49d6e21052c2081e332660942f0e627c659eb763
[pandora-kernel.git] / fs / cifs / connect.c
1 /*
2  *   fs/cifs/connect.c
3  *
4  *   Copyright (C) International Business Machines  Corp., 2002,2009
5  *   Author(s): Steve French (sfrench@us.ibm.com)
6  *
7  *   This library is free software; you can redistribute it and/or modify
8  *   it under the terms of the GNU Lesser General Public License as published
9  *   by the Free Software Foundation; either version 2.1 of the License, or
10  *   (at your option) any later version.
11  *
12  *   This library is distributed in the hope that it will be useful,
13  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
14  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
15  *   the GNU Lesser General Public License for more details.
16  *
17  *   You should have received a copy of the GNU Lesser General Public License
18  *   along with this library; if not, write to the Free Software
19  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20  */
21 #include <linux/fs.h>
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/slab.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/kthread.h>
34 #include <linux/pagevec.h>
35 #include <linux/freezer.h>
36 #include <linux/namei.h>
37 #include <asm/uaccess.h>
38 #include <asm/processor.h>
39 #include <linux/inet.h>
40 #include <linux/module.h>
41 #include <net/ipv6.h>
42 #include "cifspdu.h"
43 #include "cifsglob.h"
44 #include "cifsproto.h"
45 #include "cifs_unicode.h"
46 #include "cifs_debug.h"
47 #include "cifs_fs_sb.h"
48 #include "ntlmssp.h"
49 #include "nterr.h"
50 #include "rfc1002pdu.h"
51 #include "fscache.h"
52
53 #define CIFS_PORT 445
54 #define RFC1001_PORT 139
55
56 /* SMB echo "timeout" -- FIXME: tunable? */
57 #define SMB_ECHO_INTERVAL (60 * HZ)
58
59 extern mempool_t *cifs_req_poolp;
60
61 /* FIXME: should these be tunable? */
62 #define TLINK_ERROR_EXPIRE      (1 * HZ)
63 #define TLINK_IDLE_EXPIRE       (600 * HZ)
64
65 static int ip_connect(struct TCP_Server_Info *server);
66 static int generic_ip_connect(struct TCP_Server_Info *server);
67 static void tlink_rb_insert(struct rb_root *root, struct tcon_link *new_tlink);
68 static void cifs_prune_tlinks(struct work_struct *work);
69 static int cifs_setup_volume_info(struct smb_vol *volume_info, char *mount_data,
70                                         const char *devname);
71
72 /*
73  * cifs tcp session reconnection
74  *
75  * mark tcp session as reconnecting so temporarily locked
76  * mark all smb sessions as reconnecting for tcp session
77  * reconnect tcp session
78  * wake up waiters on reconnection? - (not needed currently)
79  */
80 static int
81 cifs_reconnect(struct TCP_Server_Info *server)
82 {
83         int rc = 0;
84         struct list_head *tmp, *tmp2;
85         struct cifs_ses *ses;
86         struct cifs_tcon *tcon;
87         struct mid_q_entry *mid_entry;
88         struct list_head retry_list;
89
90         spin_lock(&GlobalMid_Lock);
91         if (server->tcpStatus == CifsExiting) {
92                 /* the demux thread will exit normally
93                 next time through the loop */
94                 spin_unlock(&GlobalMid_Lock);
95                 return rc;
96         } else
97                 server->tcpStatus = CifsNeedReconnect;
98         spin_unlock(&GlobalMid_Lock);
99         server->maxBuf = 0;
100
101         cFYI(1, "Reconnecting tcp session");
102
103         /* before reconnecting the tcp session, mark the smb session (uid)
104                 and the tid bad so they are not used until reconnected */
105         cFYI(1, "%s: marking sessions and tcons for reconnect", __func__);
106         spin_lock(&cifs_tcp_ses_lock);
107         list_for_each(tmp, &server->smb_ses_list) {
108                 ses = list_entry(tmp, struct cifs_ses, smb_ses_list);
109                 ses->need_reconnect = true;
110                 ses->ipc_tid = 0;
111                 list_for_each(tmp2, &ses->tcon_list) {
112                         tcon = list_entry(tmp2, struct cifs_tcon, tcon_list);
113                         tcon->need_reconnect = true;
114                 }
115         }
116         spin_unlock(&cifs_tcp_ses_lock);
117
118         /* do not want to be sending data on a socket we are freeing */
119         cFYI(1, "%s: tearing down socket", __func__);
120         mutex_lock(&server->srv_mutex);
121         if (server->ssocket) {
122                 cFYI(1, "State: 0x%x Flags: 0x%lx", server->ssocket->state,
123                         server->ssocket->flags);
124                 kernel_sock_shutdown(server->ssocket, SHUT_WR);
125                 cFYI(1, "Post shutdown state: 0x%x Flags: 0x%lx",
126                         server->ssocket->state,
127                         server->ssocket->flags);
128                 sock_release(server->ssocket);
129                 server->ssocket = NULL;
130         }
131         server->sequence_number = 0;
132         server->session_estab = false;
133         kfree(server->session_key.response);
134         server->session_key.response = NULL;
135         server->session_key.len = 0;
136         server->lstrp = jiffies;
137         mutex_unlock(&server->srv_mutex);
138
139         /* mark submitted MIDs for retry and issue callback */
140         INIT_LIST_HEAD(&retry_list);
141         cFYI(1, "%s: moving mids to private list", __func__);
142         spin_lock(&GlobalMid_Lock);
143         list_for_each_safe(tmp, tmp2, &server->pending_mid_q) {
144                 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
145                 if (mid_entry->midState == MID_REQUEST_SUBMITTED)
146                         mid_entry->midState = MID_RETRY_NEEDED;
147                 list_move(&mid_entry->qhead, &retry_list);
148         }
149         spin_unlock(&GlobalMid_Lock);
150
151         cFYI(1, "%s: issuing mid callbacks", __func__);
152         list_for_each_safe(tmp, tmp2, &retry_list) {
153                 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
154                 list_del_init(&mid_entry->qhead);
155                 mid_entry->callback(mid_entry);
156         }
157
158         do {
159                 try_to_freeze();
160
161                 /* we should try only the port we connected to before */
162                 rc = generic_ip_connect(server);
163                 if (rc) {
164                         cFYI(1, "reconnect error %d", rc);
165                         msleep(3000);
166                 } else {
167                         atomic_inc(&tcpSesReconnectCount);
168                         spin_lock(&GlobalMid_Lock);
169                         if (server->tcpStatus != CifsExiting)
170                                 server->tcpStatus = CifsNeedNegotiate;
171                         spin_unlock(&GlobalMid_Lock);
172                 }
173         } while (server->tcpStatus == CifsNeedReconnect);
174
175         return rc;
176 }
177
178 /*
179         return codes:
180                 0       not a transact2, or all data present
181                 >0      transact2 with that much data missing
182                 -EINVAL = invalid transact2
183
184  */
185 static int check2ndT2(struct smb_hdr *pSMB)
186 {
187         struct smb_t2_rsp *pSMBt;
188         int remaining;
189         __u16 total_data_size, data_in_this_rsp;
190
191         if (pSMB->Command != SMB_COM_TRANSACTION2)
192                 return 0;
193
194         /* check for plausible wct, bcc and t2 data and parm sizes */
195         /* check for parm and data offset going beyond end of smb */
196         if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
197                 cFYI(1, "invalid transact2 word count");
198                 return -EINVAL;
199         }
200
201         pSMBt = (struct smb_t2_rsp *)pSMB;
202
203         total_data_size = get_unaligned_le16(&pSMBt->t2_rsp.TotalDataCount);
204         data_in_this_rsp = get_unaligned_le16(&pSMBt->t2_rsp.DataCount);
205
206         if (total_data_size == data_in_this_rsp)
207                 return 0;
208         else if (total_data_size < data_in_this_rsp) {
209                 cFYI(1, "total data %d smaller than data in frame %d",
210                         total_data_size, data_in_this_rsp);
211                 return -EINVAL;
212         }
213
214         remaining = total_data_size - data_in_this_rsp;
215
216         cFYI(1, "missing %d bytes from transact2, check next response",
217                 remaining);
218         if (total_data_size > CIFSMaxBufSize) {
219                 cERROR(1, "TotalDataSize %d is over maximum buffer %d",
220                         total_data_size, CIFSMaxBufSize);
221                 return -EINVAL;
222         }
223         return remaining;
224 }
225
226 static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
227 {
228         struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
229         struct smb_t2_rsp *pSMBt  = (struct smb_t2_rsp *)pTargetSMB;
230         char *data_area_of_target;
231         char *data_area_of_buf2;
232         int remaining;
233         unsigned int byte_count, total_in_buf;
234         __u16 total_data_size, total_in_buf2;
235
236         total_data_size = get_unaligned_le16(&pSMBt->t2_rsp.TotalDataCount);
237
238         if (total_data_size !=
239             get_unaligned_le16(&pSMB2->t2_rsp.TotalDataCount))
240                 cFYI(1, "total data size of primary and secondary t2 differ");
241
242         total_in_buf = get_unaligned_le16(&pSMBt->t2_rsp.DataCount);
243
244         remaining = total_data_size - total_in_buf;
245
246         if (remaining < 0)
247                 return -EPROTO;
248
249         if (remaining == 0) /* nothing to do, ignore */
250                 return 0;
251
252         total_in_buf2 = get_unaligned_le16(&pSMB2->t2_rsp.DataCount);
253         if (remaining < total_in_buf2) {
254                 cFYI(1, "transact2 2nd response contains too much data");
255         }
256
257         /* find end of first SMB data area */
258         data_area_of_target = (char *)&pSMBt->hdr.Protocol +
259                                 get_unaligned_le16(&pSMBt->t2_rsp.DataOffset);
260         /* validate target area */
261
262         data_area_of_buf2 = (char *)&pSMB2->hdr.Protocol +
263                                 get_unaligned_le16(&pSMB2->t2_rsp.DataOffset);
264
265         data_area_of_target += total_in_buf;
266
267         /* copy second buffer into end of first buffer */
268         total_in_buf += total_in_buf2;
269         /* is the result too big for the field? */
270         if (total_in_buf > USHRT_MAX)
271                 return -EPROTO;
272         put_unaligned_le16(total_in_buf, &pSMBt->t2_rsp.DataCount);
273
274         /* fix up the BCC */
275         byte_count = get_bcc(pTargetSMB);
276         byte_count += total_in_buf2;
277         /* is the result too big for the field? */
278         if (byte_count > USHRT_MAX)
279                 return -EPROTO;
280         put_bcc(byte_count, pTargetSMB);
281
282         byte_count = be32_to_cpu(pTargetSMB->smb_buf_length);
283         byte_count += total_in_buf2;
284         /* don't allow buffer to overflow */
285         if (byte_count > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4)
286                 return -ENOBUFS;
287         pTargetSMB->smb_buf_length = cpu_to_be32(byte_count);
288
289         memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
290
291         if (remaining == total_in_buf2) {
292                 cFYI(1, "found the last secondary response");
293                 return 0; /* we are done */
294         } else /* more responses to go */
295                 return 1;
296 }
297
298 static void
299 cifs_echo_request(struct work_struct *work)
300 {
301         int rc;
302         struct TCP_Server_Info *server = container_of(work,
303                                         struct TCP_Server_Info, echo.work);
304
305         /*
306          * We cannot send an echo until the NEGOTIATE_PROTOCOL request is
307          * done, which is indicated by maxBuf != 0. Also, no need to ping if
308          * we got a response recently
309          */
310         if (server->maxBuf == 0 ||
311             time_before(jiffies, server->lstrp + SMB_ECHO_INTERVAL - HZ))
312                 goto requeue_echo;
313
314         rc = CIFSSMBEcho(server);
315         if (rc)
316                 cFYI(1, "Unable to send echo request to server: %s",
317                         server->hostname);
318
319 requeue_echo:
320         queue_delayed_work(system_nrt_wq, &server->echo, SMB_ECHO_INTERVAL);
321 }
322
323 static bool
324 allocate_buffers(struct TCP_Server_Info *server)
325 {
326         if (!server->bigbuf) {
327                 server->bigbuf = (char *)cifs_buf_get();
328                 if (!server->bigbuf) {
329                         cERROR(1, "No memory for large SMB response");
330                         msleep(3000);
331                         /* retry will check if exiting */
332                         return false;
333                 }
334         } else if (server->large_buf) {
335                 /* we are reusing a dirty large buf, clear its start */
336                 memset(server->bigbuf, 0, sizeof(struct smb_hdr));
337         }
338
339         if (!server->smallbuf) {
340                 server->smallbuf = (char *)cifs_small_buf_get();
341                 if (!server->smallbuf) {
342                         cERROR(1, "No memory for SMB response");
343                         msleep(1000);
344                         /* retry will check if exiting */
345                         return false;
346                 }
347                 /* beginning of smb buffer is cleared in our buf_get */
348         } else {
349                 /* if existing small buf clear beginning */
350                 memset(server->smallbuf, 0, sizeof(struct smb_hdr));
351         }
352
353         return true;
354 }
355
356 static bool
357 server_unresponsive(struct TCP_Server_Info *server)
358 {
359         if (echo_retries > 0 && server->tcpStatus == CifsGood &&
360             time_after(jiffies, server->lstrp +
361                                 (echo_retries * SMB_ECHO_INTERVAL))) {
362                 cERROR(1, "Server %s has not responded in %d seconds. "
363                           "Reconnecting...", server->hostname,
364                           (echo_retries * SMB_ECHO_INTERVAL / HZ));
365                 cifs_reconnect(server);
366                 wake_up(&server->response_q);
367                 return true;
368         }
369
370         return false;
371 }
372
373 /*
374  * kvec_array_init - clone a kvec array, and advance into it
375  * @new:        pointer to memory for cloned array
376  * @iov:        pointer to original array
377  * @nr_segs:    number of members in original array
378  * @bytes:      number of bytes to advance into the cloned array
379  *
380  * This function will copy the array provided in iov to a section of memory
381  * and advance the specified number of bytes into the new array. It returns
382  * the number of segments in the new array. "new" must be at least as big as
383  * the original iov array.
384  */
385 static unsigned int
386 kvec_array_init(struct kvec *new, struct kvec *iov, unsigned int nr_segs,
387                 size_t bytes)
388 {
389         size_t base = 0;
390
391         while (bytes || !iov->iov_len) {
392                 int copy = min(bytes, iov->iov_len);
393
394                 bytes -= copy;
395                 base += copy;
396                 if (iov->iov_len == base) {
397                         iov++;
398                         nr_segs--;
399                         base = 0;
400                 }
401         }
402         memcpy(new, iov, sizeof(*iov) * nr_segs);
403         new->iov_base += base;
404         new->iov_len -= base;
405         return nr_segs;
406 }
407
408 static struct kvec *
409 get_server_iovec(struct TCP_Server_Info *server, unsigned int nr_segs)
410 {
411         struct kvec *new_iov;
412
413         if (server->iov && nr_segs <= server->nr_iov)
414                 return server->iov;
415
416         /* not big enough -- allocate a new one and release the old */
417         new_iov = kmalloc(sizeof(*new_iov) * nr_segs, GFP_NOFS);
418         if (new_iov) {
419                 kfree(server->iov);
420                 server->iov = new_iov;
421                 server->nr_iov = nr_segs;
422         }
423         return new_iov;
424 }
425
426 int
427 cifs_readv_from_socket(struct TCP_Server_Info *server, struct kvec *iov_orig,
428                        unsigned int nr_segs, unsigned int to_read)
429 {
430         int length = 0;
431         int total_read;
432         unsigned int segs;
433         struct msghdr smb_msg;
434         struct kvec *iov;
435
436         iov = get_server_iovec(server, nr_segs);
437         if (!iov)
438                 return -ENOMEM;
439
440         smb_msg.msg_control = NULL;
441         smb_msg.msg_controllen = 0;
442
443         for (total_read = 0; to_read; total_read += length, to_read -= length) {
444                 try_to_freeze();
445
446                 if (server_unresponsive(server)) {
447                         total_read = -EAGAIN;
448                         break;
449                 }
450
451                 segs = kvec_array_init(iov, iov_orig, nr_segs, total_read);
452
453                 length = kernel_recvmsg(server->ssocket, &smb_msg,
454                                         iov, segs, to_read, 0);
455
456                 if (server->tcpStatus == CifsExiting) {
457                         total_read = -ESHUTDOWN;
458                         break;
459                 } else if (server->tcpStatus == CifsNeedReconnect) {
460                         cifs_reconnect(server);
461                         total_read = -EAGAIN;
462                         break;
463                 } else if (length == -ERESTARTSYS ||
464                            length == -EAGAIN ||
465                            length == -EINTR) {
466                         /*
467                          * Minimum sleep to prevent looping, allowing socket
468                          * to clear and app threads to set tcpStatus
469                          * CifsNeedReconnect if server hung.
