2 4c 89 c1 48 89 fe 48 c7 c7 20 09 c0 95 e8 e6 54 66 00 <0f> 0b 0f 1f 84 00 00 00 00 00 55 48 8b 07 48 b9 00 01 00 00 00 00 [ 597.225136] RSP: 0018:ffffb9c9408dbac0 EFLAGS: 00010282 [ 597.225139] RAX: 0000000000000058 RBX: ffff9110d292ba40 RCX: 0000000000000000 [ 597.225142] RDX: 0000000000000000 RSI: ffff9111da328c30 RDI: ffff9111da328c30 [ 597.225144] RBP: ffffb9c9408dbac0 R08: 0000000000000001 R09: 0000000000000001 [ 597.225147] R10: 0000000003dd35ed R11: ffffb9c9408db888 R12: ffff9110d6c38998 [ 597.225149] R13: ffff9110d6c38800 R14: ffff9110d292bb20 R15: ffff9110d292bb20 [ 597.225152] FS: 0000000000000000(0000) GS:ffff9111da300000(0000) knlGS:0000000000000000 [ 597.225155] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 597.225157] CR2: 00007fd1629f84d0 CR3: 00000000c9a12006 CR4: 00000000001706e0 [ 597.225160] Call Trace: [ 597.225163] setup_async_work+0xa2/0x120 [ksmbd] [ 597.225191] oplock_break+0x396/0x5d0 [ksmbd] [ 597.225206] smb_grant_oplock+0x7a1/0x900 [ksmbd] [ 597.225218] ? smb_grant_oplock+0x7a1/0x900 [ksmbd] [ 597.225231] smb2_open+0xbbb/0x2960 [ksmbd] [ 597.225243] ? smb2_open+0xbbb/0x2960 [ksmbd] [ 597.225257] ? find_held_lock+0x35/0xa0 [ 597.225261] ? xa_load+0xaf/0x160 [ 597.225268] handle_ksmbd_work+0x2e0/0x420 [ksmbd] [ 597.225280] ? handle_ksmbd_work+0x2e0/0x420 [ksmbd] [ 597.225292] process_one_work+0x25a/0x5d0 [ 597.225298] worker_thread+0x3f/0x3a0 [ 597.225302] ? __kthread_parkme+0x6f/0xa0 [ 597.225306] ? process_one_work+0x5d0/0x5d0 [ 597.225309] kthread+0x142/0x160 [ 597.225313] ? kthread_park+0x90/0x90 [ 597.225316] ret_from_fork+0x22/0x30

same work struct can be add to list in smb_break_all_write_oplock() and smb_grant_oplock(). If client send invalid lease break ack to server, This issue can occur by calling both functions.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 3e112fbdc2d9..5b92e00881bb 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -690,9 +690,11 @@ int setup_async_work(struct ksmbd_work *work, void (*fn)(void **), void **arg) work->cancel_fn = fn; work->cancel_argv = arg;

- spin_lock(&conn->request_lock); - list_add_tail(&work->async_request_entry, &conn->async_requests); - spin_unlock(&conn->request_lock); + if (list_empty(&work->async_request_entry)) { + spin_lock(&conn->request_lock); + list_add_tail(&work->async_request_entry, &conn->async_requests); + spin_unlock(&conn->request_lock); + }

return 0; }

From patchwork Mon Nov 14 12:50:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183204 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:02 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:02 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:02 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 107/308] cifsd: set epoch in smb2_lease_break response Date: Mon, 14 Nov 2022 20:50:16 +0800 Message-ID: 20221114125337.1831594-108-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: ad7ab8b8-3800-4d93-d5dc-08dac63c5f51 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7001781 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit ade62d8b429fe49325593785316bdee3cabaec44 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/ade62d8b429f

-------------------------------

When running generic/591 after smb2 leases is enable, all smb2 lease ack requests failed in ksmbd. because cifs client seems to support only smb2 v2 lease. So cifs doesn't update lease state in ack request if epoch is not set in smb2 lease break request from ksmbd. epoch is used for smb2 v2 leases. So this patch add smb2 create v2 lease context and set increased epoch in smb2 lease break response.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/oplock.c | 95 +++++++++++++++++++++++++++++++++------------- fs/cifsd/oplock.h | 15 +++++--- fs/cifsd/smb2ops.c | 6 +-- fs/cifsd/smb2pdu.h | 21 +++++++++- 4 files changed, 102 insertions(+), 35 deletions(-)

diff --git a/fs/cifsd/oplock.c b/fs/cifsd/oplock.c index f76de7861e7b..5868cdca7187 100644 --- a/fs/cifsd/oplock.c +++ b/fs/cifsd/oplock.c @@ -102,6 +102,9 @@ static int alloc_lease(struct oplock_info *opinfo, struct lease_ctx_info *lctx) lease->new_state = 0; lease->flags = lctx->flags; lease->duration = lctx->duration; + memcpy(lease->parent_lease_key, lctx->parent_lease_key, SMB2_LEASE_KEY_SIZE); + lease->version = lctx->version; + lease->epoch = 0; INIT_LIST_HEAD(&opinfo->lease_entry); opinfo->o_lease = lease;

@@ -750,7 +753,7 @@ static void __smb2_lease_break_noti(struct work_struct *wk)

rsp = work->response_buf; rsp->StructureSize = cpu_to_le16(44); - rsp->Reserved = 0; + rsp->Epoch = br_info->epoch; rsp->Flags = 0;

if (br_info->curr_state & (SMB2_LEASE_WRITE_CACHING_LE | @@ -798,6 +801,10 @@ static int smb2_lease_break_noti(struct oplock_info *opinfo)

br_info->curr_state = lease->state; br_info->new_state = lease->new_state; + if (lease->version == 2) + br_info->epoch = cpu_to_le16(++lease->epoch); + else + br_info->epoch = 0; memcpy(br_info->lease_key, lease->lease_key, SMB2_LEASE_KEY_SIZE);

work->request_buf = (char *)br_info; @@ -1084,11 +1091,8 @@ int smb_grant_oplock(struct ksmbd_work *work, int req_op_level, u64 pid, __le32 prev_op_state = 0;

/* not support directory lease */ - if (S_ISDIR(file_inode(fp->filp)->i_mode)) { - if (lctx) - lctx->dlease = 1; + if (S_ISDIR(file_inode(fp->filp)->i_mode)) return 0; - }

opinfo = alloc_opinfo(work, pid, tid); if (!opinfo) @@ -1328,24 +1332,48 @@ __u8 smb2_map_lease_to_oplock(__le32 lease_state) */ void create_lease_buf(u8 *rbuf, struct lease *lease) { - struct create_lease *buf = (struct create_lease *)rbuf; char *LeaseKey = (char *)&lease->lease_key;

- memset(buf, 0, sizeof(struct create_lease)); - buf->lcontext.LeaseKeyLow = *((__le64 *)LeaseKey); - buf->lcontext.LeaseKeyHigh = *((__le64 *)(LeaseKey + 8)); - buf->lcontext.LeaseFlags = lease->flags; - buf->lcontext.LeaseState = lease->state; - buf->ccontext.DataOffset = cpu_to_le16(offsetof - (struct create_lease, lcontext)); - buf->ccontext.DataLength = cpu_to_le32(sizeof(struct lease_context)); - buf->ccontext.NameOffset = cpu_to_le16(offsetof + if (lease->version == 2) { + struct create_lease_v2 *buf = (struct create_lease_v2 *)rbuf; + char *ParentLeaseKey = (char *)&lease->parent_lease_key; + + memset(buf, 0, sizeof(struct create_lease_v2)); + buf->lcontext.LeaseKeyLow = *((__le64 *)LeaseKey); + buf->lcontext.LeaseKeyHigh = *((__le64 *)(LeaseKey + 8)); + buf->lcontext.LeaseFlags = lease->flags; + buf->lcontext.LeaseState = lease->state; + buf->lcontext.ParentLeaseKeyLow = *((__le64 *)ParentLeaseKey); + buf->lcontext.ParentLeaseKeyHigh = *((__le64 *)(ParentLeaseKey + 8)); + buf->ccontext.DataOffset = cpu_to_le16(offsetof + (struct create_lease_v2, lcontext)); + buf->ccontext.DataLength = cpu_to_le32(sizeof(struct lease_context_v2)); + buf->ccontext.NameOffset = cpu_to_le16(offsetof + (struct create_lease_v2, Name)); + buf->ccontext.NameLength = cpu_to_le16(4); + buf->Name[0] = 'R'; + buf->Name[1] = 'q'; + buf->Name[2] = 'L'; + buf->Name[3] = 's'; + } else { + struct create_lease *buf = (struct create_lease *)rbuf; + + memset(buf, 0, sizeof(struct create_lease)); + buf->lcontext.LeaseKeyLow = *((__le64 *)LeaseKey); + buf->lcontext.LeaseKeyHigh = *((__le64 *)(LeaseKey + 8)); + buf->lcontext.LeaseFlags = lease->flags; + buf->lcontext.LeaseState = lease->state; + buf->ccontext.DataOffset = cpu_to_le16(offsetof + (struct create_lease, lcontext)); + buf->ccontext.DataLength = cpu_to_le32(sizeof(struct lease_context)); + buf->ccontext.NameOffset = cpu_to_le16(offsetof (struct create_lease, Name)); - buf->ccontext.NameLength = cpu_to_le16(4); - buf->Name[0] = 'R'; - buf->Name[1] = 'q'; - buf->Name[2] = 'L'; - buf->Name[3] = 's'; + buf->ccontext.NameLength = cpu_to_le16(4); + buf->Name[0] = 'R'; + buf->Name[1] = 'q'; + buf->Name[2] = 'L'; + buf->Name[3] = 's'; + } }

/** @@ -1382,12 +1410,27 @@ struct lease_ctx_info *parse_lease_state(void *open_req) } while (next != 0);

if (found) { - struct create_lease *lc = (struct create_lease *)cc; - *((__le64 *)lreq->lease_key) = lc->lcontext.LeaseKeyLow; - *((__le64 *)(lreq->lease_key + 8)) = lc->lcontext.LeaseKeyHigh; - lreq->req_state = lc->lcontext.LeaseState; - lreq->flags = lc->lcontext.LeaseFlags; - lreq->duration = lc->lcontext.LeaseDuration; + if (sizeof(struct lease_context_v2) == le32_to_cpu(cc->DataLength)) { + struct create_lease_v2 *lc = (struct create_lease_v2 *)cc; + + *((__le64 *)lreq->lease_key) = lc->lcontext.LeaseKeyLow; + *((__le64 *)(lreq->lease_key + 8)) = lc->lcontext.LeaseKeyHigh; + lreq->req_state = lc->lcontext.LeaseState; + lreq->flags = lc->lcontext.LeaseFlags; + lreq->duration = lc->lcontext.LeaseDuration; + *((__le64 *)lreq->parent_lease_key) = lc->lcontext.ParentLeaseKeyLow; + *((__le64 *)(lreq->parent_lease_key + 8)) = lc->lcontext.ParentLeaseKeyHigh; + lreq->version = 2; + } else { + struct create_lease *lc = (struct create_lease *)cc; + + *((__le64 *)lreq->lease_key) = lc->lcontext.LeaseKeyLow; + *((__le64 *)(lreq->lease_key + 8)) = lc->lcontext.LeaseKeyHigh; + lreq->req_state = lc->lcontext.LeaseState; + lreq->flags = lc->lcontext.LeaseFlags; + lreq->duration = lc->lcontext.LeaseDuration; + lreq->version = 1; + } return lreq; }

diff --git a/fs/cifsd/oplock.h b/fs/cifsd/oplock.h index 0abd26123f6d..9fb7ea74e86c 100644 --- a/fs/cifsd/oplock.h +++ b/fs/cifsd/oplock.h @@ -37,11 +37,12 @@ #define SMB2_LEASE_KEY_SIZE 16

struct lease_ctx_info { - __u8 lease_key[SMB2_LEASE_KEY_SIZE]; - __le32 req_state; - __le32 flags; - __le64 duration; - int dlease; + __u8 lease_key[SMB2_LEASE_KEY_SIZE]; + __le32 req_state; + __le32 flags; + __le64 duration; + __u8 parent_lease_key[SMB2_LEASE_KEY_SIZE]; + int version; };

struct lease_table { @@ -57,6 +58,9 @@ struct lease { __le32 new_state; __le32 flags; __le64 duration; + __u8 parent_lease_key[SMB2_LEASE_KEY_SIZE]; + int version; + unsigned short epoch; struct lease_table *l_lb; };

@@ -86,6 +90,7 @@ struct oplock_info { struct lease_break_info { __le32 curr_state; __le32 new_state; + __le16 epoch; char lease_key[SMB2_LEASE_KEY_SIZE]; };

diff --git a/fs/cifsd/smb2ops.c b/fs/cifsd/smb2ops.c index c47d60bce9d4..8999c3faf4fc 100644 --- a/fs/cifsd/smb2ops.c +++ b/fs/cifsd/smb2ops.c @@ -57,7 +57,7 @@ static struct smb_version_values smb30_server_values = { .cap_unix = 0, .cap_nt_find = SMB2_NT_FIND, .cap_large_files = SMB2_LARGE_FILES, - .create_lease_size = sizeof(struct create_lease), + .create_lease_size = sizeof(struct create_lease_v2), .create_durable_size = sizeof(struct create_durable_rsp), .create_durable_v2_size = sizeof(struct create_durable_v2_rsp), .create_mxac_size = sizeof(struct create_mxac_rsp), @@ -83,7 +83,7 @@ static struct smb_version_values smb302_server_values = { .cap_unix = 0, .cap_nt_find = SMB2_NT_FIND, .cap_large_files = SMB2_LARGE_FILES, - .create_lease_size = sizeof(struct create_lease), + .create_lease_size = sizeof(struct create_lease_v2), .create_durable_size = sizeof(struct create_durable_rsp), .create_durable_v2_size = sizeof(struct create_durable_v2_rsp), .create_mxac_size = sizeof(struct create_mxac_rsp), @@ -109,7 +109,7 @@ static struct smb_version_values smb311_server_values = { .cap_unix = 0, .cap_nt_find = SMB2_NT_FIND, .cap_large_files = SMB2_LARGE_FILES, - .create_lease_size = sizeof(struct create_lease), + .create_lease_size = sizeof(struct create_lease_v2), .create_durable_size = sizeof(struct create_durable_rsp), .create_durable_v2_size = sizeof(struct create_durable_v2_rsp), .create_mxac_size = sizeof(struct create_mxac_rsp), diff --git a/fs/cifsd/smb2pdu.h b/fs/cifsd/smb2pdu.h index b3d3365d7070..0d5349e75dd9 100644 --- a/fs/cifsd/smb2pdu.h +++ b/fs/cifsd/smb2pdu.h @@ -735,12 +735,31 @@ struct lease_context { __le64 LeaseDuration; } __packed;

+struct lease_context_v2 { + __le64 LeaseKeyLow; + __le64 LeaseKeyHigh; + __le32 LeaseState; + __le32 LeaseFlags; + __le64 LeaseDuration; + __le64 ParentLeaseKeyLow; + __le64 ParentLeaseKeyHigh; + __le16 Epoch; + __le16 Reserved; +} __packed; + struct create_lease { struct create_context ccontext; __u8 Name[8]; struct lease_context lcontext; } __packed;

+struct create_lease_v2 { + struct create_context ccontext; + __u8 Name[8]; + struct lease_context_v2 lcontext; + __u8 Pad[4]; +} __packed; + /* Currently defined values for close flags */ #define SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB cpu_to_le16(0x0001) struct smb2_close_req { @@ -1249,7 +1268,7 @@ struct smb2_oplock_break { struct smb2_lease_break { struct smb2_hdr hdr; __le16 StructureSize; /* Must be 44 */ - __le16 Reserved; + __le16 Epoch; __le32 Flags; __u8 LeaseKey[16]; __le32 CurrentLeaseState;

From patchwork Mon Nov 14 12:50:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183205 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:03 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:03 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:02 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 108/308] cifsd: remove duplicated argument Date: Mon, 14 Nov 2022 20:50:17 +0800 Message-ID: 20221114125337.1831594-109-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: b1f515fc-c5c2-4059-b421-08dac63c5f9a X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6922287 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Wan Jiabing wanjiabing@vivo.com

mainline inclusion from mainline-5.15-rc1 commit 3aefd54da5ec6e7ec1f1e682007f5819c99d8588 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/3aefd54da5ec

-------------------------------

Fix the following coccicheck warning: ./fs/cifsd/smb2pdu.c:1713:27-41: duplicated argument to & or |

FILE_DELETE_LE is duplicated. Remove one and reorder argument to make coding style reasonable.

Signed-off-by: Wan Jiabing wanjiabing@vivo.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 5b92e00881bb..ac15a9287310 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -1712,10 +1712,10 @@ int smb2_tree_connect(struct ksmbd_work *work) KSMBD_TREE_CONN_FLAG_WRITABLE)) { rsp->MaximalAccess |= FILE_WRITE_DATA_LE | FILE_APPEND_DATA_LE | FILE_WRITE_EA_LE | - FILE_DELETE_CHILD_LE | FILE_DELETE_LE | - FILE_WRITE_ATTRIBUTES_LE | FILE_DELETE_LE | - FILE_READ_CONTROL_LE | FILE_WRITE_DAC_LE | - FILE_WRITE_OWNER_LE | FILE_SYNCHRONIZE_LE; + FILE_DELETE_LE | FILE_WRITE_ATTRIBUTES_LE | + FILE_DELETE_CHILD_LE | FILE_READ_CONTROL_LE | + FILE_WRITE_DAC_LE | FILE_WRITE_OWNER_LE | + FILE_SYNCHRONIZE_LE; } }

From patchwork Mon Nov 14 12:50:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183206 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:03 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:03 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:03 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 109/308] cifsd: append ksmbd prefix into names for asn1 decoder Date: Mon, 14 Nov 2022 20:50:18 +0800 Message-ID: 20221114125337.1831594-110-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: fe9a06e0-f525-48e3-2a7b-08dac63c5fe4 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7173989 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit 99f45259fe121a10881f486e075019260f403b6a category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/99f45259fe12

-------------------------------

Because functions and variables generated from ASN1 compiler aren't static, append ksmbd prefix into thoses to avoid link errors.

Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/asn1.c | 27 ++++++------ fs/cifsd/ksmbd_spnego_negtokeninit.asn1 | 31 +++++++++++++ ...rg.asn1 => ksmbd_spnego_negtokentarg.asn1} | 2 +- fs/cifsd/spnego_negtokeninit.asn1 | 43 ------------------- 4 files changed, 47 insertions(+), 56 deletions(-) create mode 100644 fs/cifsd/ksmbd_spnego_negtokeninit.asn1 rename fs/cifsd/{spnego_negtokentarg.asn1 => ksmbd_spnego_negtokentarg.asn1} (80%) delete mode 100644 fs/cifsd/spnego_negtokeninit.asn1

diff --git a/fs/cifsd/asn1.c b/fs/cifsd/asn1.c index 1be3072fee1a..2c63a3e5618b 100644 --- a/fs/cifsd/asn1.c +++ b/fs/cifsd/asn1.c @@ -18,8 +18,8 @@ #include "asn1.h" #include "connection.h" #include "auth.h" -#include "spnego_negtokeninit.asn1.h" -#include "spnego_negtokentarg.asn1.h" +#include "ksmbd_spnego_negtokeninit.asn1.h" +#include "ksmbd_spnego_negtokentarg.asn1.h"

#define SPNEGO_OID_LEN 7 #define NTLMSSP_OID_LEN 10 @@ -119,7 +119,7 @@ int ksmbd_decode_negTokenInit(unsigned char *security_blob, int length, struct ksmbd_conn *conn) { - return asn1_ber_decoder(&spnego_negtokeninit_decoder, conn, + return asn1_ber_decoder(&ksmbd_spnego_negtokeninit_decoder, conn, security_blob, length); }

@@ -127,7 +127,7 @@ int ksmbd_decode_negTokenTarg(unsigned char *security_blob, int length, struct ksmbd_conn *conn) { - return asn1_ber_decoder(&spnego_negtokentarg_decoder, conn, + return asn1_ber_decoder(&ksmbd_spnego_negtokentarg_decoder, conn, security_blob, length); }

@@ -248,8 +248,8 @@ int build_spnego_ntlmssp_auth_blob(unsigned char **pbuffer, u16 *buflen, return 0; }

-int gssapi_this_mech(void *context, size_t hdrlen, unsigned char tag, - const void *value, size_t vlen) +int ksmbd_gssapi_this_mech(void *context, size_t hdrlen, unsigned char tag, + const void *value, size_t vlen) { unsigned long *oid; size_t oidlen; @@ -273,8 +273,9 @@ int gssapi_this_mech(void *context, size_t hdrlen, unsigned char tag, return err; }

-int neg_token_init_mech_type(void *context, size_t hdrlen, unsigned char tag, - const void *value, size_t vlen) +int ksmbd_neg_token_init_mech_type(void *context, size_t hdrlen, + unsigned char tag, const void *value, + size_t vlen) { struct ksmbd_conn *conn = context; unsigned long *oid; @@ -310,8 +311,9 @@ int neg_token_init_mech_type(void *context, size_t hdrlen, unsigned char tag, return -EBADMSG; }

-int neg_token_init_mech_token(void *context, size_t hdrlen, unsigned char tag, - const void *value, size_t vlen) +int ksmbd_neg_token_init_mech_token(void *context, size_t hdrlen, + unsigned char tag, const void *value, + size_t vlen) { struct ksmbd_conn *conn = context;

@@ -324,8 +326,9 @@ int neg_token_init_mech_token(void *context, size_t hdrlen, unsigned char tag, return 0; }

-int neg_token_targ_resp_token(void *context, size_t hdrlen, unsigned char tag, - const void *value, size_t vlen) +int ksmbd_neg_token_targ_resp_token(void *context, size_t hdrlen, + unsigned char tag, const void *value, + size_t vlen) { struct ksmbd_conn *conn = context;

diff --git a/fs/cifsd/ksmbd_spnego_negtokeninit.asn1 b/fs/cifsd/ksmbd_spnego_negtokeninit.asn1 new file mode 100644 index 000000000000..0065f191b54b --- /dev/null +++ b/fs/cifsd/ksmbd_spnego_negtokeninit.asn1 @@ -0,0 +1,31 @@ +GSSAPI ::= + [APPLICATION 0] IMPLICIT SEQUENCE { + thisMech + OBJECT IDENTIFIER ({ksmbd_gssapi_this_mech}), + negotiationToken + NegotiationToken + } + +MechType ::= OBJECT IDENTIFIER ({ksmbd_neg_token_init_mech_type}) + +MechTypeList ::= SEQUENCE OF MechType + +NegTokenInit ::= + SEQUENCE { + mechTypes + [0] MechTypeList, + reqFlags + [1] BIT STRING OPTIONAL, + mechToken + [2] OCTET STRING OPTIONAL ({ksmbd_neg_token_init_mech_token}), + mechListMIC + [3] OCTET STRING OPTIONAL + } + +NegotiationToken ::= + CHOICE { + negTokenInit + [0] NegTokenInit, + negTokenTarg + [1] ANY + } diff --git a/fs/cifsd/spnego_negtokentarg.asn1 b/fs/cifsd/ksmbd_spnego_negtokentarg.asn1 similarity index 80% rename from fs/cifsd/spnego_negtokentarg.asn1 rename to fs/cifsd/ksmbd_spnego_negtokentarg.asn1 index 8324bcd1bbd7..1151933e7b9c 100644 --- a/fs/cifsd/spnego_negtokentarg.asn1 +++ b/fs/cifsd/ksmbd_spnego_negtokentarg.asn1 @@ -13,7 +13,7 @@ NegTokenTarg ::= supportedMech [1] OBJECT IDENTIFIER OPTIONAL, responseToken - [2] OCTET STRING OPTIONAL ({neg_token_targ_resp_token}), + [2] OCTET STRING OPTIONAL ({ksmbd_neg_token_targ_resp_token}), mechListMIC [3] OCTET STRING OPTIONAL } diff --git a/fs/cifsd/spnego_negtokeninit.asn1 b/fs/cifsd/spnego_negtokeninit.asn1 deleted file mode 100644 index 1b153cb6a39e..000000000000 --- a/fs/cifsd/spnego_negtokeninit.asn1 +++ /dev/null @@ -1,43 +0,0 @@ -GSSAPI ::= - [APPLICATION 0] IMPLICIT SEQUENCE { - thisMech - OBJECT IDENTIFIER ({gssapi_this_mech}), - negotiationToken - NegotiationToken - } - -MechType ::= OBJECT IDENTIFIER ({neg_token_init_mech_type}) - -MechTypeList ::= SEQUENCE OF MechType - -NegTokenInit ::= - SEQUENCE { - mechTypes - [0] MechTypeList, - reqFlags - [1] BIT STRING OPTIONAL, - mechToken - [2] OCTET STRING OPTIONAL ({neg_token_init_mech_token}), - mechListMIC - [3] OCTET STRING OPTIONAL - } - -NegTokenTarg ::= - SEQUENCE { - negResult - [0] ENUMERATED OPTIONAL, - supportedMech - [1] OBJECT IDENTIFIER OPTIONAL, - responseToken - [2] OCTET STRING OPTIONAL ({neg_token_targ_resp_token}), - mechListMIC - [3] OCTET STRING OPTIONAL - } - -NegotiationToken ::= - CHOICE { - negTokenInit - [0] NegTokenInit, - negTokenTarg - [1] ANY - }

From patchwork Mon Nov 14 12:50:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183207 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:04 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:04 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:03 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 110/308] ksmbd: fix kfree of uninitialized pointer oid Date: Mon, 14 Nov 2022 20:50:19 +0800 Message-ID: 20221114125337.1831594-111-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: ed5f9bb2-8ae9-4e99-a1d5-08dac63c602d X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6907132 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Colin Ian King colin.king@canonical.com

mainline inclusion from mainline-5.15-rc1 commit 5fb68864674faa3e0a4fc767c4a87f51ece218c6 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/5fb68864674f

-------------------------------

Currently function ksmbd_neg_token_init_mech_type can kfree an uninitialized pointer oid when the call to asn1_oid_decode fails when vlen is out of range. All the other failure cases in function asn1_oid_decode set *oid to NULL on an error, so fix the issue by ensuring the vlen out of range error also nullifies the pointer.

Addresses-Coverity: ("Uninitialized pointer read") Signed-off-by: Colin Ian King colin.king@canonical.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/asn1.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/cifsd/asn1.c b/fs/cifsd/asn1.c index 2c63a3e5618b..b014f4638610 100644 --- a/fs/cifsd/asn1.c +++ b/fs/cifsd/asn1.c @@ -66,7 +66,7 @@ static bool asn1_oid_decode(const unsigned char *value, size_t vlen,

vlen += 1; if (vlen < 2 || vlen > UINT_MAX / sizeof(unsigned long)) - return false; + goto fail_nullify;

*oid = kmalloc(vlen * sizeof(unsigned long), GFP_KERNEL); if (!*oid) @@ -102,6 +102,7 @@ static bool asn1_oid_decode(const unsigned char *value, size_t vlen,

fail: kfree(*oid); +fail_nullify: *oid = NULL; return false; }

From patchwork Mon Nov 14 12:50:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183208 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:04 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:04 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:04 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 111/308] ksmbd: add support for SMB3 multichannel Date: Mon, 14 Nov 2022 20:50:20 +0800 Message-ID: 20221114125337.1831594-112-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 7662d1f4-6c6a-465a-7f0d-08dac63c6076 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7189979 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit f5a544e3bab78142207e0242d22442db85ba1eff category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/f5a544e3bab7

-------------------------------

Add support for SMB3 multichannel. It will be enable by setting 'server multi channel support = yes' in smb.conf.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/auth.c | 30 +++++-- fs/cifsd/auth.h | 6 +- fs/cifsd/connection.h | 1 + fs/cifsd/ksmbd_server.h | 1 + fs/cifsd/mgmt/user_session.c | 49 ++++++++++- fs/cifsd/mgmt/user_session.h | 11 ++- fs/cifsd/smb2ops.c | 9 ++ fs/cifsd/smb2pdu.c | 165 ++++++++++++++++++++++++++--------- fs/cifsd/smb2pdu.h | 3 +- fs/cifsd/smb_common.h | 2 +- 10 files changed, 220 insertions(+), 57 deletions(-)

diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index 5f47de49c05d..1ba03a7c3201 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -921,13 +921,14 @@ static int generate_key(struct ksmbd_session *sess, struct kvec label, }

static int generate_smb3signingkey(struct ksmbd_session *sess, + struct ksmbd_conn *conn, const struct derivation *signing) { int rc; struct channel *chann; char *key;

- chann = lookup_chann_list(sess); + chann = lookup_chann_list(sess, conn); if (!chann) return 0;

@@ -953,7 +954,8 @@ static int generate_smb3signingkey(struct ksmbd_session *sess, return 0; }

-int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess) +int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess, + struct ksmbd_conn *conn) { struct derivation d;

@@ -961,22 +963,32 @@ int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess) d.label.iov_len = 12; d.context.iov_base = "SmbSign"; d.context.iov_len = 8; - d.binding = false; + d.binding = conn->binding;

- return generate_smb3signingkey(sess, &d); + return generate_smb3signingkey(sess, conn, &d); }

-int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess) +int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess, + struct ksmbd_conn *conn) { struct derivation d;

d.label.iov_base = "SMBSigningKey"; d.label.iov_len = 14; - d.context.iov_base = sess->Preauth_HashValue; + if (conn->binding) { + struct preauth_session *preauth_sess; + + preauth_sess = ksmbd_preauth_session_lookup(conn, sess->id); + if (!preauth_sess) + return -ENOENT; + d.context.iov_base = preauth_sess->Preauth_HashValue; + } else { + d.context.iov_base = sess->Preauth_HashValue; + } d.context.iov_len = 64; - d.binding = false; + d.binding = conn->binding;

- return generate_smb3signingkey(sess, &d); + return generate_smb3signingkey(sess, conn, &d); }

struct derivation_twin { @@ -1148,7 +1160,7 @@ static int ksmbd_get_encryption_key(struct ksmbd_conn *conn, __u64 ses_id, struct ksmbd_session *sess; u8 *ses_enc_key;

- sess = ksmbd_session_lookup(conn, ses_id); + sess = ksmbd_session_lookup_all(conn, ses_id); if (!sess) return -EINVAL;

diff --git a/fs/cifsd/auth.h b/fs/cifsd/auth.h index 650bd7dd6750..9c2d4badd05d 100644 --- a/fs/cifsd/auth.h +++ b/fs/cifsd/auth.h @@ -54,8 +54,10 @@ int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov, int n_vec, char *sig); int ksmbd_sign_smb3_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov, int n_vec, char *sig); -int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess); -int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess); +int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess, + struct ksmbd_conn *conn); +int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess, + struct ksmbd_conn *conn); int ksmbd_gen_smb30_encryptionkey(struct ksmbd_session *sess); int ksmbd_gen_smb311_encryptionkey(struct ksmbd_session *sess); int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf, diff --git a/fs/cifsd/connection.h b/fs/cifsd/connection.h index 1658442b27b0..98108b41f739 100644 --- a/fs/cifsd/connection.h +++ b/fs/cifsd/connection.h @@ -106,6 +106,7 @@ struct ksmbd_conn { __le16 cipher_type; __le16 compress_algorithm; bool posix_ext_supported; + bool binding; };

struct ksmbd_conn_ops { diff --git a/fs/cifsd/ksmbd_server.h b/fs/cifsd/ksmbd_server.h index 442077a1e77b..5ae3fe91bfb4 100644 --- a/fs/cifsd/ksmbd_server.h +++ b/fs/cifsd/ksmbd_server.h @@ -33,6 +33,7 @@ struct ksmbd_heartbeat { #define KSMBD_GLOBAL_FLAG_CACHE_TBUF BIT(1) #define KSMBD_GLOBAL_FLAG_CACHE_RBUF BIT(2) #define KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION BIT(3) +#define KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL BIT(4)

struct ksmbd_startup_request { __u32 flags; diff --git a/fs/cifsd/mgmt/user_session.c b/fs/cifsd/mgmt/user_session.c index 739588a6c96a..c3487b1a004c 100644 --- a/fs/cifsd/mgmt/user_session.c +++ b/fs/cifsd/mgmt/user_session.c @@ -207,7 +207,8 @@ void ksmbd_sessions_deregister(struct ksmbd_conn *conn) } }

-bool ksmbd_session_id_match(struct ksmbd_session *sess, unsigned long long id) +static bool ksmbd_session_id_match(struct ksmbd_session *sess, + unsigned long long id) { return sess->id == id; } @@ -250,6 +251,52 @@ struct ksmbd_session *ksmbd_session_lookup_slowpath(unsigned long long id) return sess; }

+struct ksmbd_session *ksmbd_session_lookup_all(struct ksmbd_conn *conn, + unsigned long long id) +{ + struct ksmbd_session *sess; + + sess = ksmbd_session_lookup(conn, id); + if (!sess && conn->binding) + sess = ksmbd_session_lookup_slowpath(id); + return sess; +} + +struct preauth_session *ksmbd_preauth_session_alloc(struct ksmbd_conn *conn, + u64 sess_id) +{ + struct preauth_session *sess; + + sess = kmalloc(sizeof(struct preauth_session), GFP_KERNEL); + if (!sess) + return NULL; + + sess->id = sess_id; + memcpy(sess->Preauth_HashValue, conn->preauth_info->Preauth_HashValue, + PREAUTH_HASHVALUE_SIZE); + list_add(&sess->preauth_entry, &conn->preauth_sess_table); + + return sess; +} + +static bool ksmbd_preauth_session_id_match(struct preauth_session *sess, + unsigned long long id) +{ + return sess->id == id; +} + +struct preauth_session *ksmbd_preauth_session_lookup(struct ksmbd_conn *conn, + unsigned long long id) +{ + struct preauth_session *sess = NULL; + + list_for_each_entry(sess, &conn->preauth_sess_table, preauth_entry) { + if (ksmbd_preauth_session_id_match(sess, id)) + return sess; + } + return NULL; +} + static int __init_smb2_session(struct ksmbd_session *sess) { int id = ksmbd_acquire_smb2_uid(&session_ida); diff --git a/fs/cifsd/mgmt/user_session.h b/fs/cifsd/mgmt/user_session.h index 761bf4776cf1..82289c3cbd2b 100644 --- a/fs/cifsd/mgmt/user_session.h +++ b/fs/cifsd/mgmt/user_session.h @@ -26,8 +26,8 @@ struct channel {

struct preauth_session { __u8 Preauth_HashValue[PREAUTH_HASHVALUE_SIZE]; - u64 sess_id; - struct list_head list_entry; + u64 id; + struct list_head preauth_entry; };

struct ksmbd_session { @@ -82,13 +82,18 @@ struct ksmbd_session *ksmbd_smb2_session_create(void);

void ksmbd_session_destroy(struct ksmbd_session *sess);

-bool ksmbd_session_id_match(struct ksmbd_session *sess, unsigned long long id); struct ksmbd_session *ksmbd_session_lookup_slowpath(unsigned long long id); struct ksmbd_session *ksmbd_session_lookup(struct ksmbd_conn *conn, unsigned long long id); void ksmbd_session_register(struct ksmbd_conn *conn, struct ksmbd_session *sess); void ksmbd_sessions_deregister(struct ksmbd_conn *conn); +struct ksmbd_session *ksmbd_session_lookup_all(struct ksmbd_conn *conn, + unsigned long long id); +struct preauth_session *ksmbd_preauth_session_alloc(struct ksmbd_conn *conn, + u64 sess_id); +struct preauth_session *ksmbd_preauth_session_lookup(struct ksmbd_conn *conn, + unsigned long long id);

int ksmbd_acquire_tree_conn_id(struct ksmbd_session *sess); void ksmbd_release_tree_conn_id(struct ksmbd_session *sess, int id); diff --git a/fs/cifsd/smb2ops.c b/fs/cifsd/smb2ops.c index 8999c3faf4fc..f7e5f21d4ae2 100644 --- a/fs/cifsd/smb2ops.c +++ b/fs/cifsd/smb2ops.c @@ -229,6 +229,9 @@ void init_smb3_0_server(struct ksmbd_conn *conn) if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION && conn->cli_cap & SMB2_GLOBAL_CAP_ENCRYPTION) conn->vals->capabilities |= SMB2_GLOBAL_CAP_ENCRYPTION; + + if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL) + conn->vals->capabilities |= SMB2_GLOBAL_CAP_MULTI_CHANNEL; }

/** @@ -250,6 +253,9 @@ void init_smb3_02_server(struct ksmbd_conn *conn) if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION && conn->cli_cap & SMB2_GLOBAL_CAP_ENCRYPTION) conn->vals->capabilities |= SMB2_GLOBAL_CAP_ENCRYPTION; + + if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL) + conn->vals->capabilities |= SMB2_GLOBAL_CAP_MULTI_CHANNEL; }

/** @@ -271,6 +277,9 @@ int init_smb3_11_server(struct ksmbd_conn *conn) if (conn->cipher_type) conn->vals->capabilities |= SMB2_GLOBAL_CAP_ENCRYPTION;

+ if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL) + conn->vals->capabilities |= SMB2_GLOBAL_CAP_MULTI_CHANNEL; + INIT_LIST_HEAD(&conn->preauth_sess_table); return 0; } diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index ac15a9287310..12c954dac51a 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -64,21 +64,21 @@ static inline int check_session_id(struct ksmbd_conn *conn, u64 id) if (id == 0 || id == -1) return 0;

- sess = ksmbd_session_lookup(conn, id); + sess = ksmbd_session_lookup_all(conn, id); if (sess) return 1; ksmbd_err("Invalid user session id: %llu\n", id); return 0; }

-struct channel *lookup_chann_list(struct ksmbd_session *sess) +struct channel *lookup_chann_list(struct ksmbd_session *sess, struct ksmbd_conn *conn) { struct channel *chann; struct list_head *t;

list_for_each(t, &sess->ksmbd_chann_list) { chann = list_entry(t, struct channel, chann_list); - if (chann && chann->conn == sess->conn) + if (chann && chann->conn == conn) return chann; }

@@ -600,7 +600,7 @@ int smb2_check_user_session(struct ksmbd_work *work)

sess_id = le64_to_cpu(req_hdr->SessionId); /* Check for validity of user session */ - work->sess = ksmbd_session_lookup(conn, sess_id); + work->sess = ksmbd_session_lookup_all(conn, sess_id); if (work->sess) return 1; ksmbd_debug(SMB, "Invalid user session, Uid %llu\n", sess_id); @@ -1165,18 +1165,30 @@ static int generate_preauth_hash(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; struct ksmbd_session *sess = work->sess; + u8 *preauth_hash;

if (conn->dialect != SMB311_PROT_ID) return 0;

- if (!sess->Preauth_HashValue) { - if (alloc_preauth_hash(sess, conn)) - return -ENOMEM; + if (conn->binding) { + struct preauth_session *preauth_sess; + + preauth_sess = ksmbd_preauth_session_lookup(conn, sess->id); + if (!preauth_sess) { + preauth_sess = ksmbd_preauth_session_alloc(conn, sess->id); + if (!preauth_sess) + return -ENOMEM; + } + + preauth_hash = preauth_sess->Preauth_HashValue; + } else { + if (!sess->Preauth_HashValue) + if (alloc_preauth_hash(sess, conn)) + return -ENOMEM; + preauth_hash = sess->Preauth_HashValue; }

- ksmbd_gen_preauth_integrity_hash(conn, - work->request_buf, - sess->Preauth_HashValue); + ksmbd_gen_preauth_integrity_hash(conn, work->request_buf, preauth_hash); return 0; }

@@ -1383,15 +1395,19 @@ static int ntlm_authenticate(struct ksmbd_work *work) * that it is reauthentication. And the user/password * has been verified, so return it here. */ - if (sess->state == SMB2_SESSION_VALID) + if (sess->state == SMB2_SESSION_VALID) { + if (conn->binding) + goto binding_session; return 0; + }

if ((conn->sign || server_conf.enforced_signing) || (req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) sess->sign = true;

if (conn->vals->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION && - conn->ops->generate_encryptionkey) { + conn->ops->generate_encryptionkey && + !(req->Flags & SMB2_SESSION_REQ_FLAG_BINDING)) { rc = conn->ops->generate_encryptionkey(sess); if (rc) { ksmbd_debug(SMB, @@ -1409,8 +1425,9 @@ static int ntlm_authenticate(struct ksmbd_work *work) } }

+binding_session: if (conn->dialect >= SMB30_PROT_ID) { - chann = lookup_chann_list(sess); + chann = lookup_chann_list(sess, conn); if (!chann) { chann = kmalloc(sizeof(struct channel), GFP_KERNEL); if (!chann) @@ -1423,7 +1440,7 @@ static int ntlm_authenticate(struct ksmbd_work *work) }

if (conn->ops->generate_signingkey) { - rc = conn->ops->generate_signingkey(sess); + rc = conn->ops->generate_signingkey(sess, conn); if (rc) { ksmbd_debug(SMB, "SMB3 signing key generation failed\n"); rsp->hdr.Status = STATUS_LOGON_FAILURE; @@ -1500,7 +1517,7 @@ static int krb5_authenticate(struct ksmbd_work *work) }

if (conn->dialect >= SMB30_PROT_ID) { - chann = lookup_chann_list(sess); + chann = lookup_chann_list(sess, conn); if (!chann) { chann = kmalloc(sizeof(struct channel), GFP_KERNEL); if (!chann) @@ -1513,7 +1530,7 @@ static int krb5_authenticate(struct ksmbd_work *work) }

if (conn->ops->generate_signingkey) { - retval = conn->ops->generate_signingkey(sess); + retval = conn->ops->generate_signingkey(sess, conn); if (retval) { ksmbd_debug(SMB, "SMB3 signing key generation failed\n"); rsp->hdr.Status = STATUS_LOGON_FAILURE; @@ -1562,12 +1579,59 @@ int smb2_sess_setup(struct ksmbd_work *work) } rsp->hdr.SessionId = cpu_to_le64(sess->id); ksmbd_session_register(conn, sess); + } else if (conn->dialect >= SMB30_PROT_ID && + (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL) && + req->Flags & SMB2_SESSION_REQ_FLAG_BINDING) { + u64 sess_id = le64_to_cpu(req->hdr.SessionId); + + sess = ksmbd_session_lookup_slowpath(sess_id); + if (!sess) { + rc = -ENOENT; + goto out_err; + } + + if (conn->dialect != sess->conn->dialect) { + rc = -EINVAL; + goto out_err; + } + + if (!(req->hdr.Flags & SMB2_FLAGS_SIGNED)) { + rc = -EINVAL; + goto out_err; + } + + if (strncmp(conn->ClientGUID, sess->conn->ClientGUID, + SMB2_CLIENT_GUID_SIZE)) { + rc = -ENOENT; + goto out_err; + } + + if (sess->state == SMB2_SESSION_IN_PROGRESS) { + rc = -EACCES; + goto out_err; + } + + if (sess->state == SMB2_SESSION_EXPIRED) { + rc = -EFAULT; + goto out_err; + } + + if (ksmbd_session_lookup(conn, sess_id)) { + rc = -EACCES; + goto out_err; + } + + conn->binding = true; + } else if ((conn->dialect < SMB30_PROT_ID || + server_conf.flags & KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL) && + (req->Flags & SMB2_SESSION_REQ_FLAG_BINDING)) { + rc = -EACCES; + goto out_err; } else { sess = ksmbd_session_lookup(conn, le64_to_cpu(req->hdr.SessionId)); if (!sess) { rc = -ENOENT; - rsp->hdr.Status = STATUS_USER_SESSION_DELETED; goto out_err; } } @@ -1585,15 +1649,15 @@ int smb2_sess_setup(struct ksmbd_work *work) }

if (server_conf.auth_mechs & conn->auth_mechs) { + rc = generate_preauth_hash(work); + if (rc) + goto out_err; + if (conn->preferred_auth_mech & (KSMBD_AUTH_KRB5 | KSMBD_AUTH_MSKRB5)) { - rc = generate_preauth_hash(work); - if (rc) - goto out_err; - rc = krb5_authenticate(work); if (rc) { - rsp->hdr.Status = STATUS_INVALID_PARAMETER; + rc = -EINVAL; goto out_err; }

@@ -1602,10 +1666,6 @@ int smb2_sess_setup(struct ksmbd_work *work) kfree(sess->Preauth_HashValue); sess->Preauth_HashValue = NULL; } else if (conn->preferred_auth_mech == KSMBD_AUTH_NTLMSSP) { - rc = generate_preauth_hash(work); - if (rc) - goto out_err; - if (negblob->MessageType == NtLmNegotiate) { rc = ntlm_negotiate(work, negblob); if (rc) @@ -1625,6 +1685,16 @@ int smb2_sess_setup(struct ksmbd_work *work)

ksmbd_conn_set_good(work); sess->state = SMB2_SESSION_VALID; + if (conn->binding) { + struct preauth_session *preauth_sess; + + preauth_sess = + ksmbd_preauth_session_lookup(conn, sess->id); + if (preauth_sess) { + list_del(&preauth_sess->preauth_entry); + kfree(preauth_sess); + } + } kfree(sess->Preauth_HashValue); sess->Preauth_HashValue = NULL; } @@ -1632,15 +1702,24 @@ int smb2_sess_setup(struct ksmbd_work *work) /* TODO: need one more negotiation */ ksmbd_err("Not support the preferred authentication\n"); rc = -EINVAL; - rsp->hdr.Status = STATUS_INVALID_PARAMETER; } } else { ksmbd_err("Not support authentication\n"); rc = -EINVAL; - rsp->hdr.Status = STATUS_INVALID_PARAMETER; }

out_err: + if (rc == -EINVAL) + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + else if (rc == -ENOENT) + rsp->hdr.Status = STATUS_USER_SESSION_DELETED; + else if (rc == -EACCES) + rsp->hdr.Status = STATUS_REQUEST_NOT_ACCEPTED; + else if (rc == -EFAULT) + rsp->hdr.Status = STATUS_NETWORK_SESSION_EXPIRED; + else if (rc) + rsp->hdr.Status = STATUS_LOGON_FAILURE; + if (conn->use_spnego && conn->mechToken) { kfree(conn->mechToken); conn->mechToken = NULL; @@ -7883,7 +7962,7 @@ void smb2_set_sign_rsp(struct ksmbd_work *work) */ int smb3_check_sign_req(struct ksmbd_work *work) { - struct ksmbd_conn *conn; + struct ksmbd_conn *conn = work->conn; char *signing_key; struct smb2_hdr *hdr, *hdr_org; struct channel *chann; @@ -7906,13 +7985,11 @@ int smb3_check_sign_req(struct ksmbd_work *work)

if (le16_to_cpu(hdr->Command) == SMB2_SESSION_SETUP_HE) { signing_key = work->sess->smb3signingkey; - conn = work->sess->conn; } else { - chann = lookup_chann_list(work->sess); + chann = lookup_chann_list(work->sess, conn); if (!chann) return 0; signing_key = chann->smb3signingkey; - conn = chann->conn; }

if (!signing_key) { @@ -7943,7 +8020,7 @@ int smb3_check_sign_req(struct ksmbd_work *work) */ void smb3_set_sign_rsp(struct ksmbd_work *work) { - struct ksmbd_conn *conn; + struct ksmbd_conn *conn = work->conn; struct smb2_hdr *req_hdr; struct smb2_hdr *hdr, *hdr_org; struct channel *chann; @@ -7970,13 +8047,11 @@ void smb3_set_sign_rsp(struct ksmbd_work *work)

if (le16_to_cpu(hdr->Command) == SMB2_SESSION_SETUP_HE) { signing_key = work->sess->smb3signingkey; - conn = work->sess->conn; } else { - chann = lookup_chann_list(work->sess); + chann = lookup_chann_list(work->sess, work->conn); if (!chann) return; signing_key = chann->smb3signingkey; - conn = chann->conn; }

if (!signing_key) @@ -8020,11 +8095,21 @@ void smb3_preauth_hash_rsp(struct ksmbd_work *work) ksmbd_gen_preauth_integrity_hash(conn, (char *)rsp, conn->preauth_info->Preauth_HashValue);

- if (le16_to_cpu(rsp->Command) == SMB2_SESSION_SETUP_HE && - sess && sess->state == SMB2_SESSION_IN_PROGRESS) { + if (le16_to_cpu(rsp->Command) == SMB2_SESSION_SETUP_HE && sess) { __u8 *hash_value;

- hash_value = sess->Preauth_HashValue; + if (conn->binding) { + struct preauth_session *preauth_sess; + + preauth_sess = ksmbd_preauth_session_lookup(conn, sess->id); + if (!preauth_sess) + return; + hash_value = preauth_sess->Preauth_HashValue; + } else { + hash_value = sess->Preauth_HashValue; + if (!hash_value) + return; + } ksmbd_gen_preauth_integrity_hash(conn, (char *)rsp, hash_value); } @@ -8116,7 +8201,7 @@ int smb3_decrypt_req(struct ksmbd_work *work) unsigned int orig_len = le32_to_cpu(tr_hdr->OriginalMessageSize); int rc = 0;

- sess = ksmbd_session_lookup(conn, le64_to_cpu(tr_hdr->SessionId)); + sess = ksmbd_session_lookup_all(conn, le64_to_cpu(tr_hdr->SessionId)); if (!sess) { ksmbd_err("invalid session id(%llx) in transform header\n", le64_to_cpu(tr_hdr->SessionId)); diff --git a/fs/cifsd/smb2pdu.h b/fs/cifsd/smb2pdu.h index 0d5349e75dd9..0eac40e1ba65 100644 --- a/fs/cifsd/smb2pdu.h +++ b/fs/cifsd/smb2pdu.h @@ -1647,7 +1647,8 @@ struct file_lock *smb_flock_init(struct file *f); int setup_async_work(struct ksmbd_work *work, void (*fn)(void **), void **arg); void smb2_send_interim_resp(struct ksmbd_work *work, __le32 status); -struct channel *lookup_chann_list(struct ksmbd_session *sess); +struct channel *lookup_chann_list(struct ksmbd_session *sess, + struct ksmbd_conn *conn); void smb3_preauth_hash_rsp(struct ksmbd_work *work); int smb3_is_transform_hdr(void *buf); int smb3_decrypt_req(struct ksmbd_work *work); diff --git a/fs/cifsd/smb_common.h b/fs/cifsd/smb_common.h index 6e7404b8db96..084166ba7654 100644 --- a/fs/cifsd/smb_common.h +++ b/fs/cifsd/smb_common.h @@ -479,7 +479,7 @@ struct smb_version_ops { bool (*is_sign_req)(struct ksmbd_work *work, unsigned int command); int (*check_sign_req)(struct ksmbd_work *work); void (*set_sign_rsp)(struct ksmbd_work *work); - int (*generate_signingkey)(struct ksmbd_session *sess); + int (*generate_signingkey)(struct ksmbd_session *sess, struct ksmbd_conn *conn); int (*generate_encryptionkey)(struct ksmbd_session *sess); int (*is_transform_hdr)(void *buf); int (*decrypt_req)(struct ksmbd_work *work);

From patchwork Mon Nov 14 12:50:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183209 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:05 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:05 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:04 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 112/308] ksmbd: remove cache read/trans buffer support Date: Mon, 14 Nov 2022 20:50:21 +0800 Message-ID: 20221114125337.1831594-113-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 6c35187d-9762-47c8-831f-08dac63c60bf X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6729074 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit c30f4eb84badf7476824c38f874542a2e653b46b category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/c30f4eb84bad

-------------------------------

As vmalloc performance improvement patch for big allocation is merged into linux kernel, This feature is no longer not needed.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/auth.c | 1 - fs/cifsd/buffer_pool.c | 265 ----------------------------------- fs/cifsd/buffer_pool.h | 17 --- fs/cifsd/connection.c | 1 - fs/cifsd/crypto_ctx.c | 1 - fs/cifsd/ksmbd_server.h | 6 +- fs/cifsd/ksmbd_work.c | 14 +- fs/cifsd/ksmbd_work.h | 2 - fs/cifsd/mgmt/share_config.c | 1 - fs/cifsd/mgmt/tree_connect.c | 1 - fs/cifsd/mgmt/user_config.c | 1 - fs/cifsd/mgmt/user_session.c | 1 - fs/cifsd/oplock.c | 1 - fs/cifsd/server.c | 18 ++- fs/cifsd/smb2pdu.c | 34 +---- fs/cifsd/transport_ipc.c | 1 - fs/cifsd/transport_rdma.c | 1 - fs/cifsd/transport_tcp.c | 1 - fs/cifsd/vfs.c | 1 - fs/cifsd/vfs_cache.c | 34 ++++- fs/cifsd/vfs_cache.h | 2 + 21 files changed, 51 insertions(+), 353 deletions(-) delete mode 100644 fs/cifsd/buffer_pool.c delete mode 100644 fs/cifsd/buffer_pool.h

diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index 1ba03a7c3201..daf31c9f0880 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -29,7 +29,6 @@ #include "mgmt/user_config.h" #include "crypto_ctx.h" #include "transport_ipc.h" -#include "buffer_pool.h"

/* * Fixed format data defining GSS header and fixed string diff --git a/fs/cifsd/buffer_pool.c b/fs/cifsd/buffer_pool.c deleted file mode 100644 index ea7d2d1a056a..000000000000 --- a/fs/cifsd/buffer_pool.c +++ /dev/null @@ -1,265 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0-or-later -/* - * Copyright (C) 2018 Samsung Electronics Co., Ltd. - */ - -#include <linux/kernel.h> -#include <linux/wait.h> -#include <linux/sched.h> -#include <linux/mm.h> -#include <linux/slab.h> -#include <linux/vmalloc.h> -#include <linux/rwlock.h> - -#include "glob.h" -#include "buffer_pool.h" -#include "connection.h" -#include "mgmt/ksmbd_ida.h" - -static struct kmem_cache *filp_cache; - -struct wm { - struct list_head list; - unsigned int sz; - char buffer[0]; -}; - -struct wm_list { - struct list_head list; - unsigned int sz; - - spinlock_t wm_lock; - int avail_wm; - struct list_head idle_wm; - wait_queue_head_t wm_wait; -}; - -static LIST_HEAD(wm_lists); -static DEFINE_RWLOCK(wm_lists_lock); - -static struct wm *wm_alloc(size_t sz, gfp_t flags) -{ - struct wm *wm; - size_t alloc_sz = sz + sizeof(struct wm); - - if (sz > SIZE_MAX - sizeof(struct wm)) - return NULL; - - wm = kvmalloc(alloc_sz, flags); - if (!wm) - return NULL; - wm->sz = sz; - return wm; -} - -static int register_wm_size_class(size_t sz) -{ - struct wm_list *l, *nl; - - nl = kmalloc(sizeof(struct wm_list), GFP_KERNEL); - if (!nl) - return -ENOMEM; - - nl->sz = sz; - spin_lock_init(&nl->wm_lock); - INIT_LIST_HEAD(&nl->idle_wm); - INIT_LIST_HEAD(&nl->list); - init_waitqueue_head(&nl->wm_wait); - nl->avail_wm = 0; - - write_lock(&wm_lists_lock); - list_for_each_entry(l, &wm_lists, list) { - if (l->sz == sz) { - write_unlock(&wm_lists_lock); - kfree(nl); - return 0; - } - } - - list_add(&nl->list, &wm_lists); - write_unlock(&wm_lists_lock); - return 0; -} - -static struct wm_list *match_wm_list(size_t size) -{ - struct wm_list *l, *rl = NULL; - - read_lock(&wm_lists_lock); - list_for_each_entry(l, &wm_lists, list) { - if (l->sz == size) { - rl = l; - break; - } - } - read_unlock(&wm_lists_lock); - return rl; -} - -static struct wm *find_wm(size_t size) -{ - struct wm_list *wm_list; - struct wm *wm; - - wm_list = match_wm_list(size); - if (!wm_list) { - if (register_wm_size_class(size)) - return NULL; - wm_list = match_wm_list(size); - } - - if (!wm_list) - return NULL; - - while (1) { - spin_lock(&wm_list->wm_lock); - if (!list_empty(&wm_list->idle_wm)) { - wm = list_entry(wm_list->idle_wm.next, - struct wm, - list); - list_del(&wm->list); - spin_unlock(&wm_list->wm_lock); - return wm; - } - - if (wm_list->avail_wm > num_online_cpus()) { - spin_unlock(&wm_list->wm_lock); - wait_event(wm_list->wm_wait, - !list_empty(&wm_list->idle_wm)); - continue; - } - - wm_list->avail_wm++; - spin_unlock(&wm_list->wm_lock); - - wm = wm_alloc(size, GFP_KERNEL); - if (!wm) { - spin_lock(&wm_list->wm_lock); - wm_list->avail_wm--; - spin_unlock(&wm_list->wm_lock); - wait_event(wm_list->wm_wait, - !list_empty(&wm_list->idle_wm)); - continue; - } - break; - } - - return wm; -} - -static void release_wm(struct wm *wm, struct wm_list *wm_list) -{ - if (!wm) - return; - - spin_lock(&wm_list->wm_lock); - if (wm_list->avail_wm <= num_online_cpus()) { - list_add(&wm->list, &wm_list->idle_wm); - spin_unlock(&wm_list->wm_lock); - wake_up(&wm_list->wm_wait); - return; - } - - wm_list->avail_wm--; - spin_unlock(&wm_list->wm_lock); - kvfree(wm); -} - -static void wm_list_free(struct wm_list *l) -{ - struct wm *wm; - - while (!list_empty(&l->idle_wm)) { - wm = list_entry(l->idle_wm.next, struct wm, list); - list_del(&wm->list); - kvfree(wm); - } - kfree(l); -} - -static void wm_lists_destroy(void) -{ - struct wm_list *l; - - while (!list_empty(&wm_lists)) { - l = list_entry(wm_lists.next, struct wm_list, list); - list_del(&l->list); - wm_list_free(l); - } -} - -void *ksmbd_find_buffer(size_t size) -{ - struct wm *wm; - - wm = find_wm(size); - - WARN_ON(!wm); - if (wm) - return wm->buffer; - return NULL; -} - -void ksmbd_release_buffer(void *buffer) -{ - struct wm_list *wm_list; - struct wm *wm; - - if (!buffer) - return; - - wm = container_of(buffer, struct wm, buffer); - wm_list = match_wm_list(wm->sz); - WARN_ON(!wm_list); - if (wm_list) - release_wm(wm, wm_list); -} - -void *ksmbd_realloc_response(void *ptr, size_t old_sz, size_t new_sz) -{ - size_t sz = min(old_sz, new_sz); - void *nptr; - - nptr = kvmalloc(new_sz, GFP_KERNEL | __GFP_ZERO); - if (!nptr) - return ptr; - memcpy(nptr, ptr, sz); - kvfree(ptr); - return nptr; -} - -void ksmbd_free_file_struct(void *filp) -{ - kmem_cache_free(filp_cache, filp); -} - -void *ksmbd_alloc_file_struct(void) -{ - return kmem_cache_zalloc(filp_cache, GFP_KERNEL); -} - -void ksmbd_destroy_buffer_pools(void) -{ - wm_lists_destroy(); - ksmbd_work_pool_destroy(); - kmem_cache_destroy(filp_cache); -} - -int ksmbd_init_buffer_pools(void) -{ - if (ksmbd_work_pool_init()) - goto out; - - filp_cache = kmem_cache_create("ksmbd_file_cache", - sizeof(struct ksmbd_file), 0, - SLAB_HWCACHE_ALIGN, NULL); - if (!filp_cache) - goto out; - - return 0; - -out: - ksmbd_err("failed to allocate memory\n"); - ksmbd_destroy_buffer_pools(); - return -ENOMEM; -} diff --git a/fs/cifsd/buffer_pool.h b/fs/cifsd/buffer_pool.h deleted file mode 100644 index 088aa07ba09b..000000000000 --- a/fs/cifsd/buffer_pool.h +++ /dev/null @@ -1,17 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0-or-later */ -/* - * Copyright (C) 2018 Samsung Electronics Co., Ltd. - */ - -#ifndef __KSMBD_BUFFER_POOL_H__ -#define __KSMBD_BUFFER_POOL_H__ - -void *ksmbd_find_buffer(size_t size); -void ksmbd_release_buffer(void *buffer); -void *ksmbd_realloc_response(void *ptr, size_t old_sz, size_t new_sz); -void ksmbd_free_file_struct(void *filp); -void *ksmbd_alloc_file_struct(void); -void ksmbd_destroy_buffer_pools(void); -int ksmbd_init_buffer_pools(void); - -#endif /* __KSMBD_BUFFER_POOL_H__ */ diff --git a/fs/cifsd/connection.c b/fs/cifsd/connection.c index 06c42309be72..a0d15093dd6f 100644 --- a/fs/cifsd/connection.c +++ b/fs/cifsd/connection.c @@ -9,7 +9,6 @@ #include <linux/module.h>

#include "server.h" -#include "buffer_pool.h" #include "smb_common.h" #include "mgmt/ksmbd_ida.h" #include "connection.h" diff --git a/fs/cifsd/crypto_ctx.c b/fs/cifsd/crypto_ctx.c index cfea4c4db30f..7b727fe141a6 100644 --- a/fs/cifsd/crypto_ctx.c +++ b/fs/cifsd/crypto_ctx.c @@ -12,7 +12,6 @@

#include "glob.h" #include "crypto_ctx.h" -#include "buffer_pool.h"

struct crypto_ctx_list { spinlock_t ctx_lock; diff --git a/fs/cifsd/ksmbd_server.h b/fs/cifsd/ksmbd_server.h index 5ae3fe91bfb4..c2467a709144 100644 --- a/fs/cifsd/ksmbd_server.h +++ b/fs/cifsd/ksmbd_server.h @@ -30,10 +30,8 @@ struct ksmbd_heartbeat { */ #define KSMBD_GLOBAL_FLAG_INVALID (0) #define KSMBD_GLOBAL_FLAG_SMB2_LEASES BIT(0) -#define KSMBD_GLOBAL_FLAG_CACHE_TBUF BIT(1) -#define KSMBD_GLOBAL_FLAG_CACHE_RBUF BIT(2) -#define KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION BIT(3) -#define KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL BIT(4) +#define KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION BIT(1) +#define KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL BIT(2)

struct ksmbd_startup_request { __u32 flags; diff --git a/fs/cifsd/ksmbd_work.c b/fs/cifsd/ksmbd_work.c index f284a2a803d6..a88c25965012 100644 --- a/fs/cifsd/ksmbd_work.c +++ b/fs/cifsd/ksmbd_work.c @@ -11,7 +11,6 @@ #include "server.h" #include "connection.h" #include "ksmbd_work.h" -#include "buffer_pool.h" #include "mgmt/ksmbd_ida.h"

/* @FIXME */ @@ -38,18 +37,9 @@ struct ksmbd_work *ksmbd_alloc_work_struct(void) void ksmbd_free_work_struct(struct ksmbd_work *work) { WARN_ON(work->saved_cred != NULL); - if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_TBUF && - work->set_trans_buf) - ksmbd_release_buffer(work->response_buf); - else - kvfree(work->response_buf); - - if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_RBUF && - work->set_read_buf) - ksmbd_release_buffer(work->aux_payload_buf); - else - kvfree(work->aux_payload_buf);

+ kvfree(work->response_buf); + kvfree(work->aux_payload_buf); kfree(work->tr_buf); kvfree(work->request_buf); if (work->async_id) diff --git a/fs/cifsd/ksmbd_work.h b/fs/cifsd/ksmbd_work.h index 28a1692ed37f..0e2d4f3fc49f 100644 --- a/fs/cifsd/ksmbd_work.h +++ b/fs/cifsd/ksmbd_work.h @@ -70,8 +70,6 @@ struct ksmbd_work { /* Is this SYNC or ASYNC ksmbd_work */ bool syncronous:1; bool need_invalidate_rkey:1; - bool set_trans_buf:1; - bool set_read_buf:1;

unsigned int remote_key; /* cancel works */ diff --git a/fs/cifsd/mgmt/share_config.c b/fs/cifsd/mgmt/share_config.c index bcc4ae4381b9..fac6034b97a9 100644 --- a/fs/cifsd/mgmt/share_config.c +++ b/fs/cifsd/mgmt/share_config.c @@ -15,7 +15,6 @@ #include "share_config.h" #include "user_config.h" #include "user_session.h" -#include "../buffer_pool.h" #include "../transport_ipc.h"

#define SHARE_HASH_BITS 3 diff --git a/fs/cifsd/mgmt/tree_connect.c b/fs/cifsd/mgmt/tree_connect.c index 029a9e81e844..0d28e723a28c 100644 --- a/fs/cifsd/mgmt/tree_connect.c +++ b/fs/cifsd/mgmt/tree_connect.c @@ -7,7 +7,6 @@ #include <linux/slab.h> #include <linux/xarray.h>

-#include "../buffer_pool.h" #include "../transport_ipc.h" #include "../connection.h"

diff --git a/fs/cifsd/mgmt/user_config.c b/fs/cifsd/mgmt/user_config.c index 7f898c5bda25..d21629ae5c89 100644 --- a/fs/cifsd/mgmt/user_config.c +++ b/fs/cifsd/mgmt/user_config.c @@ -7,7 +7,6 @@ #include <linux/mm.h>

#include "user_config.h" -#include "../buffer_pool.h" #include "../transport_ipc.h"

struct ksmbd_user *ksmbd_login_user(const char *account) diff --git a/fs/cifsd/mgmt/user_session.c b/fs/cifsd/mgmt/user_session.c index c3487b1a004c..77bdf3642f72 100644 --- a/fs/cifsd/mgmt/user_session.c +++ b/fs/cifsd/mgmt/user_session.c @@ -14,7 +14,6 @@ #include "tree_connect.h" #include "../transport_ipc.h" #include "../connection.h" -#include "../buffer_pool.h" #include "../vfs_cache.h"

static DEFINE_IDA(session_ida); diff --git a/fs/cifsd/oplock.c b/fs/cifsd/oplock.c index 5868cdca7187..1ef2acbea2bb 100644 --- a/fs/cifsd/oplock.c +++ b/fs/cifsd/oplock.c @@ -11,7 +11,6 @@

#include "smb_common.h" #include "smbstatus.h" -#include "buffer_pool.h" #include "connection.h" #include "mgmt/user_session.h" #include "mgmt/share_config.h" diff --git a/fs/cifsd/server.c b/fs/cifsd/server.c index a71fafa176b3..93402c56b8ff 100644 --- a/fs/cifsd/server.c +++ b/fs/cifsd/server.c @@ -16,7 +16,6 @@ #include "server.h" #include "smb_common.h" #include "smbstatus.h" -#include "buffer_pool.h" #include "connection.h" #include "transport_ipc.h" #include "mgmt/user_session.h" @@ -536,7 +535,8 @@ static int ksmbd_server_shutdown(void) ksmbd_crypto_destroy(); ksmbd_free_global_file_table(); destroy_lease_table(NULL); - ksmbd_destroy_buffer_pools(); + ksmbd_work_pool_destroy(); + ksmbd_exit_file_cache(); server_conf_free(); return 0; } @@ -557,13 +557,17 @@ static int __init ksmbd_server_init(void) if (ret) goto err_unregister;

- ret = ksmbd_init_buffer_pools(); + ret = ksmbd_work_pool_init(); if (ret) goto err_unregister;

+ ret = ksmbd_init_file_cache(); + if (ret) + goto err_destroy_work_pools; + ret = ksmbd_ipc_init(); if (ret) - goto err_free_session_table; + goto err_exit_file_cache;

ret = ksmbd_init_global_file_table(); if (ret) @@ -590,8 +594,10 @@ static int __init ksmbd_server_init(void) ksmbd_free_global_file_table(); err_ipc_release: ksmbd_ipc_release(); -err_free_session_table: - ksmbd_destroy_buffer_pools(); +err_exit_file_cache: + ksmbd_exit_file_cache(); +err_destroy_work_pools: + ksmbd_work_pool_destroy(); err_unregister: class_unregister(&ksmbd_control_class);

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 12c954dac51a..345c4c75da9a 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -19,7 +19,6 @@

#include "auth.h" #include "asn1.h" -#include "buffer_pool.h" #include "connection.h" #include "transport_ipc.h" #include "vfs.h" @@ -538,10 +537,8 @@ int smb2_allocate_rsp_buf(struct ksmbd_work *work) size_t sz = small_sz; int cmd = le16_to_cpu(hdr->Command);

- if (cmd == SMB2_IOCTL_HE || cmd == SMB2_QUERY_DIRECTORY_HE) { + if (cmd == SMB2_IOCTL_HE || cmd == SMB2_QUERY_DIRECTORY_HE) sz = large_sz; - work->set_trans_buf = true; - }

if (cmd == SMB2_QUERY_INFO_HE) { struct smb2_query_info_req *req; @@ -549,22 +546,15 @@ int smb2_allocate_rsp_buf(struct ksmbd_work *work) req = work->request_buf; if (req->InfoType == SMB2_O_INFO_FILE && (req->FileInfoClass == FILE_FULL_EA_INFORMATION || - req->FileInfoClass == FILE_ALL_INFORMATION)) { + req->FileInfoClass == FILE_ALL_INFORMATION)) sz = large_sz; - work->set_trans_buf = true; - } }

/* allocate large response buf for chained commands */ if (le32_to_cpu(hdr->NextCommand) > 0) sz = large_sz;

- if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_TBUF && - work->set_trans_buf) - work->response_buf = ksmbd_find_buffer(sz); - else - work->response_buf = kvmalloc(sz, GFP_KERNEL | __GFP_ZERO); - + work->response_buf = kvmalloc(sz, GFP_KERNEL | __GFP_ZERO); if (!work->response_buf) return -ENOMEM;

@@ -5950,13 +5940,7 @@ int smb2_read(struct ksmbd_work *work) ksmbd_debug(SMB, "filename %s, offset %lld, len %zu\n", FP_FILENAME(fp), offset, length);

- if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_RBUF) { - work->aux_payload_buf = - ksmbd_find_buffer(conn->vals->max_read_size); - work->set_read_buf = true; - } else { - work->aux_payload_buf = kvmalloc(length, GFP_KERNEL | __GFP_ZERO); - } + work->aux_payload_buf = kvmalloc(length, GFP_KERNEL | __GFP_ZERO); if (!work->aux_payload_buf) { err = -ENOMEM; goto out; @@ -5969,10 +5953,7 @@ int smb2_read(struct ksmbd_work *work) }

if ((nbytes == 0 && length != 0) || nbytes < mincount) { - if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_RBUF) - ksmbd_release_buffer(work->aux_payload_buf); - else - kvfree(work->aux_payload_buf); + kvfree(work->aux_payload_buf); work->aux_payload_buf = NULL; rsp->hdr.Status = STATUS_END_OF_FILE; smb2_set_err_rsp(work); @@ -5989,10 +5970,7 @@ int smb2_read(struct ksmbd_work *work) remain_bytes = smb2_read_rdma_channel(work, req, work->aux_payload_buf, nbytes); - if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_RBUF) - ksmbd_release_buffer(work->aux_payload_buf); - else - kvfree(work->aux_payload_buf); + kvfree(work->aux_payload_buf); work->aux_payload_buf = NULL;

nbytes = 0; diff --git a/fs/cifsd/transport_ipc.c b/fs/cifsd/transport_ipc.c index b09df832431f..2bcc1cad6037 100644 --- a/fs/cifsd/transport_ipc.c +++ b/fs/cifsd/transport_ipc.c @@ -16,7 +16,6 @@

#include "vfs_cache.h" #include "transport_ipc.h" -#include "buffer_pool.h" #include "server.h" #include "smb_common.h"

diff --git a/fs/cifsd/transport_rdma.c b/fs/cifsd/transport_rdma.c index efaa9776841f..52237f023b66 100644 --- a/fs/cifsd/transport_rdma.c +++ b/fs/cifsd/transport_rdma.c @@ -33,7 +33,6 @@ #include "connection.h" #include "smb_common.h" #include "smbstatus.h" -#include "buffer_pool.h" #include "transport_rdma.h"

#define SMB_DIRECT_PORT 5445 diff --git a/fs/cifsd/transport_tcp.c b/fs/cifsd/transport_tcp.c index d6d5c0038dea..16702b7874f4 100644 --- a/fs/cifsd/transport_tcp.c +++ b/fs/cifsd/transport_tcp.c @@ -9,7 +9,6 @@ #include "smb_common.h" #include "server.h" #include "auth.h" -#include "buffer_pool.h" #include "connection.h" #include "transport_tcp.h"

diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index 9111b485d611..fb31c1ccb1bd 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -23,7 +23,6 @@ #include "glob.h" #include "oplock.h" #include "connection.h" -#include "buffer_pool.h" #include "vfs.h" #include "vfs_cache.h" #include "smbacl.h" diff --git a/fs/cifsd/vfs_cache.c b/fs/cifsd/vfs_cache.c index 6ea09fe82814..dcac1f0a29e4 100644 --- a/fs/cifsd/vfs_cache.c +++ b/fs/cifsd/vfs_cache.c @@ -10,7 +10,6 @@

#include "glob.h" #include "vfs_cache.h" -#include "buffer_pool.h" #include "oplock.h" #include "vfs.h" #include "connection.h" @@ -29,6 +28,7 @@ static DEFINE_RWLOCK(inode_hash_lock);

static struct ksmbd_file_table global_ft; static atomic_long_t fd_limit; +static struct kmem_cache *filp_cache;

void ksmbd_set_fd_limit(unsigned long limit) { @@ -315,7 +315,7 @@ static void __ksmbd_close_fd(struct ksmbd_file_table *ft, struct ksmbd_file *fp) kfree(fp->filename); if (ksmbd_stream_fd(fp)) kfree(fp->stream.name); - ksmbd_free_file_struct(fp); + kmem_cache_free(filp_cache, fp); }

static struct ksmbd_file *ksmbd_fp_get(struct ksmbd_file *fp) @@ -539,10 +539,10 @@ unsigned int ksmbd_open_durable_fd(struct ksmbd_file *fp)

struct ksmbd_file *ksmbd_open_fd(struct ksmbd_work *work, struct file *filp) { - struct ksmbd_file *fp; + struct ksmbd_file *fp; int ret;

- fp = ksmbd_alloc_file_struct(); + fp = kmem_cache_zalloc(filp_cache, GFP_KERNEL); if (!fp) { ksmbd_err("Failed to allocate memory\n"); return ERR_PTR(-ENOMEM); @@ -561,14 +561,14 @@ struct ksmbd_file *ksmbd_open_fd(struct ksmbd_work *work, struct file *filp) fp->f_ci = ksmbd_inode_get(fp);

if (!fp->f_ci) { - ksmbd_free_file_struct(fp); + kmem_cache_free(filp_cache, fp); return ERR_PTR(-ENOMEM); }

ret = __open_id(&work->sess->file_table, fp, OPEN_ID_TYPE_VOLATILE_ID); if (ret) { ksmbd_inode_put(fp->f_ci); - ksmbd_free_file_struct(fp); + kmem_cache_free(filp_cache, fp); return ERR_PTR(ret); }

@@ -640,7 +640,7 @@ void ksmbd_free_global_file_table(void)

idr_for_each_entry(global_ft.idr, fp, id) { __ksmbd_remove_durable_fd(fp); - ksmbd_free_file_struct(fp); + kmem_cache_free(filp_cache, fp); }

ksmbd_destroy_file_table(&global_ft); @@ -683,3 +683,23 @@ void ksmbd_destroy_file_table(struct ksmbd_file_table *ft) kfree(ft->idr); ft->idr = NULL; } + +int ksmbd_init_file_cache(void) +{ + filp_cache = kmem_cache_create("ksmbd_file_cache", + sizeof(struct ksmbd_file), 0, + SLAB_HWCACHE_ALIGN, NULL); + if (!filp_cache) + goto out; + + return 0; + +out: + ksmbd_err("failed to allocate file cache\n"); + return -ENOMEM; +} + +void ksmbd_exit_file_cache(void) +{ + kmem_cache_destroy(filp_cache); +} diff --git a/fs/cifsd/vfs_cache.h b/fs/cifsd/vfs_cache.h index 635eedbd497c..745855367106 100644 --- a/fs/cifsd/vfs_cache.h +++ b/fs/cifsd/vfs_cache.h @@ -182,4 +182,6 @@ void ksmbd_set_inode_pending_delete(struct ksmbd_file *fp); void ksmbd_clear_inode_pending_delete(struct ksmbd_file *fp); void ksmbd_fd_set_delete_on_close(struct ksmbd_file *fp, int file_info); +int ksmbd_init_file_cache(void); +void ksmbd_exit_file_cache(void); #endif /* __VFS_CACHE_H__ */

From patchwork Mon Nov 14 12:50:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183210 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:05 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:05 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:05 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 113/308] ksmbd: initialize variables on the declaration Date: Mon, 14 Nov 2022 20:50:22 +0800 Message-ID: 20221114125337.1831594-114-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 15664d23-9515-4690-3acb-08dac63c6108 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6881488 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit afa8f016c5a527bd004042ea47ca8b8007e4185f category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/afa8f016c5a5

-------------------------------

Initialize variables on the declaration.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/vfs.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index fb31c1ccb1bd..4e0cf1b95419 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -355,14 +355,11 @@ static int check_lock_range(struct file *filp, loff_t start, loff_t end, int ksmbd_vfs_read(struct ksmbd_work *work, struct ksmbd_file *fp, size_t count, loff_t *pos) { - struct file *filp; + struct file *filp = fp->filp; ssize_t nbytes = 0; - char *rbuf; - struct inode *inode; + char *rbuf = work->aux_payload_buf; + struct inode *inode = file_inode(filp);

- rbuf = work->aux_payload_buf; - filp = fp->filp; - inode = file_inode(filp); if (S_ISDIR(inode->i_mode)) return -EISDIR;

From patchwork Mon Nov 14 12:50:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183211 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:06 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:06 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:05 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 114/308] ksmbd: remove ksmbd_vfs_copy_file_range Date: Mon, 14 Nov 2022 20:50:23 +0800 Message-ID: 20221114125337.1831594-115-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: a9204477-decb-46af-4a77-08dac63c6152 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6202081 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit f8524776f1bbf2895de757438b41915a9b3d9bbc category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/f8524776f1bb

-------------------------------

vfs_copy_file_range and cifs client already does this type of fallback, so this is dead code.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 4 ++-- fs/cifsd/vfs.c | 50 ++-------------------------------------------- fs/cifsd/vfs.h | 3 --- 3 files changed, 4 insertions(+), 53 deletions(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 345c4c75da9a..2df8217c7395 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -7437,8 +7437,8 @@ int smb2_ioctl(struct ksmbd_work *work) ret = -EOPNOTSUPP; goto dup_ext_out; } else if (cloned != length) { - cloned = ksmbd_vfs_copy_file_range(fp_in->filp, src_off, - fp_out->filp, dst_off, length); + cloned = vfs_copy_file_range(fp_in->filp, src_off, + fp_out->filp, dst_off, length, 0); if (cloned != length) { if (cloned < 0) ret = cloned; diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index 4e0cf1b95419..ef74e56cd05f 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -1802,52 +1802,6 @@ int ksmbd_vfs_xattr_stream_name(char *stream_name, char **xattr_stream_name, return 0; }

-int ksmbd_vfs_copy_file_range(struct file *file_in, loff_t pos_in, - struct file *file_out, loff_t pos_out, size_t len) -{ - struct inode *inode_in = file_inode(file_in); - struct inode *inode_out = file_inode(file_out); - int ret; - - ret = vfs_copy_file_range(file_in, pos_in, file_out, pos_out, len, 0); - /* do splice for the copy between different file systems */ - if (ret != -EXDEV) - return ret; - - if (S_ISDIR(inode_in->i_mode) || S_ISDIR(inode_out->i_mode)) - return -EISDIR; - if (!S_ISREG(inode_in->i_mode) || !S_ISREG(inode_out->i_mode)) - return -EINVAL; - - if (!(file_in->f_mode & FMODE_READ) || - !(file_out->f_mode & FMODE_WRITE)) - return -EBADF; - - if (len == 0) - return 0; - - file_start_write(file_out); - - /* - * skip the verification of the range of data. it will be done - * in do_splice_direct - */ - ret = do_splice_direct(file_in, &pos_in, file_out, &pos_out, - len > MAX_RW_COUNT ? MAX_RW_COUNT : len, 0); - if (ret > 0) { - fsnotify_access(file_in); - add_rchar(current, ret); - fsnotify_modify(file_out); - add_wchar(current, ret); - } - - inc_syscr(current); - inc_syscw(current); - - file_end_write(file_out); - return ret; -} - int ksmbd_vfs_copy_file_ranges(struct ksmbd_work *work, struct ksmbd_file *src_fp, struct ksmbd_file *dst_fp, @@ -1905,8 +1859,8 @@ int ksmbd_vfs_copy_file_ranges(struct ksmbd_work *work, if (src_off + len > src_file_size) return -E2BIG;

- ret = ksmbd_vfs_copy_file_range(src_fp->filp, src_off, - dst_fp->filp, dst_off, len); + ret = vfs_copy_file_range(src_fp->filp, src_off, + dst_fp->filp, dst_off, len, 0); if (ret < 0) return ret;

diff --git a/fs/cifsd/vfs.h b/fs/cifsd/vfs.h index 5db1e9e2a754..03b877e6520b 100644 --- a/fs/cifsd/vfs.h +++ b/fs/cifsd/vfs.h @@ -218,9 +218,6 @@ int ksmbd_vfs_copy_file_ranges(struct ksmbd_work *work, unsigned int *chunk_count_written, unsigned int *chunk_size_written, loff_t *total_size_written); -int ksmbd_vfs_copy_file_range(struct file *file_in, loff_t pos_in, - struct file *file_out, loff_t pos_out, - size_t len); ssize_t ksmbd_vfs_listxattr(struct dentry *dentry, char **list); ssize_t ksmbd_vfs_getxattr(struct dentry *dentry, char *xattr_name, char **xattr_buf);

From patchwork Mon Nov 14 12:50:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183212 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:06 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:06 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:06 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 115/308] ksmbd: use list_for_each_entry instead of list_for_each Date: Mon, 14 Nov 2022 20:50:24 +0800 Message-ID: 20221114125337.1831594-116-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 797c5c3e-094e-4d99-1d93-08dac63c619a X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6894166 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 6f3d5eeec744727bf017be3bb12e7fbf1c4438ed category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/6f3d5eeec744

-------------------------------

Use list_for_each_entry instead of list_for_each.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 14 ++++---------- fs/cifsd/smb_common.c | 4 +--- fs/cifsd/vfs_cache.c | 4 +--- 3 files changed, 6 insertions(+), 16 deletions(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 2df8217c7395..f1642fffe4e1 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -73,10 +73,8 @@ static inline int check_session_id(struct ksmbd_conn *conn, u64 id) struct channel *lookup_chann_list(struct ksmbd_session *sess, struct ksmbd_conn *conn) { struct channel *chann; - struct list_head *t;

- list_for_each(t, &sess->ksmbd_chann_list) { - chann = list_entry(t, struct channel, chann_list); + list_for_each_entry(chann, &sess->ksmbd_chann_list, chann_list) { if (chann && chann->conn == conn) return chann; } @@ -6315,7 +6313,6 @@ int smb2_cancel(struct ksmbd_work *work) struct smb2_hdr *hdr = work->request_buf; struct smb2_hdr *chdr; struct ksmbd_work *cancel_work = NULL; - struct list_head *tmp; int canceled = 0; struct list_head *command_list;

@@ -6326,9 +6323,8 @@ int smb2_cancel(struct ksmbd_work *work) command_list = &conn->async_requests;

spin_lock(&conn->request_lock); - list_for_each(tmp, command_list) { - cancel_work = list_entry(tmp, struct ksmbd_work, - async_request_entry); + list_for_each_entry(cancel_work, command_list, + async_request_entry) { chdr = cancel_work->request_buf;

if (cancel_work->async_id != @@ -6347,9 +6343,7 @@ int smb2_cancel(struct ksmbd_work *work) command_list = &conn->requests;

spin_lock(&conn->request_lock); - list_for_each(tmp, command_list) { - cancel_work = list_entry(tmp, struct ksmbd_work, - request_entry); + list_for_each_entry(cancel_work, command_list, request_entry) { chdr = cancel_work->request_buf;

if (chdr->MessageId != hdr->MessageId || diff --git a/fs/cifsd/smb_common.c b/fs/cifsd/smb_common.c index 039030968b50..d74b2ce08187 100644 --- a/fs/cifsd/smb_common.c +++ b/fs/cifsd/smb_common.c @@ -481,15 +481,13 @@ int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp) { int rc = 0; struct ksmbd_file *prev_fp; - struct list_head *cur;

/* * Lookup fp in master fp list, and check desired access and * shared mode between previous open and current open. */ read_lock(&curr_fp->f_ci->m_lock); - list_for_each(cur, &curr_fp->f_ci->m_fp_list) { - prev_fp = list_entry(cur, struct ksmbd_file, node); + list_for_each_entry(prev_fp, &curr_fp->f_ci->m_fp_list, node) { if (file_inode(filp) != FP_INODE(prev_fp)) continue;

diff --git a/fs/cifsd/vfs_cache.c b/fs/cifsd/vfs_cache.c index dcac1f0a29e4..3f18018668b6 100644 --- a/fs/cifsd/vfs_cache.c +++ b/fs/cifsd/vfs_cache.c @@ -472,15 +472,13 @@ struct ksmbd_file *ksmbd_lookup_fd_inode(struct inode *inode) { struct ksmbd_file *lfp; struct ksmbd_inode *ci; - struct list_head *cur;

ci = ksmbd_inode_lookup_by_vfsinode(inode); if (!ci) return NULL;

read_lock(&ci->m_lock); - list_for_each(cur, &ci->m_fp_list) { - lfp = list_entry(cur, struct ksmbd_file, node); + list_for_each_entry(lfp, &ci->m_fp_list, node) { if (inode == FP_INODE(lfp)) { atomic_dec(&ci->m_count); read_unlock(&ci->m_lock);

From patchwork Mon Nov 14 12:50:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183213 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:07 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:07 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:06 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 116/308] ksmbd: use goto instead of duplicating the resoure cleanup in ksmbd_open_fd Date: Mon, 14 Nov 2022 20:50:25 +0800 Message-ID: 20221114125337.1831594-117-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: ab40349f-c4d3-4e4f-fb91-08dac63c61e2 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6814626 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 1dfb8242e8d982d036399766c4af62ddc221e38d category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/1dfb8242e8d9

-------------------------------

Use goto instead of duplicating the resoure cleanup in ksmbd_open_fd.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/vfs_cache.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/fs/cifsd/vfs_cache.c b/fs/cifsd/vfs_cache.c index 3f18018668b6..71a11128d908 100644 --- a/fs/cifsd/vfs_cache.c +++ b/fs/cifsd/vfs_cache.c @@ -559,19 +559,22 @@ struct ksmbd_file *ksmbd_open_fd(struct ksmbd_work *work, struct file *filp) fp->f_ci = ksmbd_inode_get(fp);

if (!fp->f_ci) { - kmem_cache_free(filp_cache, fp); - return ERR_PTR(-ENOMEM); + ret = -ENOMEM; + goto err_out; }

ret = __open_id(&work->sess->file_table, fp, OPEN_ID_TYPE_VOLATILE_ID); if (ret) { ksmbd_inode_put(fp->f_ci); - kmem_cache_free(filp_cache, fp); - return ERR_PTR(ret); + goto err_out; }

atomic_inc(&work->conn->stats.open_files_count); return fp; + +err_out: + kmem_cache_free(filp_cache, fp); + return ERR_PTR(ret); }

static int

From patchwork Mon Nov 14 12:50:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183214 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:07 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:07 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:07 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 117/308] ksmbd: fix overly long line Date: Mon, 14 Nov 2022 20:50:26 +0800 Message-ID: 20221114125337.1831594-118-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: acc8b47c-01f4-4832-d8e7-08dac63c622b X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7027237 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 79a8a71db4084d7536fc45ed2a33ce7b451ba127 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/79a8a71db408

-------------------------------

Fix overly long line.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/vfs_cache.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/fs/cifsd/vfs_cache.c b/fs/cifsd/vfs_cache.c index 71a11128d908..4cf14c247e9e 100644 --- a/fs/cifsd/vfs_cache.c +++ b/fs/cifsd/vfs_cache.c @@ -601,12 +601,14 @@ __close_file_table_ids(struct ksmbd_file_table *ft, return num; }

-static bool tree_conn_fd_check(struct ksmbd_tree_connect *tcon, struct ksmbd_file *fp) +static bool tree_conn_fd_check(struct ksmbd_tree_connect *tcon, + struct ksmbd_file *fp) { return fp->tcon != tcon; }

-static bool session_fd_check(struct ksmbd_tree_connect *tcon, struct ksmbd_file *fp) +static bool session_fd_check(struct ksmbd_tree_connect *tcon, + struct ksmbd_file *fp) { return false; }

From patchwork Mon Nov 14 12:50:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183215 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:08 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:08 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:07 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 118/308] ksmbd: remove unneeded FIXME comment Date: Mon, 14 Nov 2022 20:50:27 +0800 Message-ID: 20221114125337.1831594-119-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 3c3b3c06-1335-4102-9bc3-08dac63c6275 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7020223 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 9c78ad067faf605e0cd16d557859310e5f5312be category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/9c78ad067faf

-------------------------------

Remove unneeded FIXME comment.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/glob.h | 2 -- fs/cifsd/ksmbd_work.c | 2 -- 2 files changed, 4 deletions(-)

diff --git a/fs/cifsd/glob.h b/fs/cifsd/glob.h index ffeaf8aa5595..da8f804a3ee2 100644 --- a/fs/cifsd/glob.h +++ b/fs/cifsd/glob.h @@ -14,8 +14,6 @@

#define KSMBD_VERSION "3.1.9"

-/* @FIXME clean up this code */ - extern int ksmbd_debug_types;

#define DATA_STREAM 1 diff --git a/fs/cifsd/ksmbd_work.c b/fs/cifsd/ksmbd_work.c index a88c25965012..7c914451bbe1 100644 --- a/fs/cifsd/ksmbd_work.c +++ b/fs/cifsd/ksmbd_work.c @@ -12,8 +12,6 @@ #include "connection.h" #include "ksmbd_work.h" #include "mgmt/ksmbd_ida.h" - -/* @FIXME */ #include "ksmbd_server.h"

static struct kmem_cache *work_cache;

From patchwork Mon Nov 14 12:50:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183216 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:08 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:08 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:08 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 119/308] ksmbd: remove ____ksmbd_align in ksmbd_server.h Date: Mon, 14 Nov 2022 20:50:28 +0800 Message-ID: 20221114125337.1831594-120-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 96ea0a85-2b59-4a34-8535-08dac63c62bf X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6923966 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 9f88af04f03d585b8257740745d19897b48a9795 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/9f88af04f03d

-------------------------------

None of structures needs the attribute. So remove ____ksmbd_align in ksmbd_server.h.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/ksmbd_server.h | 38 +++++++++++++++++--------------------- 1 file changed, 17 insertions(+), 21 deletions(-)

diff --git a/fs/cifsd/ksmbd_server.h b/fs/cifsd/ksmbd_server.h index c2467a709144..a915ca5596dc 100644 --- a/fs/cifsd/ksmbd_server.h +++ b/fs/cifsd/ksmbd_server.h @@ -13,10 +13,6 @@ #define KSMBD_GENL_NAME "SMBD_GENL" #define KSMBD_GENL_VERSION 0x01

-#ifndef ____ksmbd_align -#define ____ksmbd_align __aligned(4) -#endif - #define KSMBD_REQ_MAX_ACCOUNT_NAME_SZ 48 #define KSMBD_REQ_MAX_HASH_SZ 18 #define KSMBD_REQ_MAX_SHARE_NAME 64 @@ -51,19 +47,19 @@ struct ksmbd_startup_request { __u32 share_fake_fscaps; __u32 sub_auth[3]; __u32 ifc_list_sz; - __s8 ____payload[0]; -} ____ksmbd_align; + __s8 ____payload[]; +};

#define KSMBD_STARTUP_CONFIG_INTERFACES(s) ((s)->____payload)

struct ksmbd_shutdown_request { __s32 reserved; -} ____ksmbd_align; +};

struct ksmbd_login_request { __u32 handle; __s8 account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ]; -} ____ksmbd_align; +};

struct ksmbd_login_response { __u32 handle; @@ -73,12 +69,12 @@ struct ksmbd_login_response { __u16 status; __u16 hash_sz; __s8 hash[KSMBD_REQ_MAX_HASH_SZ]; -} ____ksmbd_align; +};

struct ksmbd_share_config_request { __u32 handle; __s8 share_name[KSMBD_REQ_MAX_SHARE_NAME]; -} ____ksmbd_align; +};

struct ksmbd_share_config_response { __u32 handle; @@ -90,8 +86,8 @@ struct ksmbd_share_config_response { __u16 force_uid; __u16 force_gid; __u32 veto_list_sz; - __s8 ____payload[0]; -} ____ksmbd_align; + __s8 ____payload[]; +};

#define KSMBD_SHARE_CONFIG_VETO_LIST(s) ((s)->____payload) #define KSMBD_SHARE_CONFIG_PATH(s) \ @@ -111,43 +107,43 @@ struct ksmbd_tree_connect_request { __s8 account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ]; __s8 share[KSMBD_REQ_MAX_SHARE_NAME]; __s8 peer_addr[64]; -} ____ksmbd_align; +};

struct ksmbd_tree_connect_response { __u32 handle; __u16 status; __u16 connection_flags; -} ____ksmbd_align; +};

struct ksmbd_tree_disconnect_request { __u64 session_id; __u64 connect_id; -} ____ksmbd_align; +};

struct ksmbd_logout_request { __s8 account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ]; -} ____ksmbd_align; +};

struct ksmbd_rpc_command { __u32 handle; __u32 flags; __u32 payload_sz; - __u8 payload[0]; -} ____ksmbd_align; + __u8 payload[]; +};

struct ksmbd_spnego_authen_request { __u32 handle; __u16 spnego_blob_len; __u8 spnego_blob[0]; -} ____ksmbd_align; +};

struct ksmbd_spnego_authen_response { __u32 handle; struct ksmbd_login_response login_response; __u16 session_key_len; __u16 spnego_blob_len; - __u8 payload[0]; /* session key + AP_REP */ -} ____ksmbd_align; + __u8 payload[]; /* session key + AP_REP */ +};

/* * This also used as NETLINK attribute type value.

From patchwork Mon Nov 14 12:50:29 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183217 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:09 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:09 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:08 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 120/308] ksmbd: replace KSMBD_SHARE_CONFIG_PATH with inline function Date: Mon, 14 Nov 2022 20:50:29 +0800 Message-ID: 20221114125337.1831594-121-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: edec0764-ca0a-4611-3d3d-08dac63c6308 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6953785 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 3fbe43c9f577cadd6b5136fda2e6a6c0b4e0651e category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/3fbe43c9f577

-------------------------------

replace KSMBD_SHARE_CONFIG_PATH with inline function.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/ksmbd_server.h | 18 +++++++++++------- fs/cifsd/mgmt/share_config.c | 2 +- 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/fs/cifsd/ksmbd_server.h b/fs/cifsd/ksmbd_server.h index a915ca5596dc..55b7602b79bd 100644 --- a/fs/cifsd/ksmbd_server.h +++ b/fs/cifsd/ksmbd_server.h @@ -90,13 +90,17 @@ struct ksmbd_share_config_response { };

#define KSMBD_SHARE_CONFIG_VETO_LIST(s) ((s)->____payload) -#define KSMBD_SHARE_CONFIG_PATH(s) \ - ({ \ - char *p = (s)->____payload; \ - if ((s)->veto_list_sz) \ - p += (s)->veto_list_sz + 1; \ - p; \ - }) + +static inline char * +ksmbd_share_config_path(struct ksmbd_share_config_response *sc) +{ + char *p = sc->____payload; + + if (sc->veto_list_sz) + p += sc->veto_list_sz + 1; + + return p; +}

struct ksmbd_tree_connect_request { __u32 handle; diff --git a/fs/cifsd/mgmt/share_config.c b/fs/cifsd/mgmt/share_config.c index fac6034b97a9..cb72d30f5b71 100644 --- a/fs/cifsd/mgmt/share_config.c +++ b/fs/cifsd/mgmt/share_config.c @@ -139,7 +139,7 @@ static struct ksmbd_share_config *share_config_request(char *name) share->name = kstrdup(name, GFP_KERNEL);

if (!test_share_config_flag(share, KSMBD_SHARE_FLAG_PIPE)) { - share->path = kstrdup(KSMBD_SHARE_CONFIG_PATH(resp), + share->path = kstrdup(ksmbd_share_config_path(resp), GFP_KERNEL); if (share->path) share->path_sz = strlen(share->path);

From patchwork Mon Nov 14 12:50:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183218 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:09 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:09 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:08 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 121/308] ksmbd: remove ksmbd_err/info Date: Mon, 14 Nov 2022 20:50:30 +0800 Message-ID: 20221114125337.1831594-122-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 097176d4-c6f1-4364-25f8-08dac63c6352 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.8272490 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit bde1694aecdb535970787b4f1d07ddb317e191e3 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/bde1694aecdb

-------------------------------

Use the pr_fmt built into pr_*. and use pr_err/info after removing wrapper ksmbd_err/info.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/auth.c | 18 ++-- fs/cifsd/connection.c | 15 ++- fs/cifsd/crypto_ctx.c | 4 +- fs/cifsd/glob.h | 24 ++--- fs/cifsd/mgmt/user_session.c | 4 +- fs/cifsd/misc.c | 2 +- fs/cifsd/ndr.c | 14 +-- fs/cifsd/oplock.c | 20 ++-- fs/cifsd/server.c | 6 +- fs/cifsd/smb2misc.c | 8 +- fs/cifsd/smb2pdu.c | 204 +++++++++++++++++------------------ fs/cifsd/smb_common.c | 2 +- fs/cifsd/smbacl.c | 26 ++--- fs/cifsd/transport_ipc.c | 30 +++--- fs/cifsd/transport_rdma.c | 106 +++++++++--------- fs/cifsd/transport_tcp.c | 20 ++-- fs/cifsd/vfs.c | 88 +++++++-------- fs/cifsd/vfs_cache.c | 10 +- 18 files changed, 294 insertions(+), 307 deletions(-)

diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index daf31c9f0880..de36f12070bf 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -342,7 +342,7 @@ int ksmbd_auth_ntlm(struct ksmbd_session *sess, char *pw_buf) memcpy(p21, user_passkey(sess->user), CIFS_NTHASH_SIZE); rc = ksmbd_enc_p24(p21, sess->ntlmssp.cryptkey, key); if (rc) { - ksmbd_err("password processing failed\n"); + pr_err("password processing failed\n"); return rc; }

@@ -461,7 +461,7 @@ static int __ksmbd_auth_ntlmv2(struct ksmbd_session *sess, char *client_nonce, client_nonce, (char *)sess->ntlmssp.cryptkey, 8); if (rc) { - ksmbd_err("password processing failed\n"); + pr_err("password processing failed\n"); goto out; }

@@ -469,7 +469,7 @@ static int __ksmbd_auth_ntlmv2(struct ksmbd_session *sess, char *client_nonce, memcpy(p21, user_passkey(sess->user), CIFS_NTHASH_SIZE); rc = ksmbd_enc_p24(p21, sess_key, key); if (rc) { - ksmbd_err("password processing failed\n"); + pr_err("password processing failed\n"); goto out; }

@@ -1269,7 +1269,7 @@ int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov, enc, key); if (rc) { - ksmbd_err("Could not get %scryption key\n", enc ? "en" : "de"); + pr_err("Could not get %scryption key\n", enc ? "en" : "de"); return rc; }

@@ -1279,7 +1279,7 @@ int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov, else ctx = ksmbd_crypto_ctx_find_ccm(); if (!ctx) { - ksmbd_err("crypto alloc failed\n"); + pr_err("crypto alloc failed\n"); return -ENOMEM; }

@@ -1295,19 +1295,18 @@ int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov, else rc = crypto_aead_setkey(tfm, key, SMB3_GCM128_CRYPTKEY_SIZE); if (rc) { - ksmbd_err("Failed to set aead key %d\n", rc); + pr_err("Failed to set aead key %d\n", rc); goto free_ctx; }

rc = crypto_aead_setauthsize(tfm, SMB2_SIGNATURE_SIZE); if (rc) { - ksmbd_err("Failed to set authsize %d\n", rc); + pr_err("Failed to set authsize %d\n", rc); goto free_ctx; }

req = aead_request_alloc(tfm, GFP_KERNEL); if (!req) { - ksmbd_err("Failed to alloc aead request\n"); rc = -ENOMEM; goto free_ctx; } @@ -1319,7 +1318,7 @@ int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov,

sg = ksmbd_init_sg(iov, nvec, sign); if (!sg) { - ksmbd_err("Failed to init sg\n"); + pr_err("Failed to init sg\n"); rc = -ENOMEM; goto free_req; } @@ -1327,7 +1326,6 @@ int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov, iv_len = crypto_aead_ivsize(tfm); iv = kzalloc(iv_len, GFP_KERNEL); if (!iv) { - ksmbd_err("Failed to alloc IV\n"); rc = -ENOMEM; goto free_sg; } diff --git a/fs/cifsd/connection.c b/fs/cifsd/connection.c index a0d15093dd6f..928e22e19def 100644 --- a/fs/cifsd/connection.c +++ b/fs/cifsd/connection.c @@ -160,7 +160,7 @@ int ksmbd_conn_write(struct ksmbd_work *work)

ksmbd_conn_try_dequeue_request(work); if (!rsp_hdr) { - ksmbd_err("NULL response header\n"); + pr_err("NULL response header\n"); return -EINVAL; }

@@ -192,7 +192,7 @@ int ksmbd_conn_write(struct ksmbd_work *work) ksmbd_conn_unlock(conn);

if (sent < 0) { - ksmbd_err("Failed to send message: %d\n", sent); + pr_err("Failed to send message: %d\n", sent); return sent; }

@@ -315,24 +315,23 @@ int ksmbd_conn_handler_loop(void *p) */ size = t->ops->read(t, conn->request_buf + 4, pdu_size); if (size < 0) { - ksmbd_err("sock_read failed: %d\n", size); + pr_err("sock_read failed: %d\n", size); break; }

if (size != pdu_size) { - ksmbd_err("PDU error. Read: %d, Expected: %d\n", - size, - pdu_size); + pr_err("PDU error. Read: %d, Expected: %d\n", + size, pdu_size); continue; }

if (!default_conn_ops.process_fn) { - ksmbd_err("No connection request callback\n"); + pr_err("No connection request callback\n"); break; }

if (default_conn_ops.process_fn(conn)) { - ksmbd_err("Cannot handle request\n"); + pr_err("Cannot handle request\n"); break; } } diff --git a/fs/cifsd/crypto_ctx.c b/fs/cifsd/crypto_ctx.c index 7b727fe141a6..5f4b1008d17e 100644 --- a/fs/cifsd/crypto_ctx.c +++ b/fs/cifsd/crypto_ctx.c @@ -48,12 +48,12 @@ static struct crypto_aead *alloc_aead(int id) tfm = crypto_alloc_aead("ccm(aes)", 0, 0); break; default: - ksmbd_err("Does not support encrypt ahead(id : %d)\n", id); + pr_err("Does not support encrypt ahead(id : %d)\n", id); return NULL; }

if (IS_ERR(tfm)) { - ksmbd_err("Failed to alloc encrypt aead : %ld\n", PTR_ERR(tfm)); + pr_err("Failed to alloc encrypt aead : %ld\n", PTR_ERR(tfm)); return NULL; }

diff --git a/fs/cifsd/glob.h b/fs/cifsd/glob.h index da8f804a3ee2..8119cb7ddbed 100644 --- a/fs/cifsd/glob.h +++ b/fs/cifsd/glob.h @@ -31,32 +31,22 @@ extern int ksmbd_debug_types; KSMBD_DEBUG_IPC | KSMBD_DEBUG_CONN | \ KSMBD_DEBUG_RDMA)

-#ifndef ksmbd_pr_fmt +#ifdef pr_fmt +#undef pr_fmt +#endif + #ifdef SUBMOD_NAME -#define ksmbd_pr_fmt(fmt) "ksmbd: " SUBMOD_NAME ": " fmt +#define pr_fmt(fmt) "ksmbd: " SUBMOD_NAME ": " fmt #else -#define ksmbd_pr_fmt(fmt) "ksmbd: " fmt -#endif +#define pr_fmt(fmt) "ksmbd: " fmt #endif

#define ksmbd_debug(type, fmt, ...) \ do { \ if (ksmbd_debug_types & KSMBD_DEBUG_##type) \ - pr_info(ksmbd_pr_fmt("%s:%d: " fmt), \ - __func__, \ - __LINE__, \ - ##__VA_ARGS__); \ + pr_info(fmt, ##__VA_ARGS__); \ } while (0)

-#define ksmbd_info(fmt, ...) \ - pr_info(ksmbd_pr_fmt(fmt), ##__VA_ARGS__) - -#define ksmbd_err(fmt, ...) \ - pr_err(ksmbd_pr_fmt("%s:%d: " fmt), \ - __func__, \ - __LINE__, \ - ##__VA_ARGS__) - #define UNICODE_LEN(x) ((x) * 2)

#endif /* __KSMBD_GLOB_H */ diff --git a/fs/cifsd/mgmt/user_session.c b/fs/cifsd/mgmt/user_session.c index 77bdf3642f72..615b46f0762b 100644 --- a/fs/cifsd/mgmt/user_session.c +++ b/fs/cifsd/mgmt/user_session.c @@ -87,7 +87,7 @@ static int __rpc_method(char *rpc_name) if (!strcmp(rpc_name, "\lsarpc") || !strcmp(rpc_name, "lsarpc")) return KSMBD_RPC_LSARPC_METHOD_INVOKE;

- ksmbd_err("Unsupported RPC: %s\n", rpc_name); + pr_err("Unsupported RPC: %s\n", rpc_name); return 0; }

@@ -232,7 +232,7 @@ int get_session(struct ksmbd_session *sess) void put_session(struct ksmbd_session *sess) { if (atomic_dec_and_test(&sess->refcnt)) - ksmbd_err("get/%s seems to be mismatched.", __func__); + pr_err("get/%s seems to be mismatched.", __func__); }

struct ksmbd_session *ksmbd_session_lookup_slowpath(unsigned long long id) diff --git a/fs/cifsd/misc.c b/fs/cifsd/misc.c index 1c6ed20f4a18..0b307ca28a19 100644 --- a/fs/cifsd/misc.c +++ b/fs/cifsd/misc.c @@ -107,7 +107,7 @@ static int ksmbd_validate_stream_name(char *stream_name)

stream_name++; if (c == '/' || c == ':' || c == '\') { - ksmbd_err("Stream name validation failed: %c\n", c); + pr_err("Stream name validation failed: %c\n", c); return -ENOENT; } } diff --git a/fs/cifsd/ndr.c b/fs/cifsd/ndr.c index 14189832c65e..46cc01475d38 100644 --- a/fs/cifsd/ndr.c +++ b/fs/cifsd/ndr.c @@ -178,14 +178,14 @@ int ndr_decode_dos_attr(struct ndr *n, struct xattr_dos_attrib *da) da->version = ndr_read_int16(n);

if (da->version != 3 && da->version != 4) { - ksmbd_err("v%d version is not supported\n", da->version); + pr_err("v%d version is not supported\n", da->version); return -EINVAL; }

version2 = ndr_read_int32(n); if (da->version != version2) { - ksmbd_err("ndr version mismatched(version: %d, version2: %d)\n", - da->version, version2); + pr_err("ndr version mismatched(version: %d, version2: %d)\n", + da->version, version2); return -EINVAL; }

@@ -309,14 +309,14 @@ int ndr_decode_v4_ntacl(struct ndr *n, struct xattr_ntacl *acl) n->offset = 0; acl->version = ndr_read_int16(n); if (acl->version != 4) { - ksmbd_err("v%d version is not supported\n", acl->version); + pr_err("v%d version is not supported\n", acl->version); return -EINVAL; }

version2 = ndr_read_int32(n); if (acl->version != version2) { - ksmbd_err("ndr version mismatched(version: %d, version2: %d)\n", - acl->version, version2); + pr_err("ndr version mismatched(version: %d, version2: %d)\n", + acl->version, version2); return -EINVAL; }

@@ -329,7 +329,7 @@ int ndr_decode_v4_ntacl(struct ndr *n, struct xattr_ntacl *acl)

ndr_read_bytes(n, acl->desc, 10); if (strncmp(acl->desc, "posix_acl", 9)) { - ksmbd_err("Invalid acl description : %s\n", acl->desc); + pr_err("Invalid acl description : %s\n", acl->desc); return -EINVAL; }

diff --git a/fs/cifsd/oplock.c b/fs/cifsd/oplock.c index 1ef2acbea2bb..9027cb7d970f 100644 --- a/fs/cifsd/oplock.c +++ b/fs/cifsd/oplock.c @@ -230,9 +230,9 @@ int opinfo_write_to_read(struct oplock_info *opinfo)

if (!(opinfo->level == SMB2_OPLOCK_LEVEL_BATCH || opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE)) { - ksmbd_err("bad oplock(0x%x)\n", opinfo->level); + pr_err("bad oplock(0x%x)\n", opinfo->level); if (opinfo->is_lease) - ksmbd_err("lease state(0x%x)\n", lease->state); + pr_err("lease state(0x%x)\n", lease->state); return -EINVAL; } opinfo->level = SMB2_OPLOCK_LEVEL_II; @@ -269,9 +269,9 @@ int opinfo_write_to_none(struct oplock_info *opinfo)

if (!(opinfo->level == SMB2_OPLOCK_LEVEL_BATCH || opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE)) { - ksmbd_err("bad oplock(0x%x)\n", opinfo->level); + pr_err("bad oplock(0x%x)\n", opinfo->level); if (opinfo->is_lease) - ksmbd_err("lease state(0x%x)\n", lease->state); + pr_err("lease state(0x%x)\n", lease->state); return -EINVAL; } opinfo->level = SMB2_OPLOCK_LEVEL_NONE; @@ -291,9 +291,9 @@ int opinfo_read_to_none(struct oplock_info *opinfo) struct lease *lease = opinfo->o_lease;

if (opinfo->level != SMB2_OPLOCK_LEVEL_II) { - ksmbd_err("bad oplock(0x%x)\n", opinfo->level); + pr_err("bad oplock(0x%x)\n", opinfo->level); if (opinfo->is_lease) - ksmbd_err("lease state(0x%x)\n", lease->state); + pr_err("lease state(0x%x)\n", lease->state); return -EINVAL; } opinfo->level = SMB2_OPLOCK_LEVEL_NONE; @@ -622,7 +622,7 @@ static void __smb2_oplock_break_noti(struct work_struct *wk) }

if (allocate_oplock_break_buf(work)) { - ksmbd_err("smb2_allocate_rsp_buf failed! "); + pr_err("smb2_allocate_rsp_buf failed! "); atomic_dec(&conn->r_count); ksmbd_fd_put(work, fp); ksmbd_free_work_struct(work); @@ -1680,18 +1680,18 @@ int smb2_check_durable_oplock(struct ksmbd_file *fp,

if (opinfo && opinfo->is_lease) { if (!lctx) { - ksmbd_err("open does not include lease\n"); + pr_err("open does not include lease\n"); ret = -EBADF; goto out; } if (memcmp(opinfo->o_lease->lease_key, lctx->lease_key, SMB2_LEASE_KEY_SIZE)) { - ksmbd_err("invalid lease key\n"); + pr_err("invalid lease key\n"); ret = -EBADF; goto out; } if (name && strcmp(fp->filename, name)) { - ksmbd_err("invalid name reconnect %s\n", name); + pr_err("invalid name reconnect %s\n", name); ret = -EINVAL; goto out; } diff --git a/fs/cifsd/server.c b/fs/cifsd/server.c index 93402c56b8ff..c9a3a459f3e6 100644 --- a/fs/cifsd/server.c +++ b/fs/cifsd/server.c @@ -277,7 +277,7 @@ static int queue_ksmbd_work(struct ksmbd_conn *conn)

work = ksmbd_alloc_work_struct(); if (!work) { - ksmbd_err("allocation for work failed\n"); + pr_err("allocation for work failed\n"); return -ENOMEM; }

@@ -442,7 +442,7 @@ static ssize_t kill_server_store(struct class *class, if (!sysfs_streq(buf, "hard")) return len;

- ksmbd_info("kill command received\n"); + pr_info("kill command received\n"); mutex_lock(&ctrl_lock); WRITE_ONCE(server_conf.state, SERVER_STATE_RESETTING); __module_get(THIS_MODULE); @@ -547,7 +547,7 @@ static int __init ksmbd_server_init(void)

ret = class_register(&ksmbd_control_class); if (ret) { - ksmbd_err("Unable to register ksmbd-control class\n"); + pr_err("Unable to register ksmbd-control class\n"); return ret; }

diff --git a/fs/cifsd/smb2misc.c b/fs/cifsd/smb2misc.c index c4b870dbf683..e412d69690ed 100644 --- a/fs/cifsd/smb2misc.c +++ b/fs/cifsd/smb2misc.c @@ -320,12 +320,12 @@ static int smb2_validate_credit_charge(struct smb2_hdr *hdr) max_len = max(req_len, expect_resp_len); calc_credit_num = DIV_ROUND_UP(max_len, SMB2_MAX_BUFFER_SIZE); if (!credit_charge && max_len > SMB2_MAX_BUFFER_SIZE) { - ksmbd_err("credit charge is zero and payload size(%d) is bigger than 64K\n", - max_len); + pr_err("credit charge is zero and payload size(%d) is bigger than 64K\n", + max_len); return 1; } else if (credit_charge < calc_credit_num) { - ksmbd_err("credit charge : %d, calc_credit_num : %d\n", - credit_charge, calc_credit_num); + pr_err("credit charge : %d, calc_credit_num : %d\n", + credit_charge, calc_credit_num); return 1; }

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index f1642fffe4e1..84f4cd7f545f 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -66,7 +66,7 @@ static inline int check_session_id(struct ksmbd_conn *conn, u64 id) sess = ksmbd_session_lookup_all(conn, id); if (sess) return 1; - ksmbd_err("Invalid user session id: %llu\n", id); + pr_err("Invalid user session id: %llu\n", id); return 0; }

@@ -109,7 +109,7 @@ int smb2_get_ksmbd_tcon(struct ksmbd_work *work) tree_id = le32_to_cpu(req_hdr->Id.SyncId.TreeId); work->tcon = ksmbd_tree_conn_lookup(work->sess, tree_id); if (!work->tcon) { - ksmbd_err("Invalid tid %d\n", tree_id); + pr_err("Invalid tid %d\n", tree_id); return -1; }

@@ -329,7 +329,7 @@ int smb2_set_rsp_credits(struct ksmbd_work *work) min_credits = conn->max_credits >> 4;

if (conn->total_credits >= conn->max_credits) { - ksmbd_err("Total credits overflow: %d\n", conn->total_credits); + pr_err("Total credits overflow: %d\n", conn->total_credits); conn->total_credits = min_credits; }

@@ -634,7 +634,7 @@ smb2_get_name(struct ksmbd_share_config *share, const char *src,

name = smb_strndup_from_utf16(src, maxlen, 1, local_nls); if (IS_ERR(name)) { - ksmbd_err("failed to get name %ld\n", PTR_ERR(name)); + pr_err("failed to get name %ld\n", PTR_ERR(name)); return name; }

@@ -645,7 +645,7 @@ smb2_get_name(struct ksmbd_share_config *share, const char *src, unixname = convert_to_unix_name(share, name); kfree(name); if (!unixname) { - ksmbd_err("can not convert absolute name\n"); + pr_err("can not convert absolute name\n"); return ERR_PTR(-ENOMEM); }

@@ -664,7 +664,7 @@ int setup_async_work(struct ksmbd_work *work, void (*fn)(void **), void **arg)

id = ksmbd_acquire_async_msg_id(&conn->async_ida); if (id < 0) { - ksmbd_err("Failed to alloc async message id\n"); + pr_err("Failed to alloc async message id\n"); return id; } work->syncronous = false; @@ -1005,13 +1005,13 @@ int smb2_handle_negotiate(struct ksmbd_work *work) ksmbd_debug(SMB, "Received negotiate request\n"); conn->need_neg = false; if (ksmbd_conn_good(work)) { - ksmbd_err("conn->tcp_status is already in CifsGood State\n"); + pr_err("conn->tcp_status is already in CifsGood State\n"); work->send_no_response = 1; return rc; }

if (req->DialectCount == 0) { - ksmbd_err("malformed packet\n"); + pr_err("malformed packet\n"); rsp->hdr.Status = STATUS_INVALID_PARAMETER; rc = -EINVAL; goto err_out; @@ -1031,8 +1031,8 @@ int smb2_handle_negotiate(struct ksmbd_work *work)

status = deassemble_neg_contexts(conn, req); if (status != STATUS_SUCCESS) { - ksmbd_err("deassemble_neg_contexts error(0x%x)\n", - status); + pr_err("deassemble_neg_contexts error(0x%x)\n", + status); rsp->hdr.Status = status; rc = -EINVAL; goto err_out; @@ -1293,7 +1293,7 @@ static struct ksmbd_user *session_user(struct ksmbd_conn *conn, true, conn->local_nls); if (IS_ERR(name)) { - ksmbd_err("cannot allocate memory\n"); + pr_err("cannot allocate memory\n"); return NULL; }

@@ -1438,7 +1438,7 @@ static int ntlm_authenticate(struct ksmbd_work *work)

if (conn->dialect > SMB20_PROT_ID) { if (!ksmbd_conn_lookup_dialect(conn)) { - ksmbd_err("fail to verify the dialect\n"); + pr_err("fail to verify the dialect\n"); rsp->hdr.Status = STATUS_USER_SESSION_DELETED; return -EPERM; } @@ -1528,7 +1528,7 @@ static int krb5_authenticate(struct ksmbd_work *work)

if (conn->dialect > SMB20_PROT_ID) { if (!ksmbd_conn_lookup_dialect(conn)) { - ksmbd_err("fail to verify the dialect\n"); + pr_err("fail to verify the dialect\n"); rsp->hdr.Status = STATUS_USER_SESSION_DELETED; return -EPERM; } @@ -1688,11 +1688,11 @@ int smb2_sess_setup(struct ksmbd_work *work) } } else { /* TODO: need one more negotiation */ - ksmbd_err("Not support the preferred authentication\n"); + pr_err("Not support the preferred authentication\n"); rc = -EINVAL; } } else { - ksmbd_err("Not support authentication\n"); + pr_err("Not support authentication\n"); rc = -EINVAL; }

@@ -1742,7 +1742,7 @@ int smb2_tree_connect(struct ksmbd_work *work) le16_to_cpu(req->PathLength), true, conn->local_nls); if (IS_ERR(treename)) { - ksmbd_err("treename is NULL\n"); + pr_err("treename is NULL\n"); status.ret = KSMBD_TREE_CONN_STATUS_ERROR; goto out_err1; } @@ -1986,7 +1986,7 @@ static noinline int create_smb2_pipe(struct ksmbd_work *work)

id = ksmbd_session_rpc_open(work->sess, name); if (id < 0) { - ksmbd_err("Unable to open RPC pipe: %d\n", id); + pr_err("Unable to open RPC pipe: %d\n", id); err = id; goto out; } @@ -2120,7 +2120,7 @@ static inline int check_context_err(void *ctx, char *str) ksmbd_debug(SMB, "find context %s err %d\n", str, err);

if (err == -EINVAL) { - ksmbd_err("bad name length\n"); + pr_err("bad name length\n"); return err; }

@@ -2159,7 +2159,7 @@ static noinline int smb2_set_stream_name_xattr(struct path *path,

rc = ksmbd_vfs_setxattr(path->dentry, xattr_stream_name, NULL, 0, 0); if (rc < 0) - ksmbd_err("Failed to store XATTR stream name :%d\n", rc); + pr_err("Failed to store XATTR stream name :%d\n", rc); return 0; }

@@ -2201,7 +2201,7 @@ static int smb2_create_truncate(struct path *path) int rc = vfs_truncate(path, 0);

if (rc) { - ksmbd_err("vfs_truncate failed, rc %d\n", rc); + pr_err("vfs_truncate failed, rc %d\n", rc); return rc; }

@@ -2287,8 +2287,8 @@ static int smb2_creat(struct ksmbd_work *work, struct path *path, char *name,

rc = ksmbd_vfs_kern_path(name, 0, path, 0); if (rc) { - ksmbd_err("cannot get linux path (%s), err = %d\n", - name, rc); + pr_err("cannot get linux path (%s), err = %d\n", + name, rc); return rc; } return 0; @@ -2387,7 +2387,7 @@ int smb2_open(struct ksmbd_work *work) if (req->NameLength) { if ((req->CreateOptions & FILE_DIRECTORY_FILE_LE) && *(char *)req->Buffer == '\') { - ksmbd_err("not allow directory name included leading slash\n"); + pr_err("not allow directory name included leading slash\n"); rc = -EINVAL; goto err_out1; } @@ -2444,16 +2444,16 @@ int smb2_open(struct ksmbd_work *work) lc = parse_lease_state(req);

if (le32_to_cpu(req->ImpersonationLevel) > le32_to_cpu(IL_DELEGATE_LE)) { - ksmbd_err("Invalid impersonationlevel : 0x%x\n", - le32_to_cpu(req->ImpersonationLevel)); + pr_err("Invalid impersonationlevel : 0x%x\n", + le32_to_cpu(req->ImpersonationLevel)); rc = -EIO; rsp->hdr.Status = STATUS_BAD_IMPERSONATION_LEVEL; goto err_out1; }

if (req->CreateOptions && !(req->CreateOptions & CREATE_OPTIONS_MASK)) { - ksmbd_err("Invalid create options : 0x%x\n", - le32_to_cpu(req->CreateOptions)); + pr_err("Invalid create options : 0x%x\n", + le32_to_cpu(req->CreateOptions)); rc = -EINVAL; goto err_out1; } else { @@ -2480,22 +2480,22 @@ int smb2_open(struct ksmbd_work *work)

if (le32_to_cpu(req->CreateDisposition) > le32_to_cpu(FILE_OVERWRITE_IF_LE)) { - ksmbd_err("Invalid create disposition : 0x%x\n", - le32_to_cpu(req->CreateDisposition)); + pr_err("Invalid create disposition : 0x%x\n", + le32_to_cpu(req->CreateDisposition)); rc = -EINVAL; goto err_out1; }

if (!(req->DesiredAccess & DESIRED_ACCESS_MASK)) { - ksmbd_err("Invalid desired access : 0x%x\n", - le32_to_cpu(req->DesiredAccess)); + pr_err("Invalid desired access : 0x%x\n", + le32_to_cpu(req->DesiredAccess)); rc = -EACCES; goto err_out1; }

if (req->FileAttributes && !(req->FileAttributes & ATTR_MASK_LE)) { - ksmbd_err("Invalid file attribute : 0x%x\n", - le32_to_cpu(req->FileAttributes)); + pr_err("Invalid file attribute : 0x%x\n", + le32_to_cpu(req->FileAttributes)); rc = -EINVAL; goto err_out1; } @@ -2750,7 +2750,7 @@ int smb2_open(struct ksmbd_work *work) filp = dentry_open(&path, open_flags, current_cred()); if (IS_ERR(filp)) { rc = PTR_ERR(filp); - ksmbd_err("dentry open for dir failed, rc %d\n", rc); + pr_err("dentry open for dir failed, rc %d\n", rc); goto err_out; }

@@ -2846,8 +2846,8 @@ int smb2_open(struct ksmbd_work *work) pntsd_size); kfree(pntsd); if (rc) - ksmbd_err("failed to store ntacl in xattr : %d\n", - rc); + pr_err("failed to store ntacl in xattr : %d\n", + rc); } } } @@ -3697,14 +3697,14 @@ int smb2_query_dir(struct ksmbd_work *work) if (!(dir_fp->daccess & FILE_LIST_DIRECTORY_LE) || inode_permission(&init_user_ns, file_inode(dir_fp->filp), MAY_READ | MAY_EXEC)) { - ksmbd_err("no right to enumerate directory (%s)\n", - FP_FILENAME(dir_fp)); + pr_err("no right to enumerate directory (%s)\n", + FP_FILENAME(dir_fp)); rc = -EACCES; goto err_out2; }

if (!S_ISDIR(file_inode(dir_fp->filp)->i_mode)) { - ksmbd_err("can't do query dir for a file\n"); + pr_err("can't do query dir for a file\n"); rc = -EINVAL; goto err_out2; } @@ -3805,7 +3805,7 @@ int smb2_query_dir(struct ksmbd_work *work) return 0;

err_out: - ksmbd_err("error while processing smb2 query dir rc = %d\n", rc); + pr_err("error while processing smb2 query dir rc = %d\n", rc); kfree(srch_ptr);

err_out2: @@ -3843,7 +3843,7 @@ static int buffer_check_err(int reqOutputBufferLength, { if (reqOutputBufferLength < le32_to_cpu(rsp->OutputBufferLength)) { if (reqOutputBufferLength < infoclass_size) { - ksmbd_err("Invalid Buffer Size Requested\n"); + pr_err("Invalid Buffer Size Requested\n"); rsp->hdr.Status = STATUS_INFO_LENGTH_MISMATCH; rsp->hdr.smb2_buf_length = cpu_to_be32(sizeof(struct smb2_hdr) - 4); return -EINVAL; @@ -3946,8 +3946,8 @@ static int smb2_get_ea(struct ksmbd_work *work, struct ksmbd_file *fp, struct path *path;

if (!(fp->daccess & FILE_READ_EA_LE)) { - ksmbd_err("Not permitted to read ext attr : 0x%x\n", - fp->daccess); + pr_err("Not permitted to read ext attr : 0x%x\n", + fp->daccess); return -EACCES; }

@@ -4103,8 +4103,8 @@ static int get_file_basic_info(struct smb2_query_info_rsp *rsp, u64 time;

if (!(fp->daccess & FILE_READ_ATTRIBUTES_LE)) { - ksmbd_err("no right to read the attributes : 0x%x\n", - fp->daccess); + pr_err("no right to read the attributes : 0x%x\n", + fp->daccess); return -EACCES; }

@@ -4375,8 +4375,8 @@ static int get_file_network_open_info(struct smb2_query_info_rsp *rsp, u64 time;

if (!(fp->daccess & FILE_READ_ATTRIBUTES_LE)) { - ksmbd_err("no right to read the attributes : 0x%x\n", - fp->daccess); + pr_err("no right to read the attributes : 0x%x\n", + fp->daccess); return -EACCES; }

@@ -4465,8 +4465,8 @@ static int get_file_attribute_tag_info(struct smb2_query_info_rsp *rsp, struct smb2_file_attr_tag_info *file_info;

if (!(fp->daccess & FILE_READ_ATTRIBUTES_LE)) { - ksmbd_err("no right to read the attributes : 0x%x\n", - fp->daccess); + pr_err("no right to read the attributes : 0x%x\n", + fp->daccess); return -EACCES; }

@@ -4620,7 +4620,7 @@ static int smb2_get_info_file(struct ksmbd_work *work, break; case SMB_FIND_FILE_POSIX_INFO: if (!work->tcon->posix_extensions) { - ksmbd_err("client doesn't negotiate with SMB3.1.1 POSIX Extensions\n"); + pr_err("client doesn't negotiate with SMB3.1.1 POSIX Extensions\n"); rc = -EOPNOTSUPP; } else { rc = find_file_posix_info(rsp, fp, rsp_org); @@ -4659,13 +4659,13 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work,

rc = ksmbd_vfs_kern_path(share->path, lookup_flags, &path, 0); if (rc) { - ksmbd_err("cannot create vfs path\n"); + pr_err("cannot create vfs path\n"); return -EIO; }

rc = vfs_statfs(&path, &stfs); if (rc) { - ksmbd_err("cannot do stat of path %s\n", share->path); + pr_err("cannot do stat of path %s\n", share->path); path_put(&path); return -EIO; } @@ -4846,7 +4846,7 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work, unsigned short logical_sector_size;

if (!work->tcon->posix_extensions) { - ksmbd_err("client doesn't negotiate with SMB3.1.1 POSIX Extensions\n"); + pr_err("client doesn't negotiate with SMB3.1.1 POSIX Extensions\n"); rc = -EOPNOTSUPP; } else { info = (struct filesystem_posix_info *)(rsp->Buffer); @@ -5213,7 +5213,7 @@ static int smb2_rename(struct ksmbd_work *work, struct ksmbd_file *fp,

len = strlen(new_name); if (new_name[len - 1] != '/') { - ksmbd_err("not allow base filename in rename\n"); + pr_err("not allow base filename in rename\n"); rc = -ESHARE; goto out; } @@ -5229,8 +5229,8 @@ static int smb2_rename(struct ksmbd_work *work, struct ksmbd_file *fp, xattr_stream_name, NULL, 0, 0); if (rc < 0) { - ksmbd_err("failed to store stream name in xattr: %d\n", - rc); + pr_err("failed to store stream name in xattr: %d\n", + rc); rc = -EINVAL; goto out; } @@ -5389,7 +5389,7 @@ static int set_file_basic_info(struct ksmbd_file *fp, char *buf, if (file_info->Attributes) { if (!S_ISDIR(inode->i_mode) && file_info->Attributes & ATTR_DIRECTORY_LE) { - ksmbd_err("can't change a file to a directory\n"); + pr_err("can't change a file to a directory\n"); return -EINVAL; }

@@ -5467,7 +5467,7 @@ static int set_file_allocation_info(struct ksmbd_work *work, if (alloc_blks > inode->i_blocks) { rc = ksmbd_vfs_alloc_size(work, fp, alloc_blks * 512); if (rc && rc != -EOPNOTSUPP) { - ksmbd_err("ksmbd_vfs_alloc_size is failed : %d\n", rc); + pr_err("ksmbd_vfs_alloc_size is failed : %d\n", rc); return rc; } } else if (alloc_blks < inode->i_blocks) { @@ -5483,8 +5483,8 @@ static int set_file_allocation_info(struct ksmbd_work *work, size = i_size_read(inode); rc = ksmbd_vfs_truncate(work, NULL, fp, alloc_blks * 512); if (rc) { - ksmbd_err("truncate failed! filename : %s, err %d\n", - fp->filename, rc); + pr_err("truncate failed! filename : %s, err %d\n", + fp->filename, rc); return rc; } if (size < alloc_blks * 512) @@ -5536,7 +5536,7 @@ static int set_rename_info(struct ksmbd_work *work, struct ksmbd_file *fp, struct ksmbd_file *parent_fp;

if (!(fp->daccess & FILE_DELETE_LE)) { - ksmbd_err("no right to delete : 0x%x\n", fp->daccess); + pr_err("no right to delete : 0x%x\n", fp->daccess); return -EACCES; }

