]> git.karo-electronics.de Git - karo-tx-linux.git/blob - fs/cifs/connect.c
Merge git://git.jan-o-sch.net/btrfs-unstable into for-linus
[karo-tx-linux.git] / fs / cifs / connect.c
1 /*
2  *   fs/cifs/connect.c
3  *
4  *   Copyright (C) International Business Machines  Corp., 2002,2009
5  *   Author(s): Steve French (sfrench@us.ibm.com)
6  *
7  *   This library is free software; you can redistribute it and/or modify
8  *   it under the terms of the GNU Lesser General Public License as published
9  *   by the Free Software Foundation; either version 2.1 of the License, or
10  *   (at your option) any later version.
11  *
12  *   This library is distributed in the hope that it will be useful,
13  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
14  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
15  *   the GNU Lesser General Public License for more details.
16  *
17  *   You should have received a copy of the GNU Lesser General Public License
18  *   along with this library; if not, write to the Free Software
19  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20  */
21 #include <linux/fs.h>
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/slab.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/kthread.h>
34 #include <linux/pagevec.h>
35 #include <linux/freezer.h>
36 #include <linux/namei.h>
37 #include <asm/uaccess.h>
38 #include <asm/processor.h>
39 #include <linux/inet.h>
40 #include <linux/module.h>
41 #include <keys/user-type.h>
42 #include <net/ipv6.h>
43 #include "cifspdu.h"
44 #include "cifsglob.h"
45 #include "cifsproto.h"
46 #include "cifs_unicode.h"
47 #include "cifs_debug.h"
48 #include "cifs_fs_sb.h"
49 #include "ntlmssp.h"
50 #include "nterr.h"
51 #include "rfc1002pdu.h"
52 #include "fscache.h"
53
54 #define CIFS_PORT 445
55 #define RFC1001_PORT 139
56
57 /* SMB echo "timeout" -- FIXME: tunable? */
58 #define SMB_ECHO_INTERVAL (60 * HZ)
59
60 extern mempool_t *cifs_req_poolp;
61
62 /* FIXME: should these be tunable? */
63 #define TLINK_ERROR_EXPIRE      (1 * HZ)
64 #define TLINK_IDLE_EXPIRE       (600 * HZ)
65
66 static int ip_connect(struct TCP_Server_Info *server);
67 static int generic_ip_connect(struct TCP_Server_Info *server);
68 static void tlink_rb_insert(struct rb_root *root, struct tcon_link *new_tlink);
69 static void cifs_prune_tlinks(struct work_struct *work);
70 static int cifs_setup_volume_info(struct smb_vol *volume_info, char *mount_data,
71                                         const char *devname);
72
73 /*
74  * cifs tcp session reconnection
75  *
76  * mark tcp session as reconnecting so temporarily locked
77  * mark all smb sessions as reconnecting for tcp session
78  * reconnect tcp session
79  * wake up waiters on reconnection? - (not needed currently)
80  */
81 static int
82 cifs_reconnect(struct TCP_Server_Info *server)
83 {
84         int rc = 0;
85         struct list_head *tmp, *tmp2;
86         struct cifs_ses *ses;
87         struct cifs_tcon *tcon;
88         struct mid_q_entry *mid_entry;
89         struct list_head retry_list;
90
91         spin_lock(&GlobalMid_Lock);
92         if (server->tcpStatus == CifsExiting) {
93                 /* the demux thread will exit normally
94                 next time through the loop */
95                 spin_unlock(&GlobalMid_Lock);
96                 return rc;
97         } else
98                 server->tcpStatus = CifsNeedReconnect;
99         spin_unlock(&GlobalMid_Lock);
100         server->maxBuf = 0;
101
102         cFYI(1, "Reconnecting tcp session");
103
104         /* before reconnecting the tcp session, mark the smb session (uid)
105                 and the tid bad so they are not used until reconnected */
106         cFYI(1, "%s: marking sessions and tcons for reconnect", __func__);
107         spin_lock(&cifs_tcp_ses_lock);
108         list_for_each(tmp, &server->smb_ses_list) {
109                 ses = list_entry(tmp, struct cifs_ses, smb_ses_list);
110                 ses->need_reconnect = true;
111                 ses->ipc_tid = 0;
112                 list_for_each(tmp2, &ses->tcon_list) {
113                         tcon = list_entry(tmp2, struct cifs_tcon, tcon_list);
114                         tcon->need_reconnect = true;
115                 }
116         }
117         spin_unlock(&cifs_tcp_ses_lock);
118
119         /* do not want to be sending data on a socket we are freeing */
120         cFYI(1, "%s: tearing down socket", __func__);
121         mutex_lock(&server->srv_mutex);
122         if (server->ssocket) {
123                 cFYI(1, "State: 0x%x Flags: 0x%lx", server->ssocket->state,
124                         server->ssocket->flags);
125                 kernel_sock_shutdown(server->ssocket, SHUT_WR);
126                 cFYI(1, "Post shutdown state: 0x%x Flags: 0x%lx",
127                         server->ssocket->state,
128                         server->ssocket->flags);
129                 sock_release(server->ssocket);
130                 server->ssocket = NULL;
131         }
132         server->sequence_number = 0;
133         server->session_estab = false;
134         kfree(server->session_key.response);
135         server->session_key.response = NULL;
136         server->session_key.len = 0;
137         server->lstrp = jiffies;
138         mutex_unlock(&server->srv_mutex);
139
140         /* mark submitted MIDs for retry and issue callback */
141         INIT_LIST_HEAD(&retry_list);
142         cFYI(1, "%s: moving mids to private list", __func__);
143         spin_lock(&GlobalMid_Lock);
144         list_for_each_safe(tmp, tmp2, &server->pending_mid_q) {
145                 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
146                 if (mid_entry->midState == MID_REQUEST_SUBMITTED)
147                         mid_entry->midState = MID_RETRY_NEEDED;
148                 list_move(&mid_entry->qhead, &retry_list);
149         }
150         spin_unlock(&GlobalMid_Lock);
151
152         cFYI(1, "%s: issuing mid callbacks", __func__);
153         list_for_each_safe(tmp, tmp2, &retry_list) {
154                 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
155                 list_del_init(&mid_entry->qhead);
156                 mid_entry->callback(mid_entry);
157         }
158
159         do {
160                 try_to_freeze();
161
162                 /* we should try only the port we connected to before */
163                 rc = generic_ip_connect(server);
164                 if (rc) {
165                         cFYI(1, "reconnect error %d", rc);
166                         msleep(3000);
167                 } else {
168                         atomic_inc(&tcpSesReconnectCount);
169                         spin_lock(&GlobalMid_Lock);
170                         if (server->tcpStatus != CifsExiting)
171                                 server->tcpStatus = CifsNeedNegotiate;
172                         spin_unlock(&GlobalMid_Lock);
173                 }
174         } while (server->tcpStatus == CifsNeedReconnect);
175
176         return rc;
177 }
178
179 /*
180         return codes:
181                 0       not a transact2, or all data present
182                 >0      transact2 with that much data missing
183                 -EINVAL = invalid transact2
184
185  */
186 static int check2ndT2(struct smb_hdr *pSMB)
187 {
188         struct smb_t2_rsp *pSMBt;
189         int remaining;
190         __u16 total_data_size, data_in_this_rsp;
191
192         if (pSMB->Command != SMB_COM_TRANSACTION2)
193                 return 0;
194
195         /* check for plausible wct, bcc and t2 data and parm sizes */
196         /* check for parm and data offset going beyond end of smb */
197         if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
198                 cFYI(1, "invalid transact2 word count");
199                 return -EINVAL;
200         }
201
202         pSMBt = (struct smb_t2_rsp *)pSMB;
203
204         total_data_size = get_unaligned_le16(&pSMBt->t2_rsp.TotalDataCount);
205         data_in_this_rsp = get_unaligned_le16(&pSMBt->t2_rsp.DataCount);
206
207         if (total_data_size == data_in_this_rsp)
208                 return 0;
209         else if (total_data_size < data_in_this_rsp) {
210                 cFYI(1, "total data %d smaller than data in frame %d",
211                         total_data_size, data_in_this_rsp);
212                 return -EINVAL;
213         }
214
215         remaining = total_data_size - data_in_this_rsp;
216
217         cFYI(1, "missing %d bytes from transact2, check next response",
218                 remaining);
219         if (total_data_size > CIFSMaxBufSize) {
220                 cERROR(1, "TotalDataSize %d is over maximum buffer %d",
221                         total_data_size, CIFSMaxBufSize);
222                 return -EINVAL;
223         }
224         return remaining;
225 }
226
227 static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
228 {
229         struct smb_t2_rsp *pSMBs = (struct smb_t2_rsp *)psecond;
230         struct smb_t2_rsp *pSMBt  = (struct smb_t2_rsp *)pTargetSMB;
231         char *data_area_of_tgt;
232         char *data_area_of_src;
233         int remaining;
234         unsigned int byte_count, total_in_tgt;
235         __u16 tgt_total_cnt, src_total_cnt, total_in_src;
236
237         src_total_cnt = get_unaligned_le16(&pSMBs->t2_rsp.TotalDataCount);
238         tgt_total_cnt = get_unaligned_le16(&pSMBt->t2_rsp.TotalDataCount);
239
240         if (tgt_total_cnt != src_total_cnt)
241                 cFYI(1, "total data count of primary and secondary t2 differ "
242                         "source=%hu target=%hu", src_total_cnt, tgt_total_cnt);
243
244         total_in_tgt = get_unaligned_le16(&pSMBt->t2_rsp.DataCount);
245
246         remaining = tgt_total_cnt - total_in_tgt;
247
248         if (remaining < 0) {
249                 cFYI(1, "Server sent too much data. tgt_total_cnt=%hu "
250                         "total_in_tgt=%hu", tgt_total_cnt, total_in_tgt);
251                 return -EPROTO;
252         }
253
254         if (remaining == 0) {
255                 /* nothing to do, ignore */
256                 cFYI(1, "no more data remains");
257                 return 0;
258         }
259
260         total_in_src = get_unaligned_le16(&pSMBs->t2_rsp.DataCount);
261         if (remaining < total_in_src)
262                 cFYI(1, "transact2 2nd response contains too much data");
263
264         /* find end of first SMB data area */
265         data_area_of_tgt = (char *)&pSMBt->hdr.Protocol +
266                                 get_unaligned_le16(&pSMBt->t2_rsp.DataOffset);
267
268         /* validate target area */
269         data_area_of_src = (char *)&pSMBs->hdr.Protocol +
270                                 get_unaligned_le16(&pSMBs->t2_rsp.DataOffset);
271
272         data_area_of_tgt += total_in_tgt;
273
274         total_in_tgt += total_in_src;
275         /* is the result too big for the field? */
276         if (total_in_tgt > USHRT_MAX) {
277                 cFYI(1, "coalesced DataCount too large (%u)", total_in_tgt);
278                 return -EPROTO;
279         }
280         put_unaligned_le16(total_in_tgt, &pSMBt->t2_rsp.DataCount);
281
282         /* fix up the BCC */
283         byte_count = get_bcc(pTargetSMB);
284         byte_count += total_in_src;
285         /* is the result too big for the field? */
286         if (byte_count > USHRT_MAX) {
287                 cFYI(1, "coalesced BCC too large (%u)", byte_count);
288                 return -EPROTO;
289         }
290         put_bcc(byte_count, pTargetSMB);
291
292         byte_count = be32_to_cpu(pTargetSMB->smb_buf_length);
293         byte_count += total_in_src;
294         /* don't allow buffer to overflow */
295         if (byte_count > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
296                 cFYI(1, "coalesced BCC exceeds buffer size (%u)", byte_count);
297                 return -ENOBUFS;
298         }
299         pTargetSMB->smb_buf_length = cpu_to_be32(byte_count);
300
301         /* copy second buffer into end of first buffer */
302         memcpy(data_area_of_tgt, data_area_of_src, total_in_src);
303
304         if (remaining != total_in_src) {
305                 /* more responses to go */
306                 cFYI(1, "waiting for more secondary responses");
307                 return 1;
308         }
309
310         /* we are done */
311         cFYI(1, "found the last secondary response");
312         return 0;
313 }
314
315 static void
316 cifs_echo_request(struct work_struct *work)
317 {
318         int rc;
319         struct TCP_Server_Info *server = container_of(work,
320                                         struct TCP_Server_Info, echo.work);
321
322         /*
323          * We cannot send an echo until the NEGOTIATE_PROTOCOL request is
324          * done, which is indicated by maxBuf != 0. Also, no need to ping if
325          * we got a response recently
326          */
327         if (server->maxBuf == 0 ||
328             time_before(jiffies, server->lstrp + SMB_ECHO_INTERVAL - HZ))
329                 goto requeue_echo;
330
331         rc = CIFSSMBEcho(server);
332         if (rc)
333                 cFYI(1, "Unable to send echo request to server: %s",
334                         server->hostname);
335
336 requeue_echo:
337         queue_delayed_work(system_nrt_wq, &server->echo, SMB_ECHO_INTERVAL);
338 }
339
340 static bool
341 allocate_buffers(struct TCP_Server_Info *server)
342 {
343         if (!server->bigbuf) {
344                 server->bigbuf = (char *)cifs_buf_get();
345                 if (!server->bigbuf) {
346                         cERROR(1, "No memory for large SMB response");
347                         msleep(3000);
348                         /* retry will check if exiting */
349                         return false;
350                 }
351         } else if (server->large_buf) {
352                 /* we are reusing a dirty large buf, clear its start */
353                 memset(server->bigbuf, 0, sizeof(struct smb_hdr));
354         }
355
356         if (!server->smallbuf) {
357                 server->smallbuf = (char *)cifs_small_buf_get();
358                 if (!server->smallbuf) {
359                         cERROR(1, "No memory for SMB response");
360                         msleep(1000);
361                         /* retry will check if exiting */
362                         return false;
363                 }
364                 /* beginning of smb buffer is cleared in our buf_get */
365         } else {
366                 /* if existing small buf clear beginning */
367                 memset(server->smallbuf, 0, sizeof(struct smb_hdr));
368         }
369
370         return true;
371 }
372
373 static bool
374 server_unresponsive(struct TCP_Server_Info *server)
375 {
376         if (echo_retries > 0 && server->tcpStatus == CifsGood &&
377             time_after(jiffies, server->lstrp +
378                                 (echo_retries * SMB_ECHO_INTERVAL))) {
379                 cERROR(1, "Server %s has not responded in %d seconds. "
380                           "Reconnecting...", server->hostname,
381                           (echo_retries * SMB_ECHO_INTERVAL / HZ));
382                 cifs_reconnect(server);
383                 wake_up(&server->response_q);
384                 return true;
385         }
386
387         return false;
388 }
389
390 /*
391  * kvec_array_init - clone a kvec array, and advance into it
392  * @new:        pointer to memory for cloned array
393  * @iov:        pointer to original array
394  * @nr_segs:    number of members in original array
395  * @bytes:      number of bytes to advance into the cloned array
396  *
397  * This function will copy the array provided in iov to a section of memory
398  * and advance the specified number of bytes into the new array. It returns
399  * the number of segments in the new array. "new" must be at least as big as
400  * the original iov array.
401  */
402 static unsigned int
403 kvec_array_init(struct kvec *new, struct kvec *iov, unsigned int nr_segs,
404                 size_t bytes)
405 {
406         size_t base = 0;
407
408         while (bytes || !iov->iov_len) {
409                 int copy = min(bytes, iov->iov_len);
410
411                 bytes -= copy;
412                 base += copy;
413                 if (iov->iov_len == base) {
414                         iov++;
415                         nr_segs--;
416                         base = 0;
417                 }
418         }
419         memcpy(new, iov, sizeof(*iov) * nr_segs);
420         new->iov_base += base;
421         new->iov_len -= base;
422         return nr_segs;
423 }
424
425 static struct kvec *
426 get_server_iovec(struct TCP_Server_Info *server, unsigned int nr_segs)
427 {
428         struct kvec *new_iov;
429
430         if (server->iov && nr_segs <= server->nr_iov)
431                 return server->iov;
432
433         /* not big enough -- allocate a new one and release the old */
434         new_iov = kmalloc(sizeof(*new_iov) * nr_segs, GFP_NOFS);
435         if (new_iov) {
436                 kfree(server->iov);
437                 server->iov = new_iov;
438                 server->nr_iov = nr_segs;
439         }
440         return new_iov;
441 }
442
443 int
444 cifs_readv_from_socket(struct TCP_Server_Info *server, struct kvec *iov_orig,
445                        unsigned int nr_segs, unsigned int to_read)
446 {
447         int length = 0;
448         int total_read;
449         unsigned int segs;
450         struct msghdr smb_msg;
451         struct kvec *iov;
452
453         iov = get_server_iovec(server, nr_segs);
454         if (!iov)
455                 return -ENOMEM;
456
457         smb_msg.msg_control = NULL;
458         smb_msg.msg_controllen = 0;
459
460         for (total_read = 0; to_read; total_read += length, to_read -= length) {
461                 try_to_freeze();
462
463                 if (server_unresponsive(server)) {
464                         total_read = -EAGAIN;
465                         break;
466                 }
467
468                 segs = kvec_array_init(iov, iov_orig, nr_segs, total_read);
469
470                 length = kernel_recvmsg(server->ssocket, &smb_msg,
471                                         iov, segs, to_read, 0);
472
473                 if (server->tcpStatus == CifsExiting) {
474                         total_read = -ESHUTDOWN;
475                         break;
476                 } else if (server->tcpStatus == CifsNeedReconnect) {
477                         cifs_reconnect(server);
478                         total_read = -EAGAIN;
479                         break;
480                 } else if (length == -ERESTARTSYS ||
481                            length == -EAGAIN ||
482                            length == -EINTR) {
483                         /*
484                          * Minimum sleep to prevent looping, allowing socket
485                          * to clear and app threads to set tcpStatus
486                          * CifsNeedReconnect if server hung.
487                          */
488                         usleep_range(1000, 2000);
489                         length = 0;
490                         continue;
491                 } else if (length <= 0) {
492                         cFYI(1, "Received no data or error: expecting %d "
493                                 "got %d", to_read, length);
494                         cifs_reconnect(server);
495                         total_read = -EAGAIN;
496                         break;
497                 }
498         }
499         return total_read;
500 }
501
502 int
503 cifs_read_from_socket(struct TCP_Server_Info *server, char *buf,
504                       unsigned int to_read)
505 {
506         struct kvec iov;
507
508         iov.iov_base = buf;
509         iov.iov_len = to_read;
510
511         return cifs_readv_from_socket(server, &iov, 1, to_read);
512 }
513
514 static bool
515 is_smb_response(struct TCP_Server_Info *server, unsigned char type)
516 {
517         /*
518          * The first byte big endian of the length field,
519          * is actually not part of the length but the type
520          * with the most common, zero, as regular data.
521          */
522         switch (type) {
523         case RFC1002_SESSION_MESSAGE:
524                 /* Regular SMB response */
525                 return true;
526         case RFC1002_SESSION_KEEP_ALIVE:
527                 cFYI(1, "RFC 1002 session keep alive");
528                 break;
529         case RFC1002_POSITIVE_SESSION_RESPONSE:
530                 cFYI(1, "RFC 1002 positive session response");
531                 break;
532         case RFC1002_NEGATIVE_SESSION_RESPONSE:
533                 /*
534                  * We get this from Windows 98 instead of an error on
535                  * SMB negprot response.
536                  */
537                 cFYI(1, "RFC 1002 negative session response");
538                 /* give server a second to clean up */
539                 msleep(1000);
540                 /*
541                  * Always try 445 first on reconnect since we get NACK
542                  * on some if we ever connected to port 139 (the NACK
543                  * is since we do not begin with RFC1001 session
544                  * initialize frame).