470                          */
471                         usleep_range(1000, 2000);
472                         length = 0;
473                         continue;
474                 } else if (length <= 0) {
475                         cFYI(1, "Received no data or error: expecting %d "
476                                 "got %d", to_read, length);
477                         cifs_reconnect(server);
478                         total_read = -EAGAIN;
479                         break;
480                 }
481         }
482         return total_read;
483 }
484
485 int
486 cifs_read_from_socket(struct TCP_Server_Info *server, char *buf,
487                       unsigned int to_read)
488 {
489         struct kvec iov;
490
491         iov.iov_base = buf;
492         iov.iov_len = to_read;
493
494         return cifs_readv_from_socket(server, &iov, 1, to_read);
495 }
496
497 static bool
498 is_smb_response(struct TCP_Server_Info *server, unsigned char type)
499 {
500         /*
501          * The first byte big endian of the length field,
502          * is actually not part of the length but the type
503          * with the most common, zero, as regular data.
504          */
505         switch (type) {
506         case RFC1002_SESSION_MESSAGE:
507                 /* Regular SMB response */
508                 return true;
509         case RFC1002_SESSION_KEEP_ALIVE:
510                 cFYI(1, "RFC 1002 session keep alive");
511                 break;
512         case RFC1002_POSITIVE_SESSION_RESPONSE:
513                 cFYI(1, "RFC 1002 positive session response");
514                 break;
515         case RFC1002_NEGATIVE_SESSION_RESPONSE:
516                 /*
517                  * We get this from Windows 98 instead of an error on
518                  * SMB negprot response.
519                  */
520                 cFYI(1, "RFC 1002 negative session response");
521                 /* give server a second to clean up */
522                 msleep(1000);
523                 /*
524                  * Always try 445 first on reconnect since we get NACK
525                  * on some if we ever connected to port 139 (the NACK
526                  * is since we do not begin with RFC1001 session
527                  * initialize frame).
528                  */
529                 cifs_set_port((struct sockaddr *)&server->dstaddr, CIFS_PORT);
530                 cifs_reconnect(server);
531                 wake_up(&server->response_q);
532                 break;
533         default:
534                 cERROR(1, "RFC 1002 unknown response type 0x%x", type);
535                 cifs_reconnect(server);
536         }
537
538         return false;
539 }
540
541 static struct mid_q_entry *
542 find_mid(struct TCP_Server_Info *server, struct smb_hdr *buf)
543 {
544         struct mid_q_entry *mid;
545
546         spin_lock(&GlobalMid_Lock);
547         list_for_each_entry(mid, &server->pending_mid_q, qhead) {
548                 if (mid->mid == buf->Mid &&
549                     mid->midState == MID_REQUEST_SUBMITTED &&
550                     mid->command == buf->Command) {
551                         spin_unlock(&GlobalMid_Lock);
552                         return mid;
553                 }
554         }
555         spin_unlock(&GlobalMid_Lock);
556         return NULL;
557 }
558
559 void
560 dequeue_mid(struct mid_q_entry *mid, bool malformed)
561 {
562 #ifdef CONFIG_CIFS_STATS2
563         mid->when_received = jiffies;
564 #endif
565         spin_lock(&GlobalMid_Lock);
566         if (!malformed)
567                 mid->midState = MID_RESPONSE_RECEIVED;
568         else
569                 mid->midState = MID_RESPONSE_MALFORMED;
570         list_del_init(&mid->qhead);
571         spin_unlock(&GlobalMid_Lock);
572 }
573
574 static void
575 handle_mid(struct mid_q_entry *mid, struct TCP_Server_Info *server,
576            struct smb_hdr *buf, int malformed)
577 {
578         if (malformed == 0 && check2ndT2(buf) > 0) {
579                 mid->multiRsp = true;
580                 if (mid->resp_buf) {
581                         /* merge response - fix up 1st*/
582                         malformed = coalesce_t2(buf, mid->resp_buf);
583                         if (malformed > 0)
584                                 return;
585
586                         /* All parts received or packet is malformed. */
587                         mid->multiEnd = true;
588                         return dequeue_mid(mid, malformed);
589                 }
590                 if (!server->large_buf) {
591                         /*FIXME: switch to already allocated largebuf?*/
592                         cERROR(1, "1st trans2 resp needs bigbuf");
593                 } else {
594                         /* Have first buffer */
595                         mid->resp_buf = buf;
596                         mid->largeBuf = true;
597                         server->bigbuf = NULL;
598                 }
599                 return;
600         }
601         mid->resp_buf = buf;
602         mid->largeBuf = server->large_buf;
603         /* Was previous buf put in mpx struct for multi-rsp? */
604         if (!mid->multiRsp) {
605                 /* smb buffer will be freed by user thread */
606                 if (server->large_buf)
607                         server->bigbuf = NULL;
608                 else
609                         server->smallbuf = NULL;
610         }
611         dequeue_mid(mid, malformed);
612 }
613
614 static void clean_demultiplex_info(struct TCP_Server_Info *server)
615 {
616         int length;
617
618         /* take it off the list, if it's not already */
619         spin_lock(&cifs_tcp_ses_lock);
620         list_del_init(&server->tcp_ses_list);
621         spin_unlock(&cifs_tcp_ses_lock);
622
623         spin_lock(&GlobalMid_Lock);
624         server->tcpStatus = CifsExiting;
625         spin_unlock(&GlobalMid_Lock);
626         wake_up_all(&server->response_q);
627
628         /* Check if we have blocked requests that need to free. */
629         spin_lock(&GlobalMid_Lock);
630         if (atomic_read(&server->inFlight) >= server->maxReq)
631                 atomic_set(&server->inFlight, server->maxReq - 1);
632         /*
633          * We do not want to set the max_pending too low or we could end up
634          * with the counter going negative.
635          */
636         spin_unlock(&GlobalMid_Lock);
637         /*
638          * Although there should not be any requests blocked on this queue it
639          * can not hurt to be paranoid and try to wake up requests that may
640          * haven been blocked when more than 50 at time were on the wire to the
641          * same server - they now will see the session is in exit state and get
642          * out of SendReceive.
643          */
644         wake_up_all(&server->request_q);
645         /* give those requests time to exit */
646         msleep(125);
647
648         if (server->ssocket) {
649                 sock_release(server->ssocket);
650                 server->ssocket = NULL;
651         }
652
653         if (!list_empty(&server->pending_mid_q)) {
654                 struct list_head dispose_list;
655                 struct mid_q_entry *mid_entry;
656                 struct list_head *tmp, *tmp2;
657
658                 INIT_LIST_HEAD(&dispose_list);
659                 spin_lock(&GlobalMid_Lock);
660                 list_for_each_safe(tmp, tmp2, &server->pending_mid_q) {
661                         mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
662                         cFYI(1, "Clearing mid 0x%x", mid_entry->mid);
663                         mid_entry->midState = MID_SHUTDOWN;
664                         list_move(&mid_entry->qhead, &dispose_list);
665                 }
666                 spin_unlock(&GlobalMid_Lock);
667
668                 /* now walk dispose list and issue callbacks */
669                 list_for_each_safe(tmp, tmp2, &dispose_list) {
670                         mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
671                         cFYI(1, "Callback mid 0x%x", mid_entry->mid);
672                         list_del_init(&mid_entry->qhead);
673                         mid_entry->callback(mid_entry);
674                 }
675                 /* 1/8th of sec is more than enough time for them to exit */
676                 msleep(125);
677         }
678
679         if (!list_empty(&server->pending_mid_q)) {
680                 /*
681                  * mpx threads have not exited yet give them at least the smb
682                  * send timeout time for long ops.
683                  *
684                  * Due to delays on oplock break requests, we need to wait at
685                  * least 45 seconds before giving up on a request getting a
686                  * response and going ahead and killing cifsd.
687                  */
688                 cFYI(1, "Wait for exit from demultiplex thread");
689                 msleep(46000);
690                 /*
691                  * If threads still have not exited they are probably never
692                  * coming home not much else we can do but free the memory.
693                  */
694         }
695
696         kfree(server->hostname);
697         kfree(server->iov);
698         kfree(server);
699
700         length = atomic_dec_return(&tcpSesAllocCount);
701         if (length > 0)
702                 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
703                                 GFP_KERNEL);
704 }
705
706 static int
707 standard_receive3(struct TCP_Server_Info *server, struct mid_q_entry *mid)
708 {
709         int length;
710         char *buf = server->smallbuf;
711         struct smb_hdr *smb_buffer = (struct smb_hdr *)buf;
712         unsigned int pdu_length = be32_to_cpu(smb_buffer->smb_buf_length);
713
714         /* make sure this will fit in a large buffer */
715         if (pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
716                 cERROR(1, "SMB response too long (%u bytes)",
717                         pdu_length);
718                 cifs_reconnect(server);
719                 wake_up(&server->response_q);
720                 return -EAGAIN;
721         }
722
723         /* switch to large buffer if too big for a small one */
724         if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
725                 server->large_buf = true;
726                 memcpy(server->bigbuf, server->smallbuf, server->total_read);
727                 buf = server->bigbuf;
728                 smb_buffer = (struct smb_hdr *)buf;
729         }
730
731         /* now read the rest */
732         length = cifs_read_from_socket(server,
733                           buf + sizeof(struct smb_hdr) - 1,
734                           pdu_length - sizeof(struct smb_hdr) + 1 + 4);
735         if (length < 0)
736                 return length;
737         server->total_read += length;
738
739         dump_smb(smb_buffer, server->total_read);
740
741         /*
742          * We know that we received enough to get to the MID as we
743          * checked the pdu_length earlier. Now check to see
744          * if the rest of the header is OK. We borrow the length
745          * var for the rest of the loop to avoid a new stack var.
746          *
747          * 48 bytes is enough to display the header and a little bit
748          * into the payload for debugging purposes.
749          */
750         length = checkSMB(smb_buffer, smb_buffer->Mid, server->total_read);
751         if (length != 0)
752                 cifs_dump_mem("Bad SMB: ", buf,
753                         min_t(unsigned int, server->total_read, 48));
754
755         if (!mid)
756                 return length;
757
758         handle_mid(mid, server, smb_buffer, length);
759         return 0;
760 }
761
762 static int
763 cifs_demultiplex_thread(void *p)
764 {
765         int length;
766         struct TCP_Server_Info *server = p;
767         unsigned int pdu_length;
768         char *buf = NULL;
769         struct smb_hdr *smb_buffer = NULL;
770         struct task_struct *task_to_wake = NULL;
771         struct mid_q_entry *mid_entry;
772
773         current->flags |= PF_MEMALLOC;
774         cFYI(1, "Demultiplex PID: %d", task_pid_nr(current));
775
776         length = atomic_inc_return(&tcpSesAllocCount);
777         if (length > 1)
778                 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
779                                 GFP_KERNEL);
780
781         set_freezable();
782         while (server->tcpStatus != CifsExiting) {
783                 if (try_to_freeze())
784                         continue;
785
786                 if (!allocate_buffers(server))
787                         continue;
788
789                 server->large_buf = false;
790                 smb_buffer = (struct smb_hdr *)server->smallbuf;
791                 buf = server->smallbuf;
792                 pdu_length = 4; /* enough to get RFC1001 header */
793
794                 length = cifs_read_from_socket(server, buf, pdu_length);
795                 if (length < 0)
796                         continue;
797                 server->total_read = length;
798
799                 /*
800                  * The right amount was read from socket - 4 bytes,
801                  * so we can now interpret the length field.
802                  */
803                 pdu_length = be32_to_cpu(smb_buffer->smb_buf_length);
804
805                 cFYI(1, "RFC1002 header 0x%x", pdu_length);
806                 if (!is_smb_response(server, buf[0]))
807                         continue;
808
809                 /* make sure we have enough to get to the MID */
810                 if (pdu_length < sizeof(struct smb_hdr) - 1 - 4) {
811                         cERROR(1, "SMB response too short (%u bytes)",
812                                 pdu_length);
813                         cifs_reconnect(server);
814                         wake_up(&server->response_q);
815                         continue;
816                 }
817
818                 /* read down to the MID */
819                 length = cifs_read_from_socket(server, buf + 4,
820                                         sizeof(struct smb_hdr) - 1 - 4);
821                 if (length < 0)
822                         continue;
823                 server->total_read += length;
824
825                 mid_entry = find_mid(server, smb_buffer);
826
827                 if (!mid_entry || !mid_entry->receive)
828                         length = standard_receive3(server, mid_entry);
829                 else
830                         length = mid_entry->receive(server, mid_entry);
831
832                 if (length < 0)
833                         continue;
834
835                 if (server->large_buf) {
836                         buf = server->bigbuf;
837                         smb_buffer = (struct smb_hdr *)buf;
838                 }
839
840                 server->lstrp = jiffies;
841                 if (mid_entry != NULL) {
842                         if (!mid_entry->multiRsp || mid_entry->multiEnd)
843                                 mid_entry->callback(mid_entry);
844                 } else if (!is_valid_oplock_break(smb_buffer, server)) {
845                         cERROR(1, "No task to wake, unknown frame received! "
846                                    "NumMids %d", atomic_read(&midCount));
847                         cifs_dump_mem("Received Data is: ", buf,
848                                       sizeof(struct smb_hdr));
849 #ifdef CONFIG_CIFS_DEBUG2
850                         cifs_dump_detail(smb_buffer);
851                         cifs_dump_mids(server);
852 #endif /* CIFS_DEBUG2 */
853
854                 }
855         } /* end while !EXITING */
856
857         /* buffer usually freed in free_mid - need to free it here on exit */
858         cifs_buf_release(server->bigbuf);
859         if (server->smallbuf) /* no sense logging a debug message if NULL */
860                 cifs_small_buf_release(server->smallbuf);
861
862         task_to_wake = xchg(&server->tsk, NULL);
863         clean_demultiplex_info(server);
864
865         /* if server->tsk was NULL then wait for a signal before exiting */
866         if (!task_to_wake) {
867                 set_current_state(TASK_INTERRUPTIBLE);
868                 while (!signal_pending(current)) {
869                         schedule();
870                         set_current_state(TASK_INTERRUPTIBLE);
871                 }
872                 set_current_state(TASK_RUNNING);
873         }
874
875         module_put_and_exit(0);
876 }
877
878 /* extract the host portion of the UNC string */
879 static char *
880 extract_hostname(const char *unc)
881 {
882         const char *src;
883         char *dst, *delim;
884         unsigned int len;
885
886         /* skip double chars at beginning of string */
887         /* BB: check validity of these bytes? */
888         src = unc + 2;
889
890         /* delimiter between hostname and sharename is always '\\' now */
891         delim = strchr(src, '\\');
892         if (!delim)
893                 return ERR_PTR(-EINVAL);
894
895         len = delim - src;
896         dst = kmalloc((len + 1), GFP_KERNEL);
897         if (dst == NULL)
898                 return ERR_PTR(-ENOMEM);
899
900         memcpy(dst, src, len);
901         dst[len] = '\0';
902
903         return dst;
904 }
905
906 static int
907 cifs_parse_mount_options(const char *mountdata, const char *devname,
908                          struct smb_vol *vol)
909 {
910         char *value, *data, *end;
911         char *mountdata_copy = NULL, *options;
912         int err;
913         unsigned int  temp_len, i, j;
914         char separator[2];
915         short int override_uid = -1;
916         short int override_gid = -1;
917         bool uid_specified = false;
918         bool gid_specified = false;
919         char *nodename = utsname()->nodename;
920
921         separator[0] = ',';
922         separator[1] = 0;
923
924         /*
925          * does not have to be perfect mapping since field is
926          * informational, only used for servers that do not support
927          * port 445 and it can be overridden at mount time
928          */
929         memset(vol->source_rfc1001_name, 0x20, RFC1001_NAME_LEN);
930         for (i = 0; i < strnlen(nodename, RFC1001_NAME_LEN); i++)
931                 vol->source_rfc1001_name[i] = toupper(nodename[i]);
932
933         vol->source_rfc1001_name[RFC1001_NAME_LEN] = 0;
934         /* null target name indicates to use *SMBSERVR default called name
935            if we end up sending RFC1001 session initialize */
936         vol->target_rfc1001_name[0] = 0;
937         vol->cred_uid = current_uid();
938         vol->linux_uid = current_uid();
939         vol->linux_gid = current_gid();
940
941         /* default to only allowing write access to owner of the mount */
942         vol->dir_mode = vol->file_mode = S_IRUGO | S_IXUGO | S_IWUSR;
943
944         /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
945         /* default is always to request posix paths. */
946         vol->posix_paths = 1;
947         /* default to using server inode numbers where available */
948         vol->server_ino = 1;
949
950         vol->actimeo = CIFS_DEF_ACTIMEO;
951
952         if (!mountdata)
953                 goto cifs_parse_mount_err;
954
955         mountdata_copy = kstrndup(mountdata, PAGE_SIZE, GFP_KERNEL);
956         if (!mountdata_copy)
957                 goto cifs_parse_mount_err;
958
959         options = mountdata_copy;
960         end = options + strlen(options);
961         if (strncmp(options, "sep=", 4) == 0) {
962                 if (options[4] != 0) {
963                         separator[0] = options[4];
964                         options += 5;
965                 } else {
966                         cFYI(1, "Null separator not allowed");
967                 }
968         }
969         vol->backupuid_specified = false; /* no backup intent for a user */
970         vol->backupgid_specified = false; /* no backup intent for a group */
971
972         while ((data = strsep(&options, separator)) != NULL) {
973                 if (!*data)
974                         continue;
975                 if ((value = strchr(data, '=')) != NULL)
976                         *value++ = '\0';
977
978                 /* Have to parse this before we parse for "user" */
979                 if (strnicmp(data, "user_xattr", 10) == 0) {
980                         vol->no_xattr = 0;
981                 } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
982                         vol->no_xattr = 1;
983                 } else if (strnicmp(data, "user", 4) == 0) {
984                         if (!value) {
985                                 printk(KERN_WARNING
986                                        "CIFS: invalid or missing username\n");
987                                 goto cifs_parse_mount_err;
988                         } else if (!*value) {
989                                 /* null user, ie anonymous, authentication */
990                                 vol->nullauth = 1;
991                         }
992                         if (strnlen(value, MAX_USERNAME_SIZE) <
993                                                 MAX_USERNAME_SIZE) {
994                                 vol->username = kstrdup(value, GFP_KERNEL);
