Merge branch '3.2-without-smb2' of git://git.samba.org/sfrench/cifs-2.6
[pandora-kernel.git] / fs / cifs / connect.c
1 /*
2  *   fs/cifs/connect.c
3  *
4  *   Copyright (C) International Business Machines  Corp., 2002,2009
5  *   Author(s): Steve French (sfrench@us.ibm.com)
6  *
7  *   This library is free software; you can redistribute it and/or modify
8  *   it under the terms of the GNU Lesser General Public License as published
9  *   by the Free Software Foundation; either version 2.1 of the License, or
10  *   (at your option) any later version.
11  *
12  *   This library is distributed in the hope that it will be useful,
13  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
14  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
15  *   the GNU Lesser General Public License for more details.
16  *
17  *   You should have received a copy of the GNU Lesser General Public License
18  *   along with this library; if not, write to the Free Software
19  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20  */
21 #include <linux/fs.h>
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/slab.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/kthread.h>
34 #include <linux/pagevec.h>
35 #include <linux/freezer.h>
36 #include <linux/namei.h>
37 #include <asm/uaccess.h>
38 #include <asm/processor.h>
39 #include <linux/inet.h>
40 #include <net/ipv6.h>
41 #include "cifspdu.h"
42 #include "cifsglob.h"
43 #include "cifsproto.h"
44 #include "cifs_unicode.h"
45 #include "cifs_debug.h"
46 #include "cifs_fs_sb.h"
47 #include "ntlmssp.h"
48 #include "nterr.h"
49 #include "rfc1002pdu.h"
50 #include "fscache.h"
51
52 #define CIFS_PORT 445
53 #define RFC1001_PORT 139
54
55 /* SMB echo "timeout" -- FIXME: tunable? */
56 #define SMB_ECHO_INTERVAL (60 * HZ)
57
58 extern mempool_t *cifs_req_poolp;
59
60 /* FIXME: should these be tunable? */
61 #define TLINK_ERROR_EXPIRE      (1 * HZ)
62 #define TLINK_IDLE_EXPIRE       (600 * HZ)
63
64 static int ip_connect(struct TCP_Server_Info *server);
65 static int generic_ip_connect(struct TCP_Server_Info *server);
66 static void tlink_rb_insert(struct rb_root *root, struct tcon_link *new_tlink);
67 static void cifs_prune_tlinks(struct work_struct *work);
68 static int cifs_setup_volume_info(struct smb_vol *volume_info, char *mount_data,
69                                         const char *devname);
70
71 /*
72  * cifs tcp session reconnection
73  *
74  * mark tcp session as reconnecting so temporarily locked
75  * mark all smb sessions as reconnecting for tcp session
76  * reconnect tcp session
77  * wake up waiters on reconnection? - (not needed currently)
78  */
79 static int
80 cifs_reconnect(struct TCP_Server_Info *server)
81 {
82         int rc = 0;
83         struct list_head *tmp, *tmp2;
84         struct cifs_ses *ses;
85         struct cifs_tcon *tcon;
86         struct mid_q_entry *mid_entry;
87         struct list_head retry_list;
88
89         spin_lock(&GlobalMid_Lock);
90         if (server->tcpStatus == CifsExiting) {
91                 /* the demux thread will exit normally
92                 next time through the loop */
93                 spin_unlock(&GlobalMid_Lock);
94                 return rc;
95         } else
96                 server->tcpStatus = CifsNeedReconnect;
97         spin_unlock(&GlobalMid_Lock);
98         server->maxBuf = 0;
99
100         cFYI(1, "Reconnecting tcp session");
101
102         /* before reconnecting the tcp session, mark the smb session (uid)
103                 and the tid bad so they are not used until reconnected */
104         cFYI(1, "%s: marking sessions and tcons for reconnect", __func__);
105         spin_lock(&cifs_tcp_ses_lock);
106         list_for_each(tmp, &server->smb_ses_list) {
107                 ses = list_entry(tmp, struct cifs_ses, smb_ses_list);
108                 ses->need_reconnect = true;
109                 ses->ipc_tid = 0;
110                 list_for_each(tmp2, &ses->tcon_list) {
111                         tcon = list_entry(tmp2, struct cifs_tcon, tcon_list);
112                         tcon->need_reconnect = true;
113                 }
114         }
115         spin_unlock(&cifs_tcp_ses_lock);
116
117         /* do not want to be sending data on a socket we are freeing */
118         cFYI(1, "%s: tearing down socket", __func__);
119         mutex_lock(&server->srv_mutex);
120         if (server->ssocket) {
121                 cFYI(1, "State: 0x%x Flags: 0x%lx", server->ssocket->state,
122                         server->ssocket->flags);
123                 kernel_sock_shutdown(server->ssocket, SHUT_WR);
124                 cFYI(1, "Post shutdown state: 0x%x Flags: 0x%lx",
125                         server->ssocket->state,
126                         server->ssocket->flags);
127                 sock_release(server->ssocket);
128                 server->ssocket = NULL;
129         }
130         server->sequence_number = 0;
131         server->session_estab = false;
132         kfree(server->session_key.response);
133         server->session_key.response = NULL;
134         server->session_key.len = 0;
135         server->lstrp = jiffies;
136         mutex_unlock(&server->srv_mutex);
137
138         /* mark submitted MIDs for retry and issue callback */
139         INIT_LIST_HEAD(&retry_list);
140         cFYI(1, "%s: moving mids to private list", __func__);
141         spin_lock(&GlobalMid_Lock);
142         list_for_each_safe(tmp, tmp2, &server->pending_mid_q) {
143                 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
144                 if (mid_entry->midState == MID_REQUEST_SUBMITTED)
145                         mid_entry->midState = MID_RETRY_NEEDED;
146                 list_move(&mid_entry->qhead, &retry_list);
147         }
148         spin_unlock(&GlobalMid_Lock);
149
150         cFYI(1, "%s: issuing mid callbacks", __func__);
151         list_for_each_safe(tmp, tmp2, &retry_list) {
152                 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
153                 list_del_init(&mid_entry->qhead);
154                 mid_entry->callback(mid_entry);
155         }
156
157         do {
158                 try_to_freeze();
159
160                 /* we should try only the port we connected to before */
161                 rc = generic_ip_connect(server);
162                 if (rc) {
163                         cFYI(1, "reconnect error %d", rc);
164                         msleep(3000);
165                 } else {
166                         atomic_inc(&tcpSesReconnectCount);
167                         spin_lock(&GlobalMid_Lock);
168                         if (server->tcpStatus != CifsExiting)
169                                 server->tcpStatus = CifsNeedNegotiate;
170                         spin_unlock(&GlobalMid_Lock);
171                 }
172         } while (server->tcpStatus == CifsNeedReconnect);
173
174         return rc;
175 }
176
177 /*
178         return codes:
179                 0       not a transact2, or all data present
180                 >0      transact2 with that much data missing
181                 -EINVAL = invalid transact2
182
183  */
184 static int check2ndT2(struct smb_hdr *pSMB)
185 {
186         struct smb_t2_rsp *pSMBt;
187         int remaining;
188         __u16 total_data_size, data_in_this_rsp;
189
190         if (pSMB->Command != SMB_COM_TRANSACTION2)
191                 return 0;
192
193         /* check for plausible wct, bcc and t2 data and parm sizes */
194         /* check for parm and data offset going beyond end of smb */
195         if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
196                 cFYI(1, "invalid transact2 word count");
197                 return -EINVAL;
198         }
199
200         pSMBt = (struct smb_t2_rsp *)pSMB;
201
202         total_data_size = get_unaligned_le16(&pSMBt->t2_rsp.TotalDataCount);
203         data_in_this_rsp = get_unaligned_le16(&pSMBt->t2_rsp.DataCount);
204
205         if (total_data_size == data_in_this_rsp)
206                 return 0;
207         else if (total_data_size < data_in_this_rsp) {
208                 cFYI(1, "total data %d smaller than data in frame %d",
209                         total_data_size, data_in_this_rsp);
210                 return -EINVAL;
211         }
212
213         remaining = total_data_size - data_in_this_rsp;
214
215         cFYI(1, "missing %d bytes from transact2, check next response",
216                 remaining);
217         if (total_data_size > CIFSMaxBufSize) {
218                 cERROR(1, "TotalDataSize %d is over maximum buffer %d",
219                         total_data_size, CIFSMaxBufSize);
220                 return -EINVAL;
221         }
222         return remaining;
223 }
224
225 static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
226 {
227         struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
228         struct smb_t2_rsp *pSMBt  = (struct smb_t2_rsp *)pTargetSMB;
229         char *data_area_of_target;
230         char *data_area_of_buf2;
231         int remaining;
232         unsigned int byte_count, total_in_buf;
233         __u16 total_data_size, total_in_buf2;
234
235         total_data_size = get_unaligned_le16(&pSMBt->t2_rsp.TotalDataCount);
236
237         if (total_data_size !=
238             get_unaligned_le16(&pSMB2->t2_rsp.TotalDataCount))
239                 cFYI(1, "total data size of primary and secondary t2 differ");
240
241         total_in_buf = get_unaligned_le16(&pSMBt->t2_rsp.DataCount);
242
243         remaining = total_data_size - total_in_buf;
244
245         if (remaining < 0)
246                 return -EPROTO;
247
248         if (remaining == 0) /* nothing to do, ignore */
249                 return 0;
250
251         total_in_buf2 = get_unaligned_le16(&pSMB2->t2_rsp.DataCount);
252         if (remaining < total_in_buf2) {
253                 cFYI(1, "transact2 2nd response contains too much data");
254         }
255
256         /* find end of first SMB data area */
257         data_area_of_target = (char *)&pSMBt->hdr.Protocol +
258                                 get_unaligned_le16(&pSMBt->t2_rsp.DataOffset);
259         /* validate target area */
260
261         data_area_of_buf2 = (char *)&pSMB2->hdr.Protocol +
262                                 get_unaligned_le16(&pSMB2->t2_rsp.DataOffset);
263
264         data_area_of_target += total_in_buf;
265
266         /* copy second buffer into end of first buffer */
267         total_in_buf += total_in_buf2;
268         /* is the result too big for the field? */
269         if (total_in_buf > USHRT_MAX)
270                 return -EPROTO;
271         put_unaligned_le16(total_in_buf, &pSMBt->t2_rsp.DataCount);
272
273         /* fix up the BCC */
274         byte_count = get_bcc(pTargetSMB);
275         byte_count += total_in_buf2;
276         /* is the result too big for the field? */
277         if (byte_count > USHRT_MAX)
278                 return -EPROTO;
279         put_bcc(byte_count, pTargetSMB);
280
281         byte_count = be32_to_cpu(pTargetSMB->smb_buf_length);
282         byte_count += total_in_buf2;
283         /* don't allow buffer to overflow */
284         if (byte_count > CIFSMaxBufSize)
285                 return -ENOBUFS;
286         pTargetSMB->smb_buf_length = cpu_to_be32(byte_count);
287
288         memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
289
290         if (remaining == total_in_buf2) {
291                 cFYI(1, "found the last secondary response");
292                 return 0; /* we are done */
293         } else /* more responses to go */
294                 return 1;
295 }
296
297 static void
298 cifs_echo_request(struct work_struct *work)
299 {
300         int rc;
301         struct TCP_Server_Info *server = container_of(work,
302                                         struct TCP_Server_Info, echo.work);
303
304         /*
305          * We cannot send an echo until the NEGOTIATE_PROTOCOL request is
306          * done, which is indicated by maxBuf != 0. Also, no need to ping if
307          * we got a response recently
308          */
309         if (server->maxBuf == 0 ||
310             time_before(jiffies, server->lstrp + SMB_ECHO_INTERVAL - HZ))
311                 goto requeue_echo;
312
313         rc = CIFSSMBEcho(server);
314         if (rc)
315                 cFYI(1, "Unable to send echo request to server: %s",
316                         server->hostname);
317
318 requeue_echo:
319         queue_delayed_work(system_nrt_wq, &server->echo, SMB_ECHO_INTERVAL);
320 }
321
322 static bool
323 allocate_buffers(struct TCP_Server_Info *server)
324 {
325         if (!server->bigbuf) {
326                 server->bigbuf = (char *)cifs_buf_get();
327                 if (!server->bigbuf) {
328                         cERROR(1, "No memory for large SMB response");
329                         msleep(3000);
330                         /* retry will check if exiting */
331                         return false;
332                 }
333         } else if (server->large_buf) {
334                 /* we are reusing a dirty large buf, clear its start */
335                 memset(server->bigbuf, 0, sizeof(struct smb_hdr));
336         }
337
338         if (!server->smallbuf) {
339                 server->smallbuf = (char *)cifs_small_buf_get();
340                 if (!server->smallbuf) {
341                         cERROR(1, "No memory for SMB response");
342                         msleep(1000);
343                         /* retry will check if exiting */
344                         return false;
345                 }
346                 /* beginning of smb buffer is cleared in our buf_get */
347         } else {
348                 /* if existing small buf clear beginning */
349                 memset(server->smallbuf, 0, sizeof(struct smb_hdr));
350         }
351
352         return true;
353 }
354
355 static bool
356 server_unresponsive(struct TCP_Server_Info *server)
357 {
358         if (echo_retries > 0 && server->tcpStatus == CifsGood &&
359             time_after(jiffies, server->lstrp +
360                                 (echo_retries * SMB_ECHO_INTERVAL))) {
361                 cERROR(1, "Server %s has not responded in %d seconds. "
362                           "Reconnecting...", server->hostname,
363                           (echo_retries * SMB_ECHO_INTERVAL / HZ));
364                 cifs_reconnect(server);
365                 wake_up(&server->response_q);
366                 return true;
367         }
368
369         return false;
370 }
371
372 /*
373  * kvec_array_init - clone a kvec array, and advance into it
374  * @new:        pointer to memory for cloned array
375  * @iov:        pointer to original array
376  * @nr_segs:    number of members in original array
377  * @bytes:      number of bytes to advance into the cloned array
378  *
379  * This function will copy the array provided in iov to a section of memory
380  * and advance the specified number of bytes into the new array. It returns
381  * the number of segments in the new array. "new" must be at least as big as
382  * the original iov array.
