Revert "ext4: use old interface for ext4_readdir()"
[linux-3.10.git] / fs / cifs / smb2pdu.c
1 /*
2  *   fs/cifs/smb2pdu.c
3  *
4  *   Copyright (C) International Business Machines  Corp., 2009, 2012
5  *                 Etersoft, 2012
6  *   Author(s): Steve French (sfrench@us.ibm.com)
7  *              Pavel Shilovsky (pshilovsky@samba.org) 2012
8  *
9  *   Contains the routines for constructing the SMB2 PDUs themselves
10  *
11  *   This library is free software; you can redistribute it and/or modify
12  *   it under the terms of the GNU Lesser General Public License as published
13  *   by the Free Software Foundation; either version 2.1 of the License, or
14  *   (at your option) any later version.
15  *
16  *   This library is distributed in the hope that it will be useful,
17  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
18  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
19  *   the GNU Lesser General Public License for more details.
20  *
21  *   You should have received a copy of the GNU Lesser General Public License
22  *   along with this library; if not, write to the Free Software
23  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24  */
25
26  /* SMB2 PDU handling routines here - except for leftovers (eg session setup) */
27  /* Note that there are handle based routines which must be                   */
28  /* treated slightly differently for reconnection purposes since we never     */
29  /* want to reuse a stale file handle and only the caller knows the file info */
30
31 #include <linux/fs.h>
32 #include <linux/kernel.h>
33 #include <linux/vfs.h>
34 #include <linux/task_io_accounting_ops.h>
35 #include <linux/uaccess.h>
36 #include <linux/pagemap.h>
37 #include <linux/xattr.h>
38 #include "smb2pdu.h"
39 #include "cifsglob.h"
40 #include "cifsacl.h"
41 #include "cifsproto.h"
42 #include "smb2proto.h"
43 #include "cifs_unicode.h"
44 #include "cifs_debug.h"
45 #include "ntlmssp.h"
46 #include "smb2status.h"
47 #include "smb2glob.h"
48 #include "cifspdu.h"
49
50 /*
51  *  The following table defines the expected "StructureSize" of SMB2 requests
52  *  in order by SMB2 command.  This is similar to "wct" in SMB/CIFS requests.
53  *
54  *  Note that commands are defined in smb2pdu.h in le16 but the array below is
55  *  indexed by command in host byte order.
56  */
57 static const int smb2_req_struct_sizes[NUMBER_OF_SMB2_COMMANDS] = {
58         /* SMB2_NEGOTIATE */ 36,
59         /* SMB2_SESSION_SETUP */ 25,
60         /* SMB2_LOGOFF */ 4,
61         /* SMB2_TREE_CONNECT */ 9,
62         /* SMB2_TREE_DISCONNECT */ 4,
63         /* SMB2_CREATE */ 57,
64         /* SMB2_CLOSE */ 24,
65         /* SMB2_FLUSH */ 24,
66         /* SMB2_READ */ 49,
67         /* SMB2_WRITE */ 49,
68         /* SMB2_LOCK */ 48,
69         /* SMB2_IOCTL */ 57,
70         /* SMB2_CANCEL */ 4,
71         /* SMB2_ECHO */ 4,
72         /* SMB2_QUERY_DIRECTORY */ 33,
73         /* SMB2_CHANGE_NOTIFY */ 32,
74         /* SMB2_QUERY_INFO */ 41,
75         /* SMB2_SET_INFO */ 33,
76         /* SMB2_OPLOCK_BREAK */ 24 /* BB this is 36 for LEASE_BREAK variant */
77 };
78
79
80 static void
81 smb2_hdr_assemble(struct smb2_hdr *hdr, __le16 smb2_cmd /* command */ ,
82                   const struct cifs_tcon *tcon)
83 {
84         struct smb2_pdu *pdu = (struct smb2_pdu *)hdr;
85         char *temp = (char *)hdr;
86         /* lookup word count ie StructureSize from table */
87         __u16 parmsize = smb2_req_struct_sizes[le16_to_cpu(smb2_cmd)];
88
89         /*
90          * smaller than SMALL_BUFFER_SIZE but bigger than fixed area of
91          * largest operations (Create)
92          */
93         memset(temp, 0, 256);
94
95         /* Note this is only network field converted to big endian */
96         hdr->smb2_buf_length = cpu_to_be32(parmsize + sizeof(struct smb2_hdr)
97                         - 4 /*  RFC 1001 length field itself not counted */);
98
99         hdr->ProtocolId[0] = 0xFE;
100         hdr->ProtocolId[1] = 'S';
101         hdr->ProtocolId[2] = 'M';
102         hdr->ProtocolId[3] = 'B';
103         hdr->StructureSize = cpu_to_le16(64);
104         hdr->Command = smb2_cmd;
105         hdr->CreditRequest = cpu_to_le16(2); /* BB make this dynamic */
106         hdr->ProcessId = cpu_to_le32((__u16)current->tgid);
107
108         if (!tcon)
109                 goto out;
110
111         hdr->TreeId = tcon->tid;
112         /* Uid is not converted */
113         if (tcon->ses)
114                 hdr->SessionId = tcon->ses->Suid;
115         /* BB check following DFS flags BB */
116         /* BB do we have to add check for SHI1005_FLAGS_DFS_ROOT too? */
117         if (tcon->share_flags & SHI1005_FLAGS_DFS)
118                 hdr->Flags |= SMB2_FLAGS_DFS_OPERATIONS;
119         /* BB how does SMB2 do case sensitive? */
120         /* if (tcon->nocase)
121                 hdr->Flags |= SMBFLG_CASELESS; */
122         if (tcon->ses && tcon->ses->server &&
123             (tcon->ses->server->sec_mode & SECMODE_SIGN_REQUIRED))
124                 hdr->Flags |= SMB2_FLAGS_SIGNED;
125 out:
126         pdu->StructureSize2 = cpu_to_le16(parmsize);
127         return;
128 }
129
130 static int
131 smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon)
132 {
133         int rc = 0;
134         struct nls_table *nls_codepage;
135         struct cifs_ses *ses;
136         struct TCP_Server_Info *server;
137
138         /*
139          * SMB2s NegProt, SessSetup, Logoff do not have tcon yet so
140          * check for tcp and smb session status done differently
141          * for those three - in the calling routine.
142          */
143         if (tcon == NULL)
144                 return rc;
145
146         if (smb2_command == SMB2_TREE_CONNECT)
147                 return rc;
148
149         if (tcon->tidStatus == CifsExiting) {
150                 /*
151                  * only tree disconnect, open, and write,
152                  * (and ulogoff which does not have tcon)
153                  * are allowed as we start force umount.
154                  */
155                 if ((smb2_command != SMB2_WRITE) &&
156                    (smb2_command != SMB2_CREATE) &&
157                    (smb2_command != SMB2_TREE_DISCONNECT)) {
158                         cifs_dbg(FYI, "can not send cmd %d while umounting\n",
159                                  smb2_command);
160                         return -ENODEV;
161                 }
162         }
163         if ((!tcon->ses) || (tcon->ses->status == CifsExiting) ||
164             (!tcon->ses->server))
165                 return -EIO;
166
167         ses = tcon->ses;
168         server = ses->server;
169
170         /*
171          * Give demultiplex thread up to 10 seconds to reconnect, should be
172          * greater than cifs socket timeout which is 7 seconds
173          */
174         while (server->tcpStatus == CifsNeedReconnect) {
175                 /*
176                  * Return to caller for TREE_DISCONNECT and LOGOFF and CLOSE
177                  * here since they are implicitly done when session drops.
178                  */
179                 switch (smb2_command) {
180                 /*
181                  * BB Should we keep oplock break and add flush to exceptions?
182                  */
183                 case SMB2_TREE_DISCONNECT:
184                 case SMB2_CANCEL:
185                 case SMB2_CLOSE:
186                 case SMB2_OPLOCK_BREAK:
187                         return -EAGAIN;
188                 }
189
190                 wait_event_interruptible_timeout(server->response_q,
191                         (server->tcpStatus != CifsNeedReconnect), 10 * HZ);
192
193                 /* are we still trying to reconnect? */
194                 if (server->tcpStatus != CifsNeedReconnect)
195                         break;
196
197                 /*
198                  * on "soft" mounts we wait once. Hard mounts keep
199                  * retrying until process is killed or server comes
200                  * back on-line
201                  */
202                 if (!tcon->retry) {
203                         cifs_dbg(FYI, "gave up waiting on reconnect in smb_init\n");
204                         return -EHOSTDOWN;
205                 }
206         }
207
208         if (!tcon->ses->need_reconnect && !tcon->need_reconnect)
209                 return rc;
210
211         nls_codepage = load_nls_default();
212
213         /*
214          * need to prevent multiple threads trying to simultaneously reconnect
215          * the same SMB session
216          */
217         mutex_lock(&tcon->ses->session_mutex);
218         rc = cifs_negotiate_protocol(0, tcon->ses);
219         if (!rc && tcon->ses->need_reconnect)
220                 rc = cifs_setup_session(0, tcon->ses, nls_codepage);
221
222         if (rc || !tcon->need_reconnect) {
223                 mutex_unlock(&tcon->ses->session_mutex);
224                 goto out;
225         }
226
227         cifs_mark_open_files_invalid(tcon);
228         rc = SMB2_tcon(0, tcon->ses, tcon->treeName, tcon, nls_codepage);
229         mutex_unlock(&tcon->ses->session_mutex);
230         cifs_dbg(FYI, "reconnect tcon rc = %d\n", rc);
231         if (rc)
232                 goto out;
233         atomic_inc(&tconInfoReconnectCount);
234         /*
235          * BB FIXME add code to check if wsize needs update due to negotiated
236          * smb buffer size shrinking.
237          */
238 out:
239         /*
240          * Check if handle based operation so we know whether we can continue
241          * or not without returning to caller to reset file handle.
242          */
243         /*
244          * BB Is flush done by server on drop of tcp session? Should we special
245          * case it and skip above?
246          */
247         switch (smb2_command) {
248         case SMB2_FLUSH:
249         case SMB2_READ:
250         case SMB2_WRITE:
251         case SMB2_LOCK:
252         case SMB2_IOCTL:
253         case SMB2_QUERY_DIRECTORY:
254         case SMB2_CHANGE_NOTIFY:
255         case SMB2_QUERY_INFO:
256         case SMB2_SET_INFO:
257                 return -EAGAIN;
258         }
259         unload_nls(nls_codepage);
260         return rc;
261 }
262
263 /*
264  * Allocate and return pointer to an SMB request hdr, and set basic
265  * SMB information in the SMB header. If the return code is zero, this
266  * function must have filled in request_buf pointer.
