3e20831119a9ef7eef979fac99d32ae4fc21e896
[linux-2.6.git] / fs / cifs / connect.c
1 /*
2  *   fs/cifs/connect.c
3  *
4  *   Copyright (C) International Business Machines  Corp., 2002,2009
5  *   Author(s): Steve French (sfrench@us.ibm.com)
6  *
7  *   This library is free software; you can redistribute it and/or modify
8  *   it under the terms of the GNU Lesser General Public License as published
9  *   by the Free Software Foundation; either version 2.1 of the License, or
10  *   (at your option) any later version.
11  *
12  *   This library is distributed in the hope that it will be useful,
13  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
14  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
15  *   the GNU Lesser General Public License for more details.
16  *
17  *   You should have received a copy of the GNU Lesser General Public License
18  *   along with this library; if not, write to the Free Software
19  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20  */
21 #include <linux/fs.h>
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/slab.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/kthread.h>
34 #include <linux/pagevec.h>
35 #include <linux/freezer.h>
36 #include <linux/namei.h>
37 #include <asm/uaccess.h>
38 #include <asm/processor.h>
39 #include <linux/inet.h>
40 #include <net/ipv6.h>
41 #include "cifspdu.h"
42 #include "cifsglob.h"
43 #include "cifsproto.h"
44 #include "cifs_unicode.h"
45 #include "cifs_debug.h"
46 #include "cifs_fs_sb.h"
47 #include "ntlmssp.h"
48 #include "nterr.h"
49 #include "rfc1002pdu.h"
50 #include "fscache.h"
51
52 #define CIFS_PORT 445
53 #define RFC1001_PORT 139
54
55 /* SMB echo "timeout" -- FIXME: tunable? */
56 #define SMB_ECHO_INTERVAL (60 * HZ)
57
58 extern mempool_t *cifs_req_poolp;
59
60 struct smb_vol {
61         char *username;
62         char *password;
63         char *domainname;
64         char *UNC;
65         char *UNCip;
66         char *iocharset;  /* local code page for mapping to and from Unicode */
67         char source_rfc1001_name[RFC1001_NAME_LEN_WITH_NULL]; /* clnt nb name */
68         char target_rfc1001_name[RFC1001_NAME_LEN_WITH_NULL]; /* srvr nb name */
69         uid_t cred_uid;
70         uid_t linux_uid;
71         gid_t linux_gid;
72         mode_t file_mode;
73         mode_t dir_mode;
74         unsigned secFlg;
75         bool retry:1;
76         bool intr:1;
77         bool setuids:1;
78         bool override_uid:1;
79         bool override_gid:1;
80         bool dynperm:1;
81         bool noperm:1;
82         bool no_psx_acl:1; /* set if posix acl support should be disabled */
83         bool cifs_acl:1;
84         bool no_xattr:1;   /* set if xattr (EA) support should be disabled*/
85         bool server_ino:1; /* use inode numbers from server ie UniqueId */
86         bool direct_io:1;
87         bool strict_io:1; /* strict cache behavior */
88         bool remap:1;      /* set to remap seven reserved chars in filenames */
89         bool posix_paths:1; /* unset to not ask for posix pathnames. */
90         bool no_linux_ext:1;
91         bool sfu_emul:1;
92         bool nullauth:1;   /* attempt to authenticate with null user */
93         bool nocase:1;     /* request case insensitive filenames */
94         bool nobrl:1;      /* disable sending byte range locks to srv */
95         bool mand_lock:1;  /* send mandatory not posix byte range lock reqs */
96         bool seal:1;       /* request transport encryption on share */
97         bool nodfs:1;      /* Do not request DFS, even if available */
98         bool local_lease:1; /* check leases only on local system, not remote */
99         bool noblocksnd:1;
100         bool noautotune:1;
101         bool nostrictsync:1; /* do not force expensive SMBflush on every sync */
102         bool fsc:1;     /* enable fscache */
103         bool mfsymlinks:1; /* use Minshall+French Symlinks */
104         bool multiuser:1;
105         bool use_smb2:1; /* force smb2 use on mount instead of cifs */
106         unsigned int rsize;
107         unsigned int wsize;
108         bool sockopt_tcp_nodelay:1;
109         unsigned short int port;
110         unsigned long actimeo; /* attribute cache timeout (jiffies) */
111         char *prepath;
112         struct sockaddr_storage srcaddr; /* allow binding to a local IP */
113         struct nls_table *local_nls;
114 };
115
116 /* FIXME: should these be tunable? */
117 #define TLINK_ERROR_EXPIRE      (1 * HZ)
118 #define TLINK_IDLE_EXPIRE       (600 * HZ)
119
120 static int ip_connect(struct TCP_Server_Info *server);
121 static int generic_ip_connect(struct TCP_Server_Info *server);
122 static void tlink_rb_insert(struct rb_root *root, struct tcon_link *new_tlink);
123 static void cifs_prune_tlinks(struct work_struct *work);
124
125 /*
126  * cifs tcp session reconnection
127  *
128  * mark tcp session as reconnecting so temporarily locked
129  * mark all smb sessions as reconnecting for tcp session
130  * reconnect tcp session
131  * wake up waiters on reconnection? - (not needed currently)
132  */
133 static int
134 cifs_reconnect(struct TCP_Server_Info *server)
135 {
136         int rc = 0;
137         struct list_head *tmp, *tmp2;
138         struct cifsSesInfo *ses;
139         struct cifsTconInfo *tcon;
140         struct mid_q_entry *mid_entry;
141
142         spin_lock(&GlobalMid_Lock);
143         if (server->tcpStatus == CifsExiting) {
144                 /* the demux thread will exit normally
145                 next time through the loop */
146                 spin_unlock(&GlobalMid_Lock);
147                 return rc;
148         } else
149                 server->tcpStatus = CifsNeedReconnect;
150         spin_unlock(&GlobalMid_Lock);
151         server->maxBuf = 0;
152
153         cFYI(1, "Reconnecting tcp session");
154
155         /* before reconnecting the tcp session, mark the smb session (uid)
156                 and the tid bad so they are not used until reconnected */
157         cFYI(1, "%s: marking sessions and tcons for reconnect", __func__);
158         spin_lock(&cifs_tcp_ses_lock);
159         list_for_each(tmp, &server->smb_ses_list) {
160                 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
161                 ses->need_reconnect = true;
162                 ses->ipc_tid = 0;
163                 list_for_each(tmp2, &ses->tcon_list) {
164                         tcon = list_entry(tmp2, struct cifsTconInfo, tcon_list);
165                         tcon->need_reconnect = true;
166                 }
167         }
168         spin_unlock(&cifs_tcp_ses_lock);
169
170         /* do not want to be sending data on a socket we are freeing */
171         cFYI(1, "%s: tearing down socket", __func__);
172         mutex_lock(&server->srv_mutex);
173         if (server->ssocket) {
174                 cFYI(1, "State: 0x%x Flags: 0x%lx", server->ssocket->state,
175                         server->ssocket->flags);
176                 kernel_sock_shutdown(server->ssocket, SHUT_WR);
177                 cFYI(1, "Post shutdown state: 0x%x Flags: 0x%lx",
178                         server->ssocket->state,
179                         server->ssocket->flags);
180                 sock_release(server->ssocket);
181                 server->ssocket = NULL;
182         }
183         server->sequence_number = 0;
184         server->session_estab = false;
185         kfree(server->session_key.response);
186         server->session_key.response = NULL;
187         server->session_key.len = 0;
188         server->lstrp = jiffies;
189         mutex_unlock(&server->srv_mutex);
190
191         /* mark submitted MIDs for retry and issue callback */
192         cFYI(1, "%s: issuing mid callbacks", __func__);
193         spin_lock(&GlobalMid_Lock);
194         list_for_each_safe(tmp, tmp2, &server->pending_mid_q) {
195                 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
196                 if (mid_entry->midState == MID_REQUEST_SUBMITTED)
197                         mid_entry->midState = MID_RETRY_NEEDED;
198                 list_del_init(&mid_entry->qhead);
199                 mid_entry->callback(mid_entry);
200         }
201         spin_unlock(&GlobalMid_Lock);
202
203         while (server->tcpStatus == CifsNeedReconnect) {
204                 try_to_freeze();
205
206                 /* we should try only the port we connected to before */
207                 rc = generic_ip_connect(server);
208                 if (rc) {
209                         cFYI(1, "reconnect error %d", rc);
210                         msleep(3000);
211                 } else {
212                         atomic_inc(&tcpSesReconnectCount);
213                         spin_lock(&GlobalMid_Lock);
214                         if (server->tcpStatus != CifsExiting)
215                                 server->tcpStatus = CifsNeedNegotiate;
216                         spin_unlock(&GlobalMid_Lock);
217                 }
218         }
219
220         return rc;
221 }
222
223 /*
224         return codes:
225                 0       not a transact2, or all data present
226                 >0      transact2 with that much data missing
227                 -EINVAL = invalid transact2
228
229  */
230 static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
231 {
232         struct smb_t2_rsp *pSMBt;
233         int remaining;
234         __u16 total_data_size, data_in_this_rsp;
235
236         if (pSMB->Command != SMB_COM_TRANSACTION2)
237                 return 0;
238
239         /* check for plausible wct, bcc and t2 data and parm sizes */
240         /* check for parm and data offset going beyond end of smb */
241         if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
242                 cFYI(1, "invalid transact2 word count");
243                 return -EINVAL;
244         }
245
246         pSMBt = (struct smb_t2_rsp *)pSMB;
247
248         total_data_size = get_unaligned_le16(&pSMBt->t2_rsp.TotalDataCount);
249         data_in_this_rsp = get_unaligned_le16(&pSMBt->t2_rsp.DataCount);
250
251         if (total_data_size == data_in_this_rsp)
252                 return 0;
253         else if (total_data_size < data_in_this_rsp) {
254                 cFYI(1, "total data %d smaller than data in frame %d",
255                         total_data_size, data_in_this_rsp);
256                 return -EINVAL;
257         }
258
259         remaining = total_data_size - data_in_this_rsp;
260
261         cFYI(1, "missing %d bytes from transact2, check next response",
262                 remaining);
263         if (total_data_size > maxBufSize) {
264                 cERROR(1, "TotalDataSize %d is over maximum buffer %d",
265                         total_data_size, maxBufSize);
266                 return -EINVAL;
267         }
268         return remaining;
269 }
270
271 static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
272 {
273         struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
274         struct smb_t2_rsp *pSMBt  = (struct smb_t2_rsp *)pTargetSMB;
275         char *data_area_of_target;
276         char *data_area_of_buf2;
277         int remaining;
278         unsigned int byte_count, total_in_buf;
279         __u16 total_data_size, total_in_buf2;
280
281         total_data_size = get_unaligned_le16(&pSMBt->t2_rsp.TotalDataCount);
282
283         if (total_data_size !=
284             get_unaligned_le16(&pSMB2->t2_rsp.TotalDataCount))
285                 cFYI(1, "total data size of primary and secondary t2 differ");
286
287         total_in_buf = get_unaligned_le16(&pSMBt->t2_rsp.DataCount);
288
289         remaining = total_data_size - total_in_buf;
290
291         if (remaining < 0)
292                 return -EPROTO;
293
294         if (remaining == 0) /* nothing to do, ignore */
295                 return 0;
296
297         total_in_buf2 = get_unaligned_le16(&pSMB2->t2_rsp.DataCount);
298         if (remaining < total_in_buf2) {
299                 cFYI(1, "transact2 2nd response contains too much data");
300         }
301
302         /* find end of first SMB data area */
303         data_area_of_target = (char *)&pSMBt->hdr.Protocol +
304                                 get_unaligned_le16(&pSMBt->t2_rsp.DataOffset);
305         /* validate target area */
306
307         data_area_of_buf2 = (char *)&pSMB2->hdr.Protocol +
308                                 get_unaligned_le16(&pSMB2->t2_rsp.DataOffset);
309
310         data_area_of_target += total_in_buf;
311
312         /* copy second buffer into end of first buffer */
313         total_in_buf += total_in_buf2;
314         /* is the result too big for the field? */
315         if (total_in_buf > USHRT_MAX)
316                 return -EPROTO;
317         put_unaligned_le16(total_in_buf, &pSMBt->t2_rsp.DataCount);
318
319         /* fix up the BCC */
320         byte_count = get_bcc(pTargetSMB);
321         byte_count += total_in_buf2;
322         /* is the result too big for the field? */
323         if (byte_count > USHRT_MAX)
324                 return -EPROTO;
325         put_bcc(byte_count, pTargetSMB);
326
327         byte_count = be32_to_cpu(pTargetSMB->smb_buf_length);
328         byte_count += total_in_buf2;
329         /* don't allow buffer to overflow */
330         if (byte_count > CIFSMaxBufSize)
331                 return -ENOBUFS;
332         pTargetSMB->smb_buf_length = cpu_to_be32(byte_count);
333
334         memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
335
336         if (remaining == total_in_buf2) {
337                 cFYI(1, "found the last secondary response");
338                 return 0; /* we are done */
339         } else /* more responses to go */
340                 return 1;
341 }
342
343 static void
344 cifs_echo_request(struct work_struct *work)
345 {
346         int rc;
347         struct TCP_Server_Info *server = container_of(work,
348                                         struct TCP_Server_Info, echo.work);
349
350         /*
351          * We cannot send an echo until the NEGOTIATE_PROTOCOL request is
352          * done, which is indicated by maxBuf != 0. Also, no need to ping if
353          * we got a response recently
354          */
355         if (server->maxBuf == 0 ||
356             time_before(jiffies, server->lstrp + SMB_ECHO_INTERVAL - HZ))
357                 goto requeue_echo;
358
359         rc = CIFSSMBEcho(server);
360         if (rc)
361                 cFYI(1, "Unable to send echo request to server: %s",
362                         server->hostname);
363
364 requeue_echo:
365         queue_delayed_work(system_nrt_wq, &server->echo, SMB_ECHO_INTERVAL);
366 }
367
368 static int
369 cifs_demultiplex_thread(struct TCP_Server_Info *server)
370 {
371         int length;
372         unsigned int pdu_length, total_read;
373         struct smb_hdr *smb_buffer = NULL;
374         struct smb_hdr *bigbuf = NULL;
375         struct smb_hdr *smallbuf = NULL;
376         struct msghdr smb_msg;
377         struct kvec iov;
378         struct socket *csocket = server->ssocket;
379         struct list_head *tmp, *tmp2;
380         struct task_struct *task_to_wake = NULL;
381         struct mid_q_entry *mid_entry;
382         char temp;
383         bool isLargeBuf = false;
384         bool isMultiRsp;
385         int reconnect;
386
387         current->flags |= PF_MEMALLOC;
388         cFYI(1, "Demultiplex PID: %d", task_pid_nr(current));
389
390         length = atomic_inc_return(&tcpSesAllocCount);
391         if (length > 1)
392                 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
393                                 GFP_KERNEL);
394
395         set_freezable();
396         while (server->tcpStatus != CifsExiting) {
397                 if (try_to_freeze())
398                         continue;
399                 if (bigbuf == NULL) {
400                         bigbuf = cifs_buf_get();
401                         if (!bigbuf) {
402                                 cERROR(1, "No memory for large SMB response");
403                                 msleep(3000);
404                                 /* retry will check if exiting */
405                                 continue;
406                         }
407                 } else if (isLargeBuf) {
408                         /* we are reusing a dirty large buf, clear its start */
409                         memset(bigbuf, 0, sizeof(struct smb_hdr));
410                 }
411
412                 if (smallbuf == NULL) {
413                         smallbuf = cifs_small_buf_get();
414                         if (!smallbuf) {
415                                 cERROR(1, "No memory for SMB response");
416                                 msleep(1000);
417                                 /* retry will check if exiting */
418                                 continue;
419                         }
420                         /* beginning of smb buffer is cleared in our buf_get */
421                 } else /* if existing small buf clear beginning */
422                         memset(smallbuf, 0, sizeof(struct smb_hdr));
423
424                 isLargeBuf = false;
425                 isMultiRsp = false;
426                 smb_buffer = smallbuf;
427                 iov.iov_base = smb_buffer;
428                 iov.iov_len = 4;
429                 smb_msg.msg_control = NULL;
430                 smb_msg.msg_controllen = 0;
431                 pdu_length = 4; /* enough to get RFC1001 header */
432
433 incomplete_rcv:
434                 if (echo_retries > 0 && server->tcpStatus == CifsGood &&
435                     time_after(jiffies, server->lstrp +
436                                         (echo_retries * SMB_ECHO_INTERVAL))) {
437                         cERROR(1, "Server %s has not responded in %d seconds. "
438                                   "Reconnecting...", server->hostname,
439                                   (echo_retries * SMB_ECHO_INTERVAL / HZ));
440                         cifs_reconnect(server);
441                         csocket = server->ssocket;
442                         wake_up(&server->response_q);
443                         continue;
444                 }
445
446                 length =
447                     kernel_recvmsg(csocket, &smb_msg,
448                                 &iov, 1, pdu_length, 0 /* BB other flags? */);
449
450                 if (server->tcpStatus == CifsExiting) {
451                         break;
452                 } else if (server->tcpStatus == CifsNeedReconnect) {
453                         cFYI(1, "Reconnect after server stopped responding");
454                         cifs_reconnect(server);
455                         cFYI(1, "call to reconnect done");
456                         csocket = server->ssocket;
457                         continue;
458                 } else if (length == -ERESTARTSYS ||
459                            length == -EAGAIN ||
460                            length == -EINTR) {
461                         msleep(1); /* minimum sleep to prevent looping
462                                 allowing socket to clear and app threads to set
463                                 tcpStatus CifsNeedReconnect if server hung */
464                         if (pdu_length < 4) {
465                                 iov.iov_base = (4 - pdu_length) +
466                                                         (char *)smb_buffer;
467                                 iov.iov_len = pdu_length;
468                                 smb_msg.msg_control = NULL;
469                                 smb_msg.msg_controllen = 0;
470                                 goto incomplete_rcv;
471                         } else
472                                 continue;
473                 } else if (length <= 0) {
474                         cFYI(1, "Reconnect after unexpected peek error %d",
475                                 length);
476                         cifs_reconnect(server);
477                         csocket = server->ssocket;
478                         wake_up(&server->response_q);
479                         continue;
480                 } else if (length < pdu_length) {
481                         cFYI(1, "requested %d bytes but only got %d bytes",
482                                   pdu_length, length);
483                         pdu_length -= length;
484                         msleep(1);
485                         goto incomplete_rcv;
486                 }
487
488                 /* The right amount was read from socket - 4 bytes */
489                 /* so we can now interpret the length field */
490
491                 /* the first byte big endian of the length field,
492                 is actually not part of the length but the type
493                 with the most common, zero, as regular data */
494                 temp = *((char *) smb_buffer);
495
496                 /* Note that FC 1001 length is big endian on the wire,
497                 but we convert it here so it is always manipulated
498                 as host byte order */
499                 pdu_length = be32_to_cpu(smb_buffer->smb_buf_length);
500
501                 cFYI(1, "rfc1002 length 0x%x", pdu_length+4);
502
503                 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
504                         continue;
505                 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
506                         cFYI(1, "Good RFC 1002 session rsp");
507                         continue;
508                 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
509                         /* we get this from Windows 98 instead of
510                            an error on SMB negprot response */
511                         cFYI(1, "Negative RFC1002 Session Response Error 0x%x)",
512                                 pdu_length);
513                         /* give server a second to clean up  */
514                         msleep(1000);
515                         /* always try 445 first on reconnect since we get NACK
516                          * on some if we ever connected to port 139 (the NACK
517                          * is since we do not begin with RFC1001 session
518                          * initialize frame)
519                          */
520                         cifs_set_port((struct sockaddr *)
521                                         &server->dstaddr, CIFS_PORT);
522                         cifs_reconnect(server);
523                         csocket = server->ssocket;
524                         wake_up(&server->response_q);
525                         continue;
526                 } else if (temp != (char) 0) {
527                         cERROR(1, "Unknown RFC 1002 frame");
528                         cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
529                                       length);
530                         cifs_reconnect(server);
531                         csocket = server->ssocket;
532                         continue;
533                 }
534
535                 /* else we have an SMB response */
536                 if ((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
537                             (pdu_length < sizeof(struct smb_hdr) - 1 - 4)) {
538                         cERROR(1, "Invalid size SMB length %d pdu_length %d",
539                                         length, pdu_length+4);
540                         cifs_reconnect(server);
541                         csocket = server->ssocket;
542                         wake_up(&server->response_q);
543                         continue;
544                 }
545
546                 /* else length ok */
547                 reconnect = 0;
548
549                 if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
550                         isLargeBuf = true;
551                         memcpy(bigbuf, smallbuf, 4);
552                         smb_buffer = bigbuf;
553                 }
554                 length = 0;
555                 iov.iov_base = 4 + (char *)smb_buffer;
556                 iov.iov_len = pdu_length;
557                 for (total_read = 0; total_read < pdu_length;
558                      total_read += length) {
559                         length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
560                                                 pdu_length - total_read, 0);
561                         if (server->tcpStatus == CifsExiting) {
562                                 /* then will exit */
563                                 reconnect = 2;
564                                 break;
565                         } else if (server->tcpStatus == CifsNeedReconnect) {
566                                 cifs_reconnect(server);
567                                 csocket = server->ssocket;
568                                 /* Reconnect wakes up rspns q */
569                                 /* Now we will reread sock */
570                                 reconnect = 1;
571                                 break;
572                         } else if (length == -ERESTARTSYS ||
573                                    length == -EAGAIN ||
574                                    length == -EINTR) {
575                                 msleep(1); /* minimum sleep to prevent looping,
576                                               allowing socket to clear and app
577                                               threads to set tcpStatus
578                                               CifsNeedReconnect if server hung*/
579                                 length = 0;
580                                 continue;
581                         } else if (length <= 0) {
582                                 cERROR(1, "Received no data, expecting %d",
583                                               pdu_length - total_read);
584                                 cifs_reconnect(server);
585                                 csocket = server->ssocket;
586                                 reconnect = 1;
587                                 break;
588                         }
589                 }
590                 if (reconnect == 2)
591                         break;
592                 else if (reconnect == 1)
593                         continue;
594
595                 total_read += 4; /* account for rfc1002 hdr */
596
597                 dump_smb(smb_buffer, total_read);
598
599                 /*
600                  * We know that we received enough to get to the MID as we
601                  * checked the pdu_length earlier. Now check to see
602                  * if the rest of the header is OK. We borrow the length
603                  * var for the rest of the loop to avoid a new stack var.