383  */
384 static unsigned int
385 kvec_array_init(struct kvec *new, struct kvec *iov, unsigned int nr_segs,
386                 size_t bytes)
387 {
388         size_t base = 0;
389
390         while (bytes || !iov->iov_len) {
391                 int copy = min(bytes, iov->iov_len);
392
393                 bytes -= copy;
394                 base += copy;
395                 if (iov->iov_len == base) {
396                         iov++;
397                         nr_segs--;
398                         base = 0;
399                 }
400         }
401         memcpy(new, iov, sizeof(*iov) * nr_segs);
402         new->iov_base += base;
403         new->iov_len -= base;
404         return nr_segs;
405 }
406
407 static struct kvec *
408 get_server_iovec(struct TCP_Server_Info *server, unsigned int nr_segs)
409 {
410         struct kvec *new_iov;
411
412         if (server->iov && nr_segs <= server->nr_iov)
413                 return server->iov;
414
415         /* not big enough -- allocate a new one and release the old */
416         new_iov = kmalloc(sizeof(*new_iov) * nr_segs, GFP_NOFS);
417         if (new_iov) {
418                 kfree(server->iov);
419                 server->iov = new_iov;
420                 server->nr_iov = nr_segs;
421         }
422         return new_iov;
423 }
424
425 int
426 cifs_readv_from_socket(struct TCP_Server_Info *server, struct kvec *iov_orig,
427                        unsigned int nr_segs, unsigned int to_read)
428 {
429         int length = 0;
430         int total_read;
431         unsigned int segs;
432         struct msghdr smb_msg;
433         struct kvec *iov;
434
435         iov = get_server_iovec(server, nr_segs);
436         if (!iov)
437                 return -ENOMEM;
438
439         smb_msg.msg_control = NULL;
440         smb_msg.msg_controllen = 0;
441
442         for (total_read = 0; to_read; total_read += length, to_read -= length) {
443                 if (server_unresponsive(server)) {
444                         total_read = -EAGAIN;
445                         break;
446                 }
447
448                 segs = kvec_array_init(iov, iov_orig, nr_segs, total_read);
449
450                 length = kernel_recvmsg(server->ssocket, &smb_msg,
451                                         iov, segs, to_read, 0);
452
453                 if (server->tcpStatus == CifsExiting) {
454                         total_read = -ESHUTDOWN;
455                         break;
456                 } else if (server->tcpStatus == CifsNeedReconnect) {
457                         cifs_reconnect(server);
458                         total_read = -EAGAIN;
459                         break;
460                 } else if (length == -ERESTARTSYS ||
461                            length == -EAGAIN ||
462                            length == -EINTR) {
463                         /*
464                          * Minimum sleep to prevent looping, allowing socket
465                          * to clear and app threads to set tcpStatus
466                          * CifsNeedReconnect if server hung.
467                          */
468                         usleep_range(1000, 2000);
469                         length = 0;
470                         continue;
471                 } else if (length <= 0) {
472                         cFYI(1, "Received no data or error: expecting %d "
473                                 "got %d", to_read, length);
474                         cifs_reconnect(server);
475                         total_read = -EAGAIN;
476                         break;
477                 }
478         }
479         return total_read;
480 }
481
482 int
483 cifs_read_from_socket(struct TCP_Server_Info *server, char *buf,
484                       unsigned int to_read)
485 {
486         struct kvec iov;
487
488         iov.iov_base = buf;
489         iov.iov_len = to_read;
490
491         return cifs_readv_from_socket(server, &iov, 1, to_read);
492 }
493
494 static bool
495 is_smb_response(struct TCP_Server_Info *server, unsigned char type)
496 {
497         /*
498          * The first byte big endian of the length field,
499          * is actually not part of the length but the type
500          * with the most common, zero, as regular data.
501          */
502         switch (type) {
503         case RFC1002_SESSION_MESSAGE:
504                 /* Regular SMB response */
505                 return true;
506         case RFC1002_SESSION_KEEP_ALIVE:
507                 cFYI(1, "RFC 1002 session keep alive");
508                 break;
509         case RFC1002_POSITIVE_SESSION_RESPONSE:
510                 cFYI(1, "RFC 1002 positive session response");
511                 break;
512         case RFC1002_NEGATIVE_SESSION_RESPONSE:
513                 /*
514                  * We get this from Windows 98 instead of an error on
515                  * SMB negprot response.
516                  */
517                 cFYI(1, "RFC 1002 negative session response");
518                 /* give server a second to clean up */
519                 msleep(1000);
520                 /*
521                  * Always try 445 first on reconnect since we get NACK
522                  * on some if we ever connected to port 139 (the NACK
523                  * is since we do not begin with RFC1001 session
524                  * initialize frame).
525                  */
526                 cifs_set_port((struct sockaddr *)&server->dstaddr, CIFS_PORT);
527                 cifs_reconnect(server);
528                 wake_up(&server->response_q);
529                 break;
530         default:
531                 cERROR(1, "RFC 1002 unknown response type 0x%x", type);
532                 cifs_reconnect(server);
533         }
534
535         return false;
536 }
537
538 static struct mid_q_entry *
539 find_mid(struct TCP_Server_Info *server, struct smb_hdr *buf)
540 {
541         struct mid_q_entry *mid;
542
543         spin_lock(&GlobalMid_Lock);
544         list_for_each_entry(mid, &server->pending_mid_q, qhead) {
545                 if (mid->mid == buf->Mid &&
546                     mid->midState == MID_REQUEST_SUBMITTED &&
547                     mid->command == buf->Command) {
548                         spin_unlock(&GlobalMid_Lock);
549                         return mid;
550                 }
551         }
552         spin_unlock(&GlobalMid_Lock);
553         return NULL;
554 }
555
556 void
557 dequeue_mid(struct mid_q_entry *mid, bool malformed)
558 {
559 #ifdef CONFIG_CIFS_STATS2
560         mid->when_received = jiffies;
561 #endif
562         spin_lock(&GlobalMid_Lock);
563         if (!malformed)
564                 mid->midState = MID_RESPONSE_RECEIVED;
565         else
566                 mid->midState = MID_RESPONSE_MALFORMED;
567         list_del_init(&mid->qhead);
568         spin_unlock(&GlobalMid_Lock);
569 }
570
571 static void
572 handle_mid(struct mid_q_entry *mid, struct TCP_Server_Info *server,
573            struct smb_hdr *buf, int malformed)
574 {
575         if (malformed == 0 && check2ndT2(buf) > 0) {
576                 mid->multiRsp = true;
577                 if (mid->resp_buf) {
578                         /* merge response - fix up 1st*/
579                         malformed = coalesce_t2(buf, mid->resp_buf);
580                         if (malformed > 0)
581                                 return;
582
583                         /* All parts received or packet is malformed. */
584                         mid->multiEnd = true;
585                         return dequeue_mid(mid, malformed);
586                 }
587                 if (!server->large_buf) {
588                         /*FIXME: switch to already allocated largebuf?*/
589                         cERROR(1, "1st trans2 resp needs bigbuf");
590                 } else {
591                         /* Have first buffer */
592                         mid->resp_buf = buf;
593                         mid->largeBuf = true;
594                         server->bigbuf = NULL;
595                 }
596                 return;
597         }
598         mid->resp_buf = buf;
599         mid->largeBuf = server->large_buf;
600         /* Was previous buf put in mpx struct for multi-rsp? */
601         if (!mid->multiRsp) {
602                 /* smb buffer will be freed by user thread */
603                 if (server->large_buf)
604                         server->bigbuf = NULL;
605                 else
606                         server->smallbuf = NULL;
607         }
608         dequeue_mid(mid, malformed);
609 }
610
611 static void clean_demultiplex_info(struct TCP_Server_Info *server)
612 {
613         int length;
614
615         /* take it off the list, if it's not already */
616         spin_lock(&cifs_tcp_ses_lock);
617         list_del_init(&server->tcp_ses_list);
618         spin_unlock(&cifs_tcp_ses_lock);
619
620         spin_lock(&GlobalMid_Lock);
621         server->tcpStatus = CifsExiting;
622         spin_unlock(&GlobalMid_Lock);
623         wake_up_all(&server->response_q);
624
625         /*
626          * Check if we have blocked requests that need to free. Note that
627          * cifs_max_pending is normally 50, but can be set at module install
628          * time to as little as two.
629          */
630         spin_lock(&GlobalMid_Lock);
631         if (atomic_read(&server->inFlight) >= cifs_max_pending)
632                 atomic_set(&server->inFlight, cifs_max_pending - 1);
633         /*
634          * We do not want to set the max_pending too low or we could end up
635          * with the counter going negative.
636          */
637         spin_unlock(&GlobalMid_Lock);
638         /*
639          * Although there should not be any requests blocked on this queue it
640          * can not hurt to be paranoid and try to wake up requests that may
641          * haven been blocked when more than 50 at time were on the wire to the
642          * same server - they now will see the session is in exit state and get
643          * out of SendReceive.
644          */
645         wake_up_all(&server->request_q);
646         /* give those requests time to exit */
647         msleep(125);
648
649         if (server->ssocket) {
650                 sock_release(server->ssocket);
651                 server->ssocket = NULL;
652         }
653
654         if (!list_empty(&server->pending_mid_q)) {
655                 struct list_head dispose_list;
656                 struct mid_q_entry *mid_entry;
657                 struct list_head *tmp, *tmp2;
658
659                 INIT_LIST_HEAD(&dispose_list);
660                 spin_lock(&GlobalMid_Lock);
661                 list_for_each_safe(tmp, tmp2, &server->pending_mid_q) {
662                         mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
663                         cFYI(1, "Clearing mid 0x%x", mid_entry->mid);
664                         mid_entry->midState = MID_SHUTDOWN;
665                         list_move(&mid_entry->qhead, &dispose_list);
666                 }
667                 spin_unlock(&GlobalMid_Lock);
668
669                 /* now walk dispose list and issue callbacks */
670                 list_for_each_safe(tmp, tmp2, &dispose_list) {
671                         mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
672                         cFYI(1, "Callback mid 0x%x", mid_entry->mid);
673                         list_del_init(&mid_entry->qhead);
674                         mid_entry->callback(mid_entry);
675                 }
676                 /* 1/8th of sec is more than enough time for them to exit */
677                 msleep(125);
678         }
679
680         if (!list_empty(&server->pending_mid_q)) {
681                 /*
682                  * mpx threads have not exited yet give them at least the smb
683                  * send timeout time for long ops.
684                  *
685                  * Due to delays on oplock break requests, we need to wait at
686                  * least 45 seconds before giving up on a request getting a
687                  * response and going ahead and killing cifsd.
688                  */
689                 cFYI(1, "Wait for exit from demultiplex thread");
690                 msleep(46000);
691                 /*
692                  * If threads still have not exited they are probably never
693                  * coming home not much else we can do but free the memory.
694                  */
695         }
696
697         kfree(server->hostname);
698         kfree(server->iov);
699         kfree(server);
700
701         length = atomic_dec_return(&tcpSesAllocCount);
702         if (length > 0)
703                 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
704                                 GFP_KERNEL);
705 }
706
707 static int
708 standard_receive3(struct TCP_Server_Info *server, struct mid_q_entry *mid)
709 {
710         int length;
711         char *buf = server->smallbuf;
712         struct smb_hdr *smb_buffer = (struct smb_hdr *)buf;
713         unsigned int pdu_length = be32_to_cpu(smb_buffer->smb_buf_length);
714
715         /* make sure this will fit in a large buffer */
716         if (pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
717                 cERROR(1, "SMB response too long (%u bytes)",
718                         pdu_length);
719                 cifs_reconnect(server);
720                 wake_up(&server->response_q);
721                 return -EAGAIN;
722         }
723
724         /* switch to large buffer if too big for a small one */
725         if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
726                 server->large_buf = true;
727                 memcpy(server->bigbuf, server->smallbuf, server->total_read);
728                 buf = server->bigbuf;
729                 smb_buffer = (struct smb_hdr *)buf;
730         }
731
732         /* now read the rest */
733         length = cifs_read_from_socket(server,
734                           buf + sizeof(struct smb_hdr) - 1,
735                           pdu_length - sizeof(struct smb_hdr) + 1 + 4);
736         if (length < 0)
737                 return length;
738         server->total_read += length;
739
740         dump_smb(smb_buffer, server->total_read);
741
742         /*
743          * We know that we received enough to get to the MID as we
744          * checked the pdu_length earlier. Now check to see
745          * if the rest of the header is OK. We borrow the length
746          * var for the rest of the loop to avoid a new stack var.
747          *
748          * 48 bytes is enough to display the header and a little bit
749          * into the payload for debugging purposes.
750          */
751         length = checkSMB(smb_buffer, smb_buffer->Mid, server->total_read);
752         if (length != 0)
753                 cifs_dump_mem("Bad SMB: ", buf,
754                         min_t(unsigned int, server->total_read, 48));
755
756         if (mid)
757                 handle_mid(mid, server, smb_buffer, length);
758
759         return length;
760 }
761
762 static int
763 cifs_demultiplex_thread(void *p)
764 {
765         int length;
766         struct TCP_Server_Info *server = p;
767         unsigned int pdu_length;
768         char *buf = NULL;
769         struct smb_hdr *smb_buffer = NULL;
770         struct task_struct *task_to_wake = NULL;
771         struct mid_q_entry *mid_entry;
772
773         current->flags |= PF_MEMALLOC;
774         cFYI(1, "Demultiplex PID: %d", task_pid_nr(current));
775
776         length = atomic_inc_return(&tcpSesAllocCount);
777         if (length > 1)
778                 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
779                                 GFP_KERNEL);
780
781         set_freezable();
782         while (server->tcpStatus != CifsExiting) {
783                 if (try_to_freeze())
784                         continue;
785
786                 if (!allocate_buffers(server))
787                         continue;
788
789                 server->large_buf = false;
790                 smb_buffer = (struct smb_hdr *)server->smallbuf;
791                 buf = server->smallbuf;
792                 pdu_length = 4; /* enough to get RFC1001 header */
793
794                 length = cifs_read_from_socket(server, buf, pdu_length);
795                 if (length < 0)
796                         continue;
797                 server->total_read = length;
798
799                 /*
800                  * The right amount was read from socket - 4 bytes,
801                  * so we can now interpret the length field.