267  */
268 static int
269 small_smb2_init(__le16 smb2_command, struct cifs_tcon *tcon,
270                 void **request_buf)
271 {
272         int rc = 0;
273
274         rc = smb2_reconnect(smb2_command, tcon);
275         if (rc)
276                 return rc;
277
278         /* BB eventually switch this to SMB2 specific small buf size */
279         *request_buf = cifs_small_buf_get();
280         if (*request_buf == NULL) {
281                 /* BB should we add a retry in here if not a writepage? */
282                 return -ENOMEM;
283         }
284
285         smb2_hdr_assemble((struct smb2_hdr *) *request_buf, smb2_command, tcon);
286
287         if (tcon != NULL) {
288 #ifdef CONFIG_CIFS_STATS2
289                 uint16_t com_code = le16_to_cpu(smb2_command);
290                 cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_sent[com_code]);
291 #endif
292                 cifs_stats_inc(&tcon->num_smbs_sent);
293         }
294
295         return rc;
296 }
297
298 static void
299 free_rsp_buf(int resp_buftype, void *rsp)
300 {
301         if (resp_buftype == CIFS_SMALL_BUFFER)
302                 cifs_small_buf_release(rsp);
303         else if (resp_buftype == CIFS_LARGE_BUFFER)
304                 cifs_buf_release(rsp);
305 }
306
307
308 /*
309  *
310  *      SMB2 Worker functions follow:
311  *
312  *      The general structure of the worker functions is:
313  *      1) Call smb2_init (assembles SMB2 header)
314  *      2) Initialize SMB2 command specific fields in fixed length area of SMB
315  *      3) Call smb_sendrcv2 (sends request on socket and waits for response)
316  *      4) Decode SMB2 command specific fields in the fixed length area
317  *      5) Decode variable length data area (if any for this SMB2 command type)
318  *      6) Call free smb buffer
319  *      7) return
320  *
321  */
322
323 int
324 SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
325 {
326         struct smb2_negotiate_req *req;
327         struct smb2_negotiate_rsp *rsp;
328         struct kvec iov[1];
329         int rc = 0;
330         int resp_buftype;
331         struct TCP_Server_Info *server;
332         unsigned int sec_flags;
333         u16 temp = 0;
334         int blob_offset, blob_length;
335         char *security_blob;
336         int flags = CIFS_NEG_OP;
337
338         cifs_dbg(FYI, "Negotiate protocol\n");
339
340         if (ses->server)
341                 server = ses->server;
342         else {
343                 rc = -EIO;
344                 return rc;
345         }
346
347         rc = small_smb2_init(SMB2_NEGOTIATE, NULL, (void **) &req);
348         if (rc)
349                 return rc;
350
351         /* if any of auth flags (ie not sign or seal) are overriden use them */
352         if (ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
353                 sec_flags = ses->overrideSecFlg;  /* BB FIXME fix sign flags?*/
354         else /* if override flags set only sign/seal OR them with global auth */
355                 sec_flags = global_secflags | ses->overrideSecFlg;
356
357         cifs_dbg(FYI, "sec_flags 0x%x\n", sec_flags);
358
359         req->hdr.SessionId = 0;
360
361         req->Dialects[0] = cpu_to_le16(ses->server->vals->protocol_id);
362
363         req->DialectCount = cpu_to_le16(1); /* One vers= at a time for now */
364         inc_rfc1001_len(req, 2);
365
366         /* only one of SMB2 signing flags may be set in SMB2 request */
367         if ((sec_flags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN)
368                 temp = SMB2_NEGOTIATE_SIGNING_REQUIRED;
369         else if (sec_flags & CIFSSEC_MAY_SIGN) /* MAY_SIGN is a single flag */
370                 temp = SMB2_NEGOTIATE_SIGNING_ENABLED;
371
372         req->SecurityMode = cpu_to_le16(temp);
373
374         req->Capabilities = cpu_to_le32(ses->server->vals->req_capabilities);
375
376         memcpy(req->ClientGUID, cifs_client_guid, SMB2_CLIENT_GUID_SIZE);
377
378         iov[0].iov_base = (char *)req;
379         /* 4 for rfc1002 length field */
380         iov[0].iov_len = get_rfc1002_length(req) + 4;
381
382         rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, flags);
383
384         rsp = (struct smb2_negotiate_rsp *)iov[0].iov_base;
385         /*
386          * No tcon so can't do
387          * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
388          */
389         if (rc != 0)
390                 goto neg_exit;
391
392         cifs_dbg(FYI, "mode 0x%x\n", rsp->SecurityMode);
393
394         /* BB we may eventually want to match the negotiated vs. requested
395            dialect, even though we are only requesting one at a time */
396         if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID))
397                 cifs_dbg(FYI, "negotiated smb2.0 dialect\n");
398         else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID))
399                 cifs_dbg(FYI, "negotiated smb2.1 dialect\n");
400         else if (rsp->DialectRevision == cpu_to_le16(SMB30_PROT_ID))
401                 cifs_dbg(FYI, "negotiated smb3.0 dialect\n");
402         else {
403                 cifs_dbg(VFS, "Illegal dialect returned by server %d\n",
404                          le16_to_cpu(rsp->DialectRevision));
405                 rc = -EIO;
406                 goto neg_exit;
407         }
408         server->dialect = le16_to_cpu(rsp->DialectRevision);
409
410         server->maxBuf = le32_to_cpu(rsp->MaxTransactSize);
411         /* set it to the maximum buffer size value we can send with 1 credit */
412         server->maxBuf = min_t(unsigned int, le32_to_cpu(rsp->MaxTransactSize),
413                                SMB2_MAX_BUFFER_SIZE);
414         server->max_read = le32_to_cpu(rsp->MaxReadSize);
415         server->max_write = le32_to_cpu(rsp->MaxWriteSize);
416         /* BB Do we need to validate the SecurityMode? */
417         server->sec_mode = le16_to_cpu(rsp->SecurityMode);
418         server->capabilities = le32_to_cpu(rsp->Capabilities);
419         /* Internal types */
420         server->capabilities |= SMB2_NT_FIND | SMB2_LARGE_FILES;
421
422         security_blob = smb2_get_data_area_len(&blob_offset, &blob_length,
423                                                &rsp->hdr);
424         if (blob_length == 0) {
425                 cifs_dbg(VFS, "missing security blob on negprot\n");
426                 rc = -EIO;
427                 goto neg_exit;
428         }
429
430         cifs_dbg(FYI, "sec_flags 0x%x\n", sec_flags);
431         if ((sec_flags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) {
432                 cifs_dbg(FYI, "Signing required\n");
433                 if (!(server->sec_mode & (SMB2_NEGOTIATE_SIGNING_REQUIRED |
434                       SMB2_NEGOTIATE_SIGNING_ENABLED))) {
435                         cifs_dbg(VFS, "signing required but server lacks support\n");
436                         rc = -EOPNOTSUPP;
437                         goto neg_exit;
438                 }
439                 server->sec_mode |= SECMODE_SIGN_REQUIRED;
440         } else if (sec_flags & CIFSSEC_MAY_SIGN) {
441                 cifs_dbg(FYI, "Signing optional\n");
442                 if (server->sec_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) {
443                         cifs_dbg(FYI, "Server requires signing\n");
444                         server->sec_mode |= SECMODE_SIGN_REQUIRED;
445                 } else {
446                         server->sec_mode &=
447                                 ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
448                 }
449         } else {
450                 cifs_dbg(FYI, "Signing disabled\n");
451                 if (server->sec_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) {
452                         cifs_dbg(VFS, "Server requires packet signing to be enabled in /proc/fs/cifs/SecurityFlags\n");
453                         rc = -EOPNOTSUPP;
454                         goto neg_exit;
455                 }
456                 server->sec_mode &=
457                         ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
458         }
459
460 #ifdef CONFIG_SMB2_ASN1  /* BB REMOVEME when updated asn1.c ready */
461         rc = decode_neg_token_init(security_blob, blob_length,
462                                    &server->sec_type);
463         if (rc == 1)
464                 rc = 0;
465         else if (rc == 0) {
466                 rc = -EIO;
467                 goto neg_exit;
468         }
469 #endif
470
471 neg_exit:
472         free_rsp_buf(resp_buftype, rsp);
473         return rc;
474 }
475
476 int
477 SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses,
478                 const struct nls_table *nls_cp)
479 {
480         struct smb2_sess_setup_req *req;
481         struct smb2_sess_setup_rsp *rsp = NULL;
482         struct kvec iov[2];
483         int rc = 0;
484         int resp_buftype;
485         __le32 phase = NtLmNegotiate; /* NTLMSSP, if needed, is multistage */
486         struct TCP_Server_Info *server;
487         unsigned int sec_flags;
488         u8 temp = 0;
489         u16 blob_length = 0;
490         char *security_blob;
491         char *ntlmssp_blob = NULL;
492         bool use_spnego = false; /* else use raw ntlmssp */
493
494         cifs_dbg(FYI, "Session Setup\n");
495
496         if (ses->server)
497                 server = ses->server;
498         else {
499                 rc = -EIO;
500                 return rc;
501         }
502
503         /*
504          * If memory allocation is successful, caller of this function
505          * frees it.
