]> git.karo-electronics.de Git - mv-sheeva.git/blob - fs/cifs/connect.c
Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/hch/hfsplus
[mv-sheeva.git] / fs / cifs / connect.c
1 /*
2  *   fs/cifs/connect.c
3  *
4  *   Copyright (C) International Business Machines  Corp., 2002,2009
5  *   Author(s): Steve French (sfrench@us.ibm.com)
6  *
7  *   This library is free software; you can redistribute it and/or modify
8  *   it under the terms of the GNU Lesser General Public License as published
9  *   by the Free Software Foundation; either version 2.1 of the License, or
10  *   (at your option) any later version.
11  *
12  *   This library is distributed in the hope that it will be useful,
13  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
14  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
15  *   the GNU Lesser General Public License for more details.
16  *
17  *   You should have received a copy of the GNU Lesser General Public License
18  *   along with this library; if not, write to the Free Software
19  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20  */
21 #include <linux/fs.h>
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/slab.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/kthread.h>
34 #include <linux/pagevec.h>
35 #include <linux/freezer.h>
36 #include <linux/namei.h>
37 #include <asm/uaccess.h>
38 #include <asm/processor.h>
39 #include <linux/inet.h>
40 #include <net/ipv6.h>
41 #include "cifspdu.h"
42 #include "cifsglob.h"
43 #include "cifsproto.h"
44 #include "cifs_unicode.h"
45 #include "cifs_debug.h"
46 #include "cifs_fs_sb.h"
47 #include "ntlmssp.h"
48 #include "nterr.h"
49 #include "rfc1002pdu.h"
50 #include "fscache.h"
51
52 #define CIFS_PORT 445
53 #define RFC1001_PORT 139
54
55 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
56                          unsigned char *p24);
57
58 extern mempool_t *cifs_req_poolp;
59
60 struct smb_vol {
61         char *username;
62         char *password;
63         char *domainname;
64         char *UNC;
65         char *UNCip;
66         char *iocharset;  /* local code page for mapping to and from Unicode */
67         char source_rfc1001_name[16]; /* netbios name of client */
68         char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
69         uid_t cred_uid;
70         uid_t linux_uid;
71         gid_t linux_gid;
72         mode_t file_mode;
73         mode_t dir_mode;
74         unsigned secFlg;
75         bool retry:1;
76         bool intr:1;
77         bool setuids:1;
78         bool override_uid:1;
79         bool override_gid:1;
80         bool dynperm:1;
81         bool noperm:1;
82         bool no_psx_acl:1; /* set if posix acl support should be disabled */
83         bool cifs_acl:1;
84         bool no_xattr:1;   /* set if xattr (EA) support should be disabled*/
85         bool server_ino:1; /* use inode numbers from server ie UniqueId */
86         bool direct_io:1;
87         bool remap:1;      /* set to remap seven reserved chars in filenames */
88         bool posix_paths:1; /* unset to not ask for posix pathnames. */
89         bool no_linux_ext:1;
90         bool sfu_emul:1;
91         bool nullauth:1;   /* attempt to authenticate with null user */
92         bool nocase:1;     /* request case insensitive filenames */
93         bool nobrl:1;      /* disable sending byte range locks to srv */
94         bool mand_lock:1;  /* send mandatory not posix byte range lock reqs */
95         bool seal:1;       /* request transport encryption on share */
96         bool nodfs:1;      /* Do not request DFS, even if available */
97         bool local_lease:1; /* check leases only on local system, not remote */
98         bool noblocksnd:1;
99         bool noautotune:1;
100         bool nostrictsync:1; /* do not force expensive SMBflush on every sync */
101         bool fsc:1;     /* enable fscache */
102         bool mfsymlinks:1; /* use Minshall+French Symlinks */
103         bool multiuser:1;
104         unsigned int rsize;
105         unsigned int wsize;
106         bool sockopt_tcp_nodelay:1;
107         unsigned short int port;
108         unsigned long actimeo; /* attribute cache timeout (jiffies) */
109         char *prepath;
110         struct sockaddr_storage srcaddr; /* allow binding to a local IP */
111         struct nls_table *local_nls;
112 };
113
114 /* FIXME: should these be tunable? */
115 #define TLINK_ERROR_EXPIRE      (1 * HZ)
116 #define TLINK_IDLE_EXPIRE       (600 * HZ)
117
118 static int ipv4_connect(struct TCP_Server_Info *server);
119 static int ipv6_connect(struct TCP_Server_Info *server);
120 static void tlink_rb_insert(struct rb_root *root, struct tcon_link *new_tlink);
121 static void cifs_prune_tlinks(struct work_struct *work);
122
123 /*
124  * cifs tcp session reconnection
125  *
126  * mark tcp session as reconnecting so temporarily locked
127  * mark all smb sessions as reconnecting for tcp session
128  * reconnect tcp session
129  * wake up waiters on reconnection? - (not needed currently)
130  */
131 static int
132 cifs_reconnect(struct TCP_Server_Info *server)
133 {
134         int rc = 0;
135         struct list_head *tmp, *tmp2;
136         struct cifsSesInfo *ses;
137         struct cifsTconInfo *tcon;
138         struct mid_q_entry *mid_entry;
139
140         spin_lock(&GlobalMid_Lock);
141         if (server->tcpStatus == CifsExiting) {
142                 /* the demux thread will exit normally
143                 next time through the loop */
144                 spin_unlock(&GlobalMid_Lock);
145                 return rc;
146         } else
147                 server->tcpStatus = CifsNeedReconnect;
148         spin_unlock(&GlobalMid_Lock);
149         server->maxBuf = 0;
150
151         cFYI(1, "Reconnecting tcp session");
152
153         /* before reconnecting the tcp session, mark the smb session (uid)
154                 and the tid bad so they are not used until reconnected */
155         spin_lock(&cifs_tcp_ses_lock);
156         list_for_each(tmp, &server->smb_ses_list) {
157                 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
158                 ses->need_reconnect = true;
159                 ses->ipc_tid = 0;
160                 list_for_each(tmp2, &ses->tcon_list) {
161                         tcon = list_entry(tmp2, struct cifsTconInfo, tcon_list);
162                         tcon->need_reconnect = true;
163                 }
164         }
165         spin_unlock(&cifs_tcp_ses_lock);
166         /* do not want to be sending data on a socket we are freeing */
167         mutex_lock(&server->srv_mutex);
168         if (server->ssocket) {
169                 cFYI(1, "State: 0x%x Flags: 0x%lx", server->ssocket->state,
170                         server->ssocket->flags);
171                 kernel_sock_shutdown(server->ssocket, SHUT_WR);
172                 cFYI(1, "Post shutdown state: 0x%x Flags: 0x%lx",
173                         server->ssocket->state,
174                         server->ssocket->flags);
175                 sock_release(server->ssocket);
176                 server->ssocket = NULL;
177         }
178         server->sequence_number = 0;
179         server->session_estab = false;
180         kfree(server->session_key.response);
181         server->session_key.response = NULL;
182         server->session_key.len = 0;
183
184         spin_lock(&GlobalMid_Lock);
185         list_for_each(tmp, &server->pending_mid_q) {
186                 mid_entry = list_entry(tmp, struct
187                                         mid_q_entry,
188                                         qhead);
189                 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
190                                 /* Mark other intransit requests as needing
191                                    retry so we do not immediately mark the
192                                    session bad again (ie after we reconnect
193                                    below) as they timeout too */
194                         mid_entry->midState = MID_RETRY_NEEDED;
195                 }
196         }
197         spin_unlock(&GlobalMid_Lock);
198         mutex_unlock(&server->srv_mutex);
199
200         while ((server->tcpStatus != CifsExiting) &&
201                (server->tcpStatus != CifsGood)) {
202                 try_to_freeze();
203                 if (server->addr.sockAddr6.sin6_family == AF_INET6)
204                         rc = ipv6_connect(server);
205                 else
206                         rc = ipv4_connect(server);
207                 if (rc) {
208                         cFYI(1, "reconnect error %d", rc);
209                         msleep(3000);
210                 } else {
211                         atomic_inc(&tcpSesReconnectCount);
212                         spin_lock(&GlobalMid_Lock);
213                         if (server->tcpStatus != CifsExiting)
214                                 server->tcpStatus = CifsGood;
215                         spin_unlock(&GlobalMid_Lock);
216         /*              atomic_set(&server->inFlight,0);*/
217                         wake_up(&server->response_q);
218                 }
219         }
220         return rc;
221 }
222
223 /*
224         return codes:
225                 0       not a transact2, or all data present
226                 >0      transact2 with that much data missing
227                 -EINVAL = invalid transact2
228
229  */
230 static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
231 {
232         struct smb_t2_rsp *pSMBt;
233         int total_data_size;
234         int data_in_this_rsp;
235         int remaining;
236
237         if (pSMB->Command != SMB_COM_TRANSACTION2)
238                 return 0;
239
240         /* check for plausible wct, bcc and t2 data and parm sizes */
241         /* check for parm and data offset going beyond end of smb */
242         if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
243                 cFYI(1, "invalid transact2 word count");
244                 return -EINVAL;
245         }
246
247         pSMBt = (struct smb_t2_rsp *)pSMB;
248
249         total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
250         data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
251
252         remaining = total_data_size - data_in_this_rsp;
253
254         if (remaining == 0)
255                 return 0;
256         else if (remaining < 0) {
257                 cFYI(1, "total data %d smaller than data in frame %d",
258                         total_data_size, data_in_this_rsp);
259                 return -EINVAL;
260         } else {
261                 cFYI(1, "missing %d bytes from transact2, check next response",
262                         remaining);
263                 if (total_data_size > maxBufSize) {
264                         cERROR(1, "TotalDataSize %d is over maximum buffer %d",
265                                 total_data_size, maxBufSize);
266                         return -EINVAL;
267                 }
268                 return remaining;
269         }
270 }
271
272 static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
273 {
274         struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
275         struct smb_t2_rsp *pSMBt  = (struct smb_t2_rsp *)pTargetSMB;
276         int total_data_size;
277         int total_in_buf;
278         int remaining;
279         int total_in_buf2;
280         char *data_area_of_target;
281         char *data_area_of_buf2;
282         __u16 byte_count;
283
284         total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
285
286         if (total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
287                 cFYI(1, "total data size of primary and secondary t2 differ");
288         }
289
290         total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
291
292         remaining = total_data_size - total_in_buf;
293
294         if (remaining < 0)
295                 return -EINVAL;
296
297         if (remaining == 0) /* nothing to do, ignore */
298                 return 0;
299
300         total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
301         if (remaining < total_in_buf2) {
302                 cFYI(1, "transact2 2nd response contains too much data");
303         }
304
305         /* find end of first SMB data area */
306         data_area_of_target = (char *)&pSMBt->hdr.Protocol +
307                                 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
308         /* validate target area */
309
310         data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
311                                         le16_to_cpu(pSMB2->t2_rsp.DataOffset);
312
313         data_area_of_target += total_in_buf;
314
315         /* copy second buffer into end of first buffer */
316         memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
317         total_in_buf += total_in_buf2;
318         pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
319         byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
320         byte_count += total_in_buf2;
321         BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
322
323         byte_count = pTargetSMB->smb_buf_length;
324         byte_count += total_in_buf2;
325
326         /* BB also add check that we are not beyond maximum buffer size */
327
328         pTargetSMB->smb_buf_length = byte_count;
329
330         if (remaining == total_in_buf2) {
331                 cFYI(1, "found the last secondary response");
332                 return 0; /* we are done */
333         } else /* more responses to go */
334                 return 1;
335
336 }
337
338 static int
339 cifs_demultiplex_thread(struct TCP_Server_Info *server)
340 {
341         int length;
342         unsigned int pdu_length, total_read;
343         struct smb_hdr *smb_buffer = NULL;
344         struct smb_hdr *bigbuf = NULL;
345         struct smb_hdr *smallbuf = NULL;
346         struct msghdr smb_msg;
347         struct kvec iov;
348         struct socket *csocket = server->ssocket;
349         struct list_head *tmp;
350         struct cifsSesInfo *ses;
351         struct task_struct *task_to_wake = NULL;
352         struct mid_q_entry *mid_entry;
353         char temp;
354         bool isLargeBuf = false;
355         bool isMultiRsp;
356         int reconnect;
357
358         current->flags |= PF_MEMALLOC;
359         cFYI(1, "Demultiplex PID: %d", task_pid_nr(current));
360
361         length = atomic_inc_return(&tcpSesAllocCount);
362         if (length > 1)
363                 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
364                                 GFP_KERNEL);
365
366         set_freezable();
367         while (server->tcpStatus != CifsExiting) {
368                 if (try_to_freeze())
369                         continue;
370                 if (bigbuf == NULL) {
371                         bigbuf = cifs_buf_get();
372                         if (!bigbuf) {
373                                 cERROR(1, "No memory for large SMB response");
374                                 msleep(3000);
375                                 /* retry will check if exiting */
376                                 continue;
377                         }
378                 } else if (isLargeBuf) {
379                         /* we are reusing a dirty large buf, clear its start */
380                         memset(bigbuf, 0, sizeof(struct smb_hdr));
381                 }
382
383                 if (smallbuf == NULL) {
384                         smallbuf = cifs_small_buf_get();
385                         if (!smallbuf) {
386                                 cERROR(1, "No memory for SMB response");
387                                 msleep(1000);
388                                 /* retry will check if exiting */
389                                 continue;
390                         }
391                         /* beginning of smb buffer is cleared in our buf_get */
392                 } else /* if existing small buf clear beginning */
393                         memset(smallbuf, 0, sizeof(struct smb_hdr));
394
395                 isLargeBuf = false;
396                 isMultiRsp = false;
397                 smb_buffer = smallbuf;
398                 iov.iov_base = smb_buffer;
399                 iov.iov_len = 4;
400                 smb_msg.msg_control = NULL;
401                 smb_msg.msg_controllen = 0;
402                 pdu_length = 4; /* enough to get RFC1001 header */
403 incomplete_rcv:
404                 length =
405                     kernel_recvmsg(csocket, &smb_msg,
406                                 &iov, 1, pdu_length, 0 /* BB other flags? */);
407
408                 if (server->tcpStatus == CifsExiting) {
409                         break;
410                 } else if (server->tcpStatus == CifsNeedReconnect) {
411                         cFYI(1, "Reconnect after server stopped responding");
412                         cifs_reconnect(server);
413                         cFYI(1, "call to reconnect done");
414                         csocket = server->ssocket;
415                         continue;
416                 } else if (length == -ERESTARTSYS ||
417                            length == -EAGAIN ||
418                            length == -EINTR) {
419                         msleep(1); /* minimum sleep to prevent looping
420                                 allowing socket to clear and app threads to set
421                                 tcpStatus CifsNeedReconnect if server hung */
422                         if (pdu_length < 4) {
423                                 iov.iov_base = (4 - pdu_length) +
424                                                         (char *)smb_buffer;
425                                 iov.iov_len = pdu_length;
426                                 smb_msg.msg_control = NULL;
427                                 smb_msg.msg_controllen = 0;
428                                 goto incomplete_rcv;
429                         } else
430                                 continue;
431                 } else if (length <= 0) {
432                         cFYI(1, "Reconnect after unexpected peek error %d",
433                                 length);
434                         cifs_reconnect(server);
435                         csocket = server->ssocket;
436                         wake_up(&server->response_q);
437                         continue;
438                 } else if (length < pdu_length) {
439                         cFYI(1, "requested %d bytes but only got %d bytes",
440                                   pdu_length, length);
441                         pdu_length -= length;
442                         msleep(1);
443                         goto incomplete_rcv;
444                 }
445
446                 /* The right amount was read from socket - 4 bytes */
447                 /* so we can now interpret the length field */
448
449                 /* the first byte big endian of the length field,
450                 is actually not part of the length but the type
451                 with the most common, zero, as regular data */
452                 temp = *((char *) smb_buffer);
453
454                 /* Note that FC 1001 length is big endian on the wire,
455                 but we convert it here so it is always manipulated
456                 as host byte order */
457                 pdu_length = be32_to_cpu((__force __be32)smb_buffer->smb_buf_length);
458                 smb_buffer->smb_buf_length = pdu_length;
459
460                 cFYI(1, "rfc1002 length 0x%x", pdu_length+4);
461
462                 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
463                         continue;
464                 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
465                         cFYI(1, "Good RFC 1002 session rsp");
466                         continue;
467                 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
468                         /* we get this from Windows 98 instead of
469                            an error on SMB negprot response */
470                         cFYI(1, "Negative RFC1002 Session Response Error 0x%x)",
471                                 pdu_length);
472                         /* give server a second to clean up  */
473                         msleep(1000);
474                         /* always try 445 first on reconnect since we get NACK
475                          * on some if we ever connected to port 139 (the NACK
476                          * is since we do not begin with RFC1001 session
477                          * initialize frame)
478                          */
479                         cifs_set_port((struct sockaddr *)
480                                         &server->addr.sockAddr, CIFS_PORT);
481                         cifs_reconnect(server);
482                         csocket = server->ssocket;
483                         wake_up(&server->response_q);
484                         continue;
485                 } else if (temp != (char) 0) {
486                         cERROR(1, "Unknown RFC 1002 frame");
487                         cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
488                                       length);
489                         cifs_reconnect(server);
490                         csocket = server->ssocket;
491                         continue;
492                 }
493
494                 /* else we have an SMB response */
495                 if ((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
496                             (pdu_length < sizeof(struct smb_hdr) - 1 - 4)) {
497                         cERROR(1, "Invalid size SMB length %d pdu_length %d",
498                                         length, pdu_length+4);
499                         cifs_reconnect(server);
500                         csocket = server->ssocket;
501                         wake_up(&server->response_q);
502                         continue;
503                 }
504
505                 /* else length ok */
506                 reconnect = 0;
507
508                 if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
509                         isLargeBuf = true;
510                         memcpy(bigbuf, smallbuf, 4);
511                         smb_buffer = bigbuf;
512                 }
513                 length = 0;
514                 iov.iov_base = 4 + (char *)smb_buffer;
515                 iov.iov_len = pdu_length;
516                 for (total_read = 0; total_read < pdu_length;
517                      total_read += length) {
518                         length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
519                                                 pdu_length - total_read, 0);
520                         if (server->tcpStatus == CifsExiting) {
521                                 /* then will exit */
522                                 reconnect = 2;
523                                 break;
524                         } else if (server->tcpStatus == CifsNeedReconnect) {
525                                 cifs_reconnect(server);
526                                 csocket = server->ssocket;
527                                 /* Reconnect wakes up rspns q */
528                                 /* Now we will reread sock */
529                                 reconnect = 1;
530                                 break;
531                         } else if (length == -ERESTARTSYS ||
532                                    length == -EAGAIN ||
533                                    length == -EINTR) {
534                                 msleep(1); /* minimum sleep to prevent looping,
535                                               allowing socket to clear and app
536                                               threads to set tcpStatus
537                                               CifsNeedReconnect if server hung*/
538                                 length = 0;
539                                 continue;
540                         } else if (length <= 0) {
541                                 cERROR(1, "Received no data, expecting %d",
542                                               pdu_length - total_read);
543                                 cifs_reconnect(server);
544                                 csocket = server->ssocket;
545                                 reconnect = 1;
546                                 break;
547                         }
548                 }
549                 if (reconnect == 2)
550                         break;
551                 else if (reconnect == 1)
552                         continue;
553
