1	// SPDX-License-Identifier: LGPL-2.1
2	/*
3	*
4	* Copyright (C) International Business Machines Corp., 2002,2011
5	* Author(s): Steve French (sfrench@us.ibm.com)
6	*
7	*/
8	#include <linux/fs.h>
9	#include <linux/net.h>
10	#include <linux/string.h>
11	#include <linux/sched/mm.h>
12	#include <linux/sched/signal.h>
13	#include <linux/list.h>
14	#include <linux/wait.h>
15	#include <linux/slab.h>
16	#include <linux/pagemap.h>
17	#include <linux/ctype.h>
18	#include <linux/utsname.h>
19	#include <linux/mempool.h>
20	#include <linux/delay.h>
21	#include <linux/completion.h>
22	#include <linux/kthread.h>
23	#include <linux/pagevec.h>
24	#include <linux/freezer.h>
25	#include <linux/namei.h>
26	#include <linux/uuid.h>
27	#include <linux/uaccess.h>
28	#include <asm/processor.h>
29	#include <linux/inet.h>
30	#include <linux/module.h>
31	#include <keys/user-type.h>
32	#include <net/ipv6.h>
33	#include <linux/parser.h>
34	#include <linux/bvec.h>
35	#include "cifspdu.h"
36	#include "cifsglob.h"
37	#include "cifsproto.h"
38	#include "cifs_unicode.h"
39	#include "cifs_debug.h"
40	#include "cifs_fs_sb.h"
41	#include "ntlmssp.h"
42	#include "nterr.h"
43	#include "rfc1002pdu.h"
44	#include "fscache.h"
45	#include "smb2proto.h"
46	#include "smbdirect.h"
47	#include "dns_resolve.h"
48	#ifdef CONFIG_CIFS_DFS_UPCALL
49	#include "dfs.h"
50	#include "dfs_cache.h"
51	#endif
52	#include "fs_context.h"
53	#include "cifs_swn.h"
54
55	/* FIXME: should these be tunable? */
56	#define TLINK_ERROR_EXPIRE (1 * HZ)
57	#define TLINK_IDLE_EXPIRE (600 * HZ)
58
59	/* Drop the connection to not overload the server */
60	#define MAX_STATUS_IO_TIMEOUT 5
61
62	static int ip_connect(struct TCP_Server_Info *server);
63	static int generic_ip_connect(struct TCP_Server_Info *server);
64	static void tlink_rb_insert(struct rb_root *root, struct tcon_link *new_tlink);
65	static void cifs_prune_tlinks(struct work_struct *work);
66
67	/*
68	* Resolve hostname and set ip addr in tcp ses. Useful for hostnames that may
69	* get their ip addresses changed at some point.
70	*
71	* This should be called with server->srv_mutex held.
72	*/
73	static int reconn_set_ipaddr_from_hostname(struct TCP_Server_Info *server)
74	{
75	struct sockaddr_storage ss;
76	int rc;
77
78	if (!server->hostname)
79	return -EINVAL;
80
81	/* if server hostname isn't populated, there's nothing to do here */
82	if (server->hostname[0] == '\0')
83	return 0;
84
85	spin_lock(lock: &server->srv_lock);
86	ss = server->dstaddr;
87	spin_unlock(lock: &server->srv_lock);
88
89	rc = dns_resolve_name(dom: server->dns_dom, name: server->hostname,
90	strlen(server->hostname),
91	ip_addr: (struct sockaddr *)&ss);
92	if (!rc) {
93	spin_lock(lock: &server->srv_lock);
94	memcpy(&server->dstaddr, &ss, sizeof(server->dstaddr));
95	spin_unlock(lock: &server->srv_lock);
96	}
97	return rc;
98	}
99
100	void smb2_query_server_interfaces(struct work_struct *work)
101	{
102	int rc;
103	int xid;
104	struct cifs_tcon *tcon = container_of(work,
105	struct cifs_tcon,
106	query_interfaces.work);
107	struct TCP_Server_Info *server = tcon->ses->server;
108
109	/*
110	* query server network interfaces, in case they change
111	*/
112	if (!server->ops->query_server_interfaces)
113	return;
114
115	xid = get_xid();
116	rc = server->ops->query_server_interfaces(xid, tcon, false);
117	free_xid(xid);
118
119	if (rc)
120	cifs_dbg(FYI, "%s: failed to query server interfaces: %d\n",
121	__func__, rc);
122
123	queue_delayed_work(wq: cifsiod_wq, dwork: &tcon->query_interfaces,
124	delay: (SMB_INTERFACE_POLL_INTERVAL * HZ));
125	}
126
127	#define set_need_reco(server) \
128	do { \
129	spin_lock(&server->srv_lock); \
130	if (server->tcpStatus != CifsExiting) \
131	server->tcpStatus = CifsNeedReconnect; \
132	spin_unlock(&server->srv_lock); \
133	} while (0)
134
135	/*
136	* Update the tcpStatus for the server.
137	* This is used to signal the cifsd thread to call cifs_reconnect
138	* ONLY cifsd thread should call cifs_reconnect. For any other
139	* thread, use this function
140	*
141	* @server: the tcp ses for which reconnect is needed
142	* @all_channels: if this needs to be done for all channels
143	*/
144	void
145	cifs_signal_cifsd_for_reconnect(struct TCP_Server_Info *server,
146	bool all_channels)
147	{
148	struct TCP_Server_Info *nserver;
149	struct cifs_ses *ses;
150	LIST_HEAD(reco);
151	int i;
152
153	/* if we need to signal just this channel */
154	if (!all_channels) {
155	set_need_reco(server);
156	return;
157	}
158
159	if (SERVER_IS_CHAN(server))
160	server = server->primary_server;
161	scoped_guard(spinlock, &cifs_tcp_ses_lock) {
162	set_need_reco(server);
163	list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
164	spin_lock(lock: &ses->ses_lock);
165	if (ses->ses_status == SES_EXITING) {
166	spin_unlock(lock: &ses->ses_lock);
167	continue;
168	}
169	spin_lock(lock: &ses->chan_lock);
170	for (i = 1; i < ses->chan_count; i++) {
171	nserver = ses->chans[i].server;
172	if (!nserver)
173	continue;
174	nserver->srv_count++;
175	list_add(new: &nserver->rlist, head: &reco);
176	}
177	spin_unlock(lock: &ses->chan_lock);
178	spin_unlock(lock: &ses->ses_lock);
179	}
180	}
181
182	list_for_each_entry_safe(server, nserver, &reco, rlist) {
183	list_del_init(entry: &server->rlist);
184	set_need_reco(server);
185	cifs_put_tcp_session(server, from_reconnect: 0);
186	}
187	}
188
189	/*
190	* Mark all sessions and tcons for reconnect.
191	* IMPORTANT: make sure that this gets called only from
192	* cifsd thread. For any other thread, use
193	* cifs_signal_cifsd_for_reconnect
194	*
195	* @server: the tcp ses for which reconnect is needed
196	* @server needs to be previously set to CifsNeedReconnect.
197	* @mark_smb_session: whether even sessions need to be marked
198	*/
199	void
200	cifs_mark_tcp_ses_conns_for_reconnect(struct TCP_Server_Info *server,
201	bool mark_smb_session)
202	{
203	struct TCP_Server_Info *pserver;
204	struct cifs_ses *ses, *nses;
205	struct cifs_tcon *tcon;
206
207	/*
208	* before reconnecting the tcp session, mark the smb session (uid) and the tid bad so they
209	* are not used until reconnected.
210	*/
211	cifs_dbg(FYI, "%s: marking necessary sessions and tcons for reconnect\n", __func__);
212
213	/* If server is a channel, select the primary channel */
214	pserver = SERVER_IS_CHAN(server) ? server->primary_server : server;
215
216	/*
217	* if the server has been marked for termination, there is a
218	* chance that the remaining channels all need reconnect. To be
219	* on the safer side, mark the session and trees for reconnect
220	* for this scenario. This might cause a few redundant session
221	* setup and tree connect requests, but it is better than not doing
222	* a tree connect when needed, and all following requests failing
223	*/
224	if (server->terminate) {
225	mark_smb_session = true;
226	server = pserver;
227	}
228
229	spin_lock(lock: &cifs_tcp_ses_lock);
230	list_for_each_entry_safe(ses, nses, &pserver->smb_ses_list, smb_ses_list) {
231	spin_lock(lock: &ses->ses_lock);
232	if (ses->ses_status == SES_EXITING) {
233	spin_unlock(lock: &ses->ses_lock);
234	continue;
235	}
236	spin_unlock(lock: &ses->ses_lock);
237
238	spin_lock(lock: &ses->chan_lock);
239	if (cifs_ses_get_chan_index(ses, server) ==
240	CIFS_INVAL_CHAN_INDEX) {
241	spin_unlock(lock: &ses->chan_lock);
242	continue;
243	}
244
245	if (!cifs_chan_is_iface_active(ses, server)) {
246	spin_unlock(lock: &ses->chan_lock);
247	cifs_chan_update_iface(ses, server);
248	spin_lock(lock: &ses->chan_lock);
249	}
250
251	if (!mark_smb_session && cifs_chan_needs_reconnect(ses, server)) {
252	spin_unlock(lock: &ses->chan_lock);
253	continue;
254	}
255
256	if (mark_smb_session)
257	CIFS_SET_ALL_CHANS_NEED_RECONNECT(ses);
258	else
259	cifs_chan_set_need_reconnect(ses, server);
260
261	cifs_dbg(FYI, "%s: channel connect bitmap: 0x%lx\n",
262	__func__, ses->chans_need_reconnect);
263
264	/* If all channels need reconnect, then tcon needs reconnect */
265	if (!mark_smb_session && !CIFS_ALL_CHANS_NEED_RECONNECT(ses)) {
266	spin_unlock(lock: &ses->chan_lock);
267	continue;
268	}
269	spin_unlock(lock: &ses->chan_lock);
270
271	spin_lock(lock: &ses->ses_lock);
272	ses->ses_status = SES_NEED_RECON;
273	spin_unlock(lock: &ses->ses_lock);
274
275	list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
276	tcon->need_reconnect = true;
277	spin_lock(lock: &tcon->tc_lock);
278	tcon->status = TID_NEED_RECON;
279	spin_unlock(lock: &tcon->tc_lock);
280
281	cancel_delayed_work(dwork: &tcon->query_interfaces);
282	}
283	if (ses->tcon_ipc) {
284	ses->tcon_ipc->need_reconnect = true;
285	spin_lock(lock: &ses->tcon_ipc->tc_lock);
286	ses->tcon_ipc->status = TID_NEED_RECON;
287	spin_unlock(lock: &ses->tcon_ipc->tc_lock);
288	}
289	}
290	spin_unlock(lock: &cifs_tcp_ses_lock);
291	}
292
293	static void
294	cifs_abort_connection(struct TCP_Server_Info *server)
295	{
296	struct mid_q_entry *mid, *nmid;
297	struct list_head retry_list;
298
299	server->maxBuf = 0;
300	server->max_read = 0;
301
302	/* do not want to be sending data on a socket we are freeing */
303	cifs_dbg(FYI, "%s: tearing down socket\n", __func__);
304	cifs_server_lock(server);
305	if (server->ssocket) {
306	cifs_dbg(FYI, "State: 0x%x Flags: 0x%lx\n", server->ssocket->state,
307	server->ssocket->flags);
308	kernel_sock_shutdown(sock: server->ssocket, how: SHUT_WR);
309	cifs_dbg(FYI, "Post shutdown state: 0x%x Flags: 0x%lx\n", server->ssocket->state,
310	server->ssocket->flags);
311	sock_release(sock: server->ssocket);
312	server->ssocket = NULL;
313	} else if (cifs_rdma_enabled(server)) {
314	smbd_destroy(server);
315	}
316	server->sequence_number = 0;
317	server->session_estab = false;
318	kfree_sensitive(objp: server->session_key.response);
319	server->session_key.response = NULL;
320	server->session_key.len = 0;
321	server->lstrp = jiffies;
322
323	/* mark submitted MIDs for retry and issue callback */
324	INIT_LIST_HEAD(list: &retry_list);
325	cifs_dbg(FYI, "%s: moving mids to private list\n", __func__);
326	spin_lock(lock: &server->mid_queue_lock);
327	list_for_each_entry_safe(mid, nmid, &server->pending_mid_q, qhead) {
328	smb_get_mid(mid);
329	if (mid->mid_state == MID_REQUEST_SUBMITTED)
330	mid->mid_state = MID_RETRY_NEEDED;
331	list_move(list: &mid->qhead, head: &retry_list);
332	mid->deleted_from_q = true;
333	}
334	spin_unlock(lock: &server->mid_queue_lock);
335	cifs_server_unlock(server);
336
337	cifs_dbg(FYI, "%s: issuing mid callbacks\n", __func__);
338	list_for_each_entry_safe(mid, nmid, &retry_list, qhead) {
339	list_del_init(entry: &mid->qhead);
340	mid_execute_callback(server, mid);
341	release_mid(server, mid);
342	}
343	}
344
345	static bool cifs_tcp_ses_needs_reconnect(struct TCP_Server_Info *server, int num_targets)
346	{
347	spin_lock(lock: &server->srv_lock);
348	server->nr_targets = num_targets;
349	if (server->tcpStatus == CifsExiting) {
350	/* the demux thread will exit normally next time through the loop */
351	spin_unlock(lock: &server->srv_lock);
352	wake_up(&server->response_q);
353	return false;
354	}
355
356	cifs_dbg(FYI, "Mark tcp session as need reconnect\n");
357	trace_smb3_reconnect(currmid: server->current_mid, conn_id: server->conn_id,
358	hostname: server->hostname);
359	server->tcpStatus = CifsNeedReconnect;
360
361	spin_unlock(lock: &server->srv_lock);
362	return true;
363	}
364
365	/*
366	* cifs tcp session reconnection
367	*
368	* mark tcp session as reconnecting so temporarily locked
369	* mark all smb sessions as reconnecting for tcp session
370	* reconnect tcp session
371	* wake up waiters on reconnection? - (not needed currently)
372	*
373	* if mark_smb_session is passed as true, unconditionally mark
374	* the smb session (and tcon) for reconnect as well. This value
375	* doesn't really matter for non-multichannel scenario.
376	*
377	*/
378	static int __cifs_reconnect(struct TCP_Server_Info *server,
379	bool mark_smb_session, bool once)
380	{
381	int rc = 0;
382
383	if (!cifs_tcp_ses_needs_reconnect(server, num_targets: 1))
384	return 0;
385
386	/*
387	* if smb session has been marked for reconnect, also reconnect all
388	* connections. This way, the other connections do not end up bad.
389	*/
390	if (mark_smb_session)
391	cifs_signal_cifsd_for_reconnect(server, all_channels: mark_smb_session);
392
393	cifs_mark_tcp_ses_conns_for_reconnect(server, mark_smb_session);
394
395	cifs_abort_connection(server);
396
397	do {
398	try_to_freeze();
399	cifs_server_lock(server);
400
401	if (!cifs_swn_set_server_dstaddr(server) &&
402	!SERVER_IS_CHAN(server)) {
403	/* resolve the hostname again to make sure that IP address is up-to-date */
404	rc = reconn_set_ipaddr_from_hostname(server);
405	cifs_dbg(FYI, "%s: reconn_set_ipaddr_from_hostname: rc=%d\n", __func__, rc);
406	}
407
408	if (cifs_rdma_enabled(server))
409	rc = smbd_reconnect(server);
410	else
411	rc = generic_ip_connect(server);
412	if (rc) {
413	cifs_server_unlock(server);
414	cifs_dbg(FYI, "%s: reconnect error %d\n", __func__, rc);
415	/* If was asked to reconnect only once, do not try it more times */
416	if (once)
417	break;
418	msleep(msecs: 3000);
419	} else {
420	atomic_inc(v: &tcpSesReconnectCount);
421	set_credits(server, val: 1);
422	spin_lock(lock: &server->srv_lock);
423	if (server->tcpStatus != CifsExiting)
424	server->tcpStatus = CifsNeedNegotiate;
425	spin_unlock(lock: &server->srv_lock);
426	cifs_swn_reset_server_dstaddr(server);
427	cifs_server_unlock(server);
428	cifs_queue_server_reconn(server);
429	}
430	} while (server->tcpStatus == CifsNeedReconnect);
431
432	spin_lock(lock: &server->srv_lock);
433	if (server->tcpStatus == CifsNeedNegotiate)
434	mod_delayed_work(wq: cifsiod_wq, dwork: &server->echo, delay: 0);
435	spin_unlock(lock: &server->srv_lock);
436
437	wake_up(&server->response_q);
438	return rc;
439	}
440
441	#ifdef CONFIG_CIFS_DFS_UPCALL
442	static int __reconnect_target_locked(struct TCP_Server_Info *server,
443	const char *target)
444	{
445	int rc;
446	char *hostname;
447
448	if (!cifs_swn_set_server_dstaddr(server)) {
449	if (server->hostname != target) {
450	hostname = extract_hostname(unc: target);
451	if (!IS_ERR(ptr: hostname)) {
452	spin_lock(lock: &server->srv_lock);
453	kfree(objp: server->hostname);
454	server->hostname = hostname;
455	spin_unlock(lock: &server->srv_lock);
456	} else {
457	cifs_dbg(FYI, "%s: couldn't extract hostname or address from dfs target: %ld\n",
458	__func__, PTR_ERR(hostname));
459	cifs_dbg(FYI, "%s: default to last target server: %s\n", __func__,
460	server->hostname);
461	}
462	}
463	/* resolve the hostname again to make sure that IP address is up-to-date. */
464	rc = reconn_set_ipaddr_from_hostname(server);
465	cifs_dbg(FYI, "%s: reconn_set_ipaddr_from_hostname: rc=%d\n", __func__, rc);
466	}
467	/* Reconnect the socket */
468	if (cifs_rdma_enabled(server))
469	rc = smbd_reconnect(server);
470	else
471	rc = generic_ip_connect(server);
472
473	return rc;
474	}
475
476	static int reconnect_target_locked(struct TCP_Server_Info *server,
477	struct dfs_cache_tgt_list *tl,
478	struct dfs_cache_tgt_iterator **target_hint)
479	{
480	struct dfs_cache_tgt_iterator *tit;
481	int rc;
482
483	*target_hint = NULL;
484
485	/* If dfs target list is empty, then reconnect to last server */
486	tit = dfs_cache_get_tgt_iterator(tl);
487	if (!tit)
488	return __reconnect_target_locked(server, target: server->hostname);
489
490	/* Otherwise, try every dfs target in @tl */
491	do {
492	const char *target = dfs_cache_get_tgt_name(it: tit);
493
494	spin_lock(lock: &server->srv_lock);
495	if (server->tcpStatus != CifsNeedReconnect) {
496	spin_unlock(lock: &server->srv_lock);
497	return -ECONNRESET;
498	}
499	spin_unlock(lock: &server->srv_lock);
500	rc = __reconnect_target_locked(server, target);
501	if (!rc) {
502	*target_hint = tit;
503	break;
504	}
505	} while ((tit = dfs_cache_get_next_tgt(tl, it: tit)));
506	return rc;
507	}
508
509	static int reconnect_dfs_server(struct TCP_Server_Info *server)
510	{
511	struct dfs_cache_tgt_iterator *target_hint = NULL;
512	const char *ref_path = server->leaf_fullpath + 1;
513	DFS_CACHE_TGT_LIST(tl);
514	int num_targets = 0;
515	int rc = 0;
516
517	/*
518	* Determine the number of dfs targets the referral path in @cifs_sb resolves to.