802                  */
803                 pdu_length = be32_to_cpu(smb_buffer->smb_buf_length);
804
805                 cFYI(1, "RFC1002 header 0x%x", pdu_length);
806                 if (!is_smb_response(server, buf[0]))
807                         continue;
808
809                 /* make sure we have enough to get to the MID */
810                 if (pdu_length < sizeof(struct smb_hdr) - 1 - 4) {
811                         cERROR(1, "SMB response too short (%u bytes)",
812                                 pdu_length);
813                         cifs_reconnect(server);
814                         wake_up(&server->response_q);
815                         continue;
816                 }
817
818                 /* read down to the MID */
819                 length = cifs_read_from_socket(server, buf + 4,
820                                         sizeof(struct smb_hdr) - 1 - 4);
821                 if (length < 0)
822                         continue;
823                 server->total_read += length;
824
825                 mid_entry = find_mid(server, smb_buffer);
826
827                 if (!mid_entry || !mid_entry->receive)
828                         length = standard_receive3(server, mid_entry);
829                 else
830                         length = mid_entry->receive(server, mid_entry);
831
832                 if (length < 0)
833                         continue;
834
835                 if (server->large_buf) {
836                         buf = server->bigbuf;
837                         smb_buffer = (struct smb_hdr *)buf;
838                 }
839
840                 server->lstrp = jiffies;
841                 if (mid_entry != NULL) {
842                         if (!mid_entry->multiRsp || mid_entry->multiEnd)
843                                 mid_entry->callback(mid_entry);
844                 } else if (!is_valid_oplock_break(smb_buffer, server)) {
845                         cERROR(1, "No task to wake, unknown frame received! "
846                                    "NumMids %d", atomic_read(&midCount));
847                         cifs_dump_mem("Received Data is: ", buf,
848                                       sizeof(struct smb_hdr));
849 #ifdef CONFIG_CIFS_DEBUG2
850                         cifs_dump_detail(smb_buffer);
851                         cifs_dump_mids(server);
852 #endif /* CIFS_DEBUG2 */
853
854                 }
855         } /* end while !EXITING */
856
857         /* buffer usually freed in free_mid - need to free it here on exit */
858         cifs_buf_release(server->bigbuf);
859         if (server->smallbuf) /* no sense logging a debug message if NULL */
860                 cifs_small_buf_release(server->smallbuf);
861
862         task_to_wake = xchg(&server->tsk, NULL);
863         clean_demultiplex_info(server);
864
865         /* if server->tsk was NULL then wait for a signal before exiting */
866         if (!task_to_wake) {
867                 set_current_state(TASK_INTERRUPTIBLE);
868                 while (!signal_pending(current)) {
869                         schedule();
870                         set_current_state(TASK_INTERRUPTIBLE);
871                 }
872                 set_current_state(TASK_RUNNING);
873         }
874
875         module_put_and_exit(0);
876 }
877
878 /* extract the host portion of the UNC string */
879 static char *
880 extract_hostname(const char *unc)
881 {
882         const char *src;
883         char *dst, *delim;
884         unsigned int len;
885
886         /* skip double chars at beginning of string */
887         /* BB: check validity of these bytes? */
888         src = unc + 2;
889
890         /* delimiter between hostname and sharename is always '\\' now */
891         delim = strchr(src, '\\');
892         if (!delim)
893                 return ERR_PTR(-EINVAL);
894
895         len = delim - src;
896         dst = kmalloc((len + 1), GFP_KERNEL);
897         if (dst == NULL)
898                 return ERR_PTR(-ENOMEM);
899
900         memcpy(dst, src, len);
901         dst[len] = '\0';
902
903         return dst;
904 }
905
906 static int
907 cifs_parse_mount_options(const char *mountdata, const char *devname,
908                          struct smb_vol *vol)
909 {
910         char *value, *data, *end;
911         char *mountdata_copy = NULL, *options;
912         int err;
913         unsigned int  temp_len, i, j;
914         char separator[2];
915         short int override_uid = -1;
916         short int override_gid = -1;
917         bool uid_specified = false;
918         bool gid_specified = false;
919         char *nodename = utsname()->nodename;
920
921         separator[0] = ',';
922         separator[1] = 0;
923
924         /*
925          * does not have to be perfect mapping since field is
926          * informational, only used for servers that do not support
927          * port 445 and it can be overridden at mount time
928          */
929         memset(vol->source_rfc1001_name, 0x20, RFC1001_NAME_LEN);
930         for (i = 0; i < strnlen(nodename, RFC1001_NAME_LEN); i++)
931                 vol->source_rfc1001_name[i] = toupper(nodename[i]);
932
933         vol->source_rfc1001_name[RFC1001_NAME_LEN] = 0;
934         /* null target name indicates to use *SMBSERVR default called name
935            if we end up sending RFC1001 session initialize */
936         vol->target_rfc1001_name[0] = 0;
937         vol->cred_uid = current_uid();
938         vol->linux_uid = current_uid();
939         vol->linux_gid = current_gid();
940
941         /* default to only allowing write access to owner of the mount */
942         vol->dir_mode = vol->file_mode = S_IRUGO | S_IXUGO | S_IWUSR;
943
944         /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
945         /* default is always to request posix paths. */
946         vol->posix_paths = 1;
947         /* default to using server inode numbers where available */
948         vol->server_ino = 1;
949
950         vol->actimeo = CIFS_DEF_ACTIMEO;
951
952         if (!mountdata)
953                 goto cifs_parse_mount_err;
954
955         mountdata_copy = kstrndup(mountdata, PAGE_SIZE, GFP_KERNEL);
956         if (!mountdata_copy)
957                 goto cifs_parse_mount_err;
958
959         options = mountdata_copy;
960         end = options + strlen(options);
961         if (strncmp(options, "sep=", 4) == 0) {
962                 if (options[4] != 0) {
963                         separator[0] = options[4];
964                         options += 5;
965                 } else {
966                         cFYI(1, "Null separator not allowed");
967                 }
968         }
969         vol->backupuid_specified = false; /* no backup intent for a user */
970         vol->backupgid_specified = false; /* no backup intent for a group */
971
972         while ((data = strsep(&options, separator)) != NULL) {
973                 if (!*data)
974                         continue;
975                 if ((value = strchr(data, '=')) != NULL)
976                         *value++ = '\0';
977
978                 /* Have to parse this before we parse for "user" */
979                 if (strnicmp(data, "user_xattr", 10) == 0) {
980                         vol->no_xattr = 0;
981                 } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
982                         vol->no_xattr = 1;
983                 } else if (strnicmp(data, "user", 4) == 0) {
984                         if (!value) {
985                                 printk(KERN_WARNING
986                                        "CIFS: invalid or missing username\n");
987                                 goto cifs_parse_mount_err;
988                         } else if (!*value) {
989                                 /* null user, ie anonymous, authentication */
990                                 vol->nullauth = 1;
991                         }
992                         if (strnlen(value, MAX_USERNAME_SIZE) <
993                                                 MAX_USERNAME_SIZE) {
994                                 vol->username = kstrdup(value, GFP_KERNEL);
995                                 if (!vol->username) {
996                                         printk(KERN_WARNING "CIFS: no memory "
997                                                             "for username\n");
998                                         goto cifs_parse_mount_err;
999                                 }
1000                         } else {
1001                                 printk(KERN_WARNING "CIFS: username too long\n");
1002                                 goto cifs_parse_mount_err;
1003                         }
1004                 } else if (strnicmp(data, "pass", 4) == 0) {
1005                         if (!value) {
1006                                 vol->password = NULL;
1007                                 continue;
1008                         } else if (value[0] == 0) {
1009                                 /* check if string begins with double comma
1010                                    since that would mean the password really
1011                                    does start with a comma, and would not
1012                                    indicate an empty string */
1013                                 if (value[1] != separator[0]) {
1014                                         vol->password = NULL;
1015                                         continue;
1016                                 }
1017                         }
1018                         temp_len = strlen(value);
1019                         /* removed password length check, NTLM passwords
1020                                 can be arbitrarily long */
1021
1022                         /* if comma in password, the string will be
1023                         prematurely null terminated.  Commas in password are
1024                         specified across the cifs mount interface by a double
1025                         comma ie ,, and a comma used as in other cases ie ','
1026                         as a parameter delimiter/separator is single and due
1027                         to the strsep above is temporarily zeroed. */
1028
1029                         /* NB: password legally can have multiple commas and
1030                         the only illegal character in a password is null */
1031
1032                         if ((value[temp_len] == 0) &&
1033                             (value + temp_len < end) &&
1034                             (value[temp_len+1] == separator[0])) {
1035                                 /* reinsert comma */
1036                                 value[temp_len] = separator[0];
1037                                 temp_len += 2;  /* move after second comma */
1038                                 while (value[temp_len] != 0)  {
1039                                         if (value[temp_len] == separator[0]) {
1040                                                 if (value[temp_len+1] ==
1041                                                      separator[0]) {
1042                                                 /* skip second comma */
1043                                                         temp_len++;
1044                                                 } else {
1045                                                 /* single comma indicating start
1046                                                          of next parm */
1047                                                         break;
1048                                                 }
1049                                         }
1050                                         temp_len++;
1051                                 }
1052                                 if (value[temp_len] == 0) {
1053                                         options = NULL;
1054                                 } else {
1055                                         value[temp_len] = 0;
1056                                         /* point option to start of next parm */
1057                                         options = value + temp_len + 1;
1058                                 }
1059                                 /* go from value to value + temp_len condensing
1060                                 double commas to singles. Note that this ends up
1061                                 allocating a few bytes too many, which is ok */
1062                                 vol->password = kzalloc(temp_len, GFP_KERNEL);
1063                                 if (vol->password == NULL) {
1064                                         printk(KERN_WARNING "CIFS: no memory "
1065                                                             "for password\n");
1066                                         goto cifs_parse_mount_err;
1067                                 }
1068                                 for (i = 0, j = 0; i < temp_len; i++, j++) {
1069                                         vol->password[j] = value[i];
1070                                         if (value[i] == separator[0]
1071                                                 && value[i+1] == separator[0]) {
1072                                                 /* skip second comma */
1073                                                 i++;
1074                                         }
1075                                 }
1076                                 vol->password[j] = 0;
1077                         } else {
1078                                 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
1079                                 if (vol->password == NULL) {
1080                                         printk(KERN_WARNING "CIFS: no memory "
1081                                                             "for password\n");
1082                                         goto cifs_parse_mount_err;
1083                                 }
1084                                 strcpy(vol->password, value);
1085                         }
1086                 } else if (!strnicmp(data, "ip", 2) ||
1087                            !strnicmp(data, "addr", 4)) {
1088                         if (!value || !*value) {
1089                                 vol->UNCip = NULL;
1090                         } else if (strnlen(value, INET6_ADDRSTRLEN) <
1091                                                         INET6_ADDRSTRLEN) {
1092                                 vol->UNCip = kstrdup(value, GFP_KERNEL);
1093                                 if (!vol->UNCip) {
1094                                         printk(KERN_WARNING "CIFS: no memory "
1095                                                             "for UNC IP\n");
1096                                         goto cifs_parse_mount_err;
1097                                 }
1098                         } else {
1099                                 printk(KERN_WARNING "CIFS: ip address "
1100                                                     "too long\n");
1101                                 goto cifs_parse_mount_err;
1102                         }
1103                 } else if (strnicmp(data, "sec", 3) == 0) {
1104                         if (!value || !*value) {
1105                                 cERROR(1, "no security value specified");
1106                                 continue;
1107                         } else if (strnicmp(value, "krb5i", 5) == 0) {
1108                                 vol->secFlg |= CIFSSEC_MAY_KRB5 |
1109                                         CIFSSEC_MUST_SIGN;
1110                         } else if (strnicmp(value, "krb5p", 5) == 0) {
1111                                 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
1112                                         CIFSSEC_MAY_KRB5; */
1113                                 cERROR(1, "Krb5 cifs privacy not supported");
1114                                 goto cifs_parse_mount_err;
1115                         } else if (strnicmp(value, "krb5", 4) == 0) {
1116                                 vol->secFlg |= CIFSSEC_MAY_KRB5;
1117                         } else if (strnicmp(value, "ntlmsspi", 8) == 0) {
1118                                 vol->secFlg |= CIFSSEC_MAY_NTLMSSP |
1119                                         CIFSSEC_MUST_SIGN;
1120                         } else if (strnicmp(value, "ntlmssp", 7) == 0) {
1121                                 vol->secFlg |= CIFSSEC_MAY_NTLMSSP;
1122                         } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
1123                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
1124                                         CIFSSEC_MUST_SIGN;
1125                         } else if (strnicmp(value, "ntlmv2", 6) == 0) {
1126                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
1127                         } else if (strnicmp(value, "ntlmi", 5) == 0) {
1128                                 vol->secFlg |= CIFSSEC_MAY_NTLM |
1129                                         CIFSSEC_MUST_SIGN;
1130                         } else if (strnicmp(value, "ntlm", 4) == 0) {
1131                                 /* ntlm is default so can be turned off too */
1132                                 vol->secFlg |= CIFSSEC_MAY_NTLM;
1133                         } else if (strnicmp(value, "nontlm", 6) == 0) {
1134                                 /* BB is there a better way to do this? */
1135                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
1136 #ifdef CONFIG_CIFS_WEAK_PW_HASH
1137                         } else if (strnicmp(value, "lanman", 6) == 0) {
1138                                 vol->secFlg |= CIFSSEC_MAY_LANMAN;
1139 #endif
1140                         } else if (strnicmp(value, "none", 4) == 0) {
1141                                 vol->nullauth = 1;
1142                         } else {
1143                                 cERROR(1, "bad security option: %s", value);
1144                                 goto cifs_parse_mount_err;
1145                         }
1146                 } else if (strnicmp(data, "vers", 3) == 0) {
1147                         if (!value || !*value) {
1148                                 cERROR(1, "no protocol version specified"
1149                                           " after vers= mount option");
1150                         } else if ((strnicmp(value, "cifs", 4) == 0) ||
1151                                    (strnicmp(value, "1", 1) == 0)) {
1152                                 /* this is the default */
1153                                 continue;
1154                         }
1155                 } else if ((strnicmp(data, "unc", 3) == 0)
1156                            || (strnicmp(data, "target", 6) == 0)
1157                            || (strnicmp(data, "path", 4) == 0)) {
1158                         if (!value || !*value) {
1159                                 printk(KERN_WARNING "CIFS: invalid path to "
1160                                                     "network resource\n");
1161                                 goto cifs_parse_mount_err;
1162                         }
1163                         if ((temp_len = strnlen(value, 300)) < 300) {
1164                                 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1165                                 if (vol->UNC == NULL)
1166                                         goto cifs_parse_mount_err;
1167                                 strcpy(vol->UNC, value);
1168                                 if (strncmp(vol->UNC, "//", 2) == 0) {
1169                                         vol->UNC[0] = '\\';
1170                                         vol->UNC[1] = '\\';