554                 length += 4; /* account for rfc1002 hdr */
555
556
557                 dump_smb(smb_buffer, length);
558                 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
559                         cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
560                         continue;
561                 }
562
563
564                 task_to_wake = NULL;
565                 spin_lock(&GlobalMid_Lock);
566                 list_for_each(tmp, &server->pending_mid_q) {
567                         mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
568
569                         if ((mid_entry->mid == smb_buffer->Mid) &&
570                             (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
571                             (mid_entry->command == smb_buffer->Command)) {
572                                 if (check2ndT2(smb_buffer,server->maxBuf) > 0) {
573                                         /* We have a multipart transact2 resp */
574                                         isMultiRsp = true;
575                                         if (mid_entry->resp_buf) {
576                                                 /* merge response - fix up 1st*/
577                                                 if (coalesce_t2(smb_buffer,
578                                                         mid_entry->resp_buf)) {
579                                                         mid_entry->multiRsp =
580                                                                  true;
581                                                         break;
582                                                 } else {
583                                                         /* all parts received */
584                                                         mid_entry->multiEnd =
585                                                                  true;
586                                                         goto multi_t2_fnd;
587                                                 }
588                                         } else {
589                                                 if (!isLargeBuf) {
590                                                         cERROR(1, "1st trans2 resp needs bigbuf");
591                                         /* BB maybe we can fix this up,  switch
592                                            to already allocated large buffer? */
593                                                 } else {
594                                                         /* Have first buffer */
595                                                         mid_entry->resp_buf =
596                                                                  smb_buffer;
597                                                         mid_entry->largeBuf =
598                                                                  true;
599                                                         bigbuf = NULL;
600                                                 }
601                                         }
602                                         break;
603                                 }
604                                 mid_entry->resp_buf = smb_buffer;
605                                 mid_entry->largeBuf = isLargeBuf;
606 multi_t2_fnd:
607                                 task_to_wake = mid_entry->tsk;
608                                 mid_entry->midState = MID_RESPONSE_RECEIVED;
609 #ifdef CONFIG_CIFS_STATS2
610                                 mid_entry->when_received = jiffies;
611 #endif
612                                 /* so we do not time out requests to  server
613                                 which is still responding (since server could
614                                 be busy but not dead) */
615                                 server->lstrp = jiffies;
616                                 break;
617                         }
618                 }
619                 spin_unlock(&GlobalMid_Lock);
620                 if (task_to_wake) {
621                         /* Was previous buf put in mpx struct for multi-rsp? */
622                         if (!isMultiRsp) {
623                                 /* smb buffer will be freed by user thread */
624                                 if (isLargeBuf)
625                                         bigbuf = NULL;
626                                 else
627                                         smallbuf = NULL;
628                         }
629                         wake_up_process(task_to_wake);
630                 } else if (!is_valid_oplock_break(smb_buffer, server) &&
631                            !isMultiRsp) {
632                         cERROR(1, "No task to wake, unknown frame received! "
633                                    "NumMids %d", midCount.counter);
634                         cifs_dump_mem("Received Data is: ", (char *)smb_buffer,
635                                       sizeof(struct smb_hdr));
636 #ifdef CONFIG_CIFS_DEBUG2
637                         cifs_dump_detail(smb_buffer);
638                         cifs_dump_mids(server);
639 #endif /* CIFS_DEBUG2 */
640
641                 }
642         } /* end while !EXITING */
643
644         /* take it off the list, if it's not already */
645         spin_lock(&cifs_tcp_ses_lock);
646         list_del_init(&server->tcp_ses_list);
647         spin_unlock(&cifs_tcp_ses_lock);
648
649         spin_lock(&GlobalMid_Lock);
650         server->tcpStatus = CifsExiting;
651         spin_unlock(&GlobalMid_Lock);
652         wake_up_all(&server->response_q);
653
654         /* check if we have blocked requests that need to free */
655         /* Note that cifs_max_pending is normally 50, but
656         can be set at module install time to as little as two */
657         spin_lock(&GlobalMid_Lock);
658         if (atomic_read(&server->inFlight) >= cifs_max_pending)
659                 atomic_set(&server->inFlight, cifs_max_pending - 1);
660         /* We do not want to set the max_pending too low or we
661         could end up with the counter going negative */
662         spin_unlock(&GlobalMid_Lock);
663         /* Although there should not be any requests blocked on
664         this queue it can not hurt to be paranoid and try to wake up requests
665         that may haven been blocked when more than 50 at time were on the wire
666         to the same server - they now will see the session is in exit state
667         and get out of SendReceive.  */
668         wake_up_all(&server->request_q);
669         /* give those requests time to exit */
670         msleep(125);
671
672         if (server->ssocket) {
673                 sock_release(csocket);
674                 server->ssocket = NULL;
675         }
676         /* buffer usuallly freed in free_mid - need to free it here on exit */
677         cifs_buf_release(bigbuf);
678         if (smallbuf) /* no sense logging a debug message if NULL */
679                 cifs_small_buf_release(smallbuf);
680
681         /*
682          * BB: we shouldn't have to do any of this. It shouldn't be
683          * possible to exit from the thread with active SMB sessions
684          */
685         spin_lock(&cifs_tcp_ses_lock);
686         if (list_empty(&server->pending_mid_q)) {
687                 /* loop through server session structures attached to this and
688                     mark them dead */
689                 list_for_each(tmp, &server->smb_ses_list) {
690                         ses = list_entry(tmp, struct cifsSesInfo,
691                                          smb_ses_list);
692                         ses->status = CifsExiting;
693                         ses->server = NULL;
694                 }
695                 spin_unlock(&cifs_tcp_ses_lock);
696         } else {
697                 /* although we can not zero the server struct pointer yet,
698                 since there are active requests which may depnd on them,
699                 mark the corresponding SMB sessions as exiting too */
700                 list_for_each(tmp, &server->smb_ses_list) {
701                         ses = list_entry(tmp, struct cifsSesInfo,
702                                          smb_ses_list);
703                         ses->status = CifsExiting;
704                 }
705
706                 spin_lock(&GlobalMid_Lock);
707                 list_for_each(tmp, &server->pending_mid_q) {
708                 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
709                         if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
710                                 cFYI(1, "Clearing Mid 0x%x - waking up ",
711                                          mid_entry->mid);
712                                 task_to_wake = mid_entry->tsk;
713                                 if (task_to_wake)
714                                         wake_up_process(task_to_wake);
715                         }
716                 }
717                 spin_unlock(&GlobalMid_Lock);
718                 spin_unlock(&cifs_tcp_ses_lock);
719                 /* 1/8th of sec is more than enough time for them to exit */
720                 msleep(125);
721         }
722
723         if (!list_empty(&server->pending_mid_q)) {
724                 /* mpx threads have not exited yet give them
725                 at least the smb send timeout time for long ops */
726                 /* due to delays on oplock break requests, we need
727                 to wait at least 45 seconds before giving up
728                 on a request getting a response and going ahead
729                 and killing cifsd */
730                 cFYI(1, "Wait for exit from demultiplex thread");
731                 msleep(46000);
732                 /* if threads still have not exited they are probably never
733                 coming home not much else we can do but free the memory */
734         }
735
736         /* last chance to mark ses pointers invalid
737         if there are any pointing to this (e.g
738         if a crazy root user tried to kill cifsd
739         kernel thread explicitly this might happen) */
740         /* BB: This shouldn't be necessary, see above */
741         spin_lock(&cifs_tcp_ses_lock);
742         list_for_each(tmp, &server->smb_ses_list) {
743                 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
744                 ses->server = NULL;
745         }
746         spin_unlock(&cifs_tcp_ses_lock);
747
748         kfree(server->hostname);
749         task_to_wake = xchg(&server->tsk, NULL);
750         kfree(server);
751
752         length = atomic_dec_return(&tcpSesAllocCount);
753         if (length  > 0)
754                 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
755                                 GFP_KERNEL);
756
757         /* if server->tsk was NULL then wait for a signal before exiting */
758         if (!task_to_wake) {
759                 set_current_state(TASK_INTERRUPTIBLE);
760                 while (!signal_pending(current)) {
761                         schedule();
762                         set_current_state(TASK_INTERRUPTIBLE);
763                 }
764                 set_current_state(TASK_RUNNING);
765         }
766
767         module_put_and_exit(0);
768 }
769
770 /* extract the host portion of the UNC string */
771 static char *
772 extract_hostname(const char *unc)
773 {
774         const char *src;
775         char *dst, *delim;
776         unsigned int len;
777
778         /* skip double chars at beginning of string */
779         /* BB: check validity of these bytes? */
780         src = unc + 2;
781
782         /* delimiter between hostname and sharename is always '\\' now */
783         delim = strchr(src, '\\');
784         if (!delim)
785                 return ERR_PTR(-EINVAL);
786
787         len = delim - src;
788         dst = kmalloc((len + 1), GFP_KERNEL);
789         if (dst == NULL)
790                 return ERR_PTR(-ENOMEM);
791
792         memcpy(dst, src, len);
793         dst[len] = '\0';
794
795         return dst;
796 }
797
798 static int
799 cifs_parse_mount_options(char *options, const char *devname,
800                          struct smb_vol *vol)
801 {
802         char *value;
803         char *data;
804         unsigned int  temp_len, i, j;
805         char separator[2];
806         short int override_uid = -1;
807         short int override_gid = -1;
808         bool uid_specified = false;
809         bool gid_specified = false;
810         char *nodename = utsname()->nodename;
811
812         separator[0] = ',';
813         separator[1] = 0;
814
815         /*
816          * does not have to be perfect mapping since field is
817          * informational, only used for servers that do not support
818          * port 445 and it can be overridden at mount time
819          */
820         memset(vol->source_rfc1001_name, 0x20, 15);
821         for (i = 0; i < strnlen(nodename, 15); i++)
822                 vol->source_rfc1001_name[i] = toupper(nodename[i]);
823
824         vol->source_rfc1001_name[15] = 0;
825         /* null target name indicates to use *SMBSERVR default called name
826            if we end up sending RFC1001 session initialize */
827         vol->target_rfc1001_name[0] = 0;
828         vol->cred_uid = current_uid();
829         vol->linux_uid = current_uid();
830         vol->linux_gid = current_gid();
831
832         /* default to only allowing write access to owner of the mount */
833         vol->dir_mode = vol->file_mode = S_IRUGO | S_IXUGO | S_IWUSR;
834
835         /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
836         /* default is always to request posix paths. */
837         vol->posix_paths = 1;
838         /* default to using server inode numbers where available */
839         vol->server_ino = 1;
840
841         vol->actimeo = CIFS_DEF_ACTIMEO;
842
843         if (!options)
844                 return 1;
845
846         if (strncmp(options, "sep=", 4) == 0) {
847                 if (options[4] != 0) {
848                         separator[0] = options[4];
849                         options += 5;
850                 } else {
851                         cFYI(1, "Null separator not allowed");
852                 }
853         }
854
855         while ((data = strsep(&options, separator)) != NULL) {
856                 if (!*data)
857                         continue;
858                 if ((value = strchr(data, '=')) != NULL)
859                         *value++ = '\0';
860
861                 /* Have to parse this before we parse for "user" */
862                 if (strnicmp(data, "user_xattr", 10) == 0) {
863                         vol->no_xattr = 0;
864                 } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
865                         vol->no_xattr = 1;
866                 } else if (strnicmp(data, "user", 4) == 0) {
867                         if (!value) {
868                                 printk(KERN_WARNING
869                                        "CIFS: invalid or missing username\n");
870                                 return 1;       /* needs_arg; */
871                         } else if (!*value) {
872                                 /* null user, ie anonymous, authentication */
873                                 vol->nullauth = 1;
874                         }
875                         if (strnlen(value, 200) < 200) {
876                                 vol->username = value;
877                         } else {
878                                 printk(KERN_WARNING "CIFS: username too long\n");
879                                 return 1;
880                         }
881                 } else if (strnicmp(data, "pass", 4) == 0) {
882                         if (!value) {
883                                 vol->password = NULL;
884                                 continue;
885                         } else if (value[0] == 0) {
886                                 /* check if string begins with double comma
887                                    since that would mean the password really
888                                    does start with a comma, and would not
889                                    indicate an empty string */
890                                 if (value[1] != separator[0]) {
891                                         vol->password = NULL;
892                                         continue;
893                                 }
894                         }
895                         temp_len = strlen(value);
896                         /* removed password length check, NTLM passwords
897                                 can be arbitrarily long */
898
899                         /* if comma in password, the string will be
900                         prematurely null terminated.  Commas in password are
901                         specified across the cifs mount interface by a double
902                         comma ie ,, and a comma used as in other cases ie ','
903                         as a parameter delimiter/separator is single and due
904                         to the strsep above is temporarily zeroed. */
905
906                         /* NB: password legally can have multiple commas and
907                         the only illegal character in a password is null */
908
909                         if ((value[temp_len] == 0) &&
910                             (value[temp_len+1] == separator[0])) {
911                                 /* reinsert comma */
912                                 value[temp_len] = separator[0];
913                                 temp_len += 2;  /* move after second comma */
914                                 while (value[temp_len] != 0)  {
915                                         if (value[temp_len] == separator[0]) {
916                                                 if (value[temp_len+1] ==
917                                                      separator[0]) {
918                                                 /* skip second comma */
919                                                         temp_len++;
920                                                 } else {
921                                                 /* single comma indicating start
922                                                          of next parm */
923                                                         break;
924                                                 }
925                                         }
926                                         temp_len++;
927                                 }
928                                 if (value[temp_len] == 0) {
929                                         options = NULL;
930                                 } else {
931                                         value[temp_len] = 0;
932                                         /* point option to start of next parm */
933                                         options = value + temp_len + 1;
934                                 }
935                                 /* go from value to value + temp_len condensing
936                                 double commas to singles. Note that this ends up
937                                 allocating a few bytes too many, which is ok */
938                                 vol->password = kzalloc(temp_len, GFP_KERNEL);
939                                 if (vol->password == NULL) {
940                                         printk(KERN_WARNING "CIFS: no memory "
941                                                             "for password\n");
942                                         return 1;
943                                 }
944                                 for (i = 0, j = 0; i < temp_len; i++, j++) {
945                                         vol->password[j] = value[i];
946                                         if (value[i] == separator[0]
947                                                 && value[i+1] == separator[0]) {
948                                                 /* skip second comma */
949                                                 i++;
950                                         }
951                                 }
952                                 vol->password[j] = 0;
953                         } else {
954                                 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
955                                 if (vol->password == NULL) {
956                                         printk(KERN_WARNING "CIFS: no memory "
957                                                             "for password\n");
958                                         return 1;
959                                 }
960                                 strcpy(vol->password, value);
961                         }
962                 } else if (!strnicmp(data, "ip", 2) ||
963                            !strnicmp(data, "addr", 4)) {
964                         if (!value || !*value) {
965                                 vol->UNCip = NULL;
966                         } else if (strnlen(value, INET6_ADDRSTRLEN) <
967                                                         INET6_ADDRSTRLEN) {
968                                 vol->UNCip = value;
969                         } else {
970                                 printk(KERN_WARNING "CIFS: ip address "
971                                                     "too long\n");
972                                 return 1;
973                         }
974                 } else if (strnicmp(data, "sec", 3) == 0) {
975                         if (!value || !*value) {
976                                 cERROR(1, "no security value specified");
977                                 continue;
978                         } else if (strnicmp(value, "krb5i", 5) == 0) {
979                                 vol->secFlg |= CIFSSEC_MAY_KRB5 |
980                                         CIFSSEC_MUST_SIGN;
981                         } else if (strnicmp(value, "krb5p", 5) == 0) {
982                                 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
983                                         CIFSSEC_MAY_KRB5; */
984                                 cERROR(1, "Krb5 cifs privacy not supported");
985                                 return 1;
986                         } else if (strnicmp(value, "krb5", 4) == 0) {
987                                 vol->secFlg |= CIFSSEC_MAY_KRB5;
988 #ifdef CONFIG_CIFS_EXPERIMENTAL
989                         } else if (strnicmp(value, "ntlmsspi", 8) == 0) {
990                                 vol->secFlg |= CIFSSEC_MAY_NTLMSSP |
991                                         CIFSSEC_MUST_SIGN;
992                         } else if (strnicmp(value, "ntlmssp", 7) == 0) {
993                                 vol->secFlg |= CIFSSEC_MAY_NTLMSSP;
994 #endif
995                         } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
996                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
997                                         CIFSSEC_MUST_SIGN;
998                         } else if (strnicmp(value, "ntlmv2", 6) == 0) {
999                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
1000                         } else if (strnicmp(value, "ntlmi", 5) == 0) {
1001                                 vol->secFlg |= CIFSSEC_MAY_NTLM |
1002                                         CIFSSEC_MUST_SIGN;
1003                         } else if (strnicmp(value, "ntlm", 4) == 0) {
1004                                 /* ntlm is default so can be turned off too */
1005                                 vol->secFlg |= CIFSSEC_MAY_NTLM;
1006                         } else if (strnicmp(value, "nontlm", 6) == 0) {
1007                                 /* BB is there a better way to do this? */
1008                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
1009 #ifdef CONFIG_CIFS_WEAK_PW_HASH
1010                         } else if (strnicmp(value, "lanman", 6) == 0) {
1011                                 vol->secFlg |= CIFSSEC_MAY_LANMAN;
1012 #endif
1013                         } else if (strnicmp(value, "none", 4) == 0) {
1014                                 vol->nullauth = 1;
1015                         } else {
1016                                 cERROR(1, "bad security option: %s", value);
1017                                 return 1;
1018                         }
1019                 } else if ((strnicmp(data, "unc", 3) == 0)
1020                            || (strnicmp(data, "target", 6) == 0)
1021                            || (strnicmp(data, "path", 4) == 0)) {