@@ -5546,7 +5546,7 @@ static int set_rename_info(struct ksmbd_work *work, struct ksmbd_file *fp, parent_fp = ksmbd_lookup_fd_inode(PARENT_INODE(fp)); if (parent_fp) { if (parent_fp->daccess & FILE_DELETE_LE) { - ksmbd_err("parent dir is opened with delete access\n"); + pr_err("parent dir is opened with delete access\n"); return -ESHARE; } } @@ -5562,7 +5562,7 @@ static int set_file_disposition_info(struct ksmbd_file *fp, char *buf) struct inode *inode;

if (!(fp->daccess & FILE_DELETE_LE)) { - ksmbd_err("no right to delete : 0x%x\n", fp->daccess); + pr_err("no right to delete : 0x%x\n", fp->daccess); return -EACCES; }

@@ -5594,8 +5594,8 @@ static int set_file_position_info(struct ksmbd_file *fp, char *buf) if (current_byte_offset < 0 || (fp->coption == FILE_NO_INTERMEDIATE_BUFFERING_LE && current_byte_offset & (sector_size - 1))) { - ksmbd_err("CurrentByteOffset is not valid : %llu\n", - current_byte_offset); + pr_err("CurrentByteOffset is not valid : %llu\n", + current_byte_offset); return -EINVAL; }

@@ -5614,7 +5614,7 @@ static int set_file_mode_info(struct ksmbd_file *fp, char *buf) if ((mode & ~FILE_MODE_INFO_MASK) || (mode & FILE_SYNCHRONOUS_IO_ALERT_LE && mode & FILE_SYNCHRONOUS_IO_NONALERT_LE)) { - ksmbd_err("Mode is not valid : 0x%x\n", le32_to_cpu(mode)); + pr_err("Mode is not valid : 0x%x\n", le32_to_cpu(mode)); return -EINVAL; }

@@ -5675,8 +5675,8 @@ static int smb2_set_info_file(struct ksmbd_work *work, struct ksmbd_file *fp, case FILE_FULL_EA_INFORMATION: { if (!(fp->daccess & FILE_WRITE_EA_LE)) { - ksmbd_err("Not permitted to write ext attr: 0x%x\n", - fp->daccess); + pr_err("Not permitted to write ext attr: 0x%x\n", + fp->daccess); return -EACCES; }

@@ -5691,7 +5691,7 @@ static int smb2_set_info_file(struct ksmbd_work *work, struct ksmbd_file *fp, return set_file_mode_info(fp, buf); }

- ksmbd_err("Unimplemented Fileinfoclass :%d\n", info_class); + pr_err("Unimplemented Fileinfoclass :%d\n", info_class); return -EOPNOTSUPP; }

@@ -5919,7 +5919,7 @@ int smb2_read(struct ksmbd_work *work) }

if (!(fp->daccess & (FILE_READ_DATA_LE | FILE_READ_ATTRIBUTES_LE))) { - ksmbd_err("Not permitted to read : 0x%x\n", fp->daccess); + pr_err("Not permitted to read : 0x%x\n", fp->daccess); err = -EACCES; goto out; } @@ -6039,9 +6039,9 @@ static noinline int smb2_write_pipe(struct ksmbd_work *work) } else { if ((le16_to_cpu(req->DataOffset) > get_rfc1002_len(req)) || (le16_to_cpu(req->DataOffset) + length > get_rfc1002_len(req))) { - ksmbd_err("invalid write data offset %u, smb_len %u\n", - le16_to_cpu(req->DataOffset), - get_rfc1002_len(req)); + pr_err("invalid write data offset %u, smb_len %u\n", + le16_to_cpu(req->DataOffset), + get_rfc1002_len(req)); err = -EINVAL; goto out; } @@ -6172,7 +6172,7 @@ int smb2_write(struct ksmbd_work *work) }

if (!(fp->daccess & (FILE_WRITE_DATA_LE | FILE_READ_ATTRIBUTES_LE))) { - ksmbd_err("Not permitted to write : 0x%x\n", fp->daccess); + pr_err("Not permitted to write : 0x%x\n", fp->daccess); err = -EACCES; goto out; } @@ -6198,9 +6198,9 @@ int smb2_write(struct ksmbd_work *work) } else { if ((le16_to_cpu(req->DataOffset) > get_rfc1002_len(req)) || (le16_to_cpu(req->DataOffset) + length > get_rfc1002_len(req))) { - ksmbd_err("invalid write data offset %u, smb_len %u\n", - le16_to_cpu(req->DataOffset), - get_rfc1002_len(req)); + pr_err("invalid write data offset %u, smb_len %u\n", + le16_to_cpu(req->DataOffset), + get_rfc1002_len(req)); err = -EINVAL; goto out; } @@ -6530,7 +6530,7 @@ int smb2_lock(struct ksmbd_work *work) lock_start = le64_to_cpu(lock_ele[i].Offset); lock_length = le64_to_cpu(lock_ele[i].Length); if (lock_start > U64_MAX - lock_length) { - ksmbd_err("Invalid lock range requested\n"); + pr_err("Invalid lock range requested\n"); rsp->hdr.Status = STATUS_INVALID_LOCK_RANGE; goto out; } @@ -6560,7 +6560,7 @@ int smb2_lock(struct ksmbd_work *work) cmp_lock->fl->fl_end >= flock->fl_end) { if (cmp_lock->fl->fl_type != F_UNLCK && flock->fl_type != F_UNLCK) { - ksmbd_err("conflict two locks in one request\n"); + pr_err("conflict two locks in one request\n"); rsp->hdr.Status = STATUS_INVALID_PARAMETER; goto out; @@ -6633,7 +6633,7 @@ int smb2_lock(struct ksmbd_work *work) if (cmp_lock->zero_len && !smb_lock->zero_len && cmp_lock->start > smb_lock->start && cmp_lock->start < smb_lock->end) { - ksmbd_err("previous lock conflict with zero byte lock range\n"); + pr_err("previous lock conflict with zero byte lock range\n"); rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED; goto out; } @@ -6641,7 +6641,7 @@ int smb2_lock(struct ksmbd_work *work) if (smb_lock->zero_len && !cmp_lock->zero_len && smb_lock->start > cmp_lock->start && smb_lock->start < cmp_lock->end) { - ksmbd_err("current lock conflict with zero byte lock range\n"); + pr_err("current lock conflict with zero byte lock range\n"); rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED; goto out; } @@ -6650,7 +6650,7 @@ int smb2_lock(struct ksmbd_work *work) cmp_lock->end > smb_lock->start) || (cmp_lock->start < smb_lock->end && cmp_lock->end >= smb_lock->end)) && !cmp_lock->zero_len && !smb_lock->zero_len) { - ksmbd_err("Not allow lock operation on exclusive lock range\n"); + pr_err("Not allow lock operation on exclusive lock range\n"); rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED; goto out; @@ -6658,7 +6658,7 @@ int smb2_lock(struct ksmbd_work *work) }

if (smb_lock->fl->fl_type == F_UNLCK && nolock) { - ksmbd_err("Try to unlock nolocked range\n"); + pr_err("Try to unlock nolocked range\n"); rsp->hdr.Status = STATUS_RANGE_NOT_LOCKED; goto out; } @@ -6787,7 +6787,7 @@ int smb2_lock(struct ksmbd_work *work)

err = ksmbd_vfs_lock(filp, 0, rlock); if (err) - ksmbd_err("rollback unlock fail : %d\n", err); + pr_err("rollback unlock fail : %d\n", err); list_del(&smb_lock->llist); list_del(&smb_lock->glist); locks_free_lock(smb_lock->fl); @@ -6974,8 +6974,8 @@ static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn, netdev->ethtool_ops->get_link_ksettings(netdev, &cmd); speed = cmd.base.speed; } else { - ksmbd_err("%s %s\n", netdev->name, - "speed is unknown, defaulting to 1Gb/sec"); + pr_err("%s %s\n", netdev->name, + "speed is unknown, defaulting to 1Gb/sec"); speed = SPEED_1000; }

@@ -7387,7 +7387,7 @@ int smb2_ioctl(struct ksmbd_work *work) reparse_ptr = (struct reparse_data_buffer *)&rsp->Buffer[0]; fp = ksmbd_lookup_fd_fast(work, id); if (!fp) { - ksmbd_err("not found fp!!\n"); + pr_err("not found fp!!\n"); ret = -ENOENT; goto out; } @@ -7410,14 +7410,14 @@ int smb2_ioctl(struct ksmbd_work *work) fp_in = ksmbd_lookup_fd_slow(work, dup_ext->VolatileFileHandle, dup_ext->PersistentFileHandle); if (!fp_in) { - ksmbd_err("not found file handle in duplicate extent to file\n"); + pr_err("not found file handle in duplicate extent to file\n"); ret = -ENOENT; goto out; }

fp_out = ksmbd_lookup_fd_fast(work, id); if (!fp_out) { - ksmbd_err("not found fp\n"); + pr_err("not found fp\n"); ret = -ENOENT; goto dup_ext_out; } @@ -7514,7 +7514,7 @@ static void smb20_oplock_break_ack(struct ksmbd_work *work)

opinfo = opinfo_get(fp); if (!opinfo) { - ksmbd_err("unexpected null oplock_info\n"); + pr_err("unexpected null oplock_info\n"); rsp->hdr.Status = STATUS_INVALID_OPLOCK_PROTOCOL; smb2_set_err_rsp(work); ksmbd_fd_put(work, fp); @@ -7577,8 +7577,8 @@ static void smb20_oplock_break_ack(struct ksmbd_work *work) rsp_oplevel = SMB2_OPLOCK_LEVEL_NONE; break; default: - ksmbd_err("unknown oplock change 0x%x -> 0x%x\n", - opinfo->level, rsp_oplevel); + pr_err("unknown oplock change 0x%x -> 0x%x\n", + opinfo->level, rsp_oplevel); }

if (ret < 0) { @@ -7654,8 +7654,8 @@ static void smb21_lease_break_ack(struct ksmbd_work *work) lease = opinfo->o_lease;

if (opinfo->op_state == OPLOCK_STATE_NONE) { - ksmbd_err("unexpected lease break state 0x%x\n", - opinfo->op_state); + pr_err("unexpected lease break state 0x%x\n", + opinfo->op_state); rsp->hdr.Status = STATUS_UNSUCCESSFUL; goto err_out; } @@ -7868,7 +7868,7 @@ int smb2_check_sign_req(struct ksmbd_work *work) return 0;

if (memcmp(signature, signature_req, SMB2_SIGNATURE_SIZE)) { - ksmbd_err("bad smb2 signature\n"); + pr_err("bad smb2 signature\n"); return 0; }

@@ -7965,7 +7965,7 @@ int smb3_check_sign_req(struct ksmbd_work *work) }

if (!signing_key) { - ksmbd_err("SMB3 signing key is not generated\n"); + pr_err("SMB3 signing key is not generated\n"); return 0; }

@@ -7978,7 +7978,7 @@ int smb3_check_sign_req(struct ksmbd_work *work) return 0;

if (memcmp(signature, signature_req, SMB2_SIGNATURE_SIZE)) { - ksmbd_err("bad smb2 signature\n"); + pr_err("bad smb2 signature\n"); return 0; }

@@ -8175,20 +8175,20 @@ int smb3_decrypt_req(struct ksmbd_work *work)

sess = ksmbd_session_lookup_all(conn, le64_to_cpu(tr_hdr->SessionId)); if (!sess) { - ksmbd_err("invalid session id(%llx) in transform header\n", - le64_to_cpu(tr_hdr->SessionId)); + pr_err("invalid session id(%llx) in transform header\n", + le64_to_cpu(tr_hdr->SessionId)); return -ECONNABORTED; }

if (pdu_length + 4 < sizeof(struct smb2_transform_hdr) + sizeof(struct smb2_hdr)) { - ksmbd_err("Transform message is too small (%u)\n", - pdu_length); + pr_err("Transform message is too small (%u)\n", + pdu_length); return -ECONNABORTED; }

if (pdu_length + 4 < orig_len + sizeof(struct smb2_transform_hdr)) { - ksmbd_err("Transform message is broken\n"); + pr_err("Transform message is broken\n"); return -ECONNABORTED; }

diff --git a/fs/cifsd/smb_common.c b/fs/cifsd/smb_common.c index d74b2ce08187..5bf644d7e321 100644 --- a/fs/cifsd/smb_common.c +++ b/fs/cifsd/smb_common.c @@ -447,7 +447,7 @@ int ksmbd_smb_negotiate_common(struct ksmbd_work *work, unsigned int command) return smb_handle_negotiate(work); }

- ksmbd_err("Unknown SMB negotiation command: %u\n", command); + pr_err("Unknown SMB negotiation command: %u\n", command); return -EINVAL; }

diff --git a/fs/cifsd/smbacl.c b/fs/cifsd/smbacl.c index 63db8c015f9d..23c952612db4 100644 --- a/fs/cifsd/smbacl.c +++ b/fs/cifsd/smbacl.c @@ -264,8 +264,8 @@ static int sid_to_id(struct smb_sid *psid, uint sidtype, * Just return an error. */ if (unlikely(psid->num_subauth > SID_MAX_SUB_AUTHORITIES)) { - ksmbd_err("%s: %u subauthorities is too many!\n", - __func__, psid->num_subauth); + pr_err("%s: %u subauthorities is too many!\n", + __func__, psid->num_subauth); return -EIO; }

@@ -383,7 +383,7 @@ static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl, /* validate that we do not go past end of acl */ if (end_of_acl <= (char *)pdacl || end_of_acl < (char *)pdacl + le16_to_cpu(pdacl->size)) { - ksmbd_err("ACL too small to parse DACL\n"); + pr_err("ACL too small to parse DACL\n"); return; }

@@ -477,8 +477,8 @@ static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl, temp_fattr.cf_uid = INVALID_UID; ret = sid_to_id(&ppace[i]->sid, SIDOWNER, &temp_fattr); if (ret || uid_eq(temp_fattr.cf_uid, INVALID_UID)) { - ksmbd_err("%s: Error %d mapping Owner SID to uid\n", - __func__, ret); + pr_err("%s: Error %d mapping Owner SID to uid\n", + __func__, ret); continue; }

@@ -764,7 +764,7 @@ static int parse_sid(struct smb_sid *psid, char *end_of_acl) * bytes long (assuming no sub-auths - e.g. the null SID */ if (end_of_acl < (char *)psid + 8) { - ksmbd_err("ACL too small to parse SID %p\n", psid); + pr_err("ACL too small to parse SID %p\n", psid); return -EINVAL; }

@@ -808,14 +808,14 @@ int parse_sec_desc(struct smb_ntsd *pntsd, int acl_len, if (pntsd->osidoffset) { rc = parse_sid(owner_sid_ptr, end_of_acl); if (rc) { - ksmbd_err("%s: Error %d parsing Owner SID\n", __func__, rc); + pr_err("%s: Error %d parsing Owner SID\n", __func__, rc); return rc; }

rc = sid_to_id(owner_sid_ptr, SIDOWNER, fattr); if (rc) { - ksmbd_err("%s: Error %d mapping Owner SID to uid\n", - __func__, rc); + pr_err("%s: Error %d mapping Owner SID to uid\n", + __func__, rc); owner_sid_ptr = NULL; } } @@ -823,14 +823,14 @@ int parse_sec_desc(struct smb_ntsd *pntsd, int acl_len, if (pntsd->gsidoffset) { rc = parse_sid(group_sid_ptr, end_of_acl); if (rc) { - ksmbd_err("%s: Error %d mapping Owner SID to gid\n", - __func__, rc); + pr_err("%s: Error %d mapping Owner SID to gid\n", + __func__, rc); return rc; } rc = sid_to_id(group_sid_ptr, SIDUNIX_GROUP, fattr); if (rc) { - ksmbd_err("%s: Error %d mapping Group SID to gid\n", - __func__, rc); + pr_err("%s: Error %d mapping Group SID to gid\n", + __func__, rc); group_sid_ptr = NULL; } } diff --git a/fs/cifsd/transport_ipc.c b/fs/cifsd/transport_ipc.c index 2bcc1cad6037..13eacfda64ac 100644 --- a/fs/cifsd/transport_ipc.c +++ b/fs/cifsd/transport_ipc.c @@ -43,11 +43,11 @@ static unsigned int ksmbd_tools_pid; static bool ksmbd_ipc_validate_version(struct genl_info *m) { if (m->genlhdr->version != KSMBD_GENL_VERSION) { - ksmbd_err("%s. ksmbd: %d, kernel module: %d. %s.\n", - "Daemon and kernel module version mismatch", - m->genlhdr->version, - KSMBD_GENL_VERSION, - "User-space ksmbd should terminate"); + pr_err("%s. ksmbd: %d, kernel module: %d. %s.\n", + "Daemon and kernel module version mismatch", + m->genlhdr->version, + KSMBD_GENL_VERSION, + "User-space ksmbd should terminate"); return false; } return true; @@ -267,8 +267,8 @@ static int handle_response(int type, void *payload, size_t sz) * request message type + 1. */ if (entry->type + 1 != type) { - ksmbd_err("Waiting for IPC type %d, got %d. Ignore.\n", - entry->type + 1, type); + pr_err("Waiting for IPC type %d, got %d. Ignore.\n", + entry->type + 1, type); }

entry->response = kvmalloc(sz, GFP_KERNEL | __GFP_ZERO); @@ -313,9 +313,9 @@ static int ipc_server_config_on_startup(struct ksmbd_startup_request *req) ret |= ksmbd_tcp_set_interfaces(KSMBD_STARTUP_CONFIG_INTERFACES(req), req->ifc_list_sz); if (ret) { - ksmbd_err("Server configuration error: %s %s %s\n", - req->netbios_name, req->server_string, - req->work_group); + pr_err("Server configuration error: %s %s %s\n", + req->netbios_name, req->server_string, + req->work_group); return ret; }

@@ -353,7 +353,7 @@ static int handle_startup_event(struct sk_buff *skb, struct genl_info *info) mutex_lock(&startup_lock); if (!ksmbd_server_configurable()) { mutex_unlock(&startup_lock); - ksmbd_err("Server reset is in progress, can't start daemon\n"); + pr_err("Server reset is in progress, can't start daemon\n"); return -EINVAL; }

@@ -363,7 +363,7 @@ static int handle_startup_event(struct sk_buff *skb, struct genl_info *info) goto out; }

- ksmbd_err("Reconnect to a new user space daemon\n"); + pr_err("Reconnect to a new user space daemon\n"); } else { struct ksmbd_startup_request *req;

@@ -384,7 +384,7 @@ static int handle_startup_event(struct sk_buff *skb, struct genl_info *info)

static int handle_unsupported_event(struct sk_buff *skb, struct genl_info *info) { - ksmbd_err("Unknown IPC event: %d, ignore.\n", info->genlhdr->cmd); + pr_err("Unknown IPC event: %d, ignore.\n", info->genlhdr->cmd); return -EINVAL; }

@@ -827,7 +827,7 @@ static int __ipc_heartbeat(void) WRITE_ONCE(server_conf.state, SERVER_STATE_RESETTING); server_conf.ipc_last_active = 0; ksmbd_tools_pid = 0; - ksmbd_err("No IPC daemon response for %lus\n", delta / HZ); + pr_err("No IPC daemon response for %lus\n", delta / HZ); mutex_unlock(&startup_lock); return -EINVAL; } @@ -871,7 +871,7 @@ int ksmbd_ipc_init(void)

ret = genl_register_family(&ksmbd_genl_family); if (ret) { - ksmbd_err("Failed to register KSMBD netlink interface %d\n", ret); + pr_err("Failed to register KSMBD netlink interface %d\n", ret); cancel_delayed_work_sync(&ipc_timer_work); }

diff --git a/fs/cifsd/transport_rdma.c b/fs/cifsd/transport_rdma.c index 52237f023b66..bd7a090d5350 100644 --- a/fs/cifsd/transport_rdma.c +++ b/fs/cifsd/transport_rdma.c @@ -525,9 +525,9 @@ static void recv_done(struct ib_cq *cq, struct ib_wc *wc)

if (wc->status != IB_WC_SUCCESS || wc->opcode != IB_WC_RECV) { if (wc->status != IB_WC_WR_FLUSH_ERR) { - ksmbd_err("Recv error. status='%s (%d)' opcode=%d\n", - ib_wc_status_msg(wc->status), wc->status, - wc->opcode); + pr_err("Recv error. status='%s (%d)' opcode=%d\n", + ib_wc_status_msg(wc->status), wc->status, + wc->opcode); smb_direct_disconnect_rdma_connection(t); } put_empty_recvmsg(t, recvmsg); @@ -623,7 +623,7 @@ static int smb_direct_post_recv(struct smb_direct_transport *t,

ret = ib_post_recv(t->qp, &wr, NULL); if (ret) { - ksmbd_err("Can't post recv: %d\n", ret); + pr_err("Can't post recv: %d\n", ret); ib_dma_unmap_single(t->cm_id->device, recvmsg->sge.addr, recvmsg->sge.length, DMA_FROM_DEVICE); @@ -645,7 +645,7 @@ static int smb_direct_read(struct ksmbd_transport *t, char *buf,

again: if (st->status != SMB_DIRECT_CS_CONNECTED) { - ksmbd_err("disconnected\n"); + pr_err("disconnected\n"); return -ENOTCONN; }

@@ -794,7 +794,7 @@ static void smb_direct_post_recv_credits(struct work_struct *work)

ret = smb_direct_post_recv(t, recvmsg); if (ret) { - ksmbd_err("Can't post recv: %d\n", ret); + pr_err("Can't post recv: %d\n", ret); put_recvmsg(t, recvmsg); break; } @@ -829,9 +829,9 @@ static void send_done(struct ib_cq *cq, struct ib_wc *wc) wc->opcode);

if (wc->status != IB_WC_SUCCESS || wc->opcode != IB_WC_SEND) { - ksmbd_err("Send error. status='%s (%d)', opcode=%d\n", - ib_wc_status_msg(wc->status), wc->status, - wc->opcode); + pr_err("Send error. status='%s (%d)', opcode=%d\n", + ib_wc_status_msg(wc->status), wc->status, + wc->opcode); smb_direct_disconnect_rdma_connection(t); }

@@ -880,7 +880,7 @@ static int smb_direct_post_send(struct smb_direct_transport *t,

ret = ib_post_send(t->qp, wr, NULL); if (ret) { - ksmbd_err("failed to post send: %d\n", ret); + pr_err("failed to post send: %d\n", ret); if (wr->num_sge > 1) { if (atomic_dec_and_test(&t->send_payload_pending)) wake_up(&t->wait_send_payload_pending); @@ -1158,11 +1158,11 @@ static int smb_direct_post_send_data(struct smb_direct_transport *t, sg, SMB_DIRECT_MAX_SEND_SGES - 1, DMA_TO_DEVICE); if (sg_cnt <= 0) { - ksmbd_err("failed to map buffer\n"); + pr_err("failed to map buffer\n"); ret = -ENOMEM; goto err; } else if (sg_cnt + msg->num_sge > SMB_DIRECT_MAX_SEND_SGES - 1) { - ksmbd_err("buffer not fitted into sges\n"); + pr_err("buffer not fitted into sges\n"); ret = -E2BIG; ib_dma_unmap_sg(t->cm_id->device, sg, sg_cnt, DMA_TO_DEVICE); @@ -1290,8 +1290,8 @@ static void read_write_done(struct ib_cq *cq, struct ib_wc *wc, struct smb_direct_transport *t = msg->t;

if (wc->status != IB_WC_SUCCESS) { - ksmbd_err("read/write error. opcode = %d, status = %s(%d)\n", - wc->opcode, ib_wc_status_msg(wc->status), wc->status); + pr_err("read/write error. opcode = %d, status = %s(%d)\n", + wc->opcode, ib_wc_status_msg(wc->status), wc->status); smb_direct_disconnect_rdma_connection(t); }

@@ -1348,7 +1348,7 @@ static int smb_direct_rdma_xmit(struct smb_direct_transport *t, void *buf,

ret = get_sg_list(buf, buf_len, msg->sgt.sgl, msg->sgt.orig_nents); if (ret <= 0) { - ksmbd_err("failed to get pages\n"); + pr_err("failed to get pages\n"); goto err; }

@@ -1357,7 +1357,7 @@ static int smb_direct_rdma_xmit(struct smb_direct_transport *t, void *buf, 0, remote_offset, remote_key, is_read ? DMA_FROM_DEVICE : DMA_TO_DEVICE); if (ret < 0) { - ksmbd_err("failed to init rdma_rw_ctx: %d\n", ret); + pr_err("failed to init rdma_rw_ctx: %d\n", ret); goto err; }

@@ -1369,7 +1369,7 @@ static int smb_direct_rdma_xmit(struct smb_direct_transport *t, void *buf,

ret = ib_post_send(t->qp, first_wr, NULL); if (ret) { - ksmbd_err("failed to post send wr: %d\n", ret); + pr_err("failed to post send wr: %d\n", ret); goto err; }

@@ -1445,9 +1445,9 @@ static int smb_direct_cm_handler(struct rdma_cm_id *cm_id, break; } default: - ksmbd_err("Unexpected RDMA CM event. cm_id=%p, event=%s (%d)\n", - cm_id, rdma_event_msg(event->event), - event->event); + pr_err("Unexpected RDMA CM event. cm_id=%p, event=%s (%d)\n", + cm_id, rdma_event_msg(event->event), + event->event); break; } return 0; @@ -1557,7 +1557,7 @@ static int smb_direct_accept_client(struct smb_direct_transport *t)

ret = rdma_accept(t->cm_id, &conn_param); if (ret) { - ksmbd_err("error at rdma_accept: %d\n", ret); + pr_err("error at rdma_accept: %d\n", ret); return ret; }

@@ -1581,14 +1581,14 @@ static int smb_direct_negotiate(struct smb_direct_transport *t)

ret = smb_direct_post_recv(t, recvmsg); if (ret) { - ksmbd_err("Can't post recv: %d\n", ret); + pr_err("Can't post recv: %d\n", ret); goto out; }

t->negotiation_requested = false; ret = smb_direct_accept_client(t); if (ret) { - ksmbd_err("Can't accept client\n"); + pr_err("Can't accept client\n"); goto out; }

@@ -1635,7 +1635,7 @@ static int smb_direct_init_params(struct smb_direct_transport *t, t->max_send_size = smb_direct_max_send_size; max_send_sges = DIV_ROUND_UP(t->max_send_size, PAGE_SIZE) + 2; if (max_send_sges > SMB_DIRECT_MAX_SEND_SGES) { - ksmbd_err("max_send_size %d is too large\n", t->max_send_size); + pr_err("max_send_size %d is too large\n", t->max_send_size); return -EINVAL; }

@@ -1655,31 +1655,31 @@ static int smb_direct_init_params(struct smb_direct_transport *t, max_send_wrs = smb_direct_send_credit_target + max_rw_wrs; if (max_send_wrs > device->attrs.max_cqe || max_send_wrs > device->attrs.max_qp_wr) { - ksmbd_err("consider lowering send_credit_target = %d, or max_outstanding_rw_ops = %d\n", - smb_direct_send_credit_target, - smb_direct_max_outstanding_rw_ops); - ksmbd_err("Possible CQE overrun, device reporting max_cqe %d max_qp_wr %d\n", - device->attrs.max_cqe, device->attrs.max_qp_wr); + pr_err("consider lowering send_credit_target = %d, or max_outstanding_rw_ops = %d\n", + smb_direct_send_credit_target, + smb_direct_max_outstanding_rw_ops); + pr_err("Possible CQE overrun, device reporting max_cqe %d max_qp_wr %d\n", + device->attrs.max_cqe, device->attrs.max_qp_wr); return -EINVAL; }

if (smb_direct_receive_credit_max > device->attrs.max_cqe || smb_direct_receive_credit_max > device->attrs.max_qp_wr) { - ksmbd_err("consider lowering receive_credit_max = %d\n", - smb_direct_receive_credit_max); - ksmbd_err("Possible CQE overrun, device reporting max_cpe %d max_qp_wr %d\n", - device->attrs.max_cqe, device->attrs.max_qp_wr); + pr_err("consider lowering receive_credit_max = %d\n", + smb_direct_receive_credit_max); + pr_err("Possible CQE overrun, device reporting max_cpe %d max_qp_wr %d\n", + device->attrs.max_cqe, device->attrs.max_qp_wr); return -EINVAL; }

if (device->attrs.max_send_sge < SMB_DIRECT_MAX_SEND_SGES) { - ksmbd_err("warning: device max_send_sge = %d too small\n", - device->attrs.max_send_sge); + pr_err("warning: device max_send_sge = %d too small\n", + device->attrs.max_send_sge); return -EINVAL; } if (device->attrs.max_recv_sge < SMB_DIRECT_MAX_RECV_SGES) { - ksmbd_err("warning: device max_recv_sge = %d too small\n", - device->attrs.max_recv_sge); + pr_err("warning: device max_recv_sge = %d too small\n", + device->attrs.max_recv_sge); return -EINVAL; }

@@ -1788,7 +1788,7 @@ static int smb_direct_create_qpair(struct smb_direct_transport *t,

t->pd = ib_alloc_pd(t->cm_id->device, 0); if (IS_ERR(t->pd)) { - ksmbd_err("Can't create RDMA PD\n"); + pr_err("Can't create RDMA PD\n"); ret = PTR_ERR(t->pd); t->pd = NULL; return ret; @@ -1797,7 +1797,7 @@ static int smb_direct_create_qpair(struct smb_direct_transport *t, t->send_cq = ib_alloc_cq(t->cm_id->device, t, t->send_credit_target, 0, IB_POLL_WORKQUEUE); if (IS_ERR(t->send_cq)) { - ksmbd_err("Can't create RDMA send CQ\n"); + pr_err("Can't create RDMA send CQ\n"); ret = PTR_ERR(t->send_cq); t->send_cq = NULL; goto err; @@ -1807,7 +1807,7 @@ static int smb_direct_create_qpair(struct smb_direct_transport *t, cap->max_send_wr + cap->max_rdma_ctxs, 0, IB_POLL_WORKQUEUE); if (IS_ERR(t->recv_cq)) { - ksmbd_err("Can't create RDMA recv CQ\n"); + pr_err("Can't create RDMA recv CQ\n"); ret = PTR_ERR(t->recv_cq); t->recv_cq = NULL; goto err; @@ -1825,7 +1825,7 @@ static int smb_direct_create_qpair(struct smb_direct_transport *t,

ret = rdma_create_qp(t->cm_id, t->pd, &qp_attr); if (ret) { - ksmbd_err("Can't create RDMA QP: %d\n", ret); + pr_err("Can't create RDMA QP: %d\n", ret); goto err; }

@@ -1861,25 +1861,25 @@ static int smb_direct_prepare(struct ksmbd_transport *t)

ret = smb_direct_init_params(st, &qp_cap); if (ret) { - ksmbd_err("Can't configure RDMA parameters\n"); + pr_err("Can't configure RDMA parameters\n"); return ret; }

ret = smb_direct_create_pools(st); if (ret) { - ksmbd_err("Can't init RDMA pool: %d\n", ret); + pr_err("Can't init RDMA pool: %d\n", ret); return ret; }

ret = smb_direct_create_qpair(st, &qp_cap); if (ret) { - ksmbd_err("Can't accept RDMA client: %d\n", ret); + pr_err("Can't accept RDMA client: %d\n", ret); return ret; }

ret = smb_direct_negotiate(st); if (ret) { - ksmbd_err("Can't negotiate: %d\n", ret); + pr_err("Can't negotiate: %d\n", ret); return ret; }

@@ -1917,7 +1917,7 @@ static int smb_direct_handle_connect_request(struct rdma_cm_id *new_cm_id) if (IS_ERR(KSMBD_TRANS(t)->handler)) { int ret = PTR_ERR(KSMBD_TRANS(t)->handler);

- ksmbd_err("Can't start thread\n"); + pr_err("Can't start thread\n"); free_transport(t); return ret; } @@ -1933,7 +1933,7 @@ static int smb_direct_listen_handler(struct rdma_cm_id *cm_id, int ret = smb_direct_handle_connect_request(cm_id);

if (ret) { - ksmbd_err("Can't create transport: %d\n", ret); + pr_err("Can't create transport: %d\n", ret); return ret; }

@@ -1942,8 +1942,8 @@ static int smb_direct_listen_handler(struct rdma_cm_id *cm_id, break; } default: - ksmbd_err("Unexpected listen event. cm_id=%p, event=%s (%d)\n", - cm_id, rdma_event_msg(event->event), event->event); + pr_err("Unexpected listen event. cm_id=%p, event=%s (%d)\n", + cm_id, rdma_event_msg(event->event), event->event); break; } return 0; @@ -1962,13 +1962,13 @@ static int smb_direct_listen(int port) cm_id = rdma_create_id(&init_net, smb_direct_listen_handler, &smb_direct_listener, RDMA_PS_TCP, IB_QPT_RC); if (IS_ERR(cm_id)) { - ksmbd_err("Can't create cm id: %ld\n", PTR_ERR(cm_id)); + pr_err("Can't create cm id: %ld\n", PTR_ERR(cm_id)); return PTR_ERR(cm_id); }

ret = rdma_bind_addr(cm_id, (struct sockaddr *)&sin); if (ret) { - ksmbd_err("Can't bind: %d\n", ret); + pr_err("Can't bind: %d\n", ret); goto err; }

@@ -1976,7 +1976,7 @@ static int smb_direct_listen(int port)

ret = rdma_listen(cm_id, 10); if (ret) { - ksmbd_err("Can't listen: %d\n", ret); + pr_err("Can't listen: %d\n", ret); goto err; } return 0; @@ -2006,7 +2006,7 @@ int ksmbd_rdma_init(void) if (ret) { destroy_workqueue(smb_direct_wq); smb_direct_wq = NULL; - ksmbd_err("Can't listen: %d\n", ret); + pr_err("Can't listen: %d\n", ret); return ret; }

diff --git a/fs/cifsd/transport_tcp.c b/fs/cifsd/transport_tcp.c index 16702b7874f4..56ec11ff5a9f 100644 --- a/fs/cifsd/transport_tcp.c +++ b/fs/cifsd/transport_tcp.c @@ -190,7 +190,7 @@ static int ksmbd_tcp_new_connection(struct socket *client_sk)

csin = KSMBD_TCP_PEER_SOCKADDR(KSMBD_TRANS(t)->conn); if (kernel_getpeername(client_sk, csin) < 0) { - ksmbd_err("client ip resolution failed\n"); + pr_err("client ip resolution failed\n"); rc = -EINVAL; goto out_error; } @@ -200,7 +200,7 @@ static int ksmbd_tcp_new_connection(struct socket *client_sk) "ksmbd:%u", ksmbd_tcp_get_port(csin)); if (IS_ERR(KSMBD_TRANS(t)->handler)) { - ksmbd_err("cannot start conn thread\n"); + pr_err("cannot start conn thread\n"); rc = PTR_ERR(KSMBD_TRANS(t)->handler); free_transport(t); } @@ -380,7 +380,7 @@ static void tcp_destroy_socket(struct socket *ksmbd_socket)

ret = kernel_sock_shutdown(ksmbd_socket, SHUT_RDWR); if (ret) - ksmbd_err("Failed to shutdown socket: %d\n", ret); + pr_err("Failed to shutdown socket: %d\n", ret); else sock_release(ksmbd_socket); } @@ -400,11 +400,11 @@ static int create_socket(struct interface *iface)

ret = sock_create(PF_INET6, SOCK_STREAM, IPPROTO_TCP, &ksmbd_socket); if (ret) { - ksmbd_err("Can't create socket for ipv6, try ipv4: %d\n", ret); + pr_err("Can't create socket for ipv6, try ipv4: %d\n", ret); ret = sock_create(PF_INET, SOCK_STREAM, IPPROTO_TCP, &ksmbd_socket); if (ret) { - ksmbd_err("Can't create socket for ipv4: %d\n", ret); + pr_err("Can't create socket for ipv4: %d\n", ret); goto out_error; }

@@ -427,7 +427,7 @@ static int create_socket(struct interface *iface) KERNEL_SOCKPTR(iface->name), strlen(iface->name)); if (ret != -ENODEV && ret < 0) { - ksmbd_err("Failed to set SO_BINDTODEVICE: %d\n", ret); + pr_err("Failed to set SO_BINDTODEVICE: %d\n", ret); goto out_error; }

@@ -438,7 +438,7 @@ static int create_socket(struct interface *iface) ret = kernel_bind(ksmbd_socket, (struct sockaddr *)&sin6, sizeof(sin6)); if (ret) { - ksmbd_err("Failed to bind socket: %d\n", ret); + pr_err("Failed to bind socket: %d\n", ret); goto out_error; }

@@ -447,14 +447,14 @@ static int create_socket(struct interface *iface)

ret = kernel_listen(ksmbd_socket, KSMBD_SOCKET_BACKLOG); if (ret) { - ksmbd_err("Port listen() error: %d\n", ret); + pr_err("Port listen() error: %d\n", ret); goto out_error; }

iface->ksmbd_socket = ksmbd_socket; ret = ksmbd_tcp_run_kthread(iface); if (ret) { - ksmbd_err("Can't start ksmbd main kthread: %d\n", ret); + pr_err("Can't start ksmbd main kthread: %d\n", ret); goto out_error; } iface->state = IFACE_STATE_CONFIGURED; @@ -540,7 +540,7 @@ static void tcp_stop_kthread(struct task_struct *kthread)

ret = kthread_stop(kthread); if (ret) - ksmbd_err("failed to stop forker thread\n"); + pr_err("failed to stop forker thread\n"); }

void ksmbd_tcp_destroy(void) diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index ef74e56cd05f..ad08bad8df4e 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -45,7 +45,7 @@ static char *extract_last_component(char *path) p++; } else { p = NULL; - ksmbd_err("Invalid path %s\n", path); + pr_err("Invalid path %s\n", path); } return p; } @@ -170,8 +170,8 @@ int ksmbd_vfs_create(struct ksmbd_work *work, const char *name, umode_t mode) if (IS_ERR(dentry)) { err = PTR_ERR(dentry); if (err != -ENOENT) - ksmbd_err("path create failed for %s, err %d\n", - name, err); + pr_err("path create failed for %s, err %d\n", + name, err); return err; }

@@ -181,7 +181,7 @@ int ksmbd_vfs_create(struct ksmbd_work *work, const char *name, umode_t mode) ksmbd_vfs_inherit_owner(work, d_inode(path.dentry), d_inode(dentry)); } else { - ksmbd_err("File(%s): creation failed (err:%d)\n", name, err); + pr_err("File(%s): creation failed (err:%d)\n", name, err); } done_path_create(&path, dentry); return err; @@ -235,7 +235,7 @@ int ksmbd_vfs_mkdir(struct ksmbd_work *work, const char *name, umode_t mode) out: done_path_create(&path, dentry); if (err) - ksmbd_err("mkdir(%s): creation failed (err:%d)\n", name, err); + pr_err("mkdir(%s): creation failed (err:%d)\n", name, err); return err; }

@@ -259,7 +259,7 @@ static ssize_t ksmbd_vfs_getcasexattr(struct dentry *dentry, char *attr_name, name, attr_value); if (value_len < 0) - ksmbd_err("failed to get xattr in file\n"); + pr_err("failed to get xattr in file\n"); break; }

@@ -324,7 +324,7 @@ static int check_lock_range(struct file *filp, loff_t start, loff_t end, if (flock->fl_end >= start && end >= flock->fl_start) { if (flock->fl_type == F_RDLCK) { if (type == WRITE) { - ksmbd_err("not allow write by shared lock\n"); + pr_err("not allow write by shared lock\n"); error = 1; goto out; } @@ -332,7 +332,7 @@ static int check_lock_range(struct file *filp, loff_t start, loff_t end, /* check owner in lock */ if (flock->fl_file != filp) { error = 1; - ksmbd_err("not allow rw access by exclusive lock from other opens\n"); + pr_err("not allow rw access by exclusive lock from other opens\n"); goto out; } } @@ -368,7 +368,7 @@ int ksmbd_vfs_read(struct ksmbd_work *work, struct ksmbd_file *fp, size_t count,

if (work->conn->connection_type) { if (!(fp->daccess & (FILE_READ_DATA_LE | FILE_EXECUTE_LE))) { - ksmbd_err("no right to read(%s)\n", FP_FILENAME(fp)); + pr_err("no right to read(%s)\n", FP_FILENAME(fp)); return -EACCES; } } @@ -381,15 +381,15 @@ int ksmbd_vfs_read(struct ksmbd_work *work, struct ksmbd_file *fp, size_t count,

ret = check_lock_range(filp, *pos, *pos + count - 1, READ); if (ret) { - ksmbd_err("unable to read due to lock\n"); + pr_err("unable to read due to lock\n"); return -EAGAIN; } }

nbytes = kernel_read(filp, rbuf, count, pos); if (nbytes < 0) { - ksmbd_err("smb read failed for (%s), err = %zd\n", - fp->filename, nbytes); + pr_err("smb read failed for (%s), err = %zd\n", + fp->filename, nbytes); return nbytes; }

@@ -418,7 +418,7 @@ static int ksmbd_vfs_stream_write(struct ksmbd_file *fp, char *buf, loff_t *pos, fp->stream.size, &stream_buf); if ((int)v_len < 0) { - ksmbd_err("not found stream in xattr : %zd\n", v_len); + pr_err("not found stream in xattr : %zd\n", v_len); err = (int)v_len; goto out; } @@ -476,7 +476,7 @@ int ksmbd_vfs_write(struct ksmbd_work *work, struct ksmbd_file *fp,

if (sess->conn->connection_type) { if (!(fp->daccess & FILE_WRITE_DATA_LE)) { - ksmbd_err("no right to write(%s)\n", FP_FILENAME(fp)); + pr_err("no right to write(%s)\n", FP_FILENAME(fp)); err = -EACCES; goto out; } @@ -494,7 +494,7 @@ int ksmbd_vfs_write(struct ksmbd_work *work, struct ksmbd_file *fp, if (!work->tcon->posix_extensions) { err = check_lock_range(filp, *pos, *pos + count - 1, WRITE); if (err) { - ksmbd_err("unable to write due to lock\n"); + pr_err("unable to write due to lock\n"); err = -EAGAIN; goto out; } @@ -515,8 +515,8 @@ int ksmbd_vfs_write(struct ksmbd_work *work, struct ksmbd_file *fp, if (sync) { err = vfs_fsync_range(filp, offset, offset + *written, 0); if (err < 0) - ksmbd_err("fsync failed for filename = %s, err = %d\n", - FP_FILENAME(fp), err); + pr_err("fsync failed for filename = %s, err = %d\n", + FP_FILENAME(fp), err); }

out: @@ -537,7 +537,7 @@ int ksmbd_vfs_getattr(struct path *path, struct kstat *stat)

err = vfs_getattr(path, stat, STATX_BTIME, AT_STATX_SYNC_AS_STAT); if (err) - ksmbd_err("getattr failed, err %d\n", err); + pr_err("getattr failed, err %d\n", err); return err; }

@@ -555,12 +555,12 @@ int ksmbd_vfs_fsync(struct ksmbd_work *work, u64 fid, u64 p_id)

fp = ksmbd_lookup_fd_slow(work, fid, p_id); if (!fp) { - ksmbd_err("failed to get filp for fid %llu\n", fid); + pr_err("failed to get filp for fid %llu\n", fid); return -ENOENT; } err = vfs_fsync(fp->filp, 0); if (err < 0) - ksmbd_err("smb fsync failed, err = %d\n", err); + pr_err("smb fsync failed, err = %d\n", err); ksmbd_fd_put(work, fp); return err; } @@ -654,8 +654,8 @@ int ksmbd_vfs_link(struct ksmbd_work *work, const char *oldname,

err = kern_path(oldname, flags, &oldpath); if (err) { - ksmbd_err("cannot get linux path for %s, err = %d\n", - oldname, err); + pr_err("cannot get linux path for %s, err = %d\n", + oldname, err); goto out1; }

@@ -663,13 +663,13 @@ int ksmbd_vfs_link(struct ksmbd_work *work, const char *oldname, flags | LOOKUP_REVAL); if (IS_ERR(dentry)) { err = PTR_ERR(dentry); - ksmbd_err("path create err for %s, err %d\n", newname, err); + pr_err("path create err for %s, err %d\n", newname, err); goto out2; }

err = -EXDEV; if (oldpath.mnt != newpath.mnt) { - ksmbd_err("vfs_link failed err %d\n", err); + pr_err("vfs_link failed err %d\n", err); goto out3; }

@@ -730,7 +730,7 @@ static int __ksmbd_vfs_rename(struct ksmbd_work *work, dst_dent = lookup_one_len(dst_name, dst_dent_parent, strlen(dst_name)); err = PTR_ERR(dst_dent); if (IS_ERR(dst_dent)) { - ksmbd_err("lookup failed %s [%d]\n", dst_name, err); + pr_err("lookup failed %s [%d]\n", dst_name, err); goto out; }

@@ -747,7 +747,7 @@ static int __ksmbd_vfs_rename(struct ksmbd_work *work, err = vfs_rename(&rd); } if (err) - ksmbd_err("vfs_rename failed err %d\n", err); + pr_err("vfs_rename failed err %d\n", err); if (dst_dent) dput(dst_dent); out: @@ -835,14 +835,14 @@ int ksmbd_vfs_truncate(struct ksmbd_work *work, const char *name, if (name) { err = kern_path(name, 0, &path); if (err) { - ksmbd_err("cannot get linux path for %s, err %d\n", - name, err); + pr_err("cannot get linux path for %s, err %d\n", + name, err); return err; } err = vfs_truncate(&path, size); if (err) - ksmbd_err("truncate failed for %s err %d\n", - name, err); + pr_err("truncate failed for %s err %d\n", + name, err); path_put(&path); } else { struct file *filp; @@ -864,15 +864,15 @@ int ksmbd_vfs_truncate(struct ksmbd_work *work, const char *name, }

if (err) { - ksmbd_err("failed due to lock\n"); + pr_err("failed due to lock\n"); return -EAGAIN; } }

err = vfs_truncate(&filp->f_path, size); if (err) - ksmbd_err("truncate failed for filename : %s err %d\n", - fp->filename, err); + pr_err("truncate failed for filename : %s err %d\n", + fp->filename, err); }

return err; @@ -1458,7 +1458,7 @@ static struct xattr_smb_acl *ksmbd_vfs_make_xattr_posix_acl(struct inode *inode, xa_entry->type = SMB_ACL_MASK; break; default: - ksmbd_err("unknown type : 0x%x\n", pa_entry->e_tag); + pr_err("unknown type : 0x%x\n", pa_entry->e_tag); goto out; }

@@ -1502,7 +1502,7 @@ int ksmbd_vfs_set_sd_xattr(struct ksmbd_conn *conn, struct dentry *dentry,

rc = ksmbd_gen_sd_hash(conn, acl.sd_buf, acl.sd_size, acl.hash); if (rc) { - ksmbd_err("failed to generate hash for ndr acl\n"); + pr_err("failed to generate hash for ndr acl\n"); return rc; }

@@ -1513,27 +1513,27 @@ int ksmbd_vfs_set_sd_xattr(struct ksmbd_conn *conn, struct dentry *dentry,

rc = ndr_encode_posix_acl(&acl_ndr, inode, smb_acl, def_smb_acl); if (rc) { - ksmbd_err("failed to encode ndr to posix acl\n"); + pr_err("failed to encode ndr to posix acl\n"); goto out; }

rc = ksmbd_gen_sd_hash(conn, acl_ndr.data, acl_ndr.offset, acl.posix_acl_hash); if (rc) { - ksmbd_err("failed to generate hash for ndr acl\n"); + pr_err("failed to generate hash for ndr acl\n"); goto out; }

rc = ndr_encode_v4_ntacl(&sd_ndr, &acl); if (rc) { - ksmbd_err("failed to encode ndr to posix acl\n"); + pr_err("failed to encode ndr to posix acl\n"); goto out; }

rc = ksmbd_vfs_setxattr(dentry, XATTR_NAME_SD, sd_ndr.data, sd_ndr.offset, 0); if (rc < 0) - ksmbd_err("Failed to store XATTR ntacl :%d\n", rc); + pr_err("Failed to store XATTR ntacl :%d\n", rc);

kfree(sd_ndr.data); out: @@ -1570,19 +1570,19 @@ int ksmbd_vfs_get_sd_xattr(struct ksmbd_conn *conn, struct dentry *dentry,

rc = ndr_encode_posix_acl(&acl_ndr, inode, smb_acl, def_smb_acl); if (rc) { - ksmbd_err("failed to encode ndr to posix acl\n"); + pr_err("failed to encode ndr to posix acl\n"); goto out; }

rc = ksmbd_gen_sd_hash(conn, acl_ndr.data, acl_ndr.offset, cmp_hash); if (rc) { - ksmbd_err("failed to generate hash for ndr acl\n"); + pr_err("failed to generate hash for ndr acl\n"); goto out; }

if (memcmp(cmp_hash, acl.posix_acl_hash, XATTR_SD_HASH_SIZE)) { - ksmbd_err("hash value diff\n"); + pr_err("hash value diff\n"); rc = -EINVAL; goto out; } @@ -1821,11 +1821,11 @@ int ksmbd_vfs_copy_file_ranges(struct ksmbd_work *work, *total_size_written = 0;

if (!(src_fp->daccess & (FILE_READ_DATA_LE | FILE_EXECUTE_LE))) { - ksmbd_err("no right to read(%s)\n", FP_FILENAME(src_fp)); + pr_err("no right to read(%s)\n", FP_FILENAME(src_fp)); return -EACCES; } if (!(dst_fp->daccess & (FILE_WRITE_DATA_LE | FILE_APPEND_DATA_LE))) { - ksmbd_err("no right to write(%s)\n", FP_FILENAME(dst_fp)); + pr_err("no right to write(%s)\n", FP_FILENAME(dst_fp)); return -EACCES; }

diff --git a/fs/cifsd/vfs_cache.c b/fs/cifsd/vfs_cache.c index 4cf14c247e9e..c88210b15289 100644 --- a/fs/cifsd/vfs_cache.c +++ b/fs/cifsd/vfs_cache.c @@ -185,7 +185,7 @@ static struct ksmbd_inode *ksmbd_inode_get(struct ksmbd_file *fp)

rc = ksmbd_inode_init(ci, fp); if (rc) { - ksmbd_err("inode initialized failed\n"); + pr_err("inode initialized failed\n"); kfree(ci); return NULL; } @@ -254,8 +254,8 @@ static void __ksmbd_inode_close(struct ksmbd_file *fp) err = ksmbd_vfs_remove_xattr(filp->f_path.dentry, fp->stream.name); if (err) - ksmbd_err("remove xattr failed : %s\n", - fp->stream.name); + pr_err("remove xattr failed : %s\n", + fp->stream.name); }

if (atomic_dec_and_test(&ci->m_count)) { @@ -542,7 +542,7 @@ struct ksmbd_file *ksmbd_open_fd(struct ksmbd_work *work, struct file *filp)

fp = kmem_cache_zalloc(filp_cache, GFP_KERNEL); if (!fp) { - ksmbd_err("Failed to allocate memory\n"); + pr_err("Failed to allocate memory\n"); return ERR_PTR(-ENOMEM); }

@@ -698,7 +698,7 @@ int ksmbd_init_file_cache(void) return 0;

out: - ksmbd_err("failed to allocate file cache\n"); + pr_err("failed to allocate file cache\n"); return -ENOMEM; }

From patchwork Mon Nov 14 12:50:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183219 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:10 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:10 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:09 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 122/308] ksmbd: opencode to avoid trivial wrappers Date: Mon, 14 Nov 2022 20:50:31 +0800 Message-ID: 20221114125337.1831594-123-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: bac2f3f1-84fc-4865-7d56-08dac63c639f X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6846293 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit e8c061917133dd77410239bfc0fae151b1955af2 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/e8c061917133

-------------------------------

Opencode to avoid trivial wrappers that just make the code hard to follow.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 19 ++++++++++++------- fs/cifsd/vfs.c | 30 ++---------------------------- fs/cifsd/vfs.h | 4 ---- 3 files changed, 14 insertions(+), 39 deletions(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 84f4cd7f545f..96a0cb512882 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -10,6 +10,7 @@ #include <linux/namei.h> #include <linux/statfs.h> #include <linux/ethtool.h> +#include <linux/falloc.h>

#include "glob.h" #include "smb2pdu.h" @@ -2948,10 +2949,12 @@ int smb2_open(struct ksmbd_work *work) ksmbd_debug(SMB, "request smb2 create allocate size : %llu\n", alloc_size); - err = ksmbd_vfs_alloc_size(work, fp, alloc_size); + smb_break_all_levII_oplock(work, fp, 1); + err = vfs_fallocate(fp->filp, FALLOC_FL_KEEP_SIZE, 0, + alloc_size); if (err < 0) ksmbd_debug(SMB, - "ksmbd_vfs_alloc_size is failed : %d\n", + "vfs_fallocate is failed : %d\n", err); }

@@ -3762,7 +3765,7 @@ int smb2_query_dir(struct ksmbd_work *work) dir_fp->readdir_data.private = &query_dir_private; set_ctx_actor(&dir_fp->readdir_data.ctx, __query_dir);

- rc = ksmbd_vfs_readdir(dir_fp->filp, &dir_fp->readdir_data); + rc = iterate_dir(dir_fp->filp, &dir_fp->readdir_data.ctx); if (rc == 0) restart_ctx(&dir_fp->readdir_data.ctx); if (rc == -ENOSPC) @@ -5465,9 +5468,11 @@ static int set_file_allocation_info(struct ksmbd_work *work, inode = file_inode(fp->filp);

if (alloc_blks > inode->i_blocks) { - rc = ksmbd_vfs_alloc_size(work, fp, alloc_blks * 512); + smb_break_all_levII_oplock(work, fp, 1); + rc = vfs_fallocate(fp->filp, FALLOC_FL_KEEP_SIZE, 0, + alloc_blks * 512); if (rc && rc != -EOPNOTSUPP) { - pr_err("ksmbd_vfs_alloc_size is failed : %d\n", rc); + pr_err("vfs_fallocate is failed : %d\n", rc); return rc; } } else if (alloc_blks < inode->i_blocks) { @@ -6672,7 +6677,7 @@ int smb2_lock(struct ksmbd_work *work) flock = smb_lock->fl; list_del(&smb_lock->llist); retry: - err = ksmbd_vfs_lock(filp, smb_lock->cmd, flock); + err = vfs_lock_file(filp, smb_lock->cmd, flock, NULL); skip: if (flags & SMB2_LOCKFLAG_UNLOCK) { if (!err) { @@ -6785,7 +6790,7 @@ int smb2_lock(struct ksmbd_work *work) rlock->fl_start = smb_lock->start; rlock->fl_end = smb_lock->end;

- err = ksmbd_vfs_lock(filp, 0, rlock); + err = vfs_lock_file(filp, 0, rlock, NULL); if (err) pr_err("rollback unlock fail : %d\n", err); list_del(&smb_lock->llist); diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index ad08bad8df4e..1ba3fd95ba6b 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -1000,32 +1000,6 @@ void ksmbd_vfs_set_fadvise(struct file *filp, __le32 option) } }

-/** - * ksmbd_vfs_lock() - vfs helper for smb file locking - * @filp: the file to apply the lock to - * @cmd: type of locking operation (F_SETLK, F_GETLK, etc.) - * @flock: The lock to be applied - * - * Return: 0 on success, otherwise error - */ -int ksmbd_vfs_lock(struct file *filp, int cmd, struct file_lock *flock) -{ - ksmbd_debug(VFS, "calling vfs_lock_file\n"); - return vfs_lock_file(filp, cmd, flock, NULL); -} - -int ksmbd_vfs_readdir(struct file *file, struct ksmbd_readdir_data *rdata) -{ - return iterate_dir(file, &rdata->ctx); -} - -int ksmbd_vfs_alloc_size(struct ksmbd_work *work, struct ksmbd_file *fp, - loff_t len) -{ - smb_break_all_levII_oplock(work, fp, 1); - return vfs_fallocate(fp->filp, FALLOC_FL_KEEP_SIZE, 0, len); -} - int ksmbd_vfs_zero_data(struct ksmbd_work *work, struct ksmbd_file *fp, loff_t off, loff_t len) { @@ -1216,7 +1190,7 @@ int ksmbd_vfs_empty_dir(struct ksmbd_file *fp) set_ctx_actor(&readdir_data.ctx, __dir_empty); readdir_data.dirent_count = 0;

- err = ksmbd_vfs_readdir(fp->filp, &readdir_data); + err = iterate_dir(fp->filp, &readdir_data.ctx); if (readdir_data.dirent_count > 2) err = -ENOTEMPTY; else @@ -1266,7 +1240,7 @@ static int ksmbd_vfs_lookup_in_dir(struct path *dir, char *name, size_t namelen) if (IS_ERR(dfilp)) return PTR_ERR(dfilp);

- ret = ksmbd_vfs_readdir(dfilp, &readdir_data); + ret = iterate_dir(dfilp, &readdir_data.ctx); if (readdir_data.dirent_count > 0) ret = 0; fput(dfilp); diff --git a/fs/cifsd/vfs.h b/fs/cifsd/vfs.h index 03b877e6520b..e1021f579f37 100644 --- a/fs/cifsd/vfs.h +++ b/fs/cifsd/vfs.h @@ -232,10 +232,6 @@ int ksmbd_vfs_kern_path(char *name, unsigned int flags, struct path *path, bool caseless); int ksmbd_vfs_empty_dir(struct ksmbd_file *fp); void ksmbd_vfs_set_fadvise(struct file *filp, __le32 option); -int ksmbd_vfs_lock(struct file *filp, int cmd, struct file_lock *flock); -int ksmbd_vfs_readdir(struct file *file, struct ksmbd_readdir_data *rdata); -int ksmbd_vfs_alloc_size(struct ksmbd_work *work, struct ksmbd_file *fp, - loff_t len); int ksmbd_vfs_zero_data(struct ksmbd_work *work, struct ksmbd_file *fp, loff_t off, loff_t len); struct file_allocated_range_buffer;

From patchwork Mon Nov 14 12:50:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183222 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:11 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:10 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:09 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 123/308] ksmbd: factor out a ksmbd_validate_entry_in_use helper from __ksmbd_vfs_rename Date: Mon, 14 Nov 2022 20:50:32 +0800 Message-ID: 20221114125337.1831594-124-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: aefc6c77-c939-4cf9-3483-08dac63c63e8 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.6823187 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 4b637fc18902600dfe722f9b1a45950bfc8bc7b5 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/4b637fc18902

-------------------------------

Factor out a self-contained helper to find sub file/dir in use.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/vfs.c | 41 ++++++++++++++++++++++++++--------------- 1 file changed, 26 insertions(+), 15 deletions(-)

diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index 1ba3fd95ba6b..ca4c6c020a8e 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -687,6 +687,29 @@ int ksmbd_vfs_link(struct ksmbd_work *work, const char *oldname, return err; }

+static int ksmbd_validate_entry_in_use(struct dentry *src_dent) +{ + struct dentry *dst_dent; + + spin_lock(&src_dent->d_lock); + list_for_each_entry(dst_dent, &src_dent->d_subdirs, d_child) { + struct ksmbd_file *child_fp; + + if (d_really_is_negative(dst_dent)) + continue; + + child_fp = ksmbd_lookup_fd_inode(d_inode(dst_dent)); + if (child_fp) { + spin_unlock(&src_dent->d_lock); + ksmbd_debug(VFS, "Forbid rename, sub file/dir is in use\n"); + return -EACCES; + } + } + spin_unlock(&src_dent->d_lock); + + return 0; +} + static int __ksmbd_vfs_rename(struct ksmbd_work *work, struct dentry *src_dent_parent, struct dentry *src_dent, @@ -698,21 +721,9 @@ static int __ksmbd_vfs_rename(struct ksmbd_work *work, int err;

if (!work->tcon->posix_extensions) { - spin_lock(&src_dent->d_lock); - list_for_each_entry(dst_dent, &src_dent->d_subdirs, d_child) { - struct ksmbd_file *child_fp; - - if (d_really_is_negative(dst_dent)) - continue; - - child_fp = ksmbd_lookup_fd_inode(d_inode(dst_dent)); - if (child_fp) { - spin_unlock(&src_dent->d_lock); - ksmbd_debug(VFS, "Forbid rename, sub file/dir is in use\n"); - return -EACCES; - } - } - spin_unlock(&src_dent->d_lock); + err = ksmbd_validate_entry_in_use(src_dent); + if (err) + return err; }

if (d_really_is_negative(src_dent_parent))

From patchwork Mon Nov 14 12:50:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183220 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:11 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:10 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:10 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 124/308] ksmbd: opencode posix acl functions instead of wrappers Date: Mon, 14 Nov 2022 20:50:33 +0800 Message-ID: 20221114125337.1831594-125-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: f8778257-b983-4a41-599e-08dac63c6426 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7031082 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 67d1c432994cbf30f63ec35abba493b027f0c910 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/67d1c432994c

-------------------------------

Add select FS_POSIX_ACL in Kconfig and then opencode posix acl functions instead of wrappers

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 4 ++-- fs/cifsd/smbacl.c | 14 +++++++------- fs/cifsd/vfs.c | 44 +++++++++----------------------------------- fs/cifsd/vfs.h | 4 ---- 4 files changed, 18 insertions(+), 48 deletions(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 96a0cb512882..0d004c6d1c63 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -2327,9 +2327,9 @@ static void ksmbd_acls_fattr(struct smb_fattr *fattr, struct inode *inode) fattr->cf_mode = inode->i_mode; fattr->cf_dacls = NULL;

- fattr->cf_acls = ksmbd_vfs_get_acl(inode, ACL_TYPE_ACCESS); + fattr->cf_acls = get_acl(inode, ACL_TYPE_ACCESS); if (S_ISDIR(inode->i_mode)) - fattr->cf_dacls = ksmbd_vfs_get_acl(inode, ACL_TYPE_DEFAULT); + fattr->cf_dacls = get_acl(inode, ACL_TYPE_DEFAULT); }

/** diff --git a/fs/cifsd/smbacl.c b/fs/cifsd/smbacl.c index 23c952612db4..958937a548a1 100644 --- a/fs/cifsd/smbacl.c +++ b/fs/cifsd/smbacl.c @@ -532,7 +532,7 @@ static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl,

if (acl_state.users->n || acl_state.groups->n) { acl_state.mask.allow = 0x07; - fattr->cf_acls = ksmbd_vfs_posix_acl_alloc(acl_state.users->n + + fattr->cf_acls = posix_acl_alloc(acl_state.users->n + acl_state.groups->n + 4, GFP_KERNEL); if (fattr->cf_acls) { cf_pace = fattr->cf_acls->a_entries; @@ -543,7 +543,7 @@ static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl, if (default_acl_state.users->n || default_acl_state.groups->n) { default_acl_state.mask.allow = 0x07; fattr->cf_dacls = - ksmbd_vfs_posix_acl_alloc(default_acl_state.users->n + + posix_acl_alloc(default_acl_state.users->n + default_acl_state.groups->n + 4, GFP_KERNEL); if (fattr->cf_dacls) { cf_pdace = fattr->cf_dacls->a_entries; @@ -1202,7 +1202,7 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, struct dentry *dentry, granted = GENERIC_ALL_FLAGS; }

- posix_acls = ksmbd_vfs_get_acl(d_inode(dentry), ACL_TYPE_ACCESS); + posix_acls = get_acl(d_inode(dentry), ACL_TYPE_ACCESS); if (posix_acls && !found) { unsigned int id = -1;

@@ -1287,11 +1287,11 @@ int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon, ksmbd_vfs_remove_acl_xattrs(dentry); /* Update posix acls */ if (fattr.cf_dacls) { - rc = ksmbd_vfs_set_posix_acl(inode, ACL_TYPE_ACCESS, - fattr.cf_acls); + rc = set_posix_acl(&init_user_ns, inode, ACL_TYPE_ACCESS, + fattr.cf_acls); if (S_ISDIR(inode->i_mode) && fattr.cf_dacls) - rc = ksmbd_vfs_set_posix_acl(inode, ACL_TYPE_DEFAULT, - fattr.cf_dacls); + rc = set_posix_acl(&init_user_ns, inode, + ACL_TYPE_DEFAULT, fattr.cf_dacls); }

/* Check it only calling from SD BUFFER context */ diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index ca4c6c020a8e..e34e536dc9ce 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -1407,7 +1407,7 @@ static struct xattr_smb_acl *ksmbd_vfs_make_xattr_posix_acl(struct inode *inode, struct xattr_acl_entry *xa_entry; int i;

- posix_acls = ksmbd_vfs_get_acl(inode, acl_type); + posix_acls = get_acl(inode, acl_type); if (!posix_acls) return NULL;

@@ -1630,34 +1630,6 @@ int ksmbd_vfs_get_dos_attrib_xattr(struct dentry *dentry, return err; }

-struct posix_acl *ksmbd_vfs_posix_acl_alloc(int count, gfp_t flags) -{ -#if IS_ENABLED(CONFIG_FS_POSIX_ACL) - return posix_acl_alloc(count, flags); -#else - return NULL; -#endif -} - -struct posix_acl *ksmbd_vfs_get_acl(struct inode *inode, int type) -{ -#if IS_ENABLED(CONFIG_FS_POSIX_ACL) - return get_acl(inode, type); -#else - return NULL; -#endif -} - -int ksmbd_vfs_set_posix_acl(struct inode *inode, int type, - struct posix_acl *acl) -{ -#if IS_ENABLED(CONFIG_FS_POSIX_ACL) - return set_posix_acl(&init_user_ns, inode, type, acl); -#else - return -EOPNOTSUPP; -#endif -} - /** * ksmbd_vfs_init_kstat() - convert unix stat information to smb stat format * @p: destination buffer @@ -1895,19 +1867,20 @@ int ksmbd_vfs_set_init_posix_acl(struct inode *inode) acl_state.group.allow; acl_state.mask.allow = 0x07;

- acls = ksmbd_vfs_posix_acl_alloc(6, GFP_KERNEL); + acls = posix_acl_alloc(6, GFP_KERNEL); if (!acls) { free_acl_state(&acl_state); return -ENOMEM; } posix_state_to_acl(&acl_state, acls->a_entries); - rc = ksmbd_vfs_set_posix_acl(inode, ACL_TYPE_ACCESS, acls); + rc = set_posix_acl(&init_user_ns, inode, ACL_TYPE_ACCESS, acls); if (rc < 0) ksmbd_debug(SMB, "Set posix acl(ACL_TYPE_ACCESS) failed, rc : %d\n", rc); else if (S_ISDIR(inode->i_mode)) { posix_state_to_acl(&acl_state, acls->a_entries); - rc = ksmbd_vfs_set_posix_acl(inode, ACL_TYPE_DEFAULT, acls); + rc = set_posix_acl(&init_user_ns, inode, ACL_TYPE_DEFAULT, + acls); if (rc < 0) ksmbd_debug(SMB, "Set posix acl(ACL_TYPE_DEFAULT) failed, rc : %d\n", rc); @@ -1923,7 +1896,7 @@ int ksmbd_vfs_inherit_posix_acl(struct inode *inode, struct inode *parent_inode) struct posix_acl_entry *pace; int rc, i;

- acls = ksmbd_vfs_get_acl(parent_inode, ACL_TYPE_DEFAULT); + acls = get_acl(parent_inode, ACL_TYPE_DEFAULT); if (!acls) return -ENOENT; pace = acls->a_entries; @@ -1935,12 +1908,13 @@ int ksmbd_vfs_inherit_posix_acl(struct inode *inode, struct inode *parent_inode) } }

- rc = ksmbd_vfs_set_posix_acl(inode, ACL_TYPE_ACCESS, acls); + rc = set_posix_acl(&init_user_ns, inode, ACL_TYPE_ACCESS, acls); if (rc < 0) ksmbd_debug(SMB, "Set posix acl(ACL_TYPE_ACCESS) failed, rc : %d\n", rc); if (S_ISDIR(inode->i_mode)) { - rc = ksmbd_vfs_set_posix_acl(inode, ACL_TYPE_DEFAULT, acls); + rc = set_posix_acl(&init_user_ns, inode, ACL_TYPE_DEFAULT, + acls); if (rc < 0) ksmbd_debug(SMB, "Set posix acl(ACL_TYPE_DEFAULT) failed, rc : %d\n", rc); diff --git a/fs/cifsd/vfs.h b/fs/cifsd/vfs.h index e1021f579f37..29352c227028 100644 --- a/fs/cifsd/vfs.h +++ b/fs/cifsd/vfs.h @@ -258,10 +258,6 @@ int ksmbd_vfs_set_dos_attrib_xattr(struct dentry *dentry, struct xattr_dos_attrib *da); int ksmbd_vfs_get_dos_attrib_xattr(struct dentry *dentry, struct xattr_dos_attrib *da); -struct posix_acl *ksmbd_vfs_posix_acl_alloc(int count, gfp_t flags); -struct posix_acl *ksmbd_vfs_get_acl(struct inode *inode, int type); -int ksmbd_vfs_set_posix_acl(struct inode *inode, int type, - struct posix_acl *acl); int ksmbd_vfs_set_init_posix_acl(struct inode *inode); int ksmbd_vfs_inherit_posix_acl(struct inode *inode, struct inode *parent_inode);

From patchwork Mon Nov 14 12:50:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183221 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:11 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:11 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:10 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 125/308] ksmbd: change stream type macro to enumeration Date: Mon, 14 Nov 2022 20:50:34 +0800 Message-ID: 20221114125337.1831594-126-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: d7c47fe4-9458-41e6-3654-08dac63c646f X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6459776 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit ee2033e9c64139c4f052bed52e72eba44a08b40a category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/ee2033e9c641

-------------------------------

Change stream type macro to enumeration and move it to vfs.h.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/glob.h | 3 --- fs/cifsd/vfs.h | 8 ++++++++ 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/fs/cifsd/glob.h b/fs/cifsd/glob.h index 8119cb7ddbed..49a5a3afa118 100644 --- a/fs/cifsd/glob.h +++ b/fs/cifsd/glob.h @@ -16,9 +16,6 @@

extern int ksmbd_debug_types;

-#define DATA_STREAM 1 -#define DIR_STREAM 2 - #define KSMBD_DEBUG_SMB BIT(0) #define KSMBD_DEBUG_AUTH BIT(1) #define KSMBD_DEBUG_VFS BIT(2) diff --git a/fs/cifsd/vfs.h b/fs/cifsd/vfs.h index 29352c227028..a9c14c5dee8d 100644 --- a/fs/cifsd/vfs.h +++ b/fs/cifsd/vfs.h @@ -101,6 +101,14 @@ struct xattr_ntacl { #define XATTR_NAME_SD_LEN \ (sizeof(XATTR_SECURITY_PREFIX SD_PREFIX) - 1)

+/* + * Enumeration for stream type. + */ +enum { + DATA_STREAM = 1, /* type $DATA */ + DIR_STREAM /* type $INDEX_ALLOCATION */ +}; + /* CreateOptions */ /* Flag is set, it must not be a file , valid for directory only */ #define FILE_DIRECTORY_FILE_LE cpu_to_le32(0x00000001)

From patchwork Mon Nov 14 12:50:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183223 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:12 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:11 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:11 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 126/308] ksmbd: use f_bsize instead of q->limits.logical_block_size Date: Mon, 14 Nov 2022 20:50:35 +0800 Message-ID: 20221114125337.1831594-127-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 00ab0595-730e-40d6-1436-08dac63c64b8 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6963437 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit ee81cae1a6323fa4489313dfd9de436da7ff8519 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/ee81cae1a632

-------------------------------

Use f_bsize instead of q->limits.logical_block_size.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 25 +++++++------------------ fs/cifsd/vfs.c | 23 ----------------------- fs/cifsd/vfs.h | 1 - 3 files changed, 7 insertions(+), 42 deletions(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 0d004c6d1c63..341d51e711a5 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -4739,16 +4739,12 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work, case FS_SIZE_INFORMATION: { struct filesystem_info *info; - unsigned short logical_sector_size;

info = (struct filesystem_info *)(rsp->Buffer); - logical_sector_size = - ksmbd_vfs_logical_sector_size(d_inode(path.dentry)); - info->TotalAllocationUnits = cpu_to_le64(stfs.f_blocks); info->FreeAllocationUnits = cpu_to_le64(stfs.f_bfree); - info->SectorsPerAllocationUnit = cpu_to_le32(stfs.f_bsize >> 9); - info->BytesPerSector = cpu_to_le32(logical_sector_size); + info->SectorsPerAllocationUnit = cpu_to_le32(1); + info->BytesPerSector = cpu_to_le32(stfs.f_bsize); rsp->OutputBufferLength = cpu_to_le32(24); inc_rfc1001_len(rsp_org, 24); fs_infoclass_size = FS_SIZE_INFORMATION_SIZE; @@ -4757,19 +4753,15 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work, case FS_FULL_SIZE_INFORMATION: { struct smb2_fs_full_size_info *info; - unsigned short logical_sector_size;

info = (struct smb2_fs_full_size_info *)(rsp->Buffer); - logical_sector_size = - ksmbd_vfs_logical_sector_size(d_inode(path.dentry)); - info->TotalAllocationUnits = cpu_to_le64(stfs.f_blocks); info->CallerAvailableAllocationUnits = cpu_to_le64(stfs.f_bavail); info->ActualAvailableAllocationUnits = cpu_to_le64(stfs.f_bfree); - info->SectorsPerAllocationUnit = cpu_to_le32(stfs.f_bsize >> 9); - info->BytesPerSector = cpu_to_le32(logical_sector_size); + info->SectorsPerAllocationUnit = cpu_to_le32(1); + info->BytesPerSector = cpu_to_le32(stfs.f_bsize); rsp->OutputBufferLength = cpu_to_le32(32); inc_rfc1001_len(rsp_org, 32); fs_infoclass_size = FS_FULL_SIZE_INFORMATION_SIZE; @@ -4846,16 +4838,13 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work, case FS_POSIX_INFORMATION: { struct filesystem_posix_info *info; - unsigned short logical_sector_size;

if (!work->tcon->posix_extensions) { pr_err("client doesn't negotiate with SMB3.1.1 POSIX Extensions\n"); rc = -EOPNOTSUPP; } else { info = (struct filesystem_posix_info *)(rsp->Buffer); - logical_sector_size = - ksmbd_vfs_logical_sector_size(d_inode(path.dentry)); - info->OptimalTransferSize = cpu_to_le32(logical_sector_size); + info->OptimalTransferSize = cpu_to_le32(stfs.f_bsize); info->BlockSize = cpu_to_le32(stfs.f_bsize); info->TotalBlocks = cpu_to_le64(stfs.f_blocks); info->BlocksAvail = cpu_to_le64(stfs.f_bfree); @@ -5588,13 +5577,13 @@ static int set_file_position_info(struct ksmbd_file *fp, char *buf) { struct smb2_file_pos_info *file_info; loff_t current_byte_offset; - unsigned short sector_size; + unsigned long sector_size; struct inode *inode;

inode = file_inode(fp->filp); file_info = (struct smb2_file_pos_info *)buf; current_byte_offset = le64_to_cpu(file_info->CurrentByteOffset); - sector_size = ksmbd_vfs_logical_sector_size(inode); + sector_size = inode->i_sb->s_blocksize;

if (current_byte_offset < 0 || (fp->coption == FILE_NO_INTERMEDIATE_BUFFERING_LE && diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index e34e536dc9ce..9c594e88b2c7 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -12,7 +12,6 @@ #include <linux/xattr.h> #include <linux/falloc.h> #include <linux/genhd.h> -#include <linux/blkdev.h> #include <linux/fsnotify.h> #include <linux/dcache.h> #include <linux/slab.h> @@ -1119,28 +1118,6 @@ int ksmbd_vfs_unlink(struct dentry *dir, struct dentry *dentry) return err; }

-/* - * ksmbd_vfs_get_logical_sector_size() - get logical sector size from inode - * @inode: inode - * - * Return: logical sector size - */ -unsigned short ksmbd_vfs_logical_sector_size(struct inode *inode) -{ - struct request_queue *q; - unsigned short ret_val = 512; - - if (!inode->i_sb->s_bdev) - return ret_val; - - q = inode->i_sb->s_bdev->bd_disk->queue; - - if (q && q->limits.logical_block_size) - ret_val = q->limits.logical_block_size; - - return ret_val; -} - /* * ksmbd_vfs_get_smb2_sector_size() - get fs sector sizes * @inode: inode diff --git a/fs/cifsd/vfs.h b/fs/cifsd/vfs.h index a9c14c5dee8d..751bb6ea6e12 100644 --- a/fs/cifsd/vfs.h +++ b/fs/cifsd/vfs.h @@ -247,7 +247,6 @@ int ksmbd_vfs_fqar_lseek(struct ksmbd_file *fp, loff_t start, loff_t length, struct file_allocated_range_buffer *ranges, int in_count, int *out_count); int ksmbd_vfs_unlink(struct dentry *dir, struct dentry *dentry); -unsigned short ksmbd_vfs_logical_sector_size(struct inode *inode); void ksmbd_vfs_smb2_sector_size(struct inode *inode, struct ksmbd_fs_sector_size *fs_ss); void *ksmbd_vfs_init_kstat(char **p, struct ksmbd_kstat *ksmbd_kstat);

From patchwork Mon Nov 14 12:50:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183224 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:12 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:12 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:11 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 127/308] ksmbd: remove unneeded NULL check in the list iterator Date: Mon, 14 Nov 2022 20:50:36 +0800 Message-ID: 20221114125337.1831594-128-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: e049cc7b-cc75-4f16-f297-08dac63c6500 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6873968 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 560ac05130696de2491881bbc2a5024c94bc3912 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/560ac0513069

-------------------------------

Remove unneeded NULL check in the list iterator. And use list_for_each_entry_safe instead of list_for_each_safe.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/mgmt/user_session.c | 15 ++++++--------- fs/cifsd/smb2pdu.c | 2 +- 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/fs/cifsd/mgmt/user_session.c b/fs/cifsd/mgmt/user_session.c index 615b46f0762b..c5ba9694e1f1 100644 --- a/fs/cifsd/mgmt/user_session.c +++ b/fs/cifsd/mgmt/user_session.c @@ -30,15 +30,12 @@ struct ksmbd_session_rpc {

static void free_channel_list(struct ksmbd_session *sess) { - struct channel *chann; - struct list_head *tmp, *t; - - list_for_each_safe(tmp, t, &sess->ksmbd_chann_list) { - chann = list_entry(tmp, struct channel, chann_list); - if (chann) { - list_del(&chann->chann_list); - kfree(chann); - } + struct channel *chann, *tmp; + + list_for_each_entry_safe(chann, tmp, &sess->ksmbd_chann_list, + chann_list) { + list_del(&chann->chann_list); + kfree(chann); } }

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 341d51e711a5..bbb35e68abc4 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -76,7 +76,7 @@ struct channel *lookup_chann_list(struct ksmbd_session *sess, struct ksmbd_conn struct channel *chann;

list_for_each_entry(chann, &sess->ksmbd_chann_list, chann_list) { - if (chann && chann->conn == conn) + if (chann->conn == conn) return chann; }

From patchwork Mon Nov 14 12:50:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183225 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:12 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:12 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:12 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 128/308] ksmbd: use f_bsize in FS_SECTOR_SIZE_INFORMATION Date: Mon, 14 Nov 2022 20:50:37 +0800 Message-ID: 20221114125337.1831594-129-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: d8dab6c1-934e-4c03-ab21-08dac63c6549 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6835615 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 131bac1ece2e16201674b2f29b64d2044c826b56 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/131bac1ece2e

-------------------------------

Use f_bsize in FS_SECTOR_SIZE_INFORMATION to avoid the access the block layer.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/cifsd/smb2pdu.c | 12 ++++-------- fs/cifsd/vfs.c | 31 ------------------------------- fs/cifsd/vfs.h | 8 -------- 3 files changed, 4 insertions(+), 47 deletions(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index bbb35e68abc4..1327ae806b17 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -4791,19 +4791,15 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work, case FS_SECTOR_SIZE_INFORMATION: { struct smb3_fs_ss_info *info; - struct ksmbd_fs_sector_size fs_ss;

info = (struct smb3_fs_ss_info *)(rsp->Buffer); - ksmbd_vfs_smb2_sector_size(d_inode(path.dentry), &fs_ss);

- info->LogicalBytesPerSector = - cpu_to_le32(fs_ss.logical_sector_size); + info->LogicalBytesPerSector = cpu_to_le32(stfs.f_bsize); info->PhysicalBytesPerSectorForAtomicity = - cpu_to_le32(fs_ss.physical_sector_size); - info->PhysicalBytesPerSectorForPerf = - cpu_to_le32(fs_ss.optimal_io_size); + cpu_to_le32(stfs.f_bsize); + info->PhysicalBytesPerSectorForPerf = cpu_to_le32(stfs.f_bsize); info->FSEffPhysicalBytesPerSectorForAtomicity = - cpu_to_le32(fs_ss.optimal_io_size); + cpu_to_le32(stfs.f_bsize); info->Flags = cpu_to_le32(SSINFO_FLAGS_ALIGNED_DEVICE | SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE); info->ByteOffsetForSectorAlignment = 0; diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index 9c594e88b2c7..fddabb4c7db6 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -1118,37 +1118,6 @@ int ksmbd_vfs_unlink(struct dentry *dir, struct dentry *dentry) return err; }

-/* - * ksmbd_vfs_get_smb2_sector_size() - get fs sector sizes - * @inode: inode - * @fs_ss: fs sector size struct - */ -void ksmbd_vfs_smb2_sector_size(struct inode *inode, - struct ksmbd_fs_sector_size *fs_ss) -{ - struct request_queue *q; - - fs_ss->logical_sector_size = 512; - fs_ss->physical_sector_size = 512; - fs_ss->optimal_io_size = 512; - - if (!inode->i_sb->s_bdev) - return; - - q = inode->i_sb->s_bdev->bd_disk->queue; - - if (q) { - if (q->limits.logical_block_size) - fs_ss->logical_sector_size = - q->limits.logical_block_size; - if (q->limits.physical_block_size) - fs_ss->physical_sector_size = - q->limits.physical_block_size; - if (q->limits.io_opt) - fs_ss->optimal_io_size = q->limits.io_opt; - } -} - static int __dir_empty(struct dir_context *ctx, const char *name, int namlen, loff_t offset, u64 ino, unsigned int d_type) { diff --git a/fs/cifsd/vfs.h b/fs/cifsd/vfs.h index 751bb6ea6e12..49f0558ace32 100644 --- a/fs/cifsd/vfs.h +++ b/fs/cifsd/vfs.h @@ -192,12 +192,6 @@ struct ksmbd_kstat { __le32 file_attributes; };

-struct ksmbd_fs_sector_size { - unsigned short logical_sector_size; - unsigned int physical_sector_size; - unsigned int optimal_io_size; -}; - int ksmbd_vfs_inode_permission(struct dentry *dentry, int acc_mode, bool delete); int ksmbd_vfs_query_maximal_access(struct dentry *dentry, __le32 *daccess); @@ -247,8 +241,6 @@ int ksmbd_vfs_fqar_lseek(struct ksmbd_file *fp, loff_t start, loff_t length, struct file_allocated_range_buffer *ranges, int in_count, int *out_count); int ksmbd_vfs_unlink(struct dentry *dir, struct dentry *dentry); -void ksmbd_vfs_smb2_sector_size(struct inode *inode, - struct ksmbd_fs_sector_size *fs_ss); void *ksmbd_vfs_init_kstat(char **p, struct ksmbd_kstat *ksmbd_kstat); int ksmbd_vfs_fill_dentry_attrs(struct ksmbd_work *work, struct dentry *dentry, struct ksmbd_kstat *ksmbd_kstat);

From patchwork Mon Nov 14 12:50:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183226 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:13 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:13 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:12 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 129/308] cifsd: fix WARNING: Title overline too short Date: Mon, 14 Nov 2022 20:50:38 +0800 Message-ID: 20221114125337.1831594-130-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 7de38c99-0ba8-4ad3-2104-08dac63c6593 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7068281 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit c0e8110e6c75758c4567f8e713f26e5dbd88cc7c category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/c0e8110e6c75

-------------------------------

Stephen reported a warning message from cifsd.rst file.

Documentation/filesystems/cifs/cifsd.rst:3: WARNING: Title overline too short.

Reported-by: Stephen Rothwell sfr@canb.auug.org.au Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- Documentation/filesystems/cifs/cifsd.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Documentation/filesystems/cifs/cifsd.rst b/Documentation/filesystems/cifs/cifsd.rst index e0c33d03f290..af3589da6923 100644 --- a/Documentation/filesystems/cifs/cifsd.rst +++ b/Documentation/filesystems/cifs/cifsd.rst @@ -1,8 +1,8 @@ .. SPDX-License-Identifier: GPL-2.0

-========================= +========================== CIFSD - SMB3 Kernel Server -========================= +==========================

CIFSD is a linux kernel server which implements SMB3 protocol in kernel space for sharing files over network.

From patchwork Mon Nov 14 12:50:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183227 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:13 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:13 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:13 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 130/308] cifsd: update cifsd.rst document Date: Mon, 14 Nov 2022 20:50:39 +0800 Message-ID: 20221114125337.1831594-131-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 8527599b-62ec-4df8-e414-08dac63c65dc X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6951034 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 04bee6e336be1accb7f28d8e86454f42b58a860f category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/04bee6e336be

-------------------------------

Add work flow of cifsd and feature stats table.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- Documentation/filesystems/cifs/cifsd.rst | 96 +++++++++++++++++------- 1 file changed, 70 insertions(+), 26 deletions(-)

diff --git a/Documentation/filesystems/cifs/cifsd.rst b/Documentation/filesystems/cifs/cifsd.rst index af3589da6923..7eac7e459c2d 100644 --- a/Documentation/filesystems/cifs/cifsd.rst +++ b/Documentation/filesystems/cifs/cifsd.rst @@ -10,6 +10,34 @@ for sharing files over network. CIFSD architecture ==================

+ |--- ... + --------|--- ksmbd/3 - Client 3 + |-------|--- ksmbd/2 - Client 2 + | | ____________________________________________________ + | | |- Client 1 | +<--- Socket ---|--- ksmbd/1 <<= Authentication : NTLM/NTLM2, Kerberos | + | | | | <<= SMB engine : SMB2, SMB2.1, SMB3, SMB3.0.2, | + | | | | SMB3.1.1 | + | | | |____________________________________________________| + | | | + | | |--- VFS --- Local Filesystem + | | +KERNEL |--- ksmbd/0(forker kthread) +---------------||--------------------------------------------------------------- +USER || + || communication using NETLINK + || ______________________________________________ + || | | + ksmbd.mountd <<= DCE/RPC(srvsvc, wkssvc, smar, lsarpc) | + ^ | <<= configure shares setting, user accounts | + | |______________________________________________| + | + |------ smb.conf(config file) + | + |------ ksmbdpwd.db(user account/password file) + ^ + ksmbd.adduser ---------------| + The subset of performance related operations belong in kernelspace and the other subset which belong to operations which are not really related with performance in userspace. So, DCE/RPC management that has historically resulted @@ -59,32 +87,48 @@ dozen) that are most important for file server from NetShareEnum and NetServerGetInfo. Complete DCE/RPC response is prepared from the user space and passed over to the associated kernel thread for the client.

-Key Features -============ - -The supported features are: - * SMB3 protocols for basic file sharing - * Auto negotiation - * Compound requests - * Oplock/Lease - * Large MTU - * NTLM/NTLMv2 - * HMAC-SHA256 Signing - * Secure negotiate - * Signing Update - * Pre-authentication integrity(SMB 3.1.1) - * SMB3 encryption(CCM, GCM) - * SMB direct(RDMA) - * SMB3.1.1 POSIX extension support - * ACLs - * Kerberos - -The features that are planned or not supported: - * SMB3 Multi-channel - * Durable handle v1,v2 - * Persistent handles - * Directory lease - * SMB2 notify + +CIFSD Feature Status +==================== + +============================== ================================================= +Feature name Status +============================== ================================================= +Dialects Supported. SMB2.1 SMB3.0, SMB3.1.1 dialects + excluding security vulnerable SMB1. +Auto Negotiation Supported. +Compound Request Supported. +Oplock Cache Mechanism Supported. +SMB2 leases(v1 lease) Supported. +Directory leases(v2 lease) Planned for future. +Multi-credits Supported. +NTLM/NTLMv2 Supported. +HMAC-SHA256 Signing Supported. +Secure negotiate Supported. +Signing Update Supported. +Pre-authentication integrity Supported. +SMB3 encryption(CCM, GCM) Supported. +SMB direct(RDMA) Partial Supported. SMB3 Multi-channel is required + to connect to Windows client. +SMB3 Multi-channel In Progress. +SMB3.1.1 POSIX extension Supported. +ACLs Partial Supported. only DACLs available, SACLs is + planned for future. ksmbd generate random subauth + values(then store it to disk) and use uid/gid + get from inode as RID for local domain SID. + The current acl implementation is limited to + standalone server, not a domain member. +Kerberos Supported. +Durable handle v1,v2 Planned for future. +Persistent handle Planned for future. +SMB2 notify Planned for future. +Sparse file support Supported. +DCE/RPC support Partial Supported. a few calls(NetShareEnumAll, + NetServerGetInfo, SAMR, LSARPC) that needed as + file server via netlink interface from + ksmbd.mountd. +============================== ================================================= +

How to run ==========

From patchwork Mon Nov 14 12:50:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183228 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:14 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:14 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:13 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 131/308] cifsd: fix build warnings from cifsd.rst Date: Mon, 14 Nov 2022 20:50:40 +0800 Message-ID: 20221114125337.1831594-132-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 3a505631-b82d-4a58-c267-08dac63c6625 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6981843 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 269d3feec1b0f0c286ff3cc3eef43416614ee261 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/269d3feec1b0

-------------------------------

Stephen reported a build warnings from cifsd.rst:

Documentation/filesystems/cifs/cifsd.rst:13: WARNING: Inline substitution_reference start-string without end-string. Documentation/filesystems/cifs/cifsd.rst:14: WARNING: Block quote ends without a blank line; unexpected unindent. Documentation/filesystems/cifs/cifsd.rst:14: WARNING: Inline substitution_reference start-string without end-string. Documentation/filesystems/cifs/cifsd.rst:18: WARNING: Block quote ends without a blank line; unexpected unindent. Documentation/filesystems/cifs/cifsd.rst:23: WARNING: Inline substitution_reference start-string without end-string. Documentation/filesystems/cifs/cifsd.rst:23: WARNING: Inline substitution_reference start-string without end-string. Documentation/filesystems/cifs/cifsd.rst:24: WARNING: Inline substitution_reference start-string without end-string. Documentation/filesystems/cifs/cifsd.rst:25: WARNING: Definition list ends without a blank line; unexpected unindent. Documentation/filesystems/cifs/cifsd.rst:28: WARNING: Unexpected indentation. Documentation/filesystems/cifs/cifsd.rst:31: WARNING: Block quote ends without a blank line; unexpected unindent. Documentation/filesystems/cifs/cifsd.rst:38: WARNING: Unexpected indentation. Documentation/filesystems/cifs/cifsd.rst:32: WARNING: Inline substitution_reference start-string without end-string. Documentation/filesystems/cifs/cifsd.rst:32: WARNING: Inline substitution_reference start-string without end-string. Documentation/filesystems/cifs/cifsd.rst:39: WARNING: Block quote ends without a blank line; unexpected unindent. Documentation/filesystems/cifs/cifsd.rst:14: WARNING: Undefined substitution referenced: "--- ksmbd/3 - Client 3 |-------". Documentation/filesystems/cifs/cifsd.rst:0: WARNING: Undefined substitution referenced: "____________________________________________________". Documentation/filesystems/cifs/cifsd.rst:25: WARNING: Undefined substitution referenced: "--- ksmbd/0(forker kthread) ---------------|". Documentation/filesystems/cifs/cifsd.rst:32: WARNING: Undefined substitution referenced: "______________________________________________".

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- Documentation/filesystems/cifs/cifsd.rst | 28 ------------------------ 1 file changed, 28 deletions(-)

diff --git a/Documentation/filesystems/cifs/cifsd.rst b/Documentation/filesystems/cifs/cifsd.rst index 7eac7e459c2d..48ae58f2a53c 100644 --- a/Documentation/filesystems/cifs/cifsd.rst +++ b/Documentation/filesystems/cifs/cifsd.rst @@ -10,34 +10,6 @@ for sharing files over network. CIFSD architecture ==================

- |--- ... - --------|--- ksmbd/3 - Client 3 - |-------|--- ksmbd/2 - Client 2 - | | ____________________________________________________ - | | |- Client 1 | -<--- Socket ---|--- ksmbd/1 <<= Authentication : NTLM/NTLM2, Kerberos | - | | | | <<= SMB engine : SMB2, SMB2.1, SMB3, SMB3.0.2, | - | | | | SMB3.1.1 | - | | | |____________________________________________________| - | | | - | | |--- VFS --- Local Filesystem - | | -KERNEL |--- ksmbd/0(forker kthread) ----------------||--------------------------------------------------------------- -USER || - || communication using NETLINK - || ______________________________________________ - || | | - ksmbd.mountd <<= DCE/RPC(srvsvc, wkssvc, smar, lsarpc) | - ^ | <<= configure shares setting, user accounts | - | |______________________________________________| - | - |------ smb.conf(config file) - | - |------ ksmbdpwd.db(user account/password file) - ^ - ksmbd.adduser ---------------| - The subset of performance related operations belong in kernelspace and the other subset which belong to operations which are not really related with performance in userspace. So, DCE/RPC management that has historically resulted

From patchwork Mon Nov 14 12:50:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183229 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:14 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:14 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:14 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 132/308] doc: cifsd: change the reference to configuration.txt Date: Mon, 14 Nov 2022 20:50:41 +0800 Message-ID: 20221114125337.1831594-133-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 7f952bc3-cd14-409c-bb64-08dac63c666d X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6781884 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Mauro Carvalho Chehab mchehab+huawei@kernel.org

mainline inclusion from mainline-5.15-rc1 commit 9cca7516f4c6373223d6059f1a69548fed74c5ed category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/9cca7516f4c6

-------------------------------

added documentation for cifsd. There, it points to a file named: Documentation/configuration.txt

This confuses Kernel scripts, as they think that this is a document within the Kernel tree, instead of a file from some other place.

Replace it by an hyperlink to the ksmbd-tools tree, in order to avoid false-positives.

Signed-off-by: Mauro Carvalho Chehab mchehab+huawei@kernel.org Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- Documentation/filesystems/cifs/cifsd.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Documentation/filesystems/cifs/cifsd.rst b/Documentation/filesystems/cifs/cifsd.rst index 48ae58f2a53c..cb9f87b8529f 100644 --- a/Documentation/filesystems/cifs/cifsd.rst +++ b/Documentation/filesystems/cifs/cifsd.rst @@ -114,8 +114,8 @@ How to run # ksmbd.adduser -a <Enter USERNAME for SMB share access>

3. Create /etc/ksmbd/smb.conf file, add SMB share in smb.conf file - - Refer smb.conf.example and Documentation/configuration.txt - in ksmbd-tools + - Refer smb.conf.example and + https://github.com/cifsd-team/ksmbd-tools/blob/master/Documentation/configur...

4. Insert ksmbd.ko module

From patchwork Mon Nov 14 12:50:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183230 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:15 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:15 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:14 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 133/308] cifsd: add ksmbd/nfsd interoperability to feature table Date: Mon, 14 Nov 2022 20:50:42 +0800 Message-ID: 20221114125337.1831594-134-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: f3738148-efe5-46c2-bf8b-08dac63c66b6 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7063584 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 204fcceb7ccf43034da8e97078153c7c6d0bc84d category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/204fcceb7ccf

-------------------------------

Add ksmbd/nfsd interoperability to feature table and sync with a table in patch cover letter.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- Documentation/filesystems/cifs/cifsd.rst | 32 ++++++++++++++++-------- 1 file changed, 22 insertions(+), 10 deletions(-)

diff --git a/Documentation/filesystems/cifs/cifsd.rst b/Documentation/filesystems/cifs/cifsd.rst index cb9f87b8529f..01a0be272ce6 100644 --- a/Documentation/filesystems/cifs/cifsd.rst +++ b/Documentation/filesystems/cifs/cifsd.rst @@ -67,7 +67,8 @@ CIFSD Feature Status Feature name Status ============================== ================================================= Dialects Supported. SMB2.1 SMB3.0, SMB3.1.1 dialects - excluding security vulnerable SMB1. + (intentionally excludes security vulnerable SMB1 + dialect). Auto Negotiation Supported. Compound Request Supported. Oplock Cache Mechanism Supported. @@ -79,26 +80,37 @@ HMAC-SHA256 Signing Supported. Secure negotiate Supported. Signing Update Supported. Pre-authentication integrity Supported. -SMB3 encryption(CCM, GCM) Supported. -SMB direct(RDMA) Partial Supported. SMB3 Multi-channel is required - to connect to Windows client. +SMB3 encryption(CCM, GCM) Supported. (CCM and GCM128 supported, GCM256 in + progress) +SMB direct(RDMA) Partially Supported. SMB3 Multi-channel is + required to connect to Windows client. SMB3 Multi-channel In Progress. SMB3.1.1 POSIX extension Supported. -ACLs Partial Supported. only DACLs available, SACLs is - planned for future. ksmbd generate random subauth +ACLs Partially Supported. only DACLs available, SACLs + (auditing) is planned for the future. For + ownership (SIDs) ksmbd generates random subauth values(then store it to disk) and use uid/gid get from inode as RID for local domain SID. The current acl implementation is limited to standalone server, not a domain member. + Integration with Samba tools is being worked on + to allow future support for running as a domain + member. Kerberos Supported. Durable handle v1,v2 Planned for future. Persistent handle Planned for future. SMB2 notify Planned for future. Sparse file support Supported. -DCE/RPC support Partial Supported. a few calls(NetShareEnumAll, - NetServerGetInfo, SAMR, LSARPC) that needed as - file server via netlink interface from - ksmbd.mountd. +DCE/RPC support Partially Supported. a few calls(NetShareEnumAll, + NetServerGetInfo, SAMR, LSARPC) that are needed + for file server handled via netlink interface + from ksmbd.mountd. Additional integration with + Samba tools and libraries via upcall is being + investigated to allow support for additional + DCE/RPC management calls (and future support + for Witness protocol e.g.) +ksmbd/nfsd interoperability Planned for future. The features that ksmbd + support are Leases, Notify, ACLs and Share modes. ============================== =================================================

From patchwork Mon Nov 14 12:50:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183231 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:15 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:15 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:15 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 134/308] cifsd: fix WARNING: document isn't included in any toctree Date: Mon, 14 Nov 2022 20:50:43 +0800 Message-ID: 20221114125337.1831594-135-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 67e4c679-c1c5-4488-776a-08dac63c66ff X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6934990 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 42da4086b987fbb35562e93e534e57ad3f81f855 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/42da4086b987

-------------------------------

Stephen reported a warning message from cifsd.rst file.

Documentation/filesystems/cifs/cifsd.rst: WARNING: document isn't included in any toctree

Reported-by: Stephen Rothwell sfr@canb.auug.org.au Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- Documentation/filesystems/index.rst | 1 + 1 file changed, 1 insertion(+)

diff --git a/Documentation/filesystems/index.rst b/Documentation/filesystems/index.rst index 757684537248..fa9a4a5a15ba 100644 --- a/Documentation/filesystems/index.rst +++ b/Documentation/filesystems/index.rst @@ -71,6 +71,7 @@ Documentation for filesystem implementations. befs bfs btrfs + cifs/cifsd cifs/cifsroot ceph coda

From patchwork Mon Nov 14 12:50:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183232 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:16 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:16 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:15 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 135/308] cifsd: add index.rst in cifs documentation Date: Mon, 14 Nov 2022 20:50:44 +0800 Message-ID: 20221114125337.1831594-136-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: ff866611-bdec-444a-60c2-08dac63c6749 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6717174 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 04165366515a2ba36c78540da776d3a12164f824 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/04165366515a

-------------------------------

Since more than one file is in the cifs document directory, This patch add an index.rst.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- Documentation/filesystems/cifs/index.rst | 10 ++++++++++ Documentation/filesystems/index.rst | 3 +-- 2 files changed, 11 insertions(+), 2 deletions(-) create mode 100644 Documentation/filesystems/cifs/index.rst

diff --git a/Documentation/filesystems/cifs/index.rst b/Documentation/filesystems/cifs/index.rst new file mode 100644 index 000000000000..e762586b5dc7 --- /dev/null +++ b/Documentation/filesystems/cifs/index.rst @@ -0,0 +1,10 @@ +=============================== +CIFS +=============================== + + +.. toctree:: + :maxdepth: 1 + + cifsd + cifsroot diff --git a/Documentation/filesystems/index.rst b/Documentation/filesystems/index.rst index fa9a4a5a15ba..fe691c6c83fd 100644 --- a/Documentation/filesystems/index.rst +++ b/Documentation/filesystems/index.rst @@ -71,8 +71,7 @@ Documentation for filesystem implementations. befs bfs btrfs - cifs/cifsd - cifs/cifsroot + cifs/index ceph coda configfs

From patchwork Mon Nov 14 12:50:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183233 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:16 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:16 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:16 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 136/308] ksmbd: move fs/cifsd to fs/ksmbd Date: Mon, 14 Nov 2022 20:50:45 +0800 Message-ID: 20221114125337.1831594-137-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 64cc95a4-3aea-4fdb-654f-08dac63c6792 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7210761 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 1a93084b9a89818aec0ac7b59a5a51f2112bf203 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/1a93084b9a89

-------------------------------

Move fs/cifsd to fs/ksmbd and rename the remaining cifsd name to ksmbd.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- Documentation/filesystems/cifs/index.rst | 2 +- .../filesystems/cifs/{cifsd.rst => ksmbd.rst} | 10 +++++----- fs/{cifsd => ksmbd}/asn1.c | 0 fs/{cifsd => ksmbd}/asn1.h | 0 fs/{cifsd => ksmbd}/auth.c | 0 fs/{cifsd => ksmbd}/auth.h | 0 fs/{cifsd => ksmbd}/connection.c | 0 fs/{cifsd => ksmbd}/connection.h | 0 fs/{cifsd => ksmbd}/crypto_ctx.c | 0 fs/{cifsd => ksmbd}/crypto_ctx.h | 0 fs/{cifsd => ksmbd}/glob.h | 0 fs/{cifsd => ksmbd}/ksmbd_server.h | 0 fs/{cifsd => ksmbd}/ksmbd_spnego_negtokeninit.asn1 | 0 fs/{cifsd => ksmbd}/ksmbd_spnego_negtokentarg.asn1 | 0 fs/{cifsd => ksmbd}/ksmbd_work.c | 0 fs/{cifsd => ksmbd}/ksmbd_work.h | 0 fs/{cifsd => ksmbd}/mgmt/ksmbd_ida.c | 0 fs/{cifsd => ksmbd}/mgmt/ksmbd_ida.h | 0 fs/{cifsd => ksmbd}/mgmt/share_config.c | 0 fs/{cifsd => ksmbd}/mgmt/share_config.h | 0 fs/{cifsd => ksmbd}/mgmt/tree_connect.c | 0 fs/{cifsd => ksmbd}/mgmt/tree_connect.h | 0 fs/{cifsd => ksmbd}/mgmt/user_config.c | 0 fs/{cifsd => ksmbd}/mgmt/user_config.h | 0 fs/{cifsd => ksmbd}/mgmt/user_session.c | 0 fs/{cifsd => ksmbd}/mgmt/user_session.h | 0 fs/{cifsd => ksmbd}/misc.c | 0 fs/{cifsd => ksmbd}/misc.h | 0 fs/{cifsd => ksmbd}/ndr.c | 0 fs/{cifsd => ksmbd}/ndr.h | 0 fs/{cifsd => ksmbd}/nterr.h | 0 fs/{cifsd => ksmbd}/ntlmssp.h | 0 fs/{cifsd => ksmbd}/oplock.c | 0 fs/{cifsd => ksmbd}/oplock.h | 0 fs/{cifsd => ksmbd}/server.c | 0 fs/{cifsd => ksmbd}/server.h | 0 fs/{cifsd => ksmbd}/smb2misc.c | 0 fs/{cifsd => ksmbd}/smb2ops.c | 0 fs/{cifsd => ksmbd}/smb2pdu.c | 0 fs/{cifsd => ksmbd}/smb2pdu.h | 0 fs/{cifsd => ksmbd}/smb_common.c | 0 fs/{cifsd => ksmbd}/smb_common.h | 0 fs/{cifsd => ksmbd}/smbacl.c | 0 fs/{cifsd => ksmbd}/smbacl.h | 0 fs/{cifsd => ksmbd}/smbfsctl.h | 0 fs/{cifsd => ksmbd}/smbstatus.h | 0 fs/{cifsd => ksmbd}/transport_ipc.c | 0 fs/{cifsd => ksmbd}/transport_ipc.h | 0 fs/{cifsd => ksmbd}/transport_rdma.c | 0 fs/{cifsd => ksmbd}/transport_rdma.h | 0 fs/{cifsd => ksmbd}/transport_tcp.c | 0 fs/{cifsd => ksmbd}/transport_tcp.h | 0 fs/{cifsd => ksmbd}/unicode.c | 0 fs/{cifsd => ksmbd}/unicode.h | 0 fs/{cifsd => ksmbd}/uniupr.h | 0 fs/{cifsd => ksmbd}/vfs.c | 0 fs/{cifsd => ksmbd}/vfs.h | 0 fs/{cifsd => ksmbd}/vfs_cache.c | 0 fs/{cifsd => ksmbd}/vfs_cache.h | 0 59 files changed, 6 insertions(+), 6 deletions(-) rename Documentation/filesystems/cifs/{cifsd.rst => ksmbd.rst} (98%) rename fs/{cifsd => ksmbd}/asn1.c (100%) rename fs/{cifsd => ksmbd}/asn1.h (100%) rename fs/{cifsd => ksmbd}/auth.c (100%) rename fs/{cifsd => ksmbd}/auth.h (100%) rename fs/{cifsd => ksmbd}/connection.c (100%) rename fs/{cifsd => ksmbd}/connection.h (100%) rename fs/{cifsd => ksmbd}/crypto_ctx.c (100%) rename fs/{cifsd => ksmbd}/crypto_ctx.h (100%) rename fs/{cifsd => ksmbd}/glob.h (100%) rename fs/{cifsd => ksmbd}/ksmbd_server.h (100%) rename fs/{cifsd => ksmbd}/ksmbd_spnego_negtokeninit.asn1 (100%) rename fs/{cifsd => ksmbd}/ksmbd_spnego_negtokentarg.asn1 (100%) rename fs/{cifsd => ksmbd}/ksmbd_work.c (100%) rename fs/{cifsd => ksmbd}/ksmbd_work.h (100%) rename fs/{cifsd => ksmbd}/mgmt/ksmbd_ida.c (100%) rename fs/{cifsd => ksmbd}/mgmt/ksmbd_ida.h (100%) rename fs/{cifsd => ksmbd}/mgmt/share_config.c (100%) rename fs/{cifsd => ksmbd}/mgmt/share_config.h (100%) rename fs/{cifsd => ksmbd}/mgmt/tree_connect.c (100%) rename fs/{cifsd => ksmbd}/mgmt/tree_connect.h (100%) rename fs/{cifsd => ksmbd}/mgmt/user_config.c (100%) rename fs/{cifsd => ksmbd}/mgmt/user_config.h (100%) rename fs/{cifsd => ksmbd}/mgmt/user_session.c (100%) rename fs/{cifsd => ksmbd}/mgmt/user_session.h (100%) rename fs/{cifsd => ksmbd}/misc.c (100%) rename fs/{cifsd => ksmbd}/misc.h (100%) rename fs/{cifsd => ksmbd}/ndr.c (100%) rename fs/{cifsd => ksmbd}/ndr.h (100%) rename fs/{cifsd => ksmbd}/nterr.h (100%) rename fs/{cifsd => ksmbd}/ntlmssp.h (100%) rename fs/{cifsd => ksmbd}/oplock.c (100%) rename fs/{cifsd => ksmbd}/oplock.h (100%) rename fs/{cifsd => ksmbd}/server.c (100%) rename fs/{cifsd => ksmbd}/server.h (100%) rename fs/{cifsd => ksmbd}/smb2misc.c (100%) rename fs/{cifsd => ksmbd}/smb2ops.c (100%) rename fs/{cifsd => ksmbd}/smb2pdu.c (100%) rename fs/{cifsd => ksmbd}/smb2pdu.h (100%) rename fs/{cifsd => ksmbd}/smb_common.c (100%) rename fs/{cifsd => ksmbd}/smb_common.h (100%) rename fs/{cifsd => ksmbd}/smbacl.c (100%) rename fs/{cifsd => ksmbd}/smbacl.h (100%) rename fs/{cifsd => ksmbd}/smbfsctl.h (100%) rename fs/{cifsd => ksmbd}/smbstatus.h (100%) rename fs/{cifsd => ksmbd}/transport_ipc.c (100%) rename fs/{cifsd => ksmbd}/transport_ipc.h (100%) rename fs/{cifsd => ksmbd}/transport_rdma.c (100%) rename fs/{cifsd => ksmbd}/transport_rdma.h (100%) rename fs/{cifsd => ksmbd}/transport_tcp.c (100%) rename fs/{cifsd => ksmbd}/transport_tcp.h (100%) rename fs/{cifsd => ksmbd}/unicode.c (100%) rename fs/{cifsd => ksmbd}/unicode.h (100%) rename fs/{cifsd => ksmbd}/uniupr.h (100%) rename fs/{cifsd => ksmbd}/vfs.c (100%) rename fs/{cifsd => ksmbd}/vfs.h (100%) rename fs/{cifsd => ksmbd}/vfs_cache.c (100%) rename fs/{cifsd => ksmbd}/vfs_cache.h (100%)

diff --git a/Documentation/filesystems/cifs/index.rst b/Documentation/filesystems/cifs/index.rst index e762586b5dc7..1c8597a679ab 100644 --- a/Documentation/filesystems/cifs/index.rst +++ b/Documentation/filesystems/cifs/index.rst @@ -6,5 +6,5 @@ CIFS .. toctree:: :maxdepth: 1

- cifsd + ksmbd cifsroot diff --git a/Documentation/filesystems/cifs/cifsd.rst b/Documentation/filesystems/cifs/ksmbd.rst similarity index 98% rename from Documentation/filesystems/cifs/cifsd.rst rename to Documentation/filesystems/cifs/ksmbd.rst index 01a0be272ce6..1e111efecd45 100644 --- a/Documentation/filesystems/cifs/cifsd.rst +++ b/Documentation/filesystems/cifs/ksmbd.rst @@ -1,13 +1,13 @@ .. SPDX-License-Identifier: GPL-2.0

========================== -CIFSD - SMB3 Kernel Server +KSMBD - SMB3 Kernel Server ==========================

-CIFSD is a linux kernel server which implements SMB3 protocol in kernel space +KSMBD is a linux kernel server which implements SMB3 protocol in kernel space for sharing files over network.

-CIFSD architecture +KSMBD architecture ==================

The subset of performance related operations belong in kernelspace and @@ -60,7 +60,7 @@ NetServerGetInfo. Complete DCE/RPC response is prepared from the user space and passed over to the associated kernel thread for the client.

-CIFSD Feature Status +KSMBD Feature Status ====================

============================== ================================================= @@ -138,7 +138,7 @@ How to run

6. Access share from Windows or Linux using CIFS

-Shutdown CIFSD +Shutdown KSMBD ==============

1. kill user and kernel space daemon diff --git a/fs/cifsd/asn1.c b/fs/ksmbd/asn1.c similarity index 100% rename from fs/cifsd/asn1.c rename to fs/ksmbd/asn1.c diff --git a/fs/cifsd/asn1.h b/fs/ksmbd/asn1.h similarity index 100% rename from fs/cifsd/asn1.h rename to fs/ksmbd/asn1.h diff --git a/fs/cifsd/auth.c b/fs/ksmbd/auth.c similarity index 100% rename from fs/cifsd/auth.c rename to fs/ksmbd/auth.c diff --git a/fs/cifsd/auth.h b/fs/ksmbd/auth.h similarity index 100% rename from fs/cifsd/auth.h rename to fs/ksmbd/auth.h diff --git a/fs/cifsd/connection.c b/fs/ksmbd/connection.c similarity index 100% rename from fs/cifsd/connection.c rename to fs/ksmbd/connection.c diff --git a/fs/cifsd/connection.h b/fs/ksmbd/connection.h similarity index 100% rename from fs/cifsd/connection.h rename to fs/ksmbd/connection.h diff --git a/fs/cifsd/crypto_ctx.c b/fs/ksmbd/crypto_ctx.c similarity index 100% rename from fs/cifsd/crypto_ctx.c rename to fs/ksmbd/crypto_ctx.c diff --git a/fs/cifsd/crypto_ctx.h b/fs/ksmbd/crypto_ctx.h similarity index 100% rename from fs/cifsd/crypto_ctx.h rename to fs/ksmbd/crypto_ctx.h diff --git a/fs/cifsd/glob.h b/fs/ksmbd/glob.h similarity index 100% rename from fs/cifsd/glob.h rename to fs/ksmbd/glob.h diff --git a/fs/cifsd/ksmbd_server.h b/fs/ksmbd/ksmbd_server.h similarity index 100% rename from fs/cifsd/ksmbd_server.h rename to fs/ksmbd/ksmbd_server.h diff --git a/fs/cifsd/ksmbd_spnego_negtokeninit.asn1 b/fs/ksmbd/ksmbd_spnego_negtokeninit.asn1 similarity index 100% rename from fs/cifsd/ksmbd_spnego_negtokeninit.asn1 rename to fs/ksmbd/ksmbd_spnego_negtokeninit.asn1 diff --git a/fs/cifsd/ksmbd_spnego_negtokentarg.asn1 b/fs/ksmbd/ksmbd_spnego_negtokentarg.asn1 similarity index 100% rename from fs/cifsd/ksmbd_spnego_negtokentarg.asn1 rename to fs/ksmbd/ksmbd_spnego_negtokentarg.asn1 diff --git a/fs/cifsd/ksmbd_work.c b/fs/ksmbd/ksmbd_work.c similarity index 100% rename from fs/cifsd/ksmbd_work.c rename to fs/ksmbd/ksmbd_work.c diff --git a/fs/cifsd/ksmbd_work.h b/fs/ksmbd/ksmbd_work.h similarity index 100% rename from fs/cifsd/ksmbd_work.h rename to fs/ksmbd/ksmbd_work.h diff --git a/fs/cifsd/mgmt/ksmbd_ida.c b/fs/ksmbd/mgmt/ksmbd_ida.c similarity index 100% rename from fs/cifsd/mgmt/ksmbd_ida.c rename to fs/ksmbd/mgmt/ksmbd_ida.c diff --git a/fs/cifsd/mgmt/ksmbd_ida.h b/fs/ksmbd/mgmt/ksmbd_ida.h similarity index 100% rename from fs/cifsd/mgmt/ksmbd_ida.h rename to fs/ksmbd/mgmt/ksmbd_ida.h diff --git a/fs/cifsd/mgmt/share_config.c b/fs/ksmbd/mgmt/share_config.c similarity index 100% rename from fs/cifsd/mgmt/share_config.c rename to fs/ksmbd/mgmt/share_config.c diff --git a/fs/cifsd/mgmt/share_config.h b/fs/ksmbd/mgmt/share_config.h similarity index 100% rename from fs/cifsd/mgmt/share_config.h rename to fs/ksmbd/mgmt/share_config.h diff --git a/fs/cifsd/mgmt/tree_connect.c b/fs/ksmbd/mgmt/tree_connect.c similarity index 100% rename from fs/cifsd/mgmt/tree_connect.c rename to fs/ksmbd/mgmt/tree_connect.c diff --git a/fs/cifsd/mgmt/tree_connect.h b/fs/ksmbd/mgmt/tree_connect.h similarity index 100% rename from fs/cifsd/mgmt/tree_connect.h rename to fs/ksmbd/mgmt/tree_connect.h diff --git a/fs/cifsd/mgmt/user_config.c b/fs/ksmbd/mgmt/user_config.c similarity index 100% rename from fs/cifsd/mgmt/user_config.c rename to fs/ksmbd/mgmt/user_config.c diff --git a/fs/cifsd/mgmt/user_config.h b/fs/ksmbd/mgmt/user_config.h similarity index 100% rename from fs/cifsd/mgmt/user_config.h rename to fs/ksmbd/mgmt/user_config.h diff --git a/fs/cifsd/mgmt/user_session.c b/fs/ksmbd/mgmt/user_session.c similarity index 100% rename from fs/cifsd/mgmt/user_session.c rename to fs/ksmbd/mgmt/user_session.c diff --git a/fs/cifsd/mgmt/user_session.h b/fs/ksmbd/mgmt/user_session.h similarity index 100% rename from fs/cifsd/mgmt/user_session.h rename to fs/ksmbd/mgmt/user_session.h diff --git a/fs/cifsd/misc.c b/fs/ksmbd/misc.c similarity index 100% rename from fs/cifsd/misc.c rename to fs/ksmbd/misc.c diff --git a/fs/cifsd/misc.h b/fs/ksmbd/misc.h similarity index 100% rename from fs/cifsd/misc.h rename to fs/ksmbd/misc.h diff --git a/fs/cifsd/ndr.c b/fs/ksmbd/ndr.c similarity index 100% rename from fs/cifsd/ndr.c rename to fs/ksmbd/ndr.c diff --git a/fs/cifsd/ndr.h b/fs/ksmbd/ndr.h similarity index 100% rename from fs/cifsd/ndr.h rename to fs/ksmbd/ndr.h diff --git a/fs/cifsd/nterr.h b/fs/ksmbd/nterr.h similarity index 100% rename from fs/cifsd/nterr.h rename to fs/ksmbd/nterr.h diff --git a/fs/cifsd/ntlmssp.h b/fs/ksmbd/ntlmssp.h similarity index 100% rename from fs/cifsd/ntlmssp.h rename to fs/ksmbd/ntlmssp.h diff --git a/fs/cifsd/oplock.c b/fs/ksmbd/oplock.c similarity index 100% rename from fs/cifsd/oplock.c rename to fs/ksmbd/oplock.c diff --git a/fs/cifsd/oplock.h b/fs/ksmbd/oplock.h similarity index 100% rename from fs/cifsd/oplock.h rename to fs/ksmbd/oplock.h diff --git a/fs/cifsd/server.c b/fs/ksmbd/server.c similarity index 100% rename from fs/cifsd/server.c rename to fs/ksmbd/server.c diff --git a/fs/cifsd/server.h b/fs/ksmbd/server.h similarity index 100% rename from fs/cifsd/server.h rename to fs/ksmbd/server.h diff --git a/fs/cifsd/smb2misc.c b/fs/ksmbd/smb2misc.c similarity index 100% rename from fs/cifsd/smb2misc.c rename to fs/ksmbd/smb2misc.c diff --git a/fs/cifsd/smb2ops.c b/fs/ksmbd/smb2ops.c similarity index 100% rename from fs/cifsd/smb2ops.c rename to fs/ksmbd/smb2ops.c diff --git a/fs/cifsd/smb2pdu.c b/fs/ksmbd/smb2pdu.c similarity index 100% rename from fs/cifsd/smb2pdu.c rename to fs/ksmbd/smb2pdu.c diff --git a/fs/cifsd/smb2pdu.h b/fs/ksmbd/smb2pdu.h similarity index 100% rename from fs/cifsd/smb2pdu.h rename to fs/ksmbd/smb2pdu.h diff --git a/fs/cifsd/smb_common.c b/fs/ksmbd/smb_common.c similarity index 100% rename from fs/cifsd/smb_common.c rename to fs/ksmbd/smb_common.c diff --git a/fs/cifsd/smb_common.h b/fs/ksmbd/smb_common.h similarity index 100% rename from fs/cifsd/smb_common.h rename to fs/ksmbd/smb_common.h diff --git a/fs/cifsd/smbacl.c b/fs/ksmbd/smbacl.c similarity index 100% rename from fs/cifsd/smbacl.c rename to fs/ksmbd/smbacl.c diff --git a/fs/cifsd/smbacl.h b/fs/ksmbd/smbacl.h similarity index 100% rename from fs/cifsd/smbacl.h rename to fs/ksmbd/smbacl.h diff --git a/fs/cifsd/smbfsctl.h b/fs/ksmbd/smbfsctl.h similarity index 100% rename from fs/cifsd/smbfsctl.h rename to fs/ksmbd/smbfsctl.h diff --git a/fs/cifsd/smbstatus.h b/fs/ksmbd/smbstatus.h similarity index 100% rename from fs/cifsd/smbstatus.h rename to fs/ksmbd/smbstatus.h diff --git a/fs/cifsd/transport_ipc.c b/fs/ksmbd/transport_ipc.c similarity index 100% rename from fs/cifsd/transport_ipc.c rename to fs/ksmbd/transport_ipc.c diff --git a/fs/cifsd/transport_ipc.h b/fs/ksmbd/transport_ipc.h similarity index 100% rename from fs/cifsd/transport_ipc.h rename to fs/ksmbd/transport_ipc.h diff --git a/fs/cifsd/transport_rdma.c b/fs/ksmbd/transport_rdma.c similarity index 100% rename from fs/cifsd/transport_rdma.c rename to fs/ksmbd/transport_rdma.c diff --git a/fs/cifsd/transport_rdma.h b/fs/ksmbd/transport_rdma.h similarity index 100% rename from fs/cifsd/transport_rdma.h rename to fs/ksmbd/transport_rdma.h diff --git a/fs/cifsd/transport_tcp.c b/fs/ksmbd/transport_tcp.c similarity index 100% rename from fs/cifsd/transport_tcp.c rename to fs/ksmbd/transport_tcp.c diff --git a/fs/cifsd/transport_tcp.h b/fs/ksmbd/transport_tcp.h similarity index 100% rename from fs/cifsd/transport_tcp.h rename to fs/ksmbd/transport_tcp.h diff --git a/fs/cifsd/unicode.c b/fs/ksmbd/unicode.c similarity index 100% rename from fs/cifsd/unicode.c rename to fs/ksmbd/unicode.c diff --git a/fs/cifsd/unicode.h b/fs/ksmbd/unicode.h similarity index 100% rename from fs/cifsd/unicode.h rename to fs/ksmbd/unicode.h diff --git a/fs/cifsd/uniupr.h b/fs/ksmbd/uniupr.h similarity index 100% rename from fs/cifsd/uniupr.h rename to fs/ksmbd/uniupr.h diff --git a/fs/cifsd/vfs.c b/fs/ksmbd/vfs.c similarity index 100% rename from fs/cifsd/vfs.c rename to fs/ksmbd/vfs.c diff --git a/fs/cifsd/vfs.h b/fs/ksmbd/vfs.h similarity index 100% rename from fs/cifsd/vfs.h rename to fs/ksmbd/vfs.h diff --git a/fs/cifsd/vfs_cache.c b/fs/ksmbd/vfs_cache.c similarity index 100% rename from fs/cifsd/vfs_cache.c rename to fs/ksmbd/vfs_cache.c diff --git a/fs/cifsd/vfs_cache.h b/fs/ksmbd/vfs_cache.h similarity index 100% rename from fs/cifsd/vfs_cache.h rename to fs/ksmbd/vfs_cache.h

From patchwork Mon Nov 14 12:50:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183234 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:17 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:17 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:16 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 137/308] ksmbd: factor out a ksmbd_vfs_lock_parent helper Date: Mon, 14 Nov 2022 20:50:46 +0800 Message-ID: 20221114125337.1831594-138-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: a913d36a-52d7-47b5-6969-08dac63c67db X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7191504 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit 333111a6dc32a2768f581876bdb5ef4231f5084e category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/333111a6dc32

-------------------------------

Factor out a self-contained helper to get stable parent dentry.

Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/vfs.c | 125 ++++++++++++++++++++++++------------------------- 1 file changed, 62 insertions(+), 63 deletions(-)

diff --git a/fs/ksmbd/vfs.c b/fs/ksmbd/vfs.c index fddabb4c7db6..e64eab7a58a8 100644 --- a/fs/ksmbd/vfs.c +++ b/fs/ksmbd/vfs.c @@ -60,6 +60,41 @@ static void ksmbd_vfs_inherit_owner(struct ksmbd_work *work, i_uid_write(inode, i_uid_read(parent_inode)); }

+/** + * ksmbd_vfs_lock_parent() - lock parent dentry if it is stable + * + * the parent dentry got by dget_parent or @parent could be + * unstable, we try to lock a parent inode and lookup the + * child dentry again. + * + * the reference count of @parent isn't incremented. + */ +static int ksmbd_vfs_lock_parent(struct dentry *parent, struct dentry *child) +{ + struct dentry *dentry; + int ret = 0; + + inode_lock_nested(d_inode(parent), I_MUTEX_PARENT); + dentry = lookup_one_len(child->d_name.name, parent, + child->d_name.len); + if (IS_ERR(dentry)) { + ret = PTR_ERR(dentry); + goto out_err; + } + + if (dentry != child) { + ret = -ESTALE; + dput(dentry); + goto out_err; + } + + dput(dentry); + return 0; +out_err: + inode_unlock(d_inode(parent)); + return ret; +} + int ksmbd_vfs_inode_permission(struct dentry *dentry, int acc_mode, bool delete) { int mask, ret = 0; @@ -78,29 +113,18 @@ int ksmbd_vfs_inode_permission(struct dentry *dentry, int acc_mode, bool delete) return -EACCES;

if (delete) { - struct dentry *child, *parent; + struct dentry *parent;

parent = dget_parent(dentry); - inode_lock_nested(d_inode(parent), I_MUTEX_PARENT); - child = lookup_one_len(dentry->d_name.name, parent, - dentry->d_name.len); - if (IS_ERR(child)) { - ret = PTR_ERR(child); - goto out_lock; - } - - if (child != dentry) { - ret = -ESTALE; - dput(child); - goto out_lock; + ret = ksmbd_vfs_lock_parent(parent, dentry); + if (ret) { + dput(parent); + return ret; } - dput(child);

- if (inode_permission(&init_user_ns, d_inode(parent), MAY_EXEC | MAY_WRITE)) { + if (inode_permission(&init_user_ns, d_inode(parent), MAY_EXEC | MAY_WRITE)) ret = -EACCES; - goto out_lock; - } -out_lock: + inode_unlock(d_inode(parent)); dput(parent); } @@ -109,7 +133,7 @@ int ksmbd_vfs_inode_permission(struct dentry *dentry, int acc_mode, bool delete)

int ksmbd_vfs_query_maximal_access(struct dentry *dentry, __le32 *daccess) { - struct dentry *parent, *child; + struct dentry *parent; int ret = 0;

*daccess = cpu_to_le32(FILE_READ_ATTRIBUTES | READ_CONTROL); @@ -127,25 +151,15 @@ int ksmbd_vfs_query_maximal_access(struct dentry *dentry, __le32 *daccess) *daccess |= FILE_EXECUTE_LE;

parent = dget_parent(dentry); - inode_lock_nested(d_inode(parent), I_MUTEX_PARENT); - child = lookup_one_len(dentry->d_name.name, parent, - dentry->d_name.len); - if (IS_ERR(child)) { - ret = PTR_ERR(child); - goto out_lock; - } - - if (child != dentry) { - ret = -ESTALE; - dput(child); - goto out_lock; + ret = ksmbd_vfs_lock_parent(parent, dentry); + if (ret) { + dput(parent); + return ret; } - dput(child);

if (!inode_permission(&init_user_ns, d_inode(parent), MAY_EXEC | MAY_WRITE)) *daccess |= FILE_DELETE_LE;

-out_lock: inode_unlock(d_inode(parent)); dput(parent); return ret; @@ -573,7 +587,7 @@ int ksmbd_vfs_fsync(struct ksmbd_work *work, u64 fid, u64 p_id) int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name) { struct path path; - struct dentry *dentry, *parent; + struct dentry *parent; int err; int flags = 0;

@@ -592,35 +606,32 @@ int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name) }

parent = dget_parent(path.dentry); - inode_lock_nested(d_inode(parent), I_MUTEX_PARENT); - dentry = lookup_one_len(path.dentry->d_name.name, parent, - strlen(path.dentry->d_name.name)); - if (IS_ERR(dentry)) { - err = PTR_ERR(dentry); - ksmbd_debug(VFS, "%s: lookup failed, err %d\n", - path.dentry->d_name.name, err); - goto out_err; + err = ksmbd_vfs_lock_parent(parent, path.dentry); + if (err) { + dput(parent); + path_put(&path); + ksmbd_revert_fsids(work); + return err; }

- if (!d_inode(dentry) || !d_inode(dentry)->i_nlink) { - dput(dentry); + if (!d_inode(path.dentry)->i_nlink) { err = -ENOENT; goto out_err; }

- if (S_ISDIR(d_inode(dentry)->i_mode)) { - err = vfs_rmdir(&init_user_ns, d_inode(parent), dentry); + if (S_ISDIR(d_inode(path.dentry)->i_mode)) { + err = vfs_rmdir(&init_user_ns, d_inode(parent), path.dentry); if (err && err != -ENOTEMPTY) ksmbd_debug(VFS, "%s: rmdir failed, err %d\n", name, err); } else { - err = vfs_unlink(&init_user_ns, d_inode(parent), dentry, NULL); + err = vfs_unlink(&init_user_ns, d_inode(parent), path.dentry, + NULL); if (err) ksmbd_debug(VFS, "%s: unlink failed, err %d\n", name, err); }

- dput(dentry); out_err: inode_unlock(d_inode(parent)); dput(parent); @@ -1086,30 +1097,18 @@ int ksmbd_vfs_remove_xattr(struct dentry *dentry, char *attr_name)

int ksmbd_vfs_unlink(struct dentry *dir, struct dentry *dentry) { - struct dentry *child; int err = 0;

- inode_lock_nested(d_inode(dir), I_MUTEX_PARENT); + err = ksmbd_vfs_lock_parent(dir, dentry); + if (err) + return err; dget(dentry); - child = lookup_one_len(dentry->d_name.name, dir, dentry->d_name.len); - if (IS_ERR(child)) { - err = PTR_ERR(child); - goto out; - } - - if (child != dentry) { - err = -ESTALE; - dput(child); - goto out; - } - dput(child);

if (S_ISDIR(d_inode(dentry)->i_mode)) err = vfs_rmdir(&init_user_ns, d_inode(dir), dentry); else err = vfs_unlink(&init_user_ns, d_inode(dir), dentry, NULL);

-out: dput(dentry); inode_unlock(d_inode(dir)); if (err)

From patchwork Mon Nov 14 12:50:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183235 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:17 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:17 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:17 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 138/308] ksmbd: set MAY_* flags together with open flags Date: Mon, 14 Nov 2022 20:50:47 +0800 Message-ID: 20221114125337.1831594-139-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 3f875ef2-7d55-4569-22e1-08dac63c6824 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6872233 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-v5.15-rc1 commit 6c5e36d13e2a338ed611d2bcc6c615dd0550b17d category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/6c5e36d13e2a

set MAY_* flags together with open flags and remove ksmbd_vfs_inode_permission().

Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 38 ++++++++++++++++++++++++-------------- fs/ksmbd/vfs.c | 42 +++++++++++++----------------------------- fs/ksmbd/vfs.h | 3 +-- 3 files changed, 38 insertions(+), 45 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 1327ae806b17..25715d57c2bb 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -1836,21 +1836,27 @@ int smb2_tree_connect(struct ksmbd_work *work) * @file_present: is file already present * @access: file access flags * @disposition: file disposition flags + * @may_flags: set with MAY_ flags * * Return: file open flags */ static int smb2_create_open_flags(bool file_present, __le32 access, - __le32 disposition) + __le32 disposition, + int *may_flags) { int oflags = O_NONBLOCK | O_LARGEFILE;

if (access & FILE_READ_DESIRED_ACCESS_LE && - access & FILE_WRITE_DESIRE_ACCESS_LE) + access & FILE_WRITE_DESIRE_ACCESS_LE) { oflags |= O_RDWR; - else if (access & FILE_WRITE_DESIRE_ACCESS_LE) + *may_flags = MAY_OPEN | MAY_READ | MAY_WRITE; + } else if (access & FILE_WRITE_DESIRE_ACCESS_LE) { oflags |= O_WRONLY; - else + *may_flags = MAY_OPEN | MAY_WRITE; + } else { oflags |= O_RDONLY; + *may_flags = MAY_OPEN | MAY_READ; + }

if (access == FILE_READ_ATTRIBUTES_LE) oflags |= O_PATH; @@ -1884,6 +1890,7 @@ static int smb2_create_open_flags(bool file_present, __le32 access, break; } } + return oflags; }

@@ -2355,7 +2362,7 @@ int smb2_open(struct ksmbd_work *work) struct create_ea_buf_req *ea_buf = NULL; struct oplock_info *opinfo; __le32 *next_ptr = NULL; - int req_op_level = 0, open_flags = 0, file_info = 0; + int req_op_level = 0, open_flags = 0, may_flags = 0, file_info = 0; int rc = 0, len = 0; int contxt_cnt = 0, query_disk_id = 0; int maximal_access_ctxt = 0, posix_ctxt = 0; @@ -2696,7 +2703,8 @@ int smb2_open(struct ksmbd_work *work) }

open_flags = smb2_create_open_flags(file_present, daccess, - req->CreateDisposition); + req->CreateDisposition, + &may_flags);

if (!test_tree_conn_flag(tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { if (open_flags & O_CREAT) { @@ -2723,21 +2731,23 @@ int smb2_open(struct ksmbd_work *work) goto err_out; } } else if (!already_permitted) { - bool may_delete; - - may_delete = daccess & FILE_DELETE_LE || - req->CreateOptions & FILE_DELETE_ON_CLOSE_LE; - /* FILE_READ_ATTRIBUTE is allowed without inode_permission, * because execute(search) permission on a parent directory, * is already granted. */ if (daccess & ~(FILE_READ_ATTRIBUTES_LE | FILE_READ_CONTROL_LE)) { - rc = ksmbd_vfs_inode_permission(path.dentry, - open_flags & O_ACCMODE, - may_delete); + rc = inode_permission(&init_user_ns, + d_inode(path.dentry), + may_flags); if (rc) goto err_out; + + if ((daccess & FILE_DELETE_LE) || + (req->CreateOptions & FILE_DELETE_ON_CLOSE_LE)) { + rc = ksmbd_vfs_may_delete(path.dentry); + if (rc) + goto err_out; + } } }

diff --git a/fs/ksmbd/vfs.c b/fs/ksmbd/vfs.c index e64eab7a58a8..6181a58e8a33 100644 --- a/fs/ksmbd/vfs.c +++ b/fs/ksmbd/vfs.c @@ -95,39 +95,23 @@ static int ksmbd_vfs_lock_parent(struct dentry *parent, struct dentry *child) return ret; }

-int ksmbd_vfs_inode_permission(struct dentry *dentry, int acc_mode, bool delete) +int ksmbd_vfs_may_delete(struct dentry *dentry) { - int mask, ret = 0; - - mask = 0; - acc_mode &= O_ACCMODE; - - if (acc_mode == O_RDONLY) - mask = MAY_READ; - else if (acc_mode == O_WRONLY) - mask = MAY_WRITE; - else if (acc_mode == O_RDWR) - mask = MAY_READ | MAY_WRITE; - - if (inode_permission(&init_user_ns, d_inode(dentry), mask | MAY_OPEN)) - return -EACCES; - - if (delete) { - struct dentry *parent; - - parent = dget_parent(dentry); - ret = ksmbd_vfs_lock_parent(parent, dentry); - if (ret) { - dput(parent); - return ret; - } - - if (inode_permission(&init_user_ns, d_inode(parent), MAY_EXEC | MAY_WRITE)) - ret = -EACCES; + struct dentry *parent; + int ret;

- inode_unlock(d_inode(parent)); + parent = dget_parent(dentry); + ret = ksmbd_vfs_lock_parent(parent, dentry); + if (ret) { dput(parent); + return ret; } + + ret = inode_permission(&init_user_ns, d_inode(parent), + MAY_EXEC | MAY_WRITE); + + inode_unlock(d_inode(parent)); + dput(parent); return ret; }

diff --git a/fs/ksmbd/vfs.h b/fs/ksmbd/vfs.h index 49f0558ace32..ae8eff1f0315 100644 --- a/fs/ksmbd/vfs.h +++ b/fs/ksmbd/vfs.h @@ -192,8 +192,7 @@ struct ksmbd_kstat { __le32 file_attributes; };

-int ksmbd_vfs_inode_permission(struct dentry *dentry, int acc_mode, - bool delete); +int ksmbd_vfs_may_delete(struct dentry *dentry); int ksmbd_vfs_query_maximal_access(struct dentry *dentry, __le32 *daccess); int ksmbd_vfs_create(struct ksmbd_work *work, const char *name, umode_t mode); int ksmbd_vfs_mkdir(struct ksmbd_work *work, const char *name, umode_t mode);

From patchwork Mon Nov 14 12:50:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183236 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:18 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:18 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:17 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 139/308] ksmbd: remove macros in transport_ipc.c Date: Mon, 14 Nov 2022 20:50:48 +0800 Message-ID: 20221114125337.1831594-140-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 2905400f-6411-4d5e-ff8d-08dac63c686c X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6852905 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit b622948789a96a8f347c8e77e18d100c7f1a78fa category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/b622948789a9

-------------------------------

Remove macros in transport_ipc.c

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/transport_ipc.c | 35 +++++++++++++++-------------------- 1 file changed, 15 insertions(+), 20 deletions(-)

diff --git a/fs/ksmbd/transport_ipc.c b/fs/ksmbd/transport_ipc.c index 13eacfda64ac..ca5099118fdf 100644 --- a/fs/ksmbd/transport_ipc.c +++ b/fs/ksmbd/transport_ipc.c @@ -38,8 +38,6 @@ static DEFINE_IDA(ipc_ida);

static unsigned int ksmbd_tools_pid;

-#define KSMBD_IPC_MSG_HANDLE(m) (*(unsigned int *)m) - static bool ksmbd_ipc_validate_version(struct genl_info *m) { if (m->genlhdr->version != KSMBD_GENL_VERSION) { @@ -56,12 +54,9 @@ static bool ksmbd_ipc_validate_version(struct genl_info *m) struct ksmbd_ipc_msg { unsigned int type; unsigned int sz; - unsigned char ____payload[0]; + unsigned char payload[]; };

-#define KSMBD_IPC_MSG_PAYLOAD(m) \ - ((void *)(((struct ksmbd_ipc_msg *)(m))->____payload)) - struct ipc_msg_table_entry { unsigned int handle; unsigned int type; @@ -251,7 +246,7 @@ static void ipc_msg_handle_free(int handle)

static int handle_response(int type, void *payload, size_t sz) { - int handle = KSMBD_IPC_MSG_HANDLE(payload); + unsigned int handle = *(unsigned int *)payload; struct ipc_msg_table_entry *entry; int ret = 0;

@@ -432,7 +427,7 @@ static int ipc_msg_send(struct ksmbd_ipc_msg *msg) if (!nlh) goto out;

- ret = nla_put(skb, msg->type, msg->sz, KSMBD_IPC_MSG_PAYLOAD(msg)); + ret = nla_put(skb, msg->type, msg->sz, msg->payload); if (ret) { genlmsg_cancel(skb, nlh); goto out; @@ -509,7 +504,7 @@ struct ksmbd_login_response *ksmbd_ipc_login_request(const char *account) return NULL;

msg->type = KSMBD_EVENT_LOGIN_REQUEST; - req = KSMBD_IPC_MSG_PAYLOAD(msg); + req = (struct ksmbd_login_request *)msg->payload; req->handle = ksmbd_acquire_id(&ipc_ida); strscpy(req->account, account, KSMBD_REQ_MAX_ACCOUNT_NAME_SZ);

@@ -532,7 +527,7 @@ ksmbd_ipc_spnego_authen_request(const char *spnego_blob, int blob_len) return NULL;

msg->type = KSMBD_EVENT_SPNEGO_AUTHEN_REQUEST; - req = KSMBD_IPC_MSG_PAYLOAD(msg); + req = (struct ksmbd_spnego_authen_request *)msg->payload; req->handle = ksmbd_acquire_id(&ipc_ida); req->spnego_blob_len = blob_len; memcpy(req->spnego_blob, spnego_blob, blob_len); @@ -564,7 +559,7 @@ ksmbd_ipc_tree_connect_request(struct ksmbd_session *sess, return NULL;

msg->type = KSMBD_EVENT_TREE_CONNECT_REQUEST; - req = KSMBD_IPC_MSG_PAYLOAD(msg); + req = (struct ksmbd_tree_connect_request *)msg->payload;

req->handle = ksmbd_acquire_id(&ipc_ida); req->account_flags = sess->user->flags; @@ -597,7 +592,7 @@ int ksmbd_ipc_tree_disconnect_request(unsigned long long session_id, return -ENOMEM;

msg->type = KSMBD_EVENT_TREE_DISCONNECT_REQUEST; - req = KSMBD_IPC_MSG_PAYLOAD(msg); + req = (struct ksmbd_tree_disconnect_request *)msg->payload; req->session_id = session_id; req->connect_id = connect_id;

@@ -620,7 +615,7 @@ int ksmbd_ipc_logout_request(const char *account) return -ENOMEM;

msg->type = KSMBD_EVENT_LOGOUT_REQUEST; - req = KSMBD_IPC_MSG_PAYLOAD(msg); + req = (struct ksmbd_logout_request *)msg->payload; strscpy(req->account, account, KSMBD_REQ_MAX_ACCOUNT_NAME_SZ);

ret = ipc_msg_send(msg); @@ -643,7 +638,7 @@ ksmbd_ipc_share_config_request(const char *name) return NULL;

msg->type = KSMBD_EVENT_SHARE_CONFIG_REQUEST; - req = KSMBD_IPC_MSG_PAYLOAD(msg); + req = (struct ksmbd_share_config_request *)msg->payload; req->handle = ksmbd_acquire_id(&ipc_ida); strscpy(req->share_name, name, KSMBD_REQ_MAX_SHARE_NAME);

@@ -664,7 +659,7 @@ struct ksmbd_rpc_command *ksmbd_rpc_open(struct ksmbd_session *sess, int handle) return NULL;

msg->type = KSMBD_EVENT_RPC_REQUEST; - req = KSMBD_IPC_MSG_PAYLOAD(msg); + req = (struct ksmbd_rpc_command *)msg->payload; req->handle = handle; req->flags = ksmbd_session_rpc_method(sess, handle); req->flags |= KSMBD_RPC_OPEN_METHOD; @@ -686,7 +681,7 @@ struct ksmbd_rpc_command *ksmbd_rpc_close(struct ksmbd_session *sess, int handle return NULL;

msg->type = KSMBD_EVENT_RPC_REQUEST; - req = KSMBD_IPC_MSG_PAYLOAD(msg); + req = (struct ksmbd_rpc_command *)msg->payload; req->handle = handle; req->flags = ksmbd_session_rpc_method(sess, handle); req->flags |= KSMBD_RPC_CLOSE_METHOD; @@ -709,7 +704,7 @@ struct ksmbd_rpc_command *ksmbd_rpc_write(struct ksmbd_session *sess, int handle return NULL;

msg->type = KSMBD_EVENT_RPC_REQUEST; - req = KSMBD_IPC_MSG_PAYLOAD(msg); + req = (struct ksmbd_rpc_command *)msg->payload; req->handle = handle; req->flags = ksmbd_session_rpc_method(sess, handle); req->flags |= rpc_context_flags(sess); @@ -733,7 +728,7 @@ struct ksmbd_rpc_command *ksmbd_rpc_read(struct ksmbd_session *sess, int handle) return NULL;

msg->type = KSMBD_EVENT_RPC_REQUEST; - req = KSMBD_IPC_MSG_PAYLOAD(msg); + req = (struct ksmbd_rpc_command *)msg->payload; req->handle = handle; req->flags = ksmbd_session_rpc_method(sess, handle); req->flags |= rpc_context_flags(sess); @@ -757,7 +752,7 @@ struct ksmbd_rpc_command *ksmbd_rpc_ioctl(struct ksmbd_session *sess, int handle return NULL;

msg->type = KSMBD_EVENT_RPC_REQUEST; - req = KSMBD_IPC_MSG_PAYLOAD(msg); + req = (struct ksmbd_rpc_command *)req->payload; req->handle = handle; req->flags = ksmbd_session_rpc_method(sess, handle); req->flags |= rpc_context_flags(sess); @@ -782,7 +777,7 @@ struct ksmbd_rpc_command *ksmbd_rpc_rap(struct ksmbd_session *sess, void *payloa return NULL;

msg->type = KSMBD_EVENT_RPC_REQUEST; - req = KSMBD_IPC_MSG_PAYLOAD(msg); + req = (struct ksmbd_rpc_command *)req->payload; req->handle = ksmbd_acquire_id(&ipc_ida); req->flags = rpc_context_flags(sess); req->flags |= KSMBD_RPC_RAP_METHOD;

From patchwork Mon Nov 14 12:50:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183237 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:18 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:18 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:18 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 140/308] ksmbd: replace BUFFER_NR_PAGES with inline function Date: Mon, 14 Nov 2022 20:50:49 +0800 Message-ID: 20221114125337.1831594-141-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: aea11117-421f-4433-70da-08dac63c68b2 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6526816 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit 8ad8dc34211742c816d45dd2ce62aa103a82f4c2 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/8ad8dc342117

-------------------------------

Replace BUFFER_NR_PAGES with inline function

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/transport_rdma.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c index bd7a090d5350..b3af474d4cad 100644 --- a/fs/ksmbd/transport_rdma.c +++ b/fs/ksmbd/transport_rdma.c @@ -204,9 +204,11 @@ struct smb_direct_rdma_rw_msg { struct scatterlist sg_list[0]; };

-#define BUFFER_NR_PAGES(buf, len) \ - (DIV_ROUND_UP((unsigned long)(buf) + (len), PAGE_SIZE) \ - - (unsigned long)(buf) / PAGE_SIZE) +static inline int get_buf_page_count(void *buf, int size) +{ + return DIV_ROUND_UP((uintptr_t)buf + size, PAGE_SIZE) - + (uintptr_t)buf / PAGE_SIZE; +}

static void smb_direct_destroy_pools(struct smb_direct_transport *transport); static void smb_direct_post_recv_credits(struct work_struct *work); @@ -1048,7 +1050,7 @@ static int get_sg_list(void *buf, int size, struct scatterlist *sg_list, int nen int offset, len; int i = 0;

- if (nentries < BUFFER_NR_PAGES(buf, size)) + if (nentries < get_buf_page_count(buf, size)) return -EINVAL;

offset = offset_in_page(buf); @@ -1338,7 +1340,7 @@ static int smb_direct_rdma_xmit(struct smb_direct_transport *t, void *buf,

msg->sgt.sgl = &msg->sg_list[0]; ret = sg_alloc_table_chained(&msg->sgt, - BUFFER_NR_PAGES(buf, buf_len), + get_buf_page_count(buf, buf_len), msg->sg_list, SG_CHUNK_SIZE); if (ret) { atomic_inc(&t->rw_avail_ops); @@ -1353,7 +1355,7 @@ static int smb_direct_rdma_xmit(struct smb_direct_transport *t, void *buf, }

ret = rdma_rw_ctx_init(&msg->rw_ctx, t->qp, t->qp->port, - msg->sg_list, BUFFER_NR_PAGES(buf, buf_len), + msg->sg_list, get_buf_page_count(buf, buf_len), 0, remote_offset, remote_key, is_read ? DMA_FROM_DEVICE : DMA_TO_DEVICE); if (ret < 0) {

From patchwork Mon Nov 14 12:50:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183238 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:19 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:19 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:18 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 141/308] ksmbd: replace KSMBD_ALIGN with kernel ALIGN macro Date: Mon, 14 Nov 2022 20:50:50 +0800 Message-ID: 20221114125337.1831594-142-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 9a2e3233-4656-439f-2215-08dac63c68f7 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7062487 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit c2220322b4577fc32ad3b7b4ddb856bd1f8c7461 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/c2220322b457

-------------------------------

Replace KSMBD_ALIGN with kernel ALIGN macro

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/ndr.c | 27 ++++++--------------------- 1 file changed, 6 insertions(+), 21 deletions(-)

diff --git a/fs/ksmbd/ndr.c b/fs/ksmbd/ndr.c index 46cc01475d38..db2ec07e076e 100644 --- a/fs/ksmbd/ndr.c +++ b/fs/ksmbd/ndr.c @@ -11,21 +11,6 @@

#define PAYLOAD_HEAD(d) ((d)->data + (d)->offset)

-#define KSMBD_ALIGN_MASK(x, mask) (((x) + (mask)) & ~(mask)) - -#define KSMBD_ALIGN(x, a) \ - ({ \ - typeof(x) ret = (x); \ - if (((x) & ((typeof(x))(a) - 1)) != 0) \ - ret = KSMBD_ALIGN_MASK(x, (typeof(x))(a) - 1); \ - ret; \ - }) - -static void align_offset(struct ndr *ndr, int n) -{ - ndr->offset = KSMBD_ALIGN(ndr->offset, n); -} - static int try_to_realloc_ndr_blob(struct ndr *n, size_t sz) { char *data; @@ -85,7 +70,7 @@ static int ndr_write_string(struct ndr *n, void *value, size_t sz) strncpy(PAYLOAD_HEAD(n), value, sz); sz++; n->offset += sz; - align_offset(n, 2); + n->offset = ALIGN(n->offset, 2); return 0; }

@@ -96,7 +81,7 @@ static int ndr_read_string(struct ndr *n, void *value, size_t sz) memcpy(value, PAYLOAD_HEAD(n), len); len++; n->offset += len; - align_offset(n, 2); + n->offset = ALIGN(n->offset, 2); return 0; }

@@ -210,20 +195,20 @@ static int ndr_encode_posix_acl_entry(struct ndr *n, struct xattr_smb_acl *acl) int i;

ndr_write_int32(n, acl->count); - align_offset(n, 8); + n->offset = ALIGN(n->offset, 8); ndr_write_int32(n, acl->count); ndr_write_int32(n, 0);

for (i = 0; i < acl->count; i++) { - align_offset(n, 8); + n->offset = ALIGN(n->offset, 8); ndr_write_int16(n, acl->entries[i].type); ndr_write_int16(n, acl->entries[i].type);

if (acl->entries[i].type == SMB_ACL_USER) { - align_offset(n, 8); + n->offset = ALIGN(n->offset, 8); ndr_write_int64(n, acl->entries[i].uid); } else if (acl->entries[i].type == SMB_ACL_GROUP) { - align_offset(n, 8); + n->offset = ALIGN(n->offset, 8); ndr_write_int64(n, acl->entries[i].gid); }

From patchwork Mon Nov 14 12:50:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183239 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:19 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:19 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:18 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 142/308] ksmbd: replace PAYLOAD_HEAD with inline function Date: Mon, 14 Nov 2022 20:50:51 +0800 Message-ID: 20221114125337.1831594-143-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 4bc71723-86bc-4a47-2643-08dac63c6940 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6863670 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit cb5b047f8e14e91774f68625dafb130fb160b4eb category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/cb5b047f8e14

-------------------------------

Replace PAYLOAD_HEAD with inline function.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/ndr.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/fs/ksmbd/ndr.c b/fs/ksmbd/ndr.c index db2ec07e076e..bcf13a2aa9d4 100644 --- a/fs/ksmbd/ndr.c +++ b/fs/ksmbd/ndr.c @@ -9,7 +9,10 @@ #include "glob.h" #include "ndr.h"

-#define PAYLOAD_HEAD(d) ((d)->data + (d)->offset) +static inline char *ndr_get_field(struct ndr *n) +{ + return n->data + n->offset; +}

static int try_to_realloc_ndr_blob(struct ndr *n, size_t sz) { @@ -30,7 +33,7 @@ static void ndr_write_int16(struct ndr *n, __u16 value) if (n->length <= n->offset + sizeof(value)) try_to_realloc_ndr_blob(n, sizeof(value));

- *(__le16 *)PAYLOAD_HEAD(n) = cpu_to_le16(value); + *(__le16 *)ndr_get_field(n) = cpu_to_le16(value); n->offset += sizeof(value); }

@@ -39,7 +42,7 @@ static void ndr_write_int32(struct ndr *n, __u32 value) if (n->length <= n->offset + sizeof(value)) try_to_realloc_ndr_blob(n, sizeof(value));

- *(__le32 *)PAYLOAD_HEAD(n) = cpu_to_le32(value); + *(__le32 *)ndr_get_field(n) = cpu_to_le32(value); n->offset += sizeof(value); }

@@ -48,7 +51,7 @@ static void ndr_write_int64(struct ndr *n, __u64 value) if (n->length <= n->offset + sizeof(value)) try_to_realloc_ndr_blob(n, sizeof(value));

- *(__le64 *)PAYLOAD_HEAD(n) = cpu_to_le64(value); + *(__le64 *)ndr_get_field(n) = cpu_to_le64(value); n->offset += sizeof(value); }

@@ -57,7 +60,7 @@ static int ndr_write_bytes(struct ndr *n, void *value, size_t sz) if (n->length <= n->offset + sz) try_to_realloc_ndr_blob(n, sz);

- memcpy(PAYLOAD_HEAD(n), value, sz); + memcpy(ndr_get_field(n), value, sz); n->offset += sz; return 0; } @@ -67,7 +70,7 @@ static int ndr_write_string(struct ndr *n, void *value, size_t sz) if (n->length <= n->offset + sz) try_to_realloc_ndr_blob(n, sz);

- strncpy(PAYLOAD_HEAD(n), value, sz); + strncpy(ndr_get_field(n), value, sz); sz++; n->offset += sz; n->offset = ALIGN(n->offset, 2); @@ -76,9 +79,9 @@ static int ndr_write_string(struct ndr *n, void *value, size_t sz)

static int ndr_read_string(struct ndr *n, void *value, size_t sz) { - int len = strnlen(PAYLOAD_HEAD(n), sz); + int len = strnlen(ndr_get_field(n), sz);

- memcpy(value, PAYLOAD_HEAD(n), len); + memcpy(value, ndr_get_field(n), len); len++; n->offset += len; n->offset = ALIGN(n->offset, 2); @@ -87,7 +90,7 @@ static int ndr_read_string(struct ndr *n, void *value, size_t sz)

static int ndr_read_bytes(struct ndr *n, void *value, size_t sz) { - memcpy(value, PAYLOAD_HEAD(n), sz); + memcpy(value, ndr_get_field(n), sz); n->offset += sz; return 0; } @@ -96,7 +99,7 @@ static __u16 ndr_read_int16(struct ndr *n) { __u16 ret;

- ret = le16_to_cpu(*(__le16 *)PAYLOAD_HEAD(n)); + ret = le16_to_cpu(*(__le16 *)ndr_get_field(n)); n->offset += sizeof(__u16); return ret; } @@ -105,7 +108,7 @@ static __u32 ndr_read_int32(struct ndr *n) { __u32 ret;

- ret = le32_to_cpu(*(__le32 *)PAYLOAD_HEAD(n)); + ret = le32_to_cpu(*(__le32 *)ndr_get_field(n)); n->offset += sizeof(__u32); return ret; } @@ -114,7 +117,7 @@ static __u64 ndr_read_int64(struct ndr *n) { __u64 ret;

- ret = le64_to_cpu(*(__le64 *)PAYLOAD_HEAD(n)); + ret = le64_to_cpu(*(__le64 *)ndr_get_field(n)); n->offset += sizeof(__u64); return ret; }

From patchwork Mon Nov 14 12:50:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183240 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:20 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:19 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:19 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 143/308] ksmbd: remove getting worker state macros Date: Mon, 14 Nov 2022 20:50:52 +0800 Message-ID: 20221114125337.1831594-144-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 2e1806f8-d635-4735-de7b-08dac63c6988 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6523287 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit d4075abbc6b571e9d03d7a742e53fd6085223649 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/d4075abbc6b5

-------------------------------

Remove getting worker state macros

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/ksmbd_work.h | 4 ---- fs/ksmbd/smb2pdu.c | 4 ++-- 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/fs/ksmbd/ksmbd_work.h b/fs/ksmbd/ksmbd_work.h index 0e2d4f3fc49f..a91abd438a85 100644 --- a/fs/ksmbd/ksmbd_work.h +++ b/fs/ksmbd/ksmbd_work.h @@ -86,10 +86,6 @@ struct ksmbd_work { struct list_head interim_entry; };

-#define WORK_CANCELLED(w) ((w)->state == KSMBD_WORK_CANCELLED) -#define WORK_CLOSED(w) ((w)->state == KSMBD_WORK_CLOSED) -#define WORK_ACTIVE(w) ((w)->state == KSMBD_WORK_ACTIVE) - #define RESPONSE_BUF_NEXT(w) \ (((w)->response_buf + (w)->next_smb2_rsp_hdr_off)) #define REQUEST_BUF_NEXT(w) \ diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 25715d57c2bb..38a36390b64d 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -6716,12 +6716,12 @@ int smb2_lock(struct ksmbd_work *work)

err = ksmbd_vfs_posix_lock_wait(flock);

- if (!WORK_ACTIVE(work)) { + if (work->state != KSMBD_WORK_ACTIVE) { list_del(&smb_lock->llist); list_del(&smb_lock->glist); locks_free_lock(flock);

- if (WORK_CANCELLED(work)) { + if (work->state == KSMBD_WORK_CANCELLED) { spin_lock(&fp->f_lock); list_del(&work->fp_entry); spin_unlock(&fp->f_lock);

From patchwork Mon Nov 14 12:50:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183241 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:20 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:20 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:19 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 144/308] ksmbd: remove and replace macros with inline functions in smb_common.h Date: Mon, 14 Nov 2022 20:50:53 +0800 Message-ID: 20221114125337.1831594-145-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: d1dfc558-cf4a-4dc9-e279-08dac63c69d1 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7036974 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit d8fb29980cb5369c4ea520c0b4e1a8893e88f14c category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/d8fb29980cb5

-------------------------------

Remove and replace macros with inline functions in smb_common.h

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/mgmt/user_session.c | 8 +++----- fs/ksmbd/oplock.c | 6 ++++-- fs/ksmbd/smb2pdu.c | 5 +++-- fs/ksmbd/smb_common.h | 12 ++++++------ 4 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/fs/ksmbd/mgmt/user_session.c b/fs/ksmbd/mgmt/user_session.c index c5ba9694e1f1..8d8ffd8c6f19 100644 --- a/fs/ksmbd/mgmt/user_session.c +++ b/fs/ksmbd/mgmt/user_session.c @@ -154,11 +154,9 @@ void ksmbd_session_destroy(struct ksmbd_session *sess)

list_del(&sess->sessions_entry);

- if (IS_SMB2(sess->conn)) { - down_write(&sessions_table_lock); - hash_del(&sess->hlist); - up_write(&sessions_table_lock); - } + down_write(&sessions_table_lock); + hash_del(&sess->hlist); + up_write(&sessions_table_lock);

if (sess->user) ksmbd_free_user(sess->user); diff --git a/fs/ksmbd/oplock.c b/fs/ksmbd/oplock.c index 9027cb7d970f..71e15a591582 100644 --- a/fs/ksmbd/oplock.c +++ b/fs/ksmbd/oplock.c @@ -631,7 +631,8 @@ static void __smb2_oplock_break_noti(struct work_struct *wk)

rsp_hdr = work->response_buf; memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2); - rsp_hdr->smb2_buf_length = cpu_to_be32(HEADER_SIZE_NO_BUF_LEN(conn)); + rsp_hdr->smb2_buf_length = + cpu_to_be32(smb2_hdr_size_no_buflen(conn->vals)); rsp_hdr->ProtocolId = SMB2_PROTO_NUMBER; rsp_hdr->StructureSize = SMB2_HEADER_STRUCTURE_SIZE; rsp_hdr->CreditRequest = cpu_to_le16(0); @@ -737,7 +738,8 @@ static void __smb2_lease_break_noti(struct work_struct *wk)

rsp_hdr = work->response_buf; memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2); - rsp_hdr->smb2_buf_length = cpu_to_be32(HEADER_SIZE_NO_BUF_LEN(conn)); + rsp_hdr->smb2_buf_length = + cpu_to_be32(smb2_hdr_size_no_buflen(conn->vals)); rsp_hdr->ProtocolId = SMB2_PROTO_NUMBER; rsp_hdr->StructureSize = SMB2_HEADER_STRUCTURE_SIZE; rsp_hdr->CreditRequest = cpu_to_le16(0); diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 38a36390b64d..ece03135127c 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -243,7 +243,7 @@ int init_smb2_neg_rsp(struct ksmbd_work *work) memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2);

rsp_hdr->smb2_buf_length = - cpu_to_be32(HEADER_SIZE_NO_BUF_LEN(conn)); + cpu_to_be32(smb2_hdr_size_no_buflen(conn->vals));

rsp_hdr->ProtocolId = SMB2_PROTO_NUMBER; rsp_hdr->StructureSize = SMB2_HEADER_STRUCTURE_SIZE; @@ -497,7 +497,8 @@ int init_smb2_rsp_hdr(struct ksmbd_work *work) struct ksmbd_conn *conn = work->conn;

memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2); - rsp_hdr->smb2_buf_length = cpu_to_be32(HEADER_SIZE_NO_BUF_LEN(conn)); + rsp_hdr->smb2_buf_length = + cpu_to_be32(smb2_hdr_size_no_buflen(conn->vals)); rsp_hdr->ProtocolId = rcv_hdr->ProtocolId; rsp_hdr->StructureSize = SMB2_HEADER_STRUCTURE_SIZE; rsp_hdr->Command = rcv_hdr->Command; diff --git a/fs/ksmbd/smb_common.h b/fs/ksmbd/smb_common.h index 084166ba7654..8489b92229fa 100644 --- a/fs/ksmbd/smb_common.h +++ b/fs/ksmbd/smb_common.h @@ -50,12 +50,6 @@

extern struct list_head global_lock_list;

-#define IS_SMB2(x) ((x)->vals->protocol_id != SMB10_PROT_ID) - -#define HEADER_SIZE(conn) ((conn)->vals->header_size) -#define HEADER_SIZE_NO_BUF_LEN(conn) ((conn)->vals->header_size - 4) -#define MAX_HEADER_SIZE(conn) ((conn)->vals->max_header_size) - /* RFC 1002 session packet types */ #define RFC1002_SESSION_MESSAGE 0x00 #define RFC1002_SESSION_REQUEST 0x81 @@ -490,6 +484,12 @@ struct smb_version_cmds { int (*proc)(struct ksmbd_work *swork); };

+static inline size_t +smb2_hdr_size_no_buflen(struct smb_version_values *vals) +{ + return vals->header_size - 4; +} + int ksmbd_min_protocol(void); int ksmbd_max_protocol(void);

From patchwork Mon Nov 14 12:50:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183242 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:21 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:20 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:20 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 145/308] ksmbd: replace SMB_DIRECT_TRANS macro with inline function Date: Mon, 14 Nov 2022 20:50:54 +0800 Message-ID: 20221114125337.1831594-146-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: abce3903-68ac-49ee-4e51-08dac63c6a1a X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6897192 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 02d4b4aa6d3b135b00f20da9d623d2bbae63768f category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/02d4b4aa6d3b

-------------------------------

replace SMB_DIRECT_TRANS macro with inline function.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/transport_rdma.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c index b3af474d4cad..171fb3dd018a 100644 --- a/fs/ksmbd/transport_rdma.c +++ b/fs/ksmbd/transport_rdma.c @@ -158,8 +158,6 @@ struct smb_direct_transport { };

#define KSMBD_TRANS(t) ((struct ksmbd_transport *)&((t)->transport)) -#define SMB_DIRECT_TRANS(t) ((struct smb_direct_transport *)container_of(t, \ - struct smb_direct_transport, transport))

enum { SMB_DIRECT_MSG_NEGOTIATE_REQ = 0, @@ -217,6 +215,12 @@ static int smb_direct_post_send_data(struct smb_direct_transport *t, struct kvec *iov, int niov, int remaining_data_length);

+static inline struct smb_direct_transport * +smb_trans_direct_transfort(struct ksmbd_transport *t) +{ + return container_of(t, struct smb_direct_transport, transport); +} + static inline void *smb_direct_recvmsg_payload(struct smb_direct_recvmsg *recvmsg) { @@ -643,7 +647,7 @@ static int smb_direct_read(struct ksmbd_transport *t, char *buf, int to_copy, to_read, data_read, offset; u32 data_length, remaining_data_length, data_offset; int rc; - struct smb_direct_transport *st = SMB_DIRECT_TRANS(t); + struct smb_direct_transport *st = smb_trans_direct_transfort(t);

again: if (st->status != SMB_DIRECT_CS_CONNECTED) { @@ -1194,7 +1198,7 @@ static int smb_direct_writev(struct ksmbd_transport *t, struct kvec *iov, int niovs, int buflen, bool need_invalidate, unsigned int remote_key) { - struct smb_direct_transport *st = SMB_DIRECT_TRANS(t); + struct smb_direct_transport *st = smb_trans_direct_transfort(t); int remaining_data_length; int start, i, j; int max_iov_size = st->max_send_size - @@ -1393,7 +1397,7 @@ static int smb_direct_rdma_write(struct ksmbd_transport *t, void *buf, unsigned int buflen, u32 remote_key, u64 remote_offset, u32 remote_len) { - return smb_direct_rdma_xmit(SMB_DIRECT_TRANS(t), buf, buflen, + return smb_direct_rdma_xmit(smb_trans_direct_transfort(t), buf, buflen, remote_key, remote_offset, remote_len, false); } @@ -1402,14 +1406,14 @@ static int smb_direct_rdma_read(struct ksmbd_transport *t, void *buf, unsigned int buflen, u32 remote_key, u64 remote_offset, u32 remote_len) { - return smb_direct_rdma_xmit(SMB_DIRECT_TRANS(t), buf, buflen, + return smb_direct_rdma_xmit(smb_trans_direct_transfort(t), buf, buflen, remote_key, remote_offset, remote_len, true); }

static void smb_direct_disconnect(struct ksmbd_transport *t) { - struct smb_direct_transport *st = SMB_DIRECT_TRANS(t); + struct smb_direct_transport *st = smb_trans_direct_transfort(t);

ksmbd_debug(RDMA, "Disconnecting cm_id=%p\n", st->cm_id);

@@ -1857,7 +1861,7 @@ static int smb_direct_create_qpair(struct smb_direct_transport *t,

static int smb_direct_prepare(struct ksmbd_transport *t) { - struct smb_direct_transport *st = SMB_DIRECT_TRANS(t); + struct smb_direct_transport *st = smb_trans_direct_transfort(t); int ret; struct ib_qp_cap qp_cap;

From patchwork Mon Nov 14 12:50:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183243 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:21 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:21 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:20 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 146/308] ksmbd: replace request and respone buffer macro with inline functions Date: Mon, 14 Nov 2022 20:50:55 +0800 Message-ID: 20221114125337.1831594-147-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 380343e2-ea7a-43fc-2c48-08dac63c6a63 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7079599 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 8a893315dc06158ce33d1a3292e07170ce2fcd64 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/8a893315dc06

-------------------------------

replace request and respone buffer macro with inline functions.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/ksmbd_work.h | 21 ++++++++++++++++---- fs/ksmbd/smb2misc.c | 2 +- fs/ksmbd/smb2pdu.c | 46 +++++++++++++++++++++---------------------- 3 files changed, 41 insertions(+), 28 deletions(-)

diff --git a/fs/ksmbd/ksmbd_work.h b/fs/ksmbd/ksmbd_work.h index a91abd438a85..c655bf371ce5 100644 --- a/fs/ksmbd/ksmbd_work.h +++ b/fs/ksmbd/ksmbd_work.h @@ -86,10 +86,23 @@ struct ksmbd_work { struct list_head interim_entry; };

-#define RESPONSE_BUF_NEXT(w) \ - (((w)->response_buf + (w)->next_smb2_rsp_hdr_off)) -#define REQUEST_BUF_NEXT(w) \ - (((w)->request_buf + (w)->next_smb2_rcv_hdr_off)) +/** + * ksmbd_resp_buf_next - Get next buffer on compound response. + * @work: smb work containing response buffer + */ +static inline void *ksmbd_resp_buf_next(struct ksmbd_work *work) +{ + return work->response_buf + work->next_smb2_rsp_hdr_off; +} + +/** + * ksmbd_req_buf_next - Get next buffer on compound request. + * @work: smb work containing response buffer + */ +static inline void *ksmbd_req_buf_next(struct ksmbd_work *work) +{ + return work->request_buf + work->next_smb2_rcv_hdr_off; +}

struct ksmbd_work *ksmbd_alloc_work_struct(void); void ksmbd_free_work_struct(struct ksmbd_work *work); diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c index e412d69690ed..730d68032c46 100644 --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -341,7 +341,7 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) __u32 len = get_rfc1002_len(pdu);

if (work->next_smb2_rcv_hdr_off) { - pdu = REQUEST_BUF_NEXT(work); + pdu = ksmbd_req_buf_next(work); hdr = &pdu->hdr; }

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index ece03135127c..42fc3bd2d464 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -40,8 +40,8 @@ static void __wbuf(struct ksmbd_work *work, void **req, void **rsp) { if (work->next_smb2_rcv_hdr_off) { - *req = REQUEST_BUF_NEXT(work); - *rsp = RESPONSE_BUF_NEXT(work); + *req = ksmbd_req_buf_next(work); + *rsp = ksmbd_resp_buf_next(work); } else { *req = work->request_buf; *rsp = work->response_buf; @@ -126,7 +126,7 @@ void smb2_set_err_rsp(struct ksmbd_work *work) struct smb2_err_rsp *err_rsp;

if (work->next_smb2_rcv_hdr_off) - err_rsp = RESPONSE_BUF_NEXT(work); + err_rsp = ksmbd_resp_buf_next(work); else err_rsp = work->response_buf;

@@ -196,7 +196,7 @@ u16 get_smb2_cmd_val(struct ksmbd_work *work) struct smb2_hdr *rcv_hdr;

if (work->next_smb2_rcv_hdr_off) - rcv_hdr = REQUEST_BUF_NEXT(work); + rcv_hdr = ksmbd_req_buf_next(work); else rcv_hdr = work->request_buf; return le16_to_cpu(rcv_hdr->Command); @@ -212,7 +212,7 @@ void set_smb2_rsp_status(struct ksmbd_work *work, __le32 err) struct smb2_hdr *rsp_hdr;

if (work->next_smb2_rcv_hdr_off) - rsp_hdr = RESPONSE_BUF_NEXT(work); + rsp_hdr = ksmbd_resp_buf_next(work); else rsp_hdr = work->response_buf; rsp_hdr->Status = err; @@ -315,8 +315,8 @@ static int smb2_consume_credit_charge(struct ksmbd_work *work, */ int smb2_set_rsp_credits(struct ksmbd_work *work) { - struct smb2_hdr *req_hdr = REQUEST_BUF_NEXT(work); - struct smb2_hdr *hdr = RESPONSE_BUF_NEXT(work); + struct smb2_hdr *req_hdr = ksmbd_req_buf_next(work); + struct smb2_hdr *hdr = ksmbd_resp_buf_next(work); struct ksmbd_conn *conn = work->conn; unsigned short credits_requested = le16_to_cpu(req_hdr->CreditRequest); unsigned short credit_charge = 1, credits_granted = 0; @@ -383,8 +383,8 @@ int smb2_set_rsp_credits(struct ksmbd_work *work) */ static void init_chained_smb2_rsp(struct ksmbd_work *work) { - struct smb2_hdr *req = REQUEST_BUF_NEXT(work); - struct smb2_hdr *rsp = RESPONSE_BUF_NEXT(work); + struct smb2_hdr *req = ksmbd_req_buf_next(work); + struct smb2_hdr *rsp = ksmbd_resp_buf_next(work); struct smb2_hdr *rsp_hdr; struct smb2_hdr *rcv_hdr; int next_hdr_offset = 0; @@ -422,8 +422,8 @@ static void init_chained_smb2_rsp(struct ksmbd_work *work) new_len, work->next_smb2_rcv_hdr_off, work->next_smb2_rsp_hdr_off);

- rsp_hdr = RESPONSE_BUF_NEXT(work); - rcv_hdr = REQUEST_BUF_NEXT(work); + rsp_hdr = ksmbd_resp_buf_next(work); + rcv_hdr = ksmbd_req_buf_next(work);

if (!(rcv_hdr->Flags & SMB2_FLAGS_RELATED_OPERATIONS)) { ksmbd_debug(SMB, "related flag should be set\n"); @@ -462,7 +462,7 @@ bool is_chained_smb2_message(struct ksmbd_work *work) if (hdr->ProtocolId != SMB2_PROTO_NUMBER) return false;

- hdr = REQUEST_BUF_NEXT(work); + hdr = ksmbd_req_buf_next(work); if (le32_to_cpu(hdr->NextCommand) > 0) { ksmbd_debug(SMB, "got SMB2 chained command\n"); init_chained_smb2_rsp(work); @@ -5725,8 +5725,8 @@ int smb2_set_info(struct ksmbd_work *work)

rsp_org = work->response_buf; if (work->next_smb2_rcv_hdr_off) { - req = REQUEST_BUF_NEXT(work); - rsp = RESPONSE_BUF_NEXT(work); + req = ksmbd_req_buf_next(work); + rsp = ksmbd_resp_buf_next(work); if (!HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) { ksmbd_debug(SMB, "Compound request set FID = %u\n", work->compound_fid); @@ -7224,8 +7224,8 @@ int smb2_ioctl(struct ksmbd_work *work)

rsp_org = work->response_buf; if (work->next_smb2_rcv_hdr_off) { - req = REQUEST_BUF_NEXT(work); - rsp = RESPONSE_BUF_NEXT(work); + req = ksmbd_req_buf_next(work); + rsp = ksmbd_resp_buf_next(work); if (!HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) { ksmbd_debug(SMB, "Compound request set FID = %u\n", work->compound_fid); @@ -7848,7 +7848,7 @@ int smb2_check_sign_req(struct ksmbd_work *work)

hdr_org = hdr = work->request_buf; if (work->next_smb2_rcv_hdr_off) - hdr = REQUEST_BUF_NEXT(work); + hdr = ksmbd_req_buf_next(work);

if (!hdr->NextCommand && !work->next_smb2_rcv_hdr_off) len = be32_to_cpu(hdr_org->smb2_buf_length); @@ -7892,9 +7892,9 @@ void smb2_set_sign_rsp(struct ksmbd_work *work)

hdr_org = hdr = work->response_buf; if (work->next_smb2_rsp_hdr_off) - hdr = RESPONSE_BUF_NEXT(work); + hdr = ksmbd_resp_buf_next(work);

- req_hdr = REQUEST_BUF_NEXT(work); + req_hdr = ksmbd_req_buf_next(work);

if (!work->next_smb2_rsp_hdr_off) { len = get_rfc1002_len(hdr_org); @@ -7946,7 +7946,7 @@ int smb3_check_sign_req(struct ksmbd_work *work)

hdr_org = hdr = work->request_buf; if (work->next_smb2_rcv_hdr_off) - hdr = REQUEST_BUF_NEXT(work); + hdr = ksmbd_req_buf_next(work);

if (!hdr->NextCommand && !work->next_smb2_rcv_hdr_off) len = be32_to_cpu(hdr_org->smb2_buf_length); @@ -8005,9 +8005,9 @@ void smb3_set_sign_rsp(struct ksmbd_work *work)

hdr_org = hdr = work->response_buf; if (work->next_smb2_rsp_hdr_off) - hdr = RESPONSE_BUF_NEXT(work); + hdr = ksmbd_resp_buf_next(work);

- req_hdr = REQUEST_BUF_NEXT(work); + req_hdr = ksmbd_req_buf_next(work);

if (!work->next_smb2_rsp_hdr_off) { len = get_rfc1002_len(hdr_org); @@ -8217,7 +8217,7 @@ bool smb3_11_final_sess_setup_resp(struct ksmbd_work *work) return false;

if (work->next_smb2_rcv_hdr_off) - rsp = RESPONSE_BUF_NEXT(work); + rsp = ksmbd_resp_buf_next(work);

if (le16_to_cpu(rsp->Command) == SMB2_SESSION_SETUP_HE && rsp->Status == STATUS_SUCCESS)

From patchwork Mon Nov 14 12:50:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183244 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:22 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:21 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:21 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 147/308] ksmbd: allow PROTECTED_DACL_SECINFO and UNPROTECTED_DACL_SECINFO addition information in smb2 set info security Date: Mon, 14 Nov 2022 20:50:56 +0800 Message-ID: 20221114125337.1831594-148-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 3f802545-648c-416f-0a49-08dac63c6aac X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6889757 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit e294f78d34785151cb6d7199ff61d110f9520e65 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/e294f78d3478

-------------------------------

"cifsd: Fix regression in smb2_get_info" patch cause that dacl doesn't work. windows send smb2 set info security with PROTECTED_DACL_SECINFO to control dacl. But previous patch doesn't allow it. This patch add PROTECTED_DACL_SECINFO and UNPROTECTED_DACL_SECINFO addtional information flags in check.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 42fc3bd2d464..7d8bec07630b 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -4888,9 +4888,11 @@ static int smb2_get_info_sec(struct ksmbd_work *work, int addition_info = le32_to_cpu(req->AdditionalInformation); int rc;

- if (addition_info & ~(OWNER_SECINFO | GROUP_SECINFO | DACL_SECINFO)) { - ksmbd_debug(SMB, "Unsupported addition info: 0x%x)\n", - addition_info); + if (addition_info & ~(OWNER_SECINFO | GROUP_SECINFO | DACL_SECINFO | + PROTECTED_DACL_SECINFO | + UNPROTECTED_DACL_SECINFO)) { + pr_err("Unsupported addition info: 0x%x)\n", + addition_info);

pntsd->revision = cpu_to_le16(1); pntsd->type = cpu_to_le16(SELF_RELATIVE | DACL_PROTECTED);

From patchwork Mon Nov 14 12:50:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183245 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:22 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:22 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:21 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 148/308] ksmbd: Relax credit_charge check in smb2_validate_credit_charge() Date: Mon, 14 Nov 2022 20:50:57 +0800 Message-ID: 20221114125337.1831594-149-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 7ac33388-4d4a-43c5-c240-08dac63c6af4 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7001877 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Marios Makassikis mmakassikis@freebox.fr

mainline inclusion from mainline-5.15-rc1 commit a5a25a114ab2412831f063361360eb1192ca6151 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/a5a25a114ab2

-------------------------------

smb2_validate_credit_charge() checks the CreditCharge field in the request is valid with regards to the payload size.

The current implementation rejects requests with CreditCharge = 0 and a payload < 64K, even though they should be accepted.

Set CreditCharge to a minimum value of 1 to avoid rejecting such requests. This matches what samba4 does.

Fixes share enumeration for jcifs-ng clients.

Signed-off-by: Marios Makassikis mmakassikis@freebox.fr Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2misc.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c index 730d68032c46..4508631c5706 100644 --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -317,14 +317,12 @@ static int smb2_validate_credit_charge(struct smb2_hdr *hdr) return 0; }

+ credit_charge = max(1, credit_charge); max_len = max(req_len, expect_resp_len); calc_credit_num = DIV_ROUND_UP(max_len, SMB2_MAX_BUFFER_SIZE); - if (!credit_charge && max_len > SMB2_MAX_BUFFER_SIZE) { - pr_err("credit charge is zero and payload size(%d) is bigger than 64K\n", - max_len); - return 1; - } else if (credit_charge < calc_credit_num) { - pr_err("credit charge : %d, calc_credit_num : %d\n", + + if (credit_charge < calc_credit_num) { + pr_err("Insufficient credit charge, given: %d, needed: %d\n", credit_charge, calc_credit_num); return 1; }

From patchwork Mon Nov 14 12:50:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183246 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:22 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:22 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:22 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 149/308] ksmbd: fix dentry racy with rename() Date: Mon, 14 Nov 2022 20:50:58 +0800 Message-ID: 20221114125337.1831594-150-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: e81b44de-ed59-4f42-7a7b-08dac63c6b3d X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7012721 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 493fa2fbe4597db474e43d38fb8805cbaef654ac category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/493fa2fbe459

-------------------------------

Using ->d_name can be broken due to races with rename(). So use %pd with ->d_name to print filename and In other cases, use it under ->d_lock.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 19 ++++++++++--------- fs/ksmbd/vfs.c | 14 ++++++++------ fs/ksmbd/vfs_cache.h | 1 - 3 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 7d8bec07630b..70e6d6e3e84b 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -3711,8 +3711,8 @@ int smb2_query_dir(struct ksmbd_work *work) if (!(dir_fp->daccess & FILE_LIST_DIRECTORY_LE) || inode_permission(&init_user_ns, file_inode(dir_fp->filp), MAY_READ | MAY_EXEC)) { - pr_err("no right to enumerate directory (%s)\n", - FP_FILENAME(dir_fp)); + pr_err("no right to enumerate directory (%pd)\n", + dir_fp->filp->f_path.dentry); rc = -EACCES; goto err_out2; } @@ -4266,14 +4266,15 @@ static void get_file_alternate_info(struct ksmbd_work *work, { struct ksmbd_conn *conn = work->conn; struct smb2_file_alt_name_info *file_info; + struct dentry *dentry = fp->filp->f_path.dentry; int conv_len; - char *filename;

- filename = (char *)FP_FILENAME(fp); + spin_lock(&dentry->d_lock); file_info = (struct smb2_file_alt_name_info *)rsp->Buffer; conv_len = ksmbd_extract_shortname(conn, - filename, + dentry->d_name.name, file_info->FileName); + spin_unlock(&dentry->d_lock); file_info->FileNameLength = cpu_to_le32(conv_len); rsp->OutputBufferLength = cpu_to_le32(sizeof(struct smb2_file_alt_name_info) + conv_len); @@ -5938,8 +5939,8 @@ int smb2_read(struct ksmbd_work *work) goto out; }

- ksmbd_debug(SMB, "filename %s, offset %lld, len %zu\n", FP_FILENAME(fp), - offset, length); + ksmbd_debug(SMB, "filename %pd, offset %lld, len %zu\n", + fp->filp->f_path.dentry, offset, length);

work->aux_payload_buf = kvmalloc(length, GFP_KERNEL | __GFP_ZERO); if (!work->aux_payload_buf) { @@ -6216,8 +6217,8 @@ int smb2_write(struct ksmbd_work *work) if (le32_to_cpu(req->Flags) & SMB2_WRITEFLAG_WRITE_THROUGH) writethrough = true;

- ksmbd_debug(SMB, "filename %s, offset %lld, len %zu\n", - FP_FILENAME(fp), offset, length); + ksmbd_debug(SMB, "filename %pd, offset %lld, len %zu\n", + fp->filp->f_path.dentry, offset, length); err = ksmbd_vfs_write(work, fp, data_buf, length, &offset, writethrough, &nbytes); if (err < 0) diff --git a/fs/ksmbd/vfs.c b/fs/ksmbd/vfs.c index 6181a58e8a33..ed1c0626e205 100644 --- a/fs/ksmbd/vfs.c +++ b/fs/ksmbd/vfs.c @@ -365,7 +365,8 @@ int ksmbd_vfs_read(struct ksmbd_work *work, struct ksmbd_file *fp, size_t count,

if (work->conn->connection_type) { if (!(fp->daccess & (FILE_READ_DATA_LE | FILE_EXECUTE_LE))) { - pr_err("no right to read(%s)\n", FP_FILENAME(fp)); + pr_err("no right to read(%pd)\n", + fp->filp->f_path.dentry); return -EACCES; } } @@ -473,7 +474,8 @@ int ksmbd_vfs_write(struct ksmbd_work *work, struct ksmbd_file *fp,

if (sess->conn->connection_type) { if (!(fp->daccess & FILE_WRITE_DATA_LE)) { - pr_err("no right to write(%s)\n", FP_FILENAME(fp)); + pr_err("no right to write(%pd)\n", + fp->filp->f_path.dentry); err = -EACCES; goto out; } @@ -512,8 +514,8 @@ int ksmbd_vfs_write(struct ksmbd_work *work, struct ksmbd_file *fp, if (sync) { err = vfs_fsync_range(filp, offset, offset + *written, 0); if (err < 0) - pr_err("fsync failed for filename = %s, err = %d\n", - FP_FILENAME(fp), err); + pr_err("fsync failed for filename = %pd, err = %d\n", + fp->filp->f_path.dentry, err); }

out: @@ -1707,11 +1709,11 @@ int ksmbd_vfs_copy_file_ranges(struct ksmbd_work *work, *total_size_written = 0;

if (!(src_fp->daccess & (FILE_READ_DATA_LE | FILE_EXECUTE_LE))) { - pr_err("no right to read(%s)\n", FP_FILENAME(src_fp)); + pr_err("no right to read(%pd)\n", src_fp->filp->f_path.dentry); return -EACCES; } if (!(dst_fp->daccess & (FILE_WRITE_DATA_LE | FILE_APPEND_DATA_LE))) { - pr_err("no right to write(%s)\n", FP_FILENAME(dst_fp)); + pr_err("no right to write(%pd)\n", dst_fp->filp->f_path.dentry); return -EACCES; }

diff --git a/fs/ksmbd/vfs_cache.h b/fs/ksmbd/vfs_cache.h index 745855367106..03c36906cab0 100644 --- a/fs/ksmbd/vfs_cache.h +++ b/fs/ksmbd/vfs_cache.h @@ -25,7 +25,6 @@ #define KSMBD_NO_FID (UINT_MAX) #define SMB2_NO_FID (0xFFFFFFFFFFFFFFFFULL)

-#define FP_FILENAME(fp) ((fp)->filp->f_path.dentry->d_name.name) #define FP_INODE(fp) d_inode((fp)->filp->f_path.dentry) #define PARENT_INODE(fp) d_inode((fp)->filp->f_path.dentry->d_parent)

From patchwork Mon Nov 14 12:50:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183247 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:23 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:23 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:22 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 150/308] ksmbd: opencode to remove FP_INODE macro Date: Mon, 14 Nov 2022 20:50:59 +0800 Message-ID: 20221114125337.1831594-151-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 52d0e3db-2307-46cb-7f1d-08dac63c6b86 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7123858 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit ab0b263b749ade964db46b148a965eb88bd644be category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/ab0b263b749a

-------------------------------

Opencode to remove FP_INODE macro.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/oplock.c | 2 +- fs/ksmbd/smb2pdu.c | 26 +++++++++++++------------- fs/ksmbd/smb_common.c | 2 +- fs/ksmbd/vfs.c | 2 +- fs/ksmbd/vfs_cache.c | 6 +++--- fs/ksmbd/vfs_cache.h | 1 - 6 files changed, 19 insertions(+), 20 deletions(-)

diff --git a/fs/ksmbd/oplock.c b/fs/ksmbd/oplock.c index 71e15a591582..3f0dd9b35c78 100644 --- a/fs/ksmbd/oplock.c +++ b/fs/ksmbd/oplock.c @@ -1579,7 +1579,7 @@ void create_disk_id_rsp_buf(char *cc, __u64 file_id, __u64 vol_id) void create_posix_rsp_buf(char *cc, struct ksmbd_file *fp) { struct create_posix_rsp *buf; - struct inode *inode = FP_INODE(fp); + struct inode *inode = file_inode(fp->filp);

buf = (struct create_posix_rsp *)cc; memset(buf, 0, sizeof(struct create_posix_rsp)); diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 70e6d6e3e84b..2d515e44d48e 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -2908,7 +2908,7 @@ int smb2_open(struct ksmbd_work *work) if (!test_share_config_flag(work->tcon->share_conf, KSMBD_SHARE_FLAG_OPLOCKS) || (req_op_level == SMB2_OPLOCK_LEVEL_LEASE && !(conn->vals->capabilities & SMB2_GLOBAL_CAP_LEASING))) { - if (share_ret < 0 && !S_ISDIR(FP_INODE(fp)->i_mode)) { + if (share_ret < 0 && !S_ISDIR(file_inode(fp->filp)->i_mode)) { rc = share_ret; goto err_out; } @@ -2995,7 +2995,7 @@ int smb2_open(struct ksmbd_work *work)

memcpy(fp->client_guid, conn->ClientGUID, SMB2_CLIENT_GUID_SIZE);

- generic_fillattr(&init_user_ns, FP_INODE(fp), &stat); + generic_fillattr(&init_user_ns, file_inode(fp->filp), &stat);

rsp->StructureSize = cpu_to_le16(89); rcu_read_lock(); @@ -4123,7 +4123,7 @@ static int get_file_basic_info(struct smb2_query_info_rsp *rsp, }

basic_info = (struct smb2_file_all_info *)rsp->Buffer; - generic_fillattr(&init_user_ns, FP_INODE(fp), &stat); + generic_fillattr(&init_user_ns, file_inode(fp->filp), &stat); basic_info->CreationTime = cpu_to_le64(fp->create_time); time = ksmbd_UnixTimeToNT(stat.atime); basic_info->LastAccessTime = cpu_to_le64(time); @@ -4163,7 +4163,7 @@ static void get_file_standard_info(struct smb2_query_info_rsp *rsp, struct inode *inode; struct kstat stat;

- inode = FP_INODE(fp); + inode = file_inode(fp->filp); generic_fillattr(&init_user_ns, inode, &stat);

sinfo = (struct smb2_file_standard_info *)rsp->Buffer; @@ -4218,7 +4218,7 @@ static int get_file_all_info(struct ksmbd_work *work, if (!filename) return -ENOMEM;

- inode = FP_INODE(fp); + inode = file_inode(fp->filp); generic_fillattr(&init_user_ns, inode, &stat);

ksmbd_debug(SMB, "filename = %s\n", filename); @@ -4294,7 +4294,7 @@ static void get_file_stream_info(struct ksmbd_work *work, ssize_t xattr_list_len; int nbytes = 0, streamlen, stream_name_len, next, idx = 0;

- generic_fillattr(&init_user_ns, FP_INODE(fp), &stat); + generic_fillattr(&init_user_ns, file_inode(fp->filp), &stat); file_info = (struct smb2_file_stream_info *)rsp->Buffer;

xattr_list_len = ksmbd_vfs_listxattr(path->dentry, &xattr_list); @@ -4373,7 +4373,7 @@ static void get_file_internal_info(struct smb2_query_info_rsp *rsp, struct smb2_file_internal_info *file_info; struct kstat stat;

- generic_fillattr(&init_user_ns, FP_INODE(fp), &stat); + generic_fillattr(&init_user_ns, file_inode(fp->filp), &stat); file_info = (struct smb2_file_internal_info *)rsp->Buffer; file_info->IndexNumber = cpu_to_le64(stat.ino); rsp->OutputBufferLength = @@ -4397,7 +4397,7 @@ static int get_file_network_open_info(struct smb2_query_info_rsp *rsp,

file_info = (struct smb2_file_ntwrk_info *)rsp->Buffer;

- inode = FP_INODE(fp); + inode = file_inode(fp->filp); generic_fillattr(&init_user_ns, inode, &stat);

file_info->CreationTime = cpu_to_le64(fp->create_time); @@ -4459,7 +4459,7 @@ static void get_file_compression_info(struct smb2_query_info_rsp *rsp, struct smb2_file_comp_info *file_info; struct kstat stat;

- generic_fillattr(&init_user_ns, FP_INODE(fp), &stat); + generic_fillattr(&init_user_ns, file_inode(fp->filp), &stat);

file_info = (struct smb2_file_comp_info *)rsp->Buffer; file_info->CompressedFileSize = cpu_to_le64(stat.blocks << 9); @@ -4498,7 +4498,7 @@ static int find_file_posix_info(struct smb2_query_info_rsp *rsp, struct ksmbd_file *fp, void *rsp_org) { struct smb311_posix_qinfo *file_info; - struct inode *inode = FP_INODE(fp); + struct inode *inode = file_inode(fp->filp); u64 time;

file_info = (struct smb311_posix_qinfo *)rsp->Buffer; @@ -4927,7 +4927,7 @@ static int smb2_get_info_sec(struct ksmbd_work *work, if (!fp) return -ENOENT;

- inode = FP_INODE(fp); + inode = file_inode(fp->filp); ksmbd_acls_fattr(&fattr, inode);

if (test_share_config_flag(work->tcon->share_conf, @@ -5109,7 +5109,7 @@ int smb2_close(struct ksmbd_work *work) goto out; }

- inode = FP_INODE(fp); + inode = file_inode(fp->filp); rsp->Flags = SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB; rsp->AllocationSize = S_ISDIR(inode->i_mode) ? 0 : cpu_to_le64(inode->i_blocks << 9); @@ -7397,7 +7397,7 @@ int smb2_ioctl(struct ksmbd_work *work) }

reparse_ptr->ReparseTag = - smb2_get_reparse_tag_special_file(FP_INODE(fp)->i_mode); + smb2_get_reparse_tag_special_file(file_inode(fp->filp)->i_mode); reparse_ptr->ReparseDataLength = 0; ksmbd_fd_put(work, fp); nbytes = sizeof(struct reparse_data_buffer); diff --git a/fs/ksmbd/smb_common.c b/fs/ksmbd/smb_common.c index 5bf644d7e321..b573575a1de5 100644 --- a/fs/ksmbd/smb_common.c +++ b/fs/ksmbd/smb_common.c @@ -488,7 +488,7 @@ int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp) */ read_lock(&curr_fp->f_ci->m_lock); list_for_each_entry(prev_fp, &curr_fp->f_ci->m_fp_list, node) { - if (file_inode(filp) != FP_INODE(prev_fp)) + if (file_inode(filp) != file_inode(prev_fp->filp)) continue;

if (filp == prev_fp->filp) diff --git a/fs/ksmbd/vfs.c b/fs/ksmbd/vfs.c index ed1c0626e205..40783bb414d6 100644 --- a/fs/ksmbd/vfs.c +++ b/fs/ksmbd/vfs.c @@ -1024,7 +1024,7 @@ int ksmbd_vfs_fqar_lseek(struct ksmbd_file *fp, loff_t start, loff_t length, int in_count, int *out_count) { struct file *f = fp->filp; - struct inode *inode = FP_INODE(fp); + struct inode *inode = file_inode(fp->filp); loff_t maxbytes = (u64)inode->i_sb->s_maxbytes, end; loff_t extent_start, extent_end; int ret = 0; diff --git a/fs/ksmbd/vfs_cache.c b/fs/ksmbd/vfs_cache.c index c88210b15289..5c9efcfaeb5c 100644 --- a/fs/ksmbd/vfs_cache.c +++ b/fs/ksmbd/vfs_cache.c @@ -83,7 +83,7 @@ static struct ksmbd_inode *__ksmbd_inode_lookup(struct inode *inode)

static struct ksmbd_inode *ksmbd_inode_lookup(struct ksmbd_file *fp) { - return __ksmbd_inode_lookup(FP_INODE(fp)); + return __ksmbd_inode_lookup(file_inode(fp->filp)); }

static struct ksmbd_inode *ksmbd_inode_lookup_by_vfsinode(struct inode *inode) @@ -156,7 +156,7 @@ static void ksmbd_inode_unhash(struct ksmbd_inode *ci)

static int ksmbd_inode_init(struct ksmbd_inode *ci, struct ksmbd_file *fp) { - ci->m_inode = FP_INODE(fp); + ci->m_inode = file_inode(fp->filp); atomic_set(&ci->m_count, 1); atomic_set(&ci->op_count, 0); atomic_set(&ci->sop_count, 0); @@ -479,7 +479,7 @@ struct ksmbd_file *ksmbd_lookup_fd_inode(struct inode *inode)

read_lock(&ci->m_lock); list_for_each_entry(lfp, &ci->m_fp_list, node) { - if (inode == FP_INODE(lfp)) { + if (inode == file_inode(lfp->filp)) { atomic_dec(&ci->m_count); read_unlock(&ci->m_lock); return lfp; diff --git a/fs/ksmbd/vfs_cache.h b/fs/ksmbd/vfs_cache.h index 03c36906cab0..b01192ebd86b 100644 --- a/fs/ksmbd/vfs_cache.h +++ b/fs/ksmbd/vfs_cache.h @@ -25,7 +25,6 @@ #define KSMBD_NO_FID (UINT_MAX) #define SMB2_NO_FID (0xFFFFFFFFFFFFFFFFULL)

-#define FP_INODE(fp) d_inode((fp)->filp->f_path.dentry) #define PARENT_INODE(fp) d_inode((fp)->filp->f_path.dentry->d_parent)

#define ATTR_FP(fp) ((fp)->attrib_only && \

From patchwork Mon Nov 14 12:51:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183248 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:23 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:23 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:23 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 151/308] ksmbd: use ksmbd_vfs_lock_parent to get stable parent dentry Date: Mon, 14 Nov 2022 20:51:00 +0800 Message-ID: 20221114125337.1831594-152-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 56dd4e96-17f9-484c-ea96-08dac63c6bce X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7055434 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 12202c0594b18218e1645fd0fad92cf77a1f3145 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/12202c0594b1

-------------------------------

Use ksmbd_vfs_lock_parent to get stable parent dentry and remove PARENT_INODE macro.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 15 ++++++++++++++- fs/ksmbd/vfs.c | 2 +- fs/ksmbd/vfs.h | 1 + fs/ksmbd/vfs_cache.h | 2 -- 4 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 2d515e44d48e..bf798ee65b25 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -5538,6 +5538,9 @@ static int set_rename_info(struct ksmbd_work *work, struct ksmbd_file *fp, char *buf) { struct ksmbd_file *parent_fp; + struct dentry *parent; + struct dentry *dentry = fp->filp->f_path.dentry; + int ret;

if (!(fp->daccess & FILE_DELETE_LE)) { pr_err("no right to delete : 0x%x\n", fp->daccess); @@ -5547,7 +5550,17 @@ static int set_rename_info(struct ksmbd_work *work, struct ksmbd_file *fp, if (ksmbd_stream_fd(fp)) goto next;

- parent_fp = ksmbd_lookup_fd_inode(PARENT_INODE(fp)); + parent = dget_parent(dentry); + ret = ksmbd_vfs_lock_parent(parent, dentry); + if (ret) { + dput(parent); + return ret; + } + + parent_fp = ksmbd_lookup_fd_inode(d_inode(parent)); + inode_unlock(d_inode(parent)); + dput(parent); + if (parent_fp) { if (parent_fp->daccess & FILE_DELETE_LE) { pr_err("parent dir is opened with delete access\n"); diff --git a/fs/ksmbd/vfs.c b/fs/ksmbd/vfs.c index 40783bb414d6..702166266f91 100644 --- a/fs/ksmbd/vfs.c +++ b/fs/ksmbd/vfs.c @@ -69,7 +69,7 @@ static void ksmbd_vfs_inherit_owner(struct ksmbd_work *work, * * the reference count of @parent isn't incremented. */ -static int ksmbd_vfs_lock_parent(struct dentry *parent, struct dentry *child) +int ksmbd_vfs_lock_parent(struct dentry *parent, struct dentry *child) { struct dentry *dentry; int ret = 0; diff --git a/fs/ksmbd/vfs.h b/fs/ksmbd/vfs.h index ae8eff1f0315..ba12fea004b5 100644 --- a/fs/ksmbd/vfs.h +++ b/fs/ksmbd/vfs.h @@ -192,6 +192,7 @@ struct ksmbd_kstat { __le32 file_attributes; };

+int ksmbd_vfs_lock_parent(struct dentry *parent, struct dentry *child); int ksmbd_vfs_may_delete(struct dentry *dentry); int ksmbd_vfs_query_maximal_access(struct dentry *dentry, __le32 *daccess); int ksmbd_vfs_create(struct ksmbd_work *work, const char *name, umode_t mode); diff --git a/fs/ksmbd/vfs_cache.h b/fs/ksmbd/vfs_cache.h index b01192ebd86b..752cbdab3522 100644 --- a/fs/ksmbd/vfs_cache.h +++ b/fs/ksmbd/vfs_cache.h @@ -25,8 +25,6 @@ #define KSMBD_NO_FID (UINT_MAX) #define SMB2_NO_FID (0xFFFFFFFFFFFFFFFFULL)

-#define PARENT_INODE(fp) d_inode((fp)->filp->f_path.dentry->d_parent) - #define ATTR_FP(fp) ((fp)->attrib_only && \ ((fp)->cdoption != FILE_OVERWRITE_IF_LE && \ (fp)->cdoption != FILE_OVERWRITE_LE && \

From patchwork Mon Nov 14 12:51:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183249 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:24 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:24 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:23 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 152/308] ksmbd: opencode to remove ATTR_FP macro Date: Mon, 14 Nov 2022 20:51:01 +0800 Message-ID: 20221114125337.1831594-153-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 5cb7dfcd-0ff9-4d86-ef72-08dac63c6c17 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6925793 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 849fbc549d4cca576d659d7df139c5f04104cb48 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/849fbc549d4c

-------------------------------

Opencode to remove ATTR_FP macro.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/oplock.c | 4 +++- fs/ksmbd/vfs_cache.h | 5 ----- 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/fs/ksmbd/oplock.c b/fs/ksmbd/oplock.c index 3f0dd9b35c78..43c8b7ce6095 100644 --- a/fs/ksmbd/oplock.c +++ b/fs/ksmbd/oplock.c @@ -1111,7 +1111,9 @@ int smb_grant_oplock(struct ksmbd_work *work, int req_op_level, u64 pid, goto set_lev;

/* grant none-oplock if second open is trunc */ - if (ATTR_FP(fp)) { + if (fp->attrib_only && fp->cdoption != FILE_OVERWRITE_IF_LE && + fp->cdoption != FILE_OVERWRITE_LE && + fp->cdoption != FILE_SUPERSEDE_LE) { req_op_level = SMB2_OPLOCK_LEVEL_NONE; goto set_lev; } diff --git a/fs/ksmbd/vfs_cache.h b/fs/ksmbd/vfs_cache.h index 752cbdab3522..543494f664cb 100644 --- a/fs/ksmbd/vfs_cache.h +++ b/fs/ksmbd/vfs_cache.h @@ -25,11 +25,6 @@ #define KSMBD_NO_FID (UINT_MAX) #define SMB2_NO_FID (0xFFFFFFFFFFFFFFFFULL)

-#define ATTR_FP(fp) ((fp)->attrib_only && \ - ((fp)->cdoption != FILE_OVERWRITE_IF_LE && \ - (fp)->cdoption != FILE_OVERWRITE_LE && \ - (fp)->cdoption != FILE_SUPERSEDE_LE)) - struct ksmbd_conn; struct ksmbd_session;

From patchwork Mon Nov 14 12:51:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183250 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:24 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:24 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:24 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 153/308] ksmbd: remove SMB1 oplock level macros Date: Mon, 14 Nov 2022 20:51:02 +0800 Message-ID: 20221114125337.1831594-154-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: c32dfd8a-718f-402d-804a-08dac63c6c60 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6787077 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 0ae941ef2e481e478a4b6c52a16e73c7bb4b9e3e category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/0ae941ef2e48

-------------------------------

ksmbd does not support SMB1. This patch remove SMB1 oplock level macros.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/oplock.c | 2 +- fs/ksmbd/oplock.h | 6 ------ 2 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/fs/ksmbd/oplock.c b/fs/ksmbd/oplock.c index 43c8b7ce6095..a9f171ccf770 100644 --- a/fs/ksmbd/oplock.c +++ b/fs/ksmbd/oplock.c @@ -39,7 +39,7 @@ static struct oplock_info *alloc_opinfo(struct ksmbd_work *work,

opinfo->sess = sess; opinfo->conn = sess->conn; - opinfo->level = OPLOCK_NONE; + opinfo->level = SMB2_OPLOCK_LEVEL_NONE; opinfo->op_state = OPLOCK_STATE_NONE; opinfo->pending_break = 0; opinfo->fid = id; diff --git a/fs/ksmbd/oplock.h b/fs/ksmbd/oplock.h index 9fb7ea74e86c..119b8047cfbd 100644 --- a/fs/ksmbd/oplock.h +++ b/fs/ksmbd/oplock.h @@ -11,12 +11,6 @@

#define OPLOCK_WAIT_TIME (35 * HZ)

-/* SMB Oplock levels */ -#define OPLOCK_NONE 0 -#define OPLOCK_EXCLUSIVE 1 -#define OPLOCK_BATCH 2 -#define OPLOCK_READ 3 /* level 2 oplock */ - /* SMB2 Oplock levels */ #define SMB2_OPLOCK_LEVEL_NONE 0x00 #define SMB2_OPLOCK_LEVEL_II 0x01

From patchwork Mon Nov 14 12:51:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183251 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:25 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:25 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:24 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 154/308] ksmbd: change ACE types to enumeration Date: Mon, 14 Nov 2022 20:51:03 +0800 Message-ID: 20221114125337.1831594-155-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 3154eab9-fd7a-4e88-3847-08dac63c6ca9 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7057713 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 6128468da50c790f56d0aed2f604333fb324f897 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/6128468da50c

-------------------------------

Change ACE types to enumeration.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smbacl.h | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/fs/ksmbd/smbacl.h b/fs/ksmbd/smbacl.h index fb5480f0aa89..baa9b9b47a07 100644 --- a/fs/ksmbd/smbacl.h +++ b/fs/ksmbd/smbacl.h @@ -17,8 +17,13 @@ #define NUM_AUTHS (6) /* number of authority fields */ #define SID_MAX_SUB_AUTHORITIES (15) /* max number of sub authority fields */

-#define ACCESS_ALLOWED 0 -#define ACCESS_DENIED 1 +/* + * ACE types - see MS-DTYP 2.4.4.1 + */ +enum { + ACCESS_ALLOWED, + ACCESS_DENIED, +};

#define SIDOWNER 1 #define SIDGROUP 2

From patchwork Mon Nov 14 12:51:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183252 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:25 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:25 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:25 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 155/308] ksmbd: change sid types to enumeration Date: Mon, 14 Nov 2022 20:51:04 +0800 Message-ID: 20221114125337.1831594-156-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: d55fbeea-8680-458a-2228-08dac63c6cf3 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6971527 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 12411ad59d49e415f987719b8f676e2c6b99be37 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/12411ad59d49

-------------------------------

Change sid types to enumeration.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smbacl.h | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/fs/ksmbd/smbacl.h b/fs/ksmbd/smbacl.h index baa9b9b47a07..3e1345e9f24f 100644 --- a/fs/ksmbd/smbacl.h +++ b/fs/ksmbd/smbacl.h @@ -25,15 +25,20 @@ enum { ACCESS_DENIED, };

-#define SIDOWNER 1 -#define SIDGROUP 2 -#define SIDCREATOR_OWNER 3 -#define SIDCREATOR_GROUP 4 -#define SIDUNIX_USER 5 -#define SIDUNIX_GROUP 6 -#define SIDNFS_USER 7 -#define SIDNFS_GROUP 8 -#define SIDNFS_MODE 9 +/* + * Security ID types + */ +enum { + SIDOWNER = 1, + SIDGROUP, + SIDCREATOR_OWNER, + SIDCREATOR_GROUP, + SIDUNIX_USER, + SIDUNIX_GROUP, + SIDNFS_USER, + SIDNFS_GROUP, + SIDNFS_MODE, +};

/* Revision for ACLs */ #define SD_REVISION 1

From patchwork Mon Nov 14 12:51:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183253 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:26 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:26 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:25 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 156/308] ksmbd: change server state type macro to enumeration Date: Mon, 14 Nov 2022 20:51:05 +0800 Message-ID: 20221114125337.1831594-157-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 7e19073a-4a16-4e71-311c-08dac63c6d3d X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6854174 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit b9cbfb524d73ca953604dc421098b4a3aa14d095 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/b9cbfb524d73

-------------------------------

Change server state type macro to enumeration.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/server.h | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/fs/ksmbd/server.h b/fs/ksmbd/server.h index b682d28963e8..2fce06e8b833 100644 --- a/fs/ksmbd/server.h +++ b/fs/ksmbd/server.h @@ -8,10 +8,15 @@

#include "smbacl.h"

-#define SERVER_STATE_STARTING_UP 0 -#define SERVER_STATE_RUNNING 1 -#define SERVER_STATE_RESETTING 2 -#define SERVER_STATE_SHUTTING_DOWN 3 +/* + * Server state type + */ +enum { + SERVER_STATE_STARTING_UP, + SERVER_STATE_RUNNING, + SERVER_STATE_RESETTING, + SERVER_STATE_SHUTTING_DOWN, +};

#define SERVER_CONF_NETBIOS_NAME 0 #define SERVER_CONF_SERVER_STRING 1

From patchwork Mon Nov 14 12:51:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183254 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:26 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:26 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:26 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 157/308] ksmbd: change server config string index to enumeration Date: Mon, 14 Nov 2022 20:51:06 +0800 Message-ID: 20221114125337.1831594-158-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: be24a884-d554-43c3-f3ae-08dac63c6d86 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7027841 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit c63ee4a521e766da6ec5ee1d2058d1ec06216214 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/c63ee4a521e7

-------------------------------

Change server config string index to enumeration.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/server.h | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/fs/ksmbd/server.h b/fs/ksmbd/server.h index 2fce06e8b833..ac9d932f8c8a 100644 --- a/fs/ksmbd/server.h +++ b/fs/ksmbd/server.h @@ -18,9 +18,14 @@ enum { SERVER_STATE_SHUTTING_DOWN, };

-#define SERVER_CONF_NETBIOS_NAME 0 -#define SERVER_CONF_SERVER_STRING 1 -#define SERVER_CONF_WORK_GROUP 2 +/* + * Server global config string index + */ +enum { + SERVER_CONF_NETBIOS_NAME, + SERVER_CONF_SERVER_STRING, + SERVER_CONF_WORK_GROUP, +};

struct ksmbd_server_config { unsigned int flags;

From patchwork Mon Nov 14 12:51:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183255 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:27 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:27 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:26 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 158/308] ksmbd: reorder and document on-disk and netlink structures in headers Date: Mon, 14 Nov 2022 20:51:07 +0800 Message-ID: 20221114125337.1831594-159-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 37b20f09-a7ec-48c8-9baa-08dac63c6dd1 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7232750 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 8b758859dfbe9598ba41e8b9b01e44edcc0c2fc1 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/8b758859dfbe

-------------------------------

Reorder and document on-disk and netlink structures in headers.

This is a userspace ABI to communicate data between ksmbd and user IPC daemon using netlink. This is added to track and cache user account DB and share configuration info from userspace.

- KSMBD_EVENT_HEARTBEAT_REQUEST(ksmbd_heartbeat) This event is to check whether user IPC daemon is alive. If user IPC daemon is dead, ksmbd keep existing connection till disconnecting and new connection will be denied.

- KSMBD_EVENT_STARTING_UP(ksmbd_startup_request) This event is to receive the information that initializes the ksmbd server from the user IPC daemon and to start the server. The global section parameters are given from smb.conf as initialization information.

- KSMBD_EVENT_SHUTTING_DOWN(ksmbd_shutdown_request) This event is to shutdown ksmbd server.

- KSMBD_EVENT_LOGIN_REQUEST/RESPONSE(ksmbd_login_request/response) This event is to get user account info to user IPC daemon.

- KSMBD_EVENT_SHARE_CONFIG_REQUEST/RESPONSE (ksmbd_share_config_request/response) This event is to get net share configuration info.

- KSMBD_EVENT_TREE_CONNECT_REQUEST/RESPONSE (ksmbd_tree_connect_request/response) This event is to get session and tree connect info.

- KSMBD_EVENT_TREE_DISCONNECT_REQUEST(ksmbd_tree_disconnect_request) This event is to send tree disconnect info to user IPC daemon.

- KSMBD_EVENT_LOGOUT_REQUEST(ksmbd_logout_request) This event is to send logout request to user IPC daemon.

- KSMBD_EVENT_RPC_REQUEST/RESPONSE(ksmbd_rpc_command) This event is to make DCE/RPC request like srvsvc, wkssvc, lsarpc, samr to be processed in userspace.

- KSMBD_EVENT_SPNEGO_AUTHEN_REQUEST/RESPONSE (ksmbd_spnego_authen_request/response) This event is to make kerberos authentication to be processed in userspace.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/{ksmbd_server.h => ksmbd_netlink.h} | 177 +++++++++++++++---- fs/ksmbd/ksmbd_work.c | 1 - fs/ksmbd/mgmt/tree_connect.h | 2 +- fs/ksmbd/smb2ops.c | 1 - fs/ksmbd/smbacl.c | 1 - fs/ksmbd/vfs.h | 87 +-------- fs/ksmbd/xattr.h | 122 +++++++++++++ 7 files changed, 269 insertions(+), 122 deletions(-) rename fs/ksmbd/{ksmbd_server.h => ksmbd_netlink.h} (55%) create mode 100644 fs/ksmbd/xattr.h

diff --git a/fs/ksmbd/ksmbd_server.h b/fs/ksmbd/ksmbd_netlink.h similarity index 55% rename from fs/ksmbd/ksmbd_server.h rename to fs/ksmbd/ksmbd_netlink.h index 55b7602b79bd..2fbe2bc1e093 100644 --- a/fs/ksmbd/ksmbd_server.h +++ b/fs/ksmbd/ksmbd_netlink.h @@ -10,6 +10,49 @@

#include <linux/types.h>

+/* + * This is a userspace ABI to communicate data between ksmbd and user IPC + * daemon using netlink. This is added to track and cache user account DB + * and share configuration info from userspace. + * + * - KSMBD_EVENT_HEARTBEAT_REQUEST(ksmbd_heartbeat) + * This event is to check whether user IPC daemon is alive. If user IPC + * daemon is dead, ksmbd keep existing connection till disconnecting and + * new connection will be denied. + * + * - KSMBD_EVENT_STARTING_UP(ksmbd_startup_request) + * This event is to receive the information that initializes the ksmbd + * server from the user IPC daemon and to start the server. The global + * section parameters are given from smb.conf as initialization + * information. + * + * - KSMBD_EVENT_SHUTTING_DOWN(ksmbd_shutdown_request) + * This event is to shutdown ksmbd server. + * + * - KSMBD_EVENT_LOGIN_REQUEST/RESPONSE(ksmbd_login_request/response) + * This event is to get user account info to user IPC daemon. + * + * - KSMBD_EVENT_SHARE_CONFIG_REQUEST/RESPONSE(ksmbd_share_config_request/response) + * This event is to get net share configuration info. + * + * - KSMBD_EVENT_TREE_CONNECT_REQUEST/RESPONSE(ksmbd_tree_connect_request/response) + * This event is to get session and tree connect info. + * + * - KSMBD_EVENT_TREE_DISCONNECT_REQUEST(ksmbd_tree_disconnect_request) + * This event is to send tree disconnect info to user IPC daemon. + * + * - KSMBD_EVENT_LOGOUT_REQUEST(ksmbd_logout_request) + * This event is to send logout request to user IPC daemon. + * + * - KSMBD_EVENT_RPC_REQUEST/RESPONSE(ksmbd_rpc_command) + * This event is to make DCE/RPC request like srvsvc, wkssvc, lsarpc, + * samr to be processed in userspace. + * + * - KSMBD_EVENT_SPNEGO_AUTHEN_REQUEST/RESPONSE(ksmbd_spnego_authen_request/response) + * This event is to make kerberos authentication to be processed in + * userspace. + */ + #define KSMBD_GENL_NAME "SMBD_GENL" #define KSMBD_GENL_VERSION 0x01

@@ -17,6 +60,9 @@ #define KSMBD_REQ_MAX_HASH_SZ 18 #define KSMBD_REQ_MAX_SHARE_NAME 64

+/* + * IPC heartbeat frame to check whether user IPC daemon is alive. + */ struct ksmbd_heartbeat { __u32 handle; }; @@ -29,53 +75,79 @@ struct ksmbd_heartbeat { #define KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION BIT(1) #define KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL BIT(2)

+/* + * IPC request for ksmbd server startup + */ struct ksmbd_startup_request { - __u32 flags; - __s32 signing; - __s8 min_prot[16]; - __s8 max_prot[16]; + __u32 flags; /* Flags for global config */ + __s32 signing; /* Signing enabled */ + __s8 min_prot[16]; /* The minimum SMB protocol version */ + __s8 max_prot[16]; /* The maximum SMB protocol version */ __s8 netbios_name[16]; - __s8 work_group[64]; - __s8 server_string[64]; - __u16 tcp_port; - __u16 ipc_timeout; - __u32 deadtime; - __u32 file_max; - __u32 smb2_max_write; - __u32 smb2_max_read; - __u32 smb2_max_trans; - __u32 share_fake_fscaps; - __u32 sub_auth[3]; - __u32 ifc_list_sz; + __s8 work_group[64]; /* Workgroup */ + __s8 server_string[64]; /* Server string */ + __u16 tcp_port; /* tcp port */ + __u16 ipc_timeout; /* + * specifies the number of seconds + * server will wait for the userspace to + * reply to heartbeat frames. + */ + __u32 deadtime; /* Number of minutes of inactivity */ + __u32 file_max; /* Limits the maximum number of open files */ + __u32 smb2_max_write; /* MAX write size */ + __u32 smb2_max_read; /* MAX read size */ + __u32 smb2_max_trans; /* MAX trans size */ + __u32 share_fake_fscaps; /* + * Support some special application that + * makes QFSINFO calls to check whether + * we set the SPARSE_FILES bit (0x40). + */ + __u32 sub_auth[3]; /* Subauth value for Security ID */ + __u32 ifc_list_sz; /* interfaces list size */ __s8 ____payload[]; };

#define KSMBD_STARTUP_CONFIG_INTERFACES(s) ((s)->____payload)

+/* + * IPC request to shutdown ksmbd server. + */ struct ksmbd_shutdown_request { __s32 reserved; };

+/* + * IPC user login request. + */ struct ksmbd_login_request { __u32 handle; - __s8 account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ]; + __s8 account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ]; /* user account name */ };

+/* + * IPC user login response. + */ struct ksmbd_login_response { __u32 handle; - __u32 gid; - __u32 uid; - __s8 account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ]; + __u32 gid; /* group id */ + __u32 uid; /* user id */ + __s8 account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ]; /* user account name */ __u16 status; - __u16 hash_sz; - __s8 hash[KSMBD_REQ_MAX_HASH_SZ]; + __u16 hash_sz; /* hash size */ + __s8 hash[KSMBD_REQ_MAX_HASH_SZ]; /* password hash */ };

+/* + * IPC request to fetch net share config. + */ struct ksmbd_share_config_request { __u32 handle; - __s8 share_name[KSMBD_REQ_MAX_SHARE_NAME]; + __s8 share_name[KSMBD_REQ_MAX_SHARE_NAME]; /* share name */ };

+/* + * IPC response to the net share config request. + */ struct ksmbd_share_config_response { __u32 handle; __u32 flags; @@ -102,6 +174,10 @@ ksmbd_share_config_path(struct ksmbd_share_config_response *sc) return p; }

+/* + * IPC request for tree connection. This request include session and tree + * connect info from client. + */ struct ksmbd_tree_connect_request { __u32 handle; __u16 account_flags; @@ -113,21 +189,34 @@ struct ksmbd_tree_connect_request { __s8 peer_addr[64]; };

+/* + * IPC Response structure for tree connection. + */ struct ksmbd_tree_connect_response { __u32 handle; __u16 status; __u16 connection_flags; };

+/* + * IPC Request struture to disconnect tree connection. + */ struct ksmbd_tree_disconnect_request { - __u64 session_id; - __u64 connect_id; + __u64 session_id; /* session id */ + __u64 connect_id; /* tree connection id */ };

+/* + * IPC Response structure to logout user account. + */ struct ksmbd_logout_request { - __s8 account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ]; + __s8 account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ]; /* user account name */ };

+/* + * RPC command structure to send rpc request like srvsvc or wkssvc to + * IPC user daemon. + */ struct ksmbd_rpc_command { __u32 handle; __u32 flags; @@ -135,18 +224,36 @@ struct ksmbd_rpc_command { __u8 payload[]; };

+/* + * IPC Request Kerberos authentication + */ struct ksmbd_spnego_authen_request { __u32 handle; - __u16 spnego_blob_len; - __u8 spnego_blob[0]; + __u16 spnego_blob_len; /* the length of spnego_blob */ + __u8 spnego_blob[0]; /* + * the GSS token from SecurityBuffer of + * SMB2 SESSION SETUP request + */ };

+/* + * Response data which includes the GSS token and the session key generated by + * user daemon. + */ struct ksmbd_spnego_authen_response { __u32 handle; - struct ksmbd_login_response login_response; - __u16 session_key_len; - __u16 spnego_blob_len; - __u8 payload[]; /* session key + AP_REP */ + struct ksmbd_login_response login_response; /* + * the login response with + * a user identified by the + * GSS token from a client + */ + __u16 session_key_len; /* the length of the session key */ + __u16 spnego_blob_len; /* + * the length of the GSS token which will be + * stored in SecurityBuffer of SMB2 SESSION + * SETUP response + */ + __u8 payload[]; /* session key + AP_REP */ };

/* @@ -185,6 +292,9 @@ enum ksmbd_event { KSMBD_EVENT_MAX };

+/* + * Enumeration for IPC tree connect status. + */ enum KSMBD_TREE_CONN_STATUS { KSMBD_TREE_CONN_STATUS_OK = 0, KSMBD_TREE_CONN_STATUS_NOMEM, @@ -262,6 +372,9 @@ enum KSMBD_TREE_CONN_STATUS { #define KSMBD_RPC_LSARPC_METHOD_INVOKE BIT(11) #define KSMBD_RPC_LSARPC_METHOD_RETURN (KSMBD_RPC_LSARPC_METHOD_INVOKE | KSMBD_RPC_METHOD_RETURN)

+/* + * RPC status definitions. + */ #define KSMBD_RPC_OK 0 #define KSMBD_RPC_EBAD_FUNC 0x00000001 #define KSMBD_RPC_EACCESS_DENIED 0x00000005 diff --git a/fs/ksmbd/ksmbd_work.c b/fs/ksmbd/ksmbd_work.c index 7c914451bbe1..fd58eb4809f6 100644 --- a/fs/ksmbd/ksmbd_work.c +++ b/fs/ksmbd/ksmbd_work.c @@ -12,7 +12,6 @@ #include "connection.h" #include "ksmbd_work.h" #include "mgmt/ksmbd_ida.h" -#include "ksmbd_server.h"

static struct kmem_cache *work_cache; static struct workqueue_struct *ksmbd_wq; diff --git a/fs/ksmbd/mgmt/tree_connect.h b/fs/ksmbd/mgmt/tree_connect.h index 4e40ec3f4774..18e2a996e0aa 100644 --- a/fs/ksmbd/mgmt/tree_connect.h +++ b/fs/ksmbd/mgmt/tree_connect.h @@ -8,7 +8,7 @@

#include <linux/hashtable.h>

-#include "../ksmbd_server.h" +#include "../ksmbd_netlink.h"

struct ksmbd_share_config; struct ksmbd_user; diff --git a/fs/ksmbd/smb2ops.c b/fs/ksmbd/smb2ops.c index f7e5f21d4ae2..8262908e467c 100644 --- a/fs/ksmbd/smb2ops.c +++ b/fs/ksmbd/smb2ops.c @@ -12,7 +12,6 @@ #include "connection.h" #include "smb_common.h" #include "server.h" -#include "ksmbd_server.h"

static struct smb_version_values smb21_server_values = { .version_string = SMB21_VERSION_STRING, diff --git a/fs/ksmbd/smbacl.c b/fs/ksmbd/smbacl.c index 958937a548a1..d385c7045cc0 100644 --- a/fs/ksmbd/smbacl.c +++ b/fs/ksmbd/smbacl.c @@ -14,7 +14,6 @@ #include "smb_common.h" #include "server.h" #include "misc.h" -#include "ksmbd_server.h" #include "mgmt/share_config.h"

static const struct smb_sid domain = {1, 4, {0, 0, 0, 0, 0, 5}, diff --git a/fs/ksmbd/vfs.h b/fs/ksmbd/vfs.h index ba12fea004b5..e30174a0e5a1 100644 --- a/fs/ksmbd/vfs.h +++ b/fs/ksmbd/vfs.h @@ -14,92 +14,7 @@ #include <linux/posix_acl.h>

#include "smbacl.h" - -/* STREAM XATTR PREFIX */ -#define STREAM_PREFIX "DosStream." -#define STREAM_PREFIX_LEN (sizeof(STREAM_PREFIX) - 1) -#define XATTR_NAME_STREAM (XATTR_USER_PREFIX STREAM_PREFIX) -#define XATTR_NAME_STREAM_LEN (sizeof(XATTR_NAME_STREAM) - 1) - -enum { - XATTR_DOSINFO_ATTRIB = 0x00000001, - XATTR_DOSINFO_EA_SIZE = 0x00000002, - XATTR_DOSINFO_SIZE = 0x00000004, - XATTR_DOSINFO_ALLOC_SIZE = 0x00000008, - XATTR_DOSINFO_CREATE_TIME = 0x00000010, - XATTR_DOSINFO_CHANGE_TIME = 0x00000020, - XATTR_DOSINFO_ITIME = 0x00000040 -}; - -struct xattr_dos_attrib { - __u16 version; - __u32 flags; - __u32 attr; - __u32 ea_size; - __u64 size; - __u64 alloc_size; - __u64 create_time; - __u64 change_time; - __u64 itime; -}; - -/* DOS ATTRIBUITE XATTR PREFIX */ -#define DOS_ATTRIBUTE_PREFIX "DOSATTRIB" -#define DOS_ATTRIBUTE_PREFIX_LEN (sizeof(DOS_ATTRIBUTE_PREFIX) - 1) -#define XATTR_NAME_DOS_ATTRIBUTE \ - (XATTR_USER_PREFIX DOS_ATTRIBUTE_PREFIX) -#define XATTR_NAME_DOS_ATTRIBUTE_LEN \ - (sizeof(XATTR_USER_PREFIX DOS_ATTRIBUTE_PREFIX) - 1) - -#define XATTR_SD_HASH_TYPE_SHA256 0x1 -#define XATTR_SD_HASH_SIZE 64 - -#define SMB_ACL_READ 4 -#define SMB_ACL_WRITE 2 -#define SMB_ACL_EXECUTE 1 - -enum { - SMB_ACL_TAG_INVALID = 0, - SMB_ACL_USER, - SMB_ACL_USER_OBJ, - SMB_ACL_GROUP, - SMB_ACL_GROUP_OBJ, - SMB_ACL_OTHER, - SMB_ACL_MASK -}; - -struct xattr_acl_entry { - int type; - uid_t uid; - gid_t gid; - mode_t perm; -}; - -struct xattr_smb_acl { - int count; - int next; - struct xattr_acl_entry entries[0]; -}; - -struct xattr_ntacl { - __u16 version; - void *sd_buf; - __u32 sd_size; - __u16 hash_type; - __u8 desc[10]; - __u16 desc_len; - __u64 current_time; - __u8 hash[XATTR_SD_HASH_SIZE]; - __u8 posix_acl_hash[XATTR_SD_HASH_SIZE]; -}; - -/* SECURITY DESCRIPTOR XATTR PREFIX */ -#define SD_PREFIX "NTACL" -#define SD_PREFIX_LEN (sizeof(SD_PREFIX) - 1) -#define XATTR_NAME_SD \ - (XATTR_SECURITY_PREFIX SD_PREFIX) -#define XATTR_NAME_SD_LEN \ - (sizeof(XATTR_SECURITY_PREFIX SD_PREFIX) - 1) +#include "xattr.h"

/* * Enumeration for stream type. diff --git a/fs/ksmbd/xattr.h b/fs/ksmbd/xattr.h new file mode 100644 index 000000000000..8857c01093d9 --- /dev/null +++ b/fs/ksmbd/xattr.h @@ -0,0 +1,122 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2021 Samsung Electronics Co., Ltd. + */ + +#ifndef __XATTR_H__ +#define __XATTR_H__ + +/* + * These are on-disk structures to store additional metadata into xattr to + * reproduce windows filesystem semantics. And they are encoded with NDR to + * compatible with samba's xattr meta format. The compatibility with samba + * is important because it can lose the information(file attribute, + * creation time, acls) about the existing files when switching between + * ksmbd and samba. + */ + +/* + * Dos attribute flags used for what variable is valid. + */ +enum { + XATTR_DOSINFO_ATTRIB = 0x00000001, + XATTR_DOSINFO_EA_SIZE = 0x00000002, + XATTR_DOSINFO_SIZE = 0x00000004, + XATTR_DOSINFO_ALLOC_SIZE = 0x00000008, + XATTR_DOSINFO_CREATE_TIME = 0x00000010, + XATTR_DOSINFO_CHANGE_TIME = 0x00000020, + XATTR_DOSINFO_ITIME = 0x00000040 +}; + +/* + * Dos attribute structure which is compatible with samba's one. + * Storing it into the xattr named "DOSATTRIB" separately from inode + * allows ksmbd to faithfully reproduce windows filesystem semantics + * on top of a POSIX filesystem. + */ +struct xattr_dos_attrib { + __u16 version; /* version 3 or version 4 */ + __u32 flags; /* valid flags */ + __u32 attr; /* Dos attribute */ + __u32 ea_size; /* EA size */ + __u64 size; + __u64 alloc_size; + __u64 create_time; /* File creation time */ + __u64 change_time; /* File change time */ + __u64 itime; /* Invented/Initial time */ +}; + +/* + * Enumeration is used for computing posix acl hash. + */ +enum { + SMB_ACL_TAG_INVALID = 0, + SMB_ACL_USER, + SMB_ACL_USER_OBJ, + SMB_ACL_GROUP, + SMB_ACL_GROUP_OBJ, + SMB_ACL_OTHER, + SMB_ACL_MASK +}; + +#define SMB_ACL_READ 4 +#define SMB_ACL_WRITE 2 +#define SMB_ACL_EXECUTE 1 + +struct xattr_acl_entry { + int type; + uid_t uid; + gid_t gid; + mode_t perm; +}; + +/* + * xattr_smb_acl structure is used for computing posix acl hash. + */ +struct xattr_smb_acl { + int count; + int next; + struct xattr_acl_entry entries[0]; +}; + +/* 64bytes hash in xattr_ntacl is computed with sha256 */ +#define XATTR_SD_HASH_TYPE_SHA256 0x1 +#define XATTR_SD_HASH_SIZE 64 + +/* + * xattr_ntacl is used for storing ntacl and hashes. + * Hash is used for checking valid posix acl and ntacl in xattr. + */ +struct xattr_ntacl { + __u16 version; /* version 4*/ + void *sd_buf; + __u32 sd_size; + __u16 hash_type; /* hash type */ + __u8 desc[10]; /* posix_acl description */ + __u16 desc_len; + __u64 current_time; + __u8 hash[XATTR_SD_HASH_SIZE]; /* 64bytes hash for ntacl */ + __u8 posix_acl_hash[XATTR_SD_HASH_SIZE]; /* 64bytes hash for posix acl */ +}; + +/* DOS ATTRIBUITE XATTR PREFIX */ +#define DOS_ATTRIBUTE_PREFIX "DOSATTRIB" +#define DOS_ATTRIBUTE_PREFIX_LEN (sizeof(DOS_ATTRIBUTE_PREFIX) - 1) +#define XATTR_NAME_DOS_ATTRIBUTE (XATTR_USER_PREFIX DOS_ATTRIBUTE_PREFIX) +#define XATTR_NAME_DOS_ATTRIBUTE_LEN \ + (sizeof(XATTR_USER_PREFIX DOS_ATTRIBUTE_PREFIX) - 1) + +/* STREAM XATTR PREFIX */ +#define STREAM_PREFIX "DosStream." +#define STREAM_PREFIX_LEN (sizeof(STREAM_PREFIX) - 1) +#define XATTR_NAME_STREAM (XATTR_USER_PREFIX STREAM_PREFIX) +#define XATTR_NAME_STREAM_LEN (sizeof(XATTR_NAME_STREAM) - 1) + +/* SECURITY DESCRIPTOR(NTACL) XATTR PREFIX */ +#define SD_PREFIX "NTACL" +#define SD_PREFIX_LEN (sizeof(SD_PREFIX) - 1) +#define XATTR_NAME_SD (XATTR_SECURITY_PREFIX SD_PREFIX) +#define XATTR_NAME_SD_LEN \ + (sizeof(XATTR_SECURITY_PREFIX SD_PREFIX) - 1) + +#endif /* __XATTR_H__ */

From patchwork Mon Nov 14 12:51:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183256 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:27 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:27 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:27 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 159/308] ksmbd: replace struct dentry with struct path in some function's arguments Date: Mon, 14 Nov 2022 20:51:08 +0800 Message-ID: 20221114125337.1831594-160-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 25094655-d530-4567-9fe9-08dac63c6e1a X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6874381 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit ef24c962d0f29036041a007a75bcd0f50233c83e category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/ef24c962d0f2

-------------------------------

For user namespace support, we need to pass struct user_namespace with struct dentry to some functions. For reducing the number of arguments, replace the struct dentry with struct path in these functions.

Reviewed-by: Christoph Hellwig hch@lst.de Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 21 +++++++++++---------- fs/ksmbd/smbacl.c | 25 +++++++++++++------------ fs/ksmbd/smbacl.h | 6 +++--- 3 files changed, 27 insertions(+), 25 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index bf798ee65b25..d79ea3eb57a7 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -2172,13 +2172,13 @@ static noinline int smb2_set_stream_name_xattr(struct path *path, return 0; }

-static int smb2_remove_smb_xattrs(struct dentry *dentry) +static int smb2_remove_smb_xattrs(struct path *path) { char *name, *xattr_list = NULL; ssize_t xattr_list_len; int err = 0;

- xattr_list_len = ksmbd_vfs_listxattr(dentry, &xattr_list); + xattr_list_len = ksmbd_vfs_listxattr(path->dentry, &xattr_list); if (xattr_list_len < 0) { goto out; } else if (!xattr_list_len) { @@ -2196,7 +2196,7 @@ static int smb2_remove_smb_xattrs(struct dentry *dentry) strncmp(&name[XATTR_USER_PREFIX_LEN], STREAM_PREFIX, STREAM_PREFIX_LEN)) continue;

- err = ksmbd_vfs_remove_xattr(dentry, name); + err = ksmbd_vfs_remove_xattr(path->dentry, name); if (err) ksmbd_debug(SMB, "remove xattr failed : %s\n", name); } @@ -2214,7 +2214,7 @@ static int smb2_create_truncate(struct path *path) return rc; }

- rc = smb2_remove_smb_xattrs(path->dentry); + rc = smb2_remove_smb_xattrs(path); if (rc == -EOPNOTSUPP) rc = 0; if (rc) @@ -2305,7 +2305,7 @@ static int smb2_creat(struct ksmbd_work *work, struct path *path, char *name,

static int smb2_create_sd_buffer(struct ksmbd_work *work, struct smb2_create_req *req, - struct dentry *dentry) + struct path *path) { struct create_context *context; int rc = -ENOENT; @@ -2321,7 +2321,8 @@ static int smb2_create_sd_buffer(struct ksmbd_work *work, ksmbd_debug(SMB, "Set ACLs using SMB2_CREATE_SD_BUFFER context\n"); sd_buf = (struct create_sd_buf_req *)context; - rc = set_info_sec(work->conn, work->tcon, dentry, &sd_buf->ntsd, + rc = set_info_sec(work->conn, work->tcon, + path, &sd_buf->ntsd, le32_to_cpu(sd_buf->ccontext.DataLength), true); }

@@ -2684,7 +2685,7 @@ int smb2_open(struct ksmbd_work *work) daccess = smb_map_generic_desired_access(req->DesiredAccess);

if (file_present && !(req->CreateOptions & FILE_DELETE_ON_CLOSE_LE)) { - rc = smb_check_perm_dacl(conn, path.dentry, &daccess, + rc = smb_check_perm_dacl(conn, &path, &daccess, sess->user->uid); if (rc) goto err_out; @@ -2814,12 +2815,12 @@ int smb2_open(struct ksmbd_work *work)

if (test_share_config_flag(work->tcon->share_conf, KSMBD_SHARE_FLAG_ACL_XATTR)) { - rc = smb_inherit_dacl(conn, path.dentry, sess->user->uid, + rc = smb_inherit_dacl(conn, &path, sess->user->uid, sess->user->gid); }

if (rc) { - rc = smb2_create_sd_buffer(work, req, path.dentry); + rc = smb2_create_sd_buffer(work, req, &path); if (rc) { if (posix_acl_rc) ksmbd_vfs_set_init_posix_acl(inode); @@ -5719,7 +5720,7 @@ static int smb2_set_info_sec(struct ksmbd_file *fp, int addition_info,

fp->saccess |= FILE_SHARE_DELETE_LE;

- return set_info_sec(fp->conn, fp->tcon, fp->filp->f_path.dentry, pntsd, + return set_info_sec(fp->conn, fp->tcon, &fp->filp->f_path, pntsd, buf_len, false); }

diff --git a/fs/ksmbd/smbacl.c b/fs/ksmbd/smbacl.c index d385c7045cc0..e0825d3771a1 100644 --- a/fs/ksmbd/smbacl.c +++ b/fs/ksmbd/smbacl.c @@ -941,7 +941,8 @@ static void smb_set_ace(struct smb_ace *ace, const struct smb_sid *sid, u8 type, ace->size = cpu_to_le16(1 + 1 + 2 + 4 + 1 + 1 + 6 + (sid->num_subauth * 4)); }

-int smb_inherit_dacl(struct ksmbd_conn *conn, struct dentry *dentry, +int smb_inherit_dacl(struct ksmbd_conn *conn, + struct path *path, unsigned int uid, unsigned int gid) { const struct smb_sid *psid, *creator = NULL; @@ -949,11 +950,11 @@ int smb_inherit_dacl(struct ksmbd_conn *conn, struct dentry *dentry, struct smb_acl *parent_pdacl; struct smb_ntsd *parent_pntsd = NULL; struct smb_sid owner_sid, group_sid; - struct dentry *parent = dentry->d_parent; + struct dentry *parent = path->dentry->d_parent; int inherited_flags = 0, flags = 0, i, ace_cnt = 0, nt_size = 0; int rc = -ENOENT, num_aces, dacloffset, pntsd_type, acl_len; char *aces_base; - bool is_dir = S_ISDIR(d_inode(dentry)->i_mode); + bool is_dir = S_ISDIR(d_inode(path->dentry)->i_mode);

acl_len = ksmbd_vfs_get_sd_xattr(conn, parent, &parent_pntsd); if (acl_len <= 0) @@ -1086,7 +1087,7 @@ int smb_inherit_dacl(struct ksmbd_conn *conn, struct dentry *dentry, pntsd_size += sizeof(struct smb_acl) + nt_size; }

- ksmbd_vfs_set_sd_xattr(conn, dentry, pntsd, pntsd_size); + ksmbd_vfs_set_sd_xattr(conn, path->dentry, pntsd, pntsd_size); kfree(pntsd); rc = 0; } @@ -1109,7 +1110,7 @@ bool smb_inherit_flags(int flags, bool is_dir) return false; }

-int smb_check_perm_dacl(struct ksmbd_conn *conn, struct dentry *dentry, +int smb_check_perm_dacl(struct ksmbd_conn *conn, struct path *path, __le32 *pdaccess, int uid) { struct smb_ntsd *pntsd = NULL; @@ -1127,7 +1128,7 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, struct dentry *dentry, char *end_of_acl;

ksmbd_debug(SMB, "check permission using windows acl\n"); - acl_size = ksmbd_vfs_get_sd_xattr(conn, dentry, &pntsd); + acl_size = ksmbd_vfs_get_sd_xattr(conn, path->dentry, &pntsd); if (acl_size <= 0 || !pntsd || !pntsd->dacloffset) { kfree(pntsd); return 0; @@ -1201,7 +1202,7 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, struct dentry *dentry, granted = GENERIC_ALL_FLAGS; }

- posix_acls = get_acl(d_inode(dentry), ACL_TYPE_ACCESS); + posix_acls = get_acl(d_inode(path->dentry), ACL_TYPE_ACCESS); if (posix_acls && !found) { unsigned int id = -1;

@@ -1261,12 +1262,12 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, struct dentry *dentry, }

int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon, - struct dentry *dentry, struct smb_ntsd *pntsd, int ntsd_len, + struct path *path, struct smb_ntsd *pntsd, int ntsd_len, bool type_check) { int rc; struct smb_fattr fattr = {{0}}; - struct inode *inode = d_inode(dentry); + struct inode *inode = d_inode(path->dentry);

fattr.cf_uid = INVALID_UID; fattr.cf_gid = INVALID_GID; @@ -1283,7 +1284,7 @@ int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon, inode->i_gid = fattr.cf_gid; mark_inode_dirty(inode);

- ksmbd_vfs_remove_acl_xattrs(dentry); + ksmbd_vfs_remove_acl_xattrs(path->dentry); /* Update posix acls */ if (fattr.cf_dacls) { rc = set_posix_acl(&init_user_ns, inode, ACL_TYPE_ACCESS, @@ -1299,8 +1300,8 @@ int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon,

if (test_share_config_flag(tcon->share_conf, KSMBD_SHARE_FLAG_ACL_XATTR)) { /* Update WinACL in xattr */ - ksmbd_vfs_remove_sd_xattrs(dentry); - ksmbd_vfs_set_sd_xattr(conn, dentry, pntsd, ntsd_len); + ksmbd_vfs_remove_sd_xattrs(path->dentry); + ksmbd_vfs_set_sd_xattr(conn, path->dentry, pntsd, ntsd_len); }

out: diff --git a/fs/ksmbd/smbacl.h b/fs/ksmbd/smbacl.h index 3e1345e9f24f..4ee7bda32e5f 100644 --- a/fs/ksmbd/smbacl.h +++ b/fs/ksmbd/smbacl.h @@ -200,12 +200,12 @@ void posix_state_to_acl(struct posix_acl_state *state, struct posix_acl_entry *pace); int compare_sids(const struct smb_sid *ctsid, const struct smb_sid *cwsid); bool smb_inherit_flags(int flags, bool is_dir); -int smb_inherit_dacl(struct ksmbd_conn *conn, struct dentry *dentry, +int smb_inherit_dacl(struct ksmbd_conn *conn, struct path *path, unsigned int uid, unsigned int gid); -int smb_check_perm_dacl(struct ksmbd_conn *conn, struct dentry *dentry, +int smb_check_perm_dacl(struct ksmbd_conn *conn, struct path *path, __le32 *pdaccess, int uid); int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon, - struct dentry *dentry, struct smb_ntsd *pntsd, int ntsd_len, + struct path *path, struct smb_ntsd *pntsd, int ntsd_len, bool type_check); void id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid); void ksmbd_init_domain(u32 *sub_auth);

From patchwork Mon Nov 14 12:51:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183257 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:28 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:28 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:27 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 160/308] ksmbd: adapt vfs api to 5.10 Date: Mon, 14 Nov 2022 20:51:09 +0800 Message-ID: 20221114125337.1831594-161-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: e6ae0d0d-61ae-4a33-7e2b-08dac63c6e63 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6965482 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

-------------------------------

These vfs apis have not supported user namespace in 5.10, so we need to adapt these apis to remove all user namespace parameters.

Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 31 +++++++++++++------------- fs/ksmbd/smbacl.c | 4 ++-- fs/ksmbd/vfs.c | 54 +++++++++++++++++++++------------------------- 3 files changed, 41 insertions(+), 48 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index d79ea3eb57a7..dedd00379fde 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -2634,7 +2634,7 @@ int smb2_open(struct ksmbd_work *work) rc = 0; } else { file_present = true; - generic_fillattr(&init_user_ns, d_inode(path.dentry), &stat); + generic_fillattr(d_inode(path.dentry), &stat); } if (stream_name) { if (req->CreateOptions & FILE_DIRECTORY_FILE_LE) { @@ -2738,8 +2738,7 @@ int smb2_open(struct ksmbd_work *work) * is already granted. */ if (daccess & ~(FILE_READ_ATTRIBUTES_LE | FILE_READ_CONTROL_LE)) { - rc = inode_permission(&init_user_ns, - d_inode(path.dentry), + rc = inode_permission(d_inode(path.dentry), may_flags); if (rc) goto err_out; @@ -2895,7 +2894,7 @@ int smb2_open(struct ksmbd_work *work)

rc = ksmbd_vfs_getattr(&path, &stat); if (rc) { - generic_fillattr(&init_user_ns, d_inode(path.dentry), &stat); + generic_fillattr(d_inode(path.dentry), &stat); rc = 0; }

@@ -2996,7 +2995,7 @@ int smb2_open(struct ksmbd_work *work)

memcpy(fp->client_guid, conn->ClientGUID, SMB2_CLIENT_GUID_SIZE);

- generic_fillattr(&init_user_ns, file_inode(fp->filp), &stat); + generic_fillattr(file_inode(fp->filp), &stat);

rsp->StructureSize = cpu_to_le16(89); rcu_read_lock(); @@ -3710,7 +3709,7 @@ int smb2_query_dir(struct ksmbd_work *work) }

if (!(dir_fp->daccess & FILE_LIST_DIRECTORY_LE) || - inode_permission(&init_user_ns, file_inode(dir_fp->filp), + inode_permission(file_inode(dir_fp->filp), MAY_READ | MAY_EXEC)) { pr_err("no right to enumerate directory (%pd)\n", dir_fp->filp->f_path.dentry); @@ -4124,7 +4123,7 @@ static int get_file_basic_info(struct smb2_query_info_rsp *rsp, }

basic_info = (struct smb2_file_all_info *)rsp->Buffer; - generic_fillattr(&init_user_ns, file_inode(fp->filp), &stat); + generic_fillattr(file_inode(fp->filp), &stat); basic_info->CreationTime = cpu_to_le64(fp->create_time); time = ksmbd_UnixTimeToNT(stat.atime); basic_info->LastAccessTime = cpu_to_le64(time); @@ -4165,7 +4164,7 @@ static void get_file_standard_info(struct smb2_query_info_rsp *rsp, struct kstat stat;

inode = file_inode(fp->filp); - generic_fillattr(&init_user_ns, inode, &stat); + generic_fillattr(inode, &stat);

sinfo = (struct smb2_file_standard_info *)rsp->Buffer; delete_pending = ksmbd_inode_pending_delete(fp); @@ -4220,7 +4219,7 @@ static int get_file_all_info(struct ksmbd_work *work, return -ENOMEM;

inode = file_inode(fp->filp); - generic_fillattr(&init_user_ns, inode, &stat); + generic_fillattr(inode, &stat);

ksmbd_debug(SMB, "filename = %s\n", filename); delete_pending = ksmbd_inode_pending_delete(fp); @@ -4295,7 +4294,7 @@ static void get_file_stream_info(struct ksmbd_work *work, ssize_t xattr_list_len; int nbytes = 0, streamlen, stream_name_len, next, idx = 0;

- generic_fillattr(&init_user_ns, file_inode(fp->filp), &stat); + generic_fillattr(file_inode(fp->filp), &stat); file_info = (struct smb2_file_stream_info *)rsp->Buffer;

xattr_list_len = ksmbd_vfs_listxattr(path->dentry, &xattr_list); @@ -4374,7 +4373,7 @@ static void get_file_internal_info(struct smb2_query_info_rsp *rsp, struct smb2_file_internal_info *file_info; struct kstat stat;

- generic_fillattr(&init_user_ns, file_inode(fp->filp), &stat); + generic_fillattr(file_inode(fp->filp), &stat); file_info = (struct smb2_file_internal_info *)rsp->Buffer; file_info->IndexNumber = cpu_to_le64(stat.ino); rsp->OutputBufferLength = @@ -4399,7 +4398,7 @@ static int get_file_network_open_info(struct smb2_query_info_rsp *rsp, file_info = (struct smb2_file_ntwrk_info *)rsp->Buffer;

inode = file_inode(fp->filp); - generic_fillattr(&init_user_ns, inode, &stat); + generic_fillattr(inode, &stat);

file_info->CreationTime = cpu_to_le64(fp->create_time); time = ksmbd_UnixTimeToNT(stat.atime); @@ -4460,7 +4459,7 @@ static void get_file_compression_info(struct smb2_query_info_rsp *rsp, struct smb2_file_comp_info *file_info; struct kstat stat;

- generic_fillattr(&init_user_ns, file_inode(fp->filp), &stat); + generic_fillattr(file_inode(fp->filp), &stat);

file_info = (struct smb2_file_comp_info *)rsp->Buffer; file_info->CompressedFileSize = cpu_to_le64(stat.blocks << 9); @@ -5433,14 +5432,14 @@ static int set_file_basic_info(struct ksmbd_file *fp, char *buf, if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) return -EACCES;

- rc = setattr_prepare(&init_user_ns, dentry, &attrs); + rc = setattr_prepare(dentry, &attrs); if (rc) return -EINVAL;

inode_lock(inode); - setattr_copy(&init_user_ns, inode, &attrs); + setattr_copy(inode, &attrs); attrs.ia_valid &= ~ATTR_CTIME; - rc = notify_change(&init_user_ns, dentry, &attrs, NULL); + rc = notify_change(dentry, &attrs, NULL); inode_unlock(inode); } return 0; diff --git a/fs/ksmbd/smbacl.c b/fs/ksmbd/smbacl.c index e0825d3771a1..b1e9473a732a 100644 --- a/fs/ksmbd/smbacl.c +++ b/fs/ksmbd/smbacl.c @@ -1287,10 +1287,10 @@ int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon, ksmbd_vfs_remove_acl_xattrs(path->dentry); /* Update posix acls */ if (fattr.cf_dacls) { - rc = set_posix_acl(&init_user_ns, inode, ACL_TYPE_ACCESS, + rc = set_posix_acl(inode, ACL_TYPE_ACCESS, fattr.cf_acls); if (S_ISDIR(inode->i_mode) && fattr.cf_dacls) - rc = set_posix_acl(&init_user_ns, inode, + rc = set_posix_acl(inode, ACL_TYPE_DEFAULT, fattr.cf_dacls); }

diff --git a/fs/ksmbd/vfs.c b/fs/ksmbd/vfs.c index 702166266f91..63aea927d71e 100644 --- a/fs/ksmbd/vfs.c +++ b/fs/ksmbd/vfs.c @@ -107,7 +107,7 @@ int ksmbd_vfs_may_delete(struct dentry *dentry) return ret; }

- ret = inode_permission(&init_user_ns, d_inode(parent), + ret = inode_permission(d_inode(parent), MAY_EXEC | MAY_WRITE);

inode_unlock(d_inode(parent)); @@ -122,16 +122,16 @@ int ksmbd_vfs_query_maximal_access(struct dentry *dentry, __le32 *daccess)

*daccess = cpu_to_le32(FILE_READ_ATTRIBUTES | READ_CONTROL);

- if (!inode_permission(&init_user_ns, d_inode(dentry), MAY_OPEN | MAY_WRITE)) + if (!inode_permission(d_inode(dentry), MAY_OPEN | MAY_WRITE)) *daccess |= cpu_to_le32(WRITE_DAC | WRITE_OWNER | SYNCHRONIZE | FILE_WRITE_DATA | FILE_APPEND_DATA | FILE_WRITE_EA | FILE_WRITE_ATTRIBUTES | FILE_DELETE_CHILD);

- if (!inode_permission(&init_user_ns, d_inode(dentry), MAY_OPEN | MAY_READ)) + if (!inode_permission(d_inode(dentry), MAY_OPEN | MAY_READ)) *daccess |= FILE_READ_DATA_LE | FILE_READ_EA_LE;

- if (!inode_permission(&init_user_ns, d_inode(dentry), MAY_OPEN | MAY_EXEC)) + if (!inode_permission(d_inode(dentry), MAY_OPEN | MAY_EXEC)) *daccess |= FILE_EXECUTE_LE;

parent = dget_parent(dentry); @@ -141,7 +141,7 @@ int ksmbd_vfs_query_maximal_access(struct dentry *dentry, __le32 *daccess) return ret; }

- if (!inode_permission(&init_user_ns, d_inode(parent), MAY_EXEC | MAY_WRITE)) + if (!inode_permission(d_inode(parent), MAY_EXEC | MAY_WRITE)) *daccess |= FILE_DELETE_LE;

inode_unlock(d_inode(parent)); @@ -173,7 +173,7 @@ int ksmbd_vfs_create(struct ksmbd_work *work, const char *name, umode_t mode) }

mode |= S_IFREG; - err = vfs_create(&init_user_ns, d_inode(path.dentry), dentry, mode, true); + err = vfs_create(d_inode(path.dentry), dentry, mode, true); if (!err) { ksmbd_vfs_inherit_owner(work, d_inode(path.dentry), d_inode(dentry)); @@ -208,7 +208,7 @@ int ksmbd_vfs_mkdir(struct ksmbd_work *work, const char *name, umode_t mode) }

mode |= S_IFDIR; - err = vfs_mkdir(&init_user_ns, d_inode(path.dentry), dentry, mode); + err = vfs_mkdir(d_inode(path.dentry), dentry, mode); if (err) { goto out; } else if (d_unhashed(dentry)) { @@ -606,12 +606,12 @@ int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name) }

if (S_ISDIR(d_inode(path.dentry)->i_mode)) { - err = vfs_rmdir(&init_user_ns, d_inode(parent), path.dentry); + err = vfs_rmdir(d_inode(parent), path.dentry); if (err && err != -ENOTEMPTY) ksmbd_debug(VFS, "%s: rmdir failed, err %d\n", name, err); } else { - err = vfs_unlink(&init_user_ns, d_inode(parent), path.dentry, + err = vfs_unlink(d_inode(parent), path.dentry, NULL); if (err) ksmbd_debug(VFS, "%s: unlink failed, err %d\n", name, @@ -669,7 +669,7 @@ int ksmbd_vfs_link(struct ksmbd_work *work, const char *oldname, goto out3; }

- err = vfs_link(oldpath.dentry, &init_user_ns, d_inode(newpath.dentry), + err = vfs_link(oldpath.dentry, d_inode(newpath.dentry), dentry, NULL); if (err) ksmbd_debug(VFS, "vfs_link failed err %d\n", err); @@ -743,15 +743,9 @@ static int __ksmbd_vfs_rename(struct ksmbd_work *work,

err = -ENOTEMPTY; if (dst_dent != trap_dent && !d_really_is_positive(dst_dent)) { - struct renamedata rd = { - .old_mnt_userns = &init_user_ns, - .old_dir = d_inode(src_dent_parent), - .old_dentry = src_dent, - .new_mnt_userns = &init_user_ns, - .new_dir = d_inode(dst_dent_parent), - .new_dentry = dst_dent, - }; - err = vfs_rename(&rd); + err = vfs_rename(d_inode(src_dent_parent), src_dent, + d_inode(dst_dent_parent), dst_dent, + NULL, 0); } if (err) pr_err("vfs_rename failed err %d\n", err); @@ -919,7 +913,7 @@ ssize_t ksmbd_vfs_listxattr(struct dentry *dentry, char **list)

static ssize_t ksmbd_vfs_xattr_len(struct dentry *dentry, char *xattr_name) { - return vfs_getxattr(&init_user_ns, dentry, xattr_name, NULL, 0); + return vfs_getxattr(dentry, xattr_name, NULL, 0); }

/** @@ -945,7 +939,7 @@ ssize_t ksmbd_vfs_getxattr(struct dentry *dentry, char *xattr_name, if (!buf) return -ENOMEM;

- xattr_len = vfs_getxattr(&init_user_ns, dentry, xattr_name, + xattr_len = vfs_getxattr(dentry, xattr_name, (void *)buf, xattr_len); if (xattr_len > 0) *xattr_buf = buf; @@ -969,7 +963,7 @@ int ksmbd_vfs_setxattr(struct dentry *dentry, const char *attr_name, { int err;

- err = vfs_setxattr(&init_user_ns, dentry, + err = vfs_setxattr(dentry, attr_name, attr_value, attr_size, @@ -1078,7 +1072,7 @@ int ksmbd_vfs_fqar_lseek(struct ksmbd_file *fp, loff_t start, loff_t length,

int ksmbd_vfs_remove_xattr(struct dentry *dentry, char *attr_name) { - return vfs_removexattr(&init_user_ns, dentry, attr_name); + return vfs_removexattr(dentry, attr_name); }

int ksmbd_vfs_unlink(struct dentry *dir, struct dentry *dentry) @@ -1091,9 +1085,9 @@ int ksmbd_vfs_unlink(struct dentry *dir, struct dentry *dentry) dget(dentry);

if (S_ISDIR(d_inode(dentry)->i_mode)) - err = vfs_rmdir(&init_user_ns, d_inode(dir), dentry); + err = vfs_rmdir(d_inode(dir), dentry); else - err = vfs_unlink(&init_user_ns, d_inode(dir), dentry, NULL); + err = vfs_unlink(d_inode(dir), dentry, NULL);

dput(dentry); inode_unlock(d_inode(dir)); @@ -1599,7 +1593,7 @@ int ksmbd_vfs_fill_dentry_attrs(struct ksmbd_work *work, struct dentry *dentry, u64 time; int rc;

- generic_fillattr(&init_user_ns, d_inode(dentry), ksmbd_kstat->kstat); + generic_fillattr(d_inode(dentry), ksmbd_kstat->kstat);

time = ksmbd_UnixTimeToNT(ksmbd_kstat->kstat->ctime); ksmbd_kstat->create_time = time; @@ -1804,13 +1798,13 @@ int ksmbd_vfs_set_init_posix_acl(struct inode *inode) return -ENOMEM; } posix_state_to_acl(&acl_state, acls->a_entries); - rc = set_posix_acl(&init_user_ns, inode, ACL_TYPE_ACCESS, acls); + rc = set_posix_acl(inode, ACL_TYPE_ACCESS, acls); if (rc < 0) ksmbd_debug(SMB, "Set posix acl(ACL_TYPE_ACCESS) failed, rc : %d\n", rc); else if (S_ISDIR(inode->i_mode)) { posix_state_to_acl(&acl_state, acls->a_entries); - rc = set_posix_acl(&init_user_ns, inode, ACL_TYPE_DEFAULT, + rc = set_posix_acl(inode, ACL_TYPE_DEFAULT, acls); if (rc < 0) ksmbd_debug(SMB, "Set posix acl(ACL_TYPE_DEFAULT) failed, rc : %d\n", @@ -1839,12 +1833,12 @@ int ksmbd_vfs_inherit_posix_acl(struct inode *inode, struct inode *parent_inode) } }

- rc = set_posix_acl(&init_user_ns, inode, ACL_TYPE_ACCESS, acls); + rc = set_posix_acl(inode, ACL_TYPE_ACCESS, acls); if (rc < 0) ksmbd_debug(SMB, "Set posix acl(ACL_TYPE_ACCESS) failed, rc : %d\n", rc); if (S_ISDIR(inode->i_mode)) { - rc = set_posix_acl(&init_user_ns, inode, ACL_TYPE_DEFAULT, + rc = set_posix_acl(inode, ACL_TYPE_DEFAULT, acls); if (rc < 0) ksmbd_debug(SMB, "Set posix acl(ACL_TYPE_DEFAULT) failed, rc : %d\n",

From patchwork Mon Nov 14 12:51:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183258 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:28 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:28 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:28 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 161/308] ksmbd: fix kernel oops in ksmbd_rpc_ioctl/rap() Date: Mon, 14 Nov 2022 20:51:10 +0800 Message-ID: 20221114125337.1831594-162-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: b758bf36-af31-407e-5cf9-08dac63c6eac X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7047542 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 690f969705138b235b9fa4c4d19e5129ed54a845 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/690f96970513

-------------------------------

"ksmbd: remove macros in transport_ipc.c" commit change msg to req in ksmbd_rpc_ioctl/rap(). This will cause kernel oops when running smbclient -L test.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/transport_ipc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/ksmbd/transport_ipc.c b/fs/ksmbd/transport_ipc.c index ca5099118fdf..44aea33a67fa 100644 --- a/fs/ksmbd/transport_ipc.c +++ b/fs/ksmbd/transport_ipc.c @@ -752,7 +752,7 @@ struct ksmbd_rpc_command *ksmbd_rpc_ioctl(struct ksmbd_session *sess, int handle return NULL;

msg->type = KSMBD_EVENT_RPC_REQUEST; - req = (struct ksmbd_rpc_command *)req->payload; + req = (struct ksmbd_rpc_command *)msg->payload; req->handle = handle; req->flags = ksmbd_session_rpc_method(sess, handle); req->flags |= rpc_context_flags(sess); @@ -777,7 +777,7 @@ struct ksmbd_rpc_command *ksmbd_rpc_rap(struct ksmbd_session *sess, void *payloa return NULL;

msg->type = KSMBD_EVENT_RPC_REQUEST; - req = (struct ksmbd_rpc_command *)req->payload; + req = (struct ksmbd_rpc_command *)msg->payload; req->handle = ksmbd_acquire_id(&ipc_ida); req->flags = rpc_context_flags(sess); req->flags |= KSMBD_RPC_RAP_METHOD;

From patchwork Mon Nov 14 12:51:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183259 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:29 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:29 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:28 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 162/308] ksmbd: Fix read on the uninitialized pointer sess Date: Mon, 14 Nov 2022 20:51:11 +0800 Message-ID: 20221114125337.1831594-163-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: ce8da284-f311-4264-ee26-08dac63c6ef4 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6968047 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Colin Ian King colin.king@canonical.com

mainline inclusion from mainline-5.15-rc1 commit 4951a84f61d6de4ab5aca1d49a6b6ee2ad2d1eec category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/4951a84f61d6

-------------------------------

There is a error handling case that passes control to label out_err without pointer sess being assigned a value. The unassigned pointer may be any garbage value and so the test of rc < 0 && sess maybe true leading to sess being passed to the call to ksmbd_session_destroy. Fix this by setting sess to NULL in this corner case.