519	*
520	* smb2_reconnect() needs to know how long it should wait based upon the number of dfs
521	* targets (server->nr_targets). It's also possible that the cached referral was cleared
522	* through /proc/fs/cifs/dfscache or the target list is empty due to server settings after
523	* refreshing the referral, so, in this case, default it to 1.
524	*/
525	if (!dfs_cache_noreq_find(path: ref_path, NULL, tgt_list: &tl))
526	num_targets = dfs_cache_get_nr_tgts(tl: &tl);
527	if (!num_targets)
528	num_targets = 1;
529
530	if (!cifs_tcp_ses_needs_reconnect(server, num_targets))
531	return 0;
532
533	/*
534	* Unconditionally mark all sessions & tcons for reconnect as we might be connecting to a
535	* different server or share during failover. It could be improved by adding some logic to
536	* only do that in case it connects to a different server or share, though.
537	*/
538	cifs_mark_tcp_ses_conns_for_reconnect(server, mark_smb_session: true);
539
540	cifs_abort_connection(server);
541
542	do {
543	try_to_freeze();
544	cifs_server_lock(server);
545
546	rc = reconnect_target_locked(server, tl: &tl, target_hint: &target_hint);
547	if (rc) {
548	/* Failed to reconnect socket */
549	cifs_server_unlock(server);
550	cifs_dbg(FYI, "%s: reconnect error %d\n", __func__, rc);
551	msleep(msecs: 3000);
552	continue;
553	}
554	/*
555	* Socket was created. Update tcp session status to CifsNeedNegotiate so that a
556	* process waiting for reconnect will know it needs to re-establish session and tcon
557	* through the reconnected target server.
558	*/
559	atomic_inc(v: &tcpSesReconnectCount);
560	set_credits(server, val: 1);
561	spin_lock(lock: &server->srv_lock);
562	if (server->tcpStatus != CifsExiting)
563	server->tcpStatus = CifsNeedNegotiate;
564	spin_unlock(lock: &server->srv_lock);
565	cifs_swn_reset_server_dstaddr(server);
566	cifs_server_unlock(server);
567	cifs_queue_server_reconn(server);
568	} while (server->tcpStatus == CifsNeedReconnect);
569
570	dfs_cache_noreq_update_tgthint(path: ref_path, it: target_hint);
571	dfs_cache_free_tgts(tl: &tl);
572
573	/* Need to set up echo worker again once connection has been established */
574	spin_lock(lock: &server->srv_lock);
575	if (server->tcpStatus == CifsNeedNegotiate)
576	mod_delayed_work(wq: cifsiod_wq, dwork: &server->echo, delay: 0);
577	spin_unlock(lock: &server->srv_lock);
578
579	wake_up(&server->response_q);
580	return rc;
581	}
582
583	static int
584	_cifs_reconnect(struct TCP_Server_Info *server, bool mark_smb_session, bool once)
585	{
586	if (!server->leaf_fullpath)
587	return __cifs_reconnect(server, mark_smb_session, once);
588	return reconnect_dfs_server(server);
589	}
590	#else
591	static int
592	_cifs_reconnect(struct TCP_Server_Info *server, bool mark_smb_session, bool once)
593	{
594	return __cifs_reconnect(server, mark_smb_session, once);
595	}
596	#endif
597
598	int
599	cifs_reconnect(struct TCP_Server_Info *server, bool mark_smb_session)
600	{
601	return _cifs_reconnect(server, mark_smb_session, once: false);
602	}
603
604	static int
605	cifs_reconnect_once(struct TCP_Server_Info *server)
606	{
607	return _cifs_reconnect(server, mark_smb_session: true, once: true);
608	}
609
610	static void
611	cifs_echo_request(struct work_struct *work)
612	{
613	int rc;
614	struct TCP_Server_Info *server = container_of(work,
615	struct TCP_Server_Info, echo.work);
616
617	/*
618	* We cannot send an echo if it is disabled.
619	* Also, no need to ping if we got a response recently.
620	*/
621
622	if (server->tcpStatus == CifsNeedReconnect ||
623	server->tcpStatus == CifsExiting ||
624	server->tcpStatus == CifsNew ||
625	(server->ops->can_echo && !server->ops->can_echo(server)) ||
626	time_before(jiffies, server->lstrp + server->echo_interval - HZ))
627	goto requeue_echo;
628
629	rc = server->ops->echo ? server->ops->echo(server) : -ENOSYS;
630	cifs_server_dbg(FYI, "send echo request: rc = %d\n", rc);
631
632	/* Check witness registrations */
633	cifs_swn_check();
634
635	requeue_echo:
636	queue_delayed_work(wq: cifsiod_wq, dwork: &server->echo, delay: server->echo_interval);
637	}
638
639	static bool
640	allocate_buffers(struct TCP_Server_Info *server)
641	{
642	if (!server->bigbuf) {
643	server->bigbuf = (char *)cifs_buf_get();
644	if (!server->bigbuf) {
645	cifs_server_dbg(VFS, "No memory for large SMB response\n");
646	msleep(msecs: 3000);
647	/* retry will check if exiting */
648	return false;
649	}
650	} else if (server->large_buf) {
651	/* we are reusing a dirty large buf, clear its start */
652	memset(server->bigbuf, 0, HEADER_SIZE(server));
653	}
654
655	if (!server->smallbuf) {
656	server->smallbuf = (char *)cifs_small_buf_get();
657	if (!server->smallbuf) {
658	cifs_server_dbg(VFS, "No memory for SMB response\n");
659	msleep(msecs: 1000);
660	/* retry will check if exiting */
661	return false;
662	}
663	/* beginning of smb buffer is cleared in our buf_get */
664	} else {
665	/* if existing small buf clear beginning */
666	memset(server->smallbuf, 0, HEADER_SIZE(server));
667	}
668
669	return true;
670	}
671
672	static bool
673	server_unresponsive(struct TCP_Server_Info *server)
674	{
675	/*
676	* If we're in the process of mounting a share or reconnecting a session
677	* and the server abruptly shut down (e.g. socket wasn't closed, packet
678	* had been ACK'ed but no SMB response), don't wait longer than 20s from
679	* when negotiate actually started.
680	*/
681	spin_lock(lock: &server->srv_lock);
682	if (server->tcpStatus == CifsInNegotiate &&
683	time_after(jiffies, server->neg_start + 20 * HZ)) {
684	spin_unlock(lock: &server->srv_lock);
685	cifs_reconnect(server, mark_smb_session: false);
686	return true;
687	}
688	/*
689	* We need to wait 3 echo intervals to make sure we handle such
690	* situations right:
691	* 1s client sends a normal SMB request
692	* 2s client gets a response
693	* 30s echo workqueue job pops, and decides we got a response recently
694	* and don't need to send another
695	* ...
696	* 65s kernel_recvmsg times out, and we see that we haven't gotten
697	* a response in >60s.
698	*/
699	if ((server->tcpStatus == CifsGood ||
700	server->tcpStatus == CifsNeedNegotiate) &&
701	(!server->ops->can_echo || server->ops->can_echo(server)) &&
702	time_after(jiffies, server->lstrp + 3 * server->echo_interval)) {
703	spin_unlock(lock: &server->srv_lock);
704	cifs_server_dbg(VFS, "has not responded in %lu seconds. Reconnecting...\n",
705	(3 * server->echo_interval) / HZ);
706	cifs_reconnect(server, mark_smb_session: false);
707	return true;
708	}
709	spin_unlock(lock: &server->srv_lock);
710
711	return false;
712	}
713
714	static inline bool
715	zero_credits(struct TCP_Server_Info *server)
716	{
717	int val;
718
719	spin_lock(lock: &server->req_lock);
720	val = server->credits + server->echo_credits + server->oplock_credits;
721	if (server->in_flight == 0 && val == 0) {
722	spin_unlock(lock: &server->req_lock);
723	return true;
724	}
725	spin_unlock(lock: &server->req_lock);
726	return false;
727	}
728
729	static int
730	cifs_readv_from_socket(struct TCP_Server_Info *server, struct msghdr *smb_msg)
731	{
732	int length = 0;
733	int total_read;
734
735	for (total_read = 0; msg_data_left(msg: smb_msg); total_read += length) {
736	try_to_freeze();
737
738	/* reconnect if no credits and no requests in flight */
739	if (zero_credits(server)) {
740	cifs_reconnect(server, mark_smb_session: false);
741	return -ECONNABORTED;
742	}
743
744	if (server_unresponsive(server))
745	return -ECONNABORTED;
746	if (cifs_rdma_enabled(server) && server->smbd_conn)
747	length = smbd_recv(info: server->smbd_conn, msg: smb_msg);
748	else
749	length = sock_recvmsg(sock: server->ssocket, msg: smb_msg, flags: 0);
750
751	spin_lock(lock: &server->srv_lock);
752	if (server->tcpStatus == CifsExiting) {
753	spin_unlock(lock: &server->srv_lock);
754	return -ESHUTDOWN;
755	}
756
757	if (server->tcpStatus == CifsNeedReconnect) {
758	spin_unlock(lock: &server->srv_lock);
759	cifs_reconnect(server, mark_smb_session: false);
760	return -ECONNABORTED;
761	}
762	spin_unlock(lock: &server->srv_lock);
763
764	if (length == -ERESTARTSYS ||
765	length == -EAGAIN ||
766	length == -EINTR) {
767	/*
768	* Minimum sleep to prevent looping, allowing socket
769	* to clear and app threads to set tcpStatus
770	* CifsNeedReconnect if server hung.
771	*/
772	usleep_range(min: 1000, max: 2000);
773	length = 0;
774	continue;
775	}
776
777	if (length <= 0) {
778	cifs_dbg(FYI, "Received no data or error: %d\n", length);
779	cifs_reconnect(server, mark_smb_session: false);
780	return -ECONNABORTED;
781	}
782	}
783	return total_read;
784	}
785
786	int
787	cifs_read_from_socket(struct TCP_Server_Info *server, char *buf,
788	unsigned int to_read)
789	{
790	struct msghdr smb_msg = {};
791	struct kvec iov = {.iov_base = buf, .iov_len = to_read};
792
793	iov_iter_kvec(i: &smb_msg.msg_iter, ITER_DEST, kvec: &iov, nr_segs: 1, count: to_read);
794
795	return cifs_readv_from_socket(server, smb_msg: &smb_msg);
796	}
797
798	ssize_t
799	cifs_discard_from_socket(struct TCP_Server_Info *server, size_t to_read)
800	{
801	struct msghdr smb_msg = {};
802
803	/*
804	* iov_iter_discard already sets smb_msg.type and count and iov_offset
805	* and cifs_readv_from_socket sets msg_control and msg_controllen
806	* so little to initialize in struct msghdr
807	*/
808	iov_iter_discard(i: &smb_msg.msg_iter, ITER_DEST, count: to_read);
809
810	return cifs_readv_from_socket(server, smb_msg: &smb_msg);
811	}
812
813	int
814	cifs_read_iter_from_socket(struct TCP_Server_Info *server, struct iov_iter *iter,
815	unsigned int to_read)
816	{
817	struct msghdr smb_msg = { .msg_iter = *iter };
818
819	iov_iter_truncate(i: &smb_msg.msg_iter, count: to_read);
820	return cifs_readv_from_socket(server, smb_msg: &smb_msg);
821	}
822
823	static bool
824	is_smb_response(struct TCP_Server_Info *server, unsigned char type)
825	{
826	/*
827	* The first byte big endian of the length field,
828	* is actually not part of the length but the type
829	* with the most common, zero, as regular data.
830	*/
831	switch (type) {
832	case RFC1002_SESSION_MESSAGE:
833	/* Regular SMB response */
834	return true;
835	case RFC1002_SESSION_KEEP_ALIVE:
836	/*
837	* RFC 1002 session keep alive can sent by the server only when
838	* we established a RFC 1002 session. But Samba servers send
839	* RFC 1002 session keep alive also over port 445 on which
840	* RFC 1002 session is not established.
841	*/
842	cifs_dbg(FYI, "RFC 1002 session keep alive\n");
843	break;
844	case RFC1002_POSITIVE_SESSION_RESPONSE:
845	/*
846	* RFC 1002 positive session response cannot be returned
847	* for SMB request. RFC 1002 session response is handled
848	* exclusively in ip_rfc1001_connect() function.
849	*/
850	cifs_server_dbg(VFS, "RFC 1002 positive session response (unexpected)\n");
851	cifs_reconnect(server, mark_smb_session: true);
852	break;
853	case RFC1002_NEGATIVE_SESSION_RESPONSE:
854	/*
855	* We get this from Windows 98 instead of an error on
856	* SMB negprot response, when we have not established
857	* RFC 1002 session (which means ip_rfc1001_connect()
858	* was skipped). Note that same still happens with
859	* Windows Server 2022 when connecting via port 139.
860	* So for this case when mount option -o nonbsessinit
861	* was not specified, try to reconnect with establishing
862	* RFC 1002 session. If new socket establishment with
863	* RFC 1002 session was successful then return to the
864	* mid's caller -EAGAIN, so it can retry the request.
865	*/
866	if (!cifs_rdma_enabled(server) &&
867	server->tcpStatus == CifsInNegotiate &&
868	!server->with_rfc1001 &&
869	server->rfc1001_sessinit != 0) {
870	int rc, mid_rc;
871	struct mid_q_entry *mid, *nmid;
872	LIST_HEAD(dispose_list);
873
874	cifs_dbg(FYI, "RFC 1002 negative session response during SMB Negotiate, retrying with NetBIOS session\n");
875
876	/*
877	* Before reconnect, delete all pending mids for this
878	* server, so reconnect would not signal connection
879	* aborted error to mid's callbacks. Note that for this
880	* server there should be exactly one pending mid
881	* corresponding to SMB1/SMB2 Negotiate packet.
882	*/
883	spin_lock(lock: &server->mid_queue_lock);
884	list_for_each_entry_safe(mid, nmid, &server->pending_mid_q, qhead) {
885	smb_get_mid(mid);
886	list_move(list: &mid->qhead, head: &dispose_list);
887	mid->deleted_from_q = true;
888	}
889	spin_unlock(lock: &server->mid_queue_lock);
890
891	/* Now try to reconnect once with NetBIOS session. */
892	server->with_rfc1001 = true;
893	rc = cifs_reconnect_once(server);
894
895	/*
896	* If reconnect was successful then indicate -EAGAIN
897	* to mid's caller. If reconnect failed with -EAGAIN
898	* then mask it as -EHOSTDOWN, so mid's caller would
899	* know that it failed.
900	*/
901	if (rc == 0)
902	mid_rc = -EAGAIN;
903	else if (rc == -EAGAIN)
904	mid_rc = -EHOSTDOWN;
905	else
906	mid_rc = rc;
907
908	/*
909	* After reconnect (either successful or unsuccessful)
910	* deliver reconnect status to mid's caller via mid's
911	* callback. Use MID_RC state which indicates that the
912	* return code should be read from mid_rc member.
913	*/
914	list_for_each_entry_safe(mid, nmid, &dispose_list, qhead) {
915	list_del_init(entry: &mid->qhead);
916	mid->mid_rc = mid_rc;
917	mid->mid_state = MID_RC;
918	mid_execute_callback(server, mid);
919	release_mid(server, mid);
920	}
921
922	/*
923	* If reconnect failed then wait two seconds. In most
924	* cases we were been called from the mount context and
925	* delivered failure to mid's callback will stop this
926	* receiver task thread and fails the mount process.
927	* So wait two seconds to prevent another reconnect
928	* in this task thread, which would be useless as the
929	* mount context will fail at all.
930	*/
931	if (rc != 0)
932	msleep(msecs: 2000);
933	} else {
934	cifs_server_dbg(VFS, "RFC 1002 negative session response (unexpected)\n");
935	cifs_reconnect(server, mark_smb_session: true);
936	}
937	break;
938	case RFC1002_RETARGET_SESSION_RESPONSE:
939	cifs_server_dbg(VFS, "RFC 1002 retarget session response (unexpected)\n");
940	cifs_reconnect(server, mark_smb_session: true);
941	break;
942	default:
943	cifs_server_dbg(VFS, "RFC 1002 unknown response type 0x%x\n", type);
944	cifs_reconnect(server, mark_smb_session: true);
945	}
946
947	return false;
948	}
949
950	void
951	dequeue_mid(struct TCP_Server_Info *server, struct mid_q_entry *mid, bool malformed)
952	{
953	#ifdef CONFIG_CIFS_STATS2
954	mid->when_received = jiffies;
955	#endif
956	spin_lock(lock: &server->mid_queue_lock);
957	if (!malformed)
958	mid->mid_state = MID_RESPONSE_RECEIVED;
959	else
960	mid->mid_state = MID_RESPONSE_MALFORMED;
961	/*
962	* Trying to handle/dequeue a mid after the send_recv()
963	* function has finished processing it is a bug.
964	*/
965	if (mid->deleted_from_q == true) {
966	spin_unlock(lock: &server->mid_queue_lock);
967	pr_warn_once("trying to dequeue a deleted mid\n");
968	} else {
969	list_del_init(entry: &mid->qhead);
970	mid->deleted_from_q = true;
971	spin_unlock(lock: &server->mid_queue_lock);
972	}
973	}
974
975	static unsigned int
976	smb2_get_credits_from_hdr(char *buffer, struct TCP_Server_Info *server)
977	{
978	struct smb2_hdr *shdr = (struct smb2_hdr *)buffer;
979
980	/*
981	* SMB1 does not use credits.
982	*/
983	if (is_smb1(server))
984	return 0;
985
986	return le16_to_cpu(shdr->CreditRequest);
987	}
988
989	static void
990	handle_mid(struct mid_q_entry *mid, struct TCP_Server_Info *server,
991	char *buf, int malformed)
992	{
993	if (server->ops->check_trans2 &&
994	server->ops->check_trans2(mid, server, buf, malformed))
995	return;
996	mid->credits_received = smb2_get_credits_from_hdr(buffer: buf, server);
997	mid->resp_buf = buf;
998	mid->large_buf = server->large_buf;
999	/* Was previous buf put in mpx struct for multi-rsp? */
1000	if (!mid->multiRsp) {
1001	/* smb buffer will be freed by user thread */
1002	if (server->large_buf)
1003	server->bigbuf = NULL;
1004	else
1005	server->smallbuf = NULL;
1006	}
1007	dequeue_mid(server, mid, malformed);
1008	}
1009
1010	int
1011	cifs_enable_signing(struct TCP_Server_Info *server, bool mnt_sign_required)
1012	{
1013	bool srv_sign_required = server->sec_mode & server->vals->signing_required;
1014	bool srv_sign_enabled = server->sec_mode & server->vals->signing_enabled;
1015	bool mnt_sign_enabled;
1016
1017	/*
1018	* Is signing required by mnt options? If not then check
1019	* global_secflags to see if it is there.