506          */
507         ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL);
508         if (!ses->ntlmssp)
509                 return -ENOMEM;
510
511         ses->server->secType = RawNTLMSSP;
512
513 ssetup_ntlmssp_authenticate:
514         if (phase == NtLmChallenge)
515                 phase = NtLmAuthenticate; /* if ntlmssp, now final phase */
516
517         rc = small_smb2_init(SMB2_SESSION_SETUP, NULL, (void **) &req);
518         if (rc)
519                 return rc;
520
521         /* if any of auth flags (ie not sign or seal) are overriden use them */
522         if (ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
523                 sec_flags = ses->overrideSecFlg;  /* BB FIXME fix sign flags?*/
524         else /* if override flags set only sign/seal OR them with global auth */
525                 sec_flags = global_secflags | ses->overrideSecFlg;
526
527         cifs_dbg(FYI, "sec_flags 0x%x\n", sec_flags);
528
529         req->hdr.SessionId = 0; /* First session, not a reauthenticate */
530         req->VcNumber = 0; /* MBZ */
531         /* to enable echos and oplocks */
532         req->hdr.CreditRequest = cpu_to_le16(3);
533
534         /* only one of SMB2 signing flags may be set in SMB2 request */
535         if ((sec_flags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN)
536                 temp = SMB2_NEGOTIATE_SIGNING_REQUIRED;
537         else if (ses->server->sec_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED)
538                 temp = SMB2_NEGOTIATE_SIGNING_REQUIRED;
539         else if (sec_flags & CIFSSEC_MAY_SIGN) /* MAY_SIGN is a single flag */
540                 temp = SMB2_NEGOTIATE_SIGNING_ENABLED;
541
542         req->SecurityMode = temp;
543         req->Capabilities = 0;
544         req->Channel = 0; /* MBZ */
545
546         iov[0].iov_base = (char *)req;
547         /* 4 for rfc1002 length field and 1 for pad */
548         iov[0].iov_len = get_rfc1002_length(req) + 4 - 1;
549         if (phase == NtLmNegotiate) {
550                 ntlmssp_blob = kmalloc(sizeof(struct _NEGOTIATE_MESSAGE),
551                                        GFP_KERNEL);
552                 if (ntlmssp_blob == NULL) {
553                         rc = -ENOMEM;
554                         goto ssetup_exit;
555                 }
556                 build_ntlmssp_negotiate_blob(ntlmssp_blob, ses);
557                 if (use_spnego) {
558                         /* blob_length = build_spnego_ntlmssp_blob(
559                                         &security_blob,
560                                         sizeof(struct _NEGOTIATE_MESSAGE),
561                                         ntlmssp_blob); */
562                         /* BB eventually need to add this */
563                         cifs_dbg(VFS, "spnego not supported for SMB2 yet\n");
564                         rc = -EOPNOTSUPP;
565                         kfree(ntlmssp_blob);
566                         goto ssetup_exit;
567                 } else {
568                         blob_length = sizeof(struct _NEGOTIATE_MESSAGE);
569                         /* with raw NTLMSSP we don't encapsulate in SPNEGO */
570                         security_blob = ntlmssp_blob;
571                 }
572         } else if (phase == NtLmAuthenticate) {
573                 req->hdr.SessionId = ses->Suid;
574                 ntlmssp_blob = kzalloc(sizeof(struct _NEGOTIATE_MESSAGE) + 500,
575                                        GFP_KERNEL);
576                 if (ntlmssp_blob == NULL) {
577                         rc = -ENOMEM;
578                         goto ssetup_exit;
579                 }
580                 rc = build_ntlmssp_auth_blob(ntlmssp_blob, &blob_length, ses,
581                                              nls_cp);
582                 if (rc) {
583                         cifs_dbg(FYI, "build_ntlmssp_auth_blob failed %d\n",
584                                  rc);
585                         goto ssetup_exit; /* BB double check error handling */
586                 }
587                 if (use_spnego) {
588                         /* blob_length = build_spnego_ntlmssp_blob(
589                                                         &security_blob,
590                                                         blob_length,
591                                                         ntlmssp_blob); */
592                         cifs_dbg(VFS, "spnego not supported for SMB2 yet\n");
593                         rc = -EOPNOTSUPP;
594                         kfree(ntlmssp_blob);
595                         goto ssetup_exit;
596                 } else {
597                         security_blob = ntlmssp_blob;
598                 }
599         } else {
600                 cifs_dbg(VFS, "illegal ntlmssp phase\n");
601                 rc = -EIO;
602                 goto ssetup_exit;
603         }
604
605         /* Testing shows that buffer offset must be at location of Buffer[0] */
606         req->SecurityBufferOffset =
607                                 cpu_to_le16(sizeof(struct smb2_sess_setup_req) -
608                                             1 /* pad */ - 4 /* rfc1001 len */);
609         req->SecurityBufferLength = cpu_to_le16(blob_length);
610         iov[1].iov_base = security_blob;
611         iov[1].iov_len = blob_length;
612
613         inc_rfc1001_len(req, blob_length - 1 /* pad */);
614
615         /* BB add code to build os and lm fields */
616
617         rc = SendReceive2(xid, ses, iov, 2, &resp_buftype,
618                           CIFS_LOG_ERROR | CIFS_NEG_OP);
619
620         kfree(security_blob);
621         rsp = (struct smb2_sess_setup_rsp *)iov[0].iov_base;
622         if (resp_buftype != CIFS_NO_BUFFER &&
623             rsp->hdr.Status == STATUS_MORE_PROCESSING_REQUIRED) {
624                 if (phase != NtLmNegotiate) {
625                         cifs_dbg(VFS, "Unexpected more processing error\n");
626                         goto ssetup_exit;
627                 }
628                 if (offsetof(struct smb2_sess_setup_rsp, Buffer) - 4 !=
629                                 le16_to_cpu(rsp->SecurityBufferOffset)) {
630                         cifs_dbg(VFS, "Invalid security buffer offset %d\n",
631                                  le16_to_cpu(rsp->SecurityBufferOffset));
632                         rc = -EIO;
633                         goto ssetup_exit;
634                 }
635
636                 /* NTLMSSP Negotiate sent now processing challenge (response) */
637                 phase = NtLmChallenge; /* process ntlmssp challenge */
638                 rc = 0; /* MORE_PROCESSING is not an error here but expected */
639                 ses->Suid = rsp->hdr.SessionId;
640                 rc = decode_ntlmssp_challenge(rsp->Buffer,
641                                 le16_to_cpu(rsp->SecurityBufferLength), ses);
642         }
643
644         /*
645          * BB eventually add code for SPNEGO decoding of NtlmChallenge blob,
646          * but at least the raw NTLMSSP case works.
647          */
648         /*
649          * No tcon so can't do
650          * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
651          */
652         if (rc != 0)
653                 goto ssetup_exit;
654
655         ses->session_flags = le16_to_cpu(rsp->SessionFlags);
656 ssetup_exit:
657         free_rsp_buf(resp_buftype, rsp);
658
659         /* if ntlmssp, and negotiate succeeded, proceed to authenticate phase */
660         if ((phase == NtLmChallenge) && (rc == 0))
661                 goto ssetup_ntlmssp_authenticate;
662         return rc;
663 }
664
665 int
666 SMB2_logoff(const unsigned int xid, struct cifs_ses *ses)
667 {
668         struct smb2_logoff_req *req; /* response is also trivial struct */
669         int rc = 0;
670         struct TCP_Server_Info *server;
671
672         cifs_dbg(FYI, "disconnect session %p\n", ses);
673
674         if (ses && (ses->server))
675                 server = ses->server;
676         else
677                 return -EIO;
678
679         /* no need to send SMB logoff if uid already closed due to reconnect */
680         if (ses->need_reconnect)
681                 goto smb2_session_already_dead;
682
683         rc = small_smb2_init(SMB2_LOGOFF, NULL, (void **) &req);
684         if (rc)
685                 return rc;
686
687          /* since no tcon, smb2_init can not do this, so do here */
688         req->hdr.SessionId = ses->Suid;
689         if (server->sec_mode & SECMODE_SIGN_REQUIRED)
690                 req->hdr.Flags |= SMB2_FLAGS_SIGNED;
691
692         rc = SendReceiveNoRsp(xid, ses, (char *) &req->hdr, 0);
693         /*
694          * No tcon so can't do
695          * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
696          */
697
698 smb2_session_already_dead:
699         return rc;
700 }
701
702 static inline void cifs_stats_fail_inc(struct cifs_tcon *tcon, uint16_t code)
703 {
704         cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_failed[code]);
705 }
706
707 #define MAX_SHARENAME_LENGTH (255 /* server */ + 80 /* share */ + 1 /* NULL */)
708
709 int
710 SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree,
711           struct cifs_tcon *tcon, const struct nls_table *cp)
712 {
713         struct smb2_tree_connect_req *req;
714         struct smb2_tree_connect_rsp *rsp = NULL;
715         struct kvec iov[2];
716         int rc = 0;
717         int resp_buftype;
718         int unc_path_len;
719         struct TCP_Server_Info *server;
720         __le16 *unc_path = NULL;
721
722         cifs_dbg(FYI, "TCON\n");
723
724         if ((ses->server) && tree)
725                 server = ses->server;
726         else
727                 return -EIO;
728
729         if (tcon && tcon->bad_network_name)
730                 return -ENOENT;
731
732         unc_path = kmalloc(MAX_SHARENAME_LENGTH * 2, GFP_KERNEL);
733         if (unc_path == NULL)
734                 return -ENOMEM;
735
736         unc_path_len = cifs_strtoUTF16(unc_path, tree, strlen(tree), cp) + 1;
737         unc_path_len *= 2;
738         if (unc_path_len < 2) {
739                 kfree(unc_path);
740                 return -EINVAL;
741         }
742
743         rc = small_smb2_init(SMB2_TREE_CONNECT, tcon, (void **) &req);
744         if (rc) {
745                 kfree(unc_path);
746                 return rc;
747         }
748
749         if (tcon == NULL) {
750                 /* since no tcon, smb2_init can not do this, so do here */
751                 req->hdr.SessionId = ses->Suid;
752                 /* if (ses->server->sec_mode & SECMODE_SIGN_REQUIRED)
753                         req->hdr.Flags |= SMB2_FLAGS_SIGNED; */
754         }
755
756         iov[0].iov_base = (char *)req;
757         /* 4 for rfc1002 length field and 1 for pad */
758         iov[0].iov_len = get_rfc1002_length(req) + 4 - 1;
759
760         /* Testing shows that buffer offset must be at location of Buffer[0] */
761         req->PathOffset = cpu_to_le16(sizeof(struct smb2_tree_connect_req)
762                         - 1 /* pad */ - 4 /* do not count rfc1001 len field */);
763         req->PathLength = cpu_to_le16(unc_path_len - 2);
764         iov[1].iov_base = unc_path;
765         iov[1].iov_len = unc_path_len;
766
767         inc_rfc1001_len(req, unc_path_len - 1 /* pad */);
768
769         rc = SendReceive2(xid, ses, iov, 2, &resp_buftype, 0);
770         rsp = (struct smb2_tree_connect_rsp *)iov[0].iov_base;
771
772         if (rc != 0) {
773                 if (tcon) {
774                         cifs_stats_fail_inc(tcon, SMB2_TREE_CONNECT_HE);
775                         tcon->need_reconnect = true;
776                 }
777                 goto tcon_error_exit;
778         }
779
780         if (tcon == NULL) {
781                 ses->ipc_tid = rsp->hdr.TreeId;
782                 goto tcon_exit;
783         }
784
785         if (rsp->ShareType & SMB2_SHARE_TYPE_DISK)
786                 cifs_dbg(FYI, "connection to disk share\n");
787         else if (rsp->ShareType & SMB2_SHARE_TYPE_PIPE) {
788                 tcon->ipc = true;
789                 cifs_dbg(FYI, "connection to pipe share\n");
790         } else if (rsp->ShareType & SMB2_SHARE_TYPE_PRINT) {
791                 tcon->print = true;
792                 cifs_dbg(FYI, "connection to printer\n");
793         } else {
794                 cifs_dbg(VFS, "unknown share type %d\n", rsp->ShareType);
795                 rc = -EOPNOTSUPP;
796                 goto tcon_error_exit;
797         }
798
799         tcon->share_flags = le32_to_cpu(rsp->ShareFlags);
800         tcon->maximal_access = le32_to_cpu(rsp->MaximalAccess);
801         tcon->tidStatus = CifsGood;
802         tcon->need_reconnect = false;
803         tcon->tid = rsp->hdr.TreeId;
804         strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