Addresses-Coverity: ("Uninitialized pointer read") Signed-off-by: Colin Ian King colin.king@canonical.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 1 + 1 file changed, 1 insertion(+)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index dedd00379fde..986ba0632dcc 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -1615,6 +1615,7 @@ int smb2_sess_setup(struct ksmbd_work *work) } else if ((conn->dialect < SMB30_PROT_ID || server_conf.flags & KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL) && (req->Flags & SMB2_SESSION_REQ_FLAG_BINDING)) { + sess = NULL; rc = -EACCES; goto out_err; } else {

From patchwork Mon Nov 14 12:51:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183260 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:29 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:29 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:28 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 163/308] ksmbd: remove unneeded NULL check in for_each_netdev Date: Mon, 14 Nov 2022 20:51:12 +0800 Message-ID: 20221114125337.1831594-164-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: d12aa288-5677-446d-cc21-08dac63c6f3d X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7039113 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 6cfbcf2f40e371ce36c030addc539597d058b3a9 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/6cfbcf2f40e3

-------------------------------

netdev can never be NULL in for_each_netdev loop. This patch remove unneeded NULL check.

Reported-by: Coverity Scan scan-admin@coverity.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 5 ----- 1 file changed, 5 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 986ba0632dcc..381ee5a812fc 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -6961,11 +6961,6 @@ static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn,

rtnl_lock(); for_each_netdev(&init_net, netdev) { - if (unlikely(!netdev)) { - rtnl_unlock(); - return -EINVAL; - } - if (netdev->type == ARPHRD_LOOPBACK) continue;

From patchwork Mon Nov 14 12:51:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183261 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:30 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:30 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:29 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 164/308] ksmbd: fix read on the uninitialized send_ctx Date: Mon, 14 Nov 2022 20:51:13 +0800 Message-ID: 20221114125337.1831594-165-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: d022e6f3-669d-4b59-db23-08dac63c6f87 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7043174 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit b8fc94cdb144467d88f35344076fd3621af93a17 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/b8fc94cdb144

-------------------------------

If st->status is not SMB_DIRECT_CS_CONNECTED, It will jump done label and accessing the uninitialized send_ctxi by smb_direct_flush_send_list will cause kernel oops. This patch just return -ENOTCONN to avoid it.

Reported-by: Coverity Scan scan-admin@coverity.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/transport_rdma.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c index 171fb3dd018a..d5728c84a15a 100644 --- a/fs/ksmbd/transport_rdma.c +++ b/fs/ksmbd/transport_rdma.c @@ -1207,10 +1207,8 @@ static int smb_direct_writev(struct ksmbd_transport *t, struct kvec vec; struct smb_direct_send_ctx send_ctx;

- if (st->status != SMB_DIRECT_CS_CONNECTED) { - ret = -ENOTCONN; - goto done; - } + if (st->status != SMB_DIRECT_CS_CONNECTED) + return -ENOTCONN;

//FIXME: skip RFC1002 header.. buflen -= 4;

From patchwork Mon Nov 14 12:51:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183262 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:30 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:30 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:29 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 165/308] ksmbd: fix memory leak smb2_populate_readdir_entry() Date: Mon, 14 Nov 2022 20:51:14 +0800 Message-ID: 20221114125337.1831594-166-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: fc0fb736-7335-4cf8-9e92-08dac63c6fd1 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6825508 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit dac0ec6e1b4a876abb61b6cd2ec589f8e87e95c9 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/dac0ec6e1b4a

-------------------------------

Add missing kfree(conv_name) on error path.

Reported-by: Coverity Scan scan-admin@coverity.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 381ee5a812fc..7f665a82d5b4 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -3266,7 +3266,7 @@ static int smb2_populate_readdir_entry(struct ksmbd_conn *conn, int info_level, char *conv_name; int conv_len; void *kstat; - int struct_sz; + int struct_sz, rc = 0;

conv_name = ksmbd_convert_dir_info_name(d_info, conn->local_nls, @@ -3276,8 +3276,8 @@ static int smb2_populate_readdir_entry(struct ksmbd_conn *conn, int info_level,

/* Somehow the name has only terminating NULL bytes */ if (conv_len < 0) { - kfree(conv_name); - return -EINVAL; + rc = -EINVAL; + goto free_conv_name; }

struct_sz = readdir_info_level_struct_sz(info_level); @@ -3286,7 +3286,8 @@ static int smb2_populate_readdir_entry(struct ksmbd_conn *conn, int info_level,

if (next_entry_offset > d_info->out_buf_len) { d_info->out_buf_len = 0; - return -ENOSPC; + rc = -ENOSPC; + goto free_conv_name; }

kstat = d_info->wptr; @@ -3428,14 +3429,15 @@ static int smb2_populate_readdir_entry(struct ksmbd_conn *conn, int info_level, d_info->data_count += next_entry_offset; d_info->out_buf_len -= next_entry_offset; d_info->wptr += next_entry_offset; - kfree(conv_name);

ksmbd_debug(SMB, "info_level : %d, buf_len :%d, next_offset : %d, data_count : %d\n", info_level, d_info->out_buf_len, next_entry_offset, d_info->data_count);

- return 0; +free_conv_name: + kfree(conv_name); + return rc; }

struct smb2_query_dir_private {

From patchwork Mon Nov 14 12:51:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183263 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:31 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:30 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:30 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 166/308] ksmbd: fix memory leak in smb_inherit_dacl() Date: Mon, 14 Nov 2022 20:51:15 +0800 Message-ID: 20221114125337.1831594-167-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 082f282e-a33c-4d55-5686-08dac63c701a X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6996852 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit a9071e3c8659d777eb6527e1d377021381d1b5ec category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/a9071e3c8659

-------------------------------

Add two labels to fix memory leak in smb_inherit_dacl().

Reported-by: Coverity Scan scan-admin@coverity.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smbacl.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/fs/ksmbd/smbacl.c b/fs/ksmbd/smbacl.c index b1e9473a732a..f6019f0dc8fd 100644 --- a/fs/ksmbd/smbacl.c +++ b/fs/ksmbd/smbacl.c @@ -952,24 +952,28 @@ int smb_inherit_dacl(struct ksmbd_conn *conn, struct smb_sid owner_sid, group_sid; struct dentry *parent = path->dentry->d_parent; int inherited_flags = 0, flags = 0, i, ace_cnt = 0, nt_size = 0; - int rc = -ENOENT, num_aces, dacloffset, pntsd_type, acl_len; + int rc = 0, num_aces, dacloffset, pntsd_type, acl_len; char *aces_base; bool is_dir = S_ISDIR(d_inode(path->dentry)->i_mode);

acl_len = ksmbd_vfs_get_sd_xattr(conn, parent, &parent_pntsd); if (acl_len <= 0) - return rc; + return -ENOENT; dacloffset = le32_to_cpu(parent_pntsd->dacloffset); - if (!dacloffset) - goto out; + if (!dacloffset) { + rc = -EINVAL; + goto free_parent_pntsd; + }

parent_pdacl = (struct smb_acl *)((char *)parent_pntsd + dacloffset); num_aces = le32_to_cpu(parent_pdacl->num_aces); pntsd_type = le16_to_cpu(parent_pntsd->type);

aces_base = kmalloc(sizeof(struct smb_ace) * num_aces * 2, GFP_KERNEL); - if (!aces_base) - goto out; + if (!aces_base) { + rc = -ENOMEM; + goto free_parent_pntsd; + }

aces = (struct smb_ace *)aces_base; parent_aces = (struct smb_ace *)((char *)parent_pdacl + @@ -1049,7 +1053,7 @@ int smb_inherit_dacl(struct ksmbd_conn *conn, nt_size, GFP_KERNEL); if (!pntsd) { rc = -ENOMEM; - goto out; + goto free_aces_base; }

pntsd->revision = cpu_to_le16(1); @@ -1089,11 +1093,12 @@ int smb_inherit_dacl(struct ksmbd_conn *conn,

ksmbd_vfs_set_sd_xattr(conn, path->dentry, pntsd, pntsd_size); kfree(pntsd); - rc = 0; }

+free_aces_base: kfree(aces_base); -out: +free_parent_pntsd: + kfree(parent_pntsd); return rc; }

From patchwork Mon Nov 14 12:51:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183264 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:31 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:31 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:30 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 167/308] ksmbd: change data type of volatile/persistent id to u64 Date: Mon, 14 Nov 2022 20:51:16 +0800 Message-ID: 20221114125337.1831594-168-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: a47a0195-0b12-4b69-0e24-08dac63c7063 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7228413 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 3867369ef8f760155da684e10d29e0bf9b733b48 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/3867369ef8f7

-------------------------------

This patch change data type of volatile/persistent id to u64 to make issue from idr_find and idr_remove(). !HAS_FILE_ID check will protect integer overflow issue from idr_find and idr_remove().

Reported-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/ksmbd_work.h | 6 +++--- fs/ksmbd/smb2pdu.c | 37 +++++++++++++++++++------------------ fs/ksmbd/vfs_cache.c | 32 ++++++++++++++++---------------- fs/ksmbd/vfs_cache.h | 20 +++++++++----------- 4 files changed, 47 insertions(+), 48 deletions(-)

diff --git a/fs/ksmbd/ksmbd_work.h b/fs/ksmbd/ksmbd_work.h index c655bf371ce5..f7156bc50049 100644 --- a/fs/ksmbd/ksmbd_work.h +++ b/fs/ksmbd/ksmbd_work.h @@ -43,9 +43,9 @@ struct ksmbd_work { * Current Local FID assigned compound response if SMB2 CREATE * command is present in compound request */ - unsigned int compound_fid; - unsigned int compound_pfid; - unsigned int compound_sid; + u64 compound_fid; + u64 compound_pfid; + u64 compound_sid;

const struct cred *saved_cred;

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 7f665a82d5b4..56759c254962 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -2793,7 +2793,7 @@ int smb2_open(struct ksmbd_work *work)

/* Get Persistent-ID */ ksmbd_open_durable_fd(fp); - if (!HAS_FILE_ID(fp->persistent_id)) { + if (!has_file_id(fp->persistent_id)) { rc = -ENOMEM; goto err_out; } @@ -4542,15 +4542,15 @@ static int smb2_get_info_file(struct ksmbd_work *work, }

if (work->next_smb2_rcv_hdr_off) { - if (!HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) { - ksmbd_debug(SMB, "Compound request set FID = %u\n", + if (!has_file_id(le64_to_cpu(req->VolatileFileId))) { + ksmbd_debug(SMB, "Compound request set FID = %llu\n", work->compound_fid); id = work->compound_fid; pid = work->compound_pfid; } }

- if (!HAS_FILE_ID(id)) { + if (!has_file_id(id)) { id = le64_to_cpu(req->VolatileFileId); pid = le64_to_cpu(req->PersistentFileId); } @@ -4913,15 +4913,15 @@ static int smb2_get_info_sec(struct ksmbd_work *work, }

if (work->next_smb2_rcv_hdr_off) { - if (!HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) { - ksmbd_debug(SMB, "Compound request set FID = %u\n", + if (!has_file_id(le64_to_cpu(req->VolatileFileId))) { + ksmbd_debug(SMB, "Compound request set FID = %llu\n", work->compound_fid); id = work->compound_fid; pid = work->compound_pfid; } }

- if (!HAS_FILE_ID(id)) { + if (!has_file_id(id)) { id = le64_to_cpu(req->VolatileFileId); pid = le64_to_cpu(req->PersistentFileId); } @@ -5044,7 +5044,7 @@ static noinline int smb2_close_pipe(struct ksmbd_work *work) */ int smb2_close(struct ksmbd_work *work) { - unsigned int volatile_id = KSMBD_NO_FID; + u64 volatile_id = KSMBD_NO_FID; u64 sess_id; struct smb2_close_req *req; struct smb2_close_rsp *rsp; @@ -5080,15 +5080,16 @@ int smb2_close(struct ksmbd_work *work) }

if (work->next_smb2_rcv_hdr_off && - !HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) { - if (!HAS_FILE_ID(work->compound_fid)) { + !has_file_id(le64_to_cpu(req->VolatileFileId))) { + if (!has_file_id(work->compound_fid)) { /* file already closed, return FILE_CLOSED */ ksmbd_debug(SMB, "file already closed\n"); rsp->hdr.Status = STATUS_FILE_CLOSED; err = -EBADF; goto out; } else { - ksmbd_debug(SMB, "Compound request set FID = %u:%u\n", + ksmbd_debug(SMB, + "Compound request set FID = %llu:%llu\n", work->compound_fid, work->compound_pfid); volatile_id = work->compound_fid; @@ -5100,7 +5101,7 @@ int smb2_close(struct ksmbd_work *work) } else { volatile_id = le64_to_cpu(req->VolatileFileId); } - ksmbd_debug(SMB, "volatile_id = %u\n", volatile_id); + ksmbd_debug(SMB, "volatile_id = %llu\n", volatile_id);

rsp->StructureSize = cpu_to_le16(60); rsp->Reserved = 0; @@ -5746,8 +5747,8 @@ int smb2_set_info(struct ksmbd_work *work) if (work->next_smb2_rcv_hdr_off) { req = ksmbd_req_buf_next(work); rsp = ksmbd_resp_buf_next(work); - if (!HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) { - ksmbd_debug(SMB, "Compound request set FID = %u\n", + if (!has_file_id(le64_to_cpu(req->VolatileFileId))) { + ksmbd_debug(SMB, "Compound request set FID = %llu\n", work->compound_fid); id = work->compound_fid; pid = work->compound_pfid; @@ -5757,7 +5758,7 @@ int smb2_set_info(struct ksmbd_work *work) rsp = work->response_buf; }

- if (!HAS_FILE_ID(id)) { + if (!has_file_id(id)) { id = le64_to_cpu(req->VolatileFileId); pid = le64_to_cpu(req->PersistentFileId); } @@ -7240,8 +7241,8 @@ int smb2_ioctl(struct ksmbd_work *work) if (work->next_smb2_rcv_hdr_off) { req = ksmbd_req_buf_next(work); rsp = ksmbd_resp_buf_next(work); - if (!HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) { - ksmbd_debug(SMB, "Compound request set FID = %u\n", + if (!has_file_id(le64_to_cpu(req->VolatileFileId))) { + ksmbd_debug(SMB, "Compound request set FID = %llu\n", work->compound_fid); id = work->compound_fid; } @@ -7250,7 +7251,7 @@ int smb2_ioctl(struct ksmbd_work *work) rsp = work->response_buf; }

- if (!HAS_FILE_ID(id)) + if (!has_file_id(id)) id = le64_to_cpu(req->VolatileFileId);

if (req->Flags != cpu_to_le32(SMB2_0_IOCTL_IS_FSCTL)) { diff --git a/fs/ksmbd/vfs_cache.c b/fs/ksmbd/vfs_cache.c index 5c9efcfaeb5c..f9012016bada 100644 --- a/fs/ksmbd/vfs_cache.c +++ b/fs/ksmbd/vfs_cache.c @@ -276,7 +276,7 @@ static void __ksmbd_inode_close(struct ksmbd_file *fp)

static void __ksmbd_remove_durable_fd(struct ksmbd_file *fp) { - if (!HAS_FILE_ID(fp->persistent_id)) + if (!has_file_id(fp->persistent_id)) return;

write_lock(&global_ft.lock); @@ -286,7 +286,7 @@ static void __ksmbd_remove_durable_fd(struct ksmbd_file *fp)

static void __ksmbd_remove_fd(struct ksmbd_file_table *ft, struct ksmbd_file *fp) { - if (!HAS_FILE_ID(fp->volatile_id)) + if (!has_file_id(fp->volatile_id)) return;

write_lock(&fp->f_ci->m_lock); @@ -326,10 +326,13 @@ static struct ksmbd_file *ksmbd_fp_get(struct ksmbd_file *fp) }

static struct ksmbd_file *__ksmbd_lookup_fd(struct ksmbd_file_table *ft, - unsigned int id) + u64 id) { struct ksmbd_file *fp;

+ if (!has_file_id(id)) + return NULL; + read_lock(&ft->lock); fp = idr_find(ft->idr, id); if (fp) @@ -358,12 +361,12 @@ static void set_close_state_blocked_works(struct ksmbd_file *fp) spin_unlock(&fp->f_lock); }

-int ksmbd_close_fd(struct ksmbd_work *work, unsigned int id) +int ksmbd_close_fd(struct ksmbd_work *work, u64 id) { struct ksmbd_file *fp; struct ksmbd_file_table *ft;

- if (!HAS_FILE_ID(id)) + if (!has_file_id(id)) return 0;

ft = &work->sess->file_table; @@ -403,12 +406,12 @@ static bool __sanity_check(struct ksmbd_tree_connect *tcon, struct ksmbd_file *f return true; }

-struct ksmbd_file *ksmbd_lookup_foreign_fd(struct ksmbd_work *work, unsigned int id) +struct ksmbd_file *ksmbd_lookup_foreign_fd(struct ksmbd_work *work, u64 id) { return __ksmbd_lookup_fd(&work->sess->file_table, id); }

-struct ksmbd_file *ksmbd_lookup_fd_fast(struct ksmbd_work *work, unsigned int id) +struct ksmbd_file *ksmbd_lookup_fd_fast(struct ksmbd_work *work, u64 id) { struct ksmbd_file *fp = __ksmbd_lookup_fd(&work->sess->file_table, id);

@@ -419,19 +422,16 @@ struct ksmbd_file *ksmbd_lookup_fd_fast(struct ksmbd_work *work, unsigned int id return NULL; }

-struct ksmbd_file *ksmbd_lookup_fd_slow(struct ksmbd_work *work, unsigned int id, - unsigned int pid) +struct ksmbd_file *ksmbd_lookup_fd_slow(struct ksmbd_work *work, u64 id, + u64 pid) { struct ksmbd_file *fp;

- if (!HAS_FILE_ID(id)) { + if (!has_file_id(id)) { id = work->compound_fid; pid = work->compound_pfid; }

- if (!HAS_FILE_ID(id)) - return NULL; - fp = __ksmbd_lookup_fd(&work->sess->file_table, id); if (!__sanity_check(work->tcon, fp)) { ksmbd_fd_put(work, fp); @@ -493,7 +493,7 @@ struct ksmbd_file *ksmbd_lookup_fd_inode(struct inode *inode) #define OPEN_ID_TYPE_VOLATILE_ID (0) #define OPEN_ID_TYPE_PERSISTENT_ID (1)

-static void __open_id_set(struct ksmbd_file *fp, unsigned int id, int type) +static void __open_id_set(struct ksmbd_file *fp, u64 id, int type) { if (type == OPEN_ID_TYPE_VOLATILE_ID) fp->volatile_id = id; @@ -504,7 +504,7 @@ static void __open_id_set(struct ksmbd_file *fp, unsigned int id, int type) static int __open_id(struct ksmbd_file_table *ft, struct ksmbd_file *fp, int type) { - unsigned int id = 0; + u64 id = 0; int ret;

if (type == OPEN_ID_TYPE_VOLATILE_ID && fd_limit_depleted()) { @@ -514,7 +514,7 @@ static int __open_id(struct ksmbd_file_table *ft, struct ksmbd_file *fp,

idr_preload(GFP_KERNEL); write_lock(&ft->lock); - ret = idr_alloc_cyclic(ft->idr, fp, 0, INT_MAX, GFP_NOWAIT); + ret = idr_alloc_cyclic(ft->idr, fp, 0, INT_MAX - 1, GFP_NOWAIT); if (ret >= 0) { id = ret; ret = 0; diff --git a/fs/ksmbd/vfs_cache.h b/fs/ksmbd/vfs_cache.h index 543494f664cb..70e987293564 100644 --- a/fs/ksmbd/vfs_cache.h +++ b/fs/ksmbd/vfs_cache.h @@ -22,7 +22,7 @@ #define FILE_GENERIC_EXECUTE 0X1200a0

#define KSMBD_START_FID 0 -#define KSMBD_NO_FID (UINT_MAX) +#define KSMBD_NO_FID (INT_MAX) #define SMB2_NO_FID (0xFFFFFFFFFFFFFFFFULL)

struct ksmbd_conn; @@ -62,8 +62,8 @@ struct ksmbd_inode { struct ksmbd_file { struct file *filp; char *filename; - unsigned int persistent_id; - unsigned int volatile_id; + u64 persistent_id; + u64 volatile_id;

spinlock_t f_lock;

@@ -122,10 +122,8 @@ struct ksmbd_file_table { struct idr *idr; };

-static inline bool HAS_FILE_ID(unsigned long long req) +static inline bool has_file_id(u64 id) { - unsigned int id = (unsigned int)req; - return id < KSMBD_NO_FID; }

@@ -136,11 +134,11 @@ static inline bool ksmbd_stream_fd(struct ksmbd_file *fp)

int ksmbd_init_file_table(struct ksmbd_file_table *ft); void ksmbd_destroy_file_table(struct ksmbd_file_table *ft); -int ksmbd_close_fd(struct ksmbd_work *work, unsigned int id); -struct ksmbd_file *ksmbd_lookup_fd_fast(struct ksmbd_work *work, unsigned int id); -struct ksmbd_file *ksmbd_lookup_foreign_fd(struct ksmbd_work *work, unsigned int id); -struct ksmbd_file *ksmbd_lookup_fd_slow(struct ksmbd_work *work, unsigned int id, - unsigned int pid); +int ksmbd_close_fd(struct ksmbd_work *work, u64 id); +struct ksmbd_file *ksmbd_lookup_fd_fast(struct ksmbd_work *work, u64 id); +struct ksmbd_file *ksmbd_lookup_foreign_fd(struct ksmbd_work *work, u64 id); +struct ksmbd_file *ksmbd_lookup_fd_slow(struct ksmbd_work *work, u64 id, + u64 pid); void ksmbd_fd_put(struct ksmbd_work *work, struct ksmbd_file *fp); struct ksmbd_file *ksmbd_lookup_durable_fd(unsigned long long id); struct ksmbd_file *ksmbd_lookup_fd_cguid(char *cguid);

From patchwork Mon Nov 14 12:51:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183265 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:32 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:31 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:31 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 168/308] ksmbd: delete some stray tabs Date: Mon, 14 Nov 2022 20:51:17 +0800 Message-ID: 20221114125337.1831594-169-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 52de56c8-5ca7-42b0-a011-08dac63c70ab X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6998343 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Dan Carpenter dan.carpenter@oracle.com

mainline inclusion from mainline-5.15-rc1 commit 0f6619aee86f11cee0c5063777c4febdf18cb28b category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/0f6619aee86f

-------------------------------

These lines are intended one tab too far.

Signed-off-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 56759c254962..a1c284c49e41 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -6656,7 +6656,7 @@ int smb2_lock(struct ksmbd_work *work) cmp_lock->start < smb_lock->end) { pr_err("previous lock conflict with zero byte lock range\n"); rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED; - goto out; + goto out; }

if (smb_lock->zero_len && !cmp_lock->zero_len && @@ -6664,7 +6664,7 @@ int smb2_lock(struct ksmbd_work *work) smb_lock->start < cmp_lock->end) { pr_err("current lock conflict with zero byte lock range\n"); rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED; - goto out; + goto out; }

if (((cmp_lock->start <= smb_lock->start &&

From patchwork Mon Nov 14 12:51:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183266 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:32 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:32 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:31 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 169/308] ksmbd: use kasprintf() in ksmbd_vfs_xattr_stream_name() Date: Mon, 14 Nov 2022 20:51:18 +0800 Message-ID: 20221114125337.1831594-170-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 91da31ca-86c7-479e-a423-08dac63c70f4 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7261156 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Dan Carpenter dan.carpenter@oracle.com

mainline inclusion from mainline-5.15-rc1 commit 07781de9051859d2f38a9e199384c64bb1924c47 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/07781de90518

-------------------------------

Simplify the code by using kasprintf(). This also silences a Smatch warning:

fs/ksmbd/vfs.c:1725 ksmbd_vfs_xattr_stream_name() warn: inconsistent indenting

Signed-off-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/vfs.c | 27 ++++++--------------------- 1 file changed, 6 insertions(+), 21 deletions(-)

diff --git a/fs/ksmbd/vfs.c b/fs/ksmbd/vfs.c index 63aea927d71e..f6eb746fbd03 100644 --- a/fs/ksmbd/vfs.c +++ b/fs/ksmbd/vfs.c @@ -1651,35 +1651,20 @@ ssize_t ksmbd_vfs_casexattr_len(struct dentry *dentry, char *attr_name, int ksmbd_vfs_xattr_stream_name(char *stream_name, char **xattr_stream_name, size_t *xattr_stream_name_size, int s_type) { - int stream_name_size; - char *xattr_stream_name_buf; - char *type; - int type_len; + char *type, *buf;

if (s_type == DIR_STREAM) type = ":$INDEX_ALLOCATION"; else type = ":$DATA";

- type_len = strlen(type); - stream_name_size = strlen(stream_name); - *xattr_stream_name_size = stream_name_size + XATTR_NAME_STREAM_LEN + 1; - xattr_stream_name_buf = kmalloc(*xattr_stream_name_size + type_len, - GFP_KERNEL); - if (!xattr_stream_name_buf) + buf = kasprintf(GFP_KERNEL, "%s%s%s", + XATTR_NAME_STREAM, stream_name, type); + if (!buf) return -ENOMEM;

- memcpy(xattr_stream_name_buf, XATTR_NAME_STREAM, XATTR_NAME_STREAM_LEN); - - if (stream_name_size) { - memcpy(&xattr_stream_name_buf[XATTR_NAME_STREAM_LEN], - stream_name, stream_name_size); - } - memcpy(&xattr_stream_name_buf[*xattr_stream_name_size - 1], type, type_len); - *xattr_stream_name_size += type_len; - - xattr_stream_name_buf[*xattr_stream_name_size - 1] = '\0'; - *xattr_stream_name = xattr_stream_name_buf; + *xattr_stream_name = buf; + *xattr_stream_name_size = strlen(buf) + 1;

return 0; }

From patchwork Mon Nov 14 12:51:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183267 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:33 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:32 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:32 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 170/308] ksmbd: fix the running request count decrement Date: Mon, 14 Nov 2022 20:51:19 +0800 Message-ID: 20221114125337.1831594-171-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: d1ac6dbb-d5ff-4009-35fb-08dac63c713d X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7061228 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit 4b92841ef27b56883fa4491a3d51db3eef68c481 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/4b92841ef27b

-------------------------------

decrement the count of running requests after sending the last response for multi-response requests.

Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/connection.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/ksmbd/connection.c b/fs/ksmbd/connection.c index 928e22e19def..6e51e08addee 100644 --- a/fs/ksmbd/connection.c +++ b/fs/ksmbd/connection.c @@ -120,7 +120,8 @@ int ksmbd_conn_try_dequeue_request(struct ksmbd_work *work) list_empty(&work->async_request_entry)) return 0;

- atomic_dec(&conn->req_running); + if (!work->multiRsp) + atomic_dec(&conn->req_running); spin_lock(&conn->request_lock); if (!work->multiRsp) { list_del_init(&work->request_entry);

From patchwork Mon Nov 14 12:51:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183268 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:33 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:33 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:32 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 171/308] ksmbd: free ksmbd_lock when file is closed Date: Mon, 14 Nov 2022 20:51:20 +0800 Message-ID: 20221114125337.1831594-172-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 58de7972-4510-414d-91e9-08dac63c7187 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6764265 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit d63528eb0d43c4796c42aad56889dec12cf4e122 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/d63528eb0d43

-------------------------------

Append ksmbd_lock into the connection's lock list and the ksmbd_file's lock list. And when a file is closed, detach ksmbd_lock from these lists and free it.

Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/connection.c | 7 +- fs/ksmbd/connection.h | 6 ++ fs/ksmbd/smb2pdu.c | 154 ++++++++++++++++++++++++++---------------- fs/ksmbd/smb_common.c | 2 - fs/ksmbd/smb_common.h | 2 - fs/ksmbd/vfs_cache.c | 16 +++++ fs/ksmbd/vfs_cache.h | 4 +- 7 files changed, 125 insertions(+), 66 deletions(-)

diff --git a/fs/ksmbd/connection.c b/fs/ksmbd/connection.c index 6e51e08addee..8430848bea45 100644 --- a/fs/ksmbd/connection.c +++ b/fs/ksmbd/connection.c @@ -19,8 +19,8 @@ static DEFINE_MUTEX(init_lock);

static struct ksmbd_conn_ops default_conn_ops;

-static LIST_HEAD(conn_list); -static DEFINE_RWLOCK(conn_list_lock); +LIST_HEAD(conn_list); +DEFINE_RWLOCK(conn_list_lock);

/** * ksmbd_conn_free() - free resources of the connection instance @@ -70,6 +70,9 @@ struct ksmbd_conn *ksmbd_conn_alloc(void) spin_lock_init(&conn->credits_lock); ida_init(&conn->async_ida);

+ spin_lock_init(&conn->llist_lock); + INIT_LIST_HEAD(&conn->lock_list); + write_lock(&conn_list_lock); list_add(&conn->conns_list, &conn_list); write_unlock(&conn_list_lock); diff --git a/fs/ksmbd/connection.h b/fs/ksmbd/connection.h index 98108b41f739..487c2024b0d5 100644 --- a/fs/ksmbd/connection.h +++ b/fs/ksmbd/connection.h @@ -79,6 +79,9 @@ struct ksmbd_conn { char *ntlmssp_cryptkey; };

+ spinlock_t llist_lock; + struct list_head lock_list; + struct preauth_integrity_info *preauth_info;

bool need_neg; @@ -138,6 +141,9 @@ struct ksmbd_transport { #define KSMBD_TCP_SEND_TIMEOUT (5 * HZ) #define KSMBD_TCP_PEER_SOCKADDR(c) ((struct sockaddr *)&((c)->peer_addr))

+extern struct list_head conn_list; +extern rwlock_t conn_list_lock; + bool ksmbd_conn_alive(struct ksmbd_conn *conn); void ksmbd_conn_wait_idle(struct ksmbd_conn *conn); struct ksmbd_conn *ksmbd_conn_alloc(void); diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index a1c284c49e41..3cff00fed97e 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -6470,8 +6470,9 @@ static struct ksmbd_lock *smb2_lock_init(struct file_lock *flock, lock->flags = flags; if (lock->start == lock->end) lock->zero_len = 1; + INIT_LIST_HEAD(&lock->clist); + INIT_LIST_HEAD(&lock->flist); INIT_LIST_HEAD(&lock->llist); - INIT_LIST_HEAD(&lock->glist); list_add_tail(&lock->llist, lock_list);

return lock; @@ -6510,7 +6511,8 @@ int smb2_lock(struct ksmbd_work *work) int cmd = 0; int err = 0, i; u64 lock_start, lock_length; - struct ksmbd_lock *smb_lock = NULL, *cmp_lock, *tmp; + struct ksmbd_lock *smb_lock = NULL, *cmp_lock, *tmp, *tmp2; + struct ksmbd_conn *conn; int nolock = 0; LIST_HEAD(lock_list); LIST_HEAD(rollback_list); @@ -6619,72 +6621,89 @@ int smb2_lock(struct ksmbd_work *work)

if (!(smb_lock->flags & SMB2_LOCKFLAG_UNLOCK) && !(smb_lock->flags & SMB2_LOCKFLAG_FAIL_IMMEDIATELY)) - goto no_check_gl; + goto no_check_cl;

nolock = 1; - /* check locks in global list */ - list_for_each_entry(cmp_lock, &global_lock_list, glist) { - if (file_inode(cmp_lock->fl->fl_file) != - file_inode(smb_lock->fl->fl_file)) - continue; + /* check locks in connection list */ + read_lock(&conn_list_lock); + list_for_each_entry(conn, &conn_list, conns_list) { + spin_lock(&conn->llist_lock); + list_for_each_entry_safe(cmp_lock, tmp2, &conn->lock_list, clist) { + if (file_inode(cmp_lock->fl->fl_file) != + file_inode(smb_lock->fl->fl_file)) + continue;

- if (smb_lock->fl->fl_type == F_UNLCK) { - if (cmp_lock->fl->fl_file == smb_lock->fl->fl_file && - cmp_lock->start == smb_lock->start && - cmp_lock->end == smb_lock->end && - !lock_defer_pending(cmp_lock->fl)) { - nolock = 0; - locks_free_lock(cmp_lock->fl); - list_del(&cmp_lock->glist); - kfree(cmp_lock); - break; + if (smb_lock->fl->fl_type == F_UNLCK) { + if (cmp_lock->fl->fl_file == smb_lock->fl->fl_file && + cmp_lock->start == smb_lock->start && + cmp_lock->end == smb_lock->end && + !lock_defer_pending(cmp_lock->fl)) { + nolock = 0; + list_del(&cmp_lock->flist); + list_del(&cmp_lock->clist); + spin_unlock(&conn->llist_lock); + read_unlock(&conn_list_lock); + + locks_free_lock(cmp_lock->fl); + kfree(cmp_lock); + goto out_check_cl; + } + continue; } - continue; - }

- if (cmp_lock->fl->fl_file == smb_lock->fl->fl_file) { - if (smb_lock->flags & SMB2_LOCKFLAG_SHARED) - continue; - } else { - if (cmp_lock->flags & SMB2_LOCKFLAG_SHARED) - continue; - } + if (cmp_lock->fl->fl_file == smb_lock->fl->fl_file) { + if (smb_lock->flags & SMB2_LOCKFLAG_SHARED) + continue; + } else { + if (cmp_lock->flags & SMB2_LOCKFLAG_SHARED) + continue; + }

- /* check zero byte lock range */ - if (cmp_lock->zero_len && !smb_lock->zero_len && - cmp_lock->start > smb_lock->start && - cmp_lock->start < smb_lock->end) { - pr_err("previous lock conflict with zero byte lock range\n"); - rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED; - goto out; - } + /* check zero byte lock range */ + if (cmp_lock->zero_len && !smb_lock->zero_len && + cmp_lock->start > smb_lock->start && + cmp_lock->start < smb_lock->end) { + spin_unlock(&conn->llist_lock); + read_unlock(&conn_list_lock); + pr_err("previous lock conflict with zero byte lock range\n"); + rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED; + goto out; + }

- if (smb_lock->zero_len && !cmp_lock->zero_len && - smb_lock->start > cmp_lock->start && - smb_lock->start < cmp_lock->end) { - pr_err("current lock conflict with zero byte lock range\n"); - rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED; - goto out; - } + if (smb_lock->zero_len && !cmp_lock->zero_len && + smb_lock->start > cmp_lock->start && + smb_lock->start < cmp_lock->end) { + spin_unlock(&conn->llist_lock); + read_unlock(&conn_list_lock); + pr_err("current lock conflict with zero byte lock range\n"); + rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED; + goto out; + }

- if (((cmp_lock->start <= smb_lock->start && - cmp_lock->end > smb_lock->start) || - (cmp_lock->start < smb_lock->end && cmp_lock->end >= smb_lock->end)) && - !cmp_lock->zero_len && !smb_lock->zero_len) { - pr_err("Not allow lock operation on exclusive lock range\n"); - rsp->hdr.Status = - STATUS_LOCK_NOT_GRANTED; - goto out; + if (((cmp_lock->start <= smb_lock->start && + cmp_lock->end > smb_lock->start) || + (cmp_lock->start < smb_lock->end && + cmp_lock->end >= smb_lock->end)) && + !cmp_lock->zero_len && !smb_lock->zero_len) { + spin_unlock(&conn->llist_lock); + read_unlock(&conn_list_lock); + pr_err("Not allow lock operation on exclusive lock range\n"); + rsp->hdr.Status = + STATUS_LOCK_NOT_GRANTED; + goto out; + } } + spin_unlock(&conn->llist_lock); } - + read_unlock(&conn_list_lock); +out_check_cl: if (smb_lock->fl->fl_type == F_UNLCK && nolock) { pr_err("Try to unlock nolocked range\n"); rsp->hdr.Status = STATUS_RANGE_NOT_LOCKED; goto out; }

-no_check_gl: +no_check_cl: if (smb_lock->zero_len) { err = 0; goto skip; @@ -6710,8 +6729,10 @@ int smb2_lock(struct ksmbd_work *work)

ksmbd_debug(SMB, "would have to wait for getting lock\n"); - list_add_tail(&smb_lock->glist, - &global_lock_list); + spin_lock(&work->conn->llist_lock); + list_add_tail(&smb_lock->clist, + &work->conn->lock_list); + spin_unlock(&work->conn->llist_lock); list_add(&smb_lock->llist, &rollback_list);

argv = kmalloc(sizeof(void *), GFP_KERNEL); @@ -6739,7 +6760,9 @@ int smb2_lock(struct ksmbd_work *work)

if (work->state != KSMBD_WORK_ACTIVE) { list_del(&smb_lock->llist); - list_del(&smb_lock->glist); + spin_lock(&work->conn->llist_lock); + list_del(&smb_lock->clist); + spin_unlock(&work->conn->llist_lock); locks_free_lock(flock);

if (work->state == KSMBD_WORK_CANCELLED) { @@ -6763,14 +6786,21 @@ int smb2_lock(struct ksmbd_work *work) }

list_del(&smb_lock->llist); - list_del(&smb_lock->glist); + spin_lock(&work->conn->llist_lock); + list_del(&smb_lock->clist); + spin_unlock(&work->conn->llist_lock); + spin_lock(&fp->f_lock); list_del(&work->fp_entry); spin_unlock(&fp->f_lock); goto retry; } else if (!err) { - list_add_tail(&smb_lock->glist, - &global_lock_list); + spin_lock(&work->conn->llist_lock); + list_add_tail(&smb_lock->clist, + &work->conn->lock_list); + list_add_tail(&smb_lock->flist, + &fp->lock_list); + spin_unlock(&work->conn->llist_lock); list_add(&smb_lock->llist, &rollback_list); ksmbd_debug(SMB, "successful in taking lock\n"); } else { @@ -6809,8 +6839,14 @@ int smb2_lock(struct ksmbd_work *work) err = vfs_lock_file(filp, 0, rlock, NULL); if (err) pr_err("rollback unlock fail : %d\n", err); + list_del(&smb_lock->llist); - list_del(&smb_lock->glist); + spin_lock(&work->conn->llist_lock); + if (!list_empty(&smb_lock->flist)) + list_del(&smb_lock->flist); + list_del(&smb_lock->clist); + spin_unlock(&work->conn->llist_lock); + locks_free_lock(smb_lock->fl); locks_free_lock(rlock); kfree(smb_lock); diff --git a/fs/ksmbd/smb_common.c b/fs/ksmbd/smb_common.c index b573575a1de5..61686d739ffc 100644 --- a/fs/ksmbd/smb_common.c +++ b/fs/ksmbd/smb_common.c @@ -23,8 +23,6 @@ static const char basechars[43] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_-!@#$%"; #define mangle(V) ((char)(basechars[(V) % MANGLE_BASE])) #define KSMBD_MIN_SUPPORTED_HEADER_SIZE (sizeof(struct smb2_hdr))

-LIST_HEAD(global_lock_list); - struct smb_protocol { int index; char *name; diff --git a/fs/ksmbd/smb_common.h b/fs/ksmbd/smb_common.h index 8489b92229fa..95f297177c1a 100644 --- a/fs/ksmbd/smb_common.h +++ b/fs/ksmbd/smb_common.h @@ -48,8 +48,6 @@ #define CIFS_DEFAULT_IOSIZE (64 * 1024) #define MAX_CIFS_SMALL_BUFFER_SIZE 448 /* big enough for most */

-extern struct list_head global_lock_list; - /* RFC 1002 session packet types */ #define RFC1002_SESSION_MESSAGE 0x00 #define RFC1002_SESSION_REQUEST 0x81 diff --git a/fs/ksmbd/vfs_cache.c b/fs/ksmbd/vfs_cache.c index f9012016bada..f5b3f94b7f9b 100644 --- a/fs/ksmbd/vfs_cache.c +++ b/fs/ksmbd/vfs_cache.c @@ -301,6 +301,7 @@ static void __ksmbd_remove_fd(struct ksmbd_file_table *ft, struct ksmbd_file *fp static void __ksmbd_close_fd(struct ksmbd_file_table *ft, struct ksmbd_file *fp) { struct file *filp; + struct ksmbd_lock *smb_lock, *tmp_lock;

fd_limit_close(); __ksmbd_remove_durable_fd(fp); @@ -312,6 +313,20 @@ static void __ksmbd_close_fd(struct ksmbd_file_table *ft, struct ksmbd_file *fp) __ksmbd_inode_close(fp); if (!IS_ERR_OR_NULL(filp)) fput(filp); + + /* because the reference count of fp is 0, it is guaranteed that + * there are not accesses to fp->lock_list. + */ + list_for_each_entry_safe(smb_lock, tmp_lock, &fp->lock_list, flist) { + spin_lock(&fp->conn->llist_lock); + list_del(&smb_lock->clist); + spin_unlock(&fp->conn->llist_lock); + + list_del(&smb_lock->flist); + locks_free_lock(smb_lock->fl); + kfree(smb_lock); + } + kfree(fp->filename); if (ksmbd_stream_fd(fp)) kfree(fp->stream.name); @@ -548,6 +563,7 @@ struct ksmbd_file *ksmbd_open_fd(struct ksmbd_work *work, struct file *filp)

INIT_LIST_HEAD(&fp->blocked_works); INIT_LIST_HEAD(&fp->node); + INIT_LIST_HEAD(&fp->lock_list); spin_lock_init(&fp->f_lock); atomic_set(&fp->refcount, 1);

diff --git a/fs/ksmbd/vfs_cache.h b/fs/ksmbd/vfs_cache.h index 70e987293564..70dfe6a99f13 100644 --- a/fs/ksmbd/vfs_cache.h +++ b/fs/ksmbd/vfs_cache.h @@ -30,7 +30,8 @@ struct ksmbd_session;

struct ksmbd_lock { struct file_lock *fl; - struct list_head glist; + struct list_head clist; + struct list_head flist; struct list_head llist; unsigned int flags; int cmd; @@ -91,6 +92,7 @@ struct ksmbd_file { struct stream stream; struct list_head node; struct list_head blocked_works; + struct list_head lock_list;

int durable_timeout;

From patchwork Mon Nov 14 12:51:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183269 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:34 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:33 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:33 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 172/308] ksmbd: uninterruptible wait for a file being unlocked Date: Mon, 14 Nov 2022 20:51:21 +0800 Message-ID: 20221114125337.1831594-173-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 72a4f653-8c20-43ff-238b-08dac63c71d0 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7377165 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit 45a64e8b08493b768fa029a5508cec8cf2b89f2d category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/45a64e8b0849

-------------------------------

the wait can be canceled by SMB2_CANCEL, SMB2_CLOSE, SMB2_LOGOFF, disconnection or shutdown, we don't have to use wait_event_interruptible.

And this remove the warning from Coverity:

CID 1502834 (#1 of 1): Unused value (UNUSED_VALUE) returned_value: Assigning value from ksmbd_vfs_posix_lock_wait(flock) to err here, but that stored value is overwritten before it can be used.

Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 2 +- fs/ksmbd/vfs.c | 4 ++-- fs/ksmbd/vfs.h | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 3cff00fed97e..91c199af51b7 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -6756,7 +6756,7 @@ int smb2_lock(struct ksmbd_work *work)

smb2_send_interim_resp(work, STATUS_PENDING);

- err = ksmbd_vfs_posix_lock_wait(flock); + ksmbd_vfs_posix_lock_wait(flock);

if (work->state != KSMBD_WORK_ACTIVE) { list_del(&smb_lock->llist); diff --git a/fs/ksmbd/vfs.c b/fs/ksmbd/vfs.c index f6eb746fbd03..53fbcb95f3b3 100644 --- a/fs/ksmbd/vfs.c +++ b/fs/ksmbd/vfs.c @@ -1737,9 +1737,9 @@ int ksmbd_vfs_copy_file_ranges(struct ksmbd_work *work, return 0; }

-int ksmbd_vfs_posix_lock_wait(struct file_lock *flock) +void ksmbd_vfs_posix_lock_wait(struct file_lock *flock) { - return wait_event_interruptible(flock->fl_wait, !flock->fl_blocker); + wait_event(flock->fl_wait, !flock->fl_blocker); }

int ksmbd_vfs_posix_lock_wait_timeout(struct file_lock *flock, long timeout) diff --git a/fs/ksmbd/vfs.h b/fs/ksmbd/vfs.h index e30174a0e5a1..319316f49aee 100644 --- a/fs/ksmbd/vfs.h +++ b/fs/ksmbd/vfs.h @@ -159,7 +159,7 @@ int ksmbd_vfs_unlink(struct dentry *dir, struct dentry *dentry); void *ksmbd_vfs_init_kstat(char **p, struct ksmbd_kstat *ksmbd_kstat); int ksmbd_vfs_fill_dentry_attrs(struct ksmbd_work *work, struct dentry *dentry, struct ksmbd_kstat *ksmbd_kstat); -int ksmbd_vfs_posix_lock_wait(struct file_lock *flock); +void ksmbd_vfs_posix_lock_wait(struct file_lock *flock); int ksmbd_vfs_posix_lock_wait_timeout(struct file_lock *flock, long timeout); void ksmbd_vfs_posix_lock_unblock(struct file_lock *flock); int ksmbd_vfs_remove_acl_xattrs(struct dentry *dentry);

From patchwork Mon Nov 14 12:51:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183270 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:34 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:34 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:33 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 173/308] ksmbd: make smb2_find_context_vals return NULL if not found Date: Mon, 14 Nov 2022 20:51:22 +0800 Message-ID: 20221114125337.1831594-174-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 915634cf-87b8-422d-014f-08dac63c7219 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6284011 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit ce154c32af3c60727171ff28ae97bcceda63b1c6 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/ce154c32af3c

-------------------------------

instead of -ENOENT, make smb2_find_context_vals return NULL if the given context cannot be found.

Reported-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/oplock.c | 2 +- fs/ksmbd/smb2pdu.c | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/fs/ksmbd/oplock.c b/fs/ksmbd/oplock.c index a9f171ccf770..96e486ebf2e1 100644 --- a/fs/ksmbd/oplock.c +++ b/fs/ksmbd/oplock.c @@ -1472,7 +1472,7 @@ struct create_context *smb2_find_context_vals(void *open_req, const char *tag) next = le32_to_cpu(cc->Next); } while (next != 0);

- return ERR_PTR(-ENOENT); + return NULL; }

/** diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 91c199af51b7..f158b7e104da 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -2127,7 +2127,7 @@ static inline int check_context_err(void *ctx, char *str) int err;

err = PTR_ERR(ctx); - ksmbd_debug(SMB, "find context %s err %d\n", str, err); + ksmbd_debug(SMB, "find context %s err %d\n", str, err ? err : -ENOENT);

if (err == -EINVAL) { pr_err("bad name length\n"); @@ -2514,7 +2514,7 @@ int smb2_open(struct ksmbd_work *work) if (req->CreateContextsOffset) { /* Parse non-durable handle create contexts */ context = smb2_find_context_vals(req, SMB2_CREATE_EA_BUFFER); - if (IS_ERR(context)) { + if (IS_ERR_OR_NULL(context)) { rc = check_context_err(context, SMB2_CREATE_EA_BUFFER); if (rc < 0) goto err_out1; @@ -2529,7 +2529,7 @@ int smb2_open(struct ksmbd_work *work)

context = smb2_find_context_vals(req, SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST); - if (IS_ERR(context)) { + if (IS_ERR_OR_NULL(context)) { rc = check_context_err(context, SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST); if (rc < 0) @@ -2542,7 +2542,7 @@ int smb2_open(struct ksmbd_work *work)

context = smb2_find_context_vals(req, SMB2_CREATE_TIMEWARP_REQUEST); - if (IS_ERR(context)) { + if (IS_ERR_OR_NULL(context)) { rc = check_context_err(context, SMB2_CREATE_TIMEWARP_REQUEST); if (rc < 0) @@ -2556,7 +2556,7 @@ int smb2_open(struct ksmbd_work *work) if (tcon->posix_extensions) { context = smb2_find_context_vals(req, SMB2_CREATE_TAG_POSIX); - if (IS_ERR(context)) { + if (IS_ERR_OR_NULL(context)) { rc = check_context_err(context, SMB2_CREATE_TAG_POSIX); if (rc < 0) @@ -2949,7 +2949,7 @@ int smb2_open(struct ksmbd_work *work)

az_req = (struct create_alloc_size_req *)smb2_find_context_vals(req, SMB2_CREATE_ALLOCATION_SIZE); - if (IS_ERR(az_req)) { + if (IS_ERR_OR_NULL(az_req)) { rc = check_context_err(az_req, SMB2_CREATE_ALLOCATION_SIZE); if (rc < 0) @@ -2971,7 +2971,7 @@ int smb2_open(struct ksmbd_work *work) }

context = smb2_find_context_vals(req, SMB2_CREATE_QUERY_ON_DISK_ID); - if (IS_ERR(context)) { + if (IS_ERR_OR_NULL(context)) { rc = check_context_err(context, SMB2_CREATE_QUERY_ON_DISK_ID); if (rc < 0) goto err_out;

From patchwork Mon Nov 14 12:51:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183271 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:34 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:34 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:34 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 174/308] ksmbd: handle error cases first in smb2_create_sd_buffers Date: Mon, 14 Nov 2022 20:51:23 +0800 Message-ID: 20221114125337.1831594-175-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 9f940df1-25e4-4cb2-47cb-08dac63c7261 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7007338 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit 21dd1fd6d718ac59841c3ee3d0b1d82508ef24dc category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/21dd1fd6d718

-------------------------------

For code cleanup, handle error cases first in smb2_create_sd_buffers().

Reported-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index f158b7e104da..b842768fc209 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -2309,25 +2309,23 @@ static int smb2_create_sd_buffer(struct ksmbd_work *work, struct path *path) { struct create_context *context; - int rc = -ENOENT; + struct create_sd_buf_req *sd_buf;

if (!req->CreateContextsOffset) - return rc; + return -ENOENT;

/* Parse SD BUFFER create contexts */ context = smb2_find_context_vals(req, SMB2_CREATE_SD_BUFFER); - if (context && !IS_ERR(context)) { - struct create_sd_buf_req *sd_buf; - - ksmbd_debug(SMB, - "Set ACLs using SMB2_CREATE_SD_BUFFER context\n"); - sd_buf = (struct create_sd_buf_req *)context; - rc = set_info_sec(work->conn, work->tcon, - path, &sd_buf->ntsd, - le32_to_cpu(sd_buf->ccontext.DataLength), true); - } + if (!context) + return -ENOENT; + else if (IS_ERR(context)) + return PTR_ERR(context);

- return rc; + ksmbd_debug(SMB, + "Set ACLs using SMB2_CREATE_SD_BUFFER context\n"); + sd_buf = (struct create_sd_buf_req *)context; + return set_info_sec(work->conn, work->tcon, path, &sd_buf->ntsd, + le32_to_cpu(sd_buf->ccontext.DataLength), true); }

static void ksmbd_acls_fattr(struct smb_fattr *fattr, struct inode *inode)

From patchwork Mon Nov 14 12:51:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183272 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:35 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:35 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:34 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 175/308] ksmbd: remove unneeded check_context_err Date: Mon, 14 Nov 2022 20:51:24 +0800 Message-ID: 20221114125337.1831594-176-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 8f76db5b-f95c-4c36-4b54-08dac63c72aa X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7089439 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit f19b3967fb0967aa02b8bfe26ce186ca7525dff7 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/f19b3967fb09

-------------------------------

Coverity Scan seems to report false alarm.

*** CID 1505930: (USE_AFTER_FREE) /fs/ksmbd/smb2pdu.c: 2527 in smb2_open()

...

...

CID 1505930: (USE_AFTER_FREE) Passing freed pointer "context" as an argument to "check_context_err".

This patch remove unneeded check_context_err to make coverity scan happy.

Reported-by: Coverity Scan scan-admin@coverity.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/oplock.c | 3 +- fs/ksmbd/smb2pdu.c | 73 +++++++++++++++------------------------------- 2 files changed, 26 insertions(+), 50 deletions(-)

diff --git a/fs/ksmbd/oplock.c b/fs/ksmbd/oplock.c index 96e486ebf2e1..8bb62aae6e32 100644 --- a/fs/ksmbd/oplock.c +++ b/fs/ksmbd/oplock.c @@ -1446,7 +1446,8 @@ struct lease_ctx_info *parse_lease_state(void *open_req) * @open_req: buffer containing smb2 file open(create) request * @tag: context name to search for * - * Return: pointer to requested context, NULL if @str context not found + * Return: pointer to requested context, NULL if @str context not found + * or error pointer if name length is invalid. */ struct create_context *smb2_find_context_vals(void *open_req, const char *tag) { diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index b842768fc209..73958167c4f4 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -2122,21 +2122,6 @@ static int smb2_set_ea(struct smb2_ea_info *eabuf, struct path *path) return rc; }

-static inline int check_context_err(void *ctx, char *str) -{ - int err; - - err = PTR_ERR(ctx); - ksmbd_debug(SMB, "find context %s err %d\n", str, err ? err : -ENOENT); - - if (err == -EINVAL) { - pr_err("bad name length\n"); - return err; - } - - return 0; -} - static noinline int smb2_set_stream_name_xattr(struct path *path, struct ksmbd_file *fp, char *stream_name, int s_type) @@ -2512,11 +2497,10 @@ int smb2_open(struct ksmbd_work *work) if (req->CreateContextsOffset) { /* Parse non-durable handle create contexts */ context = smb2_find_context_vals(req, SMB2_CREATE_EA_BUFFER); - if (IS_ERR_OR_NULL(context)) { - rc = check_context_err(context, SMB2_CREATE_EA_BUFFER); - if (rc < 0) - goto err_out1; - } else { + if (IS_ERR(context)) { + rc = PTR_ERR(context); + goto err_out1; + } else if (context) { ea_buf = (struct create_ea_buf_req *)context; if (req->CreateOptions & FILE_NO_EA_KNOWLEDGE_LE) { rsp->hdr.Status = STATUS_ACCESS_DENIED; @@ -2527,12 +2511,10 @@ int smb2_open(struct ksmbd_work *work)

context = smb2_find_context_vals(req, SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST); - if (IS_ERR_OR_NULL(context)) { - rc = check_context_err(context, - SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST); - if (rc < 0) - goto err_out1; - } else { + if (IS_ERR(context)) { + rc = PTR_ERR(context); + goto err_out1; + } else if (context) { ksmbd_debug(SMB, "get query maximal access context\n"); maximal_access_ctxt = 1; @@ -2540,12 +2522,10 @@ int smb2_open(struct ksmbd_work *work)

context = smb2_find_context_vals(req, SMB2_CREATE_TIMEWARP_REQUEST); - if (IS_ERR_OR_NULL(context)) { - rc = check_context_err(context, - SMB2_CREATE_TIMEWARP_REQUEST); - if (rc < 0) - goto err_out1; - } else { + if (IS_ERR(context)) { + rc = PTR_ERR(context); + goto err_out1; + } else if (context) { ksmbd_debug(SMB, "get timewarp context\n"); rc = -EBADF; goto err_out1; @@ -2554,12 +2534,10 @@ int smb2_open(struct ksmbd_work *work) if (tcon->posix_extensions) { context = smb2_find_context_vals(req, SMB2_CREATE_TAG_POSIX); - if (IS_ERR_OR_NULL(context)) { - rc = check_context_err(context, - SMB2_CREATE_TAG_POSIX); - if (rc < 0) - goto err_out1; - } else { + if (IS_ERR(context)) { + rc = PTR_ERR(context); + goto err_out1; + } else if (context) { struct create_posix *posix = (struct create_posix *)context; ksmbd_debug(SMB, "get posix context\n"); @@ -2947,12 +2925,10 @@ int smb2_open(struct ksmbd_work *work)

az_req = (struct create_alloc_size_req *)smb2_find_context_vals(req, SMB2_CREATE_ALLOCATION_SIZE); - if (IS_ERR_OR_NULL(az_req)) { - rc = check_context_err(az_req, - SMB2_CREATE_ALLOCATION_SIZE); - if (rc < 0) - goto err_out; - } else { + if (IS_ERR(az_req)) { + rc = PTR_ERR(az_req); + goto err_out; + } else if (az_req) { loff_t alloc_size = le64_to_cpu(az_req->AllocationSize); int err;

@@ -2969,11 +2945,10 @@ int smb2_open(struct ksmbd_work *work) }

context = smb2_find_context_vals(req, SMB2_CREATE_QUERY_ON_DISK_ID); - if (IS_ERR_OR_NULL(context)) { - rc = check_context_err(context, SMB2_CREATE_QUERY_ON_DISK_ID); - if (rc < 0) - goto err_out; - } else { + if (IS_ERR(context)) { + rc = PTR_ERR(context); + goto err_out; + } else if (context) { ksmbd_debug(SMB, "get query on disk id context\n"); query_disk_id = 1; }

From patchwork Mon Nov 14 12:51:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183273 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:35 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:35 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:35 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 176/308] ksmbd: fix memory leak in ksmbd_vfs_get_sd_xattr() Date: Mon, 14 Nov 2022 20:51:25 +0800 Message-ID: 20221114125337.1831594-177-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 51812b92-5d4a-40db-03fd-08dac63c72f3 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6969799 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 78ad2c277af4cf503f985fd506fbb1f8576460f2 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/78ad2c277af4

-------------------------------

Add free acl.sd_buf and n.data on error handling in ksmbd_vfs_get_sd_xattr().

Reported-by: Coverity Scan scan-admin@coverity.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/vfs.c | 99 ++++++++++++++++++++++++++------------------------ 1 file changed, 52 insertions(+), 47 deletions(-)

diff --git a/fs/ksmbd/vfs.c b/fs/ksmbd/vfs.c index 53fbcb95f3b3..f10dfdb596e4 100644 --- a/fs/ksmbd/vfs.c +++ b/fs/ksmbd/vfs.c @@ -1458,61 +1458,66 @@ int ksmbd_vfs_get_sd_xattr(struct ksmbd_conn *conn, struct dentry *dentry, { int rc; struct ndr n; + struct inode *inode = d_inode(dentry); + struct ndr acl_ndr = {0}; + struct xattr_ntacl acl; + struct xattr_smb_acl *smb_acl = NULL, *def_smb_acl = NULL; + __u8 cmp_hash[XATTR_SD_HASH_SIZE] = {0};

rc = ksmbd_vfs_getxattr(dentry, XATTR_NAME_SD, &n.data); - if (rc > 0) { - struct inode *inode = d_inode(dentry); - struct ndr acl_ndr = {0}; - struct xattr_ntacl acl; - struct xattr_smb_acl *smb_acl = NULL, *def_smb_acl = NULL; - __u8 cmp_hash[XATTR_SD_HASH_SIZE] = {0}; - - n.length = rc; - rc = ndr_decode_v4_ntacl(&n, &acl); - if (rc) - return rc; - - smb_acl = ksmbd_vfs_make_xattr_posix_acl(inode, - ACL_TYPE_ACCESS); - if (S_ISDIR(inode->i_mode)) - def_smb_acl = ksmbd_vfs_make_xattr_posix_acl(inode, - ACL_TYPE_DEFAULT); - - rc = ndr_encode_posix_acl(&acl_ndr, inode, smb_acl, def_smb_acl); - if (rc) { - pr_err("failed to encode ndr to posix acl\n"); - goto out; - } + if (rc <= 0) + return rc;

- rc = ksmbd_gen_sd_hash(conn, acl_ndr.data, acl_ndr.offset, - cmp_hash); - if (rc) { - pr_err("failed to generate hash for ndr acl\n"); - goto out; - } + n.length = rc; + rc = ndr_decode_v4_ntacl(&n, &acl); + if (rc) + goto free_n_data;

- if (memcmp(cmp_hash, acl.posix_acl_hash, XATTR_SD_HASH_SIZE)) { - pr_err("hash value diff\n"); - rc = -EINVAL; - goto out; - } + smb_acl = ksmbd_vfs_make_xattr_posix_acl(inode, + ACL_TYPE_ACCESS); + if (S_ISDIR(inode->i_mode)) + def_smb_acl = ksmbd_vfs_make_xattr_posix_acl(inode, + ACL_TYPE_DEFAULT); + + rc = ndr_encode_posix_acl(&acl_ndr, inode, smb_acl, def_smb_acl); + if (rc) { + pr_err("failed to encode ndr to posix acl\n"); + goto out_free; + }

- *pntsd = acl.sd_buf; - (*pntsd)->osidoffset = - cpu_to_le32(le32_to_cpu((*pntsd)->osidoffset) - NDR_NTSD_OFFSETOF); - (*pntsd)->gsidoffset = - cpu_to_le32(le32_to_cpu((*pntsd)->gsidoffset) - NDR_NTSD_OFFSETOF); - (*pntsd)->dacloffset = - cpu_to_le32(le32_to_cpu((*pntsd)->dacloffset) - NDR_NTSD_OFFSETOF); + rc = ksmbd_gen_sd_hash(conn, acl_ndr.data, acl_ndr.offset, + cmp_hash); + if (rc) { + pr_err("failed to generate hash for ndr acl\n"); + goto out_free; + }

- rc = acl.sd_size; -out: - kfree(n.data); - kfree(acl_ndr.data); - kfree(smb_acl); - kfree(def_smb_acl); + if (memcmp(cmp_hash, acl.posix_acl_hash, XATTR_SD_HASH_SIZE)) { + pr_err("hash value diff\n"); + rc = -EINVAL; + goto out_free; }

+ *pntsd = acl.sd_buf; + (*pntsd)->osidoffset = + cpu_to_le32(le32_to_cpu((*pntsd)->osidoffset) - NDR_NTSD_OFFSETOF); + (*pntsd)->gsidoffset = + cpu_to_le32(le32_to_cpu((*pntsd)->gsidoffset) - NDR_NTSD_OFFSETOF); + (*pntsd)->dacloffset = + cpu_to_le32(le32_to_cpu((*pntsd)->dacloffset) - NDR_NTSD_OFFSETOF); + + rc = acl.sd_size; +out_free: + kfree(acl_ndr.data); + kfree(smb_acl); + kfree(def_smb_acl); + if (rc < 0) { + kfree(acl.sd_buf); + *pntsd = NULL; + } + +free_n_data: + kfree(n.data); return rc; }

From patchwork Mon Nov 14 12:51:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183274 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:36 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:36 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:35 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 177/308] ksmbd: fix unused err value in smb2_lock Date: Mon, 14 Nov 2022 20:51:26 +0800 Message-ID: 20221114125337.1831594-178-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 2616f0b4-83f4-4cd8-e168-08dac63c733b X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.1497548 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 96ad4ec51c06c6fafc10b4e3a20753e127ce27d4 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/96ad4ec51c06

-------------------------------

CID 1502845 (#1 of 1): Unused value (UNUSED_VALUE) value_overwrite: Overwriting previous write to err with value from vfs_lock_file(filp, 0U, rlock, NULL). 6880 err = vfs_lock_file(filp, 0, rlock, NULL); 6881 if (err) 6882 pr_err("rollback unlock fail : %d\n", err);

Reported-by: Coverity Scan scan-admin@coverity.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 73958167c4f4..e63079e3459d 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -6792,7 +6792,7 @@ int smb2_lock(struct ksmbd_work *work) rsp->Reserved = 0; inc_rfc1001_len(rsp, 4); ksmbd_fd_put(work, fp); - return err; + return 0;

out: list_for_each_entry_safe(smb_lock, tmp, &lock_list, llist) { @@ -6803,15 +6803,16 @@ int smb2_lock(struct ksmbd_work *work)

list_for_each_entry_safe(smb_lock, tmp, &rollback_list, llist) { struct file_lock *rlock = NULL; + int rc;

rlock = smb_flock_init(filp); rlock->fl_type = F_UNLCK; rlock->fl_start = smb_lock->start; rlock->fl_end = smb_lock->end;

- err = vfs_lock_file(filp, 0, rlock, NULL); - if (err) - pr_err("rollback unlock fail : %d\n", err); + rc = vfs_lock_file(filp, 0, rlock, NULL); + if (rc) + pr_err("rollback unlock fail : %d\n", rc);

list_del(&smb_lock->llist); spin_lock(&work->conn->llist_lock); @@ -6828,7 +6829,7 @@ int smb2_lock(struct ksmbd_work *work) ksmbd_debug(SMB, "failed in taking lock(flags : %x)\n", flags); smb2_set_err_rsp(work); ksmbd_fd_put(work, fp); - return 0; + return err; }

static int fsctl_copychunk(struct ksmbd_work *work, struct smb2_ioctl_req *req,

From patchwork Mon Nov 14 12:51:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183275 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:37 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:37 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:36 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 178/308] ksmbd: set RDMA capability for FSCTL_QUERY_NETWORK_INTERFACE_INFO Date: Mon, 14 Nov 2022 20:51:27 +0800 Message-ID: 20221114125337.1831594-179-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: d44b2bce-c27d-46ef-cde1-08dac63c73c7 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6762099 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit 03d8d4f1896eba2240aa946ce591e86e538504cd category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/03d8d4f1896e

-------------------------------

set RDMA capability for FSCTL_QUERY_NETWORK_INTERFACE_INFO.

Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 9 +++++---- fs/ksmbd/transport_rdma.c | 14 ++++++++++++++ fs/ksmbd/transport_rdma.h | 2 ++ 3 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index e63079e3459d..681b78caa333 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -22,6 +22,7 @@ #include "asn1.h" #include "connection.h" #include "transport_ipc.h" +#include "transport_rdma.h" #include "vfs.h" #include "vfs_cache.h" #include "misc.h" @@ -6985,11 +6986,11 @@ static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn, &rsp->Buffer[nbytes]; nii_rsp->IfIndex = cpu_to_le32(netdev->ifindex);

- /* TODO: specify the RDMA capabilities */ + nii_rsp->Capability = 0; if (netdev->num_tx_queues > 1) - nii_rsp->Capability = cpu_to_le32(RSS_CAPABLE); - else - nii_rsp->Capability = 0; + nii_rsp->Capability |= cpu_to_le32(RSS_CAPABLE); + if (ksmbd_rdma_capable_netdev(netdev)) + nii_rsp->Capability |= cpu_to_le32(RDMA_CAPABLE);

nii_rsp->Next = cpu_to_le32(152); nii_rsp->Reserved = 0; diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c index d5728c84a15a..f818fe358f31 100644 --- a/fs/ksmbd/transport_rdma.c +++ b/fs/ksmbd/transport_rdma.c @@ -2033,6 +2033,20 @@ int ksmbd_rdma_destroy(void) return 0; }

+bool ksmbd_rdma_capable_netdev(struct net_device *netdev) +{ + struct ib_device *ibdev; + bool rdma_capable = false; + + ibdev = ib_device_get_by_netdev(netdev, RDMA_DRIVER_UNKNOWN); + if (ibdev) { + if (rdma_frwr_is_supported(&ibdev->attrs)) + rdma_capable = true; + ib_device_put(ibdev); + } + return rdma_capable; +} + static struct ksmbd_transport_ops ksmbd_smb_direct_transport_ops = { .prepare = smb_direct_prepare, .disconnect = smb_direct_disconnect, diff --git a/fs/ksmbd/transport_rdma.h b/fs/ksmbd/transport_rdma.h index da60fcec3ede..72e2574079f3 100644 --- a/fs/ksmbd/transport_rdma.h +++ b/fs/ksmbd/transport_rdma.h @@ -53,9 +53,11 @@ struct smb_direct_data_transfer { #ifdef CONFIG_SMB_SERVER_SMBDIRECT int ksmbd_rdma_init(void); int ksmbd_rdma_destroy(void); +bool ksmbd_rdma_capable_netdev(struct net_device *netdev); #else static inline int ksmbd_rdma_init(void) { return 0; } static inline int ksmbd_rdma_destroy(void) { return 0; } +static inline bool ksmbd_rdma_capable_netdev(struct net_device *netdev) { return false; } #endif

#endif /* __KSMBD_TRANSPORT_RDMA_H__ */

From patchwork Mon Nov 14 12:51:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183276 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:37 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:37 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:37 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 179/308] ksmbd: fix an error message in ksmbd_conn_trasnport_init Date: Mon, 14 Nov 2022 20:51:28 +0800 Message-ID: 20221114125337.1831594-180-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 12a8f6fa-6a8b-42ed-1393-08dac63c7410 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7003726 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit 0a427cc638ada13a703b044f38f4b01628c4e620 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/0a427cc638ad

-------------------------------

Fix an error message in ksmbd_conn_transport_init().

Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/connection.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/ksmbd/connection.c b/fs/ksmbd/connection.c index 8430848bea45..d7ee0bfb5838 100644 --- a/fs/ksmbd/connection.c +++ b/fs/ksmbd/connection.c @@ -372,7 +372,7 @@ int ksmbd_conn_transport_init(void)

ret = ksmbd_rdma_init(); if (ret) { - pr_err("Failed to init KSMBD subsystem: %d\n", ret); + pr_err("Failed to init RDMA subsystem: %d\n", ret); goto out; } out:

From patchwork Mon Nov 14 12:51:29 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183277 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:38 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:38 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:37 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 180/308] ksmbd: fix typo in comment Date: Mon, 14 Nov 2022 20:51:29 +0800 Message-ID: 20221114125337.1831594-181-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 6436a593-a006-4f86-4977-08dac63c745a X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7047933 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit a9c241d01d0a80209cb7dde76a89f450b0d5a78d category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/a9c241d01d0a

-------------------------------

Fix typo "openning" -> "opening".

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/connection.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/ksmbd/connection.c b/fs/ksmbd/connection.c index d7ee0bfb5838..af086d35398a 100644 --- a/fs/ksmbd/connection.c +++ b/fs/ksmbd/connection.c @@ -247,7 +247,7 @@ bool ksmbd_conn_alive(struct ksmbd_conn *conn)

/* * Stop current session if the time that get last request from client - * is bigger than deadtime user configured and openning file count is + * is bigger than deadtime user configured and opening file count is * zero. */ if (server_conf.deadtime > 0 &&

From patchwork Mon Nov 14 12:51:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183278 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:38 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:38 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:38 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 181/308] ksmbd: fix wrong compression context size Date: Mon, 14 Nov 2022 20:51:30 +0800 Message-ID: 20221114125337.1831594-182-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 88bb725a-a747-445b-31d5-08dac63c74a4 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6840309 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit e4b60e92d4f878b774eca22fa4c00fa04f6354b4 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/e4b60e92d4f8

-------------------------------

Use smb2_compression_ctx instead of smb2_encryption_neg_context.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 681b78caa333..685ef11cb8f7 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -924,7 +924,7 @@ static int decode_compress_ctxt(struct ksmbd_conn *conn, * Return compression context size in request. * So need to plus extra number of CompressionAlgorithms size. */ - return sizeof(struct smb2_encryption_neg_context) + + return sizeof(struct smb2_compression_ctx) + ((algo_cnt - 1) * 2); }

From patchwork Mon Nov 14 12:51:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183279 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:39 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:39 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:38 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 182/308] ksmbd: fix wrong error status return on session setup Date: Mon, 14 Nov 2022 20:51:31 +0800 Message-ID: 20221114125337.1831594-183-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 41b52b78-74d2-44bc-674f-08dac63c74ee X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6884486 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 58090b175271870842d823622013d4499f462a10 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/58090b175271

-------------------------------

When user insert wrong password, ksmbd return STATUS_INVALID_PARAMETER error status to client. It will make user confusing whether it is not password problem. This patch change error status to STATUS_LOGON_FAILURE. and return STATUS_INSUFFICIENT_RESOURCES if memory allocation failed on session setup.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 32 ++++++++++++-------------------- 1 file changed, 12 insertions(+), 20 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 685ef11cb8f7..f65e518759a5 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -1338,8 +1338,7 @@ static int ntlm_authenticate(struct ksmbd_work *work) user = session_user(conn, req); if (!user) { ksmbd_debug(SMB, "Unknown user name or an error\n"); - rsp->hdr.Status = STATUS_LOGON_FAILURE; - return -EINVAL; + return -EPERM; }

/* Check for previous session */ @@ -1363,8 +1362,7 @@ static int ntlm_authenticate(struct ksmbd_work *work) if (user_guest(sess->user)) { if (conn->sign) { ksmbd_debug(SMB, "Guest login not allowed when signing enabled\n"); - rsp->hdr.Status = STATUS_LOGON_FAILURE; - return -EACCES; + return -EPERM; }

rsp->SessionFlags = SMB2_SESSION_FLAG_IS_GUEST_LE; @@ -1377,8 +1375,7 @@ static int ntlm_authenticate(struct ksmbd_work *work) if (rc) { set_user_flag(sess->user, KSMBD_USER_FLAG_BAD_PASSWORD); ksmbd_debug(SMB, "authentication failed\n"); - rsp->hdr.Status = STATUS_LOGON_FAILURE; - return -EINVAL; + return -EPERM; }

/* @@ -1403,8 +1400,7 @@ static int ntlm_authenticate(struct ksmbd_work *work) if (rc) { ksmbd_debug(SMB, "SMB3 encryption key generation failed\n"); - rsp->hdr.Status = STATUS_LOGON_FAILURE; - return rc; + return -EINVAL; } sess->enc = true; rsp->SessionFlags = SMB2_SESSION_FLAG_ENCRYPT_DATA_LE; @@ -1434,16 +1430,14 @@ static int ntlm_authenticate(struct ksmbd_work *work) rc = conn->ops->generate_signingkey(sess, conn); if (rc) { ksmbd_debug(SMB, "SMB3 signing key generation failed\n"); - rsp->hdr.Status = STATUS_LOGON_FAILURE; - return rc; + return -EINVAL; } }

if (conn->dialect > SMB20_PROT_ID) { if (!ksmbd_conn_lookup_dialect(conn)) { pr_err("fail to verify the dialect\n"); - rsp->hdr.Status = STATUS_USER_SESSION_DELETED; - return -EPERM; + return -ENOENT; } } return 0; @@ -1483,8 +1477,7 @@ static int krb5_authenticate(struct ksmbd_work *work) out_blob, &out_len); if (retval) { ksmbd_debug(SMB, "krb5 authentication failed\n"); - rsp->hdr.Status = STATUS_LOGON_FAILURE; - return retval; + return -EINVAL; } rsp->SecurityBufferLength = cpu_to_le16(out_len); inc_rfc1001_len(rsp, out_len - 1); @@ -1499,8 +1492,7 @@ static int krb5_authenticate(struct ksmbd_work *work) if (retval) { ksmbd_debug(SMB, "SMB3 encryption key generation failed\n"); - rsp->hdr.Status = STATUS_LOGON_FAILURE; - return retval; + return -EINVAL; } sess->enc = true; rsp->SessionFlags = SMB2_SESSION_FLAG_ENCRYPT_DATA_LE; @@ -1524,16 +1516,14 @@ static int krb5_authenticate(struct ksmbd_work *work) retval = conn->ops->generate_signingkey(sess, conn); if (retval) { ksmbd_debug(SMB, "SMB3 signing key generation failed\n"); - rsp->hdr.Status = STATUS_LOGON_FAILURE; - return retval; + return -EINVAL; } }

if (conn->dialect > SMB20_PROT_ID) { if (!ksmbd_conn_lookup_dialect(conn)) { pr_err("fail to verify the dialect\n"); - rsp->hdr.Status = STATUS_USER_SESSION_DELETED; - return -EPERM; + return -ENOENT; } } return 0; @@ -1709,6 +1699,8 @@ int smb2_sess_setup(struct ksmbd_work *work) rsp->hdr.Status = STATUS_REQUEST_NOT_ACCEPTED; else if (rc == -EFAULT) rsp->hdr.Status = STATUS_NETWORK_SESSION_EXPIRED; + else if (rc == -ENOMEM) + rsp->hdr.Status = STATUS_INSUFFICIENT_RESOURCES; else if (rc) rsp->hdr.Status = STATUS_LOGON_FAILURE;

From patchwork Mon Nov 14 12:51:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183280 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:40 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:39 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:39 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 183/308] ksmbd: set STATUS_INVALID_PARAMETER error status if credit charge is invalid Date: Mon, 14 Nov 2022 20:51:32 +0800 Message-ID: 20221114125337.1831594-184-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 6809e2d8-bd4a-4d7f-d3d5-08dac63c7536 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.0829146 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 67307023d02b1339e0b930b742fe5a9cd81284ca category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/67307023d02b

-------------------------------

MS-SMB2 specification describe : If the calculated credit number is greater than the CreditCharge, the server MUST fail the request with the error code STATUS_INVALID_PARAMETER.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/server.c | 20 ++++++++++---------- fs/ksmbd/smb2misc.c | 9 +++++++-- 2 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/fs/ksmbd/server.c b/fs/ksmbd/server.c index c9a3a459f3e6..8db739283d76 100644 --- a/fs/ksmbd/server.c +++ b/fs/ksmbd/server.c @@ -101,8 +101,8 @@ static inline int check_conn_state(struct ksmbd_work *work) return 0; }

-#define TCP_HANDLER_CONTINUE 0 -#define TCP_HANDLER_ABORT 1 +#define SERVER_HANDLER_CONTINUE 0 +#define SERVER_HANDLER_ABORT 1

static int __process_request(struct ksmbd_work *work, struct ksmbd_conn *conn, u16 *cmd) @@ -112,10 +112,10 @@ static int __process_request(struct ksmbd_work *work, struct ksmbd_conn *conn, int ret;

if (check_conn_state(work)) - return TCP_HANDLER_CONTINUE; + return SERVER_HANDLER_CONTINUE;

if (ksmbd_verify_smb_message(work)) - return TCP_HANDLER_ABORT; + return SERVER_HANDLER_ABORT;

command = conn->ops->get_cmd_val(work); *cmd = command; @@ -123,21 +123,21 @@ static int __process_request(struct ksmbd_work *work, struct ksmbd_conn *conn, andx_again: if (command >= conn->max_cmds) { conn->ops->set_rsp_status(work, STATUS_INVALID_PARAMETER); - return TCP_HANDLER_CONTINUE; + return SERVER_HANDLER_CONTINUE; }

cmds = &conn->cmds[command]; if (!cmds->proc) { ksmbd_debug(SMB, "*** not implemented yet cmd = %x\n", command); conn->ops->set_rsp_status(work, STATUS_NOT_IMPLEMENTED); - return TCP_HANDLER_CONTINUE; + return SERVER_HANDLER_CONTINUE; }

if (work->sess && conn->ops->is_sign_req(work, command)) { ret = conn->ops->check_sign_req(work); if (!ret) { conn->ops->set_rsp_status(work, STATUS_ACCESS_DENIED); - return TCP_HANDLER_CONTINUE; + return SERVER_HANDLER_CONTINUE; } }

@@ -153,8 +153,8 @@ static int __process_request(struct ksmbd_work *work, struct ksmbd_conn *conn, }

if (work->send_no_response) - return TCP_HANDLER_ABORT; - return TCP_HANDLER_CONTINUE; + return SERVER_HANDLER_ABORT; + return SERVER_HANDLER_CONTINUE; }

static void __handle_ksmbd_work(struct ksmbd_work *work, @@ -203,7 +203,7 @@ static void __handle_ksmbd_work(struct ksmbd_work *work,

do { rc = __process_request(work, conn, &command); - if (rc == TCP_HANDLER_ABORT) + if (rc == SERVER_HANDLER_ABORT) break;

/* diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c index 4508631c5706..e68aa7d718ed 100644 --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -423,8 +423,13 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) return 1; }

- return work->conn->vals->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU ? - smb2_validate_credit_charge(hdr) : 0; + if ((work->conn->vals->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU) && + smb2_validate_credit_charge(hdr)) { + work->conn->ops->set_rsp_status(work, STATUS_INVALID_PARAMETER); + return 1; + } + + return 0; }

int smb2_negotiate_request(struct ksmbd_work *work)

From patchwork Mon Nov 14 12:51:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183281 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:40 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:40 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:39 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 184/308] ksmbd: move credit charge verification over smb2 request size verification Date: Mon, 14 Nov 2022 20:51:33 +0800 Message-ID: 20221114125337.1831594-185-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: a0bd70af-831b-43e5-8c0d-08dac63c757f X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7427916 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit d347d745f06c7e6503abc08f68dc3b71da71596d category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/d347d745f06c

-------------------------------

Move credit charge verification over smb2 request size verification to avoid being skipped.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2misc.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c index e68aa7d718ed..9aa46bb3e10d 100644 --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -385,6 +385,12 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) } }

+ if ((work->conn->vals->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU) && + smb2_validate_credit_charge(hdr)) { + work->conn->ops->set_rsp_status(work, STATUS_INVALID_PARAMETER); + return 1; + } + clc_len = smb2_calc_size(hdr); if (len != clc_len) { /* server can return one byte more due to implied bcc[0] */ @@ -423,12 +429,6 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) return 1; }

- if ((work->conn->vals->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU) && - smb2_validate_credit_charge(hdr)) { - work->conn->ops->set_rsp_status(work, STATUS_INVALID_PARAMETER); - return 1; - } - return 0; }

From patchwork Mon Nov 14 12:51:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183282 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:40 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:40 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:40 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 185/308] ksmbd: fix typo of MS-SMBD Date: Mon, 14 Nov 2022 20:51:34 +0800 Message-ID: 20221114125337.1831594-186-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 31d70f0b-313a-485a-03a7-08dac63c75d7 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6854108 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 9223958816f9df133ae936c9371378ba1203e0da category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/9223958816f9

-------------------------------

Fix typo : "MS-KSMBD" => "MS-SMBD".

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/transport_rdma.c | 2 +- fs/ksmbd/transport_rdma.h | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c index f818fe358f31..f2ae6bae83f1 100644 --- a/fs/ksmbd/transport_rdma.c +++ b/fs/ksmbd/transport_rdma.c @@ -58,7 +58,7 @@

/* * User configurable initial values per SMB_DIRECT transport connection - * as defined in [MS-KSMBD] 3.1.1.1 + * as defined in [MS-SMBD] 3.1.1.1 * Those may change after a SMB_DIRECT negotiation */ /* The local peer's maximum number of credits to grant to the peer */ diff --git a/fs/ksmbd/transport_rdma.h b/fs/ksmbd/transport_rdma.h index 72e2574079f3..0fa8adc0776f 100644 --- a/fs/ksmbd/transport_rdma.h +++ b/fs/ksmbd/transport_rdma.h @@ -9,7 +9,7 @@

#define SMB_DIRECT_PORT 5445

-/* SMB DIRECT negotiation request packet [MS-KSMBD] 2.2.1 */ +/* SMB DIRECT negotiation request packet [MS-SMBD] 2.2.1 */ struct smb_direct_negotiate_req { __le16 min_version; __le16 max_version; @@ -20,7 +20,7 @@ struct smb_direct_negotiate_req { __le32 max_fragmented_size; } __packed;

-/* SMB DIRECT negotiation response packet [MS-KSMBD] 2.2.2 */ +/* SMB DIRECT negotiation response packet [MS-SMBD] 2.2.2 */ struct smb_direct_negotiate_resp { __le16 min_version; __le16 max_version; @@ -37,7 +37,7 @@ struct smb_direct_negotiate_resp {

#define SMB_DIRECT_RESPONSE_REQUESTED 0x0001

-/* SMB DIRECT data transfer packet with payload [MS-KSMBD] 2.2.3 */ +/* SMB DIRECT data transfer packet with payload [MS-SMBD] 2.2.3 */ struct smb_direct_data_transfer { __le16 credits_requested; __le16 credits_granted;

From patchwork Mon Nov 14 12:51:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183283 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:41 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:41 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:40 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 186/308] ksmbd: add negotiate context verification Date: Mon, 14 Nov 2022 20:51:35 +0800 Message-ID: 20221114125337.1831594-187-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 3227e8aa-1db0-4bc4-07d8-08dac63c7620 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6995386 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit af320a739029f6f8c5c05e769fadaf88e9b7d34f category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/af320a739029

-------------------------------

This patch add negotiate context verification code to check bounds.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 118 ++++++++++++++++++++++++--------------------- fs/ksmbd/smb2pdu.h | 6 +-- 2 files changed, 65 insertions(+), 59 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index f65e518759a5..30bc210ce40b 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -835,10 +835,10 @@ static void assemble_neg_contexts(struct ksmbd_conn *conn, build_encrypt_ctxt((struct smb2_encryption_neg_context *)pneg_ctxt, conn->cipher_type); rsp->NegotiateContextCount = cpu_to_le16(++neg_ctxt_cnt); - ctxt_size += sizeof(struct smb2_encryption_neg_context); + ctxt_size += sizeof(struct smb2_encryption_neg_context) + 2; /* Round to 8 byte boundary */ pneg_ctxt += - round_up(sizeof(struct smb2_encryption_neg_context), + round_up(sizeof(struct smb2_encryption_neg_context) + 2, 8); }

@@ -850,9 +850,10 @@ static void assemble_neg_contexts(struct ksmbd_conn *conn, build_compression_ctxt((struct smb2_compression_ctx *)pneg_ctxt, conn->compress_algorithm); rsp->NegotiateContextCount = cpu_to_le16(++neg_ctxt_cnt); - ctxt_size += sizeof(struct smb2_compression_ctx); + ctxt_size += sizeof(struct smb2_compression_ctx) + 2; /* Round to 8 byte boundary */ - pneg_ctxt += round_up(sizeof(struct smb2_compression_ctx), 8); + pneg_ctxt += round_up(sizeof(struct smb2_compression_ctx) + 2, + 8); }

if (conn->posix_ext_supported) { @@ -881,16 +882,23 @@ static __le32 decode_preauth_ctxt(struct ksmbd_conn *conn, return err; }

-static int decode_encrypt_ctxt(struct ksmbd_conn *conn, - struct smb2_encryption_neg_context *pneg_ctxt) +static void decode_encrypt_ctxt(struct ksmbd_conn *conn, + struct smb2_encryption_neg_context *pneg_ctxt, + int len_of_ctxts) { - int i; int cph_cnt = le16_to_cpu(pneg_ctxt->CipherCount); + int i, cphs_size = cph_cnt * sizeof(__le16);

conn->cipher_type = 0;

+ if (sizeof(struct smb2_encryption_neg_context) + cphs_size > + len_of_ctxts) { + pr_err("Invalid cipher count(%d)\n", cph_cnt); + return; + } + if (!(server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION)) - goto out; + return;

for (i = 0; i < cph_cnt; i++) { if (pneg_ctxt->Ciphers[i] == SMB2_ENCRYPTION_AES128_GCM || @@ -903,90 +911,88 @@ static int decode_encrypt_ctxt(struct ksmbd_conn *conn, break; } } - -out: - /* - * Return encrypt context size in request. - * So need to plus extra number of ciphers size. - */ - return sizeof(struct smb2_encryption_neg_context) + - ((cph_cnt - 1) * 2); }

-static int decode_compress_ctxt(struct ksmbd_conn *conn, - struct smb2_compression_ctx *pneg_ctxt) +static void decode_compress_ctxt(struct ksmbd_conn *conn, + struct smb2_compression_ctx *pneg_ctxt) { - int algo_cnt = le16_to_cpu(pneg_ctxt->CompressionAlgorithmCount); - conn->compress_algorithm = SMB3_COMPRESS_NONE; - - /* - * Return compression context size in request. - * So need to plus extra number of CompressionAlgorithms size. - */ - return sizeof(struct smb2_compression_ctx) + - ((algo_cnt - 1) * 2); }

static __le32 deassemble_neg_contexts(struct ksmbd_conn *conn, struct smb2_negotiate_req *req) { - int i = 0; - __le32 status = 0; /* +4 is to account for the RFC1001 len field */ - char *pneg_ctxt = (char *)req + - le32_to_cpu(req->NegotiateContextOffset) + 4; - __le16 *ContextType = (__le16 *)pneg_ctxt; + struct smb2_neg_context *pctx = (struct smb2_neg_context *)((char *)req + 4); + int i = 0, len_of_ctxts; + int offset = le32_to_cpu(req->NegotiateContextOffset); int neg_ctxt_cnt = le16_to_cpu(req->NegotiateContextCount); - int ctxt_size; + int len_of_smb = be32_to_cpu(req->hdr.smb2_buf_length); + __le32 status = STATUS_INVALID_PARAMETER; + + ksmbd_debug(SMB, "decoding %d negotiate contexts\n", neg_ctxt_cnt); + if (len_of_smb <= offset) { + ksmbd_debug(SMB, "Invalid response: negotiate context offset\n"); + return status; + } + + len_of_ctxts = len_of_smb - offset;

- ksmbd_debug(SMB, "negotiate context count = %d\n", neg_ctxt_cnt); - status = STATUS_INVALID_PARAMETER; while (i++ < neg_ctxt_cnt) { - if (*ContextType == SMB2_PREAUTH_INTEGRITY_CAPABILITIES) { + int clen; + + /* check that offset is not beyond end of SMB */ + if (len_of_ctxts == 0) + break; + + if (len_of_ctxts < sizeof(struct smb2_neg_context)) + break; + + pctx = (struct smb2_neg_context *)((char *)pctx + offset); + clen = le16_to_cpu(pctx->DataLength); + if (clen + sizeof(struct smb2_neg_context) > len_of_ctxts) + break; + + if (pctx->ContextType == SMB2_PREAUTH_INTEGRITY_CAPABILITIES) { ksmbd_debug(SMB, "deassemble SMB2_PREAUTH_INTEGRITY_CAPABILITIES context\n"); if (conn->preauth_info->Preauth_HashId) break;

status = decode_preauth_ctxt(conn, - (struct smb2_preauth_neg_context *)pneg_ctxt); - pneg_ctxt += DIV_ROUND_UP(sizeof(struct smb2_preauth_neg_context), 8) * 8; - } else if (*ContextType == SMB2_ENCRYPTION_CAPABILITIES) { + (struct smb2_preauth_neg_context *)pctx); + if (status != STATUS_SUCCESS) + break; + } else if (pctx->ContextType == SMB2_ENCRYPTION_CAPABILITIES) { ksmbd_debug(SMB, "deassemble SMB2_ENCRYPTION_CAPABILITIES context\n"); if (conn->cipher_type) break;

- ctxt_size = decode_encrypt_ctxt(conn, - (struct smb2_encryption_neg_context *)pneg_ctxt); - pneg_ctxt += DIV_ROUND_UP(ctxt_size, 8) * 8; - } else if (*ContextType == SMB2_COMPRESSION_CAPABILITIES) { + decode_encrypt_ctxt(conn, + (struct smb2_encryption_neg_context *)pctx, + len_of_ctxts); + } else if (pctx->ContextType == SMB2_COMPRESSION_CAPABILITIES) { ksmbd_debug(SMB, "deassemble SMB2_COMPRESSION_CAPABILITIES context\n"); if (conn->compress_algorithm) break;

- ctxt_size = decode_compress_ctxt(conn, - (struct smb2_compression_ctx *)pneg_ctxt); - pneg_ctxt += DIV_ROUND_UP(ctxt_size, 8) * 8; - } else if (*ContextType == SMB2_NETNAME_NEGOTIATE_CONTEXT_ID) { + decode_compress_ctxt(conn, + (struct smb2_compression_ctx *)pctx); + } else if (pctx->ContextType == SMB2_NETNAME_NEGOTIATE_CONTEXT_ID) { ksmbd_debug(SMB, "deassemble SMB2_NETNAME_NEGOTIATE_CONTEXT_ID context\n"); - ctxt_size = sizeof(struct smb2_netname_neg_context); - ctxt_size += DIV_ROUND_UP(le16_to_cpu(((struct smb2_netname_neg_context *) - pneg_ctxt)->DataLength), 8) * 8; - pneg_ctxt += ctxt_size; - } else if (*ContextType == SMB2_POSIX_EXTENSIONS_AVAILABLE) { + } else if (pctx->ContextType == SMB2_POSIX_EXTENSIONS_AVAILABLE) { ksmbd_debug(SMB, "deassemble SMB2_POSIX_EXTENSIONS_AVAILABLE context\n"); conn->posix_ext_supported = true; - pneg_ctxt += DIV_ROUND_UP(sizeof(struct smb2_posix_neg_context), 8) * 8; } - ContextType = (__le16 *)pneg_ctxt;

- if (status != STATUS_SUCCESS) - break; + /* offsets must be 8 byte aligned */ + clen = (clen + 7) & ~0x7; + offset = clen + sizeof(struct smb2_neg_context); + len_of_ctxts -= clen + sizeof(struct smb2_neg_context); } return status; } diff --git a/fs/ksmbd/smb2pdu.h b/fs/ksmbd/smb2pdu.h index 0eac40e1ba65..21cb93e771f7 100644 --- a/fs/ksmbd/smb2pdu.h +++ b/fs/ksmbd/smb2pdu.h @@ -299,7 +299,7 @@ struct smb2_encryption_neg_context { __le32 Reserved; /* CipherCount usally 2, but can be 3 when AES256-GCM enabled */ __le16 CipherCount; /* AES-128-GCM and AES-128-CCM by default */ - __le16 Ciphers[1]; + __le16 Ciphers[]; } __packed;

#define SMB3_COMPRESS_NONE cpu_to_le16(0x0000) @@ -314,7 +314,7 @@ struct smb2_compression_ctx { __le16 CompressionAlgorithmCount; __u16 Padding; __le32 Reserved1; - __le16 CompressionAlgorithms[1]; + __le16 CompressionAlgorithms[]; } __packed;

#define POSIX_CTXT_DATA_LEN 16 @@ -329,7 +329,7 @@ struct smb2_netname_neg_context { __le16 ContextType; /* 0x100 */ __le16 DataLength; __le32 Reserved; - __le16 NetName[0]; /* hostname of target converted to UCS-2 */ + __le16 NetName[]; /* hostname of target converted to UCS-2 */ } __packed;

struct smb2_negotiate_rsp {

From patchwork Mon Nov 14 12:51:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183284 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:41 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:41 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:41 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 187/308] ksmbd: add support for negotiating signing algorithm Date: Mon, 14 Nov 2022 20:51:36 +0800 Message-ID: 20221114125337.1831594-188-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: d683d679-23cb-4ea9-bfc1-08dac63c7668 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7067457 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 378087cd17eea71c4e78e6053597e38429ccee0f category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/378087cd17ee

-------------------------------

Support for faster packet signing (using GMAC instead of CMAC) can now be negotiated to some newer servers, including Windows. See MS-SMB2 section 2.2.3.17.

This patch adds support for sending the new negotiate context with two supported signing algorithms(AES-CMAC, HMAC-SHA256). If client add support for AES_GMAC, Server will be supported later depend on it.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/connection.h | 2 ++ fs/ksmbd/smb2ops.c | 4 +++ fs/ksmbd/smb2pdu.c | 58 +++++++++++++++++++++++++++++++++++++++++++ fs/ksmbd/smb2pdu.h | 14 +++++++++++ 4 files changed, 78 insertions(+)

diff --git a/fs/ksmbd/connection.h b/fs/ksmbd/connection.h index 487c2024b0d5..e5403c587a58 100644 --- a/fs/ksmbd/connection.h +++ b/fs/ksmbd/connection.h @@ -109,6 +109,8 @@ struct ksmbd_conn { __le16 cipher_type; __le16 compress_algorithm; bool posix_ext_supported; + bool signing_negotiated; + __le16 signing_algorithm; bool binding; };

diff --git a/fs/ksmbd/smb2ops.c b/fs/ksmbd/smb2ops.c index 8262908e467c..197473871aa4 100644 --- a/fs/ksmbd/smb2ops.c +++ b/fs/ksmbd/smb2ops.c @@ -204,6 +204,7 @@ void init_smb2_1_server(struct ksmbd_conn *conn) conn->cmds = smb2_0_server_cmds; conn->max_cmds = ARRAY_SIZE(smb2_0_server_cmds); conn->max_credits = SMB2_MAX_CREDITS; + conn->signing_algorithm = SIGNING_ALG_HMAC_SHA256;

if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_LEASES) conn->vals->capabilities |= SMB2_GLOBAL_CAP_LEASING; @@ -221,6 +222,7 @@ void init_smb3_0_server(struct ksmbd_conn *conn) conn->cmds = smb2_0_server_cmds; conn->max_cmds = ARRAY_SIZE(smb2_0_server_cmds); conn->max_credits = SMB2_MAX_CREDITS; + conn->signing_algorithm = SIGNING_ALG_AES_CMAC;

if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_LEASES) conn->vals->capabilities |= SMB2_GLOBAL_CAP_LEASING; @@ -245,6 +247,7 @@ void init_smb3_02_server(struct ksmbd_conn *conn) conn->cmds = smb2_0_server_cmds; conn->max_cmds = ARRAY_SIZE(smb2_0_server_cmds); conn->max_credits = SMB2_MAX_CREDITS; + conn->signing_algorithm = SIGNING_ALG_AES_CMAC;

if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_LEASES) conn->vals->capabilities |= SMB2_GLOBAL_CAP_LEASING; @@ -269,6 +272,7 @@ int init_smb3_11_server(struct ksmbd_conn *conn) conn->cmds = smb2_0_server_cmds; conn->max_cmds = ARRAY_SIZE(smb2_0_server_cmds); conn->max_credits = SMB2_MAX_CREDITS; + conn->signing_algorithm = SIGNING_ALG_AES_CMAC;

if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_LEASES) conn->vals->capabilities |= SMB2_GLOBAL_CAP_LEASING; diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 30bc210ce40b..f6a09c1eb1d2 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -786,6 +786,18 @@ static void build_compression_ctxt(struct smb2_compression_ctx *pneg_ctxt, pneg_ctxt->CompressionAlgorithms[0] = comp_algo; }

+static void build_sign_cap_ctxt(struct smb2_signing_capabilities *pneg_ctxt, + __le16 sign_algo) +{ + pneg_ctxt->ContextType = SMB2_SIGNING_CAPABILITIES; + pneg_ctxt->DataLength = + cpu_to_le16((sizeof(struct smb2_signing_capabilities) + 2) + - sizeof(struct smb2_neg_context)); + pneg_ctxt->Reserved = cpu_to_le32(0); + pneg_ctxt->SigningAlgorithmCount = cpu_to_le16(1); + pneg_ctxt->SigningAlgorithms[0] = sign_algo; +} + static void build_posix_ctxt(struct smb2_posix_neg_context *pneg_ctxt) { pneg_ctxt->ContextType = SMB2_POSIX_EXTENSIONS_AVAILABLE; @@ -863,6 +875,18 @@ static void assemble_neg_contexts(struct ksmbd_conn *conn, build_posix_ctxt((struct smb2_posix_neg_context *)pneg_ctxt); rsp->NegotiateContextCount = cpu_to_le16(++neg_ctxt_cnt); ctxt_size += sizeof(struct smb2_posix_neg_context); + /* Round to 8 byte boundary */ + pneg_ctxt += round_up(sizeof(struct smb2_posix_neg_context), 8); + } + + if (conn->signing_negotiated) { + ctxt_size = round_up(ctxt_size, 8); + ksmbd_debug(SMB, + "assemble SMB2_SIGNING_CAPABILITIES context\n"); + build_sign_cap_ctxt((struct smb2_signing_capabilities *)pneg_ctxt, + conn->signing_algorithm); + rsp->NegotiateContextCount = cpu_to_le16(++neg_ctxt_cnt); + ctxt_size += sizeof(struct smb2_signing_capabilities) + 2; }

inc_rfc1001_len(rsp, ctxt_size); @@ -919,6 +943,34 @@ static void decode_compress_ctxt(struct ksmbd_conn *conn, conn->compress_algorithm = SMB3_COMPRESS_NONE; }

+static void decode_sign_cap_ctxt(struct ksmbd_conn *conn, + struct smb2_signing_capabilities *pneg_ctxt, + int len_of_ctxts) +{ + int sign_algo_cnt = le16_to_cpu(pneg_ctxt->SigningAlgorithmCount); + int i, sign_alos_size = sign_algo_cnt * sizeof(__le16); + + conn->signing_negotiated = false; + + if (sizeof(struct smb2_signing_capabilities) + sign_alos_size > + len_of_ctxts) { + pr_err("Invalid signing algorithm count(%d)\n", sign_algo_cnt); + return; + } + + for (i = 0; i < sign_algo_cnt; i++) { + if (pneg_ctxt->SigningAlgorithms[i] == SIGNING_ALG_HMAC_SHA256 || + pneg_ctxt->SigningAlgorithms[i] == SIGNING_ALG_AES_CMAC) { + ksmbd_debug(SMB, "Signing Algorithm ID = 0x%x\n", + pneg_ctxt->SigningAlgorithms[i]); + conn->signing_negotiated = true; + conn->signing_algorithm = + pneg_ctxt->SigningAlgorithms[i]; + break; + } + } +} + static __le32 deassemble_neg_contexts(struct ksmbd_conn *conn, struct smb2_negotiate_req *req) { @@ -987,6 +1039,12 @@ static __le32 deassemble_neg_contexts(struct ksmbd_conn *conn, ksmbd_debug(SMB, "deassemble SMB2_POSIX_EXTENSIONS_AVAILABLE context\n"); conn->posix_ext_supported = true; + } else if (pctx->ContextType == SMB2_SIGNING_CAPABILITIES) { + ksmbd_debug(SMB, + "deassemble SMB2_SIGNING_CAPABILITIES context\n"); + decode_sign_cap_ctxt(conn, + (struct smb2_signing_capabilities *)pctx, + len_of_ctxts); }

/* offsets must be 8 byte aligned */ diff --git a/fs/ksmbd/smb2pdu.h b/fs/ksmbd/smb2pdu.h index 21cb93e771f7..89019f67234c 100644 --- a/fs/ksmbd/smb2pdu.h +++ b/fs/ksmbd/smb2pdu.h @@ -268,6 +268,7 @@ struct preauth_integrity_info { #define SMB2_ENCRYPTION_CAPABILITIES cpu_to_le16(2) #define SMB2_COMPRESSION_CAPABILITIES cpu_to_le16(3) #define SMB2_NETNAME_NEGOTIATE_CONTEXT_ID cpu_to_le16(5) +#define SMB2_SIGNING_CAPABILITIES cpu_to_le16(8) #define SMB2_POSIX_EXTENSIONS_AVAILABLE cpu_to_le16(0x100)

struct smb2_neg_context { @@ -332,6 +333,19 @@ struct smb2_netname_neg_context { __le16 NetName[]; /* hostname of target converted to UCS-2 */ } __packed;

+/* Signing algorithms */ +#define SIGNING_ALG_HMAC_SHA256 cpu_to_le16(0) +#define SIGNING_ALG_AES_CMAC cpu_to_le16(1) +#define SIGNING_ALG_AES_GMAC cpu_to_le16(2) + +struct smb2_signing_capabilities { + __le16 ContextType; /* 8 */ + __le16 DataLength; + __le32 Reserved; + __le16 SigningAlgorithmCount; + __le16 SigningAlgorithms[]; +} __packed; + struct smb2_negotiate_rsp { struct smb2_hdr hdr; __le16 StructureSize; /* Must be 65 */

From patchwork Mon Nov 14 12:51:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183285 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:42 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:42 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:41 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 188/308] ksmbd: Fix potential memory leak in tcp_destroy_socket() Date: Mon, 14 Nov 2022 20:51:37 +0800 Message-ID: 20221114125337.1831594-189-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 007bea80-cbe3-40d5-062f-08dac63c76b1 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6877498 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Marios Makassikis mmakassikis@freebox.fr

mainline inclusion from mainline-5.15-rc1 commit 654c8876f93677915b1a009bc7f2421ab8750bf1 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/654c8876f936

-------------------------------

ksmbd_socket must be freed even if kernel_sock_shutdown() somehow fails.

Signed-off-by: Marios Makassikis mmakassikis@freebox.fr Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/transport_tcp.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/fs/ksmbd/transport_tcp.c b/fs/ksmbd/transport_tcp.c index 56ec11ff5a9f..dc15a5ecd2e0 100644 --- a/fs/ksmbd/transport_tcp.c +++ b/fs/ksmbd/transport_tcp.c @@ -381,8 +381,7 @@ static void tcp_destroy_socket(struct socket *ksmbd_socket) ret = kernel_sock_shutdown(ksmbd_socket, SHUT_RDWR); if (ret) pr_err("Failed to shutdown socket: %d\n", ret); - else - sock_release(ksmbd_socket); + sock_release(ksmbd_socket); }

/**

From patchwork Mon Nov 14 12:51:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183286 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:42 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:42 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:41 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 189/308] ksmbd: fix -Wstringop-truncation warnings Date: Mon, 14 Nov 2022 20:51:38 +0800 Message-ID: 20221114125337.1831594-190-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 95e4f5b5-7eab-402c-60e0-08dac63c76fb X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7452644 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit 1d904eaf3f99565bdeffbed359e44dd88efbef02 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/1d904eaf3f99

-------------------------------

Kernel test bot reports the following warnings:

In function 'ndr_write_string', inlined from 'ndr_encode_dos_attr' at fs/ksmbd/ndr.c:136:3:

...

fs/ksmbd/ndr.c:70:2: warning: 'strncpy' destination unchanged after

copying no bytes [-Wstringop-truncation] 70 | strncpy(PAYLOAD_HEAD(n), value, sz); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In function 'ndr_write_string', inlined from 'ndr_encode_dos_attr' at fs/ksmbd/ndr.c:134:3:

...

fs/ksmbd/ndr.c:70:2: warning: 'strncpy' output truncated before

terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] 70 | strncpy(PAYLOAD_HEAD(n), value, sz); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/ksmbd/ndr.c: In function 'ndr_encode_dos_attr': fs/ksmbd/ndr.c:134:3: note: length computed here 134 | ndr_write_string(n, hex_attr, strlen(hex_attr)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Reported-by: kernel test robot lkp@intel.com Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/ndr.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/fs/ksmbd/ndr.c b/fs/ksmbd/ndr.c index bcf13a2aa9d4..50872377608d 100644 --- a/fs/ksmbd/ndr.c +++ b/fs/ksmbd/ndr.c @@ -65,13 +65,15 @@ static int ndr_write_bytes(struct ndr *n, void *value, size_t sz) return 0; }

-static int ndr_write_string(struct ndr *n, void *value, size_t sz) +static int ndr_write_string(struct ndr *n, char *value) { + size_t sz; + + sz = strlen(value) + 1; if (n->length <= n->offset + sz) try_to_realloc_ndr_blob(n, sz);

- strncpy(ndr_get_field(n), value, sz); - sz++; + memcpy(ndr_get_field(n), value, sz); n->offset += sz; n->offset = ALIGN(n->offset, 2); return 0; @@ -134,9 +136,9 @@ int ndr_encode_dos_attr(struct ndr *n, struct xattr_dos_attrib *da)

if (da->version == 3) { snprintf(hex_attr, 10, "0x%x", da->attr); - ndr_write_string(n, hex_attr, strlen(hex_attr)); + ndr_write_string(n, hex_attr); } else { - ndr_write_string(n, "", strlen("")); + ndr_write_string(n, ""); } ndr_write_int16(n, da->version); ndr_write_int32(n, da->version);

From patchwork Mon Nov 14 12:51:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183287 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:43 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:42 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:42 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 190/308] ksmbd: Return STATUS_OBJECT_PATH_NOT_FOUND if smb2_creat() returns ENOENT Date: Mon, 14 Nov 2022 20:51:39 +0800 Message-ID: 20221114125337.1831594-191-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: a3ce36b7-2a79-4740-18eb-08dac63c7744 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7162412 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Marios Makassikis mmakassikis@freebox.fr

mainline inclusion from mainline-5.15-rc1 commit d337a44e429e6de23ed3d73fcb81ec44f7b05522 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/d337a44e429e

-------------------------------

Both Windows 10's SMB server and samba return STATUS_OBJECT_PATH_NOT_FOUND when trying to access a nonexistent path.

This fixes Windows 10 File History tool. The latter relies on the server returning STATUS_OBJECT_PATH_NOT_FOUND to figure out what part of the target path needs to be created. Returning STATUS_OBJECT_NAME_INVALID will make it stop and display an error to the user.

Signed-off-by: Marios Makassikis mmakassikis@freebox.fr Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index f6a09c1eb1d2..4c9f3e6abf0f 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -2755,8 +2755,13 @@ int smb2_open(struct ksmbd_work *work) if (!file_present) { rc = smb2_creat(work, &path, name, open_flags, posix_mode, req->CreateOptions & FILE_DIRECTORY_FILE_LE); - if (rc) + if (rc) { + if (rc == -ENOENT) { + rc = -EIO; + rsp->hdr.Status = STATUS_OBJECT_PATH_NOT_FOUND; + } goto err_out; + }

created = true; if (ea_buf) {

From patchwork Mon Nov 14 12:51:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183288 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:43 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:43 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:42 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 191/308] ksmbd: don't set RSS capable in FSCTL_QUERY_NETWORK_INTERFACE_INFO Date: Mon, 14 Nov 2022 20:51:40 +0800 Message-ID: 20221114125337.1831594-192-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 0b009830-f6ba-487b-aaa1-08dac63c778c X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6973514 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 9fb8fac08f6670c9bba70d6c616ad84dd7a45528 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/9fb8fac08f66

-------------------------------

ksmbd does not support RSS mode stably. RSS mode enabling will be set later.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 2 -- 1 file changed, 2 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 4c9f3e6abf0f..65367958f569 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -7048,8 +7048,6 @@ static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn, nii_rsp->IfIndex = cpu_to_le32(netdev->ifindex);

nii_rsp->Capability = 0; - if (netdev->num_tx_queues > 1) - nii_rsp->Capability |= cpu_to_le32(RSS_CAPABLE); if (ksmbd_rdma_capable_netdev(netdev)) nii_rsp->Capability |= cpu_to_le32(RDMA_CAPABLE);

From patchwork Mon Nov 14 12:51:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183289 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:44 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:43 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:43 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 192/308] ksmbd: use channel signingkey for binding SMB2 session setup Date: Mon, 14 Nov 2022 20:51:41 +0800 Message-ID: 20221114125337.1831594-193-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 0093ca04-7469-453c-a9df-08dac63c77d8 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7006651 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 08bdbc6ef46ad522a24dc6b8e01c039cb0c7e761 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/08bdbc6ef46a

-------------------------------

Windows client disconnect connection by wrong signed SMB2 session setup response on SMB3 multichannel mode.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 65367958f569..4b3df48df7a4 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -8103,7 +8103,8 @@ void smb3_set_sign_rsp(struct ksmbd_work *work) len = ALIGN(len, 8); }

- if (le16_to_cpu(hdr->Command) == SMB2_SESSION_SETUP_HE) { + if (conn->binding == false && + le16_to_cpu(hdr->Command) == SMB2_SESSION_SETUP_HE) { signing_key = work->sess->smb3signingkey; } else { chann = lookup_chann_list(work->sess, work->conn);

From patchwork Mon Nov 14 12:51:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183290 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:44 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:44 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:43 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 193/308] ksmbd: fix missing error code in smb2_lock Date: Mon, 14 Nov 2022 20:51:42 +0800 Message-ID: 20221114125337.1831594-194-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 2208543c-0b4e-4ddd-4718-08dac63c7822 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6772324 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 6c99dfc4c5f6fa1f5a90c068be6201d7a0cebff1 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/6c99dfc4c5f6

-------------------------------

Dan report a warning that is missing error code in smb2_lock from static checker. This patch add error code to avoid static checker warning.

Reported-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 66 ++++++++++++++++++++++++---------------------- 1 file changed, 34 insertions(+), 32 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 4b3df48df7a4..32a66f37e008 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -6544,7 +6544,7 @@ int smb2_lock(struct ksmbd_work *work) int lock_count; int flags = 0; int cmd = 0; - int err = 0, i; + int err = -EIO, i, rc = 0; u64 lock_start, lock_length; struct ksmbd_lock *smb_lock = NULL, *cmp_lock, *tmp, *tmp2; struct ksmbd_conn *conn; @@ -6560,7 +6560,7 @@ int smb2_lock(struct ksmbd_work *work) if (!fp) { ksmbd_debug(SMB, "Invalid file id for lock : %llu\n", le64_to_cpu(req->VolatileFileId)); - rsp->hdr.Status = STATUS_FILE_CLOSED; + err = -ENOENT; goto out2; }

@@ -6570,7 +6570,7 @@ int smb2_lock(struct ksmbd_work *work)

ksmbd_debug(SMB, "lock count is %d\n", lock_count); if (!lock_count) { - rsp->hdr.Status = STATUS_INVALID_PARAMETER; + err = -EINVAL; goto out2; }

@@ -6578,10 +6578,8 @@ int smb2_lock(struct ksmbd_work *work) flags = le32_to_cpu(lock_ele[i].Flags);

flock = smb_flock_init(filp); - if (!flock) { - rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED; + if (!flock) goto out; - }

cmd = smb2_set_flock_flags(flock, flags);

@@ -6619,8 +6617,7 @@ int smb2_lock(struct ksmbd_work *work) if (cmp_lock->fl->fl_type != F_UNLCK && flock->fl_type != F_UNLCK) { pr_err("conflict two locks in one request\n"); - rsp->hdr.Status = - STATUS_INVALID_PARAMETER; + err = -EINVAL; goto out; } } @@ -6628,19 +6625,19 @@ int smb2_lock(struct ksmbd_work *work)

smb_lock = smb2_lock_init(flock, cmd, flags, &lock_list); if (!smb_lock) { - rsp->hdr.Status = STATUS_INVALID_PARAMETER; + err = -EINVAL; goto out; } }

list_for_each_entry_safe(smb_lock, tmp, &lock_list, llist) { if (smb_lock->cmd < 0) { - rsp->hdr.Status = STATUS_INVALID_PARAMETER; + err = -EINVAL; goto out; }

if (!(smb_lock->flags & SMB2_LOCKFLAG_MASK)) { - rsp->hdr.Status = STATUS_INVALID_PARAMETER; + err = -EINVAL; goto out; }

@@ -6648,7 +6645,7 @@ int smb2_lock(struct ksmbd_work *work) smb_lock->flags & SMB2_LOCKFLAG_UNLOCK) || (prior_lock == SMB2_LOCKFLAG_UNLOCK && !(smb_lock->flags & SMB2_LOCKFLAG_UNLOCK))) { - rsp->hdr.Status = STATUS_INVALID_PARAMETER; + err = -EINVAL; goto out; }

@@ -6701,8 +6698,7 @@ int smb2_lock(struct ksmbd_work *work) spin_unlock(&conn->llist_lock); read_unlock(&conn_list_lock); pr_err("previous lock conflict with zero byte lock range\n"); - rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED; - goto out; + goto out; }

if (smb_lock->zero_len && !cmp_lock->zero_len && @@ -6711,8 +6707,7 @@ int smb2_lock(struct ksmbd_work *work) spin_unlock(&conn->llist_lock); read_unlock(&conn_list_lock); pr_err("current lock conflict with zero byte lock range\n"); - rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED; - goto out; + goto out; }

if (((cmp_lock->start <= smb_lock->start && @@ -6723,8 +6718,6 @@ int smb2_lock(struct ksmbd_work *work) spin_unlock(&conn->llist_lock); read_unlock(&conn_list_lock); pr_err("Not allow lock operation on exclusive lock range\n"); - rsp->hdr.Status = - STATUS_LOCK_NOT_GRANTED; goto out; } } @@ -6747,19 +6740,19 @@ int smb2_lock(struct ksmbd_work *work) flock = smb_lock->fl; list_del(&smb_lock->llist); retry: - err = vfs_lock_file(filp, smb_lock->cmd, flock, NULL); + rc = vfs_lock_file(filp, smb_lock->cmd, flock, NULL); skip: if (flags & SMB2_LOCKFLAG_UNLOCK) { - if (!err) { + if (!rc) { ksmbd_debug(SMB, "File unlocked\n"); - } else if (err == -ENOENT) { + } else if (rc == -ENOENT) { rsp->hdr.Status = STATUS_NOT_LOCKED; goto out; } locks_free_lock(flock); kfree(smb_lock); } else { - if (err == FILE_LOCK_DEFERRED) { + if (rc == FILE_LOCK_DEFERRED) { void **argv;

ksmbd_debug(SMB, @@ -6777,12 +6770,11 @@ int smb2_lock(struct ksmbd_work *work) } argv[0] = flock;

- err = setup_async_work(work, - smb2_remove_blocked_lock, - argv); - if (err) { - rsp->hdr.Status = - STATUS_INSUFFICIENT_RESOURCES; + rc = setup_async_work(work, + smb2_remove_blocked_lock, + argv); + if (rc) { + err = -ENOMEM; goto out; } spin_lock(&fp->f_lock); @@ -6829,7 +6821,7 @@ int smb2_lock(struct ksmbd_work *work) list_del(&work->fp_entry); spin_unlock(&fp->f_lock); goto retry; - } else if (!err) { + } else if (!rc) { spin_lock(&work->conn->llist_lock); list_add_tail(&smb_lock->clist, &work->conn->lock_list); @@ -6839,7 +6831,6 @@ int smb2_lock(struct ksmbd_work *work) list_add(&smb_lock->llist, &rollback_list); ksmbd_debug(SMB, "successful in taking lock\n"); } else { - rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED; goto out; } } @@ -6865,7 +6856,6 @@ int smb2_lock(struct ksmbd_work *work)

list_for_each_entry_safe(smb_lock, tmp, &rollback_list, llist) { struct file_lock *rlock = NULL; - int rc;

rlock = smb_flock_init(filp); rlock->fl_type = F_UNLCK; @@ -6888,7 +6878,19 @@ int smb2_lock(struct ksmbd_work *work) kfree(smb_lock); } out2: - ksmbd_debug(SMB, "failed in taking lock(flags : %x)\n", flags); + ksmbd_debug(SMB, "failed in taking lock(flags : %x), err : %d\n", flags, err); + + if (!rsp->hdr.Status) { + if (err == -EINVAL) + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + else if (err == -ENOMEM) + rsp->hdr.Status = STATUS_INSUFFICIENT_RESOURCES; + else if (err == -ENOENT) + rsp->hdr.Status = STATUS_FILE_CLOSED; + else + rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED; + } + smb2_set_err_rsp(work); ksmbd_fd_put(work, fp); return err;

From patchwork Mon Nov 14 12:51:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183291 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:45 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:44 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:44 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 194/308] ksmbd: add ipv6_addr_v4mapped check to know if connection from client is ipv4 Date: Mon, 14 Nov 2022 20:51:43 +0800 Message-ID: 20221114125337.1831594-195-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 57cacf3a-e852-4588-d875-08dac63c786a X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6752932 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit f1abdb78a1080a49deac6e91e1675525d1d3dfbe category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/f1abdb78a108

-------------------------------

ksmbd create socket with IPv6 to listen both IPv4 and IPv6 connection from client. Server should send IP addresses of NICs through network interface info response. If Client connection is IPv4, Server should fill IPv4 address in response buffer. But ss_family is always PF_INET6 on IPv6 socket. So This patch add ipv6_addr_v4mapped check to know client connection is IPv4.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 32a66f37e008..d2fc945c38ec 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -7035,6 +7035,7 @@ static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn, struct sockaddr_storage_rsp *sockaddr_storage; unsigned int flags; unsigned long long speed; + struct sockaddr_in6 *csin6 = (struct sockaddr_in6 *)&conn->peer_addr;

rtnl_lock(); for_each_netdev(&init_net, netdev) { @@ -7074,7 +7075,8 @@ static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn, nii_rsp->SockAddr_Storage; memset(sockaddr_storage, 0, 128);

- if (conn->peer_addr.ss_family == PF_INET) { + if (conn->peer_addr.ss_family == PF_INET || + ipv6_addr_v4mapped(&csin6->sin6_addr)) { struct in_device *idev;

sockaddr_storage->Family = cpu_to_le16(INTERNETWORK);

From patchwork Mon Nov 14 12:51:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183292 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:45 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:45 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:44 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 195/308] ksmbd: fix an oops in error handling in smb2_open() Date: Mon, 14 Nov 2022 20:51:44 +0800 Message-ID: 20221114125337.1831594-196-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 2f6f4378-0c55-42f2-4435-08dac63c78b3 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7094897 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Dan Carpenter dan.carpenter@oracle.com

mainline inclusion from mainline-5.15-rc1 commit 8b99f3504b688e3b55380521b6bf68c3d0c485d6 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/8b99f3504b68

-------------------------------

If smb2_get_name() then name is an error pointer. In the clean up code, we try to kfree() it and that will lead to an Oops. Set it to NULL instead.

Signed-off-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 1 + 1 file changed, 1 insertion(+)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index d2fc945c38ec..8155a282c151 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -2451,6 +2451,7 @@ int smb2_open(struct ksmbd_work *work) rc = PTR_ERR(name); if (rc != -ENOMEM) rc = -ENOENT; + name = NULL; goto err_out1; }

From patchwork Mon Nov 14 12:51:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183293 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:46 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:45 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:45 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 196/308] ksmbd: Fix multi-protocol negotiation Date: Mon, 14 Nov 2022 20:51:45 +0800 Message-ID: 20221114125337.1831594-197-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 150149f0-50ef-4826-79d5-08dac63c78fd X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7077887 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Marios Makassikis mmakassikis@freebox.fr

mainline inclusion from mainline-5.15-rc1 commit eebff916f07775b2ecd9186439e69a70af24630b category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/eebff916f077

-------------------------------

To negotiate either the SMB2 protocol or SMB protocol, a client must send a SMB_COM_NEGOTIATE message containing the list of dialects it supports, to which the server will respond with either a SMB_COM_NEGOTIATE or a SMB2_NEGOTIATE response.

The current implementation responds with the highest common dialect, rather than looking explicitly for "SMB 2.???" and "SMB 2.002", as indicated in [MS-SMB2]:

[MS-SMB2] 3.3.5.3.1: If the server does not implement the SMB 2.1 or 3.x dialect family, processing MUST continue as specified in 3.3.5.3.2.

Otherwise, the server MUST scan the dialects provided for the dialect string "SMB 2.???". If the string is not present, continue to section 3.3.5.3.2. If the string is present, the server MUST respond with an SMB2 NEGOTIATE Response as specified in 2.2.4.

[MS-SMB2] 3.3.5.3.2: The server MUST scan the dialects provided for the dialect string "SMB 2.002". If the string is present, the client understands SMB2, and the server MUST respond with an SMB2 NEGOTIATE Response.

This is an issue if a client attempts to negotiate SMB3.1.1 using a SMB_COM_NEGOTIATE, as it will trigger the following NULL pointer dereference:

8<--- cut here --- Unable to handle kernel NULL pointer dereference at virtual address 00000000 pgd = 1917455e [00000000] *pgd=00000000 Internal error: Oops: 17 [#1] ARM CPU: 0 PID: 60 Comm: kworker/0:1 Not tainted 5.4.60-00027-g0518c02b5c5b #35 Hardware name: Marvell Kirkwood (Flattened Device Tree) Workqueue: ksmbd-io handle_ksmbd_work PC is at ksmbd_gen_preauth_integrity_hash+0x24/0x190 LR is at smb3_preauth_hash_rsp+0x50/0xa0 pc : [<802b7044>] lr : [<802d6ac0>] psr: 40000013 sp : bf199ed8 ip : 00000000 fp : 80d1edb0 r10: 80a3471b r9 : 8091af16 r8 : 80d70640 r7 : 00000072 r6 : be95e198 r5 : ca000000 r4 : b97fee00 r3 : 00000000 r2 : 00000002 r1 : b97fea00 r0 : b97fee00 Flags: nZcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user Control: 0005317f Table: 3e7f4000 DAC: 00000055 Process kworker/0:1 (pid: 60, stack limit = 0x3dd1fdb4) Stack: (0xbf199ed8 to 0xbf19a000) 9ec0: b97fee00 00000000 9ee0: be95e198 00000072 80d70640 802d6ac0 b3da2680 b97fea00 424d53ff be95e140 9f00: b97fee00 802bd7b0 bf10fa58 80128a78 00000000 000001c8 b6220000 bf0b7720 9f20: be95e198 80d0c410 bf7e2a00 00000000 00000000 be95e19c 80d0c370 80123b90 9f40: bf0b7720 be95e198 bf0b7720 bf0b7734 80d0c410 bf198000 80d0c424 80d116e0 9f60: bf10fa58 801240c0 00000000 bf10fa40 bf1463a0 bf198000 bf0b7720 80123ed0 9f80: bf077ee4 bf10fa58 00000000 80127f80 bf1463a0 80127e88 00000000 00000000 9fa0: 00000000 00000000 00000000 801010d0 00000000 00000000 00000000 00000000 9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [<802b7044>] (ksmbd_gen_preauth_integrity_hash) from [<802d6ac0>] (smb3_preauth_hash_rsp+0x50/0xa0) [<802d6ac0>] (smb3_preauth_hash_rsp) from [<802bd7b0>] (handle_ksmbd_work+0x348/0x3f8) [<802bd7b0>] (handle_ksmbd_work) from [<80123b90>] (process_one_work+0x160/0x200) [<80123b90>] (process_one_work) from [<801240c0>] (worker_thread+0x1f0/0x2e4) [<801240c0>] (worker_thread) from [<80127f80>] (kthread+0xf8/0x10c) [<80127f80>] (kthread) from [<801010d0>] (ret_from_fork+0x14/0x24) Exception stack(0xbf199fb0 to 0xbf199ff8) 9fa0: 00000000 00000000 00000000 00000000 9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 Code: e1855803 e5d13003 e1855c03 e5903094 (e1d330b0) ---[ end trace 8d03be3ed09e5699 ]--- Kernel panic - not syncing: Fatal exception

smb3_preauth_hash_rsp() panics because conn->preauth_info is only allocated when processing a SMB2 NEGOTIATE request.

Fix this by splitting the smb_protos array into two, each containing only SMB1 and SMB2 dialects respectively.

While here, make ksmbd_negotiate_smb_dialect() static as it not called from anywhere else.