1020	*/
1021	if (!mnt_sign_required)
1022	mnt_sign_required = ((global_secflags & CIFSSEC_MUST_SIGN) ==
1023	CIFSSEC_MUST_SIGN);
1024
1025	/*
1026	* If signing is required then it's automatically enabled too,
1027	* otherwise, check to see if the secflags allow it.
1028	*/
1029	mnt_sign_enabled = mnt_sign_required ? mnt_sign_required :
1030	(global_secflags & CIFSSEC_MAY_SIGN);
1031
1032	/* If server requires signing, does client allow it? */
1033	if (srv_sign_required) {
1034	if (!mnt_sign_enabled) {
1035	cifs_dbg(VFS, "Server requires signing, but it's disabled in SecurityFlags!\n");
1036	return -EOPNOTSUPP;
1037	}
1038	server->sign = true;
1039	}
1040
1041	/* If client requires signing, does server allow it? */
1042	if (mnt_sign_required) {
1043	if (!srv_sign_enabled) {
1044	cifs_dbg(VFS, "Server does not support signing!\n");
1045	return -EOPNOTSUPP;
1046	}
1047	server->sign = true;
1048	}
1049
1050	if (cifs_rdma_enabled(server) && server->sign)
1051	cifs_dbg(VFS, "Signing is enabled, and RDMA read/write will be disabled\n");
1052
1053	return 0;
1054	}
1055
1056	static noinline_for_stack void
1057	clean_demultiplex_info(struct TCP_Server_Info *server)
1058	{
1059	int length;
1060
1061	/* take it off the list, if it's not already */
1062	spin_lock(lock: &server->srv_lock);
1063	list_del_init(entry: &server->tcp_ses_list);
1064	spin_unlock(lock: &server->srv_lock);
1065
1066	cancel_delayed_work_sync(dwork: &server->echo);
1067
1068	spin_lock(lock: &server->srv_lock);
1069	server->tcpStatus = CifsExiting;
1070	spin_unlock(lock: &server->srv_lock);
1071	wake_up_all(&server->response_q);
1072
1073	/* check if we have blocked requests that need to free */
1074	spin_lock(lock: &server->req_lock);
1075	if (server->credits <= 0)
1076	server->credits = 1;
1077	spin_unlock(lock: &server->req_lock);
1078	/*
1079	* Although there should not be any requests blocked on this queue it
1080	* can not hurt to be paranoid and try to wake up requests that may
1081	* haven been blocked when more than 50 at time were on the wire to the
1082	* same server - they now will see the session is in exit state and get
1083	* out of SendReceive.
1084	*/
1085	wake_up_all(&server->request_q);
1086	/* give those requests time to exit */
1087	msleep(msecs: 125);
1088	if (cifs_rdma_enabled(server))
1089	smbd_destroy(server);
1090	if (server->ssocket) {
1091	sock_release(sock: server->ssocket);
1092	server->ssocket = NULL;
1093	}
1094
1095	if (!list_empty(head: &server->pending_mid_q)) {
1096	struct mid_q_entry *mid_entry;
1097	struct list_head *tmp, *tmp2;
1098	LIST_HEAD(dispose_list);
1099
1100	spin_lock(lock: &server->mid_queue_lock);
1101	list_for_each_safe(tmp, tmp2, &server->pending_mid_q) {
1102	mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
1103	cifs_dbg(FYI, "Clearing mid %llu\n", mid_entry->mid);
1104	smb_get_mid(mid: mid_entry);
1105	mid_entry->mid_state = MID_SHUTDOWN;
1106	list_move(list: &mid_entry->qhead, head: &dispose_list);
1107	mid_entry->deleted_from_q = true;
1108	}
1109	spin_unlock(lock: &server->mid_queue_lock);
1110
1111	/* now walk dispose list and issue callbacks */
1112	list_for_each_safe(tmp, tmp2, &dispose_list) {
1113	mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
1114	cifs_dbg(FYI, "Callback mid %llu\n", mid_entry->mid);
1115	list_del_init(entry: &mid_entry->qhead);
1116	mid_execute_callback(server, mid: mid_entry);
1117	release_mid(server, mid: mid_entry);
1118	}
1119	/* 1/8th of sec is more than enough time for them to exit */
1120	msleep(msecs: 125);
1121	}
1122
1123	if (!list_empty(head: &server->pending_mid_q)) {
1124	/*
1125	* mpx threads have not exited yet give them at least the smb
1126	* send timeout time for long ops.
1127	*
1128	* Due to delays on oplock break requests, we need to wait at
1129	* least 45 seconds before giving up on a request getting a
1130	* response and going ahead and killing cifsd.
1131	*/
1132	cifs_dbg(FYI, "Wait for exit from demultiplex thread\n");
1133	msleep(msecs: 46000);
1134	/*
1135	* If threads still have not exited they are probably never
1136	* coming home not much else we can do but free the memory.
1137	*/
1138	}
1139
1140	put_net(net: cifs_net_ns(srv: server));
1141	kfree(objp: server->leaf_fullpath);
1142	kfree(objp: server->hostname);
1143	kfree(objp: server);
1144
1145	length = atomic_dec_return(v: &tcpSesAllocCount);
1146	if (length > 0)
1147	mempool_resize(pool: cifs_req_poolp, new_min_nr: length + cifs_min_rcv);
1148	}
1149
1150	static int
1151	standard_receive3(struct TCP_Server_Info *server, struct mid_q_entry *mid)
1152	{
1153	int length;
1154	char *buf = server->smallbuf;
1155	unsigned int pdu_length = server->pdu_size;
1156
1157	/* make sure this will fit in a large buffer */
1158	if (pdu_length > CIFSMaxBufSize + MAX_HEADER_SIZE(server)) {
1159	cifs_server_dbg(VFS, "SMB response too long (%u bytes)\n", pdu_length);
1160	cifs_reconnect(server, mark_smb_session: true);
1161	return -ECONNABORTED;
1162	}
1163
1164	/* switch to large buffer if too big for a small one */
1165	if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE) {
1166	server->large_buf = true;
1167	memcpy(server->bigbuf, buf, server->total_read);
1168	buf = server->bigbuf;
1169	}
1170
1171	/* now read the rest */
1172	length = cifs_read_from_socket(server, buf: buf + HEADER_SIZE(server) - 1,
1173	to_read: pdu_length - MID_HEADER_SIZE(server));
1174
1175	if (length < 0)
1176	return length;
1177	server->total_read += length;
1178
1179	dump_smb(buf, smb_buf_length: server->total_read);
1180
1181	return cifs_handle_standard(server, mid);
1182	}
1183
1184	int
1185	cifs_handle_standard(struct TCP_Server_Info *server, struct mid_q_entry *mid)
1186	{
1187	char *buf = server->large_buf ? server->bigbuf : server->smallbuf;
1188	int rc;
1189
1190	/*
1191	* We know that we received enough to get to the MID as we
1192	* checked the pdu_length earlier. Now check to see
1193	* if the rest of the header is OK.
1194	*
1195	* 48 bytes is enough to display the header and a little bit
1196	* into the payload for debugging purposes.
1197	*/
1198	rc = server->ops->check_message(buf, server->pdu_size,
1199	server->total_read, server);
1200	if (rc)
1201	cifs_dump_mem(label: "Bad SMB: ", data: buf,
1202	min_t(unsigned int, server->total_read, 48));
1203
1204	if (server->ops->is_session_expired &&
1205	server->ops->is_session_expired(buf)) {
1206	cifs_reconnect(server, mark_smb_session: true);
1207	return -1;
1208	}
1209
1210	if (server->ops->is_status_pending &&
1211	server->ops->is_status_pending(buf, server))
1212	return -1;
1213
1214	if (!mid)
1215	return rc;
1216
1217	handle_mid(mid, server, buf, malformed: rc);
1218	return 0;
1219	}
1220
1221	static void
1222	smb2_add_credits_from_hdr(char *buffer, struct TCP_Server_Info *server)
1223	{
1224	struct smb2_hdr *shdr = (struct smb2_hdr *)buffer;
1225	int scredits, in_flight;
1226
1227	/*
1228	* SMB1 does not use credits.
1229	*/
1230	if (is_smb1(server))
1231	return;
1232
1233	if (shdr->CreditRequest) {
1234	spin_lock(lock: &server->req_lock);
1235	server->credits += le16_to_cpu(shdr->CreditRequest);
1236	scredits = server->credits;
1237	in_flight = server->in_flight;
1238	spin_unlock(lock: &server->req_lock);
1239	wake_up(&server->request_q);
1240
1241	trace_smb3_hdr_credits(currmid: server->current_mid,
1242	conn_id: server->conn_id, hostname: server->hostname, credits: scredits,
1243	le16_to_cpu(shdr->CreditRequest), in_flight);
1244	cifs_server_dbg(FYI, "%s: added %u credits total=%d\n",
1245	__func__, le16_to_cpu(shdr->CreditRequest),
1246	scredits);
1247	}
1248	}
1249
1250
1251	static int
1252	cifs_demultiplex_thread(void *p)
1253	{
1254	int i, num_mids, length;
1255	struct TCP_Server_Info *server = p;
1256	unsigned int pdu_length;
1257	unsigned int next_offset;
1258	char *buf = NULL;
1259	struct task_struct *task_to_wake = NULL;
1260	struct mid_q_entry *mids[MAX_COMPOUND];
1261	char *bufs[MAX_COMPOUND];
1262	unsigned int noreclaim_flag, num_io_timeout = 0;
1263	bool pending_reconnect = false;
1264
1265	noreclaim_flag = memalloc_noreclaim_save();
1266	cifs_dbg(FYI, "Demultiplex PID: %d\n", task_pid_nr(current));
1267
1268	length = atomic_inc_return(v: &tcpSesAllocCount);
1269	if (length > 1)
1270	mempool_resize(pool: cifs_req_poolp, new_min_nr: length + cifs_min_rcv);
1271
1272	set_freezable();
1273	allow_kernel_signal(SIGKILL);
1274	while (server->tcpStatus != CifsExiting) {
1275	if (try_to_freeze())
1276	continue;
1277
1278	if (!allocate_buffers(server))
1279	continue;
1280
1281	server->large_buf = false;
1282	buf = server->smallbuf;
1283	pdu_length = 4; /* enough to get RFC1001 header */
1284
1285	length = cifs_read_from_socket(server, buf, to_read: pdu_length);
1286	if (length < 0)
1287	continue;
1288
1289	server->total_read = 0;
1290
1291	/*
1292	* The right amount was read from socket - 4 bytes,
1293	* so we can now interpret the length field.
1294	*/
1295	pdu_length = be32_to_cpup(p: ((__be32 *)buf)) & 0xffffff;
1296
1297	cifs_dbg(FYI, "RFC1002 header 0x%x\n", pdu_length);
1298	if (!is_smb_response(server, type: buf[0]))
1299	continue;
1300
1301	pending_reconnect = false;
1302	next_pdu:
1303	server->pdu_size = pdu_length;
1304
1305	/* make sure we have enough to get to the MID */
1306	if (server->pdu_size < MID_HEADER_SIZE(server)) {
1307	cifs_server_dbg(VFS, "SMB response too short (%u bytes)\n",
1308	server->pdu_size);
1309	cifs_reconnect(server, mark_smb_session: true);
1310	continue;
1311	}
1312
1313	/* read down to the MID */
1314	length = cifs_read_from_socket(server, buf,
1315	MID_HEADER_SIZE(server));
1316	if (length < 0)
1317	continue;
1318	server->total_read += length;
1319
1320	if (server->ops->next_header) {
1321	if (server->ops->next_header(server, buf, &next_offset)) {
1322	cifs_dbg(VFS, "%s: malformed response (next_offset=%u)\n",
1323	__func__, next_offset);
1324	cifs_reconnect(server, mark_smb_session: true);
1325	continue;
1326	}
1327	if (next_offset)
1328	server->pdu_size = next_offset;
1329	}
1330
1331	memset(mids, 0, sizeof(mids));
1332	memset(bufs, 0, sizeof(bufs));
1333	num_mids = 0;
1334
1335	if (server->ops->is_transform_hdr &&
1336	server->ops->receive_transform &&
1337	server->ops->is_transform_hdr(buf)) {
1338	length = server->ops->receive_transform(server,
1339	mids,
1340	bufs,
1341	&num_mids);
1342	} else {
1343	mids[0] = server->ops->find_mid(server, buf);
1344	bufs[0] = buf;
1345	num_mids = 1;
1346
1347	if (mids[0])
1348	mids[0]->response_pdu_len = pdu_length;
1349	if (!mids[0] || !mids[0]->receive)
1350	length = standard_receive3(server, mid: mids[0]);
1351	else
1352	length = mids[0]->receive(server, mids[0]);
1353	}
1354
1355	if (length < 0) {
1356	for (i = 0; i < num_mids; i++)
1357	if (mids[i])
1358	release_mid(server, mid: mids[i]);
1359	continue;
1360	}
1361
1362	if (server->ops->is_status_io_timeout &&
1363	server->ops->is_status_io_timeout(buf)) {
1364	num_io_timeout++;
1365	if (num_io_timeout > MAX_STATUS_IO_TIMEOUT) {
1366	cifs_server_dbg(VFS,
1367	"Number of request timeouts exceeded %d. Reconnecting",
1368	MAX_STATUS_IO_TIMEOUT);
1369
1370	pending_reconnect = true;
1371	num_io_timeout = 0;
1372	}
1373	}
1374
1375	server->lstrp = jiffies;
1376
1377	for (i = 0; i < num_mids; i++) {
1378	if (mids[i] != NULL) {
1379	mids[i]->resp_buf_size = server->pdu_size;
1380
1381	if (bufs[i] != NULL) {
1382	if (server->ops->is_network_name_deleted &&
1383	server->ops->is_network_name_deleted(bufs[i],
1384	server)) {
1385	cifs_server_dbg(FYI,
1386	"Share deleted. Reconnect needed");
1387	}
1388	}
1389
1390	if (!mids[i]->multiRsp || mids[i]->multiEnd)
1391	mid_execute_callback(server, mid: mids[i]);
1392
1393	release_mid(server, mid: mids[i]);
1394	} else if (server->ops->is_oplock_break &&
1395	server->ops->is_oplock_break(bufs[i],
1396	server)) {
1397	smb2_add_credits_from_hdr(buffer: bufs[i], server);
1398	cifs_dbg(FYI, "Received oplock break\n");
1399	} else {
1400	cifs_server_dbg(VFS, "No task to wake, unknown frame received! NumMids %d\n",
1401	atomic_read(&mid_count));
1402	cifs_dump_mem(label: "Received Data is: ", data: bufs[i],
1403	HEADER_SIZE(server));
1404	smb2_add_credits_from_hdr(buffer: bufs[i], server);
1405	#ifdef CONFIG_CIFS_DEBUG2
1406	if (server->ops->dump_detail)
1407	server->ops->dump_detail(bufs[i], pdu_length,
1408	server);
1409	cifs_dump_mids(server);
1410	#endif /* CIFS_DEBUG2 */
1411	}
1412	}
1413
1414	if (pdu_length > server->pdu_size) {
1415	if (!allocate_buffers(server))
1416	continue;
1417	pdu_length -= server->pdu_size;
1418	server->total_read = 0;
1419	server->large_buf = false;
1420	buf = server->smallbuf;
1421	goto next_pdu;
1422	}
1423
1424	/* do this reconnect at the very end after processing all MIDs */
1425	if (pending_reconnect)
1426	cifs_reconnect(server, mark_smb_session: true);
1427
1428	} /* end while !EXITING */
1429
1430	/* buffer usually freed in free_mid - need to free it here on exit */
1431	cifs_buf_release(server->bigbuf);
1432	if (server->smallbuf) /* no sense logging a debug message if NULL */
1433	cifs_small_buf_release(server->smallbuf);
1434
1435	task_to_wake = xchg(&server->tsk, NULL);
1436	clean_demultiplex_info(server);
1437
1438	/* if server->tsk was NULL then wait for a signal before exiting */
1439	if (!task_to_wake) {
1440	set_current_state(TASK_INTERRUPTIBLE);
1441	while (!signal_pending(current)) {
1442	schedule();
1443	set_current_state(TASK_INTERRUPTIBLE);
1444	}
1445	set_current_state(TASK_RUNNING);
1446	}
1447
1448	memalloc_noreclaim_restore(flags: noreclaim_flag);
1449	module_put_and_kthread_exit(0);
1450	}
1451
1452	int
1453	cifs_ipaddr_cmp(struct sockaddr *srcaddr, struct sockaddr *rhs)
1454	{
1455	struct sockaddr_in *saddr4 = (struct sockaddr_in *)srcaddr;
1456	struct sockaddr_in *vaddr4 = (struct sockaddr_in *)rhs;
1457	struct sockaddr_in6 *saddr6 = (struct sockaddr_in6 *)srcaddr;
1458	struct sockaddr_in6 *vaddr6 = (struct sockaddr_in6 *)rhs;
1459
1460	switch (srcaddr->sa_family) {
1461	case AF_UNSPEC:
1462	switch (rhs->sa_family) {
1463	case AF_UNSPEC:
1464	return 0;
1465	case AF_INET:
1466	case AF_INET6:
1467	return 1;
1468	default:
1469	return -1;
1470	}
1471	case AF_INET: {
1472	switch (rhs->sa_family) {
1473	case AF_UNSPEC:
1474	return -1;
1475	case AF_INET:
1476	return memcmp(p: saddr4, q: vaddr4,
1477	size: sizeof(struct sockaddr_in));
1478	case AF_INET6:
1479	return 1;
1480	default:
1481	return -1;
1482	}
1483	}
1484	case AF_INET6: {
1485	switch (rhs->sa_family) {
1486	case AF_UNSPEC:
1487	case AF_INET:
1488	return -1;
1489	case AF_INET6:
1490	return memcmp(p: saddr6,
1491	q: vaddr6,
1492	size: sizeof(struct sockaddr_in6));
1493	default:
1494	return -1;
1495	}
1496	}
1497	default:
1498	return -1; /* don't expect to be here */
1499	}
1500	}
1501
1502	/*
1503	* Returns true if srcaddr isn't specified and rhs isn't specified, or
1504	* if srcaddr is specified and matches the IP address of the rhs argument
1505	*/
1506	bool
1507	cifs_match_ipaddr(struct sockaddr *srcaddr, struct sockaddr *rhs)
1508	{
1509	switch (srcaddr->sa_family) {
1510	case AF_UNSPEC:
1511	return (rhs->sa_family == AF_UNSPEC);
1512	case AF_INET: {
1513	struct sockaddr_in *saddr4 = (struct sockaddr_in *)srcaddr;
1514	struct sockaddr_in *vaddr4 = (struct sockaddr_in *)rhs;
1515
1516	return (saddr4->sin_addr.s_addr == vaddr4->sin_addr.s_addr);
1517	}
1518	case AF_INET6: {
1519	struct sockaddr_in6 *saddr6 = (struct sockaddr_in6 *)srcaddr;
1520	struct sockaddr_in6 *vaddr6 = (struct sockaddr_in6 *)rhs;
1521
1522	return (ipv6_addr_equal(a1: &saddr6->sin6_addr, a2: &vaddr6->sin6_addr)
1523	&& saddr6->sin6_scope_id == vaddr6->sin6_scope_id);
1524	}
1525	default:
1526	WARN_ON(1);
1527	return false; /* don't expect to be here */
1528	}
1529	}
1530
1531	/*
1532	* If no port is specified in addr structure, we try to match with 445 port
1533	* and if it fails - with 139 ports. It should be called only if address
1534	* families of server and addr are equal.