604                  *
605                  * 48 bytes is enough to display the header and a little bit
606                  * into the payload for debugging purposes.
607                  */
608                 length = checkSMB(smb_buffer, smb_buffer->Mid, total_read);
609                 if (length != 0)
610                         cifs_dump_mem("Bad SMB: ", smb_buffer,
611                                         min_t(unsigned int, total_read, 48));
612
613                 mid_entry = NULL;
614                 server->lstrp = jiffies;
615
616                 spin_lock(&GlobalMid_Lock);
617                 list_for_each_safe(tmp, tmp2, &server->pending_mid_q) {
618                         mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
619
620                         if (mid_entry->mid != smb_buffer->Mid ||
621                             mid_entry->midState != MID_REQUEST_SUBMITTED ||
622                             mid_entry->command != smb_buffer->Command) {
623                                 mid_entry = NULL;
624                                 continue;
625                         }
626
627                         if (length == 0 &&
628                             check2ndT2(smb_buffer, server->maxBuf) > 0) {
629                                 /* We have a multipart transact2 resp */
630                                 isMultiRsp = true;
631                                 if (mid_entry->resp_buf) {
632                                         /* merge response - fix up 1st*/
633                                         length = coalesce_t2(smb_buffer,
634                                                         mid_entry->resp_buf);
635                                         if (length > 0) {
636                                                 length = 0;
637                                                 mid_entry->multiRsp = true;
638                                                 break;
639                                         } else {
640                                                 /* all parts received or
641                                                  * packet is malformed
642                                                  */
643                                                 mid_entry->multiEnd = true;
644                                                 goto multi_t2_fnd;
645                                         }
646                                 } else {
647                                         if (!isLargeBuf) {
648                                                 /*
649                                                  * FIXME: switch to already
650                                                  *        allocated largebuf?
651                                                  */
652                                                 cERROR(1, "1st trans2 resp "
653                                                           "needs bigbuf");
654                                         } else {
655                                                 /* Have first buffer */
656                                                 mid_entry->resp_buf =
657                                                          smb_buffer;
658                                                 mid_entry->largeBuf = true;
659                                                 bigbuf = NULL;
660                                         }
661                                 }
662                                 break;
663                         }
664                         mid_entry->resp_buf = smb_buffer;
665                         mid_entry->largeBuf = isLargeBuf;
666 multi_t2_fnd:
667                         if (length == 0)
668                                 mid_entry->midState = MID_RESPONSE_RECEIVED;
669                         else
670                                 mid_entry->midState = MID_RESPONSE_MALFORMED;
671 #ifdef CONFIG_CIFS_STATS2
672                         mid_entry->when_received = jiffies;
673 #endif
674                         list_del_init(&mid_entry->qhead);
675                         mid_entry->callback(mid_entry);
676                         break;
677                 }
678                 spin_unlock(&GlobalMid_Lock);
679
680                 if (mid_entry != NULL) {
681                         /* Was previous buf put in mpx struct for multi-rsp? */
682                         if (!isMultiRsp) {
683                                 /* smb buffer will be freed by user thread */
684                                 if (isLargeBuf)
685                                         bigbuf = NULL;
686                                 else
687                                         smallbuf = NULL;
688                         }
689                 } else if (length != 0) {
690                         /* response sanity checks failed */
691                         continue;
692                 } else if (!is_valid_oplock_break(smb_buffer, server) &&
693                            !isMultiRsp) {
694                         cERROR(1, "No task to wake, unknown frame received! "
695                                    "NumMids %d", atomic_read(&midCount));
696                         cifs_dump_mem("Received Data is: ", (char *)smb_buffer,
697                                       sizeof(struct smb_hdr));
698 #ifdef CONFIG_CIFS_DEBUG2
699                         cifs_dump_detail(smb_buffer);
700                         cifs_dump_mids(server);
701 #endif /* CIFS_DEBUG2 */
702
703                 }
704         } /* end while !EXITING */
705
706         /* take it off the list, if it's not already */
707         spin_lock(&cifs_tcp_ses_lock);
708         list_del_init(&server->tcp_ses_list);
709         spin_unlock(&cifs_tcp_ses_lock);
710
711         spin_lock(&GlobalMid_Lock);
712         server->tcpStatus = CifsExiting;
713         spin_unlock(&GlobalMid_Lock);
714         wake_up_all(&server->response_q);
715
716         /* check if we have blocked requests that need to free */
717         /* Note that cifs_max_pending is normally 50, but
718         can be set at module install time to as little as two */
719         spin_lock(&GlobalMid_Lock);
720         if (atomic_read(&server->inFlight) >= cifs_max_pending)
721                 atomic_set(&server->inFlight, cifs_max_pending - 1);
722         /* We do not want to set the max_pending too low or we
723         could end up with the counter going negative */
724         spin_unlock(&GlobalMid_Lock);
725         /* Although there should not be any requests blocked on
726         this queue it can not hurt to be paranoid and try to wake up requests
727         that may haven been blocked when more than 50 at time were on the wire
728         to the same server - they now will see the session is in exit state
729         and get out of SendReceive.  */
730         wake_up_all(&server->request_q);
731         /* give those requests time to exit */
732         msleep(125);
733
734         if (server->ssocket) {
735                 sock_release(csocket);
736                 server->ssocket = NULL;
737         }
738         /* buffer usually freed in free_mid - need to free it here on exit */
739         cifs_buf_release(bigbuf);
740         if (smallbuf) /* no sense logging a debug message if NULL */
741                 cifs_small_buf_release(smallbuf);
742
743         if (!list_empty(&server->pending_mid_q)) {
744                 spin_lock(&GlobalMid_Lock);
745                 list_for_each_safe(tmp, tmp2, &server->pending_mid_q) {
746                         mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
747                         cFYI(1, "Clearing Mid 0x%x - issuing callback",
748                                          mid_entry->mid);
749                         list_del_init(&mid_entry->qhead);
750                         mid_entry->callback(mid_entry);
751                 }
752                 spin_unlock(&GlobalMid_Lock);
753                 /* 1/8th of sec is more than enough time for them to exit */
754                 msleep(125);
755         }
756
757         if (!list_empty(&server->pending_mid_q)) {
758                 /* mpx threads have not exited yet give them
759                 at least the smb send timeout time for long ops */
760                 /* due to delays on oplock break requests, we need
761                 to wait at least 45 seconds before giving up
762                 on a request getting a response and going ahead
763                 and killing cifsd */
764                 cFYI(1, "Wait for exit from demultiplex thread");
765                 msleep(46000);
766                 /* if threads still have not exited they are probably never
767                 coming home not much else we can do but free the memory */
768         }
769
770         kfree(server->hostname);
771         task_to_wake = xchg(&server->tsk, NULL);
772         kfree(server);
773
774         length = atomic_dec_return(&tcpSesAllocCount);
775         if (length  > 0)
776                 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
777                                 GFP_KERNEL);
778
779         /* if server->tsk was NULL then wait for a signal before exiting */
780         if (!task_to_wake) {
781                 set_current_state(TASK_INTERRUPTIBLE);
782                 while (!signal_pending(current)) {
783                         schedule();
784                         set_current_state(TASK_INTERRUPTIBLE);
785                 }
786                 set_current_state(TASK_RUNNING);
787         }
788
789         module_put_and_exit(0);
790 }
791
792 /* extract the host portion of the UNC string */
793 static char *
794 extract_hostname(const char *unc)
795 {
796         const char *src;
797         char *dst, *delim;
798         unsigned int len;
799
800         /* skip double chars at beginning of string */
801         /* BB: check validity of these bytes? */
802         src = unc + 2;
803
804         /* delimiter between hostname and sharename is always '\\' now */
805         delim = strchr(src, '\\');
806         if (!delim)
807                 return ERR_PTR(-EINVAL);
808
809         len = delim - src;
810         dst = kmalloc((len + 1), GFP_KERNEL);
811         if (dst == NULL)
812                 return ERR_PTR(-ENOMEM);
813
814         memcpy(dst, src, len);
815         dst[len] = '\0';
816
817         return dst;
818 }
819
820 static int
821 cifs_parse_mount_options(const char *mountdata, const char *devname,
822                          struct smb_vol *vol)
823 {
824         char *value, *data, *end;
825         char *mountdata_copy, *options;
826         unsigned int  temp_len, i, j;
827         char separator[2];
828         short int override_uid = -1;
829         short int override_gid = -1;
830         bool uid_specified = false;
831         bool gid_specified = false;
832         char *nodename = utsname()->nodename;
833
834         separator[0] = ',';
835         separator[1] = 0;
836
837         /*
838          * does not have to be perfect mapping since field is
839          * informational, only used for servers that do not support
840          * port 445 and it can be overridden at mount time
841          */
842         memset(vol->source_rfc1001_name, 0x20, RFC1001_NAME_LEN);
843         for (i = 0; i < strnlen(nodename, RFC1001_NAME_LEN); i++)
844                 vol->source_rfc1001_name[i] = toupper(nodename[i]);
845
846         vol->source_rfc1001_name[RFC1001_NAME_LEN] = 0;
847         /* null target name indicates to use *SMBSERVR default called name
848            if we end up sending RFC1001 session initialize */
849         vol->target_rfc1001_name[0] = 0;
850         vol->cred_uid = current_uid();
851         vol->linux_uid = current_uid();
852         vol->linux_gid = current_gid();
853
854         /* default to only allowing write access to owner of the mount */
855         vol->dir_mode = vol->file_mode = S_IRUGO | S_IXUGO | S_IWUSR;
856
857         /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
858         /* default is always to request posix paths. */
859         vol->posix_paths = 1;
860         /* default to using server inode numbers where available */
861         vol->server_ino = 1;
862
863         vol->actimeo = CIFS_DEF_ACTIMEO;
864
865         if (!mountdata)
866                 goto cifs_parse_mount_err;
867
868         mountdata_copy = kstrndup(mountdata, PAGE_SIZE, GFP_KERNEL);
869         if (!mountdata_copy)
870                 goto cifs_parse_mount_err;
871
872         options = mountdata_copy;
873         end = options + strlen(options);
874         if (strncmp(options, "sep=", 4) == 0) {
875                 if (options[4] != 0) {
876                         separator[0] = options[4];
877                         options += 5;
878                 } else {
879                         cFYI(1, "Null separator not allowed");
880                 }
881         }
882
883         while ((data = strsep(&options, separator)) != NULL) {
884                 if (!*data)
885                         continue;
886                 if ((value = strchr(data, '=')) != NULL)
887                         *value++ = '\0';
888
889                 /* Have to parse this before we parse for "user" */
890                 if (strnicmp(data, "user_xattr", 10) == 0) {
891                         vol->no_xattr = 0;
892                 } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
893                         vol->no_xattr = 1;
894                 } else if (strnicmp(data, "user", 4) == 0) {
895                         if (!value) {
896                                 printk(KERN_WARNING
897                                        "CIFS: invalid or missing username\n");
898                                 goto cifs_parse_mount_err;
899                         } else if (!*value) {
900                                 /* null user, ie anonymous, authentication */
901                                 vol->nullauth = 1;
902                         }
903                         if (strnlen(value, MAX_USERNAME_SIZE) <
904                                                 MAX_USERNAME_SIZE) {
905                                 vol->username = kstrdup(value, GFP_KERNEL);
906                                 if (!vol->username) {
907                                         printk(KERN_WARNING "CIFS: no memory "
908                                                             "for username\n");
909                                         goto cifs_parse_mount_err;
910                                 }
911                         } else {
912                                 printk(KERN_WARNING "CIFS: username too long\n");
913                                 goto cifs_parse_mount_err;
914                         }
915                 } else if (strnicmp(data, "pass", 4) == 0) {
916                         if (!value) {
917                                 vol->password = NULL;
918                                 continue;
919                         } else if (value[0] == 0) {
920                                 /* check if string begins with double comma
921                                    since that would mean the password really
922                                    does start with a comma, and would not
923                                    indicate an empty string */
924                                 if (value[1] != separator[0]) {
925                                         vol->password = NULL;
926                                         continue;
927                                 }
928                         }
929                         temp_len = strlen(value);
930                         /* removed password length check, NTLM passwords
931                                 can be arbitrarily long */
932
933                         /* if comma in password, the string will be
934                         prematurely null terminated.  Commas in password are
935                         specified across the cifs mount interface by a double
936                         comma ie ,, and a comma used as in other cases ie ','
937                         as a parameter delimiter/separator is single and due
938                         to the strsep above is temporarily zeroed. */
939
940                         /* NB: password legally can have multiple commas and
941                         the only illegal character in a password is null */
942
943                         if ((value[temp_len] == 0) &&
944                             (value + temp_len < end) &&
945                             (value[temp_len+1] == separator[0])) {
946                                 /* reinsert comma */
947                                 value[temp_len] = separator[0];
948                                 temp_len += 2;  /* move after second comma */
949                                 while (value[temp_len] != 0)  {
950                                         if (value[temp_len] == separator[0]) {
951                                                 if (value[temp_len+1] ==
952                                                      separator[0]) {
953                                                 /* skip second comma */
954                                                         temp_len++;
955                                                 } else {
956                                                 /* single comma indicating start
957                                                          of next parm */
958                                                         break;
959                                                 }
960                                         }
961                                         temp_len++;
962                                 }
963                                 if (value[temp_len] == 0) {
964                                         options = NULL;
965                                 } else {