Signed-off-by: Marios Makassikis mmakassikis@freebox.fr Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb_common.c | 53 +++++++++++++++++++++++++++++-------------- fs/ksmbd/smb_common.h | 1 - 2 files changed, 36 insertions(+), 18 deletions(-)

diff --git a/fs/ksmbd/smb_common.c b/fs/ksmbd/smb_common.c index 61686d739ffc..b2370d0f08c6 100644 --- a/fs/ksmbd/smb_common.c +++ b/fs/ksmbd/smb_common.c @@ -30,7 +30,7 @@ struct smb_protocol { __u16 prot_id; };

-static struct smb_protocol smb_protos[] = { +static struct smb_protocol smb1_protos[] = { { SMB21_PROT, "\2SMB 2.1", @@ -43,6 +43,15 @@ static struct smb_protocol smb_protos[] = { "SMB2_22", SMB2X_PROT_ID }, +}; + +static struct smb_protocol smb2_protos[] = { + { + SMB21_PROT, + "\2SMB 2.1", + "SMB2_10", + SMB21_PROT_ID + }, { SMB30_PROT, "\2SMB 3.0", @@ -90,14 +99,24 @@ inline int ksmbd_max_protocol(void)

int ksmbd_lookup_protocol_idx(char *str) { - int offt = ARRAY_SIZE(smb_protos) - 1; + int offt = ARRAY_SIZE(smb1_protos) - 1; int len = strlen(str);

while (offt >= 0) { - if (!strncmp(str, smb_protos[offt].prot, len)) { + if (!strncmp(str, smb1_protos[offt].prot, len)) { + ksmbd_debug(SMB, "selected %s dialect idx = %d\n", + smb1_protos[offt].prot, offt); + return smb1_protos[offt].index; + } + offt--; + } + + offt = ARRAY_SIZE(smb2_protos) - 1; + while (offt >= 0) { + if (!strncmp(str, smb2_protos[offt].prot, len)) { ksmbd_debug(SMB, "selected %s dialect idx = %d\n", - smb_protos[offt].prot, offt); - return smb_protos[offt].index; + smb2_protos[offt].prot, offt); + return smb2_protos[offt].index; } offt--; } @@ -169,7 +188,7 @@ static int ksmbd_lookup_dialect_by_name(char *cli_dialects, __le16 byte_count) int i, seq_num, bcount, next; char *dialect;

- for (i = ARRAY_SIZE(smb_protos) - 1; i >= 0; i--) { + for (i = ARRAY_SIZE(smb1_protos) - 1; i >= 0; i--) { seq_num = 0; next = 0; dialect = cli_dialects; @@ -178,14 +197,14 @@ static int ksmbd_lookup_dialect_by_name(char *cli_dialects, __le16 byte_count) dialect = next_dialect(dialect, &next); ksmbd_debug(SMB, "client requested dialect %s\n", dialect); - if (!strcmp(dialect, smb_protos[i].name)) { - if (supported_protocol(smb_protos[i].index)) { + if (!strcmp(dialect, smb1_protos[i].name)) { + if (supported_protocol(smb1_protos[i].index)) { ksmbd_debug(SMB, "selected %s dialect\n", - smb_protos[i].name); - if (smb_protos[i].index == SMB1_PROT) + smb1_protos[i].name); + if (smb1_protos[i].index == SMB1_PROT) return seq_num; - return smb_protos[i].prot_id; + return smb1_protos[i].prot_id; } } seq_num++; @@ -201,19 +220,19 @@ int ksmbd_lookup_dialect_by_id(__le16 *cli_dialects, __le16 dialects_count) int i; int count;

- for (i = ARRAY_SIZE(smb_protos) - 1; i >= 0; i--) { + for (i = ARRAY_SIZE(smb2_protos) - 1; i >= 0; i--) { count = le16_to_cpu(dialects_count); while (--count >= 0) { ksmbd_debug(SMB, "client requested dialect 0x%x\n", le16_to_cpu(cli_dialects[count])); if (le16_to_cpu(cli_dialects[count]) != - smb_protos[i].prot_id) + smb2_protos[i].prot_id) continue;

- if (supported_protocol(smb_protos[i].index)) { + if (supported_protocol(smb2_protos[i].index)) { ksmbd_debug(SMB, "selected %s dialect\n", - smb_protos[i].name); - return smb_protos[i].prot_id; + smb2_protos[i].name); + return smb2_protos[i].prot_id; } } } @@ -221,7 +240,7 @@ int ksmbd_lookup_dialect_by_id(__le16 *cli_dialects, __le16 dialects_count) return BAD_PROT_ID; }

-int ksmbd_negotiate_smb_dialect(void *buf) +static int ksmbd_negotiate_smb_dialect(void *buf) { __le32 proto;

diff --git a/fs/ksmbd/smb_common.h b/fs/ksmbd/smb_common.h index 95f297177c1a..a4a765440ea3 100644 --- a/fs/ksmbd/smb_common.h +++ b/fs/ksmbd/smb_common.h @@ -498,7 +498,6 @@ bool ksmbd_smb_request(struct ksmbd_conn *conn);

int ksmbd_lookup_dialect_by_id(__le16 *cli_dialects, __le16 dialects_count);

-int ksmbd_negotiate_smb_dialect(void *buf); int ksmbd_init_smb_server(struct ksmbd_work *work);

bool ksmbd_pdu_size_has_room(unsigned int pdu);

From patchwork Mon Nov 14 12:51:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183294 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:46 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:46 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:45 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 197/308] ksmbd: change int data type to boolean Date: Mon, 14 Nov 2022 20:51:46 +0800 Message-ID: 20221114125337.1831594-198-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: ce55e28c-ae8c-4a42-7f39-08dac63c7946 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6889075 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit f4228b678b410a401148f9ad9911d0013fa0f24e category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/f4228b678b41

-------------------------------

Change data type of function that return only 0 or 1 to boolean.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 32 ++++++++++++++++---------------- fs/ksmbd/smb2pdu.h | 6 +++--- fs/ksmbd/smb_common.h | 2 +- 3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 8155a282c151..5684841450d6 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -58,18 +58,18 @@ static void __wbuf(struct ksmbd_work *work, void **req, void **rsp) * * Return: 1 if valid session id, otherwise 0 */ -static inline int check_session_id(struct ksmbd_conn *conn, u64 id) +static inline bool check_session_id(struct ksmbd_conn *conn, u64 id) { struct ksmbd_session *sess;

if (id == 0 || id == -1) - return 0; + return false;

sess = ksmbd_session_lookup_all(conn, id); if (sess) - return 1; + return true; pr_err("Invalid user session id: %llu\n", id); - return 0; + return false; }

struct channel *lookup_chann_list(struct ksmbd_session *sess, struct ksmbd_conn *conn) @@ -145,45 +145,45 @@ void smb2_set_err_rsp(struct ksmbd_work *work) * is_smb2_neg_cmd() - is it smb2 negotiation command * @work: smb work containing smb header * - * Return: 1 if smb2 negotiation command, otherwise 0 + * Return: true if smb2 negotiation command, otherwise false */ -int is_smb2_neg_cmd(struct ksmbd_work *work) +bool is_smb2_neg_cmd(struct ksmbd_work *work) { struct smb2_hdr *hdr = work->request_buf;

/* is it SMB2 header ? */ if (hdr->ProtocolId != SMB2_PROTO_NUMBER) - return 0; + return false;

/* make sure it is request not response message */ if (hdr->Flags & SMB2_FLAGS_SERVER_TO_REDIR) - return 0; + return false;

if (hdr->Command != SMB2_NEGOTIATE) - return 0; + return false;

- return 1; + return true; }

/** * is_smb2_rsp() - is it smb2 response * @work: smb work containing smb response buffer * - * Return: 1 if smb2 response, otherwise 0 + * Return: true if smb2 response, otherwise false */ -int is_smb2_rsp(struct ksmbd_work *work) +bool is_smb2_rsp(struct ksmbd_work *work) { struct smb2_hdr *hdr = work->response_buf;

/* is it SMB2 header ? */ if (hdr->ProtocolId != SMB2_PROTO_NUMBER) - return 0; + return false;

/* make sure it is response not request message */ if (!(hdr->Flags & SMB2_FLAGS_SERVER_TO_REDIR)) - return 0; + return false;

- return 1; + return true; }

/** @@ -8244,7 +8244,7 @@ int smb3_encrypt_resp(struct ksmbd_work *work) return rc; }

-int smb3_is_transform_hdr(void *buf) +bool smb3_is_transform_hdr(void *buf) { struct smb2_transform_hdr *trhdr = buf;

diff --git a/fs/ksmbd/smb2pdu.h b/fs/ksmbd/smb2pdu.h index 89019f67234c..bcec845b03f3 100644 --- a/fs/ksmbd/smb2pdu.h +++ b/fs/ksmbd/smb2pdu.h @@ -1638,8 +1638,8 @@ void init_smb2_max_read_size(unsigned int sz); void init_smb2_max_write_size(unsigned int sz); void init_smb2_max_trans_size(unsigned int sz);

-int is_smb2_neg_cmd(struct ksmbd_work *work); -int is_smb2_rsp(struct ksmbd_work *work); +bool is_smb2_neg_cmd(struct ksmbd_work *work); +bool is_smb2_rsp(struct ksmbd_work *work);

u16 get_smb2_cmd_val(struct ksmbd_work *work); void set_smb2_rsp_status(struct ksmbd_work *work, __le32 err); @@ -1664,7 +1664,7 @@ void smb2_send_interim_resp(struct ksmbd_work *work, __le32 status); struct channel *lookup_chann_list(struct ksmbd_session *sess, struct ksmbd_conn *conn); void smb3_preauth_hash_rsp(struct ksmbd_work *work); -int smb3_is_transform_hdr(void *buf); +bool smb3_is_transform_hdr(void *buf); int smb3_decrypt_req(struct ksmbd_work *work); int smb3_encrypt_resp(struct ksmbd_work *work); bool smb3_11_final_sess_setup_resp(struct ksmbd_work *work); diff --git a/fs/ksmbd/smb_common.h b/fs/ksmbd/smb_common.h index a4a765440ea3..57c667c1be06 100644 --- a/fs/ksmbd/smb_common.h +++ b/fs/ksmbd/smb_common.h @@ -473,7 +473,7 @@ struct smb_version_ops { void (*set_sign_rsp)(struct ksmbd_work *work); int (*generate_signingkey)(struct ksmbd_session *sess, struct ksmbd_conn *conn); int (*generate_encryptionkey)(struct ksmbd_session *sess); - int (*is_transform_hdr)(void *buf); + bool (*is_transform_hdr)(void *buf); int (*decrypt_req)(struct ksmbd_work *work); int (*encrypt_resp)(struct ksmbd_work *work); };

From patchwork Mon Nov 14 12:51:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183295 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:46 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:46 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:46 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 198/308] ksmbd: update the comment for smb2_get_ksmbd_tcon() Date: Mon, 14 Nov 2022 20:51:47 +0800 Message-ID: 20221114125337.1831594-199-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: ca02e44b-4286-4abb-a982-08dac63c798f X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6750505 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 5ec3df8e98f51e21fe1f46633b6085897f9b040e category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/5ec3df8e98f5

-------------------------------

Update the comment for smb2_get_ksmbd_tcon().

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 5684841450d6..711aac6f4e1b 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -85,10 +85,11 @@ struct channel *lookup_chann_list(struct ksmbd_session *sess, struct ksmbd_conn }

/** - * smb2_get_ksmbd_tcon() - get tree connection information for a tree id + * smb2_get_ksmbd_tcon() - get tree connection information using a tree id. * @work: smb work * - * Return: matching tree connection on success, otherwise error + * Return: 0 if there is a tree connection matched or these are + * skipable commands, otherwise error */ int smb2_get_ksmbd_tcon(struct ksmbd_work *work) {

From patchwork Mon Nov 14 12:51:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183296 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:47 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:47 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:46 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 199/308] ksmbd: use proper errno instead of -1 in smb2_get_ksmbd_tcon() Date: Mon, 14 Nov 2022 20:51:48 +0800 Message-ID: 20221114125337.1831594-200-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: cfa04750-3ef0-43b1-29e8-08dac63c79da X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.9975978 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit c6ce2b5716b04cc6ec36fa7e3c3b851368e6ee7c category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/c6ce2b5716b0

-------------------------------

Use proper errno instead of -1 in smb2_get_ksmbd_tcon().

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 711aac6f4e1b..adab4a138648 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -106,14 +106,14 @@ int smb2_get_ksmbd_tcon(struct ksmbd_work *work)

if (xa_empty(&work->sess->tree_conns)) { ksmbd_debug(SMB, "NO tree connected\n"); - return -1; + return -ENOENT; }

tree_id = le32_to_cpu(req_hdr->Id.SyncId.TreeId); work->tcon = ksmbd_tree_conn_lookup(work->sess, tree_id); if (!work->tcon) { pr_err("Invalid tid %d\n", tree_id); - return -1; + return -EINVAL; }

return 1;

From patchwork Mon Nov 14 12:51:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183297 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:48 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:48 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:47 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 200/308] ksmbd: smbd: fix kernel oops during server shutdown Date: Mon, 14 Nov 2022 20:51:49 +0800 Message-ID: 20221114125337.1831594-201-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: baa9ce82-ef9a-4b5b-7005-08dac63c7a4f X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6805813 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit 323b1ea10263e5f11c9fb12e25f6d8beb327228c category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/323b1ea10263

-------------------------------

if server shutdown happens in the situation that there are connections, workqueue could be destroyed before queueing disconnect work.

Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/transport_rdma.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c index f2ae6bae83f1..58f530056ac0 100644 --- a/fs/ksmbd/transport_rdma.c +++ b/fs/ksmbd/transport_rdma.c @@ -329,7 +329,8 @@ static void smb_direct_disconnect_rdma_work(struct work_struct *work) static void smb_direct_disconnect_rdma_connection(struct smb_direct_transport *t) { - queue_work(smb_direct_wq, &t->disconnect_work); + if (t->status == SMB_DIRECT_CS_CONNECTED) + queue_work(smb_direct_wq, &t->disconnect_work); }

static void smb_direct_send_immediate_work(struct work_struct *work) @@ -1415,7 +1416,7 @@ static void smb_direct_disconnect(struct ksmbd_transport *t)

ksmbd_debug(RDMA, "Disconnecting cm_id=%p\n", st->cm_id);

- smb_direct_disconnect_rdma_connection(st); + smb_direct_disconnect_rdma_work(&st->disconnect_work); wait_event_interruptible(st->wait_status, st->status == SMB_DIRECT_CS_DISCONNECTED); free_transport(st);

From patchwork Mon Nov 14 12:51:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183298 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:48 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:48 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:48 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 201/308] ksmbd: don't set FILE DELETE and FILE_DELETE_CHILD in access mask by default Date: Mon, 14 Nov 2022 20:51:50 +0800 Message-ID: 20221114125337.1831594-202-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 009ce3d1-f361-47a3-2870-08dac63c7a98 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6988343 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit a9a27d4ab3de2a6a81bad4b158c74a554d78e89b category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/a9a27d4ab3de

-------------------------------

When there is no dacl in request, ksmbd send dacl that coverted by using file permission. This patch don't set FILE DELETE and FILE_DELETE_CHILD in access mask by default.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smbacl.c | 2 -- 1 file changed, 2 deletions(-)

diff --git a/fs/ksmbd/smbacl.c b/fs/ksmbd/smbacl.c index f6019f0dc8fd..49411e791b08 100644 --- a/fs/ksmbd/smbacl.c +++ b/fs/ksmbd/smbacl.c @@ -716,7 +716,6 @@ static void set_mode_dacl(struct smb_acl *pndacl, struct smb_fattr *fattr) ace_size = fill_ace_for_sid(pace, sid, ACCESS_ALLOWED, 0, fattr->cf_mode, 0700); pace->sid.sub_auth[pace->sid.num_subauth++] = cpu_to_le32(uid); - pace->access_req |= FILE_DELETE_LE | FILE_DELETE_CHILD_LE; pace->size = cpu_to_le16(ace_size + 4); size += le16_to_cpu(pace->size); pace = (struct smb_ace *)((char *)pndace + size); @@ -737,7 +736,6 @@ static void set_mode_dacl(struct smb_acl *pndacl, struct smb_fattr *fattr) /* creator owner */ size += fill_ace_for_sid(pace, &creator_owner, ACCESS_ALLOWED, 0x0b, fattr->cf_mode, 0700); - pace->access_req |= FILE_DELETE_LE | FILE_DELETE_CHILD_LE; pace = (struct smb_ace *)((char *)pndace + size);

/* creator group */

From patchwork Mon Nov 14 12:51:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183299 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:49 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:49 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:48 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 202/308] ksmbd: fix permission check issue on chown and chmod Date: Mon, 14 Nov 2022 20:51:51 +0800 Message-ID: 20221114125337.1831594-203-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 4ed1c8c5-b4e0-4fe3-93b6-08dac63c7ae0 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7039227 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit e70e392fa768d46ca59f2f8c0e7374099c980622 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/e70e392fa768

-------------------------------

When commanding chmod and chown on cifs&ksmbd, ksmbd allows it without file permissions check. There is code to check it in settattr_prepare. Instead of setting the inode directly, update the mode and uid/gid through notify_change.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 5 +++++ fs/ksmbd/smbacl.c | 24 ++++++++++++++++++------ 2 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index adab4a138648..ecfa8264e926 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -5815,10 +5815,15 @@ int smb2_set_info(struct ksmbd_work *work) break; case SMB2_O_INFO_SECURITY: ksmbd_debug(SMB, "GOT SMB2_O_INFO_SECURITY\n"); + if (ksmbd_override_fsids(work)) { + rc = -ENOMEM; + goto err_out; + } rc = smb2_set_info_sec(fp, le32_to_cpu(req->AdditionalInformation), req->Buffer, le32_to_cpu(req->BufferLength)); + ksmbd_revert_fsids(work); break; default: rc = -EOPNOTSUPP; diff --git a/fs/ksmbd/smbacl.c b/fs/ksmbd/smbacl.c index 49411e791b08..321676a74b48 100644 --- a/fs/ksmbd/smbacl.c +++ b/fs/ksmbd/smbacl.c @@ -1271,6 +1271,7 @@ int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon, int rc; struct smb_fattr fattr = {{0}}; struct inode *inode = d_inode(path->dentry); + struct iattr newattrs;

fattr.cf_uid = INVALID_UID; fattr.cf_gid = INVALID_GID; @@ -1280,12 +1281,23 @@ int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon, if (rc) goto out;

- inode->i_mode = (inode->i_mode & ~0777) | (fattr.cf_mode & 0777); - if (!uid_eq(fattr.cf_uid, INVALID_UID)) - inode->i_uid = fattr.cf_uid; - if (!gid_eq(fattr.cf_gid, INVALID_GID)) - inode->i_gid = fattr.cf_gid; - mark_inode_dirty(inode); + newattrs.ia_valid = ATTR_CTIME; + if (!uid_eq(fattr.cf_uid, INVALID_UID)) { + newattrs.ia_valid |= ATTR_UID; + newattrs.ia_uid = fattr.cf_uid; + } + if (!gid_eq(fattr.cf_gid, INVALID_GID)) { + newattrs.ia_valid |= ATTR_GID; + newattrs.ia_gid = fattr.cf_gid; + } + newattrs.ia_valid |= ATTR_MODE; + newattrs.ia_mode = (inode->i_mode & ~0777) | (fattr.cf_mode & 0777); + + inode_lock(inode); + rc = notify_change(path->dentry, &newattrs, NULL); + inode_unlock(inode); + if (rc) + goto out;

ksmbd_vfs_remove_acl_xattrs(path->dentry); /* Update posix acls */

From patchwork Mon Nov 14 12:51:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183300 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:49 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:49 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:48 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 203/308] ksmbd: fix __write_overflow warning in ndr_read_string Date: Mon, 14 Nov 2022 20:51:52 +0800 Message-ID: 20221114125337.1831594-204-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 2789b849-fee6-42ad-25a2-08dac63c7b29 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6237250 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 7d5d8d7156892f82cf40b63228ce788248cc57a3 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/7d5d8d715689

-------------------------------

Dan reported __write_overflow warning in ndr_read_string.

CC [M] fs/ksmbd/ndr.o In file included from ./include/linux/string.h:253, from ./include/linux/bitmap.h:11, from ./include/linux/cpumask.h:12, from ./arch/x86/include/asm/cpumask.h:5, from ./arch/x86/include/asm/msr.h:11, from ./arch/x86/include/asm/processor.h:22, from ./arch/x86/include/asm/cpufeature.h:5, from ./arch/x86/include/asm/thread_info.h:53, from ./include/linux/thread_info.h:60, from ./arch/x86/include/asm/preempt.h:7, from ./include/linux/preempt.h:78, from ./include/linux/spinlock.h:55, from ./include/linux/wait.h:9, from ./include/linux/wait_bit.h:8, from ./include/linux/fs.h:6, from fs/ksmbd/ndr.c:7: In function memcpy, inlined from ndr_read_string at fs/ksmbd/ndr.c:86:2, inlined from ndr_decode_dos_attr at fs/ksmbd/ndr.c:167:2: ./include/linux/fortify-string.h:219:4: error: call to __write_overflow declared with attribute error: detected write beyond size of object __write_overflow(); ^~~~~~~~~~~~~~~~~~

This seems to be a false alarm because hex_attr size is always smaller than n->length. This patch fix this warning by allocation hex_attr with n->length.

Reported-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/ndr.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/fs/ksmbd/ndr.c b/fs/ksmbd/ndr.c index 50872377608d..039ed7884aeb 100644 --- a/fs/ksmbd/ndr.c +++ b/fs/ksmbd/ndr.c @@ -160,11 +160,16 @@ int ndr_encode_dos_attr(struct ndr *n, struct xattr_dos_attrib *da)

int ndr_decode_dos_attr(struct ndr *n, struct xattr_dos_attrib *da) { - char hex_attr[12] = {0}; + char *hex_attr; int version2;

+ hex_attr = kzalloc(n->length, GFP_KERNEL); + if (!hex_attr) + return -ENOMEM; + n->offset = 0; - ndr_read_string(n, hex_attr, n->length - n->offset); + ndr_read_string(n, hex_attr, n->length); + kfree(hex_attr); da->version = ndr_read_int16(n);

if (da->version != 3 && da->version != 4) {

From patchwork Mon Nov 14 12:51:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183301 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:50 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:49 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:49 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 204/308] ksmbd: ensure error is surfaced in set_file_basic_info() Date: Mon, 14 Nov 2022 20:51:53 +0800 Message-ID: 20221114125337.1831594-205-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: b5d854dc-c74a-4163-7a20-08dac63c7b68 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6984457 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Christian Brauner christian.brauner@ubuntu.com

mainline inclusion from mainline-5.15-rc1 commit eb5784f0c6efbe0db720ad7e34e097cea51c1afc category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/eb5784f0c6ef

-------------------------------

It seems the error was accidently ignored until now. Make sure it is surfaced.

Cc: Steve French stfrench@microsoft.com Cc: Christoph Hellwig hch@infradead.org Cc: Namjae Jeon namjae.jeon@samsung.com Cc: Hyunchul Lee hyc.lee@gmail.com Cc: Sergey Senozhatsky senozhatsky@chromium.org Cc: linux-cifs@vger.kernel.org Signed-off-by: Christian Brauner christian.brauner@ubuntu.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index ecfa8264e926..d51b436af523 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -5483,7 +5483,7 @@ static int set_file_basic_info(struct ksmbd_file *fp, char *buf, rc = notify_change(dentry, &attrs, NULL); inode_unlock(inode); } - return 0; + return rc; }

static int set_file_allocation_info(struct ksmbd_work *work,

From patchwork Mon Nov 14 12:51:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183302 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:50 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:50 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:49 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 205/308] ksmbd: remove setattr preparations in set_file_basic_info() Date: Mon, 14 Nov 2022 20:51:54 +0800 Message-ID: 20221114125337.1831594-206-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: c32e9ab9-f4a5-42bc-3d1c-08dac63c7bb2 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6917202 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Christian Brauner christian.brauner@ubuntu.com

mainline inclusion from mainline-5.15-rc1 commit db7fb6fe3d7a8eb05f2b74c6252771c9362f3b74 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/db7fb6fe3d7a

-------------------------------

Permission checking and copying over ownership information is the task of the underlying filesystem not ksmbd. The order is also wrong here. This modifies the inode before notify_change(). If notify_change() fails this will have changed ownership nonetheless. All of this is unnecessary though since the underlying filesystem's ->setattr handler will do all this (if required) by itself.

Cc: Steve French stfrench@microsoft.com Cc: Christoph Hellwig hch@infradead.org Cc: Namjae Jeon namjae.jeon@samsung.com Cc: Hyunchul Lee hyc.lee@gmail.com Cc: Sergey Senozhatsky senozhatsky@chromium.org Cc: linux-cifs@vger.kernel.org Signed-off-by: Christian Brauner christian.brauner@ubuntu.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 25 ++++++++----------------- 1 file changed, 8 insertions(+), 17 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index d51b436af523..445fa0843232 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -5395,7 +5395,7 @@ static int set_file_basic_info(struct ksmbd_file *fp, char *buf, { struct smb2_file_all_info *file_info; struct iattr attrs; - struct iattr temp_attrs; + struct timespec64 ctime; struct file *filp; struct inode *inode; int rc; @@ -5417,11 +5417,11 @@ static int set_file_basic_info(struct ksmbd_file *fp, char *buf, }

if (file_info->ChangeTime) { - temp_attrs.ia_ctime = ksmbd_NTtimeToUnix(file_info->ChangeTime); - attrs.ia_ctime = temp_attrs.ia_ctime; + attrs.ia_ctime = ksmbd_NTtimeToUnix(file_info->ChangeTime); + ctime = attrs.ia_ctime; attrs.ia_valid |= ATTR_CTIME; } else { - temp_attrs.ia_ctime = inode->i_ctime; + ctime = inode->i_ctime; }

if (file_info->LastWriteTime) { @@ -5459,13 +5459,6 @@ static int set_file_basic_info(struct ksmbd_file *fp, char *buf, rc = 0; }

- /* - * HACK : set ctime here to avoid ctime changed - * when file_info->ChangeTime is zero. - */ - attrs.ia_ctime = temp_attrs.ia_ctime; - attrs.ia_valid |= ATTR_CTIME; - if (attrs.ia_valid) { struct dentry *dentry = filp->f_path.dentry; struct inode *inode = d_inode(dentry); @@ -5473,14 +5466,12 @@ static int set_file_basic_info(struct ksmbd_file *fp, char *buf, if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) return -EACCES;

- rc = setattr_prepare(dentry, &attrs); - if (rc) - return -EINVAL; - inode_lock(inode); - setattr_copy(inode, &attrs); - attrs.ia_valid &= ~ATTR_CTIME; rc = notify_change(dentry, &attrs, NULL); + if (!rc) { + inode->i_ctime = ctime; + mark_inode_dirty(inode); + } inode_unlock(inode); } return rc;

From patchwork Mon Nov 14 12:51:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183303 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:51 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:50 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:50 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 206/308] ksmbd: Reduce error log 'speed is unknown' to debug Date: Mon, 14 Nov 2022 20:51:55 +0800 Message-ID: 20221114125337.1831594-207-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 4695ffb0-a760-4115-8319-08dac63c7bfa X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7057338 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Per Forlin perfn@axis.com

mainline inclusion from mainline-5.15-rc1 commit d475866eeed89cc44ed54e0cd296537a68667b1b category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/d475866eeed8

-------------------------------

This log happens on servers with a network bridge since the bridge does not have a specified link speed. This is not a real error so change the error log to debug instead.

Signed-off-by: Per Forlin perfn@axis.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 445fa0843232..33e77ef0dbb5 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -7061,8 +7061,8 @@ static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn, netdev->ethtool_ops->get_link_ksettings(netdev, &cmd); speed = cmd.base.speed; } else { - pr_err("%s %s\n", netdev->name, - "speed is unknown, defaulting to 1Gb/sec"); + ksmbd_debug(SMB, "%s %s\n", netdev->name, + "speed is unknown, defaulting to 1Gb/sec"); speed = SPEED_1000; }

From patchwork Mon Nov 14 12:51:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183304 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:51 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:51 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:50 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 207/308] ksmbd: smbd: fix dma mapping error in smb_direct_post_send_data Date: Mon, 14 Nov 2022 20:51:56 +0800 Message-ID: 20221114125337.1831594-208-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: c432b5ec-11bd-4f52-91de-08dac63c7c44 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6939956 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc1 commit 72d6cbb533d4309734606027fe083c4edb0aa7aa category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/72d6cbb533d4

-------------------------------

Becase smb direct header is mapped and msg->num_sge already is incremented, the decrement should be removed from the condition.

Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/transport_rdma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c index 58f530056ac0..52b2556e76b1 100644 --- a/fs/ksmbd/transport_rdma.c +++ b/fs/ksmbd/transport_rdma.c @@ -1168,7 +1168,7 @@ static int smb_direct_post_send_data(struct smb_direct_transport *t, pr_err("failed to map buffer\n"); ret = -ENOMEM; goto err; - } else if (sg_cnt + msg->num_sge > SMB_DIRECT_MAX_SEND_SGES - 1) { + } else if (sg_cnt + msg->num_sge > SMB_DIRECT_MAX_SEND_SGES) { pr_err("buffer not fitted into sges\n"); ret = -E2BIG; ib_dma_unmap_sg(t->cm_id->device, sg, sg_cnt,

From patchwork Mon Nov 14 12:51:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183305 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:52 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:51 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:51 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 208/308] ksmbd: remove unused ksmbd_file_table_flush function Date: Mon, 14 Nov 2022 20:51:57 +0800 Message-ID: 20221114125337.1831594-209-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 552636e5-7de6-478b-c7b4-08dac63c7c8e X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7044455 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.15-rc1 commit 687c59e702f48e0eca91455d3ef3197b7b8a8314 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/687c59e702f4

-------------------------------

ksmbd_file_table_flush is a leftover from SMB1. This function is no longer needed as SMB1 has been removed from ksmbd.

Reported-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/vfs_cache.c | 16 ---------------- fs/ksmbd/vfs_cache.h | 1 - 2 files changed, 17 deletions(-)

diff --git a/fs/ksmbd/vfs_cache.c b/fs/ksmbd/vfs_cache.c index f5b3f94b7f9b..cc9c8b46827d 100644 --- a/fs/ksmbd/vfs_cache.c +++ b/fs/ksmbd/vfs_cache.c @@ -665,22 +665,6 @@ void ksmbd_free_global_file_table(void) ksmbd_destroy_file_table(&global_ft); }

-int ksmbd_file_table_flush(struct ksmbd_work *work) -{ - struct ksmbd_file *fp = NULL; - unsigned int id; - int ret; - - read_lock(&work->sess->file_table.lock); - idr_for_each_entry(work->sess->file_table.idr, fp, id) { - ret = ksmbd_vfs_fsync(work, fp->volatile_id, KSMBD_NO_FID); - if (ret) - break; - } - read_unlock(&work->sess->file_table.lock); - return ret; -} - int ksmbd_init_file_table(struct ksmbd_file_table *ft) { ft->idr = kzalloc(sizeof(struct idr), GFP_KERNEL); diff --git a/fs/ksmbd/vfs_cache.h b/fs/ksmbd/vfs_cache.h index 70dfe6a99f13..448576fbe4b7 100644 --- a/fs/ksmbd/vfs_cache.h +++ b/fs/ksmbd/vfs_cache.h @@ -152,7 +152,6 @@ void ksmbd_close_session_fds(struct ksmbd_work *work); int ksmbd_close_inode_fds(struct ksmbd_work *work, struct inode *inode); int ksmbd_init_global_file_table(void); void ksmbd_free_global_file_table(void); -int ksmbd_file_table_flush(struct ksmbd_work *work); void ksmbd_set_fd_limit(unsigned long limit);

/*

From patchwork Mon Nov 14 12:51:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183306 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:52 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:52 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:51 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 209/308] ksmbd: fix read of uninitialized variable ret in set_file_basic_info Date: Mon, 14 Nov 2022 20:51:58 +0800 Message-ID: 20221114125337.1831594-210-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 085e4b21-7ee6-4a9f-7fca-08dac63c7cd7 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6774280 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.15-rc1 commit 4ffd5264e8ecb20e1826b9474c19738fdecd67e6 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/4ffd5264e8ec

-------------------------------

Addresses-Coverity reported Uninitialized variables warninig :

/fs/ksmbd/smb2pdu.c: 5525 in set_file_basic_info() 5519 if (!rc) { 5520 inode->i_ctime = ctime; 5521 mark_inode_dirty(inode); 5522 } 5523 inode_unlock(inode); 5524 }

...

...

CID 1506805:  Uninitialized variables  (UNINIT)
Using uninitialized value "rc".

5525 return rc; 5526 } 5527 5528 static int set_file_allocation_info(struct ksmbd_work *work, 5529 struct ksmbd_file *fp, char *buf) 5530 {

Addresses-Coverity: ("Uninitialized variable") Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 33e77ef0dbb5..2fa4584df93e 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -5398,7 +5398,7 @@ static int set_file_basic_info(struct ksmbd_file *fp, char *buf, struct timespec64 ctime; struct file *filp; struct inode *inode; - int rc; + int rc = 0;

if (!(fp->daccess & FILE_WRITE_ATTRIBUTES_LE)) return -EACCES;

From patchwork Mon Nov 14 12:51:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183307 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:52 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:52 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:52 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 210/308] ksmbd: transport_rdma: Don't include rwlock.h directly Date: Mon, 14 Nov 2022 20:51:59 +0800 Message-ID: 20221114125337.1831594-211-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: fdb88533-b5a3-4fe7-3749-08dac63c7d20 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6826270 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Mike Galbraith efault@gmx.de

mainline inclusion from mainline-5.15-rc3 commit a9b3043de47b7f8cbe38c36aee572526665b6315 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/a9b3043de47b

-------------------------------

rwlock.h specifically asks to not be included directly.

In fact, the proper spinlock.h include isn't needed either, it comes with the huge pile that kthread.h ends up pulling in, so just drop it entirely.

Signed-off-by: Mike Galbraith efault@gmx.de Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/transport_rdma.c | 1 - 1 file changed, 1 deletion(-)

diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c index 52b2556e76b1..3a7fa23ba850 100644 --- a/fs/ksmbd/transport_rdma.c +++ b/fs/ksmbd/transport_rdma.c @@ -20,7 +20,6 @@ #define SUBMOD_NAME "smb_direct"

#include <linux/kthread.h> -#include <linux/rwlock.h> #include <linux/list.h> #include <linux/mempool.h> #include <linux/highmem.h>

From patchwork Mon Nov 14 12:52:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183308 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:53 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:53 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:52 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 211/308] ksmbd: prevent out of share access Date: Mon, 14 Nov 2022 20:52:00 +0800 Message-ID: 20221114125337.1831594-212-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: e41faa1f-4c82-46e8-4697-08dac63c7d6a X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7341143 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc3 commit f58eae6c5fa882d6d0a6b7587a099602a59d57b5 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/f58eae6c5fa8

-------------------------------

Because of .., files outside the share directory could be accessed. To prevent this, normalize the given path and remove all . and .. components.

In addition to the usual large set of regression tests (smbtorture and xfstests), ran various tests on this to specifically check path name validation including libsmb2 tests to verify path normalization:

./examples/smb2-ls-async smb://172.30.1.15/homes2/../ ./examples/smb2-ls-async smb://172.30.1.15/homes2/foo/../ ./examples/smb2-ls-async smb://172.30.1.15/homes2/foo/../../ ./examples/smb2-ls-async smb://172.30.1.15/homes2/foo/../ ./examples/smb2-ls-async smb://172.30.1.15/homes2/foo/..bar/ ./examples/smb2-ls-async smb://172.30.1.15/homes2/foo/bar../ ./examples/smb2-ls-async smb://172.30.1.15/homes2/foo/bar.. ./examples/smb2-ls-async smb://172.30.1.15/homes2/foo/bar../../../../

Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/misc.c | 76 ++++++++++++++++++++++++++++++++++++++++------ fs/ksmbd/misc.h | 3 +- fs/ksmbd/smb2pdu.c | 14 ++++++--- 3 files changed, 77 insertions(+), 16 deletions(-)

diff --git a/fs/ksmbd/misc.c b/fs/ksmbd/misc.c index 0b307ca28a19..3eac3c01749f 100644 --- a/fs/ksmbd/misc.c +++ b/fs/ksmbd/misc.c @@ -191,19 +191,77 @@ int get_nlink(struct kstat *st) return nlink; }

-void ksmbd_conv_path_to_unix(char *path) +char *ksmbd_conv_path_to_unix(char *path) { + size_t path_len, remain_path_len, out_path_len; + char *out_path, *out_next; + int i, pre_dotdot_cnt = 0, slash_cnt = 0; + bool is_last; + strreplace(path, '\', '/'); -} + path_len = strlen(path); + remain_path_len = path_len; + if (path_len == 0) + return ERR_PTR(-EINVAL);

-void ksmbd_strip_last_slash(char *path) -{ - int len = strlen(path); + out_path = kzalloc(path_len + 2, GFP_KERNEL); + if (!out_path) + return ERR_PTR(-ENOMEM); + out_path_len = 0; + out_next = out_path; + + do { + char *name = path + path_len - remain_path_len; + char *next = strchrnul(name, '/'); + size_t name_len = next - name; + + is_last = !next[0]; + if (name_len == 2 && name[0] == '.' && name[1] == '.') { + pre_dotdot_cnt++; + /* handle the case that path ends with "/.." */ + if (is_last) + goto follow_dotdot; + } else { + if (pre_dotdot_cnt) { +follow_dotdot: + slash_cnt = 0; + for (i = out_path_len - 1; i >= 0; i--) { + if (out_path[i] == '/' && + ++slash_cnt == pre_dotdot_cnt + 1) + break; + } + + if (i < 0 && + slash_cnt != pre_dotdot_cnt) { + kfree(out_path); + return ERR_PTR(-EINVAL); + } + + out_next = &out_path[i+1]; + *out_next = '\0'; + out_path_len = i + 1;

- while (len && path[len - 1] == '/') { - path[len - 1] = '\0'; - len--; - } + } + + if (name_len != 0 && + !(name_len == 1 && name[0] == '.') && + !(name_len == 2 && name[0] == '.' && name[1] == '.')) { + next[0] = '\0'; + sprintf(out_next, "%s/", name); + out_next += name_len + 1; + out_path_len += name_len + 1; + next[0] = '/'; + } + pre_dotdot_cnt = 0; + } + + remain_path_len -= name_len + 1; + } while (!is_last); + + if (out_path_len > 0) + out_path[out_path_len-1] = '\0'; + path[path_len] = '\0'; + return out_path; }

void ksmbd_conv_path_to_windows(char *path) diff --git a/fs/ksmbd/misc.h b/fs/ksmbd/misc.h index af8717d4d85b..b7b10139ada2 100644 --- a/fs/ksmbd/misc.h +++ b/fs/ksmbd/misc.h @@ -16,8 +16,7 @@ int ksmbd_validate_filename(char *filename); int parse_stream_name(char *filename, char **stream_name, int *s_type); char *convert_to_nt_pathname(char *filename, char *sharepath); int get_nlink(struct kstat *st); -void ksmbd_conv_path_to_unix(char *path); -void ksmbd_strip_last_slash(char *path); +char *ksmbd_conv_path_to_unix(char *path); void ksmbd_conv_path_to_windows(char *path); char *ksmbd_extract_sharename(char *treename); char *convert_to_unix_name(struct ksmbd_share_config *share, char *name); diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 2fa4584df93e..acb13fbc7713 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -634,7 +634,7 @@ static char * smb2_get_name(struct ksmbd_share_config *share, const char *src, const int maxlen, struct nls_table *local_nls) { - char *name, *unixname; + char *name, *norm_name, *unixname;

name = smb_strndup_from_utf16(src, maxlen, 1, local_nls); if (IS_ERR(name)) { @@ -643,11 +643,15 @@ smb2_get_name(struct ksmbd_share_config *share, const char *src, }

/* change it to absolute unix name */ - ksmbd_conv_path_to_unix(name); - ksmbd_strip_last_slash(name); - - unixname = convert_to_unix_name(share, name); + norm_name = ksmbd_conv_path_to_unix(name); + if (IS_ERR(norm_name)) { + kfree(name); + return norm_name; + } kfree(name); + + unixname = convert_to_unix_name(share, norm_name); + kfree(norm_name); if (!unixname) { pr_err("can not convert absolute name\n"); return ERR_PTR(-ENOMEM);

From patchwork Mon Nov 14 12:52:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183309 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:53 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:53 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:53 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 212/308] ksmbd: add validation for FILE_FULL_EA_INFORMATION of smb2_get_info Date: Mon, 14 Nov 2022 20:52:01 +0800 Message-ID: 20221114125337.1831594-213-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain; charset="UTF-8" X-MS-Exchange-Organization-Network-Message-Id: 314bb48b-f891-4b62-8c34-08dac63c7db2 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7070937 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.15-rc3 commit 6d56262c3d224699b29b9bb6b4ace8bab7d692c2 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/6d56262c3d22

-------------------------------

Add validation to check whether req->InputBufferLength is smaller than smb2_ea_info_req structure size.

Cc: Ronnie Sahlberg ronniesahlberg@gmail.com Cc: Ralph B��hme slow@samba.org Cc: Steve French smfrench@gmail.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 4 ++++ 1 file changed, 4 insertions(+)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index acb13fbc7713..ddae30487a48 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -4012,6 +4012,10 @@ static int smb2_get_ea(struct ksmbd_work *work, struct ksmbd_file *fp, path = &fp->filp->f_path; /* single EA entry is requested with given user.* name */ if (req->InputBufferLength) { + if (le32_to_cpu(req->InputBufferLength) < + sizeof(struct smb2_ea_info_req)) + return -EINVAL; + ea_req = (struct smb2_ea_info_req *)req->Buffer; } else { /* need to send all EAs, if no specific EA is requested*/

From patchwork Mon Nov 14 12:52:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183310 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:54 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:54 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:53 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 213/308] ksmbd: log that server is experimental at module load Date: Mon, 14 Nov 2022 20:52:02 +0800 Message-ID: 20221114125337.1831594-214-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: c5d556c3-e3b4-4fb4-c1f3-08dac63c7dfc X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7324846 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Steve French stfrench@microsoft.com

mainline inclusion from mainline-5.15-rc3 commit e44fd5081c50b0ffdb75ce6c83452e60173d791b category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/e44fd5081c50

-------------------------------

While we are working through detailed security reviews of ksmbd server code we should remind users that it is an experimental module by adding a warning when the module loads. Currently the module shows as experimental in Kconfig and is disabled by default, but we don't want to confuse users.

Although ksmbd passes a wide variety of the important functional tests (since initial focus had been largely on functional testing such as smbtorture, xfstests etc.), and ksmbd has added key security features (e.g. GCM256 encryption, Kerberos support), there are ongoing detailed reviews of the code base for path processing and network buffer decoding, and this patch reminds users that the module should be considered "experimental."

Reviewed-by: Namjae Jeon linkinjeon@kernel.org Reviewed-by: Paulo Alcantara (SUSE) pc@cjr.nz Reviewed-by: Ronnie Sahlberg lsahlber@redhat.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/server.c | 3 +++ 1 file changed, 3 insertions(+)

diff --git a/fs/ksmbd/server.c b/fs/ksmbd/server.c index 8db739283d76..9e635aa25c13 100644 --- a/fs/ksmbd/server.c +++ b/fs/ksmbd/server.c @@ -584,6 +584,9 @@ static int __init ksmbd_server_init(void) ret = ksmbd_workqueue_init(); if (ret) goto err_crypto_destroy; + + pr_warn_once("The ksmbd server is experimental, use at your own risk.\n"); + return 0;

err_crypto_destroy:

From patchwork Mon Nov 14 12:52:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183311 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:54 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:54 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:54 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 214/308] ksmbd: add default data stream name in FILE_STREAM_INFORMATION Date: Mon, 14 Nov 2022 20:52:03 +0800 Message-ID: 20221114125337.1831594-215-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 0abe1f4d-51d4-4fbb-e0df-08dac63c7e44 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6994469 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.15-rc3 commit 9f6323311c7064414bfd1edb28e0837baf6b3c7f category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/9f6323311c70

-------------------------------

Windows client expect to get default stream name(::DATA) in FILE_STREAM_INFORMATION response even if there is no stream data in file. This patch fix update failure when writing ppt or doc files.

Signed-off-by: Namjae Jeon linkinjeon@kernel.org Reviewed-By: Tom Talpey tom@talpey.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index ddae30487a48..0fe4d2c5bea1 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -4392,17 +4392,15 @@ static void get_file_stream_info(struct ksmbd_work *work, file_info->NextEntryOffset = cpu_to_le32(next); }

- if (nbytes) { + if (!S_ISDIR(stat.mode)) { file_info = (struct smb2_file_stream_info *) &rsp->Buffer[nbytes]; streamlen = smbConvertToUTF16((__le16 *)file_info->StreamName, "::$DATA", 7, conn->local_nls, 0); streamlen *= 2; file_info->StreamNameLength = cpu_to_le32(streamlen); - file_info->StreamSize = S_ISDIR(stat.mode) ? 0 : - cpu_to_le64(stat.size); - file_info->StreamAllocationSize = S_ISDIR(stat.mode) ? 0 : - cpu_to_le64(stat.size); + file_info->StreamSize = 0; + file_info->StreamAllocationSize = 0; nbytes += sizeof(struct smb2_file_stream_info) + streamlen; }

From patchwork Mon Nov 14 12:52:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183312 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:55 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:55 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:54 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 215/308] ksmbd: check protocol id in ksmbd_verify_smb_message() Date: Mon, 14 Nov 2022 20:52:04 +0800 Message-ID: 20221114125337.1831594-216-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain; charset="UTF-8" X-MS-Exchange-Organization-Network-Message-Id: 168759f9-783d-4ac4-0b54-08dac63c7e8e X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6804545 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.15-rc3 commit 18a015bccf9e8927008d0a255c9f14b8ec15a648 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/18a015bccf9e

-------------------------------

When second smb2 pdu has invalid protocol id, ksmbd doesn't detect it and allow to process smb2 request. This patch add the check it in ksmbd_verify_smb_message() and don't use protocol id of smb2 request as protocol id of response.

Reviewed-by: Ronnie Sahlberg ronniesahlberg@gmail.com Reviewed-by: Ralph B��hme slow@samba.org Reported-by: Ronnie Sahlberg lsahlber@redhat.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 2 +- fs/ksmbd/smb_common.c | 13 +++++++++---- fs/ksmbd/smb_common.h | 1 + 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 0fe4d2c5bea1..e816f9ce77a7 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -433,7 +433,7 @@ static void init_chained_smb2_rsp(struct ksmbd_work *work) work->compound_pfid = KSMBD_NO_FID; } memset((char *)rsp_hdr + 4, 0, sizeof(struct smb2_hdr) + 2); - rsp_hdr->ProtocolId = rcv_hdr->ProtocolId; + rsp_hdr->ProtocolId = SMB2_PROTO_NUMBER; rsp_hdr->StructureSize = SMB2_HEADER_STRUCTURE_SIZE; rsp_hdr->Command = rcv_hdr->Command;

diff --git a/fs/ksmbd/smb_common.c b/fs/ksmbd/smb_common.c index b2370d0f08c6..7ea15d77d50e 100644 --- a/fs/ksmbd/smb_common.c +++ b/fs/ksmbd/smb_common.c @@ -129,16 +129,22 @@ int ksmbd_lookup_protocol_idx(char *str) * * check for valid smb signature and packet direction(request/response) * - * Return: 0 on success, otherwise 1 + * Return: 0 on success, otherwise -EINVAL */ int ksmbd_verify_smb_message(struct ksmbd_work *work) { - struct smb2_hdr *smb2_hdr = work->request_buf; + struct smb2_hdr *smb2_hdr = work->request_buf + work->next_smb2_rcv_hdr_off; + struct smb_hdr *hdr;

if (smb2_hdr->ProtocolId == SMB2_PROTO_NUMBER) return ksmbd_smb2_check_message(work);

- return 0; + hdr = work->request_buf; + if (*(__le32 *)hdr->Protocol == SMB1_PROTO_NUMBER && + hdr->Command == SMB_COM_NEGOTIATE) + return 0; + + return -EINVAL; }

/** @@ -265,7 +271,6 @@ static int ksmbd_negotiate_smb_dialect(void *buf) return BAD_PROT_ID; }

-#define SMB_COM_NEGOTIATE 0x72 int ksmbd_init_smb_server(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; diff --git a/fs/ksmbd/smb_common.h b/fs/ksmbd/smb_common.h index 57c667c1be06..0a6af447cc45 100644 --- a/fs/ksmbd/smb_common.h +++ b/fs/ksmbd/smb_common.h @@ -210,6 +210,7 @@ FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES)

#define SMB1_PROTO_NUMBER cpu_to_le32(0x424d53ff) +#define SMB_COM_NEGOTIATE 0x72

#define SMB1_CLIENT_GUID_SIZE (16) struct smb_hdr {

From patchwork Mon Nov 14 12:52:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183313 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:56 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:56 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:55 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 216/308] ksmbd: remove follow symlinks support Date: Mon, 14 Nov 2022 20:52:05 +0800 Message-ID: 20221114125337.1831594-217-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain; charset="UTF-8" X-MS-Exchange-Organization-Network-Message-Id: 675f048a-1c5d-4d5b-50e1-08dac63c7ed6 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.3941435 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.15-rc3 commit 4ea477988c423a57241ea4840b12832de6fabdfd category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/4ea477988c42

-------------------------------

Use LOOKUP_NO_SYMLINKS flags for default lookup to prohibit the middle of symlink component lookup and remove follow symlinks parameter support. We re-implement it as reparse point later.

Test result: smbclient -Ulinkinjeon%1234 //172.30.1.42/share -c "get hacked/passwd passwd" NT_STATUS_OBJECT_NAME_NOT_FOUND opening remote file \hacked\passwd

Cc: Ralph B��hme slow@samba.org Cc: Steve French smfrench@gmail.com Acked-by: Ronnie Sahlberg lsahlber@redhat.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 43 ++++++++++--------------------------------- fs/ksmbd/vfs.c | 32 +++++++++----------------------- 2 files changed, 19 insertions(+), 56 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index e816f9ce77a7..9a919b6590c7 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -2616,13 +2616,9 @@ int smb2_open(struct ksmbd_work *work) goto err_out1; }

- if (req->CreateOptions & FILE_DELETE_ON_CLOSE_LE) { - /* - * On delete request, instead of following up, need to - * look the current entity - */ - rc = ksmbd_vfs_kern_path(name, 0, &path, 1); - if (!rc) { + rc = ksmbd_vfs_kern_path(name, LOOKUP_NO_SYMLINKS, &path, 1); + if (!rc) { + if (req->CreateOptions & FILE_DELETE_ON_CLOSE_LE) { /* * If file exists with under flags, return access * denied error. @@ -2641,25 +2637,10 @@ int smb2_open(struct ksmbd_work *work) path_put(&path); goto err_out; } - } - } else { - if (test_share_config_flag(work->tcon->share_conf, - KSMBD_SHARE_FLAG_FOLLOW_SYMLINKS)) { - /* - * Use LOOKUP_FOLLOW to follow the path of - * symlink in path buildup - */ - rc = ksmbd_vfs_kern_path(name, LOOKUP_FOLLOW, &path, 1); - if (rc) { /* Case for broken link ?*/ - rc = ksmbd_vfs_kern_path(name, 0, &path, 1); - } - } else { - rc = ksmbd_vfs_kern_path(name, 0, &path, 1); - if (!rc && d_is_symlink(path.dentry)) { - rc = -EACCES; - path_put(&path); - goto err_out; - } + } else if (d_is_symlink(path.dentry)) { + rc = -EACCES; + path_put(&path); + goto err_out; } }

@@ -4713,12 +4694,8 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work, struct path path; int rc = 0, len; int fs_infoclass_size = 0; - int lookup_flags = 0; - - if (test_share_config_flag(share, KSMBD_SHARE_FLAG_FOLLOW_SYMLINKS)) - lookup_flags = LOOKUP_FOLLOW;

- rc = ksmbd_vfs_kern_path(share->path, lookup_flags, &path, 0); + rc = ksmbd_vfs_kern_path(share->path, LOOKUP_NO_SYMLINKS, &path, 0); if (rc) { pr_err("cannot create vfs path\n"); return -EIO; @@ -5288,7 +5265,7 @@ static int smb2_rename(struct ksmbd_work *work, struct ksmbd_file *fp, }

ksmbd_debug(SMB, "new name %s\n", new_name); - rc = ksmbd_vfs_kern_path(new_name, 0, &path, 1); + rc = ksmbd_vfs_kern_path(new_name, LOOKUP_NO_SYMLINKS, &path, 1); if (rc) file_present = false; else @@ -5362,7 +5339,7 @@ static int smb2_create_link(struct ksmbd_work *work, }

ksmbd_debug(SMB, "target name is %s\n", target_name); - rc = ksmbd_vfs_kern_path(link_name, 0, &path, 0); + rc = ksmbd_vfs_kern_path(link_name, LOOKUP_NO_SYMLINKS, &path, 0); if (rc) file_present = false; else diff --git a/fs/ksmbd/vfs.c b/fs/ksmbd/vfs.c index f10dfdb596e4..3b656274375f 100644 --- a/fs/ksmbd/vfs.c +++ b/fs/ksmbd/vfs.c @@ -163,7 +163,7 @@ int ksmbd_vfs_create(struct ksmbd_work *work, const char *name, umode_t mode) struct dentry *dentry; int err;

- dentry = kern_path_create(AT_FDCWD, name, &path, 0); + dentry = kern_path_create(AT_FDCWD, name, &path, LOOKUP_NO_SYMLINKS); if (IS_ERR(dentry)) { err = PTR_ERR(dentry); if (err != -ENOENT) @@ -198,7 +198,8 @@ int ksmbd_vfs_mkdir(struct ksmbd_work *work, const char *name, umode_t mode) struct dentry *dentry; int err;

- dentry = kern_path_create(AT_FDCWD, name, &path, LOOKUP_DIRECTORY); + dentry = kern_path_create(AT_FDCWD, name, &path, + LOOKUP_NO_SYMLINKS | LOOKUP_DIRECTORY); if (IS_ERR(dentry)) { err = PTR_ERR(dentry); if (err != -EEXIST) @@ -575,16 +576,11 @@ int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name) struct path path; struct dentry *parent; int err; - int flags = 0;

if (ksmbd_override_fsids(work)) return -ENOMEM;

- if (test_share_config_flag(work->tcon->share_conf, - KSMBD_SHARE_FLAG_FOLLOW_SYMLINKS)) - flags = LOOKUP_FOLLOW; - - err = kern_path(name, flags, &path); + err = kern_path(name, LOOKUP_NO_SYMLINKS, &path); if (err) { ksmbd_debug(VFS, "can't get %s, err %d\n", name, err); ksmbd_revert_fsids(work); @@ -639,16 +635,11 @@ int ksmbd_vfs_link(struct ksmbd_work *work, const char *oldname, struct path oldpath, newpath; struct dentry *dentry; int err; - int flags = 0;

if (ksmbd_override_fsids(work)) return -ENOMEM;

- if (test_share_config_flag(work->tcon->share_conf, - KSMBD_SHARE_FLAG_FOLLOW_SYMLINKS)) - flags = LOOKUP_FOLLOW; - - err = kern_path(oldname, flags, &oldpath); + err = kern_path(oldname, LOOKUP_NO_SYMLINKS, &oldpath); if (err) { pr_err("cannot get linux path for %s, err = %d\n", oldname, err); @@ -656,7 +647,7 @@ int ksmbd_vfs_link(struct ksmbd_work *work, const char *oldname, }

dentry = kern_path_create(AT_FDCWD, newname, &newpath, - flags | LOOKUP_REVAL); + LOOKUP_NO_SYMLINKS | LOOKUP_REVAL); if (IS_ERR(dentry)) { err = PTR_ERR(dentry); pr_err("path create err for %s, err %d\n", newname, err); @@ -764,7 +755,6 @@ int ksmbd_vfs_fp_rename(struct ksmbd_work *work, struct ksmbd_file *fp, struct dentry *src_dent, *trap_dent, *src_child; char *dst_name; int err; - int flags;

dst_name = extract_last_component(newname); if (!dst_name) @@ -773,12 +763,8 @@ int ksmbd_vfs_fp_rename(struct ksmbd_work *work, struct ksmbd_file *fp, src_dent_parent = dget_parent(fp->filp->f_path.dentry); src_dent = fp->filp->f_path.dentry;

- flags = LOOKUP_DIRECTORY; - if (test_share_config_flag(work->tcon->share_conf, - KSMBD_SHARE_FLAG_FOLLOW_SYMLINKS)) - flags |= LOOKUP_FOLLOW; - - err = kern_path(newname, flags, &dst_path); + err = kern_path(newname, LOOKUP_NO_SYMLINKS | LOOKUP_DIRECTORY, + &dst_path); if (err) { ksmbd_debug(VFS, "Cannot get path for %s [%d]\n", newname, err); goto out; @@ -834,7 +820,7 @@ int ksmbd_vfs_truncate(struct ksmbd_work *work, const char *name, int err = 0;

if (name) { - err = kern_path(name, 0, &path); + err = kern_path(name, LOOKUP_NO_SYMLINKS, &path); if (err) { pr_err("cannot get linux path for %s, err %d\n", name, err);

From patchwork Mon Nov 14 12:52:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183314 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:57 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:56 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:56 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 217/308] ksmbd: use LOOKUP_BENEATH to prevent the out of share access Date: Mon, 14 Nov 2022 20:52:06 +0800 Message-ID: 20221114125337.1831594-218-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 154bd8a9-7bee-43cc-b5a4-08dac63c7f8c X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6975964 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc3 commit 265fd1991c1db85fbabaad4946ca0e63e2ae688d category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/265fd1991c1d

-------------------------------

instead of removing '..' in a given path, call kern_path with LOOKUP_BENEATH flag to prevent the out of share access.

ran various test on this: smb2-cat-async smb://127.0.0.1/homes/../out_of_share smb2-cat-async smb://127.0.0.1/homes/foo/../../out_of_share smbclient //127.0.0.1/homes -c "mkdir ../foo2" smbclient //127.0.0.1/homes -c "rename bar ../bar"

Cc: Ronnie Sahlberg ronniesahlberg@gmail.com Cc: Ralph Boehme slow@samba.org Tested-by: Steve French smfrench@gmail.com Tested-by: Namjae Jeon linkinjeon@kernel.org Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/misc.c | 100 ++++++----------------------- fs/ksmbd/misc.h | 7 +- fs/ksmbd/smb2pdu.c | 74 ++++++++------------- fs/ksmbd/vfs.c | 156 ++++++++++++++++++++++++--------------------- fs/ksmbd/vfs.h | 9 ++- 5 files changed, 140 insertions(+), 206 deletions(-)

diff --git a/fs/ksmbd/misc.c b/fs/ksmbd/misc.c index 3eac3c01749f..6a19f4bc692d 100644 --- a/fs/ksmbd/misc.c +++ b/fs/ksmbd/misc.c @@ -158,25 +158,21 @@ int parse_stream_name(char *filename, char **stream_name, int *s_type) * Return : windows path string or error */

-char *convert_to_nt_pathname(char *filename, char *sharepath) +char *convert_to_nt_pathname(char *filename) { char *ab_pathname; - int len, name_len;

- name_len = strlen(filename); - ab_pathname = kmalloc(name_len, GFP_KERNEL); - if (!ab_pathname) - return NULL; - - ab_pathname[0] = '\'; - ab_pathname[1] = '\0'; + if (strlen(filename) == 0) { + ab_pathname = kmalloc(2, GFP_KERNEL); + ab_pathname[0] = '\'; + ab_pathname[1] = '\0'; + } else { + ab_pathname = kstrdup(filename, GFP_KERNEL); + if (!ab_pathname) + return NULL;

- len = strlen(sharepath); - if (!strncmp(filename, sharepath, len) && name_len != len) { - strscpy(ab_pathname, &filename[len], name_len); ksmbd_conv_path_to_windows(ab_pathname); } - return ab_pathname; }

@@ -191,77 +187,19 @@ int get_nlink(struct kstat *st) return nlink; }

-char *ksmbd_conv_path_to_unix(char *path) +void ksmbd_conv_path_to_unix(char *path) { - size_t path_len, remain_path_len, out_path_len; - char *out_path, *out_next; - int i, pre_dotdot_cnt = 0, slash_cnt = 0; - bool is_last; - strreplace(path, '\', '/'); - path_len = strlen(path); - remain_path_len = path_len; - if (path_len == 0) - return ERR_PTR(-EINVAL); - - out_path = kzalloc(path_len + 2, GFP_KERNEL); - if (!out_path) - return ERR_PTR(-ENOMEM); - out_path_len = 0; - out_next = out_path; - - do { - char *name = path + path_len - remain_path_len; - char *next = strchrnul(name, '/'); - size_t name_len = next - name; - - is_last = !next[0]; - if (name_len == 2 && name[0] == '.' && name[1] == '.') { - pre_dotdot_cnt++; - /* handle the case that path ends with "/.." */ - if (is_last) - goto follow_dotdot; - } else { - if (pre_dotdot_cnt) { -follow_dotdot: - slash_cnt = 0; - for (i = out_path_len - 1; i >= 0; i--) { - if (out_path[i] == '/' && - ++slash_cnt == pre_dotdot_cnt + 1) - break; - } - - if (i < 0 && - slash_cnt != pre_dotdot_cnt) { - kfree(out_path); - return ERR_PTR(-EINVAL); - } - - out_next = &out_path[i+1]; - *out_next = '\0'; - out_path_len = i + 1; - - } - - if (name_len != 0 && - !(name_len == 1 && name[0] == '.') && - !(name_len == 2 && name[0] == '.' && name[1] == '.')) { - next[0] = '\0'; - sprintf(out_next, "%s/", name); - out_next += name_len + 1; - out_path_len += name_len + 1; - next[0] = '/'; - } - pre_dotdot_cnt = 0; - } +}

- remain_path_len -= name_len + 1; - } while (!is_last); +void ksmbd_strip_last_slash(char *path) +{ + int len = strlen(path);

- if (out_path_len > 0) - out_path[out_path_len-1] = '\0'; - path[path_len] = '\0'; - return out_path; + while (len && path[len - 1] == '/') { + path[len - 1] = '\0'; + len--; + } }

void ksmbd_conv_path_to_windows(char *path) @@ -298,7 +236,7 @@ char *ksmbd_extract_sharename(char *treename) * * Return: converted name on success, otherwise NULL */ -char *convert_to_unix_name(struct ksmbd_share_config *share, char *name) +char *convert_to_unix_name(struct ksmbd_share_config *share, const char *name) { int no_slash = 0, name_len, path_len; char *new_name; diff --git a/fs/ksmbd/misc.h b/fs/ksmbd/misc.h index b7b10139ada2..253366bd0951 100644 --- a/fs/ksmbd/misc.h +++ b/fs/ksmbd/misc.h @@ -14,12 +14,13 @@ struct ksmbd_file; int match_pattern(const char *str, size_t len, const char *pattern); int ksmbd_validate_filename(char *filename); int parse_stream_name(char *filename, char **stream_name, int *s_type); -char *convert_to_nt_pathname(char *filename, char *sharepath); +char *convert_to_nt_pathname(char *filename); int get_nlink(struct kstat *st); -char *ksmbd_conv_path_to_unix(char *path); +void ksmbd_conv_path_to_unix(char *path); +void ksmbd_strip_last_slash(char *path); void ksmbd_conv_path_to_windows(char *path); char *ksmbd_extract_sharename(char *treename); -char *convert_to_unix_name(struct ksmbd_share_config *share, char *name); +char *convert_to_unix_name(struct ksmbd_share_config *share, const char *name);

#define KSMBD_DIR_INFO_ALIGNMENT 8 struct ksmbd_dir_info; diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 9a919b6590c7..bb78a28af101 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -634,7 +634,7 @@ static char * smb2_get_name(struct ksmbd_share_config *share, const char *src, const int maxlen, struct nls_table *local_nls) { - char *name, *norm_name, *unixname; + char *name;

name = smb_strndup_from_utf16(src, maxlen, 1, local_nls); if (IS_ERR(name)) { @@ -642,23 +642,9 @@ smb2_get_name(struct ksmbd_share_config *share, const char *src, return name; }

- /* change it to absolute unix name */ - norm_name = ksmbd_conv_path_to_unix(name); - if (IS_ERR(norm_name)) { - kfree(name); - return norm_name; - } - kfree(name); - - unixname = convert_to_unix_name(share, norm_name); - kfree(norm_name); - if (!unixname) { - pr_err("can not convert absolute name\n"); - return ERR_PTR(-ENOMEM); - } - - ksmbd_debug(SMB, "absolute name = %s\n", unixname); - return unixname; + ksmbd_conv_path_to_unix(name); + ksmbd_strip_last_slash(name); + return name; }

int setup_async_work(struct ksmbd_work *work, void (*fn)(void **), void **arg) @@ -2342,7 +2328,7 @@ static int smb2_creat(struct ksmbd_work *work, struct path *path, char *name, return rc; }

- rc = ksmbd_vfs_kern_path(name, 0, path, 0); + rc = ksmbd_vfs_kern_path(work, name, 0, path, 0); if (rc) { pr_err("cannot get linux path (%s), err = %d\n", name, rc); @@ -2411,7 +2397,7 @@ int smb2_open(struct ksmbd_work *work) struct oplock_info *opinfo; __le32 *next_ptr = NULL; int req_op_level = 0, open_flags = 0, may_flags = 0, file_info = 0; - int rc = 0, len = 0; + int rc = 0; int contxt_cnt = 0, query_disk_id = 0; int maximal_access_ctxt = 0, posix_ctxt = 0; int s_type = 0; @@ -2483,17 +2469,11 @@ int smb2_open(struct ksmbd_work *work) goto err_out1; } } else { - len = strlen(share->path); - ksmbd_debug(SMB, "share path len %d\n", len); - name = kmalloc(len + 1, GFP_KERNEL); + name = kstrdup("", GFP_KERNEL); if (!name) { - rsp->hdr.Status = STATUS_NO_MEMORY; rc = -ENOMEM; goto err_out1; } - - memcpy(name, share->path, len); - *(name + len) = '\0'; }

req_op_level = req->RequestedOplockLevel; @@ -2616,7 +2596,7 @@ int smb2_open(struct ksmbd_work *work) goto err_out1; }

- rc = ksmbd_vfs_kern_path(name, LOOKUP_NO_SYMLINKS, &path, 1); + rc = ksmbd_vfs_kern_path(work, name, LOOKUP_NO_SYMLINKS, &path, 1); if (!rc) { if (req->CreateOptions & FILE_DELETE_ON_CLOSE_LE) { /* @@ -2645,11 +2625,8 @@ int smb2_open(struct ksmbd_work *work) }

if (rc) { - if (rc == -EACCES) { - ksmbd_debug(SMB, - "User does not have right permission\n"); + if (rc != -ENOENT) goto err_out; - } ksmbd_debug(SMB, "can not get linux path for %s, rc = %d\n", name, rc); rc = 0; @@ -3133,7 +3110,7 @@ int smb2_open(struct ksmbd_work *work) rsp->hdr.Status = STATUS_INVALID_PARAMETER; else if (rc == -EOPNOTSUPP) rsp->hdr.Status = STATUS_NOT_SUPPORTED; - else if (rc == -EACCES || rc == -ESTALE) + else if (rc == -EACCES || rc == -ESTALE || rc == -EXDEV) rsp->hdr.Status = STATUS_ACCESS_DENIED; else if (rc == -ENOENT) rsp->hdr.Status = STATUS_OBJECT_NAME_INVALID; @@ -4242,8 +4219,7 @@ static int get_file_all_info(struct ksmbd_work *work, return -EACCES; }

- filename = convert_to_nt_pathname(fp->filename, - work->tcon->share_conf->path); + filename = convert_to_nt_pathname(fp->filename); if (!filename) return -ENOMEM;

@@ -4695,7 +4671,7 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work, int rc = 0, len; int fs_infoclass_size = 0;

- rc = ksmbd_vfs_kern_path(share->path, LOOKUP_NO_SYMLINKS, &path, 0); + rc = kern_path(share->path, LOOKUP_NO_SYMLINKS, &path); if (rc) { pr_err("cannot create vfs path\n"); return -EIO; @@ -5238,7 +5214,7 @@ static int smb2_rename(struct ksmbd_work *work, struct ksmbd_file *fp, goto out;

len = strlen(new_name); - if (new_name[len - 1] != '/') { + if (len > 0 && new_name[len - 1] != '/') { pr_err("not allow base filename in rename\n"); rc = -ESHARE; goto out; @@ -5265,11 +5241,14 @@ static int smb2_rename(struct ksmbd_work *work, struct ksmbd_file *fp, }

ksmbd_debug(SMB, "new name %s\n", new_name); - rc = ksmbd_vfs_kern_path(new_name, LOOKUP_NO_SYMLINKS, &path, 1); - if (rc) + rc = ksmbd_vfs_kern_path(work, new_name, LOOKUP_NO_SYMLINKS, &path, 1); + if (rc) { + if (rc != -ENOENT) + goto out; file_present = false; - else + } else { path_put(&path); + }

if (ksmbd_share_veto_filename(share, new_name)) { rc = -ENOENT; @@ -5339,11 +5318,14 @@ static int smb2_create_link(struct ksmbd_work *work, }

ksmbd_debug(SMB, "target name is %s\n", target_name); - rc = ksmbd_vfs_kern_path(link_name, LOOKUP_NO_SYMLINKS, &path, 0); - if (rc) + rc = ksmbd_vfs_kern_path(work, link_name, LOOKUP_NO_SYMLINKS, &path, 0); + if (rc) { + if (rc != -ENOENT) + goto out; file_present = false; - else + } else { path_put(&path); + }

if (file_info->ReplaceIfExists) { if (file_present) { @@ -5500,7 +5482,7 @@ static int set_file_allocation_info(struct ksmbd_work *work, * inode size is retained by backup inode size. */ size = i_size_read(inode); - rc = ksmbd_vfs_truncate(work, NULL, fp, alloc_blks * 512); + rc = ksmbd_vfs_truncate(work, fp, alloc_blks * 512); if (rc) { pr_err("truncate failed! filename : %s, err %d\n", fp->filename, rc); @@ -5537,7 +5519,7 @@ static int set_end_of_file_info(struct ksmbd_work *work, struct ksmbd_file *fp, if (inode->i_sb->s_magic != MSDOS_SUPER_MAGIC) { ksmbd_debug(SMB, "filename : %s truncated to newsize %lld\n", fp->filename, newsize); - rc = ksmbd_vfs_truncate(work, NULL, fp, newsize); + rc = ksmbd_vfs_truncate(work, fp, newsize); if (rc) { ksmbd_debug(SMB, "truncate failed! filename : %s err %d\n", fp->filename, rc); @@ -5812,7 +5794,7 @@ int smb2_set_info(struct ksmbd_work *work) return 0;

err_out: - if (rc == -EACCES || rc == -EPERM) + if (rc == -EACCES || rc == -EPERM || rc == -EXDEV) rsp->hdr.Status = STATUS_ACCESS_DENIED; else if (rc == -EINVAL) rsp->hdr.Status = STATUS_INVALID_PARAMETER; diff --git a/fs/ksmbd/vfs.c b/fs/ksmbd/vfs.c index 3b656274375f..2887995b2c47 100644 --- a/fs/ksmbd/vfs.c +++ b/fs/ksmbd/vfs.c @@ -19,6 +19,8 @@ #include <linux/sched/xacct.h> #include <linux/crc32c.h>

+#include "../internal.h" /* for vfs_path_lookup */ + #include "glob.h" #include "oplock.h" #include "connection.h" @@ -44,7 +46,6 @@ static char *extract_last_component(char *path) p++; } else { p = NULL; - pr_err("Invalid path %s\n", path); } return p; } @@ -152,7 +153,7 @@ int ksmbd_vfs_query_maximal_access(struct dentry *dentry, __le32 *daccess) /** * ksmbd_vfs_create() - vfs helper for smb create file * @work: work - * @name: file name + * @name: file name that is relative to share * @mode: file create mode * * Return: 0 on success, otherwise error @@ -163,7 +164,8 @@ int ksmbd_vfs_create(struct ksmbd_work *work, const char *name, umode_t mode) struct dentry *dentry; int err;

- dentry = kern_path_create(AT_FDCWD, name, &path, LOOKUP_NO_SYMLINKS); + dentry = ksmbd_vfs_kern_path_create(work, name, + LOOKUP_NO_SYMLINKS, &path); if (IS_ERR(dentry)) { err = PTR_ERR(dentry); if (err != -ENOENT) @@ -187,7 +189,7 @@ int ksmbd_vfs_create(struct ksmbd_work *work, const char *name, umode_t mode) /** * ksmbd_vfs_mkdir() - vfs helper for smb create directory * @work: work - * @name: directory name + * @name: directory name that is relative to share * @mode: directory create mode * * Return: 0 on success, otherwise error @@ -198,8 +200,9 @@ int ksmbd_vfs_mkdir(struct ksmbd_work *work, const char *name, umode_t mode) struct dentry *dentry; int err;

- dentry = kern_path_create(AT_FDCWD, name, &path, - LOOKUP_NO_SYMLINKS | LOOKUP_DIRECTORY); + dentry = ksmbd_vfs_kern_path_create(work, name, + LOOKUP_NO_SYMLINKS | LOOKUP_DIRECTORY, + &path); if (IS_ERR(dentry)) { err = PTR_ERR(dentry); if (err != -EEXIST) @@ -567,7 +570,7 @@ int ksmbd_vfs_fsync(struct ksmbd_work *work, u64 fid, u64 p_id)

/** * ksmbd_vfs_remove_file() - vfs helper for smb rmdir or unlink - * @name: absolute directory or file name + * @name: directory or file name that is relative to share * * Return: 0 on success, otherwise error */ @@ -580,7 +583,7 @@ int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name) if (ksmbd_override_fsids(work)) return -ENOMEM;

- err = kern_path(name, LOOKUP_NO_SYMLINKS, &path); + err = ksmbd_vfs_kern_path(work, name, LOOKUP_NO_SYMLINKS, &path, false); if (err) { ksmbd_debug(VFS, "can't get %s, err %d\n", name, err); ksmbd_revert_fsids(work); @@ -625,7 +628,7 @@ int ksmbd_vfs_remove_file(struct ksmbd_work *work, char *name) /** * ksmbd_vfs_link() - vfs helper for creating smb hardlink * @oldname: source file name - * @newname: hardlink name + * @newname: hardlink name that is relative to share * * Return: 0 on success, otherwise error */ @@ -646,8 +649,9 @@ int ksmbd_vfs_link(struct ksmbd_work *work, const char *oldname, goto out1; }

- dentry = kern_path_create(AT_FDCWD, newname, &newpath, - LOOKUP_NO_SYMLINKS | LOOKUP_REVAL); + dentry = ksmbd_vfs_kern_path_create(work, newname, + LOOKUP_NO_SYMLINKS | LOOKUP_REVAL, + &newpath); if (IS_ERR(dentry)) { err = PTR_ERR(dentry); pr_err("path create err for %s, err %d\n", newname, err); @@ -757,14 +761,17 @@ int ksmbd_vfs_fp_rename(struct ksmbd_work *work, struct ksmbd_file *fp, int err;

dst_name = extract_last_component(newname); - if (!dst_name) - return -EINVAL; + if (!dst_name) { + dst_name = newname; + newname = ""; + }

src_dent_parent = dget_parent(fp->filp->f_path.dentry); src_dent = fp->filp->f_path.dentry;

- err = kern_path(newname, LOOKUP_NO_SYMLINKS | LOOKUP_DIRECTORY, - &dst_path); + err = ksmbd_vfs_kern_path(work, newname, + LOOKUP_NO_SYMLINKS | LOOKUP_DIRECTORY, + &dst_path, false); if (err) { ksmbd_debug(VFS, "Cannot get path for %s [%d]\n", newname, err); goto out; @@ -807,61 +814,43 @@ int ksmbd_vfs_fp_rename(struct ksmbd_work *work, struct ksmbd_file *fp, /** * ksmbd_vfs_truncate() - vfs helper for smb file truncate * @work: work - * @name: old filename * @fid: file id of old file * @size: truncate to given size * * Return: 0 on success, otherwise error */ -int ksmbd_vfs_truncate(struct ksmbd_work *work, const char *name, +int ksmbd_vfs_truncate(struct ksmbd_work *work, struct ksmbd_file *fp, loff_t size) { - struct path path; int err = 0; + struct file *filp;

- if (name) { - err = kern_path(name, LOOKUP_NO_SYMLINKS, &path); - if (err) { - pr_err("cannot get linux path for %s, err %d\n", - name, err); - return err; - } - err = vfs_truncate(&path, size); - if (err) - pr_err("truncate failed for %s err %d\n", - name, err); - path_put(&path); - } else { - struct file *filp; - - filp = fp->filp; - - /* Do we need to break any of a levelII oplock? */ - smb_break_all_levII_oplock(work, fp, 1); + filp = fp->filp;

- if (!work->tcon->posix_extensions) { - struct inode *inode = file_inode(filp); + /* Do we need to break any of a levelII oplock? */ + smb_break_all_levII_oplock(work, fp, 1);

- if (size < inode->i_size) { - err = check_lock_range(filp, size, - inode->i_size - 1, WRITE); - } else { - err = check_lock_range(filp, inode->i_size, - size - 1, WRITE); - } + if (!work->tcon->posix_extensions) { + struct inode *inode = file_inode(filp);

- if (err) { - pr_err("failed due to lock\n"); - return -EAGAIN; - } + if (size < inode->i_size) { + err = check_lock_range(filp, size, + inode->i_size - 1, WRITE); + } else { + err = check_lock_range(filp, inode->i_size, + size - 1, WRITE); }

- err = vfs_truncate(&filp->f_path, size); - if (err) - pr_err("truncate failed for filename : %s err %d\n", - fp->filename, err); + if (err) { + pr_err("failed due to lock\n"); + return -EAGAIN; + } }

+ err = vfs_truncate(&filp->f_path, size); + if (err) + pr_err("truncate failed for filename : %s err %d\n", + fp->filename, err); return err; }

@@ -1171,22 +1160,25 @@ static int ksmbd_vfs_lookup_in_dir(struct path *dir, char *name, size_t namelen)

/** * ksmbd_vfs_kern_path() - lookup a file and get path info - * @name: name of file for lookup + * @name: file path that is relative to share * @flags: lookup flags * @path: if lookup succeed, return path info * @caseless: caseless filename lookup * * Return: 0 on success, otherwise error */ -int ksmbd_vfs_kern_path(char *name, unsigned int flags, struct path *path, - bool caseless) +int ksmbd_vfs_kern_path(struct ksmbd_work *work, char *name, + unsigned int flags, struct path *path, bool caseless) { + struct ksmbd_share_config *share_conf = work->tcon->share_conf; int err;

- if (name[0] != '/') - return -EINVAL; - - err = kern_path(name, flags, path); + flags |= LOOKUP_BENEATH; + err = vfs_path_lookup(share_conf->vfs_path.dentry, + share_conf->vfs_path.mnt, + name, + flags, + path); if (!err) return 0;

@@ -1200,11 +1192,10 @@ int ksmbd_vfs_kern_path(char *name, unsigned int flags, struct path *path, return -ENOMEM;

path_len = strlen(filepath); - remain_len = path_len - 1; + remain_len = path_len;

- err = kern_path("/", flags, &parent); - if (err) - goto out; + parent = share_conf->vfs_path; + path_get(&parent);

while (d_can_lookup(parent.dentry)) { char *filename = filepath + path_len - remain_len; @@ -1217,21 +1208,21 @@ int ksmbd_vfs_kern_path(char *name, unsigned int flags, struct path *path,

err = ksmbd_vfs_lookup_in_dir(&parent, filename, filename_len); - if (err) { - path_put(&parent); + path_put(&parent); + if (err) goto out; - }

- path_put(&parent); next[0] = '\0';

- err = kern_path(filepath, flags, &parent); + err = vfs_path_lookup(share_conf->vfs_path.dentry, + share_conf->vfs_path.mnt, + filepath, + flags, + &parent); if (err) goto out; - - if (is_last) { - path->mnt = parent.mnt; - path->dentry = parent.dentry; + else if (is_last) { + *path = parent; goto out; }

@@ -1247,6 +1238,23 @@ int ksmbd_vfs_kern_path(char *name, unsigned int flags, struct path *path, return err; }

+struct dentry *ksmbd_vfs_kern_path_create(struct ksmbd_work *work, + const char *name, + unsigned int flags, + struct path *path) +{ + char *abs_name; + struct dentry *dent; + + abs_name = convert_to_unix_name(work->tcon->share_conf, name); + if (!abs_name) + return ERR_PTR(-ENOMEM); + + dent = kern_path_create(AT_FDCWD, abs_name, path, flags); + kfree(abs_name); + return dent; +} + int ksmbd_vfs_remove_acl_xattrs(struct dentry *dentry) { char *name, *xattr_list = NULL; diff --git a/fs/ksmbd/vfs.h b/fs/ksmbd/vfs.h index 319316f49aee..ef4a89cf0221 100644 --- a/fs/ksmbd/vfs.h +++ b/fs/ksmbd/vfs.h @@ -124,7 +124,7 @@ int ksmbd_vfs_link(struct ksmbd_work *work, int ksmbd_vfs_getattr(struct path *path, struct kstat *stat); int ksmbd_vfs_fp_rename(struct ksmbd_work *work, struct ksmbd_file *fp, char *newname); -int ksmbd_vfs_truncate(struct ksmbd_work *work, const char *name, +int ksmbd_vfs_truncate(struct ksmbd_work *work, struct ksmbd_file *fp, loff_t size); struct srv_copychunk; int ksmbd_vfs_copy_file_ranges(struct ksmbd_work *work, @@ -145,8 +145,13 @@ int ksmbd_vfs_setxattr(struct dentry *dentry, const char *attr_name, int ksmbd_vfs_xattr_stream_name(char *stream_name, char **xattr_stream_name, size_t *xattr_stream_name_size, int s_type); int ksmbd_vfs_remove_xattr(struct dentry *dentry, char *attr_name); -int ksmbd_vfs_kern_path(char *name, unsigned int flags, struct path *path, +int ksmbd_vfs_kern_path(struct ksmbd_work *work, + char *name, unsigned int flags, struct path *path, bool caseless); +struct dentry *ksmbd_vfs_kern_path_create(struct ksmbd_work *work, + const char *name, + unsigned int flags, + struct path *path); int ksmbd_vfs_empty_dir(struct ksmbd_file *fp); void ksmbd_vfs_set_fadvise(struct file *filp, __le32 option); int ksmbd_vfs_zero_data(struct ksmbd_work *work, struct ksmbd_file *fp,

From patchwork Mon Nov 14 12:52:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183315 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:57 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:57 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:56 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 218/308] ksmbd: remove RFC1002 check in smb2 request Date: Mon, 14 Nov 2022 20:52:07 +0800 Message-ID: 20221114125337.1831594-219-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain; charset="UTF-8" X-MS-Exchange-Organization-Network-Message-Id: 1b4fecaf-80ee-4e2a-796c-08dac63c7fd6 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6927731 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Ronnie Sahlberg lsahlber@redhat.com

mainline inclusion from mainline-5.15-rc4 commit 18d46769d54aba03c2c3fa666fe810f264b5d7b8 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/18d46769d54a

-------------------------------

In smb_common.c you have this function : ksmbd_smb_request() which is called from connection.c once you have read the initial 4 bytes for the next length+smb2 blob.

It checks the first byte of this 4 byte preamble for valid values, i.e. a NETBIOSoverTCP SESSION_MESSAGE or a SESSION_KEEP_ALIVE.

We don't need to check this for ksmbd since it only implements SMB2 over TCP port 445. The netbios stuff was only used in very old servers when SMB ran over TCP port 139. Now that we run over TCP port 445, this is actually not a NB header anymore and you can just treat it as a 4 byte length field that must be less than 16Mbyte. and remove the references to the RFC1002 constants that no longer applies.

Cc: Tom Talpey tom@talpey.com Cc: Ronnie Sahlberg ronniesahlberg@gmail.com Cc: Ralph B��hme slow@samba.org Cc: Steve French smfrench@gmail.com Cc: Sergey Senozhatsky senozhatsky@chromium.org Acked-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Ronnie Sahlberg lsahlber@redhat.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb_common.c | 15 +-------------- fs/ksmbd/smb_common.h | 8 -------- 2 files changed, 1 insertion(+), 22 deletions(-)

diff --git a/fs/ksmbd/smb_common.c b/fs/ksmbd/smb_common.c index 7ea15d77d50e..98c22a3abf92 100644 --- a/fs/ksmbd/smb_common.c +++ b/fs/ksmbd/smb_common.c @@ -155,20 +155,7 @@ int ksmbd_verify_smb_message(struct ksmbd_work *work) */ bool ksmbd_smb_request(struct ksmbd_conn *conn) { - int type = *(char *)conn->request_buf; - - switch (type) { - case RFC1002_SESSION_MESSAGE: - /* Regular SMB request */ - return true; - case RFC1002_SESSION_KEEP_ALIVE: - ksmbd_debug(SMB, "RFC 1002 session keep alive\n"); - break; - default: - ksmbd_debug(SMB, "RFC 1002 unknown request type 0x%x\n", type); - } - - return false; + return conn->request_buf[0] == 0; }

static bool supported_protocol(int idx) diff --git a/fs/ksmbd/smb_common.h b/fs/ksmbd/smb_common.h index 0a6af447cc45..994abede27e9 100644 --- a/fs/ksmbd/smb_common.h +++ b/fs/ksmbd/smb_common.h @@ -48,14 +48,6 @@ #define CIFS_DEFAULT_IOSIZE (64 * 1024) #define MAX_CIFS_SMALL_BUFFER_SIZE 448 /* big enough for most */

-/* RFC 1002 session packet types */ -#define RFC1002_SESSION_MESSAGE 0x00 -#define RFC1002_SESSION_REQUEST 0x81 -#define RFC1002_POSITIVE_SESSION_RESPONSE 0x82 -#define RFC1002_NEGATIVE_SESSION_RESPONSE 0x83 -#define RFC1002_RETARGET_SESSION_RESPONSE 0x84 -#define RFC1002_SESSION_KEEP_ALIVE 0x85 - /* Responses when opening a file. */ #define F_SUPERSEDED 0 #define F_OPENED 1

From patchwork Mon Nov 14 12:52:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183316 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:58 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:57 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:57 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 219/308] ksmbd: fix invalid request buffer access in compound Date: Mon, 14 Nov 2022 20:52:08 +0800 Message-ID: 20221114125337.1831594-220-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain; charset="UTF-8" X-MS-Exchange-Organization-Network-Message-Id: 47707e44-a9e0-4afb-e403-08dac63c801e X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7159297 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.15-rc4 commit d72a9c158893d537d769a669a5837bc80b0f851c category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/d72a9c158893

-------------------------------

Ronnie reported invalid request buffer access in chained command when inserting garbage value to NextCommand of compound request. This patch add validation check to avoid this issue.

Cc: Tom Talpey tom@talpey.com Cc: Ronnie Sahlberg ronniesahlberg@gmail.com Cc: Ralph B��hme slow@samba.org Tested-by: Steve French smfrench@gmail.com Reviewed-by: Steve French smfrench@gmail.com Acked-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index bb78a28af101..f124482fcccd 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -459,13 +459,22 @@ static void init_chained_smb2_rsp(struct ksmbd_work *work) bool is_chained_smb2_message(struct ksmbd_work *work) { struct smb2_hdr *hdr = work->request_buf; - unsigned int len; + unsigned int len, next_cmd;

if (hdr->ProtocolId != SMB2_PROTO_NUMBER) return false;

hdr = ksmbd_req_buf_next(work); - if (le32_to_cpu(hdr->NextCommand) > 0) { + next_cmd = le32_to_cpu(hdr->NextCommand); + if (next_cmd > 0) { + if ((u64)work->next_smb2_rcv_hdr_off + next_cmd + + __SMB2_HEADER_STRUCTURE_SIZE > + get_rfc1002_len(work->request_buf)) { + pr_err("next command(%u) offset exceeds smb msg size\n", + next_cmd); + return false; + } + ksmbd_debug(SMB, "got SMB2 chained command\n"); init_chained_smb2_rsp(work); return true;

From patchwork Mon Nov 14 12:52:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183317 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:58 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:58 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:57 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 220/308] ksmbd: fix documentation for 2 functions Date: Mon, 14 Nov 2022 20:52:09 +0800 Message-ID: 20221114125337.1831594-221-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: a1cea009-d32e-4cf7-c234-08dac63c8067 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6798768 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Enzo Matsumiya ematsumiya@suse.de

mainline inclusion from mainline-5.15-rc4 commit 1018bf24550fd0feec14648309a0aeb62401f4dc category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/1018bf24550f

-------------------------------

ksmbd_kthread_fn() and create_socket() returns 0 or error code, and not task_struct/ERR_PTR.

Signed-off-by: Enzo Matsumiya ematsumiya@suse.de Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/transport_tcp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/ksmbd/transport_tcp.c b/fs/ksmbd/transport_tcp.c index dc15a5ecd2e0..c14320e03b69 100644 --- a/fs/ksmbd/transport_tcp.c +++ b/fs/ksmbd/transport_tcp.c @@ -215,7 +215,7 @@ static int ksmbd_tcp_new_connection(struct socket *client_sk) * ksmbd_kthread_fn() - listen to new SMB connections and callback server * @p: arguments to forker thread * - * Return: Returns a task_struct or ERR_PTR + * Return: 0 on success, error number otherwise */ static int ksmbd_kthread_fn(void *p) { @@ -387,7 +387,7 @@ static void tcp_destroy_socket(struct socket *ksmbd_socket) /** * create_socket - create socket for ksmbd/0 * - * Return: Returns a task_struct or ERR_PTR + * Return: 0 on success, error number otherwise */ static int create_socket(struct interface *iface) {

From patchwork Mon Nov 14 12:52:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183318 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:58 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:58 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:58 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 221/308] ksmbd: remove NTLMv1 authentication Date: Mon, 14 Nov 2022 20:52:10 +0800 Message-ID: 20221114125337.1831594-222-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain; charset="UTF-8" X-MS-Exchange-Organization-Network-Message-Id: 1453a236-03ef-4473-54c1-08dac63c80b0 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6991293 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.15-rc4 commit ce812992f239f45e13c820a52455fec6eacbce1e category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/ce812992f239

-------------------------------

Remove insecure NTLMv1 authentication.

Cc: Ronnie Sahlberg ronniesahlberg@gmail.com Cc: Ralph B��hme slow@samba.org Reviewed-by: Tom Talpey tom@talpey.com Acked-by: Steve French smfrench@gmail.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/auth.c | 205 ------------------------------------------ fs/ksmbd/crypto_ctx.c | 16 ---- fs/ksmbd/crypto_ctx.h | 8 -- 3 files changed, 229 deletions(-)

diff --git a/fs/ksmbd/auth.c b/fs/ksmbd/auth.c index de36f12070bf..71c989f1568d 100644 --- a/fs/ksmbd/auth.c +++ b/fs/ksmbd/auth.c @@ -68,125 +68,6 @@ void ksmbd_copy_gss_neg_header(void *buf) memcpy(buf, NEGOTIATE_GSS_HEADER, AUTH_GSS_LENGTH); }

-static void -str_to_key(unsigned char *str, unsigned char *key) -{ - int i; - - key[0] = str[0] >> 1; - key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2); - key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3); - key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4); - key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5); - key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6); - key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7); - key[7] = str[6] & 0x7F; - for (i = 0; i < 8; i++) - key[i] = (key[i] << 1); -} - -static int -smbhash(unsigned char *out, const unsigned char *in, unsigned char *key) -{ - unsigned char key2[8]; - struct des_ctx ctx; - - if (fips_enabled) { - ksmbd_debug(AUTH, "FIPS compliance enabled: DES not permitted\n"); - return -ENOENT; - } - - str_to_key(key, key2); - des_expand_key(&ctx, key2, DES_KEY_SIZE); - des_encrypt(&ctx, out, in); - memzero_explicit(&ctx, sizeof(ctx)); - return 0; -} - -static int ksmbd_enc_p24(unsigned char *p21, const unsigned char *c8, unsigned char *p24) -{ - int rc; - - rc = smbhash(p24, c8, p21); - if (rc) - return rc; - rc = smbhash(p24 + 8, c8, p21 + 7); - if (rc) - return rc; - return smbhash(p24 + 16, c8, p21 + 14); -} - -/* produce a md4 message digest from data of length n bytes */ -static int ksmbd_enc_md4(unsigned char *md4_hash, unsigned char *link_str, - int link_len) -{ - int rc; - struct ksmbd_crypto_ctx *ctx; - - ctx = ksmbd_crypto_ctx_find_md4(); - if (!ctx) { - ksmbd_debug(AUTH, "Crypto md4 allocation error\n"); - return -ENOMEM; - } - - rc = crypto_shash_init(CRYPTO_MD4(ctx)); - if (rc) { - ksmbd_debug(AUTH, "Could not init md4 shash\n"); - goto out; - } - - rc = crypto_shash_update(CRYPTO_MD4(ctx), link_str, link_len); - if (rc) { - ksmbd_debug(AUTH, "Could not update with link_str\n"); - goto out; - } - - rc = crypto_shash_final(CRYPTO_MD4(ctx), md4_hash); - if (rc) - ksmbd_debug(AUTH, "Could not generate md4 hash\n"); -out: - ksmbd_release_crypto_ctx(ctx); - return rc; -} - -static int ksmbd_enc_update_sess_key(unsigned char *md5_hash, char *nonce, - char *server_challenge, int len) -{ - int rc; - struct ksmbd_crypto_ctx *ctx; - - ctx = ksmbd_crypto_ctx_find_md5(); - if (!ctx) { - ksmbd_debug(AUTH, "Crypto md5 allocation error\n"); - return -ENOMEM; - } - - rc = crypto_shash_init(CRYPTO_MD5(ctx)); - if (rc) { - ksmbd_debug(AUTH, "Could not init md5 shash\n"); - goto out; - } - - rc = crypto_shash_update(CRYPTO_MD5(ctx), server_challenge, len); - if (rc) { - ksmbd_debug(AUTH, "Could not update with challenge\n"); - goto out; - } - - rc = crypto_shash_update(CRYPTO_MD5(ctx), nonce, len); - if (rc) { - ksmbd_debug(AUTH, "Could not update with nonce\n"); - goto out; - } - - rc = crypto_shash_final(CRYPTO_MD5(ctx), md5_hash); - if (rc) - ksmbd_debug(AUTH, "Could not generate md5 hash\n"); -out: - ksmbd_release_crypto_ctx(ctx); - return rc; -} - /** * ksmbd_gen_sess_key() - function to generate session key * @sess: session of connection @@ -324,43 +205,6 @@ static int calc_ntlmv2_hash(struct ksmbd_session *sess, char *ntlmv2_hash, return ret; }

-/** - * ksmbd_auth_ntlm() - NTLM authentication handler - * @sess: session of connection - * @pw_buf: NTLM challenge response - * @passkey: user password - * - * Return: 0 on success, error number on error - */ -int ksmbd_auth_ntlm(struct ksmbd_session *sess, char *pw_buf) -{ - int rc; - unsigned char p21[21]; - char key[CIFS_AUTH_RESP_SIZE]; - - memset(p21, '\0', 21); - memcpy(p21, user_passkey(sess->user), CIFS_NTHASH_SIZE); - rc = ksmbd_enc_p24(p21, sess->ntlmssp.cryptkey, key); - if (rc) { - pr_err("password processing failed\n"); - return rc; - } - - ksmbd_enc_md4(sess->sess_key, user_passkey(sess->user), - CIFS_SMB1_SESSKEY_SIZE); - memcpy(sess->sess_key + CIFS_SMB1_SESSKEY_SIZE, key, - CIFS_AUTH_RESP_SIZE); - sess->sequence_number = 1; - - if (strncmp(pw_buf, key, CIFS_AUTH_RESP_SIZE) != 0) { - ksmbd_debug(AUTH, "ntlmv1 authentication failed\n"); - return -EINVAL; - } - - ksmbd_debug(AUTH, "ntlmv1 authentication pass\n"); - return 0; -} - /** * ksmbd_auth_ntlmv2() - NTLMv2 authentication handler * @sess: session of connection @@ -441,44 +285,6 @@ int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2, return rc; }

-/** - * __ksmbd_auth_ntlmv2() - NTLM2(extended security) authentication handler - * @sess: session of connection - * @client_nonce: client nonce from LM response. - * @ntlm_resp: ntlm response data from client. - * - * Return: 0 on success, error number on error - */ -static int __ksmbd_auth_ntlmv2(struct ksmbd_session *sess, char *client_nonce, - char *ntlm_resp) -{ - char sess_key[CIFS_SMB1_SESSKEY_SIZE] = {0}; - int rc; - unsigned char p21[21]; - char key[CIFS_AUTH_RESP_SIZE]; - - rc = ksmbd_enc_update_sess_key(sess_key, - client_nonce, - (char *)sess->ntlmssp.cryptkey, 8); - if (rc) { - pr_err("password processing failed\n"); - goto out; - } - - memset(p21, '\0', 21); - memcpy(p21, user_passkey(sess->user), CIFS_NTHASH_SIZE); - rc = ksmbd_enc_p24(p21, sess_key, key); - if (rc) { - pr_err("password processing failed\n"); - goto out; - } - - if (memcmp(ntlm_resp, key, CIFS_AUTH_RESP_SIZE) != 0) - rc = -EINVAL; -out: - return rc; -} - /** * ksmbd_decode_ntlmssp_auth_blob() - helper function to construct * authenticate blob @@ -512,17 +318,6 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, nt_off = le32_to_cpu(authblob->NtChallengeResponse.BufferOffset); nt_len = le16_to_cpu(authblob->NtChallengeResponse.Length);

- /* process NTLM authentication */ - if (nt_len == CIFS_AUTH_RESP_SIZE) { - if (le32_to_cpu(authblob->NegotiateFlags) & - NTLMSSP_NEGOTIATE_EXTENDED_SEC) - return __ksmbd_auth_ntlmv2(sess, (char *)authblob + - lm_off, (char *)authblob + nt_off); - else - return ksmbd_auth_ntlm(sess, (char *)authblob + - nt_off); - } - /* TODO : use domain name that imported from configuration file */ domain_name = smb_strndup_from_utf16((const char *)authblob + le32_to_cpu(authblob->DomainName.BufferOffset), diff --git a/fs/ksmbd/crypto_ctx.c b/fs/ksmbd/crypto_ctx.c index 5f4b1008d17e..81488d04199d 100644 --- a/fs/ksmbd/crypto_ctx.c +++ b/fs/ksmbd/crypto_ctx.c @@ -81,12 +81,6 @@ static struct shash_desc *alloc_shash_desc(int id) case CRYPTO_SHASH_SHA512: tfm = crypto_alloc_shash("sha512", 0, 0); break; - case CRYPTO_SHASH_MD4: - tfm = crypto_alloc_shash("md4", 0, 0); - break; - case CRYPTO_SHASH_MD5: - tfm = crypto_alloc_shash("md5", 0, 0); - break; default: return NULL; } @@ -214,16 +208,6 @@ struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_sha512(void) return ____crypto_shash_ctx_find(CRYPTO_SHASH_SHA512); }

-struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_md4(void) -{ - return ____crypto_shash_ctx_find(CRYPTO_SHASH_MD4); -} - -struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_md5(void) -{ - return ____crypto_shash_ctx_find(CRYPTO_SHASH_MD5); -} - static struct ksmbd_crypto_ctx *____crypto_aead_ctx_find(int id) { struct ksmbd_crypto_ctx *ctx; diff --git a/fs/ksmbd/crypto_ctx.h b/fs/ksmbd/crypto_ctx.h index ef11154b43df..4a367c62f653 100644 --- a/fs/ksmbd/crypto_ctx.h +++ b/fs/ksmbd/crypto_ctx.h @@ -15,8 +15,6 @@ enum { CRYPTO_SHASH_CMACAES, CRYPTO_SHASH_SHA256, CRYPTO_SHASH_SHA512, - CRYPTO_SHASH_MD4, - CRYPTO_SHASH_MD5, CRYPTO_SHASH_MAX, };

@@ -43,8 +41,6 @@ struct ksmbd_crypto_ctx { #define CRYPTO_CMACAES(c) ((c)->desc[CRYPTO_SHASH_CMACAES]) #define CRYPTO_SHA256(c) ((c)->desc[CRYPTO_SHASH_SHA256]) #define CRYPTO_SHA512(c) ((c)->desc[CRYPTO_SHASH_SHA512]) -#define CRYPTO_MD4(c) ((c)->desc[CRYPTO_SHASH_MD4]) -#define CRYPTO_MD5(c) ((c)->desc[CRYPTO_SHASH_MD5])

#define CRYPTO_HMACMD5_TFM(c) ((c)->desc[CRYPTO_SHASH_HMACMD5]->tfm) #define CRYPTO_HMACSHA256_TFM(c)\ @@ -52,8 +48,6 @@ struct ksmbd_crypto_ctx { #define CRYPTO_CMACAES_TFM(c) ((c)->desc[CRYPTO_SHASH_CMACAES]->tfm) #define CRYPTO_SHA256_TFM(c) ((c)->desc[CRYPTO_SHASH_SHA256]->tfm) #define CRYPTO_SHA512_TFM(c) ((c)->desc[CRYPTO_SHASH_SHA512]->tfm) -#define CRYPTO_MD4_TFM(c) ((c)->desc[CRYPTO_SHASH_MD4]->tfm) -#define CRYPTO_MD5_TFM(c) ((c)->desc[CRYPTO_SHASH_MD5]->tfm)

#define CRYPTO_GCM(c) ((c)->ccmaes[CRYPTO_AEAD_AES_GCM]) #define CRYPTO_CCM(c) ((c)->ccmaes[CRYPTO_AEAD_AES_CCM]) @@ -64,8 +58,6 @@ struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_hmacsha256(void); struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_cmacaes(void); struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_sha512(void); struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_sha256(void); -struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_md4(void); -struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_md5(void); struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_gcm(void); struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_ccm(void); void ksmbd_crypto_destroy(void);

From patchwork Mon Nov 14 12:52:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183319 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:59 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:59 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:58 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 222/308] ksmbd: use correct basic info level in set_file_basic_info() Date: Mon, 14 Nov 2022 20:52:11 +0800 Message-ID: 20221114125337.1831594-223-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 34bf3152-0885-49ac-3d7f-08dac63c80fa X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7094602 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.15-rc4 commit 88d300522cbb2827b679359e98cbadfb46e8226c category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/88d300522cbb

-------------------------------

Use correct basic info level in set/get_file_basic_info().

Reviewed-by: Ralph Boehme slow@samba.org Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 13 ++++++------- fs/ksmbd/smb2pdu.h | 9 +++++++++ 2 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index f124482fcccd..f96aff7f54f4 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -4127,7 +4127,7 @@ static void get_file_access_info(struct smb2_query_info_rsp *rsp, static int get_file_basic_info(struct smb2_query_info_rsp *rsp, struct ksmbd_file *fp, void *rsp_org) { - struct smb2_file_all_info *basic_info; + struct smb2_file_basic_info *basic_info; struct kstat stat; u64 time;

@@ -4137,7 +4137,7 @@ static int get_file_basic_info(struct smb2_query_info_rsp *rsp, return -EACCES; }

- basic_info = (struct smb2_file_all_info *)rsp->Buffer; + basic_info = (struct smb2_file_basic_info *)rsp->Buffer; generic_fillattr(file_inode(fp->filp), &stat); basic_info->CreationTime = cpu_to_le64(fp->create_time); time = ksmbd_UnixTimeToNT(stat.atime); @@ -4149,9 +4149,8 @@ static int get_file_basic_info(struct smb2_query_info_rsp *rsp, basic_info->Attributes = fp->f_ci->m_fattr; basic_info->Pad1 = 0; rsp->OutputBufferLength = - cpu_to_le32(offsetof(struct smb2_file_all_info, AllocationSize)); - inc_rfc1001_len(rsp_org, offsetof(struct smb2_file_all_info, - AllocationSize)); + cpu_to_le32(sizeof(struct smb2_file_basic_info)); + inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_basic_info)); return 0; }

@@ -5367,7 +5366,7 @@ static int smb2_create_link(struct ksmbd_work *work, static int set_file_basic_info(struct ksmbd_file *fp, char *buf, struct ksmbd_share_config *share) { - struct smb2_file_all_info *file_info; + struct smb2_file_basic_info *file_info; struct iattr attrs; struct timespec64 ctime; struct file *filp; @@ -5377,7 +5376,7 @@ static int set_file_basic_info(struct ksmbd_file *fp, char *buf, if (!(fp->daccess & FILE_WRITE_ATTRIBUTES_LE)) return -EACCES;

- file_info = (struct smb2_file_all_info *)buf; + file_info = (struct smb2_file_basic_info *)buf; attrs.ia_valid = 0; filp = fp->filp; inode = file_inode(filp); diff --git a/fs/ksmbd/smb2pdu.h b/fs/ksmbd/smb2pdu.h index bcec845b03f3..261825d06391 100644 --- a/fs/ksmbd/smb2pdu.h +++ b/fs/ksmbd/smb2pdu.h @@ -1464,6 +1464,15 @@ struct smb2_file_all_info { /* data block encoding of response to level 18 */ char FileName[1]; } __packed; /* level 18 Query */

+struct smb2_file_basic_info { /* data block encoding of response to level 18 */ + __le64 CreationTime; /* Beginning of FILE_BASIC_INFO equivalent */ + __le64 LastAccessTime; + __le64 LastWriteTime; + __le64 ChangeTime; + __le32 Attributes; + __u32 Pad1; /* End of FILE_BASIC_INFO_INFO equivalent */ +} __packed; + struct smb2_file_alt_name_info { __le32 FileNameLength; char FileName[0];

From patchwork Mon Nov 14 12:52:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183320 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:33:59 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:59 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:59 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 223/308] ksmbd: add request buffer validation in smb2_set_info Date: Mon, 14 Nov 2022 20:52:12 +0800 Message-ID: 20221114125337.1831594-224-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain; charset="UTF-8" X-MS-Exchange-Organization-Network-Message-Id: 25125c33-316e-4fb3-1bcf-08dac63c8143 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6815507 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.15-rc4 commit 9496e268e3af78a92778bf635488a8ec2dca8996 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/9496e268e3af

-------------------------------

Add buffer validation in smb2_set_info, and remove unused variable in set_file_basic_info. and smb2_set_info infolevel functions take structure pointer argument.

Cc: Tom Talpey tom@talpey.com Cc: Ronnie Sahlberg ronniesahlberg@gmail.com Cc: Ralph B��hme slow@samba.org Cc: Sergey Senozhatsky senozhatsky@chromium.org Acked-by: Hyunchul Lee hyc.lee@gmail.com Reviewed-by: Ralph Boehme slow@samba.org Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 149 ++++++++++++++++++++++++++++++++------------- 1 file changed, 107 insertions(+), 42 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index f96aff7f54f4..7ce7fa898a42 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -2102,15 +2102,21 @@ static noinline int create_smb2_pipe(struct ksmbd_work *work) * smb2_set_ea() - handler for setting extended attributes using set * info command * @eabuf: set info command buffer + * @buf_len: set info command buffer length * @path: dentry path for get ea * * Return: 0 on success, otherwise error */ -static int smb2_set_ea(struct smb2_ea_info *eabuf, struct path *path) +static int smb2_set_ea(struct smb2_ea_info *eabuf, unsigned int buf_len, + struct path *path) { char *attr_name = NULL, *value; int rc = 0; - int next = 0; + unsigned int next = 0; + + if (buf_len < sizeof(struct smb2_ea_info) + eabuf->EaNameLength + + le16_to_cpu(eabuf->EaValueLength)) + return -EINVAL;

attr_name = kmalloc(XATTR_NAME_MAX + 1, GFP_KERNEL); if (!attr_name) @@ -2172,7 +2178,13 @@ static int smb2_set_ea(struct smb2_ea_info *eabuf, struct path *path)

next: next = le32_to_cpu(eabuf->NextEntryOffset); + if (next == 0 || buf_len < next) + break; + buf_len -= next; eabuf = (struct smb2_ea_info *)((char *)eabuf + next); + if (next < (u32)eabuf->EaNameLength + le16_to_cpu(eabuf->EaValueLength)) + break; + } while (next != 0);

kfree(attr_name); @@ -2738,7 +2750,15 @@ int smb2_open(struct ksmbd_work *work)

created = true; if (ea_buf) { - rc = smb2_set_ea(&ea_buf->ea, &path); + if (le32_to_cpu(ea_buf->ccontext.DataLength) < + sizeof(struct smb2_ea_info)) { + rc = -EINVAL; + goto err_out; + } + + rc = smb2_set_ea(&ea_buf->ea, + le32_to_cpu(ea_buf->ccontext.DataLength), + &path); if (rc == -EOPNOTSUPP) rc = 0; else if (rc) @@ -5296,7 +5316,7 @@ static int smb2_rename(struct ksmbd_work *work, struct ksmbd_file *fp, static int smb2_create_link(struct ksmbd_work *work, struct ksmbd_share_config *share, struct smb2_file_link_info *file_info, - struct file *filp, + unsigned int buf_len, struct file *filp, struct nls_table *local_nls) { char *link_name = NULL, *target_name = NULL, *pathname = NULL; @@ -5304,6 +5324,10 @@ static int smb2_create_link(struct ksmbd_work *work, bool file_present = true; int rc;

+ if (buf_len < (u64)sizeof(struct smb2_file_link_info) + + le32_to_cpu(file_info->FileNameLength)) + return -EINVAL; + ksmbd_debug(SMB, "setting FILE_LINK_INFORMATION\n"); pathname = kmalloc(PATH_MAX, GFP_KERNEL); if (!pathname) @@ -5363,10 +5387,10 @@ static int smb2_create_link(struct ksmbd_work *work, return rc; }

-static int set_file_basic_info(struct ksmbd_file *fp, char *buf, +static int set_file_basic_info(struct ksmbd_file *fp, + struct smb2_file_basic_info *file_info, struct ksmbd_share_config *share) { - struct smb2_file_basic_info *file_info; struct iattr attrs; struct timespec64 ctime; struct file *filp; @@ -5376,7 +5400,6 @@ static int set_file_basic_info(struct ksmbd_file *fp, char *buf, if (!(fp->daccess & FILE_WRITE_ATTRIBUTES_LE)) return -EACCES;

- file_info = (struct smb2_file_basic_info *)buf; attrs.ia_valid = 0; filp = fp->filp; inode = file_inode(filp); @@ -5451,7 +5474,8 @@ static int set_file_basic_info(struct ksmbd_file *fp, char *buf, }

static int set_file_allocation_info(struct ksmbd_work *work, - struct ksmbd_file *fp, char *buf) + struct ksmbd_file *fp, + struct smb2_file_alloc_info *file_alloc_info) { /* * TODO : It's working fine only when store dos attributes @@ -5459,7 +5483,6 @@ static int set_file_allocation_info(struct ksmbd_work *work, * properly with any smb.conf option */

- struct smb2_file_alloc_info *file_alloc_info; loff_t alloc_blks; struct inode *inode; int rc; @@ -5467,7 +5490,6 @@ static int set_file_allocation_info(struct ksmbd_work *work, if (!(fp->daccess & FILE_WRITE_DATA_LE)) return -EACCES;

- file_alloc_info = (struct smb2_file_alloc_info *)buf; alloc_blks = (le64_to_cpu(file_alloc_info->AllocationSize) + 511) >> 9; inode = file_inode(fp->filp);

@@ -5503,9 +5525,8 @@ static int set_file_allocation_info(struct ksmbd_work *work, }

static int set_end_of_file_info(struct ksmbd_work *work, struct ksmbd_file *fp, - char *buf) + struct smb2_file_eof_info *file_eof_info) { - struct smb2_file_eof_info *file_eof_info; loff_t newsize; struct inode *inode; int rc; @@ -5513,7 +5534,6 @@ static int set_end_of_file_info(struct ksmbd_work *work, struct ksmbd_file *fp, if (!(fp->daccess & FILE_WRITE_DATA_LE)) return -EACCES;

- file_eof_info = (struct smb2_file_eof_info *)buf; newsize = le64_to_cpu(file_eof_info->EndOfFile); inode = file_inode(fp->filp);

@@ -5540,7 +5560,8 @@ static int set_end_of_file_info(struct ksmbd_work *work, struct ksmbd_file *fp, }

static int set_rename_info(struct ksmbd_work *work, struct ksmbd_file *fp, - char *buf) + struct smb2_file_rename_info *rename_info, + unsigned int buf_len) { struct ksmbd_file *parent_fp; struct dentry *parent; @@ -5552,6 +5573,10 @@ static int set_rename_info(struct ksmbd_work *work, struct ksmbd_file *fp, return -EACCES; }

+ if (buf_len < (u64)sizeof(struct smb2_file_rename_info) + + le32_to_cpu(rename_info->FileNameLength)) + return -EINVAL; + if (ksmbd_stream_fd(fp)) goto next;

@@ -5573,14 +5598,13 @@ static int set_rename_info(struct ksmbd_work *work, struct ksmbd_file *fp, } } next: - return smb2_rename(work, fp, - (struct smb2_file_rename_info *)buf, + return smb2_rename(work, fp, rename_info, work->sess->conn->local_nls); }

-static int set_file_disposition_info(struct ksmbd_file *fp, char *buf) +static int set_file_disposition_info(struct ksmbd_file *fp, + struct smb2_file_disposition_info *file_info) { - struct smb2_file_disposition_info *file_info; struct inode *inode;

if (!(fp->daccess & FILE_DELETE_LE)) { @@ -5589,7 +5613,6 @@ static int set_file_disposition_info(struct ksmbd_file *fp, char *buf) }

inode = file_inode(fp->filp); - file_info = (struct smb2_file_disposition_info *)buf; if (file_info->DeletePending) { if (S_ISDIR(inode->i_mode) && ksmbd_vfs_empty_dir(fp) == -ENOTEMPTY) @@ -5601,15 +5624,14 @@ static int set_file_disposition_info(struct ksmbd_file *fp, char *buf) return 0; }

-static int set_file_position_info(struct ksmbd_file *fp, char *buf) +static int set_file_position_info(struct ksmbd_file *fp, + struct smb2_file_pos_info *file_info) { - struct smb2_file_pos_info *file_info; loff_t current_byte_offset; unsigned long sector_size; struct inode *inode;

inode = file_inode(fp->filp); - file_info = (struct smb2_file_pos_info *)buf; current_byte_offset = le64_to_cpu(file_info->CurrentByteOffset); sector_size = inode->i_sb->s_blocksize;

@@ -5625,12 +5647,11 @@ static int set_file_position_info(struct ksmbd_file *fp, char *buf) return 0; }

-static int set_file_mode_info(struct ksmbd_file *fp, char *buf) +static int set_file_mode_info(struct ksmbd_file *fp, + struct smb2_file_mode_info *file_info) { - struct smb2_file_mode_info *file_info; __le32 mode;

- file_info = (struct smb2_file_mode_info *)buf; mode = file_info->Mode;

if ((mode & ~FILE_MODE_INFO_MASK) || @@ -5660,40 +5681,74 @@ static int set_file_mode_info(struct ksmbd_file *fp, char *buf) * TODO: need to implement an error handling for STATUS_INFO_LENGTH_MISMATCH */ static int smb2_set_info_file(struct ksmbd_work *work, struct ksmbd_file *fp, - int info_class, char *buf, + struct smb2_set_info_req *req, struct ksmbd_share_config *share) { - switch (info_class) { + unsigned int buf_len = le32_to_cpu(req->BufferLength); + + switch (req->FileInfoClass) { case FILE_BASIC_INFORMATION: - return set_file_basic_info(fp, buf, share); + { + if (buf_len < sizeof(struct smb2_file_basic_info)) + return -EINVAL;

+ return set_file_basic_info(fp, (struct smb2_file_basic_info *)req->Buffer, share); + } case FILE_ALLOCATION_INFORMATION: - return set_file_allocation_info(work, fp, buf); + { + if (buf_len < sizeof(struct smb2_file_alloc_info)) + return -EINVAL;

+ return set_file_allocation_info(work, fp, + (struct smb2_file_alloc_info *)req->Buffer); + } case FILE_END_OF_FILE_INFORMATION: - return set_end_of_file_info(work, fp, buf); + { + if (buf_len < sizeof(struct smb2_file_eof_info)) + return -EINVAL;

+ return set_end_of_file_info(work, fp, + (struct smb2_file_eof_info *)req->Buffer); + } case FILE_RENAME_INFORMATION: + { if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { ksmbd_debug(SMB, "User does not have write permission\n"); return -EACCES; } - return set_rename_info(work, fp, buf);

+ if (buf_len < sizeof(struct smb2_file_rename_info)) + return -EINVAL; + + return set_rename_info(work, fp, + (struct smb2_file_rename_info *)req->Buffer, + buf_len); + } case FILE_LINK_INFORMATION: + { + if (buf_len < sizeof(struct smb2_file_link_info)) + return -EINVAL; + return smb2_create_link(work, work->tcon->share_conf, - (struct smb2_file_link_info *)buf, fp->filp, + (struct smb2_file_link_info *)req->Buffer, + buf_len, fp->filp, work->sess->conn->local_nls); - + } case FILE_DISPOSITION_INFORMATION: + { if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { ksmbd_debug(SMB, "User does not have write permission\n"); return -EACCES; } - return set_file_disposition_info(fp, buf);

+ if (buf_len < sizeof(struct smb2_file_disposition_info)) + return -EINVAL; + + return set_file_disposition_info(fp, + (struct smb2_file_disposition_info *)req->Buffer); + } case FILE_FULL_EA_INFORMATION: { if (!(fp->daccess & FILE_WRITE_EA_LE)) { @@ -5702,18 +5757,29 @@ static int smb2_set_info_file(struct ksmbd_work *work, struct ksmbd_file *fp, return -EACCES; }

- return smb2_set_ea((struct smb2_ea_info *)buf, - &fp->filp->f_path); - } + if (buf_len < sizeof(struct smb2_ea_info)) + return -EINVAL;

+ return smb2_set_ea((struct smb2_ea_info *)req->Buffer, + buf_len, &fp->filp->f_path); + } case FILE_POSITION_INFORMATION: - return set_file_position_info(fp, buf); + { + if (buf_len < sizeof(struct smb2_file_pos_info)) + return -EINVAL;

+ return set_file_position_info(fp, (struct smb2_file_pos_info *)req->Buffer); + } case FILE_MODE_INFORMATION: - return set_file_mode_info(fp, buf); + { + if (buf_len < sizeof(struct smb2_file_mode_info)) + return -EINVAL; + + return set_file_mode_info(fp, (struct smb2_file_mode_info *)req->Buffer); + } }

- pr_err("Unimplemented Fileinfoclass :%d\n", info_class); + pr_err("Unimplemented Fileinfoclass :%d\n", req->FileInfoClass); return -EOPNOTSUPP; }

@@ -5774,8 +5840,7 @@ int smb2_set_info(struct ksmbd_work *work) switch (req->InfoType) { case SMB2_O_INFO_FILE: ksmbd_debug(SMB, "GOT SMB2_O_INFO_FILE\n"); - rc = smb2_set_info_file(work, fp, req->FileInfoClass, - req->Buffer, work->tcon->share_conf); + rc = smb2_set_info_file(work, fp, req, work->tcon->share_conf); break; case SMB2_O_INFO_SECURITY: ksmbd_debug(SMB, "GOT SMB2_O_INFO_SECURITY\n");

From patchwork Mon Nov 14 12:52:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183321 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:00 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:00 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:33:59 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 224/308] ksmbd: add validation in smb2 negotiate Date: Mon, 14 Nov 2022 20:52:13 +0800 Message-ID: 20221114125337.1831594-225-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain; charset="UTF-8" X-MS-Exchange-Organization-Network-Message-Id: 464f98c4-e4cc-46f1-6bbf-08dac63c818c X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6886603 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.15-rc4 commit 442ff9ebeb0129e90483356f3d79c732e632a7a6 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/442ff9ebeb01

-------------------------------

This patch add validation to check request buffer check in smb2 negotiate and fix null pointer deferencing oops in smb3_preauth_hash_rsp() that found from manual test.

Cc: Tom Talpey tom@talpey.com Cc: Ronnie Sahlberg ronniesahlberg@gmail.com Cc: Ralph B��hme slow@samba.org Cc: Hyunchul Lee hyc.lee@gmail.com Cc: Sergey Senozhatsky senozhatsky@chromium.org Reviewed-by: Ralph Boehme slow@samba.org Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 42 +++++++++++++++++++++++++++++++++++++++++- fs/ksmbd/smb_common.c | 32 +++++++++++++++++++++++++++----- 2 files changed, 68 insertions(+), 6 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 7ce7fa898a42..00dcd10a9d69 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -1067,6 +1067,7 @@ int smb2_handle_negotiate(struct ksmbd_work *work) struct smb2_negotiate_req *req = work->request_buf; struct smb2_negotiate_rsp *rsp = work->response_buf; int rc = 0; + unsigned int smb2_buf_len, smb2_neg_size; __le32 status;

ksmbd_debug(SMB, "Received negotiate request\n"); @@ -1084,6 +1085,44 @@ int smb2_handle_negotiate(struct ksmbd_work *work) goto err_out; }

+ smb2_buf_len = get_rfc1002_len(work->request_buf); + smb2_neg_size = offsetof(struct smb2_negotiate_req, Dialects) - 4; + if (smb2_neg_size > smb2_buf_len) { + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + rc = -EINVAL; + goto err_out; + } + + if (conn->dialect == SMB311_PROT_ID) { + unsigned int nego_ctxt_off = le32_to_cpu(req->NegotiateContextOffset); + + if (smb2_buf_len < nego_ctxt_off) { + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + rc = -EINVAL; + goto err_out; + } + + if (smb2_neg_size > nego_ctxt_off) { + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + rc = -EINVAL; + goto err_out; + } + + if (smb2_neg_size + le16_to_cpu(req->DialectCount) * sizeof(__le16) > + nego_ctxt_off) { + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + rc = -EINVAL; + goto err_out; + } + } else { + if (smb2_neg_size + le16_to_cpu(req->DialectCount) * sizeof(__le16) > + smb2_buf_len) { + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + rc = -EINVAL; + goto err_out; + } + } + conn->cli_cap = le32_to_cpu(req->Capabilities); switch (conn->dialect) { case SMB311_PROT_ID: @@ -8190,7 +8229,8 @@ void smb3_preauth_hash_rsp(struct ksmbd_work *work)

WORK_BUFFERS(work, req, rsp);

- if (le16_to_cpu(req->Command) == SMB2_NEGOTIATE_HE) + if (le16_to_cpu(req->Command) == SMB2_NEGOTIATE_HE && + conn->preauth_info) ksmbd_gen_preauth_integrity_hash(conn, (char *)rsp, conn->preauth_info->Preauth_HashValue);

diff --git a/fs/ksmbd/smb_common.c b/fs/ksmbd/smb_common.c index 98c22a3abf92..02f17d5b8656 100644 --- a/fs/ksmbd/smb_common.c +++ b/fs/ksmbd/smb_common.c @@ -169,10 +169,12 @@ static bool supported_protocol(int idx) idx <= server_conf.max_protocol); }

-static char *next_dialect(char *dialect, int *next_off) +static char *next_dialect(char *dialect, int *next_off, int bcount) { dialect = dialect + *next_off; - *next_off = strlen(dialect); + *next_off = strnlen(dialect, bcount); + if (dialect[*next_off] != '\0') + return NULL; return dialect; }

@@ -187,7 +189,9 @@ static int ksmbd_lookup_dialect_by_name(char *cli_dialects, __le16 byte_count) dialect = cli_dialects; bcount = le16_to_cpu(byte_count); do { - dialect = next_dialect(dialect, &next); + dialect = next_dialect(dialect, &next, bcount); + if (!dialect) + break; ksmbd_debug(SMB, "client requested dialect %s\n", dialect); if (!strcmp(dialect, smb1_protos[i].name)) { @@ -235,13 +239,22 @@ int ksmbd_lookup_dialect_by_id(__le16 *cli_dialects, __le16 dialects_count)

static int ksmbd_negotiate_smb_dialect(void *buf) { - __le32 proto; + int smb_buf_length = get_rfc1002_len(buf); + __le32 proto = ((struct smb2_hdr *)buf)->ProtocolId;

- proto = ((struct smb2_hdr *)buf)->ProtocolId; if (proto == SMB2_PROTO_NUMBER) { struct smb2_negotiate_req *req; + int smb2_neg_size = + offsetof(struct smb2_negotiate_req, Dialects) - 4;

req = (struct smb2_negotiate_req *)buf; + if (smb2_neg_size > smb_buf_length) + goto err_out; + + if (smb2_neg_size + le16_to_cpu(req->DialectCount) * sizeof(__le16) > + smb_buf_length) + goto err_out; + return ksmbd_lookup_dialect_by_id(req->Dialects, req->DialectCount); } @@ -251,10 +264,19 @@ static int ksmbd_negotiate_smb_dialect(void *buf) struct smb_negotiate_req *req;

req = (struct smb_negotiate_req *)buf; + if (le16_to_cpu(req->ByteCount) < 2) + goto err_out; + + if (offsetof(struct smb_negotiate_req, DialectsArray) - 4 + + le16_to_cpu(req->ByteCount) > smb_buf_length) { + goto err_out; + } + return ksmbd_lookup_dialect_by_name(req->DialectsArray, req->ByteCount); }

+err_out: return BAD_PROT_ID; }

From patchwork Mon Nov 14 12:52:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183322 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:00 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:00 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:00 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 225/308] ksmbd: add buffer validation for SMB2_CREATE_CONTEXT Date: Mon, 14 Nov 2022 20:52:14 +0800 Message-ID: 20221114125337.1831594-226-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: d588bcc5-5c42-430e-4a1d-08dac63c81d5 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6647644 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc4 commit 8f77150c15f87796570125a43509f9a81a3d9e49 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/8f77150c15f8

-------------------------------

Add buffer validation for SMB2_CREATE_CONTEXT.

Cc: Ronnie Sahlberg ronniesahlberg@gmail.com Reviewed-by: Ralph Boehme slow@samba.org Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/oplock.c | 41 +++++++++++++++++++++++++++++++---------- fs/ksmbd/smb2pdu.c | 25 ++++++++++++++++++++++++- fs/ksmbd/smbacl.c | 21 +++++++++++++++++++-- 3 files changed, 74 insertions(+), 13 deletions(-)

diff --git a/fs/ksmbd/oplock.c b/fs/ksmbd/oplock.c index 8bb62aae6e32..95e8c53a5cf3 100644 --- a/fs/ksmbd/oplock.c +++ b/fs/ksmbd/oplock.c @@ -1451,26 +1451,47 @@ struct lease_ctx_info *parse_lease_state(void *open_req) */ struct create_context *smb2_find_context_vals(void *open_req, const char *tag) { - char *data_offset; struct create_context *cc; unsigned int next = 0; char *name; struct smb2_create_req *req = (struct smb2_create_req *)open_req; + unsigned int remain_len, name_off, name_len, value_off, value_len, + cc_len;

- data_offset = (char *)req + 4 + le32_to_cpu(req->CreateContextsOffset); - cc = (struct create_context *)data_offset; + /* + * CreateContextsOffset and CreateContextsLength are guaranteed to + * be valid because of ksmbd_smb2_check_message(). + */ + cc = (struct create_context *)((char *)req + 4 + + le32_to_cpu(req->CreateContextsOffset)); + remain_len = le32_to_cpu(req->CreateContextsLength); do { - int val; - cc = (struct create_context *)((char *)cc + next); - name = le16_to_cpu(cc->NameOffset) + (char *)cc; - val = le16_to_cpu(cc->NameLength); - if (val < 4) + if (remain_len < offsetof(struct create_context, Buffer)) return ERR_PTR(-EINVAL);

- if (memcmp(name, tag, val) == 0) - return cc; next = le32_to_cpu(cc->Next); + name_off = le16_to_cpu(cc->NameOffset); + name_len = le16_to_cpu(cc->NameLength); + value_off = le16_to_cpu(cc->DataOffset); + value_len = le32_to_cpu(cc->DataLength); + cc_len = next ? next : remain_len; + + if ((next & 0x7) != 0 || + next > remain_len || + name_off != offsetof(struct create_context, Buffer) || + name_len < 4 || + name_off + name_len > cc_len || + (value_off & 0x7) != 0 || + (value_off && (value_off < name_off + name_len)) || + ((u64)value_off + value_len > cc_len)) + return ERR_PTR(-EINVAL); + + name = (char *)cc + name_off; + if (memcmp(name, tag, name_len) == 0) + return cc; + + remain_len -= next; } while (next != 0);

return NULL; diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 00dcd10a9d69..67a14c2a1262 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -2417,6 +2417,10 @@ static int smb2_create_sd_buffer(struct ksmbd_work *work, ksmbd_debug(SMB, "Set ACLs using SMB2_CREATE_SD_BUFFER context\n"); sd_buf = (struct create_sd_buf_req *)context; + if (le16_to_cpu(context->DataOffset) + + le32_to_cpu(context->DataLength) < + sizeof(struct create_sd_buf_req)) + return -EINVAL; return set_info_sec(work->conn, work->tcon, path, &sd_buf->ntsd, le32_to_cpu(sd_buf->ccontext.DataLength), true); } @@ -2605,6 +2609,12 @@ int smb2_open(struct ksmbd_work *work) goto err_out1; } else if (context) { ea_buf = (struct create_ea_buf_req *)context; + if (le16_to_cpu(context->DataOffset) + + le32_to_cpu(context->DataLength) < + sizeof(struct create_ea_buf_req)) { + rc = -EINVAL; + goto err_out1; + } if (req->CreateOptions & FILE_NO_EA_KNOWLEDGE_LE) { rsp->hdr.Status = STATUS_ACCESS_DENIED; rc = -EACCES; @@ -2643,6 +2653,12 @@ int smb2_open(struct ksmbd_work *work) } else if (context) { struct create_posix *posix = (struct create_posix *)context; + if (le16_to_cpu(context->DataOffset) + + le32_to_cpu(context->DataLength) < + sizeof(struct create_posix)) { + rc = -EINVAL; + goto err_out1; + } ksmbd_debug(SMB, "get posix context\n");

posix_mode = le32_to_cpu(posix->Mode); @@ -3023,9 +3039,16 @@ int smb2_open(struct ksmbd_work *work) rc = PTR_ERR(az_req); goto err_out; } else if (az_req) { - loff_t alloc_size = le64_to_cpu(az_req->AllocationSize); + loff_t alloc_size; int err;

+ if (le16_to_cpu(az_req->ccontext.DataOffset) + + le32_to_cpu(az_req->ccontext.DataLength) < + sizeof(struct create_alloc_size_req)) { + rc = -EINVAL; + goto err_out; + } + alloc_size = le64_to_cpu(az_req->AllocationSize); ksmbd_debug(SMB, "request smb2 create allocate size : %llu\n", alloc_size); diff --git a/fs/ksmbd/smbacl.c b/fs/ksmbd/smbacl.c index 321676a74b48..40a1e7bc9f16 100644 --- a/fs/ksmbd/smbacl.c +++ b/fs/ksmbd/smbacl.c @@ -368,7 +368,7 @@ static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl, { int i, ret; int num_aces = 0; - int acl_size; + unsigned int acl_size; char *acl_base; struct smb_ace **ppace; struct posix_acl_entry *cf_pace, *cf_pdace; @@ -380,7 +380,7 @@ static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl, return;

/* validate that we do not go past end of acl */ - if (end_of_acl <= (char *)pdacl || + if (end_of_acl < (char *)pdacl + sizeof(struct smb_acl) || end_of_acl < (char *)pdacl + le16_to_cpu(pdacl->size)) { pr_err("ACL too small to parse DACL\n"); return; @@ -419,8 +419,22 @@ static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl, * user/group/other have no permissions */ for (i = 0; i < num_aces; ++i) { + if (end_of_acl - acl_base < acl_size) + break; + ppace[i] = (struct smb_ace *)(acl_base + acl_size); acl_base = (char *)ppace[i]; + acl_size = offsetof(struct smb_ace, sid) + + offsetof(struct smb_sid, sub_auth); + + if (end_of_acl - acl_base < acl_size || + ppace[i]->sid.num_subauth > SID_MAX_SUB_AUTHORITIES || + (end_of_acl - acl_base < + acl_size + sizeof(__le32) * ppace[i]->sid.num_subauth) || + (le16_to_cpu(ppace[i]->size) < + acl_size + sizeof(__le32) * ppace[i]->sid.num_subauth)) + break; + acl_size = le16_to_cpu(ppace[i]->size); ppace[i]->access_req = smb_map_generic_desired_access(ppace[i]->access_req); @@ -782,6 +796,9 @@ int parse_sec_desc(struct smb_ntsd *pntsd, int acl_len, if (!pntsd) return -EIO;

+ if (acl_len < sizeof(struct smb_ntsd)) + return -EINVAL; + owner_sid_ptr = (struct smb_sid *)((char *)pntsd + le32_to_cpu(pntsd->osidoffset)); group_sid_ptr = (struct smb_sid *)((char *)pntsd +

From patchwork Mon Nov 14 12:52:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183323 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:01 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:01 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:00 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 226/308] ksmbd: fix transform header validation Date: Mon, 14 Nov 2022 20:52:15 +0800 Message-ID: 20221114125337.1831594-227-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain; charset="UTF-8" X-MS-Exchange-Organization-Network-Message-Id: ea43fd7c-cae2-420d-dc51-08dac63c821d X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6517898 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.15-rc4 commit 4227f811cdeb4d85db91ea6b9adf9ac049cec12e category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/4227f811cdeb

-------------------------------

Validate that the transform and smb request headers are present before checking OriginalMessageSize and SessionId fields.

Cc: Ronnie Sahlberg ronniesahlberg@gmail.com Cc: Ralph B��hme slow@samba.org Cc: Sergey Senozhatsky senozhatsky@chromium.org Reviewed-by: Tom Talpey tom@talpey.com Acked-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 67a14c2a1262..525089577d3b 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -8360,16 +8360,8 @@ int smb3_decrypt_req(struct ksmbd_work *work) unsigned int buf_data_size = pdu_length + 4 - sizeof(struct smb2_transform_hdr); struct smb2_transform_hdr *tr_hdr = (struct smb2_transform_hdr *)buf; - unsigned int orig_len = le32_to_cpu(tr_hdr->OriginalMessageSize); int rc = 0;

- sess = ksmbd_session_lookup_all(conn, le64_to_cpu(tr_hdr->SessionId)); - if (!sess) { - pr_err("invalid session id(%llx) in transform header\n", - le64_to_cpu(tr_hdr->SessionId)); - return -ECONNABORTED; - } - if (pdu_length + 4 < sizeof(struct smb2_transform_hdr) + sizeof(struct smb2_hdr)) { pr_err("Transform message is too small (%u)\n", @@ -8377,11 +8369,19 @@ int smb3_decrypt_req(struct ksmbd_work *work) return -ECONNABORTED; }

- if (pdu_length + 4 < orig_len + sizeof(struct smb2_transform_hdr)) { + if (pdu_length + 4 < + le32_to_cpu(tr_hdr->OriginalMessageSize) + sizeof(struct smb2_transform_hdr)) { pr_err("Transform message is broken\n"); return -ECONNABORTED; }

+ sess = ksmbd_session_lookup_all(conn, le64_to_cpu(tr_hdr->SessionId)); + if (!sess) { + pr_err("invalid session id(%llx) in transform header\n", + le64_to_cpu(tr_hdr->SessionId)); + return -ECONNABORTED; + } + iov[0].iov_base = buf; iov[0].iov_len = sizeof(struct smb2_transform_hdr); iov[1].iov_base = buf + sizeof(struct smb2_transform_hdr);

From patchwork Mon Nov 14 12:52:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183324 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:01 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:01 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:01 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 227/308] ksmbd: missing check for NULL in convert_to_nt_pathname() Date: Mon, 14 Nov 2022 20:52:16 +0800 Message-ID: 20221114125337.1831594-228-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: e48c5b5b-1672-4963-fb60-08dac63c8265 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6699282 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Dan Carpenter dan.carpenter@oracle.com

mainline inclusion from mainline-5.15-rc4 commit 87ffb310d5e8a441721a9d04dfa7c90cd9da3916 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/87ffb310d5e8

-------------------------------

The kmalloc() does not have a NULL check. This code can be re-written slightly cleaner to just use the kstrdup().