1535	*/
1536	static bool
1537	match_port(struct TCP_Server_Info *server, struct sockaddr *addr)
1538	{
1539	__be16 port, *sport;
1540
1541	/* SMBDirect manages its own ports, don't match it here */
1542	if (server->rdma)
1543	return true;
1544
1545	switch (addr->sa_family) {
1546	case AF_INET:
1547	sport = &((struct sockaddr_in *) &server->dstaddr)->sin_port;
1548	port = ((struct sockaddr_in *) addr)->sin_port;
1549	break;
1550	case AF_INET6:
1551	sport = &((struct sockaddr_in6 *) &server->dstaddr)->sin6_port;
1552	port = ((struct sockaddr_in6 *) addr)->sin6_port;
1553	break;
1554	default:
1555	WARN_ON(1);
1556	return false;
1557	}
1558
1559	if (!port) {
1560	port = htons(CIFS_PORT);
1561	if (port == *sport)
1562	return true;
1563
1564	port = htons(RFC1001_PORT);
1565	}
1566
1567	return port == *sport;
1568	}
1569
1570	static bool match_server_address(struct TCP_Server_Info *server, struct sockaddr *addr)
1571	{
1572	if (!cifs_match_ipaddr(srcaddr: addr, rhs: (struct sockaddr *)&server->dstaddr))
1573	return false;
1574
1575	return true;
1576	}
1577
1578	static bool
1579	match_security(struct TCP_Server_Info *server, struct smb3_fs_context *ctx)
1580	{
1581	/*
1582	* The select_sectype function should either return the ctx->sectype
1583	* that was specified, or "Unspecified" if that sectype was not
1584	* compatible with the given NEGOTIATE request.
1585	*/
1586	if (server->ops->select_sectype(server, ctx->sectype)
1587	== Unspecified)
1588	return false;
1589
1590	/*
1591	* Now check if signing mode is acceptable. No need to check
1592	* global_secflags at this point since if MUST_SIGN is set then
1593	* the server->sign had better be too.
1594	*/
1595	if (ctx->sign && !server->sign)
1596	return false;
1597
1598	return true;
1599	}
1600
1601	/* this function must be called with srv_lock held */
1602	static int match_server(struct TCP_Server_Info *server,
1603	struct smb3_fs_context *ctx,
1604	bool match_super)
1605	{
1606	struct sockaddr *addr = (struct sockaddr *)&ctx->dstaddr;
1607
1608	lockdep_assert_held(&server->srv_lock);
1609
1610	if (ctx->nosharesock)
1611	return 0;
1612
1613	/* this server does not share socket */
1614	if (server->nosharesock)
1615	return 0;
1616
1617	if (!match_super && (ctx->dfs_conn || server->dfs_conn))
1618	return 0;
1619
1620	/* If multidialect negotiation see if existing sessions match one */
1621	if (strcmp(ctx->vals->version_string, SMB3ANY_VERSION_STRING) == 0) {
1622	if (server->vals->protocol_id < SMB30_PROT_ID)
1623	return 0;
1624	} else if (strcmp(ctx->vals->version_string,
1625	SMBDEFAULT_VERSION_STRING) == 0) {
1626	if (server->vals->protocol_id < SMB21_PROT_ID)
1627	return 0;
1628	} else if ((server->vals != ctx->vals) || (server->ops != ctx->ops))
1629	return 0;
1630
1631	if (!net_eq(net1: cifs_net_ns(srv: server), current->nsproxy->net_ns))
1632	return 0;
1633
1634	if (!cifs_match_ipaddr(srcaddr: (struct sockaddr *)&ctx->srcaddr,
1635	rhs: (struct sockaddr *)&server->srcaddr))
1636	return 0;
1637
1638	if (strcasecmp(s1: server->hostname, s2: ctx->server_hostname) ||
1639	!match_server_address(server, addr) ||
1640	!match_port(server, addr))
1641	return 0;
1642
1643	if (!match_security(server, ctx))
1644	return 0;
1645
1646	if (server->echo_interval != ctx->echo_interval * HZ)
1647	return 0;
1648
1649	if (server->rdma != ctx->rdma)
1650	return 0;
1651
1652	if (server->ignore_signature != ctx->ignore_signature)
1653	return 0;
1654
1655	if (server->min_offload != ctx->min_offload)
1656	return 0;
1657
1658	if (server->retrans != ctx->retrans)
1659	return 0;
1660
1661	return 1;
1662	}
1663
1664	struct TCP_Server_Info *
1665	cifs_find_tcp_session(struct smb3_fs_context *ctx)
1666	{
1667	struct TCP_Server_Info *server;
1668
1669	spin_lock(lock: &cifs_tcp_ses_lock);
1670	list_for_each_entry(server, &cifs_tcp_ses_list, tcp_ses_list) {
1671	spin_lock(lock: &server->srv_lock);
1672	/*
1673	* Skip ses channels since they're only handled in lower layers
1674	* (e.g. cifs_send_recv).
1675	*/
1676	if (SERVER_IS_CHAN(server) ||
1677	!match_server(server, ctx, match_super: false)) {
1678	spin_unlock(lock: &server->srv_lock);
1679	continue;
1680	}
1681	spin_unlock(lock: &server->srv_lock);
1682
1683	++server->srv_count;
1684	spin_unlock(lock: &cifs_tcp_ses_lock);
1685	cifs_dbg(FYI, "Existing tcp session with server found\n");
1686	return server;
1687	}
1688	spin_unlock(lock: &cifs_tcp_ses_lock);
1689	return NULL;
1690	}
1691
1692	void
1693	cifs_put_tcp_session(struct TCP_Server_Info *server, int from_reconnect)
1694	{
1695	struct task_struct *task;
1696
1697	spin_lock(lock: &cifs_tcp_ses_lock);
1698	if (--server->srv_count > 0) {
1699	spin_unlock(lock: &cifs_tcp_ses_lock);
1700	return;
1701	}
1702
1703	/* srv_count can never go negative */
1704	WARN_ON(server->srv_count < 0);
1705
1706	list_del_init(entry: &server->tcp_ses_list);
1707	spin_unlock(lock: &cifs_tcp_ses_lock);
1708
1709	cancel_delayed_work_sync(dwork: &server->echo);
1710
1711	if (from_reconnect)
1712	/*
1713	* Avoid deadlock here: reconnect work calls
1714	* cifs_put_tcp_session() at its end. Need to be sure
1715	* that reconnect work does nothing with server pointer after
1716	* that step.
1717	*/
1718	cancel_delayed_work(dwork: &server->reconnect);
1719	else
1720	cancel_delayed_work_sync(dwork: &server->reconnect);
1721
1722	/* For secondary channels, we pick up ref-count on the primary server */
1723	if (SERVER_IS_CHAN(server))
1724	cifs_put_tcp_session(server: server->primary_server, from_reconnect);
1725
1726	spin_lock(lock: &server->srv_lock);
1727	server->tcpStatus = CifsExiting;
1728	spin_unlock(lock: &server->srv_lock);
1729
1730	cifs_crypto_secmech_release(server);
1731
1732	kfree_sensitive(objp: server->session_key.response);
1733	server->session_key.response = NULL;
1734	server->session_key.len = 0;
1735
1736	task = xchg(&server->tsk, NULL);
1737	if (task)
1738	send_sig(SIGKILL, task, 1);
1739	}
1740
1741	struct TCP_Server_Info *
1742	cifs_get_tcp_session(struct smb3_fs_context *ctx,
1743	struct TCP_Server_Info *primary_server)
1744	{
1745	struct TCP_Server_Info *tcp_ses = NULL;
1746	int rc;
1747
1748	cifs_dbg(FYI, "UNC: %s\n", ctx->UNC);
1749
1750	/* see if we already have a matching tcp_ses */
1751	tcp_ses = cifs_find_tcp_session(ctx);
1752	if (tcp_ses)
1753	return tcp_ses;
1754
1755	tcp_ses = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL);
1756	if (!tcp_ses) {
1757	rc = -ENOMEM;
1758	goto out_err;
1759	}
1760
1761	tcp_ses->hostname = kstrdup(s: ctx->server_hostname, GFP_KERNEL);
1762	if (!tcp_ses->hostname) {
1763	rc = -ENOMEM;
1764	goto out_err;
1765	}
1766
1767	if (ctx->leaf_fullpath) {
1768	tcp_ses->leaf_fullpath = kstrdup(s: ctx->leaf_fullpath, GFP_KERNEL);
1769	if (!tcp_ses->leaf_fullpath) {
1770	rc = -ENOMEM;
1771	goto out_err;
1772	}
1773	}
1774	if (ctx->dns_dom)
1775	strscpy(tcp_ses->dns_dom, ctx->dns_dom);
1776
1777	if (ctx->nosharesock)
1778	tcp_ses->nosharesock = true;
1779	tcp_ses->dfs_conn = ctx->dfs_conn;
1780
1781	tcp_ses->ops = ctx->ops;
1782	tcp_ses->vals = ctx->vals;
1783	cifs_set_net_ns(srv: tcp_ses, net: get_net(current->nsproxy->net_ns));
1784
1785	tcp_ses->sign = ctx->sign;
1786	tcp_ses->conn_id = atomic_inc_return(v: &tcpSesNextId);
1787	tcp_ses->noblockcnt = ctx->rootfs;
1788	tcp_ses->noblocksnd = ctx->noblocksnd || ctx->rootfs;
1789	tcp_ses->noautotune = ctx->noautotune;
1790	tcp_ses->tcp_nodelay = ctx->sockopt_tcp_nodelay;
1791	tcp_ses->rdma = ctx->rdma;
1792	tcp_ses->in_flight = 0;
1793	tcp_ses->max_in_flight = 0;
1794	tcp_ses->credits = 1;
1795	if (primary_server) {
1796	spin_lock(lock: &cifs_tcp_ses_lock);
1797	++primary_server->srv_count;
1798	spin_unlock(lock: &cifs_tcp_ses_lock);
1799	tcp_ses->primary_server = primary_server;
1800	}
1801	init_waitqueue_head(&tcp_ses->response_q);
1802	init_waitqueue_head(&tcp_ses->request_q);
1803	INIT_LIST_HEAD(list: &tcp_ses->pending_mid_q);
1804	mutex_init(&tcp_ses->_srv_mutex);
1805	memcpy(tcp_ses->workstation_RFC1001_name,
1806	ctx->source_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1807	memcpy(tcp_ses->server_RFC1001_name,
1808	ctx->target_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1809	tcp_ses->rfc1001_sessinit = ctx->rfc1001_sessinit;
1810	tcp_ses->with_rfc1001 = false;
1811	tcp_ses->session_estab = false;
1812	tcp_ses->sequence_number = 0;
1813	tcp_ses->channel_sequence_num = 0; /* only tracked for primary channel */
1814	tcp_ses->reconnect_instance = 1;
1815	tcp_ses->lstrp = jiffies;
1816	tcp_ses->compression.requested = ctx->compress;
1817	spin_lock_init(&tcp_ses->req_lock);
1818	spin_lock_init(&tcp_ses->srv_lock);
1819	spin_lock_init(&tcp_ses->mid_queue_lock);
1820	spin_lock_init(&tcp_ses->mid_counter_lock);
1821	INIT_LIST_HEAD(list: &tcp_ses->tcp_ses_list);
1822	INIT_LIST_HEAD(list: &tcp_ses->smb_ses_list);
1823	INIT_DELAYED_WORK(&tcp_ses->echo, cifs_echo_request);
1824	INIT_DELAYED_WORK(&tcp_ses->reconnect, smb2_reconnect_server);
1825	mutex_init(&tcp_ses->reconnect_mutex);
1826	memcpy(&tcp_ses->srcaddr, &ctx->srcaddr,
1827	sizeof(tcp_ses->srcaddr));
1828	memcpy(&tcp_ses->dstaddr, &ctx->dstaddr,
1829	sizeof(tcp_ses->dstaddr));
1830	if (ctx->use_client_guid)
1831	memcpy(tcp_ses->client_guid, ctx->client_guid,
1832	SMB2_CLIENT_GUID_SIZE);
1833	else
1834	generate_random_uuid(uuid: tcp_ses->client_guid);
1835	/*
1836	* at this point we are the only ones with the pointer
1837	* to the struct since the kernel thread not created yet
1838	* no need to spinlock this init of tcpStatus or srv_count
1839	*/
1840	tcp_ses->tcpStatus = CifsNew;
1841	++tcp_ses->srv_count;
1842	tcp_ses->echo_interval = ctx->echo_interval * HZ;
1843
1844	if (tcp_ses->rdma) {
1845	#ifndef CONFIG_CIFS_SMB_DIRECT
1846	cifs_dbg(VFS, "CONFIG_CIFS_SMB_DIRECT is not enabled\n");
1847	rc = -ENOENT;
1848	goto out_err_crypto_release;
1849	#endif
1850	tcp_ses->smbd_conn = smbd_get_connection(
1851	server: tcp_ses, dstaddr: (struct sockaddr *)&ctx->dstaddr);
1852	if (tcp_ses->smbd_conn) {
1853	cifs_dbg(VFS, "RDMA transport established\n");
1854	rc = 0;
1855	goto smbd_connected;
1856	} else {
1857	rc = -ENOENT;
1858	goto out_err_crypto_release;
1859	}
1860	}
1861	rc = ip_connect(server: tcp_ses);
1862	if (rc < 0) {
1863	cifs_dbg(VFS, "Error connecting to socket. Aborting operation.\n");
1864	goto out_err_crypto_release;
1865	}
1866	smbd_connected:
1867	/*
1868	* since we're in a cifs function already, we know that
1869	* this will succeed. No need for try_module_get().
1870	*/
1871	__module_get(THIS_MODULE);
1872	tcp_ses->tsk = kthread_run(cifs_demultiplex_thread,
1873	tcp_ses, "cifsd");
1874	if (IS_ERR(ptr: tcp_ses->tsk)) {
1875	rc = PTR_ERR(ptr: tcp_ses->tsk);
1876	cifs_dbg(VFS, "error %d create cifsd thread\n", rc);
1877	module_put(THIS_MODULE);
1878	goto out_err_crypto_release;
1879	}
1880	tcp_ses->min_offload = ctx->min_offload;
1881	tcp_ses->retrans = ctx->retrans;
1882	/*
1883	* at this point we are the only ones with the pointer
1884	* to the struct since the kernel thread not created yet
1885	* no need to spinlock this update of tcpStatus
1886	*/
1887	spin_lock(lock: &tcp_ses->srv_lock);
1888	tcp_ses->tcpStatus = CifsNeedNegotiate;
1889	spin_unlock(lock: &tcp_ses->srv_lock);
1890
1891	if ((ctx->max_credits < 20) || (ctx->max_credits > 60000))
1892	tcp_ses->max_credits = SMB2_MAX_CREDITS_AVAILABLE;
1893	else
1894	tcp_ses->max_credits = ctx->max_credits;
1895
1896	tcp_ses->nr_targets = 1;
1897	tcp_ses->ignore_signature = ctx->ignore_signature;
1898	/* thread spawned, put it on the list */
1899	spin_lock(lock: &cifs_tcp_ses_lock);
1900	list_add(new: &tcp_ses->tcp_ses_list, head: &cifs_tcp_ses_list);
1901	spin_unlock(lock: &cifs_tcp_ses_lock);
1902
1903	/* queue echo request delayed work */
1904	queue_delayed_work(wq: cifsiod_wq, dwork: &tcp_ses->echo, delay: tcp_ses->echo_interval);
1905
1906	return tcp_ses;
1907
1908	out_err_crypto_release:
1909	cifs_crypto_secmech_release(server: tcp_ses);
1910
1911	put_net(net: cifs_net_ns(srv: tcp_ses));
1912
1913	out_err:
1914	if (tcp_ses) {
1915	if (SERVER_IS_CHAN(tcp_ses))
1916	cifs_put_tcp_session(server: tcp_ses->primary_server, from_reconnect: false);
1917	kfree(objp: tcp_ses->hostname);
1918	kfree(objp: tcp_ses->leaf_fullpath);
1919	if (tcp_ses->ssocket)
1920	sock_release(sock: tcp_ses->ssocket);
1921	kfree(objp: tcp_ses);
1922	}
1923	return ERR_PTR(error: rc);
1924	}
1925
1926	/* this function must be called with ses_lock and chan_lock held */
1927	static int match_session(struct cifs_ses *ses,
1928	struct smb3_fs_context *ctx,
1929	bool match_super)
1930	{
1931	struct TCP_Server_Info *server = ses->server;
1932	enum securityEnum ctx_sec, ses_sec;
1933
1934	if (!match_super && ctx->dfs_root_ses != ses->dfs_root_ses)
1935	return 0;
1936
1937	/*
1938	* If an existing session is limited to less channels than
1939	* requested, it should not be reused
1940	*/
1941	if (ses->chan_max < ctx->max_channels)
1942	return 0;
1943
1944	ctx_sec = server->ops->select_sectype(server, ctx->sectype);
1945	ses_sec = server->ops->select_sectype(server, ses->sectype);
1946
1947	if (ctx_sec != ses_sec)
1948	return 0;
1949
1950	switch (ctx_sec) {
1951	case IAKerb:
1952	case Kerberos:
1953	if (!uid_eq(left: ctx->cred_uid, right: ses->cred_uid))
1954	return 0;
1955	break;
1956	case NTLMv2:
1957	case RawNTLMSSP:
1958	default:
1959	/* NULL username means anonymous session */
1960	if (ses->user_name == NULL) {
1961	if (!ctx->nullauth)
1962	return 0;
1963	break;
1964	}
1965
1966	/* anything else takes username/password */
1967	if (strncmp(ses->user_name,
1968	ctx->username ? ctx->username : "",
1969	CIFS_MAX_USERNAME_LEN))
1970	return 0;
1971	if ((ctx->username && strlen(ctx->username) != 0) &&
1972	ses->password != NULL) {
1973
1974	/* New mount can only share sessions with an existing mount if:
1975	* 1. Both password and password2 match, or
1976	* 2. password2 of the old mount matches password of the new mount
1977	* and password of the old mount matches password2 of the new
1978	* mount
1979	*/
1980	if (ses->password2 != NULL && ctx->password2 != NULL) {
1981	if (!((strncmp(ses->password, ctx->password ?
1982	ctx->password : "", CIFS_MAX_PASSWORD_LEN) == 0 &&
1983	strncmp(ses->password2, ctx->password2,
1984	CIFS_MAX_PASSWORD_LEN) == 0) ||
1985	(strncmp(ses->password, ctx->password2,
1986	CIFS_MAX_PASSWORD_LEN) == 0 &&
1987	strncmp(ses->password2, ctx->password ?