966                                         value[temp_len] = 0;
967                                         /* point option to start of next parm */
968                                         options = value + temp_len + 1;
969                                 }
970                                 /* go from value to value + temp_len condensing
971                                 double commas to singles. Note that this ends up
972                                 allocating a few bytes too many, which is ok */
973                                 vol->password = kzalloc(temp_len, GFP_KERNEL);
974                                 if (vol->password == NULL) {
975                                         printk(KERN_WARNING "CIFS: no memory "
976                                                             "for password\n");
977                                         goto cifs_parse_mount_err;
978                                 }
979                                 for (i = 0, j = 0; i < temp_len; i++, j++) {
980                                         vol->password[j] = value[i];
981                                         if (value[i] == separator[0]
982                                                 && value[i+1] == separator[0]) {
983                                                 /* skip second comma */
984                                                 i++;
985                                         }
986                                 }
987                                 vol->password[j] = 0;
988                         } else {
989                                 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
990                                 if (vol->password == NULL) {
991                                         printk(KERN_WARNING "CIFS: no memory "
992                                                             "for password\n");
993                                         goto cifs_parse_mount_err;
994                                 }
995                                 strcpy(vol->password, value);
996                         }
997                 } else if (!strnicmp(data, "ip", 2) ||
998                            !strnicmp(data, "addr", 4)) {
999                         if (!value || !*value) {
1000                                 vol->UNCip = NULL;
1001                         } else if (strnlen(value, INET6_ADDRSTRLEN) <
1002                                                         INET6_ADDRSTRLEN) {
1003                                 vol->UNCip = kstrdup(value, GFP_KERNEL);
1004                                 if (!vol->UNCip) {
1005                                         printk(KERN_WARNING "CIFS: no memory "
1006                                                             "for UNC IP\n");
1007                                         goto cifs_parse_mount_err;
1008                                 }
1009                         } else {
1010                                 printk(KERN_WARNING "CIFS: ip address "
1011                                                     "too long\n");
1012                                 goto cifs_parse_mount_err;
1013                         }
1014                 } else if (strnicmp(data, "sec", 3) == 0) {
1015                         if (!value || !*value) {
1016                                 cERROR(1, "no security value specified");
1017                                 continue;
1018                         } else if (strnicmp(value, "krb5i", 5) == 0) {
1019                                 vol->secFlg |= CIFSSEC_MAY_KRB5 |
1020                                         CIFSSEC_MUST_SIGN;
1021                         } else if (strnicmp(value, "krb5p", 5) == 0) {
1022                                 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
1023                                         CIFSSEC_MAY_KRB5; */
1024                                 cERROR(1, "Krb5 cifs privacy not supported");
1025                                 goto cifs_parse_mount_err;
1026                         } else if (strnicmp(value, "krb5", 4) == 0) {
1027                                 vol->secFlg |= CIFSSEC_MAY_KRB5;
1028                         } else if (strnicmp(value, "ntlmsspi", 8) == 0) {
1029                                 vol->secFlg |= CIFSSEC_MAY_NTLMSSP |
1030                                         CIFSSEC_MUST_SIGN;
1031                         } else if (strnicmp(value, "ntlmssp", 7) == 0) {
1032                                 vol->secFlg |= CIFSSEC_MAY_NTLMSSP;
1033                         } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
1034                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
1035                                         CIFSSEC_MUST_SIGN;
1036                         } else if (strnicmp(value, "ntlmv2", 6) == 0) {
1037                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
1038                         } else if (strnicmp(value, "ntlmi", 5) == 0) {
1039                                 vol->secFlg |= CIFSSEC_MAY_NTLM |
1040                                         CIFSSEC_MUST_SIGN;
1041                         } else if (strnicmp(value, "ntlm", 4) == 0) {
1042                                 /* ntlm is default so can be turned off too */
1043                                 vol->secFlg |= CIFSSEC_MAY_NTLM;
1044                         } else if (strnicmp(value, "nontlm", 6) == 0) {
1045                                 /* BB is there a better way to do this? */
1046                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
1047 #ifdef CONFIG_CIFS_WEAK_PW_HASH
1048                         } else if (strnicmp(value, "lanman", 6) == 0) {
1049                                 vol->secFlg |= CIFSSEC_MAY_LANMAN;
1050 #endif
1051                         } else if (strnicmp(value, "none", 4) == 0) {
1052                                 vol->nullauth = 1;
1053                         } else {
1054                                 cERROR(1, "bad security option: %s", value);
1055                                 goto cifs_parse_mount_err;
1056                         }
1057                 } else if (strnicmp(data, "vers", 3) == 0) {
1058                         if (!value || !*value) {
1059                                 cERROR(1, "no protocol version specified"
1060                                           " after vers= mount option");
1061                         } else if ((strnicmp(value, "cifs", 4) == 0) ||
1062                                    (strnicmp(value, "1", 1) == 0)) {
1063                                 /* this is the default */
1064                                 continue;
1065                         } else if ((strnicmp(value, "smb2", 4) == 0) ||
1066                                    (strnicmp(value, "2", 1) == 0)) {
1067 #ifdef CONFIG_CIFS_SMB2
1068                                 vol->use_smb2 = true;
1069 #else
1070                                 cERROR(1, "smb2 support not enabled");
1071 #endif /* CONFIG_CIFS_SMB2 */
1072                         }
1073                 } else if ((strnicmp(data, "unc", 3) == 0)
1074                            || (strnicmp(data, "target", 6) == 0)
1075                            || (strnicmp(data, "path", 4) == 0)) {
1076                         if (!value || !*value) {
1077                                 printk(KERN_WARNING "CIFS: invalid path to "
1078                                                     "network resource\n");
1079                                 goto cifs_parse_mount_err;
1080                         }
1081                         if ((temp_len = strnlen(value, 300)) < 300) {
1082                                 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1083                                 if (vol->UNC == NULL)
1084                                         goto cifs_parse_mount_err;
1085                                 strcpy(vol->UNC, value);
1086                                 if (strncmp(vol->UNC, "//", 2) == 0) {
1087                                         vol->UNC[0] = '\\';
1088                                         vol->UNC[1] = '\\';
1089                                 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1090                                         printk(KERN_WARNING
1091                                                "CIFS: UNC Path does not begin "
1092                                                "with // or \\\\ \n");
1093                                         goto cifs_parse_mount_err;
1094                                 }
1095                         } else {
1096                                 printk(KERN_WARNING "CIFS: UNC name too long\n");
1097                                 goto cifs_parse_mount_err;
1098                         }
1099                 } else if ((strnicmp(data, "domain", 3) == 0)
1100                            || (strnicmp(data, "workgroup", 5) == 0)) {
1101                         if (!value || !*value) {
1102                                 printk(KERN_WARNING "CIFS: invalid domain name\n");
1103                                 goto cifs_parse_mount_err;
1104                         }
1105                         /* BB are there cases in which a comma can be valid in
1106                         a domain name and need special handling? */
1107                         if (strnlen(value, 256) < 256) {
1108                                 vol->domainname = kstrdup(value, GFP_KERNEL);
1109                                 if (!vol->domainname) {
1110                                         printk(KERN_WARNING "CIFS: no memory "
1111                                                             "for domainname\n");
1112                                         goto cifs_parse_mount_err;
1113                                 }
1114                                 cFYI(1, "Domain name set");
1115                         } else {
1116                                 printk(KERN_WARNING "CIFS: domain name too "
1117                                                     "long\n");
1118                                 goto cifs_parse_mount_err;
1119                         }
1120                 } else if (strnicmp(data, "srcaddr", 7) == 0) {
1121                         vol->srcaddr.ss_family = AF_UNSPEC;
1122
1123                         if (!value || !*value) {
1124                                 printk(KERN_WARNING "CIFS: srcaddr value"
1125                                        " not specified.\n");
1126                                 goto cifs_parse_mount_err;
1127                         }
1128                         i = cifs_convert_address((struct sockaddr *)&vol->srcaddr,
1129                                                  value, strlen(value));
1130                         if (i == 0) {
1131                                 printk(KERN_WARNING "CIFS:  Could not parse"
1132                                        " srcaddr: %s\n",
1133                                        value);
1134                                 goto cifs_parse_mount_err;
1135                         }
1136                 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1137                         if (!value || !*value) {
1138                                 printk(KERN_WARNING
1139                                         "CIFS: invalid path prefix\n");
1140                                 goto cifs_parse_mount_err;
1141                         }
1142                         if ((temp_len = strnlen(value, 1024)) < 1024) {
1143                                 if (value[0] != '/')
1144                                         temp_len++;  /* missing leading slash */
1145                                 vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1146                                 if (vol->prepath == NULL)
1147                                         goto cifs_parse_mount_err;
1148                                 if (value[0] != '/') {
1149                                         vol->prepath[0] = '/';
1150                                         strcpy(vol->prepath+1, value);
1151                                 } else
1152                                         strcpy(vol->prepath, value);
1153                                 cFYI(1, "prefix path %s", vol->prepath);
1154                         } else {
1155                                 printk(KERN_WARNING "CIFS: prefix too long\n");
1156                                 goto cifs_parse_mount_err;
1157                         }
1158                 } else if (strnicmp(data, "iocharset", 9) == 0) {
1159                         if (!value || !*value) {
1160                                 printk(KERN_WARNING "CIFS: invalid iocharset "
1161                                                     "specified\n");
1162                                 goto cifs_parse_mount_err;
1163                         }
1164                         if (strnlen(value, 65) < 65) {
1165                                 if (strnicmp(value, "default", 7)) {
1166                                         vol->iocharset = kstrdup(value,
1167                                                                  GFP_KERNEL);
1168
1169                                         if (!vol->iocharset) {
1170                                                 printk(KERN_WARNING "CIFS: no "
1171                                                                    "memory for"
1172                                                                    "charset\n");
1173                                                 goto cifs_parse_mount_err;
1174                                         }
1175                                 }
1176                                 /* if iocharset not set then load_nls_default
1177                                    is used by caller */
1178                                 cFYI(1, "iocharset set to %s", value);
1179                         } else {
1180                                 printk(KERN_WARNING "CIFS: iocharset name "
1181                                                     "too long.\n");
1182                                 goto cifs_parse_mount_err;
1183                         }
1184                 } else if (!strnicmp(data, "uid", 3) && value && *value) {
1185                         vol->linux_uid = simple_strtoul(value, &value, 0);
1186                         uid_specified = true;
1187                 } else if (!strnicmp(data, "cruid", 5) && value && *value) {
1188                         vol->cred_uid = simple_strtoul(value, &value, 0);
1189                 } else if (!strnicmp(data, "forceuid", 8)) {
1190                         override_uid = 1;
1191                 } else if (!strnicmp(data, "noforceuid", 10)) {
1192                         override_uid = 0;
1193                 } else if (!strnicmp(data, "gid", 3) && value && *value) {
1194                         vol->linux_gid = simple_strtoul(value, &value, 0);
1195                         gid_specified = true;
1196                 } else if (!strnicmp(data, "forcegid", 8)) {
1197                         override_gid = 1;
1198                 } else if (!strnicmp(data, "noforcegid", 10)) {
1199                         override_gid = 0;
1200                 } else if (strnicmp(data, "file_mode", 4) == 0) {
1201                         if (value && *value) {
1202                                 vol->file_mode =
1203                                         simple_strtoul(value, &value, 0);
1204                         }
1205                 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1206                         if (value && *value) {
1207                                 vol->dir_mode =
1208                                         simple_strtoul(value, &value, 0);
1209                         }
1210                 } else if (strnicmp(data, "dirmode", 4) == 0) {
1211                         if (value && *value) {
1212                                 vol->dir_mode =
1213                                         simple_strtoul(value, &value, 0);
1214                         }
1215                 } else if (strnicmp(data, "port", 4) == 0) {
1216                         if (value && *value) {
1217                                 vol->port =
1218                                         simple_strtoul(value, &value, 0);
1219                         }
1220                 } else if (strnicmp(data, "rsize", 5) == 0) {
1221                         if (value && *value) {
1222                                 vol->rsize =
1223                                         simple_strtoul(value, &value, 0);
1224                         }
1225                 } else if (strnicmp(data, "wsize", 5) == 0) {
1226                         if (value && *value) {
1227                                 vol->wsize =
1228                                         simple_strtoul(value, &value, 0);
1229                         }
1230                 } else if (strnicmp(data, "sockopt", 5) == 0) {
1231                         if (!value || !*value) {
1232                                 cERROR(1, "no socket option specified");
1233                                 continue;
1234                         } else if (strnicmp(value, "TCP_NODELAY", 11) == 0) {
1235                                 vol->sockopt_tcp_nodelay = 1;
1236                         }
1237                 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1238                         if (!value || !*value || (*value == ' ')) {
1239                                 cFYI(1, "invalid (empty) netbiosname");
1240                         } else {
1241                                 memset(vol->source_rfc1001_name, 0x20,
1242                                         RFC1001_NAME_LEN);
1243                                 /*
1244                                  * FIXME: are there cases in which a comma can
1245                                  * be valid in workstation netbios name (and
1246                                  * need special handling)?