Fixes: 265fd1991c1d ("ksmbd: use LOOKUP_BENEATH to prevent the out of share access") Signed-off-by: Dan Carpenter dan.carpenter@oracle.com Acked-by: Namjae Jeon linkinjeon@kernel.org Acked-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/misc.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/fs/ksmbd/misc.c b/fs/ksmbd/misc.c index 6a19f4bc692d..60e7ac62c917 100644 --- a/fs/ksmbd/misc.c +++ b/fs/ksmbd/misc.c @@ -162,17 +162,14 @@ char *convert_to_nt_pathname(char *filename) { char *ab_pathname;

- if (strlen(filename) == 0) { - ab_pathname = kmalloc(2, GFP_KERNEL); - ab_pathname[0] = '\'; - ab_pathname[1] = '\0'; - } else { - ab_pathname = kstrdup(filename, GFP_KERNEL); - if (!ab_pathname) - return NULL; + if (strlen(filename) == 0) + filename = "\";

- ksmbd_conv_path_to_windows(ab_pathname); - } + ab_pathname = kstrdup(filename, GFP_KERNEL); + if (!ab_pathname) + return NULL; + + ksmbd_conv_path_to_windows(ab_pathname); return ab_pathname; }

From patchwork Mon Nov 14 12:52:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183325 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:02 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:02 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:01 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 228/308] ksmbd: add the check to vaildate if stream protocol length exceeds maximum value Date: Mon, 14 Nov 2022 20:52:17 +0800 Message-ID: 20221114125337.1831594-229-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain; charset="UTF-8" X-MS-Exchange-Organization-Network-Message-Id: bd439118-7db3-45bc-4b9f-08dac63c82af X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6850454 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.15-rc5 commit 363999901116ffa9a5462215fef25ea9c7f2823c category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/363999901116

-------------------------------

This patch add MAX_STREAM_PROT_LEN macro and check if stream protocol length exceeds maximum value. opencode pdu size check in ksmbd_pdu_size_has_room().

Cc: Tom Talpey tom@talpey.com Cc: Ronnie Sahlberg ronniesahlberg@gmail.com Cc: Ralph B��hme slow@samba.org Acked-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/connection.c | 10 ++++++---- fs/ksmbd/smb_common.c | 6 ------ fs/ksmbd/smb_common.h | 4 ++-- 3 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/fs/ksmbd/connection.c b/fs/ksmbd/connection.c index af086d35398a..48b18b4ec117 100644 --- a/fs/ksmbd/connection.c +++ b/fs/ksmbd/connection.c @@ -296,10 +296,12 @@ int ksmbd_conn_handler_loop(void *p) pdu_size = get_rfc1002_len(hdr_buf); ksmbd_debug(CONN, "RFC1002 header %u bytes\n", pdu_size);

- /* make sure we have enough to get to SMB header end */ - if (!ksmbd_pdu_size_has_room(pdu_size)) { - ksmbd_debug(CONN, "SMB request too short (%u bytes)\n", - pdu_size); + /* + * Check if pdu size is valid (min : smb header size, + * max : 0x00FFFFFF). + */ + if (pdu_size < __SMB2_HEADER_STRUCTURE_SIZE || + pdu_size > MAX_STREAM_PROT_LEN) { continue; }

diff --git a/fs/ksmbd/smb_common.c b/fs/ksmbd/smb_common.c index 02f17d5b8656..8658cb7c9b33 100644 --- a/fs/ksmbd/smb_common.c +++ b/fs/ksmbd/smb_common.c @@ -21,7 +21,6 @@ static const char basechars[43] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_-!@#$%"; #define MAGIC_CHAR '~' #define PERIOD '.' #define mangle(V) ((char)(basechars[(V) % MANGLE_BASE])) -#define KSMBD_MIN_SUPPORTED_HEADER_SIZE (sizeof(struct smb2_hdr))

struct smb_protocol { int index; @@ -294,11 +293,6 @@ int ksmbd_init_smb_server(struct ksmbd_work *work) return 0; }

-bool ksmbd_pdu_size_has_room(unsigned int pdu) -{ - return (pdu >= KSMBD_MIN_SUPPORTED_HEADER_SIZE - 4); -} - int ksmbd_populate_dot_dotdot_entries(struct ksmbd_work *work, int info_level, struct ksmbd_file *dir, struct ksmbd_dir_info *d_info, diff --git a/fs/ksmbd/smb_common.h b/fs/ksmbd/smb_common.h index 994abede27e9..6e79e7577f6b 100644 --- a/fs/ksmbd/smb_common.h +++ b/fs/ksmbd/smb_common.h @@ -48,6 +48,8 @@ #define CIFS_DEFAULT_IOSIZE (64 * 1024) #define MAX_CIFS_SMALL_BUFFER_SIZE 448 /* big enough for most */

+#define MAX_STREAM_PROT_LEN 0x00FFFFFF + /* Responses when opening a file. */ #define F_SUPERSEDED 0 #define F_OPENED 1 @@ -493,8 +495,6 @@ int ksmbd_lookup_dialect_by_id(__le16 *cli_dialects, __le16 dialects_count);

int ksmbd_init_smb_server(struct ksmbd_work *work);

-bool ksmbd_pdu_size_has_room(unsigned int pdu); - struct ksmbd_kstat; int ksmbd_populate_dot_dotdot_entries(struct ksmbd_work *work, int info_level,

From patchwork Mon Nov 14 12:52:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183326 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:02 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:02 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:02 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 229/308] ksmbd: check strictly data area in ksmbd_smb2_check_message() Date: Mon, 14 Nov 2022 20:52:18 +0800 Message-ID: 20221114125337.1831594-230-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain; charset="UTF-8" X-MS-Exchange-Organization-Network-Message-Id: 3786245c-5fb4-4ee7-dd8f-08dac63c82f7 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7002918 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.15-rc5 commit c2e99d47973796c3fafd13079337dcadecd49d8a category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/c2e99d479737

-------------------------------

When invalid data offset and data length in request, ksmbd_smb2_check_message check strictly and doesn't allow to process such requests.

Cc: Tom Talpey tom@talpey.com Cc: Ronnie Sahlberg ronniesahlberg@gmail.com Cc: Ralph B��hme slow@samba.org Acked-by: Hyunchul Lee hyc.lee@gmail.com Reviewed-by: Ralph Boehme slow@samba.org Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2misc.c | 98 ++++++++++++++++++++++----------------------- 1 file changed, 47 insertions(+), 51 deletions(-)

diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c index 9aa46bb3e10d..9edd9c161b27 100644 --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -80,18 +80,21 @@ static const bool has_smb2_data_area[NUMBER_OF_SMB2_COMMANDS] = { };

/* - * Returns the pointer to the beginning of the data area. Length of the data - * area and the offset to it (from the beginning of the smb are also returned. + * Set length of the data area and the offset to arguments. + * if they are invalid, return error. */ -static char *smb2_get_data_area_len(int *off, int *len, struct smb2_hdr *hdr) +static int smb2_get_data_area_len(unsigned int *off, unsigned int *len, + struct smb2_hdr *hdr) { + int ret = 0; + *off = 0; *len = 0;

/* error reqeusts do not have data area */ if (hdr->Status && hdr->Status != STATUS_MORE_PROCESSING_REQUIRED && (((struct smb2_err_rsp *)hdr)->StructureSize) == SMB2_ERROR_STRUCTURE_SIZE2_LE) - return NULL; + return ret;

/* * Following commands have data areas so we have to get the location @@ -165,69 +168,60 @@ static char *smb2_get_data_area_len(int *off, int *len, struct smb2_hdr *hdr) case SMB2_IOCTL: *off = le32_to_cpu(((struct smb2_ioctl_req *)hdr)->InputOffset); *len = le32_to_cpu(((struct smb2_ioctl_req *)hdr)->InputCount); - break; default: ksmbd_debug(SMB, "no length check for command\n"); break; }

- /* - * Invalid length or offset probably means data area is invalid, but - * we have little choice but to ignore the data area in this case. - */ if (*off > 4096) { - ksmbd_debug(SMB, "offset %d too large, data area ignored\n", - *off); - *len = 0; - *off = 0; - } else if (*off < 0) { - ksmbd_debug(SMB, - "negative offset %d to data invalid ignore data area\n", - *off); - *off = 0; - *len = 0; - } else if (*len < 0) { - ksmbd_debug(SMB, - "negative data length %d invalid, data area ignored\n", - *len); - *len = 0; - } else if (*len > 128 * 1024) { - ksmbd_debug(SMB, "data area larger than 128K: %d\n", *len); - *len = 0; + ksmbd_debug(SMB, "offset %d too large\n", *off); + ret = -EINVAL; + } else if ((u64)*off + *len > MAX_STREAM_PROT_LEN) { + ksmbd_debug(SMB, "Request is larger than maximum stream protocol length(%u): %llu\n", + MAX_STREAM_PROT_LEN, (u64)*off + *len); + ret = -EINVAL; }

- /* return pointer to beginning of data area, ie offset from SMB start */ - if ((*off != 0) && (*len != 0)) - return (char *)hdr + *off; - else - return NULL; + return ret; }

/* * Calculate the size of the SMB message based on the fixed header * portion, the number of word parameters and the data portion of the message. */ -static unsigned int smb2_calc_size(void *buf) +static int smb2_calc_size(void *buf, unsigned int *len) { struct smb2_pdu *pdu = (struct smb2_pdu *)buf; struct smb2_hdr *hdr = &pdu->hdr; - int offset; /* the offset from the beginning of SMB to data area */ - int data_length; /* the length of the variable length data area */ + unsigned int offset; /* the offset from the beginning of SMB to data area */ + unsigned int data_length; /* the length of the variable length data area */ + int ret; + /* Structure Size has already been checked to make sure it is 64 */ - int len = le16_to_cpu(hdr->StructureSize); + *len = le16_to_cpu(hdr->StructureSize);

/* * StructureSize2, ie length of fixed parameter area has already * been checked to make sure it is the correct length. */ - len += le16_to_cpu(pdu->StructureSize2); + *len += le16_to_cpu(pdu->StructureSize2); + /* + * StructureSize2 of smb2_lock pdu is set to 48, indicating + * the size of smb2 lock request with single smb2_lock_element + * regardless of number of locks. Subtract single + * smb2_lock_element for correct buffer size check. + */ + if (hdr->Command == SMB2_LOCK) + *len -= sizeof(struct smb2_lock_element);

if (has_smb2_data_area[le16_to_cpu(hdr->Command)] == false) goto calc_size_exit;

- smb2_get_data_area_len(&offset, &data_length, hdr); - ksmbd_debug(SMB, "SMB2 data length %d offset %d\n", data_length, + ret = smb2_get_data_area_len(&offset, &data_length, hdr); + if (ret) + return ret; + ksmbd_debug(SMB, "SMB2 data length %u offset %u\n", data_length, offset);

if (data_length > 0) { @@ -237,16 +231,19 @@ static unsigned int smb2_calc_size(void *buf) * for some commands, typically those with odd StructureSize, * so we must add one to the calculation. */ - if (offset + 1 < len) + if (offset + 1 < *len) { ksmbd_debug(SMB, - "data area offset %d overlaps SMB2 header %d\n", - offset + 1, len); - else - len = offset + data_length; + "data area offset %d overlaps SMB2 header %u\n", + offset + 1, *len); + return -EINVAL; + } + + *len = offset + data_length; } + calc_size_exit: - ksmbd_debug(SMB, "SMB2 len %d\n", len); - return len; + ksmbd_debug(SMB, "SMB2 len %u\n", *len); + return 0; }

static inline int smb2_query_info_req_len(struct smb2_query_info_req *h) @@ -391,9 +388,11 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) return 1; }

- clc_len = smb2_calc_size(hdr); + if (smb2_calc_size(hdr, &clc_len)) + return 1; + if (len != clc_len) { - /* server can return one byte more due to implied bcc[0] */ + /* client can return one byte more due to implied bcc[0] */ if (clc_len == len + 1) return 0;

@@ -418,9 +417,6 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) return 0; }

- if (command == SMB2_LOCK_HE && len == 88) - return 0; - ksmbd_debug(SMB, "cli req too short, len %d not %d. cmd:%d mid:%llu\n", len, clc_len, command,

From patchwork Mon Nov 14 12:52:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183327 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:03 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:03 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:02 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 230/308] ksmbd: remove the leftover of smb2.0 dialect support Date: Mon, 14 Nov 2022 20:52:19 +0800 Message-ID: 20221114125337.1831594-231-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain; charset="UTF-8" X-MS-Exchange-Organization-Network-Message-Id: 1b3fe46d-19fa-48b5-07ca-08dac63c8341 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6994706 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.15-rc5 commit 51a1387393d98c2ba52d53d089720fa9f1463178 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/51a1387393d9

-------------------------------

Although ksmbd doesn't send SMB2.0 support in supported dialect list of smb negotiate response, There is the leftover of smb2.0 dialect. This patch remove it not to support SMB2.0 in ksmbd.

Cc: Tom Talpey tom@talpey.com Cc: Ronnie Sahlberg ronniesahlberg@gmail.com Cc: Ralph B��hme slow@samba.org Cc: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2ops.c | 5 ----- fs/ksmbd/smb2pdu.c | 34 +++++++++------------------------- fs/ksmbd/smb2pdu.h | 1 - fs/ksmbd/smb_common.c | 6 +++--- 4 files changed, 12 insertions(+), 34 deletions(-)

diff --git a/fs/ksmbd/smb2ops.c b/fs/ksmbd/smb2ops.c index 197473871aa4..b06456eb587b 100644 --- a/fs/ksmbd/smb2ops.c +++ b/fs/ksmbd/smb2ops.c @@ -187,11 +187,6 @@ static struct smb_version_cmds smb2_0_server_cmds[NUMBER_OF_SMB2_COMMANDS] = { [SMB2_CHANGE_NOTIFY_HE] = { .proc = smb2_notify}, };

-int init_smb2_0_server(struct ksmbd_conn *conn) -{ - return -EOPNOTSUPP; -} - /** * init_smb2_1_server() - initialize a smb server connection with smb2.1 * command dispatcher diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 525089577d3b..dae9366120ff 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -236,9 +236,6 @@ int init_smb2_neg_rsp(struct ksmbd_work *work)

if (conn->need_neg == false) return -EINVAL; - if (!(conn->dialect >= SMB20_PROT_ID && - conn->dialect <= SMB311_PROT_ID)) - return -EINVAL;

rsp_hdr = work->response_buf;

@@ -1166,13 +1163,6 @@ int smb2_handle_negotiate(struct ksmbd_work *work) case SMB21_PROT_ID: init_smb2_1_server(conn); break; - case SMB20_PROT_ID: - rc = init_smb2_0_server(conn); - if (rc) { - rsp->hdr.Status = STATUS_NOT_SUPPORTED; - goto err_out; - } - break; case SMB2X_PROT_ID: case BAD_PROT_ID: default: @@ -1191,11 +1181,9 @@ int smb2_handle_negotiate(struct ksmbd_work *work) rsp->MaxReadSize = cpu_to_le32(conn->vals->max_read_size); rsp->MaxWriteSize = cpu_to_le32(conn->vals->max_write_size);

- if (conn->dialect > SMB20_PROT_ID) { - memcpy(conn->ClientGUID, req->ClientGUID, - SMB2_CLIENT_GUID_SIZE); - conn->cli_sec_mode = le16_to_cpu(req->SecurityMode); - } + memcpy(conn->ClientGUID, req->ClientGUID, + SMB2_CLIENT_GUID_SIZE); + conn->cli_sec_mode = le16_to_cpu(req->SecurityMode);

rsp->StructureSize = cpu_to_le16(65); rsp->DialectRevision = cpu_to_le16(conn->dialect); @@ -1537,11 +1525,9 @@ static int ntlm_authenticate(struct ksmbd_work *work) } }

- if (conn->dialect > SMB20_PROT_ID) { - if (!ksmbd_conn_lookup_dialect(conn)) { - pr_err("fail to verify the dialect\n"); - return -ENOENT; - } + if (!ksmbd_conn_lookup_dialect(conn)) { + pr_err("fail to verify the dialect\n"); + return -ENOENT; } return 0; } @@ -1623,11 +1609,9 @@ static int krb5_authenticate(struct ksmbd_work *work) } }

- if (conn->dialect > SMB20_PROT_ID) { - if (!ksmbd_conn_lookup_dialect(conn)) { - pr_err("fail to verify the dialect\n"); - return -ENOENT; - } + if (!ksmbd_conn_lookup_dialect(conn)) { + pr_err("fail to verify the dialect\n"); + return -ENOENT; } return 0; } diff --git a/fs/ksmbd/smb2pdu.h b/fs/ksmbd/smb2pdu.h index 261825d06391..a6dec5ec6a54 100644 --- a/fs/ksmbd/smb2pdu.h +++ b/fs/ksmbd/smb2pdu.h @@ -1637,7 +1637,6 @@ struct smb2_posix_info { } __packed;

/* functions */ -int init_smb2_0_server(struct ksmbd_conn *conn); void init_smb2_1_server(struct ksmbd_conn *conn); void init_smb3_0_server(struct ksmbd_conn *conn); void init_smb3_02_server(struct ksmbd_conn *conn); diff --git a/fs/ksmbd/smb_common.c b/fs/ksmbd/smb_common.c index 8658cb7c9b33..bd836a30ae89 100644 --- a/fs/ksmbd/smb_common.c +++ b/fs/ksmbd/smb_common.c @@ -88,7 +88,7 @@ unsigned int ksmbd_server_side_copy_max_total_size(void)

inline int ksmbd_min_protocol(void) { - return SMB2_PROT; + return SMB21_PROT; }

inline int ksmbd_max_protocol(void) @@ -425,7 +425,7 @@ int ksmbd_extract_shortname(struct ksmbd_conn *conn, const char *longname,

static int __smb2_negotiate(struct ksmbd_conn *conn) { - return (conn->dialect >= SMB20_PROT_ID && + return (conn->dialect >= SMB21_PROT_ID && conn->dialect <= SMB311_PROT_ID); }

@@ -455,7 +455,7 @@ int ksmbd_smb_negotiate_common(struct ksmbd_work *work, unsigned int command) } }

- if (command == SMB2_NEGOTIATE_HE) { + if (command == SMB2_NEGOTIATE_HE && __smb2_negotiate(conn)) { ret = smb2_handle_negotiate(work); init_smb2_neg_rsp(work); return ret;

From patchwork Mon Nov 14 12:52:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183328 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:03 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:03 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:03 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 231/308] ksmbd: use buf_data_size instead of recalculation in smb3_decrypt_req() Date: Mon, 14 Nov 2022 20:52:20 +0800 Message-ID: 20221114125337.1831594-232-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain; charset="UTF-8" X-MS-Exchange-Organization-Network-Message-Id: d9e95537-8f6a-4115-bfc8-08dac63c8389 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7055730 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.15-rc5 commit c7705eec78c999485609274c7ac5c27def8b84f1 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/c7705eec78c9

-------------------------------

Tom suggested to use buf_data_size that is already calculated, to verify these offsets.

Cc: Tom Talpey tom@talpey.com Cc: Ronnie Sahlberg ronniesahlberg@gmail.com Cc: Ralph B��hme slow@samba.org Suggested-by: Tom Talpey tom@talpey.com Acked-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index dae9366120ff..55d39459437d 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -8341,20 +8341,18 @@ int smb3_decrypt_req(struct ksmbd_work *work) struct smb2_hdr *hdr; unsigned int pdu_length = get_rfc1002_len(buf); struct kvec iov[2]; - unsigned int buf_data_size = pdu_length + 4 - + int buf_data_size = pdu_length + 4 - sizeof(struct smb2_transform_hdr); struct smb2_transform_hdr *tr_hdr = (struct smb2_transform_hdr *)buf; int rc = 0;

- if (pdu_length + 4 < - sizeof(struct smb2_transform_hdr) + sizeof(struct smb2_hdr)) { + if (buf_data_size < sizeof(struct smb2_hdr)) { pr_err("Transform message is too small (%u)\n", pdu_length); return -ECONNABORTED; }

- if (pdu_length + 4 < - le32_to_cpu(tr_hdr->OriginalMessageSize) + sizeof(struct smb2_transform_hdr)) { + if (buf_data_size < le32_to_cpu(tr_hdr->OriginalMessageSize)) { pr_err("Transform message is broken\n"); return -ECONNABORTED; }

From patchwork Mon Nov 14 12:52:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183329 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:04 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:04 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:03 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 232/308] ksmbd: fix version mismatch with out of tree Date: Mon, 14 Nov 2022 20:52:21 +0800 Message-ID: 20221114125337.1831594-233-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain; charset="UTF-8" X-MS-Exchange-Organization-Network-Message-Id: 9e1e37b9-a069-417b-c40a-08dac63c83d2 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7036407 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.15-rc5 commit 2db72604f3eaebd6175548bf64372e163724ebe3 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/2db72604f3ea

-------------------------------

Fix version mismatch with out of tree, This updated version will be matched with ksmbd-tools.

Cc: Tom Talpey tom@talpey.com Cc: Ronnie Sahlberg ronniesahlberg@gmail.com Cc: Ralph B��hme slow@samba.org Cc: Steve French smfrench@gmail.com Cc: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/glob.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/ksmbd/glob.h b/fs/ksmbd/glob.h index 49a5a3afa118..5b8f3e0ebdb3 100644 --- a/fs/ksmbd/glob.h +++ b/fs/ksmbd/glob.h @@ -12,7 +12,7 @@ #include "unicode.h" #include "vfs_cache.h"

-#define KSMBD_VERSION "3.1.9" +#define KSMBD_VERSION "3.4.2"

extern int ksmbd_debug_types;

From patchwork Mon Nov 14 12:52:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183330 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:04 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:04 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:04 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 233/308] ksmbd: fix oops from fuse driver Date: Mon, 14 Nov 2022 20:52:22 +0800 Message-ID: 20221114125337.1831594-234-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain; charset="UTF-8" X-MS-Exchange-Organization-Network-Message-Id: a626f202-8f84-486d-86d6-08dac63c841c X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6789696 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.15-rc5 commit 64e7875560270b8f669fca9fcd6a689fea56fbeb category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/64e787556027

-------------------------------

Marios reported kernel oops from fuse driver when ksmbd call mark_inode_dirty(). This patch directly update ->i_ctime after removing mark_inode_ditry() and notify_change will put inode to dirty list.

Cc: Tom Talpey tom@talpey.com Cc: Ronnie Sahlberg ronniesahlberg@gmail.com Cc: Ralph B��hme slow@samba.org Cc: Hyunchul Lee hyc.lee@gmail.com Reported-by: Marios Makassikis mmakassikis@freebox.fr Tested-by: Marios Makassikis mmakassikis@freebox.fr Acked-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 55d39459437d..ec07cc459f4f 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -5438,7 +5438,6 @@ static int set_file_basic_info(struct ksmbd_file *fp, struct ksmbd_share_config *share) { struct iattr attrs; - struct timespec64 ctime; struct file *filp; struct inode *inode; int rc = 0; @@ -5458,13 +5457,11 @@ static int set_file_basic_info(struct ksmbd_file *fp, attrs.ia_valid |= (ATTR_ATIME | ATTR_ATIME_SET); }

- if (file_info->ChangeTime) { + attrs.ia_valid |= ATTR_CTIME; + if (file_info->ChangeTime) attrs.ia_ctime = ksmbd_NTtimeToUnix(file_info->ChangeTime); - ctime = attrs.ia_ctime; - attrs.ia_valid |= ATTR_CTIME; - } else { - ctime = inode->i_ctime; - } + else + attrs.ia_ctime = inode->i_ctime;

if (file_info->LastWriteTime) { attrs.ia_mtime = ksmbd_NTtimeToUnix(file_info->LastWriteTime); @@ -5509,11 +5506,9 @@ static int set_file_basic_info(struct ksmbd_file *fp, return -EACCES;

inode_lock(inode); + inode->i_ctime = attrs.ia_ctime; + attrs.ia_valid &= ~ATTR_CTIME; rc = notify_change(dentry, &attrs, NULL); - if (!rc) { - inode->i_ctime = ctime; - mark_inode_dirty(inode); - } inode_unlock(inode); } return rc;

From patchwork Mon Nov 14 12:52:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183331 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:05 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:05 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:04 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 234/308] ksmbd: add validation in smb2_ioctl Date: Mon, 14 Nov 2022 20:52:23 +0800 Message-ID: 20221114125337.1831594-235-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain; charset="UTF-8" X-MS-Exchange-Organization-Network-Message-Id: 91dee71a-1a61-49fd-f38f-08dac63c8464 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7021221 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.15-rc7 commit f7db8fd03a4bc5baf70ccf8978fe17cb54368b97 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/f7db8fd03a4b

-------------------------------

Add validation for request/response buffer size check in smb2_ioctl and fsctl_copychunk() take copychunk_ioctl_req pointer and the other arguments instead of smb2_ioctl_req structure and remove an unused smb2_ioctl_req argument of fsctl_validate_negotiate_info.

Cc: Tom Talpey tom@talpey.com Cc: Ronnie Sahlberg ronniesahlberg@gmail.com Cc: Ralph B��hme slow@samba.org Cc: Steve French smfrench@gmail.com Cc: Sergey Senozhatsky senozhatsky@chromium.org Acked-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Colin Ian King colin.king@canonical.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 113 +++++++++++++++++++++++++++++++++------------ fs/ksmbd/vfs.c | 2 +- fs/ksmbd/vfs.h | 2 +- 3 files changed, 86 insertions(+), 31 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index ec07cc459f4f..2a4647273549 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -6973,24 +6973,26 @@ int smb2_lock(struct ksmbd_work *work) return err; }

-static int fsctl_copychunk(struct ksmbd_work *work, struct smb2_ioctl_req *req, +static int fsctl_copychunk(struct ksmbd_work *work, + struct copychunk_ioctl_req *ci_req, + unsigned int cnt_code, + unsigned int input_count, + unsigned long long volatile_id, + unsigned long long persistent_id, struct smb2_ioctl_rsp *rsp) { - struct copychunk_ioctl_req *ci_req; struct copychunk_ioctl_rsp *ci_rsp; struct ksmbd_file *src_fp = NULL, *dst_fp = NULL; struct srv_copychunk *chunks; unsigned int i, chunk_count, chunk_count_written = 0; unsigned int chunk_size_written = 0; loff_t total_size_written = 0; - int ret, cnt_code; + int ret = 0;

- cnt_code = le32_to_cpu(req->CntCode); - ci_req = (struct copychunk_ioctl_req *)&req->Buffer[0]; ci_rsp = (struct copychunk_ioctl_rsp *)&rsp->Buffer[0];

- rsp->VolatileFileId = req->VolatileFileId; - rsp->PersistentFileId = req->PersistentFileId; + rsp->VolatileFileId = cpu_to_le64(volatile_id); + rsp->PersistentFileId = cpu_to_le64(persistent_id); ci_rsp->ChunksWritten = cpu_to_le32(ksmbd_server_side_copy_max_chunk_count()); ci_rsp->ChunkBytesWritten = @@ -7000,12 +7002,13 @@ static int fsctl_copychunk(struct ksmbd_work *work, struct smb2_ioctl_req *req,

chunks = (struct srv_copychunk *)&ci_req->Chunks[0]; chunk_count = le32_to_cpu(ci_req->ChunkCount); + if (chunk_count == 0) + goto out; total_size_written = 0;

/* verify the SRV_COPYCHUNK_COPY packet */ if (chunk_count > ksmbd_server_side_copy_max_chunk_count() || - le32_to_cpu(req->InputCount) < - offsetof(struct copychunk_ioctl_req, Chunks) + + input_count < offsetof(struct copychunk_ioctl_req, Chunks) + chunk_count * sizeof(struct srv_copychunk)) { rsp->hdr.Status = STATUS_INVALID_PARAMETER; return -EINVAL; @@ -7026,9 +7029,7 @@ static int fsctl_copychunk(struct ksmbd_work *work, struct smb2_ioctl_req *req,

src_fp = ksmbd_lookup_foreign_fd(work, le64_to_cpu(ci_req->ResumeKey[0])); - dst_fp = ksmbd_lookup_fd_slow(work, - le64_to_cpu(req->VolatileFileId), - le64_to_cpu(req->PersistentFileId)); + dst_fp = ksmbd_lookup_fd_slow(work, volatile_id, persistent_id); ret = -EINVAL; if (!src_fp || src_fp->persistent_id != le64_to_cpu(ci_req->ResumeKey[1])) { @@ -7103,8 +7104,8 @@ static __be32 idev_ipv4_address(struct in_device *idev) }

static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn, - struct smb2_ioctl_req *req, - struct smb2_ioctl_rsp *rsp) + struct smb2_ioctl_rsp *rsp, + unsigned int out_buf_len) { struct network_interface_info_ioctl_rsp *nii_rsp = NULL; int nbytes = 0; @@ -7116,6 +7117,12 @@ static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn,

rtnl_lock(); for_each_netdev(&init_net, netdev) { + if (out_buf_len < + nbytes + sizeof(struct network_interface_info_ioctl_rsp)) { + rtnl_unlock(); + return -ENOSPC; + } + if (netdev->type == ARPHRD_LOOPBACK) continue;

@@ -7195,11 +7202,6 @@ static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn, if (nii_rsp) nii_rsp->Next = 0;

- if (!nbytes) { - rsp->hdr.Status = STATUS_BUFFER_TOO_SMALL; - return -EINVAL; - } - rsp->PersistentFileId = cpu_to_le64(SMB2_NO_FID); rsp->VolatileFileId = cpu_to_le64(SMB2_NO_FID); return nbytes; @@ -7207,11 +7209,16 @@ static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn,

static int fsctl_validate_negotiate_info(struct ksmbd_conn *conn, struct validate_negotiate_info_req *neg_req, - struct validate_negotiate_info_rsp *neg_rsp) + struct validate_negotiate_info_rsp *neg_rsp, + unsigned int in_buf_len) { int ret = 0; int dialect;

+ if (in_buf_len < sizeof(struct validate_negotiate_info_req) + + le16_to_cpu(neg_req->DialectCount) * sizeof(__le16)) + return -EINVAL; + dialect = ksmbd_lookup_dialect_by_id(neg_req->Dialects, neg_req->DialectCount); if (dialect == BAD_PROT_ID || dialect != conn->dialect) { @@ -7245,7 +7252,7 @@ static int fsctl_validate_negotiate_info(struct ksmbd_conn *conn, static int fsctl_query_allocated_ranges(struct ksmbd_work *work, u64 id, struct file_allocated_range_buffer *qar_req, struct file_allocated_range_buffer *qar_rsp, - int in_count, int *out_count) + unsigned int in_count, unsigned int *out_count) { struct ksmbd_file *fp; loff_t start, length; @@ -7272,7 +7279,8 @@ static int fsctl_query_allocated_ranges(struct ksmbd_work *work, u64 id, }

static int fsctl_pipe_transceive(struct ksmbd_work *work, u64 id, - int out_buf_len, struct smb2_ioctl_req *req, + unsigned int out_buf_len, + struct smb2_ioctl_req *req, struct smb2_ioctl_rsp *rsp) { struct ksmbd_rpc_command *rpc_resp; @@ -7382,8 +7390,7 @@ int smb2_ioctl(struct ksmbd_work *work) { struct smb2_ioctl_req *req; struct smb2_ioctl_rsp *rsp, *rsp_org; - int cnt_code, nbytes = 0; - int out_buf_len; + unsigned int cnt_code, nbytes = 0, out_buf_len, in_buf_len; u64 id = KSMBD_NO_FID; struct ksmbd_conn *conn = work->conn; int ret = 0; @@ -7412,7 +7419,11 @@ int smb2_ioctl(struct ksmbd_work *work)

cnt_code = le32_to_cpu(req->CntCode); out_buf_len = le32_to_cpu(req->MaxOutputResponse); - out_buf_len = min(KSMBD_IPC_MAX_PAYLOAD, out_buf_len); + out_buf_len = + min_t(u32, work->response_sz - work->next_smb2_rsp_hdr_off - + (offsetof(struct smb2_ioctl_rsp, Buffer) - 4), + out_buf_len); + in_buf_len = le32_to_cpu(req->InputCount);

switch (cnt_code) { case FSCTL_DFS_GET_REFERRALS: @@ -7440,6 +7451,7 @@ int smb2_ioctl(struct ksmbd_work *work) break; } case FSCTL_PIPE_TRANSCEIVE: + out_buf_len = min_t(u32, KSMBD_IPC_MAX_PAYLOAD, out_buf_len); nbytes = fsctl_pipe_transceive(work, id, out_buf_len, req, rsp); break; case FSCTL_VALIDATE_NEGOTIATE_INFO: @@ -7448,9 +7460,16 @@ int smb2_ioctl(struct ksmbd_work *work) goto out; }

+ if (in_buf_len < sizeof(struct validate_negotiate_info_req)) + return -EINVAL; + + if (out_buf_len < sizeof(struct validate_negotiate_info_rsp)) + return -EINVAL; + ret = fsctl_validate_negotiate_info(conn, (struct validate_negotiate_info_req *)&req->Buffer[0], - (struct validate_negotiate_info_rsp *)&rsp->Buffer[0]); + (struct validate_negotiate_info_rsp *)&rsp->Buffer[0], + in_buf_len); if (ret < 0) goto out;

@@ -7459,9 +7478,10 @@ int smb2_ioctl(struct ksmbd_work *work) rsp->VolatileFileId = cpu_to_le64(SMB2_NO_FID); break; case FSCTL_QUERY_NETWORK_INTERFACE_INFO: - nbytes = fsctl_query_iface_info_ioctl(conn, req, rsp); - if (nbytes < 0) + ret = fsctl_query_iface_info_ioctl(conn, rsp, out_buf_len); + if (ret < 0) goto out; + nbytes = ret; break; case FSCTL_REQUEST_RESUME_KEY: if (out_buf_len < sizeof(struct resume_key_ioctl_rsp)) { @@ -7486,15 +7506,33 @@ int smb2_ioctl(struct ksmbd_work *work) goto out; }

+ if (in_buf_len < sizeof(struct copychunk_ioctl_req)) { + ret = -EINVAL; + goto out; + } + if (out_buf_len < sizeof(struct copychunk_ioctl_rsp)) { ret = -EINVAL; goto out; }

nbytes = sizeof(struct copychunk_ioctl_rsp); - fsctl_copychunk(work, req, rsp); + rsp->VolatileFileId = req->VolatileFileId; + rsp->PersistentFileId = req->PersistentFileId; + fsctl_copychunk(work, + (struct copychunk_ioctl_req *)&req->Buffer[0], + le32_to_cpu(req->CntCode), + le32_to_cpu(req->InputCount), + le64_to_cpu(req->VolatileFileId), + le64_to_cpu(req->PersistentFileId), + rsp); break; case FSCTL_SET_SPARSE: + if (in_buf_len < sizeof(struct file_sparse)) { + ret = -EINVAL; + goto out; + } + ret = fsctl_set_sparse(work, id, (struct file_sparse *)&req->Buffer[0]); if (ret < 0) @@ -7513,6 +7551,11 @@ int smb2_ioctl(struct ksmbd_work *work) goto out; }

+ if (in_buf_len < sizeof(struct file_zero_data_information)) { + ret = -EINVAL; + goto out; + } + zero_data = (struct file_zero_data_information *)&req->Buffer[0];

@@ -7532,6 +7575,11 @@ int smb2_ioctl(struct ksmbd_work *work) break; } case FSCTL_QUERY_ALLOCATED_RANGES: + if (in_buf_len < sizeof(struct file_allocated_range_buffer)) { + ret = -EINVAL; + goto out; + } + ret = fsctl_query_allocated_ranges(work, id, (struct file_allocated_range_buffer *)&req->Buffer[0], (struct file_allocated_range_buffer *)&rsp->Buffer[0], @@ -7572,6 +7620,11 @@ int smb2_ioctl(struct ksmbd_work *work) struct duplicate_extents_to_file *dup_ext; loff_t src_off, dst_off, length, cloned;

+ if (in_buf_len < sizeof(struct duplicate_extents_to_file)) { + ret = -EINVAL; + goto out; + } + dup_ext = (struct duplicate_extents_to_file *)&req->Buffer[0];

fp_in = ksmbd_lookup_fd_slow(work, dup_ext->VolatileFileHandle, @@ -7642,6 +7695,8 @@ int smb2_ioctl(struct ksmbd_work *work) rsp->hdr.Status = STATUS_OBJECT_NAME_NOT_FOUND; else if (ret == -EOPNOTSUPP) rsp->hdr.Status = STATUS_NOT_SUPPORTED; + else if (ret == -ENOSPC) + rsp->hdr.Status = STATUS_BUFFER_TOO_SMALL; else if (ret < 0 || rsp->hdr.Status == 0) rsp->hdr.Status = STATUS_INVALID_PARAMETER; smb2_set_err_rsp(work); diff --git a/fs/ksmbd/vfs.c b/fs/ksmbd/vfs.c index 2887995b2c47..7f6a53ddf8a1 100644 --- a/fs/ksmbd/vfs.c +++ b/fs/ksmbd/vfs.c @@ -990,7 +990,7 @@ int ksmbd_vfs_zero_data(struct ksmbd_work *work, struct ksmbd_file *fp,

int ksmbd_vfs_fqar_lseek(struct ksmbd_file *fp, loff_t start, loff_t length, struct file_allocated_range_buffer *ranges, - int in_count, int *out_count) + unsigned int in_count, unsigned int *out_count) { struct file *f = fp->filp; struct inode *inode = file_inode(fp->filp); diff --git a/fs/ksmbd/vfs.h b/fs/ksmbd/vfs.h index ef4a89cf0221..51ff1f63965c 100644 --- a/fs/ksmbd/vfs.h +++ b/fs/ksmbd/vfs.h @@ -159,7 +159,7 @@ int ksmbd_vfs_zero_data(struct ksmbd_work *work, struct ksmbd_file *fp, struct file_allocated_range_buffer; int ksmbd_vfs_fqar_lseek(struct ksmbd_file *fp, loff_t start, loff_t length, struct file_allocated_range_buffer *ranges, - int in_count, int *out_count); + unsigned int in_count, unsigned int *out_count); int ksmbd_vfs_unlink(struct dentry *dir, struct dentry *dentry); void *ksmbd_vfs_init_kstat(char **p, struct ksmbd_kstat *ksmbd_kstat); int ksmbd_vfs_fill_dentry_attrs(struct ksmbd_work *work, struct dentry *dentry,

From patchwork Mon Nov 14 12:52:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183332 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:05 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:05 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:04 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 235/308] ksmbd: improve credits management Date: Mon, 14 Nov 2022 20:52:24 +0800 Message-ID: 20221114125337.1831594-236-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 19cff0c2-39bd-44b6-3829-08dac63c84ad X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7031939 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc7 commit bf8acc9e10e21c28452dfa067a7d31e6067104b1 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/bf8acc9e10e2

-------------------------------

* Requests except READ, WRITE, IOCTL, INFO, QUERY DIRECOTRY, CANCEL must consume one credit. * If client's granted credits are insufficient, refuse to handle requests. * Windows server 2016 or later grant up to 8192 credits to clients at once.

Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/connection.c | 2 ++ fs/ksmbd/smb2misc.c | 38 ++++++++++++++------ fs/ksmbd/smb2pdu.c | 81 ++++++++++++++++--------------------------- 3 files changed, 59 insertions(+), 62 deletions(-)

diff --git a/fs/ksmbd/connection.c b/fs/ksmbd/connection.c index 48b18b4ec117..b57a0d8a392f 100644 --- a/fs/ksmbd/connection.c +++ b/fs/ksmbd/connection.c @@ -61,6 +61,8 @@ struct ksmbd_conn *ksmbd_conn_alloc(void) conn->local_nls = load_nls_default(); atomic_set(&conn->req_running, 0); atomic_set(&conn->r_count, 0); + conn->total_credits = 1; + init_waitqueue_head(&conn->req_running_q); INIT_LIST_HEAD(&conn->conns_list); INIT_LIST_HEAD(&conn->sessions); diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c index 9edd9c161b27..e7e441c8f050 100644 --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -284,11 +284,13 @@ static inline int smb2_ioctl_resp_len(struct smb2_ioctl_req *h) le32_to_cpu(h->MaxOutputResponse); }

-static int smb2_validate_credit_charge(struct smb2_hdr *hdr) +static int smb2_validate_credit_charge(struct ksmbd_conn *conn, + struct smb2_hdr *hdr) { - int req_len = 0, expect_resp_len = 0, calc_credit_num, max_len; - int credit_charge = le16_to_cpu(hdr->CreditCharge); + unsigned int req_len = 0, expect_resp_len = 0, calc_credit_num, max_len; + unsigned short credit_charge = le16_to_cpu(hdr->CreditCharge); void *__hdr = hdr; + int ret;

switch (hdr->Command) { case SMB2_QUERY_INFO: @@ -310,21 +312,37 @@ static int smb2_validate_credit_charge(struct smb2_hdr *hdr) req_len = smb2_ioctl_req_len(__hdr); expect_resp_len = smb2_ioctl_resp_len(__hdr); break; - default: + case SMB2_CANCEL: return 0; + default: + req_len = 1; + break; }

- credit_charge = max(1, credit_charge); - max_len = max(req_len, expect_resp_len); + credit_charge = max_t(unsigned short, credit_charge, 1); + max_len = max_t(unsigned int, req_len, expect_resp_len); calc_credit_num = DIV_ROUND_UP(max_len, SMB2_MAX_BUFFER_SIZE);

if (credit_charge < calc_credit_num) { - pr_err("Insufficient credit charge, given: %d, needed: %d\n", - credit_charge, calc_credit_num); + ksmbd_debug(SMB, "Insufficient credit charge, given: %d, needed: %d\n", + credit_charge, calc_credit_num); + return 1; + } else if (credit_charge > conn->max_credits) { + ksmbd_debug(SMB, "Too large credit charge: %d\n", credit_charge); return 1; }

- return 0; + spin_lock(&conn->credits_lock); + if (credit_charge <= conn->total_credits) { + conn->total_credits -= credit_charge; + ret = 0; + } else { + ksmbd_debug(SMB, "Insufficient credits granted, given: %u, granted: %u\n", + credit_charge, conn->total_credits); + ret = 1; + } + spin_unlock(&conn->credits_lock); + return ret; }

int ksmbd_smb2_check_message(struct ksmbd_work *work) @@ -383,7 +401,7 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) }

if ((work->conn->vals->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU) && - smb2_validate_credit_charge(hdr)) { + smb2_validate_credit_charge(work->conn, hdr)) { work->conn->ops->set_rsp_status(work, STATUS_INVALID_PARAMETER); return 1; } diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 2a4647273549..f081f1735c5a 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -292,22 +292,6 @@ int init_smb2_neg_rsp(struct ksmbd_work *work) return 0; }

-static int smb2_consume_credit_charge(struct ksmbd_work *work, - unsigned short credit_charge) -{ - struct ksmbd_conn *conn = work->conn; - unsigned int rsp_credits = 1; - - if (!conn->total_credits) - return 0; - - if (credit_charge > 0) - rsp_credits = credit_charge; - - conn->total_credits -= rsp_credits; - return rsp_credits; -} - /** * smb2_set_rsp_credits() - set number of credits in response buffer * @work: smb work containing smb response buffer @@ -317,49 +301,43 @@ int smb2_set_rsp_credits(struct ksmbd_work *work) struct smb2_hdr *req_hdr = ksmbd_req_buf_next(work); struct smb2_hdr *hdr = ksmbd_resp_buf_next(work); struct ksmbd_conn *conn = work->conn; - unsigned short credits_requested = le16_to_cpu(req_hdr->CreditRequest); - unsigned short credit_charge = 1, credits_granted = 0; - unsigned short aux_max, aux_credits, min_credits; - int rsp_credit_charge; + unsigned short credits_requested; + unsigned short credit_charge, credits_granted = 0; + unsigned short aux_max, aux_credits;

- if (hdr->Command == SMB2_CANCEL) - goto out; + if (work->send_no_response) + return 0;

- /* get default minimum credits by shifting maximum credits by 4 */ - min_credits = conn->max_credits >> 4; + hdr->CreditCharge = req_hdr->CreditCharge;

- if (conn->total_credits >= conn->max_credits) { + if (conn->total_credits > conn->max_credits) { + hdr->CreditRequest = 0; pr_err("Total credits overflow: %d\n", conn->total_credits); - conn->total_credits = min_credits; - } - - rsp_credit_charge = - smb2_consume_credit_charge(work, le16_to_cpu(req_hdr->CreditCharge)); - if (rsp_credit_charge < 0) return -EINVAL; + }

- hdr->CreditCharge = cpu_to_le16(rsp_credit_charge); + credit_charge = max_t(unsigned short, + le16_to_cpu(req_hdr->CreditCharge), 1); + credits_requested = max_t(unsigned short, + le16_to_cpu(req_hdr->CreditRequest), 1);

- if (credits_requested > 0) { - aux_credits = credits_requested - 1; - aux_max = 32; - if (hdr->Command == SMB2_NEGOTIATE) - aux_max = 0; - aux_credits = (aux_credits < aux_max) ? aux_credits : aux_max; - credits_granted = aux_credits + credit_charge; + /* according to smb2.credits smbtorture, Windows server + * 2016 or later grant up to 8192 credits at once. + * + * TODO: Need to adjuct CreditRequest value according to + * current cpu load + */ + aux_credits = credits_requested - 1; + if (hdr->Command == SMB2_NEGOTIATE) + aux_max = 0; + else + aux_max = conn->max_credits - credit_charge; + aux_credits = min_t(unsigned short, aux_credits, aux_max); + credits_granted = credit_charge + aux_credits;

- /* if credits granted per client is getting bigger than default - * minimum credits then we should wrap it up within the limits. - */ - if ((conn->total_credits + credits_granted) > min_credits) - credits_granted = min_credits - conn->total_credits; - /* - * TODO: Need to adjuct CreditRequest value according to - * current cpu load - */ - } else if (conn->total_credits == 0) { - credits_granted = 1; - } + if (conn->max_credits - conn->total_credits < credits_granted) + credits_granted = conn->max_credits - + conn->total_credits;

conn->total_credits += credits_granted; work->credits_granted += credits_granted; @@ -368,7 +346,6 @@ int smb2_set_rsp_credits(struct ksmbd_work *work) /* Update CreditRequest in last request */ hdr->CreditRequest = cpu_to_le16(work->credits_granted); } -out: ksmbd_debug(SMB, "credits: requested[%d] granted[%d] total_granted[%d]\n", credits_requested, credits_granted,

From patchwork Mon Nov 14 12:52:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183333 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:05 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:05 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:05 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 236/308] ksmbd: fix potencial 32bit overflow from data area check in smb2_write Date: Mon, 14 Nov 2022 20:52:25 +0800 Message-ID: 20221114125337.1831594-237-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 5a54f8e0-21f5-4f87-f161-08dac63c84f5 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.5607664 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.15-rc7 commit 9a63b999ae5435d82a5c353c6b1467100f857742 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/9a63b999ae54

-------------------------------

DataOffset and Length validation can be potencial 32bit overflow. This patch fix it.

Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index f081f1735c5a..32e7d107fa0c 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -6147,8 +6147,7 @@ static noinline int smb2_write_pipe(struct ksmbd_work *work) (offsetof(struct smb2_write_req, Buffer) - 4)) { data_buf = (char *)&req->Buffer[0]; } else { - if ((le16_to_cpu(req->DataOffset) > get_rfc1002_len(req)) || - (le16_to_cpu(req->DataOffset) + length > get_rfc1002_len(req))) { + if ((u64)le16_to_cpu(req->DataOffset) + length > get_rfc1002_len(req)) { pr_err("invalid write data offset %u, smb_len %u\n", le16_to_cpu(req->DataOffset), get_rfc1002_len(req)); @@ -6306,8 +6305,7 @@ int smb2_write(struct ksmbd_work *work) (offsetof(struct smb2_write_req, Buffer) - 4)) { data_buf = (char *)&req->Buffer[0]; } else { - if ((le16_to_cpu(req->DataOffset) > get_rfc1002_len(req)) || - (le16_to_cpu(req->DataOffset) + length > get_rfc1002_len(req))) { + if ((u64)le16_to_cpu(req->DataOffset) + length > get_rfc1002_len(req)) { pr_err("invalid write data offset %u, smb_len %u\n", le16_to_cpu(req->DataOffset), get_rfc1002_len(req));

From patchwork Mon Nov 14 12:52:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183334 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:06 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:06 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:05 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 237/308] ksmbd: validate compound response buffer Date: Mon, 14 Nov 2022 20:52:26 +0800 Message-ID: 20221114125337.1831594-238-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: ac4a83db-3cf5-42f8-0f96-08dac63c8537 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7039663 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.15-rc7 commit dbad63001eac3abeeb2b66ddf71504e8ab128c5c category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/dbad63001eac

-------------------------------

Add the check to validate compound response buffer.

Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 6 ++++++ 1 file changed, 6 insertions(+)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 32e7d107fa0c..7da58e4e4abf 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -449,6 +449,12 @@ bool is_chained_smb2_message(struct ksmbd_work *work) return false; }

+ if ((u64)get_rfc1002_len(work->response_buf) + MAX_CIFS_SMALL_BUFFER_SIZE > + work->response_sz) { + pr_err("next response offset exceeds response buffer size\n"); + return false; + } + ksmbd_debug(SMB, "got SMB2 chained command\n"); init_chained_smb2_rsp(work); return true;

From patchwork Mon Nov 14 12:52:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183335 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:07 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:06 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:06 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 238/308] ksmbd: limit read/write/trans buffer size not to exceed 8MB Date: Mon, 14 Nov 2022 20:52:27 +0800 Message-ID: 20221114125337.1831594-239-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 3c673f50-a99b-4445-b717-08dac63c8581 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7164264 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.15-rc7 commit 4bc59477c3298b191c72b5d99feb54a1dc8c254d category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/4bc59477c329

-------------------------------

ksmbd limit read/write/trans buffer size not to exceed maximum 8MB. And set the minimum value of max response buffer size to 64KB. Windows client doesn't send session setup request if ksmbd set max trans/read/write size lower than 64KB in smb2 negotiate. It means windows allow at least 64 KB or more about this value.

Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2ops.c | 3 +++ fs/ksmbd/smb2pdu.c | 2 +- fs/ksmbd/smb2pdu.h | 2 ++ 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/fs/ksmbd/smb2ops.c b/fs/ksmbd/smb2ops.c index b06456eb587b..fb6a65d23139 100644 --- a/fs/ksmbd/smb2ops.c +++ b/fs/ksmbd/smb2ops.c @@ -284,6 +284,7 @@ int init_smb3_11_server(struct ksmbd_conn *conn)

void init_smb2_max_read_size(unsigned int sz) { + sz = clamp_val(sz, SMB3_MIN_IOSIZE, SMB3_MAX_IOSIZE); smb21_server_values.max_read_size = sz; smb30_server_values.max_read_size = sz; smb302_server_values.max_read_size = sz; @@ -292,6 +293,7 @@ void init_smb2_max_read_size(unsigned int sz)

void init_smb2_max_write_size(unsigned int sz) { + sz = clamp_val(sz, SMB3_MIN_IOSIZE, SMB3_MAX_IOSIZE); smb21_server_values.max_write_size = sz; smb30_server_values.max_write_size = sz; smb302_server_values.max_write_size = sz; @@ -300,6 +302,7 @@ void init_smb2_max_write_size(unsigned int sz)

void init_smb2_max_trans_size(unsigned int sz) { + sz = clamp_val(sz, SMB3_MIN_IOSIZE, SMB3_MAX_IOSIZE); smb21_server_values.max_trans_size = sz; smb30_server_values.max_trans_size = sz; smb302_server_values.max_trans_size = sz; diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 7da58e4e4abf..2e4380cffac5 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -524,7 +524,7 @@ int smb2_allocate_rsp_buf(struct ksmbd_work *work) { struct smb2_hdr *hdr = work->request_buf; size_t small_sz = MAX_CIFS_SMALL_BUFFER_SIZE; - size_t large_sz = work->conn->vals->max_trans_size + MAX_SMB2_HDR_SIZE; + size_t large_sz = small_sz + work->conn->vals->max_trans_size; size_t sz = small_sz; int cmd = le16_to_cpu(hdr->Command);

diff --git a/fs/ksmbd/smb2pdu.h b/fs/ksmbd/smb2pdu.h index a6dec5ec6a54..ff5a2f01d34a 100644 --- a/fs/ksmbd/smb2pdu.h +++ b/fs/ksmbd/smb2pdu.h @@ -113,6 +113,8 @@ #define SMB21_DEFAULT_IOSIZE (1024 * 1024) #define SMB3_DEFAULT_IOSIZE (4 * 1024 * 1024) #define SMB3_DEFAULT_TRANS_SIZE (1024 * 1024) +#define SMB3_MIN_IOSIZE (64 * 1024) +#define SMB3_MAX_IOSIZE (8 * 1024 * 1024)

/* * SMB2 Header Definition

From patchwork Mon Nov 14 12:52:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183336 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:07 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:07 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:06 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 239/308] ksmbd: add buffer validation for smb direct Date: Mon, 14 Nov 2022 20:52:28 +0800 Message-ID: 20221114125337.1831594-240-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 61be61e5-4e5d-4329-07c0-08dac63c85cb X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6814979 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc7 commit 2ea086e35c3d726a3bacd0a971c1f02a50e98206 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/2ea086e35c3d

-------------------------------

Add buffer validation for smb direct.

Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/transport_rdma.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c index 3a7fa23ba850..a2fd5a4d4cd5 100644 --- a/fs/ksmbd/transport_rdma.c +++ b/fs/ksmbd/transport_rdma.c @@ -549,6 +549,10 @@ static void recv_done(struct ib_cq *cq, struct ib_wc *wc)

switch (recvmsg->type) { case SMB_DIRECT_MSG_NEGOTIATE_REQ: + if (wc->byte_len < sizeof(struct smb_direct_negotiate_req)) { + put_empty_recvmsg(t, recvmsg); + return; + } t->negotiation_requested = true; t->full_packet_received = true; wake_up_interruptible(&t->wait_status); @@ -556,10 +560,23 @@ static void recv_done(struct ib_cq *cq, struct ib_wc *wc) case SMB_DIRECT_MSG_DATA_TRANSFER: { struct smb_direct_data_transfer *data_transfer = (struct smb_direct_data_transfer *)recvmsg->packet; - int data_length = le32_to_cpu(data_transfer->data_length); + unsigned int data_length; int avail_recvmsg_count, receive_credits;

+ if (wc->byte_len < + offsetof(struct smb_direct_data_transfer, padding)) { + put_empty_recvmsg(t, recvmsg); + return; + } + + data_length = le32_to_cpu(data_transfer->data_length); if (data_length) { + if (wc->byte_len < sizeof(struct smb_direct_data_transfer) + + (u64)data_length) { + put_empty_recvmsg(t, recvmsg); + return; + } + if (t->full_packet_received) recvmsg->first_segment = true;

@@ -568,7 +585,7 @@ static void recv_done(struct ib_cq *cq, struct ib_wc *wc) else t->full_packet_received = true;

- enqueue_reassembly(t, recvmsg, data_length); + enqueue_reassembly(t, recvmsg, (int)data_length); wake_up_interruptible(&t->wait_reassembly_queue);

spin_lock(&t->receive_credit_lock);

From patchwork Mon Nov 14 12:52:29 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183337 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:07 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:07 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:07 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 240/308] ksmbd: validate credit charge after validating SMB2 PDU body size Date: Mon, 14 Nov 2022 20:52:29 +0800 Message-ID: 20221114125337.1831594-241-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 195e35af-f5be-4edc-9913-08dac63c8613 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6937221 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Ralph Boehme slow@samba.org

mainline inclusion from mainline-5.15-rc7 commit 7a33488705008b5bb5f8d95d05326dcc64fc55f4 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/7a3348870500

-------------------------------

smb2_validate_credit_charge() accesses fields in the SMB2 PDU body, but until smb2_calc_size() is called the PDU has not yet been verified to be large enough to access the PDU dynamic part length field.

Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Ralph Boehme slow@samba.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2misc.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c index e7e441c8f050..030ca57c3784 100644 --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -400,26 +400,20 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) } }

- if ((work->conn->vals->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU) && - smb2_validate_credit_charge(work->conn, hdr)) { - work->conn->ops->set_rsp_status(work, STATUS_INVALID_PARAMETER); - return 1; - } - if (smb2_calc_size(hdr, &clc_len)) return 1;

if (len != clc_len) { /* client can return one byte more due to implied bcc[0] */ if (clc_len == len + 1) - return 0; + goto validate_credit;

/* * Some windows servers (win2016) will pad also the final * PDU in a compound to 8 bytes. */ if (ALIGN(clc_len, 8) == len) - return 0; + goto validate_credit;

/* * windows client also pad up to 8 bytes when compounding. @@ -432,7 +426,7 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) "cli req padded more than expected. Length %d not %d for cmd:%d mid:%llu\n", len, clc_len, command, le64_to_cpu(hdr->MessageId)); - return 0; + goto validate_credit; }

ksmbd_debug(SMB, @@ -443,6 +437,13 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) return 1; }

+validate_credit: + if ((work->conn->vals->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU) && + smb2_validate_credit_charge(work->conn, hdr)) { + work->conn->ops->set_rsp_status(work, STATUS_INVALID_PARAMETER); + return 1; + } + return 0; }

From patchwork Mon Nov 14 12:52:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183338 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:08 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:08 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:07 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 241/308] ksmbd: validate OutputBufferLength of QUERY_DIR, QUERY_INFO, IOCTL requests Date: Mon, 14 Nov 2022 20:52:30 +0800 Message-ID: 20221114125337.1831594-242-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 54e0e9f8-6d7b-47c5-9d84-08dac63c865c X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6747344 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.15-rc7 commit 34061d6b76a41b1e43c19e1e50d98e5d77f77d4e category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/34061d6b76a4

-------------------------------

Validate OutputBufferLength of QUERY_DIR, QUERY_INFO, IOCTL requests and check the free size of response buffer for these requests.

Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 68 +++++++++++++++++++++++++++++++++++----------- 1 file changed, 52 insertions(+), 16 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 2e4380cffac5..71aade05a587 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -3731,6 +3731,24 @@ static int verify_info_level(int info_level) return 0; }

+static int smb2_calc_max_out_buf_len(struct ksmbd_work *work, + unsigned short hdr2_len, + unsigned int out_buf_len) +{ + int free_len; + + if (out_buf_len > work->conn->vals->max_trans_size) + return -EINVAL; + + free_len = (int)(work->response_sz - + (get_rfc1002_len(work->response_buf) + 4)) - + hdr2_len; + if (free_len < 0) + return -EINVAL; + + return min_t(int, out_buf_len, free_len); +} + int smb2_query_dir(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; @@ -3806,9 +3824,13 @@ int smb2_query_dir(struct ksmbd_work *work) memset(&d_info, 0, sizeof(struct ksmbd_dir_info)); d_info.wptr = (char *)rsp->Buffer; d_info.rptr = (char *)rsp->Buffer; - d_info.out_buf_len = (work->response_sz - (get_rfc1002_len(rsp_org) + 4)); - d_info.out_buf_len = min_t(int, d_info.out_buf_len, le32_to_cpu(req->OutputBufferLength)) - - sizeof(struct smb2_query_directory_rsp); + d_info.out_buf_len = + smb2_calc_max_out_buf_len(work, 8, + le32_to_cpu(req->OutputBufferLength)); + if (d_info.out_buf_len < 0) { + rc = -EINVAL; + goto err_out; + } d_info.flags = srch_flag;

/* @@ -4041,12 +4063,11 @@ static int smb2_get_ea(struct ksmbd_work *work, struct ksmbd_file *fp, le32_to_cpu(req->Flags)); }

- buf_free_len = work->response_sz - - (get_rfc1002_len(rsp_org) + 4) - - sizeof(struct smb2_query_info_rsp); - - if (le32_to_cpu(req->OutputBufferLength) < buf_free_len) - buf_free_len = le32_to_cpu(req->OutputBufferLength); + buf_free_len = + smb2_calc_max_out_buf_len(work, 8, + le32_to_cpu(req->OutputBufferLength)); + if (buf_free_len < 0) + return -EINVAL;

rc = ksmbd_vfs_listxattr(path->dentry, &xattr_list); if (rc < 0) { @@ -4355,6 +4376,8 @@ static void get_file_stream_info(struct ksmbd_work *work, struct path *path = &fp->filp->f_path; ssize_t xattr_list_len; int nbytes = 0, streamlen, stream_name_len, next, idx = 0; + int buf_free_len; + struct smb2_query_info_req *req = ksmbd_req_buf_next(work);

generic_fillattr(file_inode(fp->filp), &stat); file_info = (struct smb2_file_stream_info *)rsp->Buffer; @@ -4367,6 +4390,12 @@ static void get_file_stream_info(struct ksmbd_work *work, goto out; }

+ buf_free_len = + smb2_calc_max_out_buf_len(work, 8, + le32_to_cpu(req->OutputBufferLength)); + if (buf_free_len < 0) + goto out; + while (idx < xattr_list_len) { stream_name = xattr_list + idx; streamlen = strlen(stream_name); @@ -4391,6 +4420,10 @@ static void get_file_stream_info(struct ksmbd_work *work, streamlen = snprintf(stream_buf, streamlen + 1, ":%s", &stream_name[XATTR_NAME_STREAM_LEN]);

+ next = sizeof(struct smb2_file_stream_info) + streamlen * 2; + if (next > buf_free_len) + break; + file_info = (struct smb2_file_stream_info *)&rsp->Buffer[nbytes]; streamlen = smbConvertToUTF16((__le16 *)file_info->StreamName, stream_buf, streamlen, @@ -4401,12 +4434,13 @@ static void get_file_stream_info(struct ksmbd_work *work, file_info->StreamSize = cpu_to_le64(stream_name_len); file_info->StreamAllocationSize = cpu_to_le64(stream_name_len);

- next = sizeof(struct smb2_file_stream_info) + streamlen; nbytes += next; + buf_free_len -= next; file_info->NextEntryOffset = cpu_to_le32(next); }

- if (!S_ISDIR(stat.mode)) { + if (!S_ISDIR(stat.mode) && + buf_free_len >= sizeof(struct smb2_file_stream_info) + 7 * 2) { file_info = (struct smb2_file_stream_info *) &rsp->Buffer[nbytes]; streamlen = smbConvertToUTF16((__le16 *)file_info->StreamName, @@ -7399,11 +7433,13 @@ int smb2_ioctl(struct ksmbd_work *work) }

cnt_code = le32_to_cpu(req->CntCode); - out_buf_len = le32_to_cpu(req->MaxOutputResponse); - out_buf_len = - min_t(u32, work->response_sz - work->next_smb2_rsp_hdr_off - - (offsetof(struct smb2_ioctl_rsp, Buffer) - 4), - out_buf_len); + ret = smb2_calc_max_out_buf_len(work, 48, + le32_to_cpu(req->MaxOutputResponse)); + if (ret < 0) { + rsp->hdr.Status = STATUS_INVALID_PARAMETER; + goto out; + } + out_buf_len = (unsigned int)ret; in_buf_len = le32_to_cpu(req->InputCount);

switch (cnt_code) {

From patchwork Mon Nov 14 12:52:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183339 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:08 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:08 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:08 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 242/308] ksmbd: throttle session setup failures to avoid dictionary attacks Date: Mon, 14 Nov 2022 20:52:31 +0800 Message-ID: 20221114125337.1831594-243-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: ca3309e7-4ac2-4c03-55de-08dac63c86a5 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7060263 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.15-rc7 commit 621be84a9d1fbf0097fd058e249ec5cc4f35f3c5 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/621be84a9d1f

-------------------------------

To avoid dictionary attacks (repeated session setups rapidly sent) to connect to server, ksmbd make a delay of a 5 seconds on session setup failure to make it harder to send enough random connection requests to break into a server if a user insert the wrong password 10 times in a row.

Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/ksmbd_netlink.h | 2 ++ fs/ksmbd/mgmt/user_config.c | 2 +- fs/ksmbd/mgmt/user_config.h | 1 + fs/ksmbd/smb2pdu.c | 27 ++++++++++++++++++++++++--- fs/ksmbd/transport_ipc.c | 3 ++- fs/ksmbd/transport_ipc.h | 2 +- 6 files changed, 31 insertions(+), 6 deletions(-)

diff --git a/fs/ksmbd/ksmbd_netlink.h b/fs/ksmbd/ksmbd_netlink.h index 2fbe2bc1e093..c6718a05d347 100644 --- a/fs/ksmbd/ksmbd_netlink.h +++ b/fs/ksmbd/ksmbd_netlink.h @@ -211,6 +211,7 @@ struct ksmbd_tree_disconnect_request { */ struct ksmbd_logout_request { __s8 account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ]; /* user account name */ + __u32 account_flags; };

/* @@ -317,6 +318,7 @@ enum KSMBD_TREE_CONN_STATUS { #define KSMBD_USER_FLAG_BAD_UID BIT(2) #define KSMBD_USER_FLAG_BAD_USER BIT(3) #define KSMBD_USER_FLAG_GUEST_ACCOUNT BIT(4) +#define KSMBD_USER_FLAG_DELAY_SESSION BIT(5)

/* * Share config flags. diff --git a/fs/ksmbd/mgmt/user_config.c b/fs/ksmbd/mgmt/user_config.c index d21629ae5c89..1019d3677d55 100644 --- a/fs/ksmbd/mgmt/user_config.c +++ b/fs/ksmbd/mgmt/user_config.c @@ -55,7 +55,7 @@ struct ksmbd_user *ksmbd_alloc_user(struct ksmbd_login_response *resp)

void ksmbd_free_user(struct ksmbd_user *user) { - ksmbd_ipc_logout_request(user->name); + ksmbd_ipc_logout_request(user->name, user->flags); kfree(user->name); kfree(user->passkey); kfree(user); diff --git a/fs/ksmbd/mgmt/user_config.h b/fs/ksmbd/mgmt/user_config.h index b2bb074a0150..aff80b029579 100644 --- a/fs/ksmbd/mgmt/user_config.h +++ b/fs/ksmbd/mgmt/user_config.h @@ -18,6 +18,7 @@ struct ksmbd_user {

size_t passkey_sz; char *passkey; + unsigned int failed_login_count; };

static inline bool user_guest(struct ksmbd_user *user) diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 71aade05a587..82677e282af0 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -1779,9 +1779,30 @@ int smb2_sess_setup(struct ksmbd_work *work) conn->mechToken = NULL; }

- if (rc < 0 && sess) { - ksmbd_session_destroy(sess); - work->sess = NULL; + if (rc < 0) { + /* + * SecurityBufferOffset should be set to zero + * in session setup error response. + */ + rsp->SecurityBufferOffset = 0; + + if (sess) { + bool try_delay = false; + + /* + * To avoid dictionary attacks (repeated session setups rapidly sent) to + * connect to server, ksmbd make a delay of a 5 seconds on session setup + * failure to make it harder to send enough random connection requests + * to break into a server. + */ + if (sess->user && sess->user->flags & KSMBD_USER_FLAG_DELAY_SESSION) + try_delay = true; + + ksmbd_session_destroy(sess); + work->sess = NULL; + if (try_delay) + ssleep(5); + } }

return rc; diff --git a/fs/ksmbd/transport_ipc.c b/fs/ksmbd/transport_ipc.c index 44aea33a67fa..1acf1892a466 100644 --- a/fs/ksmbd/transport_ipc.c +++ b/fs/ksmbd/transport_ipc.c @@ -601,7 +601,7 @@ int ksmbd_ipc_tree_disconnect_request(unsigned long long session_id, return ret; }

-int ksmbd_ipc_logout_request(const char *account) +int ksmbd_ipc_logout_request(const char *account, int flags) { struct ksmbd_ipc_msg *msg; struct ksmbd_logout_request *req; @@ -616,6 +616,7 @@ int ksmbd_ipc_logout_request(const char *account)

msg->type = KSMBD_EVENT_LOGOUT_REQUEST; req = (struct ksmbd_logout_request *)msg->payload; + req->account_flags = flags; strscpy(req->account, account, KSMBD_REQ_MAX_ACCOUNT_NAME_SZ);

ret = ipc_msg_send(msg); diff --git a/fs/ksmbd/transport_ipc.h b/fs/ksmbd/transport_ipc.h index 9eacc895ffdb..5e5b90a0c187 100644 --- a/fs/ksmbd/transport_ipc.h +++ b/fs/ksmbd/transport_ipc.h @@ -25,7 +25,7 @@ ksmbd_ipc_tree_connect_request(struct ksmbd_session *sess, struct sockaddr *peer_addr); int ksmbd_ipc_tree_disconnect_request(unsigned long long session_id, unsigned long long connect_id); -int ksmbd_ipc_logout_request(const char *account); +int ksmbd_ipc_logout_request(const char *account, int flags); struct ksmbd_share_config_response * ksmbd_ipc_share_config_request(const char *name); struct ksmbd_spnego_authen_response *

From patchwork Mon Nov 14 12:52:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183340 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:09 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:09 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:08 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 243/308] ksmbd: add buffer validation in session setup Date: Mon, 14 Nov 2022 20:52:32 +0800 Message-ID: 20221114125337.1831594-244-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 6bb722ce-fb1e-44b9-80b4-08dac63c86ee X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6911622 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Marios Makassikis mmakassikis@freebox.fr

mainline inclusion from mainline-5.15-rc7 commit 0d994cd482ee4e8e851388a70869beee51be1c54 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/0d994cd482ee

-------------------------------

Make sure the security buffer's length/offset are valid with regards to the packet length.

Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Marios Makassikis mmakassikis@freebox.fr Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/auth.c | 16 ++++++++------- fs/ksmbd/smb2pdu.c | 51 ++++++++++++++++++++++++++++------------------ 2 files changed, 40 insertions(+), 27 deletions(-)

diff --git a/fs/ksmbd/auth.c b/fs/ksmbd/auth.c index 71c989f1568d..30a92ddc1817 100644 --- a/fs/ksmbd/auth.c +++ b/fs/ksmbd/auth.c @@ -298,8 +298,8 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, int blob_len, struct ksmbd_session *sess) { char *domain_name; - unsigned int lm_off, nt_off; - unsigned short nt_len; + unsigned int nt_off, dn_off; + unsigned short nt_len, dn_len; int ret;

if (blob_len < sizeof(struct authenticate_message)) { @@ -314,15 +314,17 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, return -EINVAL; }

- lm_off = le32_to_cpu(authblob->LmChallengeResponse.BufferOffset); nt_off = le32_to_cpu(authblob->NtChallengeResponse.BufferOffset); nt_len = le16_to_cpu(authblob->NtChallengeResponse.Length); + dn_off = le32_to_cpu(authblob->DomainName.BufferOffset); + dn_len = le16_to_cpu(authblob->DomainName.Length); + + if (blob_len < (u64)dn_off + dn_len || blob_len < (u64)nt_off + nt_len) + return -EINVAL;

/* TODO : use domain name that imported from configuration file */ - domain_name = smb_strndup_from_utf16((const char *)authblob + - le32_to_cpu(authblob->DomainName.BufferOffset), - le16_to_cpu(authblob->DomainName.Length), true, - sess->conn->local_nls); + domain_name = smb_strndup_from_utf16((const char *)authblob + dn_off, + dn_len, true, sess->conn->local_nls); if (IS_ERR(domain_name)) return PTR_ERR(domain_name);

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 82677e282af0..37da97576669 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -1257,19 +1257,13 @@ static int generate_preauth_hash(struct ksmbd_work *work) return 0; }

-static int decode_negotiation_token(struct ksmbd_work *work, - struct negotiate_message *negblob) +static int decode_negotiation_token(struct ksmbd_conn *conn, + struct negotiate_message *negblob, + size_t sz) { - struct ksmbd_conn *conn = work->conn; - struct smb2_sess_setup_req *req; - int sz; - if (!conn->use_spnego) return -EINVAL;

- req = work->request_buf; - sz = le16_to_cpu(req->SecurityBufferLength); - if (ksmbd_decode_negTokenInit((char *)negblob, sz, conn)) { if (ksmbd_decode_negTokenTarg((char *)negblob, sz, conn)) { conn->auth_mechs |= KSMBD_AUTH_NTLMSSP; @@ -1281,9 +1275,9 @@ static int decode_negotiation_token(struct ksmbd_work *work, }

static int ntlm_negotiate(struct ksmbd_work *work, - struct negotiate_message *negblob) + struct negotiate_message *negblob, + size_t negblob_len) { - struct smb2_sess_setup_req *req = work->request_buf; struct smb2_sess_setup_rsp *rsp = work->response_buf; struct challenge_message *chgblob; unsigned char *spnego_blob = NULL; @@ -1292,8 +1286,7 @@ static int ntlm_negotiate(struct ksmbd_work *work, int sz, rc;

ksmbd_debug(SMB, "negotiate phase\n"); - sz = le16_to_cpu(req->SecurityBufferLength); - rc = ksmbd_decode_ntlmssp_neg_blob(negblob, sz, work->sess); + rc = ksmbd_decode_ntlmssp_neg_blob(negblob, negblob_len, work->sess); if (rc) return rc;

@@ -1361,12 +1354,23 @@ static struct ksmbd_user *session_user(struct ksmbd_conn *conn, struct authenticate_message *authblob; struct ksmbd_user *user; char *name; - int sz; + unsigned int auth_msg_len, name_off, name_len, secbuf_len;

+ secbuf_len = le16_to_cpu(req->SecurityBufferLength); + if (secbuf_len < sizeof(struct authenticate_message)) { + ksmbd_debug(SMB, "blob len %d too small\n", secbuf_len); + return NULL; + } authblob = user_authblob(conn, req); - sz = le32_to_cpu(authblob->UserName.BufferOffset); - name = smb_strndup_from_utf16((const char *)authblob + sz, - le16_to_cpu(authblob->UserName.Length), + name_off = le32_to_cpu(authblob->UserName.BufferOffset); + name_len = le16_to_cpu(authblob->UserName.Length); + auth_msg_len = le16_to_cpu(req->SecurityBufferOffset) + secbuf_len; + + if (auth_msg_len < (u64)name_off + name_len) + return NULL; + + name = smb_strndup_from_utf16((const char *)authblob + name_off, + name_len, true, conn->local_nls); if (IS_ERR(name)) { @@ -1612,6 +1616,7 @@ int smb2_sess_setup(struct ksmbd_work *work) struct smb2_sess_setup_rsp *rsp = work->response_buf; struct ksmbd_session *sess; struct negotiate_message *negblob; + unsigned int negblob_len, negblob_off; int rc = 0;

ksmbd_debug(SMB, "Received request for session setup\n"); @@ -1692,10 +1697,16 @@ int smb2_sess_setup(struct ksmbd_work *work) if (sess->state == SMB2_SESSION_EXPIRED) sess->state = SMB2_SESSION_IN_PROGRESS;

+ negblob_off = le16_to_cpu(req->SecurityBufferOffset); + negblob_len = le16_to_cpu(req->SecurityBufferLength); + if (negblob_off < (offsetof(struct smb2_sess_setup_req, Buffer) - 4) || + negblob_len < offsetof(struct negotiate_message, NegotiateFlags)) + return -EINVAL; + negblob = (struct negotiate_message *)((char *)&req->hdr.ProtocolId + - le16_to_cpu(req->SecurityBufferOffset)); + negblob_off);

- if (decode_negotiation_token(work, negblob) == 0) { + if (decode_negotiation_token(conn, negblob, negblob_len) == 0) { if (conn->mechToken) negblob = (struct negotiate_message *)conn->mechToken; } @@ -1719,7 +1730,7 @@ int smb2_sess_setup(struct ksmbd_work *work) sess->Preauth_HashValue = NULL; } else if (conn->preferred_auth_mech == KSMBD_AUTH_NTLMSSP) { if (negblob->MessageType == NtLmNegotiate) { - rc = ntlm_negotiate(work, negblob); + rc = ntlm_negotiate(work, negblob, negblob_len); if (rc) goto out_err; rsp->hdr.Status =

From patchwork Mon Nov 14 12:52:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183341 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:09 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:09 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:09 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 244/308] ksmbd: use ksmbd_req_buf_next() in ksmbd_verify_smb_message() Date: Mon, 14 Nov 2022 20:52:33 +0800 Message-ID: 20221114125337.1831594-245-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: e3d6108c-8de0-4dcc-eb7b-08dac63c8736 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6972547 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Ralph Boehme slow@samba.org

mainline inclusion from mainline-5.16-rc1 commit a088ac859f8124d491f02a19d080fc5ee4dbd202 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/a088ac859f81

-------------------------------

Use ksmbd_req_buf_next() in ksmbd_verify_smb_message().

Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Ralph Boehme slow@samba.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/ksmbd/smb_common.c b/fs/ksmbd/smb_common.c index bd836a30ae89..f3f1953b2bcf 100644 --- a/fs/ksmbd/smb_common.c +++ b/fs/ksmbd/smb_common.c @@ -132,7 +132,7 @@ int ksmbd_lookup_protocol_idx(char *str) */ int ksmbd_verify_smb_message(struct ksmbd_work *work) { - struct smb2_hdr *smb2_hdr = work->request_buf + work->next_smb2_rcv_hdr_off; + struct smb2_hdr *smb2_hdr = ksmbd_req_buf_next(work); struct smb_hdr *hdr;

if (smb2_hdr->ProtocolId == SMB2_PROTO_NUMBER)

From patchwork Mon Nov 14 12:52:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183342 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:10 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:10 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:09 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 245/308] ksmbd: use ksmbd_req_buf_next() in ksmbd_smb2_check_message() Date: Mon, 14 Nov 2022 20:52:34 +0800 Message-ID: 20221114125337.1831594-246-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 31644803-a809-48b1-93f2-08dac63c8781 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6725800 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Ralph Boehme slow@samba.org

mainline inclusion from mainline-5.16-rc1 commit b83b27909e74d27796de19c802fbc3b65ab4ba9a category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/b83b27909e74

-------------------------------

Use ksmbd_req_buf_next() in ksmbd_smb2_check_message().

Cc: Tom Talpey tom@talpey.com Cc: Ronnie Sahlberg ronniesahlberg@gmail.com Cc: Steve French smfrench@gmail.com Cc: Hyunchul Lee hyc.lee@gmail.com Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Ralph Boehme slow@samba.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2misc.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c index 030ca57c3784..2385622cc3c8 100644 --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -347,17 +347,12 @@ static int smb2_validate_credit_charge(struct ksmbd_conn *conn,

int ksmbd_smb2_check_message(struct ksmbd_work *work) { - struct smb2_pdu *pdu = work->request_buf; + struct smb2_pdu *pdu = ksmbd_req_buf_next(work); struct smb2_hdr *hdr = &pdu->hdr; int command; __u32 clc_len; /* calculated length */ __u32 len = get_rfc1002_len(pdu);

- if (work->next_smb2_rcv_hdr_off) { - pdu = ksmbd_req_buf_next(work); - hdr = &pdu->hdr; - } - if (le32_to_cpu(hdr->NextCommand) > 0) { len = le32_to_cpu(hdr->NextCommand); } else if (work->next_smb2_rcv_hdr_off) {

From patchwork Mon Nov 14 12:52:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183343 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:10 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:10 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:10 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 246/308] ksmdb: use cmd helper variable in smb2_get_ksmbd_tcon() Date: Mon, 14 Nov 2022 20:52:35 +0800 Message-ID: 20221114125337.1831594-247-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 34a18c8d-ca10-4a3d-fefd-08dac63c87c9 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6987538 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Ralph Boehme slow@samba.org

mainline inclusion from mainline-5.16-rc1 commit 341b16014bf871115f0883e831372c4b76389d03 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/341b16014bf8

-------------------------------

Use cmd helper variable in smb2_get_ksmbd_tcon().

Cc: Tom Talpey tom@talpey.com Cc: Ronnie Sahlberg ronniesahlberg@gmail.com Cc: Steve French smfrench@gmail.com Cc: Hyunchul Lee hyc.lee@gmail.com Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Ralph Boehme slow@samba.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 37da97576669..ed08697ec56c 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -94,12 +94,13 @@ struct channel *lookup_chann_list(struct ksmbd_session *sess, struct ksmbd_conn int smb2_get_ksmbd_tcon(struct ksmbd_work *work) { struct smb2_hdr *req_hdr = work->request_buf; + unsigned int cmd = le16_to_cpu(req_hdr->Command); int tree_id;

work->tcon = NULL; - if (work->conn->ops->get_cmd_val(work) == SMB2_TREE_CONNECT_HE || - work->conn->ops->get_cmd_val(work) == SMB2_CANCEL_HE || - work->conn->ops->get_cmd_val(work) == SMB2_LOGOFF_HE) { + if (cmd == SMB2_TREE_CONNECT_HE || + cmd == SMB2_CANCEL_HE || + cmd == SMB2_LOGOFF_HE) { ksmbd_debug(SMB, "skip to check tree connect request\n"); return 0; }

From patchwork Mon Nov 14 12:52:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183344 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:11 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:11 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:10 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 247/308] ksmbd: Remove redundant 'flush_workqueue()' calls Date: Mon, 14 Nov 2022 20:52:36 +0800 Message-ID: 20221114125337.1831594-248-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 60937ae3-17b7-476c-4f9c-08dac63c8813 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6919144 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Christophe JAILLET christophe.jaillet@wanadoo.fr

mainline inclusion from mainline-5.16-rc1 commit e8d585b2f68c0b10c966ee55146de043429085a3 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/e8d585b2f68c

-------------------------------

'destroy_workqueue()' already drains the queue before destroying it, so there is no need to flush it explicitly.

Remove the redundant 'flush_workqueue()' calls.

This was generated with coccinelle:

@@ expression E; @@ - flush_workqueue(E); destroy_workqueue(E);

Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Christophe JAILLET christophe.jaillet@wanadoo.fr Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/ksmbd_work.c | 1 - fs/ksmbd/transport_rdma.c | 1 - 2 files changed, 2 deletions(-)

diff --git a/fs/ksmbd/ksmbd_work.c b/fs/ksmbd/ksmbd_work.c index fd58eb4809f6..14b9caebf7a4 100644 --- a/fs/ksmbd/ksmbd_work.c +++ b/fs/ksmbd/ksmbd_work.c @@ -69,7 +69,6 @@ int ksmbd_workqueue_init(void)

void ksmbd_workqueue_destroy(void) { - flush_workqueue(ksmbd_wq); destroy_workqueue(ksmbd_wq); ksmbd_wq = NULL; } diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c index a2fd5a4d4cd5..6330dfc302ff 100644 --- a/fs/ksmbd/transport_rdma.c +++ b/fs/ksmbd/transport_rdma.c @@ -2043,7 +2043,6 @@ int ksmbd_rdma_destroy(void) smb_direct_listener.cm_id = NULL;

if (smb_direct_wq) { - flush_workqueue(smb_direct_wq); destroy_workqueue(smb_direct_wq); smb_direct_wq = NULL; }

From patchwork Mon Nov 14 12:52:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183345 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:11 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:11 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:11 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 248/308] ksmbd: Fix buffer length check in fsctl_validate_negotiate_info() Date: Mon, 14 Nov 2022 20:52:37 +0800 Message-ID: 20221114125337.1831594-249-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: aedc835b-4363-4e82-e1a0-08dac63c885b X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6429262 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Marios Makassikis mmakassikis@freebox.fr

mainline inclusion from mainline-5.16-rc1 commit 78f1688a64cca77758ceb9b183088cf0054bfc82 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/78f1688a64cc

-------------------------------

The validate_negotiate_info_req struct definition includes an extra field to access the data coming after the header. This causes the check in fsctl_validate_negotiate_info() to count the first element of the array twice. This in turn makes some valid requests fail, depending on whether they include padding or not.

Fixes: f7db8fd03a4b ("ksmbd: add validation in smb2_ioctl") Cc: stable@vger.kernel.org # v5.15 Acked-by: Namjae Jeon linkinjeon@kernel.org Acked-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Marios Makassikis mmakassikis@freebox.fr Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index ed08697ec56c..bec55e1f08dc 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -7263,7 +7263,7 @@ static int fsctl_validate_negotiate_info(struct ksmbd_conn *conn, int ret = 0; int dialect;

- if (in_buf_len < sizeof(struct validate_negotiate_info_req) + + if (in_buf_len < offsetof(struct validate_negotiate_info_req, Dialects) + le16_to_cpu(neg_req->DialectCount) * sizeof(__le16)) return -EINVAL;

From patchwork Mon Nov 14 12:52:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183346 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:12 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:12 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:11 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 249/308] ksmbd: don't need 8byte alignment for request length in ksmbd_check_message Date: Mon, 14 Nov 2022 20:52:38 +0800 Message-ID: 20221114125337.1831594-250-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 21519b03-337c-4ddc-9997-08dac63c88a4 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6940747 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.16-rc1 commit b53ad8107ee873795ecb5039d46b5d5502d404f2 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/b53ad8107ee8

-------------------------------

When validating request length in ksmbd_check_message, 8byte alignment is not needed for compound request. It can cause wrong validation of request length.

Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Cc: stable@vger.kernel.org # v5.15 Acked-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2misc.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c index 2385622cc3c8..0239fa96926c 100644 --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -353,12 +353,10 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) __u32 clc_len; /* calculated length */ __u32 len = get_rfc1002_len(pdu);

- if (le32_to_cpu(hdr->NextCommand) > 0) { + if (le32_to_cpu(hdr->NextCommand) > 0) len = le32_to_cpu(hdr->NextCommand); - } else if (work->next_smb2_rcv_hdr_off) { + else if (work->next_smb2_rcv_hdr_off) len -= work->next_smb2_rcv_hdr_off; - len = round_up(len, 8); - }

if (check_smb2_hdr(hdr)) return 1;

From patchwork Mon Nov 14 12:52:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183347 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:12 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:12 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:12 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 250/308] ksmbd: remove smb2_buf_length in smb2_hdr Date: Mon, 14 Nov 2022 20:52:39 +0800 Message-ID: 20221114125337.1831594-251-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 6046a616-8344-4d8b-5c29-08dac63c88ee X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.8239436 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.16-rc1 commit cb4517201b8acdb5fd5314494aaf86c267f22345 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/cb4517201b8a

-------------------------------

To move smb2_hdr to smbfs_common, This patch remove smb2_buf_length variable in smb2_hdr. Also, declare smb2_get_msg function to get smb2 request/response from ->request/response_buf.

Cc: Ronnie Sahlberg ronniesahlberg@gmail.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/auth.c | 4 +- fs/ksmbd/connection.c | 9 +- fs/ksmbd/ksmbd_work.h | 4 +- fs/ksmbd/oplock.c | 24 +-- fs/ksmbd/smb2misc.c | 2 +- fs/ksmbd/smb2pdu.c | 440 +++++++++++++++++++------------------- fs/ksmbd/smb2pdu.h | 20 +- fs/ksmbd/smb_common.c | 11 +- fs/ksmbd/smb_common.h | 6 - fs/ksmbd/transport_rdma.c | 2 +- 10 files changed, 260 insertions(+), 262 deletions(-)

diff --git a/fs/ksmbd/auth.c b/fs/ksmbd/auth.c index 30a92ddc1817..c69c5471db1c 100644 --- a/fs/ksmbd/auth.c +++ b/fs/ksmbd/auth.c @@ -873,9 +873,9 @@ int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf, __u8 *pi_hash) { int rc; - struct smb2_hdr *rcv_hdr = (struct smb2_hdr *)buf; + struct smb2_hdr *rcv_hdr = smb2_get_msg(buf); char *all_bytes_msg = (char *)&rcv_hdr->ProtocolId; - int msg_size = be32_to_cpu(rcv_hdr->smb2_buf_length); + int msg_size = get_rfc1002_len(buf); struct ksmbd_crypto_ctx *ctx = NULL;

if (conn->preauth_info->Preauth_HashId != diff --git a/fs/ksmbd/connection.c b/fs/ksmbd/connection.c index b57a0d8a392f..12f710ccbdff 100644 --- a/fs/ksmbd/connection.c +++ b/fs/ksmbd/connection.c @@ -158,14 +158,13 @@ void ksmbd_conn_wait_idle(struct ksmbd_conn *conn) int ksmbd_conn_write(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; - struct smb_hdr *rsp_hdr = work->response_buf; size_t len = 0; int sent; struct kvec iov[3]; int iov_idx = 0;

ksmbd_conn_try_dequeue_request(work); - if (!rsp_hdr) { + if (!work->response_buf) { pr_err("NULL response header\n"); return -EINVAL; } @@ -177,7 +176,7 @@ int ksmbd_conn_write(struct ksmbd_work *work) }

if (work->aux_payload_sz) { - iov[iov_idx] = (struct kvec) { rsp_hdr, work->resp_hdr_sz }; + iov[iov_idx] = (struct kvec) { work->response_buf, work->resp_hdr_sz }; len += iov[iov_idx++].iov_len; iov[iov_idx] = (struct kvec) { work->aux_payload_buf, work->aux_payload_sz }; len += iov[iov_idx++].iov_len; @@ -185,8 +184,8 @@ int ksmbd_conn_write(struct ksmbd_work *work) if (work->tr_buf) iov[iov_idx].iov_len = work->resp_hdr_sz; else - iov[iov_idx].iov_len = get_rfc1002_len(rsp_hdr) + 4; - iov[iov_idx].iov_base = rsp_hdr; + iov[iov_idx].iov_len = get_rfc1002_len(work->response_buf) + 4; + iov[iov_idx].iov_base = work->response_buf; len += iov[iov_idx++].iov_len; }

diff --git a/fs/ksmbd/ksmbd_work.h b/fs/ksmbd/ksmbd_work.h index f7156bc50049..5ece58e40c97 100644 --- a/fs/ksmbd/ksmbd_work.h +++ b/fs/ksmbd/ksmbd_work.h @@ -92,7 +92,7 @@ struct ksmbd_work { */ static inline void *ksmbd_resp_buf_next(struct ksmbd_work *work) { - return work->response_buf + work->next_smb2_rsp_hdr_off; + return work->response_buf + work->next_smb2_rsp_hdr_off + 4; }

/** @@ -101,7 +101,7 @@ static inline void *ksmbd_resp_buf_next(struct ksmbd_work *work) */ static inline void *ksmbd_req_buf_next(struct ksmbd_work *work) { - return work->request_buf + work->next_smb2_rcv_hdr_off; + return work->request_buf + work->next_smb2_rcv_hdr_off + 4; }

struct ksmbd_work *ksmbd_alloc_work_struct(void); diff --git a/fs/ksmbd/oplock.c b/fs/ksmbd/oplock.c index 95e8c53a5cf3..e529bc11b04b 100644 --- a/fs/ksmbd/oplock.c +++ b/fs/ksmbd/oplock.c @@ -629,10 +629,10 @@ static void __smb2_oplock_break_noti(struct work_struct *wk) return; }

- rsp_hdr = work->response_buf; + rsp_hdr = smb2_get_msg(work->response_buf); memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2); - rsp_hdr->smb2_buf_length = - cpu_to_be32(smb2_hdr_size_no_buflen(conn->vals)); + *(__be32 *)work->response_buf = + cpu_to_be32(conn->vals->header_size); rsp_hdr->ProtocolId = SMB2_PROTO_NUMBER; rsp_hdr->StructureSize = SMB2_HEADER_STRUCTURE_SIZE; rsp_hdr->CreditRequest = cpu_to_le16(0); @@ -645,7 +645,7 @@ static void __smb2_oplock_break_noti(struct work_struct *wk) rsp_hdr->SessionId = 0; memset(rsp_hdr->Signature, 0, 16);

- rsp = work->response_buf; + rsp = smb2_get_msg(work->response_buf);

rsp->StructureSize = cpu_to_le16(24); if (!br_info->open_trunc && @@ -659,7 +659,7 @@ static void __smb2_oplock_break_noti(struct work_struct *wk) rsp->PersistentFid = cpu_to_le64(fp->persistent_id); rsp->VolatileFid = cpu_to_le64(fp->volatile_id);

- inc_rfc1001_len(rsp, 24); + inc_rfc1001_len(work->response_buf, 24);

ksmbd_debug(OPLOCK, "sending oplock break v_id %llu p_id = %llu lock level = %d\n", @@ -736,10 +736,10 @@ static void __smb2_lease_break_noti(struct work_struct *wk) return; }

- rsp_hdr = work->response_buf; + rsp_hdr = smb2_get_msg(work->response_buf); memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2); - rsp_hdr->smb2_buf_length = - cpu_to_be32(smb2_hdr_size_no_buflen(conn->vals)); + *(__be32 *)work->response_buf = + cpu_to_be32(conn->vals->header_size); rsp_hdr->ProtocolId = SMB2_PROTO_NUMBER; rsp_hdr->StructureSize = SMB2_HEADER_STRUCTURE_SIZE; rsp_hdr->CreditRequest = cpu_to_le16(0); @@ -752,7 +752,7 @@ static void __smb2_lease_break_noti(struct work_struct *wk) rsp_hdr->SessionId = 0; memset(rsp_hdr->Signature, 0, 16);

- rsp = work->response_buf; + rsp = smb2_get_msg(work->response_buf); rsp->StructureSize = cpu_to_le16(44); rsp->Epoch = br_info->epoch; rsp->Flags = 0; @@ -768,7 +768,7 @@ static void __smb2_lease_break_noti(struct work_struct *wk) rsp->AccessMaskHint = 0; rsp->ShareMaskHint = 0;

- inc_rfc1001_len(rsp, 44); + inc_rfc1001_len(work->response_buf, 44);

ksmbd_conn_write(work); ksmbd_free_work_struct(work); @@ -1398,7 +1398,7 @@ struct lease_ctx_info *parse_lease_state(void *open_req) if (!lreq) return NULL;

- data_offset = (char *)req + 4 + le32_to_cpu(req->CreateContextsOffset); + data_offset = (char *)req + le32_to_cpu(req->CreateContextsOffset); cc = (struct create_context *)data_offset; do { cc = (struct create_context *)((char *)cc + next); @@ -1462,7 +1462,7 @@ struct create_context *smb2_find_context_vals(void *open_req, const char *tag) * CreateContextsOffset and CreateContextsLength are guaranteed to * be valid because of ksmbd_smb2_check_message(). */ - cc = (struct create_context *)((char *)req + 4 + + cc = (struct create_context *)((char *)req + le32_to_cpu(req->CreateContextsOffset)); remain_len = le32_to_cpu(req->CreateContextsLength); do { diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c index 0239fa96926c..0aba1c91fd37 100644 --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -351,7 +351,7 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) struct smb2_hdr *hdr = &pdu->hdr; int command; __u32 clc_len; /* calculated length */ - __u32 len = get_rfc1002_len(pdu); + __u32 len = get_rfc1002_len(work->request_buf);

if (le32_to_cpu(hdr->NextCommand) > 0) len = le32_to_cpu(hdr->NextCommand); diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index bec55e1f08dc..ae906e78616e 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -44,8 +44,8 @@ static void __wbuf(struct ksmbd_work *work, void **req, void **rsp) *req = ksmbd_req_buf_next(work); *rsp = ksmbd_resp_buf_next(work); } else { - *req = work->request_buf; - *rsp = work->response_buf; + *req = smb2_get_msg(work->request_buf); + *rsp = smb2_get_msg(work->response_buf); } }

@@ -93,7 +93,7 @@ struct channel *lookup_chann_list(struct ksmbd_session *sess, struct ksmbd_conn */ int smb2_get_ksmbd_tcon(struct ksmbd_work *work) { - struct smb2_hdr *req_hdr = work->request_buf; + struct smb2_hdr *req_hdr = smb2_get_msg(work->request_buf); unsigned int cmd = le16_to_cpu(req_hdr->Command); int tree_id;

@@ -131,7 +131,7 @@ void smb2_set_err_rsp(struct ksmbd_work *work) if (work->next_smb2_rcv_hdr_off) err_rsp = ksmbd_resp_buf_next(work); else - err_rsp = work->response_buf; + err_rsp = smb2_get_msg(work->response_buf);

if (err_rsp->hdr.Status != STATUS_STOPPED_ON_SYMLINK) { err_rsp->StructureSize = SMB2_ERROR_STRUCTURE_SIZE2_LE; @@ -151,7 +151,7 @@ void smb2_set_err_rsp(struct ksmbd_work *work) */ bool is_smb2_neg_cmd(struct ksmbd_work *work) { - struct smb2_hdr *hdr = work->request_buf; + struct smb2_hdr *hdr = smb2_get_msg(work->request_buf);

/* is it SMB2 header ? */ if (hdr->ProtocolId != SMB2_PROTO_NUMBER) @@ -175,7 +175,7 @@ bool is_smb2_neg_cmd(struct ksmbd_work *work) */ bool is_smb2_rsp(struct ksmbd_work *work) { - struct smb2_hdr *hdr = work->response_buf; + struct smb2_hdr *hdr = smb2_get_msg(work->response_buf);

/* is it SMB2 header ? */ if (hdr->ProtocolId != SMB2_PROTO_NUMBER) @@ -201,7 +201,7 @@ u16 get_smb2_cmd_val(struct ksmbd_work *work) if (work->next_smb2_rcv_hdr_off) rcv_hdr = ksmbd_req_buf_next(work); else - rcv_hdr = work->request_buf; + rcv_hdr = smb2_get_msg(work->request_buf); return le16_to_cpu(rcv_hdr->Command); }

@@ -217,7 +217,7 @@ void set_smb2_rsp_status(struct ksmbd_work *work, __le32 err) if (work->next_smb2_rcv_hdr_off) rsp_hdr = ksmbd_resp_buf_next(work); else - rsp_hdr = work->response_buf; + rsp_hdr = smb2_get_msg(work->response_buf); rsp_hdr->Status = err; smb2_set_err_rsp(work); } @@ -238,13 +238,11 @@ int init_smb2_neg_rsp(struct ksmbd_work *work) if (conn->need_neg == false) return -EINVAL;

- rsp_hdr = work->response_buf; + *(__be32 *)work->response_buf = + cpu_to_be32(conn->vals->header_size);

+ rsp_hdr = smb2_get_msg(work->response_buf); memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2); - - rsp_hdr->smb2_buf_length = - cpu_to_be32(smb2_hdr_size_no_buflen(conn->vals)); - rsp_hdr->ProtocolId = SMB2_PROTO_NUMBER; rsp_hdr->StructureSize = SMB2_HEADER_STRUCTURE_SIZE; rsp_hdr->CreditRequest = cpu_to_le16(2); @@ -257,7 +255,7 @@ int init_smb2_neg_rsp(struct ksmbd_work *work) rsp_hdr->SessionId = 0; memset(rsp_hdr->Signature, 0, 16);

- rsp = work->response_buf; + rsp = smb2_get_msg(work->response_buf);

WARN_ON(ksmbd_conn_good(work));

@@ -278,12 +276,12 @@ int init_smb2_neg_rsp(struct ksmbd_work *work)

rsp->SecurityBufferOffset = cpu_to_le16(128); rsp->SecurityBufferLength = cpu_to_le16(AUTH_GSS_LENGTH); - ksmbd_copy_gss_neg_header(((char *)(&rsp->hdr) + - sizeof(rsp->hdr.smb2_buf_length)) + + ksmbd_copy_gss_neg_header((char *)(&rsp->hdr) + le16_to_cpu(rsp->SecurityBufferOffset)); - inc_rfc1001_len(rsp, sizeof(struct smb2_negotiate_rsp) - - sizeof(struct smb2_hdr) - sizeof(rsp->Buffer) + - AUTH_GSS_LENGTH); + inc_rfc1001_len(work->response_buf, + sizeof(struct smb2_negotiate_rsp) - + sizeof(struct smb2_hdr) - sizeof(rsp->Buffer) + + AUTH_GSS_LENGTH); rsp->SecurityMode = SMB2_NEGOTIATE_SIGNING_ENABLED_LE; if (server_conf.signing == KSMBD_CONFIG_OPT_MANDATORY) rsp->SecurityMode |= SMB2_NEGOTIATE_SIGNING_REQUIRED_LE; @@ -388,8 +386,8 @@ static void init_chained_smb2_rsp(struct ksmbd_work *work) next_hdr_offset = le32_to_cpu(req->NextCommand);

new_len = ALIGN(len, 8); - inc_rfc1001_len(work->response_buf, ((sizeof(struct smb2_hdr) - 4) - + new_len - len)); + inc_rfc1001_len(work->response_buf, + sizeof(struct smb2_hdr) + new_len - len); rsp->NextCommand = cpu_to_le32(new_len);

work->next_smb2_rcv_hdr_off += next_hdr_offset; @@ -407,7 +405,7 @@ static void init_chained_smb2_rsp(struct ksmbd_work *work) work->compound_fid = KSMBD_NO_FID; work->compound_pfid = KSMBD_NO_FID; } - memset((char *)rsp_hdr + 4, 0, sizeof(struct smb2_hdr) + 2); + memset((char *)rsp_hdr, 0, sizeof(struct smb2_hdr) + 2); rsp_hdr->ProtocolId = SMB2_PROTO_NUMBER; rsp_hdr->StructureSize = SMB2_HEADER_STRUCTURE_SIZE; rsp_hdr->Command = rcv_hdr->Command; @@ -433,7 +431,7 @@ static void init_chained_smb2_rsp(struct ksmbd_work *work) */ bool is_chained_smb2_message(struct ksmbd_work *work) { - struct smb2_hdr *hdr = work->request_buf; + struct smb2_hdr *hdr = smb2_get_msg(work->request_buf); unsigned int len, next_cmd;

if (hdr->ProtocolId != SMB2_PROTO_NUMBER) @@ -484,13 +482,13 @@ bool is_chained_smb2_message(struct ksmbd_work *work) */ int init_smb2_rsp_hdr(struct ksmbd_work *work) { - struct smb2_hdr *rsp_hdr = work->response_buf; - struct smb2_hdr *rcv_hdr = work->request_buf; + struct smb2_hdr *rsp_hdr = smb2_get_msg(work->response_buf); + struct smb2_hdr *rcv_hdr = smb2_get_msg(work->request_buf); struct ksmbd_conn *conn = work->conn;

memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2); - rsp_hdr->smb2_buf_length = - cpu_to_be32(smb2_hdr_size_no_buflen(conn->vals)); + *(__be32 *)work->response_buf = + cpu_to_be32(conn->vals->header_size); rsp_hdr->ProtocolId = rcv_hdr->ProtocolId; rsp_hdr->StructureSize = SMB2_HEADER_STRUCTURE_SIZE; rsp_hdr->Command = rcv_hdr->Command; @@ -523,7 +521,7 @@ int init_smb2_rsp_hdr(struct ksmbd_work *work) */ int smb2_allocate_rsp_buf(struct ksmbd_work *work) { - struct smb2_hdr *hdr = work->request_buf; + struct smb2_hdr *hdr = smb2_get_msg(work->request_buf); size_t small_sz = MAX_CIFS_SMALL_BUFFER_SIZE; size_t large_sz = small_sz + work->conn->vals->max_trans_size; size_t sz = small_sz; @@ -535,7 +533,7 @@ int smb2_allocate_rsp_buf(struct ksmbd_work *work) if (cmd == SMB2_QUERY_INFO_HE) { struct smb2_query_info_req *req;

- req = work->request_buf; + req = smb2_get_msg(work->request_buf); if (req->InfoType == SMB2_O_INFO_FILE && (req->FileInfoClass == FILE_FULL_EA_INFORMATION || req->FileInfoClass == FILE_ALL_INFORMATION)) @@ -562,7 +560,7 @@ int smb2_allocate_rsp_buf(struct ksmbd_work *work) */ int smb2_check_user_session(struct ksmbd_work *work) { - struct smb2_hdr *req_hdr = work->request_buf; + struct smb2_hdr *req_hdr = smb2_get_msg(work->request_buf); struct ksmbd_conn *conn = work->conn; unsigned int cmd = conn->ops->get_cmd_val(work); unsigned long long sess_id; @@ -643,7 +641,7 @@ int setup_async_work(struct ksmbd_work *work, void (*fn)(void **), void **arg) struct ksmbd_conn *conn = work->conn; int id;

- rsp_hdr = work->response_buf; + rsp_hdr = smb2_get_msg(work->response_buf); rsp_hdr->Flags |= SMB2_FLAGS_ASYNC_COMMAND;

id = ksmbd_acquire_async_msg_id(&conn->async_ida); @@ -675,7 +673,7 @@ void smb2_send_interim_resp(struct ksmbd_work *work, __le32 status) { struct smb2_hdr *rsp_hdr;

- rsp_hdr = work->response_buf; + rsp_hdr = smb2_get_msg(work->response_buf); smb2_set_err_rsp(work); rsp_hdr->Status = status;

@@ -803,11 +801,11 @@ static void build_posix_ctxt(struct smb2_posix_neg_context *pneg_ctxt) }

static void assemble_neg_contexts(struct ksmbd_conn *conn, - struct smb2_negotiate_rsp *rsp) + struct smb2_negotiate_rsp *rsp, + void *smb2_buf_len) { - /* +4 is to account for the RFC1001 len field */ char *pneg_ctxt = (char *)rsp + - le32_to_cpu(rsp->NegotiateContextOffset) + 4; + le32_to_cpu(rsp->NegotiateContextOffset); int neg_ctxt_cnt = 1; int ctxt_size;

@@ -816,7 +814,7 @@ static void assemble_neg_contexts(struct ksmbd_conn *conn, build_preauth_ctxt((struct smb2_preauth_neg_context *)pneg_ctxt, conn->preauth_info->Preauth_HashId); rsp->NegotiateContextCount = cpu_to_le16(neg_ctxt_cnt); - inc_rfc1001_len(rsp, AUTH_GSS_PADDING); + inc_rfc1001_len(smb2_buf_len, AUTH_GSS_PADDING); ctxt_size = sizeof(struct smb2_preauth_neg_context); /* Round to 8 byte boundary */ pneg_ctxt += round_up(sizeof(struct smb2_preauth_neg_context), 8); @@ -870,7 +868,7 @@ static void assemble_neg_contexts(struct ksmbd_conn *conn, ctxt_size += sizeof(struct smb2_signing_capabilities) + 2; }

- inc_rfc1001_len(rsp, ctxt_size); + inc_rfc1001_len(smb2_buf_len, ctxt_size); }

static __le32 decode_preauth_ctxt(struct ksmbd_conn *conn, @@ -953,14 +951,14 @@ static void decode_sign_cap_ctxt(struct ksmbd_conn *conn, }

static __le32 deassemble_neg_contexts(struct ksmbd_conn *conn, - struct smb2_negotiate_req *req) + struct smb2_negotiate_req *req, + int len_of_smb) { /* +4 is to account for the RFC1001 len field */ - struct smb2_neg_context *pctx = (struct smb2_neg_context *)((char *)req + 4); + struct smb2_neg_context *pctx = (struct smb2_neg_context *)req; int i = 0, len_of_ctxts; int offset = le32_to_cpu(req->NegotiateContextOffset); int neg_ctxt_cnt = le16_to_cpu(req->NegotiateContextCount); - int len_of_smb = be32_to_cpu(req->hdr.smb2_buf_length); __le32 status = STATUS_INVALID_PARAMETER;

ksmbd_debug(SMB, "decoding %d negotiate contexts\n", neg_ctxt_cnt); @@ -1045,8 +1043,8 @@ static __le32 deassemble_neg_contexts(struct ksmbd_conn *conn, int smb2_handle_negotiate(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; - struct smb2_negotiate_req *req = work->request_buf; - struct smb2_negotiate_rsp *rsp = work->response_buf; + struct smb2_negotiate_req *req = smb2_get_msg(work->request_buf); + struct smb2_negotiate_rsp *rsp = smb2_get_msg(work->response_buf); int rc = 0; unsigned int smb2_buf_len, smb2_neg_size; __le32 status; @@ -1067,7 +1065,7 @@ int smb2_handle_negotiate(struct ksmbd_work *work) }

smb2_buf_len = get_rfc1002_len(work->request_buf); - smb2_neg_size = offsetof(struct smb2_negotiate_req, Dialects) - 4; + smb2_neg_size = offsetof(struct smb2_negotiate_req, Dialects); if (smb2_neg_size > smb2_buf_len) { rsp->hdr.Status = STATUS_INVALID_PARAMETER; rc = -EINVAL; @@ -1116,7 +1114,8 @@ int smb2_handle_negotiate(struct ksmbd_work *work) goto err_out; }

- status = deassemble_neg_contexts(conn, req); + status = deassemble_neg_contexts(conn, req, + get_rfc1002_len(work->request_buf)); if (status != STATUS_SUCCESS) { pr_err("deassemble_neg_contexts error(0x%x)\n", status); @@ -1136,7 +1135,7 @@ int smb2_handle_negotiate(struct ksmbd_work *work) conn->preauth_info->Preauth_HashValue); rsp->NegotiateContextOffset = cpu_to_le32(OFFSET_OF_NEG_CONTEXT); - assemble_neg_contexts(conn, rsp); + assemble_neg_contexts(conn, rsp, work->response_buf); break; case SMB302_PROT_ID: init_smb3_02_server(conn); @@ -1184,10 +1183,9 @@ int smb2_handle_negotiate(struct ksmbd_work *work)

rsp->SecurityBufferOffset = cpu_to_le16(128); rsp->SecurityBufferLength = cpu_to_le16(AUTH_GSS_LENGTH); - ksmbd_copy_gss_neg_header(((char *)(&rsp->hdr) + - sizeof(rsp->hdr.smb2_buf_length)) + - le16_to_cpu(rsp->SecurityBufferOffset)); - inc_rfc1001_len(rsp, sizeof(struct smb2_negotiate_rsp) - + ksmbd_copy_gss_neg_header((char *)(&rsp->hdr) + + le16_to_cpu(rsp->SecurityBufferOffset)); + inc_rfc1001_len(work->response_buf, sizeof(struct smb2_negotiate_rsp) - sizeof(struct smb2_hdr) - sizeof(rsp->Buffer) + AUTH_GSS_LENGTH); rsp->SecurityMode = SMB2_NEGOTIATE_SIGNING_ENABLED_LE; @@ -1279,7 +1277,7 @@ static int ntlm_negotiate(struct ksmbd_work *work, struct negotiate_message *negblob, size_t negblob_len) { - struct smb2_sess_setup_rsp *rsp = work->response_buf; + struct smb2_sess_setup_rsp *rsp = smb2_get_msg(work->response_buf); struct challenge_message *chgblob; unsigned char *spnego_blob = NULL; u16 spnego_blob_len; @@ -1387,8 +1385,8 @@ static struct ksmbd_user *session_user(struct ksmbd_conn *conn,

static int ntlm_authenticate(struct ksmbd_work *work) { - struct smb2_sess_setup_req *req = work->request_buf; - struct smb2_sess_setup_rsp *rsp = work->response_buf; + struct smb2_sess_setup_req *req = smb2_get_msg(work->request_buf); + struct smb2_sess_setup_rsp *rsp = smb2_get_msg(work->response_buf); struct ksmbd_conn *conn = work->conn; struct ksmbd_session *sess = work->sess; struct channel *chann = NULL; @@ -1411,7 +1409,7 @@ static int ntlm_authenticate(struct ksmbd_work *work) memcpy((char *)&rsp->hdr.ProtocolId + sz, spnego_blob, spnego_blob_len); rsp->SecurityBufferLength = cpu_to_le16(spnego_blob_len); kfree(spnego_blob); - inc_rfc1001_len(rsp, spnego_blob_len - 1); + inc_rfc1001_len(work->response_buf, spnego_blob_len - 1); }

user = session_user(conn, req); @@ -1523,8 +1521,8 @@ static int ntlm_authenticate(struct ksmbd_work *work) #ifdef CONFIG_SMB_SERVER_KERBEROS5 static int krb5_authenticate(struct ksmbd_work *work) { - struct smb2_sess_setup_req *req = work->request_buf; - struct smb2_sess_setup_rsp *rsp = work->response_buf; + struct smb2_sess_setup_req *req = smb2_get_msg(work->request_buf); + struct smb2_sess_setup_rsp *rsp = smb2_get_msg(work->response_buf); struct ksmbd_conn *conn = work->conn; struct ksmbd_session *sess = work->sess; char *in_blob, *out_blob; @@ -1539,8 +1537,7 @@ static int krb5_authenticate(struct ksmbd_work *work) out_blob = (char *)&rsp->hdr.ProtocolId + le16_to_cpu(rsp->SecurityBufferOffset); out_len = work->response_sz - - offsetof(struct smb2_hdr, smb2_buf_length) - - le16_to_cpu(rsp->SecurityBufferOffset); + (le16_to_cpu(rsp->SecurityBufferOffset) + 4);

/* Check previous session */ prev_sess_id = le64_to_cpu(req->PreviousSessionId); @@ -1557,7 +1554,7 @@ static int krb5_authenticate(struct ksmbd_work *work) return -EINVAL; } rsp->SecurityBufferLength = cpu_to_le16(out_len); - inc_rfc1001_len(rsp, out_len - 1); + inc_rfc1001_len(work->response_buf, out_len - 1);

if ((conn->sign || server_conf.enforced_signing) || (req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) @@ -1613,8 +1610,8 @@ static int krb5_authenticate(struct ksmbd_work *work) int smb2_sess_setup(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; - struct smb2_sess_setup_req *req = work->request_buf; - struct smb2_sess_setup_rsp *rsp = work->response_buf; + struct smb2_sess_setup_req *req = smb2_get_msg(work->request_buf); + struct smb2_sess_setup_rsp *rsp = smb2_get_msg(work->response_buf); struct ksmbd_session *sess; struct negotiate_message *negblob; unsigned int negblob_len, negblob_off; @@ -1626,7 +1623,7 @@ int smb2_sess_setup(struct ksmbd_work *work) rsp->SessionFlags = 0; rsp->SecurityBufferOffset = cpu_to_le16(72); rsp->SecurityBufferLength = 0; - inc_rfc1001_len(rsp, 9); + inc_rfc1001_len(work->response_buf, 9);

if (!req->hdr.SessionId) { sess = ksmbd_smb2_session_create(); @@ -1700,7 +1697,7 @@ int smb2_sess_setup(struct ksmbd_work *work)

negblob_off = le16_to_cpu(req->SecurityBufferOffset); negblob_len = le16_to_cpu(req->SecurityBufferLength); - if (negblob_off < (offsetof(struct smb2_sess_setup_req, Buffer) - 4) || + if (negblob_off < offsetof(struct smb2_sess_setup_req, Buffer) || negblob_len < offsetof(struct negotiate_message, NegotiateFlags)) return -EINVAL;

@@ -1740,7 +1737,8 @@ int smb2_sess_setup(struct ksmbd_work *work) * Note: here total size -1 is done as an * adjustment for 0 size blob */ - inc_rfc1001_len(rsp, le16_to_cpu(rsp->SecurityBufferLength) - 1); + inc_rfc1001_len(work->response_buf, + le16_to_cpu(rsp->SecurityBufferLength) - 1);

} else if (negblob->MessageType == NtLmAuthenticate) { rc = ntlm_authenticate(work); @@ -1829,8 +1827,8 @@ int smb2_sess_setup(struct ksmbd_work *work) int smb2_tree_connect(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; - struct smb2_tree_connect_req *req = work->request_buf; - struct smb2_tree_connect_rsp *rsp = work->response_buf; + struct smb2_tree_connect_req *req = smb2_get_msg(work->request_buf); + struct smb2_tree_connect_rsp *rsp = smb2_get_msg(work->response_buf); struct ksmbd_session *sess = work->sess; char *treename = NULL, *name = NULL; struct ksmbd_tree_conn_status status; @@ -1895,7 +1893,7 @@ int smb2_tree_connect(struct ksmbd_work *work) rsp->Reserved = 0; /* default manual caching */ rsp->ShareFlags = SMB2_SHAREFLAG_MANUAL_CACHING; - inc_rfc1001_len(rsp, 16); + inc_rfc1001_len(work->response_buf, 16);

if (!IS_ERR(treename)) kfree(treename); @@ -2000,17 +1998,18 @@ static int smb2_create_open_flags(bool file_present, __le32 access, */ int smb2_tree_disconnect(struct ksmbd_work *work) { - struct smb2_tree_disconnect_rsp *rsp = work->response_buf; + struct smb2_tree_disconnect_rsp *rsp = smb2_get_msg(work->response_buf); struct ksmbd_session *sess = work->sess; struct ksmbd_tree_connect *tcon = work->tcon;

rsp->StructureSize = cpu_to_le16(4); - inc_rfc1001_len(rsp, 4); + inc_rfc1001_len(work->response_buf, 4);

ksmbd_debug(SMB, "request\n");

if (!tcon) { - struct smb2_tree_disconnect_req *req = work->request_buf; + struct smb2_tree_disconnect_req *req = + smb2_get_msg(work->request_buf);

ksmbd_debug(SMB, "Invalid tid %d\n", req->hdr.Id.SyncId.TreeId); rsp->hdr.Status = STATUS_NETWORK_NAME_DELETED; @@ -2032,11 +2031,11 @@ int smb2_tree_disconnect(struct ksmbd_work *work) int smb2_session_logoff(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; - struct smb2_logoff_rsp *rsp = work->response_buf; + struct smb2_logoff_rsp *rsp = smb2_get_msg(work->response_buf); struct ksmbd_session *sess = work->sess;

rsp->StructureSize = cpu_to_le16(4); - inc_rfc1001_len(rsp, 4); + inc_rfc1001_len(work->response_buf, 4);

ksmbd_debug(SMB, "request\n");

@@ -2049,7 +2048,7 @@ int smb2_session_logoff(struct ksmbd_work *work) ksmbd_conn_wait_idle(conn);

if (ksmbd_tree_conn_session_logoff(sess)) { - struct smb2_logoff_req *req = work->request_buf; + struct smb2_logoff_req *req = smb2_get_msg(work->request_buf);

ksmbd_debug(SMB, "Invalid tid %d\n", req->hdr.Id.SyncId.TreeId); rsp->hdr.Status = STATUS_NETWORK_NAME_DELETED; @@ -2076,8 +2075,8 @@ int smb2_session_logoff(struct ksmbd_work *work) */ static noinline int create_smb2_pipe(struct ksmbd_work *work) { - struct smb2_create_rsp *rsp = work->response_buf; - struct smb2_create_req *req = work->request_buf; + struct smb2_create_rsp *rsp = smb2_get_msg(work->response_buf); + struct smb2_create_req *req = smb2_get_msg(work->request_buf); int id; int err; char *name; @@ -2115,7 +2114,7 @@ static noinline int create_smb2_pipe(struct ksmbd_work *work) rsp->CreateContextsOffset = 0; rsp->CreateContextsLength = 0;

- inc_rfc1001_len(rsp, 88); /* StructureSize - 1*/ + inc_rfc1001_len(work->response_buf, 88); /* StructureSize - 1*/ kfree(name); return 0;

@@ -2449,7 +2448,7 @@ int smb2_open(struct ksmbd_work *work) struct ksmbd_session *sess = work->sess; struct ksmbd_tree_connect *tcon = work->tcon; struct smb2_create_req *req; - struct smb2_create_rsp *rsp, *rsp_org; + struct smb2_create_rsp *rsp; struct path path; struct ksmbd_share_config *share = tcon->share_conf; struct ksmbd_file *fp = NULL; @@ -2474,7 +2473,6 @@ int smb2_open(struct ksmbd_work *work) umode_t posix_mode = 0; __le32 daccess, maximal_access = 0;

- rsp_org = work->response_buf; WORK_BUFFERS(work, req, rsp);

if (req->hdr.NextCommand && !work->next_smb2_rcv_hdr_off && @@ -3114,7 +3112,7 @@ int smb2_open(struct ksmbd_work *work)

rsp->CreateContextsOffset = 0; rsp->CreateContextsLength = 0; - inc_rfc1001_len(rsp_org, 88); /* StructureSize - 1*/ + inc_rfc1001_len(work->response_buf, 88); /* StructureSize - 1*/

/* If lease is request send lease context response */ if (opinfo && opinfo->is_lease) { @@ -3129,7 +3127,8 @@ int smb2_open(struct ksmbd_work *work) create_lease_buf(rsp->Buffer, opinfo->o_lease); le32_add_cpu(&rsp->CreateContextsLength, conn->vals->create_lease_size); - inc_rfc1001_len(rsp_org, conn->vals->create_lease_size); + inc_rfc1001_len(work->response_buf, + conn->vals->create_lease_size); next_ptr = &lease_ccontext->Next; next_off = conn->vals->create_lease_size; } @@ -3148,7 +3147,8 @@ int smb2_open(struct ksmbd_work *work) le32_to_cpu(maximal_access)); le32_add_cpu(&rsp->CreateContextsLength, conn->vals->create_mxac_size); - inc_rfc1001_len(rsp_org, conn->vals->create_mxac_size); + inc_rfc1001_len(work->response_buf, + conn->vals->create_mxac_size); if (next_ptr) *next_ptr = cpu_to_le32(next_off); next_ptr = &mxac_ccontext->Next; @@ -3166,7 +3166,8 @@ int smb2_open(struct ksmbd_work *work) stat.ino, tcon->id); le32_add_cpu(&rsp->CreateContextsLength, conn->vals->create_disk_id_size); - inc_rfc1001_len(rsp_org, conn->vals->create_disk_id_size); + inc_rfc1001_len(work->response_buf, + conn->vals->create_disk_id_size); if (next_ptr) *next_ptr = cpu_to_le32(next_off); next_ptr = &disk_id_ccontext->Next; @@ -3180,15 +3181,15 @@ int smb2_open(struct ksmbd_work *work) fp); le32_add_cpu(&rsp->CreateContextsLength, conn->vals->create_posix_size); - inc_rfc1001_len(rsp_org, conn->vals->create_posix_size); + inc_rfc1001_len(work->response_buf, + conn->vals->create_posix_size); if (next_ptr) *next_ptr = cpu_to_le32(next_off); }

if (contxt_cnt > 0) { rsp->CreateContextsOffset = - cpu_to_le32(offsetof(struct smb2_create_rsp, Buffer) - - 4); + cpu_to_le32(offsetof(struct smb2_create_rsp, Buffer)); }

err_out: @@ -3786,7 +3787,7 @@ int smb2_query_dir(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; struct smb2_query_directory_req *req; - struct smb2_query_directory_rsp *rsp, *rsp_org; + struct smb2_query_directory_rsp *rsp; struct ksmbd_share_config *share = work->tcon->share_conf; struct ksmbd_file *dir_fp = NULL; struct ksmbd_dir_info d_info; @@ -3796,7 +3797,6 @@ int smb2_query_dir(struct ksmbd_work *work) int buffer_sz; struct smb2_query_dir_private query_dir_private = {NULL, };

- rsp_org = work->response_buf; WORK_BUFFERS(work, req, rsp);

if (ksmbd_override_fsids(work)) { @@ -3916,7 +3916,7 @@ int smb2_query_dir(struct ksmbd_work *work) rsp->OutputBufferOffset = cpu_to_le16(0); rsp->OutputBufferLength = cpu_to_le32(0); rsp->Buffer[0] = 0; - inc_rfc1001_len(rsp_org, 9); + inc_rfc1001_len(work->response_buf, 9); } else { ((struct file_directory_info *) ((char *)rsp->Buffer + d_info.last_entry_offset)) @@ -3925,7 +3925,7 @@ int smb2_query_dir(struct ksmbd_work *work) rsp->StructureSize = cpu_to_le16(9); rsp->OutputBufferOffset = cpu_to_le16(72); rsp->OutputBufferLength = cpu_to_le32(d_info.data_count); - inc_rfc1001_len(rsp_org, 8 + d_info.data_count); + inc_rfc1001_len(work->response_buf, 8 + d_info.data_count); }

kfree(srch_ptr); @@ -3968,26 +3968,28 @@ int smb2_query_dir(struct ksmbd_work *work) * Return: 0 on success, otherwise error */ static int buffer_check_err(int reqOutputBufferLength, - struct smb2_query_info_rsp *rsp, int infoclass_size) + struct smb2_query_info_rsp *rsp, + void *rsp_org, int infoclass_size) { if (reqOutputBufferLength < le32_to_cpu(rsp->OutputBufferLength)) { if (reqOutputBufferLength < infoclass_size) { pr_err("Invalid Buffer Size Requested\n"); rsp->hdr.Status = STATUS_INFO_LENGTH_MISMATCH; - rsp->hdr.smb2_buf_length = cpu_to_be32(sizeof(struct smb2_hdr) - 4); + *(__be32 *)rsp_org = cpu_to_be32(sizeof(struct smb2_hdr)); return -EINVAL; }

ksmbd_debug(SMB, "Buffer Overflow\n"); rsp->hdr.Status = STATUS_BUFFER_OVERFLOW; - rsp->hdr.smb2_buf_length = cpu_to_be32(sizeof(struct smb2_hdr) - 4 + + *(__be32 *)rsp_org = cpu_to_be32(sizeof(struct smb2_hdr) + reqOutputBufferLength); rsp->OutputBufferLength = cpu_to_le32(reqOutputBufferLength); } return 0; }

-static void get_standard_info_pipe(struct smb2_query_info_rsp *rsp) +static void get_standard_info_pipe(struct smb2_query_info_rsp *rsp, + void *rsp_org) { struct smb2_file_standard_info *sinfo;

@@ -4000,10 +4002,11 @@ static void get_standard_info_pipe(struct smb2_query_info_rsp *rsp) sinfo->Directory = 0; rsp->OutputBufferLength = cpu_to_le32(sizeof(struct smb2_file_standard_info)); - inc_rfc1001_len(rsp, sizeof(struct smb2_file_standard_info)); + inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_standard_info)); }

-static void get_internal_info_pipe(struct smb2_query_info_rsp *rsp, u64 num) +static void get_internal_info_pipe(struct smb2_query_info_rsp *rsp, u64 num, + void *rsp_org) { struct smb2_file_internal_info *file_info;