545                  */
546                 cifs_set_port((struct sockaddr *)&server->dstaddr, CIFS_PORT);
547                 cifs_reconnect(server);
548                 wake_up(&server->response_q);
549                 break;
550         default:
551                 cERROR(1, "RFC 1002 unknown response type 0x%x", type);
552                 cifs_reconnect(server);
553         }
554
555         return false;
556 }
557
558 static struct mid_q_entry *
559 find_mid(struct TCP_Server_Info *server, struct smb_hdr *buf)
560 {
561         struct mid_q_entry *mid;
562
563         spin_lock(&GlobalMid_Lock);
564         list_for_each_entry(mid, &server->pending_mid_q, qhead) {
565                 if (mid->mid == buf->Mid &&
566                     mid->midState == MID_REQUEST_SUBMITTED &&
567                     mid->command == buf->Command) {
568                         spin_unlock(&GlobalMid_Lock);
569                         return mid;
570                 }
571         }
572         spin_unlock(&GlobalMid_Lock);
573         return NULL;
574 }
575
576 void
577 dequeue_mid(struct mid_q_entry *mid, bool malformed)
578 {
579 #ifdef CONFIG_CIFS_STATS2
580         mid->when_received = jiffies;
581 #endif
582         spin_lock(&GlobalMid_Lock);
583         if (!malformed)
584                 mid->midState = MID_RESPONSE_RECEIVED;
585         else
586                 mid->midState = MID_RESPONSE_MALFORMED;
587         list_del_init(&mid->qhead);
588         spin_unlock(&GlobalMid_Lock);
589 }
590
591 static void
592 handle_mid(struct mid_q_entry *mid, struct TCP_Server_Info *server,
593            struct smb_hdr *buf, int malformed)
594 {
595         if (malformed == 0 && check2ndT2(buf) > 0) {
596                 mid->multiRsp = true;
597                 if (mid->resp_buf) {
598                         /* merge response - fix up 1st*/
599                         malformed = coalesce_t2(buf, mid->resp_buf);
600                         if (malformed > 0)
601                                 return;
602
603                         /* All parts received or packet is malformed. */
604                         mid->multiEnd = true;
605                         return dequeue_mid(mid, malformed);
606                 }
607                 if (!server->large_buf) {
608                         /*FIXME: switch to already allocated largebuf?*/
609                         cERROR(1, "1st trans2 resp needs bigbuf");
610                 } else {
611                         /* Have first buffer */
612                         mid->resp_buf = buf;
613                         mid->largeBuf = true;
614                         server->bigbuf = NULL;
615                 }
616                 return;
617         }
618         mid->resp_buf = buf;
619         mid->largeBuf = server->large_buf;
620         /* Was previous buf put in mpx struct for multi-rsp? */
621         if (!mid->multiRsp) {
622                 /* smb buffer will be freed by user thread */
623                 if (server->large_buf)
624                         server->bigbuf = NULL;
625                 else
626                         server->smallbuf = NULL;
627         }
628         dequeue_mid(mid, malformed);
629 }
630
631 static void clean_demultiplex_info(struct TCP_Server_Info *server)
632 {
633         int length;
634
635         /* take it off the list, if it's not already */
636         spin_lock(&cifs_tcp_ses_lock);
637         list_del_init(&server->tcp_ses_list);
638         spin_unlock(&cifs_tcp_ses_lock);
639
640         spin_lock(&GlobalMid_Lock);
641         server->tcpStatus = CifsExiting;
642         spin_unlock(&GlobalMid_Lock);
643         wake_up_all(&server->response_q);
644
645         /*
646          * Check if we have blocked requests that need to free. Note that
647          * cifs_max_pending is normally 50, but can be set at module install
648          * time to as little as two.
649          */
650         spin_lock(&GlobalMid_Lock);
651         if (atomic_read(&server->inFlight) >= cifs_max_pending)
652                 atomic_set(&server->inFlight, cifs_max_pending - 1);
653         /*
654          * We do not want to set the max_pending too low or we could end up
655          * with the counter going negative.
656          */
657         spin_unlock(&GlobalMid_Lock);
658         /*
659          * Although there should not be any requests blocked on this queue it
660          * can not hurt to be paranoid and try to wake up requests that may
661          * haven been blocked when more than 50 at time were on the wire to the
662          * same server - they now will see the session is in exit state and get
663          * out of SendReceive.
664          */
665         wake_up_all(&server->request_q);
666         /* give those requests time to exit */
667         msleep(125);
668
669         if (server->ssocket) {
670                 sock_release(server->ssocket);
671                 server->ssocket = NULL;
672         }
673
674         if (!list_empty(&server->pending_mid_q)) {
675                 struct list_head dispose_list;
676                 struct mid_q_entry *mid_entry;
677                 struct list_head *tmp, *tmp2;
678
679                 INIT_LIST_HEAD(&dispose_list);
680                 spin_lock(&GlobalMid_Lock);
681                 list_for_each_safe(tmp, tmp2, &server->pending_mid_q) {
682                         mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
683                         cFYI(1, "Clearing mid 0x%x", mid_entry->mid);
684                         mid_entry->midState = MID_SHUTDOWN;
685                         list_move(&mid_entry->qhead, &dispose_list);
686                 }
687                 spin_unlock(&GlobalMid_Lock);
688
689                 /* now walk dispose list and issue callbacks */
690                 list_for_each_safe(tmp, tmp2, &dispose_list) {
691                         mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
692                         cFYI(1, "Callback mid 0x%x", mid_entry->mid);
693                         list_del_init(&mid_entry->qhead);
694                         mid_entry->callback(mid_entry);
695                 }
696                 /* 1/8th of sec is more than enough time for them to exit */
697                 msleep(125);
698         }
699
700         if (!list_empty(&server->pending_mid_q)) {
701                 /*
702                  * mpx threads have not exited yet give them at least the smb
703                  * send timeout time for long ops.
704                  *
705                  * Due to delays on oplock break requests, we need to wait at
706                  * least 45 seconds before giving up on a request getting a
707                  * response and going ahead and killing cifsd.
708                  */
709                 cFYI(1, "Wait for exit from demultiplex thread");
710                 msleep(46000);
711                 /*
712                  * If threads still have not exited they are probably never
713                  * coming home not much else we can do but free the memory.
714                  */
715         }
716
717         kfree(server->hostname);
718         kfree(server->iov);
719         kfree(server);
720
721         length = atomic_dec_return(&tcpSesAllocCount);
722         if (length > 0)
723                 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
724                                 GFP_KERNEL);
725 }
726
727 static int
728 standard_receive3(struct TCP_Server_Info *server, struct mid_q_entry *mid)
729 {
730         int length;
731         char *buf = server->smallbuf;
732         struct smb_hdr *smb_buffer = (struct smb_hdr *)buf;
733         unsigned int pdu_length = be32_to_cpu(smb_buffer->smb_buf_length);
734
735         /* make sure this will fit in a large buffer */
736         if (pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
737                 cERROR(1, "SMB response too long (%u bytes)",
738                         pdu_length);
739                 cifs_reconnect(server);
740                 wake_up(&server->response_q);
741                 return -EAGAIN;
742         }
743
744         /* switch to large buffer if too big for a small one */
745         if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
746                 server->large_buf = true;
747                 memcpy(server->bigbuf, server->smallbuf, server->total_read);
748                 buf = server->bigbuf;
749                 smb_buffer = (struct smb_hdr *)buf;
750         }
751
752         /* now read the rest */
753         length = cifs_read_from_socket(server,
754                           buf + sizeof(struct smb_hdr) - 1,
755                           pdu_length - sizeof(struct smb_hdr) + 1 + 4);
756         if (length < 0)
757                 return length;
758         server->total_read += length;
759
760         dump_smb(smb_buffer, server->total_read);
761
762         /*
763          * We know that we received enough to get to the MID as we
764          * checked the pdu_length earlier. Now check to see
765          * if the rest of the header is OK. We borrow the length
766          * var for the rest of the loop to avoid a new stack var.
767          *
768          * 48 bytes is enough to display the header and a little bit
769          * into the payload for debugging purposes.
770          */
771         length = checkSMB(smb_buffer, smb_buffer->Mid, server->total_read);
772         if (length != 0)
773                 cifs_dump_mem("Bad SMB: ", buf,
774                         min_t(unsigned int, server->total_read, 48));
775
776         if (!mid)
777                 return length;
778
779         handle_mid(mid, server, smb_buffer, length);
780         return 0;
781 }
782
783 static int
784 cifs_demultiplex_thread(void *p)
785 {
786         int length;
787         struct TCP_Server_Info *server = p;
788         unsigned int pdu_length;
789         char *buf = NULL;
790         struct smb_hdr *smb_buffer = NULL;
791         struct task_struct *task_to_wake = NULL;
792         struct mid_q_entry *mid_entry;
793
794         current->flags |= PF_MEMALLOC;
795         cFYI(1, "Demultiplex PID: %d", task_pid_nr(current));
796
797         length = atomic_inc_return(&tcpSesAllocCount);
798         if (length > 1)
799                 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
800                                 GFP_KERNEL);
801
802         set_freezable();
803         while (server->tcpStatus != CifsExiting) {
804                 if (try_to_freeze())
805                         continue;
806
807                 if (!allocate_buffers(server))
808                         continue;
809
810                 server->large_buf = false;
811                 smb_buffer = (struct smb_hdr *)server->smallbuf;
812                 buf = server->smallbuf;
813                 pdu_length = 4; /* enough to get RFC1001 header */
814
815                 length = cifs_read_from_socket(server, buf, pdu_length);
816                 if (length < 0)
817                         continue;
818                 server->total_read = length;
819
820                 /*
821                  * The right amount was read from socket - 4 bytes,
822                  * so we can now interpret the length field.
823                  */
824                 pdu_length = be32_to_cpu(smb_buffer->smb_buf_length);
825
826                 cFYI(1, "RFC1002 header 0x%x", pdu_length);
827                 if (!is_smb_response(server, buf[0]))
828                         continue;
829
830                 /* make sure we have enough to get to the MID */
831                 if (pdu_length < sizeof(struct smb_hdr) - 1 - 4) {
832                         cERROR(1, "SMB response too short (%u bytes)",
833                                 pdu_length);
834                         cifs_reconnect(server);
835                         wake_up(&server->response_q);
836                         continue;
837                 }
838
839                 /* read down to the MID */
840                 length = cifs_read_from_socket(server, buf + 4,
841                                         sizeof(struct smb_hdr) - 1 - 4);
842                 if (length < 0)
843                         continue;
844                 server->total_read += length;
845
846                 mid_entry = find_mid(server, smb_buffer);
847
848                 if (!mid_entry || !mid_entry->receive)
849                         length = standard_receive3(server, mid_entry);
850                 else
851                         length = mid_entry->receive(server, mid_entry);
852
853                 if (length < 0)
854                         continue;
855
856                 if (server->large_buf) {
857                         buf = server->bigbuf;
858                         smb_buffer = (struct smb_hdr *)buf;
859                 }
860
861                 server->lstrp = jiffies;
862                 if (mid_entry != NULL) {
863                         if (!mid_entry->multiRsp || mid_entry->multiEnd)
864                                 mid_entry->callback(mid_entry);
865                 } else if (!is_valid_oplock_break(smb_buffer, server)) {
866                         cERROR(1, "No task to wake, unknown frame received! "
867                                    "NumMids %d", atomic_read(&midCount));
868                         cifs_dump_mem("Received Data is: ", buf,
869                                       sizeof(struct smb_hdr));
870 #ifdef CONFIG_CIFS_DEBUG2
871                         cifs_dump_detail(smb_buffer);
872                         cifs_dump_mids(server);
873 #endif /* CIFS_DEBUG2 */
874
875                 }
876         } /* end while !EXITING */
877
878         /* buffer usually freed in free_mid - need to free it here on exit */
879         cifs_buf_release(server->bigbuf);
880         if (server->smallbuf) /* no sense logging a debug message if NULL */
881                 cifs_small_buf_release(server->smallbuf);
882
883         task_to_wake = xchg(&server->tsk, NULL);
884         clean_demultiplex_info(server);
885
886         /* if server->tsk was NULL then wait for a signal before exiting */
887         if (!task_to_wake) {
888                 set_current_state(TASK_INTERRUPTIBLE);
889                 while (!signal_pending(current)) {
890                         schedule();
891                         set_current_state(TASK_INTERRUPTIBLE);
892                 }
893                 set_current_state(TASK_RUNNING);
894         }
895
896         module_put_and_exit(0);
897 }
898
899 /* extract the host portion of the UNC string */
900 static char *
901 extract_hostname(const char *unc)
902 {
903         const char *src;
904         char *dst, *delim;
905         unsigned int len;
906
907         /* skip double chars at beginning of string */
908         /* BB: check validity of these bytes? */
909         src = unc + 2;
910
911         /* delimiter between hostname and sharename is always '\\' now */
912         delim = strchr(src, '\\');
913         if (!delim)
914                 return ERR_PTR(-EINVAL);
915
916         len = delim - src;
917         dst = kmalloc((len + 1), GFP_KERNEL);
918         if (dst == NULL)
919                 return ERR_PTR(-ENOMEM);
920
921         memcpy(dst, src, len);
922         dst[len] = '\0';
923
924         return dst;
925 }
926
927 static int
928 cifs_parse_mount_options(const char *mountdata, const char *devname,
929                          struct smb_vol *vol)
930 {
931         char *value, *data, *end;
932         char *mountdata_copy = NULL, *options;
933         int err;
934         unsigned int  temp_len, i, j;
935         char separator[2];
936         short int override_uid = -1;
937         short int override_gid = -1;
938         bool uid_specified = false;
939         bool gid_specified = false;
940         char *nodename = utsname()->nodename;
941
942         separator[0] = ',';
943         separator[1] = 0;
944
945         /*
946          * does not have to be perfect mapping since field is
947          * informational, only used for servers that do not support
948          * port 445 and it can be overridden at mount time
949          */
950         memset(vol->source_rfc1001_name, 0x20, RFC1001_NAME_LEN);
951         for (i = 0; i < strnlen(nodename, RFC1001_NAME_LEN); i++)
952                 vol->source_rfc1001_name[i] = toupper(nodename[i]);
953
954         vol->source_rfc1001_name[RFC1001_NAME_LEN] = 0;
955         /* null target name indicates to use *SMBSERVR default called name
956            if we end up sending RFC1001 session initialize */
957         vol->target_rfc1001_name[0] = 0;
958         vol->cred_uid = current_uid();
959         vol->linux_uid = current_uid();
960         vol->linux_gid = current_gid();
961
962         /* default to only allowing write access to owner of the mount */
963         vol->dir_mode = vol->file_mode = S_IRUGO | S_IXUGO | S_IWUSR;
964
965         /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
966         /* default is always to request posix paths. */
967         vol->posix_paths = 1;
968         /* default to using server inode numbers where available */
969         vol->server_ino = 1;
970
971         vol->actimeo = CIFS_DEF_ACTIMEO;
972
973         if (!mountdata)
974                 goto cifs_parse_mount_err;
975
976         mountdata_copy = kstrndup(mountdata, PAGE_SIZE, GFP_KERNEL);
977         if (!mountdata_copy)
978                 goto cifs_parse_mount_err;
979
980         options = mountdata_copy;
981         end = options + strlen(options);
982         if (strncmp(options, "sep=", 4) == 0) {
983                 if (options[4] != 0) {
984                         separator[0] = options[4];
985                         options += 5;
986                 } else {
987                         cFYI(1, "Null separator not allowed");
988                 }
989         }
990         vol->backupuid_specified = false; /* no backup intent for a user */
991         vol->backupgid_specified = false; /* no backup intent for a group */
992
993         while ((data = strsep(&options, separator)) != NULL) {
994                 if (!*data)
995                         continue;
996                 if ((value = strchr(data, '=')) != NULL)
997                         *value++ = '\0';
998
999                 /* Have to parse this before we parse for "user" */
1000                 if (strnicmp(data, "user_xattr", 10) == 0) {
1001                         vol->no_xattr = 0;
1002                 } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
1003                         vol->no_xattr = 1;
1004                 } else if (strnicmp(data, "user", 4) == 0) {
1005                         if (!value) {
1006                                 printk(KERN_WARNING
1007                                        "CIFS: invalid or missing username\n");
1008                                 goto cifs_parse_mount_err;
1009                         } else if (!*value) {
1010                                 /* null user, ie anonymous, authentication */
1011                                 vol->nullauth = 1;
1012                         }
1013                         if (strnlen(value, MAX_USERNAME_SIZE) <
1014                                                 MAX_USERNAME_SIZE) {
1015                                 vol->username = kstrdup(value, GFP_KERNEL);
1016                                 if (!vol->username) {
1017                                         printk(KERN_WARNING "CIFS: no memory "
1018                                                             "for username\n");
1019                                         goto cifs_parse_mount_err;
1020                                 }
1021                         } else {
1022                                 printk(KERN_WARNING "CIFS: username too long\n");
1023                                 goto cifs_parse_mount_err;
1024                         }
1025                 } else if (strnicmp(data, "pass", 4) == 0) {
1026                         if (!value) {
1027                                 vol->password = NULL;
1028                                 continue;
1029                         } else if (value[0] == 0) {
1030                                 /* check if string begins with double comma
1031                                    since that would mean the password really
1032                                    does start with a comma, and would not
1033                                    indicate an empty string */
1034                                 if (value[1] != separator[0]) {
1035                                         vol->password = NULL;
1036                                         continue;
1037                                 }
1038                         }
1039                         temp_len = strlen(value);
1040                         /* removed password length check, NTLM passwords
1041                                 can be arbitrarily long */
1042
1043                         /* if comma in password, the string will be
1044                         prematurely null terminated.  Commas in password are
1045                         specified across the cifs mount interface by a double
1046                         comma ie ,, and a comma used as in other cases ie ','
1047                         as a parameter delimiter/separator is single and due
1048                         to the strsep above is temporarily zeroed. */
1049
1050                         /* NB: password legally can have multiple commas and
1051                         the only illegal character in a password is null */
1052
1053                         if ((value[temp_len] == 0) &&
1054                             (value + temp_len < end) &&
1055                             (value[temp_len+1] == separator[0])) {
1056                                 /* reinsert comma */
1057                                 value[temp_len] = separator[0];
1058                                 temp_len += 2;  /* move after second comma */
1059                                 while (value[temp_len] != 0)  {
1060                                         if (value[temp_len] == separator[0]) {
1061                                                 if (value[temp_len+1] ==
1062                                                      separator[0]) {
1063                                                 /* skip second comma */
1064                                                         temp_len++;
1065                                                 } else {
1066                                                 /* single comma indicating start
1067                                                          of next parm */
1068                                                         break;
1069                                                 }
1070                                         }
1071                                         temp_len++;
1072                                 }
1073                                 if (value[temp_len] == 0) {
1074                                         options = NULL;
1075                                 } else {
1076                                         value[temp_len] = 0;
1077                                         /* point option to start of next parm */
1078                                         options = value + temp_len + 1;
1079                                 }
1080                                 /* go from value to value + temp_len condensing
1081                                 double commas to singles. Note that this ends up
1082                                 allocating a few bytes too many, which is ok */
1083                                 vol->password = kzalloc(temp_len, GFP_KERNEL);
1084                                 if (vol->password == NULL) {
1085                                         printk(KERN_WARNING "CIFS: no memory "
1086                                                             "for password\n");
1087                                         goto cifs_parse_mount_err;
1088                                 }
1089                                 for (i = 0, j = 0; i < temp_len; i++, j++) {
1090                                         vol->password[j] = value[i];
1091                                         if (value[i] == separator[0]
1092                                                 && value[i+1] == separator[0]) {
1093                                                 /* skip second comma */
1094                                                 i++;
1095                                         }
1096                                 }
1097                                 vol->password[j] = 0;
1098                         } else {
1099                                 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
1100                                 if (vol->password == NULL) {
1101                                         printk(KERN_WARNING "CIFS: no memory "
1102                                                             "for password\n");
1103                                         goto cifs_parse_mount_err;
1104                                 }
1105                                 strcpy(vol->password, value);
1106                         }
1107                 } else if (!strnicmp(data, "ip", 2) ||
1108                            !strnicmp(data, "addr", 4)) {
1109                         if (!value || !*value) {
1110                                 vol->UNCip = NULL;
1111                         } else if (strnlen(value, INET6_ADDRSTRLEN) <
1112                                                         INET6_ADDRSTRLEN) {
1113                                 vol->UNCip = kstrdup(value, GFP_KERNEL);
1114                                 if (!vol->UNCip) {
1115                                         printk(KERN_WARNING "CIFS: no memory "
1116                                                             "for UNC IP\n");
1117                                         goto cifs_parse_mount_err;
1118                                 }
1119                         } else {
1120                                 printk(KERN_WARNING "CIFS: ip address "
1121                                                     "too long\n");
1122                                 goto cifs_parse_mount_err;
1123                         }
1124                 } else if (strnicmp(data, "sec", 3) == 0) {
1125                         if (!value || !*value) {
1126                                 cERROR(1, "no security value specified");
1127                                 continue;
1128                         } else if (strnicmp(value, "krb5i", 5) == 0) {
1129                                 vol->secFlg |= CIFSSEC_MAY_KRB5 |
1130                                         CIFSSEC_MUST_SIGN;
1131                         } else if (strnicmp(value, "krb5p", 5) == 0) {
1132                                 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
1133                                         CIFSSEC_MAY_KRB5; */
1134                                 cERROR(1, "Krb5 cifs privacy not supported");
1135                                 goto cifs_parse_mount_err;
1136                         } else if (strnicmp(value, "krb5", 4) == 0) {
1137                                 vol->secFlg |= CIFSSEC_MAY_KRB5;
1138                         } else if (strnicmp(value, "ntlmsspi", 8) == 0) {
1139                                 vol->secFlg |= CIFSSEC_MAY_NTLMSSP |
1140                                         CIFSSEC_MUST_SIGN;
1141                         } else if (strnicmp(value, "ntlmssp", 7) == 0) {
1142                                 vol->secFlg |= CIFSSEC_MAY_NTLMSSP;
1143                         } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
1144                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
1145                                         CIFSSEC_MUST_SIGN;
1146                         } else if (strnicmp(value, "ntlmv2", 6) == 0) {
1147                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
1148                         } else if (strnicmp(value, "ntlmi", 5) == 0) {
1149                                 vol->secFlg |= CIFSSEC_MAY_NTLM |
1150                                         CIFSSEC_MUST_SIGN;
1151                         } else if (strnicmp(value, "ntlm", 4) == 0) {
1152                                 /* ntlm is default so can be turned off too */
1153                                 vol->secFlg |= CIFSSEC_MAY_NTLM;
1154                         } else if (strnicmp(value, "nontlm", 6) == 0) {
1155                                 /* BB is there a better way to do this? */
1156                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
1157 #ifdef CONFIG_CIFS_WEAK_PW_HASH