805
806         if ((rsp->Capabilities & SMB2_SHARE_CAP_DFS) &&
807             ((tcon->share_flags & SHI1005_FLAGS_DFS) == 0))
808                 cifs_dbg(VFS, "DFS capability contradicts DFS flag\n");
809
810 tcon_exit:
811         free_rsp_buf(resp_buftype, rsp);
812         kfree(unc_path);
813         return rc;
814
815 tcon_error_exit:
816         if (rsp->hdr.Status == STATUS_BAD_NETWORK_NAME) {
817                 cifs_dbg(VFS, "BAD_NETWORK_NAME: %s\n", tree);
818                 if (tcon)
819                         tcon->bad_network_name = true;
820         }
821         goto tcon_exit;
822 }
823
824 int
825 SMB2_tdis(const unsigned int xid, struct cifs_tcon *tcon)
826 {
827         struct smb2_tree_disconnect_req *req; /* response is trivial */
828         int rc = 0;
829         struct TCP_Server_Info *server;
830         struct cifs_ses *ses = tcon->ses;
831
832         cifs_dbg(FYI, "Tree Disconnect\n");
833
834         if (ses && (ses->server))
835                 server = ses->server;
836         else
837                 return -EIO;
838
839         if ((tcon->need_reconnect) || (tcon->ses->need_reconnect))
840                 return 0;
841
842         rc = small_smb2_init(SMB2_TREE_DISCONNECT, tcon, (void **) &req);
843         if (rc)
844                 return rc;
845
846         rc = SendReceiveNoRsp(xid, ses, (char *)&req->hdr, 0);
847         if (rc)
848                 cifs_stats_fail_inc(tcon, SMB2_TREE_DISCONNECT_HE);
849
850         return rc;
851 }
852
853 static struct create_lease *
854 create_lease_buf(u8 *lease_key, u8 oplock)
855 {
856         struct create_lease *buf;
857
858         buf = kzalloc(sizeof(struct create_lease), GFP_KERNEL);
859         if (!buf)
860                 return NULL;
861
862         buf->lcontext.LeaseKeyLow = cpu_to_le64(*((u64 *)lease_key));
863         buf->lcontext.LeaseKeyHigh = cpu_to_le64(*((u64 *)(lease_key + 8)));
864         if (oplock == SMB2_OPLOCK_LEVEL_EXCLUSIVE)
865                 buf->lcontext.LeaseState = SMB2_LEASE_WRITE_CACHING |
866                                            SMB2_LEASE_READ_CACHING;
867         else if (oplock == SMB2_OPLOCK_LEVEL_II)
868                 buf->lcontext.LeaseState = SMB2_LEASE_READ_CACHING;
869         else if (oplock == SMB2_OPLOCK_LEVEL_BATCH)
870                 buf->lcontext.LeaseState = SMB2_LEASE_HANDLE_CACHING |
871                                            SMB2_LEASE_READ_CACHING |
872                                            SMB2_LEASE_WRITE_CACHING;
873
874         buf->ccontext.DataOffset = cpu_to_le16(offsetof
875                                         (struct create_lease, lcontext));
876         buf->ccontext.DataLength = cpu_to_le32(sizeof(struct lease_context));
877         buf->ccontext.NameOffset = cpu_to_le16(offsetof
878                                 (struct create_lease, Name));
879         buf->ccontext.NameLength = cpu_to_le16(4);
880         buf->Name[0] = 'R';
881         buf->Name[1] = 'q';
882         buf->Name[2] = 'L';
883         buf->Name[3] = 's';
884         return buf;
885 }
886
887 static __u8
888 parse_lease_state(struct smb2_create_rsp *rsp)
889 {
890         char *data_offset;
891         struct create_lease *lc;
892         bool found = false;
893
894         data_offset = (char *)rsp;
895         data_offset += 4 + le32_to_cpu(rsp->CreateContextsOffset);
896         lc = (struct create_lease *)data_offset;
897         do {
898                 char *name = le16_to_cpu(lc->ccontext.NameOffset) + (char *)lc;
899                 if (le16_to_cpu(lc->ccontext.NameLength) != 4 ||
900                     strncmp(name, "RqLs", 4)) {
901                         lc = (struct create_lease *)((char *)lc
902                                         + le32_to_cpu(lc->ccontext.Next));
903                         continue;
904                 }
905                 if (lc->lcontext.LeaseFlags & SMB2_LEASE_FLAG_BREAK_IN_PROGRESS)
906                         return SMB2_OPLOCK_LEVEL_NOCHANGE;
907                 found = true;
908                 break;
909         } while (le32_to_cpu(lc->ccontext.Next) != 0);
910
911         if (!found)
912                 return 0;
913
914         return smb2_map_lease_to_oplock(lc->lcontext.LeaseState);
915 }
916
917 int
918 SMB2_open(const unsigned int xid, struct cifs_tcon *tcon, __le16 *path,
919           u64 *persistent_fid, u64 *volatile_fid, __u32 desired_access,
920           __u32 create_disposition, __u32 file_attributes, __u32 create_options,
921           __u8 *oplock, struct smb2_file_all_info *buf)
922 {
923         struct smb2_create_req *req;
924         struct smb2_create_rsp *rsp;
925         struct TCP_Server_Info *server;
926         struct cifs_ses *ses = tcon->ses;
927         struct kvec iov[3];
928         int resp_buftype;
929         int uni_path_len;
930         __le16 *copy_path = NULL;
931         int copy_size;
932         int rc = 0;
933         int num_iovecs = 2;
934
935         cifs_dbg(FYI, "create/open\n");
936
937         if (ses && (ses->server))
938                 server = ses->server;
939         else
940                 return -EIO;
941
942         rc = small_smb2_init(SMB2_CREATE, tcon, (void **) &req);
943         if (rc)
944                 return rc;
945
946         req->ImpersonationLevel = IL_IMPERSONATION;
947         req->DesiredAccess = cpu_to_le32(desired_access);
948         /* File attributes ignored on open (used in create though) */
949         req->FileAttributes = cpu_to_le32(file_attributes);
950         req->ShareAccess = FILE_SHARE_ALL_LE;
951         req->CreateDisposition = cpu_to_le32(create_disposition);
952         req->CreateOptions = cpu_to_le32(create_options);
953         uni_path_len = (2 * UniStrnlen((wchar_t *)path, PATH_MAX)) + 2;
954         req->NameOffset = cpu_to_le16(sizeof(struct smb2_create_req)
955                         - 8 /* pad */ - 4 /* do not count rfc1001 len field */);
956
957         iov[0].iov_base = (char *)req;
958         /* 4 for rfc1002 length field */
959         iov[0].iov_len = get_rfc1002_length(req) + 4;
960
961         /* MUST set path len (NameLength) to 0 opening root of share */
962         if (uni_path_len >= 4) {
963                 req->NameLength = cpu_to_le16(uni_path_len - 2);
964                 /* -1 since last byte is buf[0] which is sent below (path) */
965                 iov[0].iov_len--;
966                 if (uni_path_len % 8 != 0) {
967                         copy_size = uni_path_len / 8 * 8;
968                         if (copy_size < uni_path_len)
969                                 copy_size += 8;
970
971                         copy_path = kzalloc(copy_size, GFP_KERNEL);
972                         if (!copy_path)
973                                 return -ENOMEM;
974                         memcpy((char *)copy_path, (const char *)path,
975                                 uni_path_len);
976                         uni_path_len = copy_size;
977                         path = copy_path;
978                 }
979
980                 iov[1].iov_len = uni_path_len;
981                 iov[1].iov_base = path;
982                 /*
983                  * -1 since last byte is buf[0] which was counted in
984                  * smb2_buf_len.
985                  */
986                 inc_rfc1001_len(req, uni_path_len - 1);
987         } else {
988                 iov[0].iov_len += 7;
989                 req->hdr.smb2_buf_length = cpu_to_be32(be32_to_cpu(
990                                 req->hdr.smb2_buf_length) + 8 - 1);
991                 num_iovecs = 1;
992                 req->NameLength = 0;
993         }
994
995         if (!server->oplocks)
996                 *oplock = SMB2_OPLOCK_LEVEL_NONE;
997
998         if (!(tcon->ses->server->capabilities & SMB2_GLOBAL_CAP_LEASING) ||
999             *oplock == SMB2_OPLOCK_LEVEL_NONE)
1000                 req->RequestedOplockLevel = *oplock;
1001         else {
1002                 iov[num_iovecs].iov_base = create_lease_buf(oplock+1, *oplock);
1003                 if (iov[num_iovecs].iov_base == NULL) {
1004                         cifs_small_buf_release(req);
1005                         kfree(copy_path);
1006                         return -ENOMEM;
1007                 }
1008                 iov[num_iovecs].iov_len = sizeof(struct create_lease);
1009                 req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_LEASE;
1010                 req->CreateContextsOffset = cpu_to_le32(
1011                         sizeof(struct smb2_create_req) - 4 - 8 +
1012                         iov[num_iovecs-1].iov_len);
1013                 req->CreateContextsLength = cpu_to_le32(
1014                         sizeof(struct create_lease));
1015                 inc_rfc1001_len(&req->hdr, sizeof(struct create_lease));
1016                 num_iovecs++;
1017         }
1018
1019         rc = SendReceive2(xid, ses, iov, num_iovecs, &resp_buftype, 0);
1020         rsp = (struct smb2_create_rsp *)iov[0].iov_base;
1021
1022         if (rc != 0) {
1023                 cifs_stats_fail_inc(tcon, SMB2_CREATE_HE);
1024                 goto creat_exit;
1025         }
1026
1027         *persistent_fid = rsp->PersistentFileId;
1028         *volatile_fid = rsp->VolatileFileId;
1029
1030         if (buf) {
1031                 memcpy(buf, &rsp->CreationTime, 32);
1032                 buf->AllocationSize = rsp->AllocationSize;
1033                 buf->EndOfFile = rsp->EndofFile;
1034                 buf->Attributes = rsp->FileAttributes;
1035                 buf->NumberOfLinks = cpu_to_le32(1);
1036                 buf->DeletePending = 0;
1037         }
1038
1039         if (rsp->OplockLevel == SMB2_OPLOCK_LEVEL_LEASE)
1040                 *oplock = parse_lease_state(rsp);
1041         else
1042                 *oplock = rsp->OplockLevel;
1043 creat_exit:
1044         kfree(copy_path);
1045         free_rsp_buf(resp_buftype, rsp);
1046         return rc;
1047 }
1048
1049 int
1050 SMB2_close(const unsigned int xid, struct cifs_tcon *tcon,
1051            u64 persistent_fid, u64 volatile_fid)
1052 {
1053         struct smb2_close_req *req;
1054         struct smb2_close_rsp *rsp;
1055         struct TCP_Server_Info *server;
1056         struct cifs_ses *ses = tcon->ses;
1057         struct kvec iov[1];
1058         int resp_buftype;
1059         int rc = 0;
1060
1061         cifs_dbg(FYI, "Close\n");
1062
1063         if (ses && (ses->server))
1064                 server = ses->server;
1065         else
1066                 return -EIO;
1067
1068         rc = small_smb2_init(SMB2_CLOSE, tcon, (void **) &req);
1069         if (rc)
1070                 return rc;
1071
1072         req->PersistentFileId = persistent_fid;
1073         req->VolatileFileId = volatile_fid;
1074
1075         iov[0].iov_base = (char *)req;
1076         /* 4 for rfc1002 length field */
1077         iov[0].iov_len = get_rfc1002_length(req) + 4;
1078
1079         rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, 0);
1080         rsp = (struct smb2_close_rsp *)iov[0].iov_base;
1081
1082         if (rc != 0) {
1083                 if (tcon)
1084                         cifs_stats_fail_inc(tcon, SMB2_CLOSE_HE);
1085                 goto close_exit;
1086         }
1087
1088         /* BB FIXME - decode close response, update inode for caching */
1089
1090 close_exit:
1091         free_rsp_buf(resp_buftype, rsp);
1092         return rc;
1093 }
1094
1095 static int
1096 validate_buf(unsigned int offset, unsigned int buffer_length,
1097              struct smb2_hdr *hdr, unsigned int min_buf_size)
1098
1099 {
1100         unsigned int smb_len = be32_to_cpu(hdr->smb2_buf_length);
1101         char *end_of_smb = smb_len + 4 /* RFC1001 length field */ + (char *)hdr;
1102         char *begin_of_buf = 4 /* RFC1001 len field */ + offset + (char *)hdr;
1103         char *end_of_buf = begin_of_buf + buffer_length;
1104
1105
1106         if (buffer_length < min_buf_size) {
1107                 cifs_dbg(VFS, "buffer length %d smaller than minimum size %d\n",
1108                          buffer_length, min_buf_size);
1109                 return -EINVAL;
1110         }
1111
1112         /* check if beyond RFC1001 maximum length */
1113         if ((smb_len > 0x7FFFFF) || (buffer_length > 0x7FFFFF)) {
1114                 cifs_dbg(VFS, "buffer length %d or smb length %d too large\n",
1115                          buffer_length, smb_len);
1116                 return -EINVAL;
1117         }
1118
1119         if ((begin_of_buf > end_of_smb) || (end_of_buf > end_of_smb)) {
1120                 cifs_dbg(VFS, "illegal server response, bad offset to data\n");
1121                 return -EINVAL;
1122         }
1123
1124         return 0;
1125 }
1126
1127 /*
1128  * If SMB buffer fields are valid, copy into temporary buffer to hold result.