1247                                  */
1248                                 for (i = 0; i < RFC1001_NAME_LEN; i++) {
1249                                         /* don't ucase netbiosname for user */
1250                                         if (value[i] == 0)
1251                                                 break;
1252                                         vol->source_rfc1001_name[i] = value[i];
1253                                 }
1254                                 /* The string has 16th byte zero still from
1255                                 set at top of the function  */
1256                                 if (i == RFC1001_NAME_LEN && value[i] != 0)
1257                                         printk(KERN_WARNING "CIFS: netbiosname"
1258                                                 " longer than 15 truncated.\n");
1259                         }
1260                 } else if (strnicmp(data, "servern", 7) == 0) {
1261                         /* servernetbiosname specified override *SMBSERVER */
1262                         if (!value || !*value || (*value == ' ')) {
1263                                 cFYI(1, "empty server netbiosname specified");
1264                         } else {
1265                                 /* last byte, type, is 0x20 for servr type */
1266                                 memset(vol->target_rfc1001_name, 0x20,
1267                                         RFC1001_NAME_LEN_WITH_NULL);
1268
1269                                 for (i = 0; i < 15; i++) {
1270                                 /* BB are there cases in which a comma can be
1271                                    valid in this workstation netbios name
1272                                    (and need special handling)? */
1273
1274                                 /* user or mount helper must uppercase
1275                                    the netbiosname */
1276                                         if (value[i] == 0)
1277                                                 break;
1278                                         else
1279                                                 vol->target_rfc1001_name[i] =
1280                                                                 value[i];
1281                                 }
1282                                 /* The string has 16th byte zero still from
1283                                    set at top of the function  */
1284                                 if (i == RFC1001_NAME_LEN && value[i] != 0)
1285                                         printk(KERN_WARNING "CIFS: server net"
1286                                         "biosname longer than 15 truncated.\n");
1287                         }
1288                 } else if (strnicmp(data, "actimeo", 7) == 0) {
1289                         if (value && *value) {
1290                                 vol->actimeo = HZ * simple_strtoul(value,
1291                                                                    &value, 0);
1292                                 if (vol->actimeo > CIFS_MAX_ACTIMEO) {
1293                                         cERROR(1, "CIFS: attribute cache"
1294                                                         "timeout too large");
1295                                         goto cifs_parse_mount_err;
1296                                 }
1297                         }
1298                 } else if (strnicmp(data, "credentials", 4) == 0) {
1299                         /* ignore */
1300                 } else if (strnicmp(data, "version", 3) == 0) {
1301                         /* ignore */
1302                 } else if (strnicmp(data, "guest", 5) == 0) {
1303                         /* ignore */
1304                 } else if (strnicmp(data, "rw", 2) == 0) {
1305                         /* ignore */
1306                 } else if (strnicmp(data, "ro", 2) == 0) {
1307                         /* ignore */
1308                 } else if (strnicmp(data, "noblocksend", 11) == 0) {
1309                         vol->noblocksnd = 1;
1310                 } else if (strnicmp(data, "noautotune", 10) == 0) {
1311                         vol->noautotune = 1;
1312                 } else if ((strnicmp(data, "suid", 4) == 0) ||
1313                                    (strnicmp(data, "nosuid", 6) == 0) ||
1314                                    (strnicmp(data, "exec", 4) == 0) ||
1315                                    (strnicmp(data, "noexec", 6) == 0) ||
1316                                    (strnicmp(data, "nodev", 5) == 0) ||
1317                                    (strnicmp(data, "noauto", 6) == 0) ||
1318                                    (strnicmp(data, "dev", 3) == 0)) {
1319                         /*  The mount tool or mount.cifs helper (if present)
1320                             uses these opts to set flags, and the flags are read
1321                             by the kernel vfs layer before we get here (ie
1322                             before read super) so there is no point trying to
1323                             parse these options again and set anything and it
1324                             is ok to just ignore them */
1325                         continue;
1326                 } else if (strnicmp(data, "hard", 4) == 0) {
1327                         vol->retry = 1;
1328                 } else if (strnicmp(data, "soft", 4) == 0) {
1329                         vol->retry = 0;
1330                 } else if (strnicmp(data, "perm", 4) == 0) {
1331                         vol->noperm = 0;
1332                 } else if (strnicmp(data, "noperm", 6) == 0) {
1333                         vol->noperm = 1;
1334                 } else if (strnicmp(data, "mapchars", 8) == 0) {
1335                         vol->remap = 1;
1336                 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1337                         vol->remap = 0;
1338                 } else if (strnicmp(data, "sfu", 3) == 0) {
1339                         vol->sfu_emul = 1;
1340                 } else if (strnicmp(data, "nosfu", 5) == 0) {
1341                         vol->sfu_emul = 0;
1342                 } else if (strnicmp(data, "nodfs", 5) == 0) {
1343                         vol->nodfs = 1;
1344                 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1345                         vol->posix_paths = 1;
1346                 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1347                         vol->posix_paths = 0;
1348                 } else if (strnicmp(data, "nounix", 6) == 0) {
1349                         vol->no_linux_ext = 1;
1350                 } else if (strnicmp(data, "nolinux", 7) == 0) {
1351                         vol->no_linux_ext = 1;
1352                 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1353                            (strnicmp(data, "ignorecase", 10)  == 0)) {
1354                         vol->nocase = 1;
1355                 } else if (strnicmp(data, "mand", 4) == 0) {
1356                         /* ignore */
1357                 } else if (strnicmp(data, "nomand", 6) == 0) {
1358                         /* ignore */
1359                 } else if (strnicmp(data, "_netdev", 7) == 0) {
1360                         /* ignore */
1361                 } else if (strnicmp(data, "brl", 3) == 0) {
1362                         vol->nobrl =  0;
1363                 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1364                            (strnicmp(data, "nolock", 6) == 0)) {
1365                         vol->nobrl =  1;
1366                         /* turn off mandatory locking in mode
1367                         if remote locking is turned off since the
1368                         local vfs will do advisory */
1369                         if (vol->file_mode ==
1370                                 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1371                                 vol->file_mode = S_IALLUGO;
1372                 } else if (strnicmp(data, "forcemandatorylock", 9) == 0) {
1373                         /* will take the shorter form "forcemand" as well */
1374                         /* This mount option will force use of mandatory
1375                           (DOS/Windows style) byte range locks, instead of
1376                           using posix advisory byte range locks, even if the
1377                           Unix extensions are available and posix locks would
1378                           be supported otherwise. If Unix extensions are not
1379                           negotiated this has no effect since mandatory locks
1380                           would be used (mandatory locks is all that those
1381                           those servers support) */
1382                         vol->mand_lock = 1;
1383                 } else if (strnicmp(data, "setuids", 7) == 0) {
1384                         vol->setuids = 1;
1385                 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1386                         vol->setuids = 0;
1387                 } else if (strnicmp(data, "dynperm", 7) == 0) {
1388                         vol->dynperm = true;
1389                 } else if (strnicmp(data, "nodynperm", 9) == 0) {
1390                         vol->dynperm = false;
1391                 } else if (strnicmp(data, "nohard", 6) == 0) {
1392                         vol->retry = 0;
1393                 } else if (strnicmp(data, "nosoft", 6) == 0) {
1394                         vol->retry = 1;
1395                 } else if (strnicmp(data, "nointr", 6) == 0) {
1396                         vol->intr = 0;
1397                 } else if (strnicmp(data, "intr", 4) == 0) {
1398                         vol->intr = 1;
1399                 } else if (strnicmp(data, "nostrictsync", 12) == 0) {
1400                         vol->nostrictsync = 1;
1401                 } else if (strnicmp(data, "strictsync", 10) == 0) {
1402                         vol->nostrictsync = 0;
1403                 } else if (strnicmp(data, "serverino", 7) == 0) {
1404                         vol->server_ino = 1;
1405                 } else if (strnicmp(data, "noserverino", 9) == 0) {
1406                         vol->server_ino = 0;
1407                 } else if (strnicmp(data, "cifsacl", 7) == 0) {
1408                         vol->cifs_acl = 1;
1409                 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1410                         vol->cifs_acl = 0;
1411                 } else if (strnicmp(data, "acl", 3) == 0) {
1412                         vol->no_psx_acl = 0;
1413                 } else if (strnicmp(data, "noacl", 5) == 0) {
1414                         vol->no_psx_acl = 1;
1415                 } else if (strnicmp(data, "locallease", 6) == 0) {
1416                         vol->local_lease = 1;
1417                 } else if (strnicmp(data, "sign", 4) == 0) {
1418                         vol->secFlg |= CIFSSEC_MUST_SIGN;
1419                 } else if (strnicmp(data, "seal", 4) == 0) {
1420                         /* we do not do the following in secFlags because seal
1421                            is a per tree connection (mount) not a per socket
1422                            or per-smb connection option in the protocol */
1423                         /* vol->secFlg |= CIFSSEC_MUST_SEAL; */
1424                         vol->seal = 1;
1425                 } else if (strnicmp(data, "direct", 6) == 0) {
1426                         vol->direct_io = 1;
1427                 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1428                         vol->direct_io = 1;
1429                 } else if (strnicmp(data, "strictcache", 11) == 0) {
1430                         vol->strict_io = 1;
1431                 } else if (strnicmp(data, "noac", 4) == 0) {
1432                         printk(KERN_WARNING "CIFS: Mount option noac not "
1433                                 "supported. Instead set "
1434                                 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1435                 } else if (strnicmp(data, "fsc", 3) == 0) {
1436 #ifndef CONFIG_CIFS_FSCACHE
1437                         cERROR(1, "FS-Cache support needs CONFIG_CIFS_FSCACHE"
1438                                   "kernel config option set");
1439                         goto cifs_parse_mount_err;
1440 #endif
1441                         vol->fsc = true;
1442                 } else if (strnicmp(data, "mfsymlinks", 10) == 0) {
1443                         vol->mfsymlinks = true;
1444                 } else if (strnicmp(data, "multiuser", 8) == 0) {
1445                         vol->multiuser = true;
1446                 } else
1447                         printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1448                                                 data);
1449         }
1450         if (vol->UNC == NULL) {
1451                 if (devname == NULL) {
1452                         printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1453                                                 "target\n");
1454                         goto cifs_parse_mount_err;
1455                 }
1456                 if ((temp_len = strnlen(devname, 300)) < 300) {
1457                         vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1458                         if (vol->UNC == NULL)
1459                                 goto cifs_parse_mount_err;
1460                         strcpy(vol->UNC, devname);
1461                         if (strncmp(vol->UNC, "//", 2) == 0) {
1462                                 vol->UNC[0] = '\\';
1463                                 vol->UNC[1] = '\\';
1464                         } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1465                                 printk(KERN_WARNING "CIFS: UNC Path does not "
1466                                                     "begin with // or \\\\ \n");
1467                                 goto cifs_parse_mount_err;
1468                         }
1469                         value = strpbrk(vol->UNC+2, "/\\");
1470                         if (value)
1471                                 *value = '\\';
1472                 } else {
1473                         printk(KERN_WARNING "CIFS: UNC name too long\n");
1474                         goto cifs_parse_mount_err;
1475                 }
1476         }
1477
1478         if (vol->multiuser && !(vol->secFlg & CIFSSEC_MAY_KRB5)) {
1479                 cERROR(1, "Multiuser mounts currently require krb5 "
1480                           "authentication!");
1481                 goto cifs_parse_mount_err;
1482         }
1483
1484         if (vol->UNCip == NULL)
1485                 vol->UNCip = &vol->UNC[2];
1486
1487         if (uid_specified)
1488                 vol->override_uid = override_uid;
1489         else if (override_uid == 1)
1490                 printk(KERN_NOTICE "CIFS: ignoring forceuid mount option "
1491                                    "specified with no uid= option.\n");
1492
1493         if (gid_specified)
1494                 vol->override_gid = override_gid;
1495         else if (override_gid == 1)
1496                 printk(KERN_NOTICE "CIFS: ignoring forcegid mount option "
1497                                    "specified with no gid= option.\n");
1498
1499         kfree(mountdata_copy);
1500         return 0;
1501
1502 cifs_parse_mount_err:
1503         kfree(mountdata_copy);
1504         return 1;
1505 }
1506
1507 /** Returns true if srcaddr isn't specified and rhs isn't
1508  * specified, or if srcaddr is specified and
1509  * matches the IP address of the rhs argument.
1510  */
1511 static bool
1512 srcip_matches(struct sockaddr *srcaddr, struct sockaddr *rhs)
1513 {
1514         switch (srcaddr->sa_family) {
1515         case AF_UNSPEC:
1516                 return (rhs->sa_family == AF_UNSPEC);
1517         case AF_INET: {
1518                 struct sockaddr_in *saddr4 = (struct sockaddr_in *)srcaddr;
1519                 struct sockaddr_in *vaddr4 = (struct sockaddr_in *)rhs;
1520                 return (saddr4->sin_addr.s_addr == vaddr4->sin_addr.s_addr);
1521         }
1522         case AF_INET6: {
1523                 struct sockaddr_in6 *saddr6 = (struct sockaddr_in6 *)srcaddr;
1524                 struct sockaddr_in6 *vaddr6 = (struct sockaddr_in6 *)&rhs;
1525                 return ipv6_addr_equal(&saddr6->sin6_addr, &vaddr6->sin6_addr);
1526         }
1527         default:
1528                 WARN_ON(1);
1529                 return false; /* don't expect to be here */
1530         }
1531 }
1532
1533 /*
1534  * If no port is specified in addr structure, we try to match with 445 port
1535  * and if it fails - with 139 ports. It should be called only if address
1536  * families of server and addr are equal.
1537  */
1538 static bool
1539 match_port(struct TCP_Server_Info *server, struct sockaddr *addr)
1540 {
1541         __be16 port, *sport;
1542
1543         switch (addr->sa_family) {
1544         case AF_INET:
1545                 sport = &((struct sockaddr_in *) &server->dstaddr)->sin_port;
1546                 port = ((struct sockaddr_in *) addr)->sin_port;
1547                 break;
1548         case AF_INET6:
1549                 sport = &((struct sockaddr_in6 *) &server->dstaddr)->sin6_port;
1550                 port = ((struct sockaddr_in6 *) addr)->sin6_port;
1551                 break;
1552         default:
1553                 WARN_ON(1);
1554                 return false;
1555         }
1556
1557         if (!port) {
1558                 port = htons(CIFS_PORT);
1559                 if (port == *sport)
1560                         return true;
1561
1562                 port = htons(RFC1001_PORT);
1563         }
1564
1565         return port == *sport;
1566 }
1567
1568 static bool
1569 match_address(struct TCP_Server_Info *server, struct sockaddr *addr,
1570               struct sockaddr *srcaddr)
1571 {
1572         switch (addr->sa_family) {
1573         case AF_INET: {
1574                 struct sockaddr_in *addr4 = (struct sockaddr_in *)addr;
1575                 struct sockaddr_in *srv_addr4 =
1576                                         (struct sockaddr_in *)&server->dstaddr;
1577
1578                 if (addr4->sin_addr.s_addr != srv_addr4->sin_addr.s_addr)
1579                         return false;
1580                 break;
1581         }
1582         case AF_INET6: {
1583                 struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)addr;
1584                 struct sockaddr_in6 *srv_addr6 =
1585                                         (struct sockaddr_in6 *)&server->dstaddr;
1586
1587                 if (!ipv6_addr_equal(&addr6->sin6_addr,
1588                                      &srv_addr6->sin6_addr))
1589                         return false;
1590                 if (addr6->sin6_scope_id != srv_addr6->sin6_scope_id)
1591                         return false;
1592                 break;
1593         }
1594         default:
1595                 WARN_ON(1);
1596                 return false; /* don't expect to be here */
1597         }
1598
1599         if (!srcip_matches(srcaddr, (struct sockaddr *)&server->srcaddr))
1600                 return false;
1601
1602         return true;
1603 }
1604
1605 static bool
1606 match_security(struct TCP_Server_Info *server, struct smb_vol *vol)
1607 {
1608         unsigned int secFlags;
1609
1610         if (vol->secFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
1611                 secFlags = vol->secFlg;
1612         else
1613                 secFlags = global_secflags | vol->secFlg;
1614
1615         switch (server->secType) {
1616         case LANMAN:
1617                 if (!(secFlags & (CIFSSEC_MAY_LANMAN|CIFSSEC_MAY_PLNTXT)))
1618                         return false;
1619                 break;
1620         case NTLMv2:
1621                 if (!(secFlags & CIFSSEC_MAY_NTLMV2))
1622                         return false;
1623                 break;
1624         case NTLM:
1625                 if (!(secFlags & CIFSSEC_MAY_NTLM))
1626                         return false;
1627                 break;
1628         case Kerberos:
1629                 if (!(secFlags & CIFSSEC_MAY_KRB5))
1630                         return false;
1631                 break;
1632         case RawNTLMSSP:
1633                 if (!(secFlags & CIFSSEC_MAY_NTLMSSP))
1634                         return false;
1635                 break;
1636         default:
1637                 /* shouldn't happen */
1638                 return false;
1639         }
1640
1641         /* now check if signing mode is acceptable */
1642         if ((secFlags & CIFSSEC_MAY_SIGN) == 0 &&
1643             (server->secMode & SECMODE_SIGN_REQUIRED))
1644                         return false;
1645         else if (((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) &&
1646                  (server->secMode &
1647                   (SECMODE_SIGN_ENABLED|SECMODE_SIGN_REQUIRED)) == 0)
1648                         return false;
1649
1650         return true;
1651 }
1652
1653 static struct TCP_Server_Info *
1654 cifs_find_tcp_session(struct sockaddr *addr, struct smb_vol *vol)
1655 {
1656         struct TCP_Server_Info *server;
1657
1658         spin_lock(&cifs_tcp_ses_lock);
1659         list_for_each_entry(server, &cifs_tcp_ses_list, tcp_ses_list) {
1660                 if (!net_eq(cifs_net_ns(server), current->nsproxy->net_ns))
1661                         continue;
1662
1663                 if (!match_address(server, addr,
1664                                    (struct sockaddr *)&vol->srcaddr))
1665                         continue;
1666
1667                 if (!match_port(server, addr))
1668                         continue;
1669
1670                 if (!match_security(server, vol))
1671                         continue;
1672
1673                 ++server->srv_count;
1674                 spin_unlock(&cifs_tcp_ses_lock);
1675                 cFYI(1, "Existing tcp session with server found");
1676                 return server;
1677         }
1678         spin_unlock(&cifs_tcp_ses_lock);
1679         return NULL;
1680 }
1681
1682 static void
1683 cifs_put_tcp_session(struct TCP_Server_Info *server)
1684 {
1685         struct task_struct *task;
1686
1687         spin_lock(&cifs_tcp_ses_lock);
1688         if (--server->srv_count > 0) {
1689                 spin_unlock(&cifs_tcp_ses_lock);
1690                 return;
1691         }
1692
1693         put_net(cifs_net_ns(server));
1694
1695         list_del_init(&server->tcp_ses_list);
1696         spin_unlock(&cifs_tcp_ses_lock);
1697
1698         cancel_delayed_work_sync(&server->echo);
1699
1700         spin_lock(&GlobalMid_Lock);
1701         server->tcpStatus = CifsExiting;
1702         spin_unlock(&GlobalMid_Lock);
1703
1704         cifs_crypto_shash_release(server);
1705         cifs_fscache_release_client_cookie(server);
1706
1707         kfree(server->session_key.response);
1708         server->session_key.response = NULL;
1709         server->session_key.len = 0;
1710
1711         task = xchg(&server->tsk, NULL);
1712         if (task)
1713                 force_sig(SIGKILL, task);
1714 }
1715
1716 static struct TCP_Server_Info *
1717 cifs_get_tcp_session(struct smb_vol *volume_info)
1718 {
1719         struct TCP_Server_Info *tcp_ses = NULL;
1720         struct sockaddr_storage addr;
1721         struct sockaddr_in *sin_server = (struct sockaddr_in *) &addr;
1722         struct sockaddr_in6 *sin_server6 = (struct sockaddr_in6 *) &addr;
1723         int rc;
1724
1725         memset(&addr, 0, sizeof(struct sockaddr_storage));
1726
1727         cFYI(1, "UNC: %s ip: %s", volume_info->UNC, volume_info->UNCip);
1728
1729         if (volume_info->UNCip && volume_info->UNC) {
1730                 rc = cifs_fill_sockaddr((struct sockaddr *)&addr,
1731                                         volume_info->UNCip,
1732                                         strlen(volume_info->UNCip),
1733                                         volume_info->port);
1734                 if (!rc) {
1735                         /* we failed translating address */
1736                         rc = -EINVAL;
1737                         goto out_err;
1738                 }
1739         } else if (volume_info->UNCip) {
1740                 /* BB using ip addr as tcp_ses name to connect to the
1741                    DFS root below */
1742                 cERROR(1, "Connecting to DFS root not implemented yet");
1743                 rc = -EINVAL;
1744                 goto out_err;
1745         } else /* which tcp_sess DFS root would we conect to */ {
1746                 cERROR(1, "CIFS mount error: No UNC path (e.g. -o "
1747                         "unc=//192.168.1.100/public) specified");
1748                 rc = -EINVAL;
1749                 goto out_err;
1750         }
1751
1752         /* see if we already have a matching tcp_ses */
1753         tcp_ses = cifs_find_tcp_session((struct sockaddr *)&addr, volume_info);
1754         if (tcp_ses)
1755                 return tcp_ses;
1756
1757         tcp_ses = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL);
1758         if (!tcp_ses) {
1759                 rc = -ENOMEM;
1760                 goto out_err;
1761         }
1762
1763         rc = cifs_crypto_shash_allocate(tcp_ses);
1764         if (rc) {
1765                 cERROR(1, "could not setup hash structures rc %d", rc);
1766                 goto out_err;
1767         }
1768
1769         cifs_set_net_ns(tcp_ses, get_net(current->nsproxy->net_ns));
1770         tcp_ses->hostname = extract_hostname(volume_info->UNC);
1771         if (IS_ERR(tcp_ses->hostname)) {
1772                 rc = PTR_ERR(tcp_ses->hostname);
1773                 goto out_err_crypto_release;
1774         }
1775
1776         tcp_ses->noblocksnd = volume_info->noblocksnd;
1777         tcp_ses->noautotune = volume_info->noautotune;
1778         tcp_ses->tcp_nodelay = volume_info->sockopt_tcp_nodelay;
1779         atomic_set(&tcp_ses->inFlight, 0);
1780         init_waitqueue_head(&tcp_ses->response_q);
1781         init_waitqueue_head(&tcp_ses->request_q);
1782         INIT_LIST_HEAD(&tcp_ses->pending_mid_q);
1783         mutex_init(&tcp_ses->srv_mutex);
1784         memcpy(tcp_ses->workstation_RFC1001_name,
1785                 volume_info->source_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1786         memcpy(tcp_ses->server_RFC1001_name,
1787                 volume_info->target_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1788         tcp_ses->session_estab = false;
1789         tcp_ses->sequence_number = 0;
1790         tcp_ses->lstrp = jiffies;
1791         INIT_LIST_HEAD(&tcp_ses->tcp_ses_list);
1792         INIT_LIST_HEAD(&tcp_ses->smb_ses_list);
1793         INIT_DELAYED_WORK(&tcp_ses->echo, cifs_echo_request);
1794
1795         /*
1796          * at this point we are the only ones with the pointer
1797          * to the struct since the kernel thread not created yet
1798          * no need to spinlock this init of tcpStatus or srv_count
1799          */
1800         tcp_ses->tcpStatus = CifsNew;
1801         memcpy(&tcp_ses->srcaddr, &volume_info->srcaddr,
1802                sizeof(tcp_ses->srcaddr));
1803         ++tcp_ses->srv_count;
1804
1805         if (addr.ss_family == AF_INET6) {
1806                 cFYI(1, "attempting ipv6 connect");
1807                 /* BB should we allow ipv6 on port 139? */
1808                 /* other OS never observed in Wild doing 139 with v6 */
1809                 memcpy(&tcp_ses->dstaddr, sin_server6,
1810                        sizeof(struct sockaddr_in6));
1811         } else
1812                 memcpy(&tcp_ses->dstaddr, sin_server,
1813                        sizeof(struct sockaddr_in));
1814
1815         rc = ip_connect(tcp_ses);
1816         if (rc < 0) {
1817                 cERROR(1, "Error connecting to socket. Aborting operation");
1818                 goto out_err_crypto_release;
1819         }
1820
1821         /*
1822          * since we're in a cifs function already, we know that
1823          * this will succeed. No need for try_module_get().