1171                                 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1172                                         printk(KERN_WARNING
1173                                                "CIFS: UNC Path does not begin "
1174                                                "with // or \\\\ \n");
1175                                         goto cifs_parse_mount_err;
1176                                 }
1177                         } else {
1178                                 printk(KERN_WARNING "CIFS: UNC name too long\n");
1179                                 goto cifs_parse_mount_err;
1180                         }
1181                 } else if ((strnicmp(data, "domain", 3) == 0)
1182                            || (strnicmp(data, "workgroup", 5) == 0)) {
1183                         if (!value || !*value) {
1184                                 printk(KERN_WARNING "CIFS: invalid domain name\n");
1185                                 goto cifs_parse_mount_err;
1186                         }
1187                         /* BB are there cases in which a comma can be valid in
1188                         a domain name and need special handling? */
1189                         if (strnlen(value, 256) < 256) {
1190                                 vol->domainname = kstrdup(value, GFP_KERNEL);
1191                                 if (!vol->domainname) {
1192                                         printk(KERN_WARNING "CIFS: no memory "
1193                                                             "for domainname\n");
1194                                         goto cifs_parse_mount_err;
1195                                 }
1196                                 cFYI(1, "Domain name set");
1197                         } else {
1198                                 printk(KERN_WARNING "CIFS: domain name too "
1199                                                     "long\n");
1200                                 goto cifs_parse_mount_err;
1201                         }
1202                 } else if (strnicmp(data, "srcaddr", 7) == 0) {
1203                         vol->srcaddr.ss_family = AF_UNSPEC;
1204
1205                         if (!value || !*value) {
1206                                 printk(KERN_WARNING "CIFS: srcaddr value"
1207                                        " not specified.\n");
1208                                 goto cifs_parse_mount_err;
1209                         }
1210                         i = cifs_convert_address((struct sockaddr *)&vol->srcaddr,
1211                                                  value, strlen(value));
1212                         if (i == 0) {
1213                                 printk(KERN_WARNING "CIFS:  Could not parse"
1214                                        " srcaddr: %s\n",
1215                                        value);
1216                                 goto cifs_parse_mount_err;
1217                         }
1218                 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1219                         if (!value || !*value) {
1220                                 printk(KERN_WARNING
1221                                         "CIFS: invalid path prefix\n");
1222                                 goto cifs_parse_mount_err;
1223                         }
1224                         if ((temp_len = strnlen(value, 1024)) < 1024) {
1225                                 if (value[0] != '/')
1226                                         temp_len++;  /* missing leading slash */
1227                                 vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1228                                 if (vol->prepath == NULL)
1229                                         goto cifs_parse_mount_err;
1230                                 if (value[0] != '/') {
1231                                         vol->prepath[0] = '/';
1232                                         strcpy(vol->prepath+1, value);
1233                                 } else
1234                                         strcpy(vol->prepath, value);
1235                                 cFYI(1, "prefix path %s", vol->prepath);
1236                         } else {
1237                                 printk(KERN_WARNING "CIFS: prefix too long\n");
1238                                 goto cifs_parse_mount_err;
1239                         }
1240                 } else if (strnicmp(data, "iocharset", 9) == 0) {
1241                         if (!value || !*value) {
1242                                 printk(KERN_WARNING "CIFS: invalid iocharset "
1243                                                     "specified\n");
1244                                 goto cifs_parse_mount_err;
1245                         }
1246                         if (strnlen(value, 65) < 65) {
1247                                 if (strnicmp(value, "default", 7)) {
1248                                         vol->iocharset = kstrdup(value,
1249                                                                  GFP_KERNEL);
1250
1251                                         if (!vol->iocharset) {
1252                                                 printk(KERN_WARNING "CIFS: no "
1253                                                                    "memory for"
1254                                                                    "charset\n");
1255                                                 goto cifs_parse_mount_err;
1256                                         }
1257                                 }
1258                                 /* if iocharset not set then load_nls_default
1259                                    is used by caller */
1260                                 cFYI(1, "iocharset set to %s", value);
1261                         } else {
1262                                 printk(KERN_WARNING "CIFS: iocharset name "
1263                                                     "too long.\n");
1264                                 goto cifs_parse_mount_err;
1265                         }
1266                 } else if (!strnicmp(data, "uid", 3) && value && *value) {
1267                         vol->linux_uid = simple_strtoul(value, &value, 0);
1268                         uid_specified = true;
1269                 } else if (!strnicmp(data, "cruid", 5) && value && *value) {
1270                         vol->cred_uid = simple_strtoul(value, &value, 0);
1271                 } else if (!strnicmp(data, "forceuid", 8)) {
1272                         override_uid = 1;
1273                 } else if (!strnicmp(data, "noforceuid", 10)) {
1274                         override_uid = 0;
1275                 } else if (!strnicmp(data, "gid", 3) && value && *value) {
1276                         vol->linux_gid = simple_strtoul(value, &value, 0);
1277                         gid_specified = true;
1278                 } else if (!strnicmp(data, "forcegid", 8)) {
1279                         override_gid = 1;
1280                 } else if (!strnicmp(data, "noforcegid", 10)) {
1281                         override_gid = 0;
1282                 } else if (strnicmp(data, "file_mode", 4) == 0) {
1283                         if (value && *value) {
1284                                 vol->file_mode =
1285                                         simple_strtoul(value, &value, 0);
1286                         }
1287                 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1288                         if (value && *value) {
1289                                 vol->dir_mode =
1290                                         simple_strtoul(value, &value, 0);
1291                         }
1292                 } else if (strnicmp(data, "dirmode", 4) == 0) {
1293                         if (value && *value) {
1294                                 vol->dir_mode =
1295                                         simple_strtoul(value, &value, 0);
1296                         }
1297                 } else if (strnicmp(data, "port", 4) == 0) {
1298                         if (value && *value) {
1299                                 vol->port =
1300                                         simple_strtoul(value, &value, 0);
1301                         }
1302                 } else if (strnicmp(data, "rsize", 5) == 0) {
1303                         if (value && *value) {
1304                                 vol->rsize =
1305                                         simple_strtoul(value, &value, 0);
1306                         }
1307                 } else if (strnicmp(data, "wsize", 5) == 0) {
1308                         if (value && *value) {
1309                                 vol->wsize =
1310                                         simple_strtoul(value, &value, 0);
1311                         }
1312                 } else if (strnicmp(data, "sockopt", 5) == 0) {
1313                         if (!value || !*value) {
1314                                 cERROR(1, "no socket option specified");
1315                                 continue;
1316                         } else if (strnicmp(value, "TCP_NODELAY", 11) == 0) {
1317                                 vol->sockopt_tcp_nodelay = 1;
1318                         }
1319                 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1320                         if (!value || !*value || (*value == ' ')) {
1321                                 cFYI(1, "invalid (empty) netbiosname");
1322                         } else {
1323                                 memset(vol->source_rfc1001_name, 0x20,
1324                                         RFC1001_NAME_LEN);
1325                                 /*
1326                                  * FIXME: are there cases in which a comma can
1327                                  * be valid in workstation netbios name (and
1328                                  * need special handling)?
1329                                  */
1330                                 for (i = 0; i < RFC1001_NAME_LEN; i++) {
1331                                         /* don't ucase netbiosname for user */
1332                                         if (value[i] == 0)
1333                                                 break;
1334                                         vol->source_rfc1001_name[i] = value[i];
1335                                 }
1336                                 /* The string has 16th byte zero still from
1337                                 set at top of the function  */
1338                                 if (i == RFC1001_NAME_LEN && value[i] != 0)
1339                                         printk(KERN_WARNING "CIFS: netbiosname"
1340                                                 " longer than 15 truncated.\n");
1341                         }
1342                 } else if (strnicmp(data, "servern", 7) == 0) {
1343                         /* servernetbiosname specified override *SMBSERVER */
1344                         if (!value || !*value || (*value == ' ')) {
1345                                 cFYI(1, "empty server netbiosname specified");
1346                         } else {
1347                                 /* last byte, type, is 0x20 for servr type */
1348                                 memset(vol->target_rfc1001_name, 0x20,
1349                                         RFC1001_NAME_LEN_WITH_NULL);
1350
1351                                 for (i = 0; i < 15; i++) {
1352                                 /* BB are there cases in which a comma can be
1353                                    valid in this workstation netbios name
1354                                    (and need special handling)? */
1355
1356                                 /* user or mount helper must uppercase
1357                                    the netbiosname */
1358                                         if (value[i] == 0)
1359                                                 break;
1360                                         else
1361                                                 vol->target_rfc1001_name[i] =
1362                                                                 value[i];
1363                                 }
1364                                 /* The string has 16th byte zero still from
1365                                    set at top of the function  */
1366                                 if (i == RFC1001_NAME_LEN && value[i] != 0)
1367                                         printk(KERN_WARNING "CIFS: server net"
1368                                         "biosname longer than 15 truncated.\n");
1369                         }
1370                 } else if (strnicmp(data, "actimeo", 7) == 0) {
1371                         if (value && *value) {
1372                                 vol->actimeo = HZ * simple_strtoul(value,
1373                                                                    &value, 0);
1374                                 if (vol->actimeo > CIFS_MAX_ACTIMEO) {
1375                                         cERROR(1, "CIFS: attribute cache"
1376                                                         "timeout too large");
1377                                         goto cifs_parse_mount_err;
1378                                 }
1379                         }
1380                 } else if (strnicmp(data, "credentials", 4) == 0) {
1381                         /* ignore */
1382                 } else if (strnicmp(data, "version", 3) == 0) {
1383                         /* ignore */
1384                 } else if (strnicmp(data, "guest", 5) == 0) {
1385                         /* ignore */
1386                 } else if (strnicmp(data, "rw", 2) == 0 && strlen(data) == 2) {
1387                         /* ignore */
1388                 } else if (strnicmp(data, "ro", 2) == 0) {
1389                         /* ignore */
1390                 } else if (strnicmp(data, "noblocksend", 11) == 0) {
1391                         vol->noblocksnd = 1;
1392                 } else if (strnicmp(data, "noautotune", 10) == 0) {
1393                         vol->noautotune = 1;
1394                 } else if ((strnicmp(data, "suid", 4) == 0) ||
1395                                    (strnicmp(data, "nosuid", 6) == 0) ||
1396                                    (strnicmp(data, "exec", 4) == 0) ||
1397                                    (strnicmp(data, "noexec", 6) == 0) ||
1398                                    (strnicmp(data, "nodev", 5) == 0) ||
1399                                    (strnicmp(data, "noauto", 6) == 0) ||
1400                                    (strnicmp(data, "dev", 3) == 0)) {
1401                         /*  The mount tool or mount.cifs helper (if present)
1402                             uses these opts to set flags, and the flags are read
1403                             by the kernel vfs layer before we get here (ie
1404                             before read super) so there is no point trying to
1405                             parse these options again and set anything and it
1406                             is ok to just ignore them */
1407                         continue;
1408                 } else if (strnicmp(data, "hard", 4) == 0) {
1409                         vol->retry = 1;
1410                 } else if (strnicmp(data, "soft", 4) == 0) {
1411                         vol->retry = 0;
1412                 } else if (strnicmp(data, "perm", 4) == 0) {
1413                         vol->noperm = 0;
1414                 } else if (strnicmp(data, "noperm", 6) == 0) {
1415                         vol->noperm = 1;
1416                 } else if (strnicmp(data, "mapchars", 8) == 0) {
1417                         vol->remap = 1;
1418                 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1419                         vol->remap = 0;
1420                 } else if (strnicmp(data, "sfu", 3) == 0) {
1421                         vol->sfu_emul = 1;
1422                 } else if (strnicmp(data, "nosfu", 5) == 0) {
1423                         vol->sfu_emul = 0;
1424                 } else if (strnicmp(data, "nodfs", 5) == 0) {
1425                         vol->nodfs = 1;
1426                 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1427                         vol->posix_paths = 1;
1428                 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1429                         vol->posix_paths = 0;
1430                 } else if (strnicmp(data, "nounix", 6) == 0) {
1431                         vol->no_linux_ext = 1;
1432                 } else if (strnicmp(data, "nolinux", 7) == 0) {
1433                         vol->no_linux_ext = 1;
1434                 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1435                            (strnicmp(data, "ignorecase", 10)  == 0)) {
1436                         vol->nocase = 1;
1437                 } else if (strnicmp(data, "mand", 4) == 0) {
1438                         /* ignore */
1439                 } else if (strnicmp(data, "nomand", 6) == 0) {
1440                         /* ignore */
1441                 } else if (strnicmp(data, "_netdev", 7) == 0) {
1442                         /* ignore */
1443                 } else if (strnicmp(data, "brl", 3) == 0) {
1444                         vol->nobrl =  0;
1445                 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1446                            (strnicmp(data, "nolock", 6) == 0)) {
1447                         vol->nobrl =  1;
1448                         /* turn off mandatory locking in mode
1449                         if remote locking is turned off since the
1450                         local vfs will do advisory */
1451                         if (vol->file_mode ==
1452                                 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1453                                 vol->file_mode = S_IALLUGO;
1454                 } else if (strnicmp(data, "forcemandatorylock", 9) == 0) {
1455                         /* will take the shorter form "forcemand" as well */
1456                         /* This mount option will force use of mandatory
1457                           (DOS/Windows style) byte range locks, instead of
1458                           using posix advisory byte range locks, even if the
1459                           Unix extensions are available and posix locks would
1460                           be supported otherwise. If Unix extensions are not
1461                           negotiated this has no effect since mandatory locks
1462                           would be used (mandatory locks is all that those
1463                           those servers support) */
1464                         vol->mand_lock = 1;
1465                 } else if (strnicmp(data, "setuids", 7) == 0) {
1466                         vol->setuids = 1;
1467                 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1468                         vol->setuids = 0;
1469                 } else if (strnicmp(data, "dynperm", 7) == 0) {
1470                         vol->dynperm = true;
1471                 } else if (strnicmp(data, "nodynperm", 9) == 0) {
1472                         vol->dynperm = false;
1473                 } else if (strnicmp(data, "nohard", 6) == 0) {
1474                         vol->retry = 0;
1475                 } else if (strnicmp(data, "nosoft", 6) == 0) {
1476                         vol->retry = 1;
1477                 } else if (strnicmp(data, "nointr", 6) == 0) {
1478                         vol->intr = 0;
1479                 } else if (strnicmp(data, "intr", 4) == 0) {
1480                         vol->intr = 1;
1481                 } else if (strnicmp(data, "nostrictsync", 12) == 0) {