1158                         } else if (strnicmp(value, "lanman", 6) == 0) {
1159                                 vol->secFlg |= CIFSSEC_MAY_LANMAN;
1160 #endif
1161                         } else if (strnicmp(value, "none", 4) == 0) {
1162                                 vol->nullauth = 1;
1163                         } else {
1164                                 cERROR(1, "bad security option: %s", value);
1165                                 goto cifs_parse_mount_err;
1166                         }
1167                 } else if (strnicmp(data, "vers", 3) == 0) {
1168                         if (!value || !*value) {
1169                                 cERROR(1, "no protocol version specified"
1170                                           " after vers= mount option");
1171                         } else if ((strnicmp(value, "cifs", 4) == 0) ||
1172                                    (strnicmp(value, "1", 1) == 0)) {
1173                                 /* this is the default */
1174                                 continue;
1175                         }
1176                 } else if ((strnicmp(data, "unc", 3) == 0)
1177                            || (strnicmp(data, "target", 6) == 0)
1178                            || (strnicmp(data, "path", 4) == 0)) {
1179                         if (!value || !*value) {
1180                                 printk(KERN_WARNING "CIFS: invalid path to "
1181                                                     "network resource\n");
1182                                 goto cifs_parse_mount_err;
1183                         }
1184                         if ((temp_len = strnlen(value, 300)) < 300) {
1185                                 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1186                                 if (vol->UNC == NULL)
1187                                         goto cifs_parse_mount_err;
1188                                 strcpy(vol->UNC, value);
1189                                 if (strncmp(vol->UNC, "//", 2) == 0) {
1190                                         vol->UNC[0] = '\\';
1191                                         vol->UNC[1] = '\\';
1192                                 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1193                                         printk(KERN_WARNING
1194                                                "CIFS: UNC Path does not begin "
1195                                                "with // or \\\\ \n");
1196                                         goto cifs_parse_mount_err;
1197                                 }
1198                         } else {
1199                                 printk(KERN_WARNING "CIFS: UNC name too long\n");
1200                                 goto cifs_parse_mount_err;
1201                         }
1202                 } else if ((strnicmp(data, "domain", 3) == 0)
1203                            || (strnicmp(data, "workgroup", 5) == 0)) {
1204                         if (!value || !*value) {
1205                                 printk(KERN_WARNING "CIFS: invalid domain name\n");
1206                                 goto cifs_parse_mount_err;
1207                         }
1208                         /* BB are there cases in which a comma can be valid in
1209                         a domain name and need special handling? */
1210                         if (strnlen(value, 256) < 256) {
1211                                 vol->domainname = kstrdup(value, GFP_KERNEL);
1212                                 if (!vol->domainname) {
1213                                         printk(KERN_WARNING "CIFS: no memory "
1214                                                             "for domainname\n");
1215                                         goto cifs_parse_mount_err;
1216                                 }
1217                                 cFYI(1, "Domain name set");
1218                         } else {
1219                                 printk(KERN_WARNING "CIFS: domain name too "
1220                                                     "long\n");
1221                                 goto cifs_parse_mount_err;
1222                         }
1223                 } else if (strnicmp(data, "srcaddr", 7) == 0) {
1224                         vol->srcaddr.ss_family = AF_UNSPEC;
1225
1226                         if (!value || !*value) {
1227                                 printk(KERN_WARNING "CIFS: srcaddr value"
1228                                        " not specified.\n");
1229                                 goto cifs_parse_mount_err;
1230                         }
1231                         i = cifs_convert_address((struct sockaddr *)&vol->srcaddr,
1232                                                  value, strlen(value));
1233                         if (i == 0) {
1234                                 printk(KERN_WARNING "CIFS:  Could not parse"
1235                                        " srcaddr: %s\n",
1236                                        value);
1237                                 goto cifs_parse_mount_err;
1238                         }
1239                 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1240                         if (!value || !*value) {
1241                                 printk(KERN_WARNING
1242                                         "CIFS: invalid path prefix\n");
1243                                 goto cifs_parse_mount_err;
1244                         }
1245                         if ((temp_len = strnlen(value, 1024)) < 1024) {
1246                                 if (value[0] != '/')
1247                                         temp_len++;  /* missing leading slash */
1248                                 vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1249                                 if (vol->prepath == NULL)
1250                                         goto cifs_parse_mount_err;
1251                                 if (value[0] != '/') {
1252                                         vol->prepath[0] = '/';
1253                                         strcpy(vol->prepath+1, value);
1254                                 } else
1255                                         strcpy(vol->prepath, value);
1256                                 cFYI(1, "prefix path %s", vol->prepath);
1257                         } else {
1258                                 printk(KERN_WARNING "CIFS: prefix too long\n");
1259                                 goto cifs_parse_mount_err;
1260                         }
1261                 } else if (strnicmp(data, "iocharset", 9) == 0) {
1262                         if (!value || !*value) {
1263                                 printk(KERN_WARNING "CIFS: invalid iocharset "
1264                                                     "specified\n");
1265                                 goto cifs_parse_mount_err;
1266                         }
1267                         if (strnlen(value, 65) < 65) {
1268                                 if (strnicmp(value, "default", 7)) {
1269                                         vol->iocharset = kstrdup(value,
1270                                                                  GFP_KERNEL);
1271
1272                                         if (!vol->iocharset) {
1273                                                 printk(KERN_WARNING "CIFS: no "
1274                                                                    "memory for"
1275                                                                    "charset\n");
1276                                                 goto cifs_parse_mount_err;
1277                                         }
1278                                 }
1279                                 /* if iocharset not set then load_nls_default
1280                                    is used by caller */
1281                                 cFYI(1, "iocharset set to %s", value);
1282                         } else {
1283                                 printk(KERN_WARNING "CIFS: iocharset name "
1284                                                     "too long.\n");
1285                                 goto cifs_parse_mount_err;
1286                         }
1287                 } else if (!strnicmp(data, "uid", 3) && value && *value) {
1288                         vol->linux_uid = simple_strtoul(value, &value, 0);
1289                         uid_specified = true;
1290                 } else if (!strnicmp(data, "cruid", 5) && value && *value) {
1291                         vol->cred_uid = simple_strtoul(value, &value, 0);
1292                 } else if (!strnicmp(data, "forceuid", 8)) {
1293                         override_uid = 1;
1294                 } else if (!strnicmp(data, "noforceuid", 10)) {
1295                         override_uid = 0;
1296                 } else if (!strnicmp(data, "gid", 3) && value && *value) {
1297                         vol->linux_gid = simple_strtoul(value, &value, 0);
1298                         gid_specified = true;
1299                 } else if (!strnicmp(data, "forcegid", 8)) {
1300                         override_gid = 1;
1301                 } else if (!strnicmp(data, "noforcegid", 10)) {
1302                         override_gid = 0;
1303                 } else if (strnicmp(data, "file_mode", 4) == 0) {
1304                         if (value && *value) {
1305                                 vol->file_mode =
1306                                         simple_strtoul(value, &value, 0);
1307                         }
1308                 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1309                         if (value && *value) {
1310                                 vol->dir_mode =
1311                                         simple_strtoul(value, &value, 0);
1312                         }
1313                 } else if (strnicmp(data, "dirmode", 4) == 0) {
1314                         if (value && *value) {
1315                                 vol->dir_mode =
1316                                         simple_strtoul(value, &value, 0);
1317                         }
1318                 } else if (strnicmp(data, "port", 4) == 0) {
1319                         if (value && *value) {
1320                                 vol->port =
1321                                         simple_strtoul(value, &value, 0);
1322                         }
1323                 } else if (strnicmp(data, "rsize", 5) == 0) {
1324                         if (value && *value) {
1325                                 vol->rsize =
1326                                         simple_strtoul(value, &value, 0);
1327                         }
1328                 } else if (strnicmp(data, "wsize", 5) == 0) {
1329                         if (value && *value) {
1330                                 vol->wsize =
1331                                         simple_strtoul(value, &value, 0);
1332                         }
1333                 } else if (strnicmp(data, "sockopt", 5) == 0) {
1334                         if (!value || !*value) {
1335                                 cERROR(1, "no socket option specified");
1336                                 continue;
1337                         } else if (strnicmp(value, "TCP_NODELAY", 11) == 0) {
1338                                 vol->sockopt_tcp_nodelay = 1;
1339                         }
1340                 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1341                         if (!value || !*value || (*value == ' ')) {
1342                                 cFYI(1, "invalid (empty) netbiosname");
1343                         } else {
1344                                 memset(vol->source_rfc1001_name, 0x20,
1345                                         RFC1001_NAME_LEN);
1346                                 /*
1347                                  * FIXME: are there cases in which a comma can
1348                                  * be valid in workstation netbios name (and
1349                                  * need special handling)?
1350                                  */
1351                                 for (i = 0; i < RFC1001_NAME_LEN; i++) {
1352                                         /* don't ucase netbiosname for user */
1353                                         if (value[i] == 0)
1354                                                 break;
1355                                         vol->source_rfc1001_name[i] = value[i];
1356                                 }
1357                                 /* The string has 16th byte zero still from
1358                                 set at top of the function  */
1359                                 if (i == RFC1001_NAME_LEN && value[i] != 0)
1360                                         printk(KERN_WARNING "CIFS: netbiosname"
1361                                                 " longer than 15 truncated.\n");
1362                         }
1363                 } else if (strnicmp(data, "servern", 7) == 0) {
1364                         /* servernetbiosname specified override *SMBSERVER */
1365                         if (!value || !*value || (*value == ' ')) {
1366                                 cFYI(1, "empty server netbiosname specified");
1367                         } else {
1368                                 /* last byte, type, is 0x20 for servr type */
1369                                 memset(vol->target_rfc1001_name, 0x20,
1370                                         RFC1001_NAME_LEN_WITH_NULL);
1371
1372                                 for (i = 0; i < 15; i++) {
1373                                 /* BB are there cases in which a comma can be
1374                                    valid in this workstation netbios name
1375                                    (and need special handling)? */
1376
1377                                 /* user or mount helper must uppercase
1378                                    the netbiosname */
1379                                         if (value[i] == 0)
1380                                                 break;
1381                                         else
1382                                                 vol->target_rfc1001_name[i] =
1383                                                                 value[i];
1384                                 }
1385                                 /* The string has 16th byte zero still from
1386                                    set at top of the function  */
1387                                 if (i == RFC1001_NAME_LEN && value[i] != 0)
1388                                         printk(KERN_WARNING "CIFS: server net"
1389                                         "biosname longer than 15 truncated.\n");
1390                         }
1391                 } else if (strnicmp(data, "actimeo", 7) == 0) {
1392                         if (value && *value) {
1393                                 vol->actimeo = HZ * simple_strtoul(value,
1394                                                                    &value, 0);
1395                                 if (vol->actimeo > CIFS_MAX_ACTIMEO) {
1396                                         cERROR(1, "CIFS: attribute cache"
1397                                                         "timeout too large");
1398                                         goto cifs_parse_mount_err;
1399                                 }
1400                         }
1401                 } else if (strnicmp(data, "credentials", 4) == 0) {
1402                         /* ignore */
1403                 } else if (strnicmp(data, "version", 3) == 0) {
1404                         /* ignore */
1405                 } else if (strnicmp(data, "guest", 5) == 0) {
1406                         /* ignore */
1407                 } else if (strnicmp(data, "rw", 2) == 0 && strlen(data) == 2) {
1408                         /* ignore */
1409                 } else if (strnicmp(data, "ro", 2) == 0) {
1410                         /* ignore */
1411                 } else if (strnicmp(data, "noblocksend", 11) == 0) {
1412                         vol->noblocksnd = 1;
1413                 } else if (strnicmp(data, "noautotune", 10) == 0) {
1414                         vol->noautotune = 1;
1415                 } else if ((strnicmp(data, "suid", 4) == 0) ||
1416                                    (strnicmp(data, "nosuid", 6) == 0) ||
1417                                    (strnicmp(data, "exec", 4) == 0) ||
1418                                    (strnicmp(data, "noexec", 6) == 0) ||
1419                                    (strnicmp(data, "nodev", 5) == 0) ||
1420                                    (strnicmp(data, "noauto", 6) == 0) ||
1421                                    (strnicmp(data, "dev", 3) == 0)) {
1422                         /*  The mount tool or mount.cifs helper (if present)
1423                             uses these opts to set flags, and the flags are read
1424                             by the kernel vfs layer before we get here (ie
1425                             before read super) so there is no point trying to
1426                             parse these options again and set anything and it
1427                             is ok to just ignore them */
1428                         continue;
1429                 } else if (strnicmp(data, "hard", 4) == 0) {
1430                         vol->retry = 1;
1431                 } else if (strnicmp(data, "soft", 4) == 0) {
1432                         vol->retry = 0;
1433                 } else if (strnicmp(data, "perm", 4) == 0) {
1434                         vol->noperm = 0;
1435                 } else if (strnicmp(data, "noperm", 6) == 0) {
1436                         vol->noperm = 1;
1437                 } else if (strnicmp(data, "mapchars", 8) == 0) {
1438                         vol->remap = 1;
1439                 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1440                         vol->remap = 0;
1441                 } else if (strnicmp(data, "sfu", 3) == 0) {
1442                         vol->sfu_emul = 1;
1443                 } else if (strnicmp(data, "nosfu", 5) == 0) {
1444                         vol->sfu_emul = 0;
1445                 } else if (strnicmp(data, "nodfs", 5) == 0) {
1446                         vol->nodfs = 1;
1447                 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1448                         vol->posix_paths = 1;
1449                 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1450                         vol->posix_paths = 0;
1451                 } else if (strnicmp(data, "nounix", 6) == 0) {
1452                         vol->no_linux_ext = 1;
1453                 } else if (strnicmp(data, "nolinux", 7) == 0) {
1454                         vol->no_linux_ext = 1;
1455                 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1456                            (strnicmp(data, "ignorecase", 10)  == 0)) {
1457                         vol->nocase = 1;
1458                 } else if (strnicmp(data, "mand", 4) == 0) {
1459                         /* ignore */
1460                 } else if (strnicmp(data, "nomand", 6) == 0) {
1461                         /* ignore */
1462                 } else if (strnicmp(data, "_netdev", 7) == 0) {
1463                         /* ignore */
1464                 } else if (strnicmp(data, "brl", 3) == 0) {
1465                         vol->nobrl =  0;
1466                 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1467                            (strnicmp(data, "nolock", 6) == 0)) {
1468                         vol->nobrl =  1;
1469                         /* turn off mandatory locking in mode
1470                         if remote locking is turned off since the
1471                         local vfs will do advisory */
1472                         if (vol->file_mode ==
1473                                 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1474                                 vol->file_mode = S_IALLUGO;
1475                 } else if (strnicmp(data, "forcemandatorylock", 9) == 0) {
1476                         /* will take the shorter form "forcemand" as well */
1477                         /* This mount option will force use of mandatory
1478                           (DOS/Windows style) byte range locks, instead of
1479                           using posix advisory byte range locks, even if the
1480                           Unix extensions are available and posix locks would
1481                           be supported otherwise. If Unix extensions are not
1482                           negotiated this has no effect since mandatory locks
1483                           would be used (mandatory locks is all that those
1484                           those servers support) */
1485                         vol->mand_lock = 1;
1486                 } else if (strnicmp(data, "setuids", 7) == 0) {
1487                         vol->setuids = 1;
1488                 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1489                         vol->setuids = 0;
1490                 } else if (strnicmp(data, "dynperm", 7) == 0) {
1491                         vol->dynperm = true;
1492                 } else if (strnicmp(data, "nodynperm", 9) == 0) {
1493                         vol->dynperm = false;
1494                 } else if (strnicmp(data, "nohard", 6) == 0) {
1495                         vol->retry = 0;
1496                 } else if (strnicmp(data, "nosoft", 6) == 0) {
1497                         vol->retry = 1;
1498                 } else if (strnicmp(data, "nointr", 6) == 0) {
1499                         vol->intr = 0;
1500                 } else if (strnicmp(data, "intr", 4) == 0) {
1501                         vol->intr = 1;
1502                 } else if (strnicmp(data, "nostrictsync", 12) == 0) {
1503                         vol->nostrictsync = 1;
1504                 } else if (strnicmp(data, "strictsync", 10) == 0) {
1505                         vol->nostrictsync = 0;
1506                 } else if (strnicmp(data, "serverino", 7) == 0) {
1507                         vol->server_ino = 1;
1508                 } else if (strnicmp(data, "noserverino", 9) == 0) {
1509                         vol->server_ino = 0;
1510                 } else if (strnicmp(data, "rwpidforward", 12) == 0) {
1511                         vol->rwpidforward = 1;
1512                 } else if (strnicmp(data, "cifsacl", 7) == 0) {
1513                         vol->cifs_acl = 1;
1514                 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1515                         vol->cifs_acl = 0;
1516                 } else if (strnicmp(data, "acl", 3) == 0) {
1517                         vol->no_psx_acl = 0;
1518                 } else if (strnicmp(data, "noacl", 5) == 0) {
1519                         vol->no_psx_acl = 1;
1520                 } else if (strnicmp(data, "locallease", 6) == 0) {
1521                         vol->local_lease = 1;
1522                 } else if (strnicmp(data, "sign", 4) == 0) {
1523                         vol->secFlg |= CIFSSEC_MUST_SIGN;
1524                 } else if (strnicmp(data, "seal", 4) == 0) {
1525                         /* we do not do the following in secFlags because seal
1526                            is a per tree connection (mount) not a per socket
1527                            or per-smb connection option in the protocol */
1528                         /* vol->secFlg |= CIFSSEC_MUST_SEAL; */
1529                         vol->seal = 1;
1530                 } else if (strnicmp(data, "direct", 6) == 0) {
1531                         vol->direct_io = 1;
1532                 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1533                         vol->direct_io = 1;
1534                 } else if (strnicmp(data, "strictcache", 11) == 0) {
1535                         vol->strict_io = 1;
1536                 } else if (strnicmp(data, "noac", 4) == 0) {
1537                         printk(KERN_WARNING "CIFS: Mount option noac not "
1538                                 "supported. Instead set "
1539                                 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1540                 } else if (strnicmp(data, "fsc", 3) == 0) {
1541 #ifndef CONFIG_CIFS_FSCACHE
1542                         cERROR(1, "FS-Cache support needs CONFIG_CIFS_FSCACHE "
1543                                   "kernel config option set");
1544                         goto cifs_parse_mount_err;
1545 #endif
1546                         vol->fsc = true;
1547                 } else if (strnicmp(data, "mfsymlinks", 10) == 0) {
1548                         vol->mfsymlinks = true;
1549                 } else if (strnicmp(data, "multiuser", 8) == 0) {
1550                         vol->multiuser = true;
1551                 } else if (!strnicmp(data, "backupuid", 9) && value && *value) {
1552                         err = kstrtouint(value, 0, &vol->backupuid);
1553                         if (err < 0) {
1554                                 cERROR(1, "%s: Invalid backupuid value",
1555                                         __func__);
1556                                 goto cifs_parse_mount_err;
1557                         }
1558                         vol->backupuid_specified = true;
1559                 } else if (!strnicmp(data, "backupgid", 9) && value && *value) {
1560                         err = kstrtouint(value, 0, &vol->backupgid);
1561                         if (err < 0) {
1562                                 cERROR(1, "%s: Invalid backupgid value",
1563                                         __func__);
1564                                 goto cifs_parse_mount_err;
1565                         }
1566                         vol->backupgid_specified = true;
1567                 } else
1568                         printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1569                                                 data);
1570         }
1571         if (vol->UNC == NULL) {
1572                 if (devname == NULL) {
1573                         printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1574                                                 "target\n");
1575                         goto cifs_parse_mount_err;
1576                 }
1577                 if ((temp_len = strnlen(devname, 300)) < 300) {
1578                         vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1579                         if (vol->UNC == NULL)
1580                                 goto cifs_parse_mount_err;
1581                         strcpy(vol->UNC, devname);
1582                         if (strncmp(vol->UNC, "//", 2) == 0) {
1583                                 vol->UNC[0] = '\\';
1584                                 vol->UNC[1] = '\\';
1585                         } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1586                                 printk(KERN_WARNING "CIFS: UNC Path does not "
1587                                                     "begin with // or \\\\ \n");
1588                                 goto cifs_parse_mount_err;
1589                         }
1590                         value = strpbrk(vol->UNC+2, "/\\");
1591                         if (value)
1592                                 *value = '\\';
1593                 } else {
1594                         printk(KERN_WARNING "CIFS: UNC name too long\n");
1595                         goto cifs_parse_mount_err;
1596                 }
1597         }
1598
1599 #ifndef CONFIG_KEYS
1600         /* Muliuser mounts require CONFIG_KEYS support */
1601         if (vol->multiuser) {
1602                 cERROR(1, "Multiuser mounts require kernels with "
1603                           "CONFIG_KEYS enabled.");
1604                 goto cifs_parse_mount_err;
1605         }
1606 #endif
1607
1608         if (vol->UNCip == NULL)
1609                 vol->UNCip = &vol->UNC[2];
1610
1611         if (uid_specified)
1612                 vol->override_uid = override_uid;
1613         else if (override_uid == 1)
1614                 printk(KERN_NOTICE "CIFS: ignoring forceuid mount option "
1615                                    "specified with no uid= option.\n");
1616
1617         if (gid_specified)
1618                 vol->override_gid = override_gid;
1619         else if (override_gid == 1)
1620                 printk(KERN_NOTICE "CIFS: ignoring forcegid mount option "
1621                                    "specified with no gid= option.\n");
1622
1623         kfree(mountdata_copy);
1624         return 0;
1625
1626 cifs_parse_mount_err:
1627         kfree(mountdata_copy);
1628         return 1;
1629 }
1630
1631 /** Returns true if srcaddr isn't specified and rhs isn't
1632  * specified, or if srcaddr is specified and
1633  * matches the IP address of the rhs argument.