1988	ctx->password : "", CIFS_MAX_PASSWORD_LEN) == 0)))
1989	return 0;
1990
1991	} else if ((ses->password2 == NULL && ctx->password2 != NULL) ||
1992	(ses->password2 != NULL && ctx->password2 == NULL)) {
1993	return 0;
1994
1995	} else {
1996	if (strncmp(ses->password, ctx->password ?
1997	ctx->password : "", CIFS_MAX_PASSWORD_LEN))
1998	return 0;
1999	}
2000	}
2001	}
2002
2003	if (strcmp(ctx->local_nls->charset, ses->local_nls->charset))
2004	return 0;
2005
2006	return 1;
2007	}
2008
2009	/**
2010	* cifs_setup_ipc - helper to setup the IPC tcon for the session
2011	* @ses: smb session to issue the request on
2012	* @seal: if encryption is requested
2013	*
2014	* A new IPC connection is made and stored in the session
2015	* tcon_ipc. The IPC tcon has the same lifetime as the session.
2016	*/
2017	struct cifs_tcon *cifs_setup_ipc(struct cifs_ses *ses, bool seal)
2018	{
2019	int rc = 0, xid;
2020	struct cifs_tcon *tcon;
2021	char unc[SERVER_NAME_LENGTH + sizeof("//x/IPC$")] = {0};
2022	struct TCP_Server_Info *server = ses->server;
2023
2024	/*
2025	* If the mount request that resulted in the creation of the
2026	* session requires encryption, force IPC to be encrypted too.
2027	*/
2028	if (seal && !(server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION)) {
2029	cifs_server_dbg(VFS, "IPC: server doesn't support encryption\n");
2030	return ERR_PTR(error: -EOPNOTSUPP);
2031	}
2032
2033	/* no need to setup directory caching on IPC share, so pass in false */
2034	tcon = tcon_info_alloc(dir_leases_enabled: false, trace: netfs_trace_tcon_ref_new_ipc);
2035	if (tcon == NULL)
2036	return ERR_PTR(error: -ENOMEM);
2037
2038	spin_lock(lock: &server->srv_lock);
2039	scnprintf(buf: unc, size: sizeof(unc), fmt: "\\\\%s\\IPC$", server->hostname);
2040	spin_unlock(lock: &server->srv_lock);
2041
2042	xid = get_xid();
2043	tcon->ses = ses;
2044	tcon->ipc = true;
2045	tcon->seal = seal;
2046	rc = server->ops->tree_connect(xid, ses, unc, tcon, ses->local_nls);
2047	free_xid(xid);
2048
2049	if (rc) {
2050	cifs_server_dbg(VFS | ONCE, "failed to connect to IPC (rc=%d)\n", rc);
2051	tconInfoFree(tcon, trace: netfs_trace_tcon_ref_free_ipc_fail);
2052	return ERR_PTR(error: rc);
2053	}
2054
2055	cifs_dbg(FYI, "IPC tcon rc=%d ipc tid=0x%x\n", rc, tcon->tid);
2056
2057	spin_lock(lock: &tcon->tc_lock);
2058	tcon->status = TID_GOOD;
2059	spin_unlock(lock: &tcon->tc_lock);
2060	return tcon;
2061	}
2062
2063	static struct cifs_ses *
2064	cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx)
2065	{
2066	struct cifs_ses *ses, *ret = NULL;
2067
2068	spin_lock(lock: &cifs_tcp_ses_lock);
2069	list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
2070	spin_lock(lock: &ses->ses_lock);
2071	if (ses->ses_status == SES_EXITING) {
2072	spin_unlock(lock: &ses->ses_lock);
2073	continue;
2074	}
2075	spin_lock(lock: &ses->chan_lock);
2076	if (match_session(ses, ctx, match_super: false)) {
2077	spin_unlock(lock: &ses->chan_lock);
2078	spin_unlock(lock: &ses->ses_lock);
2079	ret = ses;
2080	break;
2081	}
2082	spin_unlock(lock: &ses->chan_lock);
2083	spin_unlock(lock: &ses->ses_lock);
2084	}
2085	if (ret)
2086	cifs_smb_ses_inc_refcount(ses: ret);
2087	spin_unlock(lock: &cifs_tcp_ses_lock);
2088	return ret;
2089	}
2090
2091	void __cifs_put_smb_ses(struct cifs_ses *ses)
2092	{
2093	struct TCP_Server_Info *server = ses->server;
2094	struct cifs_tcon *tcon;
2095	unsigned int xid;
2096	size_t i;
2097	bool do_logoff;
2098	int rc;
2099
2100	spin_lock(lock: &cifs_tcp_ses_lock);
2101	spin_lock(lock: &ses->ses_lock);
2102	cifs_dbg(FYI, "%s: id=0x%llx ses_count=%d ses_status=%u ipc=%s\n",
2103	__func__, ses->Suid, ses->ses_count, ses->ses_status,
2104	ses->tcon_ipc ? ses->tcon_ipc->tree_name : "none");
2105	if (ses->ses_status == SES_EXITING || --ses->ses_count > 0) {
2106	spin_unlock(lock: &ses->ses_lock);
2107	spin_unlock(lock: &cifs_tcp_ses_lock);
2108	return;
2109	}
2110	/* ses_count can never go negative */
2111	WARN_ON(ses->ses_count < 0);
2112
2113	spin_lock(lock: &ses->chan_lock);
2114	cifs_chan_clear_need_reconnect(ses, server);
2115	spin_unlock(lock: &ses->chan_lock);
2116
2117	do_logoff = ses->ses_status == SES_GOOD && server->ops->logoff;
2118	ses->ses_status = SES_EXITING;
2119	tcon = ses->tcon_ipc;
2120	ses->tcon_ipc = NULL;
2121	spin_unlock(lock: &ses->ses_lock);
2122	spin_unlock(lock: &cifs_tcp_ses_lock);
2123
2124	/*
2125	* On session close, the IPC is closed and the server must release all
2126	* tcons of the session. No need to send a tree disconnect here.
2127	*
2128	* Besides, it will make the server to not close durable and resilient
2129	* files on session close, as specified in MS-SMB2 3.3.5.6 Receiving an
2130	* SMB2 LOGOFF Request.
2131	*/
2132	tconInfoFree(tcon, trace: netfs_trace_tcon_ref_free_ipc);
2133	if (do_logoff) {
2134	xid = get_xid();
2135	rc = server->ops->logoff(xid, ses);
2136	cifs_server_dbg(FYI, "%s: Session Logoff: rc=%d\n",
2137	__func__, rc);
2138	_free_xid(xid);
2139	}
2140
2141	spin_lock(lock: &cifs_tcp_ses_lock);
2142	list_del_init(entry: &ses->smb_ses_list);
2143	spin_unlock(lock: &cifs_tcp_ses_lock);
2144
2145	/* close any extra channels */
2146	for (i = 1; i < ses->chan_count; i++) {
2147	if (ses->chans[i].iface) {
2148	kref_put(kref: &ses->chans[i].iface->refcount, release: release_iface);
2149	ses->chans[i].iface = NULL;
2150	}
2151	cifs_put_tcp_session(server: ses->chans[i].server, from_reconnect: 0);
2152	ses->chans[i].server = NULL;
2153	}
2154
2155	/* we now account for primary channel in iface->refcount */
2156	if (ses->chans[0].iface) {
2157	kref_put(kref: &ses->chans[0].iface->refcount, release: release_iface);
2158	ses->chans[0].server = NULL;
2159	}
2160
2161	sesInfoFree(ses);
2162	cifs_put_tcp_session(server, from_reconnect: 0);
2163	}
2164
2165	#ifdef CONFIG_KEYS
2166
2167	/* strlen("cifs:a:") + CIFS_MAX_DOMAINNAME_LEN + 1 */
2168	#define CIFSCREDS_DESC_SIZE (7 + CIFS_MAX_DOMAINNAME_LEN + 1)
2169
2170	/* Populate username and pw fields from keyring if possible */
2171	static int
2172	cifs_set_cifscreds(struct smb3_fs_context *ctx, struct cifs_ses *ses)
2173	{
2174	int rc = 0;
2175	int is_domain = 0;
2176	const char *delim, *payload;
2177	char *desc;
2178	ssize_t len;
2179	struct key *key;
2180	struct TCP_Server_Info *server = ses->server;
2181	struct sockaddr_in *sa;
2182	struct sockaddr_in6 *sa6;
2183	const struct user_key_payload *upayload;
2184
2185	desc = kmalloc(CIFSCREDS_DESC_SIZE, GFP_KERNEL);
2186	if (!desc)
2187	return -ENOMEM;
2188
2189	/* try to find an address key first */
2190	switch (server->dstaddr.ss_family) {
2191	case AF_INET:
2192	sa = (struct sockaddr_in *)&server->dstaddr;
2193	sprintf(buf: desc, fmt: "cifs:a:%pI4", &sa->sin_addr.s_addr);
2194	break;
2195	case AF_INET6:
2196	sa6 = (struct sockaddr_in6 *)&server->dstaddr;
2197	sprintf(buf: desc, fmt: "cifs:a:%pI6c", &sa6->sin6_addr.s6_addr);
2198	break;
2199	default:
2200	cifs_dbg(FYI, "Bad ss_family (%hu)\n",
2201	server->dstaddr.ss_family);
2202	rc = -EINVAL;
2203	goto out_err;
2204	}
2205
2206	cifs_dbg(FYI, "%s: desc=%s\n", __func__, desc);
2207	key = request_key(type: &key_type_logon, description: desc, callout_info: "");
2208	if (IS_ERR(ptr: key)) {
2209	if (!ses->domainName) {
2210	cifs_dbg(FYI, "domainName is NULL\n");
2211	rc = PTR_ERR(ptr: key);
2212	goto out_err;
2213	}
2214
2215	/* didn't work, try to find a domain key */
2216	sprintf(buf: desc, fmt: "cifs:d:%s", ses->domainName);
2217	cifs_dbg(FYI, "%s: desc=%s\n", __func__, desc);
2218	key = request_key(type: &key_type_logon, description: desc, callout_info: "");
2219	if (IS_ERR(ptr: key)) {
2220	rc = PTR_ERR(ptr: key);
2221	goto out_err;
2222	}
2223	is_domain = 1;
2224	}
2225
2226	down_read(sem: &key->sem);
2227	upayload = user_key_payload_locked(key);
2228	if (IS_ERR_OR_NULL(ptr: upayload)) {
2229	rc = upayload ? PTR_ERR(ptr: upayload) : -EINVAL;
2230	goto out_key_put;
2231	}
2232
2233	/* find first : in payload */
2234	payload = upayload->data;
2235	delim = strnchr(payload, upayload->datalen, ':');
2236	cifs_dbg(FYI, "payload=%s\n", payload);
2237	if (!delim) {
2238	cifs_dbg(FYI, "Unable to find ':' in payload (datalen=%d)\n",
2239	upayload->datalen);
2240	rc = -EINVAL;
2241	goto out_key_put;
2242	}
2243
2244	len = delim - payload;
2245	if (len > CIFS_MAX_USERNAME_LEN || len <= 0) {
2246	cifs_dbg(FYI, "Bad value from username search (len=%zd)\n",
2247	len);
2248	rc = -EINVAL;
2249	goto out_key_put;
2250	}
2251
2252	ctx->username = kstrndup(s: payload, len, GFP_KERNEL);
2253	if (!ctx->username) {
2254	cifs_dbg(FYI, "Unable to allocate %zd bytes for username\n",
2255	len);
2256	rc = -ENOMEM;
2257	goto out_key_put;
2258	}
2259	cifs_dbg(FYI, "%s: username=%s\n", __func__, ctx->username);
2260
2261	len = key->datalen - (len + 1);
2262	if (len > CIFS_MAX_PASSWORD_LEN || len <= 0) {
2263	cifs_dbg(FYI, "Bad len for password search (len=%zd)\n", len);
2264	rc = -EINVAL;
2265	kfree(objp: ctx->username);
2266	ctx->username = NULL;
2267	goto out_key_put;
2268	}
2269
2270	++delim;
2271	/* BB consider adding support for password2 (Key Rotation) for multiuser in future */
2272	ctx->password = kstrndup(s: delim, len, GFP_KERNEL);
2273	if (!ctx->password) {
2274	cifs_dbg(FYI, "Unable to allocate %zd bytes for password\n",
2275	len);
2276	rc = -ENOMEM;
2277	kfree(objp: ctx->username);
2278	ctx->username = NULL;
2279	goto out_key_put;
2280	}
2281
2282	/*
2283	* If we have a domain key then we must set the domainName in the
2284	* for the request.
2285	*/
2286	if (is_domain && ses->domainName) {
2287	ctx->domainname = kstrdup(s: ses->domainName, GFP_KERNEL);
2288	if (!ctx->domainname) {
2289	cifs_dbg(FYI, "Unable to allocate %zd bytes for domain\n",
2290	len);
2291	rc = -ENOMEM;
2292	kfree(objp: ctx->username);
2293	ctx->username = NULL;
2294	kfree_sensitive(objp: ctx->password);
2295	/* no need to free ctx->password2 since not allocated in this path */
2296	ctx->password = NULL;
2297	goto out_key_put;
2298	}
2299	}
2300
2301	strscpy(ctx->workstation_name, ses->workstation_name, sizeof(ctx->workstation_name));
2302
2303	out_key_put:
2304	up_read(sem: &key->sem);
2305	key_put(key);
2306	out_err:
2307	kfree(objp: desc);
2308	cifs_dbg(FYI, "%s: returning %d\n", __func__, rc);
2309	return rc;
2310	}
2311	#else /* ! CONFIG_KEYS */
2312	static inline int
2313	cifs_set_cifscreds(struct smb3_fs_context *ctx __maybe_unused,
2314	struct cifs_ses *ses __maybe_unused)
2315	{
2316	return -ENOSYS;
2317	}
2318	#endif /* CONFIG_KEYS */
2319
2320	/**
2321	* cifs_get_smb_ses - get a session matching @ctx data from @server
2322	* @server: server to setup the session to
2323	* @ctx: superblock configuration context to use to setup the session
2324	*
2325	* This function assumes it is being called from cifs_mount() where we
2326	* already got a server reference (server refcount +1). See
2327	* cifs_get_tcon() for refcount explanations.
2328	*/
2329	struct cifs_ses *
2330	cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx)
2331	{
2332	struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)&server->dstaddr;
2333	struct sockaddr_in *addr = (struct sockaddr_in *)&server->dstaddr;
2334	struct cifs_tcon *ipc;
2335	struct cifs_ses *ses;
2336	unsigned int xid;
2337	int retries = 0;
2338	size_t len;
2339	int rc = 0;
2340
2341	xid = get_xid();
2342
2343	ses = cifs_find_smb_ses(server, ctx);
2344	if (ses) {
2345	cifs_dbg(FYI, "Existing smb sess found (status=%d)\n",
2346	ses->ses_status);
2347
2348	spin_lock(lock: &ses->chan_lock);
2349	if (cifs_chan_needs_reconnect(ses, server)) {
2350	spin_unlock(lock: &ses->chan_lock);
2351	cifs_dbg(FYI, "Session needs reconnect\n");
2352
2353	mutex_lock(&ses->session_mutex);
2354
2355	retry_old_session:
2356	rc = cifs_negotiate_protocol(xid, ses, server);
2357	if (rc) {
2358	mutex_unlock(lock: &ses->session_mutex);
2359	/* problem -- put our ses reference */
2360	cifs_put_smb_ses(ses);
2361	free_xid(xid);
2362	return ERR_PTR(error: rc);
2363	}
2364
2365	rc = cifs_setup_session(xid, ses, server,
2366	nls_info: ctx->local_nls);
2367	if (rc) {
2368	if (((rc == -EACCES) || (rc == -EKEYEXPIRED) ||
2369	(rc == -EKEYREVOKED)) && !retries && ses->password2) {
2370	retries++;
2371	cifs_dbg(FYI, "Session reconnect failed, retrying with alternate password\n");
2372	swap(ses->password, ses->password2);
2373	goto retry_old_session;
2374	}
2375	mutex_unlock(lock: &ses->session_mutex);
2376	/* problem -- put our reference */
2377	cifs_put_smb_ses(ses);
2378	free_xid(xid);
2379	return ERR_PTR(error: rc);
2380	}
2381	mutex_unlock(lock: &ses->session_mutex);
2382
2383	spin_lock(lock: &ses->chan_lock);
2384	}
2385	spin_unlock(lock: &ses->chan_lock);
2386
2387	/* existing SMB ses has a server reference already */
2388	cifs_put_tcp_session(server, from_reconnect: 0);
2389	free_xid(xid);
2390	return ses;
2391	}
2392
2393	rc = -ENOMEM;
2394
2395	cifs_dbg(FYI, "Existing smb sess not found\n");
2396	ses = sesInfoAlloc();
2397	if (ses == NULL)
2398	goto get_ses_fail;
2399
2400	/* new SMB session uses our server ref */
2401	ses->server = server;
2402	if (server->dstaddr.ss_family == AF_INET6)
2403	sprintf(buf: ses->ip_addr, fmt: "%pI6", &addr6->sin6_addr);
2404	else
2405	sprintf(buf: ses->ip_addr, fmt: "%pI4", &addr->sin_addr);
2406
2407	if (ctx->username) {
2408	ses->user_name = kstrdup(s: ctx->username, GFP_KERNEL);
2409	if (!ses->user_name)
2410	goto get_ses_fail;
2411	}
2412
2413	/* ctx->password freed at unmount */
2414	if (ctx->password) {
2415	ses->password = kstrdup(s: ctx->password, GFP_KERNEL);
2416	if (!ses->password)
2417	goto get_ses_fail;
2418	}
2419	/* ctx->password freed at unmount */
2420	if (ctx->password2) {
2421	ses->password2 = kstrdup(s: ctx->password2, GFP_KERNEL);
2422	if (!ses->password2)
2423	goto get_ses_fail;
2424	}
2425	if (ctx->domainname) {
2426	ses->domainName = kstrdup(s: ctx->domainname, GFP_KERNEL);
2427	if (!ses->domainName)
2428	goto get_ses_fail;
2429
2430	len = strnlen(p: ctx->domainname, CIFS_MAX_DOMAINNAME_LEN);
2431	if (!cifs_netbios_name(name: ctx->domainname, namelen: len)) {
2432	ses->dns_dom = kstrndup(s: ctx->domainname,
2433	len, GFP_KERNEL);
2434	if (!ses->dns_dom)
2435	goto get_ses_fail;
2436	}
2437	}
2438
2439	strscpy(ses->workstation_name, ctx->workstation_name, sizeof(ses->workstation_name));
2440
2441	if (ctx->domainauto)
2442	ses->domainAuto = ctx->domainauto;
2443	ses->cred_uid = ctx->cred_uid;
2444	ses->linux_uid = ctx->linux_uid;
2445
2446	ses->unicode = ctx->unicode;
2447	ses->sectype = ctx->sectype;
2448	ses->sign = ctx->sign;
2449
2450	/*
2451	*Explicitly marking upcall_target mount option for easier handling
2452	* by cifs_spnego.c and eventually cifs.upcall.c
2453	*/
2454
2455	switch (ctx->upcall_target) {
2456	case UPTARGET_UNSPECIFIED: /* default to app */
2457	case UPTARGET_APP:
2458	ses->upcall_target = UPTARGET_APP;
2459	break;
2460	case UPTARGET_MOUNT:
2461	ses->upcall_target = UPTARGET_MOUNT;
2462	break;
2463	default:
2464	// should never happen
2465	ses->upcall_target = UPTARGET_APP;
2466	break;
2467	}
2468
2469	ses->local_nls = load_nls(charset: ctx->local_nls->charset);
2470
2471	/* add server as first channel */
2472	spin_lock(lock: &ses->chan_lock);
2473	ses->chans[0].server = server;
2474	ses->chan_count = 1;
2475	ses->chan_max = ctx->multichannel ? ctx->max_channels:1;
2476	ses->chans_need_reconnect = 1;
2477	spin_unlock(lock: &ses->chan_lock);
2478
2479	retry_new_session:
2480	mutex_lock(&ses->session_mutex);
2481	rc = cifs_negotiate_protocol(xid, ses, server);
2482	if (!rc)
2483	rc = cifs_setup_session(xid, ses, server, nls_info: ctx->local_nls);
2484	mutex_unlock(lock: &ses->session_mutex);
2485
2486	/* each channel uses a different signing key */
2487	spin_lock(lock: &ses->chan_lock);
2488	memcpy(ses->chans[0].signkey, ses->smb3signingkey,
2489	sizeof(ses->smb3signingkey));
2490	spin_unlock(lock: &ses->chan_lock);
2491
2492	if (rc) {
2493	if (((rc == -EACCES) || (rc == -EKEYEXPIRED) ||
2494	(rc == -EKEYREVOKED)) && !retries && ses->password2) {
2495	retries++;
2496	cifs_dbg(FYI, "Session setup failed, retrying with alternate password\n");
2497	swap(ses->password, ses->password2);
2498	goto retry_new_session;
2499	} else
2500	goto get_ses_fail;
2501	}
2502
2503	/*
2504	* success, put it on the list and add it as first channel
2505	* note: the session becomes active soon after this. So you'll
2506	* need to lock before changing something in the session.