1482                         vol->nostrictsync = 1;
1483                 } else if (strnicmp(data, "strictsync", 10) == 0) {
1484                         vol->nostrictsync = 0;
1485                 } else if (strnicmp(data, "serverino", 7) == 0) {
1486                         vol->server_ino = 1;
1487                 } else if (strnicmp(data, "noserverino", 9) == 0) {
1488                         vol->server_ino = 0;
1489                 } else if (strnicmp(data, "rwpidforward", 12) == 0) {
1490                         vol->rwpidforward = 1;
1491                 } else if (strnicmp(data, "cifsacl", 7) == 0) {
1492                         vol->cifs_acl = 1;
1493                 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1494                         vol->cifs_acl = 0;
1495                 } else if (strnicmp(data, "acl", 3) == 0) {
1496                         vol->no_psx_acl = 0;
1497                 } else if (strnicmp(data, "noacl", 5) == 0) {
1498                         vol->no_psx_acl = 1;
1499                 } else if (strnicmp(data, "locallease", 6) == 0) {
1500                         vol->local_lease = 1;
1501                 } else if (strnicmp(data, "sign", 4) == 0) {
1502                         vol->secFlg |= CIFSSEC_MUST_SIGN;
1503                 } else if (strnicmp(data, "seal", 4) == 0) {
1504                         /* we do not do the following in secFlags because seal
1505                            is a per tree connection (mount) not a per socket
1506                            or per-smb connection option in the protocol */
1507                         /* vol->secFlg |= CIFSSEC_MUST_SEAL; */
1508                         vol->seal = 1;
1509                 } else if (strnicmp(data, "direct", 6) == 0) {
1510                         vol->direct_io = 1;
1511                 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1512                         vol->direct_io = 1;
1513                 } else if (strnicmp(data, "strictcache", 11) == 0) {
1514                         vol->strict_io = 1;
1515                 } else if (strnicmp(data, "noac", 4) == 0) {
1516                         printk(KERN_WARNING "CIFS: Mount option noac not "
1517                                 "supported. Instead set "
1518                                 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1519                 } else if (strnicmp(data, "fsc", 3) == 0) {
1520 #ifndef CONFIG_CIFS_FSCACHE
1521                         cERROR(1, "FS-Cache support needs CONFIG_CIFS_FSCACHE "
1522                                   "kernel config option set");
1523                         goto cifs_parse_mount_err;
1524 #endif
1525                         vol->fsc = true;
1526                 } else if (strnicmp(data, "mfsymlinks", 10) == 0) {
1527                         vol->mfsymlinks = true;
1528                 } else if (strnicmp(data, "multiuser", 8) == 0) {
1529                         vol->multiuser = true;
1530                 } else if (!strnicmp(data, "backupuid", 9) && value && *value) {
1531                         err = kstrtouint(value, 0, &vol->backupuid);
1532                         if (err < 0) {
1533                                 cERROR(1, "%s: Invalid backupuid value",
1534                                         __func__);
1535                                 goto cifs_parse_mount_err;
1536                         }
1537                         vol->backupuid_specified = true;
1538                 } else if (!strnicmp(data, "backupgid", 9) && value && *value) {
1539                         err = kstrtouint(value, 0, &vol->backupgid);
1540                         if (err < 0) {
1541                                 cERROR(1, "%s: Invalid backupgid value",
1542                                         __func__);
1543                                 goto cifs_parse_mount_err;
1544                         }
1545                         vol->backupgid_specified = true;
1546                 } else
1547                         printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1548                                                 data);
1549         }
1550         if (vol->UNC == NULL) {
1551                 if (devname == NULL) {
1552                         printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1553                                                 "target\n");
1554                         goto cifs_parse_mount_err;
1555                 }
1556                 if ((temp_len = strnlen(devname, 300)) < 300) {
1557                         vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1558                         if (vol->UNC == NULL)
1559                                 goto cifs_parse_mount_err;
1560                         strcpy(vol->UNC, devname);
1561                         if (strncmp(vol->UNC, "//", 2) == 0) {
1562                                 vol->UNC[0] = '\\';
1563                                 vol->UNC[1] = '\\';
1564                         } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1565                                 printk(KERN_WARNING "CIFS: UNC Path does not "
1566                                                     "begin with // or \\\\ \n");
1567                                 goto cifs_parse_mount_err;
1568                         }
1569                         value = strpbrk(vol->UNC+2, "/\\");
1570                         if (value)
1571                                 *value = '\\';
1572                 } else {
1573                         printk(KERN_WARNING "CIFS: UNC name too long\n");
1574                         goto cifs_parse_mount_err;
1575                 }
1576         }
1577
1578         if (vol->multiuser && !(vol->secFlg & CIFSSEC_MAY_KRB5)) {
1579                 cERROR(1, "Multiuser mounts currently require krb5 "
1580                           "authentication!");
1581                 goto cifs_parse_mount_err;
1582         }
1583
1584         if (vol->UNCip == NULL)
1585                 vol->UNCip = &vol->UNC[2];
1586
1587         if (uid_specified)
1588                 vol->override_uid = override_uid;
1589         else if (override_uid == 1)
1590                 printk(KERN_NOTICE "CIFS: ignoring forceuid mount option "
1591                                    "specified with no uid= option.\n");
1592
1593         if (gid_specified)
1594                 vol->override_gid = override_gid;
1595         else if (override_gid == 1)
1596                 printk(KERN_NOTICE "CIFS: ignoring forcegid mount option "
1597                                    "specified with no gid= option.\n");
1598
1599         kfree(mountdata_copy);
1600         return 0;
1601
1602 cifs_parse_mount_err:
1603         kfree(mountdata_copy);
1604         return 1;
1605 }
1606
1607 /** Returns true if srcaddr isn't specified and rhs isn't
1608  * specified, or if srcaddr is specified and
1609  * matches the IP address of the rhs argument.
1610  */
1611 static bool
1612 srcip_matches(struct sockaddr *srcaddr, struct sockaddr *rhs)
1613 {
1614         switch (srcaddr->sa_family) {
1615         case AF_UNSPEC:
1616                 return (rhs->sa_family == AF_UNSPEC);
1617         case AF_INET: {
1618                 struct sockaddr_in *saddr4 = (struct sockaddr_in *)srcaddr;
1619                 struct sockaddr_in *vaddr4 = (struct sockaddr_in *)rhs;
1620                 return (saddr4->sin_addr.s_addr == vaddr4->sin_addr.s_addr);
1621         }
1622         case AF_INET6: {
1623                 struct sockaddr_in6 *saddr6 = (struct sockaddr_in6 *)srcaddr;
1624                 struct sockaddr_in6 *vaddr6 = (struct sockaddr_in6 *)&rhs;
1625                 return ipv6_addr_equal(&saddr6->sin6_addr, &vaddr6->sin6_addr);
1626         }
1627         default:
1628                 WARN_ON(1);
1629                 return false; /* don't expect to be here */
1630         }
1631 }
1632
1633 /*
1634  * If no port is specified in addr structure, we try to match with 445 port
1635  * and if it fails - with 139 ports. It should be called only if address
1636  * families of server and addr are equal.
1637  */
1638 static bool
1639 match_port(struct TCP_Server_Info *server, struct sockaddr *addr)
1640 {
1641         __be16 port, *sport;
1642
1643         switch (addr->sa_family) {
1644         case AF_INET:
1645                 sport = &((struct sockaddr_in *) &server->dstaddr)->sin_port;
1646                 port = ((struct sockaddr_in *) addr)->sin_port;
1647                 break;
1648         case AF_INET6:
1649                 sport = &((struct sockaddr_in6 *) &server->dstaddr)->sin6_port;
1650                 port = ((struct sockaddr_in6 *) addr)->sin6_port;
1651                 break;
1652         default:
1653                 WARN_ON(1);
1654                 return false;
1655         }
1656
1657         if (!port) {
1658                 port = htons(CIFS_PORT);
1659                 if (port == *sport)
1660                         return true;
1661
1662                 port = htons(RFC1001_PORT);
1663         }
1664
1665         return port == *sport;
1666 }
1667
1668 static bool
1669 match_address(struct TCP_Server_Info *server, struct sockaddr *addr,
1670               struct sockaddr *srcaddr)
1671 {
1672         switch (addr->sa_family) {
1673         case AF_INET: {
1674                 struct sockaddr_in *addr4 = (struct sockaddr_in *)addr;
1675                 struct sockaddr_in *srv_addr4 =
1676                                         (struct sockaddr_in *)&server->dstaddr;
1677
1678                 if (addr4->sin_addr.s_addr != srv_addr4->sin_addr.s_addr)
1679                         return false;
1680                 break;
1681         }
1682         case AF_INET6: {
1683                 struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)addr;
1684                 struct sockaddr_in6 *srv_addr6 =
1685                                         (struct sockaddr_in6 *)&server->dstaddr;
1686
1687                 if (!ipv6_addr_equal(&addr6->sin6_addr,
1688                                      &srv_addr6->sin6_addr))
1689                         return false;
1690                 if (addr6->sin6_scope_id != srv_addr6->sin6_scope_id)
1691                         return false;
1692                 break;
1693         }
1694         default:
1695                 WARN_ON(1);
1696                 return false; /* don't expect to be here */
1697         }
1698
1699         if (!srcip_matches(srcaddr, (struct sockaddr *)&server->srcaddr))
1700                 return false;
1701
1702         return true;
1703 }
1704
1705 static bool
1706 match_security(struct TCP_Server_Info *server, struct smb_vol *vol)
1707 {
1708         unsigned int secFlags;
1709
1710         if (vol->secFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
1711                 secFlags = vol->secFlg;
1712         else
1713                 secFlags = global_secflags | vol->secFlg;
1714
1715         switch (server->secType) {
1716         case LANMAN:
1717                 if (!(secFlags & (CIFSSEC_MAY_LANMAN|CIFSSEC_MAY_PLNTXT)))
1718                         return false;
1719                 break;
1720         case NTLMv2:
1721                 if (!(secFlags & CIFSSEC_MAY_NTLMV2))
1722                         return false;
1723                 break;
1724         case NTLM:
1725                 if (!(secFlags & CIFSSEC_MAY_NTLM))
1726                         return false;
1727                 break;
1728         case Kerberos:
1729                 if (!(secFlags & CIFSSEC_MAY_KRB5))
1730                         return false;
1731                 break;
1732         case RawNTLMSSP:
1733                 if (!(secFlags & CIFSSEC_MAY_NTLMSSP))
1734                         return false;
1735                 break;
1736         default:
1737                 /* shouldn't happen */
1738                 return false;
1739         }
1740
1741         /* now check if signing mode is acceptable */
1742         if ((secFlags & CIFSSEC_MAY_SIGN) == 0 &&
1743             (server->sec_mode & SECMODE_SIGN_REQUIRED))
1744                         return false;
1745         else if (((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) &&
1746                  (server->sec_mode &
1747                   (SECMODE_SIGN_ENABLED|SECMODE_SIGN_REQUIRED)) == 0)
1748                         return false;
1749
1750         return true;
1751 }
1752
1753 static int match_server(struct TCP_Server_Info *server, struct sockaddr *addr,
1754                          struct smb_vol *vol)
1755 {
1756         if (!net_eq(cifs_net_ns(server), current->nsproxy->net_ns))
1757                 return 0;
1758
1759         if (!match_address(server, addr,
1760                            (struct sockaddr *)&vol->srcaddr))
1761                 return 0;
1762
1763         if (!match_port(server, addr))
1764                 return 0;
1765
1766         if (!match_security(server, vol))
1767                 return 0;
1768
1769         return 1;
1770 }
1771
1772 static struct TCP_Server_Info *
1773 cifs_find_tcp_session(struct sockaddr *addr, struct smb_vol *vol)
1774 {
1775         struct TCP_Server_Info *server;
1776
1777         spin_lock(&cifs_tcp_ses_lock);
1778         list_for_each_entry(server, &cifs_tcp_ses_list, tcp_ses_list) {
1779                 if (!match_server(server, addr, vol))
1780                         continue;
1781
1782                 ++server->srv_count;
1783                 spin_unlock(&cifs_tcp_ses_lock);
1784                 cFYI(1, "Existing tcp session with server found");
1785                 return server;
1786         }
1787         spin_unlock(&cifs_tcp_ses_lock);
1788         return NULL;
1789 }
1790
1791 static void
1792 cifs_put_tcp_session(struct TCP_Server_Info *server)
1793 {
1794         struct task_struct *task;
1795
1796         spin_lock(&cifs_tcp_ses_lock);
1797         if (--server->srv_count > 0) {
1798                 spin_unlock(&cifs_tcp_ses_lock);
1799                 return;
1800         }
1801
1802         put_net(cifs_net_ns(server));
1803
1804         list_del_init(&server->tcp_ses_list);
1805         spin_unlock(&cifs_tcp_ses_lock);
1806
1807         cancel_delayed_work_sync(&server->echo);
1808
1809         spin_lock(&GlobalMid_Lock);
1810         server->tcpStatus = CifsExiting;
1811         spin_unlock(&GlobalMid_Lock);
1812
1813         cifs_crypto_shash_release(server);
1814         cifs_fscache_release_client_cookie(server);
1815
1816         kfree(server->session_key.response);
1817         server->session_key.response = NULL;
1818         server->session_key.len = 0;
1819
1820         task = xchg(&server->tsk, NULL);
1821         if (task)
1822                 force_sig(SIGKILL, task);
1823 }
1824
1825 static struct TCP_Server_Info *
1826 cifs_get_tcp_session(struct smb_vol *volume_info)
1827 {
1828         struct TCP_Server_Info *tcp_ses = NULL;
1829         struct sockaddr_storage addr;
1830         struct sockaddr_in *sin_server = (struct sockaddr_in *) &addr;
1831         struct sockaddr_in6 *sin_server6 = (struct sockaddr_in6 *) &addr;
1832         int rc;
1833
1834         memset(&addr, 0, sizeof(struct sockaddr_storage));
1835
1836         cFYI(1, "UNC: %s ip: %s", volume_info->UNC, volume_info->UNCip);
1837
1838         if (volume_info->UNCip && volume_info->UNC) {
1839                 rc = cifs_fill_sockaddr((struct sockaddr *)&addr,
1840                                         volume_info->UNCip,
1841                                         strlen(volume_info->UNCip),
1842                                         volume_info->port);
1843                 if (!rc) {
1844                         /* we failed translating address */
1845                         rc = -EINVAL;
1846                         goto out_err;
1847                 }
1848         } else if (volume_info->UNCip) {
1849                 /* BB using ip addr as tcp_ses name to connect to the
1850                    DFS root below */
1851                 cERROR(1, "Connecting to DFS root not implemented yet");
1852                 rc = -EINVAL;
1853                 goto out_err;
1854         } else /* which tcp_sess DFS root would we conect to */ {
1855                 cERROR(1, "CIFS mount error: No UNC path (e.g. -o "
1856                         "unc=//192.168.1.100/public) specified");
1857                 rc = -EINVAL;
1858                 goto out_err;
1859         }
1860
1861         /* see if we already have a matching tcp_ses */
1862         tcp_ses = cifs_find_tcp_session((struct sockaddr *)&addr, volume_info);
1863         if (tcp_ses)
1864                 return tcp_ses;
1865
1866         tcp_ses = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL);
1867         if (!tcp_ses) {
1868                 rc = -ENOMEM;
1869                 goto out_err;
1870         }
1871
1872         rc = cifs_crypto_shash_allocate(tcp_ses);
1873         if (rc) {
1874                 cERROR(1, "could not setup hash structures rc %d", rc);
1875                 goto out_err;
1876         }
1877
1878         cifs_set_net_ns(tcp_ses, get_net(current->nsproxy->net_ns));
1879         tcp_ses->hostname = extract_hostname(volume_info->UNC);
1880         if (IS_ERR(tcp_ses->hostname)) {
1881                 rc = PTR_ERR(tcp_ses->hostname);
1882                 goto out_err_crypto_release;
1883         }
1884
1885         tcp_ses->noblocksnd = volume_info->noblocksnd;
1886         tcp_ses->noautotune = volume_info->noautotune;
1887         tcp_ses->tcp_nodelay = volume_info->sockopt_tcp_nodelay;
1888         atomic_set(&tcp_ses->inFlight, 0);
1889         init_waitqueue_head(&tcp_ses->response_q);
1890         init_waitqueue_head(&tcp_ses->request_q);
1891         INIT_LIST_HEAD(&tcp_ses->pending_mid_q);
1892         mutex_init(&tcp_ses->srv_mutex);
1893         memcpy(tcp_ses->workstation_RFC1001_name,
1894                 volume_info->source_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1895         memcpy(tcp_ses->server_RFC1001_name,
1896                 volume_info->target_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1897         tcp_ses->session_estab = false;
1898         tcp_ses->sequence_number = 0;
1899         tcp_ses->lstrp = jiffies;
1900         INIT_LIST_HEAD(&tcp_ses->tcp_ses_list);
1901         INIT_LIST_HEAD(&tcp_ses->smb_ses_list);
1902         INIT_DELAYED_WORK(&tcp_ses->echo, cifs_echo_request);
1903
1904         /*
1905          * at this point we are the only ones with the pointer
1906          * to the struct since the kernel thread not created yet
1907          * no need to spinlock this init of tcpStatus or srv_count
1908          */
1909         tcp_ses->tcpStatus = CifsNew;
1910         memcpy(&tcp_ses->srcaddr, &volume_info->srcaddr,
1911                sizeof(tcp_ses->srcaddr));
1912         ++tcp_ses->srv_count;
1913
1914         if (addr.ss_family == AF_INET6) {
1915                 cFYI(1, "attempting ipv6 connect");
1916                 /* BB should we allow ipv6 on port 139? */
1917                 /* other OS never observed in Wild doing 139 with v6 */
1918                 memcpy(&tcp_ses->dstaddr, sin_server6,
1919                        sizeof(struct sockaddr_in6));
1920         } else
1921                 memcpy(&tcp_ses->dstaddr, sin_server,
1922                        sizeof(struct sockaddr_in));
1923
1924         rc = ip_connect(tcp_ses);
1925         if (rc < 0) {
1926                 cERROR(1, "Error connecting to socket. Aborting operation");
1927                 goto out_err_crypto_release;
1928         }
1929
1930         /*
1931          * since we're in a cifs function already, we know that
1932          * this will succeed. No need for try_module_get().