995                                 if (!vol->username) {
996                                         printk(KERN_WARNING "CIFS: no memory "
997                                                             "for username\n");
998                                         goto cifs_parse_mount_err;
999                                 }
1000                         } else {
1001                                 printk(KERN_WARNING "CIFS: username too long\n");
1002                                 goto cifs_parse_mount_err;
1003                         }
1004                 } else if (strnicmp(data, "pass", 4) == 0) {
1005                         if (!value) {
1006                                 vol->password = NULL;
1007                                 continue;
1008                         } else if (value[0] == 0) {
1009                                 /* check if string begins with double comma
1010                                    since that would mean the password really
1011                                    does start with a comma, and would not
1012                                    indicate an empty string */
1013                                 if (value[1] != separator[0]) {
1014                                         vol->password = NULL;
1015                                         continue;
1016                                 }
1017                         }
1018                         temp_len = strlen(value);
1019                         /* removed password length check, NTLM passwords
1020                                 can be arbitrarily long */
1021
1022                         /* if comma in password, the string will be
1023                         prematurely null terminated.  Commas in password are
1024                         specified across the cifs mount interface by a double
1025                         comma ie ,, and a comma used as in other cases ie ','
1026                         as a parameter delimiter/separator is single and due
1027                         to the strsep above is temporarily zeroed. */
1028
1029                         /* NB: password legally can have multiple commas and
1030                         the only illegal character in a password is null */
1031
1032                         if ((value[temp_len] == 0) &&
1033                             (value + temp_len < end) &&
1034                             (value[temp_len+1] == separator[0])) {
1035                                 /* reinsert comma */
1036                                 value[temp_len] = separator[0];
1037                                 temp_len += 2;  /* move after second comma */
1038                                 while (value[temp_len] != 0)  {
1039                                         if (value[temp_len] == separator[0]) {
1040                                                 if (value[temp_len+1] ==
1041                                                      separator[0]) {
1042                                                 /* skip second comma */
1043                                                         temp_len++;
1044                                                 } else {
1045                                                 /* single comma indicating start
1046                                                          of next parm */
1047                                                         break;
1048                                                 }
1049                                         }
1050                                         temp_len++;
1051                                 }
1052                                 if (value[temp_len] == 0) {
1053                                         options = NULL;
1054                                 } else {
1055                                         value[temp_len] = 0;
1056                                         /* point option to start of next parm */
1057                                         options = value + temp_len + 1;
1058                                 }
1059                                 /* go from value to value + temp_len condensing
1060                                 double commas to singles. Note that this ends up
1061                                 allocating a few bytes too many, which is ok */
1062                                 vol->password = kzalloc(temp_len, GFP_KERNEL);
1063                                 if (vol->password == NULL) {
1064                                         printk(KERN_WARNING "CIFS: no memory "
1065                                                             "for password\n");
1066                                         goto cifs_parse_mount_err;
1067                                 }
1068                                 for (i = 0, j = 0; i < temp_len; i++, j++) {
1069                                         vol->password[j] = value[i];
1070                                         if (value[i] == separator[0]
1071                                                 && value[i+1] == separator[0]) {
1072                                                 /* skip second comma */
1073                                                 i++;
1074                                         }
1075                                 }
1076                                 vol->password[j] = 0;
1077                         } else {
1078                                 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
1079                                 if (vol->password == NULL) {
1080                                         printk(KERN_WARNING "CIFS: no memory "
1081                                                             "for password\n");
1082                                         goto cifs_parse_mount_err;
1083                                 }
1084                                 strcpy(vol->password, value);
1085                         }
1086                 } else if (!strnicmp(data, "ip", 2) ||
1087                            !strnicmp(data, "addr", 4)) {
1088                         if (!value || !*value) {
1089                                 vol->UNCip = NULL;
1090                         } else if (strnlen(value, INET6_ADDRSTRLEN) <
1091                                                         INET6_ADDRSTRLEN) {
1092                                 vol->UNCip = kstrdup(value, GFP_KERNEL);
1093                                 if (!vol->UNCip) {
1094                                         printk(KERN_WARNING "CIFS: no memory "
1095                                                             "for UNC IP\n");
1096                                         goto cifs_parse_mount_err;
1097                                 }
1098                         } else {
1099                                 printk(KERN_WARNING "CIFS: ip address "
1100                                                     "too long\n");
1101                                 goto cifs_parse_mount_err;
1102                         }
1103                 } else if (strnicmp(data, "sec", 3) == 0) {
1104                         if (!value || !*value) {
1105                                 cERROR(1, "no security value specified");
1106                                 continue;
1107                         } else if (strnicmp(value, "krb5i", 5) == 0) {
1108                                 vol->secFlg |= CIFSSEC_MAY_KRB5 |
1109                                         CIFSSEC_MUST_SIGN;
1110                         } else if (strnicmp(value, "krb5p", 5) == 0) {
1111                                 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
1112                                         CIFSSEC_MAY_KRB5; */
1113                                 cERROR(1, "Krb5 cifs privacy not supported");
1114                                 goto cifs_parse_mount_err;
1115                         } else if (strnicmp(value, "krb5", 4) == 0) {
1116                                 vol->secFlg |= CIFSSEC_MAY_KRB5 | 
1117                                         CIFSSEC_MAY_SIGN;
1118                         } else if (strnicmp(value, "ntlmsspi", 8) == 0) {
1119                                 vol->secFlg |= CIFSSEC_MAY_NTLMSSP |
1120                                         CIFSSEC_MUST_SIGN;
1121                         } else if (strnicmp(value, "ntlmssp", 7) == 0) {
1122                                 vol->secFlg |= CIFSSEC_MAY_NTLMSSP;
1123                         } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
1124                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
1125                                         CIFSSEC_MUST_SIGN;
1126                         } else if (strnicmp(value, "ntlmv2", 6) == 0) {
1127                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
1128                         } else if (strnicmp(value, "ntlmi", 5) == 0) {
1129                                 vol->secFlg |= CIFSSEC_MAY_NTLM |
1130                                         CIFSSEC_MUST_SIGN;
1131                         } else if (strnicmp(value, "ntlm", 4) == 0) {
1132                                 /* ntlm is default so can be turned off too */
1133                                 vol->secFlg |= CIFSSEC_MAY_NTLM;
1134                         } else if (strnicmp(value, "nontlm", 6) == 0) {
1135                                 /* BB is there a better way to do this? */
1136                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
1137 #ifdef CONFIG_CIFS_WEAK_PW_HASH
1138                         } else if (strnicmp(value, "lanman", 6) == 0) {
1139                                 vol->secFlg |= CIFSSEC_MAY_LANMAN;
1140 #endif
1141                         } else if (strnicmp(value, "none", 4) == 0) {
1142                                 vol->nullauth = 1;
1143                         } else {
1144                                 cERROR(1, "bad security option: %s", value);
1145                                 goto cifs_parse_mount_err;
1146                         }
1147                 } else if (strnicmp(data, "vers", 3) == 0) {
1148                         if (!value || !*value) {
1149                                 cERROR(1, "no protocol version specified"
1150                                           " after vers= mount option");
1151                         } else if ((strnicmp(value, "cifs", 4) == 0) ||
1152                                    (strnicmp(value, "1", 1) == 0)) {
1153                                 /* this is the default */
1154                                 continue;
1155                         }
1156                 } else if ((strnicmp(data, "unc", 3) == 0)
1157                            || (strnicmp(data, "target", 6) == 0)
1158                            || (strnicmp(data, "path", 4) == 0)) {
1159                         if (!value || !*value) {
1160                                 printk(KERN_WARNING "CIFS: invalid path to "
1161                                                     "network resource\n");
1162                                 goto cifs_parse_mount_err;
1163                         }
1164                         if ((temp_len = strnlen(value, 300)) < 300) {
1165                                 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1166                                 if (vol->UNC == NULL)
1167                                         goto cifs_parse_mount_err;
1168                                 strcpy(vol->UNC, value);
1169                                 if (strncmp(vol->UNC, "//", 2) == 0) {
1170                                         vol->UNC[0] = '\\';
1171                                         vol->UNC[1] = '\\';
1172                                 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1173                                         printk(KERN_WARNING
1174                                                "CIFS: UNC Path does not begin "
1175                                                "with // or \\\\ \n");
1176                                         goto cifs_parse_mount_err;
1177                                 }
1178                         } else {
1179                                 printk(KERN_WARNING "CIFS: UNC name too long\n");
1180                                 goto cifs_parse_mount_err;
1181                         }
1182                 } else if ((strnicmp(data, "domain", 3) == 0)
1183                            || (strnicmp(data, "workgroup", 5) == 0)) {
1184                         if (!value || !*value) {
1185                                 printk(KERN_WARNING "CIFS: invalid domain name\n");
1186                                 goto cifs_parse_mount_err;
1187                         }
1188                         /* BB are there cases in which a comma can be valid in
1189                         a domain name and need special handling? */
1190                         if (strnlen(value, 256) < 256) {
1191                                 vol->domainname = kstrdup(value, GFP_KERNEL);
1192                                 if (!vol->domainname) {
1193                                         printk(KERN_WARNING "CIFS: no memory "
1194                                                             "for domainname\n");
1195                                         goto cifs_parse_mount_err;
1196                                 }
1197                                 cFYI(1, "Domain name set");
1198                         } else {
1199                                 printk(KERN_WARNING "CIFS: domain name too "
1200                                                     "long\n");
1201                                 goto cifs_parse_mount_err;
1202                         }
1203                 } else if (strnicmp(data, "srcaddr", 7) == 0) {
1204                         vol->srcaddr.ss_family = AF_UNSPEC;
1205
1206                         if (!value || !*value) {
1207                                 printk(KERN_WARNING "CIFS: srcaddr value"
1208                                        " not specified.\n");
1209                                 goto cifs_parse_mount_err;
1210                         }
1211                         i = cifs_convert_address((struct sockaddr *)&vol->srcaddr,
1212                                                  value, strlen(value));
1213                         if (i == 0) {
1214                                 printk(KERN_WARNING "CIFS:  Could not parse"
1215                                        " srcaddr: %s\n",
1216                                        value);
1217                                 goto cifs_parse_mount_err;
1218                         }
1219                 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1220                         if (!value || !*value) {
1221                                 printk(KERN_WARNING
1222                                         "CIFS: invalid path prefix\n");
1223                                 goto cifs_parse_mount_err;
1224                         }
1225                         if ((temp_len = strnlen(value, 1024)) < 1024) {
1226                                 if (value[0] != '/')
1227                                         temp_len++;  /* missing leading slash */
1228                                 vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1229                                 if (vol->prepath == NULL)
1230                                         goto cifs_parse_mount_err;
1231                                 if (value[0] != '/') {
1232                                         vol->prepath[0] = '/';
1233                                         strcpy(vol->prepath+1, value);
1234                                 } else
1235                                         strcpy(vol->prepath, value);
1236                                 cFYI(1, "prefix path %s", vol->prepath);
1237                         } else {
1238                                 printk(KERN_WARNING "CIFS: prefix too long\n");
1239                                 goto cifs_parse_mount_err;
1240                         }
1241                 } else if (strnicmp(data, "iocharset", 9) == 0) {
1242                         if (!value || !*value) {
1243                                 printk(KERN_WARNING "CIFS: invalid iocharset "
1244                                                     "specified\n");
1245                                 goto cifs_parse_mount_err;
1246                         }
1247                         if (strnlen(value, 65) < 65) {
1248                                 if (strnicmp(value, "default", 7)) {
1249                                         vol->iocharset = kstrdup(value,
1250                                                                  GFP_KERNEL);
1251
1252                                         if (!vol->iocharset) {
1253                                                 printk(KERN_WARNING "CIFS: no "
1254                                                                    "memory for"
1255                                                                    "charset\n");
1256                                                 goto cifs_parse_mount_err;
1257                                         }
1258                                 }
1259                                 /* if iocharset not set then load_nls_default
1260                                    is used by caller */
1261                                 cFYI(1, "iocharset set to %s", value);
1262                         } else {
1263                                 printk(KERN_WARNING "CIFS: iocharset name "
1264                                                     "too long.\n");
1265                                 goto cifs_parse_mount_err;
1266                         }
1267                 } else if (!strnicmp(data, "uid", 3) && value && *value) {
1268                         vol->linux_uid = simple_strtoul(value, &value, 0);
1269                         uid_specified = true;
1270                 } else if (!strnicmp(data, "cruid", 5) && value && *value) {
1271                         vol->cred_uid = simple_strtoul(value, &value, 0);
1272                 } else if (!strnicmp(data, "forceuid", 8)) {
1273                         override_uid = 1;
1274                 } else if (!strnicmp(data, "noforceuid", 10)) {
1275                         override_uid = 0;
1276                 } else if (!strnicmp(data, "gid", 3) && value && *value) {
1277                         vol->linux_gid = simple_strtoul(value, &value, 0);
1278                         gid_specified = true;
1279                 } else if (!strnicmp(data, "forcegid", 8)) {
1280                         override_gid = 1;
1281                 } else if (!strnicmp(data, "noforcegid", 10)) {
1282                         override_gid = 0;
1283                 } else if (strnicmp(data, "file_mode", 4) == 0) {
1284                         if (value && *value) {
1285                                 vol->file_mode =
1286                                         simple_strtoul(value, &value, 0);
1287                         }
1288                 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1289                         if (value && *value) {
1290                                 vol->dir_mode =
1291                                         simple_strtoul(value, &value, 0);
1292                         }
1293                 } else if (strnicmp(data, "dirmode", 4) == 0) {
1294                         if (value && *value) {
1295                                 vol->dir_mode =
1296                                         simple_strtoul(value, &value, 0);
1297                         }
1298                 } else if (strnicmp(data, "port", 4) == 0) {
1299                         if (value && *value) {
1300                                 vol->port =
1301                                         simple_strtoul(value, &value, 0);
1302                         }
1303                 } else if (strnicmp(data, "rsize", 5) == 0) {
1304                         if (value && *value) {
1305                                 vol->rsize =
1306                                         simple_strtoul(value, &value, 0);
1307                         }
1308                 } else if (strnicmp(data, "wsize", 5) == 0) {
1309                         if (value && *value) {
1310                                 vol->wsize =
1311                                         simple_strtoul(value, &value, 0);
1312                         }
1313                 } else if (strnicmp(data, "sockopt", 5) == 0) {
1314                         if (!value || !*value) {
1315                                 cERROR(1, "no socket option specified");
1316                                 continue;
1317                         } else if (strnicmp(value, "TCP_NODELAY", 11) == 0) {
1318                                 vol->sockopt_tcp_nodelay = 1;
1319                         }
1320                 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1321                         if (!value || !*value || (*value == ' ')) {
1322                                 cFYI(1, "invalid (empty) netbiosname");
1323                         } else {
1324                                 memset(vol->source_rfc1001_name, 0x20,
1325                                         RFC1001_NAME_LEN);
1326                                 /*
1327                                  * FIXME: are there cases in which a comma can
1328                                  * be valid in workstation netbios name (and
1329                                  * need special handling)?