1022                         if (!value || !*value) {
1023                                 printk(KERN_WARNING "CIFS: invalid path to "
1024                                                     "network resource\n");
1025                                 return 1;       /* needs_arg; */
1026                         }
1027                         if ((temp_len = strnlen(value, 300)) < 300) {
1028                                 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1029                                 if (vol->UNC == NULL)
1030                                         return 1;
1031                                 strcpy(vol->UNC, value);
1032                                 if (strncmp(vol->UNC, "//", 2) == 0) {
1033                                         vol->UNC[0] = '\\';
1034                                         vol->UNC[1] = '\\';
1035                                 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1036                                         printk(KERN_WARNING
1037                                                "CIFS: UNC Path does not begin "
1038                                                "with // or \\\\ \n");
1039                                         return 1;
1040                                 }
1041                         } else {
1042                                 printk(KERN_WARNING "CIFS: UNC name too long\n");
1043                                 return 1;
1044                         }
1045                 } else if ((strnicmp(data, "domain", 3) == 0)
1046                            || (strnicmp(data, "workgroup", 5) == 0)) {
1047                         if (!value || !*value) {
1048                                 printk(KERN_WARNING "CIFS: invalid domain name\n");
1049                                 return 1;       /* needs_arg; */
1050                         }
1051                         /* BB are there cases in which a comma can be valid in
1052                         a domain name and need special handling? */
1053                         if (strnlen(value, 256) < 256) {
1054                                 vol->domainname = value;
1055                                 cFYI(1, "Domain name set");
1056                         } else {
1057                                 printk(KERN_WARNING "CIFS: domain name too "
1058                                                     "long\n");
1059                                 return 1;
1060                         }
1061                 } else if (strnicmp(data, "srcaddr", 7) == 0) {
1062                         vol->srcaddr.ss_family = AF_UNSPEC;
1063
1064                         if (!value || !*value) {
1065                                 printk(KERN_WARNING "CIFS: srcaddr value"
1066                                        " not specified.\n");
1067                                 return 1;       /* needs_arg; */
1068                         }
1069                         i = cifs_convert_address((struct sockaddr *)&vol->srcaddr,
1070                                                  value, strlen(value));
1071                         if (i == 0) {
1072                                 printk(KERN_WARNING "CIFS:  Could not parse"
1073                                        " srcaddr: %s\n",
1074                                        value);
1075                                 return 1;
1076                         }
1077                 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1078                         if (!value || !*value) {
1079                                 printk(KERN_WARNING
1080                                         "CIFS: invalid path prefix\n");
1081                                 return 1;       /* needs_argument */
1082                         }
1083                         if ((temp_len = strnlen(value, 1024)) < 1024) {
1084                                 if (value[0] != '/')
1085                                         temp_len++;  /* missing leading slash */
1086                                 vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1087                                 if (vol->prepath == NULL)
1088                                         return 1;
1089                                 if (value[0] != '/') {
1090                                         vol->prepath[0] = '/';
1091                                         strcpy(vol->prepath+1, value);
1092                                 } else
1093                                         strcpy(vol->prepath, value);
1094                                 cFYI(1, "prefix path %s", vol->prepath);
1095                         } else {
1096                                 printk(KERN_WARNING "CIFS: prefix too long\n");
1097                                 return 1;
1098                         }
1099                 } else if (strnicmp(data, "iocharset", 9) == 0) {
1100                         if (!value || !*value) {
1101                                 printk(KERN_WARNING "CIFS: invalid iocharset "
1102                                                     "specified\n");
1103                                 return 1;       /* needs_arg; */
1104                         }
1105                         if (strnlen(value, 65) < 65) {
1106                                 if (strnicmp(value, "default", 7))
1107                                         vol->iocharset = value;
1108                                 /* if iocharset not set then load_nls_default
1109                                    is used by caller */
1110                                 cFYI(1, "iocharset set to %s", value);
1111                         } else {
1112                                 printk(KERN_WARNING "CIFS: iocharset name "
1113                                                     "too long.\n");
1114                                 return 1;
1115                         }
1116                 } else if (!strnicmp(data, "uid", 3) && value && *value) {
1117                         vol->linux_uid = simple_strtoul(value, &value, 0);
1118                         uid_specified = true;
1119                 } else if (!strnicmp(data, "forceuid", 8)) {
1120                         override_uid = 1;
1121                 } else if (!strnicmp(data, "noforceuid", 10)) {
1122                         override_uid = 0;
1123                 } else if (!strnicmp(data, "gid", 3) && value && *value) {
1124                         vol->linux_gid = simple_strtoul(value, &value, 0);
1125                         gid_specified = true;
1126                 } else if (!strnicmp(data, "forcegid", 8)) {
1127                         override_gid = 1;
1128                 } else if (!strnicmp(data, "noforcegid", 10)) {
1129                         override_gid = 0;
1130                 } else if (strnicmp(data, "file_mode", 4) == 0) {
1131                         if (value && *value) {
1132                                 vol->file_mode =
1133                                         simple_strtoul(value, &value, 0);
1134                         }
1135                 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1136                         if (value && *value) {
1137                                 vol->dir_mode =
1138                                         simple_strtoul(value, &value, 0);
1139                         }
1140                 } else if (strnicmp(data, "dirmode", 4) == 0) {
1141                         if (value && *value) {
1142                                 vol->dir_mode =
1143                                         simple_strtoul(value, &value, 0);
1144                         }
1145                 } else if (strnicmp(data, "port", 4) == 0) {
1146                         if (value && *value) {
1147                                 vol->port =
1148                                         simple_strtoul(value, &value, 0);
1149                         }
1150                 } else if (strnicmp(data, "rsize", 5) == 0) {
1151                         if (value && *value) {
1152                                 vol->rsize =
1153                                         simple_strtoul(value, &value, 0);
1154                         }
1155                 } else if (strnicmp(data, "wsize", 5) == 0) {
1156                         if (value && *value) {
1157                                 vol->wsize =
1158                                         simple_strtoul(value, &value, 0);
1159                         }
1160                 } else if (strnicmp(data, "sockopt", 5) == 0) {
1161                         if (!value || !*value) {
1162                                 cERROR(1, "no socket option specified");
1163                                 continue;
1164                         } else if (strnicmp(value, "TCP_NODELAY", 11) == 0) {
1165                                 vol->sockopt_tcp_nodelay = 1;
1166                         }
1167                 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1168                         if (!value || !*value || (*value == ' ')) {
1169                                 cFYI(1, "invalid (empty) netbiosname");
1170                         } else {
1171                                 memset(vol->source_rfc1001_name, 0x20, 15);
1172                                 for (i = 0; i < 15; i++) {
1173                                 /* BB are there cases in which a comma can be
1174                                 valid in this workstation netbios name (and need
1175                                 special handling)? */
1176
1177                                 /* We do not uppercase netbiosname for user */
1178                                         if (value[i] == 0)
1179                                                 break;
1180                                         else
1181                                                 vol->source_rfc1001_name[i] =
1182                                                                 value[i];
1183                                 }
1184                                 /* The string has 16th byte zero still from
1185                                 set at top of the function  */
1186                                 if ((i == 15) && (value[i] != 0))
1187                                         printk(KERN_WARNING "CIFS: netbiosname"
1188                                                 " longer than 15 truncated.\n");
1189                         }
1190                 } else if (strnicmp(data, "servern", 7) == 0) {
1191                         /* servernetbiosname specified override *SMBSERVER */
1192                         if (!value || !*value || (*value == ' ')) {
1193                                 cFYI(1, "empty server netbiosname specified");
1194                         } else {
1195                                 /* last byte, type, is 0x20 for servr type */
1196                                 memset(vol->target_rfc1001_name, 0x20, 16);
1197
1198                                 for (i = 0; i < 15; i++) {
1199                                 /* BB are there cases in which a comma can be
1200                                    valid in this workstation netbios name
1201                                    (and need special handling)? */
1202
1203                                 /* user or mount helper must uppercase
1204                                    the netbiosname */
1205                                         if (value[i] == 0)
1206                                                 break;
1207                                         else
1208                                                 vol->target_rfc1001_name[i] =
1209                                                                 value[i];
1210                                 }
1211                                 /* The string has 16th byte zero still from
1212                                    set at top of the function  */
1213                                 if ((i == 15) && (value[i] != 0))
1214                                         printk(KERN_WARNING "CIFS: server net"
1215                                         "biosname longer than 15 truncated.\n");
1216                         }
1217                 } else if (strnicmp(data, "actimeo", 7) == 0) {
1218                         if (value && *value) {
1219                                 vol->actimeo = HZ * simple_strtoul(value,
1220                                                                    &value, 0);
1221                                 if (vol->actimeo > CIFS_MAX_ACTIMEO) {
1222                                         cERROR(1, "CIFS: attribute cache"
1223                                                         "timeout too large");
1224                                         return 1;
1225                                 }
1226                         }
1227                 } else if (strnicmp(data, "credentials", 4) == 0) {
1228                         /* ignore */
1229                 } else if (strnicmp(data, "version", 3) == 0) {
1230                         /* ignore */
1231                 } else if (strnicmp(data, "guest", 5) == 0) {
1232                         /* ignore */
1233                 } else if (strnicmp(data, "rw", 2) == 0) {
1234                         /* ignore */
1235                 } else if (strnicmp(data, "ro", 2) == 0) {
1236                         /* ignore */
1237                 } else if (strnicmp(data, "noblocksend", 11) == 0) {
1238                         vol->noblocksnd = 1;
1239                 } else if (strnicmp(data, "noautotune", 10) == 0) {
1240                         vol->noautotune = 1;
1241                 } else if ((strnicmp(data, "suid", 4) == 0) ||
1242                                    (strnicmp(data, "nosuid", 6) == 0) ||
1243                                    (strnicmp(data, "exec", 4) == 0) ||
1244                                    (strnicmp(data, "noexec", 6) == 0) ||
1245                                    (strnicmp(data, "nodev", 5) == 0) ||
1246                                    (strnicmp(data, "noauto", 6) == 0) ||
1247                                    (strnicmp(data, "dev", 3) == 0)) {
1248                         /*  The mount tool or mount.cifs helper (if present)
1249                             uses these opts to set flags, and the flags are read
1250                             by the kernel vfs layer before we get here (ie
1251                             before read super) so there is no point trying to
1252                             parse these options again and set anything and it
1253                             is ok to just ignore them */
1254                         continue;
1255                 } else if (strnicmp(data, "hard", 4) == 0) {
1256                         vol->retry = 1;
1257                 } else if (strnicmp(data, "soft", 4) == 0) {
1258                         vol->retry = 0;
1259                 } else if (strnicmp(data, "perm", 4) == 0) {
1260                         vol->noperm = 0;
1261                 } else if (strnicmp(data, "noperm", 6) == 0) {
1262                         vol->noperm = 1;
1263                 } else if (strnicmp(data, "mapchars", 8) == 0) {
1264                         vol->remap = 1;
1265                 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1266                         vol->remap = 0;
1267                 } else if (strnicmp(data, "sfu", 3) == 0) {
1268                         vol->sfu_emul = 1;
1269                 } else if (strnicmp(data, "nosfu", 5) == 0) {
1270                         vol->sfu_emul = 0;
1271                 } else if (strnicmp(data, "nodfs", 5) == 0) {
1272                         vol->nodfs = 1;
1273                 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1274                         vol->posix_paths = 1;
1275                 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1276                         vol->posix_paths = 0;
1277                 } else if (strnicmp(data, "nounix", 6) == 0) {
1278                         vol->no_linux_ext = 1;
1279                 } else if (strnicmp(data, "nolinux", 7) == 0) {
1280                         vol->no_linux_ext = 1;
1281                 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1282                            (strnicmp(data, "ignorecase", 10)  == 0)) {
1283                         vol->nocase = 1;
1284                 } else if (strnicmp(data, "mand", 4) == 0) {
1285                         /* ignore */
1286                 } else if (strnicmp(data, "nomand", 6) == 0) {
1287                         /* ignore */
1288                 } else if (strnicmp(data, "_netdev", 7) == 0) {
1289                         /* ignore */
1290                 } else if (strnicmp(data, "brl", 3) == 0) {
1291                         vol->nobrl =  0;
1292                 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1293                            (strnicmp(data, "nolock", 6) == 0)) {
1294                         vol->nobrl =  1;
1295                         /* turn off mandatory locking in mode
1296                         if remote locking is turned off since the
1297                         local vfs will do advisory */
1298                         if (vol->file_mode ==
1299                                 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1300                                 vol->file_mode = S_IALLUGO;
1301                 } else if (strnicmp(data, "forcemandatorylock", 9) == 0) {
1302                         /* will take the shorter form "forcemand" as well */
1303                         /* This mount option will force use of mandatory
1304                           (DOS/Windows style) byte range locks, instead of
1305                           using posix advisory byte range locks, even if the
1306                           Unix extensions are available and posix locks would
1307                           be supported otherwise. If Unix extensions are not
1308                           negotiated this has no effect since mandatory locks
1309                           would be used (mandatory locks is all that those
1310                           those servers support) */
1311                         vol->mand_lock = 1;
1312                 } else if (strnicmp(data, "setuids", 7) == 0) {
1313                         vol->setuids = 1;
1314                 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1315                         vol->setuids = 0;
1316                 } else if (strnicmp(data, "dynperm", 7) == 0) {
1317                         vol->dynperm = true;
1318                 } else if (strnicmp(data, "nodynperm", 9) == 0) {
1319                         vol->dynperm = false;
1320                 } else if (strnicmp(data, "nohard", 6) == 0) {
1321                         vol->retry = 0;
1322                 } else if (strnicmp(data, "nosoft", 6) == 0) {
1323                         vol->retry = 1;
1324                 } else if (strnicmp(data, "nointr", 6) == 0) {
1325                         vol->intr = 0;
1326                 } else if (strnicmp(data, "intr", 4) == 0) {
1327                         vol->intr = 1;
1328                 } else if (strnicmp(data, "nostrictsync", 12) == 0) {
1329                         vol->nostrictsync = 1;
1330                 } else if (strnicmp(data, "strictsync", 10) == 0) {
1331                         vol->nostrictsync = 0;
1332                 } else if (strnicmp(data, "serverino", 7) == 0) {
1333                         vol->server_ino = 1;
1334                 } else if (strnicmp(data, "noserverino", 9) == 0) {
1335                         vol->server_ino = 0;
1336                 } else if (strnicmp(data, "cifsacl", 7) == 0) {
1337                         vol->cifs_acl = 1;
1338                 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1339                         vol->cifs_acl = 0;
1340                 } else if (strnicmp(data, "acl", 3) == 0) {
1341                         vol->no_psx_acl = 0;
1342                 } else if (strnicmp(data, "noacl", 5) == 0) {
1343                         vol->no_psx_acl = 1;
1344 #ifdef CONFIG_CIFS_EXPERIMENTAL
1345                 } else if (strnicmp(data, "locallease", 6) == 0) {
1346                         vol->local_lease = 1;
1347 #endif
1348                 } else if (strnicmp(data, "sign", 4) == 0) {
1349                         vol->secFlg |= CIFSSEC_MUST_SIGN;
1350                 } else if (strnicmp(data, "seal", 4) == 0) {
1351                         /* we do not do the following in secFlags because seal
1352                            is a per tree connection (mount) not a per socket
1353                            or per-smb connection option in the protocol */
1354                         /* vol->secFlg |= CIFSSEC_MUST_SEAL; */
1355                         vol->seal = 1;
1356                 } else if (strnicmp(data, "direct", 6) == 0) {
1357                         vol->direct_io = 1;
1358                 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1359                         vol->direct_io = 1;
1360                 } else if (strnicmp(data, "noac", 4) == 0) {
1361                         printk(KERN_WARNING "CIFS: Mount option noac not "
1362                                 "supported. Instead set "
1363                                 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1364                 } else if (strnicmp(data, "fsc", 3) == 0) {
1365 #ifndef CONFIG_CIFS_FSCACHE
1366                         cERROR(1, "FS-Cache support needs CONFIG_CIFS_FSCACHE"
1367                                   "kernel config option set");
1368                         return 1;
1369 #endif
1370                         vol->fsc = true;
1371                 } else if (strnicmp(data, "mfsymlinks", 10) == 0) {
1372                         vol->mfsymlinks = true;
1373                 } else if (strnicmp(data, "multiuser", 8) == 0) {
1374                         vol->multiuser = true;
1375                 } else
1376                         printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1377                                                 data);
1378         }
1379         if (vol->UNC == NULL) {
1380                 if (devname == NULL) {
1381                         printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1382                                                 "target\n");
1383                         return 1;
1384                 }
1385                 if ((temp_len = strnlen(devname, 300)) < 300) {
1386                         vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1387                         if (vol->UNC == NULL)
1388                                 return 1;
1389                         strcpy(vol->UNC, devname);
1390                         if (strncmp(vol->UNC, "//", 2) == 0) {
1391                                 vol->UNC[0] = '\\';
1392                                 vol->UNC[1] = '\\';
1393                         } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1394                                 printk(KERN_WARNING "CIFS: UNC Path does not "
1395                                                     "begin with // or \\\\ \n");
1396                                 return 1;
1397                         }
1398                         value = strpbrk(vol->UNC+2, "/\\");
1399                         if (value)
1400                                 *value = '\\';
1401                 } else {
1402                         printk(KERN_WARNING "CIFS: UNC name too long\n");
1403                         return 1;
1404                 }
1405         }
1406
1407         if (vol->multiuser && !(vol->secFlg & CIFSSEC_MAY_KRB5)) {
1408                 cERROR(1, "Multiuser mounts currently require krb5 "
1409                           "authentication!");
1410                 return 1;
1411         }
1412
1413         if (vol->UNCip == NULL)
1414                 vol->UNCip = &vol->UNC[2];
1415
1416         if (uid_specified)
1417                 vol->override_uid = override_uid;
1418         else if (override_uid == 1)
1419                 printk(KERN_NOTICE "CIFS: ignoring forceuid mount option "
1420                                    "specified with no uid= option.\n");
1421
1422         if (gid_specified)
1423                 vol->override_gid = override_gid;
1424         else if (override_gid == 1)
1425                 printk(KERN_NOTICE "CIFS: ignoring forcegid mount option "
1426                                    "specified with no gid= option.\n");
1427
1428         return 0;
1429 }
1430
1431 /** Returns true if srcaddr isn't specified and rhs isn't
1432  * specified, or if srcaddr is specified and
1433  * matches the IP address of the rhs argument.