1933          */
1934         __module_get(THIS_MODULE);
1935         tcp_ses->tsk = kthread_run(cifs_demultiplex_thread,
1936                                   tcp_ses, "cifsd");
1937         if (IS_ERR(tcp_ses->tsk)) {
1938                 rc = PTR_ERR(tcp_ses->tsk);
1939                 cERROR(1, "error %d create cifsd thread", rc);
1940                 module_put(THIS_MODULE);
1941                 goto out_err_crypto_release;
1942         }
1943         tcp_ses->tcpStatus = CifsNeedNegotiate;
1944
1945         /* thread spawned, put it on the list */
1946         spin_lock(&cifs_tcp_ses_lock);
1947         list_add(&tcp_ses->tcp_ses_list, &cifs_tcp_ses_list);
1948         spin_unlock(&cifs_tcp_ses_lock);
1949
1950         cifs_fscache_get_client_cookie(tcp_ses);
1951
1952         /* queue echo request delayed work */
1953         queue_delayed_work(system_nrt_wq, &tcp_ses->echo, SMB_ECHO_INTERVAL);
1954
1955         return tcp_ses;
1956
1957 out_err_crypto_release:
1958         cifs_crypto_shash_release(tcp_ses);
1959
1960         put_net(cifs_net_ns(tcp_ses));
1961
1962 out_err:
1963         if (tcp_ses) {
1964                 if (!IS_ERR(tcp_ses->hostname))
1965                         kfree(tcp_ses->hostname);
1966                 if (tcp_ses->ssocket)
1967                         sock_release(tcp_ses->ssocket);
1968                 kfree(tcp_ses);
1969         }
1970         return ERR_PTR(rc);
1971 }
1972
1973 static int match_session(struct cifs_ses *ses, struct smb_vol *vol)
1974 {
1975         switch (ses->server->secType) {
1976         case Kerberos:
1977                 if (vol->cred_uid != ses->cred_uid)
1978                         return 0;
1979                 break;
1980         default:
1981                 /* anything else takes username/password */
1982                 if (ses->user_name == NULL)
1983                         return 0;
1984                 if (strncmp(ses->user_name, vol->username,
1985                             MAX_USERNAME_SIZE))
1986                         return 0;
1987                 if (strlen(vol->username) != 0 &&
1988                     ses->password != NULL &&
1989                     strncmp(ses->password,
1990                             vol->password ? vol->password : "",
1991                             MAX_PASSWORD_SIZE))
1992                         return 0;
1993         }
1994         return 1;
1995 }
1996
1997 static struct cifs_ses *
1998 cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb_vol *vol)
1999 {
2000         struct cifs_ses *ses;
2001
2002         spin_lock(&cifs_tcp_ses_lock);
2003         list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
2004                 if (!match_session(ses, vol))
2005                         continue;
2006                 ++ses->ses_count;
2007                 spin_unlock(&cifs_tcp_ses_lock);
2008                 return ses;
2009         }
2010         spin_unlock(&cifs_tcp_ses_lock);
2011         return NULL;
2012 }
2013
2014 static void
2015 cifs_put_smb_ses(struct cifs_ses *ses)
2016 {
2017         int xid;
2018         struct TCP_Server_Info *server = ses->server;
2019
2020         cFYI(1, "%s: ses_count=%d\n", __func__, ses->ses_count);
2021         spin_lock(&cifs_tcp_ses_lock);
2022         if (--ses->ses_count > 0) {
2023                 spin_unlock(&cifs_tcp_ses_lock);
2024                 return;
2025         }
2026
2027         list_del_init(&ses->smb_ses_list);
2028         spin_unlock(&cifs_tcp_ses_lock);
2029
2030         if (ses->status == CifsGood) {
2031                 xid = GetXid();
2032                 CIFSSMBLogoff(xid, ses);
2033                 _FreeXid(xid);
2034         }
2035         sesInfoFree(ses);
2036         cifs_put_tcp_session(server);
2037 }
2038
2039 static bool warned_on_ntlm;  /* globals init to false automatically */
2040
2041 static struct cifs_ses *
2042 cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info)
2043 {
2044         int rc = -ENOMEM, xid;
2045         struct cifs_ses *ses;
2046         struct sockaddr_in *addr = (struct sockaddr_in *)&server->dstaddr;
2047         struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)&server->dstaddr;
2048
2049         xid = GetXid();
2050
2051         ses = cifs_find_smb_ses(server, volume_info);
2052         if (ses) {
2053                 cFYI(1, "Existing smb sess found (status=%d)", ses->status);
2054
2055                 mutex_lock(&ses->session_mutex);
2056                 rc = cifs_negotiate_protocol(xid, ses);
2057                 if (rc) {
2058                         mutex_unlock(&ses->session_mutex);
2059                         /* problem -- put our ses reference */
2060                         cifs_put_smb_ses(ses);
2061                         FreeXid(xid);
2062                         return ERR_PTR(rc);
2063                 }
2064                 if (ses->need_reconnect) {
2065                         cFYI(1, "Session needs reconnect");
2066                         rc = cifs_setup_session(xid, ses,
2067                                                 volume_info->local_nls);
2068                         if (rc) {
2069                                 mutex_unlock(&ses->session_mutex);
2070                                 /* problem -- put our reference */
2071                                 cifs_put_smb_ses(ses);
2072                                 FreeXid(xid);
2073                                 return ERR_PTR(rc);
2074                         }
2075                 }
2076                 mutex_unlock(&ses->session_mutex);
2077
2078                 /* existing SMB ses has a server reference already */
2079                 cifs_put_tcp_session(server);
2080                 FreeXid(xid);
2081                 return ses;
2082         }
2083
2084         cFYI(1, "Existing smb sess not found");
2085         ses = sesInfoAlloc();
2086         if (ses == NULL)
2087                 goto get_ses_fail;
2088
2089         /* new SMB session uses our server ref */
2090         ses->server = server;
2091         if (server->dstaddr.ss_family == AF_INET6)
2092                 sprintf(ses->serverName, "%pI6", &addr6->sin6_addr);
2093         else
2094                 sprintf(ses->serverName, "%pI4", &addr->sin_addr);
2095
2096         if (volume_info->username) {
2097                 ses->user_name = kstrdup(volume_info->username, GFP_KERNEL);
2098                 if (!ses->user_name)
2099                         goto get_ses_fail;
2100         }
2101
2102         /* volume_info->password freed at unmount */
2103         if (volume_info->password) {
2104                 ses->password = kstrdup(volume_info->password, GFP_KERNEL);
2105                 if (!ses->password)
2106                         goto get_ses_fail;
2107         }
2108         if (volume_info->domainname) {
2109                 ses->domainName = kstrdup(volume_info->domainname, GFP_KERNEL);
2110                 if (!ses->domainName)
2111                         goto get_ses_fail;
2112         }
2113         ses->cred_uid = volume_info->cred_uid;
2114         ses->linux_uid = volume_info->linux_uid;
2115
2116         /* ntlmv2 is much stronger than ntlm security, and has been broadly
2117         supported for many years, time to update default security mechanism */
2118         if ((volume_info->secFlg == 0) && warned_on_ntlm == false) {
2119                 warned_on_ntlm = true;
2120                 cERROR(1, "default security mechanism requested.  The default "
2121                         "security mechanism will be upgraded from ntlm to "
2122                         "ntlmv2 in kernel release 3.2");
2123         }
2124         ses->overrideSecFlg = volume_info->secFlg;
2125
2126         mutex_lock(&ses->session_mutex);
2127         rc = cifs_negotiate_protocol(xid, ses);
2128         if (!rc)
2129                 rc = cifs_setup_session(xid, ses, volume_info->local_nls);
2130         mutex_unlock(&ses->session_mutex);
2131         if (rc)
2132                 goto get_ses_fail;
2133
2134         /* success, put it on the list */
2135         spin_lock(&cifs_tcp_ses_lock);
2136         list_add(&ses->smb_ses_list, &server->smb_ses_list);
2137         spin_unlock(&cifs_tcp_ses_lock);
2138
2139         FreeXid(xid);
2140         return ses;
2141
2142 get_ses_fail:
2143         sesInfoFree(ses);
2144         FreeXid(xid);
2145         return ERR_PTR(rc);
2146 }
2147
2148 static int match_tcon(struct cifs_tcon *tcon, const char *unc)
2149 {
2150         if (tcon->tidStatus == CifsExiting)
2151                 return 0;
2152         if (strncmp(tcon->treeName, unc, MAX_TREE_SIZE))
2153                 return 0;
2154         return 1;
2155 }
2156
2157 static struct cifs_tcon *
2158 cifs_find_tcon(struct cifs_ses *ses, const char *unc)
2159 {
2160         struct list_head *tmp;
2161         struct cifs_tcon *tcon;
2162
2163         spin_lock(&cifs_tcp_ses_lock);
2164         list_for_each(tmp, &ses->tcon_list) {
2165                 tcon = list_entry(tmp, struct cifs_tcon, tcon_list);
2166                 if (!match_tcon(tcon, unc))
2167                         continue;
2168                 ++tcon->tc_count;
2169                 spin_unlock(&cifs_tcp_ses_lock);
2170                 return tcon;
2171         }
2172         spin_unlock(&cifs_tcp_ses_lock);
2173         return NULL;
2174 }
2175
2176 static void
2177 cifs_put_tcon(struct cifs_tcon *tcon)
2178 {
2179         int xid;
2180         struct cifs_ses *ses = tcon->ses;
2181
2182         cFYI(1, "%s: tc_count=%d\n", __func__, tcon->tc_count);
2183         spin_lock(&cifs_tcp_ses_lock);
2184         if (--tcon->tc_count > 0) {
2185                 spin_unlock(&cifs_tcp_ses_lock);
2186                 return;
2187         }
2188
2189         list_del_init(&tcon->tcon_list);
2190         spin_unlock(&cifs_tcp_ses_lock);
2191
2192         xid = GetXid();
2193         CIFSSMBTDis(xid, tcon);
2194         _FreeXid(xid);
2195
2196         cifs_fscache_release_super_cookie(tcon);
2197         tconInfoFree(tcon);
2198         cifs_put_smb_ses(ses);
2199 }
2200
2201 static struct cifs_tcon *
2202 cifs_get_tcon(struct cifs_ses *ses, struct smb_vol *volume_info)
2203 {
2204         int rc, xid;
2205         struct cifs_tcon *tcon;
2206
2207         tcon = cifs_find_tcon(ses, volume_info->UNC);
2208         if (tcon) {
2209                 cFYI(1, "Found match on UNC path");
2210                 /* existing tcon already has a reference */
2211                 cifs_put_smb_ses(ses);
2212                 if (tcon->seal != volume_info->seal)
2213                         cERROR(1, "transport encryption setting "
2214                                    "conflicts with existing tid");
2215                 return tcon;
2216         }
2217
2218         tcon = tconInfoAlloc();
2219         if (tcon == NULL) {
2220                 rc = -ENOMEM;
2221                 goto out_fail;
2222         }
2223
2224         tcon->ses = ses;
2225         if (volume_info->password) {
2226                 tcon->password = kstrdup(volume_info->password, GFP_KERNEL);
2227                 if (!tcon->password) {
2228                         rc = -ENOMEM;
2229                         goto out_fail;
2230                 }
2231         }
2232
2233         if (strchr(volume_info->UNC + 3, '\\') == NULL
2234             && strchr(volume_info->UNC + 3, '/') == NULL) {
2235                 cERROR(1, "Missing share name");
2236                 rc = -ENODEV;
2237                 goto out_fail;
2238         }
2239
2240         /* BB Do we need to wrap session_mutex around
2241          * this TCon call and Unix SetFS as
2242          * we do on SessSetup and reconnect? */
2243         xid = GetXid();
2244         rc = CIFSTCon(xid, ses, volume_info->UNC, tcon, volume_info->local_nls);
2245         FreeXid(xid);
2246         cFYI(1, "CIFS Tcon rc = %d", rc);
2247         if (rc)
2248                 goto out_fail;
2249
2250         if (volume_info->nodfs) {
2251                 tcon->Flags &= ~SMB_SHARE_IS_IN_DFS;
2252                 cFYI(1, "DFS disabled (%d)", tcon->Flags);
2253         }
2254         tcon->seal = volume_info->seal;
2255         /* we can have only one retry value for a connection
2256            to a share so for resources mounted more than once
2257            to the same server share the last value passed in
2258            for the retry flag is used */
2259         tcon->retry = volume_info->retry;
2260         tcon->nocase = volume_info->nocase;
2261         tcon->local_lease = volume_info->local_lease;
2262
2263         spin_lock(&cifs_tcp_ses_lock);
2264         list_add(&tcon->tcon_list, &ses->tcon_list);
2265         spin_unlock(&cifs_tcp_ses_lock);
2266
2267         cifs_fscache_get_super_cookie(tcon);
2268
2269         return tcon;
2270
2271 out_fail:
2272         tconInfoFree(tcon);
2273         return ERR_PTR(rc);
2274 }
2275
2276 void
2277 cifs_put_tlink(struct tcon_link *tlink)
2278 {
2279         if (!tlink || IS_ERR(tlink))
2280                 return;
2281
2282         if (!atomic_dec_and_test(&tlink->tl_count) ||
2283             test_bit(TCON_LINK_IN_TREE, &tlink->tl_flags)) {
2284                 tlink->tl_time = jiffies;
2285                 return;
2286         }
2287
2288         if (!IS_ERR(tlink_tcon(tlink)))
2289                 cifs_put_tcon(tlink_tcon(tlink));
2290         kfree(tlink);
2291         return;
2292 }
2293
2294 static inline struct tcon_link *
2295 cifs_sb_master_tlink(struct cifs_sb_info *cifs_sb)
2296 {
2297         return cifs_sb->master_tlink;
2298 }
2299
2300 static int
2301 compare_mount_options(struct super_block *sb, struct cifs_mnt_data *mnt_data)
2302 {
2303         struct cifs_sb_info *old = CIFS_SB(sb);
2304         struct cifs_sb_info *new = mnt_data->cifs_sb;
2305
2306         if ((sb->s_flags & CIFS_MS_MASK) != (mnt_data->flags & CIFS_MS_MASK))
2307                 return 0;
2308
2309         if ((old->mnt_cifs_flags & CIFS_MOUNT_MASK) !=
2310             (new->mnt_cifs_flags & CIFS_MOUNT_MASK))
2311                 return 0;
2312
2313         /*
2314          * We want to share sb only if we don't specify an r/wsize or
2315          * specified r/wsize is greater than or equal to existing one.