1824          */
1825         __module_get(THIS_MODULE);
1826         tcp_ses->tsk = kthread_run((void *)(void *)cifs_demultiplex_thread,
1827                                   tcp_ses, "cifsd");
1828         if (IS_ERR(tcp_ses->tsk)) {
1829                 rc = PTR_ERR(tcp_ses->tsk);
1830                 cERROR(1, "error %d create cifsd thread", rc);
1831                 module_put(THIS_MODULE);
1832                 goto out_err_crypto_release;
1833         }
1834         tcp_ses->tcpStatus = CifsNeedNegotiate;
1835
1836         /* thread spawned, put it on the list */
1837         spin_lock(&cifs_tcp_ses_lock);
1838         list_add(&tcp_ses->tcp_ses_list, &cifs_tcp_ses_list);
1839         spin_unlock(&cifs_tcp_ses_lock);
1840
1841         cifs_fscache_get_client_cookie(tcp_ses);
1842
1843         /* queue echo request delayed work */
1844         queue_delayed_work(system_nrt_wq, &tcp_ses->echo, SMB_ECHO_INTERVAL);
1845
1846         return tcp_ses;
1847
1848 out_err_crypto_release:
1849         cifs_crypto_shash_release(tcp_ses);
1850
1851         put_net(cifs_net_ns(tcp_ses));
1852
1853 out_err:
1854         if (tcp_ses) {
1855                 if (!IS_ERR(tcp_ses->hostname))
1856                         kfree(tcp_ses->hostname);
1857                 if (tcp_ses->ssocket)
1858                         sock_release(tcp_ses->ssocket);
1859                 kfree(tcp_ses);
1860         }
1861         return ERR_PTR(rc);
1862 }
1863
1864 static struct cifsSesInfo *
1865 cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb_vol *vol)
1866 {
1867         struct cifsSesInfo *ses;
1868
1869         spin_lock(&cifs_tcp_ses_lock);
1870         list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
1871                 switch (server->secType) {
1872                 case Kerberos:
1873                         if (vol->cred_uid != ses->cred_uid)
1874                                 continue;
1875                         break;
1876                 default:
1877                         /* anything else takes username/password */
1878                         if (ses->user_name == NULL)
1879                                 continue;
1880                         if (strncmp(ses->user_name, vol->username,
1881                                     MAX_USERNAME_SIZE))
1882                                 continue;
1883                         if (strlen(vol->username) != 0 &&
1884                             ses->password != NULL &&
1885                             strncmp(ses->password,
1886                                     vol->password ? vol->password : "",
1887                                     MAX_PASSWORD_SIZE))
1888                                 continue;
1889                 }
1890                 ++ses->ses_count;
1891                 spin_unlock(&cifs_tcp_ses_lock);
1892                 return ses;
1893         }
1894         spin_unlock(&cifs_tcp_ses_lock);
1895         return NULL;
1896 }
1897
1898 static void
1899 cifs_put_smb_ses(struct cifsSesInfo *ses)
1900 {
1901         int xid;
1902         struct TCP_Server_Info *server = ses->server;
1903
1904         cFYI(1, "%s: ses_count=%d\n", __func__, ses->ses_count);
1905         spin_lock(&cifs_tcp_ses_lock);
1906         if (--ses->ses_count > 0) {
1907                 spin_unlock(&cifs_tcp_ses_lock);
1908                 return;
1909         }
1910
1911         list_del_init(&ses->smb_ses_list);
1912         spin_unlock(&cifs_tcp_ses_lock);
1913
1914         if (ses->status == CifsGood) {
1915                 xid = GetXid();
1916                 CIFSSMBLogoff(xid, ses);
1917                 _FreeXid(xid);
1918         }
1919         sesInfoFree(ses);
1920         cifs_put_tcp_session(server);
1921 }
1922
1923 static bool warned_on_ntlm;  /* globals init to false automatically */
1924
1925 static struct cifsSesInfo *
1926 cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info)
1927 {
1928         int rc = -ENOMEM, xid;
1929         struct cifsSesInfo *ses;
1930         struct sockaddr_in *addr = (struct sockaddr_in *)&server->dstaddr;
1931         struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)&server->dstaddr;
1932
1933         xid = GetXid();
1934
1935         ses = cifs_find_smb_ses(server, volume_info);
1936         if (ses) {
1937                 cFYI(1, "Existing smb sess found (status=%d)", ses->status);
1938
1939                 mutex_lock(&ses->session_mutex);
1940                 rc = cifs_negotiate_protocol(xid, ses);
1941                 if (rc) {
1942                         mutex_unlock(&ses->session_mutex);
1943                         /* problem -- put our ses reference */
1944                         cifs_put_smb_ses(ses);
1945                         FreeXid(xid);
1946                         return ERR_PTR(rc);
1947                 }
1948                 if (ses->need_reconnect) {
1949                         cFYI(1, "Session needs reconnect");
1950                         rc = cifs_setup_session(xid, ses,
1951                                                 volume_info->local_nls);
1952                         if (rc) {
1953                                 mutex_unlock(&ses->session_mutex);
1954                                 /* problem -- put our reference */
1955                                 cifs_put_smb_ses(ses);
1956                                 FreeXid(xid);
1957                                 return ERR_PTR(rc);
1958                         }
1959                 }
1960                 mutex_unlock(&ses->session_mutex);
1961
1962                 /* existing SMB ses has a server reference already */
1963                 cifs_put_tcp_session(server);
1964                 FreeXid(xid);
1965                 return ses;
1966         }
1967
1968         cFYI(1, "Existing smb sess not found");
1969         ses = sesInfoAlloc();
1970         if (ses == NULL)
1971                 goto get_ses_fail;
1972
1973         /* new SMB session uses our server ref */
1974         ses->server = server;
1975         if (server->dstaddr.ss_family == AF_INET6)
1976                 sprintf(ses->serverName, "%pI6", &addr6->sin6_addr);
1977         else
1978                 sprintf(ses->serverName, "%pI4", &addr->sin_addr);
1979
1980         if (volume_info->username) {
1981                 ses->user_name = kstrdup(volume_info->username, GFP_KERNEL);
1982                 if (!ses->user_name)
1983                         goto get_ses_fail;
1984         }
1985
1986         /* volume_info->password freed at unmount */
1987         if (volume_info->password) {
1988                 ses->password = kstrdup(volume_info->password, GFP_KERNEL);
1989                 if (!ses->password)
1990                         goto get_ses_fail;
1991         }
1992         if (volume_info->domainname) {
1993                 ses->domainName = kstrdup(volume_info->domainname, GFP_KERNEL);
1994                 if (!ses->domainName)
1995                         goto get_ses_fail;
1996         }
1997         ses->cred_uid = volume_info->cred_uid;
1998         ses->linux_uid = volume_info->linux_uid;
1999
2000         /* ntlmv2 is much stronger than ntlm security, and has been broadly
2001         supported for many years, time to update default security mechanism */
2002         if ((volume_info->secFlg == 0) && warned_on_ntlm == false) {
2003                 warned_on_ntlm = true;
2004                 cERROR(1, "default security mechanism requested.  The default "
2005                         "security mechanism will be upgraded from ntlm to "
2006                         "ntlmv2 in kernel release 2.6.41");
2007         }
2008         ses->overrideSecFlg = volume_info->secFlg;
2009
2010         mutex_lock(&ses->session_mutex);
2011         rc = cifs_negotiate_protocol(xid, ses);
2012         if (!rc)
2013                 rc = cifs_setup_session(xid, ses, volume_info->local_nls);
2014         mutex_unlock(&ses->session_mutex);
2015         if (rc)
2016                 goto get_ses_fail;
2017
2018         /* success, put it on the list */
2019         spin_lock(&cifs_tcp_ses_lock);
2020         list_add(&ses->smb_ses_list, &server->smb_ses_list);
2021         spin_unlock(&cifs_tcp_ses_lock);
2022
2023         FreeXid(xid);
2024         return ses;
2025
2026 get_ses_fail:
2027         sesInfoFree(ses);
2028         FreeXid(xid);
2029         return ERR_PTR(rc);
2030 }
2031
2032 static struct cifsTconInfo *
2033 cifs_find_tcon(struct cifsSesInfo *ses, const char *unc)
2034 {
2035         struct list_head *tmp;
2036         struct cifsTconInfo *tcon;
2037
2038         spin_lock(&cifs_tcp_ses_lock);
2039         list_for_each(tmp, &ses->tcon_list) {
2040                 tcon = list_entry(tmp, struct cifsTconInfo, tcon_list);
2041                 if (tcon->tidStatus == CifsExiting)
2042                         continue;
2043                 if (strncmp(tcon->treeName, unc, MAX_TREE_SIZE))
2044                         continue;
2045
2046                 ++tcon->tc_count;
2047                 spin_unlock(&cifs_tcp_ses_lock);
2048                 return tcon;
2049         }
2050         spin_unlock(&cifs_tcp_ses_lock);
2051         return NULL;
2052 }
2053
2054 static void
2055 cifs_put_tcon(struct cifsTconInfo *tcon)
2056 {
2057         int xid;
2058         struct cifsSesInfo *ses = tcon->ses;
2059
2060         cFYI(1, "%s: tc_count=%d\n", __func__, tcon->tc_count);
2061         spin_lock(&cifs_tcp_ses_lock);
2062         if (--tcon->tc_count > 0) {
2063                 spin_unlock(&cifs_tcp_ses_lock);
2064                 return;
2065         }
2066
2067         list_del_init(&tcon->tcon_list);
2068         spin_unlock(&cifs_tcp_ses_lock);
2069
2070         xid = GetXid();
2071         CIFSSMBTDis(xid, tcon);
2072         _FreeXid(xid);
2073
2074         cifs_fscache_release_super_cookie(tcon);
2075         tconInfoFree(tcon);
2076         cifs_put_smb_ses(ses);
2077 }
2078
2079 static struct cifsTconInfo *
2080 cifs_get_tcon(struct cifsSesInfo *ses, struct smb_vol *volume_info)
2081 {
2082         int rc, xid;
2083         struct cifsTconInfo *tcon;
2084
2085         tcon = cifs_find_tcon(ses, volume_info->UNC);
2086         if (tcon) {
2087                 cFYI(1, "Found match on UNC path");
2088                 /* existing tcon already has a reference */
2089                 cifs_put_smb_ses(ses);
2090                 if (tcon->seal != volume_info->seal)
2091                         cERROR(1, "transport encryption setting "
2092                                    "conflicts with existing tid");
2093                 return tcon;
2094         }
2095
2096         tcon = tconInfoAlloc();
2097         if (tcon == NULL) {
2098                 rc = -ENOMEM;
2099                 goto out_fail;
2100         }
2101
2102         tcon->ses = ses;
2103         if (volume_info->password) {
2104                 tcon->password = kstrdup(volume_info->password, GFP_KERNEL);
2105                 if (!tcon->password) {
2106                         rc = -ENOMEM;
2107                         goto out_fail;
2108                 }
2109         }
2110
2111         if (strchr(volume_info->UNC + 3, '\\') == NULL
2112             && strchr(volume_info->UNC + 3, '/') == NULL) {
2113                 cERROR(1, "Missing share name");
2114                 rc = -ENODEV;
2115                 goto out_fail;
2116         }
2117
2118         /* BB Do we need to wrap session_mutex around
2119          * this TCon call and Unix SetFS as
2120          * we do on SessSetup and reconnect? */
2121         xid = GetXid();
2122         rc = CIFSTCon(xid, ses, volume_info->UNC, tcon, volume_info->local_nls);
2123         FreeXid(xid);
2124         cFYI(1, "CIFS Tcon rc = %d", rc);
2125         if (rc)
2126                 goto out_fail;
2127
2128         if (volume_info->nodfs) {
2129                 tcon->Flags &= ~SMB_SHARE_IS_IN_DFS;
2130                 cFYI(1, "DFS disabled (%d)", tcon->Flags);
2131         }
2132         tcon->seal = volume_info->seal;
2133         /* we can have only one retry value for a connection
2134            to a share so for resources mounted more than once
2135            to the same server share the last value passed in
2136            for the retry flag is used */
2137         tcon->retry = volume_info->retry;
2138         tcon->nocase = volume_info->nocase;
2139         tcon->local_lease = volume_info->local_lease;
2140
2141         spin_lock(&cifs_tcp_ses_lock);
2142         list_add(&tcon->tcon_list, &ses->tcon_list);
2143         spin_unlock(&cifs_tcp_ses_lock);
2144
2145         cifs_fscache_get_super_cookie(tcon);
2146
2147         return tcon;
2148
2149 out_fail:
2150         tconInfoFree(tcon);
2151         return ERR_PTR(rc);
2152 }
2153
2154 void
2155 cifs_put_tlink(struct tcon_link *tlink)
2156 {
2157         if (!tlink || IS_ERR(tlink))
2158                 return;
2159
2160         if (!atomic_dec_and_test(&tlink->tl_count) ||
2161             test_bit(TCON_LINK_IN_TREE, &tlink->tl_flags)) {
2162                 tlink->tl_time = jiffies;
2163                 return;
2164         }
2165
2166         if (!IS_ERR(tlink_tcon(tlink)))
2167                 cifs_put_tcon(tlink_tcon(tlink));
2168         kfree(tlink);
2169         return;
2170 }
2171
2172 int
2173 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo, const char *old_path,
2174              const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
2175              struct dfs_info3_param **preferrals, int remap)
2176 {
2177         char *temp_unc;
2178         int rc = 0;
2179
2180         *pnum_referrals = 0;
2181         *preferrals = NULL;
2182
2183         if (pSesInfo->ipc_tid == 0) {
2184                 temp_unc = kmalloc(2 /* for slashes */ +
2185                         strnlen(pSesInfo->serverName,
2186                                 SERVER_NAME_LEN_WITH_NULL * 2)
2187                                  + 1 + 4 /* slash IPC$ */  + 2,
2188                                 GFP_KERNEL);
2189                 if (temp_unc == NULL)
2190                         return -ENOMEM;
2191                 temp_unc[0] = '\\';
2192                 temp_unc[1] = '\\';
2193                 strcpy(temp_unc + 2, pSesInfo->serverName);
2194                 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
2195                 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
2196                 cFYI(1, "CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid);
2197                 kfree(temp_unc);
2198         }
2199         if (rc == 0)
2200                 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
2201                                      pnum_referrals, nls_codepage, remap);
2202         /* BB map targetUNCs to dfs_info3 structures, here or
2203                 in CIFSGetDFSRefer BB */
2204
2205         return rc;
2206 }
2207
2208 #ifdef CONFIG_DEBUG_LOCK_ALLOC
2209 static struct lock_class_key cifs_key[2];
2210 static struct lock_class_key cifs_slock_key[2];
2211
2212 static inline void
2213 cifs_reclassify_socket4(struct socket *sock)
2214 {
2215         struct sock *sk = sock->sk;
2216         BUG_ON(sock_owned_by_user(sk));
2217         sock_lock_init_class_and_name(sk, "slock-AF_INET-CIFS",
2218                 &cifs_slock_key[0], "sk_lock-AF_INET-CIFS", &cifs_key[0]);
2219 }
2220
2221 static inline void
2222 cifs_reclassify_socket6(struct socket *sock)
2223 {
2224         struct sock *sk = sock->sk;
2225         BUG_ON(sock_owned_by_user(sk));
2226         sock_lock_init_class_and_name(sk, "slock-AF_INET6-CIFS",
2227                 &cifs_slock_key[1], "sk_lock-AF_INET6-CIFS", &cifs_key[1]);
2228 }
2229 #else
2230 static inline void
2231 cifs_reclassify_socket4(struct socket *sock)
2232 {
2233 }
2234
2235 static inline void
2236 cifs_reclassify_socket6(struct socket *sock)
2237 {
2238 }
2239 #endif
2240
2241 /* See RFC1001 section 14 on representation of Netbios names */
2242 static void rfc1002mangle(char *target, char *source, unsigned int length)
2243 {
2244         unsigned int i, j;
2245
2246         for (i = 0, j = 0; i < (length); i++) {
2247                 /* mask a nibble at a time and encode */
2248                 target[j] = 'A' + (0x0F & (source[i] >> 4));
2249                 target[j+1] = 'A' + (0x0F & source[i]);
2250                 j += 2;
2251         }
2252
2253 }
2254
2255 static int
2256 bind_socket(struct TCP_Server_Info *server)
2257 {
2258         int rc = 0;
2259         if (server->srcaddr.ss_family != AF_UNSPEC) {
2260                 /* Bind to the specified local IP address */
2261                 struct socket *socket = server->ssocket;
2262                 rc = socket->ops->bind(socket,
2263                                        (struct sockaddr *) &server->srcaddr,
2264                                        sizeof(server->srcaddr));
2265                 if (rc < 0) {
2266                         struct sockaddr_in *saddr4;
2267                         struct sockaddr_in6 *saddr6;
2268                         saddr4 = (struct sockaddr_in *)&server->srcaddr;
2269                         saddr6 = (struct sockaddr_in6 *)&server->srcaddr;
2270                         if (saddr6->sin6_family == AF_INET6)
2271                                 cERROR(1, "cifs: "
2272                                        "Failed to bind to: %pI6c, error: %d\n",
2273                                        &saddr6->sin6_addr, rc);
2274                         else
2275                                 cERROR(1, "cifs: "
2276                                        "Failed to bind to: %pI4, error: %d\n",
2277                                        &saddr4->sin_addr.s_addr, rc);
2278                 }
2279         }
2280         return rc;
2281 }
2282
2283 static int
2284 ip_rfc1001_connect(struct TCP_Server_Info *server)
2285 {
2286         int rc = 0;
2287         /*
2288          * some servers require RFC1001 sessinit before sending
2289          * negprot - BB check reconnection in case where second
2290          * sessinit is sent but no second negprot
2291          */
2292         struct rfc1002_session_packet *ses_init_buf;
2293         struct smb_hdr *smb_buf;
2294         ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
2295                                GFP_KERNEL);
2296         if (ses_init_buf) {
2297                 ses_init_buf->trailer.session_req.called_len = 32;
2298
2299                 if (server->server_RFC1001_name &&
2300                     server->server_RFC1001_name[0] != 0)
2301                         rfc1002mangle(ses_init_buf->trailer.