1434  */
1435 static bool
1436 srcip_matches(struct sockaddr *srcaddr, struct sockaddr *rhs)
1437 {
1438         switch (srcaddr->sa_family) {
1439         case AF_UNSPEC:
1440                 return (rhs->sa_family == AF_UNSPEC);
1441         case AF_INET: {
1442                 struct sockaddr_in *saddr4 = (struct sockaddr_in *)srcaddr;
1443                 struct sockaddr_in *vaddr4 = (struct sockaddr_in *)rhs;
1444                 return (saddr4->sin_addr.s_addr == vaddr4->sin_addr.s_addr);
1445         }
1446         case AF_INET6: {
1447                 struct sockaddr_in6 *saddr6 = (struct sockaddr_in6 *)srcaddr;
1448                 struct sockaddr_in6 *vaddr6 = (struct sockaddr_in6 *)&rhs;
1449                 return ipv6_addr_equal(&saddr6->sin6_addr, &vaddr6->sin6_addr);
1450         }
1451         default:
1452                 WARN_ON(1);
1453                 return false; /* don't expect to be here */
1454         }
1455 }
1456
1457
1458 static bool
1459 match_address(struct TCP_Server_Info *server, struct sockaddr *addr,
1460               struct sockaddr *srcaddr)
1461 {
1462         struct sockaddr_in *addr4 = (struct sockaddr_in *)addr;
1463         struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)addr;
1464
1465         switch (addr->sa_family) {
1466         case AF_INET:
1467                 if (addr4->sin_addr.s_addr !=
1468                     server->addr.sockAddr.sin_addr.s_addr)
1469                         return false;
1470                 if (addr4->sin_port &&
1471                     addr4->sin_port != server->addr.sockAddr.sin_port)
1472                         return false;
1473                 break;
1474         case AF_INET6:
1475                 if (!ipv6_addr_equal(&addr6->sin6_addr,
1476                                      &server->addr.sockAddr6.sin6_addr))
1477                         return false;
1478                 if (addr6->sin6_scope_id !=
1479                     server->addr.sockAddr6.sin6_scope_id)
1480                         return false;
1481                 if (addr6->sin6_port &&
1482                     addr6->sin6_port != server->addr.sockAddr6.sin6_port)
1483                         return false;
1484                 break;
1485         }
1486
1487         if (!srcip_matches(srcaddr, (struct sockaddr *)&server->srcaddr))
1488                 return false;
1489
1490         return true;
1491 }
1492
1493 static bool
1494 match_security(struct TCP_Server_Info *server, struct smb_vol *vol)
1495 {
1496         unsigned int secFlags;
1497
1498         if (vol->secFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
1499                 secFlags = vol->secFlg;
1500         else
1501                 secFlags = global_secflags | vol->secFlg;
1502
1503         switch (server->secType) {
1504         case LANMAN:
1505                 if (!(secFlags & (CIFSSEC_MAY_LANMAN|CIFSSEC_MAY_PLNTXT)))
1506                         return false;
1507                 break;
1508         case NTLMv2:
1509                 if (!(secFlags & CIFSSEC_MAY_NTLMV2))
1510                         return false;
1511                 break;
1512         case NTLM:
1513                 if (!(secFlags & CIFSSEC_MAY_NTLM))
1514                         return false;
1515                 break;
1516         case Kerberos:
1517                 if (!(secFlags & CIFSSEC_MAY_KRB5))
1518                         return false;
1519                 break;
1520         case RawNTLMSSP:
1521                 if (!(secFlags & CIFSSEC_MAY_NTLMSSP))
1522                         return false;
1523                 break;
1524         default:
1525                 /* shouldn't happen */
1526                 return false;
1527         }
1528
1529         /* now check if signing mode is acceptible */
1530         if ((secFlags & CIFSSEC_MAY_SIGN) == 0 &&
1531             (server->secMode & SECMODE_SIGN_REQUIRED))
1532                         return false;
1533         else if (((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) &&
1534                  (server->secMode &
1535                   (SECMODE_SIGN_ENABLED|SECMODE_SIGN_REQUIRED)) == 0)
1536                         return false;
1537
1538         return true;
1539 }
1540
1541 static struct TCP_Server_Info *
1542 cifs_find_tcp_session(struct sockaddr *addr, struct smb_vol *vol)
1543 {
1544         struct TCP_Server_Info *server;
1545
1546         spin_lock(&cifs_tcp_ses_lock);
1547         list_for_each_entry(server, &cifs_tcp_ses_list, tcp_ses_list) {
1548                 if (!match_address(server, addr,
1549                                    (struct sockaddr *)&vol->srcaddr))
1550                         continue;
1551
1552                 if (!match_security(server, vol))
1553                         continue;
1554
1555                 ++server->srv_count;
1556                 spin_unlock(&cifs_tcp_ses_lock);
1557                 cFYI(1, "Existing tcp session with server found");
1558                 return server;
1559         }
1560         spin_unlock(&cifs_tcp_ses_lock);
1561         return NULL;
1562 }
1563
1564 static void
1565 cifs_put_tcp_session(struct TCP_Server_Info *server)
1566 {
1567         struct task_struct *task;
1568
1569         spin_lock(&cifs_tcp_ses_lock);
1570         if (--server->srv_count > 0) {
1571                 spin_unlock(&cifs_tcp_ses_lock);
1572                 return;
1573         }
1574
1575         list_del_init(&server->tcp_ses_list);
1576         spin_unlock(&cifs_tcp_ses_lock);
1577
1578         spin_lock(&GlobalMid_Lock);
1579         server->tcpStatus = CifsExiting;
1580         spin_unlock(&GlobalMid_Lock);
1581
1582         cifs_crypto_shash_release(server);
1583         cifs_fscache_release_client_cookie(server);
1584
1585         kfree(server->session_key.response);
1586         server->session_key.response = NULL;
1587         server->session_key.len = 0;
1588
1589         task = xchg(&server->tsk, NULL);
1590         if (task)
1591                 force_sig(SIGKILL, task);
1592 }
1593
1594 static struct TCP_Server_Info *
1595 cifs_get_tcp_session(struct smb_vol *volume_info)
1596 {
1597         struct TCP_Server_Info *tcp_ses = NULL;
1598         struct sockaddr_storage addr;
1599         struct sockaddr_in *sin_server = (struct sockaddr_in *) &addr;
1600         struct sockaddr_in6 *sin_server6 = (struct sockaddr_in6 *) &addr;
1601         int rc;
1602
1603         memset(&addr, 0, sizeof(struct sockaddr_storage));
1604
1605         cFYI(1, "UNC: %s ip: %s", volume_info->UNC, volume_info->UNCip);
1606
1607         if (volume_info->UNCip && volume_info->UNC) {
1608                 rc = cifs_fill_sockaddr((struct sockaddr *)&addr,
1609                                         volume_info->UNCip,
1610                                         strlen(volume_info->UNCip),
1611                                         volume_info->port);
1612                 if (!rc) {
1613                         /* we failed translating address */
1614                         rc = -EINVAL;
1615                         goto out_err;
1616                 }
1617         } else if (volume_info->UNCip) {
1618                 /* BB using ip addr as tcp_ses name to connect to the
1619                    DFS root below */
1620                 cERROR(1, "Connecting to DFS root not implemented yet");
1621                 rc = -EINVAL;
1622                 goto out_err;
1623         } else /* which tcp_sess DFS root would we conect to */ {
1624                 cERROR(1, "CIFS mount error: No UNC path (e.g. -o "
1625                         "unc=//192.168.1.100/public) specified");
1626                 rc = -EINVAL;
1627                 goto out_err;
1628         }
1629
1630         /* see if we already have a matching tcp_ses */
1631         tcp_ses = cifs_find_tcp_session((struct sockaddr *)&addr, volume_info);
1632         if (tcp_ses)
1633                 return tcp_ses;
1634
1635         tcp_ses = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL);
1636         if (!tcp_ses) {
1637                 rc = -ENOMEM;
1638                 goto out_err;
1639         }
1640
1641         rc = cifs_crypto_shash_allocate(tcp_ses);
1642         if (rc) {
1643                 cERROR(1, "could not setup hash structures rc %d", rc);
1644                 goto out_err;
1645         }
1646
1647         tcp_ses->hostname = extract_hostname(volume_info->UNC);
1648         if (IS_ERR(tcp_ses->hostname)) {
1649                 rc = PTR_ERR(tcp_ses->hostname);
1650                 goto out_err_crypto_release;
1651         }
1652
1653         tcp_ses->noblocksnd = volume_info->noblocksnd;
1654         tcp_ses->noautotune = volume_info->noautotune;
1655         tcp_ses->tcp_nodelay = volume_info->sockopt_tcp_nodelay;
1656         atomic_set(&tcp_ses->inFlight, 0);
1657         init_waitqueue_head(&tcp_ses->response_q);
1658         init_waitqueue_head(&tcp_ses->request_q);
1659         INIT_LIST_HEAD(&tcp_ses->pending_mid_q);
1660         mutex_init(&tcp_ses->srv_mutex);
1661         memcpy(tcp_ses->workstation_RFC1001_name,
1662                 volume_info->source_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1663         memcpy(tcp_ses->server_RFC1001_name,
1664                 volume_info->target_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1665         tcp_ses->session_estab = false;
1666         tcp_ses->sequence_number = 0;
1667         INIT_LIST_HEAD(&tcp_ses->tcp_ses_list);
1668         INIT_LIST_HEAD(&tcp_ses->smb_ses_list);
1669
1670         /*
1671          * at this point we are the only ones with the pointer
1672          * to the struct since the kernel thread not created yet
1673          * no need to spinlock this init of tcpStatus or srv_count
1674          */
1675         tcp_ses->tcpStatus = CifsNew;
1676         memcpy(&tcp_ses->srcaddr, &volume_info->srcaddr,
1677                sizeof(tcp_ses->srcaddr));
1678         ++tcp_ses->srv_count;
1679
1680         if (addr.ss_family == AF_INET6) {
1681                 cFYI(1, "attempting ipv6 connect");
1682                 /* BB should we allow ipv6 on port 139? */
1683                 /* other OS never observed in Wild doing 139 with v6 */
1684                 memcpy(&tcp_ses->addr.sockAddr6, sin_server6,
1685                         sizeof(struct sockaddr_in6));
1686                 rc = ipv6_connect(tcp_ses);
1687         } else {
1688                 memcpy(&tcp_ses->addr.sockAddr, sin_server,
1689                         sizeof(struct sockaddr_in));
1690                 rc = ipv4_connect(tcp_ses);
1691         }
1692         if (rc < 0) {
1693                 cERROR(1, "Error connecting to socket. Aborting operation");
1694                 goto out_err_crypto_release;
1695         }
1696
1697         /*
1698          * since we're in a cifs function already, we know that
1699          * this will succeed. No need for try_module_get().