1330                                  */
1331                                 for (i = 0; i < RFC1001_NAME_LEN; i++) {
1332                                         /* don't ucase netbiosname for user */
1333                                         if (value[i] == 0)
1334                                                 break;
1335                                         vol->source_rfc1001_name[i] = value[i];
1336                                 }
1337                                 /* The string has 16th byte zero still from
1338                                 set at top of the function  */
1339                                 if (i == RFC1001_NAME_LEN && value[i] != 0)
1340                                         printk(KERN_WARNING "CIFS: netbiosname"
1341                                                 " longer than 15 truncated.\n");
1342                         }
1343                 } else if (strnicmp(data, "servern", 7) == 0) {
1344                         /* servernetbiosname specified override *SMBSERVER */
1345                         if (!value || !*value || (*value == ' ')) {
1346                                 cFYI(1, "empty server netbiosname specified");
1347                         } else {
1348                                 /* last byte, type, is 0x20 for servr type */
1349                                 memset(vol->target_rfc1001_name, 0x20,
1350                                         RFC1001_NAME_LEN_WITH_NULL);
1351
1352                                 for (i = 0; i < 15; i++) {
1353                                 /* BB are there cases in which a comma can be
1354                                    valid in this workstation netbios name
1355                                    (and need special handling)? */
1356
1357                                 /* user or mount helper must uppercase
1358                                    the netbiosname */
1359                                         if (value[i] == 0)
1360                                                 break;
1361                                         else
1362                                                 vol->target_rfc1001_name[i] =
1363                                                                 value[i];
1364                                 }
1365                                 /* The string has 16th byte zero still from
1366                                    set at top of the function  */
1367                                 if (i == RFC1001_NAME_LEN && value[i] != 0)
1368                                         printk(KERN_WARNING "CIFS: server net"
1369                                         "biosname longer than 15 truncated.\n");
1370                         }
1371                 } else if (strnicmp(data, "actimeo", 7) == 0) {
1372                         if (value && *value) {
1373                                 vol->actimeo = HZ * simple_strtoul(value,
1374                                                                    &value, 0);
1375                                 if (vol->actimeo > CIFS_MAX_ACTIMEO) {
1376                                         cERROR(1, "CIFS: attribute cache"
1377                                                         "timeout too large");
1378                                         goto cifs_parse_mount_err;
1379                                 }
1380                         }
1381                 } else if (strnicmp(data, "credentials", 4) == 0) {
1382                         /* ignore */
1383                 } else if (strnicmp(data, "version", 3) == 0) {
1384                         /* ignore */
1385                 } else if (strnicmp(data, "guest", 5) == 0) {
1386                         /* ignore */
1387                 } else if (strnicmp(data, "rw", 2) == 0 && strlen(data) == 2) {
1388                         /* ignore */
1389                 } else if (strnicmp(data, "ro", 2) == 0) {
1390                         /* ignore */
1391                 } else if (strnicmp(data, "noblocksend", 11) == 0) {
1392                         vol->noblocksnd = 1;
1393                 } else if (strnicmp(data, "noautotune", 10) == 0) {
1394                         vol->noautotune = 1;
1395                 } else if ((strnicmp(data, "suid", 4) == 0) ||
1396                                    (strnicmp(data, "nosuid", 6) == 0) ||
1397                                    (strnicmp(data, "exec", 4) == 0) ||
1398                                    (strnicmp(data, "noexec", 6) == 0) ||
1399                                    (strnicmp(data, "nodev", 5) == 0) ||
1400                                    (strnicmp(data, "noauto", 6) == 0) ||
1401                                    (strnicmp(data, "dev", 3) == 0)) {
1402                         /*  The mount tool or mount.cifs helper (if present)
1403                             uses these opts to set flags, and the flags are read
1404                             by the kernel vfs layer before we get here (ie
1405                             before read super) so there is no point trying to
1406                             parse these options again and set anything and it
1407                             is ok to just ignore them */
1408                         continue;
1409                 } else if (strnicmp(data, "hard", 4) == 0) {
1410                         vol->retry = 1;
1411                 } else if (strnicmp(data, "soft", 4) == 0) {
1412                         vol->retry = 0;
1413                 } else if (strnicmp(data, "perm", 4) == 0) {
1414                         vol->noperm = 0;
1415                 } else if (strnicmp(data, "noperm", 6) == 0) {
1416                         vol->noperm = 1;
1417                 } else if (strnicmp(data, "mapchars", 8) == 0) {
1418                         vol->remap = 1;
1419                 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1420                         vol->remap = 0;
1421                 } else if (strnicmp(data, "sfu", 3) == 0) {
1422                         vol->sfu_emul = 1;
1423                 } else if (strnicmp(data, "nosfu", 5) == 0) {
1424                         vol->sfu_emul = 0;
1425                 } else if (strnicmp(data, "nodfs", 5) == 0) {
1426                         vol->nodfs = 1;
1427                 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1428                         vol->posix_paths = 1;
1429                 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1430                         vol->posix_paths = 0;
1431                 } else if (strnicmp(data, "nounix", 6) == 0) {
1432                         vol->no_linux_ext = 1;
1433                 } else if (strnicmp(data, "nolinux", 7) == 0) {
1434                         vol->no_linux_ext = 1;
1435                 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1436                            (strnicmp(data, "ignorecase", 10)  == 0)) {
1437                         vol->nocase = 1;
1438                 } else if (strnicmp(data, "mand", 4) == 0) {
1439                         /* ignore */
1440                 } else if (strnicmp(data, "nomand", 6) == 0) {
1441                         /* ignore */
1442                 } else if (strnicmp(data, "_netdev", 7) == 0) {
1443                         /* ignore */
1444                 } else if (strnicmp(data, "brl", 3) == 0) {
1445                         vol->nobrl =  0;
1446                 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1447                            (strnicmp(data, "nolock", 6) == 0)) {
1448                         vol->nobrl =  1;
1449                         /* turn off mandatory locking in mode
1450                         if remote locking is turned off since the
1451                         local vfs will do advisory */
1452                         if (vol->file_mode ==
1453                                 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1454                                 vol->file_mode = S_IALLUGO;
1455                 } else if (strnicmp(data, "forcemandatorylock", 9) == 0) {
1456                         /* will take the shorter form "forcemand" as well */
1457                         /* This mount option will force use of mandatory
1458                           (DOS/Windows style) byte range locks, instead of
1459                           using posix advisory byte range locks, even if the
1460                           Unix extensions are available and posix locks would
1461                           be supported otherwise. If Unix extensions are not
1462                           negotiated this has no effect since mandatory locks
1463                           would be used (mandatory locks is all that those
1464                           those servers support) */
1465                         vol->mand_lock = 1;
1466                 } else if (strnicmp(data, "setuids", 7) == 0) {
1467                         vol->setuids = 1;
1468                 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1469                         vol->setuids = 0;
1470                 } else if (strnicmp(data, "dynperm", 7) == 0) {
1471                         vol->dynperm = true;
1472                 } else if (strnicmp(data, "nodynperm", 9) == 0) {
1473                         vol->dynperm = false;
1474                 } else if (strnicmp(data, "nohard", 6) == 0) {
1475                         vol->retry = 0;
1476                 } else if (strnicmp(data, "nosoft", 6) == 0) {
1477                         vol->retry = 1;
1478                 } else if (strnicmp(data, "nointr", 6) == 0) {
1479                         vol->intr = 0;
1480                 } else if (strnicmp(data, "intr", 4) == 0) {
1481                         vol->intr = 1;
1482                 } else if (strnicmp(data, "nostrictsync", 12) == 0) {
1483                         vol->nostrictsync = 1;
1484                 } else if (strnicmp(data, "strictsync", 10) == 0) {
1485                         vol->nostrictsync = 0;
1486                 } else if (strnicmp(data, "serverino", 7) == 0) {
1487                         vol->server_ino = 1;
1488                 } else if (strnicmp(data, "noserverino", 9) == 0) {
1489                         vol->server_ino = 0;
1490                 } else if (strnicmp(data, "rwpidforward", 12) == 0) {
1491                         vol->rwpidforward = 1;
1492                 } else if (strnicmp(data, "cifsacl", 7) == 0) {
1493                         vol->cifs_acl = 1;
1494                 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1495                         vol->cifs_acl = 0;
1496                 } else if (strnicmp(data, "acl", 3) == 0) {
1497                         vol->no_psx_acl = 0;
1498                 } else if (strnicmp(data, "noacl", 5) == 0) {
1499                         vol->no_psx_acl = 1;
1500                 } else if (strnicmp(data, "locallease", 6) == 0) {
1501                         vol->local_lease = 1;
1502                 } else if (strnicmp(data, "sign", 4) == 0) {
1503                         vol->secFlg |= CIFSSEC_MUST_SIGN;
1504                 } else if (strnicmp(data, "seal", 4) == 0) {
1505                         /* we do not do the following in secFlags because seal
1506                            is a per tree connection (mount) not a per socket
1507                            or per-smb connection option in the protocol */
1508                         /* vol->secFlg |= CIFSSEC_MUST_SEAL; */
1509                         vol->seal = 1;
1510                 } else if (strnicmp(data, "direct", 6) == 0) {
1511                         vol->direct_io = 1;
1512                 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1513                         vol->direct_io = 1;
1514                 } else if (strnicmp(data, "strictcache", 11) == 0) {
1515                         vol->strict_io = 1;
1516                 } else if (strnicmp(data, "noac", 4) == 0) {
1517                         printk(KERN_WARNING "CIFS: Mount option noac not "
1518                                 "supported. Instead set "
1519                                 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1520                 } else if (strnicmp(data, "fsc", 3) == 0) {
1521 #ifndef CONFIG_CIFS_FSCACHE
1522                         cERROR(1, "FS-Cache support needs CONFIG_CIFS_FSCACHE "
1523                                   "kernel config option set");
1524                         goto cifs_parse_mount_err;
1525 #endif
1526                         vol->fsc = true;
1527                 } else if (strnicmp(data, "mfsymlinks", 10) == 0) {
1528                         vol->mfsymlinks = true;
1529                 } else if (strnicmp(data, "multiuser", 8) == 0) {
1530                         vol->multiuser = true;
1531                 } else if (!strnicmp(data, "backupuid", 9) && value && *value) {
1532                         err = kstrtouint(value, 0, &vol->backupuid);
1533                         if (err < 0) {
1534                                 cERROR(1, "%s: Invalid backupuid value",
1535                                         __func__);
1536                                 goto cifs_parse_mount_err;
1537                         }
1538                         vol->backupuid_specified = true;
1539                 } else if (!strnicmp(data, "backupgid", 9) && value && *value) {
1540                         err = kstrtouint(value, 0, &vol->backupgid);
1541                         if (err < 0) {
1542                                 cERROR(1, "%s: Invalid backupgid value",
1543                                         __func__);
1544                                 goto cifs_parse_mount_err;
1545                         }
1546                         vol->backupgid_specified = true;
1547                 } else
1548                         printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1549                                                 data);
1550         }
1551         if (vol->UNC == NULL) {
1552                 if (devname == NULL) {
1553                         printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1554                                                 "target\n");
1555                         goto cifs_parse_mount_err;
1556                 }
1557                 if ((temp_len = strnlen(devname, 300)) < 300) {
1558                         vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1559                         if (vol->UNC == NULL)
1560                                 goto cifs_parse_mount_err;
1561                         strcpy(vol->UNC, devname);
1562                         if (strncmp(vol->UNC, "//", 2) == 0) {
1563                                 vol->UNC[0] = '\\';
1564                                 vol->UNC[1] = '\\';
1565                         } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1566                                 printk(KERN_WARNING "CIFS: UNC Path does not "
1567                                                     "begin with // or \\\\ \n");
1568                                 goto cifs_parse_mount_err;
1569                         }
1570                         value = strpbrk(vol->UNC+2, "/\\");
1571                         if (value)
1572                                 *value = '\\';
1573                 } else {
1574                         printk(KERN_WARNING "CIFS: UNC name too long\n");
1575                         goto cifs_parse_mount_err;
1576                 }
1577         }
1578
1579         if (vol->multiuser && !(vol->secFlg & CIFSSEC_MAY_KRB5)) {
1580                 cERROR(1, "Multiuser mounts currently require krb5 "
1581                           "authentication!");
1582                 goto cifs_parse_mount_err;
1583         }
1584
1585         if (vol->UNCip == NULL)
1586                 vol->UNCip = &vol->UNC[2];
1587
1588         if (uid_specified)
1589                 vol->override_uid = override_uid;
1590         else if (override_uid == 1)
1591                 printk(KERN_NOTICE "CIFS: ignoring forceuid mount option "
1592                                    "specified with no uid= option.\n");
1593
1594         if (gid_specified)
1595                 vol->override_gid = override_gid;
1596         else if (override_gid == 1)
1597                 printk(KERN_NOTICE "CIFS: ignoring forcegid mount option "
1598                                    "specified with no gid= option.\n");
1599
1600         kfree(mountdata_copy);
1601         return 0;
1602
1603 cifs_parse_mount_err:
1604         kfree(mountdata_copy);
1605         return 1;
1606 }
1607
1608 /** Returns true if srcaddr isn't specified and rhs isn't
1609  * specified, or if srcaddr is specified and
1610  * matches the IP address of the rhs argument.
1611  */
1612 static bool
1613 srcip_matches(struct sockaddr *srcaddr, struct sockaddr *rhs)
1614 {
1615         switch (srcaddr->sa_family) {
1616         case AF_UNSPEC:
1617                 return (rhs->sa_family == AF_UNSPEC);
1618         case AF_INET: {
1619                 struct sockaddr_in *saddr4 = (struct sockaddr_in *)srcaddr;
1620                 struct sockaddr_in *vaddr4 = (struct sockaddr_in *)rhs;
1621                 return (saddr4->sin_addr.s_addr == vaddr4->sin_addr.s_addr);
1622         }
1623         case AF_INET6: {
1624                 struct sockaddr_in6 *saddr6 = (struct sockaddr_in6 *)srcaddr;
1625                 struct sockaddr_in6 *vaddr6 = (struct sockaddr_in6 *)&rhs;
1626                 return ipv6_addr_equal(&saddr6->sin6_addr, &vaddr6->sin6_addr);
1627         }
1628         default:
1629                 WARN_ON(1);
1630                 return false; /* don't expect to be here */
1631         }
1632 }
1633
1634 /*
1635  * If no port is specified in addr structure, we try to match with 445 port
1636  * and if it fails - with 139 ports. It should be called only if address
1637  * families of server and addr are equal.