2302                                       session_req.called_name,
2303                                       server->server_RFC1001_name,
2304                                       RFC1001_NAME_LEN_WITH_NULL);
2305                 else
2306                         rfc1002mangle(ses_init_buf->trailer.
2307                                       session_req.called_name,
2308                                       DEFAULT_CIFS_CALLED_NAME,
2309                                       RFC1001_NAME_LEN_WITH_NULL);
2310
2311                 ses_init_buf->trailer.session_req.calling_len = 32;
2312
2313                 /*
2314                  * calling name ends in null (byte 16) from old smb
2315                  * convention.
2316                  */
2317                 if (server->workstation_RFC1001_name &&
2318                     server->workstation_RFC1001_name[0] != 0)
2319                         rfc1002mangle(ses_init_buf->trailer.
2320                                       session_req.calling_name,
2321                                       server->workstation_RFC1001_name,
2322                                       RFC1001_NAME_LEN_WITH_NULL);
2323                 else
2324                         rfc1002mangle(ses_init_buf->trailer.
2325                                       session_req.calling_name,
2326                                       "LINUX_CIFS_CLNT",
2327                                       RFC1001_NAME_LEN_WITH_NULL);
2328
2329                 ses_init_buf->trailer.session_req.scope1 = 0;
2330                 ses_init_buf->trailer.session_req.scope2 = 0;
2331                 smb_buf = (struct smb_hdr *)ses_init_buf;
2332
2333                 /* sizeof RFC1002_SESSION_REQUEST with no scope */
2334                 smb_buf->smb_buf_length = cpu_to_be32(0x81000044);
2335                 rc = smb_send(server, smb_buf, 0x44);
2336                 kfree(ses_init_buf);
2337                 /*
2338                  * RFC1001 layer in at least one server
2339                  * requires very short break before negprot
2340                  * presumably because not expecting negprot
2341                  * to follow so fast.  This is a simple
2342                  * solution that works without
2343                  * complicating the code and causes no
2344                  * significant slowing down on mount
2345                  * for everyone else
2346                  */
2347                 usleep_range(1000, 2000);
2348         }
2349         /*
2350          * else the negprot may still work without this
2351          * even though malloc failed
2352          */
2353
2354         return rc;
2355 }
2356
2357 static int
2358 generic_ip_connect(struct TCP_Server_Info *server)
2359 {
2360         int rc = 0;
2361         __be16 sport;
2362         int slen, sfamily;
2363         struct socket *socket = server->ssocket;
2364         struct sockaddr *saddr;
2365
2366         saddr = (struct sockaddr *) &server->dstaddr;
2367
2368         if (server->dstaddr.ss_family == AF_INET6) {
2369                 sport = ((struct sockaddr_in6 *) saddr)->sin6_port;
2370                 slen = sizeof(struct sockaddr_in6);
2371                 sfamily = AF_INET6;
2372         } else {
2373                 sport = ((struct sockaddr_in *) saddr)->sin_port;
2374                 slen = sizeof(struct sockaddr_in);
2375                 sfamily = AF_INET;
2376         }
2377
2378         if (socket == NULL) {
2379                 rc = __sock_create(cifs_net_ns(server), sfamily, SOCK_STREAM,
2380                                    IPPROTO_TCP, &socket, 1);
2381                 if (rc < 0) {
2382                         cERROR(1, "Error %d creating socket", rc);
2383                         server->ssocket = NULL;
2384                         return rc;
2385                 }
2386
2387                 /* BB other socket options to set KEEPALIVE, NODELAY? */
2388                 cFYI(1, "Socket created");
2389                 server->ssocket = socket;
2390                 socket->sk->sk_allocation = GFP_NOFS;
2391                 if (sfamily == AF_INET6)
2392                         cifs_reclassify_socket6(socket);
2393                 else
2394                         cifs_reclassify_socket4(socket);
2395         }
2396
2397         rc = bind_socket(server);
2398         if (rc < 0)
2399                 return rc;
2400
2401         rc = socket->ops->connect(socket, saddr, slen, 0);
2402         if (rc < 0) {
2403                 cFYI(1, "Error %d connecting to server", rc);
2404                 sock_release(socket);
2405                 server->ssocket = NULL;
2406                 return rc;
2407         }
2408
2409         /*
2410          * Eventually check for other socket options to change from
2411          * the default. sock_setsockopt not used because it expects
2412          * user space buffer
2413          */
2414         socket->sk->sk_rcvtimeo = 7 * HZ;
2415         socket->sk->sk_sndtimeo = 5 * HZ;
2416
2417         /* make the bufsizes depend on wsize/rsize and max requests */
2418         if (server->noautotune) {
2419                 if (socket->sk->sk_sndbuf < (200 * 1024))
2420                         socket->sk->sk_sndbuf = 200 * 1024;
2421                 if (socket->sk->sk_rcvbuf < (140 * 1024))
2422                         socket->sk->sk_rcvbuf = 140 * 1024;
2423         }
2424
2425         if (server->tcp_nodelay) {
2426                 int val = 1;
2427                 rc = kernel_setsockopt(socket, SOL_TCP, TCP_NODELAY,
2428                                 (char *)&val, sizeof(val));
2429                 if (rc)
2430                         cFYI(1, "set TCP_NODELAY socket option error %d", rc);
2431         }
2432
2433          cFYI(1, "sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
2434                  socket->sk->sk_sndbuf,
2435                  socket->sk->sk_rcvbuf, socket->sk->sk_rcvtimeo);
2436
2437         if (sport == htons(RFC1001_PORT))
2438                 rc = ip_rfc1001_connect(server);
2439
2440         return rc;
2441 }
2442
2443 static int
2444 ip_connect(struct TCP_Server_Info *server)
2445 {
2446         __be16 *sport;
2447         struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)&server->dstaddr;
2448         struct sockaddr_in *addr = (struct sockaddr_in *)&server->dstaddr;
2449
2450         if (server->dstaddr.ss_family == AF_INET6)
2451                 sport = &addr6->sin6_port;
2452         else
2453                 sport = &addr->sin_port;
2454
2455         if (*sport == 0) {
2456                 int rc;
2457
2458                 /* try with 445 port at first */
2459                 *sport = htons(CIFS_PORT);
2460
2461                 rc = generic_ip_connect(server);
2462                 if (rc >= 0)
2463                         return rc;
2464
2465                 /* if it failed, try with 139 port */
2466                 *sport = htons(RFC1001_PORT);
2467         }
2468
2469         return generic_ip_connect(server);
2470 }
2471
2472 void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon,
2473                           struct super_block *sb, struct smb_vol *vol_info)
2474 {
2475         /* if we are reconnecting then should we check to see if
2476          * any requested capabilities changed locally e.g. via
2477          * remount but we can not do much about it here
2478          * if they have (even if we could detect it by the following)
2479          * Perhaps we could add a backpointer to array of sb from tcon
2480          * or if we change to make all sb to same share the same
2481          * sb as NFS - then we only have one backpointer to sb.
2482          * What if we wanted to mount the server share twice once with
2483          * and once without posixacls or posix paths? */
2484         __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2485
2486         if (vol_info && vol_info->no_linux_ext) {
2487                 tcon->fsUnixInfo.Capability = 0;
2488                 tcon->unix_ext = 0; /* Unix Extensions disabled */
2489                 cFYI(1, "Linux protocol extensions disabled");
2490                 return;
2491         } else if (vol_info)
2492                 tcon->unix_ext = 1; /* Unix Extensions supported */
2493
2494         if (tcon->unix_ext == 0) {
2495                 cFYI(1, "Unix extensions disabled so not set on reconnect");
2496                 return;
2497         }
2498
2499         if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
2500                 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2501
2502                 /* check for reconnect case in which we do not
2503                    want to change the mount behavior if we can avoid it */
2504                 if (vol_info == NULL) {
2505                         /* turn off POSIX ACL and PATHNAMES if not set
2506                            originally at mount time */
2507                         if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
2508                                 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2509                         if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2510                                 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2511                                         cERROR(1, "POSIXPATH support change");
2512                                 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2513                         } else if ((cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2514                                 cERROR(1, "possible reconnect error");
2515                                 cERROR(1, "server disabled POSIX path support");
2516                         }
2517                 }
2518
2519                 cap &= CIFS_UNIX_CAP_MASK;
2520                 if (vol_info && vol_info->no_psx_acl)
2521                         cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2522                 else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
2523                         cFYI(1, "negotiated posix acl support");
2524                         if (sb)
2525                                 sb->s_flags |= MS_POSIXACL;
2526                 }
2527
2528                 if (vol_info && vol_info->posix_paths == 0)
2529                         cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2530                 else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
2531                         cFYI(1, "negotiate posix pathnames");
2532                         if (sb)
2533                                 CIFS_SB(sb)->mnt_cifs_flags |=
2534                                         CIFS_MOUNT_POSIX_PATHS;
2535                 }
2536
2537                 /* We might be setting the path sep back to a different
2538                 form if we are reconnecting and the server switched its
2539                 posix path capability for this share */
2540                 if (sb && (CIFS_SB(sb)->prepathlen > 0))
2541                         CIFS_SB(sb)->prepath[0] = CIFS_DIR_SEP(CIFS_SB(sb));
2542
2543                 if (sb && (CIFS_SB(sb)->rsize > 127 * 1024)) {
2544                         if ((cap & CIFS_UNIX_LARGE_READ_CAP) == 0) {
2545                                 CIFS_SB(sb)->rsize = 127 * 1024;
2546                                 cFYI(DBG2, "larger reads not supported by srv");
2547                         }
2548                 }
2549
2550
2551                 cFYI(1, "Negotiate caps 0x%x", (int)cap);
2552 #ifdef CONFIG_CIFS_DEBUG2
2553                 if (cap & CIFS_UNIX_FCNTL_CAP)
2554                         cFYI(1, "FCNTL cap");
2555                 if (cap & CIFS_UNIX_EXTATTR_CAP)
2556                         cFYI(1, "EXTATTR cap");
2557                 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2558                         cFYI(1, "POSIX path cap");
2559                 if (cap & CIFS_UNIX_XATTR_CAP)
2560                         cFYI(1, "XATTR cap");
2561                 if (cap & CIFS_UNIX_POSIX_ACL_CAP)
2562                         cFYI(1, "POSIX ACL cap");
2563                 if (cap & CIFS_UNIX_LARGE_READ_CAP)
2564                         cFYI(1, "very large read cap");
2565                 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
2566                         cFYI(1, "very large write cap");
2567 #endif /* CIFS_DEBUG2 */
2568                 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
2569                         if (vol_info == NULL) {
2570                                 cFYI(1, "resetting capabilities failed");
2571                         } else
2572                                 cERROR(1, "Negotiating Unix capabilities "
2573                                            "with the server failed.  Consider "
2574                                            "mounting with the Unix Extensions\n"
2575                                            "disabled, if problems are found, "
2576                                            "by specifying the nounix mount "
2577                                            "option.");
2578
2579                 }
2580         }
2581 }
2582
2583 static void
2584 convert_delimiter(char *path, char delim)
2585 {
2586         int i;
2587         char old_delim;
2588
2589         if (path == NULL)
2590                 return;
2591
2592         if (delim == '/')
2593                 old_delim = '\\';
2594         else
2595                 old_delim = '/';
2596
2597         for (i = 0; path[i] != '\0'; i++) {
2598                 if (path[i] == old_delim)
2599                         path[i] = delim;
2600         }
2601 }
2602
2603 static void setup_cifs_sb(struct smb_vol *pvolume_info,
2604                           struct cifs_sb_info *cifs_sb)
2605 {
2606         INIT_DELAYED_WORK(&cifs_sb->prune_tlinks, cifs_prune_tlinks);
2607
2608         if (pvolume_info->rsize > CIFSMaxBufSize) {
2609                 cERROR(1, "rsize %d too large, using MaxBufSize",
2610                         pvolume_info->rsize);
2611                 cifs_sb->rsize = CIFSMaxBufSize;
2612         } else if ((pvolume_info->rsize) &&
2613                         (pvolume_info->rsize <= CIFSMaxBufSize))
2614                 cifs_sb->rsize = pvolume_info->rsize;
2615         else /* default */
2616                 cifs_sb->rsize = CIFSMaxBufSize;
2617
2618         if (pvolume_info->wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
2619                 cERROR(1, "wsize %d too large, using 4096 instead",
2620                           pvolume_info->wsize);
2621                 cifs_sb->wsize = 4096;
2622         } else if (pvolume_info->wsize)
2623                 cifs_sb->wsize = pvolume_info->wsize;
2624         else
2625                 cifs_sb->wsize = min_t(const int,
2626                                         PAGEVEC_SIZE * PAGE_CACHE_SIZE,
2627                                         127*1024);
2628                 /* old default of CIFSMaxBufSize was too small now
2629                    that SMB Write2 can send multiple pages in kvec.