2316          */
2317         if (new->wsize && new->wsize < old->wsize)
2318                 return 0;
2319
2320         if (new->rsize && new->rsize < old->rsize)
2321                 return 0;
2322
2323         if (old->mnt_uid != new->mnt_uid || old->mnt_gid != new->mnt_gid)
2324                 return 0;
2325
2326         if (old->mnt_file_mode != new->mnt_file_mode ||
2327             old->mnt_dir_mode != new->mnt_dir_mode)
2328                 return 0;
2329
2330         if (strcmp(old->local_nls->charset, new->local_nls->charset))
2331                 return 0;
2332
2333         if (old->actimeo != new->actimeo)
2334                 return 0;
2335
2336         return 1;
2337 }
2338
2339 int
2340 cifs_match_super(struct super_block *sb, void *data)
2341 {
2342         struct cifs_mnt_data *mnt_data = (struct cifs_mnt_data *)data;
2343         struct smb_vol *volume_info;
2344         struct cifs_sb_info *cifs_sb;
2345         struct TCP_Server_Info *tcp_srv;
2346         struct cifs_ses *ses;
2347         struct cifs_tcon *tcon;
2348         struct tcon_link *tlink;
2349         struct sockaddr_storage addr;
2350         int rc = 0;
2351
2352         memset(&addr, 0, sizeof(struct sockaddr_storage));
2353
2354         spin_lock(&cifs_tcp_ses_lock);
2355         cifs_sb = CIFS_SB(sb);
2356         tlink = cifs_get_tlink(cifs_sb_master_tlink(cifs_sb));
2357         if (IS_ERR(tlink)) {
2358                 spin_unlock(&cifs_tcp_ses_lock);
2359                 return rc;
2360         }
2361         tcon = tlink_tcon(tlink);
2362         ses = tcon->ses;
2363         tcp_srv = ses->server;
2364
2365         volume_info = mnt_data->vol;
2366
2367         if (!volume_info->UNCip || !volume_info->UNC)
2368                 goto out;
2369
2370         rc = cifs_fill_sockaddr((struct sockaddr *)&addr,
2371                                 volume_info->UNCip,
2372                                 strlen(volume_info->UNCip),
2373                                 volume_info->port);
2374         if (!rc)
2375                 goto out;
2376
2377         if (!match_server(tcp_srv, (struct sockaddr *)&addr, volume_info) ||
2378             !match_session(ses, volume_info) ||
2379             !match_tcon(tcon, volume_info->UNC)) {
2380                 rc = 0;
2381                 goto out;
2382         }
2383
2384         rc = compare_mount_options(sb, mnt_data);
2385 out:
2386         spin_unlock(&cifs_tcp_ses_lock);
2387         cifs_put_tlink(tlink);
2388         return rc;
2389 }
2390
2391 int
2392 get_dfs_path(int xid, struct cifs_ses *pSesInfo, const char *old_path,
2393              const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
2394              struct dfs_info3_param **preferrals, int remap)
2395 {
2396         char *temp_unc;
2397         int rc = 0;
2398
2399         *pnum_referrals = 0;
2400         *preferrals = NULL;
2401
2402         if (pSesInfo->ipc_tid == 0) {
2403                 temp_unc = kmalloc(2 /* for slashes */ +
2404                         strnlen(pSesInfo->serverName,
2405                                 SERVER_NAME_LEN_WITH_NULL * 2)
2406                                  + 1 + 4 /* slash IPC$ */  + 2,
2407                                 GFP_KERNEL);
2408                 if (temp_unc == NULL)
2409                         return -ENOMEM;
2410                 temp_unc[0] = '\\';
2411                 temp_unc[1] = '\\';
2412                 strcpy(temp_unc + 2, pSesInfo->serverName);
2413                 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
2414                 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
2415                 cFYI(1, "CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid);
2416                 kfree(temp_unc);
2417         }
2418         if (rc == 0)
2419                 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
2420                                      pnum_referrals, nls_codepage, remap);
2421         /* BB map targetUNCs to dfs_info3 structures, here or
2422                 in CIFSGetDFSRefer BB */
2423
2424         return rc;
2425 }
2426
2427 #ifdef CONFIG_DEBUG_LOCK_ALLOC
2428 static struct lock_class_key cifs_key[2];
2429 static struct lock_class_key cifs_slock_key[2];
2430
2431 static inline void
2432 cifs_reclassify_socket4(struct socket *sock)
2433 {
2434         struct sock *sk = sock->sk;
2435         BUG_ON(sock_owned_by_user(sk));
2436         sock_lock_init_class_and_name(sk, "slock-AF_INET-CIFS",
2437                 &cifs_slock_key[0], "sk_lock-AF_INET-CIFS", &cifs_key[0]);
2438 }
2439
2440 static inline void
2441 cifs_reclassify_socket6(struct socket *sock)
2442 {
2443         struct sock *sk = sock->sk;
2444         BUG_ON(sock_owned_by_user(sk));
2445         sock_lock_init_class_and_name(sk, "slock-AF_INET6-CIFS",
2446                 &cifs_slock_key[1], "sk_lock-AF_INET6-CIFS", &cifs_key[1]);
2447 }
2448 #else
2449 static inline void
2450 cifs_reclassify_socket4(struct socket *sock)
2451 {
2452 }
2453
2454 static inline void
2455 cifs_reclassify_socket6(struct socket *sock)
2456 {
2457 }
2458 #endif
2459
2460 /* See RFC1001 section 14 on representation of Netbios names */
2461 static void rfc1002mangle(char *target, char *source, unsigned int length)
2462 {
2463         unsigned int i, j;
2464
2465         for (i = 0, j = 0; i < (length); i++) {
2466                 /* mask a nibble at a time and encode */
2467                 target[j] = 'A' + (0x0F & (source[i] >> 4));
2468                 target[j+1] = 'A' + (0x0F & source[i]);
2469                 j += 2;
2470         }
2471
2472 }
2473
2474 static int
2475 bind_socket(struct TCP_Server_Info *server)
2476 {
2477         int rc = 0;
2478         if (server->srcaddr.ss_family != AF_UNSPEC) {
2479                 /* Bind to the specified local IP address */
2480                 struct socket *socket = server->ssocket;
2481                 rc = socket->ops->bind(socket,
2482                                        (struct sockaddr *) &server->srcaddr,
2483                                        sizeof(server->srcaddr));
2484                 if (rc < 0) {
2485                         struct sockaddr_in *saddr4;
2486                         struct sockaddr_in6 *saddr6;
2487                         saddr4 = (struct sockaddr_in *)&server->srcaddr;
2488                         saddr6 = (struct sockaddr_in6 *)&server->srcaddr;
2489                         if (saddr6->sin6_family == AF_INET6)
2490                                 cERROR(1, "cifs: "
2491                                        "Failed to bind to: %pI6c, error: %d\n",
2492                                        &saddr6->sin6_addr, rc);
2493                         else
2494                                 cERROR(1, "cifs: "
2495                                        "Failed to bind to: %pI4, error: %d\n",
2496                                        &saddr4->sin_addr.s_addr, rc);
2497                 }
2498         }
2499         return rc;
2500 }
2501
2502 static int
2503 ip_rfc1001_connect(struct TCP_Server_Info *server)
2504 {
2505         int rc = 0;
2506         /*
2507          * some servers require RFC1001 sessinit before sending
2508          * negprot - BB check reconnection in case where second
2509          * sessinit is sent but no second negprot
2510          */
2511         struct rfc1002_session_packet *ses_init_buf;
2512         struct smb_hdr *smb_buf;
2513         ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
2514                                GFP_KERNEL);
2515         if (ses_init_buf) {
2516                 ses_init_buf->trailer.session_req.called_len = 32;
2517
2518                 if (server->server_RFC1001_name &&
2519                     server->server_RFC1001_name[0] != 0)
2520                         rfc1002mangle(ses_init_buf->trailer.
2521                                       session_req.called_name,
2522                                       server->server_RFC1001_name,
2523                                       RFC1001_NAME_LEN_WITH_NULL);
2524                 else
2525                         rfc1002mangle(ses_init_buf->trailer.
2526                                       session_req.called_name,
2527                                       DEFAULT_CIFS_CALLED_NAME,
2528                                       RFC1001_NAME_LEN_WITH_NULL);
2529
2530                 ses_init_buf->trailer.session_req.calling_len = 32;
2531
2532                 /*
2533                  * calling name ends in null (byte 16) from old smb
2534                  * convention.
2535                  */
2536                 if (server->workstation_RFC1001_name &&
2537                     server->workstation_RFC1001_name[0] != 0)
2538                         rfc1002mangle(ses_init_buf->trailer.
2539                                       session_req.calling_name,
2540                                       server->workstation_RFC1001_name,
2541                                       RFC1001_NAME_LEN_WITH_NULL);
2542                 else
2543                         rfc1002mangle(ses_init_buf->trailer.