1700          */
1701         __module_get(THIS_MODULE);
1702         tcp_ses->tsk = kthread_run((void *)(void *)cifs_demultiplex_thread,
1703                                   tcp_ses, "cifsd");
1704         if (IS_ERR(tcp_ses->tsk)) {
1705                 rc = PTR_ERR(tcp_ses->tsk);
1706                 cERROR(1, "error %d create cifsd thread", rc);
1707                 module_put(THIS_MODULE);
1708                 goto out_err_crypto_release;
1709         }
1710
1711         /* thread spawned, put it on the list */
1712         spin_lock(&cifs_tcp_ses_lock);
1713         list_add(&tcp_ses->tcp_ses_list, &cifs_tcp_ses_list);
1714         spin_unlock(&cifs_tcp_ses_lock);
1715
1716         cifs_fscache_get_client_cookie(tcp_ses);
1717
1718         return tcp_ses;
1719
1720 out_err_crypto_release:
1721         cifs_crypto_shash_release(tcp_ses);
1722
1723 out_err:
1724         if (tcp_ses) {
1725                 if (!IS_ERR(tcp_ses->hostname))
1726                         kfree(tcp_ses->hostname);
1727                 if (tcp_ses->ssocket)
1728                         sock_release(tcp_ses->ssocket);
1729                 kfree(tcp_ses);
1730         }
1731         return ERR_PTR(rc);
1732 }
1733
1734 static struct cifsSesInfo *
1735 cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb_vol *vol)
1736 {
1737         struct cifsSesInfo *ses;
1738
1739         spin_lock(&cifs_tcp_ses_lock);
1740         list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
1741                 switch (server->secType) {
1742                 case Kerberos:
1743                         if (vol->cred_uid != ses->cred_uid)
1744                                 continue;
1745                         break;
1746                 default:
1747                         /* anything else takes username/password */
1748                         if (strncmp(ses->userName, vol->username,
1749                                     MAX_USERNAME_SIZE))
1750                                 continue;
1751                         if (strlen(vol->username) != 0 &&
1752                             ses->password != NULL &&
1753                             strncmp(ses->password,
1754                                     vol->password ? vol->password : "",
1755                                     MAX_PASSWORD_SIZE))
1756                                 continue;
1757                 }
1758                 ++ses->ses_count;
1759                 spin_unlock(&cifs_tcp_ses_lock);
1760                 return ses;
1761         }
1762         spin_unlock(&cifs_tcp_ses_lock);
1763         return NULL;
1764 }
1765
1766 static void
1767 cifs_put_smb_ses(struct cifsSesInfo *ses)
1768 {
1769         int xid;
1770         struct TCP_Server_Info *server = ses->server;
1771
1772         cFYI(1, "%s: ses_count=%d\n", __func__, ses->ses_count);
1773         spin_lock(&cifs_tcp_ses_lock);
1774         if (--ses->ses_count > 0) {
1775                 spin_unlock(&cifs_tcp_ses_lock);
1776                 return;
1777         }
1778
1779         list_del_init(&ses->smb_ses_list);
1780         spin_unlock(&cifs_tcp_ses_lock);
1781
1782         if (ses->status == CifsGood) {
1783                 xid = GetXid();
1784                 CIFSSMBLogoff(xid, ses);
1785                 _FreeXid(xid);
1786         }
1787         sesInfoFree(ses);
1788         cifs_put_tcp_session(server);
1789 }
1790
1791 static struct cifsSesInfo *
1792 cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info)
1793 {
1794         int rc = -ENOMEM, xid;
1795         struct cifsSesInfo *ses;
1796
1797         xid = GetXid();
1798
1799         ses = cifs_find_smb_ses(server, volume_info);
1800         if (ses) {
1801                 cFYI(1, "Existing smb sess found (status=%d)", ses->status);
1802
1803                 mutex_lock(&ses->session_mutex);
1804                 rc = cifs_negotiate_protocol(xid, ses);
1805                 if (rc) {
1806                         mutex_unlock(&ses->session_mutex);
1807                         /* problem -- put our ses reference */
1808                         cifs_put_smb_ses(ses);
1809                         FreeXid(xid);
1810                         return ERR_PTR(rc);
1811                 }
1812                 if (ses->need_reconnect) {
1813                         cFYI(1, "Session needs reconnect");
1814                         rc = cifs_setup_session(xid, ses,
1815                                                 volume_info->local_nls);
1816                         if (rc) {
1817                                 mutex_unlock(&ses->session_mutex);
1818                                 /* problem -- put our reference */
1819                                 cifs_put_smb_ses(ses);
1820                                 FreeXid(xid);
1821                                 return ERR_PTR(rc);
1822                         }
1823                 }
1824                 mutex_unlock(&ses->session_mutex);
1825
1826                 /* existing SMB ses has a server reference already */
1827                 cifs_put_tcp_session(server);
1828                 FreeXid(xid);
1829                 return ses;
1830         }
1831
1832         cFYI(1, "Existing smb sess not found");
1833         ses = sesInfoAlloc();
1834         if (ses == NULL)
1835                 goto get_ses_fail;
1836
1837         /* new SMB session uses our server ref */
1838         ses->server = server;
1839         if (server->addr.sockAddr6.sin6_family == AF_INET6)
1840                 sprintf(ses->serverName, "%pI6",
1841                         &server->addr.sockAddr6.sin6_addr);
1842         else
1843                 sprintf(ses->serverName, "%pI4",
1844                         &server->addr.sockAddr.sin_addr.s_addr);
1845
1846         if (volume_info->username)
1847                 strncpy(ses->userName, volume_info->username,
1848                         MAX_USERNAME_SIZE);
1849
1850         /* volume_info->password freed at unmount */
1851         if (volume_info->password) {
1852                 ses->password = kstrdup(volume_info->password, GFP_KERNEL);
1853                 if (!ses->password)
1854                         goto get_ses_fail;
1855         }
1856         if (volume_info->domainname) {
1857                 ses->domainName = kstrdup(volume_info->domainname, GFP_KERNEL);
1858                 if (!ses->domainName)
1859                         goto get_ses_fail;
1860         }
1861         ses->cred_uid = volume_info->cred_uid;
1862         ses->linux_uid = volume_info->linux_uid;
1863         ses->overrideSecFlg = volume_info->secFlg;
1864
1865         mutex_lock(&ses->session_mutex);
1866         rc = cifs_negotiate_protocol(xid, ses);
1867         if (!rc)
1868                 rc = cifs_setup_session(xid, ses, volume_info->local_nls);
1869         mutex_unlock(&ses->session_mutex);
1870         if (rc)
1871                 goto get_ses_fail;
1872
1873         /* success, put it on the list */
1874         spin_lock(&cifs_tcp_ses_lock);
1875         list_add(&ses->smb_ses_list, &server->smb_ses_list);
1876         spin_unlock(&cifs_tcp_ses_lock);
1877
1878         FreeXid(xid);
1879         return ses;
1880
1881 get_ses_fail:
1882         sesInfoFree(ses);
1883         FreeXid(xid);
1884         return ERR_PTR(rc);
1885 }
1886
1887 static struct cifsTconInfo *
1888 cifs_find_tcon(struct cifsSesInfo *ses, const char *unc)
1889 {
1890         struct list_head *tmp;
1891         struct cifsTconInfo *tcon;
1892
1893         spin_lock(&cifs_tcp_ses_lock);
1894         list_for_each(tmp, &ses->tcon_list) {
1895                 tcon = list_entry(tmp, struct cifsTconInfo, tcon_list);
1896                 if (tcon->tidStatus == CifsExiting)
1897                         continue;
1898                 if (strncmp(tcon->treeName, unc, MAX_TREE_SIZE))
1899                         continue;
1900
1901                 ++tcon->tc_count;
1902                 spin_unlock(&cifs_tcp_ses_lock);
1903                 return tcon;
1904         }
1905         spin_unlock(&cifs_tcp_ses_lock);
1906         return NULL;
1907 }
1908
1909 static void
1910 cifs_put_tcon(struct cifsTconInfo *tcon)
1911 {
1912         int xid;
1913         struct cifsSesInfo *ses = tcon->ses;
1914
1915         cFYI(1, "%s: tc_count=%d\n", __func__, tcon->tc_count);
1916         spin_lock(&cifs_tcp_ses_lock);
1917         if (--tcon->tc_count > 0) {
1918                 spin_unlock(&cifs_tcp_ses_lock);
1919                 return;
1920         }
1921
1922         list_del_init(&tcon->tcon_list);
1923         spin_unlock(&cifs_tcp_ses_lock);
1924
1925         xid = GetXid();
1926         CIFSSMBTDis(xid, tcon);
1927         _FreeXid(xid);
1928
1929         cifs_fscache_release_super_cookie(tcon);
1930         tconInfoFree(tcon);
1931         cifs_put_smb_ses(ses);
1932 }
1933
1934 static struct cifsTconInfo *
1935 cifs_get_tcon(struct cifsSesInfo *ses, struct smb_vol *volume_info)
1936 {
1937         int rc, xid;
1938         struct cifsTconInfo *tcon;
1939
1940         tcon = cifs_find_tcon(ses, volume_info->UNC);
1941         if (tcon) {
1942                 cFYI(1, "Found match on UNC path");
1943                 /* existing tcon already has a reference */
1944                 cifs_put_smb_ses(ses);
1945                 if (tcon->seal != volume_info->seal)
1946                         cERROR(1, "transport encryption setting "
1947                                    "conflicts with existing tid");
1948                 return tcon;
1949         }
1950
1951         tcon = tconInfoAlloc();
1952         if (tcon == NULL) {
1953                 rc = -ENOMEM;
1954                 goto out_fail;
1955         }
1956
1957         tcon->ses = ses;
1958         if (volume_info->password) {
1959                 tcon->password = kstrdup(volume_info->password, GFP_KERNEL);
1960                 if (!tcon->password) {
1961                         rc = -ENOMEM;
1962                         goto out_fail;
1963                 }
1964         }
1965
1966         if (strchr(volume_info->UNC + 3, '\\') == NULL
1967             && strchr(volume_info->UNC + 3, '/') == NULL) {
1968                 cERROR(1, "Missing share name");
1969                 rc = -ENODEV;
1970                 goto out_fail;
1971         }
1972
1973         /* BB Do we need to wrap session_mutex around
1974          * this TCon call and Unix SetFS as
1975          * we do on SessSetup and reconnect? */
1976         xid = GetXid();
1977         rc = CIFSTCon(xid, ses, volume_info->UNC, tcon, volume_info->local_nls);
1978         FreeXid(xid);
1979         cFYI(1, "CIFS Tcon rc = %d", rc);
1980         if (rc)
1981                 goto out_fail;
1982
1983         if (volume_info->nodfs) {
1984                 tcon->Flags &= ~SMB_SHARE_IS_IN_DFS;
1985                 cFYI(1, "DFS disabled (%d)", tcon->Flags);
1986         }
1987         tcon->seal = volume_info->seal;
1988         /* we can have only one retry value for a connection
1989            to a share so for resources mounted more than once
1990            to the same server share the last value passed in
1991            for the retry flag is used */
1992         tcon->retry = volume_info->retry;
1993         tcon->nocase = volume_info->nocase;
1994         tcon->local_lease = volume_info->local_lease;
1995
1996         spin_lock(&cifs_tcp_ses_lock);
1997         list_add(&tcon->tcon_list, &ses->tcon_list);
1998         spin_unlock(&cifs_tcp_ses_lock);
1999
2000         cifs_fscache_get_super_cookie(tcon);
2001
2002         return tcon;
2003
2004 out_fail:
2005         tconInfoFree(tcon);
2006         return ERR_PTR(rc);
2007 }
2008
2009 void
2010 cifs_put_tlink(struct tcon_link *tlink)
2011 {
2012         if (!tlink || IS_ERR(tlink))
2013                 return;
2014
2015         if (!atomic_dec_and_test(&tlink->tl_count) ||
2016             test_bit(TCON_LINK_IN_TREE, &tlink->tl_flags)) {
2017                 tlink->tl_time = jiffies;
2018                 return;
2019         }
2020
2021         if (!IS_ERR(tlink_tcon(tlink)))
2022                 cifs_put_tcon(tlink_tcon(tlink));
2023         kfree(tlink);
2024         return;
2025 }
2026
2027 int
2028 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo, const char *old_path,
2029              const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
2030              struct dfs_info3_param **preferrals, int remap)
2031 {
2032         char *temp_unc;
2033         int rc = 0;
2034
2035         *pnum_referrals = 0;
2036         *preferrals = NULL;
2037
2038         if (pSesInfo->ipc_tid == 0) {
2039                 temp_unc = kmalloc(2 /* for slashes */ +
2040                         strnlen(pSesInfo->serverName,
2041                                 SERVER_NAME_LEN_WITH_NULL * 2)
2042                                  + 1 + 4 /* slash IPC$ */  + 2,
2043                                 GFP_KERNEL);
2044                 if (temp_unc == NULL)
2045                         return -ENOMEM;
2046                 temp_unc[0] = '\\';
2047                 temp_unc[1] = '\\';
2048                 strcpy(temp_unc + 2, pSesInfo->serverName);
2049                 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
2050                 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
2051                 cFYI(1, "CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid);
2052                 kfree(temp_unc);
2053         }
2054         if (rc == 0)
2055                 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
2056                                      pnum_referrals, nls_codepage, remap);
2057         /* BB map targetUNCs to dfs_info3 structures, here or
2058                 in CIFSGetDFSRefer BB */
2059
2060         return rc;
2061 }
2062
2063 #ifdef CONFIG_DEBUG_LOCK_ALLOC
2064 static struct lock_class_key cifs_key[2];
2065 static struct lock_class_key cifs_slock_key[2];
2066
2067 static inline void
2068 cifs_reclassify_socket4(struct socket *sock)
2069 {
2070         struct sock *sk = sock->sk;
2071         BUG_ON(sock_owned_by_user(sk));
2072         sock_lock_init_class_and_name(sk, "slock-AF_INET-CIFS",
2073                 &cifs_slock_key[0], "sk_lock-AF_INET-CIFS", &cifs_key[0]);
2074 }
2075
2076 static inline void
2077 cifs_reclassify_socket6(struct socket *sock)
2078 {
2079         struct sock *sk = sock->sk;
2080         BUG_ON(sock_owned_by_user(sk));
2081         sock_lock_init_class_and_name(sk, "slock-AF_INET6-CIFS",
2082                 &cifs_slock_key[1], "sk_lock-AF_INET6-CIFS", &cifs_key[1]);
2083 }
2084 #else
2085 static inline void
2086 cifs_reclassify_socket4(struct socket *sock)
2087 {
2088 }
2089
2090 static inline void
2091 cifs_reclassify_socket6(struct socket *sock)
2092 {
2093 }
2094 #endif
2095
2096 /* See RFC1001 section 14 on representation of Netbios names */
2097 static void rfc1002mangle(char *target, char *source, unsigned int length)
2098 {
2099         unsigned int i, j;
2100
2101         for (i = 0, j = 0; i < (length); i++) {
2102                 /* mask a nibble at a time and encode */
2103                 target[j] = 'A' + (0x0F & (source[i] >> 4));
2104                 target[j+1] = 'A' + (0x0F & source[i]);
2105                 j += 2;
2106         }
2107
2108 }
2109
2110 static int
2111 bind_socket(struct TCP_Server_Info *server)
2112 {
2113         int rc = 0;
2114         if (server->srcaddr.ss_family != AF_UNSPEC) {
2115                 /* Bind to the specified local IP address */
2116                 struct socket *socket = server->ssocket;
2117                 rc = socket->ops->bind(socket,
2118                                        (struct sockaddr *) &server->srcaddr,
2119                                        sizeof(server->srcaddr));
2120                 if (rc < 0) {
2121                         struct sockaddr_in *saddr4;
2122                         struct sockaddr_in6 *saddr6;
2123                         saddr4 = (struct sockaddr_in *)&server->srcaddr;
2124                         saddr6 = (struct sockaddr_in6 *)&server->srcaddr;
2125                         if (saddr6->sin6_family == AF_INET6)
2126                                 cERROR(1, "cifs: "
2127                                        "Failed to bind to: %pI6c, error: %d\n",
2128                                        &saddr6->sin6_addr, rc);
2129                         else
2130                                 cERROR(1, "cifs: "
2131                                        "Failed to bind to: %pI4, error: %d\n",
2132                                        &saddr4->sin_addr.s_addr, rc);
2133                 }
2134         }
2135         return rc;
2136 }
2137
2138 static int
2139 ipv4_connect(struct TCP_Server_Info *server)
2140 {
2141         int rc = 0;
2142         int val;
2143         bool connected = false;
2144         __be16 orig_port = 0;
2145         struct socket *socket = server->ssocket;
2146
2147         if (socket == NULL) {
2148                 rc = sock_create_kern(PF_INET, SOCK_STREAM,
2149                                       IPPROTO_TCP, &socket);
2150                 if (rc < 0) {
2151                         cERROR(1, "Error %d creating socket", rc);
2152                         return rc;
2153                 }
2154
2155                 /* BB other socket options to set KEEPALIVE, NODELAY? */
2156                 cFYI(1, "Socket created");
2157                 server->ssocket = socket;
2158                 socket->sk->sk_allocation = GFP_NOFS;
2159                 cifs_reclassify_socket4(socket);
2160         }
2161
2162         rc = bind_socket(server);
2163         if (rc < 0)
2164                 return rc;
2165
2166         /* user overrode default port */
2167         if (server->addr.sockAddr.sin_port) {
2168                 rc = socket->ops->connect(socket, (struct sockaddr *)
2169                                           &server->addr.sockAddr,
2170                                           sizeof(struct sockaddr_in), 0);
2171                 if (rc >= 0)
2172                         connected = true;
2173         }
2174
2175         if (!connected) {
2176                 /* save original port so we can retry user specified port
2177                         later if fall back ports fail this time  */
2178                 orig_port = server->addr.sockAddr.sin_port;
2179
2180                 /* do not retry on the same port we just failed on */
2181                 if (server->addr.sockAddr.sin_port != htons(CIFS_PORT)) {
2182                         server->addr.sockAddr.sin_port = htons(CIFS_PORT);
2183                         rc = socket->ops->connect(socket,
2184                                                 (struct sockaddr *)
2185                                                 &server->addr.sockAddr,
2186                                                 sizeof(struct sockaddr_in), 0);
2187                         if (rc >= 0)
2188                                 connected = true;
2189                 }
2190         }
2191         if (!connected) {
2192                 server->addr.sockAddr.sin_port = htons(RFC1001_PORT);
2193                 rc = socket->ops->connect(socket, (struct sockaddr *)
2194                                               &server->addr.sockAddr,
2195                                               sizeof(struct sockaddr_in), 0);
2196                 if (rc >= 0)
2197                         connected = true;
2198         }
2199
2200         /* give up here - unless we want to retry on different
2201                 protocol families some day */
2202         if (!connected) {
2203                 if (orig_port)
2204                         server->addr.sockAddr.sin_port = orig_port;
2205                 cFYI(1, "Error %d connecting to server via ipv4", rc);
2206                 sock_release(socket);
2207                 server->ssocket = NULL;
2208                 return rc;
2209         }
2210
2211
2212         /*
2213          * Eventually check for other socket options to change from
2214          *  the default. sock_setsockopt not used because it expects
2215          *  user space buffer
2216          */
2217         socket->sk->sk_rcvtimeo = 7 * HZ;
2218         socket->sk->sk_sndtimeo = 5 * HZ;
2219
2220         /* make the bufsizes depend on wsize/rsize and max requests */
2221         if (server->noautotune) {
2222                 if (socket->sk->sk_sndbuf < (200 * 1024))
2223                         socket->sk->sk_sndbuf = 200 * 1024;
2224                 if (socket->sk->sk_rcvbuf < (140 * 1024))
2225                         socket->sk->sk_rcvbuf = 140 * 1024;
2226         }
2227
2228         if (server->tcp_nodelay) {
2229                 val = 1;
2230                 rc = kernel_setsockopt(socket, SOL_TCP, TCP_NODELAY,
2231                                 (char *)&val, sizeof(val));
2232                 if (rc)
2233                         cFYI(1, "set TCP_NODELAY socket option error %d", rc);
2234         }
2235
2236          cFYI(1, "sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
2237                  socket->sk->sk_sndbuf,
2238                  socket->sk->sk_rcvbuf, socket->sk->sk_rcvtimeo);
2239
2240         /* send RFC1001 sessinit */
2241         if (server->addr.sockAddr.sin_port == htons(RFC1001_PORT)) {
2242                 /* some servers require RFC1001 sessinit before sending
2243                 negprot - BB check reconnection in case where second
2244                 sessinit is sent but no second negprot */
2245                 struct rfc1002_session_packet *ses_init_buf;
2246                 struct smb_hdr *smb_buf;
2247                 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
2248                                        GFP_KERNEL);
2249                 if (ses_init_buf) {
2250                         ses_init_buf->trailer.session_req.called_len = 32;
2251                         if (server->server_RFC1001_name &&
2252                             server->server_RFC1001_name[0] != 0)
2253                                 rfc1002mangle(ses_init_buf->trailer.