2507	*/
2508	spin_lock(lock: &cifs_tcp_ses_lock);
2509	ses->dfs_root_ses = ctx->dfs_root_ses;
2510	list_add(new: &ses->smb_ses_list, head: &server->smb_ses_list);
2511	spin_unlock(lock: &cifs_tcp_ses_lock);
2512
2513	ipc = cifs_setup_ipc(ses, seal: ctx->seal);
2514	spin_lock(lock: &cifs_tcp_ses_lock);
2515	spin_lock(lock: &ses->ses_lock);
2516	ses->tcon_ipc = !IS_ERR(ptr: ipc) ? ipc : NULL;
2517	spin_unlock(lock: &ses->ses_lock);
2518	spin_unlock(lock: &cifs_tcp_ses_lock);
2519
2520	free_xid(xid);
2521
2522	return ses;
2523
2524	get_ses_fail:
2525	sesInfoFree(ses);
2526	free_xid(xid);
2527	return ERR_PTR(error: rc);
2528	}
2529
2530	/* this function must be called with tc_lock held */
2531	static int match_tcon(struct cifs_tcon *tcon, struct smb3_fs_context *ctx)
2532	{
2533	struct TCP_Server_Info *server = tcon->ses->server;
2534
2535	if (tcon->status == TID_EXITING)
2536	return 0;
2537
2538	if (tcon->origin_fullpath) {
2539	if (!ctx->source ||
2540	!dfs_src_pathname_equal(s1: ctx->source,
2541	s2: tcon->origin_fullpath))
2542	return 0;
2543	} else if (!server->leaf_fullpath &&
2544	strncmp(tcon->tree_name, ctx->UNC, MAX_TREE_SIZE)) {
2545	return 0;
2546	}
2547	if (tcon->seal != ctx->seal)
2548	return 0;
2549	if (tcon->snapshot_time != ctx->snapshot_time)
2550	return 0;
2551	if (tcon->handle_timeout != ctx->handle_timeout)
2552	return 0;
2553	if (tcon->no_lease != ctx->no_lease)
2554	return 0;
2555	if (tcon->nodelete != ctx->nodelete)
2556	return 0;
2557	if (tcon->posix_extensions != ctx->linux_ext)
2558	return 0;
2559	return 1;
2560	}
2561
2562	static struct cifs_tcon *
2563	cifs_find_tcon(struct cifs_ses *ses, struct smb3_fs_context *ctx)
2564	{
2565	struct cifs_tcon *tcon;
2566
2567	spin_lock(lock: &cifs_tcp_ses_lock);
2568	list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
2569	spin_lock(lock: &tcon->tc_lock);
2570	if (!match_tcon(tcon, ctx)) {
2571	spin_unlock(lock: &tcon->tc_lock);
2572	continue;
2573	}
2574	++tcon->tc_count;
2575	trace_smb3_tcon_ref(tcon_debug_id: tcon->debug_id, ref: tcon->tc_count,
2576	trace: netfs_trace_tcon_ref_get_find);
2577	spin_unlock(lock: &tcon->tc_lock);
2578	spin_unlock(lock: &cifs_tcp_ses_lock);
2579	return tcon;
2580	}
2581	spin_unlock(lock: &cifs_tcp_ses_lock);
2582	return NULL;
2583	}
2584
2585	void
2586	cifs_put_tcon(struct cifs_tcon *tcon, enum smb3_tcon_ref_trace trace)
2587	{
2588	unsigned int xid;
2589	struct cifs_ses *ses;
2590	LIST_HEAD(ses_list);
2591
2592	/*
2593	* IPC tcon share the lifetime of their session and are
2594	* destroyed in the session put function
2595	*/
2596	if (tcon == NULL || tcon->ipc)
2597	return;
2598
2599	ses = tcon->ses;
2600	cifs_dbg(FYI, "%s: tc_count=%d\n", __func__, tcon->tc_count);
2601	spin_lock(lock: &cifs_tcp_ses_lock);
2602	spin_lock(lock: &tcon->tc_lock);
2603	trace_smb3_tcon_ref(tcon_debug_id: tcon->debug_id, ref: tcon->tc_count - 1, trace);
2604	if (--tcon->tc_count > 0) {
2605	spin_unlock(lock: &tcon->tc_lock);
2606	spin_unlock(lock: &cifs_tcp_ses_lock);
2607	return;
2608	}
2609
2610	/* tc_count can never go negative */
2611	WARN_ON(tcon->tc_count < 0);
2612
2613	list_del_init(entry: &tcon->tcon_list);
2614	tcon->status = TID_EXITING;
2615	spin_unlock(lock: &tcon->tc_lock);
2616	spin_unlock(lock: &cifs_tcp_ses_lock);
2617
2618	/* cancel polling of interfaces */
2619	cancel_delayed_work_sync(dwork: &tcon->query_interfaces);
2620	#ifdef CONFIG_CIFS_DFS_UPCALL
2621	cancel_delayed_work_sync(dwork: &tcon->dfs_cache_work);
2622	list_replace_init(old: &tcon->dfs_ses_list, new: &ses_list);
2623	#endif
2624
2625	if (tcon->use_witness) {
2626	int rc;
2627
2628	rc = cifs_swn_unregister(tcon);
2629	if (rc < 0) {
2630	cifs_dbg(VFS, "%s: Failed to unregister for witness notifications: %d\n",
2631	__func__, rc);
2632	}
2633	}
2634
2635	xid = get_xid();
2636	if (ses->server->ops->tree_disconnect)
2637	ses->server->ops->tree_disconnect(xid, tcon);
2638	_free_xid(xid);
2639
2640	cifs_fscache_release_super_cookie(tcon);
2641	tconInfoFree(tcon, trace: netfs_trace_tcon_ref_free);
2642	cifs_put_smb_ses(ses);
2643	#ifdef CONFIG_CIFS_DFS_UPCALL
2644	dfs_put_root_smb_sessions(head: &ses_list);
2645	#endif
2646	}
2647
2648	/**
2649	* cifs_get_tcon - get a tcon matching @ctx data from @ses
2650	* @ses: smb session to issue the request on
2651	* @ctx: the superblock configuration context to use for building the
2652	*
2653	* - tcon refcount is the number of mount points using the tcon.
2654	* - ses refcount is the number of tcon using the session.
2655	*
2656	* 1. This function assumes it is being called from cifs_mount() where
2657	* we already got a session reference (ses refcount +1).
2658	*
2659	* 2. Since we're in the context of adding a mount point, the end
2660	* result should be either:
2661	*
2662	* a) a new tcon already allocated with refcount=1 (1 mount point) and
2663	* its session refcount incremented (1 new tcon). This +1 was
2664	* already done in (1).
2665	*
2666	* b) an existing tcon with refcount+1 (add a mount point to it) and
2667	* identical ses refcount (no new tcon). Because of (1) we need to
2668	* decrement the ses refcount.
2669	*/
2670	static struct cifs_tcon *
2671	cifs_get_tcon(struct cifs_ses *ses, struct smb3_fs_context *ctx)
2672	{
2673	struct cifs_tcon *tcon;
2674	bool nohandlecache;
2675	int rc, xid;
2676
2677	tcon = cifs_find_tcon(ses, ctx);
2678	if (tcon) {
2679	/*
2680	* tcon has refcount already incremented but we need to
2681	* decrement extra ses reference gotten by caller (case b)
2682	*/
2683	cifs_dbg(FYI, "Found match on UNC path\n");
2684	cifs_put_smb_ses(ses);
2685	return tcon;
2686	}
2687
2688	if (!ses->server->ops->tree_connect) {
2689	rc = -ENOSYS;
2690	goto out_fail;
2691	}
2692
2693	if (ses->server->dialect >= SMB20_PROT_ID &&
2694	(ses->server->capabilities & SMB2_GLOBAL_CAP_DIRECTORY_LEASING))
2695	nohandlecache = ctx->nohandlecache || !dir_cache_timeout;
2696	else
2697	nohandlecache = true;
2698	tcon = tcon_info_alloc(dir_leases_enabled: !nohandlecache, trace: netfs_trace_tcon_ref_new);
2699	if (tcon == NULL) {
2700	rc = -ENOMEM;
2701	goto out_fail;
2702	}
2703	tcon->nohandlecache = nohandlecache;
2704
2705	if (ctx->snapshot_time) {
2706	if (ses->server->vals->protocol_id == 0) {
2707	cifs_dbg(VFS,
2708	"Use SMB2 or later for snapshot mount option\n");
2709	rc = -EOPNOTSUPP;
2710	goto out_fail;
2711	} else
2712	tcon->snapshot_time = ctx->snapshot_time;
2713	}
2714
2715	if (ctx->handle_timeout) {
2716	if (ses->server->vals->protocol_id == 0) {
2717	cifs_dbg(VFS,
2718	"Use SMB2.1 or later for handle timeout option\n");
2719	rc = -EOPNOTSUPP;
2720	goto out_fail;
2721	} else
2722	tcon->handle_timeout = ctx->handle_timeout;
2723	}
2724
2725	tcon->ses = ses;
2726	if (ctx->password) {
2727	tcon->password = kstrdup(s: ctx->password, GFP_KERNEL);
2728	if (!tcon->password) {
2729	rc = -ENOMEM;
2730	goto out_fail;
2731	}
2732	}
2733
2734	if (ctx->seal) {
2735	if (ses->server->vals->protocol_id == 0) {
2736	cifs_dbg(VFS,
2737	"SMB3 or later required for encryption\n");
2738	rc = -EOPNOTSUPP;
2739	goto out_fail;
2740	} else if (tcon->ses->server->capabilities &
2741	SMB2_GLOBAL_CAP_ENCRYPTION)
2742	tcon->seal = true;
2743	else {
2744	cifs_dbg(VFS, "Encryption is not supported on share\n");
2745	rc = -EOPNOTSUPP;
2746	goto out_fail;
2747	}
2748	}
2749
2750	if (ctx->linux_ext) {
2751	if (ses->server->posix_ext_supported) {
2752	tcon->posix_extensions = true;
2753	pr_warn_once("SMB3.11 POSIX Extensions are experimental\n");
2754	} else if ((ses->server->vals->protocol_id == SMB311_PROT_ID) ||
2755	(strcmp(ses->server->vals->version_string,
2756	SMB3ANY_VERSION_STRING) == 0) ||
2757	(strcmp(ses->server->vals->version_string,
2758	SMBDEFAULT_VERSION_STRING) == 0)) {
2759	cifs_dbg(VFS, "Server does not support mounting with posix SMB3.11 extensions\n");
2760	rc = -EOPNOTSUPP;
2761	goto out_fail;
2762	} else if (ses->server->vals->protocol_id == SMB10_PROT_ID)
2763	if (cap_unix(ses))
2764	cifs_dbg(FYI, "Unix Extensions requested on SMB1 mount\n");
2765	else {
2766	cifs_dbg(VFS, "SMB1 Unix Extensions not supported by server\n");
2767	rc = -EOPNOTSUPP;
2768	goto out_fail;
2769	} else {
2770	cifs_dbg(VFS,
2771	"Check vers= mount option. SMB3.11 disabled but required for POSIX extensions\n");
2772	rc = -EOPNOTSUPP;
2773	goto out_fail;
2774	}
2775	}
2776
2777	xid = get_xid();
2778	rc = ses->server->ops->tree_connect(xid, ses, ctx->UNC, tcon,
2779	ctx->local_nls);
2780	free_xid(xid);
2781	cifs_dbg(FYI, "Tcon rc = %d\n", rc);
2782	if (rc)
2783	goto out_fail;
2784
2785	tcon->use_persistent = false;
2786	/* check if SMB2 or later, CIFS does not support persistent handles */
2787	if (ctx->persistent) {
2788	if (ses->server->vals->protocol_id == 0) {
2789	cifs_dbg(VFS,
2790	"SMB3 or later required for persistent handles\n");
2791	rc = -EOPNOTSUPP;
2792	goto out_fail;
2793	} else if (ses->server->capabilities &
2794	SMB2_GLOBAL_CAP_PERSISTENT_HANDLES)
2795	tcon->use_persistent = true;
2796	else /* persistent handles requested but not supported */ {
2797	cifs_dbg(VFS,
2798	"Persistent handles not supported on share\n");
2799	rc = -EOPNOTSUPP;
2800	goto out_fail;
2801	}
2802	} else if ((tcon->capabilities & SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY)
2803	&& (ses->server->capabilities & SMB2_GLOBAL_CAP_PERSISTENT_HANDLES)
2804	&& (ctx->nopersistent == false)) {
2805	cifs_dbg(FYI, "enabling persistent handles\n");
2806	tcon->use_persistent = true;
2807	} else if (ctx->resilient) {
2808	if (ses->server->vals->protocol_id == 0) {
2809	cifs_dbg(VFS,
2810	"SMB2.1 or later required for resilient handles\n");
2811	rc = -EOPNOTSUPP;
2812	goto out_fail;
2813	}
2814	tcon->use_resilient = true;
2815	}
2816
2817	tcon->use_witness = false;
2818	if (IS_ENABLED(CONFIG_CIFS_SWN_UPCALL) && ctx->witness) {
2819	if (ses->server->vals->protocol_id >= SMB30_PROT_ID) {
2820	if (tcon->capabilities & SMB2_SHARE_CAP_CLUSTER) {
2821	/*
2822	* Set witness in use flag in first place
2823	* to retry registration in the echo task
2824	*/
2825	tcon->use_witness = true;
2826	/* And try to register immediately */
2827	rc = cifs_swn_register(tcon);
2828	if (rc < 0) {
2829	cifs_dbg(VFS, "Failed to register for witness notifications: %d\n", rc);
2830	goto out_fail;
2831	}
2832	} else {
2833	/* TODO: try to extend for non-cluster uses (eg multichannel) */
2834	cifs_dbg(VFS, "witness requested on mount but no CLUSTER capability on share\n");
2835	rc = -EOPNOTSUPP;
2836	goto out_fail;
2837	}
2838	} else {
2839	cifs_dbg(VFS, "SMB3 or later required for witness option\n");
2840	rc = -EOPNOTSUPP;
2841	goto out_fail;
2842	}
2843	}
2844
2845	/* If the user really knows what they are doing they can override */
2846	if (tcon->share_flags & SMB2_SHAREFLAG_NO_CACHING) {
2847	if (ctx->cache_ro)
2848	cifs_dbg(VFS, "cache=ro requested on mount but NO_CACHING flag set on share\n");
2849	else if (ctx->cache_rw)
2850	cifs_dbg(VFS, "cache=singleclient requested on mount but NO_CACHING flag set on share\n");
2851	}
2852
2853	if (ctx->no_lease) {
2854	if (ses->server->vals->protocol_id == 0) {
2855	cifs_dbg(VFS,
2856	"SMB2 or later required for nolease option\n");
2857	rc = -EOPNOTSUPP;
2858	goto out_fail;
2859	} else
2860	tcon->no_lease = ctx->no_lease;
2861	}
2862
2863	/*
2864	* We can have only one retry value for a connection to a share so for
2865	* resources mounted more than once to the same server share the last
2866	* value passed in for the retry flag is used.
2867	*/
2868	tcon->retry = ctx->retry;
2869	tcon->nocase = ctx->nocase;
2870	tcon->broken_sparse_sup = ctx->no_sparse;
2871	tcon->max_cached_dirs = ctx->max_cached_dirs;
2872	tcon->nodelete = ctx->nodelete;
2873	tcon->local_lease = ctx->local_lease;
2874	tcon->status = TID_GOOD;
2875
2876	if (ses->server->dialect >= SMB30_PROT_ID &&
2877	(ses->server->capabilities & SMB2_GLOBAL_CAP_MULTI_CHANNEL)) {
2878	/* schedule query interfaces poll */
2879	queue_delayed_work(wq: cifsiod_wq, dwork: &tcon->query_interfaces,
2880	delay: (SMB_INTERFACE_POLL_INTERVAL * HZ));
2881	}
2882	spin_lock(lock: &cifs_tcp_ses_lock);
2883	list_add(new: &tcon->tcon_list, head: &ses->tcon_list);
2884	spin_unlock(lock: &cifs_tcp_ses_lock);
2885
2886	return tcon;
2887
2888	out_fail:
2889	tconInfoFree(tcon, trace: netfs_trace_tcon_ref_free_fail);
2890	return ERR_PTR(error: rc);
2891	}
2892
2893	void
2894	cifs_put_tlink(struct tcon_link *tlink)
2895	{
2896	if (!tlink || IS_ERR(ptr: tlink))
2897	return;
2898
2899	if (!atomic_dec_and_test(v: &tlink->tl_count) ||
2900	test_bit(TCON_LINK_IN_TREE, &tlink->tl_flags)) {
2901	tlink->tl_time = jiffies;
2902	return;
2903	}
2904
2905	if (!IS_ERR(ptr: tlink_tcon(tlink)))
2906	cifs_put_tcon(tcon: tlink_tcon(tlink), trace: netfs_trace_tcon_ref_put_tlink);
2907	kfree(objp: tlink);
2908	}
2909
2910	static int
2911	compare_mount_options(struct super_block *sb, struct cifs_mnt_data *mnt_data)
2912	{
2913	struct cifs_sb_info *old = CIFS_SB(sb);
2914	struct cifs_sb_info *new = mnt_data->cifs_sb;
2915	unsigned int oldflags = old->mnt_cifs_flags & CIFS_MOUNT_MASK;
2916	unsigned int newflags = new->mnt_cifs_flags & CIFS_MOUNT_MASK;
2917
2918	if ((sb->s_flags & CIFS_MS_MASK) != (mnt_data->flags & CIFS_MS_MASK))
2919	return 0;
2920
2921	if (old->mnt_cifs_serverino_autodisabled)
2922	newflags &= ~CIFS_MOUNT_SERVER_INUM;
2923
2924	if (oldflags != newflags)
2925	return 0;
2926
2927	/*
2928	* We want to share sb only if we don't specify an r/wsize or
2929	* specified r/wsize is greater than or equal to existing one.