@@ -4013,12 +4016,13 @@ static void get_internal_info_pipe(struct smb2_query_info_rsp *rsp, u64 num) file_info->IndexNumber = cpu_to_le64(num | (1ULL << 63)); rsp->OutputBufferLength = cpu_to_le32(sizeof(struct smb2_file_internal_info)); - inc_rfc1001_len(rsp, sizeof(struct smb2_file_internal_info)); + inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_internal_info)); }

static int smb2_get_info_file_pipe(struct ksmbd_session *sess, struct smb2_query_info_req *req, - struct smb2_query_info_rsp *rsp) + struct smb2_query_info_rsp *rsp, + void *rsp_org) { u64 id; int rc; @@ -4036,14 +4040,16 @@ static int smb2_get_info_file_pipe(struct ksmbd_session *sess,

switch (req->FileInfoClass) { case FILE_STANDARD_INFORMATION: - get_standard_info_pipe(rsp); + get_standard_info_pipe(rsp, rsp_org); rc = buffer_check_err(le32_to_cpu(req->OutputBufferLength), - rsp, FILE_STANDARD_INFORMATION_SIZE); + rsp, rsp_org, + FILE_STANDARD_INFORMATION_SIZE); break; case FILE_INTERNAL_INFORMATION: - get_internal_info_pipe(rsp, id); + get_internal_info_pipe(rsp, id, rsp_org); rc = buffer_check_err(le32_to_cpu(req->OutputBufferLength), - rsp, FILE_INTERNAL_INFORMATION_SIZE); + rsp, rsp_org, + FILE_INTERNAL_INFORMATION_SIZE); break; default: ksmbd_debug(SMB, "smb2_info_file_pipe for %u not supported\n", @@ -4651,7 +4657,7 @@ static int find_file_posix_info(struct smb2_query_info_rsp *rsp,

static int smb2_get_info_file(struct ksmbd_work *work, struct smb2_query_info_req *req, - struct smb2_query_info_rsp *rsp, void *rsp_org) + struct smb2_query_info_rsp *rsp) { struct ksmbd_file *fp; int fileinfoclass = 0; @@ -4662,7 +4668,8 @@ static int smb2_get_info_file(struct ksmbd_work *work, if (test_share_config_flag(work->tcon->share_conf, KSMBD_SHARE_FLAG_PIPE)) { /* smb2 info file called for pipe */ - return smb2_get_info_file_pipe(work->sess, req, rsp); + return smb2_get_info_file_pipe(work->sess, req, rsp, + work->response_buf); }

if (work->next_smb2_rcv_hdr_off) { @@ -4687,77 +4694,77 @@ static int smb2_get_info_file(struct ksmbd_work *work,

switch (fileinfoclass) { case FILE_ACCESS_INFORMATION: - get_file_access_info(rsp, fp, rsp_org); + get_file_access_info(rsp, fp, work->response_buf); file_infoclass_size = FILE_ACCESS_INFORMATION_SIZE; break;

case FILE_BASIC_INFORMATION: - rc = get_file_basic_info(rsp, fp, rsp_org); + rc = get_file_basic_info(rsp, fp, work->response_buf); file_infoclass_size = FILE_BASIC_INFORMATION_SIZE; break;

case FILE_STANDARD_INFORMATION: - get_file_standard_info(rsp, fp, rsp_org); + get_file_standard_info(rsp, fp, work->response_buf); file_infoclass_size = FILE_STANDARD_INFORMATION_SIZE; break;

case FILE_ALIGNMENT_INFORMATION: - get_file_alignment_info(rsp, rsp_org); + get_file_alignment_info(rsp, work->response_buf); file_infoclass_size = FILE_ALIGNMENT_INFORMATION_SIZE; break;

case FILE_ALL_INFORMATION: - rc = get_file_all_info(work, rsp, fp, rsp_org); + rc = get_file_all_info(work, rsp, fp, work->response_buf); file_infoclass_size = FILE_ALL_INFORMATION_SIZE; break;

case FILE_ALTERNATE_NAME_INFORMATION: - get_file_alternate_info(work, rsp, fp, rsp_org); + get_file_alternate_info(work, rsp, fp, work->response_buf); file_infoclass_size = FILE_ALTERNATE_NAME_INFORMATION_SIZE; break;

case FILE_STREAM_INFORMATION: - get_file_stream_info(work, rsp, fp, rsp_org); + get_file_stream_info(work, rsp, fp, work->response_buf); file_infoclass_size = FILE_STREAM_INFORMATION_SIZE; break;

case FILE_INTERNAL_INFORMATION: - get_file_internal_info(rsp, fp, rsp_org); + get_file_internal_info(rsp, fp, work->response_buf); file_infoclass_size = FILE_INTERNAL_INFORMATION_SIZE; break;

case FILE_NETWORK_OPEN_INFORMATION: - rc = get_file_network_open_info(rsp, fp, rsp_org); + rc = get_file_network_open_info(rsp, fp, work->response_buf); file_infoclass_size = FILE_NETWORK_OPEN_INFORMATION_SIZE; break;

case FILE_EA_INFORMATION: - get_file_ea_info(rsp, rsp_org); + get_file_ea_info(rsp, work->response_buf); file_infoclass_size = FILE_EA_INFORMATION_SIZE; break;

case FILE_FULL_EA_INFORMATION: - rc = smb2_get_ea(work, fp, req, rsp, rsp_org); + rc = smb2_get_ea(work, fp, req, rsp, work->response_buf); file_infoclass_size = FILE_FULL_EA_INFORMATION_SIZE; break;

case FILE_POSITION_INFORMATION: - get_file_position_info(rsp, fp, rsp_org); + get_file_position_info(rsp, fp, work->response_buf); file_infoclass_size = FILE_POSITION_INFORMATION_SIZE; break;

case FILE_MODE_INFORMATION: - get_file_mode_info(rsp, fp, rsp_org); + get_file_mode_info(rsp, fp, work->response_buf); file_infoclass_size = FILE_MODE_INFORMATION_SIZE; break;

case FILE_COMPRESSION_INFORMATION: - get_file_compression_info(rsp, fp, rsp_org); + get_file_compression_info(rsp, fp, work->response_buf); file_infoclass_size = FILE_COMPRESSION_INFORMATION_SIZE; break;

case FILE_ATTRIBUTE_TAG_INFORMATION: - rc = get_file_attribute_tag_info(rsp, fp, rsp_org); + rc = get_file_attribute_tag_info(rsp, fp, work->response_buf); file_infoclass_size = FILE_ATTRIBUTE_TAG_INFORMATION_SIZE; break; case SMB_FIND_FILE_POSIX_INFO: @@ -4765,7 +4772,7 @@ static int smb2_get_info_file(struct ksmbd_work *work, pr_err("client doesn't negotiate with SMB3.1.1 POSIX Extensions\n"); rc = -EOPNOTSUPP; } else { - rc = find_file_posix_info(rsp, fp, rsp_org); + rc = find_file_posix_info(rsp, fp, work->response_buf); file_infoclass_size = sizeof(struct smb311_posix_qinfo); } break; @@ -4776,7 +4783,7 @@ static int smb2_get_info_file(struct ksmbd_work *work, } if (!rc) rc = buffer_check_err(le32_to_cpu(req->OutputBufferLength), - rsp, + rsp, work->response_buf, file_infoclass_size); ksmbd_fd_put(work, fp); return rc; @@ -4784,7 +4791,7 @@ static int smb2_get_info_file(struct ksmbd_work *work,

static int smb2_get_info_filesystem(struct ksmbd_work *work, struct smb2_query_info_req *req, - struct smb2_query_info_rsp *rsp, void *rsp_org) + struct smb2_query_info_rsp *rsp) { struct ksmbd_session *sess = work->sess; struct ksmbd_conn *conn = sess->conn; @@ -4820,7 +4827,7 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work, info->DeviceType = cpu_to_le32(stfs.f_type); info->DeviceCharacteristics = cpu_to_le32(0x00000020); rsp->OutputBufferLength = cpu_to_le32(8); - inc_rfc1001_len(rsp_org, 8); + inc_rfc1001_len(work->response_buf, 8); fs_infoclass_size = FS_DEVICE_INFORMATION_SIZE; break; } @@ -4846,7 +4853,7 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work, info->FileSystemNameLen = cpu_to_le32(len); sz = sizeof(struct filesystem_attribute_info) - 2 + len; rsp->OutputBufferLength = cpu_to_le32(sz); - inc_rfc1001_len(rsp_org, sz); + inc_rfc1001_len(work->response_buf, sz); fs_infoclass_size = FS_ATTRIBUTE_INFORMATION_SIZE; break; } @@ -4867,7 +4874,7 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work, info->Reserved = 0; sz = sizeof(struct filesystem_vol_info) - 2 + len; rsp->OutputBufferLength = cpu_to_le32(sz); - inc_rfc1001_len(rsp_org, sz); + inc_rfc1001_len(work->response_buf, sz); fs_infoclass_size = FS_VOLUME_INFORMATION_SIZE; break; } @@ -4881,7 +4888,7 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work, info->SectorsPerAllocationUnit = cpu_to_le32(1); info->BytesPerSector = cpu_to_le32(stfs.f_bsize); rsp->OutputBufferLength = cpu_to_le32(24); - inc_rfc1001_len(rsp_org, 24); + inc_rfc1001_len(work->response_buf, 24); fs_infoclass_size = FS_SIZE_INFORMATION_SIZE; break; } @@ -4898,7 +4905,7 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work, info->SectorsPerAllocationUnit = cpu_to_le32(1); info->BytesPerSector = cpu_to_le32(stfs.f_bsize); rsp->OutputBufferLength = cpu_to_le32(32); - inc_rfc1001_len(rsp_org, 32); + inc_rfc1001_len(work->response_buf, 32); fs_infoclass_size = FS_FULL_SIZE_INFORMATION_SIZE; break; } @@ -4919,7 +4926,7 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work, info->extended_info.rel_date = 0; memcpy(info->extended_info.version_string, "1.1.0", strlen("1.1.0")); rsp->OutputBufferLength = cpu_to_le32(64); - inc_rfc1001_len(rsp_org, 64); + inc_rfc1001_len(work->response_buf, 64); fs_infoclass_size = FS_OBJECT_ID_INFORMATION_SIZE; break; } @@ -4940,7 +4947,7 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work, info->ByteOffsetForSectorAlignment = 0; info->ByteOffsetForPartitionAlignment = 0; rsp->OutputBufferLength = cpu_to_le32(28); - inc_rfc1001_len(rsp_org, 28); + inc_rfc1001_len(work->response_buf, 28); fs_infoclass_size = FS_SECTOR_SIZE_INFORMATION_SIZE; break; } @@ -4962,7 +4969,7 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work, info->DefaultQuotaLimit = cpu_to_le64(SMB2_NO_FID); info->Padding = 0; rsp->OutputBufferLength = cpu_to_le32(48); - inc_rfc1001_len(rsp_org, 48); + inc_rfc1001_len(work->response_buf, 48); fs_infoclass_size = FS_CONTROL_INFORMATION_SIZE; break; } @@ -4983,7 +4990,7 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work, info->TotalFileNodes = cpu_to_le64(stfs.f_files); info->FreeFileNodes = cpu_to_le64(stfs.f_ffree); rsp->OutputBufferLength = cpu_to_le32(56); - inc_rfc1001_len(rsp_org, 56); + inc_rfc1001_len(work->response_buf, 56); fs_infoclass_size = FS_POSIX_INFORMATION_SIZE; } break; @@ -4993,7 +5000,7 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work, return -EOPNOTSUPP; } rc = buffer_check_err(le32_to_cpu(req->OutputBufferLength), - rsp, + rsp, work->response_buf, fs_infoclass_size); path_put(&path); return rc; @@ -5001,7 +5008,7 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work,

static int smb2_get_info_sec(struct ksmbd_work *work, struct smb2_query_info_req *req, - struct smb2_query_info_rsp *rsp, void *rsp_org) + struct smb2_query_info_rsp *rsp) { struct ksmbd_file *fp; struct smb_ntsd *pntsd = (struct smb_ntsd *)rsp->Buffer, *ppntsd = NULL; @@ -5027,7 +5034,7 @@ static int smb2_get_info_sec(struct ksmbd_work *work,

secdesclen = sizeof(struct smb_ntsd); rsp->OutputBufferLength = cpu_to_le32(secdesclen); - inc_rfc1001_len(rsp_org, secdesclen); + inc_rfc1001_len(work->response_buf, secdesclen);

return 0; } @@ -5066,7 +5073,7 @@ static int smb2_get_info_sec(struct ksmbd_work *work, return rc;

rsp->OutputBufferLength = cpu_to_le32(secdesclen); - inc_rfc1001_len(rsp_org, secdesclen); + inc_rfc1001_len(work->response_buf, secdesclen); return 0; }

@@ -5079,10 +5086,9 @@ static int smb2_get_info_sec(struct ksmbd_work *work, int smb2_query_info(struct ksmbd_work *work) { struct smb2_query_info_req *req; - struct smb2_query_info_rsp *rsp, *rsp_org; + struct smb2_query_info_rsp *rsp; int rc = 0;

- rsp_org = work->response_buf; WORK_BUFFERS(work, req, rsp);

ksmbd_debug(SMB, "GOT query info request\n"); @@ -5090,15 +5096,15 @@ int smb2_query_info(struct ksmbd_work *work) switch (req->InfoType) { case SMB2_O_INFO_FILE: ksmbd_debug(SMB, "GOT SMB2_O_INFO_FILE\n"); - rc = smb2_get_info_file(work, req, rsp, (void *)rsp_org); + rc = smb2_get_info_file(work, req, rsp); break; case SMB2_O_INFO_FILESYSTEM: ksmbd_debug(SMB, "GOT SMB2_O_INFO_FILESYSTEM\n"); - rc = smb2_get_info_filesystem(work, req, rsp, (void *)rsp_org); + rc = smb2_get_info_filesystem(work, req, rsp); break; case SMB2_O_INFO_SECURITY: ksmbd_debug(SMB, "GOT SMB2_O_INFO_SECURITY\n"); - rc = smb2_get_info_sec(work, req, rsp, (void *)rsp_org); + rc = smb2_get_info_sec(work, req, rsp); break; default: ksmbd_debug(SMB, "InfoType %d not supported yet\n", @@ -5123,7 +5129,7 @@ int smb2_query_info(struct ksmbd_work *work) } rsp->StructureSize = cpu_to_le16(9); rsp->OutputBufferOffset = cpu_to_le16(72); - inc_rfc1001_len(rsp_org, 8); + inc_rfc1001_len(work->response_buf, 8); return 0; }

@@ -5136,8 +5142,8 @@ int smb2_query_info(struct ksmbd_work *work) static noinline int smb2_close_pipe(struct ksmbd_work *work) { u64 id; - struct smb2_close_req *req = work->request_buf; - struct smb2_close_rsp *rsp = work->response_buf; + struct smb2_close_req *req = smb2_get_msg(work->request_buf); + struct smb2_close_rsp *rsp = smb2_get_msg(work->response_buf);

id = le64_to_cpu(req->VolatileFileId); ksmbd_session_rpc_close(work->sess, id); @@ -5152,7 +5158,7 @@ static noinline int smb2_close_pipe(struct ksmbd_work *work) rsp->AllocationSize = 0; rsp->EndOfFile = 0; rsp->Attributes = 0; - inc_rfc1001_len(rsp, 60); + inc_rfc1001_len(work->response_buf, 60); return 0; }

@@ -5168,14 +5174,12 @@ int smb2_close(struct ksmbd_work *work) u64 sess_id; struct smb2_close_req *req; struct smb2_close_rsp *rsp; - struct smb2_close_rsp *rsp_org; struct ksmbd_conn *conn = work->conn; struct ksmbd_file *fp; struct inode *inode; u64 time; int err = 0;

- rsp_org = work->response_buf; WORK_BUFFERS(work, req, rsp);

if (test_share_config_flag(work->tcon->share_conf, @@ -5265,7 +5269,7 @@ int smb2_close(struct ksmbd_work *work) rsp->hdr.Status = STATUS_FILE_CLOSED; smb2_set_err_rsp(work); } else { - inc_rfc1001_len(rsp_org, 60); + inc_rfc1001_len(work->response_buf, 60); }

return 0; @@ -5279,11 +5283,11 @@ int smb2_close(struct ksmbd_work *work) */ int smb2_echo(struct ksmbd_work *work) { - struct smb2_echo_rsp *rsp = work->response_buf; + struct smb2_echo_rsp *rsp = smb2_get_msg(work->response_buf);

rsp->StructureSize = cpu_to_le16(4); rsp->Reserved = 0; - inc_rfc1001_len(rsp, 4); + inc_rfc1001_len(work->response_buf, 4); return 0; }

@@ -5894,14 +5898,13 @@ static int smb2_set_info_sec(struct ksmbd_file *fp, int addition_info, int smb2_set_info(struct ksmbd_work *work) { struct smb2_set_info_req *req; - struct smb2_set_info_rsp *rsp, *rsp_org; + struct smb2_set_info_rsp *rsp; struct ksmbd_file *fp; int rc = 0; unsigned int id = KSMBD_NO_FID, pid = KSMBD_NO_FID;

ksmbd_debug(SMB, "Received set info request\n");

- rsp_org = work->response_buf; if (work->next_smb2_rcv_hdr_off) { req = ksmbd_req_buf_next(work); rsp = ksmbd_resp_buf_next(work); @@ -5912,8 +5915,8 @@ int smb2_set_info(struct ksmbd_work *work) pid = work->compound_pfid; } } else { - req = work->request_buf; - rsp = work->response_buf; + req = smb2_get_msg(work->request_buf); + rsp = smb2_get_msg(work->response_buf); }

if (!has_file_id(id)) { @@ -5953,7 +5956,7 @@ int smb2_set_info(struct ksmbd_work *work) goto err_out;

rsp->StructureSize = cpu_to_le16(2); - inc_rfc1001_len(rsp_org, 2); + inc_rfc1001_len(work->response_buf, 2); ksmbd_fd_put(work, fp); return 0;

@@ -5993,12 +5996,12 @@ static noinline int smb2_read_pipe(struct ksmbd_work *work) int nbytes = 0, err; u64 id; struct ksmbd_rpc_command *rpc_resp; - struct smb2_read_req *req = work->request_buf; - struct smb2_read_rsp *rsp = work->response_buf; + struct smb2_read_req *req = smb2_get_msg(work->request_buf); + struct smb2_read_rsp *rsp = smb2_get_msg(work->response_buf);

id = le64_to_cpu(req->VolatileFileId);

- inc_rfc1001_len(rsp, 16); + inc_rfc1001_len(work->response_buf, 16); rpc_resp = ksmbd_rpc_read(work->sess, id); if (rpc_resp) { if (rpc_resp->flags != KSMBD_RPC_OK) { @@ -6017,7 +6020,7 @@ static noinline int smb2_read_pipe(struct ksmbd_work *work) rpc_resp->payload_sz);

nbytes = rpc_resp->payload_sz; - work->resp_hdr_sz = get_rfc1002_len(rsp) + 4; + work->resp_hdr_sz = get_rfc1002_len(work->response_buf) + 4; work->aux_payload_sz = nbytes; kvfree(rpc_resp); } @@ -6028,7 +6031,7 @@ static noinline int smb2_read_pipe(struct ksmbd_work *work) rsp->DataLength = cpu_to_le32(nbytes); rsp->DataRemaining = 0; rsp->Reserved2 = 0; - inc_rfc1001_len(rsp, nbytes); + inc_rfc1001_len(work->response_buf, nbytes); return 0;

out: @@ -6078,14 +6081,13 @@ int smb2_read(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; struct smb2_read_req *req; - struct smb2_read_rsp *rsp, *rsp_org; + struct smb2_read_rsp *rsp; struct ksmbd_file *fp; loff_t offset; size_t length, mincount; ssize_t nbytes = 0, remain_bytes = 0; int err = 0;

- rsp_org = work->response_buf; WORK_BUFFERS(work, req, rsp);

if (test_share_config_flag(work->tcon->share_conf, @@ -6167,10 +6169,10 @@ int smb2_read(struct ksmbd_work *work) rsp->DataLength = cpu_to_le32(nbytes); rsp->DataRemaining = cpu_to_le32(remain_bytes); rsp->Reserved2 = 0; - inc_rfc1001_len(rsp_org, 16); - work->resp_hdr_sz = get_rfc1002_len(rsp_org) + 4; + inc_rfc1001_len(work->response_buf, 16); + work->resp_hdr_sz = get_rfc1002_len(work->response_buf) + 4; work->aux_payload_sz = nbytes; - inc_rfc1001_len(rsp_org, nbytes); + inc_rfc1001_len(work->response_buf, nbytes); ksmbd_fd_put(work, fp); return 0;

@@ -6205,8 +6207,8 @@ int smb2_read(struct ksmbd_work *work) */ static noinline int smb2_write_pipe(struct ksmbd_work *work) { - struct smb2_write_req *req = work->request_buf; - struct smb2_write_rsp *rsp = work->response_buf; + struct smb2_write_req *req = smb2_get_msg(work->request_buf); + struct smb2_write_rsp *rsp = smb2_get_msg(work->response_buf); struct ksmbd_rpc_command *rpc_resp; u64 id = 0; int err = 0, ret = 0; @@ -6217,13 +6219,14 @@ static noinline int smb2_write_pipe(struct ksmbd_work *work) id = le64_to_cpu(req->VolatileFileId);

if (le16_to_cpu(req->DataOffset) == - (offsetof(struct smb2_write_req, Buffer) - 4)) { + offsetof(struct smb2_write_req, Buffer)) { data_buf = (char *)&req->Buffer[0]; } else { - if ((u64)le16_to_cpu(req->DataOffset) + length > get_rfc1002_len(req)) { + if ((u64)le16_to_cpu(req->DataOffset) + length > + get_rfc1002_len(work->request_buf)) { pr_err("invalid write data offset %u, smb_len %u\n", le16_to_cpu(req->DataOffset), - get_rfc1002_len(req)); + get_rfc1002_len(work->request_buf)); err = -EINVAL; goto out; } @@ -6255,7 +6258,7 @@ static noinline int smb2_write_pipe(struct ksmbd_work *work) rsp->DataLength = cpu_to_le32(length); rsp->DataRemaining = 0; rsp->Reserved2 = 0; - inc_rfc1001_len(rsp, 16); + inc_rfc1001_len(work->response_buf, 16); return 0; out: if (err) { @@ -6323,7 +6326,7 @@ static ssize_t smb2_write_rdma_channel(struct ksmbd_work *work, int smb2_write(struct ksmbd_work *work) { struct smb2_write_req *req; - struct smb2_write_rsp *rsp, *rsp_org; + struct smb2_write_rsp *rsp; struct ksmbd_file *fp = NULL; loff_t offset; size_t length; @@ -6332,7 +6335,6 @@ int smb2_write(struct ksmbd_work *work) bool writethrough = false; int err = 0;

- rsp_org = work->response_buf; WORK_BUFFERS(work, req, rsp);

if (test_share_config_flag(work->tcon->share_conf, KSMBD_SHARE_FLAG_PIPE)) { @@ -6375,13 +6377,14 @@ int smb2_write(struct ksmbd_work *work) if (req->Channel != SMB2_CHANNEL_RDMA_V1 && req->Channel != SMB2_CHANNEL_RDMA_V1_INVALIDATE) { if (le16_to_cpu(req->DataOffset) == - (offsetof(struct smb2_write_req, Buffer) - 4)) { + offsetof(struct smb2_write_req, Buffer)) { data_buf = (char *)&req->Buffer[0]; } else { - if ((u64)le16_to_cpu(req->DataOffset) + length > get_rfc1002_len(req)) { + if ((u64)le16_to_cpu(req->DataOffset) + length > + get_rfc1002_len(work->request_buf)) { pr_err("invalid write data offset %u, smb_len %u\n", le16_to_cpu(req->DataOffset), - get_rfc1002_len(req)); + get_rfc1002_len(work->request_buf)); err = -EINVAL; goto out; } @@ -6419,7 +6422,7 @@ int smb2_write(struct ksmbd_work *work) rsp->DataLength = cpu_to_le32(nbytes); rsp->DataRemaining = 0; rsp->Reserved2 = 0; - inc_rfc1001_len(rsp_org, 16); + inc_rfc1001_len(work->response_buf, 16); ksmbd_fd_put(work, fp); return 0;

@@ -6453,10 +6456,9 @@ int smb2_write(struct ksmbd_work *work) int smb2_flush(struct ksmbd_work *work) { struct smb2_flush_req *req; - struct smb2_flush_rsp *rsp, *rsp_org; + struct smb2_flush_rsp *rsp; int err;

- rsp_org = work->response_buf; WORK_BUFFERS(work, req, rsp);

ksmbd_debug(SMB, "SMB2_FLUSH called for fid %llu\n", @@ -6470,7 +6472,7 @@ int smb2_flush(struct ksmbd_work *work)

rsp->StructureSize = cpu_to_le16(4); rsp->Reserved = 0; - inc_rfc1001_len(rsp_org, 4); + inc_rfc1001_len(work->response_buf, 4); return 0;

out: @@ -6491,7 +6493,7 @@ int smb2_flush(struct ksmbd_work *work) int smb2_cancel(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; - struct smb2_hdr *hdr = work->request_buf; + struct smb2_hdr *hdr = smb2_get_msg(work->request_buf); struct smb2_hdr *chdr; struct ksmbd_work *cancel_work = NULL; int canceled = 0; @@ -6506,7 +6508,7 @@ int smb2_cancel(struct ksmbd_work *work) spin_lock(&conn->request_lock); list_for_each_entry(cancel_work, command_list, async_request_entry) { - chdr = cancel_work->request_buf; + chdr = smb2_get_msg(cancel_work->request_buf);

if (cancel_work->async_id != le64_to_cpu(hdr->Id.AsyncId)) @@ -6525,7 +6527,7 @@ int smb2_cancel(struct ksmbd_work *work)

spin_lock(&conn->request_lock); list_for_each_entry(cancel_work, command_list, request_entry) { - chdr = cancel_work->request_buf; + chdr = smb2_get_msg(cancel_work->request_buf);

if (chdr->MessageId != hdr->MessageId || cancel_work == work) @@ -6660,8 +6662,8 @@ static inline bool lock_defer_pending(struct file_lock *fl) */ int smb2_lock(struct ksmbd_work *work) { - struct smb2_lock_req *req = work->request_buf; - struct smb2_lock_rsp *rsp = work->response_buf; + struct smb2_lock_req *req = smb2_get_msg(work->request_buf); + struct smb2_lock_rsp *rsp = smb2_get_msg(work->response_buf); struct smb2_lock_element *lock_ele; struct ksmbd_file *fp = NULL; struct file_lock *flock = NULL; @@ -6968,7 +6970,7 @@ int smb2_lock(struct ksmbd_work *work) ksmbd_debug(SMB, "successful in taking lock\n"); rsp->hdr.Status = STATUS_SUCCESS; rsp->Reserved = 0; - inc_rfc1001_len(rsp, 4); + inc_rfc1001_len(work->response_buf, 4); ksmbd_fd_put(work, fp); return 0;

@@ -7437,13 +7439,12 @@ static int fsctl_request_resume_key(struct ksmbd_work *work, int smb2_ioctl(struct ksmbd_work *work) { struct smb2_ioctl_req *req; - struct smb2_ioctl_rsp *rsp, *rsp_org; + struct smb2_ioctl_rsp *rsp; unsigned int cnt_code, nbytes = 0, out_buf_len, in_buf_len; u64 id = KSMBD_NO_FID; struct ksmbd_conn *conn = work->conn; int ret = 0;

- rsp_org = work->response_buf; if (work->next_smb2_rcv_hdr_off) { req = ksmbd_req_buf_next(work); rsp = ksmbd_resp_buf_next(work); @@ -7453,8 +7454,8 @@ int smb2_ioctl(struct ksmbd_work *work) id = work->compound_fid; } } else { - req = work->request_buf; - rsp = work->response_buf; + req = smb2_get_msg(work->request_buf); + rsp = smb2_get_msg(work->response_buf); }

if (!has_file_id(id)) @@ -7734,7 +7735,7 @@ int smb2_ioctl(struct ksmbd_work *work) rsp->Reserved = cpu_to_le16(0); rsp->Flags = cpu_to_le32(0); rsp->Reserved2 = cpu_to_le32(0); - inc_rfc1001_len(rsp_org, 48 + nbytes); + inc_rfc1001_len(work->response_buf, 48 + nbytes);

return 0;

@@ -7761,8 +7762,8 @@ int smb2_ioctl(struct ksmbd_work *work) */ static void smb20_oplock_break_ack(struct ksmbd_work *work) { - struct smb2_oplock_break *req = work->request_buf; - struct smb2_oplock_break *rsp = work->response_buf; + struct smb2_oplock_break *req = smb2_get_msg(work->request_buf); + struct smb2_oplock_break *rsp = smb2_get_msg(work->response_buf); struct ksmbd_file *fp; struct oplock_info *opinfo = NULL; __le32 err = 0; @@ -7869,7 +7870,7 @@ static void smb20_oplock_break_ack(struct ksmbd_work *work) rsp->Reserved2 = 0; rsp->VolatileFid = cpu_to_le64(volatile_id); rsp->PersistentFid = cpu_to_le64(persistent_id); - inc_rfc1001_len(rsp, 24); + inc_rfc1001_len(work->response_buf, 24); return;

err_out: @@ -7905,8 +7906,8 @@ static int check_lease_state(struct lease *lease, __le32 req_state) static void smb21_lease_break_ack(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; - struct smb2_lease_ack *req = work->request_buf; - struct smb2_lease_ack *rsp = work->response_buf; + struct smb2_lease_ack *req = smb2_get_msg(work->request_buf); + struct smb2_lease_ack *rsp = smb2_get_msg(work->response_buf); struct oplock_info *opinfo; __le32 err = 0; int ret = 0; @@ -8018,7 +8019,7 @@ static void smb21_lease_break_ack(struct ksmbd_work *work) memcpy(rsp->LeaseKey, req->LeaseKey, 16); rsp->LeaseState = lease_state; rsp->LeaseDuration = 0; - inc_rfc1001_len(rsp, 36); + inc_rfc1001_len(work->response_buf, 36); return;

err_out: @@ -8039,8 +8040,8 @@ static void smb21_lease_break_ack(struct ksmbd_work *work) */ int smb2_oplock_break(struct ksmbd_work *work) { - struct smb2_oplock_break *req = work->request_buf; - struct smb2_oplock_break *rsp = work->response_buf; + struct smb2_oplock_break *req = smb2_get_msg(work->request_buf); + struct smb2_oplock_break *rsp = smb2_get_msg(work->response_buf);

switch (le16_to_cpu(req->StructureSize)) { case OP_BREAK_STRUCT_SIZE_20: @@ -8092,7 +8093,7 @@ int smb2_notify(struct ksmbd_work *work) */ bool smb2_is_sign_req(struct ksmbd_work *work, unsigned int command) { - struct smb2_hdr *rcv_hdr2 = work->request_buf; + struct smb2_hdr *rcv_hdr2 = smb2_get_msg(work->request_buf);

if ((rcv_hdr2->Flags & SMB2_FLAGS_SIGNED) && command != SMB2_NEGOTIATE_HE && @@ -8111,22 +8112,22 @@ bool smb2_is_sign_req(struct ksmbd_work *work, unsigned int command) */ int smb2_check_sign_req(struct ksmbd_work *work) { - struct smb2_hdr *hdr, *hdr_org; + struct smb2_hdr *hdr; char signature_req[SMB2_SIGNATURE_SIZE]; char signature[SMB2_HMACSHA256_SIZE]; struct kvec iov[1]; size_t len;

- hdr_org = hdr = work->request_buf; + hdr = smb2_get_msg(work->request_buf); if (work->next_smb2_rcv_hdr_off) hdr = ksmbd_req_buf_next(work);

if (!hdr->NextCommand && !work->next_smb2_rcv_hdr_off) - len = be32_to_cpu(hdr_org->smb2_buf_length); + len = get_rfc1002_len(work->request_buf); else if (hdr->NextCommand) len = le32_to_cpu(hdr->NextCommand); else - len = be32_to_cpu(hdr_org->smb2_buf_length) - + len = get_rfc1002_len(work->request_buf) - work->next_smb2_rcv_hdr_off;

memcpy(signature_req, hdr->Signature, SMB2_SIGNATURE_SIZE); @@ -8154,25 +8155,26 @@ int smb2_check_sign_req(struct ksmbd_work *work) */ void smb2_set_sign_rsp(struct ksmbd_work *work) { - struct smb2_hdr *hdr, *hdr_org; + struct smb2_hdr *hdr; struct smb2_hdr *req_hdr; char signature[SMB2_HMACSHA256_SIZE]; struct kvec iov[2]; size_t len; int n_vec = 1;

- hdr_org = hdr = work->response_buf; + hdr = smb2_get_msg(work->response_buf); if (work->next_smb2_rsp_hdr_off) hdr = ksmbd_resp_buf_next(work);

req_hdr = ksmbd_req_buf_next(work);

if (!work->next_smb2_rsp_hdr_off) { - len = get_rfc1002_len(hdr_org); + len = get_rfc1002_len(work->response_buf); if (req_hdr->NextCommand) len = ALIGN(len, 8); } else { - len = get_rfc1002_len(hdr_org) - work->next_smb2_rsp_hdr_off; + len = get_rfc1002_len(work->response_buf) - + work->next_smb2_rsp_hdr_off; len = ALIGN(len, 8); }

@@ -8208,23 +8210,23 @@ int smb3_check_sign_req(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; char *signing_key; - struct smb2_hdr *hdr, *hdr_org; + struct smb2_hdr *hdr; struct channel *chann; char signature_req[SMB2_SIGNATURE_SIZE]; char signature[SMB2_CMACAES_SIZE]; struct kvec iov[1]; size_t len;

- hdr_org = hdr = work->request_buf; + hdr = smb2_get_msg(work->request_buf); if (work->next_smb2_rcv_hdr_off) hdr = ksmbd_req_buf_next(work);

if (!hdr->NextCommand && !work->next_smb2_rcv_hdr_off) - len = be32_to_cpu(hdr_org->smb2_buf_length); + len = get_rfc1002_len(work->request_buf); else if (hdr->NextCommand) len = le32_to_cpu(hdr->NextCommand); else - len = be32_to_cpu(hdr_org->smb2_buf_length) - + len = get_rfc1002_len(work->request_buf) - work->next_smb2_rcv_hdr_off;

if (le16_to_cpu(hdr->Command) == SMB2_SESSION_SETUP_HE) { @@ -8265,8 +8267,7 @@ int smb3_check_sign_req(struct ksmbd_work *work) void smb3_set_sign_rsp(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; - struct smb2_hdr *req_hdr; - struct smb2_hdr *hdr, *hdr_org; + struct smb2_hdr *req_hdr, *hdr; struct channel *chann; char signature[SMB2_CMACAES_SIZE]; struct kvec iov[2]; @@ -8274,18 +8275,19 @@ void smb3_set_sign_rsp(struct ksmbd_work *work) size_t len; char *signing_key;

- hdr_org = hdr = work->response_buf; + hdr = smb2_get_msg(work->response_buf); if (work->next_smb2_rsp_hdr_off) hdr = ksmbd_resp_buf_next(work);

req_hdr = ksmbd_req_buf_next(work);

if (!work->next_smb2_rsp_hdr_off) { - len = get_rfc1002_len(hdr_org); + len = get_rfc1002_len(work->response_buf); if (req_hdr->NextCommand) len = ALIGN(len, 8); } else { - len = get_rfc1002_len(hdr_org) - work->next_smb2_rsp_hdr_off; + len = get_rfc1002_len(work->response_buf) - + work->next_smb2_rsp_hdr_off; len = ALIGN(len, 8); }

@@ -8338,7 +8340,7 @@ void smb3_preauth_hash_rsp(struct ksmbd_work *work)

if (le16_to_cpu(req->Command) == SMB2_NEGOTIATE_HE && conn->preauth_info) - ksmbd_gen_preauth_integrity_hash(conn, (char *)rsp, + ksmbd_gen_preauth_integrity_hash(conn, work->response_buf, conn->preauth_info->Preauth_HashValue);

if (le16_to_cpu(rsp->Command) == SMB2_SESSION_SETUP_HE && sess) { @@ -8356,7 +8358,7 @@ void smb3_preauth_hash_rsp(struct ksmbd_work *work) if (!hash_value) return; } - ksmbd_gen_preauth_integrity_hash(conn, (char *)rsp, + ksmbd_gen_preauth_integrity_hash(conn, work->response_buf, hash_value); } } @@ -8438,7 +8440,6 @@ int smb3_decrypt_req(struct ksmbd_work *work) struct ksmbd_conn *conn = work->conn; struct ksmbd_session *sess; char *buf = work->request_buf; - struct smb2_hdr *hdr; unsigned int pdu_length = get_rfc1002_len(buf); struct kvec iov[2]; int buf_data_size = pdu_length + 4 - @@ -8473,8 +8474,7 @@ int smb3_decrypt_req(struct ksmbd_work *work) return rc;

memmove(buf + 4, iov[1].iov_base, buf_data_size); - hdr = (struct smb2_hdr *)buf; - hdr->smb2_buf_length = cpu_to_be32(buf_data_size); + *(__be32 *)buf = cpu_to_be32(buf_data_size);

return rc; } @@ -8482,7 +8482,7 @@ int smb3_decrypt_req(struct ksmbd_work *work) bool smb3_11_final_sess_setup_resp(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; - struct smb2_hdr *rsp = work->response_buf; + struct smb2_hdr *rsp = smb2_get_msg(work->response_buf);

if (conn->dialect < SMB30_PROT_ID) return false; diff --git a/fs/ksmbd/smb2pdu.h b/fs/ksmbd/smb2pdu.h index ff5a2f01d34a..a70f5461bffe 100644 --- a/fs/ksmbd/smb2pdu.h +++ b/fs/ksmbd/smb2pdu.h @@ -130,11 +130,6 @@ cpu_to_le16(__SMB2_HEADER_STRUCTURE_SIZE)

struct smb2_hdr { - __be32 smb2_buf_length; /* big endian on wire */ - /* - * length is only two or three bytes - with - * one or two byte type preceding it that MBZ - */ __le32 ProtocolId; /* 0xFE 'S' 'M' 'B' */ __le16 StructureSize; /* 64 */ __le16 CreditCharge; /* MBZ */ @@ -253,14 +248,14 @@ struct preauth_integrity_info { __u8 Preauth_HashValue[PREAUTH_HASHVALUE_SIZE]; };

-/* offset is sizeof smb2_negotiate_rsp - 4 but rounded up to 8 bytes. */ +/* offset is sizeof smb2_negotiate_rsp but rounded up to 8 bytes. */ #ifdef CONFIG_SMB_SERVER_KERBEROS5 -/* sizeof(struct smb2_negotiate_rsp) - 4 = +/* sizeof(struct smb2_negotiate_rsp) = * header(64) + response(64) + GSS_LENGTH(96) + GSS_PADDING(0) */ #define OFFSET_OF_NEG_CONTEXT 0xe0 #else -/* sizeof(struct smb2_negotiate_rsp) - 4 = +/* sizeof(struct smb2_negotiate_rsp) = * header(64) + response(64) + GSS_LENGTH(74) + GSS_PADDING(6) */ #define OFFSET_OF_NEG_CONTEXT 0xd0 @@ -1705,4 +1700,13 @@ int smb2_ioctl(struct ksmbd_work *work); int smb2_oplock_break(struct ksmbd_work *work); int smb2_notify(struct ksmbd_work *ksmbd_work);

+/* + * Get the body of the smb2 message excluding the 4 byte rfc1002 headers + * from request/response buffer. + */ +static inline void *smb2_get_msg(void *buf) +{ + return buf + 4; +} + #endif /* _SMB2PDU_H */ diff --git a/fs/ksmbd/smb_common.c b/fs/ksmbd/smb_common.c index f3f1953b2bcf..be9701273c71 100644 --- a/fs/ksmbd/smb_common.c +++ b/fs/ksmbd/smb_common.c @@ -239,14 +239,14 @@ int ksmbd_lookup_dialect_by_id(__le16 *cli_dialects, __le16 dialects_count) static int ksmbd_negotiate_smb_dialect(void *buf) { int smb_buf_length = get_rfc1002_len(buf); - __le32 proto = ((struct smb2_hdr *)buf)->ProtocolId; + __le32 proto = ((struct smb2_hdr *)smb2_get_msg(buf))->ProtocolId;

if (proto == SMB2_PROTO_NUMBER) { struct smb2_negotiate_req *req; int smb2_neg_size = - offsetof(struct smb2_negotiate_req, Dialects) - 4; + offsetof(struct smb2_negotiate_req, Dialects);

- req = (struct smb2_negotiate_req *)buf; + req = (struct smb2_negotiate_req *)smb2_get_msg(buf); if (smb2_neg_size > smb_buf_length) goto err_out;

@@ -443,11 +443,12 @@ int ksmbd_smb_negotiate_common(struct ksmbd_work *work, unsigned int command) struct ksmbd_conn *conn = work->conn; int ret;

- conn->dialect = ksmbd_negotiate_smb_dialect(work->request_buf); + conn->dialect = + ksmbd_negotiate_smb_dialect(work->request_buf); ksmbd_debug(SMB, "conn->dialect 0x%x\n", conn->dialect);

if (command == SMB2_NEGOTIATE_HE) { - struct smb2_hdr *smb2_hdr = work->request_buf; + struct smb2_hdr *smb2_hdr = smb2_get_msg(work->request_buf);

if (smb2_hdr->ProtocolId != SMB2_PROTO_NUMBER) { ksmbd_debug(SMB, "Downgrade to SMB1 negotiation\n"); diff --git a/fs/ksmbd/smb_common.h b/fs/ksmbd/smb_common.h index 6e79e7577f6b..35ca9b7d9979 100644 --- a/fs/ksmbd/smb_common.h +++ b/fs/ksmbd/smb_common.h @@ -477,12 +477,6 @@ struct smb_version_cmds { int (*proc)(struct ksmbd_work *swork); };

-static inline size_t -smb2_hdr_size_no_buflen(struct smb_version_values *vals) -{ - return vals->header_size - 4; -} - int ksmbd_min_protocol(void); int ksmbd_max_protocol(void);

diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c index 6330dfc302ff..7e57cbb0bb35 100644 --- a/fs/ksmbd/transport_rdma.c +++ b/fs/ksmbd/transport_rdma.c @@ -484,7 +484,7 @@ static int smb_direct_check_recvmsg(struct smb_direct_recvmsg *recvmsg) struct smb_direct_data_transfer *req = (struct smb_direct_data_transfer *)recvmsg->packet; struct smb2_hdr *hdr = (struct smb2_hdr *)(recvmsg->packet - + le32_to_cpu(req->data_offset) - 4); + + le32_to_cpu(req->data_offset)); ksmbd_debug(RDMA, "CreditGranted: %u, CreditRequested: %u, DataLength: %u, RemainingDataLength: %u, SMB: %x, Command: %u\n", le16_to_cpu(req->credits_granted),

From patchwork Mon Nov 14 12:52:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183348 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:13 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:13 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:12 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 251/308] ksmbd: remove smb2_buf_length in smb2_transform_hdr Date: Mon, 14 Nov 2022 20:52:40 +0800 Message-ID: 20221114125337.1831594-252-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: f0488c85-2bb2-42d8-0a21-08dac63c893d X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6434101 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.16-rc1 commit 2dd9129f7dec1de369e4447a54ea2edf695f765b category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/2dd9129f7dec

-------------------------------

To move smb2_transform_hdr to smbfs_common, This patch remove smb2_buf_length variable in smb2_transform_hdr.

Cc: Ronnie Sahlberg ronniesahlberg@gmail.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/auth.c | 7 +++---- fs/ksmbd/connection.c | 2 +- fs/ksmbd/smb2pdu.c | 37 +++++++++++++++++-------------------- fs/ksmbd/smb2pdu.h | 5 ----- 4 files changed, 21 insertions(+), 30 deletions(-)

diff --git a/fs/ksmbd/auth.c b/fs/ksmbd/auth.c index c69c5471db1c..3503b1c48cb4 100644 --- a/fs/ksmbd/auth.c +++ b/fs/ksmbd/auth.c @@ -983,7 +983,7 @@ static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec, u8 *sign) { struct scatterlist *sg; - unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 24; + unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20; int i, nr_entries[3] = {0}, total_entries = 0, sg_idx = 0;

if (!nvec) @@ -1047,9 +1047,8 @@ static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec, int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov, unsigned int nvec, int enc) { - struct smb2_transform_hdr *tr_hdr = - (struct smb2_transform_hdr *)iov[0].iov_base; - unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 24; + struct smb2_transform_hdr *tr_hdr = smb2_get_msg(iov[0].iov_base); + unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20; int rc; struct scatterlist *sg; u8 sign[SMB2_SIGNATURE_SIZE] = {}; diff --git a/fs/ksmbd/connection.c b/fs/ksmbd/connection.c index 12f710ccbdff..83a94d0bb480 100644 --- a/fs/ksmbd/connection.c +++ b/fs/ksmbd/connection.c @@ -171,7 +171,7 @@ int ksmbd_conn_write(struct ksmbd_work *work)

if (work->tr_buf) { iov[iov_idx] = (struct kvec) { work->tr_buf, - sizeof(struct smb2_transform_hdr) }; + sizeof(struct smb2_transform_hdr) + 4 }; len += iov[iov_idx++].iov_len; }

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index ae906e78616e..bbf9f04ee2fb 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -8363,13 +8363,13 @@ void smb3_preauth_hash_rsp(struct ksmbd_work *work) } }

-static void fill_transform_hdr(struct smb2_transform_hdr *tr_hdr, char *old_buf, - __le16 cipher_type) +static void fill_transform_hdr(void *tr_buf, char *old_buf, __le16 cipher_type) { - struct smb2_hdr *hdr = (struct smb2_hdr *)old_buf; + struct smb2_transform_hdr *tr_hdr = tr_buf + 4; + struct smb2_hdr *hdr = smb2_get_msg(old_buf); unsigned int orig_len = get_rfc1002_len(old_buf);

- memset(tr_hdr, 0, sizeof(struct smb2_transform_hdr)); + memset(tr_buf, 0, sizeof(struct smb2_transform_hdr) + 4); tr_hdr->ProtocolId = SMB2_TRANSFORM_PROTO_NUM; tr_hdr->OriginalMessageSize = cpu_to_le32(orig_len); tr_hdr->Flags = cpu_to_le16(0x01); @@ -8379,14 +8379,13 @@ static void fill_transform_hdr(struct smb2_transform_hdr *tr_hdr, char *old_buf, else get_random_bytes(&tr_hdr->Nonce, SMB3_AES_CCM_NONCE); memcpy(&tr_hdr->SessionId, &hdr->SessionId, 8); - inc_rfc1001_len(tr_hdr, sizeof(struct smb2_transform_hdr) - 4); - inc_rfc1001_len(tr_hdr, orig_len); + inc_rfc1001_len(tr_buf, sizeof(struct smb2_transform_hdr)); + inc_rfc1001_len(tr_buf, orig_len); }

int smb3_encrypt_resp(struct ksmbd_work *work) { char *buf = work->response_buf; - struct smb2_transform_hdr *tr_hdr; struct kvec iov[3]; int rc = -ENOMEM; int buf_size = 0, rq_nvec = 2 + (work->aux_payload_sz ? 1 : 0); @@ -8394,15 +8393,15 @@ int smb3_encrypt_resp(struct ksmbd_work *work) if (ARRAY_SIZE(iov) < rq_nvec) return -ENOMEM;

- tr_hdr = kzalloc(sizeof(struct smb2_transform_hdr), GFP_KERNEL); - if (!tr_hdr) + work->tr_buf = kzalloc(sizeof(struct smb2_transform_hdr) + 4, GFP_KERNEL); + if (!work->tr_buf) return rc;

/* fill transform header */ - fill_transform_hdr(tr_hdr, buf, work->conn->cipher_type); + fill_transform_hdr(work->tr_buf, buf, work->conn->cipher_type);

- iov[0].iov_base = tr_hdr; - iov[0].iov_len = sizeof(struct smb2_transform_hdr); + iov[0].iov_base = work->tr_buf; + iov[0].iov_len = sizeof(struct smb2_transform_hdr) + 4; buf_size += iov[0].iov_len - 4;

iov[1].iov_base = buf + 4; @@ -8422,15 +8421,14 @@ int smb3_encrypt_resp(struct ksmbd_work *work) return rc;

memmove(buf, iov[1].iov_base, iov[1].iov_len); - tr_hdr->smb2_buf_length = cpu_to_be32(buf_size); - work->tr_buf = tr_hdr; + *(__be32 *)work->tr_buf = cpu_to_be32(buf_size);

return rc; }

bool smb3_is_transform_hdr(void *buf) { - struct smb2_transform_hdr *trhdr = buf; + struct smb2_transform_hdr *trhdr = smb2_get_msg(buf);

return trhdr->ProtocolId == SMB2_TRANSFORM_PROTO_NUM; } @@ -8442,9 +8440,8 @@ int smb3_decrypt_req(struct ksmbd_work *work) char *buf = work->request_buf; unsigned int pdu_length = get_rfc1002_len(buf); struct kvec iov[2]; - int buf_data_size = pdu_length + 4 - - sizeof(struct smb2_transform_hdr); - struct smb2_transform_hdr *tr_hdr = (struct smb2_transform_hdr *)buf; + int buf_data_size = pdu_length - sizeof(struct smb2_transform_hdr); + struct smb2_transform_hdr *tr_hdr = smb2_get_msg(buf); int rc = 0;

if (buf_data_size < sizeof(struct smb2_hdr)) { @@ -8466,8 +8463,8 @@ int smb3_decrypt_req(struct ksmbd_work *work) }

iov[0].iov_base = buf; - iov[0].iov_len = sizeof(struct smb2_transform_hdr); - iov[1].iov_base = buf + sizeof(struct smb2_transform_hdr); + iov[0].iov_len = sizeof(struct smb2_transform_hdr) + 4; + iov[1].iov_base = buf + sizeof(struct smb2_transform_hdr) + 4; iov[1].iov_len = buf_data_size; rc = ksmbd_crypt_message(conn, iov, 2, 0); if (rc) diff --git a/fs/ksmbd/smb2pdu.h b/fs/ksmbd/smb2pdu.h index a70f5461bffe..f418b001b999 100644 --- a/fs/ksmbd/smb2pdu.h +++ b/fs/ksmbd/smb2pdu.h @@ -159,11 +159,6 @@ struct smb2_pdu { #define SMB3_AES_GCM_NONCE 12

struct smb2_transform_hdr { - __be32 smb2_buf_length; /* big endian on wire */ - /* - * length is only two or three bytes - with - * one or two byte type preceding it that MBZ - */ __le32 ProtocolId; /* 0xFD 'S' 'M' 'B' */ __u8 Signature[16]; __u8 Nonce[16];

From patchwork Mon Nov 14 12:52:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183349 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:13 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:13 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:13 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 252/308] ksmbd: change LeaseKey data type to u8 array Date: Mon, 14 Nov 2022 20:52:41 +0800 Message-ID: 20221114125337.1831594-253-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: d3602676-ccbc-4a0f-9c04-08dac63c8985 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6906586 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.16-rc1 commit 2734b692f7b8167b93498dcd698067623d4267ca category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/2734b692f7b8

-------------------------------

cifs define LeaseKey as u8 array in structure. To move lease structure to smbfs_common, ksmbd change LeaseKey data type to u8 array.

Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/oplock.c | 24 +++++++++--------------- fs/ksmbd/oplock.h | 2 -- fs/ksmbd/smb2pdu.h | 11 +++++------ 3 files changed, 14 insertions(+), 23 deletions(-)

diff --git a/fs/ksmbd/oplock.c b/fs/ksmbd/oplock.c index e529bc11b04b..3162bdcdb255 100644 --- a/fs/ksmbd/oplock.c +++ b/fs/ksmbd/oplock.c @@ -1335,19 +1335,16 @@ __u8 smb2_map_lease_to_oplock(__le32 lease_state) */ void create_lease_buf(u8 *rbuf, struct lease *lease) { - char *LeaseKey = (char *)&lease->lease_key; - if (lease->version == 2) { struct create_lease_v2 *buf = (struct create_lease_v2 *)rbuf; - char *ParentLeaseKey = (char *)&lease->parent_lease_key;

memset(buf, 0, sizeof(struct create_lease_v2)); - buf->lcontext.LeaseKeyLow = *((__le64 *)LeaseKey); - buf->lcontext.LeaseKeyHigh = *((__le64 *)(LeaseKey + 8)); + memcpy(buf->lcontext.LeaseKey, lease->lease_key, + SMB2_LEASE_KEY_SIZE); buf->lcontext.LeaseFlags = lease->flags; buf->lcontext.LeaseState = lease->state; - buf->lcontext.ParentLeaseKeyLow = *((__le64 *)ParentLeaseKey); - buf->lcontext.ParentLeaseKeyHigh = *((__le64 *)(ParentLeaseKey + 8)); + memcpy(buf->lcontext.ParentLeaseKey, lease->parent_lease_key, + SMB2_LEASE_KEY_SIZE); buf->ccontext.DataOffset = cpu_to_le16(offsetof (struct create_lease_v2, lcontext)); buf->ccontext.DataLength = cpu_to_le32(sizeof(struct lease_context_v2)); @@ -1362,8 +1359,7 @@ void create_lease_buf(u8 *rbuf, struct lease *lease) struct create_lease *buf = (struct create_lease *)rbuf;

memset(buf, 0, sizeof(struct create_lease)); - buf->lcontext.LeaseKeyLow = *((__le64 *)LeaseKey); - buf->lcontext.LeaseKeyHigh = *((__le64 *)(LeaseKey + 8)); + memcpy(buf->lcontext.LeaseKey, lease->lease_key, SMB2_LEASE_KEY_SIZE); buf->lcontext.LeaseFlags = lease->flags; buf->lcontext.LeaseState = lease->state; buf->ccontext.DataOffset = cpu_to_le16(offsetof @@ -1416,19 +1412,17 @@ struct lease_ctx_info *parse_lease_state(void *open_req) if (sizeof(struct lease_context_v2) == le32_to_cpu(cc->DataLength)) { struct create_lease_v2 *lc = (struct create_lease_v2 *)cc;

- *((__le64 *)lreq->lease_key) = lc->lcontext.LeaseKeyLow; - *((__le64 *)(lreq->lease_key + 8)) = lc->lcontext.LeaseKeyHigh; + memcpy(lreq->lease_key, lc->lcontext.LeaseKey, SMB2_LEASE_KEY_SIZE); lreq->req_state = lc->lcontext.LeaseState; lreq->flags = lc->lcontext.LeaseFlags; lreq->duration = lc->lcontext.LeaseDuration; - *((__le64 *)lreq->parent_lease_key) = lc->lcontext.ParentLeaseKeyLow; - *((__le64 *)(lreq->parent_lease_key + 8)) = lc->lcontext.ParentLeaseKeyHigh; + memcpy(lreq->parent_lease_key, lc->lcontext.ParentLeaseKey, + SMB2_LEASE_KEY_SIZE); lreq->version = 2; } else { struct create_lease *lc = (struct create_lease *)cc;

- *((__le64 *)lreq->lease_key) = lc->lcontext.LeaseKeyLow; - *((__le64 *)(lreq->lease_key + 8)) = lc->lcontext.LeaseKeyHigh; + memcpy(lreq->lease_key, lc->lcontext.LeaseKey, SMB2_LEASE_KEY_SIZE); lreq->req_state = lc->lcontext.LeaseState; lreq->flags = lc->lcontext.LeaseFlags; lreq->duration = lc->lcontext.LeaseDuration; diff --git a/fs/ksmbd/oplock.h b/fs/ksmbd/oplock.h index 119b8047cfbd..0cf7a2b5bbc0 100644 --- a/fs/ksmbd/oplock.h +++ b/fs/ksmbd/oplock.h @@ -28,8 +28,6 @@ #define OPLOCK_WRITE_TO_NONE 0x04 #define OPLOCK_READ_TO_NONE 0x08

-#define SMB2_LEASE_KEY_SIZE 16 - struct lease_ctx_info { __u8 lease_key[SMB2_LEASE_KEY_SIZE]; __le32 req_state; diff --git a/fs/ksmbd/smb2pdu.h b/fs/ksmbd/smb2pdu.h index f418b001b999..829f44569077 100644 --- a/fs/ksmbd/smb2pdu.h +++ b/fs/ksmbd/smb2pdu.h @@ -733,22 +733,21 @@ struct create_posix_rsp {

#define SMB2_LEASE_FLAG_BREAK_IN_PROGRESS_LE cpu_to_le32(0x02)

+#define SMB2_LEASE_KEY_SIZE 16 + struct lease_context { - __le64 LeaseKeyLow; - __le64 LeaseKeyHigh; + __u8 LeaseKey[SMB2_LEASE_KEY_SIZE]; __le32 LeaseState; __le32 LeaseFlags; __le64 LeaseDuration; } __packed;

struct lease_context_v2 { - __le64 LeaseKeyLow; - __le64 LeaseKeyHigh; + __u8 LeaseKey[SMB2_LEASE_KEY_SIZE]; __le32 LeaseState; __le32 LeaseFlags; __le64 LeaseDuration; - __le64 ParentLeaseKeyLow; - __le64 ParentLeaseKeyHigh; + __u8 ParentLeaseKey[SMB2_LEASE_KEY_SIZE]; __le16 Epoch; __le16 Reserved; } __packed;

From patchwork Mon Nov 14 12:52:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183350 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:14 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:14 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:13 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 253/308] ksmbd: Fix an error handling path in 'smb2_sess_setup()' Date: Mon, 14 Nov 2022 20:52:42 +0800 Message-ID: 20221114125337.1831594-254-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 4062c24c-9bfb-4694-a0be-08dac63c89ce X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6938450 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Christophe JAILLET christophe.jaillet@wanadoo.fr

mainline inclusion from mainline-5.16-rc3 commit f8fbfd85f5c95fff477a7c19f576725945891d0c category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/f8fbfd85f5c9

-------------------------------

All the error handling paths of 'smb2_sess_setup()' end to 'out_err'.

All but the new error handling path added by the commit given in the Fixes tag below.

Fix this error handling path and branch to 'out_err' as well.

Fixes: 0d994cd482ee ("ksmbd: add buffer validation in session setup") Cc: stable@vger.kernel.org # v5.15 Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Christophe JAILLET christophe.jaillet@wanadoo.fr Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index bbf9f04ee2fb..27307cc0722b 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -1698,8 +1698,10 @@ int smb2_sess_setup(struct ksmbd_work *work) negblob_off = le16_to_cpu(req->SecurityBufferOffset); negblob_len = le16_to_cpu(req->SecurityBufferLength); if (negblob_off < offsetof(struct smb2_sess_setup_req, Buffer) || - negblob_len < offsetof(struct negotiate_message, NegotiateFlags)) - return -EINVAL; + negblob_len < offsetof(struct negotiate_message, NegotiateFlags)) { + rc = -EINVAL; + goto out_err; + }

negblob = (struct negotiate_message *)((char *)&req->hdr.ProtocolId + negblob_off);

From patchwork Mon Nov 14 12:52:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183351 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:14 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:14 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:14 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 254/308] ksmbd: downgrade addition info error msg to debug in smb2_get_info_sec() Date: Mon, 14 Nov 2022 20:52:43 +0800 Message-ID: 20221114125337.1831594-255-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 516ee83a-de11-401b-3206-08dac63c8a17 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6889079 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.16-rc3 commit 8e537d1465e7401f352a6e0a728a93f8cad5294a category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/8e537d1465e7

-------------------------------

While file transfer through windows client, This error flood message happen. This flood message will cause performance degradation and misunderstand server has problem.

Fixes: e294f78d3478 ("ksmbd: allow PROTECTED_DACL_SECINFO and UNPROTECTED_DACL_SECINFO addition information in smb2 set info security") Cc: stable@vger.kernel.org # v5.15 Acked-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 27307cc0722b..0b2d2904f7e7 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -5024,7 +5024,7 @@ static int smb2_get_info_sec(struct ksmbd_work *work, if (addition_info & ~(OWNER_SECINFO | GROUP_SECINFO | DACL_SECINFO | PROTECTED_DACL_SECINFO | UNPROTECTED_DACL_SECINFO)) { - pr_err("Unsupported addition info: 0x%x)\n", + ksmbd_debug(SMB, "Unsupported addition info: 0x%x)\n", addition_info);

pntsd->revision = cpu_to_le16(1);

From patchwork Mon Nov 14 12:52:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183352 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:15 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:15 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:14 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 255/308] ksmbd: contain default data stream even if xattr is empty Date: Mon, 14 Nov 2022 20:52:44 +0800 Message-ID: 20221114125337.1831594-256-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 2e3d8b5c-b171-49a0-c437-08dac63c8a5f X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6970114 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.16-rc3 commit 1ec72153ff434ce75bace3044dc89a23a05d7064 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/1ec72153ff43

-------------------------------

If xattr is not supported like exfat or fat, ksmbd server doesn't contain default data stream in FILE_STREAM_INFORMATION response. It will cause ppt or doc file update issue if local filesystem is such as ones. This patch move goto statement to contain it.

Fixes: 9f6323311c70 ("ksmbd: add default data stream name in FILE_STREAM_INFORMATION") Cc: stable@vger.kernel.org # v5.15 Acked-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 0b2d2904f7e7..96a7a2bcd878 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -4423,6 +4423,12 @@ static void get_file_stream_info(struct ksmbd_work *work, generic_fillattr(file_inode(fp->filp), &stat); file_info = (struct smb2_file_stream_info *)rsp->Buffer;

+ buf_free_len = + smb2_calc_max_out_buf_len(work, 8, + le32_to_cpu(req->OutputBufferLength)); + if (buf_free_len < 0) + goto out; + xattr_list_len = ksmbd_vfs_listxattr(path->dentry, &xattr_list); if (xattr_list_len < 0) { goto out; @@ -4431,12 +4437,6 @@ static void get_file_stream_info(struct ksmbd_work *work, goto out; }

- buf_free_len = - smb2_calc_max_out_buf_len(work, 8, - le32_to_cpu(req->OutputBufferLength)); - if (buf_free_len < 0) - goto out; - while (idx < xattr_list_len) { stream_name = xattr_list + idx; streamlen = strlen(stream_name); @@ -4480,6 +4480,7 @@ static void get_file_stream_info(struct ksmbd_work *work, file_info->NextEntryOffset = cpu_to_le32(next); }

+out: if (!S_ISDIR(stat.mode) && buf_free_len >= sizeof(struct smb2_file_stream_info) + 7 * 2) { file_info = (struct smb2_file_stream_info *) @@ -4488,14 +4489,13 @@ static void get_file_stream_info(struct ksmbd_work *work, "::$DATA", 7, conn->local_nls, 0); streamlen *= 2; file_info->StreamNameLength = cpu_to_le32(streamlen); - file_info->StreamSize = 0; - file_info->StreamAllocationSize = 0; + file_info->StreamSize = cpu_to_le64(stat.size); + file_info->StreamAllocationSize = cpu_to_le64(stat.blocks << 9); nbytes += sizeof(struct smb2_file_stream_info) + streamlen; }

/* last entry offset should be 0 */ file_info->NextEntryOffset = 0; -out: kvfree(xattr_list);

rsp->OutputBufferLength = cpu_to_le32(nbytes);

From patchwork Mon Nov 14 12:52:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183353 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:15 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:15 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:14 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 256/308] ksmbd: fix memleak in get_file_stream_info() Date: Mon, 14 Nov 2022 20:52:45 +0800 Message-ID: 20221114125337.1831594-257-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 9536ecea-0828-4c24-2fce-08dac63c8aa8 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7000964 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.16-rc3 commit 178ca6f85aa3231094467691f5ea1ff2f398aa8d category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/178ca6f85aa3

-------------------------------

Fix memleak in get_file_stream_info()

Fixes: 34061d6b76a4 ("ksmbd: validate OutputBufferLength of QUERY_DIR, QUERY_INFO, IOCTL requests") Cc: stable@vger.kernel.org # v5.15 Reported-by: Coverity Scan scan-admin@coverity.com Acked-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 96a7a2bcd878..44f7a219c525 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -4462,8 +4462,10 @@ static void get_file_stream_info(struct ksmbd_work *work, ":%s", &stream_name[XATTR_NAME_STREAM_LEN]);

next = sizeof(struct smb2_file_stream_info) + streamlen * 2; - if (next > buf_free_len) + if (next > buf_free_len) { + kfree(stream_buf); break; + }

file_info = (struct smb2_file_stream_info *)&rsp->Buffer[nbytes]; streamlen = smbConvertToUTF16((__le16 *)file_info->StreamName,

From patchwork Mon Nov 14 12:52:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183354 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:16 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:15 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:15 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 257/308] ksmbd: remove select FS_POSIX_ACL in Kconfig Date: Mon, 14 Nov 2022 20:52:46 +0800 Message-ID: 20221114125337.1831594-258-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: fa188aad-794b-43f5-9b47-08dac63c8af0 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7021712 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 777cad1604d68ed4379ec899d1f7d2f6a29f01f0 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/777cad1604d6

-------------------------------

ksmbd is forcing to turn on FS_POSIX_ACL in Kconfig to use vfs acl functions(posix_acl_alloc, get_acl, set_posix_acl). OpenWRT and other platform doesn't use acl and this config is disable by default in kernel. This patch use IS_ENABLED() to know acl config is enable and use acl function if it is enable.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 9 ++++-- fs/ksmbd/smbacl.c | 80 ++++++++++++++++++++++++++-------------------- fs/ksmbd/vfs.c | 9 ++++++ 3 files changed, 61 insertions(+), 37 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 44f7a219c525..81a56d78fc2d 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -2431,11 +2431,14 @@ static void ksmbd_acls_fattr(struct smb_fattr *fattr, struct inode *inode) fattr->cf_uid = inode->i_uid; fattr->cf_gid = inode->i_gid; fattr->cf_mode = inode->i_mode; + fattr->cf_acls = NULL; fattr->cf_dacls = NULL;

- fattr->cf_acls = get_acl(inode, ACL_TYPE_ACCESS); - if (S_ISDIR(inode->i_mode)) - fattr->cf_dacls = get_acl(inode, ACL_TYPE_DEFAULT); + if (IS_ENABLED(CONFIG_FS_POSIX_ACL)) { + fattr->cf_acls = get_acl(inode, ACL_TYPE_ACCESS); + if (S_ISDIR(inode->i_mode)) + fattr->cf_dacls = get_acl(inode, ACL_TYPE_DEFAULT); + } }

/** diff --git a/fs/ksmbd/smbacl.c b/fs/ksmbd/smbacl.c index 40a1e7bc9f16..7d8f9d03fb64 100644 --- a/fs/ksmbd/smbacl.c +++ b/fs/ksmbd/smbacl.c @@ -545,22 +545,29 @@ static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl,

if (acl_state.users->n || acl_state.groups->n) { acl_state.mask.allow = 0x07; - fattr->cf_acls = posix_acl_alloc(acl_state.users->n + - acl_state.groups->n + 4, GFP_KERNEL); - if (fattr->cf_acls) { - cf_pace = fattr->cf_acls->a_entries; - posix_state_to_acl(&acl_state, cf_pace); + + if (IS_ENABLED(CONFIG_FS_POSIX_ACL)) { + fattr->cf_acls = + posix_acl_alloc(acl_state.users->n + + acl_state.groups->n + 4, GFP_KERNEL); + if (fattr->cf_acls) { + cf_pace = fattr->cf_acls->a_entries; + posix_state_to_acl(&acl_state, cf_pace); + } } }

if (default_acl_state.users->n || default_acl_state.groups->n) { default_acl_state.mask.allow = 0x07; - fattr->cf_dacls = - posix_acl_alloc(default_acl_state.users->n + - default_acl_state.groups->n + 4, GFP_KERNEL); - if (fattr->cf_dacls) { - cf_pdace = fattr->cf_dacls->a_entries; - posix_state_to_acl(&default_acl_state, cf_pdace); + + if (IS_ENABLED(CONFIG_FS_POSIX_ACL)) { + fattr->cf_dacls = + posix_acl_alloc(default_acl_state.users->n + + default_acl_state.groups->n + 4, GFP_KERNEL); + if (fattr->cf_dacls) { + cf_pdace = fattr->cf_dacls->a_entries; + posix_state_to_acl(&default_acl_state, cf_pdace); + } } } free_acl_state(&acl_state); @@ -1222,29 +1229,34 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, struct path *path, granted = GENERIC_ALL_FLAGS; }

- posix_acls = get_acl(d_inode(path->dentry), ACL_TYPE_ACCESS); - if (posix_acls && !found) { - unsigned int id = -1; - - pa_entry = posix_acls->a_entries; - for (i = 0; i < posix_acls->a_count; i++, pa_entry++) { - if (pa_entry->e_tag == ACL_USER) - id = from_kuid(&init_user_ns, pa_entry->e_uid); - else if (pa_entry->e_tag == ACL_GROUP) - id = from_kgid(&init_user_ns, pa_entry->e_gid); - else - continue; - - if (id == uid) { - mode_to_access_flags(pa_entry->e_perm, 0777, &access_bits); - if (!access_bits) - access_bits = SET_MINIMUM_RIGHTS; - goto check_access_bits; + if (IS_ENABLED(CONFIG_FS_POSIX_ACL)) { + posix_acls = get_acl(d_inode(path->dentry), ACL_TYPE_ACCESS); + if (posix_acls && !found) { + unsigned int id = -1; + + pa_entry = posix_acls->a_entries; + for (i = 0; i < posix_acls->a_count; i++, pa_entry++) { + if (pa_entry->e_tag == ACL_USER) + id = from_kuid(&init_user_ns, pa_entry->e_uid); + else if (pa_entry->e_tag == ACL_GROUP) + id = from_kgid(&init_user_ns, pa_entry->e_gid); + else + continue; + + if (id == uid) { + mode_to_access_flags(pa_entry->e_perm, + 0777, + &access_bits); + if (!access_bits) + access_bits = + SET_MINIMUM_RIGHTS; + goto check_access_bits; + } } } + if (posix_acls) + posix_acl_release(posix_acls); } - if (posix_acls) - posix_acl_release(posix_acls);

if (!found) { if (others_ace) { @@ -1318,9 +1330,9 @@ int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon,

ksmbd_vfs_remove_acl_xattrs(path->dentry); /* Update posix acls */ - if (fattr.cf_dacls) { - rc = set_posix_acl(inode, ACL_TYPE_ACCESS, - fattr.cf_acls); + if (IS_ENABLED(CONFIG_FS_POSIX_ACL) && fattr.cf_dacls) { + rc = set_posix_acl(inode, + ACL_TYPE_ACCESS, fattr.cf_acls); if (S_ISDIR(inode->i_mode) && fattr.cf_dacls) rc = set_posix_acl(inode, ACL_TYPE_DEFAULT, fattr.cf_dacls); diff --git a/fs/ksmbd/vfs.c b/fs/ksmbd/vfs.c index 7f6a53ddf8a1..fff5f8674ad0 100644 --- a/fs/ksmbd/vfs.c +++ b/fs/ksmbd/vfs.c @@ -1326,6 +1326,9 @@ static struct xattr_smb_acl *ksmbd_vfs_make_xattr_posix_acl(struct inode *inode, struct xattr_acl_entry *xa_entry; int i;

+ if (!IS_ENABLED(CONFIG_FS_POSIX_ACL)) + return NULL; + posix_acls = get_acl(inode, acl_type); if (!posix_acls) return NULL; @@ -1759,6 +1762,9 @@ int ksmbd_vfs_set_init_posix_acl(struct inode *inode) struct posix_acl *acls; int rc;

+ if (!IS_ENABLED(CONFIG_FS_POSIX_ACL)) + return -EOPNOTSUPP; + ksmbd_debug(SMB, "Set posix acls\n"); rc = init_acl_state(&acl_state, 1); if (rc) @@ -1805,6 +1811,9 @@ int ksmbd_vfs_inherit_posix_acl(struct inode *inode, struct inode *parent_inode) struct posix_acl_entry *pace; int rc, i;

+ if (!IS_ENABLED(CONFIG_FS_POSIX_ACL)) + return -EOPNOTSUPP; + acls = get_acl(parent_inode, ACL_TYPE_DEFAULT); if (!acls) return -ENOENT;

From patchwork Mon Nov 14 12:52:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183355 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:16 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:16 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:15 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 258/308] ksmbd: fix uninitialized symbol 'pntsd_size' Date: Mon, 14 Nov 2022 20:52:47 +0800 Message-ID: 20221114125337.1831594-259-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: e64c942f-0d0d-430e-2d85-08dac63c8b39 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7012424 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.16-rc7 commit f2e78affc48dee29b989c1d9b0d89b503dcd1204 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/f2e78affc48d

-------------------------------

No check for if "rc" is an error code for build_sec_desc(). This can cause problems with using uninitialized pntsd_size.

Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Cc: stable@vger.kernel.org # v5.15 Reported-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 4 ++++ 1 file changed, 4 insertions(+)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 81a56d78fc2d..80142d420660 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -2941,6 +2941,10 @@ int smb2_open(struct ksmbd_work *work) &pntsd_size, &fattr); posix_acl_release(fattr.cf_acls); posix_acl_release(fattr.cf_dacls); + if (rc) { + kfree(pntsd); + goto err_out; + }

rc = ksmbd_vfs_set_sd_xattr(conn, path.dentry,

From patchwork Mon Nov 14 12:52:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183356 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:17 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:16 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:16 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 259/308] ksmbd: disable SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Date: Mon, 14 Nov 2022 20:52:48 +0800 Message-ID: 20221114125337.1831594-260-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 03333e29-5186-4dcb-f0ea-08dac63c8b82 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6965283 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Marcos Del Sol Vives marcos@orca.pet

mainline inclusion from mainline-5.16-rc7 commit 83912d6d55be10d65b5268d1871168b9ebe1ec4b category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/83912d6d55be

-------------------------------

According to the official Microsoft MS-SMB2 document section 3.3.5.4, this flag should be used only for 3.0 and 3.0.2 dialects. Setting it for 3.1.1 is a violation of the specification.

This causes my Windows 10 client to detect an anomaly in the negotiation, and disable encryption entirely despite being explicitly enabled in ksmbd, causing all data transfers to go in plain text.

Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Cc: stable@vger.kernel.org # v5.15 Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Marcos Del Sol Vives marcos@orca.pet Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2ops.c | 3 --- fs/ksmbd/smb2pdu.c | 25 +++++++++++++++++++++---- 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/fs/ksmbd/smb2ops.c b/fs/ksmbd/smb2ops.c index fb6a65d23139..2a6205103df2 100644 --- a/fs/ksmbd/smb2ops.c +++ b/fs/ksmbd/smb2ops.c @@ -272,9 +272,6 @@ int init_smb3_11_server(struct ksmbd_conn *conn) if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_LEASES) conn->vals->capabilities |= SMB2_GLOBAL_CAP_LEASING;

- if (conn->cipher_type) - conn->vals->capabilities |= SMB2_GLOBAL_CAP_ENCRYPTION; - if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL) conn->vals->capabilities |= SMB2_GLOBAL_CAP_MULTI_CHANNEL;

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 80142d420660..c03b454d0200 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -916,6 +916,25 @@ static void decode_encrypt_ctxt(struct ksmbd_conn *conn, } }

+/** + * smb3_encryption_negotiated() - checks if server and client agreed on enabling encryption + * @conn: smb connection + * + * Return: true if connection should be encrypted, else false + */ +static bool smb3_encryption_negotiated(struct ksmbd_conn *conn) +{ + if (!conn->ops->generate_encryptionkey) + return false; + + /* + * SMB 3.0 and 3.0.2 dialects use the SMB2_GLOBAL_CAP_ENCRYPTION flag. + * SMB 3.1.1 uses the cipher_type field. + */ + return (conn->vals->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION) || + conn->cipher_type; +} + static void decode_compress_ctxt(struct ksmbd_conn *conn, struct smb2_compression_ctx *pneg_ctxt) { @@ -1470,8 +1489,7 @@ static int ntlm_authenticate(struct ksmbd_work *work) (req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) sess->sign = true;

- if (conn->vals->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION && - conn->ops->generate_encryptionkey && + if (smb3_encryption_negotiated(conn) && !(req->Flags & SMB2_SESSION_REQ_FLAG_BINDING)) { rc = conn->ops->generate_encryptionkey(sess); if (rc) { @@ -1560,8 +1578,7 @@ static int krb5_authenticate(struct ksmbd_work *work) (req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) sess->sign = true;

- if ((conn->vals->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION) && - conn->ops->generate_encryptionkey) { + if (smb3_encryption_negotiated(conn)) { retval = conn->ops->generate_encryptionkey(sess); if (retval) { ksmbd_debug(SMB,

From patchwork Mon Nov 14 12:52:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183357 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:17 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:17 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:16 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 260/308] ksmbd: Remove unused parameter from smb2_get_name() Date: Mon, 14 Nov 2022 20:52:49 +0800 Message-ID: 20221114125337.1831594-261-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 21554939-4b2c-45a9-819d-08dac63c8bcb X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6956031 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Marios Makassikis mmakassikis@freebox.fr

mainline inclusion from mainline-5.17-rc1 commit 80917f17e3f99027661a45262c310139e53a9faa category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/80917f17e3f9

-------------------------------

The 'share' parameter is no longer used by smb2_get_name() since commit 265fd1991c1d ("ksmbd: use LOOKUP_BENEATH to prevent the out of share access").

Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Marios Makassikis mmakassikis@freebox.fr Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index c03b454d0200..b8c931140b14 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -611,7 +611,6 @@ static void destroy_previous_session(struct ksmbd_user *user, u64 id)

/** * smb2_get_name() - get filename string from on the wire smb format - * @share: ksmbd_share_config pointer * @src: source buffer * @maxlen: maxlen of source string * @nls_table: nls_table pointer @@ -619,8 +618,7 @@ static void destroy_previous_session(struct ksmbd_user *user, u64 id) * Return: matching converted filename on success, otherwise error ptr */ static char * -smb2_get_name(struct ksmbd_share_config *share, const char *src, - const int maxlen, struct nls_table *local_nls) +smb2_get_name(const char *src, const int maxlen, struct nls_table *local_nls) { char *name;

@@ -2518,8 +2516,7 @@ int smb2_open(struct ksmbd_work *work) goto err_out1; }

- name = smb2_get_name(share, - req->Buffer, + name = smb2_get_name(req->Buffer, le16_to_cpu(req->NameLength), work->conn->local_nls); if (IS_ERR(name)) { @@ -5350,8 +5347,7 @@ static int smb2_rename(struct ksmbd_work *work, struct ksmbd_file *fp, goto out; }

- new_name = smb2_get_name(share, - file_info->FileName, + new_name = smb2_get_name(file_info->FileName, le32_to_cpu(file_info->FileNameLength), local_nls); if (IS_ERR(new_name)) { @@ -5461,8 +5457,7 @@ static int smb2_create_link(struct ksmbd_work *work, if (!pathname) return -ENOMEM;

- link_name = smb2_get_name(share, - file_info->FileName, + link_name = smb2_get_name(file_info->FileName, le32_to_cpu(file_info->FileNameLength), local_nls); if (IS_ERR(link_name) || S_ISDIR(file_inode(filp)->i_mode)) {

From patchwork Mon Nov 14 12:52:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183358 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:18 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:17 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:17 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 261/308] ksmbd: Remove unused fields from ksmbd_file struct definition Date: Mon, 14 Nov 2022 20:52:50 +0800 Message-ID: 20221114125337.1831594-262-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 390ce115-d3c2-49d9-ed56-08dac63c8c13 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6846320 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Marios Makassikis mmakassikis@freebox.fr

mainline inclusion from mainline-5.17-rc1 commit 305f8bda15ebbe4004681286a5c67d0dc296c771 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/305f8bda15eb

-------------------------------

These fields are remnants of the not upstreamed SMB1 code.

Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Marios Makassikis mmakassikis@freebox.fr Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/vfs_cache.h | 10 ---------- 1 file changed, 10 deletions(-)

diff --git a/fs/ksmbd/vfs_cache.h b/fs/ksmbd/vfs_cache.h index 448576fbe4b7..36239ce31afd 100644 --- a/fs/ksmbd/vfs_cache.h +++ b/fs/ksmbd/vfs_cache.h @@ -96,16 +96,6 @@ struct ksmbd_file {

int durable_timeout;

- /* for SMB1 */ - int pid; - - /* conflict lock fail count for SMB1 */ - unsigned int cflock_cnt; - /* last lock failure start offset for SMB1 */ - unsigned long long llock_fstart; - - int dirent_offset; - /* if ls is happening on directory, below is valid*/ struct ksmbd_readdir_data readdir_data; int dot_dotdot[2];

From patchwork Mon Nov 14 12:52:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183359 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:18 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:18 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:17 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 262/308] ksmbd: set RSS capable in FSCTL_QUERY_NETWORK_INTERFACE_INFO Date: Mon, 14 Nov 2022 20:52:51 +0800 Message-ID: 20221114125337.1831594-263-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 9bf56580-7e3d-4c70-b062-08dac63c8c5d X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6909522 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.17-rc1 commit a58b45a4dbfd0bf2ebb157789da4d8e6368afb1b category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/a58b45a4dbfd

-------------------------------

Set RSS capable in FSCTL_QUERY_NETWORK_INTERFACE_INFO if netdev has multi tx queues. And add ksmbd_compare_user() to avoid racy condition issue in ksmbd_free_user(). because windows client is simultaneously used to send session setup requests for multichannel connection.

Tested-by: Ziwei Xie zw.xie@high-flyer.cn Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/mgmt/user_config.c | 10 ++++++++++ fs/ksmbd/mgmt/user_config.h | 1 + fs/ksmbd/smb2pdu.c | 15 ++++++++++----- 3 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/fs/ksmbd/mgmt/user_config.c b/fs/ksmbd/mgmt/user_config.c index 1019d3677d55..279d00feff21 100644 --- a/fs/ksmbd/mgmt/user_config.c +++ b/fs/ksmbd/mgmt/user_config.c @@ -67,3 +67,13 @@ int ksmbd_anonymous_user(struct ksmbd_user *user) return 1; return 0; } + +bool ksmbd_compare_user(struct ksmbd_user *u1, struct ksmbd_user *u2) +{ + if (strcmp(u1->name, u2->name)) + return false; + if (memcmp(u1->passkey, u2->passkey, u1->passkey_sz)) + return false; + + return true; +} diff --git a/fs/ksmbd/mgmt/user_config.h b/fs/ksmbd/mgmt/user_config.h index aff80b029579..6a44109617f1 100644 --- a/fs/ksmbd/mgmt/user_config.h +++ b/fs/ksmbd/mgmt/user_config.h @@ -64,4 +64,5 @@ struct ksmbd_user *ksmbd_login_user(const char *account); struct ksmbd_user *ksmbd_alloc_user(struct ksmbd_login_response *resp); void ksmbd_free_user(struct ksmbd_user *user); int ksmbd_anonymous_user(struct ksmbd_user *user); +bool ksmbd_compare_user(struct ksmbd_user *u1, struct ksmbd_user *u2); #endif /* __USER_CONFIG_MANAGEMENT_H__ */ diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index b8c931140b14..c4df4edf879d 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -1449,10 +1449,16 @@ static int ntlm_authenticate(struct ksmbd_work *work) ksmbd_free_user(user); return 0; } - ksmbd_free_user(sess->user); + + if (!ksmbd_compare_user(sess->user, user)) { + ksmbd_free_user(user); + return -EPERM; + } + ksmbd_free_user(user); + } else { + sess->user = user; }

- sess->user = user; if (user_guest(sess->user)) { if (conn->sign) { ksmbd_debug(SMB, "Guest login not allowed when signing enabled\n"); @@ -2056,9 +2062,6 @@ int smb2_session_logoff(struct ksmbd_work *work)

ksmbd_debug(SMB, "request\n");

- /* Got a valid session, set connection state */ - WARN_ON(sess->conn != conn); - /* setting CifsExiting here may race with start_tcp_sess */ ksmbd_conn_set_need_reconnect(work); ksmbd_close_session_fds(work); @@ -7208,6 +7211,8 @@ static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn, nii_rsp->IfIndex = cpu_to_le32(netdev->ifindex);

nii_rsp->Capability = 0; + if (netdev->real_num_tx_queues > 1) + nii_rsp->Capability |= cpu_to_le32(RSS_CAPABLE); if (ksmbd_rdma_capable_netdev(netdev)) nii_rsp->Capability |= cpu_to_le32(RDMA_CAPABLE);

From patchwork Mon Nov 14 12:52:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183360 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:19 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:18 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:18 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 263/308] ksmbd: set both ipv4 and ipv6 in FSCTL_QUERY_NETWORK_INTERFACE_INFO Date: Mon, 14 Nov 2022 20:52:52 +0800 Message-ID: 20221114125337.1831594-264-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: af850026-a2ef-4371-68b9-08dac63c8ca6 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7030730 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.17-rc1 commit 71cd9cb680cb5d536c0dcbddb1c1d0010d79b214 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/71cd9cb680cb

-------------------------------

Set ipv4 and ipv6 address in FSCTL_QUERY_NETWORK_INTERFACE_INFO.

Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index c4df4edf879d..c7b7d7f841e7 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -7189,15 +7189,10 @@ static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn, struct sockaddr_storage_rsp *sockaddr_storage; unsigned int flags; unsigned long long speed; - struct sockaddr_in6 *csin6 = (struct sockaddr_in6 *)&conn->peer_addr;

rtnl_lock(); for_each_netdev(&init_net, netdev) { - if (out_buf_len < - nbytes + sizeof(struct network_interface_info_ioctl_rsp)) { - rtnl_unlock(); - return -ENOSPC; - } + bool ipv4_set = false;

if (netdev->type == ARPHRD_LOOPBACK) continue; @@ -7205,6 +7200,12 @@ static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn, flags = dev_get_flags(netdev); if (!(flags & IFF_RUNNING)) continue; +ipv6_retry: + if (out_buf_len < + nbytes + sizeof(struct network_interface_info_ioctl_rsp)) { + rtnl_unlock(); + return -ENOSPC; + }

nii_rsp = (struct network_interface_info_ioctl_rsp *) &rsp->Buffer[nbytes]; @@ -7237,8 +7238,7 @@ static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn, nii_rsp->SockAddr_Storage; memset(sockaddr_storage, 0, 128);

- if (conn->peer_addr.ss_family == PF_INET || - ipv6_addr_v4mapped(&csin6->sin6_addr)) { + if (!ipv4_set) { struct in_device *idev;

sockaddr_storage->Family = cpu_to_le16(INTERNETWORK); @@ -7249,6 +7249,9 @@ static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn, continue; sockaddr_storage->addr4.IPv4address = idev_ipv4_address(idev); + nbytes += sizeof(struct network_interface_info_ioctl_rsp); + ipv4_set = true; + goto ipv6_retry; } else { struct inet6_dev *idev6; struct inet6_ifaddr *ifa; @@ -7270,9 +7273,8 @@ static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn, break; } sockaddr_storage->addr6.ScopeId = 0; + nbytes += sizeof(struct network_interface_info_ioctl_rsp); } - - nbytes += sizeof(struct network_interface_info_ioctl_rsp); } rtnl_unlock();

From patchwork Mon Nov 14 12:52:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183361 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:19 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:19 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:18 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 264/308] ksmbd: fix multi session connection failure Date: Mon, 14 Nov 2022 20:52:53 +0800 Message-ID: 20221114125337.1831594-265-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: c0b633d4-b7cf-4e28-b954-08dac63c8cef X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6831906 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.17-rc1 commit ce53d365378cde71bb6596d79c257e600d951d29 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/ce53d365378c

-------------------------------

When RSS mode is enable, windows client do simultaneously send several session requests to server. There is racy issue using sess->ntlmssp.cryptkey on N connection : 1 session. So authetication failed using wrong cryptkey on some session. This patch move cryptkey to ksmbd_conn structure to use each cryptkey on connection.

Tested-by: Ziwei Xie zw.xie@high-flyer.cn Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/auth.c | 27 ++++++++++++++------------- fs/ksmbd/auth.h | 10 +++++----- fs/ksmbd/connection.h | 7 +------ fs/ksmbd/mgmt/user_session.h | 1 - fs/ksmbd/smb2pdu.c | 8 ++++---- 5 files changed, 24 insertions(+), 29 deletions(-)

diff --git a/fs/ksmbd/auth.c b/fs/ksmbd/auth.c index 3503b1c48cb4..dc3d061edda9 100644 --- a/fs/ksmbd/auth.c +++ b/fs/ksmbd/auth.c @@ -215,7 +215,7 @@ static int calc_ntlmv2_hash(struct ksmbd_session *sess, char *ntlmv2_hash, * Return: 0 on success, error number on error */ int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2, - int blen, char *domain_name) + int blen, char *domain_name, char *cryptkey) { char ntlmv2_hash[CIFS_ENCPWD_SIZE]; char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE]; @@ -256,7 +256,7 @@ int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2, goto out; }

- memcpy(construct, sess->ntlmssp.cryptkey, CIFS_CRYPTO_KEY_SIZE); + memcpy(construct, cryptkey, CIFS_CRYPTO_KEY_SIZE); memcpy(construct + CIFS_CRYPTO_KEY_SIZE, &ntlmv2->blob_signature, blen);

rc = crypto_shash_update(CRYPTO_HMACMD5(ctx), construct, len); @@ -295,7 +295,8 @@ int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2, * Return: 0 on success, error number on error */ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, - int blob_len, struct ksmbd_session *sess) + int blob_len, struct ksmbd_conn *conn, + struct ksmbd_session *sess) { char *domain_name; unsigned int nt_off, dn_off; @@ -324,7 +325,7 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,

/* TODO : use domain name that imported from configuration file */ domain_name = smb_strndup_from_utf16((const char *)authblob + dn_off, - dn_len, true, sess->conn->local_nls); + dn_len, true, conn->local_nls); if (IS_ERR(domain_name)) return PTR_ERR(domain_name);

@@ -333,7 +334,7 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, domain_name); ret = ksmbd_auth_ntlmv2(sess, (struct ntlmv2_resp *)((char *)authblob + nt_off), nt_len - CIFS_ENCPWD_SIZE, - domain_name); + domain_name, conn->ntlmssp.cryptkey); kfree(domain_name); return ret; } @@ -347,7 +348,7 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, * */ int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob, - int blob_len, struct ksmbd_session *sess) + int blob_len, struct ksmbd_conn *conn) { if (blob_len < sizeof(struct negotiate_message)) { ksmbd_debug(AUTH, "negotiate blob len %d too small\n", @@ -361,7 +362,7 @@ int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob, return -EINVAL; }

- sess->ntlmssp.client_flags = le32_to_cpu(negblob->NegotiateFlags); + conn->ntlmssp.client_flags = le32_to_cpu(negblob->NegotiateFlags); return 0; }

@@ -375,14 +376,14 @@ int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob, */ unsigned int ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, - struct ksmbd_session *sess) + struct ksmbd_conn *conn) { struct target_info *tinfo; wchar_t *name; __u8 *target_name; unsigned int flags, blob_off, blob_len, type, target_info_len = 0; int len, uni_len, conv_len; - int cflags = sess->ntlmssp.client_flags; + int cflags = conn->ntlmssp.client_flags;

memcpy(chgblob->Signature, NTLMSSP_SIGNATURE, 8); chgblob->MessageType = NtLmChallenge; @@ -403,7 +404,7 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, if (cflags & NTLMSSP_REQUEST_TARGET) flags |= NTLMSSP_REQUEST_TARGET;

- if (sess->conn->use_spnego && + if (conn->use_spnego && (cflags & NTLMSSP_NEGOTIATE_EXTENDED_SEC)) flags |= NTLMSSP_NEGOTIATE_EXTENDED_SEC;

@@ -414,7 +415,7 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, return -ENOMEM;

conv_len = smb_strtoUTF16((__le16 *)name, ksmbd_netbios_name(), len, - sess->conn->local_nls); + conn->local_nls); if (conv_len < 0 || conv_len > len) { kfree(name); return -EINVAL; @@ -430,8 +431,8 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, chgblob->TargetName.BufferOffset = cpu_to_le32(blob_off);

/* Initialize random conn challenge */ - get_random_bytes(sess->ntlmssp.cryptkey, sizeof(__u64)); - memcpy(chgblob->Challenge, sess->ntlmssp.cryptkey, + get_random_bytes(conn->ntlmssp.cryptkey, sizeof(__u64)); + memcpy(chgblob->Challenge, conn->ntlmssp.cryptkey, CIFS_CRYPTO_KEY_SIZE);

/* Add Target Information to security buffer */ diff --git a/fs/ksmbd/auth.h b/fs/ksmbd/auth.h index 9c2d4badd05d..95629651cf26 100644 --- a/fs/ksmbd/auth.h +++ b/fs/ksmbd/auth.h @@ -38,16 +38,16 @@ struct kvec; int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov, unsigned int nvec, int enc); void ksmbd_copy_gss_neg_header(void *buf); -int ksmbd_auth_ntlm(struct ksmbd_session *sess, char *pw_buf); int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2, - int blen, char *domain_name); + int blen, char *domain_name, char *cryptkey); int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, - int blob_len, struct ksmbd_session *sess); + int blob_len, struct ksmbd_conn *conn, + struct ksmbd_session *sess); int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob, - int blob_len, struct ksmbd_session *sess); + int blob_len, struct ksmbd_conn *conn); unsigned int ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, - struct ksmbd_session *sess); + struct ksmbd_conn *conn); int ksmbd_krb5_authenticate(struct ksmbd_session *sess, char *in_blob, int in_len, char *out_blob, int *out_len); int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, char *key, struct kvec *iov, diff --git a/fs/ksmbd/connection.h b/fs/ksmbd/connection.h index e5403c587a58..72dfd155b5bf 100644 --- a/fs/ksmbd/connection.h +++ b/fs/ksmbd/connection.h @@ -72,12 +72,7 @@ struct ksmbd_conn { int connection_type; struct ksmbd_stats stats; char ClientGUID[SMB2_CLIENT_GUID_SIZE]; - union { - /* pending trans request table */ - struct trans_state *recent_trans; - /* Used by ntlmssp */ - char *ntlmssp_cryptkey; - }; + struct ntlmssp_auth ntlmssp;

spinlock_t llist_lock; struct list_head lock_list; diff --git a/fs/ksmbd/mgmt/user_session.h b/fs/ksmbd/mgmt/user_session.h index 82289c3cbd2b..e241f16a3851 100644 --- a/fs/ksmbd/mgmt/user_session.h +++ b/fs/ksmbd/mgmt/user_session.h @@ -45,7 +45,6 @@ struct ksmbd_session { int state; __u8 *Preauth_HashValue;

- struct ntlmssp_auth ntlmssp; char sess_key[CIFS_KEY_SIZE];

struct hlist_node hlist; diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index c7b7d7f841e7..bf1b744acba4 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -1302,7 +1302,7 @@ static int ntlm_negotiate(struct ksmbd_work *work, int sz, rc;

ksmbd_debug(SMB, "negotiate phase\n"); - rc = ksmbd_decode_ntlmssp_neg_blob(negblob, negblob_len, work->sess); + rc = ksmbd_decode_ntlmssp_neg_blob(negblob, negblob_len, work->conn); if (rc) return rc;

@@ -1312,7 +1312,7 @@ static int ntlm_negotiate(struct ksmbd_work *work, memset(chgblob, 0, sizeof(struct challenge_message));

if (!work->conn->use_spnego) { - sz = ksmbd_build_ntlmssp_challenge_blob(chgblob, work->sess); + sz = ksmbd_build_ntlmssp_challenge_blob(chgblob, work->conn); if (sz < 0) return -ENOMEM;

@@ -1328,7 +1328,7 @@ static int ntlm_negotiate(struct ksmbd_work *work, return -ENOMEM;

chgblob = (struct challenge_message *)neg_blob; - sz = ksmbd_build_ntlmssp_challenge_blob(chgblob, work->sess); + sz = ksmbd_build_ntlmssp_challenge_blob(chgblob, work->conn); if (sz < 0) { rc = -ENOMEM; goto out; @@ -1471,7 +1471,7 @@ static int ntlm_authenticate(struct ksmbd_work *work)

authblob = user_authblob(conn, req); sz = le16_to_cpu(req->SecurityBufferLength); - rc = ksmbd_decode_ntlmssp_auth_blob(authblob, sz, sess); + rc = ksmbd_decode_ntlmssp_auth_blob(authblob, sz, conn, sess); if (rc) { set_user_flag(sess->user, KSMBD_USER_FLAG_BAD_PASSWORD); ksmbd_debug(SMB, "authentication failed\n");

From patchwork Mon Nov 14 12:52:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183362 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:19 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:19 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:19 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 265/308] ksmbd: Fix buffer_check_err() kernel-doc comment Date: Mon, 14 Nov 2022 20:52:54 +0800 Message-ID: 20221114125337.1831594-266-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 411a2a50-e513-41e8-251b-08dac63c8d38 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6703241 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Yang Li yang.lee@linux.alibaba.com

mainline inclusion from mainline-5.17-rc1 commit e230d013378489bcd4b5589ca1d2a5b91ff8d098 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/e230d0133784

-------------------------------

Add the description of @rsp_org in buffer_check_err() kernel-doc comment to remove a warning found by running scripts/kernel-doc, which is caused by using 'make W=1'. fs/ksmbd/smb2pdu.c:4028: warning: Function parameter or member 'rsp_org' not described in 'buffer_check_err'

Reported-by: Abaci Robot abaci@linux.alibaba.com Fixes: cb4517201b8a ("ksmbd: remove smb2_buf_length in smb2_hdr") Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Yang Li yang.lee@linux.alibaba.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 1 + 1 file changed, 1 insertion(+)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index bf1b744acba4..dad7e8edd09b 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -3989,6 +3989,7 @@ int smb2_query_dir(struct ksmbd_work *work) * buffer_check_err() - helper function to check buffer errors * @reqOutputBufferLength: max buffer length expected in command response * @rsp: query info response buffer contains output buffer length + * @rsp_org: base response buffer pointer in case of chained response * @infoclass_size: query info class response buffer size * * Return: 0 on success, otherwise error

From patchwork Mon Nov 14 12:52:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183363 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:20 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:20 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:19 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 266/308] ksmbd: Fix smb2_set_info_file() kernel-doc comment Date: Mon, 14 Nov 2022 20:52:55 +0800 Message-ID: 20221114125337.1831594-267-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: d8b2436f-81ba-4133-dcc7-08dac63c8d80 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6863491 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Yang Li yang.lee@linux.alibaba.com

mainline inclusion from mainline-5.17-rc1 commit 4bfd9eed15e163969156e976c62db5ef423e5b0f category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/4bfd9eed15e1

-------------------------------

Fix argument list that the kdoc format and script verified in smb2_set_info_file().

The warnings were found by running scripts/kernel-doc, which is caused by using 'make W=1'. fs/ksmbd/smb2pdu.c:5862: warning: Function parameter or member 'req' not described in 'smb2_set_info_file' fs/ksmbd/smb2pdu.c:5862: warning: Excess function parameter 'info_class' description in 'smb2_set_info_file'

Reported-by: Abaci Robot abaci@linux.alibaba.com Fixes: 9496e268e3af ("ksmbd: add request buffer validation in smb2_set_info") Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Yang Li yang.lee@linux.alibaba.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index dad7e8edd09b..af6465ab7388 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -5796,7 +5796,7 @@ static int set_file_mode_info(struct ksmbd_file *fp, * smb2_set_info_file() - handler for smb2 set info command * @work: smb work containing set info command buffer * @fp: ksmbd_file pointer - * @info_class: smb2 set info class + * @req: request buffer pointer * @share: ksmbd_share_config pointer * * Return: 0 on success, otherwise error

From patchwork Mon Nov 14 12:52:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183364 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:20 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:20 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:20 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 267/308] ksmbd: Fix smb2_get_name() kernel-doc comment Date: Mon, 14 Nov 2022 20:52:56 +0800 Message-ID: 20221114125337.1831594-268-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 0ae4b73e-fe1c-47eb-94fb-08dac63c8dc9 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6915486 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Yang Li yang.lee@linux.alibaba.com

mainline inclusion from mainline-5.17-rc1 commit d4eeb82674acadf789277b577986e8e7d3faf695 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/d4eeb82674ac

-------------------------------

Remove some warnings found by running scripts/kernel-doc, which is caused by using 'make W=1'. fs/ksmbd/smb2pdu.c:623: warning: Function parameter or member 'local_nls' not described in 'smb2_get_name' fs/ksmbd/smb2pdu.c:623: warning: Excess function parameter 'nls_table' description in 'smb2_get_name'

Reported-by: Abaci Robot abaci@linux.alibaba.com Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Yang Li yang.lee@linux.alibaba.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index af6465ab7388..e0cd70b6829d 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -613,7 +613,7 @@ static void destroy_previous_session(struct ksmbd_user *user, u64 id) * smb2_get_name() - get filename string from on the wire smb format * @src: source buffer * @maxlen: maxlen of source string - * @nls_table: nls_table pointer + * @local_nls: nls_table pointer * * Return: matching converted filename on success, otherwise error ptr */

From patchwork Mon Nov 14 12:52:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183365 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:21 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:21 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:20 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 268/308] ksmbd: register ksmbd ib client with ib_register_client() Date: Mon, 14 Nov 2022 20:52:57 +0800 Message-ID: 20221114125337.1831594-269-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: cca4f28d-84f3-4ac7-268c-08dac63c8e12 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7086800 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.17-rc1 commit 31928a001bed0d9642711d2eba520fc46d41c376 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/31928a001bed

-------------------------------

Register ksmbd ib client with ib_register_client() to find the rdma capable network adapter. If ops.get_netdev(Chelsio NICs) is NULL, ksmbd will find it using ib_device_get_by_netdev in old way.

Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/transport_rdma.c | 107 ++++++++++++++++++++++++++++++++++---- fs/ksmbd/transport_rdma.h | 2 +- 2 files changed, 98 insertions(+), 11 deletions(-)

diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c index 7e57cbb0bb35..339fa4f025f7 100644 --- a/fs/ksmbd/transport_rdma.c +++ b/fs/ksmbd/transport_rdma.c @@ -79,6 +79,14 @@ static int smb_direct_max_read_write_size = 1024 * 1024;

static int smb_direct_max_outstanding_rw_ops = 8;

+static LIST_HEAD(smb_direct_device_list); +static DEFINE_RWLOCK(smb_direct_device_lock); + +struct smb_direct_device { + struct ib_device *ib_dev; + struct list_head list; +}; + static struct smb_direct_listener { struct rdma_cm_id *cm_id; } smb_direct_listener; @@ -2007,12 +2015,61 @@ static int smb_direct_listen(int port) return ret; }

+static int smb_direct_ib_client_add(struct ib_device *ib_dev) +{ + struct smb_direct_device *smb_dev; + + if (!ib_dev->ops.get_netdev || + !rdma_frwr_is_supported(&ib_dev->attrs)) + return 0; + + smb_dev = kzalloc(sizeof(*smb_dev), GFP_KERNEL); + if (!smb_dev) + return -ENOMEM; + smb_dev->ib_dev = ib_dev; + + write_lock(&smb_direct_device_lock); + list_add(&smb_dev->list, &smb_direct_device_list); + write_unlock(&smb_direct_device_lock); + + ksmbd_debug(RDMA, "ib device added: name %s\n", ib_dev->name); + return 0; +} + +static void smb_direct_ib_client_remove(struct ib_device *ib_dev, + void *client_data) +{ + struct smb_direct_device *smb_dev, *tmp; + + write_lock(&smb_direct_device_lock); + list_for_each_entry_safe(smb_dev, tmp, &smb_direct_device_list, list) { + if (smb_dev->ib_dev == ib_dev) { + list_del(&smb_dev->list); + kfree(smb_dev); + break; + } + } + write_unlock(&smb_direct_device_lock); +} + +static struct ib_client smb_direct_ib_client = { + .name = "ksmbd_smb_direct_ib", + .add = smb_direct_ib_client_add, + .remove = smb_direct_ib_client_remove, +}; + int ksmbd_rdma_init(void) { int ret;

smb_direct_listener.cm_id = NULL;

+ ret = ib_register_client(&smb_direct_ib_client); + if (ret) { + pr_err("failed to ib_register_client\n"); + return ret; + } + /* When a client is running out of send credits, the credits are * granted by the server's sending a packet using this queue. * This avoids the situation that a clients cannot send packets @@ -2036,30 +2093,60 @@ int ksmbd_rdma_init(void) return 0; }

-int ksmbd_rdma_destroy(void) +void ksmbd_rdma_destroy(void) { - if (smb_direct_listener.cm_id) - rdma_destroy_id(smb_direct_listener.cm_id); + if (!smb_direct_listener.cm_id) + return; + + ib_unregister_client(&smb_direct_ib_client); + rdma_destroy_id(smb_direct_listener.cm_id); + smb_direct_listener.cm_id = NULL;

if (smb_direct_wq) { destroy_workqueue(smb_direct_wq); smb_direct_wq = NULL; } - return 0; }

bool ksmbd_rdma_capable_netdev(struct net_device *netdev) { - struct ib_device *ibdev; + struct smb_direct_device *smb_dev; + int i; bool rdma_capable = false;

- ibdev = ib_device_get_by_netdev(netdev, RDMA_DRIVER_UNKNOWN); - if (ibdev) { - if (rdma_frwr_is_supported(&ibdev->attrs)) - rdma_capable = true; - ib_device_put(ibdev); + read_lock(&smb_direct_device_lock); + list_for_each_entry(smb_dev, &smb_direct_device_list, list) { + for (i = 0; i < smb_dev->ib_dev->phys_port_cnt; i++) { + struct net_device *ndev; + + ndev = smb_dev->ib_dev->ops.get_netdev(smb_dev->ib_dev, + i + 1); + if (!ndev) + continue; + + if (ndev == netdev) { + dev_put(ndev); + rdma_capable = true; + goto out; + } + dev_put(ndev); + } + } +out: + read_unlock(&smb_direct_device_lock); + + if (rdma_capable == false) { + struct ib_device *ibdev; + + ibdev = ib_device_get_by_netdev(netdev, RDMA_DRIVER_UNKNOWN); + if (ibdev) { + if (rdma_frwr_is_supported(&ibdev->attrs)) + rdma_capable = true; + ib_device_put(ibdev); + } } + return rdma_capable; }

diff --git a/fs/ksmbd/transport_rdma.h b/fs/ksmbd/transport_rdma.h index 0fa8adc0776f..ab9250a7cb86 100644 --- a/fs/ksmbd/transport_rdma.h +++ b/fs/ksmbd/transport_rdma.h @@ -52,7 +52,7 @@ struct smb_direct_data_transfer {

#ifdef CONFIG_SMB_SERVER_SMBDIRECT int ksmbd_rdma_init(void); -int ksmbd_rdma_destroy(void); +void ksmbd_rdma_destroy(void); bool ksmbd_rdma_capable_netdev(struct net_device *netdev); #else static inline int ksmbd_rdma_init(void) { return 0; }

From patchwork Mon Nov 14 12:52:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183366 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:21 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:21 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:21 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 269/308] ksmbd: set 445 port to smbdirect port by default Date: Mon, 14 Nov 2022 20:52:58 +0800 Message-ID: 20221114125337.1831594-270-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 69d9440d-172e-4668-b875-08dac63c8e5a X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7007305 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.17-rc1 commit cb097b3dd5ece9596a0a0b7e33893c02a9bde8c6 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/cb097b3dd5ec

-------------------------------

When SMB Direct is used with iWARP, Windows use 5445 port for smb direct port, 445 port for SMB. This patch check ib_device using ib_client to know if NICs type is iWARP or Infiniband.

Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/transport_rdma.c | 15 ++++++++++++--- fs/ksmbd/transport_rdma.h | 2 -- 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c index 339fa4f025f7..f89b64e27836 100644 --- a/fs/ksmbd/transport_rdma.c +++ b/fs/ksmbd/transport_rdma.c @@ -34,7 +34,8 @@ #include "smbstatus.h" #include "transport_rdma.h"

-#define SMB_DIRECT_PORT 5445 +#define SMB_DIRECT_PORT_IWARP 5445 +#define SMB_DIRECT_PORT_INFINIBAND 445

#define SMB_DIRECT_VERSION_LE cpu_to_le16(0x0100)

@@ -60,6 +61,10 @@ * as defined in [MS-SMBD] 3.1.1.1 * Those may change after a SMB_DIRECT negotiation */ + +/* Set 445 port to SMB Direct port by default */ +static int smb_direct_port = SMB_DIRECT_PORT_INFINIBAND; + /* The local peer's maximum number of credits to grant to the peer */ static int smb_direct_receive_credit_max = 255;

@@ -1942,7 +1947,7 @@ static int smb_direct_handle_connect_request(struct rdma_cm_id *new_cm_id)

KSMBD_TRANS(t)->handler = kthread_run(ksmbd_conn_handler_loop, KSMBD_TRANS(t)->conn, "ksmbd:r%u", - SMB_DIRECT_PORT); + smb_direct_port); if (IS_ERR(KSMBD_TRANS(t)->handler)) { int ret = PTR_ERR(KSMBD_TRANS(t)->handler);

@@ -2019,6 +2024,10 @@ static int smb_direct_ib_client_add(struct ib_device *ib_dev) { struct smb_direct_device *smb_dev;

+ /* Set 5445 port if device type is iWARP(No IB) */ + if (ib_dev->node_type != RDMA_NODE_IB_CA) + smb_direct_port = SMB_DIRECT_PORT_IWARP; + if (!ib_dev->ops.get_netdev || !rdma_frwr_is_supported(&ib_dev->attrs)) return 0; @@ -2080,7 +2089,7 @@ int ksmbd_rdma_init(void) if (!smb_direct_wq) return -ENOMEM;

- ret = smb_direct_listen(SMB_DIRECT_PORT); + ret = smb_direct_listen(smb_direct_port); if (ret) { destroy_workqueue(smb_direct_wq); smb_direct_wq = NULL; diff --git a/fs/ksmbd/transport_rdma.h b/fs/ksmbd/transport_rdma.h index ab9250a7cb86..5567d93a6f96 100644 --- a/fs/ksmbd/transport_rdma.h +++ b/fs/ksmbd/transport_rdma.h @@ -7,8 +7,6 @@ #ifndef __KSMBD_TRANSPORT_RDMA_H__ #define __KSMBD_TRANSPORT_RDMA_H__

-#define SMB_DIRECT_PORT 5445 - /* SMB DIRECT negotiation request packet [MS-SMBD] 2.2.1 */ struct smb_direct_negotiate_req { __le16 min_version;

From patchwork Mon Nov 14 12:52:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183367 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:22 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:22 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:21 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 270/308] ksmbd: smbd: call rdma_accept() under CM handler Date: Mon, 14 Nov 2022 20:52:59 +0800 Message-ID: 20221114125337.1831594-271-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: f225667f-7d27-4e6f-e3b4-08dac63c8ea3 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7791870 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.17-rc1 commit 99b7650ac51847e81b4d5139824e321e6cb76130 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/99b7650ac518

-------------------------------

if CONFIG_LOCKDEP is enabled, the following kernel warning message is generated because rdma_accept() checks whehter the handler_mutex is held by lockdep_assert_held. CM(Connection Manager) holds the mutex before CM handler callback is called.

[ 63.211405 ] WARNING: CPU: 1 PID: 345 at drivers/infiniband/core/cma.c:4405 rdma_accept+0x17a/0x350 [ 63.212080 ] RIP: 0010:rdma_accept+0x17a/0x350 ... [ 63.214036 ] Call Trace: [ 63.214098 ] <TASK> [ 63.214185 ] smb_direct_accept_client+0xb4/0x170 [ksmbd] [ 63.214412 ] smb_direct_prepare+0x322/0x8c0 [ksmbd] [ 63.214555 ] ? rcu_read_lock_sched_held+0x3a/0x70 [ 63.214700 ] ksmbd_conn_handler_loop+0x63/0x270 [ksmbd] [ 63.214826 ] ? ksmbd_conn_alive+0x80/0x80 [ksmbd] [ 63.214952 ] kthread+0x171/0x1a0 [ 63.215039 ] ? set_kthread_struct+0x40/0x40 [ 63.215128 ] ret_from_fork+0x22/0x30

To avoid this, move creating a queue pair and accepting a client from transport_ops->prepare() to smb_direct_handle_connect_request().

Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/transport_rdma.c | 102 ++++++++++++++++++++++---------------- 1 file changed, 59 insertions(+), 43 deletions(-)

diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c index f89b64e27836..0fd706d01790 100644 --- a/fs/ksmbd/transport_rdma.c +++ b/fs/ksmbd/transport_rdma.c @@ -568,6 +568,7 @@ static void recv_done(struct ib_cq *cq, struct ib_wc *wc) } t->negotiation_requested = true; t->full_packet_received = true; + enqueue_reassembly(t, recvmsg, 0); wake_up_interruptible(&t->wait_status); break; case SMB_DIRECT_MSG_DATA_TRANSFER: { @@ -1594,19 +1595,13 @@ static int smb_direct_accept_client(struct smb_direct_transport *t) pr_err("error at rdma_accept: %d\n", ret); return ret; } - - wait_event_interruptible(t->wait_status, - t->status != SMB_DIRECT_CS_NEW); - if (t->status != SMB_DIRECT_CS_CONNECTED) - return -ENOTCONN; return 0; }

-static int smb_direct_negotiate(struct smb_direct_transport *t) +static int smb_direct_prepare_negotiation(struct smb_direct_transport *t) { int ret; struct smb_direct_recvmsg *recvmsg; - struct smb_direct_negotiate_req *req;

recvmsg = get_free_recvmsg(t); if (!recvmsg) @@ -1616,44 +1611,20 @@ static int smb_direct_negotiate(struct smb_direct_transport *t) ret = smb_direct_post_recv(t, recvmsg); if (ret) { pr_err("Can't post recv: %d\n", ret); - goto out; + goto out_err; }

t->negotiation_requested = false; ret = smb_direct_accept_client(t); if (ret) { pr_err("Can't accept client\n"); - goto out; + goto out_err; }

smb_direct_post_recv_credits(&t->post_recv_credits_work.work); - - ksmbd_debug(RDMA, "Waiting for SMB_DIRECT negotiate request\n"); - ret = wait_event_interruptible_timeout(t->wait_status, - t->negotiation_requested || - t->status == SMB_DIRECT_CS_DISCONNECTED, - SMB_DIRECT_NEGOTIATE_TIMEOUT * HZ); - if (ret <= 0 || t->status == SMB_DIRECT_CS_DISCONNECTED) { - ret = ret < 0 ? ret : -ETIMEDOUT; - goto out; - } - - ret = smb_direct_check_recvmsg(recvmsg); - if (ret == -ECONNABORTED) - goto out; - - req = (struct smb_direct_negotiate_req *)recvmsg->packet; - t->max_recv_size = min_t(int, t->max_recv_size, - le32_to_cpu(req->preferred_send_size)); - t->max_send_size = min_t(int, t->max_send_size, - le32_to_cpu(req->max_receive_size)); - t->max_fragmented_send_size = - le32_to_cpu(req->max_fragmented_size); - - ret = smb_direct_send_negotiate_response(t, ret); -out: - if (recvmsg) - put_recvmsg(t, recvmsg); + return 0; +out_err: + put_recvmsg(t, recvmsg); return ret; }

@@ -1890,6 +1861,47 @@ static int smb_direct_create_qpair(struct smb_direct_transport *t, static int smb_direct_prepare(struct ksmbd_transport *t) { struct smb_direct_transport *st = smb_trans_direct_transfort(t); + struct smb_direct_recvmsg *recvmsg; + struct smb_direct_negotiate_req *req; + int ret; + + ksmbd_debug(RDMA, "Waiting for SMB_DIRECT negotiate request\n"); + ret = wait_event_interruptible_timeout(st->wait_status, + st->negotiation_requested || + st->status == SMB_DIRECT_CS_DISCONNECTED, + SMB_DIRECT_NEGOTIATE_TIMEOUT * HZ); + if (ret <= 0 || st->status == SMB_DIRECT_CS_DISCONNECTED) + return ret < 0 ? ret : -ETIMEDOUT; + + recvmsg = get_first_reassembly(st); + if (!recvmsg) + return -ECONNABORTED; + + ret = smb_direct_check_recvmsg(recvmsg); + if (ret == -ECONNABORTED) + goto out; + + req = (struct smb_direct_negotiate_req *)recvmsg->packet; + st->max_recv_size = min_t(int, st->max_recv_size, + le32_to_cpu(req->preferred_send_size)); + st->max_send_size = min_t(int, st->max_send_size, + le32_to_cpu(req->max_receive_size)); + st->max_fragmented_send_size = + le32_to_cpu(req->max_fragmented_size); + + ret = smb_direct_send_negotiate_response(st, ret); +out: + spin_lock_irq(&st->reassembly_queue_lock); + st->reassembly_queue_length--; + list_del(&recvmsg->list); + spin_unlock_irq(&st->reassembly_queue_lock); + put_recvmsg(st, recvmsg); + + return ret; +} + +static int smb_direct_connect(struct smb_direct_transport *st) +{ int ret; struct ib_qp_cap qp_cap;

@@ -1911,13 +1923,11 @@ static int smb_direct_prepare(struct ksmbd_transport *t) return ret; }

- ret = smb_direct_negotiate(st); + ret = smb_direct_prepare_negotiation(st); if (ret) { pr_err("Can't negotiate: %d\n", ret); return ret; } - - st->status = SMB_DIRECT_CS_CONNECTED; return 0; }

@@ -1933,6 +1943,7 @@ static bool rdma_frwr_is_supported(struct ib_device_attr *attrs) static int smb_direct_handle_connect_request(struct rdma_cm_id *new_cm_id) { struct smb_direct_transport *t; + int ret;

if (!rdma_frwr_is_supported(&new_cm_id->device->attrs)) { ksmbd_debug(RDMA, @@ -1945,18 +1956,23 @@ static int smb_direct_handle_connect_request(struct rdma_cm_id *new_cm_id) if (!t) return -ENOMEM;

+ ret = smb_direct_connect(t); + if (ret) + goto out_err; + KSMBD_TRANS(t)->handler = kthread_run(ksmbd_conn_handler_loop, KSMBD_TRANS(t)->conn, "ksmbd:r%u", smb_direct_port); if (IS_ERR(KSMBD_TRANS(t)->handler)) { - int ret = PTR_ERR(KSMBD_TRANS(t)->handler); - + ret = PTR_ERR(KSMBD_TRANS(t)->handler); pr_err("Can't start thread\n"); - free_transport(t); - return ret; + goto out_err; }

return 0; +out_err: + free_transport(t); + return ret; }

static int smb_direct_listen_handler(struct rdma_cm_id *cm_id,

From patchwork Mon Nov 14 12:53:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183368 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:22 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:22 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:22 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 271/308] ksmbd: smbd: create MR pool Date: Mon, 14 Nov 2022 20:53:00 +0800 Message-ID: 20221114125337.1831594-272-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 56213196-fb07-45f6-747b-08dac63c8eec X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7070150 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.17-rc1 commit c9f189271cff85d5d735e25dfa4bc95952ec12d8 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/c9f189271cff

-------------------------------

Create a memory region pool because rdma_rw_ctx_init() uses memory registration if memory registration yields better performance than using multiple SGE entries.

Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/transport_rdma.c | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c index 0fd706d01790..f0b17da1cac2 100644 --- a/fs/ksmbd/transport_rdma.c +++ b/fs/ksmbd/transport_rdma.c @@ -428,6 +428,7 @@ static void free_transport(struct smb_direct_transport *t)

if (t->qp) { ib_drain_qp(t->qp); + ib_mr_pool_destroy(t->qp, &t->qp->rdma_mrs); ib_destroy_qp(t->qp); }

@@ -1708,7 +1709,9 @@ static int smb_direct_init_params(struct smb_direct_transport *t, cap->max_send_sge = SMB_DIRECT_MAX_SEND_SGES; cap->max_recv_sge = SMB_DIRECT_MAX_RECV_SGES; cap->max_inline_data = 0; - cap->max_rdma_ctxs = 0; + cap->max_rdma_ctxs = + rdma_rw_mr_factor(device, t->cm_id->port_num, max_pages) * + smb_direct_max_outstanding_rw_ops; return 0; }

@@ -1790,6 +1793,7 @@ static int smb_direct_create_qpair(struct smb_direct_transport *t, { int ret; struct ib_qp_init_attr qp_attr; + int pages_per_rw;

t->pd = ib_alloc_pd(t->cm_id->device, 0); if (IS_ERR(t->pd)) { @@ -1837,6 +1841,23 @@ static int smb_direct_create_qpair(struct smb_direct_transport *t, t->qp = t->cm_id->qp; t->cm_id->event_handler = smb_direct_cm_handler;

+ pages_per_rw = DIV_ROUND_UP(t->max_rdma_rw_size, PAGE_SIZE) + 1; + if (pages_per_rw > t->cm_id->device->attrs.max_sgl_rd) { + int pages_per_mr, mr_count; + + pages_per_mr = min_t(int, pages_per_rw, + t->cm_id->device->attrs.max_fast_reg_page_list_len); + mr_count = DIV_ROUND_UP(pages_per_rw, pages_per_mr) * + atomic_read(&t->rw_avail_ops); + ret = ib_mr_pool_init(t->qp, &t->qp->rdma_mrs, mr_count, + IB_MR_TYPE_MEM_REG, pages_per_mr, 0); + if (ret) { + pr_err("failed to init mr pool count %d pages %d\n", + mr_count, pages_per_mr); + goto err; + } + } + return 0; err: if (t->qp) {

From patchwork Mon Nov 14 12:53:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183369 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:23 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:23 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:22 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 272/308] ksmbd: smbd: change the default maximum read/write, receive size Date: Mon, 14 Nov 2022 20:53:01 +0800 Message-ID: 20221114125337.1831594-273-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: d98ed25b-5b7c-4282-5283-08dac63c8f35 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6870156 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.17-rc1 commit 4d02c4fdc0e256b493f9a3b604c7ff18f0019f17 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/4d02c4fdc0e2

-------------------------------

Due to restriction that cannot handle multiple buffer descriptor structures, decrease the maximum read/write size for Windows clients.

And set the maximum fragmented receive size in consideration of the receive queue size.

Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/transport_rdma.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c index f0b17da1cac2..86fd64511512 100644 --- a/fs/ksmbd/transport_rdma.c +++ b/fs/ksmbd/transport_rdma.c @@ -80,7 +80,7 @@ static int smb_direct_max_fragmented_recv_size = 1024 * 1024; /* The maximum single-message size which can be received */ static int smb_direct_max_receive_size = 8192;

-static int smb_direct_max_read_write_size = 1024 * 1024; +static int smb_direct_max_read_write_size = 1048512;

static int smb_direct_max_outstanding_rw_ops = 8;

@@ -1908,7 +1908,9 @@ static int smb_direct_prepare(struct ksmbd_transport *t) st->max_send_size = min_t(int, st->max_send_size, le32_to_cpu(req->max_receive_size)); st->max_fragmented_send_size = - le32_to_cpu(req->max_fragmented_size); + le32_to_cpu(req->max_fragmented_size); + st->max_fragmented_recv_size = + (st->recv_credit_max * st->max_recv_size) / 2;

ret = smb_direct_send_negotiate_response(st, ret); out:

From patchwork Mon Nov 14 12:53:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183370 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:23 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:23 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:23 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 273/308] ksmbd: add smb-direct shutdown Date: Mon, 14 Nov 2022 20:53:02 +0800 Message-ID: 20221114125337.1831594-274-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 94120031-d911-425f-be2b-08dac63c8f7d X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6882045 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Yufan Chen wiz.chen@gmail.com

mainline inclusion from mainline-5.17-rc1 commit 136dff3a6b71dc16c30b35cc390feb0bfc32ed50 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/136dff3a6b71

-------------------------------

When killing ksmbd server after connecting rdma, ksmbd threads does not terminate properly because the rdma connection is still alive. This patch add shutdown operation to disconnect rdma connection while ksmbd threads terminate.

Signed-off-by: Yufan Chen wiz.chen@gmail.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/connection.c | 9 ++++++++- fs/ksmbd/connection.h | 1 + fs/ksmbd/transport_rdma.c | 10 ++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/fs/ksmbd/connection.c b/fs/ksmbd/connection.c index 83a94d0bb480..6f4cee9beaa9 100644 --- a/fs/ksmbd/connection.c +++ b/fs/ksmbd/connection.c @@ -386,17 +386,24 @@ int ksmbd_conn_transport_init(void) static void stop_sessions(void) { struct ksmbd_conn *conn; + struct ksmbd_transport *t;

again: read_lock(&conn_list_lock); list_for_each_entry(conn, &conn_list, conns_list) { struct task_struct *task;

- task = conn->transport->handler; + t = conn->transport; + task = t->handler; if (task) ksmbd_debug(CONN, "Stop session handler %s/%d\n", task->comm, task_pid_nr(task)); conn->status = KSMBD_SESS_EXITING; + if (t->ops->shutdown) { + read_unlock(&conn_list_lock); + t->ops->shutdown(t); + read_lock(&conn_list_lock); + } } read_unlock(&conn_list_lock);

diff --git a/fs/ksmbd/connection.h b/fs/ksmbd/connection.h index 72dfd155b5bf..d85f0122edc9 100644 --- a/fs/ksmbd/connection.h +++ b/fs/ksmbd/connection.h @@ -117,6 +117,7 @@ struct ksmbd_conn_ops { struct ksmbd_transport_ops { int (*prepare)(struct ksmbd_transport *t); void (*disconnect)(struct ksmbd_transport *t); + void (*shutdown)(struct ksmbd_transport *t); int (*read)(struct ksmbd_transport *t, char *buf, unsigned int size); int (*writev)(struct ksmbd_transport *t, struct kvec *iovs, int niov, int size, bool need_invalidate_rkey, diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c index 86fd64511512..3c1ec1ac0b27 100644 --- a/fs/ksmbd/transport_rdma.c +++ b/fs/ksmbd/transport_rdma.c @@ -1453,6 +1453,15 @@ static void smb_direct_disconnect(struct ksmbd_transport *t) free_transport(st); }

+static void smb_direct_shutdown(struct ksmbd_transport *t) +{ + struct smb_direct_transport *st = smb_trans_direct_transfort(t); + + ksmbd_debug(RDMA, "smb-direct shutdown cm_id=%p\n", st->cm_id); + + smb_direct_disconnect_rdma_work(&st->disconnect_work); +} + static int smb_direct_cm_handler(struct rdma_cm_id *cm_id, struct rdma_cm_event *event) { @@ -2201,6 +2210,7 @@ bool ksmbd_rdma_capable_netdev(struct net_device *netdev) static struct ksmbd_transport_ops ksmbd_smb_direct_transport_ops = { .prepare = smb_direct_prepare, .disconnect = smb_direct_disconnect, + .shutdown = smb_direct_shutdown, .writev = smb_direct_writev, .read = smb_direct_read, .rdma_read = smb_direct_rdma_read,

From patchwork Mon Nov 14 12:53:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183371 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:24 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:24 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:23 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 274/308] ksmbd: smbd: fix missing client's memory region invalidation Date: Mon, 14 Nov 2022 20:53:03 +0800 Message-ID: 20221114125337.1831594-275-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 430bb79d-f128-43d7-76b2-08dac63c8fc6 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7032252 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.17-rc1 commit 2fd5dcb1c8ef96c9f0fa8bda53ca480524b80ae7 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/2fd5dcb1c8ef

-------------------------------

if the Channel of a SMB2 WRITE request is SMB2_CHANNEL_RDMA_V1_INVALIDTE, a client does not invalidate its memory regions but ksmbd must do it by sending a SMB2 WRITE response with IB_WR_SEND_WITH_INV.

But if errors occur while processing a SMB2 READ/WRITE request, ksmbd sends a response with IB_WR_SEND. So a client could use memory regions already in use.

Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 73 +++++++++++++++++++++++++++++----------------- 1 file changed, 46 insertions(+), 27 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index e0cd70b6829d..2ec206d22946 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -6068,25 +6068,33 @@ static noinline int smb2_read_pipe(struct ksmbd_work *work) return err; }

-static ssize_t smb2_read_rdma_channel(struct ksmbd_work *work, - struct smb2_read_req *req, void *data_buf, - size_t length) +static int smb2_set_remote_key_for_rdma(struct ksmbd_work *work, + struct smb2_buffer_desc_v1 *desc, + __le32 Channel, + __le16 ChannelInfoOffset, + __le16 ChannelInfoLength) { - struct smb2_buffer_desc_v1 *desc = - (struct smb2_buffer_desc_v1 *)&req->Buffer[0]; - int err; - if (work->conn->dialect == SMB30_PROT_ID && - req->Channel != SMB2_CHANNEL_RDMA_V1) + Channel != SMB2_CHANNEL_RDMA_V1) return -EINVAL;

- if (req->ReadChannelInfoOffset == 0 || - le16_to_cpu(req->ReadChannelInfoLength) < sizeof(*desc)) + if (ChannelInfoOffset == 0 || + le16_to_cpu(ChannelInfoLength) < sizeof(*desc)) return -EINVAL;

work->need_invalidate_rkey = - (req->Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE); + (Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE); work->remote_key = le32_to_cpu(desc->token); + return 0; +} + +static ssize_t smb2_read_rdma_channel(struct ksmbd_work *work, + struct smb2_read_req *req, void *data_buf, + size_t length) +{ + struct smb2_buffer_desc_v1 *desc = + (struct smb2_buffer_desc_v1 *)&req->Buffer[0]; + int err;

err = ksmbd_conn_rdma_write(work->conn, data_buf, length, le32_to_cpu(desc->token), @@ -6109,7 +6117,7 @@ int smb2_read(struct ksmbd_work *work) struct ksmbd_conn *conn = work->conn; struct smb2_read_req *req; struct smb2_read_rsp *rsp; - struct ksmbd_file *fp; + struct ksmbd_file *fp = NULL; loff_t offset; size_t length, mincount; ssize_t nbytes = 0, remain_bytes = 0; @@ -6123,6 +6131,18 @@ int smb2_read(struct ksmbd_work *work) return smb2_read_pipe(work); }

+ if (req->Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE || + req->Channel == SMB2_CHANNEL_RDMA_V1) { + err = smb2_set_remote_key_for_rdma(work, + (struct smb2_buffer_desc_v1 *) + &req->Buffer[0], + req->Channel, + req->ReadChannelInfoOffset, + req->ReadChannelInfoLength); + if (err) + goto out; + } + fp = ksmbd_lookup_fd_slow(work, le64_to_cpu(req->VolatileFileId), le64_to_cpu(req->PersistentFileId)); if (!fp) { @@ -6308,21 +6328,6 @@ static ssize_t smb2_write_rdma_channel(struct ksmbd_work *work,

desc = (struct smb2_buffer_desc_v1 *)&req->Buffer[0];

- if (work->conn->dialect == SMB30_PROT_ID && - req->Channel != SMB2_CHANNEL_RDMA_V1) - return -EINVAL; - - if (req->Length != 0 || req->DataOffset != 0) - return -EINVAL; - - if (req->WriteChannelInfoOffset == 0 || - le16_to_cpu(req->WriteChannelInfoLength) < sizeof(*desc)) - return -EINVAL; - - work->need_invalidate_rkey = - (req->Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE); - work->remote_key = le32_to_cpu(desc->token); - data_buf = kvmalloc(length, GFP_KERNEL | __GFP_ZERO); if (!data_buf) return -ENOMEM; @@ -6369,6 +6374,20 @@ int smb2_write(struct ksmbd_work *work) return smb2_write_pipe(work); }

+ if (req->Channel == SMB2_CHANNEL_RDMA_V1 || + req->Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE) { + if (req->Length != 0 || req->DataOffset != 0) + return -EINVAL; + err = smb2_set_remote_key_for_rdma(work, + (struct smb2_buffer_desc_v1 *) + &req->Buffer[0], + req->Channel, + req->WriteChannelInfoOffset, + req->WriteChannelInfoLength); + if (err) + goto out; + } + if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { ksmbd_debug(SMB, "User does not have write permission\n"); err = -EACCES;

From patchwork Mon Nov 14 12:53:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183372 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:24 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:24 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:24 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 275/308] ksmbd: uninitialized variable in create_socket() Date: Mon, 14 Nov 2022 20:53:04 +0800 Message-ID: 20221114125337.1831594-276-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 9b07eb75-e8cf-4b2e-0849-08dac63c900f X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6773112 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Dan Carpenter dan.carpenter@oracle.com

mainline inclusion from mainline-5.17-rc1 commit b207602fb04537cb21ac38fabd7577eca2fa05ae category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/b207602fb045

-------------------------------

The "ksmbd_socket" variable is not initialized on this error path.

Cc: stable@vger.kernel.org Fixes: 0626e6641f6b ("cifsd: add server handler for central processing and tranport layers") Signed-off-by: Dan Carpenter dan.carpenter@oracle.com Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/transport_tcp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/ksmbd/transport_tcp.c b/fs/ksmbd/transport_tcp.c index c14320e03b69..82a1429bbe12 100644 --- a/fs/ksmbd/transport_tcp.c +++ b/fs/ksmbd/transport_tcp.c @@ -404,7 +404,7 @@ static int create_socket(struct interface *iface) &ksmbd_socket); if (ret) { pr_err("Can't create socket for ipv4: %d\n", ret); - goto out_error; + goto out_clear; }

sin.sin_family = PF_INET; @@ -462,6 +462,7 @@ static int create_socket(struct interface *iface)

out_error: tcp_destroy_socket(ksmbd_socket); +out_clear: iface->ksmbd_socket = NULL; return ret; }

From patchwork Mon Nov 14 12:53:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183373 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:25 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:25 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:24 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 276/308] ksmbd: fix guest connection failure with nautilus Date: Mon, 14 Nov 2022 20:53:05 +0800 Message-ID: 20221114125337.1831594-277-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 831bc2f8-88a8-48cc-f17e-08dac63c9058 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6986920 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.17-rc1 commit ac090d9c90b087d6fb714e54b2a6dd1e6c373ed6 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/ac090d9c90b0

-------------------------------

MS-SMB2 describe session sign like the following. Session.SigningRequired MUST be set to TRUE under the following conditions: - If the SMB2_NEGOTIATE_SIGNING_REQUIRED bit is set in the SecurityMode field of the client request. - If the SMB2_SESSION_FLAG_IS_GUEST bit is not set in the SessionFlags field and Session.IsAnonymous is FALSE and either Connection.ShouldSign or global RequireMessageSigning is TRUE.