2254                                                 session_req.called_name,
2255                                               server->server_RFC1001_name,
2256                                               RFC1001_NAME_LEN_WITH_NULL);
2257                         else
2258                                 rfc1002mangle(ses_init_buf->trailer.
2259                                                 session_req.called_name,
2260                                               DEFAULT_CIFS_CALLED_NAME,
2261                                               RFC1001_NAME_LEN_WITH_NULL);
2262
2263                         ses_init_buf->trailer.session_req.calling_len = 32;
2264
2265                         /* calling name ends in null (byte 16) from old smb
2266                         convention. */
2267                         if (server->workstation_RFC1001_name &&
2268                             server->workstation_RFC1001_name[0] != 0)
2269                                 rfc1002mangle(ses_init_buf->trailer.
2270                                                 session_req.calling_name,
2271                                               server->workstation_RFC1001_name,
2272                                               RFC1001_NAME_LEN_WITH_NULL);
2273                         else
2274                                 rfc1002mangle(ses_init_buf->trailer.
2275                                                 session_req.calling_name,
2276                                               "LINUX_CIFS_CLNT",
2277                                               RFC1001_NAME_LEN_WITH_NULL);
2278
2279                         ses_init_buf->trailer.session_req.scope1 = 0;
2280                         ses_init_buf->trailer.session_req.scope2 = 0;
2281                         smb_buf = (struct smb_hdr *)ses_init_buf;
2282                         /* sizeof RFC1002_SESSION_REQUEST with no scope */
2283                         smb_buf->smb_buf_length = 0x81000044;
2284                         rc = smb_send(server, smb_buf, 0x44);
2285                         kfree(ses_init_buf);
2286                         msleep(1); /* RFC1001 layer in at least one server
2287                                       requires very short break before negprot
2288                                       presumably because not expecting negprot
2289                                       to follow so fast.  This is a simple
2290                                       solution that works without
2291                                       complicating the code and causes no
2292                                       significant slowing down on mount
2293                                       for everyone else */
2294                 }
2295                 /* else the negprot may still work without this
2296                 even though malloc failed */
2297
2298         }
2299
2300         return rc;
2301 }
2302
2303 static int
2304 ipv6_connect(struct TCP_Server_Info *server)
2305 {
2306         int rc = 0;
2307         int val;
2308         bool connected = false;
2309         __be16 orig_port = 0;
2310         struct socket *socket = server->ssocket;
2311
2312         if (socket == NULL) {
2313                 rc = sock_create_kern(PF_INET6, SOCK_STREAM,
2314                                       IPPROTO_TCP, &socket);
2315                 if (rc < 0) {
2316                         cERROR(1, "Error %d creating ipv6 socket", rc);
2317                         socket = NULL;
2318                         return rc;
2319                 }
2320
2321                 /* BB other socket options to set KEEPALIVE, NODELAY? */
2322                 cFYI(1, "ipv6 Socket created");
2323                 server->ssocket = socket;
2324                 socket->sk->sk_allocation = GFP_NOFS;
2325                 cifs_reclassify_socket6(socket);
2326         }
2327
2328         rc = bind_socket(server);
2329         if (rc < 0)
2330                 return rc;
2331
2332         /* user overrode default port */
2333         if (server->addr.sockAddr6.sin6_port) {
2334                 rc = socket->ops->connect(socket,
2335                                 (struct sockaddr *) &server->addr.sockAddr6,
2336                                 sizeof(struct sockaddr_in6), 0);
2337                 if (rc >= 0)
2338                         connected = true;
2339         }
2340
2341         if (!connected) {
2342                 /* save original port so we can retry user specified port
2343                         later if fall back ports fail this time  */
2344
2345                 orig_port = server->addr.sockAddr6.sin6_port;
2346                 /* do not retry on the same port we just failed on */
2347                 if (server->addr.sockAddr6.sin6_port != htons(CIFS_PORT)) {
2348                         server->addr.sockAddr6.sin6_port = htons(CIFS_PORT);
2349                         rc = socket->ops->connect(socket, (struct sockaddr *)
2350                                         &server->addr.sockAddr6,
2351                                         sizeof(struct sockaddr_in6), 0);
2352                         if (rc >= 0)
2353                                 connected = true;
2354                 }
2355         }
2356         if (!connected) {
2357                 server->addr.sockAddr6.sin6_port = htons(RFC1001_PORT);
2358                 rc = socket->ops->connect(socket, (struct sockaddr *)
2359                                 &server->addr.sockAddr6,
2360                                 sizeof(struct sockaddr_in6), 0);
2361                 if (rc >= 0)
2362                         connected = true;
2363         }
2364
2365         /* give up here - unless we want to retry on different
2366                 protocol families some day */
2367         if (!connected) {
2368                 if (orig_port)
2369                         server->addr.sockAddr6.sin6_port = orig_port;
2370                 cFYI(1, "Error %d connecting to server via ipv6", rc);
2371                 sock_release(socket);
2372                 server->ssocket = NULL;
2373                 return rc;
2374         }
2375
2376         /*
2377          * Eventually check for other socket options to change from
2378          * the default. sock_setsockopt not used because it expects
2379          * user space buffer
2380          */
2381         socket->sk->sk_rcvtimeo = 7 * HZ;
2382         socket->sk->sk_sndtimeo = 5 * HZ;
2383
2384         if (server->tcp_nodelay) {
2385                 val = 1;
2386                 rc = kernel_setsockopt(socket, SOL_TCP, TCP_NODELAY,
2387                                 (char *)&val, sizeof(val));
2388                 if (rc)
2389                         cFYI(1, "set TCP_NODELAY socket option error %d", rc);
2390         }
2391
2392         server->ssocket = socket;
2393
2394         return rc;
2395 }
2396
2397 void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon,
2398                           struct super_block *sb, struct smb_vol *vol_info)
2399 {
2400         /* if we are reconnecting then should we check to see if
2401          * any requested capabilities changed locally e.g. via
2402          * remount but we can not do much about it here
2403          * if they have (even if we could detect it by the following)
2404          * Perhaps we could add a backpointer to array of sb from tcon
2405          * or if we change to make all sb to same share the same
2406          * sb as NFS - then we only have one backpointer to sb.
2407          * What if we wanted to mount the server share twice once with
2408          * and once without posixacls or posix paths? */
2409         __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2410
2411         if (vol_info && vol_info->no_linux_ext) {
2412                 tcon->fsUnixInfo.Capability = 0;
2413                 tcon->unix_ext = 0; /* Unix Extensions disabled */
2414                 cFYI(1, "Linux protocol extensions disabled");
2415                 return;
2416         } else if (vol_info)
2417                 tcon->unix_ext = 1; /* Unix Extensions supported */
2418
2419         if (tcon->unix_ext == 0) {
2420                 cFYI(1, "Unix extensions disabled so not set on reconnect");
2421                 return;
2422         }
2423
2424         if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
2425                 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2426
2427                 /* check for reconnect case in which we do not
2428                    want to change the mount behavior if we can avoid it */
2429                 if (vol_info == NULL) {
2430                         /* turn off POSIX ACL and PATHNAMES if not set
2431                            originally at mount time */
2432                         if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
2433                                 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2434                         if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2435                                 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2436                                         cERROR(1, "POSIXPATH support change");
2437                                 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2438                         } else if ((cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2439                                 cERROR(1, "possible reconnect error");
2440                                 cERROR(1, "server disabled POSIX path support");
2441                         }
2442                 }
2443
2444                 cap &= CIFS_UNIX_CAP_MASK;
2445                 if (vol_info && vol_info->no_psx_acl)
2446                         cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2447                 else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
2448                         cFYI(1, "negotiated posix acl support");
2449                         if (sb)
2450                                 sb->s_flags |= MS_POSIXACL;
2451                 }
2452
2453                 if (vol_info && vol_info->posix_paths == 0)
2454                         cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2455                 else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
2456                         cFYI(1, "negotiate posix pathnames");
2457                         if (sb)
2458                                 CIFS_SB(sb)->mnt_cifs_flags |=
2459                                         CIFS_MOUNT_POSIX_PATHS;
2460                 }
2461
2462                 /* We might be setting the path sep back to a different
2463                 form if we are reconnecting and the server switched its
2464                 posix path capability for this share */
2465                 if (sb && (CIFS_SB(sb)->prepathlen > 0))
2466                         CIFS_SB(sb)->prepath[0] = CIFS_DIR_SEP(CIFS_SB(sb));
2467
2468                 if (sb && (CIFS_SB(sb)->rsize > 127 * 1024)) {
2469                         if ((cap & CIFS_UNIX_LARGE_READ_CAP) == 0) {
2470                                 CIFS_SB(sb)->rsize = 127 * 1024;
2471                                 cFYI(DBG2, "larger reads not supported by srv");
2472                         }
2473                 }
2474
2475
2476                 cFYI(1, "Negotiate caps 0x%x", (int)cap);
2477 #ifdef CONFIG_CIFS_DEBUG2
2478                 if (cap & CIFS_UNIX_FCNTL_CAP)
2479                         cFYI(1, "FCNTL cap");
2480                 if (cap & CIFS_UNIX_EXTATTR_CAP)
2481                         cFYI(1, "EXTATTR cap");
2482                 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2483                         cFYI(1, "POSIX path cap");
2484                 if (cap & CIFS_UNIX_XATTR_CAP)
2485                         cFYI(1, "XATTR cap");
2486                 if (cap & CIFS_UNIX_POSIX_ACL_CAP)
2487                         cFYI(1, "POSIX ACL cap");
2488                 if (cap & CIFS_UNIX_LARGE_READ_CAP)
2489                         cFYI(1, "very large read cap");
2490                 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
2491                         cFYI(1, "very large write cap");
2492 #endif /* CIFS_DEBUG2 */
2493                 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
2494                         if (vol_info == NULL) {
2495                                 cFYI(1, "resetting capabilities failed");
2496                         } else
2497                                 cERROR(1, "Negotiating Unix capabilities "
2498                                            "with the server failed.  Consider "
2499                                            "mounting with the Unix Extensions\n"
2500                                            "disabled, if problems are found, "
2501                                            "by specifying the nounix mount "
2502                                            "option.");
2503
2504                 }
2505         }
2506 }
2507
2508 static void
2509 convert_delimiter(char *path, char delim)
2510 {
2511         int i;
2512         char old_delim;
2513
2514         if (path == NULL)
2515                 return;
2516
2517         if (delim == '/')
2518                 old_delim = '\\';
2519         else
2520                 old_delim = '/';
2521
2522         for (i = 0; path[i] != '\0'; i++) {
2523                 if (path[i] == old_delim)
2524                         path[i] = delim;
2525         }
2526 }
2527
2528 static void setup_cifs_sb(struct smb_vol *pvolume_info,
2529                           struct cifs_sb_info *cifs_sb)
2530 {
2531         INIT_DELAYED_WORK(&cifs_sb->prune_tlinks, cifs_prune_tlinks);
2532
2533         if (pvolume_info->rsize > CIFSMaxBufSize) {
2534                 cERROR(1, "rsize %d too large, using MaxBufSize",
2535                         pvolume_info->rsize);
2536                 cifs_sb->rsize = CIFSMaxBufSize;
2537         } else if ((pvolume_info->rsize) &&
2538                         (pvolume_info->rsize <= CIFSMaxBufSize))
2539                 cifs_sb->rsize = pvolume_info->rsize;
2540         else /* default */
2541                 cifs_sb->rsize = CIFSMaxBufSize;
2542
2543         if (pvolume_info->wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
2544                 cERROR(1, "wsize %d too large, using 4096 instead",
2545                           pvolume_info->wsize);
2546                 cifs_sb->wsize = 4096;
2547         } else if (pvolume_info->wsize)
2548                 cifs_sb->wsize = pvolume_info->wsize;
2549         else
2550                 cifs_sb->wsize = min_t(const int,
2551                                         PAGEVEC_SIZE * PAGE_CACHE_SIZE,
2552                                         127*1024);
2553                 /* old default of CIFSMaxBufSize was too small now
2554                    that SMB Write2 can send multiple pages in kvec.