1634  */
1635 static bool
1636 srcip_matches(struct sockaddr *srcaddr, struct sockaddr *rhs)
1637 {
1638         switch (srcaddr->sa_family) {
1639         case AF_UNSPEC:
1640                 return (rhs->sa_family == AF_UNSPEC);
1641         case AF_INET: {
1642                 struct sockaddr_in *saddr4 = (struct sockaddr_in *)srcaddr;
1643                 struct sockaddr_in *vaddr4 = (struct sockaddr_in *)rhs;
1644                 return (saddr4->sin_addr.s_addr == vaddr4->sin_addr.s_addr);
1645         }
1646         case AF_INET6: {
1647                 struct sockaddr_in6 *saddr6 = (struct sockaddr_in6 *)srcaddr;
1648                 struct sockaddr_in6 *vaddr6 = (struct sockaddr_in6 *)&rhs;
1649                 return ipv6_addr_equal(&saddr6->sin6_addr, &vaddr6->sin6_addr);
1650         }
1651         default:
1652                 WARN_ON(1);
1653                 return false; /* don't expect to be here */
1654         }
1655 }
1656
1657 /*
1658  * If no port is specified in addr structure, we try to match with 445 port
1659  * and if it fails - with 139 ports. It should be called only if address
1660  * families of server and addr are equal.
1661  */
1662 static bool
1663 match_port(struct TCP_Server_Info *server, struct sockaddr *addr)
1664 {
1665         __be16 port, *sport;
1666
1667         switch (addr->sa_family) {
1668         case AF_INET:
1669                 sport = &((struct sockaddr_in *) &server->dstaddr)->sin_port;
1670                 port = ((struct sockaddr_in *) addr)->sin_port;
1671                 break;
1672         case AF_INET6:
1673                 sport = &((struct sockaddr_in6 *) &server->dstaddr)->sin6_port;
1674                 port = ((struct sockaddr_in6 *) addr)->sin6_port;
1675                 break;
1676         default:
1677                 WARN_ON(1);
1678                 return false;
1679         }
1680
1681         if (!port) {
1682                 port = htons(CIFS_PORT);
1683                 if (port == *sport)
1684                         return true;
1685
1686                 port = htons(RFC1001_PORT);
1687         }
1688
1689         return port == *sport;
1690 }
1691
1692 static bool
1693 match_address(struct TCP_Server_Info *server, struct sockaddr *addr,
1694               struct sockaddr *srcaddr)
1695 {
1696         switch (addr->sa_family) {
1697         case AF_INET: {
1698                 struct sockaddr_in *addr4 = (struct sockaddr_in *)addr;
1699                 struct sockaddr_in *srv_addr4 =
1700                                         (struct sockaddr_in *)&server->dstaddr;
1701
1702                 if (addr4->sin_addr.s_addr != srv_addr4->sin_addr.s_addr)
1703                         return false;
1704                 break;
1705         }
1706         case AF_INET6: {
1707                 struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)addr;
1708                 struct sockaddr_in6 *srv_addr6 =
1709                                         (struct sockaddr_in6 *)&server->dstaddr;
1710
1711                 if (!ipv6_addr_equal(&addr6->sin6_addr,
1712                                      &srv_addr6->sin6_addr))
1713                         return false;
1714                 if (addr6->sin6_scope_id != srv_addr6->sin6_scope_id)
1715                         return false;
1716                 break;
1717         }
1718         default:
1719                 WARN_ON(1);
1720                 return false; /* don't expect to be here */
1721         }
1722
1723         if (!srcip_matches(srcaddr, (struct sockaddr *)&server->srcaddr))
1724                 return false;
1725
1726         return true;
1727 }
1728
1729 static bool
1730 match_security(struct TCP_Server_Info *server, struct smb_vol *vol)
1731 {
1732         unsigned int secFlags;
1733
1734         if (vol->secFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
1735                 secFlags = vol->secFlg;
1736         else
1737                 secFlags = global_secflags | vol->secFlg;
1738
1739         switch (server->secType) {
1740         case LANMAN:
1741                 if (!(secFlags & (CIFSSEC_MAY_LANMAN|CIFSSEC_MAY_PLNTXT)))
1742                         return false;
1743                 break;
1744         case NTLMv2:
1745                 if (!(secFlags & CIFSSEC_MAY_NTLMV2))
1746                         return false;
1747                 break;
1748         case NTLM:
1749                 if (!(secFlags & CIFSSEC_MAY_NTLM))
1750                         return false;
1751                 break;
1752         case Kerberos:
1753                 if (!(secFlags & CIFSSEC_MAY_KRB5))
1754                         return false;
1755                 break;
1756         case RawNTLMSSP:
1757                 if (!(secFlags & CIFSSEC_MAY_NTLMSSP))
1758                         return false;
1759                 break;
1760         default:
1761                 /* shouldn't happen */
1762                 return false;
1763         }
1764
1765         /* now check if signing mode is acceptable */
1766         if ((secFlags & CIFSSEC_MAY_SIGN) == 0 &&
1767             (server->sec_mode & SECMODE_SIGN_REQUIRED))
1768                         return false;
1769         else if (((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) &&
1770                  (server->sec_mode &
1771                   (SECMODE_SIGN_ENABLED|SECMODE_SIGN_REQUIRED)) == 0)
1772                         return false;
1773
1774         return true;
1775 }
1776
1777 static int match_server(struct TCP_Server_Info *server, struct sockaddr *addr,
1778                          struct smb_vol *vol)
1779 {
1780         if (!net_eq(cifs_net_ns(server), current->nsproxy->net_ns))
1781                 return 0;
1782
1783         if (!match_address(server, addr,
1784                            (struct sockaddr *)&vol->srcaddr))
1785                 return 0;
1786
1787         if (!match_port(server, addr))
1788                 return 0;
1789
1790         if (!match_security(server, vol))
1791                 return 0;
1792
1793         return 1;
1794 }
1795
1796 static struct TCP_Server_Info *
1797 cifs_find_tcp_session(struct sockaddr *addr, struct smb_vol *vol)
1798 {
1799         struct TCP_Server_Info *server;
1800
1801         spin_lock(&cifs_tcp_ses_lock);
1802         list_for_each_entry(server, &cifs_tcp_ses_list, tcp_ses_list) {
1803                 if (!match_server(server, addr, vol))
1804                         continue;
1805
1806                 ++server->srv_count;
1807                 spin_unlock(&cifs_tcp_ses_lock);
1808                 cFYI(1, "Existing tcp session with server found");
1809                 return server;
1810         }
1811         spin_unlock(&cifs_tcp_ses_lock);
1812         return NULL;
1813 }
1814
1815 static void
1816 cifs_put_tcp_session(struct TCP_Server_Info *server)
1817 {
1818         struct task_struct *task;
1819
1820         spin_lock(&cifs_tcp_ses_lock);
1821         if (--server->srv_count > 0) {
1822                 spin_unlock(&cifs_tcp_ses_lock);
1823                 return;
1824         }
1825
1826         put_net(cifs_net_ns(server));
1827
1828         list_del_init(&server->tcp_ses_list);
1829         spin_unlock(&cifs_tcp_ses_lock);
1830
1831         cancel_delayed_work_sync(&server->echo);
1832
1833         spin_lock(&GlobalMid_Lock);
1834         server->tcpStatus = CifsExiting;
1835         spin_unlock(&GlobalMid_Lock);
1836
1837         cifs_crypto_shash_release(server);
1838         cifs_fscache_release_client_cookie(server);
1839
1840         kfree(server->session_key.response);
1841         server->session_key.response = NULL;
1842         server->session_key.len = 0;
1843
1844         task = xchg(&server->tsk, NULL);
1845         if (task)
1846                 force_sig(SIGKILL, task);
1847 }
1848
1849 static struct TCP_Server_Info *
1850 cifs_get_tcp_session(struct smb_vol *volume_info)
1851 {
1852         struct TCP_Server_Info *tcp_ses = NULL;
1853         struct sockaddr_storage addr;
1854         struct sockaddr_in *sin_server = (struct sockaddr_in *) &addr;
1855         struct sockaddr_in6 *sin_server6 = (struct sockaddr_in6 *) &addr;
1856         int rc;
1857
1858         memset(&addr, 0, sizeof(struct sockaddr_storage));
1859
1860         cFYI(1, "UNC: %s ip: %s", volume_info->UNC, volume_info->UNCip);
1861
1862         if (volume_info->UNCip && volume_info->UNC) {
1863                 rc = cifs_fill_sockaddr((struct sockaddr *)&addr,
1864                                         volume_info->UNCip,
1865                                         strlen(volume_info->UNCip),
1866                                         volume_info->port);
1867                 if (!rc) {
1868                         /* we failed translating address */
1869                         rc = -EINVAL;
1870                         goto out_err;
1871                 }
1872         } else if (volume_info->UNCip) {
1873                 /* BB using ip addr as tcp_ses name to connect to the
1874                    DFS root below */
1875                 cERROR(1, "Connecting to DFS root not implemented yet");
1876                 rc = -EINVAL;
1877                 goto out_err;
1878         } else /* which tcp_sess DFS root would we conect to */ {
1879                 cERROR(1, "CIFS mount error: No UNC path (e.g. -o "
1880                         "unc=//192.168.1.100/public) specified");
1881                 rc = -EINVAL;
1882                 goto out_err;
1883         }
1884
1885         /* see if we already have a matching tcp_ses */
1886         tcp_ses = cifs_find_tcp_session((struct sockaddr *)&addr, volume_info);
1887         if (tcp_ses)
1888                 return tcp_ses;
1889
1890         tcp_ses = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL);
1891         if (!tcp_ses) {
1892                 rc = -ENOMEM;
1893                 goto out_err;
1894         }
1895
1896         rc = cifs_crypto_shash_allocate(tcp_ses);
1897         if (rc) {
1898                 cERROR(1, "could not setup hash structures rc %d", rc);
1899                 goto out_err;
1900         }
1901
1902         cifs_set_net_ns(tcp_ses, get_net(current->nsproxy->net_ns));
1903         tcp_ses->hostname = extract_hostname(volume_info->UNC);
1904         if (IS_ERR(tcp_ses->hostname)) {
1905                 rc = PTR_ERR(tcp_ses->hostname);
1906                 goto out_err_crypto_release;
1907         }
1908
1909         tcp_ses->noblocksnd = volume_info->noblocksnd;
1910         tcp_ses->noautotune = volume_info->noautotune;
1911         tcp_ses->tcp_nodelay = volume_info->sockopt_tcp_nodelay;
1912         atomic_set(&tcp_ses->inFlight, 0);
1913         init_waitqueue_head(&tcp_ses->response_q);
1914         init_waitqueue_head(&tcp_ses->request_q);
1915         INIT_LIST_HEAD(&tcp_ses->pending_mid_q);
1916         mutex_init(&tcp_ses->srv_mutex);
1917         memcpy(tcp_ses->workstation_RFC1001_name,
1918                 volume_info->source_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1919         memcpy(tcp_ses->server_RFC1001_name,
1920                 volume_info->target_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1921         tcp_ses->session_estab = false;
1922         tcp_ses->sequence_number = 0;
1923         tcp_ses->lstrp = jiffies;
1924         INIT_LIST_HEAD(&tcp_ses->tcp_ses_list);
1925         INIT_LIST_HEAD(&tcp_ses->smb_ses_list);
1926         INIT_DELAYED_WORK(&tcp_ses->echo, cifs_echo_request);
1927
1928         /*
1929          * at this point we are the only ones with the pointer
1930          * to the struct since the kernel thread not created yet
1931          * no need to spinlock this init of tcpStatus or srv_count
1932          */
1933         tcp_ses->tcpStatus = CifsNew;
1934         memcpy(&tcp_ses->srcaddr, &volume_info->srcaddr,
1935                sizeof(tcp_ses->srcaddr));
1936         ++tcp_ses->srv_count;
1937
1938         if (addr.ss_family == AF_INET6) {
1939                 cFYI(1, "attempting ipv6 connect");
1940                 /* BB should we allow ipv6 on port 139? */
1941                 /* other OS never observed in Wild doing 139 with v6 */
1942                 memcpy(&tcp_ses->dstaddr, sin_server6,
1943                        sizeof(struct sockaddr_in6));
1944         } else
1945                 memcpy(&tcp_ses->dstaddr, sin_server,
1946                        sizeof(struct sockaddr_in));
1947
1948         rc = ip_connect(tcp_ses);
1949         if (rc < 0) {
1950                 cERROR(1, "Error connecting to socket. Aborting operation");
1951                 goto out_err_crypto_release;
1952         }
1953
1954         /*
1955          * since we're in a cifs function already, we know that
1956          * this will succeed. No need for try_module_get().