1129  * Caller must free buffer.
1130  */
1131 static int
1132 validate_and_copy_buf(unsigned int offset, unsigned int buffer_length,
1133                       struct smb2_hdr *hdr, unsigned int minbufsize,
1134                       char *data)
1135
1136 {
1137         char *begin_of_buf = 4 /* RFC1001 len field */ + offset + (char *)hdr;
1138         int rc;
1139
1140         if (!data)
1141                 return -EINVAL;
1142
1143         rc = validate_buf(offset, buffer_length, hdr, minbufsize);
1144         if (rc)
1145                 return rc;
1146
1147         memcpy(data, begin_of_buf, buffer_length);
1148
1149         return 0;
1150 }
1151
1152 static int
1153 query_info(const unsigned int xid, struct cifs_tcon *tcon,
1154            u64 persistent_fid, u64 volatile_fid, u8 info_class,
1155            size_t output_len, size_t min_len, void *data)
1156 {
1157         struct smb2_query_info_req *req;
1158         struct smb2_query_info_rsp *rsp = NULL;
1159         struct kvec iov[2];
1160         int rc = 0;
1161         int resp_buftype;
1162         struct TCP_Server_Info *server;
1163         struct cifs_ses *ses = tcon->ses;
1164
1165         cifs_dbg(FYI, "Query Info\n");
1166
1167         if (ses && (ses->server))
1168                 server = ses->server;
1169         else
1170                 return -EIO;
1171
1172         rc = small_smb2_init(SMB2_QUERY_INFO, tcon, (void **) &req);
1173         if (rc)
1174                 return rc;
1175
1176         req->InfoType = SMB2_O_INFO_FILE;
1177         req->FileInfoClass = info_class;
1178         req->PersistentFileId = persistent_fid;
1179         req->VolatileFileId = volatile_fid;
1180         /* 4 for rfc1002 length field and 1 for Buffer */
1181         req->InputBufferOffset =
1182                 cpu_to_le16(sizeof(struct smb2_query_info_req) - 1 - 4);
1183         req->OutputBufferLength = cpu_to_le32(output_len);
1184
1185         iov[0].iov_base = (char *)req;
1186         /* 4 for rfc1002 length field */
1187         iov[0].iov_len = get_rfc1002_length(req) + 4;
1188
1189         rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, 0);
1190         rsp = (struct smb2_query_info_rsp *)iov[0].iov_base;
1191
1192         if (rc) {
1193                 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
1194                 goto qinf_exit;
1195         }
1196
1197         rc = validate_and_copy_buf(le16_to_cpu(rsp->OutputBufferOffset),
1198                                    le32_to_cpu(rsp->OutputBufferLength),
1199                                    &rsp->hdr, min_len, data);
1200
1201 qinf_exit:
1202         free_rsp_buf(resp_buftype, rsp);
1203         return rc;
1204 }
1205
1206 int
1207 SMB2_query_info(const unsigned int xid, struct cifs_tcon *tcon,
1208                 u64 persistent_fid, u64 volatile_fid,
1209                 struct smb2_file_all_info *data)
1210 {
1211         return query_info(xid, tcon, persistent_fid, volatile_fid,
1212                           FILE_ALL_INFORMATION,
1213                           sizeof(struct smb2_file_all_info) + PATH_MAX * 2,
1214                           sizeof(struct smb2_file_all_info), data);
1215 }
1216
1217 int
1218 SMB2_get_srv_num(const unsigned int xid, struct cifs_tcon *tcon,
1219                  u64 persistent_fid, u64 volatile_fid, __le64 *uniqueid)
1220 {
1221         return query_info(xid, tcon, persistent_fid, volatile_fid,
1222                           FILE_INTERNAL_INFORMATION,
1223                           sizeof(struct smb2_file_internal_info),
1224                           sizeof(struct smb2_file_internal_info), uniqueid);
1225 }
1226
1227 /*
1228  * This is a no-op for now. We're not really interested in the reply, but
1229  * rather in the fact that the server sent one and that server->lstrp
1230  * gets updated.
1231  *
1232  * FIXME: maybe we should consider checking that the reply matches request?
1233  */
1234 static void
1235 smb2_echo_callback(struct mid_q_entry *mid)
1236 {
1237         struct TCP_Server_Info *server = mid->callback_data;
1238         struct smb2_echo_rsp *smb2 = (struct smb2_echo_rsp *)mid->resp_buf;
1239         unsigned int credits_received = 1;
1240
1241         if (mid->mid_state == MID_RESPONSE_RECEIVED)
1242                 credits_received = le16_to_cpu(smb2->hdr.CreditRequest);
1243
1244         DeleteMidQEntry(mid);
1245         add_credits(server, credits_received, CIFS_ECHO_OP);
1246 }
1247
1248 int
1249 SMB2_echo(struct TCP_Server_Info *server)
1250 {
1251         struct smb2_echo_req *req;
1252         int rc = 0;
1253         struct kvec iov;
1254         struct smb_rqst rqst = { .rq_iov = &iov,
1255                                  .rq_nvec = 1 };
1256
1257         cifs_dbg(FYI, "In echo request\n");
1258
1259         rc = small_smb2_init(SMB2_ECHO, NULL, (void **)&req);
1260         if (rc)
1261                 return rc;
1262
1263         req->hdr.CreditRequest = cpu_to_le16(1);
1264
1265         iov.iov_base = (char *)req;
1266         /* 4 for rfc1002 length field */
1267         iov.iov_len = get_rfc1002_length(req) + 4;
1268
1269         rc = cifs_call_async(server, &rqst, NULL, smb2_echo_callback, server,
1270                              CIFS_ECHO_OP);
1271         if (rc)
1272                 cifs_dbg(FYI, "Echo request failed: %d\n", rc);
1273
1274         cifs_small_buf_release(req);
1275         return rc;
1276 }
1277
1278 int
1279 SMB2_flush(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
1280            u64 volatile_fid)
1281 {
1282         struct smb2_flush_req *req;
1283         struct TCP_Server_Info *server;
1284         struct cifs_ses *ses = tcon->ses;
1285         struct kvec iov[1];
1286         int resp_buftype;
1287         int rc = 0;
1288
1289         cifs_dbg(FYI, "Flush\n");
1290
1291         if (ses && (ses->server))
1292                 server = ses->server;
1293         else
1294                 return -EIO;
1295
1296         rc = small_smb2_init(SMB2_FLUSH, tcon, (void **) &req);
1297         if (rc)
1298                 return rc;
1299
1300         req->PersistentFileId = persistent_fid;
1301         req->VolatileFileId = volatile_fid;
1302
1303         iov[0].iov_base = (char *)req;
1304         /* 4 for rfc1002 length field */
1305         iov[0].iov_len = get_rfc1002_length(req) + 4;
1306
1307         rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, 0);
1308
1309         if ((rc != 0) && tcon)
1310                 cifs_stats_fail_inc(tcon, SMB2_FLUSH_HE);
1311
1312         free_rsp_buf(resp_buftype, iov[0].iov_base);
1313         return rc;
1314 }
1315
1316 /*
1317  * To form a chain of read requests, any read requests after the first should
1318  * have the end_of_chain boolean set to true.
1319  */
1320 static int
1321 smb2_new_read_req(struct kvec *iov, struct cifs_io_parms *io_parms,
1322                   unsigned int remaining_bytes, int request_type)
1323 {
1324         int rc = -EACCES;
1325         struct smb2_read_req *req = NULL;
1326
1327         rc = small_smb2_init(SMB2_READ, io_parms->tcon, (void **) &req);
1328         if (rc)
1329                 return rc;
1330         if (io_parms->tcon->ses->server == NULL)
1331                 return -ECONNABORTED;
1332
1333         req->hdr.ProcessId = cpu_to_le32(io_parms->pid);
1334
1335         req->PersistentFileId = io_parms->persistent_fid;
1336         req->VolatileFileId = io_parms->volatile_fid;
1337         req->ReadChannelInfoOffset = 0; /* reserved */
1338         req->ReadChannelInfoLength = 0; /* reserved */
1339         req->Channel = 0; /* reserved */
1340         req->MinimumCount = 0;
1341         req->Length = cpu_to_le32(io_parms->length);
1342         req->Offset = cpu_to_le64(io_parms->offset);
1343
1344         if (request_type & CHAINED_REQUEST) {
1345                 if (!(request_type & END_OF_CHAIN)) {
1346                         /* 4 for rfc1002 length field */
1347                         req->hdr.NextCommand =
1348                                 cpu_to_le32(get_rfc1002_length(req) + 4);
1349                 } else /* END_OF_CHAIN */
1350                         req->hdr.NextCommand = 0;
1351                 if (request_type & RELATED_REQUEST) {
1352                         req->hdr.Flags |= SMB2_FLAGS_RELATED_OPERATIONS;
1353                         /*
1354                          * Related requests use info from previous read request
1355                          * in chain.