2544                                       session_req.calling_name,
2545                                       "LINUX_CIFS_CLNT",
2546                                       RFC1001_NAME_LEN_WITH_NULL);
2547
2548                 ses_init_buf->trailer.session_req.scope1 = 0;
2549                 ses_init_buf->trailer.session_req.scope2 = 0;
2550                 smb_buf = (struct smb_hdr *)ses_init_buf;
2551
2552                 /* sizeof RFC1002_SESSION_REQUEST with no scope */
2553                 smb_buf->smb_buf_length = cpu_to_be32(0x81000044);
2554                 rc = smb_send(server, smb_buf, 0x44);
2555                 kfree(ses_init_buf);
2556                 /*
2557                  * RFC1001 layer in at least one server
2558                  * requires very short break before negprot
2559                  * presumably because not expecting negprot
2560                  * to follow so fast.  This is a simple
2561                  * solution that works without
2562                  * complicating the code and causes no
2563                  * significant slowing down on mount
2564                  * for everyone else
2565                  */
2566                 usleep_range(1000, 2000);
2567         }
2568         /*
2569          * else the negprot may still work without this
2570          * even though malloc failed
2571          */
2572
2573         return rc;
2574 }
2575
2576 static int
2577 generic_ip_connect(struct TCP_Server_Info *server)
2578 {
2579         int rc = 0;
2580         __be16 sport;
2581         int slen, sfamily;
2582         struct socket *socket = server->ssocket;
2583         struct sockaddr *saddr;
2584
2585         saddr = (struct sockaddr *) &server->dstaddr;
2586
2587         if (server->dstaddr.ss_family == AF_INET6) {
2588                 sport = ((struct sockaddr_in6 *) saddr)->sin6_port;
2589                 slen = sizeof(struct sockaddr_in6);
2590                 sfamily = AF_INET6;
2591         } else {
2592                 sport = ((struct sockaddr_in *) saddr)->sin_port;
2593                 slen = sizeof(struct sockaddr_in);
2594                 sfamily = AF_INET;
2595         }
2596
2597         if (socket == NULL) {
2598                 rc = __sock_create(cifs_net_ns(server), sfamily, SOCK_STREAM,
2599                                    IPPROTO_TCP, &socket, 1);
2600                 if (rc < 0) {
2601                         cERROR(1, "Error %d creating socket", rc);
2602                         server->ssocket = NULL;
2603                         return rc;
2604                 }
2605
2606                 /* BB other socket options to set KEEPALIVE, NODELAY? */
2607                 cFYI(1, "Socket created");
2608                 server->ssocket = socket;
2609                 socket->sk->sk_allocation = GFP_NOFS;
2610                 if (sfamily == AF_INET6)
2611                         cifs_reclassify_socket6(socket);
2612                 else
2613                         cifs_reclassify_socket4(socket);
2614         }
2615
2616         rc = bind_socket(server);
2617         if (rc < 0)
2618                 return rc;
2619
2620         /*
2621          * Eventually check for other socket options to change from
2622          * the default. sock_setsockopt not used because it expects
2623          * user space buffer
2624          */
2625         socket->sk->sk_rcvtimeo = 7 * HZ;
2626         socket->sk->sk_sndtimeo = 5 * HZ;
2627
2628         /* make the bufsizes depend on wsize/rsize and max requests */
2629         if (server->noautotune) {
2630                 if (socket->sk->sk_sndbuf < (200 * 1024))
2631                         socket->sk->sk_sndbuf = 200 * 1024;
2632                 if (socket->sk->sk_rcvbuf < (140 * 1024))
2633                         socket->sk->sk_rcvbuf = 140 * 1024;
2634         }
2635
2636         if (server->tcp_nodelay) {
2637                 int val = 1;
2638                 rc = kernel_setsockopt(socket, SOL_TCP, TCP_NODELAY,
2639                                 (char *)&val, sizeof(val));
2640                 if (rc)
2641                         cFYI(1, "set TCP_NODELAY socket option error %d", rc);
2642         }
2643
2644          cFYI(1, "sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
2645                  socket->sk->sk_sndbuf,
2646                  socket->sk->sk_rcvbuf, socket->sk->sk_rcvtimeo);
2647
2648         rc = socket->ops->connect(socket, saddr, slen, 0);
2649         if (rc < 0) {
2650                 cFYI(1, "Error %d connecting to server", rc);
2651                 sock_release(socket);
2652                 server->ssocket = NULL;
2653                 return rc;
2654         }
2655
2656         if (sport == htons(RFC1001_PORT))
2657                 rc = ip_rfc1001_connect(server);
2658
2659         return rc;
2660 }
2661
2662 static int
2663 ip_connect(struct TCP_Server_Info *server)
2664 {
2665         __be16 *sport;
2666         struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)&server->dstaddr;
2667         struct sockaddr_in *addr = (struct sockaddr_in *)&server->dstaddr;
2668
2669         if (server->dstaddr.ss_family == AF_INET6)
2670                 sport = &addr6->sin6_port;
2671         else
2672                 sport = &addr->sin_port;
2673
2674         if (*sport == 0) {
2675                 int rc;
2676
2677                 /* try with 445 port at first */
2678                 *sport = htons(CIFS_PORT);
2679
2680                 rc = generic_ip_connect(server);
2681                 if (rc >= 0)
2682                         return rc;
2683
2684                 /* if it failed, try with 139 port */
2685                 *sport = htons(RFC1001_PORT);
2686         }
2687
2688         return generic_ip_connect(server);
2689 }
2690
2691 void reset_cifs_unix_caps(int xid, struct cifs_tcon *tcon,
2692                           struct cifs_sb_info *cifs_sb, struct smb_vol *vol_info)
2693 {
2694         /* if we are reconnecting then should we check to see if
2695          * any requested capabilities changed locally e.g. via
2696          * remount but we can not do much about it here
2697          * if they have (even if we could detect it by the following)
2698          * Perhaps we could add a backpointer to array of sb from tcon
2699          * or if we change to make all sb to same share the same
2700          * sb as NFS - then we only have one backpointer to sb.
2701          * What if we wanted to mount the server share twice once with
2702          * and once without posixacls or posix paths? */
2703         __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2704
2705         if (vol_info && vol_info->no_linux_ext) {
2706                 tcon->fsUnixInfo.Capability = 0;
2707                 tcon->unix_ext = 0; /* Unix Extensions disabled */
2708                 cFYI(1, "Linux protocol extensions disabled");
2709                 return;
2710         } else if (vol_info)
2711                 tcon->unix_ext = 1; /* Unix Extensions supported */
2712
2713         if (tcon->unix_ext == 0) {
2714                 cFYI(1, "Unix extensions disabled so not set on reconnect");
2715                 return;
2716         }
2717
2718         if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
2719                 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2720                 cFYI(1, "unix caps which server supports %lld", cap);
2721                 /* check for reconnect case in which we do not
2722                    want to change the mount behavior if we can avoid it */
2723                 if (vol_info == NULL) {
2724                         /* turn off POSIX ACL and PATHNAMES if not set
2725                            originally at mount time */
2726                         if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
2727                                 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2728                         if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2729                                 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2730                                         cERROR(1, "POSIXPATH support change");
2731                                 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2732                         } else if ((cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2733                                 cERROR(1, "possible reconnect error");
2734                                 cERROR(1, "server disabled POSIX path support");
2735                         }
2736                 }
2737
2738                 if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)
2739                         cERROR(1, "per-share encryption not supported yet");
2740
2741                 cap &= CIFS_UNIX_CAP_MASK;
2742                 if (vol_info && vol_info->no_psx_acl)
2743                         cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2744                 else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
2745                         cFYI(1, "negotiated posix acl support");
2746                         if (cifs_sb)
2747                                 cifs_sb->mnt_cifs_flags |=
2748                                         CIFS_MOUNT_POSIXACL;
2749                 }
2750
2751                 if (vol_info && vol_info->posix_paths == 0)
2752                         cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2753                 else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
2754                         cFYI(1, "negotiate posix pathnames");
2755                         if (cifs_sb)
2756                                 cifs_sb->mnt_cifs_flags |=
2757                                         CIFS_MOUNT_POSIX_PATHS;
2758                 }
2759
2760                 cFYI(1, "Negotiate caps 0x%x", (int)cap);
2761 #ifdef CONFIG_CIFS_DEBUG2
2762                 if (cap & CIFS_UNIX_FCNTL_CAP)
2763                         cFYI(1, "FCNTL cap");
2764                 if (cap & CIFS_UNIX_EXTATTR_CAP)
2765                         cFYI(1, "EXTATTR cap");
2766                 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2767                         cFYI(1, "POSIX path cap");
2768                 if (cap & CIFS_UNIX_XATTR_CAP)
2769                         cFYI(1, "XATTR cap");
2770                 if (cap & CIFS_UNIX_POSIX_ACL_CAP)
2771                         cFYI(1, "POSIX ACL cap");
2772                 if (cap & CIFS_UNIX_LARGE_READ_CAP)
2773                         cFYI(1, "very large read cap");
2774                 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
2775                         cFYI(1, "very large write cap");
2776                 if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)
2777                         cFYI(1, "transport encryption cap");
2778                 if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)
2779                         cFYI(1, "mandatory transport encryption cap");
2780 #endif /* CIFS_DEBUG2 */
2781                 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
2782                         if (vol_info == NULL) {
2783                                 cFYI(1, "resetting capabilities failed");
2784                         } else
2785                                 cERROR(1, "Negotiating Unix capabilities "
2786                                            "with the server failed.  Consider "
2787                                            "mounting with the Unix Extensions\n"
2788                                            "disabled, if problems are found, "
2789                                            "by specifying the nounix mount "
2790                                            "option.");
2791
2792                 }
2793         }
2794 }
2795
2796 void cifs_setup_cifs_sb(struct smb_vol *pvolume_info,
2797                         struct cifs_sb_info *cifs_sb)
2798 {
2799         INIT_DELAYED_WORK(&cifs_sb->prune_tlinks, cifs_prune_tlinks);
2800
2801         spin_lock_init(&cifs_sb->tlink_tree_lock);
2802         cifs_sb->tlink_tree = RB_ROOT;
2803
2804         /*
2805          * Temporarily set r/wsize for matching superblock. If we end up using
2806          * new sb then client will later negotiate it downward if needed.
2807          */
2808         cifs_sb->rsize = pvolume_info->rsize;
2809         cifs_sb->wsize = pvolume_info->wsize;
2810
2811         cifs_sb->mnt_uid = pvolume_info->linux_uid;
2812         cifs_sb->mnt_gid = pvolume_info->linux_gid;
2813         if (pvolume_info->backupuid_specified)
2814                 cifs_sb->mnt_backupuid = pvolume_info->backupuid;
2815         if (pvolume_info->backupgid_specified)
2816                 cifs_sb->mnt_backupgid = pvolume_info->backupgid;
2817         cifs_sb->mnt_file_mode = pvolume_info->file_mode;
2818         cifs_sb->mnt_dir_mode = pvolume_info->dir_mode;
2819         cFYI(1, "file mode: 0x%x  dir mode: 0x%x",
2820                 cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode);
2821
2822         cifs_sb->actimeo = pvolume_info->actimeo;
2823         cifs_sb->local_nls = pvolume_info->local_nls;
2824
2825         if (pvolume_info->noperm)
2826                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
2827         if (pvolume_info->setuids)
2828                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
2829         if (pvolume_info->server_ino)
2830                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
2831         if (pvolume_info->remap)
2832                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
2833         if (pvolume_info->no_xattr)
2834                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
2835         if (pvolume_info->sfu_emul)
2836                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
2837         if (pvolume_info->nobrl)
2838                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
2839         if (pvolume_info->nostrictsync)
2840                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOSSYNC;
2841         if (pvolume_info->mand_lock)
2842                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOPOSIXBRL;
2843         if (pvolume_info->rwpidforward)
2844                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_RWPIDFORWARD;
2845         if (pvolume_info->cifs_acl)
2846                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
2847         if (pvolume_info->backupuid_specified)
2848                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_BACKUPUID;
2849         if (pvolume_info->backupgid_specified)
2850                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_BACKUPGID;
2851         if (pvolume_info->override_uid)
2852                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
2853         if (pvolume_info->override_gid)
2854                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
2855         if (pvolume_info->dynperm)
2856                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM;
2857         if (pvolume_info->fsc)
2858                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_FSCACHE;
2859         if (pvolume_info->multiuser)
2860                 cifs_sb->mnt_cifs_flags |= (CIFS_MOUNT_MULTIUSER |
2861                                             CIFS_MOUNT_NO_PERM);
2862         if (pvolume_info->strict_io)
2863                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_STRICT_IO;
2864         if (pvolume_info->direct_io) {
2865                 cFYI(1, "mounting share using direct i/o");
2866                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
2867         }
2868         if (pvolume_info->mfsymlinks) {
2869                 if (pvolume_info->sfu_emul) {
2870                         cERROR(1,  "mount option mfsymlinks ignored if sfu "
2871                                    "mount option is used");
2872                 } else {
2873                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MF_SYMLINKS;
2874                 }
2875         }
2876
2877         if ((pvolume_info->cifs_acl) && (pvolume_info->dynperm))
2878                 cERROR(1, "mount option dynperm ignored if cifsacl "
2879                            "mount option supported");
2880 }
2881
2882 /*
2883  * When the server supports very large reads and writes via POSIX extensions,
2884  * we can allow up to 2^24-1, minus the size of a READ/WRITE_AND_X header, not
2885  * including the RFC1001 length.
2886  *
2887  * Note that this might make for "interesting" allocation problems during
2888  * writeback however as we have to allocate an array of pointers for the
2889  * pages. A 16M write means ~32kb page array with PAGE_CACHE_SIZE == 4096.
2890  *
2891  * For reads, there is a similar problem as we need to allocate an array
2892  * of kvecs to handle the receive, though that should only need to be done
2893  * once.
2894  */
2895 #define CIFS_MAX_WSIZE ((1<<24) - 1 - sizeof(WRITE_REQ) + 4)
2896 #define CIFS_MAX_RSIZE ((1<<24) - sizeof(READ_RSP) + 4)
2897
2898 /*
2899  * When the server doesn't allow large posix writes, only allow a rsize/wsize
2900  * of 2^17-1 minus the size of the call header. That allows for a read or
2901  * write up to the maximum size described by RFC1002.
2902  */
2903 #define CIFS_MAX_RFC1002_WSIZE ((1<<17) - 1 - sizeof(WRITE_REQ) + 4)
2904 #define CIFS_MAX_RFC1002_RSIZE ((1<<17) - 1 - sizeof(READ_RSP) + 4)
2905
2906 /*
2907  * The default wsize is 1M. find_get_pages seems to return a maximum of 256
2908  * pages in a single call. With PAGE_CACHE_SIZE == 4k, this means we can fill
2909  * a single wsize request with a single call.
2910  */
2911 #define CIFS_DEFAULT_IOSIZE (1024 * 1024)
2912
2913 /*
2914  * Windows only supports a max of 60k reads. Default to that when posix
2915  * extensions aren't in force.
2916  */
2917 #define CIFS_DEFAULT_NON_POSIX_RSIZE (60 * 1024)
2918
2919 static unsigned int
2920 cifs_negotiate_wsize(struct cifs_tcon *tcon, struct smb_vol *pvolume_info)
2921 {
2922         __u64 unix_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2923         struct TCP_Server_Info *server = tcon->ses->server;
2924         unsigned int wsize = pvolume_info->wsize ? pvolume_info->wsize :
2925                                 CIFS_DEFAULT_IOSIZE;
2926
2927         /* can server support 24-bit write sizes? (via UNIX extensions) */
2928         if (!tcon->unix_ext || !(unix_cap & CIFS_UNIX_LARGE_WRITE_CAP))
2929                 wsize = min_t(unsigned int, wsize, CIFS_MAX_RFC1002_WSIZE);
2930
2931         /*
2932          * no CAP_LARGE_WRITE_X or is signing enabled without CAP_UNIX set?
2933          * Limit it to max buffer offered by the server, minus the size of the
2934          * WRITEX header, not including the 4 byte RFC1001 length.
2935          */
2936         if (!(server->capabilities & CAP_LARGE_WRITE_X) ||
2937             (!(server->capabilities & CAP_UNIX) &&
2938              (server->sec_mode & (SECMODE_SIGN_ENABLED|SECMODE_SIGN_REQUIRED))))
2939                 wsize = min_t(unsigned int, wsize,
2940                                 server->maxBuf - sizeof(WRITE_REQ) + 4);
2941
2942         /* hard limit of CIFS_MAX_WSIZE */
2943         wsize = min_t(unsigned int, wsize, CIFS_MAX_WSIZE);
2944
2945         return wsize;
2946 }
2947
2948 static unsigned int
2949 cifs_negot