1957          */
1958         __module_get(THIS_MODULE);
1959         tcp_ses->tsk = kthread_run(cifs_demultiplex_thread,
1960                                   tcp_ses, "cifsd");
1961         if (IS_ERR(tcp_ses->tsk)) {
1962                 rc = PTR_ERR(tcp_ses->tsk);
1963                 cERROR(1, "error %d create cifsd thread", rc);
1964                 module_put(THIS_MODULE);
1965                 goto out_err_crypto_release;
1966         }
1967         tcp_ses->tcpStatus = CifsNeedNegotiate;
1968
1969         /* thread spawned, put it on the list */
1970         spin_lock(&cifs_tcp_ses_lock);
1971         list_add(&tcp_ses->tcp_ses_list, &cifs_tcp_ses_list);
1972         spin_unlock(&cifs_tcp_ses_lock);
1973
1974         cifs_fscache_get_client_cookie(tcp_ses);
1975
1976         /* queue echo request delayed work */
1977         queue_delayed_work(system_nrt_wq, &tcp_ses->echo, SMB_ECHO_INTERVAL);
1978
1979         return tcp_ses;
1980
1981 out_err_crypto_release:
1982         cifs_crypto_shash_release(tcp_ses);
1983
1984         put_net(cifs_net_ns(tcp_ses));
1985
1986 out_err:
1987         if (tcp_ses) {
1988                 if (!IS_ERR(tcp_ses->hostname))
1989                         kfree(tcp_ses->hostname);
1990                 if (tcp_ses->ssocket)
1991                         sock_release(tcp_ses->ssocket);
1992                 kfree(tcp_ses);
1993         }
1994         return ERR_PTR(rc);
1995 }
1996
1997 static int match_session(struct cifs_ses *ses, struct smb_vol *vol)
1998 {
1999         switch (ses->server->secType) {
2000         case Kerberos:
2001                 if (vol->cred_uid != ses->cred_uid)
2002                         return 0;
2003                 break;
2004         default:
2005                 /* NULL username means anonymous session */
2006                 if (ses->user_name == NULL) {
2007                         if (!vol->nullauth)
2008                                 return 0;
2009                         break;
2010                 }
2011
2012                 /* anything else takes username/password */
2013                 if (strncmp(ses->user_name,
2014                             vol->username ? vol->username : "",
2015                             MAX_USERNAME_SIZE))
2016                         return 0;
2017                 if (strlen(vol->username) != 0 &&
2018                     ses->password != NULL &&
2019                     strncmp(ses->password,
2020                             vol->password ? vol->password : "",
2021                             MAX_PASSWORD_SIZE))
2022                         return 0;
2023         }
2024         return 1;
2025 }
2026
2027 static struct cifs_ses *
2028 cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb_vol *vol)
2029 {
2030         struct cifs_ses *ses;
2031
2032         spin_lock(&cifs_tcp_ses_lock);
2033         list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
2034                 if (!match_session(ses, vol))
2035                         continue;
2036                 ++ses->ses_count;
2037                 spin_unlock(&cifs_tcp_ses_lock);
2038                 return ses;
2039         }
2040         spin_unlock(&cifs_tcp_ses_lock);
2041         return NULL;
2042 }
2043
2044 static void
2045 cifs_put_smb_ses(struct cifs_ses *ses)
2046 {
2047         int xid;
2048         struct TCP_Server_Info *server = ses->server;
2049
2050         cFYI(1, "%s: ses_count=%d\n", __func__, ses->ses_count);
2051         spin_lock(&cifs_tcp_ses_lock);
2052         if (--ses->ses_count > 0) {
2053                 spin_unlock(&cifs_tcp_ses_lock);
2054                 return;
2055         }
2056
2057         list_del_init(&ses->smb_ses_list);
2058         spin_unlock(&cifs_tcp_ses_lock);
2059
2060         if (ses->status == CifsGood) {
2061                 xid = GetXid();
2062                 CIFSSMBLogoff(xid, ses);
2063                 _FreeXid(xid);
2064         }
2065         sesInfoFree(ses);
2066         cifs_put_tcp_session(server);
2067 }
2068
2069 #ifdef CONFIG_KEYS
2070
2071 /* strlen("cifs:a:") + INET6_ADDRSTRLEN + 1 */
2072 #define CIFSCREDS_DESC_SIZE (7 + INET6_ADDRSTRLEN + 1)
2073
2074 /* Populate username and pw fields from keyring if possible */
2075 static int
2076 cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses)
2077 {
2078         int rc = 0;
2079         char *desc, *delim, *payload;
2080         ssize_t len;
2081         struct key *key;
2082         struct TCP_Server_Info *server = ses->server;
2083         struct sockaddr_in *sa;
2084         struct sockaddr_in6 *sa6;
2085         struct user_key_payload *upayload;
2086
2087         desc = kmalloc(CIFSCREDS_DESC_SIZE, GFP_KERNEL);
2088         if (!desc)
2089                 return -ENOMEM;
2090
2091         /* try to find an address key first */
2092         switch (server->dstaddr.ss_family) {
2093         case AF_INET:
2094                 sa = (struct sockaddr_in *)&server->dstaddr;
2095                 sprintf(desc, "cifs:a:%pI4", &sa->sin_addr.s_addr);
2096                 break;
2097         case AF_INET6:
2098                 sa6 = (struct sockaddr_in6 *)&server->dstaddr;
2099                 sprintf(desc, "cifs:a:%pI6c", &sa6->sin6_addr.s6_addr);
2100                 break;
2101         default:
2102                 cFYI(1, "Bad ss_family (%hu)", server->dstaddr.ss_family);
2103                 rc = -EINVAL;
2104                 goto out_err;
2105         }
2106
2107         cFYI(1, "%s: desc=%s", __func__, desc);
2108         key = request_key(&key_type_logon, desc, "");
2109         if (IS_ERR(key)) {
2110                 if (!ses->domainName) {
2111                         cFYI(1, "domainName is NULL");
2112                         rc = PTR_ERR(key);
2113                         goto out_err;
2114                 }
2115
2116                 /* didn't work, try to find a domain key */
2117                 sprintf(desc, "cifs:d:%s", ses->domainName);
2118                 cFYI(1, "%s: desc=%s", __func__, desc);
2119                 key = request_key(&key_type_logon, desc, "");
2120                 if (IS_ERR(key)) {
2121                         rc = PTR_ERR(key);
2122                         goto out_err;
2123                 }
2124         }
2125
2126         down_read(&key->sem);
2127         upayload = key->payload.data;
2128         if (IS_ERR_OR_NULL(upayload)) {
2129                 rc = upayload ? PTR_ERR(upayload) : -EINVAL;
2130                 goto out_key_put;
2131         }
2132
2133         /* find first : in payload */
2134         payload = (char *)upayload->data;
2135         delim = strnchr(payload, upayload->datalen, ':');
2136         cFYI(1, "payload=%s", payload);
2137         if (!delim) {
2138                 cFYI(1, "Unable to find ':' in payload (datalen=%d)",
2139                                 upayload->datalen);
2140                 rc = -EINVAL;
2141                 goto out_key_put;
2142         }
2143
2144         len = delim - payload;
2145         if (len > MAX_USERNAME_SIZE || len <= 0) {
2146                 cFYI(1, "Bad value from username search (len=%zd)", len);
2147                 rc = -EINVAL;
2148                 goto out_key_put;
2149         }
2150
2151         vol->username = kstrndup(payload, len, GFP_KERNEL);
2152         if (!vol->username) {
2153                 cFYI(1, "Unable to allocate %zd bytes for username", len);
2154                 rc = -ENOMEM;
2155                 goto out_key_put;
2156         }
2157         cFYI(1, "%s: username=%s", __func__, vol->username);
2158
2159         len = key->datalen - (len + 1);
2160         if (len > MAX_PASSWORD_SIZE || len <= 0) {
2161                 cFYI(1, "Bad len for password search (len=%zd)", len);
2162                 rc = -EINVAL;
2163                 kfree(vol->username);
2164                 vol->username = NULL;
2165                 goto out_key_put;
2166         }
2167
2168         ++delim;
2169         vol->password = kstrndup(delim, len, GFP_KERNEL);
2170         if (!vol->password) {
2171                 cFYI(1, "Unable to allocate %zd bytes for password", len);
2172                 rc = -ENOMEM;
2173                 kfree(vol->username);
2174                 vol->username = NULL;
2175                 goto out_key_put;
2176         }
2177
2178 out_key_put:
2179         up_read(&key->sem);
2180         key_put(key);
2181 out_err:
2182         kfree(desc);
2183         cFYI(1, "%s: returning %d", __func__, rc);
2184         return rc;
2185 }
2186 #else /* ! CONFIG_KEYS */
2187 static inline int
2188 cifs_set_cifscreds(struct smb_vol *vol __attribute__((unused)),
2189                    struct cifs_ses *ses __attribute__((unused)))
2190 {
2191         return -ENOSYS;
2192 }
2193 #endif /* CONFIG_KEYS */
2194
2195 static bool warned_on_ntlm;  /* globals init to false automatically */
2196
2197 static struct cifs_ses *
2198 cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info)
2199 {
2200         int rc = -ENOMEM, xid;
2201         struct cifs_ses *ses;
2202         struct sockaddr_in *addr = (struct sockaddr_in *)&server->dstaddr;
2203         struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)&server->dstaddr;
2204
2205         xid = GetXid();
2206
2207         ses = cifs_find_smb_ses(server, volume_info);
2208         if (ses) {
2209                 cFYI(1, "Existing smb sess found (status=%d)", ses->status);
2210
2211                 mutex_lock(&ses->session_mutex);
2212                 rc = cifs_negotiate_protocol(xid, ses);
2213                 if (rc) {
2214                         mutex_unlock(&ses->session_mutex);
2215                         /* problem -- put our ses reference */
2216                         cifs_put_smb_ses(ses);
2217                         FreeXid(xid);
2218                         return ERR_PTR(rc);
2219                 }
2220                 if (ses->need_reconnect) {
2221                         cFYI(1, "Session needs reconnect");
2222                         rc = cifs_setup_session(xid, ses,
2223                                                 volume_info->local_nls);
2224                         if (rc) {
2225                                 mutex_unlock(&ses->session_mutex);
2226                                 /* problem -- put our reference */
2227                                 cifs_put_smb_ses(ses);
2228                                 FreeXid(xid);
2229                                 return ERR_PTR(rc);
2230                         }
2231                 }
2232                 mutex_unlock(&ses->session_mutex);
2233
2234                 /* existing SMB ses has a server reference already */
2235                 cifs_put_tcp_session(server);
2236                 FreeXid(xid);
2237                 return ses;
2238         }
2239
2240         cFYI(1, "Existing smb sess not found");
2241         ses = sesInfoAlloc();
2242         if (ses == NULL)
2243                 goto get_ses_fail;
2244
2245         /* new SMB session uses our server ref */
2246         ses->server = server;
2247         if (server->dstaddr.ss_family == AF_INET6)
2248                 sprintf(ses->serverName, "%pI6", &addr6->sin6_addr);
2249         else
2250                 sprintf(ses->serverName, "%pI4", &addr->sin_addr);
2251
2252         if (volume_info->username) {
2253                 ses->user_name = kstrdup(volume_info->username, GFP_KERNEL);
2254                 if (!ses->user_name)
2255                         goto get_ses_fail;
2256         }
2257
2258         /* volume_info->password freed at unmount */
2259         if (volume_info->password) {
2260                 ses->password = kstrdup(volume_info->password, GFP_KERNEL);
2261                 if (!ses->password)
2262                         goto get_ses_fail;
2263         }
2264         if (volume_info->domainname) {
2265                 ses->domainName = kstrdup(volume_info->domainname, GFP_KERNEL);
2266                 if (!ses->domainName)
2267                         goto get_ses_fail;
2268         }
2269         ses->cred_uid = volume_info->cred_uid;
2270         ses->linux_uid = volume_info->linux_uid;
2271
2272         /* ntlmv2 is much stronger than ntlm security, and has been broadly
2273         supported for many years, time to update default security mechanism */
2274         if ((volume_info->secFlg == 0) && warned_on_ntlm == false) {
2275                 warned_on_ntlm = true;
2276                 cERROR(1, "default security mechanism requested.  The default "
2277                         "security mechanism will be upgraded from ntlm to "
2278                         "ntlmv2 in kernel release 3.3");
2279         }
2280         ses->overrideSecFlg = volume_info->secFlg;
2281
2282         mutex_lock(&ses->session_mutex);
2283         rc = cifs_negotiate_protocol(xid, ses);
2284         if (!rc)
2285                 rc = cifs_setup_session(xid, ses, volume_info->local_nls);
2286         mutex_unlock(&ses->session_mutex);
2287         if (rc)
2288                 goto get_ses_fail;
2289
2290         /* success, put it on the list */
2291         spin_lock(&cifs_tcp_ses_lock);
2292         list_add(&ses->smb_ses_list, &server->smb_ses_list);
2293         spin_unlock(&cifs_tcp_ses_lock);
2294
2295         FreeXid(xid);
2296         return ses;
2297
2298 get_ses_fail:
2299         sesInfoFree(ses);
2300         FreeXid(xid);
2301         return ERR_PTR(rc);
2302 }
2303
2304 static int match_tcon(struct cifs_tcon *tcon, const char *unc)
2305 {
2306         if (tcon->tidStatus == CifsExiting)
2307                 return 0;
2308         if (strncmp(tcon->treeName, unc, MAX_TREE_SIZE))
2309                 return 0;
2310         return 1;
2311 }
2312
2313 static struct cifs_tcon *
2314 cifs_find_tcon(struct cifs_ses *ses, const char *unc)
2315 {
2316         struct list_head *tmp;
2317         struct cifs_tcon *tcon;
2318
2319         spin_lock(&cifs_tcp_ses_lock);
2320         list_for_each(tmp, &ses->tcon_list) {
2321                 tcon = list_entry(tmp, struct cifs_tcon, tcon_list);
2322                 if (!match_tcon(tcon, unc))
2323                         continue;
2324                 ++tcon->tc_count;
2325                 spin_unlock(&cifs_tcp_ses_lock);
2326                 return tcon;
2327         }
2328         spin_unlock(&cifs_tcp_ses_lock);
2329         return NULL;
2330 }
2331
2332 static void
2333 cifs_put_tcon(struct cifs_tcon *tcon)
2334 {
2335         int xid;
2336         struct cifs_ses *ses = tcon->ses;
2337
2338         cFYI(1, "%s: tc_count=%d\n", __func__, tcon->tc_count);
2339         spin_lock(&cifs_tcp_ses_lock);
2340         if (--tcon->tc_count > 0) {
2341                 spin_unlock(&cifs_tcp_ses_lock);
2342                 return;
2343         }
2344
2345         list_del_init(&tcon->tcon_list);
2346         spin_unlock(&cifs_tcp_ses_lock);
2347
2348         xid = GetXid();
2349         CIFSSMBTDis(xid, tcon);
2350         _FreeXid(xid);
2351
2352         cifs_fscache_release_super_cookie(tcon);
2353         tconInfoFree(tcon);
2354         cifs_put_smb_ses(ses);
2355 }
2356
2357 static struct cifs_tcon *
2358 cifs_get_tcon(struct cifs_ses *ses, struct smb_vol *volume_info)
2359 {
2360         int rc, xid;
2361         struct cifs_tcon *tcon;
2362
2363         tcon = cifs_find_tcon(ses, volume_info->UNC);
2364         if (tcon) {
2365                 cFYI(1, "Found match on UNC path");
2366                 /* existing tcon already has a reference */
2367                 cifs_put_smb_ses(ses);
2368                 if (tcon->seal != volume_info->seal)
2369                         cERROR(1, "transport encryption setting "
2370                                    "conflicts with existing tid");
2371                 return tcon;
2372         }
2373
2374         tcon = tconInfoAlloc();
2375         if (tcon == NULL) {
2376                 rc = -ENOMEM;
2377                 goto out_fail;
2378         }
2379
2380         tcon->ses = ses;
2381         if (volume_info->password) {
2382                 tcon->password = kstrdup(volume_info->password, GFP_KERNEL);
2383                 if (!tcon->password) {
2384                         rc = -ENOMEM;
2385                         goto out_fail;
2386                 }
2387         }
2388
2389         if (strchr(volume_info->UNC + 3, '\\') == NULL
2390             && strchr(volume_info->UNC + 3, '/') == NULL) {
2391                 cERROR(1, "Missing share name");
2392                 rc = -ENODEV;
2393                 goto out_fail;
2394         }
2395
2396         /* BB Do we need to wrap session_mutex around
2397          * this TCon call and Unix SetFS as
2398          * we do on SessSetup and reconnect? */
2399         xid = GetXid();
2400         rc = CIFSTCon(xid, ses, volume_info->UNC, tcon, volume_info->local_nls);
2401         FreeXid(xid);
2402         cFYI(1, "CIFS Tcon rc = %d", rc);
2403         if (rc)
2404                 goto out_fail;
2405
2406         if (volume_info->nodfs) {
2407                 tcon->Flags &= ~SMB_SHARE_IS_IN_DFS;
2408                 cFYI(1, "DFS disabled (%d)", tcon->Flags);
2409         }
2410         tcon->seal = volume_info->seal;
2411         /* we can have only one retry value for a connection
2412            to a share so for resources mounted more than once
2413            to the same server share the last value passed in
2414            for the retry flag is used */
2415         tcon->retry = volume_info->retry;
2416         tcon->nocase = volume_info->nocase;
2417         tcon->local_lease = volume_info->local_lease;
2418
2419         spin_lock(&cifs_tcp_ses_lock);
2420         list_add(&tcon->tcon_list, &ses->tcon_list);
2421         spin_unlock(&cifs_tcp_ses_lock);
2422
2423         cifs_fscache_get_super_cookie(tcon);
2424
2425         return tcon;
2426
2427 out_fail:
2428         tconInfoFree(tcon);
2429         return ERR_PTR(rc);
2430 }
2431
2432 void
2433 cifs_put_tlink(struct tcon_link *tlink)
2434 {
2435         if (!tlink || IS_ERR(tlink))
2436                 return;
2437
2438         if (!atomic_dec_and_test(&tlink->tl_count) ||
2439             test_bit(TCON_LINK_IN_TREE, &tlink->tl_flags)) {
2440                 tlink->tl_time = jiffies;
2441                 return;
2442         }
2443
2444         if (!IS_ERR(tlink_tcon(tlink)))
2445                 cifs_put_tcon(tlink_tcon(tlink));
2446         kfree(tlink);
2447         return;
2448 }
2449
2450 static inline struct tcon_link *
2451 cifs_sb_master_tlink(struct cifs_sb_info *cifs_sb)
2452 {
2453         return cifs_sb->master_tlink;
2454 }
2455
2456 static int
2457 compare_mount_options(struct super_block *sb, struct cifs_mnt_data *mnt_data)
2458 {
2459         struct cifs_sb_info *old = CIFS_SB(sb);
2460         struct cifs_sb_info *new = mnt_data->cifs_sb;
2461
2462         if ((sb->s_flags & CIFS_MS_MASK) != (mnt_data->flags & CIFS_MS_MASK))
2463                 return 0;
2464
2465         if ((old->mnt_cifs_flags & CIFS_MOUNT_MASK) !=
2466             (new->mnt_cifs_flags & CIFS_MOUNT_MASK))
2467                 return 0;
2468
2469         /*
2470          * We want to share sb only if we don't specify an r/wsize or
2471          * specified r/wsize is greater than or equal to existing one.
2472          */
2473         if (new->wsize && new->wsize < old->wsize)
2474                 return 0;
2475
2476         if (new->rsize && new->rsize < old->rsize)
2477                 return 0;
2478
2479         if (old->mnt_uid != new->mnt_uid || old->mnt_gid != new->mnt_gid)
2480                 return 0;
2481
2482         if (old->mnt_file_mode != new->mnt_file_mode ||
2483             old->mnt_dir_mode != new->mnt_dir_mode)
2484                 return 0;
2485
2486         if (strcmp(old->local_nls->charset, new->local_nls->charset))
2487                 return 0;
2488
2489         if (old->actimeo != new->actimeo)
2490                 return 0;
2491
2492         return 1;
2493 }
2494
2495 int
2496 cifs_match_super(struct super_block *sb, void *data)
2497 {
2498         struct cifs_mnt_data *mnt_data = (struct cifs_mnt_data *)data;
2499         struct smb_vol *volume_info;
2500         struct cifs_sb_info *cifs_sb;
2501         struct TCP_Server_Info *tcp_srv;
2502         struct cifs_ses *ses;
2503         struct cifs_tcon *tcon;
2504         struct tcon_link *tlink;
2505         struct sockaddr_storage addr;
2506         int rc = 0;
2507
2508         memset(&addr, 0, sizeof(struct sockaddr_storage));
2509
2510         spin_lock(&cifs_tcp_ses_lock);
2511         cifs_sb = CIFS_SB(sb);
2512         tlink = cifs_get_tlink(cifs_sb_master_tlink(cifs_sb));
2513         if (IS_ERR(tlink)) {
2514                 spin_unlock(&cifs_tcp_ses_lock);
2515                 return rc;
2516         }
2517         tcon = tlink_tcon(tlink);
2518         ses = tcon->ses;
2519         tcp_srv = ses->server;
2520
2521         volume_info = mnt_data->vol;
2522
2523         if (!volume_info->UNCip || !volume_info->UNC)
2524                 goto out;
2525
2526         rc = cifs_fill_sockaddr((struct sockaddr *)&addr,
2527                                 volume_info->UNCip,
2528                                 strlen(volume_info->UNCip),
2529                                 volume_info->port);
2530         if (!rc)
2531                 goto out;
2532
2533         if (!match_server(tcp_srv, (struct sockaddr *)&addr, volume_info) ||
2534             !match_session(ses, volume_info) ||
2535             !match_tcon(tcon, volume_info->UNC)) {
2536                 rc = 0;
2537                 goto out;
2538         }
2539
2540         rc = compare_mount_options(sb, mnt_data);
2541 out:
2542         spin_unlock(&cifs_tcp_ses_lock);
2543         cifs_put_tlink(tlink);
2544         return rc;
2545 }
2546
2547 int
2548 get_dfs_path(int xid, struct cifs_ses *pSesInfo, const char *old_path,
2549              const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
2550              struct dfs_info3_param **preferrals, int remap)
2551 {
2552         char *temp_unc;
2553         int rc = 0;
2554
2555         *pnum_referrals = 0;
2556         *preferrals = NULL;
2557
2558         if (pSesInfo->ipc_tid == 0) {
2559                 temp_unc = kmalloc(2 /* for slashes */ +
2560                         strnlen(pSesInfo->serverName,
2561                                 SERVER_NAME_LEN_WITH_NULL * 2)
2562                                  + 1 + 4 /* slash IPC$ */  + 2,
2563                                 GFP_KERNEL);
2564                 if (temp_unc == NULL)
2565                         return -ENOMEM;
2566                 temp_unc[0] = '\\';
2567                 temp_unc[1] = '\\';
2568                 strcpy(temp_unc + 2, pSesInfo->serverName);
2569                 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
2570                 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
2571                 cFYI(1, "CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid);
2572                 kfree(temp_unc);
2573         }
2574         if (rc == 0)
2575                 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
2576                                      pnum_referrals, nls_codepage, remap);
2577         /* BB map targetUNCs to dfs_info3 structures, here or
2578                 in CIFSGetDFSRefer BB */
2579
2580         return rc;
2581 }
2582
2583 #ifdef CONFIG_DEBUG_LOCK_ALLOC
2584 static struct lock_class_key cifs_key[2];
2585 static struct lock_class_key cifs_slock_key[2];
2586
2587 static inline void
2588 cifs_reclassify_socket4(struct socket *sock)
2589 {
2590         struct sock *sk = sock->sk;
2591         BUG_ON(sock_owned_by_user(sk));
2592         sock_lock_init_class_and_name(sk, "slock-AF_INET-CIFS",
2593                 &cifs_slock_key[0], "sk_lock-AF_INET-CIFS", &cifs_key[0]);
2594 }
2595
2596 static inline void
2597 cifs_reclassify_socket6(struct socket *sock)
2598 {
2599         struct sock *sk = sock->sk;
2600         BUG_ON(sock_owned_by_user(sk));
2601         sock_lock_init_class_and_name(sk, "slock-AF_INET6-CIFS",
2602                 &cifs_slock_key[1], "sk_lock-AF_INET6-CIFS", &cifs_key[1]);
2603 }
2604 #else
2605 static inline void
2606 cifs_reclassify_socket4(struct socket *sock)
2607 {
2608 }
2609
2610 static inline void
2611 cifs_reclassify_socket6(struct socket *sock)
2612 {
2613 }
2614 #endif
2615
2616 /* See RFC1001 section 14 on representation of Netbios names */
2617 static void rfc1002mangle(char *target, char *source, unsigned int length)
2618 {
2619         unsigned int i, j;
2620
2621         for (i = 0, j = 0; i < (length); i++) {
2622                 /* mask a nibble at a time and encode */
2623                 target[j] = 'A' + (0x0F & (source[i] >> 4));
2624                 target[j+1] = 'A' + (0x0F & source[i]);
2625                 j += 2;
2626         }
2627
2628 }
2629
2630 static int
2631 bind_socket(struct TCP_Server_Info *server)
2632 {
2633         int rc = 0;
2634         if (server->srcaddr.ss_family != AF_UNSPEC) {
2635                 /* Bind to the specified local IP address */
2636                 struct socket *socket = server->ssocket;
2637                 rc = socket->ops->bind(socket,
2638                                        (struct sockaddr *) &server->srcaddr,
2639                                        sizeof(server->srcaddr));
2640                 if (rc < 0) {
2641                         struct sockaddr_in *saddr4;
2642                         struct sockaddr_in6 *saddr6;
2643                         saddr4 = (struct sockaddr_in *)&server->srcaddr;
2644                         saddr6 = (struct sockaddr_in6 *)&server->srcaddr;
2645                         if (saddr6->sin6_family == AF_INET6)
2646                                 cERROR(1, "cifs: "
2647                                        "Failed to bind to: %pI6c, error: %d\n",
2648                                        &saddr6->sin6_addr, rc);
2649                         else
2650                                 cERROR(1, "cifs: "
2651                                        "Failed to bind to: %pI4, error: %d\n",
2652                                        &saddr4->sin_addr.s_addr, rc);
2653                 }
2654         }
2655         return rc;
2656 }
2657
2658 static int
2659 ip_rfc1001_connect(struct TCP_Server_Info *server)
2660 {
2661         int rc = 0;
2662         /*
2663          * some servers require RFC1001 sessinit before sending
2664          * negprot - BB check reconnection in case where second
2665          * sessinit is sent but no second negprot
2666          */
2667         struct rfc1002_session_packet *ses_init_buf;
2668         struct smb_hdr *smb_buf;
2669         ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
2670                                GFP_KERNEL);
2671         if (ses_init_buf) {
2672                 ses_init_buf->trailer.session_req.called_len = 32;
2673
2674                 if (server->server_RFC1001_name &&
2675                     server->server_RFC1001_name[0] != 0)
2676                         rfc1002mangle(ses_init_buf->trailer.