1638  */
1639 static bool
1640 match_port(struct TCP_Server_Info *server, struct sockaddr *addr)
1641 {
1642         __be16 port, *sport;
1643
1644         switch (addr->sa_family) {
1645         case AF_INET:
1646                 sport = &((struct sockaddr_in *) &server->dstaddr)->sin_port;
1647                 port = ((struct sockaddr_in *) addr)->sin_port;
1648                 break;
1649         case AF_INET6:
1650                 sport = &((struct sockaddr_in6 *) &server->dstaddr)->sin6_port;
1651                 port = ((struct sockaddr_in6 *) addr)->sin6_port;
1652                 break;
1653         default:
1654                 WARN_ON(1);
1655                 return false;
1656         }
1657
1658         if (!port) {
1659                 port = htons(CIFS_PORT);
1660                 if (port == *sport)
1661                         return true;
1662
1663                 port = htons(RFC1001_PORT);
1664         }
1665
1666         return port == *sport;
1667 }
1668
1669 static bool
1670 match_address(struct TCP_Server_Info *server, struct sockaddr *addr,
1671               struct sockaddr *srcaddr)
1672 {
1673         switch (addr->sa_family) {
1674         case AF_INET: {
1675                 struct sockaddr_in *addr4 = (struct sockaddr_in *)addr;
1676                 struct sockaddr_in *srv_addr4 =
1677                                         (struct sockaddr_in *)&server->dstaddr;
1678
1679                 if (addr4->sin_addr.s_addr != srv_addr4->sin_addr.s_addr)
1680                         return false;
1681                 break;
1682         }
1683         case AF_INET6: {
1684                 struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)addr;
1685                 struct sockaddr_in6 *srv_addr6 =
1686                                         (struct sockaddr_in6 *)&server->dstaddr;
1687
1688                 if (!ipv6_addr_equal(&addr6->sin6_addr,
1689                                      &srv_addr6->sin6_addr))
1690                         return false;
1691                 if (addr6->sin6_scope_id != srv_addr6->sin6_scope_id)
1692                         return false;
1693                 break;
1694         }
1695         default:
1696                 WARN_ON(1);
1697                 return false; /* don't expect to be here */
1698         }
1699
1700         if (!srcip_matches(srcaddr, (struct sockaddr *)&server->srcaddr))
1701                 return false;
1702
1703         return true;
1704 }
1705
1706 static bool
1707 match_security(struct TCP_Server_Info *server, struct smb_vol *vol)
1708 {
1709         unsigned int secFlags;
1710
1711         if (vol->secFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
1712                 secFlags = vol->secFlg;
1713         else
1714                 secFlags = global_secflags | vol->secFlg;
1715
1716         switch (server->secType) {
1717         case LANMAN:
1718                 if (!(secFlags & (CIFSSEC_MAY_LANMAN|CIFSSEC_MAY_PLNTXT)))
1719                         return false;
1720                 break;
1721         case NTLMv2:
1722                 if (!(secFlags & CIFSSEC_MAY_NTLMV2))
1723                         return false;
1724                 break;
1725         case NTLM:
1726                 if (!(secFlags & CIFSSEC_MAY_NTLM))
1727                         return false;
1728                 break;
1729         case Kerberos:
1730                 if (!(secFlags & CIFSSEC_MAY_KRB5))
1731                         return false;
1732                 break;
1733         case RawNTLMSSP:
1734                 if (!(secFlags & CIFSSEC_MAY_NTLMSSP))
1735                         return false;
1736                 break;
1737         default:
1738                 /* shouldn't happen */
1739                 return false;
1740         }
1741
1742         /* now check if signing mode is acceptable */
1743         if ((secFlags & CIFSSEC_MAY_SIGN) == 0 &&
1744             (server->sec_mode & SECMODE_SIGN_REQUIRED))
1745                         return false;
1746         else if (((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) &&
1747                  (server->sec_mode &
1748                   (SECMODE_SIGN_ENABLED|SECMODE_SIGN_REQUIRED)) == 0)
1749                         return false;
1750
1751         return true;
1752 }
1753
1754 static int match_server(struct TCP_Server_Info *server, struct sockaddr *addr,
1755                          struct smb_vol *vol)
1756 {
1757         if (!net_eq(cifs_net_ns(server), current->nsproxy->net_ns))
1758                 return 0;
1759
1760         if (!match_address(server, addr,
1761                            (struct sockaddr *)&vol->srcaddr))
1762                 return 0;
1763
1764         if (!match_port(server, addr))
1765                 return 0;
1766
1767         if (!match_security(server, vol))
1768                 return 0;
1769
1770         return 1;
1771 }
1772
1773 static struct TCP_Server_Info *
1774 cifs_find_tcp_session(struct sockaddr *addr, struct smb_vol *vol)
1775 {
1776         struct TCP_Server_Info *server;
1777
1778         spin_lock(&cifs_tcp_ses_lock);
1779         list_for_each_entry(server, &cifs_tcp_ses_list, tcp_ses_list) {
1780                 if (!match_server(server, addr, vol))
1781                         continue;
1782
1783                 ++server->srv_count;
1784                 spin_unlock(&cifs_tcp_ses_lock);
1785                 cFYI(1, "Existing tcp session with server found");
1786                 return server;
1787         }
1788         spin_unlock(&cifs_tcp_ses_lock);
1789         return NULL;
1790 }
1791
1792 static void
1793 cifs_put_tcp_session(struct TCP_Server_Info *server)
1794 {
1795         struct task_struct *task;
1796
1797         spin_lock(&cifs_tcp_ses_lock);
1798         if (--server->srv_count > 0) {
1799                 spin_unlock(&cifs_tcp_ses_lock);
1800                 return;
1801         }
1802
1803         put_net(cifs_net_ns(server));
1804
1805         list_del_init(&server->tcp_ses_list);
1806         spin_unlock(&cifs_tcp_ses_lock);
1807
1808         cancel_delayed_work_sync(&server->echo);
1809
1810         spin_lock(&GlobalMid_Lock);
1811         server->tcpStatus = CifsExiting;
1812         spin_unlock(&GlobalMid_Lock);
1813
1814         cifs_crypto_shash_release(server);
1815         cifs_fscache_release_client_cookie(server);
1816
1817         kfree(server->session_key.response);
1818         server->session_key.response = NULL;
1819         server->session_key.len = 0;
1820
1821         task = xchg(&server->tsk, NULL);
1822         if (task)
1823                 force_sig(SIGKILL, task);
1824 }
1825
1826 static struct TCP_Server_Info *
1827 cifs_get_tcp_session(struct smb_vol *volume_info)
1828 {
1829         struct TCP_Server_Info *tcp_ses = NULL;
1830         struct sockaddr_storage addr;
1831         struct sockaddr_in *sin_server = (struct sockaddr_in *) &addr;
1832         struct sockaddr_in6 *sin_server6 = (struct sockaddr_in6 *) &addr;
1833         int rc;
1834
1835         memset(&addr, 0, sizeof(struct sockaddr_storage));
1836
1837         cFYI(1, "UNC: %s ip: %s", volume_info->UNC, volume_info->UNCip);
1838
1839         if (volume_info->UNCip && volume_info->UNC) {
1840                 rc = cifs_fill_sockaddr((struct sockaddr *)&addr,
1841                                         volume_info->UNCip,
1842                                         strlen(volume_info->UNCip),
1843                                         volume_info->port);
1844                 if (!rc) {
1845                         /* we failed translating address */
1846                         rc = -EINVAL;
1847                         goto out_err;
1848                 }
1849         } else if (volume_info->UNCip) {
1850                 /* BB using ip addr as tcp_ses name to connect to the
1851                    DFS root below */
1852                 cERROR(1, "Connecting to DFS root not implemented yet");
1853                 rc = -EINVAL;
1854                 goto out_err;
1855         } else /* which tcp_sess DFS root would we conect to */ {
1856                 cERROR(1, "CIFS mount error: No UNC path (e.g. -o "
1857                         "unc=//192.168.1.100/public) specified");
1858                 rc = -EINVAL;
1859                 goto out_err;
1860         }
1861
1862         /* see if we already have a matching tcp_ses */
1863         tcp_ses = cifs_find_tcp_session((struct sockaddr *)&addr, volume_info);
1864         if (tcp_ses)
1865                 return tcp_ses;
1866
1867         tcp_ses = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL);
1868         if (!tcp_ses) {
1869                 rc = -ENOMEM;
1870                 goto out_err;
1871         }
1872
1873         rc = cifs_crypto_shash_allocate(tcp_ses);
1874         if (rc) {
1875                 cERROR(1, "could not setup hash structures rc %d", rc);
1876                 goto out_err;
1877         }
1878
1879         cifs_set_net_ns(tcp_ses, get_net(current->nsproxy->net_ns));
1880         tcp_ses->hostname = extract_hostname(volume_info->UNC);
1881         if (IS_ERR(tcp_ses->hostname)) {
1882                 rc = PTR_ERR(tcp_ses->hostname);
1883                 goto out_err_crypto_release;
1884         }
1885
1886         tcp_ses->noblocksnd = volume_info->noblocksnd;
1887         tcp_ses->noautotune = volume_info->noautotune;
1888         tcp_ses->tcp_nodelay = volume_info->sockopt_tcp_nodelay;
1889         atomic_set(&tcp_ses->inFlight, 0);
1890         tcp_ses->maxReq = 1; /* enough to send negotiate request */
1891         init_waitqueue_head(&tcp_ses->response_q);
1892         init_waitqueue_head(&tcp_ses->request_q);
1893         INIT_LIST_HEAD(&tcp_ses->pending_mid_q);
1894         mutex_init(&tcp_ses->srv_mutex);
1895         memcpy(tcp_ses->workstation_RFC1001_name,
1896                 volume_info->source_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1897         memcpy(tcp_ses->server_RFC1001_name,
1898                 volume_info->target_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1899         tcp_ses->session_estab = false;
1900         tcp_ses->sequence_number = 0;
1901         tcp_ses->lstrp = jiffies;
1902         INIT_LIST_HEAD(&tcp_ses->tcp_ses_list);
1903         INIT_LIST_HEAD(&tcp_ses->smb_ses_list);
1904         INIT_DELAYED_WORK(&tcp_ses->echo, cifs_echo_request);
1905
1906         /*
1907          * at this point we are the only ones with the pointer
1908          * to the struct since the kernel thread not created yet
1909          * no need to spinlock this init of tcpStatus or srv_count
1910          */
1911         tcp_ses->tcpStatus = CifsNew;
1912         memcpy(&tcp_ses->srcaddr, &volume_info->srcaddr,
1913                sizeof(tcp_ses->srcaddr));
1914         ++tcp_ses->srv_count;
1915
1916         if (addr.ss_family == AF_INET6) {
1917                 cFYI(1, "attempting ipv6 connect");
1918                 /* BB should we allow ipv6 on port 139? */
1919                 /* other OS never observed in Wild doing 139 with v6 */
1920                 memcpy(&tcp_ses->dstaddr, sin_server6,
1921                        sizeof(struct sockaddr_in6));
1922         } else
1923                 memcpy(&tcp_ses->dstaddr, sin_server,
1924                        sizeof(struct sockaddr_in));
1925
1926         rc = ip_connect(tcp_ses);
1927         if (rc < 0) {
1928                 cERROR(1, "Error connecting to socket. Aborting operation");
1929                 goto out_err_crypto_release;
1930         }
1931
1932         /*
1933          * since we're in a cifs function already, we know that
1934          * this will succeed. No need for try_module_get().
1935          */
1936         __module_get(THIS_MODULE);
1937         tcp_ses->tsk = kthread_run(cifs_demultiplex_thread,
1938                                   tcp_ses, "cifsd");
1939         if (IS_ERR(tcp_ses->tsk)) {
1940                 rc = PTR_ERR(tcp_ses->tsk);
1941                 cERROR(1, "error %d create cifsd thread", rc);
1942                 module_put(THIS_MODULE);
1943                 goto out_err_crypto_release;
1944         }
1945         tcp_ses->tcpStatus = CifsNeedNegotiate;
1946
1947         /* thread spawned, put it on the list */
1948         spin_lock(&cifs_tcp_ses_lock);
1949         list_add(&tcp_ses->tcp_ses_list, &cifs_tcp_ses_list);
1950         spin_unlock(&cifs_tcp_ses_lock);
1951
1952         cifs_fscache_get_client_cookie(tcp_ses);
1953
1954         /* queue echo request delayed work */
1955         queue_delayed_work(system_nrt_wq, &tcp_ses->echo, SMB_ECHO_INTERVAL);
1956
1957         return tcp_ses;
1958
1959 out_err_crypto_release:
1960         cifs_crypto_shash_release(tcp_ses);
1961
1962         put_net(cifs_net_ns(tcp_ses));
1963
1964 out_err:
1965         if (tcp_ses) {
1966                 if (!IS_ERR(tcp_ses->hostname))
1967                         kfree(tcp_ses->hostname);
1968                 if (tcp_ses->ssocket)
1969                         sock_release(tcp_ses->ssocket);
1970                 kfree(tcp_ses);
1971         }
1972         return ERR_PTR(rc);
1973 }
1974
1975 static int match_session(struct cifs_ses *ses, struct smb_vol *vol)
1976 {
1977         switch (ses->server->secType) {
1978         case Kerberos:
1979                 if (vol->cred_uid != ses->cred_uid)
1980                         return 0;
1981                 break;
1982         default:
1983                 /* anything else takes username/password */
1984                 if (ses->user_name == NULL)
1985                         return 0;
1986                 if (strncmp(ses->user_name, vol->username,
1987                             MAX_USERNAME_SIZE))
1988                         return 0;
1989                 if (strlen(vol->username) != 0 &&
1990                     ses->password != NULL &&
1991                     strncmp(ses->password,
1992                             vol->password ? vol->password : "",
1993                             MAX_PASSWORD_SIZE))
1994                         return 0;
1995         }
1996         return 1;
1997 }
1998
1999 static struct cifs_ses *
2000 cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb_vol *vol)
2001 {
2002         struct cifs_ses *ses;
2003
2004         spin_lock(&cifs_tcp_ses_lock);
2005         list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
2006                 if (!match_session(ses, vol))
2007                         continue;
2008                 ++ses->ses_count;
2009                 spin_unlock(&cifs_tcp_ses_lock);
2010                 return ses;
2011         }
2012         spin_unlock(&cifs_tcp_ses_lock);
2013         return NULL;
2014 }
2015
2016 static void
2017 cifs_put_smb_ses(struct cifs_ses *ses)
2018 {
2019         int xid;
2020         struct TCP_Server_Info *server = ses->server;
2021
2022         cFYI(1, "%s: ses_count=%d\n", __func__, ses->ses_count);
2023         spin_lock(&cifs_tcp_ses_lock);
2024         if (--ses->ses_count > 0) {
2025                 spin_unlock(&cifs_tcp_ses_lock);
2026                 return;
2027         }
2028
2029         list_del_init(&ses->smb_ses_list);
2030         spin_unlock(&cifs_tcp_ses_lock);
2031
2032         if (ses->status == CifsGood) {
2033                 xid = GetXid();
2034                 CIFSSMBLogoff(xid, ses);
2035                 _FreeXid(xid);
2036         }
2037         sesInfoFree(ses);
2038         cifs_put_tcp_session(server);
2039 }
2040
2041 static bool warned_on_ntlm;  /* globals init to false automatically */
2042
2043 static struct cifs_ses *
2044 cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info)
2045 {
2046         int rc = -ENOMEM, xid;
2047         struct cifs_ses *ses;
2048         struct sockaddr_in *addr = (struct sockaddr_in *)&server->dstaddr;
2049         struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)&server->dstaddr;
2050
2051         xid = GetXid();
2052
2053         ses = cifs_find_smb_ses(server, volume_info);
2054         if (ses) {
2055                 cFYI(1, "Existing smb sess found (status=%d)", ses->status);
2056
2057                 mutex_lock(&ses->session_mutex);
2058                 rc = cifs_negotiate_protocol(xid, ses);
2059                 if (rc) {
2060                         mutex_unlock(&ses->session_mutex);
2061                         /* problem -- put our ses reference */
2062                         cifs_put_smb_ses(ses);
2063                         FreeXid(xid);
2064                         return ERR_PTR(rc);
2065                 }
2066                 if (ses->need_reconnect) {
2067                         cFYI(1, "Session needs reconnect");
2068                         rc = cifs_setup_session(xid, ses,
2069                                                 volume_info->local_nls);
2070                         if (rc) {
2071                                 mutex_unlock(&ses->session_mutex);
2072                                 /* problem -- put our reference */
2073                                 cifs_put_smb_ses(ses);
2074                                 FreeXid(xid);
2075                                 return ERR_PTR(rc);
2076                         }
2077                 }
2078                 mutex_unlock(&ses->session_mutex);
2079
2080                 /* existing SMB ses has a server reference already */
2081                 cifs_put_tcp_session(server);
2082                 FreeXid(xid);
2083                 return ses;
2084         }
2085
2086         cFYI(1, "Existing smb sess not found");