When trying guest account connection using nautilus, The login failure happened on session setup. ksmbd does not allow this connection when the user is a guest and the connection sign is set. Just do not set session sign instead of error response as described in the specification. And this change improves the guest connection in Nautilus.

Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Cc: stable@vger.kernel.org # v5.15+ Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 62 ++++++++++++++++++++++------------------------ 1 file changed, 29 insertions(+), 33 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 2ec206d22946..7bf9f85cd021 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -1460,11 +1460,6 @@ static int ntlm_authenticate(struct ksmbd_work *work) }

if (user_guest(sess->user)) { - if (conn->sign) { - ksmbd_debug(SMB, "Guest login not allowed when signing enabled\n"); - return -EPERM; - } - rsp->SessionFlags = SMB2_SESSION_FLAG_IS_GUEST_LE; } else { struct authenticate_message *authblob; @@ -1477,38 +1472,39 @@ static int ntlm_authenticate(struct ksmbd_work *work) ksmbd_debug(SMB, "authentication failed\n"); return -EPERM; } + }

- /* - * If session state is SMB2_SESSION_VALID, We can assume - * that it is reauthentication. And the user/password - * has been verified, so return it here. - */ - if (sess->state == SMB2_SESSION_VALID) { - if (conn->binding) - goto binding_session; - return 0; - } + /* + * If session state is SMB2_SESSION_VALID, We can assume + * that it is reauthentication. And the user/password + * has been verified, so return it here. + */ + if (sess->state == SMB2_SESSION_VALID) { + if (conn->binding) + goto binding_session; + return 0; + }

- if ((conn->sign || server_conf.enforced_signing) || - (req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) - sess->sign = true; + if ((rsp->SessionFlags != SMB2_SESSION_FLAG_IS_GUEST_LE && + (conn->sign || server_conf.enforced_signing)) || + (req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) + sess->sign = true;

- if (smb3_encryption_negotiated(conn) && - !(req->Flags & SMB2_SESSION_REQ_FLAG_BINDING)) { - rc = conn->ops->generate_encryptionkey(sess); - if (rc) { - ksmbd_debug(SMB, - "SMB3 encryption key generation failed\n"); - return -EINVAL; - } - sess->enc = true; - rsp->SessionFlags = SMB2_SESSION_FLAG_ENCRYPT_DATA_LE; - /* - * signing is disable if encryption is enable - * on this session - */ - sess->sign = false; + if (smb3_encryption_negotiated(conn) && + !(req->Flags & SMB2_SESSION_REQ_FLAG_BINDING)) { + rc = conn->ops->generate_encryptionkey(sess); + if (rc) { + ksmbd_debug(SMB, + "SMB3 encryption key generation failed\n"); + return -EINVAL; } + sess->enc = true; + rsp->SessionFlags = SMB2_SESSION_FLAG_ENCRYPT_DATA_LE; + /* + * signing is disable if encryption is enable + * on this session + */ + sess->sign = false; }

binding_session:

From patchwork Mon Nov 14 12:53:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183374 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:25 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:25 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:25 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 277/308] ksmbd: fix SMB 3.11 posix extension mount failure Date: Mon, 14 Nov 2022 20:53:06 +0800 Message-ID: 20221114125337.1831594-278-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 44f7cc44-db5e-4d53-5cf7-08dac63c90a1 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6907406 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.17-rc4 commit 9ca8581e79e51c57e60b3b8e3b89d816448f49fe category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/9ca8581e79e5

-------------------------------

cifs client set 4 to DataLength of create_posix context, which mean Mode variable of create_posix context is only available. So buffer validation of ksmbd should check only the size of Mode except for the size of Reserved variable.

Fixes: 8f77150c15f8 ("ksmbd: add buffer validation for SMB2_CREATE_CONTEXT") Cc: stable@vger.kernel.org # v5.15+ Reported-by: Steve French smfrench@gmail.com Tested-by: Steve French stfrench@microsoft.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 7bf9f85cd021..98f2805bf092 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -2671,7 +2671,7 @@ int smb2_open(struct ksmbd_work *work) (struct create_posix *)context; if (le16_to_cpu(context->DataOffset) + le32_to_cpu(context->DataLength) < - sizeof(struct create_posix)) { + sizeof(struct create_posix) - 4) { rc = -EINVAL; goto err_out1; }

From patchwork Mon Nov 14 12:53:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183375 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:26 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:26 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:25 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 278/308] ksmbd: smbd: validate buffer descriptor structures Date: Mon, 14 Nov 2022 20:53:07 +0800 Message-ID: 20221114125337.1831594-279-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: d0b5a431-b977-449e-3b69-08dac63c90ea X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6938225 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.17-rc4 commit 6d896d3b44cf64ab9b2483697e222098e7b72f70 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/6d896d3b44cf

-------------------------------

Check ChannelInfoOffset and ChannelInfoLength to validate buffer descriptor structures. And add a debug log to print the structures' content.

Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 36 ++++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 98f2805bf092..53f263742b0f 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -6070,13 +6070,26 @@ static int smb2_set_remote_key_for_rdma(struct ksmbd_work *work, __le16 ChannelInfoOffset, __le16 ChannelInfoLength) { + unsigned int i, ch_count; + if (work->conn->dialect == SMB30_PROT_ID && Channel != SMB2_CHANNEL_RDMA_V1) return -EINVAL;

- if (ChannelInfoOffset == 0 || - le16_to_cpu(ChannelInfoLength) < sizeof(*desc)) + ch_count = le16_to_cpu(ChannelInfoLength) / sizeof(*desc); + if (ksmbd_debug_types & KSMBD_DEBUG_RDMA) { + for (i = 0; i < ch_count; i++) { + pr_info("RDMA r/w request %#x: token %#x, length %#x\n", + i, + le32_to_cpu(desc[i].token), + le32_to_cpu(desc[i].length)); + } + } + if (ch_count != 1) { + ksmbd_debug(RDMA, "RDMA multiple buffer descriptors %d are not supported yet\n", + ch_count); return -EINVAL; + }

work->need_invalidate_rkey = (Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE); @@ -6129,9 +6142,15 @@ int smb2_read(struct ksmbd_work *work)

if (req->Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE || req->Channel == SMB2_CHANNEL_RDMA_V1) { + unsigned int ch_offset = le16_to_cpu(req->ReadChannelInfoOffset); + + if (ch_offset < offsetof(struct smb2_read_req, Buffer)) { + err = -EINVAL; + goto out; + } err = smb2_set_remote_key_for_rdma(work, (struct smb2_buffer_desc_v1 *) - &req->Buffer[0], + ((char *)req + ch_offset), req->Channel, req->ReadChannelInfoOffset, req->ReadChannelInfoLength); @@ -6372,11 +6391,16 @@ int smb2_write(struct ksmbd_work *work)

if (req->Channel == SMB2_CHANNEL_RDMA_V1 || req->Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE) { - if (req->Length != 0 || req->DataOffset != 0) - return -EINVAL; + unsigned int ch_offset = le16_to_cpu(req->WriteChannelInfoOffset); + + if (req->Length != 0 || req->DataOffset != 0 || + ch_offset < offsetof(struct smb2_write_req, Buffer)) { + err = -EINVAL; + goto out; + } err = smb2_set_remote_key_for_rdma(work, (struct smb2_buffer_desc_v1 *) - &req->Buffer[0], + ((char *)req + ch_offset), req->Channel, req->WriteChannelInfoOffset, req->WriteChannelInfoLength);

From patchwork Mon Nov 14 12:53:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183376 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:26 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:26 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:25 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 279/308] ksmbd: fix same UniqueId for dot and dotdot entries Date: Mon, 14 Nov 2022 20:53:08 +0800 Message-ID: 20221114125337.1831594-280-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 2191281a-5600-4be6-cca7-08dac63c9132 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6819616 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.17-rc4 commit 97550c7478a2da93e348d8c3075d92cddd473a78 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/97550c7478a2

-------------------------------

ksmbd sets the inode number to UniqueId. However, the same UniqueId for dot and dotdot entry is set to the inode number of the parent inode. This patch set them using the current inode and parent inode.

Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb_common.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fs/ksmbd/smb_common.c b/fs/ksmbd/smb_common.c index be9701273c71..2476ba92b475 100644 --- a/fs/ksmbd/smb_common.c +++ b/fs/ksmbd/smb_common.c @@ -307,14 +307,17 @@ int ksmbd_populate_dot_dotdot_entries(struct ksmbd_work *work, int info_level, for (i = 0; i < 2; i++) { struct kstat kstat; struct ksmbd_kstat ksmbd_kstat; + struct dentry *dentry;

if (!dir->dot_dotdot[i]) { /* fill dot entry info */ if (i == 0) { d_info->name = "."; d_info->name_len = 1; + dentry = dir->filp->f_path.dentry; } else { d_info->name = ".."; d_info->name_len = 2; + dentry = dir->filp->f_path.dentry->d_parent; }

if (!match_pattern(d_info->name, d_info->name_len, @@ -325,7 +328,7 @@ int ksmbd_populate_dot_dotdot_entries(struct ksmbd_work *work, int info_level,

ksmbd_kstat.kstat = &kstat; ksmbd_vfs_fill_dentry_attrs(work, - dir->filp->f_path.dentry->d_parent, + dentry, &ksmbd_kstat); rc = fn(conn, info_level, d_info, &ksmbd_kstat); if (rc)

From patchwork Mon Nov 14 12:53:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183377 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:27 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:26 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:26 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 280/308] ksmbd: don't align last entry offset in smb2 query directory Date: Mon, 14 Nov 2022 20:53:09 +0800 Message-ID: 20221114125337.1831594-281-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: d0cc8882-d53d-4c81-8508-08dac63c917b X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7000995 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.17-rc4 commit 04e260948a160d3b7d622bf4c8a96fa4577c09bd category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/04e260948a16

-------------------------------

When checking smb2 query directory packets from other servers, OutputBufferLength is different with ksmbd. Other servers add an unaligned next offset to OutputBufferLength for the last entry.

Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 7 ++++--- fs/ksmbd/vfs.h | 1 + 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 53f263742b0f..f118cbf00cac 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -3393,9 +3393,9 @@ static int smb2_populate_readdir_entry(struct ksmbd_conn *conn, int info_level, goto free_conv_name; }

- struct_sz = readdir_info_level_struct_sz(info_level); - next_entry_offset = ALIGN(struct_sz - 1 + conv_len, - KSMBD_DIR_INFO_ALIGNMENT); + struct_sz = readdir_info_level_struct_sz(info_level) - 1 + conv_len; + next_entry_offset = ALIGN(struct_sz, KSMBD_DIR_INFO_ALIGNMENT); + d_info->last_entry_off_align = next_entry_offset - struct_sz;

if (next_entry_offset > d_info->out_buf_len) { d_info->out_buf_len = 0; @@ -3943,6 +3943,7 @@ int smb2_query_dir(struct ksmbd_work *work) ((struct file_directory_info *) ((char *)rsp->Buffer + d_info.last_entry_offset)) ->NextEntryOffset = 0; + d_info.data_count -= d_info.last_entry_off_align;

rsp->StructureSize = cpu_to_le16(9); rsp->OutputBufferOffset = cpu_to_le16(72); diff --git a/fs/ksmbd/vfs.h b/fs/ksmbd/vfs.h index 51ff1f63965c..edaf12ced841 100644 --- a/fs/ksmbd/vfs.h +++ b/fs/ksmbd/vfs.h @@ -86,6 +86,7 @@ struct ksmbd_dir_info { int last_entry_offset; bool hide_dot_file; int flags; + int last_entry_off_align; };

struct ksmbd_readdir_data {

From patchwork Mon Nov 14 12:53:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183378 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:27 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:27 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:26 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 281/308] ksmbd: reduce smb direct max read/write size Date: Mon, 14 Nov 2022 20:53:10 +0800 Message-ID: 20221114125337.1831594-282-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 56754099-5497-41d3-ca2e-08dac63c91c3 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7001672 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.17-rc4 commit deae24b0b13ff5f46022124fbfc2c72fc534bc6a category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/deae24b0b13f

-------------------------------

ksmbd does not support more than one Buffer Descriptor V1 element in an smbdirect protocol request. Reducing the maximum read/write size to about 512KB allows interoperability with Windows over a wider variety of RDMA NICs, as an interim workaround.

Reviewed-by: Tom Talpey tom@talpey.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/transport_rdma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c index 3c1ec1ac0b27..ba5a22bc2e6d 100644 --- a/fs/ksmbd/transport_rdma.c +++ b/fs/ksmbd/transport_rdma.c @@ -80,7 +80,7 @@ static int smb_direct_max_fragmented_recv_size = 1024 * 1024; /* The maximum single-message size which can be received */ static int smb_direct_max_receive_size = 8192;

-static int smb_direct_max_read_write_size = 1048512; +static int smb_direct_max_read_write_size = 524224;

static int smb_direct_max_outstanding_rw_ops = 8;

From patchwork Mon Nov 14 12:53:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183379 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:28 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:27 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:27 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 282/308] ksmbd: fix reference count leak in smb_check_perm_dacl() Date: Mon, 14 Nov 2022 20:53:11 +0800 Message-ID: 20221114125337.1831594-283-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 7d3bcc32-5661-4969-8d48-08dac63c920d X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6924425 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Xin Xiong xiongx18@fudan.edu.cn

mainline inclusion from mainline-5.19-rc1 commit d21a580dafc69aa04f46e6099616146a536b0724 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/d21a580dafc6

-------------------------------

The issue happens in a specific path in smb_check_perm_dacl(). When "id" and "uid" have the same value, the function simply jumps out of the loop without decrementing the reference count of the object "posix_acls", which is increased by get_acl() earlier. This may result in memory leaks.

Fix it by decreasing the reference count of "posix_acls" before jumping to label "check_access_bits".

Fixes: 777cad1604d6 ("ksmbd: remove select FS_POSIX_ACL in Kconfig") Signed-off-by: Xin Xiong xiongx18@fudan.edu.cn Signed-off-by: Xin Tan tanxin.ctf@gmail.com Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smbacl.c | 1 + 1 file changed, 1 insertion(+)

diff --git a/fs/ksmbd/smbacl.c b/fs/ksmbd/smbacl.c index 7d8f9d03fb64..aa2c76e1bcbe 100644 --- a/fs/ksmbd/smbacl.c +++ b/fs/ksmbd/smbacl.c @@ -1250,6 +1250,7 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, struct path *path, if (!access_bits) access_bits = SET_MINIMUM_RIGHTS; + posix_acl_release(posix_acls); goto check_access_bits; } }

From patchwork Mon Nov 14 12:53:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183380 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:28 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:28 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:27 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 283/308] ksmbd: smbd: fix connection dropped issue Date: Mon, 14 Nov 2022 20:53:12 +0800 Message-ID: 20221114125337.1831594-284-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: c6527e00-d62c-42f6-1eed-08dac63c9256 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7065658 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-5.19-rc1 commit 5366afc4065075a4456941fbd51c33604d631ee5 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/5366afc40650

-------------------------------

When there are bursty connection requests, RDMA connection event handler is deferred and Negotiation requests are received even if connection status is NEW.

To handle it, set the status to CONNECTED if Negotiation requests are received.

Reported-by: Yufan Chen wiz.chen@gmail.com Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Tested-by: Yufan Chen wiz.chen@gmail.com Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/transport_rdma.c | 1 + 1 file changed, 1 insertion(+)

diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c index ba5a22bc2e6d..d3b60b833a81 100644 --- a/fs/ksmbd/transport_rdma.c +++ b/fs/ksmbd/transport_rdma.c @@ -569,6 +569,7 @@ static void recv_done(struct ib_cq *cq, struct ib_wc *wc) } t->negotiation_requested = true; t->full_packet_received = true; + t->status = SMB_DIRECT_CS_CONNECTED; enqueue_reassembly(t, recvmsg, 0); wake_up_interruptible(&t->wait_status); break;

From patchwork Mon Nov 14 12:53:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183381 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:29 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:28 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:28 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 284/308] ksmbd: add channel rwlock Date: Mon, 14 Nov 2022 20:53:13 +0800 Message-ID: 20221114125337.1831594-285-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 47db2fea-44fc-4910-54d4-08dac63c92a0 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6827952 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-6.0-rc1 commit 8e06b31e348107c5d78e2c90bb7e69388cb97fb6 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/8e06b31e3481

-------------------------------

Add missing rwlock for channel list in session.

Signed-off-by: Namjae Jeon linkinjeon@kernel.org Reviewed-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/mgmt/user_session.c | 3 +++ fs/ksmbd/mgmt/user_session.h | 1 + fs/ksmbd/smb2pdu.c | 20 ++++++++++++++++++-- 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/fs/ksmbd/mgmt/user_session.c b/fs/ksmbd/mgmt/user_session.c index 8d8ffd8c6f19..e963433a645c 100644 --- a/fs/ksmbd/mgmt/user_session.c +++ b/fs/ksmbd/mgmt/user_session.c @@ -32,11 +32,13 @@ static void free_channel_list(struct ksmbd_session *sess) { struct channel *chann, *tmp;

+ write_lock(&sess->chann_lock); list_for_each_entry_safe(chann, tmp, &sess->ksmbd_chann_list, chann_list) { list_del(&chann->chann_list); kfree(chann); } + write_unlock(&sess->chann_lock); }

static void __session_rpc_close(struct ksmbd_session *sess, @@ -320,6 +322,7 @@ static struct ksmbd_session *__session_create(int protocol) INIT_LIST_HEAD(&sess->rpc_handle_list); sess->sequence_number = 1; atomic_set(&sess->refcnt, 1); + rwlock_init(&sess->chann_lock);

switch (protocol) { case CIFDS_SESSION_FLAG_SMB2: diff --git a/fs/ksmbd/mgmt/user_session.h b/fs/ksmbd/mgmt/user_session.h index e241f16a3851..67f5c4106528 100644 --- a/fs/ksmbd/mgmt/user_session.h +++ b/fs/ksmbd/mgmt/user_session.h @@ -48,6 +48,7 @@ struct ksmbd_session { char sess_key[CIFS_KEY_SIZE];

struct hlist_node hlist; + rwlock_t chann_lock; struct list_head ksmbd_chann_list; struct xarray tree_conns; struct ida tree_conn_ida; diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index f118cbf00cac..39a49010e3b9 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -1509,7 +1509,9 @@ static int ntlm_authenticate(struct ksmbd_work *work)

binding_session: if (conn->dialect >= SMB30_PROT_ID) { + read_lock(&sess->chann_lock); chann = lookup_chann_list(sess, conn); + read_unlock(&sess->chann_lock); if (!chann) { chann = kmalloc(sizeof(struct channel), GFP_KERNEL); if (!chann) @@ -1517,7 +1519,9 @@ static int ntlm_authenticate(struct ksmbd_work *work)

chann->conn = conn; INIT_LIST_HEAD(&chann->chann_list); + write_lock(&sess->chann_lock); list_add(&chann->chann_list, &sess->ksmbd_chann_list); + write_unlock(&sess->chann_lock); } }

@@ -1591,7 +1595,9 @@ static int krb5_authenticate(struct ksmbd_work *work) }

if (conn->dialect >= SMB30_PROT_ID) { + read_lock(&sess->chann_lock); chann = lookup_chann_list(sess, conn); + read_unlock(&sess->chann_lock); if (!chann) { chann = kmalloc(sizeof(struct channel), GFP_KERNEL); if (!chann) @@ -1599,7 +1605,9 @@ static int krb5_authenticate(struct ksmbd_work *work)

chann->conn = conn; INIT_LIST_HEAD(&chann->chann_list); + write_lock(&sess->chann_lock); list_add(&chann->chann_list, &sess->ksmbd_chann_list); + write_unlock(&sess->chann_lock); } }

@@ -8303,10 +8311,14 @@ int smb3_check_sign_req(struct ksmbd_work *work) if (le16_to_cpu(hdr->Command) == SMB2_SESSION_SETUP_HE) { signing_key = work->sess->smb3signingkey; } else { + read_lock(&work->sess->chann_lock); chann = lookup_chann_list(work->sess, conn); - if (!chann) + if (!chann) { + read_unlock(&work->sess->chann_lock); return 0; + } signing_key = chann->smb3signingkey; + read_unlock(&work->sess->chann_lock); }

if (!signing_key) { @@ -8366,10 +8378,14 @@ void smb3_set_sign_rsp(struct ksmbd_work *work) le16_to_cpu(hdr->Command) == SMB2_SESSION_SETUP_HE) { signing_key = work->sess->smb3signingkey; } else { + read_lock(&work->sess->chann_lock); chann = lookup_chann_list(work->sess, work->conn); - if (!chann) + if (!chann) { + read_unlock(&work->sess->chann_lock); return; + } signing_key = chann->smb3signingkey; + read_unlock(&work->sess->chann_lock); }

if (!signing_key)

From patchwork Mon Nov 14 12:53:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183382 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:29 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:29 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:28 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 285/308] ksmbd: handle smb2 query dir request for OutputBufferLength that is too small Date: Mon, 14 Nov 2022 20:53:14 +0800 Message-ID: 20221114125337.1831594-286-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 56048b9f-f006-4299-32a9-08dac63c92e9 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6848766 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.19-rc1 commit 65ca7a3ffff811d6c0d4342d467c381257d566d4 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/65ca7a3ffff8

-------------------------------

We found the issue that ksmbd return STATUS_NO_MORE_FILES response even though there are still dentries that needs to be read while file read/write test using framtest utils. windows client send smb2 query dir request included OutputBufferLength(128) that is too small to contain even one entry. This patch make ksmbd immediately returns OutputBufferLength of response as zero to client.

Signed-off-by: Namjae Jeon linkinjeon@kernel.org Reviewed-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 39a49010e3b9..8d51cfc3f04a 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -3922,6 +3922,12 @@ int smb2_query_dir(struct ksmbd_work *work) set_ctx_actor(&dir_fp->readdir_data.ctx, __query_dir);

rc = iterate_dir(dir_fp->filp, &dir_fp->readdir_data.ctx); + /* + * req->OutputBufferLength is too small to contain even one entry. + * In this case, it immediately returns OutputBufferLength 0 to client. + */ + if (!d_info.out_buf_len && !d_info.num_entry) + goto no_buf_len; if (rc == 0) restart_ctx(&dir_fp->readdir_data.ctx); if (rc == -ENOSPC) @@ -3948,10 +3954,12 @@ int smb2_query_dir(struct ksmbd_work *work) rsp->Buffer[0] = 0; inc_rfc1001_len(work->response_buf, 9); } else { +no_buf_len: ((struct file_directory_info *) ((char *)rsp->Buffer + d_info.last_entry_offset)) ->NextEntryOffset = 0; - d_info.data_count -= d_info.last_entry_off_align; + if (d_info.data_count >= d_info.last_entry_off_align) + d_info.data_count -= d_info.last_entry_off_align;

rsp->StructureSize = cpu_to_le16(9); rsp->OutputBufferOffset = cpu_to_le16(72);

From patchwork Mon Nov 14 12:53:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183383 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:29 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:29 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:29 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 286/308] ksmbd: fix incorrect handling of iterate_dir Date: Mon, 14 Nov 2022 20:53:15 +0800 Message-ID: 20221114125337.1831594-287-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 9e971fb7-20d3-4d9e-5262-08dac63c9331 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6909730 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-6.1-rc1 commit 88541cb414b7a2450c45fc9c131b37b5753b7679 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/88541cb414b7

-------------------------------

if iterate_dir() returns non-negative value, caller has to treat it as normal and check there is any error while populating dentry information. ksmbd doesn't have to do anything because ksmbd already checks too small OutputBufferLength to store one file information.

And because ctx->pos is set to file->f_pos when iterative_dir is called, remove restart_ctx(). And if iterate_dir() return -EIO, which mean directory entry is corrupted, return STATUS_FILE_CORRUPT_ERROR error response.

This patch fixes some failure of SMB2_QUERY_DIRECTORY, which happens when ntfs3 is local filesystem.

Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Cc: stable@vger.kernel.org Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 8d51cfc3f04a..9695661f4cc0 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -3772,11 +3772,6 @@ static int __query_dir(struct dir_context *ctx, const char *name, int namlen, return 0; }

-static void restart_ctx(struct dir_context *ctx) -{ - ctx->pos = 0; -} - static int verify_info_level(int info_level) { switch (info_level) { @@ -3881,7 +3876,6 @@ int smb2_query_dir(struct ksmbd_work *work) if (srch_flag & SMB2_REOPEN || srch_flag & SMB2_RESTART_SCANS) { ksmbd_debug(SMB, "Restart directory scan\n"); generic_file_llseek(dir_fp->filp, 0, SEEK_SET); - restart_ctx(&dir_fp->readdir_data.ctx); }

memset(&d_info, 0, sizeof(struct ksmbd_dir_info)); @@ -3928,11 +3922,9 @@ int smb2_query_dir(struct ksmbd_work *work) */ if (!d_info.out_buf_len && !d_info.num_entry) goto no_buf_len; - if (rc == 0) - restart_ctx(&dir_fp->readdir_data.ctx); - if (rc == -ENOSPC) + if (rc > 0 || rc == -ENOSPC) rc = 0; - if (rc) + else if (rc) goto err_out;

d_info.wptr = d_info.rptr; @@ -3989,6 +3981,8 @@ int smb2_query_dir(struct ksmbd_work *work) rsp->hdr.Status = STATUS_NO_MEMORY; else if (rc == -EFAULT) rsp->hdr.Status = STATUS_INVALID_INFO_CLASS; + else if (rc == -EIO) + rsp->hdr.Status = STATUS_FILE_CORRUPT_ERROR; if (!rsp->hdr.Status) rsp->hdr.Status = STATUS_UNEXPECTED_IO_ERROR;

From patchwork Mon Nov 14 12:53:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183384 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:30 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:30 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:29 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 287/308] ksmbd: use wait_event instead of schedule_timeout() Date: Mon, 14 Nov 2022 20:53:16 +0800 Message-ID: 20221114125337.1831594-288-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: e6730972-d602-48c2-bdbc-08dac63c9379 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7101074 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-6.0-rc1 commit a14c573870a664386adc10526a6c2648ea56dae1 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/a14c573870a6

-------------------------------

ksmbd threads eating masses of cputime when connection is disconnected. If connection is disconnected, ksmbd thread waits for pending requests to be processed using schedule_timeout. schedule_timeout() incorrectly is used, and it is more efficient to use wait_event/wake_up than to check r_count every time with timeout.

Signed-off-by: Namjae Jeon linkinjeon@kernel.org Reviewed-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/connection.c | 6 +++--- fs/ksmbd/connection.h | 1 + fs/ksmbd/oplock.c | 35 ++++++++++++++++++++++------------- fs/ksmbd/server.c | 8 +++++++- 4 files changed, 33 insertions(+), 17 deletions(-)

diff --git a/fs/ksmbd/connection.c b/fs/ksmbd/connection.c index 6f4cee9beaa9..41e9c2d6c3b1 100644 --- a/fs/ksmbd/connection.c +++ b/fs/ksmbd/connection.c @@ -64,6 +64,7 @@ struct ksmbd_conn *ksmbd_conn_alloc(void) conn->total_credits = 1;

init_waitqueue_head(&conn->req_running_q); + init_waitqueue_head(&conn->r_count_q); INIT_LIST_HEAD(&conn->conns_list); INIT_LIST_HEAD(&conn->sessions); INIT_LIST_HEAD(&conn->requests); @@ -163,7 +164,6 @@ int ksmbd_conn_write(struct ksmbd_work *work) struct kvec iov[3]; int iov_idx = 0;

- ksmbd_conn_try_dequeue_request(work); if (!work->response_buf) { pr_err("NULL response header\n"); return -EINVAL; @@ -345,8 +345,8 @@ int ksmbd_conn_handler_loop(void *p)

out: /* Wait till all reference dropped to the Server object*/ - while (atomic_read(&conn->r_count) > 0) - schedule_timeout(HZ); + wait_event(conn->r_count_q, atomic_read(&conn->r_count) == 0); +

unload_nls(conn->local_nls); if (default_conn_ops.terminate_fn) diff --git a/fs/ksmbd/connection.h b/fs/ksmbd/connection.h index d85f0122edc9..e330e1f87dbe 100644 --- a/fs/ksmbd/connection.h +++ b/fs/ksmbd/connection.h @@ -65,6 +65,7 @@ struct ksmbd_conn { unsigned short max_credits; spinlock_t credits_lock; wait_queue_head_t req_running_q; + wait_queue_head_t r_count_q; /* Lock to protect requests list*/ spinlock_t request_lock; struct list_head requests; diff --git a/fs/ksmbd/oplock.c b/fs/ksmbd/oplock.c index 3162bdcdb255..f6f1adf94673 100644 --- a/fs/ksmbd/oplock.c +++ b/fs/ksmbd/oplock.c @@ -615,18 +615,13 @@ static void __smb2_oplock_break_noti(struct work_struct *wk) struct ksmbd_file *fp;

fp = ksmbd_lookup_durable_fd(br_info->fid); - if (!fp) { - atomic_dec(&conn->r_count); - ksmbd_free_work_struct(work); - return; - } + if (!fp) + goto out;

if (allocate_oplock_break_buf(work)) { pr_err("smb2_allocate_rsp_buf failed! "); - atomic_dec(&conn->r_count); ksmbd_fd_put(work, fp); - ksmbd_free_work_struct(work); - return; + goto out; }

rsp_hdr = smb2_get_msg(work->response_buf); @@ -667,8 +662,16 @@ static void __smb2_oplock_break_noti(struct work_struct *wk)

ksmbd_fd_put(work, fp); ksmbd_conn_write(work); + +out: ksmbd_free_work_struct(work); - atomic_dec(&conn->r_count); + /* + * Checking waitqueue to dropping pending requests on + * disconnection. waitqueue_active is safe because it + * uses atomic operation for condition. + */ + if (!atomic_dec_return(&conn->r_count) && waitqueue_active(&conn->r_count_q)) + wake_up(&conn->r_count_q); }

/** @@ -731,9 +734,7 @@ static void __smb2_lease_break_noti(struct work_struct *wk)

if (allocate_oplock_break_buf(work)) { ksmbd_debug(OPLOCK, "smb2_allocate_rsp_buf failed! "); - ksmbd_free_work_struct(work); - atomic_dec(&conn->r_count); - return; + goto out; }

rsp_hdr = smb2_get_msg(work->response_buf); @@ -771,8 +772,16 @@ static void __smb2_lease_break_noti(struct work_struct *wk) inc_rfc1001_len(work->response_buf, 44);

ksmbd_conn_write(work); + +out: ksmbd_free_work_struct(work); - atomic_dec(&conn->r_count); + /* + * Checking waitqueue to dropping pending requests on + * disconnection. waitqueue_active is safe because it + * uses atomic operation for condition. + */ + if (!atomic_dec_return(&conn->r_count) && waitqueue_active(&conn->r_count_q)) + wake_up(&conn->r_count_q); }

/** diff --git a/fs/ksmbd/server.c b/fs/ksmbd/server.c index 9e635aa25c13..72d8fd1c4d43 100644 --- a/fs/ksmbd/server.c +++ b/fs/ksmbd/server.c @@ -261,7 +261,13 @@ static void handle_ksmbd_work(struct work_struct *wk)

ksmbd_conn_try_dequeue_request(work); ksmbd_free_work_struct(work); - atomic_dec(&conn->r_count); + /* + * Checking waitqueue to dropping pending requests on + * disconnection. waitqueue_active is safe because it + * uses atomic operation for condition. + */ + if (!atomic_dec_return(&conn->r_count) && waitqueue_active(&conn->r_count_q)) + wake_up(&conn->r_count_q); }

/**

From patchwork Mon Nov 14 12:53:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183385 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:30 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:30 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:30 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 288/308] ksmbd: replace sessions list in connection with xarray Date: Mon, 14 Nov 2022 20:53:17 +0800 Message-ID: 20221114125337.1831594-289-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 29ae969c-b4f0-4fb8-e813-08dac63c93c2 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7062858 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-6.0-rc1 commit e4d3e6b524c0c928f7fc9e03e047885c4951ae60 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/e4d3e6b524c0

-------------------------------

Replace sessions list in connection with xarray.

Signed-off-by: Namjae Jeon linkinjeon@kernel.org Reviewed-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/connection.c | 3 ++- fs/ksmbd/connection.h | 2 +- fs/ksmbd/mgmt/user_session.c | 31 +++++++------------------------ fs/ksmbd/mgmt/user_session.h | 5 ++--- fs/ksmbd/smb2pdu.c | 13 +++++++++---- 5 files changed, 21 insertions(+), 33 deletions(-)

diff --git a/fs/ksmbd/connection.c b/fs/ksmbd/connection.c index 41e9c2d6c3b1..cdb029e4fae5 100644 --- a/fs/ksmbd/connection.c +++ b/fs/ksmbd/connection.c @@ -36,6 +36,7 @@ void ksmbd_conn_free(struct ksmbd_conn *conn) list_del(&conn->conns_list); write_unlock(&conn_list_lock);

+ xa_destroy(&conn->sessions); kvfree(conn->request_buf); kfree(conn->preauth_info); kfree(conn); @@ -66,12 +67,12 @@ struct ksmbd_conn *ksmbd_conn_alloc(void) init_waitqueue_head(&conn->req_running_q); init_waitqueue_head(&conn->r_count_q); INIT_LIST_HEAD(&conn->conns_list); - INIT_LIST_HEAD(&conn->sessions); INIT_LIST_HEAD(&conn->requests); INIT_LIST_HEAD(&conn->async_requests); spin_lock_init(&conn->request_lock); spin_lock_init(&conn->credits_lock); ida_init(&conn->async_ida); + xa_init(&conn->sessions);

spin_lock_init(&conn->llist_lock); INIT_LIST_HEAD(&conn->lock_list); diff --git a/fs/ksmbd/connection.h b/fs/ksmbd/connection.h index e330e1f87dbe..aeef0a74c1dd 100644 --- a/fs/ksmbd/connection.h +++ b/fs/ksmbd/connection.h @@ -55,7 +55,7 @@ struct ksmbd_conn { struct nls_table *local_nls; struct list_head conns_list; /* smb session 1 per user */ - struct list_head sessions; + struct xarray sessions; unsigned long last_active; /* How many request are running currently */ atomic_t req_running; diff --git a/fs/ksmbd/mgmt/user_session.c b/fs/ksmbd/mgmt/user_session.c index e963433a645c..25e9ba3b7550 100644 --- a/fs/ksmbd/mgmt/user_session.c +++ b/fs/ksmbd/mgmt/user_session.c @@ -154,8 +154,6 @@ void ksmbd_session_destroy(struct ksmbd_session *sess) if (!atomic_dec_and_test(&sess->refcnt)) return;

- list_del(&sess->sessions_entry); - down_write(&sessions_table_lock); hash_del(&sess->hlist); up_write(&sessions_table_lock); @@ -183,42 +181,28 @@ static struct ksmbd_session *__session_lookup(unsigned long long id) return NULL; }

-void ksmbd_session_register(struct ksmbd_conn *conn, - struct ksmbd_session *sess) +int ksmbd_session_register(struct ksmbd_conn *conn, + struct ksmbd_session *sess) { sess->conn = conn; - list_add(&sess->sessions_entry, &conn->sessions); + return xa_err(xa_store(&conn->sessions, sess->id, sess, GFP_KERNEL)); }

void ksmbd_sessions_deregister(struct ksmbd_conn *conn) { struct ksmbd_session *sess; + unsigned long id;

- while (!list_empty(&conn->sessions)) { - sess = list_entry(conn->sessions.next, - struct ksmbd_session, - sessions_entry); - + xa_for_each(&conn->sessions, id, sess) { + xa_erase(&conn->sessions, sess->id); ksmbd_session_destroy(sess); } }

-static bool ksmbd_session_id_match(struct ksmbd_session *sess, - unsigned long long id) -{ - return sess->id == id; -} - struct ksmbd_session *ksmbd_session_lookup(struct ksmbd_conn *conn, unsigned long long id) { - struct ksmbd_session *sess = NULL; - - list_for_each_entry(sess, &conn->sessions, sessions_entry) { - if (ksmbd_session_id_match(sess, id)) - return sess; - } - return NULL; + return xa_load(&conn->sessions, id); }

int get_session(struct ksmbd_session *sess) @@ -316,7 +300,6 @@ static struct ksmbd_session *__session_create(int protocol) goto error;

set_session_flag(sess, protocol); - INIT_LIST_HEAD(&sess->sessions_entry); xa_init(&sess->tree_conns); INIT_LIST_HEAD(&sess->ksmbd_chann_list); INIT_LIST_HEAD(&sess->rpc_handle_list); diff --git a/fs/ksmbd/mgmt/user_session.h b/fs/ksmbd/mgmt/user_session.h index 67f5c4106528..1ec659f0151b 100644 --- a/fs/ksmbd/mgmt/user_session.h +++ b/fs/ksmbd/mgmt/user_session.h @@ -58,7 +58,6 @@ struct ksmbd_session { __u8 smb3decryptionkey[SMB3_ENC_DEC_KEY_SIZE]; __u8 smb3signingkey[SMB3_SIGN_KEY_SIZE];

- struct list_head sessions_entry; struct ksmbd_file_table file_table; atomic_t refcnt; }; @@ -85,8 +84,8 @@ void ksmbd_session_destroy(struct ksmbd_session *sess); struct ksmbd_session *ksmbd_session_lookup_slowpath(unsigned long long id); struct ksmbd_session *ksmbd_session_lookup(struct ksmbd_conn *conn, unsigned long long id); -void ksmbd_session_register(struct ksmbd_conn *conn, - struct ksmbd_session *sess); +int ksmbd_session_register(struct ksmbd_conn *conn, + struct ksmbd_session *sess); void ksmbd_sessions_deregister(struct ksmbd_conn *conn); struct ksmbd_session *ksmbd_session_lookup_all(struct ksmbd_conn *conn, unsigned long long id); diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 9695661f4cc0..7dba9a84cb5e 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -587,7 +587,8 @@ int smb2_check_user_session(struct ksmbd_work *work) return -EINVAL; }

-static void destroy_previous_session(struct ksmbd_user *user, u64 id) +static void destroy_previous_session(struct ksmbd_conn *conn, + struct ksmbd_user *user, u64 id) { struct ksmbd_session *prev_sess = ksmbd_session_lookup_slowpath(id); struct ksmbd_user *prev_user; @@ -606,6 +607,7 @@ static void destroy_previous_session(struct ksmbd_user *user, u64 id) }

put_session(prev_sess); + xa_erase(&conn->sessions, prev_sess->id); ksmbd_session_destroy(prev_sess); }

@@ -1438,7 +1440,7 @@ static int ntlm_authenticate(struct ksmbd_work *work) /* Check for previous session */ prev_id = le64_to_cpu(req->PreviousSessionId); if (prev_id && prev_id != sess->id) - destroy_previous_session(user, prev_id); + destroy_previous_session(conn, user, prev_id);

if (sess->state == SMB2_SESSION_VALID) { /* @@ -1564,7 +1566,7 @@ static int krb5_authenticate(struct ksmbd_work *work) /* Check previous session */ prev_sess_id = le64_to_cpu(req->PreviousSessionId); if (prev_sess_id && prev_sess_id != sess->id) - destroy_previous_session(sess->user, prev_sess_id); + destroy_previous_session(conn, sess->user, prev_sess_id);

if (sess->state == SMB2_SESSION_VALID) ksmbd_free_user(sess->user); @@ -1657,7 +1659,9 @@ int smb2_sess_setup(struct ksmbd_work *work) goto out_err; } rsp->hdr.SessionId = cpu_to_le64(sess->id); - ksmbd_session_register(conn, sess); + rc = ksmbd_session_register(conn, sess); + if (rc) + goto out_err; } else if (conn->dialect >= SMB30_PROT_ID && (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL) && req->Flags & SMB2_SESSION_REQ_FLAG_BINDING) { @@ -1835,6 +1839,7 @@ int smb2_sess_setup(struct ksmbd_work *work) if (sess->user && sess->user->flags & KSMBD_USER_FLAG_DELAY_SESSION) try_delay = true;

+ xa_erase(&conn->sessions, sess->id); ksmbd_session_destroy(sess); work->sess = NULL; if (try_delay)

From patchwork Mon Nov 14 12:53:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183386 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:31 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:31 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:30 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 289/308] ksmbd: fix kernel oops from idr_remove() Date: Mon, 14 Nov 2022 20:53:18 +0800 Message-ID: 20221114125337.1831594-290-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: a771a888-9105-4f91-ec3a-08dac63c940b X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6872937 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-6.0-rc1 commit 17ea92a9f6d0b9a97aaec5ab748e4591d70a562c category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/17ea92a9f6d0

-------------------------------

There is a report that kernel oops happen from idr_remove().

kernel: BUG: kernel NULL pointer dereference, address: 0000000000000010 kernel: RIP: 0010:idr_remove+0x1/0x20 kernel: __ksmbd_close_fd+0xb2/0x2d0 [ksmbd] kernel: ksmbd_vfs_read+0x91/0x190 [ksmbd] kernel: ksmbd_fd_put+0x29/0x40 [ksmbd] kernel: smb2_read+0x210/0x390 [ksmbd] kernel: __process_request+0xa4/0x180 [ksmbd] kernel: __handle_ksmbd_work+0xf0/0x290 [ksmbd] kernel: handle_ksmbd_work+0x2d/0x50 [ksmbd] kernel: process_one_work+0x21d/0x3f0 kernel: worker_thread+0x50/0x3d0 kernel: rescuer_thread+0x390/0x390 kernel: kthread+0xee/0x120 kthread_complete_and_exit+0x20/0x20 kernel: ret_from_fork+0x22/0x30

While accessing files, If connection is disconnected, windows send session setup request included previous session destroy. But while still processing requests on previous session, this request destroy file table, which mean file table idr will be freed and set to NULL. So kernel oops happen from ft->idr in __ksmbd_close_fd(). This patch don't directly destroy session in destroy_previous_session(). It just set to KSMBD_SESS_EXITING so that connection will be terminated after finishing the rest of requests.

Signed-off-by: Namjae Jeon linkinjeon@kernel.org Reviewed-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/mgmt/user_session.c | 2 ++ fs/ksmbd/smb2pdu.c | 8 ++++++-- 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/fs/ksmbd/mgmt/user_session.c b/fs/ksmbd/mgmt/user_session.c index 25e9ba3b7550..b9acb6770b03 100644 --- a/fs/ksmbd/mgmt/user_session.c +++ b/fs/ksmbd/mgmt/user_session.c @@ -239,6 +239,8 @@ struct ksmbd_session *ksmbd_session_lookup_all(struct ksmbd_conn *conn, sess = ksmbd_session_lookup(conn, id); if (!sess && conn->binding) sess = ksmbd_session_lookup_slowpath(id); + if (sess && sess->state != SMB2_SESSION_VALID) + sess = NULL; return sess; }

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 7dba9a84cb5e..efdba70ad240 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -592,6 +592,7 @@ static void destroy_previous_session(struct ksmbd_conn *conn, { struct ksmbd_session *prev_sess = ksmbd_session_lookup_slowpath(id); struct ksmbd_user *prev_user; + struct channel *chann;

if (!prev_sess) return; @@ -607,8 +608,11 @@ static void destroy_previous_session(struct ksmbd_conn *conn, }

put_session(prev_sess); - xa_erase(&conn->sessions, prev_sess->id); - ksmbd_session_destroy(prev_sess); + prev_sess->state = SMB2_SESSION_EXPIRED; + write_lock(&prev_sess->chann_lock); + list_for_each_entry(chann, &prev_sess->ksmbd_chann_list, chann_list) + chann->conn->status = KSMBD_SESS_EXITING; + write_unlock(&prev_sess->chann_lock); }

/**

From patchwork Mon Nov 14 12:53:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183387 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:31 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:31 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:31 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 290/308] ksmbd: remove unused ksmbd_share_configs_cleanup function Date: Mon, 14 Nov 2022 20:53:19 +0800 Message-ID: 20221114125337.1831594-291-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 3c528bce-95fc-47fc-57ca-08dac63c9454 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6944937 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-6.0-rc1 commit 1c90b54718fdea4f89e7e0c2415803f33f6d0b00 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/1c90b54718fd

-------------------------------

remove unused ksmbd_share_configs_cleanup function.

Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/mgmt/share_config.c | 14 -------------- fs/ksmbd/mgmt/share_config.h | 2 -- 2 files changed, 16 deletions(-)

diff --git a/fs/ksmbd/mgmt/share_config.c b/fs/ksmbd/mgmt/share_config.c index cb72d30f5b71..70655af93b44 100644 --- a/fs/ksmbd/mgmt/share_config.c +++ b/fs/ksmbd/mgmt/share_config.c @@ -222,17 +222,3 @@ bool ksmbd_share_veto_filename(struct ksmbd_share_config *share, } return false; } - -void ksmbd_share_configs_cleanup(void) -{ - struct ksmbd_share_config *share; - struct hlist_node *tmp; - int i; - - down_write(&shares_table_lock); - hash_for_each_safe(shares_table, i, tmp, share, hlist) { - hash_del(&share->hlist); - kill_share(share); - } - up_write(&shares_table_lock); -} diff --git a/fs/ksmbd/mgmt/share_config.h b/fs/ksmbd/mgmt/share_config.h index 953befc94e84..28bf3511763f 100644 --- a/fs/ksmbd/mgmt/share_config.h +++ b/fs/ksmbd/mgmt/share_config.h @@ -76,6 +76,4 @@ static inline void ksmbd_share_config_put(struct ksmbd_share_config *share) struct ksmbd_share_config *ksmbd_share_config_get(char *name); bool ksmbd_share_veto_filename(struct ksmbd_share_config *share, const char *filename); -void ksmbd_share_configs_cleanup(void); - #endif /* __SHARE_CONFIG_MANAGEMENT_H__ */

From patchwork Mon Nov 14 12:53:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183388 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:32 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:32 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:31 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 291/308] ksmbd: use vfs_llseek instead of dereferencing NULL Date: Mon, 14 Nov 2022 20:53:20 +0800 Message-ID: 20221114125337.1831594-292-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 6ad09d78-ce5f-4a79-1065-08dac63c949d X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7025897 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: "Jason A. Donenfeld" Jason@zx2c4.com

mainline inclusion from mainline-5.19-rc5 commit 067baa9a37b32b95fdeabccde4b0cb6a2cf95f96 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/067baa9a37b3

-------------------------------

By not checking whether llseek is NULL, this might jump to NULL. Also, it doesn't check FMODE_LSEEK. Fix this by using vfs_llseek(), which always does the right thing.

Fixes: f44158485826 ("cifsd: add file operations") Cc: stable@vger.kernel.org Cc: linux-cifs@vger.kernel.org Cc: Ronnie Sahlberg lsahlber@redhat.com Cc: Hyunchul Lee hyc.lee@gmail.com Cc: Sergey Senozhatsky sergey.senozhatsky@gmail.com Reviewed-by: Namjae Jeon linkinjeon@kernel.org Acked-by: Al Viro viro@zeniv.linux.org.uk Signed-off-by: Jason A. Donenfeld Jason@zx2c4.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/vfs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/ksmbd/vfs.c b/fs/ksmbd/vfs.c index fff5f8674ad0..d6665b03dc18 100644 --- a/fs/ksmbd/vfs.c +++ b/fs/ksmbd/vfs.c @@ -1016,7 +1016,7 @@ int ksmbd_vfs_fqar_lseek(struct ksmbd_file *fp, loff_t start, loff_t length, *out_count = 0; end = start + length; while (start < end && *out_count < in_count) { - extent_start = f->f_op->llseek(f, start, SEEK_DATA); + extent_start = vfs_llseek(f, start, SEEK_DATA); if (extent_start < 0) { if (extent_start != -ENXIO) ret = (int)extent_start; @@ -1026,7 +1026,7 @@ int ksmbd_vfs_fqar_lseek(struct ksmbd_file *fp, loff_t start, loff_t length, if (extent_start >= end) break;

- extent_end = f->f_op->llseek(f, extent_start, SEEK_HOLE); + extent_end = vfs_llseek(f, extent_start, SEEK_HOLE); if (extent_end < 0) { if (extent_end != -ENXIO) ret = (int)extent_end;

From patchwork Mon Nov 14 12:53:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183389 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:32 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:32 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:32 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 292/308] ksmbd: fix racy issue while destroying session on multichannel Date: Mon, 14 Nov 2022 20:53:21 +0800 Message-ID: 20221114125337.1831594-293-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 4348e66d-5c27-4b70-c80d-08dac63c94e5 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7267599 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-6.0-rc1 commit af7c39d971e43cd0af488729bca362427ad99488 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/af7c39d971e4

-------------------------------

After multi-channel connection with windows, Several channels of session are connected. Among them, if there is a problem in one channel, Windows connects again after disconnecting the channel. In this process, the session is released and a kernel oop can occurs while processing requests to other channels. When the channel is disconnected, if other channels still exist in the session after deleting the channel from the channel list in the session, the session should not be released. Finally, the session will be released after all channels are disconnected.

Signed-off-by: Namjae Jeon linkinjeon@kernel.org Reviewed-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/auth.c | 56 ++++++++++++++++-------------- fs/ksmbd/auth.h | 11 +++--- fs/ksmbd/connection.h | 7 ---- fs/ksmbd/mgmt/tree_connect.c | 5 +-- fs/ksmbd/mgmt/tree_connect.h | 4 ++- fs/ksmbd/mgmt/user_session.c | 67 ++++++++++++++++++++++++------------ fs/ksmbd/mgmt/user_session.h | 7 ++-- fs/ksmbd/oplock.c | 11 +++--- fs/ksmbd/smb2pdu.c | 21 +++++------ fs/ksmbd/smb_common.h | 2 +- fs/ksmbd/vfs.c | 3 +- fs/ksmbd/vfs_cache.c | 2 +- 12 files changed, 110 insertions(+), 86 deletions(-)

diff --git a/fs/ksmbd/auth.c b/fs/ksmbd/auth.c index dc3d061edda9..c85205b37c18 100644 --- a/fs/ksmbd/auth.c +++ b/fs/ksmbd/auth.c @@ -120,8 +120,8 @@ static int ksmbd_gen_sess_key(struct ksmbd_session *sess, char *hash, return rc; }

-static int calc_ntlmv2_hash(struct ksmbd_session *sess, char *ntlmv2_hash, - char *dname) +static int calc_ntlmv2_hash(struct ksmbd_conn *conn, struct ksmbd_session *sess, + char *ntlmv2_hash, char *dname) { int ret, len, conv_len; wchar_t *domain = NULL; @@ -157,7 +157,7 @@ static int calc_ntlmv2_hash(struct ksmbd_session *sess, char *ntlmv2_hash, }

conv_len = smb_strtoUTF16(uniname, user_name(sess->user), len, - sess->conn->local_nls); + conn->local_nls); if (conv_len < 0 || conv_len > len) { ret = -EINVAL; goto out; @@ -181,7 +181,7 @@ static int calc_ntlmv2_hash(struct ksmbd_session *sess, char *ntlmv2_hash, }

conv_len = smb_strtoUTF16((__le16 *)domain, dname, len, - sess->conn->local_nls); + conn->local_nls); if (conv_len < 0 || conv_len > len) { ret = -EINVAL; goto out; @@ -214,8 +214,9 @@ static int calc_ntlmv2_hash(struct ksmbd_session *sess, char *ntlmv2_hash, * * Return: 0 on success, error number on error */ -int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2, - int blen, char *domain_name, char *cryptkey) +int ksmbd_auth_ntlmv2(struct ksmbd_conn *conn, struct ksmbd_session *sess, + struct ntlmv2_resp *ntlmv2, int blen, char *domain_name, + char *cryptkey) { char ntlmv2_hash[CIFS_ENCPWD_SIZE]; char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE]; @@ -229,7 +230,7 @@ int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2, return -ENOMEM; }

- rc = calc_ntlmv2_hash(sess, ntlmv2_hash, domain_name); + rc = calc_ntlmv2_hash(conn, sess, ntlmv2_hash, domain_name); if (rc) { ksmbd_debug(AUTH, "could not get v2 hash rc %d\n", rc); goto out; @@ -332,7 +333,8 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, /* process NTLMv2 authentication */ ksmbd_debug(AUTH, "decode_ntlmssp_authenticate_blob dname%s\n", domain_name); - ret = ksmbd_auth_ntlmv2(sess, (struct ntlmv2_resp *)((char *)authblob + nt_off), + ret = ksmbd_auth_ntlmv2(conn, sess, + (struct ntlmv2_resp *)((char *)authblob + nt_off), nt_len - CIFS_ENCPWD_SIZE, domain_name, conn->ntlmssp.cryptkey); kfree(domain_name); @@ -632,8 +634,9 @@ struct derivation { bool binding; };

-static int generate_key(struct ksmbd_session *sess, struct kvec label, - struct kvec context, __u8 *key, unsigned int key_size) +static int generate_key(struct ksmbd_conn *conn, struct ksmbd_session *sess, + struct kvec label, struct kvec context, __u8 *key, + unsigned int key_size) { unsigned char zero = 0x0; __u8 i[4] = {0, 0, 0, 1}; @@ -693,8 +696,8 @@ static int generate_key(struct ksmbd_session *sess, struct kvec label, goto smb3signkey_ret; }

- if (sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM || - sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) + if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM || + conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L256, 4); else rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L128, 4); @@ -729,17 +732,17 @@ static int generate_smb3signingkey(struct ksmbd_session *sess, if (!chann) return 0;

- if (sess->conn->dialect >= SMB30_PROT_ID && signing->binding) + if (conn->dialect >= SMB30_PROT_ID && signing->binding) key = chann->smb3signingkey; else key = sess->smb3signingkey;

- rc = generate_key(sess, signing->label, signing->context, key, + rc = generate_key(conn, sess, signing->label, signing->context, key, SMB3_SIGN_KEY_SIZE); if (rc) return rc;

- if (!(sess->conn->dialect >= SMB30_PROT_ID && signing->binding)) + if (!(conn->dialect >= SMB30_PROT_ID && signing->binding)) memcpy(chann->smb3signingkey, key, SMB3_SIGN_KEY_SIZE);

ksmbd_debug(AUTH, "dumping generated AES signing keys\n"); @@ -793,30 +796,31 @@ struct derivation_twin { struct derivation decryption; };

-static int generate_smb3encryptionkey(struct ksmbd_session *sess, +static int generate_smb3encryptionkey(struct ksmbd_conn *conn, + struct ksmbd_session *sess, const struct derivation_twin *ptwin) { int rc;

- rc = generate_key(sess, ptwin->encryption.label, + rc = generate_key(conn, sess, ptwin->encryption.label, ptwin->encryption.context, sess->smb3encryptionkey, SMB3_ENC_DEC_KEY_SIZE); if (rc) return rc;

- rc = generate_key(sess, ptwin->decryption.label, + rc = generate_key(conn, sess, ptwin->decryption.label, ptwin->decryption.context, sess->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE); if (rc) return rc;

ksmbd_debug(AUTH, "dumping generated AES encryption keys\n"); - ksmbd_debug(AUTH, "Cipher type %d\n", sess->conn->cipher_type); + ksmbd_debug(AUTH, "Cipher type %d\n", conn->cipher_type); ksmbd_debug(AUTH, "Session Id %llu\n", sess->id); ksmbd_debug(AUTH, "Session Key %*ph\n", SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key); - if (sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM || - sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) { + if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM || + conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) { ksmbd_debug(AUTH, "ServerIn Key %*ph\n", SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3encryptionkey); ksmbd_debug(AUTH, "ServerOut Key %*ph\n", @@ -830,7 +834,8 @@ static int generate_smb3encryptionkey(struct ksmbd_session *sess, return 0; }

-int ksmbd_gen_smb30_encryptionkey(struct ksmbd_session *sess) +int ksmbd_gen_smb30_encryptionkey(struct ksmbd_conn *conn, + struct ksmbd_session *sess) { struct derivation_twin twin; struct derivation *d; @@ -847,10 +852,11 @@ int ksmbd_gen_smb30_encryptionkey(struct ksmbd_session *sess) d->context.iov_base = "ServerIn "; d->context.iov_len = 10;

- return generate_smb3encryptionkey(sess, &twin); + return generate_smb3encryptionkey(conn, sess, &twin); }

-int ksmbd_gen_smb311_encryptionkey(struct ksmbd_session *sess) +int ksmbd_gen_smb311_encryptionkey(struct ksmbd_conn *conn, + struct ksmbd_session *sess) { struct derivation_twin twin; struct derivation *d; @@ -867,7 +873,7 @@ int ksmbd_gen_smb311_encryptionkey(struct ksmbd_session *sess) d->context.iov_base = sess->Preauth_HashValue; d->context.iov_len = 64;

- return generate_smb3encryptionkey(sess, &twin); + return generate_smb3encryptionkey(conn, sess, &twin); }

int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf, diff --git a/fs/ksmbd/auth.h b/fs/ksmbd/auth.h index 95629651cf26..25b772653de0 100644 --- a/fs/ksmbd/auth.h +++ b/fs/ksmbd/auth.h @@ -38,8 +38,9 @@ struct kvec; int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov, unsigned int nvec, int enc); void ksmbd_copy_gss_neg_header(void *buf); -int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2, - int blen, char *domain_name, char *cryptkey); +int ksmbd_auth_ntlmv2(struct ksmbd_conn *conn, struct ksmbd_session *sess, + struct ntlmv2_resp *ntlmv2, int blen, char *domain_name, + char *cryptkey); int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, int blob_len, struct ksmbd_conn *conn, struct ksmbd_session *sess); @@ -58,8 +59,10 @@ int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess, struct ksmbd_conn *conn); int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess, struct ksmbd_conn *conn); -int ksmbd_gen_smb30_encryptionkey(struct ksmbd_session *sess); -int ksmbd_gen_smb311_encryptionkey(struct ksmbd_session *sess); +int ksmbd_gen_smb30_encryptionkey(struct ksmbd_conn *conn, + struct ksmbd_session *sess); +int ksmbd_gen_smb311_encryptionkey(struct ksmbd_conn *conn, + struct ksmbd_session *sess); int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf, __u8 *pi_hash); int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len, diff --git a/fs/ksmbd/connection.h b/fs/ksmbd/connection.h index aeef0a74c1dd..6aa72b17c3eb 100644 --- a/fs/ksmbd/connection.h +++ b/fs/ksmbd/connection.h @@ -20,13 +20,6 @@

#define KSMBD_SOCKET_BACKLOG 16

-/* - * WARNING - * - * This is nothing but a HACK. Session status should move to channel - * or to session. As of now we have 1 tcp_conn : 1 ksmbd_session, but - * we need to change it to 1 tcp_conn : N ksmbd_sessions. - */ enum { KSMBD_SESS_NEW = 0, KSMBD_SESS_GOOD, diff --git a/fs/ksmbd/mgmt/tree_connect.c b/fs/ksmbd/mgmt/tree_connect.c index 0d28e723a28c..b35ea6a6abc5 100644 --- a/fs/ksmbd/mgmt/tree_connect.c +++ b/fs/ksmbd/mgmt/tree_connect.c @@ -16,7 +16,8 @@ #include "user_session.h"

struct ksmbd_tree_conn_status -ksmbd_tree_conn_connect(struct ksmbd_session *sess, char *share_name) +ksmbd_tree_conn_connect(struct ksmbd_conn *conn, struct ksmbd_session *sess, + char *share_name) { struct ksmbd_tree_conn_status status = {-EINVAL, NULL}; struct ksmbd_tree_connect_response *resp = NULL; @@ -41,7 +42,7 @@ ksmbd_tree_conn_connect(struct ksmbd_session *sess, char *share_name) goto out_error; }

- peer_addr = KSMBD_TCP_PEER_SOCKADDR(sess->conn); + peer_addr = KSMBD_TCP_PEER_SOCKADDR(conn); resp = ksmbd_ipc_tree_connect_request(sess, sc, tree_conn, diff --git a/fs/ksmbd/mgmt/tree_connect.h b/fs/ksmbd/mgmt/tree_connect.h index 18e2a996e0aa..71e50271dccf 100644 --- a/fs/ksmbd/mgmt/tree_connect.h +++ b/fs/ksmbd/mgmt/tree_connect.h @@ -12,6 +12,7 @@

struct ksmbd_share_config; struct ksmbd_user; +struct ksmbd_conn;

struct ksmbd_tree_connect { int id; @@ -40,7 +41,8 @@ static inline int test_tree_conn_flag(struct ksmbd_tree_connect *tree_conn, struct ksmbd_session;

struct ksmbd_tree_conn_status -ksmbd_tree_conn_connect(struct ksmbd_session *sess, char *share_name); +ksmbd_tree_conn_connect(struct ksmbd_conn *conn, struct ksmbd_session *sess, + char *share_name);

int ksmbd_tree_conn_disconnect(struct ksmbd_session *sess, struct ksmbd_tree_connect *tree_conn); diff --git a/fs/ksmbd/mgmt/user_session.c b/fs/ksmbd/mgmt/user_session.c index b9acb6770b03..3fa2139a0b30 100644 --- a/fs/ksmbd/mgmt/user_session.c +++ b/fs/ksmbd/mgmt/user_session.c @@ -151,9 +151,6 @@ void ksmbd_session_destroy(struct ksmbd_session *sess) if (!sess) return;

- if (!atomic_dec_and_test(&sess->refcnt)) - return; - down_write(&sessions_table_lock); hash_del(&sess->hlist); up_write(&sessions_table_lock); @@ -184,16 +181,58 @@ static struct ksmbd_session *__session_lookup(unsigned long long id) int ksmbd_session_register(struct ksmbd_conn *conn, struct ksmbd_session *sess) { - sess->conn = conn; + sess->dialect = conn->dialect; + memcpy(sess->ClientGUID, conn->ClientGUID, SMB2_CLIENT_GUID_SIZE); return xa_err(xa_store(&conn->sessions, sess->id, sess, GFP_KERNEL)); }

+static int ksmbd_chann_del(struct ksmbd_conn *conn, struct ksmbd_session *sess) +{ + struct channel *chann, *tmp; + + write_lock(&sess->chann_lock); + list_for_each_entry_safe(chann, tmp, &sess->ksmbd_chann_list, + chann_list) { + if (chann->conn == conn) { + list_del(&chann->chann_list); + kfree(chann); + write_unlock(&sess->chann_lock); + return 0; + } + } + write_unlock(&sess->chann_lock); + + return -ENOENT; +} + void ksmbd_sessions_deregister(struct ksmbd_conn *conn) { struct ksmbd_session *sess; - unsigned long id;

- xa_for_each(&conn->sessions, id, sess) { + if (conn->binding) { + int bkt; + + down_write(&sessions_table_lock); + hash_for_each(sessions_table, bkt, sess, hlist) { + if (!ksmbd_chann_del(conn, sess)) { + up_write(&sessions_table_lock); + goto sess_destroy; + } + } + up_write(&sessions_table_lock); + } else { + unsigned long id; + + xa_for_each(&conn->sessions, id, sess) { + if (!ksmbd_chann_del(conn, sess)) + goto sess_destroy; + } + } + + return; + +sess_destroy: + if (list_empty(&sess->ksmbd_chann_list)) { xa_erase(&conn->sessions, sess->id); ksmbd_session_destroy(sess); } @@ -205,27 +244,12 @@ struct ksmbd_session *ksmbd_session_lookup(struct ksmbd_conn *conn, return xa_load(&conn->sessions, id); }

-int get_session(struct ksmbd_session *sess) -{ - return atomic_inc_not_zero(&sess->refcnt); -} - -void put_session(struct ksmbd_session *sess) -{ - if (atomic_dec_and_test(&sess->refcnt)) - pr_err("get/%s seems to be mismatched.", __func__); -} - struct ksmbd_session *ksmbd_session_lookup_slowpath(unsigned long long id) { struct ksmbd_session *sess;

down_read(&sessions_table_lock); sess = __session_lookup(id); - if (sess) { - if (!get_session(sess)) - sess = NULL; - } up_read(&sessions_table_lock);

return sess; @@ -306,7 +330,6 @@ static struct ksmbd_session *__session_create(int protocol) INIT_LIST_HEAD(&sess->ksmbd_chann_list); INIT_LIST_HEAD(&sess->rpc_handle_list); sess->sequence_number = 1; - atomic_set(&sess->refcnt, 1); rwlock_init(&sess->chann_lock);

switch (protocol) { diff --git a/fs/ksmbd/mgmt/user_session.h b/fs/ksmbd/mgmt/user_session.h index 1ec659f0151b..8934b8ee275b 100644 --- a/fs/ksmbd/mgmt/user_session.h +++ b/fs/ksmbd/mgmt/user_session.h @@ -33,8 +33,10 @@ struct preauth_session { struct ksmbd_session { u64 id;

+ __u16 dialect; + char ClientGUID[SMB2_CLIENT_GUID_SIZE]; + struct ksmbd_user *user; - struct ksmbd_conn *conn; unsigned int sequence_number; unsigned int flags;

@@ -59,7 +61,6 @@ struct ksmbd_session { __u8 smb3signingkey[SMB3_SIGN_KEY_SIZE];

struct ksmbd_file_table file_table; - atomic_t refcnt; };

static inline int test_session_flag(struct ksmbd_session *sess, int bit) @@ -100,6 +101,4 @@ void ksmbd_release_tree_conn_id(struct ksmbd_session *sess, int id); int ksmbd_session_rpc_open(struct ksmbd_session *sess, char *rpc_name); void ksmbd_session_rpc_close(struct ksmbd_session *sess, int id); int ksmbd_session_rpc_method(struct ksmbd_session *sess, int id); -int get_session(struct ksmbd_session *sess); -void put_session(struct ksmbd_session *sess); #endif /* __USER_SESSION_MANAGEMENT_H__ */ diff --git a/fs/ksmbd/oplock.c b/fs/ksmbd/oplock.c index f6f1adf94673..3721fd44a43a 100644 --- a/fs/ksmbd/oplock.c +++ b/fs/ksmbd/oplock.c @@ -30,6 +30,7 @@ static DEFINE_RWLOCK(lease_list_lock); static struct oplock_info *alloc_opinfo(struct ksmbd_work *work, u64 id, __u16 Tid) { + struct ksmbd_conn *conn = work->conn; struct ksmbd_session *sess = work->sess; struct oplock_info *opinfo;

@@ -38,7 +39,7 @@ static struct oplock_info *alloc_opinfo(struct ksmbd_work *work, return NULL;

opinfo->sess = sess; - opinfo->conn = sess->conn; + opinfo->conn = conn; opinfo->level = SMB2_OPLOCK_LEVEL_NONE; opinfo->op_state = OPLOCK_STATE_NONE; opinfo->pending_break = 0; @@ -981,7 +982,7 @@ int find_same_lease_key(struct ksmbd_session *sess, struct ksmbd_inode *ci, }

list_for_each_entry(lb, &lease_table_list, l_entry) { - if (!memcmp(lb->client_guid, sess->conn->ClientGUID, + if (!memcmp(lb->client_guid, sess->ClientGUID, SMB2_CLIENT_GUID_SIZE)) goto found; } @@ -997,7 +998,7 @@ int find_same_lease_key(struct ksmbd_session *sess, struct ksmbd_inode *ci, rcu_read_unlock(); if (opinfo->o_fp->f_ci == ci) goto op_next; - err = compare_guid_key(opinfo, sess->conn->ClientGUID, + err = compare_guid_key(opinfo, sess->ClientGUID, lctx->lease_key); if (err) { err = -EINVAL; @@ -1131,7 +1132,7 @@ int smb_grant_oplock(struct ksmbd_work *work, int req_op_level, u64 pid, struct oplock_info *m_opinfo;

/* is lease already granted ? */ - m_opinfo = same_client_has_lease(ci, sess->conn->ClientGUID, + m_opinfo = same_client_has_lease(ci, sess->ClientGUID, lctx); if (m_opinfo) { copy_lease(m_opinfo, opinfo); @@ -1249,7 +1250,7 @@ void smb_break_all_levII_oplock(struct ksmbd_work *work, struct ksmbd_file *fp, { struct oplock_info *op, *brk_op; struct ksmbd_inode *ci; - struct ksmbd_conn *conn = work->sess->conn; + struct ksmbd_conn *conn = work->conn;

if (!test_share_config_flag(work->tcon->share_conf, KSMBD_SHARE_FLAG_OPLOCKS)) diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index efdba70ad240..8a47738bedbb 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -602,12 +602,9 @@ static void destroy_previous_session(struct ksmbd_conn *conn, if (!prev_user || strcmp(user->name, prev_user->name) || user->passkey_sz != prev_user->passkey_sz || - memcmp(user->passkey, prev_user->passkey, user->passkey_sz)) { - put_session(prev_sess); + memcmp(user->passkey, prev_user->passkey, user->passkey_sz)) return; - }

- put_session(prev_sess); prev_sess->state = SMB2_SESSION_EXPIRED; write_lock(&prev_sess->chann_lock); list_for_each_entry(chann, &prev_sess->ksmbd_chann_list, chann_list) @@ -1498,7 +1495,7 @@ static int ntlm_authenticate(struct ksmbd_work *work)

if (smb3_encryption_negotiated(conn) && !(req->Flags & SMB2_SESSION_REQ_FLAG_BINDING)) { - rc = conn->ops->generate_encryptionkey(sess); + rc = conn->ops->generate_encryptionkey(conn, sess); if (rc) { ksmbd_debug(SMB, "SMB3 encryption key generation failed\n"); @@ -1589,7 +1586,7 @@ static int krb5_authenticate(struct ksmbd_work *work) sess->sign = true;

if (smb3_encryption_negotiated(conn)) { - retval = conn->ops->generate_encryptionkey(sess); + retval = conn->ops->generate_encryptionkey(conn, sess); if (retval) { ksmbd_debug(SMB, "SMB3 encryption key generation failed\n"); @@ -1677,7 +1674,7 @@ int smb2_sess_setup(struct ksmbd_work *work) goto out_err; }

- if (conn->dialect != sess->conn->dialect) { + if (conn->dialect != sess->dialect) { rc = -EINVAL; goto out_err; } @@ -1687,7 +1684,7 @@ int smb2_sess_setup(struct ksmbd_work *work) goto out_err; }

- if (strncmp(conn->ClientGUID, sess->conn->ClientGUID, + if (strncmp(conn->ClientGUID, sess->ClientGUID, SMB2_CLIENT_GUID_SIZE)) { rc = -ENOENT; goto out_err; @@ -1889,7 +1886,7 @@ int smb2_tree_connect(struct ksmbd_work *work) ksmbd_debug(SMB, "tree connect request for tree %s treename %s\n", name, treename);

- status = ksmbd_tree_conn_connect(sess, name); + status = ksmbd_tree_conn_connect(conn, sess, name); if (status.ret == KSMBD_TREE_CONN_STATUS_OK) rsp->hdr.Id.SyncId.TreeId = cpu_to_le32(status.tree_conn->id); else @@ -4839,7 +4836,7 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work, struct smb2_query_info_rsp *rsp) { struct ksmbd_session *sess = work->sess; - struct ksmbd_conn *conn = sess->conn; + struct ksmbd_conn *conn = work->conn; struct ksmbd_share_config *share = work->tcon->share_conf; int fsinfoclass = 0; struct kstatfs stfs; @@ -5737,7 +5734,7 @@ static int set_rename_info(struct ksmbd_work *work, struct ksmbd_file *fp, } next: return smb2_rename(work, fp, rename_info, - work->sess->conn->local_nls); + work->conn->local_nls); }

static int set_file_disposition_info(struct ksmbd_file *fp, @@ -5871,7 +5868,7 @@ static int smb2_set_info_file(struct ksmbd_work *work, struct ksmbd_file *fp, return smb2_create_link(work, work->tcon->share_conf, (struct smb2_file_link_info *)req->Buffer, buf_len, fp->filp, - work->sess->conn->local_nls); + work->conn->local_nls); } case FILE_DISPOSITION_INFORMATION: { diff --git a/fs/ksmbd/smb_common.h b/fs/ksmbd/smb_common.h index 35ca9b7d9979..da3dd29079a2 100644 --- a/fs/ksmbd/smb_common.h +++ b/fs/ksmbd/smb_common.h @@ -467,7 +467,7 @@ struct smb_version_ops { int (*check_sign_req)(struct ksmbd_work *work); void (*set_sign_rsp)(struct ksmbd_work *work); int (*generate_signingkey)(struct ksmbd_session *sess, struct ksmbd_conn *conn); - int (*generate_encryptionkey)(struct ksmbd_session *sess); + int (*generate_encryptionkey)(struct ksmbd_conn *conn, struct ksmbd_session *sess); bool (*is_transform_hdr)(void *buf); int (*decrypt_req)(struct ksmbd_work *work); int (*encrypt_resp)(struct ksmbd_work *work); diff --git a/fs/ksmbd/vfs.c b/fs/ksmbd/vfs.c index d6665b03dc18..bf0fdf90bbfa 100644 --- a/fs/ksmbd/vfs.c +++ b/fs/ksmbd/vfs.c @@ -471,12 +471,11 @@ int ksmbd_vfs_write(struct ksmbd_work *work, struct ksmbd_file *fp, char *buf, size_t count, loff_t *pos, bool sync, ssize_t *written) { - struct ksmbd_session *sess = work->sess; struct file *filp; loff_t offset = *pos; int err = 0;

- if (sess->conn->connection_type) { + if (work->conn->connection_type) { if (!(fp->daccess & FILE_WRITE_DATA_LE)) { pr_err("no right to write(%pd)\n", fp->filp->f_path.dentry); diff --git a/fs/ksmbd/vfs_cache.c b/fs/ksmbd/vfs_cache.c index cc9c8b46827d..26db346c5c4f 100644 --- a/fs/ksmbd/vfs_cache.c +++ b/fs/ksmbd/vfs_cache.c @@ -568,7 +568,7 @@ struct ksmbd_file *ksmbd_open_fd(struct ksmbd_work *work, struct file *filp) atomic_set(&fp->refcount, 1);

fp->filp = filp; - fp->conn = work->sess->conn; + fp->conn = work->conn; fp->tcon = work->tcon; fp->volatile_id = KSMBD_NO_FID; fp->persistent_id = KSMBD_NO_FID;

From patchwork Mon Nov 14 12:53:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183390 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:33 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:33 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:32 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 293/308] ksmbd: fix memory leak in smb2_handle_negotiate Date: Mon, 14 Nov 2022 20:53:22 +0800 Message-ID: 20221114125337.1831594-294-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: a1277807-bfae-47c5-a656-08dac63c952e X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6876974 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-6.0-rc1 commit aa7253c2393f6dcd6a1468b0792f6da76edad917 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/aa7253c2393f

-------------------------------

The allocated memory didn't free under an error path in smb2_handle_negotiate().

Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-17815 Signed-off-by: Namjae Jeon linkinjeon@kernel.org Reviewed-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 4 ++++ 1 file changed, 4 insertions(+)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 8a47738bedbb..de7deb3147a2 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -1141,12 +1141,16 @@ int smb2_handle_negotiate(struct ksmbd_work *work) status); rsp->hdr.Status = status; rc = -EINVAL; + kfree(conn->preauth_info); + conn->preauth_info = NULL; goto err_out; }

rc = init_smb3_11_server(conn); if (rc < 0) { rsp->hdr.Status = STATUS_INVALID_PARAMETER; + kfree(conn->preauth_info); + conn->preauth_info = NULL; goto err_out; }

From patchwork Mon Nov 14 12:53:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183391 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:33 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:33 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:33 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 294/308] ksmbd: fix use-after-free bug in smb2_tree_disconect Date: Mon, 14 Nov 2022 20:53:23 +0800 Message-ID: 20221114125337.1831594-295-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 1265f856-a290-47b6-68eb-08dac63c9578 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6841000 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-6.0-rc1 commit cf6531d98190fa2cf92a6d8bbc8af0a4740a223c category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/cf6531d98190

-------------------------------

smb2_tree_disconnect() freed the struct ksmbd_tree_connect, but it left the dangling pointer. It can be accessed again under compound requests.

This bug can lead an oops looking something link:

[ 1685.468014 ] BUG: KASAN: use-after-free in ksmbd_tree_conn_disconnect+0x131/0x160 [ksmbd] [ 1685.468068 ] Read of size 4 at addr ffff888102172180 by task kworker/1:2/4807 ... [ 1685.468130 ] Call Trace: [ 1685.468132 ] <TASK> [ 1685.468135 ] dump_stack_lvl+0x49/0x5f [ 1685.468141 ] print_report.cold+0x5e/0x5cf [ 1685.468145 ] ? ksmbd_tree_conn_disconnect+0x131/0x160 [ksmbd] [ 1685.468157 ] kasan_report+0xaa/0x120 [ 1685.468194 ] ? ksmbd_tree_conn_disconnect+0x131/0x160 [ksmbd] [ 1685.468206 ] __asan_report_load4_noabort+0x14/0x20 [ 1685.468210 ] ksmbd_tree_conn_disconnect+0x131/0x160 [ksmbd] [ 1685.468222 ] smb2_tree_disconnect+0x175/0x250 [ksmbd] [ 1685.468235 ] handle_ksmbd_work+0x30e/0x1020 [ksmbd] [ 1685.468247 ] process_one_work+0x778/0x11c0 [ 1685.468251 ] ? _raw_spin_lock_irq+0x8e/0xe0 [ 1685.468289 ] worker_thread+0x544/0x1180 [ 1685.468293 ] ? __cpuidle_text_end+0x4/0x4 [ 1685.468297 ] kthread+0x282/0x320 [ 1685.468301 ] ? process_one_work+0x11c0/0x11c0 [ 1685.468305 ] ? kthread_complete_and_exit+0x30/0x30 [ 1685.468309 ] ret_from_fork+0x1f/0x30

Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-17816 Signed-off-by: Namjae Jeon linkinjeon@kernel.org Reviewed-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 1 + 1 file changed, 1 insertion(+)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index de7deb3147a2..e6a35294ba54 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -2056,6 +2056,7 @@ int smb2_tree_disconnect(struct ksmbd_work *work)

ksmbd_close_tree_conn_fds(work); ksmbd_tree_conn_disconnect(sess, tcon); + work->tcon = NULL; return 0; }

From patchwork Mon Nov 14 12:53:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183392 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:34 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:34 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:33 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 295/308] ksmbd: Fix user namespace mapping Date: Mon, 14 Nov 2022 20:53:24 +0800 Message-ID: 20221114125337.1831594-296-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain; charset="UTF-8" X-MS-Exchange-Organization-Network-Message-Id: 545e4012-1b53-4693-6d01-08dac63c95c1 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6942101 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Micka��l Sala��n mic@digikod.net

mainline inclusion from mainline-6.1-rc1 commit 7c88c1e0ab1704bacb751341ee6431c3be34b834 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/7c88c1e0ab17

-------------------------------

A kernel daemon should not rely on the current thread, which is unknown and might be malicious. Before this security fix, ksmbd_override_fsids() didn't correctly override FS UID/GID which means that arbitrary user space threads could trick the kernel to impersonate arbitrary users or groups for file system access checks, leading to file system access bypass.

This was found while investigating truncate support for Landlock: https://lore.kernel.org/r/CAKYAXd8fpMJ7guizOjHgxEyyjoUwPsx3jLOPZP=wPYcbhkVXq...

Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Cc: Hyunchul Lee hyc.lee@gmail.com Cc: Steve French smfrench@gmail.com Cc: stable@vger.kernel.org Signed-off-by: Micka��l Sala��n mic@digikod.net Link: https://lore.kernel.org/r/20220929100447.108468-1-mic@digikod.net Acked-by: Christian Brauner (Microsoft) brauner@kernel.org Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb_common.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/fs/ksmbd/smb_common.c b/fs/ksmbd/smb_common.c index 2476ba92b475..8ea2cdda0984 100644 --- a/fs/ksmbd/smb_common.c +++ b/fs/ksmbd/smb_common.c @@ -4,6 +4,8 @@ * Copyright (C) 2018 Namjae Jeon linkinjeon@kernel.org */

+#include <linux/user_namespace.h> + #include "smb_common.h" #include "server.h" #include "misc.h" @@ -621,8 +623,8 @@ int ksmbd_override_fsids(struct ksmbd_work *work) if (!cred) return -ENOMEM;

- cred->fsuid = make_kuid(current_user_ns(), uid); - cred->fsgid = make_kgid(current_user_ns(), gid); + cred->fsuid = make_kuid(&init_user_ns, uid); + cred->fsgid = make_kgid(&init_user_ns, gid);

gi = groups_alloc(0); if (!gi) {

From patchwork Mon Nov 14 12:53:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183393 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:34 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:34 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:34 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 296/308] ksmbd: prevent out of bound read for SMB2_TREE_CONNNECT Date: Mon, 14 Nov 2022 20:53:25 +0800 Message-ID: 20221114125337.1831594-297-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: e6bd7f0e-793b-4372-d8d6-08dac63c9609 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7395479 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Hyunchul Lee hyc.lee@gmail.com

mainline inclusion from mainline-6.0-rc1 commit 824d4f64c20093275f72fc8101394d75ff6a249e category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/824d4f64c200

-------------------------------

if Status is not 0 and PathLength is long, smb_strndup_from_utf16 could make out of bound read in smb2_tree_connnect.

This bug can lead an oops looking something like:

[ 1553.882047] BUG: KASAN: slab-out-of-bounds in smb_strndup_from_utf16+0x469/0x4c0 [ksmbd] [ 1553.882064] Read of size 2 at addr ffff88802c4eda04 by task kworker/0:2/42805 ... [ 1553.882095] Call Trace: [ 1553.882098] <TASK> [ 1553.882101] dump_stack_lvl+0x49/0x5f [ 1553.882107] print_report.cold+0x5e/0x5cf [ 1553.882112] ? smb_strndup_from_utf16+0x469/0x4c0 [ksmbd] [ 1553.882122] kasan_report+0xaa/0x120 [ 1553.882128] ? smb_strndup_from_utf16+0x469/0x4c0 [ksmbd] [ 1553.882139] __asan_report_load_n_noabort+0xf/0x20 [ 1553.882143] smb_strndup_from_utf16+0x469/0x4c0 [ksmbd] [ 1553.882155] ? smb_strtoUTF16+0x3b0/0x3b0 [ksmbd] [ 1553.882166] ? __kmalloc_node+0x185/0x430 [ 1553.882171] smb2_tree_connect+0x140/0xab0 [ksmbd] [ 1553.882185] handle_ksmbd_work+0x30e/0x1020 [ksmbd] [ 1553.882197] process_one_work+0x778/0x11c0 [ 1553.882201] ? _raw_spin_lock_irq+0x8e/0xe0 [ 1553.882206] worker_thread+0x544/0x1180 [ 1553.882209] ? __cpuidle_text_end+0x4/0x4 [ 1553.882214] kthread+0x282/0x320 [ 1553.882218] ? process_one_work+0x11c0/0x11c0 [ 1553.882221] ? kthread_complete_and_exit+0x30/0x30 [ 1553.882225] ret_from_fork+0x1f/0x30 [ 1553.882231] </TASK>

There is no need to check error request validation in server. This check allow invalid requests not to validate message.

Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-17818 Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2misc.c | 5 ----- 1 file changed, 5 deletions(-)

diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c index 0aba1c91fd37..faaeacd8ea55 100644 --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -91,11 +91,6 @@ static int smb2_get_data_area_len(unsigned int *off, unsigned int *len, *off = 0; *len = 0;

- /* error reqeusts do not have data area */ - if (hdr->Status && hdr->Status != STATUS_MORE_PROCESSING_REQUIRED && - (((struct smb2_err_rsp *)hdr)->StructureSize) == SMB2_ERROR_STRUCTURE_SIZE2_LE) - return ret; - /* * Following commands have data areas so we have to get the location * of the data buffer offset and data buffer length for the particular

From patchwork Mon Nov 14 12:53:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183394 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:35 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:35 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:34 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 297/308] ksmbd: return STATUS_BAD_NETWORK_NAME error status if share is not configured Date: Mon, 14 Nov 2022 20:53:26 +0800 Message-ID: 20221114125337.1831594-298-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 8eeaf90f-2fb1-4934-90a7-08dac63c9652 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6632466 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-6.0-rc2 commit fe54833dc8d97ef387e86f7c80537d51c503ca75 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/fe54833dc8d9

-------------------------------

If share is not configured in smb.conf, smb2 tree connect should return STATUS_BAD_NETWORK_NAME instead of STATUS_BAD_NETWORK_PATH.

Signed-off-by: Namjae Jeon linkinjeon@kernel.org Reviewed-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/mgmt/tree_connect.c | 2 +- fs/ksmbd/smb2pdu.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/fs/ksmbd/mgmt/tree_connect.c b/fs/ksmbd/mgmt/tree_connect.c index b35ea6a6abc5..dd262daa2c4a 100644 --- a/fs/ksmbd/mgmt/tree_connect.c +++ b/fs/ksmbd/mgmt/tree_connect.c @@ -19,7 +19,7 @@ struct ksmbd_tree_conn_status ksmbd_tree_conn_connect(struct ksmbd_conn *conn, struct ksmbd_session *sess, char *share_name) { - struct ksmbd_tree_conn_status status = {-EINVAL, NULL}; + struct ksmbd_tree_conn_status status = {-ENOENT, NULL}; struct ksmbd_tree_connect_response *resp = NULL; struct ksmbd_share_config *sc; struct ksmbd_tree_connect *tree_conn = NULL; diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index e6a35294ba54..5a41d5a00db4 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -1942,8 +1942,9 @@ int smb2_tree_connect(struct ksmbd_work *work) rsp->hdr.Status = STATUS_SUCCESS; rc = 0; break; + case -ENOENT: case KSMBD_TREE_CONN_STATUS_NO_SHARE: - rsp->hdr.Status = STATUS_BAD_NETWORK_PATH; + rsp->hdr.Status = STATUS_BAD_NETWORK_NAME; break; case -ENOMEM: case KSMBD_TREE_CONN_STATUS_NOMEM:

From patchwork Mon Nov 14 12:53:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183395 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:35 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:35 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:35 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 298/308] ksmbd: fix endless loop when encryption for response fails Date: Mon, 14 Nov 2022 20:53:27 +0800 Message-ID: 20221114125337.1831594-299-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: c7951670-d48c-4f85-d63e-08dac63c969a X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6945350 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-6.1-rc1 commit 360c8ee6fefdb496fffd2c18bb9a96a376a1a804 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/360c8ee6fefd

-------------------------------

If ->encrypt_resp return error, goto statement cause endless loop. It send an error response immediately after removing it.

Fixes: 0626e6641f6b ("cifsd: add server handler for central processing and tranport layers") Cc: stable@vger.kernel.org Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/server.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/fs/ksmbd/server.c b/fs/ksmbd/server.c index 72d8fd1c4d43..90aeb8a835f7 100644 --- a/fs/ksmbd/server.c +++ b/fs/ksmbd/server.c @@ -235,10 +235,8 @@ static void __handle_ksmbd_work(struct ksmbd_work *work, if (work->sess && work->sess->enc && work->encrypted && conn->ops->encrypt_resp) { rc = conn->ops->encrypt_resp(work); - if (rc < 0) { + if (rc < 0) conn->ops->set_rsp_status(work, STATUS_DATA_ERROR); - goto send; - } }

ksmbd_conn_write(work);

From patchwork Mon Nov 14 12:53:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183396 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:36 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:36 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:35 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 299/308] ksmbd: fix encryption failure issue for session logoff response Date: Mon, 14 Nov 2022 20:53:28 +0800 Message-ID: 20221114125337.1831594-300-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 5ff708a0-23c3-455c-0bcc-08dac63c96e5 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7027668 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-6.1-rc1 commit af705ef2b0ded0d8f54c238fdf3c17a1d47ad924 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/af705ef2b0de

-------------------------------

If client send encrypted session logoff request on seal mount, Encryption for that response fails.

ksmbd: Could not get encryption key CIFS: VFS: cifs_put_smb_ses: Session Logoff failure rc=-512

Session lookup fails in ksmbd_get_encryption_key() because sess->state is set to SMB2_SESSION_EXPIRED in session logoff. There is no need to do session lookup again to encrypt the response. This patch change to use ksmbd_session in ksmbd_work.

Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/auth.c | 12 ++++++++---- fs/ksmbd/auth.h | 3 ++- fs/ksmbd/smb2pdu.c | 7 +++---- 3 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/fs/ksmbd/auth.c b/fs/ksmbd/auth.c index c85205b37c18..dbd3038c61e0 100644 --- a/fs/ksmbd/auth.c +++ b/fs/ksmbd/auth.c @@ -957,13 +957,16 @@ int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len, return rc; }

-static int ksmbd_get_encryption_key(struct ksmbd_conn *conn, __u64 ses_id, +static int ksmbd_get_encryption_key(struct ksmbd_work *work, __u64 ses_id, int enc, u8 *key) { struct ksmbd_session *sess; u8 *ses_enc_key;

- sess = ksmbd_session_lookup_all(conn, ses_id); + if (enc) + sess = work->sess; + else + sess = ksmbd_session_lookup_all(work->conn, ses_id); if (!sess) return -EINVAL;

@@ -1051,9 +1054,10 @@ static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec, return sg; }

-int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov, +int ksmbd_crypt_message(struct ksmbd_work *work, struct kvec *iov, unsigned int nvec, int enc) { + struct ksmbd_conn *conn = work->conn; struct smb2_transform_hdr *tr_hdr = smb2_get_msg(iov[0].iov_base); unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20; int rc; @@ -1067,7 +1071,7 @@ int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov, unsigned int crypt_len = le32_to_cpu(tr_hdr->OriginalMessageSize); struct ksmbd_crypto_ctx *ctx;

- rc = ksmbd_get_encryption_key(conn, + rc = ksmbd_get_encryption_key(work, le64_to_cpu(tr_hdr->SessionId), enc, key); diff --git a/fs/ksmbd/auth.h b/fs/ksmbd/auth.h index 25b772653de0..362b6159a6cf 100644 --- a/fs/ksmbd/auth.h +++ b/fs/ksmbd/auth.h @@ -33,9 +33,10 @@

struct ksmbd_session; struct ksmbd_conn; +struct ksmbd_work; struct kvec;

-int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov, +int ksmbd_crypt_message(struct ksmbd_work *work, struct kvec *iov, unsigned int nvec, int enc); void ksmbd_copy_gss_neg_header(void *buf); int ksmbd_auth_ntlmv2(struct ksmbd_conn *conn, struct ksmbd_session *sess, diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 5a41d5a00db4..27f3465e6f73 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -8517,7 +8517,7 @@ int smb3_encrypt_resp(struct ksmbd_work *work) buf_size += iov[1].iov_len; work->resp_hdr_sz = iov[1].iov_len;

- rc = ksmbd_crypt_message(work->conn, iov, rq_nvec, 1); + rc = ksmbd_crypt_message(work, iov, rq_nvec, 1); if (rc) return rc;

@@ -8536,7 +8536,6 @@ bool smb3_is_transform_hdr(void *buf)

int smb3_decrypt_req(struct ksmbd_work *work) { - struct ksmbd_conn *conn = work->conn; struct ksmbd_session *sess; char *buf = work->request_buf; unsigned int pdu_length = get_rfc1002_len(buf); @@ -8556,7 +8555,7 @@ int smb3_decrypt_req(struct ksmbd_work *work) return -ECONNABORTED; }

- sess = ksmbd_session_lookup_all(conn, le64_to_cpu(tr_hdr->SessionId)); + sess = ksmbd_session_lookup_all(work->conn, le64_to_cpu(tr_hdr->SessionId)); if (!sess) { pr_err("invalid session id(%llx) in transform header\n", le64_to_cpu(tr_hdr->SessionId)); @@ -8567,7 +8566,7 @@ int smb3_decrypt_req(struct ksmbd_work *work) iov[0].iov_len = sizeof(struct smb2_transform_hdr) + 4; iov[1].iov_base = buf + sizeof(struct smb2_transform_hdr) + 4; iov[1].iov_len = buf_data_size; - rc = ksmbd_crypt_message(conn, iov, 2, 0); + rc = ksmbd_crypt_message(work, iov, 2, 0); if (rc) return rc;

From patchwork Mon Nov 14 12:53:29 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183397 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:36 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:36 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:35 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 300/308] ksmbd: set NTLMSSP_NEGOTIATE_SEAL flag to challenge blob Date: Mon, 14 Nov 2022 20:53:29 +0800 Message-ID: 20221114125337.1831594-301-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 7569e9bd-5943-44f0-c3ec-08dac63c972d X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6638118 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-6.1-rc1 commit 5bedae90b369ca1a7660b9af39591ed19009b495 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/5bedae90b369

-------------------------------

If NTLMSSP_NEGOTIATE_SEAL flags is set in negotiate blob from client, Set NTLMSSP_NEGOTIATE_SEAL flag to challenge blob.

Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/auth.c | 3 +++ fs/ksmbd/smb2pdu.c | 2 +- fs/ksmbd/smb2pdu.h | 1 + 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/fs/ksmbd/auth.c b/fs/ksmbd/auth.c index dbd3038c61e0..fc87c9913c8d 100644 --- a/fs/ksmbd/auth.c +++ b/fs/ksmbd/auth.c @@ -400,6 +400,9 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, NTLMSSP_NEGOTIATE_56); }

+ if (cflags & NTLMSSP_NEGOTIATE_SEAL && smb3_encryption_negotiated(conn)) + flags |= NTLMSSP_NEGOTIATE_SEAL; + if (cflags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN) flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 27f3465e6f73..8ac88c0eacce 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -923,7 +923,7 @@ static void decode_encrypt_ctxt(struct ksmbd_conn *conn, * * Return: true if connection should be encrypted, else false */ -static bool smb3_encryption_negotiated(struct ksmbd_conn *conn) +bool smb3_encryption_negotiated(struct ksmbd_conn *conn) { if (!conn->ops->generate_encryptionkey) return false; diff --git a/fs/ksmbd/smb2pdu.h b/fs/ksmbd/smb2pdu.h index 829f44569077..940ec510d3e2 100644 --- a/fs/ksmbd/smb2pdu.h +++ b/fs/ksmbd/smb2pdu.h @@ -1668,6 +1668,7 @@ int smb3_decrypt_req(struct ksmbd_work *work); int smb3_encrypt_resp(struct ksmbd_work *work); bool smb3_11_final_sess_setup_resp(struct ksmbd_work *work); int smb2_set_rsp_credits(struct ksmbd_work *work); +bool smb3_encryption_negotiated(struct ksmbd_conn *conn);

/* smb2 misc functions */ int ksmbd_smb2_check_message(struct ksmbd_work *work);

From patchwork Mon Nov 14 12:53:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183398 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:37 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:37 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:36 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 301/308] ksmbd: Fix wrong return value and message length check in smb2_ioctl() Date: Mon, 14 Nov 2022 20:53:30 +0800 Message-ID: 20221114125337.1831594-302-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: cdc27931-54cd-400c-571d-08dac63c9776 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6890753 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Zhang Xiaoxu zhangxiaoxu5@huawei.com

mainline inclusion from mainline-6.1-rc1 commit b1763d265af62800ec96eeb79803c4c537dcef3a category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/b1763d265af6

-------------------------------

Commit c7803b05f74b ("smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common") use the defination of 'struct validate_negotiate_info_req' in smbfs_common, the array length of 'Dialects' changed from 1 to 4, but the protocol does not require the client to send all 4. This lead the request which satisfied with protocol and server to fail.

So just ensure the request payload has the 'DialectCount' in smb2_ioctl(), then fsctl_validate_negotiate_info() will use it to validate the payload length and each dialect.

Also when the {in, out}_buf_len is less than the required, should goto out to initialize the status in the response header.

Fixes: f7db8fd03a4b ("ksmbd: add validation in smb2_ioctl") Cc: stable@vger.kernel.org Signed-off-by: Zhang Xiaoxu zhangxiaoxu5@huawei.com Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2pdu.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 8ac88c0eacce..7a6a2942f72a 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -7604,11 +7604,16 @@ int smb2_ioctl(struct ksmbd_work *work) goto out; }

- if (in_buf_len < sizeof(struct validate_negotiate_info_req)) - return -EINVAL; + if (in_buf_len < offsetof(struct validate_negotiate_info_req, + Dialects)) { + ret = -EINVAL; + goto out; + }

- if (out_buf_len < sizeof(struct validate_negotiate_info_rsp)) - return -EINVAL; + if (out_buf_len < sizeof(struct validate_negotiate_info_rsp)) { + ret = -EINVAL; + goto out; + }

ret = fsctl_validate_negotiate_info(conn, (struct validate_negotiate_info_req *)&req->Buffer[0],

From patchwork Mon Nov 14 12:53:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183399 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:37 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:37 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:36 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 302/308] cifsd: add Kconfig and Makefile Date: Mon, 14 Nov 2022 20:53:31 +0800 Message-ID: 20221114125337.1831594-303-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 9f062df2-ee76-4ab0-7510-08dac63c97be X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6990773 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit a848c4f15ab6d5d405dbee7de5da71839b2bf35e category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/a848c4f15ab6

-------------------------------

This adds the Kconfig and Makefile for cifsd.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Sergey Senozhatsky sergey.senozhatsky@gmail.com Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Acked-by: Ronnie Sahlberg lsahlber@redhat.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/Kconfig | 1 + fs/Makefile | 1 + fs/ksmbd/Kconfig | 67 +++++++++++++++++++++++++++++++++++++++++++++++ fs/ksmbd/Makefile | 20 ++++++++++++++ fs/ksmbd/server.c | 2 -- 5 files changed, 89 insertions(+), 2 deletions(-) create mode 100644 fs/ksmbd/Kconfig create mode 100644 fs/ksmbd/Makefile

diff --git a/fs/Kconfig b/fs/Kconfig index aa097ca64ef6..a5ed26b093b7 100644 --- a/fs/Kconfig +++ b/fs/Kconfig @@ -370,6 +370,7 @@ config NFS_COMMON source "net/sunrpc/Kconfig" source "fs/ceph/Kconfig" source "fs/cifs/Kconfig" +source "fs/ksmbd/Kconfig" source "fs/coda/Kconfig" source "fs/afs/Kconfig" source "fs/9p/Kconfig" diff --git a/fs/Makefile b/fs/Makefile index 73acb48ce6bc..d91d30ba8b4e 100644 --- a/fs/Makefile +++ b/fs/Makefile @@ -100,6 +100,7 @@ obj-$(CONFIG_NLS) += nls/ obj-$(CONFIG_UNICODE) += unicode/ obj-$(CONFIG_SYSV_FS) += sysv/ obj-$(CONFIG_CIFS) += cifs/ +obj-$(CONFIG_SMB_SERVER) += ksmbd/ obj-$(CONFIG_HPFS_FS) += hpfs/ obj-$(CONFIG_NTFS_FS) += ntfs/ obj-$(CONFIG_NTFS3_FS) += ntfs3/ diff --git a/fs/ksmbd/Kconfig b/fs/ksmbd/Kconfig new file mode 100644 index 000000000000..c893ba4490e4 --- /dev/null +++ b/fs/ksmbd/Kconfig @@ -0,0 +1,67 @@ +config SMB_SERVER + tristate "SMB3 server support (EXPERIMENTAL)" + depends on INET + depends on MULTIUSER + depends on FILE_LOCKING + select NLS + select NLS_UTF8 + select CRYPTO + select CRYPTO_MD5 + select CRYPTO_HMAC + select CRYPTO_ECB + select CRYPTO_LIB_DES + select CRYPTO_SHA256 + select CRYPTO_CMAC + select CRYPTO_SHA512 + select CRYPTO_AEAD2 + select CRYPTO_CCM + select CRYPTO_GCM + select ASN1 + select OID_REGISTRY + default n + help + Choose Y here if you want to allow SMB3 compliant clients + to access files residing on this system using SMB3 protocol. + To compile the SMB3 server support as a module, + choose M here: the module will be called ksmbd. + + You may choose to use a samba server instead, in which + case you can choose N here. + + You also need to install user space programs which can be found + in ksmbd-tools, available from + https://github.com/cifsd-team/ksmbd-tools. + More detail about how to run the ksmbd kernel server is + available via README file + (https://github.com/cifsd-team/ksmbd-tools/blob/master/README). + + ksmbd kernel server includes support for auto-negotiation, + Secure negotiate, Pre-authentication integrity, oplock/lease, + compound requests, multi-credit, packet signing, RDMA(smbdirect), + smb3 encryption, copy-offload, secure per-user session + establishment via NTLM or NTLMv2. + +config SMB_SERVER_SMBDIRECT + bool "Support for SMB Direct protocol" + depends on SMB_SERVER=m && INFINIBAND && INFINIBAND_ADDR_TRANS || SMB_SERVER=y && INFINIBAND=y && INFINIBAND_ADDR_TRANS=y + select SG_POOL + default n + + help + Enables SMB Direct support for SMB 3.0, 3.02 and 3.1.1. + + SMB Direct allows transferring SMB packets over RDMA. If unsure, + say N. + +config SMB_SERVER_CHECK_CAP_NET_ADMIN + bool "Enable check network administration capability" + depends on SMB_SERVER + default y + + help + Prevent unprivileged processes to start the ksmbd kernel server. + +config SMB_SERVER_KERBEROS5 + bool "Support for Kerberos 5" + depends on SMB_SERVER + default n diff --git a/fs/ksmbd/Makefile b/fs/ksmbd/Makefile new file mode 100644 index 000000000000..7d6337a7dee4 --- /dev/null +++ b/fs/ksmbd/Makefile @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# +# Makefile for Linux SMB3 kernel server +# +obj-$(CONFIG_SMB_SERVER) += ksmbd.o + +ksmbd-y := unicode.o auth.o vfs.o vfs_cache.o server.o ndr.o \ + misc.o oplock.o connection.o ksmbd_work.o crypto_ctx.o \ + mgmt/ksmbd_ida.o mgmt/user_config.o mgmt/share_config.o \ + mgmt/tree_connect.o mgmt/user_session.o smb_common.o \ + transport_tcp.o transport_ipc.o smbacl.o smb2pdu.o \ + smb2ops.o smb2misc.o ksmbd_spnego_negtokeninit.asn1.o \ + ksmbd_spnego_negtokentarg.asn1.o asn1.o + +$(obj)/asn1.o: $(obj)/ksmbd_spnego_negtokeninit.asn1.h $(obj)/ksmbd_spnego_negtokentarg.asn1.h + +$(obj)/ksmbd_spnego_negtokeninit.asn1.o: $(obj)/ksmbd_spnego_negtokeninit.asn1.c $(obj)/ksmbd_spnego_negtokeninit.asn1.h +$(obj)/ksmbd_spnego_negtokentarg.asn1.o: $(obj)/ksmbd_spnego_negtokentarg.asn1.c $(obj)/ksmbd_spnego_negtokentarg.asn1.h + +ksmbd-$(CONFIG_SMB_SERVER_SMBDIRECT) += transport_rdma.o diff --git a/fs/ksmbd/server.c b/fs/ksmbd/server.c index 90aeb8a835f7..ad742ac28f1d 100644 --- a/fs/ksmbd/server.c +++ b/fs/ksmbd/server.c @@ -624,10 +624,8 @@ MODULE_AUTHOR("Namjae Jeon linkinjeon@kernel.org"); MODULE_VERSION(KSMBD_VERSION); MODULE_DESCRIPTION("Linux kernel CIFS/SMB SERVER"); MODULE_LICENSE("GPL"); -MODULE_SOFTDEP("pre: arc4"); MODULE_SOFTDEP("pre: ecb"); MODULE_SOFTDEP("pre: hmac"); -MODULE_SOFTDEP("pre: md4"); MODULE_SOFTDEP("pre: md5"); MODULE_SOFTDEP("pre: nls"); MODULE_SOFTDEP("pre: aes");

From patchwork Mon Nov 14 12:53:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183400 Return-Path: yanaijie@huawei.com Received: from dggems706-chm.china.huawei.com (10.3.19.183) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:38 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems706-chm.china.huawei.com (10.3.19.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:37 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:37 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 303/308] ksmbd: set unique value to volume serial field in FS_VOLUME_INFORMATION Date: Mon, 14 Nov 2022 20:53:32 +0800 Message-ID: 20221114125337.1831594-304-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 09ecea80-0134-4ac5-06b2-08dac63c9807 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7031601 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.16-rc1 commit 5d2f0b1083eb158bdff01dd557e2c25046c0a7d2 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/5d2f0b1083eb

-------------------------------

Steve French reported ksmbd set fixed value to volume serial field in FS_VOLUME_INFORMATION. Volume serial value needs to be set to a unique value for client fscache. This patch set crc value that is generated with share name, path name and netbios name to volume serial.

Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Cc: stable@vger.kernel.org # v5.15 Reported-by: Steve French smfrench@gmail.com Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/Kconfig | 1 + fs/ksmbd/server.c | 1 + fs/ksmbd/smb2pdu.c | 9 ++++++++- 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/fs/ksmbd/Kconfig b/fs/ksmbd/Kconfig index c893ba4490e4..e1fe17747ed6 100644 --- a/fs/ksmbd/Kconfig +++ b/fs/ksmbd/Kconfig @@ -18,6 +18,7 @@ config SMB_SERVER select CRYPTO_GCM select ASN1 select OID_REGISTRY + select CRC32 default n help Choose Y here if you want to allow SMB3 compliant clients diff --git a/fs/ksmbd/server.c b/fs/ksmbd/server.c index ad742ac28f1d..8cd93052cfab 100644 --- a/fs/ksmbd/server.c +++ b/fs/ksmbd/server.c @@ -635,5 +635,6 @@ MODULE_SOFTDEP("pre: sha512"); MODULE_SOFTDEP("pre: aead2"); MODULE_SOFTDEP("pre: ccm"); MODULE_SOFTDEP("pre: gcm"); +MODULE_SOFTDEP("pre: crc32"); module_init(ksmbd_server_init) module_exit(ksmbd_server_exit) diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 7a6a2942f72a..31947a994a8d 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -4909,11 +4909,18 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work, { struct filesystem_vol_info *info; size_t sz; + unsigned int serial_crc = 0;

info = (struct filesystem_vol_info *)(rsp->Buffer); info->VolumeCreationTime = 0; + serial_crc = crc32_le(serial_crc, share->name, + strlen(share->name)); + serial_crc = crc32_le(serial_crc, share->path, + strlen(share->path)); + serial_crc = crc32_le(serial_crc, ksmbd_netbios_name(), + strlen(ksmbd_netbios_name())); /* Taking dummy value of serial number*/ - info->SerialNumber = cpu_to_le32(0xbc3ac512); + info->SerialNumber = cpu_to_le32(serial_crc); len = smbConvertToUTF16((__le16 *)info->VolumeLabel, share->name, PATH_MAX, conn->local_nls, 0);

From patchwork Mon Nov 14 12:53:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183401 Return-Path: yanaijie@huawei.com Received: from dggems705-chm.china.huawei.com (10.3.19.182) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:38 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems705-chm.china.huawei.com (10.3.19.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:38 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:37 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 304/308] ksmbd: add support for smb2 max credit parameter Date: Mon, 14 Nov 2022 20:53:33 +0800 Message-ID: 20221114125337.1831594-305-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 6f73e789-fa72-4762-e4c1-08dac63c984f X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7353506 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.17-rc1 commit 004443b3f6d722b455cf963ed7c3edd7f4772405 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/004443b3f6d7

-------------------------------

Add smb2 max credits parameter to adjust maximum credits value to limit number of outstanding requests.

Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/connection.h | 1 - fs/ksmbd/ksmbd_netlink.h | 1 + fs/ksmbd/smb2misc.c | 2 +- fs/ksmbd/smb2ops.c | 16 ++++++++++++---- fs/ksmbd/smb2pdu.c | 8 ++++---- fs/ksmbd/smb2pdu.h | 1 + fs/ksmbd/smb_common.h | 1 + fs/ksmbd/transport_ipc.c | 2 ++ 8 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/fs/ksmbd/connection.h b/fs/ksmbd/connection.h index 6aa72b17c3eb..b50c33bd1315 100644 --- a/fs/ksmbd/connection.h +++ b/fs/ksmbd/connection.h @@ -55,7 +55,6 @@ struct ksmbd_conn { /* References which are made for this Server object*/ atomic_t r_count; unsigned short total_credits; - unsigned short max_credits; spinlock_t credits_lock; wait_queue_head_t req_running_q; wait_queue_head_t r_count_q; diff --git a/fs/ksmbd/ksmbd_netlink.h b/fs/ksmbd/ksmbd_netlink.h index c6718a05d347..a5c2861792ae 100644 --- a/fs/ksmbd/ksmbd_netlink.h +++ b/fs/ksmbd/ksmbd_netlink.h @@ -103,6 +103,7 @@ struct ksmbd_startup_request { * we set the SPARSE_FILES bit (0x40). */ __u32 sub_auth[3]; /* Subauth value for Security ID */ + __u32 smb2_max_credits; /* MAX credits */ __u32 ifc_list_sz; /* interfaces list size */ __s8 ____payload[]; }; diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c index faaeacd8ea55..df09a1bd4981 100644 --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -322,7 +322,7 @@ static int smb2_validate_credit_charge(struct ksmbd_conn *conn, ksmbd_debug(SMB, "Insufficient credit charge, given: %d, needed: %d\n", credit_charge, calc_credit_num); return 1; - } else if (credit_charge > conn->max_credits) { + } else if (credit_charge > conn->vals->max_credits) { ksmbd_debug(SMB, "Too large credit charge: %d\n", credit_charge); return 1; } diff --git a/fs/ksmbd/smb2ops.c b/fs/ksmbd/smb2ops.c index 2a6205103df2..f0a5b704f301 100644 --- a/fs/ksmbd/smb2ops.c +++ b/fs/ksmbd/smb2ops.c @@ -20,6 +20,7 @@ static struct smb_version_values smb21_server_values = { .max_read_size = SMB21_DEFAULT_IOSIZE, .max_write_size = SMB21_DEFAULT_IOSIZE, .max_trans_size = SMB21_DEFAULT_IOSIZE, + .max_credits = SMB2_MAX_CREDITS, .large_lock_type = 0, .exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE, .shared_lock_type = SMB2_LOCKFLAG_SHARED, @@ -45,6 +46,7 @@ static struct smb_version_values smb30_server_values = { .max_read_size = SMB3_DEFAULT_IOSIZE, .max_write_size = SMB3_DEFAULT_IOSIZE, .max_trans_size = SMB3_DEFAULT_TRANS_SIZE, + .max_credits = SMB2_MAX_CREDITS, .large_lock_type = 0, .exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE, .shared_lock_type = SMB2_LOCKFLAG_SHARED, @@ -71,6 +73,7 @@ static struct smb_version_values smb302_server_values = { .max_read_size = SMB3_DEFAULT_IOSIZE, .max_write_size = SMB3_DEFAULT_IOSIZE, .max_trans_size = SMB3_DEFAULT_TRANS_SIZE, + .max_credits = SMB2_MAX_CREDITS, .large_lock_type = 0, .exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE, .shared_lock_type = SMB2_LOCKFLAG_SHARED, @@ -97,6 +100,7 @@ static struct smb_version_values smb311_server_values = { .max_read_size = SMB3_DEFAULT_IOSIZE, .max_write_size = SMB3_DEFAULT_IOSIZE, .max_trans_size = SMB3_DEFAULT_TRANS_SIZE, + .max_credits = SMB2_MAX_CREDITS, .large_lock_type = 0, .exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE, .shared_lock_type = SMB2_LOCKFLAG_SHARED, @@ -198,7 +202,6 @@ void init_smb2_1_server(struct ksmbd_conn *conn) conn->ops = &smb2_0_server_ops; conn->cmds = smb2_0_server_cmds; conn->max_cmds = ARRAY_SIZE(smb2_0_server_cmds); - conn->max_credits = SMB2_MAX_CREDITS; conn->signing_algorithm = SIGNING_ALG_HMAC_SHA256;

if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_LEASES) @@ -216,7 +219,6 @@ void init_smb3_0_server(struct ksmbd_conn *conn) conn->ops = &smb3_0_server_ops; conn->cmds = smb2_0_server_cmds; conn->max_cmds = ARRAY_SIZE(smb2_0_server_cmds); - conn->max_credits = SMB2_MAX_CREDITS; conn->signing_algorithm = SIGNING_ALG_AES_CMAC;

if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_LEASES) @@ -241,7 +243,6 @@ void init_smb3_02_server(struct ksmbd_conn *conn) conn->ops = &smb3_0_server_ops; conn->cmds = smb2_0_server_cmds; conn->max_cmds = ARRAY_SIZE(smb2_0_server_cmds); - conn->max_credits = SMB2_MAX_CREDITS; conn->signing_algorithm = SIGNING_ALG_AES_CMAC;

if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_LEASES) @@ -266,7 +267,6 @@ int init_smb3_11_server(struct ksmbd_conn *conn) conn->ops = &smb3_11_server_ops; conn->cmds = smb2_0_server_cmds; conn->max_cmds = ARRAY_SIZE(smb2_0_server_cmds); - conn->max_credits = SMB2_MAX_CREDITS; conn->signing_algorithm = SIGNING_ALG_AES_CMAC;

if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_LEASES) @@ -305,3 +305,11 @@ void init_smb2_max_trans_size(unsigned int sz) smb302_server_values.max_trans_size = sz; smb311_server_values.max_trans_size = sz; } + +void init_smb2_max_credits(unsigned int sz) +{ + smb21_server_values.max_credits = sz; + smb30_server_values.max_credits = sz; + smb302_server_values.max_credits = sz; + smb311_server_values.max_credits = sz; +} diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 31947a994a8d..e397476641ee 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -309,7 +309,7 @@ int smb2_set_rsp_credits(struct ksmbd_work *work)

hdr->CreditCharge = req_hdr->CreditCharge;

- if (conn->total_credits > conn->max_credits) { + if (conn->total_credits > conn->vals->max_credits) { hdr->CreditRequest = 0; pr_err("Total credits overflow: %d\n", conn->total_credits); return -EINVAL; @@ -330,12 +330,12 @@ int smb2_set_rsp_credits(struct ksmbd_work *work) if (hdr->Command == SMB2_NEGOTIATE) aux_max = 0; else - aux_max = conn->max_credits - credit_charge; + aux_max = conn->vals->max_credits - credit_charge; aux_credits = min_t(unsigned short, aux_credits, aux_max); credits_granted = credit_charge + aux_credits;

- if (conn->max_credits - conn->total_credits < credits_granted) - credits_granted = conn->max_credits - + if (conn->vals->max_credits - conn->total_credits < credits_granted) + credits_granted = conn->vals->max_credits - conn->total_credits;

conn->total_credits += credits_granted; diff --git a/fs/ksmbd/smb2pdu.h b/fs/ksmbd/smb2pdu.h index 940ec510d3e2..9018d919cdd8 100644 --- a/fs/ksmbd/smb2pdu.h +++ b/fs/ksmbd/smb2pdu.h @@ -1636,6 +1636,7 @@ int init_smb3_11_server(struct ksmbd_conn *conn); void init_smb2_max_read_size(unsigned int sz); void init_smb2_max_write_size(unsigned int sz); void init_smb2_max_trans_size(unsigned int sz); +void init_smb2_max_credits(unsigned int sz);

bool is_smb2_neg_cmd(struct ksmbd_work *work); bool is_smb2_rsp(struct ksmbd_work *work); diff --git a/fs/ksmbd/smb_common.h b/fs/ksmbd/smb_common.h index da3dd29079a2..fe498fd6343c 100644 --- a/fs/ksmbd/smb_common.h +++ b/fs/ksmbd/smb_common.h @@ -412,6 +412,7 @@ struct smb_version_values { __u32 max_read_size; __u32 max_write_size; __u32 max_trans_size; + __u32 max_credits; __u32 large_lock_type; __u32 exclusive_lock_type; __u32 shared_lock_type; diff --git a/fs/ksmbd/transport_ipc.c b/fs/ksmbd/transport_ipc.c index 1acf1892a466..3ad6881e0f7e 100644 --- a/fs/ksmbd/transport_ipc.c +++ b/fs/ksmbd/transport_ipc.c @@ -301,6 +301,8 @@ static int ipc_server_config_on_startup(struct ksmbd_startup_request *req) init_smb2_max_write_size(req->smb2_max_write); if (req->smb2_max_trans) init_smb2_max_trans_size(req->smb2_max_trans); + if (req->smb2_max_credits) + init_smb2_max_credits(req->smb2_max_credits);

ret = ksmbd_set_netbios_name(req->netbios_name); ret |= ksmbd_set_server_string(req->server_string);

From patchwork Mon Nov 14 12:53:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183402 Return-Path: yanaijie@huawei.com Received: from dggems701-chm.china.huawei.com (10.3.19.178) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:39 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems701-chm.china.huawei.com (10.3.19.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:38 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:38 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 305/308] ksmbd: move credit charge deduction under processing request Date: Mon, 14 Nov 2022 20:53:34 +0800 Message-ID: 20221114125337.1831594-306-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 19cfa166-1c27-453c-0f44-08dac63c9899 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6612780 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.17-rc1 commit 914d7e5709ac59ded70bea7956d408fe2acd7c3c category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/914d7e5709ac

-------------------------------

Moves the credit charge deduction from total_credits under the processing a request. When repeating smb2 lock request and other command request, there will be a problem that ->total_credits does not decrease.

Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/smb2misc.c | 7 ++----- fs/ksmbd/smb2pdu.c | 16 ++++++++++------ 2 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c index df09a1bd4981..5dd91879e3d9 100644 --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -285,7 +285,7 @@ static int smb2_validate_credit_charge(struct ksmbd_conn *conn, unsigned int req_len = 0, expect_resp_len = 0, calc_credit_num, max_len; unsigned short credit_charge = le16_to_cpu(hdr->CreditCharge); void *__hdr = hdr; - int ret; + int ret = 0;

switch (hdr->Command) { case SMB2_QUERY_INFO: @@ -328,10 +328,7 @@ static int smb2_validate_credit_charge(struct ksmbd_conn *conn, }

spin_lock(&conn->credits_lock); - if (credit_charge <= conn->total_credits) { - conn->total_credits -= credit_charge; - ret = 0; - } else { + if (credit_charge > conn->total_credits) { ksmbd_debug(SMB, "Insufficient credits granted, given: %u, granted: %u\n", credit_charge, conn->total_credits); ret = 1; diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index e397476641ee..1370fc6f1f0b 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -300,9 +300,8 @@ int smb2_set_rsp_credits(struct ksmbd_work *work) struct smb2_hdr *req_hdr = ksmbd_req_buf_next(work); struct smb2_hdr *hdr = ksmbd_resp_buf_next(work); struct ksmbd_conn *conn = work->conn; - unsigned short credits_requested; + unsigned short credits_requested, aux_max; unsigned short credit_charge, credits_granted = 0; - unsigned short aux_max, aux_credits;

if (work->send_no_response) return 0; @@ -317,6 +316,13 @@ int smb2_set_rsp_credits(struct ksmbd_work *work)

credit_charge = max_t(unsigned short, le16_to_cpu(req_hdr->CreditCharge), 1); + if (credit_charge > conn->total_credits) { + ksmbd_debug(SMB, "Insufficient credits granted, given: %u, granted: %u\n", + credit_charge, conn->total_credits); + return -EINVAL; + } + + conn->total_credits -= credit_charge; credits_requested = max_t(unsigned short, le16_to_cpu(req_hdr->CreditRequest), 1);

@@ -326,13 +332,11 @@ int smb2_set_rsp_credits(struct ksmbd_work *work) * TODO: Need to adjuct CreditRequest value according to * current cpu load */ - aux_credits = credits_requested - 1; if (hdr->Command == SMB2_NEGOTIATE) - aux_max = 0; + aux_max = 1; else aux_max = conn->vals->max_credits - credit_charge; - aux_credits = min_t(unsigned short, aux_credits, aux_max); - credits_granted = credit_charge + aux_credits; + credits_granted = min_t(unsigned short, credits_requested, aux_max);

if (conn->vals->max_credits - conn->total_credits < credits_granted) credits_granted = conn->vals->max_credits -

From patchwork Mon Nov 14 12:53:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183403 Return-Path: yanaijie@huawei.com Received: from dggems702-chm.china.huawei.com (10.3.19.179) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:39 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:39 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:38 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 306/308] ksmbd: limits exceeding the maximum allowable outstanding requests Date: Mon, 14 Nov 2022 20:53:35 +0800 Message-ID: 20221114125337.1831594-307-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: fac8ea7a-568b-47d9-02bc-08dac63c98dd X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7177478 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.17-rc1 commit b589f5db6d4af8f14d70e31e1276b4c017668a26 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/b589f5db6d4a

-------------------------------

If the client ignores the CreditResponse received from the server and continues to send the request, ksmbd limits the requests if it exceeds smb2 max credits.

Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/connection.c | 1 + fs/ksmbd/connection.h | 3 ++- fs/ksmbd/smb2misc.c | 9 +++++++++ fs/ksmbd/smb2pdu.c | 1 + 4 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/fs/ksmbd/connection.c b/fs/ksmbd/connection.c index cdb029e4fae5..8e15ec9e8f43 100644 --- a/fs/ksmbd/connection.c +++ b/fs/ksmbd/connection.c @@ -63,6 +63,7 @@ struct ksmbd_conn *ksmbd_conn_alloc(void) atomic_set(&conn->req_running, 0); atomic_set(&conn->r_count, 0); conn->total_credits = 1; + conn->outstanding_credits = 1;

init_waitqueue_head(&conn->req_running_q); init_waitqueue_head(&conn->r_count_q); diff --git a/fs/ksmbd/connection.h b/fs/ksmbd/connection.h index b50c33bd1315..f803e3e60d34 100644 --- a/fs/ksmbd/connection.h +++ b/fs/ksmbd/connection.h @@ -54,7 +54,8 @@ struct ksmbd_conn { atomic_t req_running; /* References which are made for this Server object*/ atomic_t r_count; - unsigned short total_credits; + unsigned int total_credits; + unsigned int outstanding_credits; spinlock_t credits_lock; wait_queue_head_t req_running_q; wait_queue_head_t r_count_q; diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c index 5dd91879e3d9..81b227034865 100644 --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -333,7 +333,16 @@ static int smb2_validate_credit_charge(struct ksmbd_conn *conn, credit_charge, conn->total_credits); ret = 1; } + + if ((u64)conn->outstanding_credits + credit_charge > conn->vals->max_credits) { + ksmbd_debug(SMB, "Limits exceeding the maximum allowable outstanding requests, given : %u, pending : %u\n", + credit_charge, conn->outstanding_credits); + ret = 1; + } else + conn->outstanding_credits += credit_charge; + spin_unlock(&conn->credits_lock); + return ret; }

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 1370fc6f1f0b..5a7eab3991db 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -323,6 +323,7 @@ int smb2_set_rsp_credits(struct ksmbd_work *work) }

conn->total_credits -= credit_charge; + conn->outstanding_credits -= credit_charge; credits_requested = max_t(unsigned short, le16_to_cpu(req_hdr->CreditRequest), 1);

From patchwork Mon Nov 14 12:53:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183404 Return-Path: yanaijie@huawei.com Received: from dggems703-chm.china.huawei.com (10.3.19.180) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:40 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems703-chm.china.huawei.com (10.3.19.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:39 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:39 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 307/308] ksmbd: add reserved room in ipc request/response Date: Mon, 14 Nov 2022 20:53:36 +0800 Message-ID: 20221114125337.1831594-308-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 8cb41985-87f4-403c-9450-08dac63c9925 X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7238442 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: Namjae Jeon linkinjeon@kernel.org

mainline inclusion from mainline-5.17-rc1 commit 41dbda16a0902798e732abc6599de256b9dc3b27 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/41dbda16a090

-------------------------------

Whenever new parameter is added to smb configuration, It is possible to break the execution of the IPC daemon by mismatch size of request/response. This patch tries to reserve space in ipc request/response in advance to prevent that.

Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/ksmbd/ksmbd_netlink.h | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/fs/ksmbd/ksmbd_netlink.h b/fs/ksmbd/ksmbd_netlink.h index a5c2861792ae..71bfb7de4472 100644 --- a/fs/ksmbd/ksmbd_netlink.h +++ b/fs/ksmbd/ksmbd_netlink.h @@ -104,6 +104,7 @@ struct ksmbd_startup_request { */ __u32 sub_auth[3]; /* Subauth value for Security ID */ __u32 smb2_max_credits; /* MAX credits */ + __u32 reserved[128]; /* Reserved room */ __u32 ifc_list_sz; /* interfaces list size */ __s8 ____payload[]; }; @@ -114,7 +115,7 @@ struct ksmbd_startup_request { * IPC request to shutdown ksmbd server. */ struct ksmbd_shutdown_request { - __s32 reserved; + __s32 reserved[16]; };

/* @@ -123,6 +124,7 @@ struct ksmbd_shutdown_request { struct ksmbd_login_request { __u32 handle; __s8 account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ]; /* user account name */ + __u32 reserved[16]; /* Reserved room */ };

/* @@ -136,6 +138,7 @@ struct ksmbd_login_response { __u16 status; __u16 hash_sz; /* hash size */ __s8 hash[KSMBD_REQ_MAX_HASH_SZ]; /* password hash */ + __u32 reserved[16]; /* Reserved room */ };

/* @@ -144,6 +147,7 @@ struct ksmbd_login_response { struct ksmbd_share_config_request { __u32 handle; __s8 share_name[KSMBD_REQ_MAX_SHARE_NAME]; /* share name */ + __u32 reserved[16]; /* Reserved room */ };

/* @@ -158,6 +162,7 @@ struct ksmbd_share_config_response { __u16 force_directory_mode; __u16 force_uid; __u16 force_gid; + __u32 reserved[128]; /* Reserved room */ __u32 veto_list_sz; __s8 ____payload[]; }; @@ -188,6 +193,7 @@ struct ksmbd_tree_connect_request { __s8 account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ]; __s8 share[KSMBD_REQ_MAX_SHARE_NAME]; __s8 peer_addr[64]; + __u32 reserved[16]; /* Reserved room */ };

/* @@ -197,6 +203,7 @@ struct ksmbd_tree_connect_response { __u32 handle; __u16 status; __u16 connection_flags; + __u32 reserved[16]; /* Reserved room */ };

/* @@ -205,6 +212,7 @@ struct ksmbd_tree_connect_response { struct ksmbd_tree_disconnect_request { __u64 session_id; /* session id */ __u64 connect_id; /* tree connection id */ + __u32 reserved[16]; /* Reserved room */ };

/* @@ -213,6 +221,7 @@ struct ksmbd_tree_disconnect_request { struct ksmbd_logout_request { __s8 account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ]; /* user account name */ __u32 account_flags; + __u32 reserved[16]; /* Reserved room */ };

/*

From patchwork Mon Nov 14 12:53:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Yan yanaijie@huawei.com X-Patchwork-Id: 183405 Return-Path: yanaijie@huawei.com Received: from dggems704-chm.china.huawei.com (10.3.19.181) by dggems702-chm.china.huawei.com (10.3.19.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Mailbox Transport; Mon, 14 Nov 2022 20:34:40 +0800 Received: from canpemm500004.china.huawei.com (7.192.104.92) by dggems704-chm.china.huawei.com (10.3.19.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:40 +0800 Received: from huawei.com (10.175.127.227) by canpemm500004.china.huawei.com (7.192.104.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 14 Nov 2022 20:34:39 +0800 From: Jason Yan yanaijie@huawei.com To: yanaijie@huawei.com, zhengzengkai@huawei.com, xiexiuqi@huawei.com, yi.zhang@huawei.com, patchwork@huawei.com, kernel.openeuler@huawei.com, houtao1@huawei.com Subject: [PATCH OLK-5.10 v2 308/308] vfs: Check the truncate maximum size in inode_newsize_ok() Date: Mon, 14 Nov 2022 20:53:37 +0800 Message-ID: 20221114125337.1831594-309-yanaijie@huawei.com X-Mailer: git-send-email 2.31.1 In-Reply-To: 20221114125337.1831594-1-yanaijie@huawei.com References: 20221114125337.1831594-1-yanaijie@huawei.com Content-Type: text/plain X-MS-Exchange-Organization-Network-Message-Id: 2f26f158-a78f-4901-0b11-08dac63c996f X-MS-Exchange-Organization-AuthSource: canpemm500004.china.huawei.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 07 X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To canpemm500004.china.huawei.com (7.192.104.92) X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6968201 X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.031 MIME-Version: 1.0

From: David Howells dhowells@redhat.com

mainline inclusion from mainline-6.0-rc1 commit e2ebff9c57fe4eb104ce4768f6ebcccf76bef849 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/e2ebff9c57fe

-------------------------------

If something manages to set the maximum file size to MAX_OFFSET+1, this can cause the xfs and ext4 filesystems at least to become corrupt.

Ordinarily, the kernel protects against userspace trying this by checking the value early in the truncate() and ftruncate() system calls calls - but there are at least two places that this check is bypassed:

(1) Cachefiles will round up the EOF of the backing file to DIO block size so as to allow DIO on the final block - but this might push the offset negative. It then calls notify_change(), but this inadvertently bypasses the checking. This can be triggered if someone puts an 8EiB-1 file on a server for someone else to try and access by, say, nfs.

(2) ksmbd doesn't check the value it is given in set_end_of_file_info() and then calls vfs_truncate() directly - which also bypasses the check.

In both cases, it is potentially possible for a network filesystem to cause a disk filesystem to be corrupted: cachefiles in the client's cache filesystem; ksmbd in the server's filesystem.

nfsd is okay as it checks the value, but we can then remove this check too.

Fix this by adding a check to inode_newsize_ok(), as called from setattr_prepare(), thereby catching the issue as filesystems set up to perform the truncate with minimal opportunity for bypassing the new check.

Fixes: 1f08c925e7a3 ("cachefiles: Implement backing file wrangling") Fixes: f44158485826 ("cifsd: add file operations") Signed-off-by: David Howells dhowells@redhat.com Reported-by: Jeff Layton jlayton@kernel.org Tested-by: Jeff Layton jlayton@kernel.org Reviewed-by: Namjae Jeon linkinjeon@kernel.org Cc: stable@kernel.org Acked-by: Alexander Viro viro@zeniv.linux.org.uk cc: Steve French sfrench@samba.org cc: Hyunchul Lee hyc.lee@gmail.com cc: Chuck Lever chuck.lever@oracle.com cc: Dave Wysochanski dwysocha@redhat.com Signed-off-by: Linus Torvalds torvalds@linux-foundation.org Signed-off-by: Jason Yan yanaijie@huawei.com --- fs/attr.c | 2 ++ 1 file changed, 2 insertions(+)

diff --git a/fs/attr.c b/fs/attr.c index b4bbdbd4c8ca..848ffe6e3c24 100644 --- a/fs/attr.c +++ b/fs/attr.c @@ -134,6 +134,8 @@ EXPORT_SYMBOL(setattr_prepare); */ int inode_newsize_ok(const struct inode *inode, loff_t offset) { + if (offset < 0) + return -EINVAL; if (inode->i_size < offset) { unsigned long limit;