2677                                       session_req.called_name,
2678                                       server->server_RFC1001_name,
2679                                       RFC1001_NAME_LEN_WITH_NULL);
2680                 else
2681                         rfc1002mangle(ses_init_buf->trailer.
2682                                       session_req.called_name,
2683                                       DEFAULT_CIFS_CALLED_NAME,
2684                                       RFC1001_NAME_LEN_WITH_NULL);
2685
2686                 ses_init_buf->trailer.session_req.calling_len = 32;
2687
2688                 /*
2689                  * calling name ends in null (byte 16) from old smb
2690                  * convention.
2691                  */
2692                 if (server->workstation_RFC1001_name &&
2693                     server->workstation_RFC1001_name[0] != 0)
2694                         rfc1002mangle(ses_init_buf->trailer.
2695                                       session_req.calling_name,
2696                                       server->workstation_RFC1001_name,
2697                                       RFC1001_NAME_LEN_WITH_NULL);
2698                 else
2699                         rfc1002mangle(ses_init_buf->trailer.
2700                                       session_req.calling_name,
2701                                       "LINUX_CIFS_CLNT",
2702                                       RFC1001_NAME_LEN_WITH_NULL);
2703
2704                 ses_init_buf->trailer.session_req.scope1 = 0;
2705                 ses_init_buf->trailer.session_req.scope2 = 0;
2706                 smb_buf = (struct smb_hdr *)ses_init_buf;
2707
2708                 /* sizeof RFC1002_SESSION_REQUEST with no scope */
2709                 smb_buf->smb_buf_length = cpu_to_be32(0x81000044);
2710                 rc = smb_send(server, smb_buf, 0x44);
2711                 kfree(ses_init_buf);
2712                 /*
2713                  * RFC1001 layer in at least one server
2714                  * requires very short break before negprot
2715                  * presumably because not expecting negprot
2716                  * to follow so fast.  This is a simple
2717                  * solution that works without
2718                  * complicating the code and causes no
2719                  * significant slowing down on mount
2720                  * for everyone else
2721                  */
2722                 usleep_range(1000, 2000);
2723         }
2724         /*
2725          * else the negprot may still work without this
2726          * even though malloc failed
2727          */
2728
2729         return rc;
2730 }
2731
2732 static int
2733 generic_ip_connect(struct TCP_Server_Info *server)
2734 {
2735         int rc = 0;
2736         __be16 sport;
2737         int slen, sfamily;
2738         struct socket *socket = server->ssocket;
2739         struct sockaddr *saddr;
2740
2741         saddr = (struct sockaddr *) &server->dstaddr;
2742
2743         if (server->dstaddr.ss_family == AF_INET6) {
2744                 sport = ((struct sockaddr_in6 *) saddr)->sin6_port;
2745                 slen = sizeof(struct sockaddr_in6);
2746                 sfamily = AF_INET6;
2747         } else {
2748                 sport = ((struct sockaddr_in *) saddr)->sin_port;
2749                 slen = sizeof(struct sockaddr_in);
2750                 sfamily = AF_INET;
2751         }
2752
2753         if (socket == NULL) {
2754                 rc = __sock_create(cifs_net_ns(server), sfamily, SOCK_STREAM,
2755                                    IPPROTO_TCP, &socket, 1);
2756                 if (rc < 0) {
2757                         cERROR(1, "Error %d creating socket", rc);
2758                         server->ssocket = NULL;
2759                         return rc;
2760                 }
2761
2762                 /* BB other socket options to set KEEPALIVE, NODELAY? */
2763                 cFYI(1, "Socket created");
2764                 server->ssocket = socket;
2765                 socket->sk->sk_allocation = GFP_NOFS;
2766                 if (sfamily == AF_INET6)
2767                         cifs_reclassify_socket6(socket);
2768                 else
2769                         cifs_reclassify_socket4(socket);
2770         }
2771
2772         rc = bind_socket(server);
2773         if (rc < 0)
2774                 return rc;
2775
2776         /*
2777          * Eventually check for other socket options to change from
2778          * the default. sock_setsockopt not used because it expects
2779          * user space buffer
2780          */
2781         socket->sk->sk_rcvtimeo = 7 * HZ;
2782         socket->sk->sk_sndtimeo = 5 * HZ;
2783
2784         /* make the bufsizes depend on wsize/rsize and max requests */
2785         if (server->noautotune) {
2786                 if (socket->sk->sk_sndbuf < (200 * 1024))
2787                         socket->sk->sk_sndbuf = 200 * 1024;
2788                 if (socket->sk->sk_rcvbuf < (140 * 1024))
2789                         socket->sk->sk_rcvbuf = 140 * 1024;
2790         }
2791
2792         if (server->tcp_nodelay) {
2793                 int val = 1;
2794                 rc = kernel_setsockopt(socket, SOL_TCP, TCP_NODELAY,
2795                                 (char *)&val, sizeof(val));
2796                 if (rc)
2797                         cFYI(1, "set TCP_NODELAY socket option error %d", rc);
2798         }
2799
2800          cFYI(1, "sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
2801                  socket->sk->sk_sndbuf,
2802                  socket->sk->sk_rcvbuf, socket->sk->sk_rcvtimeo);
2803
2804         rc = socket->ops->connect(socket, saddr, slen, 0);
2805         if (rc < 0) {
2806                 cFYI(1, "Error %d connecting to server", rc);
2807                 sock_release(socket);
2808                 server->ssocket = NULL;
2809                 return rc;
2810         }
2811
2812         if (sport == htons(RFC1001_PORT))
2813                 rc = ip_rfc1001_connect(server);
2814
2815         return rc;
2816 }
2817
2818 static int
2819 ip_connect(struct TCP_Server_Info *server)
2820 {
2821         __be16 *sport;
2822         struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)&server->dstaddr;
2823         struct sockaddr_in *addr = (struct sockaddr_in *)&server->dstaddr;
2824
2825         if (server->dstaddr.ss_family == AF_INET6)
2826                 sport = &addr6->sin6_port;
2827         else
2828                 sport = &addr->sin_port;
2829
2830         if (*sport == 0) {
2831                 int rc;
2832
2833                 /* try with 445 port at first */
2834                 *sport = htons(CIFS_PORT);
2835
2836                 rc = generic_ip_connect(server);
2837                 if (rc >= 0)
2838                         return rc;
2839
2840                 /* if it failed, try with 139 port */
2841                 *sport = htons(RFC1001_PORT);
2842         }
2843
2844         return generic_ip_connect(server);
2845 }
2846
2847 void reset_cifs_unix_caps(int xid, struct cifs_tcon *tcon,
2848                           struct cifs_sb_info *cifs_sb, struct smb_vol *vol_info)
2849 {
2850         /* if we are reconnecting then should we check to see if
2851          * any requested capabilities changed locally e.g. via
2852          * remount but we can not do much about it here
2853          * if they have (even if we could detect it by the following)
2854          * Perhaps we could add a backpointer to array of sb from tcon
2855          * or if we change to make all sb to same share the same
2856          * sb as NFS - then we only have one backpointer to sb.
2857          * What if we wanted to mount the server share twice once with
2858          * and once without posixacls or posix paths? */
2859         __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2860
2861         if (vol_info && vol_info->no_linux_ext) {
2862                 tcon->fsUnixInfo.Capability = 0;
2863                 tcon->unix_ext = 0; /* Unix Extensions disabled */
2864                 cFYI(1, "Linux protocol extensions disabled");
2865                 return;
2866         } else if (vol_info)
2867                 tcon->unix_ext = 1; /* Unix Extensions supported */
2868
2869         if (tcon->unix_ext == 0) {
2870                 cFYI(1, "Unix extensions disabled so not set on reconnect");
2871                 return;
2872         }
2873
2874         if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
2875                 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2876                 cFYI(1, "unix caps which server supports %lld", cap);
2877                 /* check for reconnect case in which we do not
2878                    want to change the mount behavior if we can avoid it */
2879                 if (vol_info == NULL) {
2880                         /* turn off POSIX ACL and PATHNAMES if not set
2881                            originally at mount time */
2882                         if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
2883                                 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2884                         if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2885                                 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2886                                         cERROR(1, "POSIXPATH support change");
2887                                 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2888                         } else if ((cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2889                                 cERROR(1, "possible reconnect error");
2890                                 cERROR(1, "server disabled POSIX path support");
2891                         }
2892                 }
2893
2894                 if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)
2895                         cERROR(1, "per-share encryption not supported yet");
2896
2897                 cap &= CIFS_UNIX_CAP_MASK;
2898                 if (vol_info && vol_info->no_psx_acl)
2899                         cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2900                 else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
2901                         cFYI(1, "negotiated posix acl support");
2902                         if (cifs_sb)
2903                                 cifs_sb->mnt_cifs_flags |=
2904                                         CIFS_MOUNT_POSIXACL;
2905                 }
2906
2907                 if (vol_info && vol_info->posix_paths == 0)
2908                         cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2909                 else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
2910                         cFYI(1, "negotiate posix pathnames");
2911                         if (cifs_sb)
2912                                 cifs_sb->mnt_cifs_flags |=
2913                                         CIFS_MOUNT_POSIX_PATHS;
2914                 }
2915
2916                 cFYI(1, "Negotiate caps 0x%x", (int)cap);
2917 #ifdef CONFIG_CIFS_DEBUG2
2918                 if (cap & CIFS_UNIX_FCNTL_CAP)
2919                         cFYI(1, "FCNTL cap");
2920                 if (cap & CIFS_UNIX_EXTATTR_CAP)
2921                         cFYI(1, "EXTATTR cap");
2922                 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2923                         cFYI(1, "POSIX path cap");
2924                 if (cap & CIFS_UNIX_XATTR_CAP)
2925                         cFYI(1, "XATTR cap");
2926                 if (cap & CIFS_UNIX_POSIX_ACL_CAP)
2927                         cFYI(1, "POSIX ACL cap");
2928                 if (cap & CIFS_UNIX_LARGE_READ_CAP)
2929                         cFYI(1, "very large read cap");
2930                 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
2931                         cFYI(1, "very large write cap");
2932                 if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)
2933                         cFYI(1, "transport encryption cap");
2934                 if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)
2935                         cFYI(1, "mandatory transport encryption cap");
2936 #endif /* CIFS_DEBUG2 */
2937                 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
2938                         if (vol_info == NULL) {
2939                                 cFYI(1, "resetting capabilities failed");
2940                         } else
2941                                 cERROR(1, "Negotiating Unix capabilities "
2942                                            "with the server failed.  Consider "
2943                                            "mounting with the Unix Extensions\n"
2944                                            "disabled, if problems are found, "
2945                                            "by specifying the nounix mount "
2946                                            "option.");
2947
2948                 }
2949         }
2950 }
2951
2952 void cifs_setup_cifs_sb(struct smb_vol *pvolume_info,
2953                         struct cifs_sb_info *cifs_sb)
2954 {
2955         INIT_DELAYED_WORK(&cifs_sb->prune_tlinks, cifs_prune_tlinks);
2956
2957         spin_lock_init(&cifs_sb->tlink_tree_lock);
2958         cifs_sb->tlink_tree = RB_ROOT;
2959
2960         /*
2961          * Temporarily set r/wsize for matching superblock. If we end up using
2962          * new sb then client will later negotiate it downward if needed.
2963          */
2964         cifs_sb->rsize = pvolume_info->rsize;
2965         cifs_sb->wsize = pvolume_info->wsize;
2966
2967         cifs_sb->mnt_uid = pvolume_info->linux_uid;
2968         cifs_sb->mnt_gid = pvolume_info->linux_gid;
2969         if (pvolume_info->backupuid_specified)
2970                 cifs_sb->mnt_backupuid = pvolume_info->backupuid;
2971         if (pvolume_info->backupgid_specified)
2972                 cifs_sb->mnt_backupgid = pvolume_info->backupgid;
2973         cifs_sb->mnt_file_mode = pvolume_info->file_mode;
2974         cifs_sb->mnt_dir_mode = pvolume_info->dir_mode;
2975         cFYI(1, "file mode: 0x%hx  dir mode: 0x%hx",
2976                 cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode);
2977
2978         cifs_sb->actimeo = pvolume_info->actimeo;
2979         cifs_sb->local_nls = pvolume_info->local_nls;
2980
2981         if (pvolume_info->noperm)
2982                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
2983         if (pvolume_info->setuids)
2984                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
2985         if (pvolume_info->server_ino)
2986                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
2987         if (pvolume_info->remap)
2988                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
2989         if (pvolume_info->no_xattr)
2990                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
2991         if (pvolume_info->sfu_emul)
2992                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
2993         if (pvolume_info->nobrl)
2994                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
2995         if (pvolume_info->nostrictsync)
2996                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOSSYNC;
2997         if (pvolume_info->mand_lock)
2998                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOPOSIXBRL;
2999         if (pvolume_info->rwpidforward)
3000                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_RWPIDFORWARD;
3001         if (pvolume_info->cifs_acl)
3002                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
3003         if (pvolume_info->backupuid_specified)
3004                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_BACKUPUID;
3005         if (pvolume_info->backupgid_specified)
3006                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_BACKUPGID;
3007         if (pvolume_info->override_uid)
3008                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
3009         if (pvolume_info->override_gid)
3010                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
3011         if (pvolume_info->dynperm)
3012                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM;
3013         if (pvolume_info->fsc)
3014                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_FSCACHE;
3015         if (pvolume_info->multiuser)
3016                 cifs_sb->mnt_cifs_flags |= (CIFS_MOUNT_MULTIUSER |
3017                                             CIFS_MOUNT_NO_PERM);
3018         if (pvolume_info->strict_io)
3019                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_STRICT_IO;
3020         if (pvolume_info->direct_io) {
3021                 cFYI(1, "mounting share using direct i/o");
3022                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
3023         }
3024         if (pvolume_info->mfsymlinks) {
3025                 if (pvolume_info->sfu_emul) {
3026                         cERROR(1,  "mount option mfsymlinks ignored if sfu "
3027                                    "mount option is used");
3028                 } else {
3029                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MF_SYMLINKS;
3030                 }
3031         }
3032
3033         if ((pvolume_info->cifs_acl) && (pvolume_info->dynperm))
3034                 cERROR(1, "mount option dynperm ignored if cifsacl "
3035                            "mount option supported");
3036 }
3037
3038 /*
3039  * When the server supports very large reads and writes via POSIX extensions,
3040  * we can allow up to 2^24-1, minus the size of a READ/WRITE_AND_X header, not
3041  * including the RFC1001 length.
3042  *
3043  * Note that this might make for "interesting" allocation problems during
3044  * writeback however as we have to allocate an array of pointers for the
3045  * pages. A 16M write means ~32kb page array with PAGE_CACHE_SIZE == 4096.
3046  *
3047  * For reads, there is a similar problem as we need to allocate an array
3048  * of kvecs to handle the receive, though that should only need to be done
3049  * once.
3050  */
3051 #define CIFS_MAX_WSIZE ((1<<24) - 1 - sizeof(WRITE_REQ) + 4)
3052 #define CIFS_MAX_RSIZE ((1<<24) - sizeof(READ_RSP) + 4)
3053
3054 /*
3055  * When the server doesn't allow large posix writes, only allow a rsize/wsize
3056  * of 2^17-1 minus the size of the call header. That allows for a read or
3057  * write up to the maximum size described by RFC1002.
3058  */
3059 #define CIFS_MAX_RFC1002_WSIZE ((1<<17) - 1 - sizeof(WRITE_REQ) + 4)
3060 #define CIFS_MAX_RFC1002_RSIZE ((1<<17) - 1 - sizeof(READ_RSP) + 4)
3061
3062 /*
3063  * The default wsize is 1M. find_get_pages seems to return a maximum of 256
3064  * pages in a single call. With PAGE_CACHE_SIZE == 4k, this means we can fill
3065  * a single wsize request with a single call.
3066  */
3067 #define CIFS_DEFAULT_IOSIZE (1024 * 1024)
3068
3069 /*
3070  * Windows only supports a max of 60kb reads and 65535 byte writes. Default to
3071  * those values when posix extensions aren't in force. In actuality here, we
3072  * use 65536 to allow for a write that is a multiple of 4k. Most servers seem
3073  * to be ok with the extra byte even though Windows doesn't send writes that
3074  * are that large.
3075  *
3076  * Citation:
3077  *
3078  * http://blogs.msdn.com/b/openspecification/archive/2009/04/10/smb-maximum-transmit-buffer-size-and-performance-tuning.aspx
3079  */
3080 #define CIFS_DEFAULT_NON_POSIX_RSIZE (60 * 1024)
3081 #define CIFS_DEFAULT_NON_POSIX_WSIZE (65536)
3082
3083 static unsigned int
3084 cifs_negotiate_wsize(struct cifs_tcon *tcon, struct smb_vol *pvolume_info)
3085 {
3086         __u64 unix_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
3087         struct TCP_Server_Info *server = tcon->ses->server;
3088         unsigned int wsize;
3089
3090         /* start with specified wsize, or default */
3091         if (pvolume_info->wsize)
3092                 wsize = pvolume_info->wsize;
3093         else if (tcon->unix_ext && (unix_cap & CIFS_UNIX_LARGE_WRITE_CAP))
3094                 wsize = CIFS_DEFAULT_IOSIZE;
3095         else
3096                 wsize = CIFS_DEFAULT_NON_POSIX_WSIZE;
3097
3098         /* can server support 24-bit write sizes? (via UNIX extensions) */
3099         if (!tcon->unix_ext || !(unix_cap & CIFS_UNIX_LARGE_WRITE_CAP))
3100                 wsize = min_t(unsigned int, wsize, CIFS_MAX_RFC1002_WSIZE);
3101
3102         /*
3103          * no CAP_LARGE_WRITE_X or is signing enabled without CAP_UNIX set?