2087         ses = sesInfoAlloc();
2088         if (ses == NULL)
2089                 goto get_ses_fail;
2090
2091         /* new SMB session uses our server ref */
2092         ses->server = server;
2093         if (server->dstaddr.ss_family == AF_INET6)
2094                 sprintf(ses->serverName, "%pI6", &addr6->sin6_addr);
2095         else
2096                 sprintf(ses->serverName, "%pI4", &addr->sin_addr);
2097
2098         if (volume_info->username) {
2099                 ses->user_name = kstrdup(volume_info->username, GFP_KERNEL);
2100                 if (!ses->user_name)
2101                         goto get_ses_fail;
2102         }
2103
2104         /* volume_info->password freed at unmount */
2105         if (volume_info->password) {
2106                 ses->password = kstrdup(volume_info->password, GFP_KERNEL);
2107                 if (!ses->password)
2108                         goto get_ses_fail;
2109         }
2110         if (volume_info->domainname) {
2111                 ses->domainName = kstrdup(volume_info->domainname, GFP_KERNEL);
2112                 if (!ses->domainName)
2113                         goto get_ses_fail;
2114         }
2115         ses->cred_uid = volume_info->cred_uid;
2116         ses->linux_uid = volume_info->linux_uid;
2117
2118         /* ntlmv2 is much stronger than ntlm security, and has been broadly
2119         supported for many years, time to update default security mechanism */
2120         if ((volume_info->secFlg == 0) && warned_on_ntlm == false) {
2121                 warned_on_ntlm = true;
2122                 cERROR(1, "default security mechanism requested.  The default "
2123                         "security mechanism will be upgraded from ntlm to "
2124                         "ntlmv2 in kernel release 3.3");
2125         }
2126         ses->overrideSecFlg = volume_info->secFlg;
2127
2128         mutex_lock(&ses->session_mutex);
2129         rc = cifs_negotiate_protocol(xid, ses);
2130         if (!rc)
2131                 rc = cifs_setup_session(xid, ses, volume_info->local_nls);
2132         mutex_unlock(&ses->session_mutex);
2133         if (rc)
2134                 goto get_ses_fail;
2135
2136         /* success, put it on the list */
2137         spin_lock(&cifs_tcp_ses_lock);
2138         list_add(&ses->smb_ses_list, &server->smb_ses_list);
2139         spin_unlock(&cifs_tcp_ses_lock);
2140
2141         FreeXid(xid);
2142         return ses;
2143
2144 get_ses_fail:
2145         sesInfoFree(ses);
2146         FreeXid(xid);
2147         return ERR_PTR(rc);
2148 }
2149
2150 static int match_tcon(struct cifs_tcon *tcon, const char *unc)
2151 {
2152         if (tcon->tidStatus == CifsExiting)
2153                 return 0;
2154         if (strncmp(tcon->treeName, unc, MAX_TREE_SIZE))
2155                 return 0;
2156         return 1;
2157 }
2158
2159 static struct cifs_tcon *
2160 cifs_find_tcon(struct cifs_ses *ses, const char *unc)
2161 {
2162         struct list_head *tmp;
2163         struct cifs_tcon *tcon;
2164
2165         spin_lock(&cifs_tcp_ses_lock);
2166         list_for_each(tmp, &ses->tcon_list) {
2167                 tcon = list_entry(tmp, struct cifs_tcon, tcon_list);
2168                 if (!match_tcon(tcon, unc))
2169                         continue;
2170                 ++tcon->tc_count;
2171                 spin_unlock(&cifs_tcp_ses_lock);
2172                 return tcon;
2173         }
2174         spin_unlock(&cifs_tcp_ses_lock);
2175         return NULL;
2176 }
2177
2178 static void
2179 cifs_put_tcon(struct cifs_tcon *tcon)
2180 {
2181         int xid;
2182         struct cifs_ses *ses = tcon->ses;
2183
2184         cFYI(1, "%s: tc_count=%d\n", __func__, tcon->tc_count);
2185         spin_lock(&cifs_tcp_ses_lock);
2186         if (--tcon->tc_count > 0) {
2187                 spin_unlock(&cifs_tcp_ses_lock);
2188                 return;
2189         }
2190
2191         list_del_init(&tcon->tcon_list);
2192         spin_unlock(&cifs_tcp_ses_lock);
2193
2194         xid = GetXid();
2195         CIFSSMBTDis(xid, tcon);
2196         _FreeXid(xid);
2197
2198         cifs_fscache_release_super_cookie(tcon);
2199         tconInfoFree(tcon);
2200         cifs_put_smb_ses(ses);
2201 }
2202
2203 static struct cifs_tcon *
2204 cifs_get_tcon(struct cifs_ses *ses, struct smb_vol *volume_info)
2205 {
2206         int rc, xid;
2207         struct cifs_tcon *tcon;
2208
2209         tcon = cifs_find_tcon(ses, volume_info->UNC);
2210         if (tcon) {
2211                 cFYI(1, "Found match on UNC path");
2212                 /* existing tcon already has a reference */
2213                 cifs_put_smb_ses(ses);
2214                 if (tcon->seal != volume_info->seal)
2215                         cERROR(1, "transport encryption setting "
2216                                    "conflicts with existing tid");
2217                 return tcon;
2218         }
2219
2220         tcon = tconInfoAlloc();
2221         if (tcon == NULL) {
2222                 rc = -ENOMEM;
2223                 goto out_fail;
2224         }
2225
2226         tcon->ses = ses;
2227         if (volume_info->password) {
2228                 tcon->password = kstrdup(volume_info->password, GFP_KERNEL);
2229                 if (!tcon->password) {
2230                         rc = -ENOMEM;
2231                         goto out_fail;
2232                 }
2233         }
2234
2235         if (strchr(volume_info->UNC + 3, '\\') == NULL
2236             && strchr(volume_info->UNC + 3, '/') == NULL) {
2237                 cERROR(1, "Missing share name");
2238                 rc = -ENODEV;
2239                 goto out_fail;
2240         }
2241
2242         /* BB Do we need to wrap session_mutex around
2243          * this TCon call and Unix SetFS as
2244          * we do on SessSetup and reconnect? */
2245         xid = GetXid();
2246         rc = CIFSTCon(xid, ses, volume_info->UNC, tcon, volume_info->local_nls);
2247         FreeXid(xid);
2248         cFYI(1, "CIFS Tcon rc = %d", rc);
2249         if (rc)
2250                 goto out_fail;
2251
2252         if (volume_info->nodfs) {
2253                 tcon->Flags &= ~SMB_SHARE_IS_IN_DFS;
2254                 cFYI(1, "DFS disabled (%d)", tcon->Flags);
2255         }
2256         tcon->seal = volume_info->seal;
2257         /* we can have only one retry value for a connection
2258            to a share so for resources mounted more than once
2259            to the same server share the last value passed in
2260            for the retry flag is used */
2261         tcon->retry = volume_info->retry;
2262         tcon->nocase = volume_info->nocase;
2263         tcon->local_lease = volume_info->local_lease;
2264
2265         spin_lock(&cifs_tcp_ses_lock);
2266         list_add(&tcon->tcon_list, &ses->tcon_list);
2267         spin_unlock(&cifs_tcp_ses_lock);
2268
2269         cifs_fscache_get_super_cookie(tcon);
2270
2271         return tcon;
2272
2273 out_fail:
2274         tconInfoFree(tcon);
2275         return ERR_PTR(rc);
2276 }
2277
2278 void
2279 cifs_put_tlink(struct tcon_link *tlink)
2280 {
2281         if (!tlink || IS_ERR(tlink))
2282                 return;
2283
2284         if (!atomic_dec_and_test(&tlink->tl_count) ||
2285             test_bit(TCON_LINK_IN_TREE, &tlink->tl_flags)) {
2286                 tlink->tl_time = jiffies;
2287                 return;
2288         }
2289
2290         if (!IS_ERR(tlink_tcon(tlink)))
2291                 cifs_put_tcon(tlink_tcon(tlink));
2292         kfree(tlink);
2293         return;
2294 }
2295
2296 static inline struct tcon_link *
2297 cifs_sb_master_tlink(struct cifs_sb_info *cifs_sb)
2298 {
2299         return cifs_sb->master_tlink;
2300 }
2301
2302 static int
2303 compare_mount_options(struct super_block *sb, struct cifs_mnt_data *mnt_data)
2304 {
2305         struct cifs_sb_info *old = CIFS_SB(sb);
2306         struct cifs_sb_info *new = mnt_data->cifs_sb;
2307
2308         if ((sb->s_flags & CIFS_MS_MASK) != (mnt_data->flags & CIFS_MS_MASK))
2309                 return 0;
2310
2311         if ((old->mnt_cifs_flags & CIFS_MOUNT_MASK) !=
2312             (new->mnt_cifs_flags & CIFS_MOUNT_MASK))
2313                 return 0;
2314
2315         /*
2316          * We want to share sb only if we don't specify an r/wsize or
2317          * specified r/wsize is greater than or equal to existing one.
2318          */
2319         if (new->wsize && new->wsize < old->wsize)
2320                 return 0;
2321
2322         if (new->rsize && new->rsize < old->rsize)
2323                 return 0;
2324
2325         if (old->mnt_uid != new->mnt_uid || old->mnt_gid != new->mnt_gid)
2326                 return 0;
2327
2328         if (old->mnt_file_mode != new->mnt_file_mode ||
2329             old->mnt_dir_mode != new->mnt_dir_mode)
2330                 return 0;
2331
2332         if (strcmp(old->local_nls->charset, new->local_nls->charset))
2333                 return 0;
2334
2335         if (old->actimeo != new->actimeo)
2336                 return 0;
2337
2338         return 1;
2339 }
2340
2341 int
2342 cifs_match_super(struct super_block *sb, void *data)
2343 {
2344         struct cifs_mnt_data *mnt_data = (struct cifs_mnt_data *)data;
2345         struct smb_vol *volume_info;
2346         struct cifs_sb_info *cifs_sb;
2347         struct TCP_Server_Info *tcp_srv;
2348         struct cifs_ses *ses;
2349         struct cifs_tcon *tcon;
2350         struct tcon_link *tlink;
2351         struct sockaddr_storage addr;
2352         int rc = 0;
2353
2354         memset(&addr, 0, sizeof(struct sockaddr_storage));
2355
2356         spin_lock(&cifs_tcp_ses_lock);
2357         cifs_sb = CIFS_SB(sb);
2358         tlink = cifs_get_tlink(cifs_sb_master_tlink(cifs_sb));
2359         if (IS_ERR(tlink)) {
2360                 spin_unlock(&cifs_tcp_ses_lock);
2361                 return rc;
2362         }
2363         tcon = tlink_tcon(tlink);
2364         ses = tcon->ses;
2365         tcp_srv = ses->server;
2366
2367         volume_info = mnt_data->vol;
2368
2369         if (!volume_info->UNCip || !volume_info->UNC)
2370                 goto out;
2371
2372         rc = cifs_fill_sockaddr((struct sockaddr *)&addr,
2373                                 volume_info->UNCip,
2374                                 strlen(volume_info->UNCip),
2375                                 volume_info->port);
2376         if (!rc)
2377                 goto out;
2378
2379         if (!match_server(tcp_srv, (struct sockaddr *)&addr, volume_info) ||
2380             !match_session(ses, volume_info) ||
2381             !match_tcon(tcon, volume_info->UNC)) {
2382                 rc = 0;
2383                 goto out;
2384         }
2385
2386         rc = compare_mount_options(sb, mnt_data);
2387 out:
2388         spin_unlock(&cifs_tcp_ses_lock);
2389         cifs_put_tlink(tlink);
2390         return rc;
2391 }
2392
2393 int
2394 get_dfs_path(int xid, struct cifs_ses *pSesInfo, const char *old_path,
2395              const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
2396              struct dfs_info3_param **preferrals, int remap)
2397 {
2398         char *temp_unc;
2399         int rc = 0;
2400
2401         *pnum_referrals = 0;
2402         *preferrals = NULL;
2403
2404         if (pSesInfo->ipc_tid == 0) {
2405                 temp_unc = kmalloc(2 /* for slashes */ +
2406                         strnlen(pSesInfo->serverName,
2407                                 SERVER_NAME_LEN_WITH_NULL * 2)
2408                                  + 1 + 4 /* slash IPC$ */  + 2,
2409                                 GFP_KERNEL);
2410                 if (temp_unc == NULL)
2411                         return -ENOMEM;
2412                 temp_unc[0] = '\\';
2413                 temp_unc[1] = '\\';
2414                 strcpy(temp_unc + 2, pSesInfo->serverName);
2415                 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
2416                 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
2417                 cFYI(1, "CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid);
2418                 kfree(temp_unc);
2419         }
2420         if (rc == 0)
2421                 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
2422                                      pnum_referrals, nls_codepage, remap);
2423         /* BB map targetUNCs to dfs_info3 structures, here or
2424                 in CIFSGetDFSRefer BB */
2425
2426         return rc;
2427 }
2428
2429 #ifdef CONFIG_DEBUG_LOCK_ALLOC
2430 static struct lock_class_key cifs_key[2];
2431 static struct lock_class_key cifs_slock_key[2];
2432
2433 static inline void
2434 cifs_reclassify_socket4(struct socket *sock)
2435 {
2436         struct sock *sk = sock->sk;
2437         BUG_ON(sock_owned_by_user(sk));
2438         sock_lock_init_class_and_name(sk, "slock-AF_INET-CIFS",
2439                 &cifs_slock_key[0], "sk_lock-AF_INET-CIFS", &cifs_key[0]);
2440 }
2441
2442 static inline void
2443 cifs_reclassify_socket6(struct socket *sock)
2444 {
2445         struct sock *sk = sock->sk;
2446         BUG_ON(sock_owned_by_user(sk));
2447         sock_lock_init_class_and_name(sk, "slock-AF_INET6-CIFS",
2448                 &cifs_slock_key[1], "sk_lock-AF_INET6-CIFS", &cifs_key[1]);
2449 }
2450 #else
2451 static inline void
2452 cifs_reclassify_socket4(struct socket *sock)
2453 {
2454 }
2455
2456 static inline void
2457 cifs_reclassify_socket6(struct socket *sock)
2458 {
2459 }
2460 #endif
2461
2462 /* See RFC1001 section 14 on representation of Netbios names */
2463 static void rfc1002mangle(char *target, char *source, unsigned int length)
2464 {
2465         unsigned int i, j;
2466
2467         for (i = 0, j = 0; i < (length); i++) {
2468                 /* mask a nibble at a time and encode */
2469                 target[j] = 'A' + (0x0F & (source[i] >> 4));
2470                 target[j+1] = 'A' + (0x0F & source[i]);
2471                 j += 2;
2472         }
2473
2474 }
2475
2476 static int
2477 bind_socket(struct TCP_Server_Info *server)
2478 {
2479         int rc = 0;
2480         if (server->srcaddr.ss_family != AF_UNSPEC) {
2481                 /* Bind to the specified local IP address */
2482                 struct socket *socket = server->ssocket;
2483                 rc = socket->ops->bind(socket,
2484                                        (struct sockaddr *) &server->srcaddr,
2485                                        sizeof(server->srcaddr));
2486                 if (rc < 0) {
2487                         struct sockaddr_in *saddr4;
2488                         struct sockaddr_in6 *saddr6;
2489                         saddr4 = (struct sockaddr_in *)&server->srcaddr;
2490                         saddr6 = (struct sockaddr_in6 *)&server->srcaddr;
2491                         if (saddr6->sin6_family == AF_INET6)
2492                                 cERROR(1, "cifs: "
2493                                        "Failed to bind to: %pI6c, error: %d\n",
2494                                        &saddr6->sin6_addr, rc);
2495                         else
2496                                 cERROR(1, "cifs: "
2497                                        "Failed to bind to: %pI4, error: %d\n",
2498                                        &saddr4->sin_addr.s_addr, rc);
2499                 }
2500         }
2501         return rc;
2502 }
2503
2504 static int
2505 ip_rfc1001_connect(struct TCP_Server_Info *server)
2506 {
2507         int rc = 0;
2508         /*
2509          * some servers require RFC1001 sessinit before sending
2510          * negprot - BB check reconnection in case where second
2511          * sessinit is sent but no second negprot
2512          */
2513         struct rfc1002_session_packet *ses_init_buf;
2514         struct smb_hdr *smb_buf;
2515         ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
2516                                GFP_KERNEL);
2517         if (ses_init_buf) {
2518                 ses_init_buf->trailer.session_req.called_len = 32;
2519
2520                 if (server->server_RFC1001_name &&
2521                     server->server_RFC1001_name[0] != 0)
2522                         rfc1002mangle(ses_init_buf->trailer.
2523                                       session_req.called_name,
2524                                       server->server_RFC1001_name,
2525                                       RFC1001_NAME_LEN_WITH_NULL);
2526                 else
2527                         rfc1002mangle(ses_init_buf->trailer.
2528                                       session_req.called_name,
2529                                       DEFAULT_CIFS_CALLED_NAME,
2530                                       RFC1001_NAME_LEN_WITH_NULL);
2531
2532                 ses_init_buf->trailer.session_req.calling_len = 32;
2533
2534                 /*
2535                  * calling name ends in null (byte 16) from old smb
2536                  * convention.
2537                  */
2538                 if (server->workstation_RFC1001_name &&
2539                     server->workstation_RFC1001_name[0] != 0)
2540                         rfc1002mangle(ses_init_buf->trailer.
2541                                       session_req.calling_name,
2542                                       server->workstation_RFC1001_name,
2543                                       RFC1001_NAME_LEN_WITH_NULL);
2544                 else
2545                         rfc1002mangle(ses_init_buf->trailer.