1356                          */
1357                         req->hdr.SessionId = 0xFFFFFFFF;
1358                         req->hdr.TreeId = 0xFFFFFFFF;
1359                         req->PersistentFileId = 0xFFFFFFFF;
1360                         req->VolatileFileId = 0xFFFFFFFF;
1361                 }
1362         }
1363         if (remaining_bytes > io_parms->length)
1364                 req->RemainingBytes = cpu_to_le32(remaining_bytes);
1365         else
1366                 req->RemainingBytes = 0;
1367
1368         iov[0].iov_base = (char *)req;
1369         /* 4 for rfc1002 length field */
1370         iov[0].iov_len = get_rfc1002_length(req) + 4;
1371         return rc;
1372 }
1373
1374 static void
1375 smb2_readv_callback(struct mid_q_entry *mid)
1376 {
1377         struct cifs_readdata *rdata = mid->callback_data;
1378         struct cifs_tcon *tcon = tlink_tcon(rdata->cfile->tlink);
1379         struct TCP_Server_Info *server = tcon->ses->server;
1380         struct smb2_hdr *buf = (struct smb2_hdr *)rdata->iov.iov_base;
1381         unsigned int credits_received = 1;
1382         struct smb_rqst rqst = { .rq_iov = &rdata->iov,
1383                                  .rq_nvec = 1,
1384                                  .rq_pages = rdata->pages,
1385                                  .rq_npages = rdata->nr_pages,
1386                                  .rq_pagesz = rdata->pagesz,
1387                                  .rq_tailsz = rdata->tailsz };
1388
1389         cifs_dbg(FYI, "%s: mid=%llu state=%d result=%d bytes=%u\n",
1390                  __func__, mid->mid, mid->mid_state, rdata->result,
1391                  rdata->bytes);
1392
1393         switch (mid->mid_state) {
1394         case MID_RESPONSE_RECEIVED:
1395                 credits_received = le16_to_cpu(buf->CreditRequest);
1396                 /* result already set, check signature */
1397                 if (server->sec_mode &
1398                     (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) {
1399                         int rc;
1400
1401                         rc = smb2_verify_signature(&rqst, server);
1402                         if (rc)
1403                                 cifs_dbg(VFS, "SMB signature verification returned error = %d\n",
1404                                          rc);
1405                 }
1406                 /* FIXME: should this be counted toward the initiating task? */
1407                 task_io_account_read(rdata->bytes);
1408                 cifs_stats_bytes_read(tcon, rdata->bytes);
1409                 break;
1410         case MID_REQUEST_SUBMITTED:
1411         case MID_RETRY_NEEDED:
1412                 rdata->result = -EAGAIN;
1413                 break;
1414         default:
1415                 if (rdata->result != -ENODATA)
1416                         rdata->result = -EIO;
1417         }
1418
1419         if (rdata->result)
1420                 cifs_stats_fail_inc(tcon, SMB2_READ_HE);
1421
1422         queue_work(cifsiod_wq, &rdata->work);
1423         DeleteMidQEntry(mid);
1424         add_credits(server, credits_received, 0);
1425 }
1426
1427 /* smb2_async_readv - send an async write, and set up mid to handle result */
1428 int
1429 smb2_async_readv(struct cifs_readdata *rdata)
1430 {
1431         int rc;
1432         struct smb2_hdr *buf;
1433         struct cifs_io_parms io_parms;
1434         struct smb_rqst rqst = { .rq_iov = &rdata->iov,
1435                                  .rq_nvec = 1 };
1436
1437         cifs_dbg(FYI, "%s: offset=%llu bytes=%u\n",
1438                  __func__, rdata->offset, rdata->bytes);
1439
1440         io_parms.tcon = tlink_tcon(rdata->cfile->tlink);
1441         io_parms.offset = rdata->offset;
1442         io_parms.length = rdata->bytes;
1443         io_parms.persistent_fid = rdata->cfile->fid.persistent_fid;
1444         io_parms.volatile_fid = rdata->cfile->fid.volatile_fid;
1445         io_parms.pid = rdata->pid;
1446         rc = smb2_new_read_req(&rdata->iov, &io_parms, 0, 0);
1447         if (rc)
1448                 return rc;
1449
1450         buf = (struct smb2_hdr *)rdata->iov.iov_base;
1451         /* 4 for rfc1002 length field */
1452         rdata->iov.iov_len = get_rfc1002_length(rdata->iov.iov_base) + 4;
1453
1454         kref_get(&rdata->refcount);
1455         rc = cifs_call_async(io_parms.tcon->ses->server, &rqst,
1456                              cifs_readv_receive, smb2_readv_callback,
1457                              rdata, 0);
1458         if (rc) {
1459                 kref_put(&rdata->refcount, cifs_readdata_release);
1460                 cifs_stats_fail_inc(io_parms.tcon, SMB2_READ_HE);
1461         }
1462
1463         cifs_small_buf_release(buf);
1464         return rc;
1465 }
1466
1467 int
1468 SMB2_read(const unsigned int xid, struct cifs_io_parms *io_parms,
1469           unsigned int *nbytes, char **buf, int *buf_type)
1470 {
1471         int resp_buftype, rc = -EACCES;
1472         struct smb2_read_rsp *rsp = NULL;
1473         struct kvec iov[1];
1474
1475         *nbytes = 0;
1476         rc = smb2_new_read_req(iov, io_parms, 0, 0);
1477         if (rc)
1478                 return rc;
1479
1480         rc = SendReceive2(xid, io_parms->tcon->ses, iov, 1,
1481                           &resp_buftype, CIFS_LOG_ERROR);
1482
1483         rsp = (struct smb2_read_rsp *)iov[0].iov_base;
1484
1485         if (rsp->hdr.Status == STATUS_END_OF_FILE) {
1486                 free_rsp_buf(resp_buftype, iov[0].iov_base);
1487                 return 0;
1488         }
1489
1490         if (rc) {
1491                 cifs_stats_fail_inc(io_parms->tcon, SMB2_READ_HE);
1492                 cifs_dbg(VFS, "Send error in read = %d\n", rc);
1493         } else {
1494                 *nbytes = le32_to_cpu(rsp->DataLength);
1495                 if ((*nbytes > CIFS_MAX_MSGSIZE) ||
1496                     (*nbytes > io_parms->length)) {
1497                         cifs_dbg(FYI, "bad length %d for count %d\n",
1498                                  *nbytes, io_parms->length);
1499                         rc = -EIO;
1500                         *nbytes = 0;
1501                 }
1502         }
1503
1504         if (*buf) {
1505                 memcpy(*buf, (char *)rsp->hdr.ProtocolId + rsp->DataOffset,
1506                        *nbytes);
1507                 free_rsp_buf(resp_buftype, iov[0].iov_base);
1508         } else if (resp_buftype != CIFS_NO_BUFFER) {
1509                 *buf = iov[0].iov_base;
1510                 if (resp_buftype == CIFS_SMALL_BUFFER)
1511                         *buf_type = CIFS_SMALL_BUFFER;
1512                 else if (resp_buftype == CIFS_LARGE_BUFFER)
1513                         *buf_type = CIFS_LARGE_BUFFER;
1514         }
1515         return rc;
1516 }
1517
1518 /*
1519  * Check the mid_state and signature on received buffer (if any), and queue the
1520  * workqueue completion task.
1521  */
1522 static void
1523 smb2_writev_callback(struct mid_q_entry *mid)
1524 {
1525         struct cifs_writedata *wdata = mid->callback_data;
1526         struct cifs_tcon *tcon = tlink_tcon(wdata->cfile->tlink);
1527         unsigned int written;
1528         struct smb2_write_rsp *rsp = (struct smb2_write_rsp *)mid->resp_buf;
1529         unsigned int credits_received = 1;
1530
1531         switch (mid->mid_state) {
1532         case MID_RESPONSE_RECEIVED:
1533                 credits_received = le16_to_cpu(rsp->hdr.CreditRequest);
1534                 wdata->result = smb2_check_receive(mid, tcon->ses->server, 0);
1535                 if (wdata->result != 0)
1536                         break;
1537
1538                 written = le32_to_cpu(rsp->DataLength);
1539                 /*
1540                  * Mask off high 16 bits when bytes written as returned
1541                  * by the server is greater than bytes requested by the
1542                  * client. OS/2 servers are known to set incorrect
1543                  * CountHigh values.
1544                  */
1545                 if (written > wdata->bytes)
1546                         written &= 0xFFFF;
1547
1548                 if (written < wdata->bytes)
1549                         wdata->result = -ENOSPC;
1550                 else
1551                         wdata->bytes = written;
1552                 break;
1553         case MID_REQUEST_SUBMITTED:
1554         case MID_RETRY_NEEDED:
1555                 wdata->result = -EAGAIN;
1556                 break;
1557         default:
1558                 wdata->result = -EIO;
1559                 break;
1560         }
1561
1562         if (wdata->result)
1563                 cifs_stats_fail_inc(tcon, SMB2_WRITE_HE);
1564
1565         queue_work(cifsiod_wq, &wdata->work);
1566         DeleteMidQEntry(mid);
1567         add_credits(tcon->ses->server, credits_received, 0);
1568 }
1569
1570 /* smb2_async_writev - send an async write, and set up mid to handle result */
1571 int
1572 smb2_async_writev(struct cifs_writedata *wdata)
1573 {
1574         int rc = -EACCES;
1575         struct smb2_write_req *req = NULL;
1576         struct cifs_tcon *tcon = tlink_tcon(wdata->cfile->tlink);
1577         struct kvec iov;
1578         struct smb_rqst rqst;
1579
1580         rc = small_smb2_init(SMB2_WRITE, tcon, (void **) &req);
1581         if (rc)
1582                 goto async_writev_out;
1583
1584         req->hdr.ProcessId = cpu_to_le32(wdata->cfile->pid);
1585
1586         req->PersistentFileId = wdata->cfile->fid.persistent_fid;
1587         req->VolatileFileId = wdata->cfile->fid.volatile_fid;
1588         req->WriteChannelInfoOffset = 0;
1589         req->WriteChannelInfoLength = 0;
1590         req->Channel = 0;
1591         req->Offset = cpu_to_le64(wdata->offset);
1592         /* 4 for rfc1002 length field */
1593         req->DataOffset = cpu_to_le16(
1594                                 offsetof(struct smb2_write_req, Buffer) - 4);
1595         req->RemainingBytes = 0;
1596
1597         /* 4 for rfc1002 length field and 1 for Buffer */
1598         iov.iov_len = get_rfc1002_length(req) + 4 - 1;
1599         iov.iov_base = req;
1600
1601         rqst.rq_iov = &iov;
1602         rqst.rq_nvec = 1;
1603         rqst.rq_pages = wdata->pages;
1604         rqst.rq_npages = wdata->nr_pages;
1605         rqst.rq_pagesz = wdata->pagesz;
1606         rqst.rq_tailsz = wdata->tailsz;
1607
1608         cifs_dbg(FYI, "async write at %llu %u bytes\n",
1609                  wdata->offset, wdata->bytes);
1610
1611         req->Length = cpu_to_le32(wdata->bytes);
1612
1613         inc_rfc1001_len(&req->hdr, wdata->bytes - 1 /* Buffer */);
1614
1615         kref_get(&wdata->refcount);
1616         rc = cifs_call_async(tcon->ses->server, &rqst, NULL,
1617                                 smb2_writev_callback, wdata, 0);
1618
1619         if (rc) {
1620                 kref_put(&wdata->refcount, cifs_writedata_release);
1621                 cifs_stats_fail_inc(tcon, SMB2_WRITE_HE);
1622         }
1623
1624 async_writev_out:
1625         cifs_small_buf_release(req);
1626         return rc;
1627 }
1628
1629 /*
1630  * SMB2_write function gets iov pointer to kvec array with n_vec as a length.
1631  * The length field from io_parms must be at least 1 and indicates a number of
1632  * elements with data to write that begins with position 1 in iov array. All
1633  * data length is specified by count.