2630                    RFC1001 does not describe what happens when frame
2631                    bigger than 128K is sent so use that as max in
2632                    conjunction with 52K kvec constraint on arch with 4K
2633                    page size  */
2634
2635         if (cifs_sb->rsize < 2048) {
2636                 cifs_sb->rsize = 2048;
2637                 /* Windows ME may prefer this */
2638                 cFYI(1, "readsize set to minimum: 2048");
2639         }
2640         /* calculate prepath */
2641         cifs_sb->prepath = pvolume_info->prepath;
2642         if (cifs_sb->prepath) {
2643                 cifs_sb->prepathlen = strlen(cifs_sb->prepath);
2644                 /* we can not convert the / to \ in the path
2645                 separators in the prefixpath yet because we do not
2646                 know (until reset_cifs_unix_caps is called later)
2647                 whether POSIX PATH CAP is available. We normalize
2648                 the / to \ after reset_cifs_unix_caps is called */
2649                 pvolume_info->prepath = NULL;
2650         } else
2651                 cifs_sb->prepathlen = 0;
2652         cifs_sb->mnt_uid = pvolume_info->linux_uid;
2653         cifs_sb->mnt_gid = pvolume_info->linux_gid;
2654         cifs_sb->mnt_file_mode = pvolume_info->file_mode;
2655         cifs_sb->mnt_dir_mode = pvolume_info->dir_mode;
2656         cFYI(1, "file mode: 0x%x  dir mode: 0x%x",
2657                 cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode);
2658
2659         cifs_sb->actimeo = pvolume_info->actimeo;
2660
2661         if (pvolume_info->noperm)
2662                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
2663         if (pvolume_info->setuids)
2664                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
2665         if (pvolume_info->server_ino)
2666                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
2667         if (pvolume_info->remap)
2668                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
2669         if (pvolume_info->no_xattr)
2670                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
2671         if (pvolume_info->sfu_emul)
2672                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
2673         if (pvolume_info->nobrl)
2674                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
2675         if (pvolume_info->nostrictsync)
2676                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOSSYNC;
2677         if (pvolume_info->mand_lock)
2678                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOPOSIXBRL;
2679         if (pvolume_info->cifs_acl)
2680                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
2681         if (pvolume_info->override_uid)
2682                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
2683         if (pvolume_info->override_gid)
2684                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
2685         if (pvolume_info->dynperm)
2686                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM;
2687         if (pvolume_info->fsc)
2688                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_FSCACHE;
2689         if (pvolume_info->multiuser)
2690                 cifs_sb->mnt_cifs_flags |= (CIFS_MOUNT_MULTIUSER |
2691                                             CIFS_MOUNT_NO_PERM);
2692         if (pvolume_info->strict_io)
2693                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_STRICT_IO;
2694         if (pvolume_info->direct_io) {
2695                 cFYI(1, "mounting share using direct i/o");
2696                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
2697         }
2698         if (pvolume_info->mfsymlinks) {
2699                 if (pvolume_info->sfu_emul) {
2700                         cERROR(1,  "mount option mfsymlinks ignored if sfu "
2701                                    "mount option is used");
2702                 } else {
2703                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MF_SYMLINKS;
2704                 }
2705         }
2706
2707         if ((pvolume_info->cifs_acl) && (pvolume_info->dynperm))
2708                 cERROR(1, "mount option dynperm ignored if cifsacl "
2709                            "mount option supported");
2710 }
2711
2712 static int
2713 is_path_accessible(int xid, struct cifsTconInfo *tcon,
2714                    struct cifs_sb_info *cifs_sb, const char *full_path)
2715 {
2716         int rc;
2717         FILE_ALL_INFO *pfile_info;
2718
2719         pfile_info = kmalloc(sizeof(FILE_ALL_INFO), GFP_KERNEL);
2720         if (pfile_info == NULL)
2721                 return -ENOMEM;
2722
2723         rc = CIFSSMBQPathInfo(xid, tcon, full_path, pfile_info,
2724                               0 /* not legacy */, cifs_sb->local_nls,
2725                               cifs_sb->mnt_cifs_flags &
2726                                 CIFS_MOUNT_MAP_SPECIAL_CHR);
2727
2728         if (rc == -EOPNOTSUPP || rc == -EINVAL)
2729                 rc = SMBQueryInformation(xid, tcon, full_path, pfile_info,
2730                                 cifs_sb->local_nls, cifs_sb->mnt_cifs_flags &
2731                                   CIFS_MOUNT_MAP_SPECIAL_CHR);
2732         kfree(pfile_info);
2733         return rc;
2734 }
2735
2736 static void
2737 cleanup_volume_info(struct smb_vol **pvolume_info)
2738 {
2739         struct smb_vol *volume_info;
2740
2741         if (!pvolume_info || !*pvolume_info)
2742                 return;
2743
2744         volume_info = *pvolume_info;
2745         kfree(volume_info->username);
2746         kzfree(volume_info->password);
2747         kfree(volume_info->UNC);
2748         kfree(volume_info->UNCip);
2749         kfree(volume_info->domainname);
2750         kfree(volume_info->iocharset);
2751         kfree(volume_info->prepath);
2752         kfree(volume_info);
2753         *pvolume_info = NULL;
2754         return;
2755 }
2756
2757 #ifdef CONFIG_CIFS_DFS_UPCALL
2758 /* build_path_to_root returns full path to root when
2759  * we do not have an exiting connection (tcon) */
2760 static char *
2761 build_unc_path_to_root(const struct smb_vol *volume_info,
2762                 const struct cifs_sb_info *cifs_sb)
2763 {
2764         char *full_path;
2765
2766         int unc_len = strnlen(volume_info->UNC, MAX_TREE_SIZE + 1);
2767         full_path = kmalloc(unc_len + cifs_sb->prepathlen + 1, GFP_KERNEL);
2768         if (full_path == NULL)
2769                 return ERR_PTR(-ENOMEM);
2770
2771         strncpy(full_path, volume_info->UNC, unc_len);
2772         if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) {
2773                 int i;
2774                 for (i = 0; i < unc_len; i++) {
2775                         if (full_path[i] == '\\')
2776                                 full_path[i] = '/';
2777                 }
2778         }
2779
2780         if (cifs_sb->prepathlen)
2781                 strncpy(full_path + unc_len, cifs_sb->prepath,
2782                                 cifs_sb->prepathlen);
2783
2784         full_path[unc_len + cifs_sb->prepathlen] = 0; /* add trailing null */
2785         return full_path;
2786 }
2787
2788 /*
2789  * Perform a dfs referral query for a share and (optionally) prefix
2790  *
2791  * If a referral is found, cifs_sb->mountdata will be (re-)allocated
2792  * to a string containing updated options for the submount.  Otherwise it
2793  * will be left untouched.
2794  *
2795  * Returns the rc from get_dfs_path to the caller, which can be used to
2796  * determine whether there were referrals.
2797  */
2798 static int
2799 expand_dfs_referral(int xid, struct cifsSesInfo *pSesInfo,
2800                     struct smb_vol *volume_info, struct cifs_sb_info *cifs_sb,
2801                     int check_prefix)
2802 {
2803         int rc;
2804         unsigned int num_referrals = 0;
2805         struct dfs_info3_param *referrals = NULL;
2806         char *full_path = NULL, *ref_path = NULL, *mdata = NULL;
2807
2808         full_path = build_unc_path_to_root(volume_info, cifs_sb);
2809         if (IS_ERR(full_path))
2810                 return PTR_ERR(full_path);
2811
2812         /* For DFS paths, skip the first '\' of the UNC */
2813         ref_path = check_prefix ? full_path + 1 : volume_info->UNC + 1;
2814
2815         rc = get_dfs_path(xid, pSesInfo , ref_path, cifs_sb->local_nls,
2816                           &num_referrals, &referrals,
2817                           cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);
2818
2819         if (!rc && num_referrals > 0) {
2820                 char *fake_devname = NULL;
2821
2822                 mdata = cifs_compose_mount_options(cifs_sb->mountdata,
2823                                                    full_path + 1, referrals,
2824                                                    &fake_devname);
2825
2826                 free_dfs_info_array(referrals, num_referrals);
2827                 kfree(fake_devname);
2828
2829                 if (cifs_sb->mountdata != NULL)
2830                         kfree(cifs_sb->mountdata);
2831
2832                 if (IS_ERR(mdata)) {
2833                         rc = PTR_ERR(mdata);
2834                         mdata = NULL;
2835                 }
2836                 cifs_sb->mountdata = mdata;
2837         }
2838         kfree(full_path);
2839         return rc;
2840 }
2841 #endif
2842
2843 int
2844 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
2845                 char *mount_data_global, const char *devname)
2846 {
2847         int rc;
2848         int xid;
2849         struct smb_vol *volume_info;
2850         struct cifsSesInfo *pSesInfo;
2851         struct cifsTconInfo *tcon;
2852         struct TCP_Server_Info *srvTcp;
2853         char   *full_path;
2854         char *mount_data = mount_data_global;
2855         struct tcon_link *tlink;
2856 #ifdef CONFIG_CIFS_DFS_UPCALL
2857         int referral_walks_count = 0;
2858 try_mount_again:
2859         mount_data = cifs_sb->mountdata;
2860
2861         /* cleanup activities if we're chasing a referral */
2862         if (referral_walks_count) {
2863                 if (tcon)
2864                         cifs_put_tcon(tcon);
2865                 else if (pSesInfo)
2866                         cifs_put_smb_ses(pSesInfo);
2867
2868                 cleanup_volume_info(&volume_info);
2869                 FreeXid(xid);
2870         }
2871 #endif
2872         rc = 0;
2873         tcon = NULL;
2874         pSesInfo = NULL;
2875         srvTcp = NULL;
2876         full_path = NULL;
2877         tlink = NULL;
2878
2879         xid = GetXid();
2880
2881         volume_info = kzalloc(sizeof(struct smb_vol), GFP_KERNEL);
2882         if (!volume_info) {
2883                 rc = -ENOMEM;
2884                 goto out;
2885         }
2886
2887         if (cifs_parse_mount_options(mount_data, devname, volume_info)) {
2888                 rc = -EINVAL;
2889                 goto out;
2890         }
2891
2892         if (volume_info->nullauth) {
2893                 cFYI(1, "null user");
2894                 volume_info->username = "";
2895         } else if (volume_info->username) {
2896                 /* BB fixme parse for domain name here */
2897                 cFYI(1, "Username: %s", volume_info->username);
2898         } else {
2899                 cifserror("No username specified");
2900         /* In userspace mount helper we can get user name from alternate
2901            locations such as env variables and files on disk */
2902                 rc = -EINVAL;
2903                 goto out;
2904         }
2905
2906         /* this is needed for ASCII cp to Unicode converts */
2907         if (volume_info->iocharset == NULL) {
2908                 /* load_nls_default cannot return null */
2909                 volume_info->local_nls = load_nls_default();
2910         } else {
2911                 volume_info->local_nls = load_nls(volume_info->iocharset);
2912                 if (volume_info->local_nls == NULL) {
2913                         cERROR(1, "CIFS mount error: iocharset %s not found",
2914                                  volume_info->iocharset);
2915                         rc = -ELIBACC;
2916                         goto out;
2917                 }
2918         }
2919         cifs_sb->local_nls = volume_info->local_nls;
2920
2921         /* get a reference to a tcp session */
2922         srvTcp = cifs_get_tcp_session(volume_info);
2923         if (IS_ERR(srvTcp)) {
2924                 rc = PTR_ERR(srvTcp);
2925                 goto out;
2926         }
2927
2928         /* get a reference to a SMB session */
2929         pSesInfo = cifs_get_smb_ses(srvTcp, volume_info);
2930         if (IS_ERR(pSesInfo)) {
2931                 rc = PTR_ERR(pSesInfo);
2932                 pSesInfo = NULL;
2933                 goto mount_fail_check;
2934         }
2935
2936         setup_cifs_sb(volume_info, cifs_sb);
2937         if (pSesInfo->capabilities & CAP_LARGE_FILES)
2938                 sb->s_maxbytes = MAX_LFS_FILESIZE;
2939         else
2940                 sb->s_maxbytes = MAX_NON_LFS;
2941
2942         /* BB FIXME fix time_gran to be larger for LANMAN sessions */
2943         sb->s_time_gran = 100;
2944
2945         /* search for existing tcon to this server share */
2946         tcon = cifs_get_tcon(pSesInfo, volume_info);
2947         if (IS_ERR(tcon)) {
2948                 rc = PTR_ERR(tcon);
2949                 tcon = NULL;
2950                 goto remote_path_check;
2951         }
2952
2953         /* do not care if following two calls succeed - informational */
2954         if (!tcon->ipc) {
2955                 CIFSSMBQFSDeviceInfo(xid, tcon);
2956                 CIFSSMBQFSAttributeInfo(xid, tcon);
2957         }
2958
2959         /* tell server which Unix caps we support */
2960         if (tcon->ses->capabilities & CAP_UNIX)
2961                 /* reset of caps checks mount to see if unix extensions
2962                    disabled for just this mount */
2963                 reset_cifs_unix_caps(xid, tcon, sb, volume_info);
2964         else
2965                 tcon->unix_ext = 0; /* server does not support them */
2966
2967         /* convert forward to back slashes in prepath here if needed */
2968         if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
2969                 convert_delimiter(cifs_sb->prepath, CIFS_DIR_SEP(cifs_sb));
2970
2971         if ((tcon->unix_ext == 0) && (cifs_sb->rsize > (1024 * 127))) {
2972                 cifs_sb->rsize = 1024 * 127;
2973                 cFYI(DBG2, "no very large read support, rsize now 127K");
2974         }
2975         if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
2976                 cifs_sb->wsize = min(cifs_sb->wsize,
2977                                (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2978         if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
2979                 cifs_sb->rsize = min(cifs_sb->rsize,
2980                                (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2981
2982 remote_path_check:
2983 #ifdef CONFIG_CIFS_DFS_UPCALL
2984         /*
2985          * Perform an unconditional check for whether there are DFS
2986          * referrals for this path without prefix, to provide support
2987          * for DFS referrals from w2k8 servers which don't seem to respond
2988          * with PATH_NOT_COVERED to requests that include the prefix.
2989          * Chase the referral if found, otherwise continue normally.
2990          */
2991         if (referral_walks_count == 0) {
2992                 int refrc = expand_dfs_referral(xid, pSesInfo, volume_info,
2993                                                 cifs_sb, false);
2994                 if (!refrc) {
2995                         referral_walks_count++;
2996                         goto try_mount_again;
2997                 }
2998         }
2999 #endif
3000
3001         /* check if a whole path (including prepath) is not remote */
3002         if (!rc && tcon) {
3003                 /* build_path_to_root works only when we have a valid tcon */
3004                 full_path = cifs_build_path_to_root(cifs_sb, tcon);
3005                 if (full_path == NULL) {
3006                         rc = -ENOMEM;
3007                         goto mount_fail_check;
3008                 }
3009                 rc = is_path_accessible(xid, tcon, cifs_sb, full_path);
3010                 if (rc != 0 && rc != -EREMOTE) {
3011                         kfree(full_path);
3012                         goto mount_fail_check;
3013                 }
3014                 kfree(full_path);
3015         }
3016
3017         /* get referral if needed */
3018         if (rc == -EREMOTE) {
3019 #ifdef CONFIG_CIFS_DFS_UPCALL
3020                 if (referral_walks_count > MAX_NESTED_LINKS) {
3021                         /*
3022                          * BB: when we implement proper loop detection,
3023                          *     we will remove this check. But now we need it
3024                          *     to prevent an indefinite loop if 'DFS tree' is
3025                          *     misconfigured (i.e. has loops).