2546                                       session_req.calling_name,
2547                                       "LINUX_CIFS_CLNT",
2548                                       RFC1001_NAME_LEN_WITH_NULL);
2549
2550                 ses_init_buf->trailer.session_req.scope1 = 0;
2551                 ses_init_buf->trailer.session_req.scope2 = 0;
2552                 smb_buf = (struct smb_hdr *)ses_init_buf;
2553
2554                 /* sizeof RFC1002_SESSION_REQUEST with no scope */
2555                 smb_buf->smb_buf_length = cpu_to_be32(0x81000044);
2556                 rc = smb_send(server, smb_buf, 0x44);
2557                 kfree(ses_init_buf);
2558                 /*
2559                  * RFC1001 layer in at least one server
2560                  * requires very short break before negprot
2561                  * presumably because not expecting negprot
2562                  * to follow so fast.  This is a simple
2563                  * solution that works without
2564                  * complicating the code and causes no
2565                  * significant slowing down on mount
2566                  * for everyone else
2567                  */
2568                 usleep_range(1000, 2000);
2569         }
2570         /*
2571          * else the negprot may still work without this
2572          * even though malloc failed
2573          */
2574
2575         return rc;
2576 }
2577
2578 static int
2579 generic_ip_connect(struct TCP_Server_Info *server)
2580 {
2581         int rc = 0;
2582         __be16 sport;
2583         int slen, sfamily;
2584         struct socket *socket = server->ssocket;
2585         struct sockaddr *saddr;
2586
2587         saddr = (struct sockaddr *) &server->dstaddr;
2588
2589         if (server->dstaddr.ss_family == AF_INET6) {
2590                 sport = ((struct sockaddr_in6 *) saddr)->sin6_port;
2591                 slen = sizeof(struct sockaddr_in6);
2592                 sfamily = AF_INET6;
2593         } else {
2594                 sport = ((struct sockaddr_in *) saddr)->sin_port;
2595                 slen = sizeof(struct sockaddr_in);
2596                 sfamily = AF_INET;
2597         }
2598
2599         if (socket == NULL) {
2600                 rc = __sock_create(cifs_net_ns(server), sfamily, SOCK_STREAM,
2601                                    IPPROTO_TCP, &socket, 1);
2602                 if (rc < 0) {
2603                         cERROR(1, "Error %d creating socket", rc);
2604                         server->ssocket = NULL;
2605                         return rc;
2606                 }
2607
2608                 /* BB other socket options to set KEEPALIVE, NODELAY? */
2609                 cFYI(1, "Socket created");
2610                 server->ssocket = socket;
2611                 socket->sk->sk_allocation = GFP_NOFS;
2612                 if (sfamily == AF_INET6)
2613                         cifs_reclassify_socket6(socket);
2614                 else
2615                         cifs_reclassify_socket4(socket);
2616         }
2617
2618         rc = bind_socket(server);
2619         if (rc < 0)
2620                 return rc;
2621
2622         /*
2623          * Eventually check for other socket options to change from
2624          * the default. sock_setsockopt not used because it expects
2625          * user space buffer
2626          */
2627         socket->sk->sk_rcvtimeo = 7 * HZ;
2628         socket->sk->sk_sndtimeo = 5 * HZ;
2629
2630         /* make the bufsizes depend on wsize/rsize and max requests */
2631         if (server->noautotune) {
2632                 if (socket->sk->sk_sndbuf < (200 * 1024))
2633                         socket->sk->sk_sndbuf = 200 * 1024;
2634                 if (socket->sk->sk_rcvbuf < (140 * 1024))
2635                         socket->sk->sk_rcvbuf = 140 * 1024;
2636         }
2637
2638         if (server->tcp_nodelay) {
2639                 int val = 1;
2640                 rc = kernel_setsockopt(socket, SOL_TCP, TCP_NODELAY,
2641                                 (char *)&val, sizeof(val));
2642                 if (rc)
2643                         cFYI(1, "set TCP_NODELAY socket option error %d", rc);
2644         }
2645
2646          cFYI(1, "sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
2647                  socket->sk->sk_sndbuf,
2648                  socket->sk->sk_rcvbuf, socket->sk->sk_rcvtimeo);
2649
2650         rc = socket->ops->connect(socket, saddr, slen, 0);
2651         if (rc < 0) {
2652                 cFYI(1, "Error %d connecting to server", rc);
2653                 sock_release(socket);
2654                 server->ssocket = NULL;
2655                 return rc;
2656         }
2657
2658         if (sport == htons(RFC1001_PORT))
2659                 rc = ip_rfc1001_connect(server);
2660
2661         return rc;
2662 }
2663
2664 static int
2665 ip_connect(struct TCP_Server_Info *server)
2666 {
2667         __be16 *sport;
2668         struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)&server->dstaddr;
2669         struct sockaddr_in *addr = (struct sockaddr_in *)&server->dstaddr;
2670
2671         if (server->dstaddr.ss_family == AF_INET6)
2672                 sport = &addr6->sin6_port;
2673         else
2674                 sport = &addr->sin_port;
2675
2676         if (*sport == 0) {
2677                 int rc;
2678
2679                 /* try with 445 port at first */
2680                 *sport = htons(CIFS_PORT);
2681
2682                 rc = generic_ip_connect(server);
2683                 if (rc >= 0)
2684                         return rc;
2685
2686                 /* if it failed, try with 139 port */
2687                 *sport = htons(RFC1001_PORT);
2688         }
2689
2690         return generic_ip_connect(server);
2691 }
2692
2693 void reset_cifs_unix_caps(int xid, struct cifs_tcon *tcon,
2694                           struct cifs_sb_info *cifs_sb, struct smb_vol *vol_info)
2695 {
2696         /* if we are reconnecting then should we check to see if
2697          * any requested capabilities changed locally e.g. via
2698          * remount but we can not do much about it here
2699          * if they have (even if we could detect it by the following)
2700          * Perhaps we could add a backpointer to array of sb from tcon
2701          * or if we change to make all sb to same share the same
2702          * sb as NFS - then we only have one backpointer to sb.
2703          * What if we wanted to mount the server share twice once with
2704          * and once without posixacls or posix paths? */
2705         __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2706
2707         if (vol_info && vol_info->no_linux_ext) {
2708                 tcon->fsUnixInfo.Capability = 0;
2709                 tcon->unix_ext = 0; /* Unix Extensions disabled */
2710                 cFYI(1, "Linux protocol extensions disabled");
2711                 return;
2712         } else if (vol_info)
2713                 tcon->unix_ext = 1; /* Unix Extensions supported */
2714
2715         if (tcon->unix_ext == 0) {
2716                 cFYI(1, "Unix extensions disabled so not set on reconnect");
2717                 return;
2718         }
2719
2720         if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
2721                 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2722                 cFYI(1, "unix caps which server supports %lld", cap);
2723                 /* check for reconnect case in which we do not
2724                    want to change the mount behavior if we can avoid it */
2725                 if (vol_info == NULL) {
2726                         /* turn off POSIX ACL and PATHNAMES if not set
2727                            originally at mount time */
2728                         if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
2729                                 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2730                         if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2731                                 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2732                                         cERROR(1, "POSIXPATH support change");
2733                                 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2734                         } else if ((cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2735                                 cERROR(1, "possible reconnect error");
2736                                 cERROR(1, "server disabled POSIX path support");
2737                         }
2738                 }
2739
2740                 if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)
2741                         cERROR(1, "per-share encryption not supported yet");
2742
2743                 cap &= CIFS_UNIX_CAP_MASK;
2744                 if (vol_info && vol_info->no_psx_acl)
2745                         cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2746                 else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
2747                         cFYI(1, "negotiated posix acl support");
2748                         if (cifs_sb)
2749                                 cifs_sb->mnt_cifs_flags |=
2750                                         CIFS_MOUNT_POSIXACL;
2751                 }
2752
2753                 if (vol_info && vol_info->posix_paths == 0)
2754                         cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2755                 else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
2756                         cFYI(1, "negotiate posix pathnames");
2757                         if (cifs_sb)
2758                                 cifs_sb->mnt_cifs_flags |=
2759                                         CIFS_MOUNT_POSIX_PATHS;
2760                 }
2761
2762                 cFYI(1, "Negotiate caps 0x%x", (int)cap);
2763 #ifdef CONFIG_CIFS_DEBUG2
2764                 if (cap & CIFS_UNIX_FCNTL_CAP)
2765                         cFYI(1, "FCNTL cap");
2766                 if (cap & CIFS_UNIX_EXTATTR_CAP)
2767                         cFYI(1, "EXTATTR cap");
2768                 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2769                         cFYI(1, "POSIX path cap");
2770                 if (cap & CIFS_UNIX_XATTR_CAP)
2771                         cFYI(1, "XATTR cap");
2772                 if (cap & CIFS_UNIX_POSIX_ACL_CAP)
2773                         cFYI(1, "POSIX ACL cap");
2774                 if (cap & CIFS_UNIX_LARGE_READ_CAP)
2775                         cFYI(1, "very large read cap");
2776                 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
2777                         cFYI(1, "very large write cap");
2778                 if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)
2779                         cFYI(1, "transport encryption cap");
2780                 if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)
2781                         cFYI(1, "mandatory transport encryption cap");
2782 #endif /* CIFS_DEBUG2 */
2783                 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
2784                         if (vol_info == NULL) {
2785                                 cFYI(1, "resetting capabilities failed");
2786                         } else
2787                                 cERROR(1, "Negotiating Unix capabilities "
2788                                            "with the server failed.  Consider "
2789                                            "mounting with the Unix Extensions\n"
2790                                            "disabled, if problems are found, "
2791                                            "by specifying the nounix mount "
2792                                            "option.");
2793
2794                 }
2795         }
2796 }
2797
2798 void cifs_setup_cifs_sb(struct smb_vol *pvolume_info,
2799                         struct cifs_sb_info *cifs_sb)
2800 {
2801         INIT_DELAYED_WORK(&cifs_sb->prune_tlinks, cifs_prune_tlinks);
2802
2803         spin_lock_init(&cifs_sb->tlink_tree_lock);
2804         cifs_sb->tlink_tree = RB_ROOT;
2805
2806         /*
2807          * Temporarily set r/wsize for matching superblock. If we end up using
2808          * new sb then client will later negotiate it downward if needed.
2809          */
2810         cifs_sb->rsize = pvolume_info->rsize;
2811         cifs_sb->wsize = pvolume_info->wsize;
2812
2813         cifs_sb->mnt_uid = pvolume_info->linux_uid;
2814         cifs_sb->mnt_gid = pvolume_info->linux_gid;
2815         if (pvolume_info->backupuid_specified)
2816                 cifs_sb->mnt_backupuid = pvolume_info->backupuid;
2817         if (pvolume_info->backupgid_specified)
2818                 cifs_sb->mnt_backupgid = pvolume_info->backupgid;
2819         cifs_sb->mnt_file_mode = pvolume_info->file_mode;
2820         cifs_sb->mnt_dir_mode = pvolume_info->dir_mode;
2821         cFYI(1, "file mode: 0x%x  dir mode: 0x%x",
2822                 cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode);
2823
2824         cifs_sb->actimeo = pvolume_info->actimeo;
2825         cifs_sb->local_nls = pvolume_info->local_nls;
2826
2827         if (pvolume_info->noperm)
2828                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
2829         if (pvolume_info->setuids)
2830                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
2831         if (pvolume_info->server_ino)
2832                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
2833         if (pvolume_info->remap)
2834                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
2835         if (pvolume_info->no_xattr)
2836                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
2837         if (pvolume_info->sfu_emul)
2838                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
2839         if (pvolume_info->nobrl)
2840                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
2841         if (pvolume_info->nostrictsync)
2842                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOSSYNC;
2843         if (pvolume_info->mand_lock)
2844                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOPOSIXBRL;
2845         if (pvolume_info->rwpidforward)
2846                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_RWPIDFORWARD;
2847         if (pvolume_info->cifs_acl)
2848                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
2849         if (pvolume_info->backupuid_specified)
2850                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_BACKUPUID;
2851         if (pvolume_info->backupgid_specified)
2852                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_BACKUPGID;
2853         if (pvolume_info->override_uid)
2854                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
2855         if (pvolume_info->override_gid)
2856                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
2857         if (pvolume_info->dynperm)
2858                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM;
2859         if (pvolume_info->fsc)
2860                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_FSCACHE;
2861         if (pvolume_info->multiuser)
2862                 cifs_sb->mnt_cifs_flags |= (CIFS_MOUNT_MULTIUSER |
2863                                             CIFS_MOUNT_NO_PERM);
2864         if (pvolume_info->strict_io)
2865                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_STRICT_IO;
2866         if (pvolume_info->direct_io) {
2867                 cFYI(1, "mounting share using direct i/o");
2868                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
2869         }
2870         if (pvolume_info->mfsymlinks) {
2871                 if (pvolume_info->sfu_emul) {
2872                         cERROR(1,  "mount option mfsymlinks ignored if sfu "
2873                                    "mount option is used");
2874                 } else {
2875                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MF_SYMLINKS;
2876                 }
2877         }
2878
2879         if ((pvolume_info->cifs_acl) && (pvolume_info->dynperm))
2880                 cERROR(1, "mount option dynperm ignored if cifsacl "
2881                            "mount option supported");
2882 }
2883
2884 /*
2885  * When the server supports very large reads and writes via POSIX extensions,
2886  * we can allow up to 2^24-1, minus the size of a READ/WRITE_AND_X header, not
2887  * including the RFC1001 length.
2888  *
2889  * Note that this might make for "interesting" allocation problems during
2890  * writeback however as we have to allocate an array of pointers for the
2891  * pages. A 16M write means ~32kb page array with PAGE_CACHE_SIZE == 4096.
2892  *
2893  * For reads, there is a similar problem as we need to allocate an array
2894  * of kvecs to handle the receive, though that should only need to be done
2895  * once.
2896  */
2897 #define CIFS_MAX_WSIZE ((1<<24) - 1 - sizeof(WRITE_REQ) + 4)
2898 #define CIFS_MAX_RSIZE ((1<<24) - sizeof(READ_RSP) + 4)
2899
2900 /*
2901  * When the server doesn't allow large posix writes, only allow a rsize/wsize
2902  * of 2^17-1 minus the size of the call header. That allows for a read or
2903  * write up to the maximum size described by RFC1002.
2904  */
2905 #define CIFS_MAX_RFC1002_WSIZE ((1<<17) - 1 - sizeof(WRITE_REQ) + 4)
2906 #define CIFS_MAX_RFC1002_RSIZE ((1<<17) - 1 - sizeof(READ_RSP) + 4)
2907
2908 /*
2909  * The default wsize is 1M. find_get_pages seems to return a maximum of 256
2910  * pages in a single call. With PAGE_CACHE_SIZE == 4k, this means we can fill
2911  * a single wsize request with a single call.
2912  */
2913 #define CIFS_DEFAULT_IOSIZE (1024 * 1024)
2914
2915 /*
2916  * Windows only supports a max of 60kb reads and 65535 byte writes. Default to
2917  * those values when posix extensions aren't in force. In actuality here, we
2918  * use 65536 to allow for a write that is a multiple of 4k. Most servers seem
2919  * to be ok with the extra byte even though Windows doesn't send writes that
2920  * are that large.
2921  *
2922  * Citation:
2923  *
2924  * http://blogs.msdn.com/b/openspecification/archive/2009/04/10/smb-maximum-transmit-buffer-size-and-performance-tuning.aspx
2925  */
2926 #define CIFS_DEFAULT_NON_POSIX_RSIZE (60 * 1024)
2927 #define CIFS_DEFAULT_NON_POSIX_WSIZE (65536)
2928
2929 /*
2930  * On hosts with high memory, we can't currently support wsize/rsize that are
2931  * larger than we can kmap at once. Cap the rsize/wsize at
2932  * LAST_PKMAP * PAGE_SIZE. We'll never be able to fill a read or write request
2933  * larger than that anyway.
2934  */
2935 #ifdef CONFIG_HIGHMEM
2936 #define CIFS_KMAP_SIZE_LIMIT    (LAST_PKMAP * PAGE_CACHE_SIZE)
2937 #else /* CONFIG_HIGHMEM */
2938 #define CIFS_KMAP_SIZE_LIMIT    (1<<24)
2939 #endif /* CONFIG_HIGHMEM */
2940
2941 static unsigned int
2942 cifs_negotiate_wsize(struct cifs_tcon *tcon, struct smb_vol *pvolume_info)
2943 {
2944         __u64 unix_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2945         struct TCP_Server_Info *server = tcon->ses->server;
2946         unsigned int wsize;
2947
2948         /* start with specified wsize, or default */
2949         if (pvolume_info->wsize)
2950                 wsize = pvolume_info->wsize;
2951         else if (tcon->unix_ext && (unix_cap & CIFS_UNIX_LARGE_WRITE_CAP))
2952                 wsize = CIFS_DEFAULT_IOSIZE;
2953         else
2954                 wsize = CIFS_DEFAULT_NON_POSIX_WSIZE;
2955
2956         /* can server support 24-bit write sizes? (via UNIX extensions) */
2957         if (!tcon->unix_ext || !(unix_cap & CIFS_UNIX_LARGE_WRITE_CAP))
2958                 wsize = min_t(unsigned int, wsize, CIFS_MAX_RFC1002_WSIZE);
2959
2960         /*
2961          * no CAP_LARGE_WRITE_X or is signing enabled without CAP_UNIX set?
2962          * Limit it to max buffer offered by the server, minus the size of the
2963          * WRITEX header, not including the 4 byte RFC1001 length.
2964          */
2965         if (!(server->capabilities & CAP_LARGE_WRITE_X) ||
2966             (!(server->capabilities & CAP_UNIX) &&
2967              (server->sec_mode & (SECMODE_SIGN_ENABLED|SECMODE_SIGN_REQUIRED))))
2968                 wsize = min_t(unsigned int, wsize,
2969                                 server->maxBuf - sizeof(WRITE_REQ) + 4);
2970
2971         /* limit to the amount that we can kmap at once */
2972         wsize = min_t(unsigned int, wsize, CIFS_KMAP_SIZE_LIMIT);
2973
2974         /* hard limit of CIFS_MAX_WSIZE */
2975         wsize = min_t(unsigned int, wsize, CIFS_MAX_WSIZE);
2976
2977         return wsize;
2978 }
2979
2980 static unsigned int
2981 cifs_negotiate_rsize(struct cifs_tcon *tcon, struct smb_vol *pvolume_info)
2982 {
2983         __u64 unix_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2984         struct TCP_Server_Info *server = tcon->ses->server;
2985         unsigned int rsize, defsize;
2986
2987         /*
2988          * Set default value...
2989          *
2990          * HACK alert! Ancient servers have very small buffers. Even though
2991          * MS-CIFS indicates that servers are only limited by the client's
2992          * bufsize for reads, testing against win98se shows that it throws
2993          * INVALID_PARAMETER errors if you try to request too large a read.