3104          * Limit it to max buffer offered by the server, minus the size of the
3105          * WRITEX header, not including the 4 byte RFC1001 length.
3106          */
3107         if (!(server->capabilities & CAP_LARGE_WRITE_X) ||
3108             (!(server->capabilities & CAP_UNIX) &&
3109              (server->sec_mode & (SECMODE_SIGN_ENABLED|SECMODE_SIGN_REQUIRED))))
3110                 wsize = min_t(unsigned int, wsize,
3111                                 server->maxBuf - sizeof(WRITE_REQ) + 4);
3112
3113         /* hard limit of CIFS_MAX_WSIZE */
3114         wsize = min_t(unsigned int, wsize, CIFS_MAX_WSIZE);
3115
3116         return wsize;
3117 }
3118
3119 static unsigned int
3120 cifs_negotiate_rsize(struct cifs_tcon *tcon, struct smb_vol *pvolume_info)
3121 {
3122         __u64 unix_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
3123         struct TCP_Server_Info *server = tcon->ses->server;
3124         unsigned int rsize, defsize;
3125
3126         /*
3127          * Set default value...
3128          *
3129          * HACK alert! Ancient servers have very small buffers. Even though
3130          * MS-CIFS indicates that servers are only limited by the client's
3131          * bufsize for reads, testing against win98se shows that it throws
3132          * INVALID_PARAMETER errors if you try to request too large a read.
3133          *
3134          * If the server advertises a MaxBufferSize of less than one page,
3135          * assume that it also can't satisfy reads larger than that either.
3136          *
3137          * FIXME: Is there a better heuristic for this?
3138          */
3139         if (tcon->unix_ext && (unix_cap & CIFS_UNIX_LARGE_READ_CAP))
3140                 defsize = CIFS_DEFAULT_IOSIZE;
3141         else if (server->capabilities & CAP_LARGE_READ_X)
3142                 defsize = CIFS_DEFAULT_NON_POSIX_RSIZE;
3143         else if (server->maxBuf >= PAGE_CACHE_SIZE)
3144                 defsize = CIFSMaxBufSize;
3145         else
3146                 defsize = server->maxBuf - sizeof(READ_RSP);
3147
3148         rsize = pvolume_info->rsize ? pvolume_info->rsize : defsize;
3149
3150         /*
3151          * no CAP_LARGE_READ_X? Then MS-CIFS states that we must limit this to
3152          * the client's MaxBufferSize.
3153          */
3154         if (!(server->capabilities & CAP_LARGE_READ_X))
3155                 rsize = min_t(unsigned int, CIFSMaxBufSize, rsize);
3156
3157         /* hard limit of CIFS_MAX_RSIZE */
3158         rsize = min_t(unsigned int, rsize, CIFS_MAX_RSIZE);
3159
3160         return rsize;
3161 }
3162
3163 static int
3164 is_path_accessible(int xid, struct cifs_tcon *tcon,
3165                    struct cifs_sb_info *cifs_sb, const char *full_path)
3166 {
3167         int rc;
3168         FILE_ALL_INFO *pfile_info;
3169
3170         pfile_info = kmalloc(sizeof(FILE_ALL_INFO), GFP_KERNEL);
3171         if (pfile_info == NULL)
3172                 return -ENOMEM;
3173
3174         rc = CIFSSMBQPathInfo(xid, tcon, full_path, pfile_info,
3175                               0 /* not legacy */, cifs_sb->local_nls,
3176                               cifs_sb->mnt_cifs_flags &
3177                                 CIFS_MOUNT_MAP_SPECIAL_CHR);
3178
3179         if (rc == -EOPNOTSUPP || rc == -EINVAL)
3180                 rc = SMBQueryInformation(xid, tcon, full_path, pfile_info,
3181                                 cifs_sb->local_nls, cifs_sb->mnt_cifs_flags &
3182                                   CIFS_MOUNT_MAP_SPECIAL_CHR);
3183         kfree(pfile_info);
3184         return rc;
3185 }
3186
3187 static void
3188 cleanup_volume_info_contents(struct smb_vol *volume_info)
3189 {
3190         kfree(volume_info->username);
3191         kzfree(volume_info->password);
3192         if (volume_info->UNCip != volume_info->UNC + 2)
3193                 kfree(volume_info->UNCip);
3194         kfree(volume_info->UNC);
3195         kfree(volume_info->domainname);
3196         kfree(volume_info->iocharset);
3197         kfree(volume_info->prepath);
3198 }
3199
3200 void
3201 cifs_cleanup_volume_info(struct smb_vol *volume_info)
3202 {
3203         if (!volume_info)
3204                 return;
3205         cleanup_volume_info_contents(volume_info);
3206         kfree(volume_info);
3207 }
3208
3209
3210 #ifdef CONFIG_CIFS_DFS_UPCALL
3211 /* build_path_to_root returns full path to root when
3212  * we do not have an exiting connection (tcon) */
3213 static char *
3214 build_unc_path_to_root(const struct smb_vol *vol,
3215                 const struct cifs_sb_info *cifs_sb)
3216 {
3217         char *full_path, *pos;
3218         unsigned int pplen = vol->prepath ? strlen(vol->prepath) : 0;
3219         unsigned int unc_len = strnlen(vol->UNC, MAX_TREE_SIZE + 1);
3220
3221         full_path = kmalloc(unc_len + pplen + 1, GFP_KERNEL);
3222         if (full_path == NULL)
3223                 return ERR_PTR(-ENOMEM);
3224
3225         strncpy(full_path, vol->UNC, unc_len);
3226         pos = full_path + unc_len;
3227
3228         if (pplen) {
3229                 strncpy(pos, vol->prepath, pplen);
3230                 pos += pplen;
3231         }
3232
3233         *pos = '\0'; /* add trailing null */
3234         convert_delimiter(full_path, CIFS_DIR_SEP(cifs_sb));
3235         cFYI(1, "%s: full_path=%s", __func__, full_path);
3236         return full_path;
3237 }
3238
3239 /*
3240  * Perform a dfs referral query for a share and (optionally) prefix
3241  *
3242  * If a referral is found, cifs_sb->mountdata will be (re-)allocated
3243  * to a string containing updated options for the submount.  Otherwise it
3244  * will be left untouched.
3245  *
3246  * Returns the rc from get_dfs_path to the caller, which can be used to
3247  * determine whether there were referrals.
3248  */
3249 static int
3250 expand_dfs_referral(int xid, struct cifs_ses *pSesInfo,
3251                     struct smb_vol *volume_info, struct cifs_sb_info *cifs_sb,
3252                     int check_prefix)
3253 {
3254         int rc;
3255         unsigned int num_referrals = 0;
3256         struct dfs_info3_param *referrals = NULL;
3257         char *full_path = NULL, *ref_path = NULL, *mdata = NULL;
3258
3259         full_path = build_unc_path_to_root(volume_info, cifs_sb);
3260         if (IS_ERR(full_path))
3261                 return PTR_ERR(full_path);
3262
3263         /* For DFS paths, skip the first '\' of the UNC */
3264         ref_path = check_prefix ? full_path + 1 : volume_info->UNC + 1;
3265
3266         rc = get_dfs_path(xid, pSesInfo , ref_path, cifs_sb->local_nls,
3267                           &num_referrals, &referrals,
3268                           cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);
3269
3270         if (!rc && num_referrals > 0) {
3271                 char *fake_devname = NULL;
3272
3273                 mdata = cifs_compose_mount_options(cifs_sb->mountdata,
3274                                                    full_path + 1, referrals,
3275                                                    &fake_devname);
3276
3277                 free_dfs_info_array(referrals, num_referrals);
3278
3279                 if (IS_ERR(mdata)) {
3280                         rc = PTR_ERR(mdata);
3281                         mdata = NULL;
3282                 } else {
3283                         cleanup_volume_info_contents(volume_info);
3284                         memset(volume_info, '\0', sizeof(*volume_info));
3285                         rc = cifs_setup_volume_info(volume_info, mdata,
3286                                                         fake_devname);
3287                 }
3288                 kfree(fake_devname);
3289                 kfree(cifs_sb->mountdata);
3290                 cifs_sb->mountdata = mdata;
3291         }
3292         kfree(full_path);
3293         return rc;
3294 }
3295 #endif
3296
3297 static int
3298 cifs_setup_volume_info(struct smb_vol *volume_info, char *mount_data,
3299                         const char *devname)
3300 {
3301         int rc = 0;
3302
3303         if (cifs_parse_mount_options(mount_data, devname, volume_info))
3304                 return -EINVAL;
3305
3306         if (volume_info->nullauth) {
3307                 cFYI(1, "Anonymous login");
3308                 kfree(volume_info->username);
3309                 volume_info->username = NULL;
3310         } else if (volume_info->username) {
3311                 /* BB fixme parse for domain name here */
3312                 cFYI(1, "Username: %s", volume_info->username);
3313         } else {
3314                 cifserror("No username specified");
3315         /* In userspace mount helper we can get user name from alternate
3316            locations such as env variables and files on disk */
3317                 return -EINVAL;
3318         }
3319
3320         /* this is needed for ASCII cp to Unicode converts */
3321         if (volume_info->iocharset == NULL) {
3322                 /* load_nls_default cannot return null */
3323                 volume_info->local_nls = load_nls_default();
3324         } else {
3325                 volume_info->local_nls = load_nls(volume_info->iocharset);
3326                 if (volume_info->local_nls == NULL) {
3327                         cERROR(1, "CIFS mount error: iocharset %s not found",
3328                                  volume_info->iocharset);
3329                         return -ELIBACC;
3330                 }
3331         }
3332
3333         return rc;
3334 }
3335
3336 struct smb_vol *
3337 cifs_get_volume_info(char *mount_data, const char *devname)
3338 {
3339         int rc;
3340         struct smb_vol *volume_info;
3341
3342         volume_info = kzalloc(sizeof(struct smb_vol), GFP_KERNEL);
3343         if (!volume_info)
3344                 return ERR_PTR(-ENOMEM);
3345
3346         rc = cifs_setup_volume_info(volume_info, mount_data, devname);
3347         if (rc) {
3348                 cifs_cleanup_volume_info(volume_info);
3349                 volume_info = ERR_PTR(rc);
3350         }
3351
3352         return volume_info;
3353 }
3354
3355 /* make sure ra_pages is a multiple of rsize */
3356 static inline unsigned int
3357 cifs_ra_pages(struct cifs_sb_info *cifs_sb)
3358 {
3359         unsigned int reads;
3360         unsigned int rsize_pages = cifs_sb->rsize / PAGE_CACHE_SIZE;
3361
3362         if (rsize_pages >= default_backing_dev_info.ra_pages)
3363                 return default_backing_dev_info.ra_pages;
3364         else if (rsize_pages == 0)
3365                 return rsize_pages;
3366
3367         reads = default_backing_dev_info.ra_pages / rsize_pages;
3368         return reads * rsize_pages;
3369 }
3370
3371 int
3372 cifs_mount(struct cifs_sb_info *cifs_sb, struct smb_vol *volume_info)
3373 {
3374         int rc = 0;
3375         int xid;
3376         struct cifs_ses *pSesInfo;
3377         struct cifs_tcon *tcon;
3378         struct TCP_Server_Info *srvTcp;
3379         char   *full_path;
3380         struct tcon_link *tlink;
3381 #ifdef CONFIG_CIFS_DFS_UPCALL
3382         int referral_walks_count = 0;
3383 #endif
3384
3385         rc = bdi_setup_and_register(&cifs_sb->bdi, "cifs", BDI_CAP_MAP_COPY);
3386         if (rc)
3387                 return rc;
3388
3389 #ifdef CONFIG_CIFS_DFS_UPCALL
3390 try_mount_again:
3391         /* cleanup activities if we're chasing a referral */
3392         if (referral_walks_count) {
3393                 if (tcon)
3394                         cifs_put_tcon(tcon);
3395                 else if (pSesInfo)
3396                         cifs_put_smb_ses(pSesInfo);
3397
3398                 FreeXid(xid);
3399         }
3400 #endif
3401         tcon = NULL;
3402         pSesInfo = NULL;
3403         srvTcp = NULL;
3404         full_path = NULL;
3405         tlink = NULL;
3406
3407         xid = GetXid();
3408
3409         /* get a reference to a tcp session */
3410         srvTcp = cifs_get_tcp_session(volume_info);
3411         if (IS_ERR(srvTcp)) {
3412                 rc = PTR_ERR(srvTcp);
3413                 bdi_destroy(&cifs_sb->bdi);
3414                 goto out;
3415         }
3416
3417         /* get a reference to a SMB session */
3418         pSesInfo = cifs_get_smb_ses(srvTcp, volume_info);
3419         if (IS_ERR(pSesInfo)) {
3420                 rc = PTR_ERR(pSesInfo);
3421                 pSesInfo = NULL;
3422                 goto mount_fail_check;
3423         }
3424
3425         /* search for existing tcon to this server share */
3426         tcon = cifs_get_tcon(pSesInfo, volume_info);
3427         if (IS_ERR(tcon)) {
3428                 rc = PTR_ERR(tcon);
3429                 tcon = NULL;
3430                 goto remote_path_check;
3431         }
3432
3433         /* tell server which Unix caps we support */
3434         if (tcon->ses->capabilities & CAP_UNIX) {
3435                 /* reset of caps checks mount to see if unix extensions
3436                    disabled for just this mount */
3437                 reset_cifs_unix_caps(xid, tcon, cifs_sb, volume_info);
3438                 if ((tcon->ses->server->tcpStatus == CifsNeedReconnect) &&
3439                     (le64_to_cpu(tcon->fsUnixInfo.Capability) &
3440                      CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)) {
3441                         rc = -EACCES;
3442                         goto mount_fail_check;
3443                 }
3444         } else
3445                 tcon->unix_ext = 0; /* server does not support them */
3446
3447         /* do not care if following two calls succeed - informational */
3448         if (!tcon->ipc) {
3449                 CIFSSMBQFSDeviceInfo(xid, tcon);
3450                 CIFSSMBQFSAttributeInfo(xid, tcon);
3451         }
3452
3453         cifs_sb->wsize = cifs_negotiate_wsize(tcon, volume_info);
3454         cifs_sb->rsize = cifs_negotiate_rsize(tcon, volume_info);
3455
3456         /* tune readahead according to rsize */
3457         cifs_sb->bdi.ra_pages = cifs_ra_pages(cifs_sb);
3458
3459 remote_path_check:
3460 #ifdef CONFIG_CIFS_DFS_UPCALL
3461         /*
3462          * Perform an unconditional check for whether there are DFS
3463          * referrals for this path without prefix, to provide support
3464          * for DFS referrals from w2k8 servers which don't seem to respond
3465          * with PATH_NOT_COVERED to requests that include the prefix.
3466          * Chase the referral if found, otherwise continue normally.
3467          */
3468         if (referral_walks_count == 0) {
3469                 int refrc = expand_dfs_referral(xid, pSesInfo, volume_info,
3470                                                 cifs_sb, false);
3471                 if (!refrc) {
3472                         referral_walks_count++;
3473                         goto try_mount_again;
3474                 }
3475         }
3476 #endif
3477
3478         /* check if a whole path is not remote */
3479         if (!rc && tcon) {
3480                 /* build_path_to_root works only when we have a valid tcon */
3481                 full_path = cifs_build_path_to_root(volume_info, cifs_sb, tcon);
3482                 if (full_path == NULL) {
3483                         rc = -ENOMEM;
3484                         goto mount_fail_check;
3485                 }
3486                 rc = is_path_accessible(xid, tcon, cifs_sb, full_path);
3487                 if (rc != 0 && rc != -EREMOTE) {
3488                         kfree(full_path);
3489                         goto mount_fail_check;
3490                 }
3491                 kfree(full_path);
3492         }
3493
3494         /* get referral if needed */
3495         if (rc == -EREMOTE) {
3496 #ifdef CONFIG_CIFS_DFS_UPCALL
3497                 if (referral_walks_count > MAX_NESTED_LINKS) {
3498                         /*
3499                          * BB: when we implement proper loop detection,
3500                          *     we will remove this check. But now we need it
3501                          *     to prevent an indefinite loop if 'DFS tree' is
3502                          *     misconfigured (i.e. has loops).
3503                          */
3504                         rc = -ELOOP;
3505                         goto mount_fail_check;
3506                 }
3507
3508                 rc = expand_dfs_referral(xid, pSesInfo, volume_info, cifs_sb,
3509                                          true);
3510
3511                 if (!rc) {
3512                         referral_walks_count++;
3513                         goto try_mount_again;
3514                 }
3515                 goto mount_fail_check;
3516 #else /* No DFS support, return error on mount */
3517                 rc = -EOPNOTSUPP;
3518 #endif
3519         }
3520
3521         if (rc)
3522                 goto mount_fail_check;
3523
3524         /* now, hang the tcon off of the superblock */
3525         tlink = kzalloc(sizeof *tlink, GFP_KERNEL);
3526         if (tlink == NULL) {
3527                 rc = -ENOMEM;
3528                 goto mount_fail_check;
3529         }
3530
3531         tlink->tl_uid = pSesInfo->linux_uid;
3532         tlink->tl_tcon = tcon;
3533         tlink->tl_time = jiffies;
3534         set_bit(TCON_LINK_MASTER, &tlink->tl_flags);
3535         set_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
3536
3537         cifs_sb->master_tlink = tlink;
3538         spin_lock(&cifs_sb->tlink_tree_lock);
3539         tlink_rb_insert(&cifs_sb->tlink_tree, tlink);
3540         spin_unlock(&cifs_sb->tlink_tree_lock);
3541
3542         queue_delayed_work(system_nrt_wq, &cifs_sb->prune_tlinks,
3543                                 TLINK_IDLE_EXPIRE);
3544
3545 mount_fail_check:
3546         /* on error free sesinfo and tcon struct if needed */
3547         if (rc) {
3548                 /* If find_unc succeeded then rc == 0 so we can not end */
3549                 /* up accidentally freeing someone elses tcon struct */
3550                 if (tcon)
3551                         cifs_put_tcon(tcon);
3552                 else if (pSesInfo)
3553                         cifs_put_smb_ses(pSesInfo);
3554                 else
3555                         cifs_put_tcp_session(srvTcp);
3556                 bdi_destroy(&cifs_sb->bdi);
3557         }
3558
3559 out:
3560         FreeXid(xid);
3561         return rc;
3562 }
3563
3564 /*
3565  * Issue a TREE_CONNECT request. Note that for IPC$ shares, that the tcon
3566  * pointer may be NULL.