3026                          */
3027                         rc = -ELOOP;
3028                         goto mount_fail_check;
3029                 }
3030                 /* convert forward to back slashes in prepath here if needed */
3031                 if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
3032                         convert_delimiter(cifs_sb->prepath,
3033                                         CIFS_DIR_SEP(cifs_sb));
3034
3035                 rc = expand_dfs_referral(xid, pSesInfo, volume_info, cifs_sb,
3036                                          true);
3037
3038                 if (!rc) {
3039                         referral_walks_count++;
3040                         goto try_mount_again;
3041                 }
3042                 goto mount_fail_check;
3043 #else /* No DFS support, return error on mount */
3044                 rc = -EOPNOTSUPP;
3045 #endif
3046         }
3047
3048         if (rc)
3049                 goto mount_fail_check;
3050
3051         /* now, hang the tcon off of the superblock */
3052         tlink = kzalloc(sizeof *tlink, GFP_KERNEL);
3053         if (tlink == NULL) {
3054                 rc = -ENOMEM;
3055                 goto mount_fail_check;
3056         }
3057
3058         tlink->tl_uid = pSesInfo->linux_uid;
3059         tlink->tl_tcon = tcon;
3060         tlink->tl_time = jiffies;
3061         set_bit(TCON_LINK_MASTER, &tlink->tl_flags);
3062         set_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
3063
3064         cifs_sb->master_tlink = tlink;
3065         spin_lock(&cifs_sb->tlink_tree_lock);
3066         tlink_rb_insert(&cifs_sb->tlink_tree, tlink);
3067         spin_unlock(&cifs_sb->tlink_tree_lock);
3068
3069         queue_delayed_work(system_nrt_wq, &cifs_sb->prune_tlinks,
3070                                 TLINK_IDLE_EXPIRE);
3071
3072 mount_fail_check:
3073         /* on error free sesinfo and tcon struct if needed */
3074         if (rc) {
3075                 /* If find_unc succeeded then rc == 0 so we can not end */
3076                 /* up accidentally freeing someone elses tcon struct */
3077                 if (tcon)
3078                         cifs_put_tcon(tcon);
3079                 else if (pSesInfo)
3080                         cifs_put_smb_ses(pSesInfo);
3081                 else
3082                         cifs_put_tcp_session(srvTcp);
3083                 goto out;
3084         }
3085
3086         /* volume_info->password is freed above when existing session found
3087         (in which case it is not needed anymore) but when new sesion is created
3088         the password ptr is put in the new session structure (in which case the
3089         password will be freed at unmount time) */
3090 out:
3091         /* zero out password before freeing */
3092         cleanup_volume_info(&volume_info);
3093         FreeXid(xid);
3094         return rc;
3095 }
3096
3097 int
3098 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3099          const char *tree, struct cifsTconInfo *tcon,
3100          const struct nls_table *nls_codepage)
3101 {
3102         struct smb_hdr *smb_buffer;
3103         struct smb_hdr *smb_buffer_response;
3104         TCONX_REQ *pSMB;
3105         TCONX_RSP *pSMBr;
3106         unsigned char *bcc_ptr;
3107         int rc = 0;
3108         int length;
3109         __u16 bytes_left, count;
3110
3111         if (ses == NULL)
3112                 return -EIO;
3113
3114         smb_buffer = cifs_buf_get();
3115         if (smb_buffer == NULL)
3116                 return -ENOMEM;
3117
3118         smb_buffer_response = smb_buffer;
3119
3120         header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3121                         NULL /*no tid */ , 4 /*wct */ );
3122
3123         smb_buffer->Mid = GetNextMid(ses->server);
3124         smb_buffer->Uid = ses->Suid;
3125         pSMB = (TCONX_REQ *) smb_buffer;
3126         pSMBr = (TCONX_RSP *) smb_buffer_response;
3127
3128         pSMB->AndXCommand = 0xFF;
3129         pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3130         bcc_ptr = &pSMB->Password[0];
3131         if ((ses->server->secMode) & SECMODE_USER) {
3132                 pSMB->PasswordLength = cpu_to_le16(1);  /* minimum */
3133                 *bcc_ptr = 0; /* password is null byte */
3134                 bcc_ptr++;              /* skip password */
3135                 /* already aligned so no need to do it below */
3136         } else {
3137                 pSMB->PasswordLength = cpu_to_le16(CIFS_AUTH_RESP_SIZE);
3138                 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3139                    specified as required (when that support is added to
3140                    the vfs in the future) as only NTLM or the much
3141                    weaker LANMAN (which we do not send by default) is accepted
3142                    by Samba (not sure whether other servers allow
3143                    NTLMv2 password here) */
3144 #ifdef CONFIG_CIFS_WEAK_PW_HASH
3145                 if ((global_secflags & CIFSSEC_MAY_LANMAN) &&
3146                     (ses->server->secType == LANMAN))
3147                         calc_lanman_hash(tcon->password, ses->server->cryptkey,
3148                                          ses->server->secMode &
3149                                             SECMODE_PW_ENCRYPT ? true : false,
3150                                          bcc_ptr);
3151                 else
3152 #endif /* CIFS_WEAK_PW_HASH */
3153                 rc = SMBNTencrypt(tcon->password, ses->server->cryptkey,
3154                                         bcc_ptr);
3155
3156                 bcc_ptr += CIFS_AUTH_RESP_SIZE;
3157                 if (ses->capabilities & CAP_UNICODE) {
3158                         /* must align unicode strings */
3159                         *bcc_ptr = 0; /* null byte password */
3160                         bcc_ptr++;
3161                 }
3162         }
3163
3164         if (ses->server->secMode &
3165                         (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3166                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3167
3168         if (ses->capabilities & CAP_STATUS32) {
3169                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3170         }
3171         if (ses->capabilities & CAP_DFS) {
3172                 smb_buffer->Flags2 |= SMBFLG2_DFS;
3173         }
3174         if (ses->capabilities & CAP_UNICODE) {
3175                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3176                 length =
3177                     cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3178                         6 /* max utf8 char length in bytes */ *
3179                         (/* server len*/ + 256 /* share len */), nls_codepage);
3180                 bcc_ptr += 2 * length;  /* convert num 16 bit words to bytes */
3181                 bcc_ptr += 2;   /* skip trailing null */
3182         } else {                /* ASCII */
3183                 strcpy(bcc_ptr, tree);
3184                 bcc_ptr += strlen(tree) + 1;
3185         }
3186         strcpy(bcc_ptr, "?????");
3187         bcc_ptr += strlen("?????");
3188         bcc_ptr += 1;
3189         count = bcc_ptr - &pSMB->Password[0];
3190         pSMB->hdr.smb_buf_length = cpu_to_be32(be32_to_cpu(
3191                                         pSMB->hdr.smb_buf_length) + count);
3192         pSMB->ByteCount = cpu_to_le16(count);
3193
3194         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
3195                          0);
3196
3197         /* above now done in SendReceive */
3198         if ((rc == 0) && (tcon != NULL)) {
3199                 bool is_unicode;
3200
3201                 tcon->tidStatus = CifsGood;
3202                 tcon->need_reconnect = false;
3203                 tcon->tid = smb_buffer_response->Tid;
3204                 bcc_ptr = pByteArea(smb_buffer_response);
3205                 bytes_left = get_bcc(smb_buffer_response);
3206                 length = strnlen(bcc_ptr, bytes_left - 2);
3207                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE)
3208                         is_unicode = true;
3209                 else
3210                         is_unicode = false;
3211
3212
3213                 /* skip service field (NB: this field is always ASCII) */
3214                 if (length == 3) {
3215                         if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') &&
3216                             (bcc_ptr[2] == 'C')) {
3217                                 cFYI(1, "IPC connection");
3218                                 tcon->ipc = 1;
3219                         }
3220                 } else if (length == 2) {
3221                         if ((bcc_ptr[0] == 'A') && (bcc_ptr[1] == ':')) {
3222                                 /* the most common case */
3223                                 cFYI(1, "disk share connection");
3224                         }
3225                 }
3226                 bcc_ptr += length + 1;
3227                 bytes_left -= (length + 1);
3228                 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3229
3230                 /* mostly informational -- no need to fail on error here */
3231                 kfree(tcon->nativeFileSystem);
3232                 tcon->nativeFileSystem = cifs_strndup_from_ucs(bcc_ptr,
3233                                                       bytes_left, is_unicode,
3234                                                       nls_codepage);
3235
3236                 cFYI(1, "nativeFileSystem=%s", tcon->nativeFileSystem);
3237
3238                 if ((smb_buffer_response->WordCount == 3) ||
3239                          (smb_buffer_response->WordCount == 7))
3240                         /* field is in same location */
3241                         tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3242                 else
3243                         tcon->Flags = 0;
3244                 cFYI(1, "Tcon flags: 0x%x ", tcon->Flags);
3245         } else if ((rc == 0) && tcon == NULL) {
3246                 /* all we need to save for IPC$ connection */
3247                 ses->ipc_tid = smb_buffer_response->Tid;
3248         }
3249
3250         cifs_buf_release(smb_buffer);
3251         return rc;
3252 }
3253
3254 int
3255 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3256 {
3257         struct rb_root *root = &cifs_sb->tlink_tree;
3258         struct rb_node *node;
3259         struct tcon_link *tlink;
3260         char *tmp;
3261
3262         cancel_delayed_work_sync(&cifs_sb->prune_tlinks);
3263
3264         spin_lock(&cifs_sb->tlink_tree_lock);
3265         while ((node = rb_first(root))) {
3266                 tlink = rb_entry(node, struct tcon_link, tl_rbnode);
3267                 cifs_get_tlink(tlink);
3268                 clear_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
3269                 rb_erase(node, root);
3270
3271                 spin_unlock(&cifs_sb->tlink_tree_lock);
3272                 cifs_put_tlink(tlink);
3273                 spin_lock(&cifs_sb->tlink_tree_lock);
3274         }
3275         spin_unlock(&cifs_sb->tlink_tree_lock);
3276
3277         tmp = cifs_sb->prepath;
3278         cifs_sb->prepathlen = 0;
3279         cifs_sb->prepath = NULL;
3280         kfree(tmp);
3281
3282         return 0;
3283 }
3284
3285 int cifs_negotiate_protocol(unsigned int xid, struct cifsSesInfo *ses)
3286 {
3287         int rc = 0;
3288         struct TCP_Server_Info *server = ses->server;
3289
3290         /* only send once per connect */
3291         if (server->maxBuf != 0)
3292                 return 0;
3293
3294         rc = CIFSSMBNegotiate(xid, ses);
3295         if (rc == -EAGAIN) {
3296                 /* retry only once on 1st time connection */
3297                 rc = CIFSSMBNegotiate(xid, ses);
3298                 if (rc == -EAGAIN)
3299                         rc = -EHOSTDOWN;
3300         }
3301         if (rc == 0) {
3302                 spin_lock(&GlobalMid_Lock);
3303                 if (server->tcpStatus != CifsExiting)
3304                         server->tcpStatus = CifsGood;
3305                 else
3306                         rc = -EHOSTDOWN;
3307                 spin_unlock(&GlobalMid_Lock);
3308
3309         }
3310
3311         return rc;
3312 }
3313
3314
3315 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *ses,
3316                         struct nls_table *nls_info)
3317 {
3318         int rc = 0;
3319         struct TCP_Server_Info *server = ses->server;
3320
3321         ses->flags = 0;
3322         ses->capabilities = server->capabilities;
3323         if (linuxExtEnabled == 0)
3324                 ses->capabilities &= (~CAP_UNIX);
3325
3326         cFYI(1, "Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
3327                  server->secMode, server->capabilities, server->timeAdj);
3328
3329         rc = CIFS_SessSetup(xid, ses, nls_info);
3330         if (rc) {
3331                 cERROR(1, "Send error in SessSetup = %d", rc);
3332         } else {
3333                 mutex_lock(&ses->server->srv_mutex);
3334                 if (!server->session_estab) {
3335                         server->session_key.response = ses->auth_key.response;
3336                         server->session_key.len = ses->auth_key.len;
3337                         server->sequence_number = 0x2;
3338                         server->session_estab = true;
3339                         ses->auth_key.response = NULL;
3340                 }
3341                 mutex_unlock(&server->srv_mutex);
3342
3343                 cFYI(1, "CIFS Session Established successfully");
3344                 spin_lock(&GlobalMid_Lock);
3345                 ses->status = CifsGood;
3346                 ses->need_reconnect = false;
3347                 spin_unlock(&GlobalMid_Lock);
3348         }
3349
3350         kfree(ses->auth_key.response);
3351         ses->auth_key.response = NULL;
3352         ses->auth_key.len = 0;
3353         kfree(ses->ntlmssp);
3354         ses->ntlmssp = NULL;
3355
3356         return rc;
3357 }
3358
3359 static struct cifsTconInfo *
3360 cifs_construct_tcon(struct cifs_sb_info *cifs_sb, uid_t fsuid)
3361 {
3362         struct cifsTconInfo *master_tcon = cifs_sb_master_tcon(cifs_sb);
3363         struct cifsSesInfo *ses;
3364         struct cifsTconInfo *tcon = NULL;
3365         struct smb_vol *vol_info;
3366         char username[28]; /* big enough for "krb50x" + hex of ULONG_MAX 6+16 */
3367                            /* We used to have this as MAX_USERNAME which is   */
3368                            /* way too big now (256 instead of 32) */
3369
3370         vol_info = kzalloc(sizeof(*vol_info), GFP_KERNEL);
3371         if (vol_info == NULL) {
3372                 tcon = ERR_PTR(-ENOMEM);
3373                 goto out;
3374         }
3375
3376         snprintf(username, MAX_USERNAME_SIZE, "krb50x%x", fsuid);
3377         vol_info->username = username;
3378         vol_info->local_nls = cifs_sb->local_nls;
3379         vol_info->linux_uid = fsuid;
3380         vol_info->cred_uid = fsuid;
3381         vol_info->UNC = master_tcon->treeName;
3382         vol_info->retry = master_tcon->retry;
3383         vol_info->nocase = master_tcon->nocase;
3384         vol_info->local_lease = master_tcon->local_lease;
3385         vol_info->no_linux_ext = !master_tcon->unix_ext;
3386
3387         /* FIXME: allow for other secFlg settings */
3388         vol_info->secFlg = CIFSSEC_MUST_KRB5;
3389
3390         /* get a reference for the same TCP session */
3391         spin_lock(&cifs_tcp_ses_lock);
3392         ++master_tcon->ses->server->srv_count;
3393         spin_unlock(&cifs_tcp_ses_lock);
3394
3395         ses = cifs_get_smb_ses(master_tcon->ses->server, vol_info);
3396         if (IS_ERR(ses)) {
3397                 tcon = (struct cifsTconInfo *)ses;
3398                 cifs_put_tcp_session(master_tcon->ses->server);
3399                 goto out;
3400         }
3401
3402         tcon = cifs_get_tcon(ses, vol_info);
3403         if (IS_ERR(tcon)) {
3404                 cifs_put_smb_ses(ses);
3405                 goto out;
3406         }
3407
3408         if (ses->capabilities & CAP_UNIX)
3409                 reset_cifs_unix_caps(0, tcon, NULL, vol_info);
3410 out:
3411         kfree(vol_info);
3412
3413         return tcon;
3414 }
3415
3416 static inline struct tcon_link *
3417 cifs_sb_master_tlink(struct cifs_sb_info *cifs_sb)
3418 {
3419         return cifs_sb->master_tlink;
3420 }
3421
3422 struct cifsTconInfo *
3423 cifs_sb_master_tcon(struct cifs_sb_info *cifs_sb)
3424 {
3425         return tlink_tcon(cifs_sb_master_tlink(cifs_sb));
3426 }
3427
3428 static int
3429 cifs_sb_tcon_pending_wait(void *unused)
3430 {
3431         schedule();
3432         return signal_pending(current) ? -ERESTARTSYS : 0;
3433 }
3434
3435 /* find and return a tlink with given uid */
3436 static struct tcon_link *
3437 tlink_rb_search(struct rb_root *root, uid_t uid)
3438 {
3439         struct rb_node *node = root->rb_node;
3440         struct tcon_link *tlink;
3441
3442         while (node) {
3443                 tlink = rb_entry(node, struct tcon_link, tl_rbnode);
3444
3445                 if (tlink->tl_uid > uid)
3446                         node = node->rb_left;
3447                 else if (tlink->tl_uid < uid)
3448                         node = node->rb_right;
3449                 else
3450                         return tlink;
3451         }
3452         return NULL;
3453 }
3454
3455 /* insert a tcon_link into the tree */
3456 static void
3457 tlink_rb_insert(struct rb_root *root, struct tcon_link *new_tlink)
3458 {
3459         struct rb_node **new = &(root->rb_node), *parent = NULL;
3460         struct tcon_link *tlink;
3461
3462         while (*new) {
3463                 tlink = rb_entry(*new, struct tcon_link, tl_rbnode);
3464                 parent = *new;
3465
3466                 if (tlink->tl_uid > new_tlink->tl_uid)
3467                         new = &((*new)->rb_left);
3468                 else
3469                         new = &((*new)->rb_right);
3470         }
3471
3472         rb_link_node(&new_tlink->tl_rbnode, parent, new);
3473         rb_insert_color(&new_tlink->tl_rbnode, root);
3474 }
3475
3476 /*
3477  * Find or construct an appropriate tcon given a cifs_sb and the fsuid of the
3478  * current task.
3479  *
3480  * If the superblock doesn't refer to a multiuser mount, then just return
3481  * the master tcon for the mount.
3482  *
3483  * First, search the rbtree for an existing tcon for this fsuid. If one
3484  * exists, then check to see if it's pending construction. If it is then wait
3485  * for construction to complete. Once it's no longer pending, check to see if
3486  * it failed and either return an error or retry construction, depending on
3487  * the timeout.
3488  *
3489  * If one doesn't exist then insert a new tcon_link struct into the tree and
3490  * try to construct a new one.
3491  */
3492 struct tcon_link *
3493 cifs_sb_tlink(struct cifs_sb_info *cifs_sb)
3494 {
3495         int ret;
3496         uid_t fsuid = current_fsuid();
3497         struct tcon_link *tlink, *newtlink;
3498
3499         if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MULTIUSER))
3500                 return cifs_get_tlink(cifs_sb_master_tlink(cifs_sb));
3501
3502         spin_lock(&cifs_sb->tlink_tree_lock);
3503         tlink = tlink_rb_search(&cifs_sb->tlink_tree, fsuid);
3504         if (tlink)
3505                 cifs_get_tlink(tlink);
3506         spin_unlock(&cifs_sb->tlink_tree_lock);
3507
3508         if (tlink == NULL) {
3509                 newtlink = kzalloc(sizeof(*tlink), GFP_KERNEL);
3510                 if (newtlink == NULL)
3511                         return ERR_PTR(-ENOMEM);
3512                 newtlink->tl_uid = fsuid;
3513                 newtlink->tl_tcon = ERR_PTR(-EACCES);
3514                 set_bit(TCON_LINK_PENDING, &newtlink->tl_flags);
3515                 set_bit(TCON_LINK_IN_TREE, &newtlink->tl_flags);
3516                 cifs_get_tlink(newtlink);
3517
3518                 spin_lock(&cifs_sb->tlink_tree_lock);
3519                 /* was one inserted after previous search? */
3520                 tlink = tlink_rb_search(&cifs_sb->tlink_tree, fsuid);
3521                 if (tlink) {
3522                         cifs_get_tlink(tlink);
3523                         spin_unlock(&cifs_sb->tlink_tree_lock);
3524                         kfree(newtlink);
3525                         goto wait_for_construction;
3526                 }
3527                 tlink = newtlink;
3528                 tlink_rb_insert(&cifs_sb->tlink_tree, tlink);
3529                 spin_unlock(&cifs_sb->tlink_tree_lock);
3530         } else {
3531 wait_for_construction:
3532                 ret = wait_on_bit(&tlink->tl_flags, TCON_LINK_PENDING,
3533                                   cifs_sb_tcon_pending_wait,
3534                                   TASK_INTERRUPTIBLE);
3535                 if (ret) {
3536                         cifs_put_tlink(tlink);
3537                         return ERR_PTR(ret);
3538                 }
3539
3540                 /* if it's good, return it */
3541                 if (!IS_ERR(tlink->tl_tcon))
3542                         return tlink;
3543
3544                 /* return error if we tried this already recently */
3545                 if (time_before(jiffies, tlink->tl_time + TLINK_ERROR_EXPIRE)) {
3546                         cifs_put_tlink(tlink);
3547                         return ERR_PTR(-EACCES);
3548                 }
3549
3550                 if (test_and_set_bit(TCON_LINK_PENDING, &tlink->tl_flags))
3551                         goto wait_for_construction;
3552         }
3553
3554         tlink->tl_tcon = cifs_construct_tcon(cifs_sb, fsuid);
3555         clear_bit(TCON_LINK_PENDING, &tlink->tl_flags);
3556         wake_up_bit(&tlink->tl_flags, TCON_LINK_PENDING);
3557
3558         if (IS_ERR(tlink->tl_tcon)) {
3559                 cifs_put_tlink(tlink);
3560                 return ERR_PTR(-EACCES);
3561         }
3562
3563         return tlink;
3564 }
3565
3566 /*
3567  * periodic workqueue job that scans tcon_tree for a superblock and closes
3568  * out tcons.
3569  */
3570 static void
3571 cifs_prune_tlinks(struct work_struct *work)
3572 {
3573         struct cifs_sb_info *cifs_sb = container_of(work, struct cifs_sb_info,
3574                                                     prune_tlinks.work);
3575         struct rb_root *root = &cifs_sb->tlink_tree;
3576         struct rb_node *node = rb_first(root);
3577         struct rb_node *tmp;
3578         struct tcon_link *tlink;
3579
3580         /*
3581          * Because we drop the spinlock in the loop in order to put the tlink
3582          * it's not guarded against removal of links from the tree. The only
3583          * places that remove entries from the tree are this function and
3584          * umounts. Because this function is non-reentrant and is canceled
3585          * before umount can proceed, this is safe.
3586          */
3587         spin_lock(&cifs_sb->tlink_tree_lock);
3588         node = rb_first(root);
3589         while (node != NULL) {
3590                 tmp = node;
3591                 node = rb_next(tmp);
3592                 tlink = rb_entry(tmp, struct tcon_link, tl_rbnode);
3593
3594                 if (test_bit(TCON_LINK_MASTER, &tlink->tl_flags) ||
3595                     atomic_read(&tlink->tl_count) != 0 ||
3596                     time_after(tlink->tl_time + TLINK_IDLE_EXPIRE, jiffies))
3597                         continue;
3598
3599                 cifs_get_tlink(tlink);
3600                 clear_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
3601                 rb_erase(tmp, root);
3602
3603                 spin_unlock(&cifs_sb->tlink_tree_lock);
3604                 cifs_put_tlink(tlink);
3605                 spin_lock(&cifs_sb->tlink_tree_lock);
3606         }
3607         spin_unlock(&cifs_sb->tlink_tree_lock);
3608
3609         queue_delayed_work(system_nrt_wq, &cifs_sb->prune_tlinks,
3610                                 TLINK_IDLE_EXPIRE);
3611 }