1634  */
1635 int
1636 SMB2_write(const unsigned int xid, struct cifs_io_parms *io_parms,
1637            unsigned int *nbytes, struct kvec *iov, int n_vec)
1638 {
1639         int rc = 0;
1640         struct smb2_write_req *req = NULL;
1641         struct smb2_write_rsp *rsp = NULL;
1642         int resp_buftype;
1643         *nbytes = 0;
1644
1645         if (n_vec < 1)
1646                 return rc;
1647
1648         rc = small_smb2_init(SMB2_WRITE, io_parms->tcon, (void **) &req);
1649         if (rc)
1650                 return rc;
1651
1652         if (io_parms->tcon->ses->server == NULL)
1653                 return -ECONNABORTED;
1654
1655         req->hdr.ProcessId = cpu_to_le32(io_parms->pid);
1656
1657         req->PersistentFileId = io_parms->persistent_fid;
1658         req->VolatileFileId = io_parms->volatile_fid;
1659         req->WriteChannelInfoOffset = 0;
1660         req->WriteChannelInfoLength = 0;
1661         req->Channel = 0;
1662         req->Length = cpu_to_le32(io_parms->length);
1663         req->Offset = cpu_to_le64(io_parms->offset);
1664         /* 4 for rfc1002 length field */
1665         req->DataOffset = cpu_to_le16(
1666                                 offsetof(struct smb2_write_req, Buffer) - 4);
1667         req->RemainingBytes = 0;
1668
1669         iov[0].iov_base = (char *)req;
1670         /* 4 for rfc1002 length field and 1 for Buffer */
1671         iov[0].iov_len = get_rfc1002_length(req) + 4 - 1;
1672
1673         /* length of entire message including data to be written */
1674         inc_rfc1001_len(req, io_parms->length - 1 /* Buffer */);
1675
1676         rc = SendReceive2(xid, io_parms->tcon->ses, iov, n_vec + 1,
1677                           &resp_buftype, 0);
1678         rsp = (struct smb2_write_rsp *)iov[0].iov_base;
1679
1680         if (rc) {
1681                 cifs_stats_fail_inc(io_parms->tcon, SMB2_WRITE_HE);
1682                 cifs_dbg(VFS, "Send error in write = %d\n", rc);
1683         } else
1684                 *nbytes = le32_to_cpu(rsp->DataLength);
1685
1686         free_rsp_buf(resp_buftype, rsp);
1687         return rc;
1688 }
1689
1690 static unsigned int
1691 num_entries(char *bufstart, char *end_of_buf, char **lastentry, size_t size)
1692 {
1693         int len;
1694         unsigned int entrycount = 0;
1695         unsigned int next_offset = 0;
1696         FILE_DIRECTORY_INFO *entryptr;
1697
1698         if (bufstart == NULL)
1699                 return 0;
1700
1701         entryptr = (FILE_DIRECTORY_INFO *)bufstart;
1702
1703         while (1) {
1704                 entryptr = (FILE_DIRECTORY_INFO *)
1705                                         ((char *)entryptr + next_offset);
1706
1707                 if ((char *)entryptr + size > end_of_buf) {
1708                         cifs_dbg(VFS, "malformed search entry would overflow\n");
1709                         break;
1710                 }
1711
1712                 len = le32_to_cpu(entryptr->FileNameLength);
1713                 if ((char *)entryptr + len + size > end_of_buf) {
1714                         cifs_dbg(VFS, "directory entry name would overflow frame end of buf %p\n",
1715                                  end_of_buf);
1716                         break;
1717                 }
1718
1719                 *lastentry = (char *)entryptr;
1720                 entrycount++;
1721
1722                 next_offset = le32_to_cpu(entryptr->NextEntryOffset);
1723                 if (!next_offset)
1724                         break;
1725         }
1726
1727         return entrycount;
1728 }
1729
1730 /*
1731  * Readdir/FindFirst
1732  */
1733 int
1734 SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
1735                      u64 persistent_fid, u64 volatile_fid, int index,
1736                      struct cifs_search_info *srch_inf)
1737 {
1738         struct smb2_query_directory_req *req;
1739         struct smb2_query_directory_rsp *rsp = NULL;
1740         struct kvec iov[2];
1741         int rc = 0;
1742         int len;
1743         int resp_buftype;
1744         unsigned char *bufptr;
1745         struct TCP_Server_Info *server;
1746         struct cifs_ses *ses = tcon->ses;
1747         __le16 asteriks = cpu_to_le16('*');
1748         char *end_of_smb;
1749         unsigned int output_size = CIFSMaxBufSize;
1750         size_t info_buf_size;
1751
1752         if (ses && (ses->server))
1753                 server = ses->server;
1754         else
1755                 return -EIO;
1756
1757         rc = small_smb2_init(SMB2_QUERY_DIRECTORY, tcon, (void **) &req);
1758         if (rc)
1759                 return rc;
1760
1761         switch (srch_inf->info_level) {
1762         case SMB_FIND_FILE_DIRECTORY_INFO:
1763                 req->FileInformationClass = FILE_DIRECTORY_INFORMATION;
1764                 info_buf_size = sizeof(FILE_DIRECTORY_INFO) - 1;
1765                 break;
1766         case SMB_FIND_FILE_ID_FULL_DIR_INFO:
1767                 req->FileInformationClass = FILEID_FULL_DIRECTORY_INFORMATION;
1768                 info_buf_size = sizeof(SEARCH_ID_FULL_DIR_INFO) - 1;
1769                 break;
1770         default:
1771                 cifs_dbg(VFS, "info level %u isn't supported\n",
1772                          srch_inf->info_level);
1773                 rc = -EINVAL;
1774                 goto qdir_exit;
1775         }
1776
1777         req->FileIndex = cpu_to_le32(index);
1778         req->PersistentFileId = persistent_fid;
1779         req->VolatileFileId = volatile_fid;
1780
1781         len = 0x2;
1782         bufptr = req->Buffer;
1783         memcpy(bufptr, &asteriks, len);
1784
1785         req->FileNameOffset =
1786                 cpu_to_le16(sizeof(struct smb2_query_directory_req) - 1 - 4);
1787         req->FileNameLength = cpu_to_le16(len);
1788         /*
1789          * BB could be 30 bytes or so longer if we used SMB2 specific
1790          * buffer lengths, but this is safe and close enough.
1791          */
1792         output_size = min_t(unsigned int, output_size, server->maxBuf);
1793         output_size = min_t(unsigned int, output_size, 2 << 15);
1794         req->OutputBufferLength = cpu_to_le32(output_size);
1795
1796         iov[0].iov_base = (char *)req;
1797         /* 4 for RFC1001 length and 1 for Buffer */
1798         iov[0].iov_len = get_rfc1002_length(req) + 4 - 1;
1799
1800         iov[1].iov_base = (char *)(req->Buffer);
1801         iov[1].iov_len = len;
1802
1803         inc_rfc1001_len(req, len - 1 /* Buffer */);
1804
1805         rc = SendReceive2(xid, ses, iov, 2, &resp_buftype, 0);
1806         rsp = (struct smb2_query_directory_rsp *)iov[0].iov_base;
1807
1808         if (rc) {
1809                 if (rc == -ENODATA && rsp->hdr.Status == STATUS_NO_MORE_FILES) {
1810                         srch_inf->endOfSearch = true;
1811                         rc = 0;
1812                 }
1813                 cifs_stats_fail_inc(tcon, SMB2_QUERY_DIRECTORY_HE);
1814                 goto qdir_exit;
1815         }
1816
1817         rc = validate_buf(le16_to_cpu(rsp->OutputBufferOffset),
1818                           le32_to_cpu(rsp->OutputBufferLength), &rsp->hdr,
1819                           info_buf_size);
1820         if (rc)
1821                 goto qdir_exit;
1822
1823         srch_inf->unicode = true;
1824
1825         if (srch_inf->ntwrk_buf_start) {
1826                 if (srch_inf->smallBuf)
1827                         cifs_small_buf_release(srch_inf->ntwrk_buf_start);
1828                 else
1829                         cifs_buf_release(srch_inf->ntwrk_buf_start);
1830         }
1831         srch_inf->ntwrk_buf_start = (char *)rsp;
1832         srch_inf->srch_entries_start = srch_inf->last_entry = 4 /* rfclen */ +
1833                 (char *)&rsp->hdr + le16_to_cpu(rsp->OutputBufferOffset);
1834         /* 4 for rfc1002 length field */
1835         end_of_smb = get_rfc1002_length(rsp) + 4 + (char *)&rsp->hdr;
1836         srch_inf->entries_in_buffer =
1837                         num_entries(srch_inf->srch_entries_start, end_of_smb,
1838                                     &srch_inf->last_entry, info_buf_size);
1839         srch_inf->index_of_last_entry += srch_inf->entries_in_buffer;
1840         cifs_dbg(FYI, "num entries %d last_index %lld srch start %p srch end %p\n",
1841                  srch_inf->entries_in_buffer, srch_inf->index_of_last_entry,
1842                  srch_inf->srch_entries_start, srch_inf->last_entry);
1843         if (resp_buftype == CIFS_LARGE_BUFFER)
1844                 srch_inf->smallBuf = false;
1845         else if (resp_buftype == CIFS_SMALL_BUFFER)
1846                 srch_inf->smallBuf = true;
1847         else
1848                 cifs_dbg(VFS, "illegal search buffer type\n");
1849
1850         return rc;
1851
1852 qdir_exit:
1853         free_rsp_buf(resp_buftype, rsp);
1854         return rc;
1855 }
1856
1857 static int
1858 send_set_info(const unsigned int xid, struct cifs_tcon *tcon,
1859                u64 persistent_fid, u64 volatile_fid, u32 pid, int info_class,
1860                unsigned int num, void **data, unsigned int *size)
1861 {
1862         struct smb2_set_info_req *req;
1863         struct smb2_set_info_rsp *rsp = NULL;
1864         struct kvec *iov;
1865         int rc = 0;
1866         int resp_buftype;
1867         unsigned int i;
1868         struct TCP_Server_Info *server;
1869         struct cifs_ses *ses = tcon->ses;
1870
1871         if (ses && (ses->server))
1872                 server = ses->server;
1873         else
1874                 return -EIO;
1875
1876         if (!num)
1877                 return -EINVAL;
1878
1879         iov = kmalloc(sizeof(struct kvec) * num, GFP_KERNEL);
1880         if (!iov)
1881                 return -ENOMEM;
1882
1883         rc = small_smb2_init(SMB2_SET_INFO, tcon, (void **) &req);
1884         if (rc) {
1885                 kfree(iov);
1886                 return rc;
1887         }
1888
1889         req->hdr.ProcessId = cpu_to_le32(pid);
1890
1891         req->InfoType = SMB2_O_INFO_FILE;
1892         req->FileInfoClass = info_class;
1893         req->PersistentFileId = persistent_fid;
1894         req->VolatileFileId = volatile_fid;
1895
1896         /* 4 for RFC1001 length and 1 for Buffer */
1897         req->BufferOffset =
1898                         cpu_to_le16(sizeof(struct smb2_set_info_req) - 1 - 4);
1899         req->BufferLength = cpu_to_le32(*size);
1900
1901         inc_rfc1001_len(req, *size - 1 /* Buffer */);
1902
1903         memcpy(req->Buffer, *data, *size);
1904
1905         iov[0].iov_base = (char *)req;
1906         /* 4 for RFC1001 length */
1907         iov[0].iov_len = get_rfc1002_length(req) + 4;
1908
1909         for (i = 1; i < num; i++) {
1910                 inc_rfc1001_len(req, size[i]);
1911                 le32_add_cpu(&req->BufferLength, size[i]);
1912                 iov[i].iov_base = (char *)data[i];
1913                 iov[i].iov_len = size[i];
1914         }
1915
1916         rc = SendReceive2(xid, ses, iov, num, &resp_buftype, 0);
1917         rsp = (struct smb2_set_info_rsp *)iov[0].iov_base;
1918
1919         if (rc != 0) {
1920                 cifs_stats_fail_inc(tcon, SMB2_SET_INFO_HE);
1921                 goto out;
1922         }