3567  */
3568 int
3569 CIFSTCon(unsigned int xid, struct cifs_ses *ses,
3570          const char *tree, struct cifs_tcon *tcon,
3571          const struct nls_table *nls_codepage)
3572 {
3573         struct smb_hdr *smb_buffer;
3574         struct smb_hdr *smb_buffer_response;
3575         TCONX_REQ *pSMB;
3576         TCONX_RSP *pSMBr;
3577         unsigned char *bcc_ptr;
3578         int rc = 0;
3579         int length;
3580         __u16 bytes_left, count;
3581
3582         if (ses == NULL)
3583                 return -EIO;
3584
3585         smb_buffer = cifs_buf_get();
3586         if (smb_buffer == NULL)
3587                 return -ENOMEM;
3588
3589         smb_buffer_response = smb_buffer;
3590
3591         header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3592                         NULL /*no tid */ , 4 /*wct */ );
3593
3594         smb_buffer->Mid = GetNextMid(ses->server);
3595         smb_buffer->Uid = ses->Suid;
3596         pSMB = (TCONX_REQ *) smb_buffer;
3597         pSMBr = (TCONX_RSP *) smb_buffer_response;
3598
3599         pSMB->AndXCommand = 0xFF;
3600         pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3601         bcc_ptr = &pSMB->Password[0];
3602         if (!tcon || (ses->server->sec_mode & SECMODE_USER)) {
3603                 pSMB->PasswordLength = cpu_to_le16(1);  /* minimum */
3604                 *bcc_ptr = 0; /* password is null byte */
3605                 bcc_ptr++;              /* skip password */
3606                 /* already aligned so no need to do it below */
3607         } else {
3608                 pSMB->PasswordLength = cpu_to_le16(CIFS_AUTH_RESP_SIZE);
3609                 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3610                    specified as required (when that support is added to
3611                    the vfs in the future) as only NTLM or the much
3612                    weaker LANMAN (which we do not send by default) is accepted
3613                    by Samba (not sure whether other servers allow
3614                    NTLMv2 password here) */
3615 #ifdef CONFIG_CIFS_WEAK_PW_HASH
3616                 if ((global_secflags & CIFSSEC_MAY_LANMAN) &&
3617                     (ses->server->secType == LANMAN))
3618                         calc_lanman_hash(tcon->password, ses->server->cryptkey,
3619                                          ses->server->sec_mode &
3620                                             SECMODE_PW_ENCRYPT ? true : false,
3621                                          bcc_ptr);
3622                 else
3623 #endif /* CIFS_WEAK_PW_HASH */
3624                 rc = SMBNTencrypt(tcon->password, ses->server->cryptkey,
3625                                         bcc_ptr, nls_codepage);
3626
3627                 bcc_ptr += CIFS_AUTH_RESP_SIZE;
3628                 if (ses->capabilities & CAP_UNICODE) {
3629                         /* must align unicode strings */
3630                         *bcc_ptr = 0; /* null byte password */
3631                         bcc_ptr++;
3632                 }
3633         }
3634
3635         if (ses->server->sec_mode &
3636                         (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3637                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3638
3639         if (ses->capabilities & CAP_STATUS32) {
3640                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3641         }
3642         if (ses->capabilities & CAP_DFS) {
3643                 smb_buffer->Flags2 |= SMBFLG2_DFS;
3644         }
3645         if (ses->capabilities & CAP_UNICODE) {
3646                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3647                 length =
3648                     cifs_strtoUTF16((__le16 *) bcc_ptr, tree,
3649                         6 /* max utf8 char length in bytes */ *
3650                         (/* server len*/ + 256 /* share len */), nls_codepage);
3651                 bcc_ptr += 2 * length;  /* convert num 16 bit words to bytes */
3652                 bcc_ptr += 2;   /* skip trailing null */
3653         } else {                /* ASCII */
3654                 strcpy(bcc_ptr, tree);
3655                 bcc_ptr += strlen(tree) + 1;
3656         }
3657         strcpy(bcc_ptr, "?????");
3658         bcc_ptr += strlen("?????");
3659         bcc_ptr += 1;
3660         count = bcc_ptr - &pSMB->Password[0];
3661         pSMB->hdr.smb_buf_length = cpu_to_be32(be32_to_cpu(
3662                                         pSMB->hdr.smb_buf_length) + count);
3663         pSMB->ByteCount = cpu_to_le16(count);
3664
3665         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
3666                          0);
3667
3668         /* above now done in SendReceive */
3669         if ((rc == 0) && (tcon != NULL)) {
3670                 bool is_unicode;
3671
3672                 tcon->tidStatus = CifsGood;
3673                 tcon->need_reconnect = false;
3674                 tcon->tid = smb_buffer_response->Tid;
3675                 bcc_ptr = pByteArea(smb_buffer_response);
3676                 bytes_left = get_bcc(smb_buffer_response);
3677                 length = strnlen(bcc_ptr, bytes_left - 2);
3678                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE)
3679                         is_unicode = true;
3680                 else
3681                         is_unicode = false;
3682
3683
3684                 /* skip service field (NB: this field is always ASCII) */
3685                 if (length == 3) {
3686                         if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') &&
3687                             (bcc_ptr[2] == 'C')) {
3688                                 cFYI(1, "IPC connection");
3689                                 tcon->ipc = 1;
3690                         }
3691                 } else if (length == 2) {
3692                         if ((bcc_ptr[0] == 'A') && (bcc_ptr[1] == ':')) {
3693                                 /* the most common case */
3694                                 cFYI(1, "disk share connection");
3695                         }
3696                 }
3697                 bcc_ptr += length + 1;
3698                 bytes_left -= (length + 1);
3699                 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3700
3701                 /* mostly informational -- no need to fail on error here */
3702                 kfree(tcon->nativeFileSystem);
3703                 tcon->nativeFileSystem = cifs_strndup_from_utf16(bcc_ptr,
3704                                                       bytes_left, is_unicode,
3705                                                       nls_codepage);
3706
3707                 cFYI(1, "nativeFileSystem=%s", tcon->nativeFileSystem);
3708
3709                 if ((smb_buffer_response->WordCount == 3) ||
3710                          (smb_buffer_response->WordCount == 7))
3711                         /* field is in same location */
3712                         tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3713                 else
3714                         tcon->Flags = 0;
3715                 cFYI(1, "Tcon flags: 0x%x ", tcon->Flags);
3716         } else if ((rc == 0) && tcon == NULL) {
3717                 /* all we need to save for IPC$ connection */
3718                 ses->ipc_tid = smb_buffer_response->Tid;
3719         }
3720
3721         cifs_buf_release(smb_buffer);
3722         return rc;
3723 }
3724
3725 void
3726 cifs_umount(struct cifs_sb_info *cifs_sb)
3727 {
3728         struct rb_root *root = &cifs_sb->tlink_tree;
3729         struct rb_node *node;
3730         struct tcon_link *tlink;
3731
3732         cancel_delayed_work_sync(&cifs_sb->prune_tlinks);
3733
3734         spin_lock(&cifs_sb->tlink_tree_lock);
3735         while ((node = rb_first(root))) {
3736                 tlink = rb_entry(node, struct tcon_link, tl_rbnode);
3737                 cifs_get_tlink(tlink);
3738                 clear_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
3739                 rb_erase(node, root);
3740
3741                 spin_unlock(&cifs_sb->tlink_tree_lock);
3742                 cifs_put_tlink(tlink);
3743                 spin_lock(&cifs_sb->tlink_tree_lock);
3744         }
3745         spin_unlock(&cifs_sb->tlink_tree_lock);
3746
3747         bdi_destroy(&cifs_sb->bdi);
3748         kfree(cifs_sb->mountdata);
3749         unload_nls(cifs_sb->local_nls);
3750         kfree(cifs_sb);
3751 }
3752
3753 int cifs_negotiate_protocol(unsigned int xid, struct cifs_ses *ses)
3754 {
3755         int rc = 0;
3756         struct TCP_Server_Info *server = ses->server;
3757
3758         /* only send once per connect */
3759         if (server->maxBuf != 0)
3760                 return 0;
3761
3762         rc = CIFSSMBNegotiate(xid, ses);
3763         if (rc == -EAGAIN) {
3764                 /* retry only once on 1st time connection */
3765                 rc = CIFSSMBNegotiate(xid, ses);
3766                 if (rc == -EAGAIN)
3767                         rc = -EHOSTDOWN;
3768         }
3769         if (rc == 0) {
3770                 spin_lock(&GlobalMid_Lock);
3771                 if (server->tcpStatus == CifsNeedNegotiate)
3772                         server->tcpStatus = CifsGood;
3773                 else
3774                         rc = -EHOSTDOWN;
3775                 spin_unlock(&GlobalMid_Lock);
3776
3777         }
3778
3779         return rc;
3780 }
3781
3782
3783 int cifs_setup_session(unsigned int xid, struct cifs_ses *ses,
3784                         struct nls_table *nls_info)
3785 {
3786         int rc = 0;
3787         struct TCP_Server_Info *server = ses->server;
3788
3789         ses->flags = 0;
3790         ses->capabilities = server->capabilities;
3791         if (linuxExtEnabled == 0)
3792                 ses->capabilities &= (~CAP_UNIX);
3793
3794         cFYI(1, "Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
3795                  server->sec_mode, server->capabilities, server->timeAdj);
3796
3797         rc = CIFS_SessSetup(xid, ses, nls_info);
3798         if (rc) {
3799                 cERROR(1, "Send error in SessSetup = %d", rc);
3800         } else {
3801                 mutex_lock(&ses->server->srv_mutex);
3802                 if (!server->session_estab) {
3803                         server->session_key.response = ses->auth_key.response;
3804                         server->session_key.len = ses->auth_key.len;
3805                         server->sequence_number = 0x2;
3806                         server->session_estab = true;
3807                         ses->auth_key.response = NULL;
3808                 }
3809                 mutex_unlock(&server->srv_mutex);
3810
3811                 cFYI(1, "CIFS Session Established successfully");
3812                 spin_lock(&GlobalMid_Lock);
3813                 ses->status = CifsGood;
3814                 ses->need_reconnect = false;
3815                 spin_unlock(&GlobalMid_Lock);
3816         }
3817
3818         kfree(ses->auth_key.response);
3819         ses->auth_key.response = NULL;
3820         ses->auth_key.len = 0;
3821         kfree(ses->ntlmssp);
3822         ses->ntlmssp = NULL;
3823
3824         return rc;
3825 }
3826
3827 static int
3828 cifs_set_vol_auth(struct smb_vol *vol, struct cifs_ses *ses)
3829 {
3830         switch (ses->server->secType) {
3831         case Kerberos:
3832                 vol->secFlg = CIFSSEC_MUST_KRB5;
3833                 return 0;
3834         case NTLMv2:
3835                 vol->secFlg = CIFSSEC_MUST_NTLMV2;
3836                 break;
3837         case NTLM:
3838                 vol->secFlg = CIFSSEC_MUST_NTLM;
3839                 break;
3840         case RawNTLMSSP:
3841                 vol->secFlg = CIFSSEC_MUST_NTLMSSP;
3842                 break;
3843         case LANMAN:
3844                 vol->secFlg = CIFSSEC_MUST_LANMAN;
3845                 break;
3846         }
3847
3848         return cifs_set_cifscreds(vol, ses);
3849 }
3850
3851 static struct cifs_tcon *
3852 cifs_construct_tcon(struct cifs_sb_info *cifs_sb, uid_t fsuid)
3853 {
3854         int rc;
3855         struct cifs_tcon *master_tcon = cifs_sb_master_tcon(cifs_sb);
3856         struct cifs_ses *ses;
3857         struct cifs_tcon *tcon = NULL;
3858         struct smb_vol *vol_info;
3859
3860         vol_info = kzalloc(sizeof(*vol_info), GFP_KERNEL);
3861         if (vol_info == NULL)
3862                 return ERR_PTR(-ENOMEM);
3863
3864         vol_info->local_nls = cifs_sb->local_nls;
3865         vol_info->linux_uid = fsuid;
3866         vol_info->cred_uid = fsuid;
3867         vol_info->UNC = master_tcon->treeName;
3868         vol_info->retry = master_tcon->retry;
3869         vol_info->nocase = master_tcon->nocase;
3870         vol_info->local_lease = master_tcon->local_lease;
3871         vol_info->no_linux_ext = !master_tcon->unix_ext;
3872
3873         rc = cifs_set_vol_auth(vol_info, master_tcon->ses);
3874         if (rc) {
3875                 tcon = ERR_PTR(rc);
3876                 goto out;
3877         }
3878
3879         /* get a reference for the same TCP session */
3880         spin_lock(&cifs_tcp_ses_lock);
3881         ++master_tcon->ses->server->srv_count;
3882         spin_unlock(&cifs_tcp_ses_lock);
3883
3884         ses = cifs_get_smb_ses(master_tcon->ses->server, vol_info);
3885         if (IS_ERR(ses)) {
3886                 tcon = (struct cifs_tcon *)ses;
3887                 cifs_put_tcp_session(master_tcon->ses->server);
3888                 goto out;
3889         }
3890
3891         tcon = cifs_get_tcon(ses, vol_info);
3892         if (IS_ERR(tcon)) {
3893                 cifs_put_smb_ses(ses);
3894                 goto out;
3895         }
3896
3897         if (ses->capabilities & CAP_UNIX)
3898                 reset_cifs_unix_caps(0, tcon, NULL, vol_info);
3899 out:
3900         kfree(vol_info->username);
3901         kfree(vol_info->password);
3902         kfree(vol_info);
3903
3904         return tcon;
3905 }
3906
3907 struct cifs_tcon *
3908 cifs_sb_master_tcon(struct cifs_sb_info *cifs_sb)
3909 {
3910         return tlink_tcon(cifs_sb_master_tlink(cifs_sb));
3911 }
3912
3913 static int
3914 cifs_sb_tcon_pending_wait(void *unused)
3915 {
3916         schedule();
3917         return signal_pending(current) ? -ERESTARTSYS : 0;
3918 }
3919
3920 /* find and return a tlink with given uid */
3921 static struct tcon_link *
3922 tlink_rb_search(struct rb_root *root, uid_t uid)
3923 {
3924         struct rb_node *node = root->rb_node;
3925         struct tcon_link *tlink;
3926
3927         while (node) {
3928                 tlink = rb_entry(node, struct tcon_link, tl_rbnode);
3929
3930                 if (tlink->tl_uid > uid)
3931                         node = node->rb_left;
3932                 else if (tlink->tl_uid < uid)
3933                         node = node->rb_right;
3934                 else
3935                         return tlink;
3936         }
3937         return NULL;
3938 }
3939
3940 /* insert a tcon_link into the tree */
3941 static void
3942 tlink_rb_insert(struct rb_root *root, struct tcon_link *new_tlink)
3943 {
3944         struct rb_node **new = &(root->rb_node), *parent = NULL;
3945         struct tcon_link *tlink;
3946
3947         while (*new) {
3948                 tlink = rb_entry(*new, struct tcon_link, tl_rbnode);
3949                 parent = *new;
3950
3951                 if (tlink->tl_uid > new_tlink->tl_uid)
3952                         new = &((*new)->rb_left);
3953                 else
3954                         new = &((*new)->rb_right);
3955         }
3956
3957         rb_link_node(&new_tlink->tl_rbnode, parent, new);
3958         rb_insert_color(&new_tlink->tl_rbnode, root);
3959 }
3960
3961 /*
3962  * Find or construct an appropriate tcon given a cifs_sb and the fsuid of the
3963  * current task.
3964  *
3965  * If the superblock doesn't refer to a multiuser mount, then just return
3966  * the master tcon for the mount.
3967  *
3968  * First, search the rbtree for an existing tcon for this fsuid. If one
3969  * exists, then check to see if it's pending construction. If it is then wait
3970  * for construction to complete. Once it's no longer pending, check to see if
3971  * it failed and either return an error or retry construction, depending on
3972  * the timeout.
3973  *
3974  * If one doesn't exist then insert a new tcon_link struct into the tree and
3975  * try to construct a new one.
3976  */
3977 struct tcon_link *
3978 cifs_sb_tlink(struct cifs_sb_info *cifs_sb)
3979 {
3980         int ret;
3981         uid_t fsuid = current_fsuid();
3982         struct tcon_link *tlink, *newtlink;
3983
3984         if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MULTIUSER))
3985                 return cifs_get_tlink(cifs_sb_master_tlink(cifs_sb));
3986
3987         spin_lock(&cifs_sb->tlink_tree_lock);
3988         tlink = tlink_rb_search(&cifs_sb->tlink_tree, fsuid);
3989         if (tlink)
3990                 cifs_get_tlink(tlink);
3991         spin_unlock(&cifs_sb->tlink_tree_lock);
3992
3993         if (tlink == NULL) {
3994                 newtlink = kzalloc(sizeof(*tlink), GFP_KERNEL);
3995                 if (newtlink == NULL)
3996                         return ERR_PTR(-ENOMEM);
3997                 newtlink->tl_uid = fsuid;
3998                 newtlink->tl_tcon = ERR_PTR(-EACCES);
3999                 set_bit(TCON_LINK_PENDING, &newtlink->tl_flags);
4000                 set_bit(TCON_LINK_IN_TREE, &newtlink->tl_flags);
4001                 cifs_get_tlink(newtlink);
4002
4003                 spin_lock(&cifs_sb->tlink_tree_lock);
4004                 /* was one inserted after previous search? */
4005                 tlink = tlink_rb_search(&cifs_sb->tlink_tree, fsuid);
4006                 if (tlink) {
4007                         cifs_get_tlink(tlink);
4008                         spin_unlock(&cifs_sb->tlink_tree_lock);
4009                         kfree(newtlink);
4010                         goto wait_for_construction;
4011                 }
4012                 tlink = newtlink;
4013                 tlink_rb_insert(&cifs_sb->tlink_tree, tlink);
4014                 spin_unlock(&cifs_sb->tlink_tree_lock);
4015         } else {
4016 wait_for_construction:
4017                 ret = wait_on_bit(&tlink->tl_flags, TCON_LINK_PENDING,
4018                                   cifs_sb_tcon_pending_wait,
4019                                   TASK_INTERRUPTIBLE);
4020                 if (ret) {
4021                         cifs_put_tlink(tlink);
4022                         return ERR_PTR(ret);
4023                 }
4024
4025                 /* if it's good, return it */
4026                 if (!IS_ERR(tlink->tl_tcon))
4027                         return tlink;
4028
4029                 /* return error if we tried this already recently */
4030                 if (time_before(jiffies, tlink->tl_time + TLINK_ERROR_EXPIRE)) {
4031                         cifs_put_tlink(tlink);
4032                         return ERR_PTR(-EACCES);
4033                 }
4034
4035                 if (test_and_set_bit(TCON_LINK_PENDING, &tlink->tl_flags))
4036                         goto wait_for_construction;
4037         }
4038
4039         tlink->tl_tcon = cifs_construct_tcon(cifs_sb, fsuid);
4040         clear_bit(TCON_LINK_PENDING, &tlink->tl_flags);
4041         wake_up_bit(&tlink->tl_flags, TCON_LINK_PENDING);
4042
4043         if (IS_ERR(tlink->tl_tcon)) {
4044                 cifs_put_tlink(tlink);
4045                 return ERR_PTR(-EACCES);
4046         }
4047
4048         return tlink;
4049 }
4050
4051 /*
4052  * periodic workqueue job that scans tcon_tree for a superblock and closes
4053  * out tcons.
4054  */
4055 static void
4056 cifs_prune_tlinks(struct work_struct *work)
4057 {
4058         struct cifs_sb_info *cifs_sb = container_of(work, struct cifs_sb_info,
4059                                                     prune_tlinks.work);
4060         struct rb_root *root = &cifs_sb->tlink_tree;
4061         struct rb_node *node = rb_first(root);
4062         struct rb_node *tmp;
4063         struct tcon_link *tlink;
4064
4065         /*
4066          * Because we drop the spinlock in the loop in order to put the tlink
4067          * it's not guarded against removal of links from the tree. The only
4068          * places that remove entries from the tree are this function and
4069          * umounts. Because this function is non-reentrant and is canceled
4070          * before umount can proceed, this is safe.
4071          */
4072         spin_lock(&cifs_sb->tlink_tree_lock);
4073         node = rb_first(root);
4074         while (node != NULL) {
4075                 tmp = node;
4076                 node = rb_next(tmp);
4077                 tlink = rb_entry(tmp, struct tcon_link, tl_rbnode);
4078
4079                 if (test_bit(TCON_LINK_MASTER, &tlink->tl_flags) ||
4080                     atomic_read(&tlink->tl_count) != 0 ||
4081                     time_after(tlink->tl_time + TLINK_IDLE_EXPIRE, jiffies))
4082                         continue;
4083
4084                 cifs_get_tlink(tlink);
4085                 clear_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
4086                 rb_erase(tmp, root);
4087
4088                 spin_unlock(&cifs_sb->tlink_tree_lock);
4089                 cifs_put_tlink(tlink);
4090                 spin_lock(&cifs_sb->tlink_tree_lock);
4091         }
4092         spin_unlock(&cifs_sb->tlink_tree_lock);
4093
4094         queue_delayed_work(system_nrt_wq, &cifs_sb->prune_tlinks,
4095                                 TLINK_IDLE_EXPIRE);
4096 }