2994          * OS/2 just sends back short reads.
2995          *
2996          * If the server doesn't advertise CAP_LARGE_READ_X, then assume that
2997          * it can't handle a read request larger than its MaxBufferSize either.
2998          */
2999         if (tcon->unix_ext && (unix_cap & CIFS_UNIX_LARGE_READ_CAP))
3000                 defsize = CIFS_DEFAULT_IOSIZE;
3001         else if (server->capabilities & CAP_LARGE_READ_X)
3002                 defsize = CIFS_DEFAULT_NON_POSIX_RSIZE;
3003         else
3004                 defsize = server->maxBuf - sizeof(READ_RSP);
3005
3006         rsize = pvolume_info->rsize ? pvolume_info->rsize : defsize;
3007
3008         /*
3009          * no CAP_LARGE_READ_X? Then MS-CIFS states that we must limit this to
3010          * the client's MaxBufferSize.
3011          */
3012         if (!(server->capabilities & CAP_LARGE_READ_X))
3013                 rsize = min_t(unsigned int, CIFSMaxBufSize, rsize);
3014
3015         /* limit to the amount that we can kmap at once */
3016         rsize = min_t(unsigned int, rsize, CIFS_KMAP_SIZE_LIMIT);
3017
3018         /* hard limit of CIFS_MAX_RSIZE */
3019         rsize = min_t(unsigned int, rsize, CIFS_MAX_RSIZE);
3020
3021         return rsize;
3022 }
3023
3024 static int
3025 is_path_accessible(int xid, struct cifs_tcon *tcon,
3026                    struct cifs_sb_info *cifs_sb, const char *full_path)
3027 {
3028         int rc;
3029         FILE_ALL_INFO *pfile_info;
3030
3031         pfile_info = kmalloc(sizeof(FILE_ALL_INFO), GFP_KERNEL);
3032         if (pfile_info == NULL)
3033                 return -ENOMEM;
3034
3035         rc = CIFSSMBQPathInfo(xid, tcon, full_path, pfile_info,
3036                               0 /* not legacy */, cifs_sb->local_nls,
3037                               cifs_sb->mnt_cifs_flags &
3038                                 CIFS_MOUNT_MAP_SPECIAL_CHR);
3039
3040         if (rc == -EOPNOTSUPP || rc == -EINVAL)
3041                 rc = SMBQueryInformation(xid, tcon, full_path, pfile_info,
3042                                 cifs_sb->local_nls, cifs_sb->mnt_cifs_flags &
3043                                   CIFS_MOUNT_MAP_SPECIAL_CHR);
3044         kfree(pfile_info);
3045         return rc;
3046 }
3047
3048 static void
3049 cleanup_volume_info_contents(struct smb_vol *volume_info)
3050 {
3051         kfree(volume_info->username);
3052         kzfree(volume_info->password);
3053         if (volume_info->UNCip != volume_info->UNC + 2)
3054                 kfree(volume_info->UNCip);
3055         kfree(volume_info->UNC);
3056         kfree(volume_info->domainname);
3057         kfree(volume_info->iocharset);
3058         kfree(volume_info->prepath);
3059 }
3060
3061 void
3062 cifs_cleanup_volume_info(struct smb_vol *volume_info)
3063 {
3064         if (!volume_info)
3065                 return;
3066         cleanup_volume_info_contents(volume_info);
3067         kfree(volume_info);
3068 }
3069
3070
3071 #ifdef CONFIG_CIFS_DFS_UPCALL
3072 /* build_path_to_root returns full path to root when
3073  * we do not have an exiting connection (tcon) */
3074 static char *
3075 build_unc_path_to_root(const struct smb_vol *vol,
3076                 const struct cifs_sb_info *cifs_sb)
3077 {
3078         char *full_path, *pos;
3079         unsigned int pplen = vol->prepath ? strlen(vol->prepath) : 0;
3080         unsigned int unc_len = strnlen(vol->UNC, MAX_TREE_SIZE + 1);
3081
3082         full_path = kmalloc(unc_len + pplen + 1, GFP_KERNEL);
3083         if (full_path == NULL)
3084                 return ERR_PTR(-ENOMEM);
3085
3086         strncpy(full_path, vol->UNC, unc_len);
3087         pos = full_path + unc_len;
3088
3089         if (pplen) {
3090                 strncpy(pos, vol->prepath, pplen);
3091                 pos += pplen;
3092         }
3093
3094         *pos = '\0'; /* add trailing null */
3095         convert_delimiter(full_path, CIFS_DIR_SEP(cifs_sb));
3096         cFYI(1, "%s: full_path=%s", __func__, full_path);
3097         return full_path;
3098 }
3099
3100 /*
3101  * Perform a dfs referral query for a share and (optionally) prefix
3102  *
3103  * If a referral is found, cifs_sb->mountdata will be (re-)allocated
3104  * to a string containing updated options for the submount.  Otherwise it
3105  * will be left untouched.
3106  *
3107  * Returns the rc from get_dfs_path to the caller, which can be used to
3108  * determine whether there were referrals.
3109  */
3110 static int
3111 expand_dfs_referral(int xid, struct cifs_ses *pSesInfo,
3112                     struct smb_vol *volume_info, struct cifs_sb_info *cifs_sb,
3113                     int check_prefix)
3114 {
3115         int rc;
3116         unsigned int num_referrals = 0;
3117         struct dfs_info3_param *referrals = NULL;
3118         char *full_path = NULL, *ref_path = NULL, *mdata = NULL;
3119
3120         full_path = build_unc_path_to_root(volume_info, cifs_sb);
3121         if (IS_ERR(full_path))
3122                 return PTR_ERR(full_path);
3123
3124         /* For DFS paths, skip the first '\' of the UNC */
3125         ref_path = check_prefix ? full_path + 1 : volume_info->UNC + 1;
3126
3127         rc = get_dfs_path(xid, pSesInfo , ref_path, cifs_sb->local_nls,
3128                           &num_referrals, &referrals,
3129                           cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);
3130
3131         if (!rc && num_referrals > 0) {
3132                 char *fake_devname = NULL;
3133
3134                 mdata = cifs_compose_mount_options(cifs_sb->mountdata,
3135                                                    full_path + 1, referrals,
3136                                                    &fake_devname);
3137
3138                 free_dfs_info_array(referrals, num_referrals);
3139
3140                 if (IS_ERR(mdata)) {
3141                         rc = PTR_ERR(mdata);
3142                         mdata = NULL;
3143                 } else {
3144                         cleanup_volume_info_contents(volume_info);
3145                         memset(volume_info, '\0', sizeof(*volume_info));
3146                         rc = cifs_setup_volume_info(volume_info, mdata,
3147                                                         fake_devname);
3148                 }
3149                 kfree(fake_devname);
3150                 kfree(cifs_sb->mountdata);
3151                 cifs_sb->mountdata = mdata;
3152         }
3153         kfree(full_path);
3154         return rc;
3155 }
3156 #endif
3157
3158 static int
3159 cifs_setup_volume_info(struct smb_vol *volume_info, char *mount_data,
3160                         const char *devname)
3161 {
3162         int rc = 0;
3163
3164         if (cifs_parse_mount_options(mount_data, devname, volume_info))
3165                 return -EINVAL;
3166
3167         if (volume_info->nullauth) {
3168                 cFYI(1, "null user");
3169                 volume_info->username = kzalloc(1, GFP_KERNEL);
3170                 if (volume_info->username == NULL)
3171                         return -ENOMEM;
3172         } else if (volume_info->username) {
3173                 /* BB fixme parse for domain name here */
3174                 cFYI(1, "Username: %s", volume_info->username);
3175         } else {
3176                 cifserror("No username specified");
3177         /* In userspace mount helper we can get user name from alternate
3178            locations such as env variables and files on disk */
3179                 return -EINVAL;
3180         }
3181
3182         /* this is needed for ASCII cp to Unicode converts */
3183         if (volume_info->iocharset == NULL) {
3184                 /* load_nls_default cannot return null */
3185                 volume_info->local_nls = load_nls_default();
3186         } else {
3187                 volume_info->local_nls = load_nls(volume_info->iocharset);
3188                 if (volume_info->local_nls == NULL) {
3189                         cERROR(1, "CIFS mount error: iocharset %s not found",
3190                                  volume_info->iocharset);
3191                         return -ELIBACC;
3192                 }
3193         }
3194
3195         return rc;
3196 }
3197
3198 struct smb_vol *
3199 cifs_get_volume_info(char *mount_data, const char *devname)
3200 {
3201         int rc;
3202         struct smb_vol *volume_info;
3203
3204         volume_info = kzalloc(sizeof(struct smb_vol), GFP_KERNEL);
3205         if (!volume_info)
3206                 return ERR_PTR(-ENOMEM);
3207
3208         rc = cifs_setup_volume_info(volume_info, mount_data, devname);
3209         if (rc) {
3210                 cifs_cleanup_volume_info(volume_info);
3211                 volume_info = ERR_PTR(rc);
3212         }
3213
3214         return volume_info;
3215 }
3216
3217 /* make sure ra_pages is a multiple of rsize */
3218 static inline unsigned int
3219 cifs_ra_pages(struct cifs_sb_info *cifs_sb)
3220 {
3221         unsigned int reads;
3222         unsigned int rsize_pages = cifs_sb->rsize / PAGE_CACHE_SIZE;
3223
3224         if (rsize_pages >= default_backing_dev_info.ra_pages)
3225                 return default_backing_dev_info.ra_pages;
3226         else if (rsize_pages == 0)
3227                 return rsize_pages;
3228
3229         reads = default_backing_dev_info.ra_pages / rsize_pages;
3230         return reads * rsize_pages;
3231 }
3232
3233 int
3234 cifs_mount(struct cifs_sb_info *cifs_sb, struct smb_vol *volume_info)
3235 {
3236         int rc;
3237         int xid;
3238         struct cifs_ses *pSesInfo;
3239         struct cifs_tcon *tcon;
3240         struct TCP_Server_Info *srvTcp;
3241         char   *full_path;
3242         struct tcon_link *tlink;
3243 #ifdef CONFIG_CIFS_DFS_UPCALL
3244         int referral_walks_count = 0;
3245 #endif
3246
3247         rc = bdi_setup_and_register(&cifs_sb->bdi, "cifs", BDI_CAP_MAP_COPY);
3248         if (rc)
3249                 return rc;
3250
3251 #ifdef CONFIG_CIFS_DFS_UPCALL
3252 try_mount_again:
3253         /* cleanup activities if we're chasing a referral */
3254         if (referral_walks_count) {
3255                 if (tcon)
3256                         cifs_put_tcon(tcon);
3257                 else if (pSesInfo)
3258                         cifs_put_smb_ses(pSesInfo);
3259
3260                 FreeXid(xid);
3261         }
3262 #endif
3263         rc = 0;
3264         tcon = NULL;
3265         pSesInfo = NULL;
3266         srvTcp = NULL;
3267         full_path = NULL;
3268         tlink = NULL;
3269
3270         xid = GetXid();
3271
3272         /* get a reference to a tcp session */
3273         srvTcp = cifs_get_tcp_session(volume_info);
3274         if (IS_ERR(srvTcp)) {
3275                 rc = PTR_ERR(srvTcp);
3276                 bdi_destroy(&cifs_sb->bdi);
3277                 goto out;
3278         }
3279
3280         /* get a reference to a SMB session */
3281         pSesInfo = cifs_get_smb_ses(srvTcp, volume_info);
3282         if (IS_ERR(pSesInfo)) {
3283                 rc = PTR_ERR(pSesInfo);
3284                 pSesInfo = NULL;
3285                 goto mount_fail_check;
3286         }
3287
3288         /* search for existing tcon to this server share */
3289         tcon = cifs_get_tcon(pSesInfo, volume_info);
3290         if (IS_ERR(tcon)) {
3291                 rc = PTR_ERR(tcon);
3292                 tcon = NULL;
3293                 goto remote_path_check;
3294         }
3295
3296         /* tell server which Unix caps we support */
3297         if (tcon->ses->capabilities & CAP_UNIX) {
3298                 /* reset of caps checks mount to see if unix extensions
3299                    disabled for just this mount */
3300                 reset_cifs_unix_caps(xid, tcon, cifs_sb, volume_info);
3301                 if ((tcon->ses->server->tcpStatus == CifsNeedReconnect) &&
3302                     (le64_to_cpu(tcon->fsUnixInfo.Capability) &
3303                      CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)) {
3304                         rc = -EACCES;
3305                         goto mount_fail_check;
3306                 }
3307         } else
3308                 tcon->unix_ext = 0; /* server does not support them */
3309
3310         /* do not care if following two calls succeed - informational */
3311         if (!tcon->ipc) {
3312                 CIFSSMBQFSDeviceInfo(xid, tcon);
3313                 CIFSSMBQFSAttributeInfo(xid, tcon);
3314         }
3315
3316         cifs_sb->wsize = cifs_negotiate_wsize(tcon, volume_info);
3317         cifs_sb->rsize = cifs_negotiate_rsize(tcon, volume_info);
3318
3319         /* tune readahead according to rsize */
3320         cifs_sb->bdi.ra_pages = cifs_ra_pages(cifs_sb);
3321
3322 remote_path_check:
3323 #ifdef CONFIG_CIFS_DFS_UPCALL
3324         /*
3325          * Perform an unconditional check for whether there are DFS
3326          * referrals for this path without prefix, to provide support
3327          * for DFS referrals from w2k8 servers which don't seem to respond
3328          * with PATH_NOT_COVERED to requests that include the prefix.
3329          * Chase the referral if found, otherwise continue normally.
3330          */
3331         if (referral_walks_count == 0) {
3332                 int refrc = expand_dfs_referral(xid, pSesInfo, volume_info,
3333                                                 cifs_sb, false);
3334                 if (!refrc) {
3335                         referral_walks_count++;
3336                         goto try_mount_again;
3337                 }
3338         }
3339 #endif
3340
3341         /* check if a whole path is not remote */
3342         if (!rc && tcon) {
3343                 /* build_path_to_root works only when we have a valid tcon */
3344                 full_path = cifs_build_path_to_root(volume_info, cifs_sb, tcon);
3345                 if (full_path == NULL) {
3346                         rc = -ENOMEM;
3347                         goto mount_fail_check;
3348                 }
3349                 rc = is_path_accessible(xid, tcon, cifs_sb, full_path);
3350                 if (rc != 0 && rc != -EREMOTE) {
3351                         kfree(full_path);
3352                         goto mount_fail_check;
3353                 }
3354                 kfree(full_path);
3355         }
3356
3357         /* get referral if needed */
3358         if (rc == -EREMOTE) {
3359 #ifdef CONFIG_CIFS_DFS_UPCALL
3360                 if (referral_walks_count > MAX_NESTED_LINKS) {
3361                         /*
3362                          * BB: when we implement proper loop detection,
3363                          *     we will remove this check. But now we need it
3364                          *     to prevent an indefinite loop if 'DFS tree' is
3365                          *     misconfigured (i.e. has loops).
3366                          */
3367                         rc = -ELOOP;
3368                         goto mount_fail_check;
3369                 }
3370
3371                 rc = expand_dfs_referral(xid, pSesInfo, volume_info, cifs_sb,
3372                                          true);
3373
3374                 if (!rc) {
3375                         referral_walks_count++;
3376                         goto try_mount_again;
3377                 }
3378                 goto mount_fail_check;
3379 #else /* No DFS support, return error on mount */
3380                 rc = -EOPNOTSUPP;
3381 #endif
3382         }
3383
3384         if (rc)
3385                 goto mount_fail_check;
3386
3387         /* now, hang the tcon off of the superblock */
3388         tlink = kzalloc(sizeof *tlink, GFP_KERNEL);
3389         if (tlink == NULL) {
3390                 rc = -ENOMEM;
3391                 goto mount_fail_check;
3392         }
3393
3394         tlink->tl_uid = pSesInfo->linux_uid;
3395         tlink->tl_tcon = tcon;
3396         tlink->tl_time = jiffies;
3397         set_bit(TCON_LINK_MASTER, &tlink->tl_flags);
3398         set_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
3399
3400         cifs_sb->master_tlink = tlink;
3401         spin_lock(&cifs_sb->tlink_tree_lock);
3402         tlink_rb_insert(&cifs_sb->tlink_tree, tlink);
3403         spin_unlock(&cifs_sb->tlink_tree_lock);
3404
3405         queue_delayed_work(system_nrt_wq, &cifs_sb->prune_tlinks,
3406                                 TLINK_IDLE_EXPIRE);
3407
3408 mount_fail_check:
3409         /* on error free sesinfo and tcon struct if needed */
3410         if (rc) {
3411                 /* If find_unc succeeded then rc == 0 so we can not end */
3412                 /* up accidentally freeing someone elses tcon struct */
3413                 if (tcon)
3414                         cifs_put_tcon(tcon);
3415                 else if (pSesInfo)
3416                         cifs_put_smb_ses(pSesInfo);
3417              &nbs