2555                    RFC1001 does not describe what happens when frame
2556                    bigger than 128K is sent so use that as max in
2557                    conjunction with 52K kvec constraint on arch with 4K
2558                    page size  */
2559
2560         if (cifs_sb->rsize < 2048) {
2561                 cifs_sb->rsize = 2048;
2562                 /* Windows ME may prefer this */
2563                 cFYI(1, "readsize set to minimum: 2048");
2564         }
2565         /* calculate prepath */
2566         cifs_sb->prepath = pvolume_info->prepath;
2567         if (cifs_sb->prepath) {
2568                 cifs_sb->prepathlen = strlen(cifs_sb->prepath);
2569                 /* we can not convert the / to \ in the path
2570                 separators in the prefixpath yet because we do not
2571                 know (until reset_cifs_unix_caps is called later)
2572                 whether POSIX PATH CAP is available. We normalize
2573                 the / to \ after reset_cifs_unix_caps is called */
2574                 pvolume_info->prepath = NULL;
2575         } else
2576                 cifs_sb->prepathlen = 0;
2577         cifs_sb->mnt_uid = pvolume_info->linux_uid;
2578         cifs_sb->mnt_gid = pvolume_info->linux_gid;
2579         cifs_sb->mnt_file_mode = pvolume_info->file_mode;
2580         cifs_sb->mnt_dir_mode = pvolume_info->dir_mode;
2581         cFYI(1, "file mode: 0x%x  dir mode: 0x%x",
2582                 cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode);
2583
2584         cifs_sb->actimeo = pvolume_info->actimeo;
2585
2586         if (pvolume_info->noperm)
2587                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
2588         if (pvolume_info->setuids)
2589                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
2590         if (pvolume_info->server_ino)
2591                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
2592         if (pvolume_info->remap)
2593                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
2594         if (pvolume_info->no_xattr)
2595                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
2596         if (pvolume_info->sfu_emul)
2597                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
2598         if (pvolume_info->nobrl)
2599                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
2600         if (pvolume_info->nostrictsync)
2601                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOSSYNC;
2602         if (pvolume_info->mand_lock)
2603                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOPOSIXBRL;
2604         if (pvolume_info->cifs_acl)
2605                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
2606         if (pvolume_info->override_uid)
2607                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
2608         if (pvolume_info->override_gid)
2609                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
2610         if (pvolume_info->dynperm)
2611                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM;
2612         if (pvolume_info->fsc)
2613                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_FSCACHE;
2614         if (pvolume_info->multiuser)
2615                 cifs_sb->mnt_cifs_flags |= (CIFS_MOUNT_MULTIUSER |
2616                                             CIFS_MOUNT_NO_PERM);
2617         if (pvolume_info->direct_io) {
2618                 cFYI(1, "mounting share using direct i/o");
2619                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
2620         }
2621         if (pvolume_info->mfsymlinks) {
2622                 if (pvolume_info->sfu_emul) {
2623                         cERROR(1,  "mount option mfsymlinks ignored if sfu "
2624                                    "mount option is used");
2625                 } else {
2626                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MF_SYMLINKS;
2627                 }
2628         }
2629
2630         if ((pvolume_info->cifs_acl) && (pvolume_info->dynperm))
2631                 cERROR(1, "mount option dynperm ignored if cifsacl "
2632                            "mount option supported");
2633 }
2634
2635 static int
2636 is_path_accessible(int xid, struct cifsTconInfo *tcon,
2637                    struct cifs_sb_info *cifs_sb, const char *full_path)
2638 {
2639         int rc;
2640         FILE_ALL_INFO *pfile_info;
2641
2642         pfile_info = kmalloc(sizeof(FILE_ALL_INFO), GFP_KERNEL);
2643         if (pfile_info == NULL)
2644                 return -ENOMEM;
2645
2646         rc = CIFSSMBQPathInfo(xid, tcon, full_path, pfile_info,
2647                               0 /* not legacy */, cifs_sb->local_nls,
2648                               cifs_sb->mnt_cifs_flags &
2649                                 CIFS_MOUNT_MAP_SPECIAL_CHR);
2650         kfree(pfile_info);
2651         return rc;
2652 }
2653
2654 static void
2655 cleanup_volume_info(struct smb_vol **pvolume_info)
2656 {
2657         struct smb_vol *volume_info;
2658
2659         if (!pvolume_info || !*pvolume_info)
2660                 return;
2661
2662         volume_info = *pvolume_info;
2663         kzfree(volume_info->password);
2664         kfree(volume_info->UNC);
2665         kfree(volume_info->prepath);
2666         kfree(volume_info);
2667         *pvolume_info = NULL;
2668         return;
2669 }
2670
2671 #ifdef CONFIG_CIFS_DFS_UPCALL
2672 /* build_path_to_root returns full path to root when
2673  * we do not have an exiting connection (tcon) */
2674 static char *
2675 build_unc_path_to_root(const struct smb_vol *volume_info,
2676                 const struct cifs_sb_info *cifs_sb)
2677 {
2678         char *full_path;
2679
2680         int unc_len = strnlen(volume_info->UNC, MAX_TREE_SIZE + 1);
2681         full_path = kmalloc(unc_len + cifs_sb->prepathlen + 1, GFP_KERNEL);
2682         if (full_path == NULL)
2683                 return ERR_PTR(-ENOMEM);
2684
2685         strncpy(full_path, volume_info->UNC, unc_len);
2686         if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) {
2687                 int i;
2688                 for (i = 0; i < unc_len; i++) {
2689                         if (full_path[i] == '\\')
2690                                 full_path[i] = '/';
2691                 }
2692         }
2693
2694         if (cifs_sb->prepathlen)
2695                 strncpy(full_path + unc_len, cifs_sb->prepath,
2696                                 cifs_sb->prepathlen);
2697
2698         full_path[unc_len + cifs_sb->prepathlen] = 0; /* add trailing null */
2699         return full_path;
2700 }
2701 #endif
2702
2703 int
2704 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
2705                 char *mount_data_global, const char *devname)
2706 {
2707         int rc;
2708         int xid;
2709         struct smb_vol *volume_info;
2710         struct cifsSesInfo *pSesInfo;
2711         struct cifsTconInfo *tcon;
2712         struct TCP_Server_Info *srvTcp;
2713         char   *full_path;
2714         char *mount_data = mount_data_global;
2715         struct tcon_link *tlink;
2716 #ifdef CONFIG_CIFS_DFS_UPCALL
2717         struct dfs_info3_param *referrals = NULL;
2718         unsigned int num_referrals = 0;
2719         int referral_walks_count = 0;
2720 try_mount_again:
2721 #endif
2722         rc = 0;
2723         tcon = NULL;
2724         pSesInfo = NULL;
2725         srvTcp = NULL;
2726         full_path = NULL;
2727         tlink = NULL;
2728
2729         xid = GetXid();
2730
2731         volume_info = kzalloc(sizeof(struct smb_vol), GFP_KERNEL);
2732         if (!volume_info) {
2733                 rc = -ENOMEM;
2734                 goto out;
2735         }
2736
2737         if (cifs_parse_mount_options(mount_data, devname, volume_info)) {
2738                 rc = -EINVAL;
2739                 goto out;
2740         }
2741
2742         if (volume_info->nullauth) {
2743                 cFYI(1, "null user");
2744                 volume_info->username = "";
2745         } else if (volume_info->username) {
2746                 /* BB fixme parse for domain name here */
2747                 cFYI(1, "Username: %s", volume_info->username);
2748         } else {
2749                 cifserror("No username specified");
2750         /* In userspace mount helper we can get user name from alternate
2751            locations such as env variables and files on disk */
2752                 rc = -EINVAL;
2753                 goto out;
2754         }
2755
2756         /* this is needed for ASCII cp to Unicode converts */
2757         if (volume_info->iocharset == NULL) {
2758                 /* load_nls_default cannot return null */
2759                 volume_info->local_nls = load_nls_default();
2760         } else {
2761                 volume_info->local_nls = load_nls(volume_info->iocharset);
2762                 if (volume_info->local_nls == NULL) {
2763                         cERROR(1, "CIFS mount error: iocharset %s not found",
2764                                  volume_info->iocharset);
2765                         rc = -ELIBACC;
2766                         goto out;
2767                 }
2768         }
2769         cifs_sb->local_nls = volume_info->local_nls;
2770
2771         /* get a reference to a tcp session */
2772         srvTcp = cifs_get_tcp_session(volume_info);
2773         if (IS_ERR(srvTcp)) {
2774                 rc = PTR_ERR(srvTcp);
2775                 goto out;
2776         }
2777
2778         /* get a reference to a SMB session */
2779         pSesInfo = cifs_get_smb_ses(srvTcp, volume_info);
2780         if (IS_ERR(pSesInfo)) {
2781                 rc = PTR_ERR(pSesInfo);
2782                 pSesInfo = NULL;
2783                 goto mount_fail_check;
2784         }
2785
2786         setup_cifs_sb(volume_info, cifs_sb);
2787         if (pSesInfo->capabilities & CAP_LARGE_FILES)
2788                 sb->s_maxbytes = MAX_LFS_FILESIZE;
2789         else
2790                 sb->s_maxbytes = MAX_NON_LFS;
2791
2792         /* BB FIXME fix time_gran to be larger for LANMAN sessions */
2793         sb->s_time_gran = 100;
2794
2795         /* search for existing tcon to this server share */
2796         tcon = cifs_get_tcon(pSesInfo, volume_info);
2797         if (IS_ERR(tcon)) {
2798                 rc = PTR_ERR(tcon);
2799                 tcon = NULL;
2800                 goto remote_path_check;
2801         }
2802
2803         /* do not care if following two calls succeed - informational */
2804         if (!tcon->ipc) {
2805                 CIFSSMBQFSDeviceInfo(xid, tcon);
2806                 CIFSSMBQFSAttributeInfo(xid, tcon);
2807         }
2808
2809         /* tell server which Unix caps we support */
2810         if (tcon->ses->capabilities & CAP_UNIX)
2811                 /* reset of caps checks mount to see if unix extensions
2812                    disabled for just this mount */
2813                 reset_cifs_unix_caps(xid, tcon, sb, volume_info);
2814         else
2815                 tcon->unix_ext = 0; /* server does not support them */
2816
2817         /* convert forward to back slashes in prepath here if needed */
2818         if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
2819                 convert_delimiter(cifs_sb->prepath, CIFS_DIR_SEP(cifs_sb));
2820
2821         if ((tcon->unix_ext == 0) && (cifs_sb->rsize > (1024 * 127))) {
2822                 cifs_sb->rsize = 1024 * 127;
2823                 cFYI(DBG2, "no very large read support, rsize now 127K");
2824         }
2825         if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
2826                 cifs_sb->wsize = min(cifs_sb->wsize,
2827                                (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2828         if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
2829                 cifs_sb->rsize = min(cifs_sb->rsize,
2830                                (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2831
2832 remote_path_check:
2833         /* check if a whole path (including prepath) is not remote */
2834         if (!rc && cifs_sb->prepathlen && tcon) {
2835                 /* build_path_to_root works only when we have a valid tcon */
2836                 full_path = cifs_build_path_to_root(cifs_sb, tcon);
2837                 if (full_path == NULL) {
2838                         rc = -ENOMEM;
2839                         goto mount_fail_check;
2840                 }
2841                 rc = is_path_accessible(xid, tcon, cifs_sb, full_path);
2842                 if (rc != 0 && rc != -EREMOTE) {
2843                         kfree(full_path);
2844                         goto mount_fail_check;
2845                 }
2846                 kfree(full_path);
2847         }
2848
2849         /* get referral if needed */
2850         if (rc == -EREMOTE) {
2851 #ifdef CONFIG_CIFS_DFS_UPCALL
2852                 if (referral_walks_count > MAX_NESTED_LINKS) {
2853                         /*
2854                          * BB: when we implement proper loop detection,
2855                          *     we will remove this check. But now we need it
2856                          *     to prevent an indefinite loop if 'DFS tree' is
2857                          *     misconfigured (i.e. has loops).
2858                          */
2859                         rc = -ELOOP;
2860                         goto mount_fail_check;
2861                 }
2862                 /* convert forward to back slashes in prepath here if needed */
2863                 if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
2864                         convert_delimiter(cifs_sb->prepath,
2865                                         CIFS_DIR_SEP(cifs_sb));
2866                 full_path = build_unc_path_to_root(volume_info, cifs_sb);
2867                 if (IS_ERR(full_path)) {
2868                         rc = PTR_ERR(full_path);
2869                         goto mount_fail_check;
2870                 }
2871
2872                 cFYI(1, "Getting referral for: %s", full_path);
2873                 rc = get_dfs_path(xid, pSesInfo , full_path + 1,
2874                         cifs_sb->local_nls, &num_referrals, &referrals,
2875                         cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);
2876                 if (!rc && num_referrals > 0) {
2877                         char *fake_devname = NULL;
2878
2879                         if (mount_data != mount_data_global)
2880                                 kfree(mount_data);
2881
2882                         mount_data = cifs_compose_mount_options(
2883                                         cifs_sb->mountdata, full_path + 1,
2884                                         referrals, &fake_devname);
2885
2886                         free_dfs_info_array(referrals, num_referrals);
2887                         kfree(fake_devname);
2888                         kfree(full_path);
2889
2890                         if (IS_ERR(mount_data)) {
2891                                 rc = PTR_ERR(mount_data);
2892                                 mount_data = NULL;
2893                                 goto mount_fail_check;
2894                         }
2895
2896                         if (tcon)
2897                                 cifs_put_tcon(tcon);
2898                         else if (pSesInfo)
2899                                 cifs_put_smb_ses(pSesInfo);
2900
2901                         cleanup_volume_info(&volume_info);
2902                         referral_walks_count++;
2903                         FreeXid(xid);
2904                         goto try_mount_again;
2905                 }
2906 #else /* No DFS support, return error on mount */
2907                 rc = -EOPNOTSUPP;
2908 #endif
2909         }
2910
2911         if (rc)
2912                 goto mount_fail_check;
2913
2914         /* now, hang the tcon off of the superblock */
2915         tlink = kzalloc(sizeof *tlink, GFP_KERNEL);
2916         if (tlink == NULL) {
2917                 rc = -ENOMEM;
2918                 goto mount_fail_check;
2919         }
2920
2921         tlink->tl_uid = pSesInfo->linux_uid;
2922         tlink->tl_tcon = tcon;
2923         tlink->tl_time = jiffies;
2924         set_bit(TCON_LINK_MASTER, &tlink->tl_flags);
2925         set_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
2926
2927         cifs_sb->master_tlink = tlink;
2928         spin_lock(&cifs_sb->tlink_tree_lock);
2929         tlink_rb_insert(&cifs_sb->tlink_tree, tlink);
2930         spin_unlock(&cifs_sb->tlink_tree_lock);
2931
2932         queue_delayed_work(system_nrt_wq, &cifs_sb->prune_tlinks,
2933                                 TLINK_IDLE_EXPIRE);
2934
2935 mount_fail_check:
2936         /* on error free sesinfo and tcon struct if needed */
2937         if (rc) {
2938                 if (mount_data != mount_data_global)
2939                         kfree(mount_data);
2940                 /* If find_unc succeeded then rc == 0 so we can not end */
2941                 /* up accidently freeing someone elses tcon struct */
2942                 if (tcon)
2943                         cifs_put_tcon(tcon);
2944                 else if (pSesInfo)
2945                         cifs_put_smb_ses(pSesInfo);
2946                 else
2947                         cifs_put_tcp_session(srvTcp);
2948                 goto out;
2949         }
2950
2951         /* volume_info->password is freed above when existing session found
2952         (in which case it is not needed anymore) but when new sesion is created
2953         the password ptr is put in the new session structure (in which case the
2954         password will be freed at unmount time) */
2955 out:
2956         /* zero out password before freeing */
2957         cleanup_volume_info(&volume_info);
2958         FreeXid(xid);
2959         return rc;
2960 }
2961
2962 int
2963 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
2964          const char *tree, struct cifsTconInfo *tcon,
2965          const struct nls_table *nls_codepage)
2966 {
2967         struct smb_hdr *smb_buffer;
2968         struct smb_hdr *smb_buffer_response;
2969         TCONX_REQ *pSMB;
2970         TCONX_RSP *pSMBr;
2971         unsigned char *bcc_ptr;
2972         int rc = 0;
2973         int length, bytes_left;
2974         __u16 count;
2975
2976         if (ses == NULL)
2977                 return -EIO;
2978
2979         smb_buffer = cifs_buf_get();
2980         if (smb_buffer == NULL)
2981                 return -ENOMEM;
2982
2983         smb_buffer_response = smb_buffer;
2984
2985         header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
2986                         NULL /*no tid */ , 4 /*wct */ );
2987
2988         smb_buffer->Mid = GetNextMid(ses->server);
2989         smb_buffer->Uid = ses->Suid;
2990         pSMB = (TCONX_REQ *) smb_buffer;
2991         pSMBr = (TCONX_RSP *) smb_buffer_response;
2992
2993         pSMB->AndXCommand = 0xFF;
2994         pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
2995         bcc_ptr = &pSMB->Password[0];
2996         if ((ses->server->secMode) & SECMODE_USER) {
2997                 pSMB->PasswordLength = cpu_to_le16(1);  /* minimum */
2998                 *bcc_ptr = 0; /* password is null byte */
2999                 bcc_ptr++;              /* skip password */
3000                 /* already aligned so no need to do it below */