2930	*/
2931	if (new->ctx->wsize && new->ctx->wsize < old->ctx->wsize)
2932	return 0;
2933
2934	if (new->ctx->rsize && new->ctx->rsize < old->ctx->rsize)
2935	return 0;
2936
2937	if (!uid_eq(left: old->ctx->linux_uid, right: new->ctx->linux_uid) ||
2938	!gid_eq(left: old->ctx->linux_gid, right: new->ctx->linux_gid))
2939	return 0;
2940
2941	if (old->ctx->file_mode != new->ctx->file_mode ||
2942	old->ctx->dir_mode != new->ctx->dir_mode)
2943	return 0;
2944
2945	if (strcmp(old->local_nls->charset, new->local_nls->charset))
2946	return 0;
2947
2948	if (old->ctx->acregmax != new->ctx->acregmax)
2949	return 0;
2950	if (old->ctx->acdirmax != new->ctx->acdirmax)
2951	return 0;
2952	if (old->ctx->closetimeo != new->ctx->closetimeo)
2953	return 0;
2954	if (old->ctx->reparse_type != new->ctx->reparse_type)
2955	return 0;
2956	if (old->ctx->nonativesocket != new->ctx->nonativesocket)
2957	return 0;
2958	if (old->ctx->symlink_type != new->ctx->symlink_type)
2959	return 0;
2960
2961	return 1;
2962	}
2963
2964	static int match_prepath(struct super_block *sb,
2965	struct cifs_tcon *tcon,
2966	struct cifs_mnt_data *mnt_data)
2967	{
2968	struct smb3_fs_context *ctx = mnt_data->ctx;
2969	struct cifs_sb_info *old = CIFS_SB(sb);
2970	struct cifs_sb_info *new = mnt_data->cifs_sb;
2971	bool old_set = (old->mnt_cifs_flags & CIFS_MOUNT_USE_PREFIX_PATH) &&
2972	old->prepath;
2973	bool new_set = (new->mnt_cifs_flags & CIFS_MOUNT_USE_PREFIX_PATH) &&
2974	new->prepath;
2975
2976	if (tcon->origin_fullpath &&
2977	dfs_src_pathname_equal(s1: tcon->origin_fullpath, s2: ctx->source))
2978	return 1;
2979
2980	if (old_set && new_set && !strcmp(new->prepath, old->prepath))
2981	return 1;
2982	else if (!old_set && !new_set)
2983	return 1;
2984
2985	return 0;
2986	}
2987
2988	int
2989	cifs_match_super(struct super_block *sb, void *data)
2990	{
2991	struct cifs_mnt_data *mnt_data = data;
2992	struct smb3_fs_context *ctx;
2993	struct cifs_sb_info *cifs_sb;
2994	struct TCP_Server_Info *tcp_srv;
2995	struct cifs_ses *ses;
2996	struct cifs_tcon *tcon;
2997	struct tcon_link *tlink;
2998	int rc = 0;
2999
3000	spin_lock(lock: &cifs_tcp_ses_lock);
3001	cifs_sb = CIFS_SB(sb);
3002
3003	/* We do not want to use a superblock that has been shutdown */
3004	if (CIFS_MOUNT_SHUTDOWN & cifs_sb->mnt_cifs_flags) {
3005	spin_unlock(lock: &cifs_tcp_ses_lock);
3006	return 0;
3007	}
3008
3009	tlink = cifs_get_tlink(tlink: cifs_sb_master_tlink(cifs_sb));
3010	if (IS_ERR_OR_NULL(ptr: tlink)) {
3011	pr_warn_once("%s: skip super matching due to bad tlink(%p)\n",
3012	__func__, tlink);
3013	spin_unlock(lock: &cifs_tcp_ses_lock);
3014	return 0;
3015	}
3016	tcon = tlink_tcon(tlink);
3017	ses = tcon->ses;
3018	tcp_srv = ses->server;
3019
3020	ctx = mnt_data->ctx;
3021
3022	spin_lock(lock: &tcp_srv->srv_lock);
3023	spin_lock(lock: &ses->ses_lock);
3024	spin_lock(lock: &ses->chan_lock);
3025	spin_lock(lock: &tcon->tc_lock);
3026	if (!match_server(server: tcp_srv, ctx, match_super: true) ||
3027	!match_session(ses, ctx, match_super: true) ||
3028	!match_tcon(tcon, ctx) ||
3029	!match_prepath(sb, tcon, mnt_data)) {
3030	rc = 0;
3031	goto out;
3032	}
3033
3034	rc = compare_mount_options(sb, mnt_data);
3035	out:
3036	spin_unlock(lock: &tcon->tc_lock);
3037	spin_unlock(lock: &ses->chan_lock);
3038	spin_unlock(lock: &ses->ses_lock);
3039	spin_unlock(lock: &tcp_srv->srv_lock);
3040
3041	spin_unlock(lock: &cifs_tcp_ses_lock);
3042	cifs_put_tlink(tlink);
3043	return rc;
3044	}
3045
3046	#ifdef CONFIG_DEBUG_LOCK_ALLOC
3047	static struct lock_class_key cifs_key[2];
3048	static struct lock_class_key cifs_slock_key[2];
3049
3050	static inline void
3051	cifs_reclassify_socket4(struct socket *sock)
3052	{
3053	struct sock *sk = sock->sk;
3054
3055	BUG_ON(!sock_allow_reclassification(sk));
3056	sock_lock_init_class_and_name(sk, "slock-AF_INET-CIFS",
3057	&cifs_slock_key[0], "sk_lock-AF_INET-CIFS", &cifs_key[0]);
3058	}
3059
3060	static inline void
3061	cifs_reclassify_socket6(struct socket *sock)
3062	{
3063	struct sock *sk = sock->sk;
3064
3065	BUG_ON(!sock_allow_reclassification(sk));
3066	sock_lock_init_class_and_name(sk, "slock-AF_INET6-CIFS",
3067	&cifs_slock_key[1], "sk_lock-AF_INET6-CIFS", &cifs_key[1]);
3068	}
3069	#else
3070	static inline void
3071	cifs_reclassify_socket4(struct socket *sock)
3072	{
3073	}
3074
3075	static inline void
3076	cifs_reclassify_socket6(struct socket *sock)
3077	{
3078	}
3079	#endif
3080
3081	/* See RFC1001 section 14 on representation of Netbios names */
3082	static void rfc1002mangle(char *target, char *source, unsigned int length)
3083	{
3084	unsigned int i, j;
3085
3086	for (i = 0, j = 0; i < (length); i++) {
3087	/* mask a nibble at a time and encode */
3088	target[j] = 'A' + (0x0F & (source[i] >> 4));
3089	target[j+1] = 'A' + (0x0F & source[i]);
3090	j += 2;
3091	}
3092
3093	}
3094
3095	static int
3096	bind_socket(struct TCP_Server_Info *server)
3097	{
3098	int rc = 0;
3099
3100	if (server->srcaddr.ss_family != AF_UNSPEC) {
3101	/* Bind to the specified local IP address */
3102	struct socket *socket = server->ssocket;
3103
3104	rc = kernel_bind(sock: socket,
3105	addr: (struct sockaddr_unsized *) &server->srcaddr,
3106	addrlen: sizeof(server->srcaddr));
3107	if (rc < 0) {
3108	struct sockaddr_in *saddr4;
3109	struct sockaddr_in6 *saddr6;
3110
3111	saddr4 = (struct sockaddr_in *)&server->srcaddr;
3112	saddr6 = (struct sockaddr_in6 *)&server->srcaddr;
3113	if (saddr6->sin6_family == AF_INET6)
3114	cifs_server_dbg(VFS, "Failed to bind to: %pI6c, error: %d\n",
3115	&saddr6->sin6_addr, rc);
3116	else
3117	cifs_server_dbg(VFS, "Failed to bind to: %pI4, error: %d\n",
3118	&saddr4->sin_addr.s_addr, rc);
3119	}
3120	}
3121	return rc;
3122	}
3123
3124	static int
3125	smb_recv_kvec(struct TCP_Server_Info *server, struct msghdr *msg, size_t *recv)
3126	{
3127	int rc = 0;
3128	int retries = 0;
3129	int msg_flags = server->noblocksnd ? MSG_DONTWAIT : 0;
3130
3131	*recv = 0;
3132
3133	while (msg_data_left(msg)) {
3134	rc = sock_recvmsg(sock: server->ssocket, msg, flags: msg_flags);
3135	if (rc == -EAGAIN) {
3136	retries++;
3137	if (retries >= 14 ||
3138	(!server->noblocksnd && (retries > 2))) {
3139	cifs_server_dbg(VFS, "sends on sock %p stuck for 15 seconds\n",
3140	server->ssocket);
3141	return -EAGAIN;
3142	}
3143	msleep(msecs: 1 << retries);
3144	continue;
3145	}
3146
3147	if (rc < 0)
3148	return rc;
3149
3150	if (rc == 0) {
3151	cifs_dbg(FYI, "Received no data (TCP RST)\n");
3152	return -ECONNABORTED;
3153	}
3154
3155	/* recv was at least partially successful */
3156	*recv += rc;
3157	retries = 0; /* in case we get ENOSPC on the next send */
3158	}
3159	return 0;
3160	}
3161
3162	static int
3163	ip_rfc1001_connect(struct TCP_Server_Info *server)
3164	{
3165	int rc = 0;
3166	/*
3167	* some servers require RFC1001 sessinit before sending
3168	* negprot - BB check reconnection in case where second
3169	* sessinit is sent but no second negprot
3170	*/
3171	struct rfc1002_session_packet req = {};
3172	struct rfc1002_session_packet resp = {};
3173	struct msghdr msg = {};
3174	struct kvec iov = {};
3175	unsigned int len;
3176	size_t sent;
3177	size_t recv;
3178
3179	req.trailer.session_req.called_len = sizeof(req.trailer.session_req.called_name);
3180
3181	if (server->server_RFC1001_name[0] != 0)
3182	rfc1002mangle(target: req.trailer.session_req.called_name,
3183	source: server->server_RFC1001_name,
3184	RFC1001_NAME_LEN_WITH_NULL);
3185	else
3186	rfc1002mangle(target: req.trailer.session_req.called_name,
3187	DEFAULT_CIFS_CALLED_NAME,
3188	RFC1001_NAME_LEN_WITH_NULL);
3189
3190	req.trailer.session_req.calling_len = sizeof(req.trailer.session_req.calling_name);
3191
3192	/* calling name ends in null (byte 16) from old smb convention */
3193	if (server->workstation_RFC1001_name[0] != 0)
3194	rfc1002mangle(target: req.trailer.session_req.calling_name,
3195	source: server->workstation_RFC1001_name,
3196	RFC1001_NAME_LEN_WITH_NULL);
3197	else
3198	rfc1002mangle(target: req.trailer.session_req.calling_name,
3199	source: "LINUX_CIFS_CLNT",
3200	RFC1001_NAME_LEN_WITH_NULL);
3201
3202	/*
3203	* As per rfc1002, @len must be the number of bytes that follows the
3204	* length field of a rfc1002 session request payload.
3205	*/
3206	len = sizeof(req.trailer.session_req);
3207	req.type = RFC1002_SESSION_REQUEST;
3208	req.flags = 0;
3209	req.length = cpu_to_be16(len);
3210	len += offsetof(typeof(req), trailer.session_req);
3211	iov.iov_base = &req;
3212	iov.iov_len = len;
3213	iov_iter_kvec(i: &msg.msg_iter, ITER_SOURCE, kvec: &iov, nr_segs: 1, count: len);
3214	rc = smb_send_kvec(server, msg: &msg, sent: &sent);
3215	if (rc < 0 || len != sent)
3216	return (rc == -EINTR || rc == -EAGAIN) ? rc : -ECONNABORTED;
3217
3218	/*
3219	* RFC1001 layer in at least one server requires very short break before
3220	* negprot presumably because not expecting negprot to follow so fast.
3221	* For example DOS SMB servers cannot process negprot if it was received
3222	* before the server sent response for SESSION_REQUEST packet. So, wait
3223	* for the response, read it and parse it as it can contain useful error
3224	* information (e.g. specified server name was incorrect). For example
3225	* even the latest Windows Server 2022 SMB1 server over port 139 send
3226	* error if its server name was in SESSION_REQUEST packet incorrect.
3227	* Nowadays usage of port 139 is not common, so waiting for reply here
3228	* does not slowing down mounting of common case (over port 445).
3229	*/
3230	len = offsetof(typeof(resp), trailer);
3231	iov.iov_base = &resp;
3232	iov.iov_len = len;
3233	iov_iter_kvec(i: &msg.msg_iter, ITER_DEST, kvec: &iov, nr_segs: 1, count: len);
3234	rc = smb_recv_kvec(server, msg: &msg, recv: &recv);
3235	if (rc < 0 || recv != len)
3236	return (rc == -EINTR || rc == -EAGAIN) ? rc : -ECONNABORTED;
3237
3238	switch (resp.type) {
3239	case RFC1002_POSITIVE_SESSION_RESPONSE:
3240	if (be16_to_cpu(resp.length) != 0) {
3241	cifs_dbg(VFS, "RFC 1002 positive session response but with invalid non-zero length %u\n",
3242	be16_to_cpu(resp.length));
3243	return smb_EIO(trace: smb_eio_trace_rx_pos_sess_resp);
3244	}
3245	cifs_dbg(FYI, "RFC 1002 positive session response");
3246	break;
3247	case RFC1002_NEGATIVE_SESSION_RESPONSE:
3248	/* Read RFC1002 response error code and convert it to errno in rc */
3249	len = sizeof(resp.trailer.neg_ses_resp_error_code);
3250	iov.iov_base = &resp.trailer.neg_ses_resp_error_code;
3251	iov.iov_len = len;
3252	iov_iter_kvec(i: &msg.msg_iter, ITER_DEST, kvec: &iov, nr_segs: 1, count: len);
3253	if (be16_to_cpu(resp.length) == len &&
3254	smb_recv_kvec(server, msg: &msg, recv: &recv) == 0 &&
3255	recv == len) {
3256	cifs_dbg(VFS, "RFC 1002 negative session response with error 0x%x\n",
3257	resp.trailer.neg_ses_resp_error_code);
3258	switch (resp.trailer.neg_ses_resp_error_code) {
3259	case RFC1002_NOT_LISTENING_CALLED:
3260	/* server does not listen for specified server name */
3261	fallthrough;
3262	case RFC1002_NOT_PRESENT:
3263	/* server name is incorrect */
3264	rc = -ENOENT;
3265	cifs_dbg(VFS, "Server rejected NetBIOS servername %.15s\n",
3266	server->server_RFC1001_name[0] ?
3267	server->server_RFC1001_name :
3268	DEFAULT_CIFS_CALLED_NAME);
3269	cifs_dbg(VFS, "Specify correct NetBIOS servername in source path or with -o servern= option\n");
3270	break;
3271	case RFC1002_NOT_LISTENING_CALLING:
3272	/* client name was not accepted by server */
3273	rc = -EACCES;
3274	cifs_dbg(VFS, "Server rejected NetBIOS clientname %.15s\n",
3275	server->workstation_RFC1001_name[0] ?