1923 out:
1924         free_rsp_buf(resp_buftype, rsp);
1925         kfree(iov);
1926         return rc;
1927 }
1928
1929 int
1930 SMB2_rename(const unsigned int xid, struct cifs_tcon *tcon,
1931             u64 persistent_fid, u64 volatile_fid, __le16 *target_file)
1932 {
1933         struct smb2_file_rename_info info;
1934         void **data;
1935         unsigned int size[2];
1936         int rc;
1937         int len = (2 * UniStrnlen((wchar_t *)target_file, PATH_MAX));
1938
1939         data = kmalloc(sizeof(void *) * 2, GFP_KERNEL);
1940         if (!data)
1941                 return -ENOMEM;
1942
1943         info.ReplaceIfExists = 1; /* 1 = replace existing target with new */
1944                               /* 0 = fail if target already exists */
1945         info.RootDirectory = 0;  /* MBZ for network ops (why does spec say?) */
1946         info.FileNameLength = cpu_to_le32(len);
1947
1948         data[0] = &info;
1949         size[0] = sizeof(struct smb2_file_rename_info);
1950
1951         data[1] = target_file;
1952         size[1] = len + 2 /* null */;
1953
1954         rc = send_set_info(xid, tcon, persistent_fid, volatile_fid,
1955                            current->tgid, FILE_RENAME_INFORMATION, 2, data,
1956                            size);
1957         kfree(data);
1958         return rc;
1959 }
1960
1961 int
1962 SMB2_set_hardlink(const unsigned int xid, struct cifs_tcon *tcon,
1963                   u64 persistent_fid, u64 volatile_fid, __le16 *target_file)
1964 {
1965         struct smb2_file_link_info info;
1966         void **data;
1967         unsigned int size[2];
1968         int rc;
1969         int len = (2 * UniStrnlen((wchar_t *)target_file, PATH_MAX));
1970
1971         data = kmalloc(sizeof(void *) * 2, GFP_KERNEL);
1972         if (!data)
1973                 return -ENOMEM;
1974
1975         info.ReplaceIfExists = 0; /* 1 = replace existing link with new */
1976                               /* 0 = fail if link already exists */
1977         info.RootDirectory = 0;  /* MBZ for network ops (why does spec say?) */
1978         info.FileNameLength = cpu_to_le32(len);
1979
1980         data[0] = &info;
1981         size[0] = sizeof(struct smb2_file_link_info);
1982
1983         data[1] = target_file;
1984         size[1] = len + 2 /* null */;
1985
1986         rc = send_set_info(xid, tcon, persistent_fid, volatile_fid,
1987                            current->tgid, FILE_LINK_INFORMATION, 2, data, size);
1988         kfree(data);
1989         return rc;
1990 }
1991
1992 int
1993 SMB2_set_eof(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
1994              u64 volatile_fid, u32 pid, __le64 *eof)
1995 {
1996         struct smb2_file_eof_info info;
1997         void *data;
1998         unsigned int size;
1999
2000         info.EndOfFile = *eof;
2001
2002         data = &info;
2003         size = sizeof(struct smb2_file_eof_info);
2004
2005         return send_set_info(xid, tcon, persistent_fid, volatile_fid, pid,
2006                              FILE_END_OF_FILE_INFORMATION, 1, &data, &size);
2007 }
2008
2009 int
2010 SMB2_set_info(const unsigned int xid, struct cifs_tcon *tcon,
2011               u64 persistent_fid, u64 volatile_fid, FILE_BASIC_INFO *buf)
2012 {
2013         unsigned int size;
2014         size = sizeof(FILE_BASIC_INFO);
2015         return send_set_info(xid, tcon, persistent_fid, volatile_fid,
2016                              current->tgid, FILE_BASIC_INFORMATION, 1,
2017                              (void **)&buf, &size);
2018 }
2019
2020 int
2021 SMB2_oplock_break(const unsigned int xid, struct cifs_tcon *tcon,
2022                   const u64 persistent_fid, const u64 volatile_fid,
2023                   __u8 oplock_level)
2024 {
2025         int rc;
2026         struct smb2_oplock_break *req = NULL;
2027
2028         cifs_dbg(FYI, "SMB2_oplock_break\n");
2029         rc = small_smb2_init(SMB2_OPLOCK_BREAK, tcon, (void **) &req);
2030
2031         if (rc)
2032                 return rc;
2033
2034         req->VolatileFid = volatile_fid;
2035         req->PersistentFid = persistent_fid;
2036         req->OplockLevel = oplock_level;
2037         req->hdr.CreditRequest = cpu_to_le16(1);
2038
2039         rc = SendReceiveNoRsp(xid, tcon->ses, (char *) req, CIFS_OBREAK_OP);
2040         /* SMB2 buffer freed by function above */
2041
2042         if (rc) {
2043                 cifs_stats_fail_inc(tcon, SMB2_OPLOCK_BREAK_HE);
2044                 cifs_dbg(FYI, "Send error in Oplock Break = %d\n", rc);
2045         }
2046
2047         return rc;
2048 }
2049
2050 static void
2051 copy_fs_info_to_kstatfs(struct smb2_fs_full_size_info *pfs_inf,
2052                         struct kstatfs *kst)
2053 {
2054         kst->f_bsize = le32_to_cpu(pfs_inf->BytesPerSector) *
2055                           le32_to_cpu(pfs_inf->SectorsPerAllocationUnit);
2056         kst->f_blocks = le64_to_cpu(pfs_inf->TotalAllocationUnits);
2057         kst->f_bfree  = le64_to_cpu(pfs_inf->ActualAvailableAllocationUnits);
2058         kst->f_bavail = le64_to_cpu(pfs_inf->CallerAvailableAllocationUnits);
2059         return;
2060 }
2061
2062 static int
2063 build_qfs_info_req(struct kvec *iov, struct cifs_tcon *tcon, int level,
2064                    int outbuf_len, u64 persistent_fid, u64 volatile_fid)
2065 {
2066         int rc;
2067         struct smb2_query_info_req *req;
2068
2069         cifs_dbg(FYI, "Query FSInfo level %d\n", level);
2070
2071         if ((tcon->ses == NULL) || (tcon->ses->server == NULL))
2072                 return -EIO;
2073
2074         rc = small_smb2_init(SMB2_QUERY_INFO, tcon, (void **) &req);
2075         if (rc)
2076                 return rc;
2077
2078         req->InfoType = SMB2_O_INFO_FILESYSTEM;
2079         req->FileInfoClass = level;
2080         req->PersistentFileId = persistent_fid;
2081         req->VolatileFileId = volatile_fid;
2082         /* 4 for rfc1002 length field and 1 for pad */
2083         req->InputBufferOffset =
2084                         cpu_to_le16(sizeof(struct smb2_query_info_req) - 1 - 4);
2085         req->OutputBufferLength = cpu_to_le32(
2086                 outbuf_len + sizeof(struct smb2_query_info_rsp) - 1 - 4);
2087
2088         iov->iov_base = (char *)req;
2089         /* 4 for rfc1002 length field */
2090         iov->iov_len = get_rfc1002_length(req) + 4;
2091         return 0;
2092 }
2093
2094 int
2095 SMB2_QFS_info(const unsigned int xid, struct cifs_tcon *tcon,
2096               u64 persistent_fid, u64 volatile_fid, struct kstatfs *fsdata)
2097 {
2098         struct smb2_query_info_rsp *rsp = NULL;
2099         struct kvec iov;
2100         int rc = 0;
2101         int resp_buftype;
2102         struct cifs_ses *ses = tcon->ses;
2103         struct smb2_fs_full_size_info *info = NULL;
2104
2105         rc = build_qfs_info_req(&iov, tcon, FS_FULL_SIZE_INFORMATION,
2106                                 sizeof(struct smb2_fs_full_size_info),
2107                                 persistent_fid, volatile_fid);
2108         if (rc)
2109                 return rc;
2110
2111         rc = SendReceive2(xid, ses, &iov, 1, &resp_buftype, 0);
2112         if (rc) {
2113                 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
2114                 goto qinf_exit;
2115         }
2116         rsp = (struct smb2_query_info_rsp *)iov.iov_base;
2117
2118         info = (struct smb2_fs_full_size_info *)(4 /* RFC1001 len */ +
2119                 le16_to_cpu(rsp->OutputBufferOffset) + (char *)&rsp->hdr);
2120         rc = validate_buf(le16_to_cpu(rsp->OutputBufferOffset),
2121                           le32_to_cpu(rsp->OutputBufferLength), &rsp->hdr,
2122                           sizeof(struct smb2_fs_full_size_info));
2123         if (!rc)
2124                 copy_fs_info_to_kstatfs(info, fsdata);
2125
2126 qinf_exit:
2127         free_rsp_buf(resp_buftype, iov.iov_base);
2128         return rc;
2129 }
2130
2131 int
2132 smb2_lockv(const unsigned int xid, struct cifs_tcon *tcon,
2133            const __u64 persist_fid, const __u64 volatile_fid, const __u32 pid,
2134            const __u32 num_lock, struct smb2_lock_element *buf)
2135 {
2136         int rc = 0;
2137         struct smb2_lock_req *req = NULL;
2138         struct kvec iov[2];
2139         int resp_buf_type;
2140         unsigned int count;
2141
2142         cifs_dbg(FYI, "smb2_lockv num lock %d\n", num_lock);
2143
2144         rc = small_smb2_init(SMB2_LOCK, tcon, (void **) &req);
2145         if (rc)
2146                 return rc;
2147
2148         req->hdr.ProcessId = cpu_to_le32(pid);
2149         req->LockCount = cpu_to_le16(num_lock);
2150
2151         req->PersistentFileId = persist_fid;
2152         req->VolatileFileId = volatile_fid;
2153
2154         count = num_lock * sizeof(struct smb2_lock_element);
2155         inc_rfc1001_len(req, count - sizeof(struct smb2_lock_element));
2156
2157         iov[0].iov_base = (char *)req;
2158         /* 4 for rfc1002 length field and count for all locks */
2159         iov[0].iov_len = get_rfc1002_length(req) + 4 - count;
2160         iov[1].iov_base = (char *)buf;
2161         iov[1].iov_len = count;
2162
2163         cifs_stats_inc(&tcon->stats.cifs_stats.num_locks);
2164         rc = SendReceive2(xid, tcon->ses, iov, 2, &resp_buf_type, CIFS_NO_RESP);
2165         if (rc) {
2166                 cifs_dbg(FYI, "Send error in smb2_lockv = %d\n", rc);
2167                 cifs_stats_fail_inc(tcon, SMB2_LOCK_HE);
2168         }
2169
2170         return rc;
2171 }
2172
2173 int
2174 SMB2_lock(const unsigned int xid, struct cifs_tcon *tcon,
2175           const __u64 persist_fid, const __u64 volatile_fid, const __u32 pid,
2176           const __u64 length, const __u64 offset, const __u32 lock_flags,
2177           const bool wait)
2178 {
2179         struct smb2_lock_element lock;
2180
2181         lock.Offset = cpu_to_le64(offset);
2182         lock.Length = cpu_to_le64(length);
2183         lock.Flags = cpu_to_le32(lock_flags);
2184         if (!wait && lock_flags != SMB2_LOCKFLAG_UNLOCK)
2185                 lock.Flags |= cpu_to_le32(SMB2_LOCKFLAG_FAIL_IMMEDIATELY);
2186
2187         return smb2_lockv(xid, tcon, persist_fid, volatile_fid, pid, 1, &lock);
2188 }
2189
2190 int
2191 SMB2_lease_break(const unsigned int xid, struct cifs_tcon *tcon,
2192                  __u8 *lease_key, const __le32 lease_state)
2193 {
2194         int rc;
2195         struct smb2_lease_ack *req = NULL;
2196
2197         cifs_dbg(FYI, "SMB2_lease_break\n");
2198         rc = small_smb2_init(SMB2_OPLOCK_BREAK, tcon, (void **) &req);
2199
2200         if (rc)
2201                 return rc;
2202
2203         req->hdr.CreditRequest = cpu_to_le16(1);
2204         req->StructureSize = cpu_to_le16(36);
2205         inc_rfc1001_len(req, 12);
2206
2207         memcpy(req->LeaseKey, lease_key, 16);
2208         req->LeaseState = lease_state;
2209
2210         rc = SendReceiveNoRsp(xid, tcon->ses, (char *) req, CIFS_OBREAK_OP);
2211         /* SMB2 buffer freed by function above */
2212
2213         if (rc) {
2214                 cifs_stats_fail_inc(tcon, SMB2_OPLOCK_BREAK_HE);
2215                 cifs_dbg(FYI, "Send error in Lease Break = %d\n", rc);
2216         }
2217
2218         return rc;
2219 }