3001         } else {
3002                 pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
3003                 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3004                    specified as required (when that support is added to
3005                    the vfs in the future) as only NTLM or the much
3006                    weaker LANMAN (which we do not send by default) is accepted
3007                    by Samba (not sure whether other servers allow
3008                    NTLMv2 password here) */
3009 #ifdef CONFIG_CIFS_WEAK_PW_HASH
3010                 if ((global_secflags & CIFSSEC_MAY_LANMAN) &&
3011                     (ses->server->secType == LANMAN))
3012                         calc_lanman_hash(tcon->password, ses->server->cryptkey,
3013                                          ses->server->secMode &
3014                                             SECMODE_PW_ENCRYPT ? true : false,
3015                                          bcc_ptr);
3016                 else
3017 #endif /* CIFS_WEAK_PW_HASH */
3018                 SMBNTencrypt(tcon->password, ses->server->cryptkey, bcc_ptr);
3019
3020                 bcc_ptr += CIFS_SESS_KEY_SIZE;
3021                 if (ses->capabilities & CAP_UNICODE) {
3022                         /* must align unicode strings */
3023                         *bcc_ptr = 0; /* null byte password */
3024                         bcc_ptr++;
3025                 }
3026         }
3027
3028         if (ses->server->secMode &
3029                         (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3030                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3031
3032         if (ses->capabilities & CAP_STATUS32) {
3033                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3034         }
3035         if (ses->capabilities & CAP_DFS) {
3036                 smb_buffer->Flags2 |= SMBFLG2_DFS;
3037         }
3038         if (ses->capabilities & CAP_UNICODE) {
3039                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3040                 length =
3041                     cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3042                         6 /* max utf8 char length in bytes */ *
3043                         (/* server len*/ + 256 /* share len */), nls_codepage);
3044                 bcc_ptr += 2 * length;  /* convert num 16 bit words to bytes */
3045                 bcc_ptr += 2;   /* skip trailing null */
3046         } else {                /* ASCII */
3047                 strcpy(bcc_ptr, tree);
3048                 bcc_ptr += strlen(tree) + 1;
3049         }
3050         strcpy(bcc_ptr, "?????");
3051         bcc_ptr += strlen("?????");
3052         bcc_ptr += 1;
3053         count = bcc_ptr - &pSMB->Password[0];
3054         pSMB->hdr.smb_buf_length += count;
3055         pSMB->ByteCount = cpu_to_le16(count);
3056
3057         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
3058                          CIFS_STD_OP);
3059
3060         /* above now done in SendReceive */
3061         if ((rc == 0) && (tcon != NULL)) {
3062                 bool is_unicode;
3063
3064                 tcon->tidStatus = CifsGood;
3065                 tcon->need_reconnect = false;
3066                 tcon->tid = smb_buffer_response->Tid;
3067                 bcc_ptr = pByteArea(smb_buffer_response);
3068                 bytes_left = BCC(smb_buffer_response);
3069                 length = strnlen(bcc_ptr, bytes_left - 2);
3070                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE)
3071                         is_unicode = true;
3072                 else
3073                         is_unicode = false;
3074
3075
3076                 /* skip service field (NB: this field is always ASCII) */
3077                 if (length == 3) {
3078                         if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') &&
3079                             (bcc_ptr[2] == 'C')) {
3080                                 cFYI(1, "IPC connection");
3081                                 tcon->ipc = 1;
3082                         }
3083                 } else if (length == 2) {
3084                         if ((bcc_ptr[0] == 'A') && (bcc_ptr[1] == ':')) {
3085                                 /* the most common case */
3086                                 cFYI(1, "disk share connection");
3087                         }
3088                 }
3089                 bcc_ptr += length + 1;
3090                 bytes_left -= (length + 1);
3091                 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3092
3093                 /* mostly informational -- no need to fail on error here */
3094                 kfree(tcon->nativeFileSystem);
3095                 tcon->nativeFileSystem = cifs_strndup_from_ucs(bcc_ptr,
3096                                                       bytes_left, is_unicode,
3097                                                       nls_codepage);
3098
3099                 cFYI(1, "nativeFileSystem=%s", tcon->nativeFileSystem);
3100
3101                 if ((smb_buffer_response->WordCount == 3) ||
3102                          (smb_buffer_response->WordCount == 7))
3103                         /* field is in same location */
3104                         tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3105                 else
3106                         tcon->Flags = 0;
3107                 cFYI(1, "Tcon flags: 0x%x ", tcon->Flags);
3108         } else if ((rc == 0) && tcon == NULL) {
3109                 /* all we need to save for IPC$ connection */
3110                 ses->ipc_tid = smb_buffer_response->Tid;
3111         }
3112
3113         cifs_buf_release(smb_buffer);
3114         return rc;
3115 }
3116
3117 int
3118 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3119 {
3120         struct rb_root *root = &cifs_sb->tlink_tree;
3121         struct rb_node *node;
3122         struct tcon_link *tlink;
3123         char *tmp;
3124
3125         cancel_delayed_work_sync(&cifs_sb->prune_tlinks);
3126
3127         spin_lock(&cifs_sb->tlink_tree_lock);
3128         while ((node = rb_first(root))) {
3129                 tlink = rb_entry(node, struct tcon_link, tl_rbnode);
3130                 cifs_get_tlink(tlink);
3131                 clear_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
3132                 rb_erase(node, root);
3133
3134                 spin_unlock(&cifs_sb->tlink_tree_lock);
3135                 cifs_put_tlink(tlink);
3136                 spin_lock(&cifs_sb->tlink_tree_lock);
3137         }
3138         spin_unlock(&cifs_sb->tlink_tree_lock);
3139
3140         tmp = cifs_sb->prepath;
3141         cifs_sb->prepathlen = 0;
3142         cifs_sb->prepath = NULL;
3143         kfree(tmp);
3144
3145         return 0;
3146 }
3147
3148 int cifs_negotiate_protocol(unsigned int xid, struct cifsSesInfo *ses)
3149 {
3150         int rc = 0;
3151         struct TCP_Server_Info *server = ses->server;
3152
3153         /* only send once per connect */
3154         if (server->maxBuf != 0)
3155                 return 0;
3156
3157         rc = CIFSSMBNegotiate(xid, ses);
3158         if (rc == -EAGAIN) {
3159                 /* retry only once on 1st time connection */
3160                 rc = CIFSSMBNegotiate(xid, ses);
3161                 if (rc == -EAGAIN)
3162                         rc = -EHOSTDOWN;
3163         }
3164         if (rc == 0) {
3165                 spin_lock(&GlobalMid_Lock);
3166                 if (server->tcpStatus != CifsExiting)
3167                         server->tcpStatus = CifsGood;
3168                 else
3169                         rc = -EHOSTDOWN;
3170                 spin_unlock(&GlobalMid_Lock);
3171
3172         }
3173
3174         return rc;
3175 }
3176
3177
3178 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *ses,
3179                         struct nls_table *nls_info)
3180 {
3181         int rc = 0;
3182         struct TCP_Server_Info *server = ses->server;
3183
3184         ses->flags = 0;
3185         ses->capabilities = server->capabilities;
3186         if (linuxExtEnabled == 0)
3187                 ses->capabilities &= (~CAP_UNIX);
3188
3189         cFYI(1, "Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
3190                  server->secMode, server->capabilities, server->timeAdj);
3191
3192         rc = CIFS_SessSetup(xid, ses, nls_info);
3193         if (rc) {
3194                 cERROR(1, "Send error in SessSetup = %d", rc);
3195         } else {
3196                 mutex_lock(&ses->server->srv_mutex);
3197                 if (!server->session_estab) {
3198                         server->session_key.response = ses->auth_key.response;
3199                         server->session_key.len = ses->auth_key.len;
3200                         server->sequence_number = 0x2;
3201                         server->session_estab = true;
3202                         ses->auth_key.response = NULL;
3203                 }
3204                 mutex_unlock(&server->srv_mutex);
3205
3206                 cFYI(1, "CIFS Session Established successfully");
3207                 spin_lock(&GlobalMid_Lock);
3208                 ses->status = CifsGood;
3209                 ses->need_reconnect = false;
3210                 spin_unlock(&GlobalMid_Lock);
3211         }
3212
3213         kfree(ses->auth_key.response);
3214         ses->auth_key.response = NULL;
3215         ses->auth_key.len = 0;
3216         kfree(ses->ntlmssp);
3217         ses->ntlmssp = NULL;
3218
3219         return rc;
3220 }
3221
3222 static struct cifsTconInfo *
3223 cifs_construct_tcon(struct cifs_sb_info *cifs_sb, uid_t fsuid)
3224 {
3225         struct cifsTconInfo *master_tcon = cifs_sb_master_tcon(cifs_sb);
3226         struct cifsSesInfo *ses;
3227         struct cifsTconInfo *tcon = NULL;
3228         struct smb_vol *vol_info;
3229         char username[MAX_USERNAME_SIZE + 1];
3230
3231         vol_info = kzalloc(sizeof(*vol_info), GFP_KERNEL);
3232         if (vol_info == NULL) {
3233                 tcon = ERR_PTR(-ENOMEM);
3234                 goto out;
3235         }
3236
3237         snprintf(username, MAX_USERNAME_SIZE, "krb50x%x", fsuid);
3238         vol_info->username = username;
3239         vol_info->local_nls = cifs_sb->local_nls;
3240         vol_info->linux_uid = fsuid;
3241         vol_info->cred_uid = fsuid;
3242         vol_info->UNC = master_tcon->treeName;
3243         vol_info->retry = master_tcon->retry;
3244         vol_info->nocase = master_tcon->nocase;
3245         vol_info->local_lease = master_tcon->local_lease;
3246         vol_info->no_linux_ext = !master_tcon->unix_ext;
3247
3248         /* FIXME: allow for other secFlg settings */
3249         vol_info->secFlg = CIFSSEC_MUST_KRB5;
3250
3251         /* get a reference for the same TCP session */
3252         spin_lock(&cifs_tcp_ses_lock);
3253         ++master_tcon->ses->server->srv_count;
3254         spin_unlock(&cifs_tcp_ses_lock);
3255
3256         ses = cifs_get_smb_ses(master_tcon->ses->server, vol_info);
3257         if (IS_ERR(ses)) {
3258                 tcon = (struct cifsTconInfo *)ses;
3259                 cifs_put_tcp_session(master_tcon->ses->server);
3260                 goto out;
3261         }
3262
3263         tcon = cifs_get_tcon(ses, vol_info);
3264         if (IS_ERR(tcon)) {
3265                 cifs_put_smb_ses(ses);
3266                 goto out;
3267         }
3268
3269         if (ses->capabilities & CAP_UNIX)
3270                 reset_cifs_unix_caps(0, tcon, NULL, vol_info);
3271 out:
3272         kfree(vol_info);
3273
3274         return tcon;
3275 }
3276
3277 static inline struct tcon_link *
3278 cifs_sb_master_tlink(struct cifs_sb_info *cifs_sb)
3279 {
3280         return cifs_sb->master_tlink;
3281 }
3282
3283 struct cifsTconInfo *
3284 cifs_sb_master_tcon(struct cifs_sb_info *cifs_sb)
3285 {
3286         return tlink_tcon(cifs_sb_master_tlink(cifs_sb));
3287 }
3288
3289 static int
3290 cifs_sb_tcon_pending_wait(void *unused)
3291 {
3292         schedule();
3293         return signal_pending(current) ? -ERESTARTSYS : 0;
3294 }
3295
3296 /* find and return a tlink with given uid */
3297 static struct tcon_link *
3298 tlink_rb_search(struct rb_root *root, uid_t uid)
3299 {
3300         struct rb_node *node = root->rb_node;
3301         struct tcon_link *tlink;
3302
3303         while (node) {
3304                 tlink = rb_entry(node, struct tcon_link, tl_rbnode);
3305
3306                 if (tlink->tl_uid > uid)
3307                         node = node->rb_left;
3308                 else if (tlink->tl_uid < uid)
3309                         node = node->rb_right;
3310                 else
3311                         return tlink;
3312         }
3313         return NULL;
3314 }
3315
3316 /* insert a tcon_link into the tree */
3317 static void
3318 tlink_rb_insert(struct rb_root *root, struct tcon_link *new_tlink)
3319 {
3320         struct rb_node **new = &(root->rb_node), *parent = NULL;
3321         struct tcon_link *tlink;
3322
3323         while (*new) {
3324                 tlink = rb_entry(*new, struct tcon_link, tl_rbnode);
3325                 parent = *new;
3326
3327                 if (tlink->tl_uid > new_tlink->tl_uid)
3328                         new = &((*new)->rb_left);
3329                 else
3330                         new = &((*new)->rb_right);
3331         }
3332
3333         rb_link_node(&new_tlink->tl_rbnode, parent, new);
3334         rb_insert_color(&new_tlink->tl_rbnode, root);
3335 }
3336
3337 /*
3338  * Find or construct an appropriate tcon given a cifs_sb and the fsuid of the
3339  * current task.
3340  *
3341  * If the superblock doesn't refer to a multiuser mount, then just return
3342  * the master tcon for the mount.
3343  *
3344  * First, search the rbtree for an existing tcon for this fsuid. If one
3345  * exists, then check to see if it's pending construction. If it is then wait
3346  * for construction to complete. Once it's no longer pending, check to see if
3347  * it failed and either return an error or retry construction, depending on
3348  * the timeout.
3349  *
3350  * If one doesn't exist then insert a new tcon_link struct into the tree and
3351  * try to construct a new one.
3352  */
3353 struct tcon_link *
3354 cifs_sb_tlink(struct cifs_sb_info *cifs_sb)
3355 {
3356         int ret;
3357         uid_t fsuid = current_fsuid();
3358         struct tcon_link *tlink, *newtlink;
3359
3360         if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MULTIUSER))
3361                 return cifs_get_tlink(cifs_sb_master_tlink(cifs_sb));
3362
3363         spin_lock(&cifs_sb->tlink_tree_lock);
3364         tlink = tlink_rb_search(&cifs_sb->tlink_tree, fsuid);
3365         if (tlink)
3366                 cifs_get_tlink(tlink);
3367         spin_unlock(&cifs_sb->tlink_tree_lock);
3368
3369         if (tlink == NULL) {
3370                 newtlink = kzalloc(sizeof(*tlink), GFP_KERNEL);
3371                 if (newtlink == NULL)
3372                         return ERR_PTR(-ENOMEM);
3373                 newtlink->tl_uid = fsuid;
3374                 newtlink->tl_tcon = ERR_PTR(-EACCES);
3375                 set_bit(TCON_LINK_PENDING, &newtlink->tl_flags);
3376                 set_bit(TCON_LINK_IN_TREE, &newtlink->tl_flags);
3377                 cifs_get_tlink(newtlink);
3378
3379                 spin_lock(&cifs_sb->tlink_tree_lock);
3380                 /* was one inserted after previous search? */
3381                 tlink = tlink_rb_search(&cifs_sb->tlink_tree, fsuid);
3382                 if (tlink) {
3383                         cifs_get_tlink(tlink);
3384                         spin_unlock(&cifs_sb->tlink_tree_lock);
3385                         kfree(newtlink);
3386                         goto wait_for_construction;
3387                 }
3388                 tlink = newtlink;
3389                 tlink_rb_insert(&cifs_sb->tlink_tree, tlink);
3390                 spin_unlock(&cifs_sb->tlink_tree_lock);
3391         } else {
3392 wait_for_construction:
3393                 ret = wait_on_bit(&tlink->tl_flags, TCON_LINK_PENDING,
3394                                   cifs_sb_tcon_pending_wait,
3395                                   TASK_INTERRUPTIBLE);
3396                 if (ret) {
3397                         cifs_put_tlink(tlink);
3398                         return ERR_PTR(ret);
3399                 }
3400
3401                 /* if it's good, return it */
3402                 if (!IS_ERR(tlink->tl_tcon))
3403                         return tlink;
3404
3405                 /* return error if we tried this already recently */
3406                 if (time_before(jiffies, tlink->tl_time + TLINK_ERROR_EXPIRE)) {
3407                         cifs_put_tlink(tlink);
3408                         return ERR_PTR(-EACCES);
3409                 }
3410
3411                 if (test_and_set_bit(TCON_LINK_PENDING, &tlink->tl_flags))
3412                         goto wait_for_construction;
3413         }
3414
3415         tlink->tl_tcon = cifs_construct_tcon(cifs_sb, fsuid);
3416         clear_bit(TCON_LINK_PENDING, &tlink->tl_flags);
3417         wake_up_bit(&tlink->tl_flags, TCON_LINK_PENDING);
3418
3419         if (IS_ERR(tlink->tl_tcon)) {
3420                 cifs_put_tlink(tlink);
3421                 return ERR_PTR(-EACCES);
3422         }
3423
3424         return tlink;
3425 }
3426
3427 /*
3428  * periodic workqueue job that scans tcon_tree for a superblock and closes
3429  * out tcons.
3430  */
3431 static void
3432 cifs_prune_tlinks(struct work_struct *work)
3433 {
3434         struct cifs_sb_info *cifs_sb = container_of(work, struct cifs_sb_info,
3435                                                     prune_tlinks.work);
3436         struct rb_root *root = &cifs_sb->tlink_tree;
3437         struct rb_node *node = rb_first(root);
3438         struct rb_node *tmp;
3439         struct tcon_link *tlink;
3440
3441         /*
3442          * Because we drop the spinlock in the loop in order to put the tlink
3443          * it's not guarded against removal of links from the tree. The only
3444          * places that remove entries from the tree are this function and
3445          * umounts. Because this function is non-reentrant and is canceled
3446          * before umount can proceed, this is safe.
3447          */
3448         spin_lock(&cifs_sb->tlink_tree_lock);
3449         node = rb_first(root);
3450         while (node != NULL) {
3451                 tmp = node;
3452                 node = rb_next(tmp);
3453                 tlink = rb_entry(tmp, struct tcon_link, tl_rbnode);
3454
3455                 if (test_bit(TCON_LINK_MASTER, &tlink->tl_flags) ||
3456                     atomic_read(&tlink->tl_count) != 0 ||
3457                     time_after(tlink->tl_time + TLINK_IDLE_EXPIRE, jiffies))
3458                         continue;
3459
3460                 cifs_get_tlink(tlink);
3461                 clear_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
3462                 rb_erase(tmp, root);
3463
3464                 spin_unlock(&cifs_sb->tlink_tree_lock);
3465                 cifs_put_tlink(tlink);
3466                 spin_lock(&cifs_sb->tlink_tree_lock);
3467         }
3468         spin_unlock(&cifs_sb->tlink_tree_lock);
3469
3470         queue_delayed_work(system_nrt_wq, &cifs_sb->prune_tlinks,
3471                                 TLINK_IDLE_EXPIRE);
3472 }