3276	server->workstation_RFC1001_name :
3277	"LINUX_CIFS_CLNT");
3278	cifs_dbg(VFS, "Specify correct NetBIOS clientname with -o netbiosname= option\n");
3279	break;
3280	case RFC1002_INSUFFICIENT_RESOURCE:
3281	/* remote server resource error */
3282	smb_EIO(trace: smb_eio_trace_rx_insuff_res);
3283	rc = -EREMOTEIO;
3284	break;
3285	case RFC1002_UNSPECIFIED_ERROR:
3286	default:
3287	/* other/unknown error */
3288	rc = smb_EIO(trace: smb_eio_trace_rx_unspec_error);
3289	break;
3290	}
3291	} else {
3292	cifs_dbg(VFS, "RFC 1002 negative session response\n");
3293	rc = smb_EIO(trace: smb_eio_trace_rx_neg_sess_resp);
3294	}
3295	return rc;
3296	case RFC1002_RETARGET_SESSION_RESPONSE:
3297	cifs_dbg(VFS, "RFC 1002 retarget session response\n");
3298	if (be16_to_cpu(resp.length) == sizeof(resp.trailer.retarget_resp)) {
3299	len = sizeof(resp.trailer.retarget_resp);
3300	iov.iov_base = &resp.trailer.retarget_resp;
3301	iov.iov_len = len;
3302	iov_iter_kvec(i: &msg.msg_iter, ITER_DEST, kvec: &iov, nr_segs: 1, count: len);
3303	if (smb_recv_kvec(server, msg: &msg, recv: &recv) == 0 && recv == len) {
3304	cifs_dbg(VFS, "Server wants to redirect connection\n");
3305	cifs_dbg(VFS, "Remount with options -o ip=%pI4,port=%u\n",
3306	&resp.trailer.retarget_resp.retarget_ip_addr,
3307	be16_to_cpu(resp.trailer.retarget_resp.port));
3308	}
3309	}
3310	cifs_dbg(VFS, "Closing connection\n");
3311	/* FIXME: Should we automatically redirect to new retarget_resp server? */
3312	return -EMULTIHOP;
3313	default:
3314	cifs_dbg(VFS, "RFC 1002 unknown response type 0x%x\n", resp.type);
3315	return smb_EIO1(trace: smb_eio_trace_rx_unknown_resp, info: resp.type);
3316	}
3317
3318	server->with_rfc1001 = true;
3319	return 0;
3320	}
3321
3322	static int
3323	generic_ip_connect(struct TCP_Server_Info *server)
3324	{
3325	struct sockaddr *saddr;
3326	struct socket *socket;
3327	int slen, sfamily;
3328	__be16 sport;
3329	int rc = 0;
3330
3331	saddr = (struct sockaddr *) &server->dstaddr;
3332
3333	if (server->dstaddr.ss_family == AF_INET6) {
3334	struct sockaddr_in6 *ipv6 = (struct sockaddr_in6 *)&server->dstaddr;
3335
3336	sport = ipv6->sin6_port;
3337	slen = sizeof(struct sockaddr_in6);
3338	sfamily = AF_INET6;
3339	cifs_dbg(FYI, "%s: connecting to [%pI6]:%d\n", __func__, &ipv6->sin6_addr,
3340	ntohs(sport));
3341	} else {
3342	struct sockaddr_in *ipv4 = (struct sockaddr_in *)&server->dstaddr;
3343
3344	sport = ipv4->sin_port;
3345	slen = sizeof(struct sockaddr_in);
3346	sfamily = AF_INET;
3347	cifs_dbg(FYI, "%s: connecting to %pI4:%d\n", __func__, &ipv4->sin_addr,
3348	ntohs(sport));
3349	}
3350
3351	if (server->ssocket) {
3352	socket = server->ssocket;
3353	} else {
3354	struct net *net = cifs_net_ns(srv: server);
3355	struct sock *sk;
3356
3357	rc = sock_create_kern(net, family: sfamily, type: SOCK_STREAM,
3358	IPPROTO_TCP, res: &server->ssocket);
3359	if (rc < 0) {
3360	cifs_server_dbg(VFS, "Error %d creating socket\n", rc);
3361	return rc;
3362	}
3363
3364	sk = server->ssocket->sk;
3365	sk_net_refcnt_upgrade(sk);
3366
3367	/* BB other socket options to set KEEPALIVE, NODELAY? */
3368	cifs_dbg(FYI, "Socket created\n");
3369	socket = server->ssocket;
3370	socket->sk->sk_allocation = GFP_NOFS;
3371	socket->sk->sk_use_task_frag = false;
3372	if (sfamily == AF_INET6)
3373	cifs_reclassify_socket6(sock: socket);
3374	else
3375	cifs_reclassify_socket4(sock: socket);
3376	}
3377
3378	rc = bind_socket(server);
3379	if (rc < 0)
3380	return rc;
3381
3382	/*
3383	* Eventually check for other socket options to change from
3384	* the default. sock_setsockopt not used because it expects
3385	* user space buffer
3386	*/
3387	socket->sk->sk_rcvtimeo = 7 * HZ;
3388	socket->sk->sk_sndtimeo = 5 * HZ;
3389
3390	/* make the bufsizes depend on wsize/rsize and max requests */
3391	if (server->noautotune) {
3392	if (socket->sk->sk_sndbuf < (200 * 1024))
3393	socket->sk->sk_sndbuf = 200 * 1024;
3394	if (socket->sk->sk_rcvbuf < (140 * 1024))
3395	socket->sk->sk_rcvbuf = 140 * 1024;
3396	}
3397
3398	if (server->tcp_nodelay)
3399	tcp_sock_set_nodelay(sk: socket->sk);
3400
3401	cifs_dbg(FYI, "sndbuf %d rcvbuf %d rcvtimeo 0x%lx\n",
3402	socket->sk->sk_sndbuf,
3403	socket->sk->sk_rcvbuf, socket->sk->sk_rcvtimeo);
3404
3405	rc = kernel_connect(sock: socket, addr: (struct sockaddr_unsized *)saddr, addrlen: slen,
3406	flags: server->noblockcnt ? O_NONBLOCK : 0);
3407	/*
3408	* When mounting SMB root file systems, we do not want to block in
3409	* connect. Otherwise bail out and then let cifs_reconnect() perform
3410	* reconnect failover - if possible.
3411	*/
3412	if (server->noblockcnt && rc == -EINPROGRESS)
3413	rc = 0;
3414	if (rc < 0) {
3415	cifs_dbg(FYI, "Error %d connecting to server\n", rc);
3416	trace_smb3_connect_err(hostname: server->hostname, conn_id: server->conn_id, addr: &server->dstaddr, rc);
3417	sock_release(sock: socket);
3418	server->ssocket = NULL;
3419	return rc;
3420	}
3421	trace_smb3_connect_done(hostname: server->hostname, conn_id: server->conn_id, addr: &server->dstaddr);
3422
3423	/*
3424	* Establish RFC1001 NetBIOS session when it was explicitly requested
3425	* by mount option -o nbsessinit, or when connecting to default RFC1001
3426	* server port (139) and it was not explicitly disabled by mount option
3427	* -o nonbsessinit.
3428	*/
3429	if (server->with_rfc1001 ||
3430	server->rfc1001_sessinit == 1 ||
3431	(server->rfc1001_sessinit == -1 && sport == htons(RFC1001_PORT)))
3432	rc = ip_rfc1001_connect(server);
3433
3434	return rc;
3435	}
3436
3437	static int
3438	ip_connect(struct TCP_Server_Info *server)
3439	{
3440	__be16 *sport;
3441	struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)&server->dstaddr;
3442	struct sockaddr_in *addr = (struct sockaddr_in *)&server->dstaddr;
3443
3444	if (server->dstaddr.ss_family == AF_INET6)
3445	sport = &addr6->sin6_port;
3446	else
3447	sport = &addr->sin_port;
3448
3449	if (*sport == 0) {
3450	int rc;
3451
3452	/* try with 445 port at first */
3453	*sport = htons(CIFS_PORT);
3454
3455	rc = generic_ip_connect(server);
3456	if (rc >= 0)
3457	return rc;
3458
3459	/* if it failed, try with 139 port */
3460	*sport = htons(RFC1001_PORT);
3461	}
3462
3463	return generic_ip_connect(server);
3464	}
3465
3466	#ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY
3467	void reset_cifs_unix_caps(unsigned int xid, struct cifs_tcon *tcon,
3468	struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx)
3469	{
3470	/*
3471	* If we are reconnecting then should we check to see if
3472	* any requested capabilities changed locally e.g. via
3473	* remount but we can not do much about it here
3474	* if they have (even if we could detect it by the following)
3475	* Perhaps we could add a backpointer to array of sb from tcon
3476	* or if we change to make all sb to same share the same
3477	* sb as NFS - then we only have one backpointer to sb.
3478	* What if we wanted to mount the server share twice once with
3479	* and once without posixacls or posix paths?
3480	*/
3481	__u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
3482
3483	if (ctx && ctx->no_linux_ext) {
3484	tcon->fsUnixInfo.Capability = 0;
3485	tcon->unix_ext = 0; /* Unix Extensions disabled */
3486	cifs_dbg(FYI, "Linux protocol extensions disabled\n");
3487	return;
3488	} else if (ctx)
3489	tcon->unix_ext = 1; /* Unix Extensions supported */
3490
3491	if (!tcon->unix_ext) {
3492	cifs_dbg(FYI, "Unix extensions disabled so not set on reconnect\n");
3493	return;
3494	}
3495
3496	if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
3497	__u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
3498
3499	cifs_dbg(FYI, "unix caps which server supports %lld\n", cap);
3500	/*
3501	* check for reconnect case in which we do not
3502	* want to change the mount behavior if we can avoid it
3503	*/
3504	if (ctx == NULL) {
3505	/*
3506	* turn off POSIX ACL and PATHNAMES if not set
3507	* originally at mount time
3508	*/
3509	if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
3510	cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
3511	if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
3512	if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
3513	cifs_dbg(VFS, "POSIXPATH support change\n");
3514	cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
3515	} else if ((cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
3516	cifs_dbg(VFS, "possible reconnect error\n");
3517	cifs_dbg(VFS, "server disabled POSIX path support\n");
3518	}
3519	}
3520
3521	if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)
3522	cifs_dbg(VFS, "per-share encryption not supported yet\n");
3523
3524	cap &= CIFS_UNIX_CAP_MASK;
3525	if (ctx && ctx->no_psx_acl)
3526	cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
3527	else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
3528	cifs_dbg(FYI, "negotiated posix acl support\n");
3529	if (cifs_sb)
3530	cifs_sb->mnt_cifs_flags |=
3531	CIFS_MOUNT_POSIXACL;
3532	}
3533
3534	if (ctx && ctx->posix_paths == 0)
3535	cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
3536	else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
3537	cifs_dbg(FYI, "negotiate posix pathnames\n");
3538	if (cifs_sb)
3539	cifs_sb->mnt_cifs_flags |=
3540	CIFS_MOUNT_POSIX_PATHS;
3541	}
3542
3543	cifs_dbg(FYI, "Negotiate caps 0x%x\n", (int)cap);
3544	#ifdef CONFIG_CIFS_DEBUG2
3545	if (cap & CIFS_UNIX_FCNTL_CAP)
3546	cifs_dbg(FYI, "FCNTL cap\n");
3547	if (cap & CIFS_UNIX_EXTATTR_CAP)
3548	cifs_dbg(FYI, "EXTATTR cap\n");
3549	if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
3550	cifs_dbg(FYI, "POSIX path cap\n");
3551	if (cap & CIFS_UNIX_XATTR_CAP)
3552	cifs_dbg(FYI, "XATTR cap\n");
3553	if (cap & CIFS_UNIX_POSIX_ACL_CAP)
3554	cifs_dbg(FYI, "POSIX ACL cap\n");
3555	if (cap & CIFS_UNIX_LARGE_READ_CAP)
3556	cifs_dbg(FYI, "very large read cap\n");
3557	if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
3558	cifs_dbg(FYI, "very large write cap\n");
3559	if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)
3560	cifs_dbg(FYI, "transport encryption cap\n");
3561	if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)
3562	cifs_dbg(FYI, "mandatory transport encryption cap\n");
3563	#endif /* CIFS_DEBUG2 */
3564	if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
3565	if (ctx == NULL)
3566	cifs_dbg(FYI, "resetting capabilities failed\n");
3567	else
3568	cifs_dbg(VFS, "Negotiating Unix capabilities with the server failed. Consider mounting with the Unix Extensions disabled if problems are found by specifying the nounix mount option.\n");
3569
3570	}
3571	}
3572	}
3573	#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
3574
3575	int cifs_setup_cifs_sb(struct cifs_sb_info *cifs_sb)
3576	{
3577	struct smb3_fs_context *ctx = cifs_sb->ctx;
3578
3579	INIT_DELAYED_WORK(&cifs_sb->prune_tlinks, cifs_prune_tlinks);
3580	INIT_LIST_HEAD(list: &cifs_sb->tcon_sb_link);
3581
3582	spin_lock_init(&cifs_sb->tlink_tree_lock);
3583	cifs_sb->tlink_tree = RB_ROOT;
3584
3585	cifs_dbg(FYI, "file mode: %04ho dir mode: %04ho\n",
3586	ctx->file_mode, ctx->dir_mode);
3587
3588	/* this is needed for ASCII cp to Unicode converts */
3589	if (ctx->iocharset == NULL) {
3590	/* load_nls_default cannot return null */
3591	cifs_sb->local_nls = load_nls_default();
3592	} else {
3593	cifs_sb->local_nls = load_nls(charset: ctx->iocharset);
3594	if (cifs_sb->local_nls == NULL) {
3595	cifs_dbg(VFS, "CIFS mount error: iocharset %s not found\n",
3596	ctx->iocharset);
3597	return -ELIBACC;
3598	}
3599	}
3600	ctx->local_nls = cifs_sb->local_nls;
3601
3602	smb3_update_mnt_flags(cifs_sb);
3603
3604	if (ctx->direct_io)
3605	cifs_dbg(FYI, "mounting share using direct i/o\n");
3606	if (ctx->cache_ro) {
3607	cifs_dbg(VFS, "mounting share with read only caching. Ensure that the share will not be modified while in use.\n");
3608	cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_RO_CACHE;
3609	} else if (ctx->cache_rw) {
3610	cifs_dbg(VFS, "mounting share in single client RW caching mode. Ensure that no other systems will be accessing the share.\n");
3611	cifs_sb->mnt_cifs_flags |= (CIFS_MOUNT_RO_CACHE |
3612	CIFS_MOUNT_RW_CACHE);
3613	}
3614
3615	if ((ctx->cifs_acl) && (ctx->dynperm))
3616	cifs_dbg(VFS, "mount option dynperm ignored if cifsacl mount option supported\n");
3617
3618	if (ctx->prepath) {
3619	cifs_sb->prepath = kstrdup(s: ctx->prepath, GFP_KERNEL);
3620	if (cifs_sb->prepath == NULL)
3621	return -ENOMEM;
3622	cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_USE_PREFIX_PATH;
3623	}
3624
3625	return 0;
3626	}
3627
3628	/* Release all succeed connections */
3629	void cifs_mount_put_conns(struct cifs_mount_ctx *mnt_ctx)
3630	{
3631	int rc = 0;
3632
3633	if (mnt_ctx->tcon)
3634	cifs_put_tcon(tcon: mnt_ctx->tcon, trace: netfs_trace_tcon_ref_put_mnt_ctx);
3635	else if (mnt_ctx->ses)
3636	cifs_put_smb_ses(ses: mnt_ctx->ses);
3637	else if (mnt_ctx->server)
3638	cifs_put_tcp_session(server: mnt_ctx->server, from_reconnect: 0);
3639	mnt_ctx->ses = NULL;
3640	mnt_ctx->tcon = NULL;
3641	mnt_ctx->server = NULL;
3642	mnt_ctx->cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_POSIX_PATHS;
3643	free_xid(mnt_ctx->xid);
3644	}
3645
3646	int cifs_mount_get_session(struct cifs_mount_ctx *mnt_ctx)
3647	{
3648	struct TCP_Server_Info *server = NULL;
3649	struct smb3_fs_context *ctx;
3650	struct cifs_ses *ses = NULL;
3651	unsigned int xid;
3652	int rc = 0;
3653
3654	xid = get_xid();
3655
3656	if (WARN_ON_ONCE(!mnt_ctx || !mnt_ctx->fs_ctx)) {
3657	rc = -EINVAL;
3658	goto out;
3659	}
3660	ctx = mnt_ctx->fs_ctx;
3661
3662	/* get a reference to a tcp session */
3663	server = cifs_get_tcp_session(ctx, NULL);
3664	if (IS_ERR(ptr: server)) {
3665	rc = PTR_ERR(ptr: server);
3666	server = NULL;
3667	goto out;
3668	}
3669
3670	/* get a reference to a SMB session */
3671	ses = cifs_get_smb_ses(server, ctx);
3672	if (IS_ERR(ptr: ses)) {
3673	rc = PTR_ERR(ptr: ses);
3674	ses = NULL;
3675	goto out;
3676	}
3677
3678	if ((ctx->persistent == true) && (!(ses->server->capabilities &
3679	SMB2_GLOBAL_CAP_PERSISTENT_HANDLES))) {
3680	cifs_server_dbg(VFS, "persistent handles not supported by server\n");
3681	rc = -EOPNOTSUPP;
3682	}
3683
3684	out:
3685	mnt_ctx->xid = xid;
3686	mnt_ctx->server = server;
3687	mnt_ctx->ses = ses;
3688	mnt_ctx->tcon = NULL;
3689
3690	return rc;
3691	}
3692
3693	int cifs_mount_get_tcon(struct cifs_mount_ctx *mnt_ctx)
3694	{
3695	struct TCP_Server_Info *server;
3696	struct cifs_sb_info *cifs_sb;
3697	struct smb3_fs_context *ctx;
3698	struct cifs_tcon *tcon = NULL;
3699	int rc = 0;
3700
3701	if (WARN_ON_ONCE(!mnt_ctx || !mnt_ctx->server || !mnt_ctx->ses || !mnt_ctx->fs_ctx ||
3702	!mnt_ctx->cifs_sb)) {
3703	rc = -EINVAL;
3704	goto out;
3705	}
3706	server = mnt_ctx->server;
3707	ctx = mnt_ctx->fs_ctx;
3708	cifs_sb = mnt_ctx->cifs_sb;
3709
3710	/* search for existing tcon to this server share */
3711	tcon = cifs_get_tcon(ses: mnt_ctx->ses, ctx);
3712	if (IS_ERR(ptr: tcon)) {
3713	rc = PTR_ERR(ptr: tcon);
3714	tcon = NULL;
3715	goto out;
3716	}
3717
3718	/*
3719	* if new SMB3.11 POSIX extensions are supported, do not change anything in the
3720	* path (i.e., do not remap / and \ and do not map any special characters)
3721	*/
3722	if (tcon->posix_extensions) {
3723	cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_POSIX_PATHS;
3724	cifs_sb->mnt_cifs_flags &= ~(CIFS_MOUNT_MAP_SFM_CHR |
3725	CIFS_MOUNT_MAP_SPECIAL_CHR);
3726	}
3727
3728	#ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY
3729	/* tell server which Unix caps we support */
3730	if (cap_unix(ses: tcon->ses)) {
3731	/*
3732	* reset of caps checks mount to see if unix extensions disabled
3733	* for just this mount.
3734	*/
3735	reset_cifs_unix_caps(xid: mnt_ctx->xid, tcon, cifs_sb, ctx);
3736	spin_lock(lock: &tcon->ses->server->srv_lock);
3737	if ((tcon->ses->server->tcpStatus == CifsNeedReconnect) &&
3738	(le64_to_cpu(tcon->fsUnixInfo.Capability) &
3739	CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)) {
3740	spin_unlock(lock: &tcon->ses->server->srv_lock);
3741	rc = -EACCES;
3742	goto out;
3743	}
3744	spin_unlock(lock: &tcon->ses->server->srv_lock);
3745	} else
3746	#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
3747	tcon->unix_ext = 0; /* server does not support them */
3748
3749	/* do not care if a following call succeed - informational */
3750	if (!tcon->pipe && server->ops->qfs_tcon) {
3751	server->ops->qfs_tcon(mnt_ctx->xid, tcon, cifs_sb);
3752	if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_RO_CACHE) {
3753	if (tcon->fsDevInfo.DeviceCharacteristics &
3754	cpu_to_le32(FILE_READ_ONLY_DEVICE))
3755	cifs_dbg(VFS, "mounted to read only share\n");
3756	else if ((cifs_sb->mnt_cifs_flags &
3757	CIFS_MOUNT_RW_CACHE) == 0)
3758	cifs_dbg(VFS, "read only mount of RW share\n");
3759	/* no need to log a RW mount of a typical RW share */
3760	}
3761	}
3762
3763	cifs_negotiate_iosize(server, ctx: cifs_sb->ctx, tcon);
3764	/*
3765	* The cookie is initialized from volume info returned above.
3766	* Inside cifs_fscache_get_super_cookie it checks
3767	* that we do not get super cookie twice.
3768	*/
3769	if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_FSCACHE)
3770	cifs_fscache_get_super_cookie(tcon);
3771
3772	out:
3773	mnt_ctx->tcon = tcon;
3774	return rc;
3775	}
3776
3777	static int mount_setup_tlink(struct cifs_sb_info *cifs_sb, struct cifs_ses *ses,
3778	struct cifs_tcon *tcon)
3779	{
3780	struct tcon_link *tlink;
3781
3782	/* hang the tcon off of the superblock */
3783	tlink = kzalloc(sizeof(*tlink), GFP_KERNEL);
3784	if (tlink == NULL)
3785	return -ENOMEM;
3786
3787	tlink->tl_uid = ses->linux_uid;
3788	tlink->tl_tcon = tcon;
3789	tlink->tl_time = jiffies;
3790	set_bit(TCON_LINK_MASTER, addr: &tlink->tl_flags);
3791	set_bit(TCON_LINK_IN_TREE, addr: &tlink->tl_flags);
3792
3793	cifs_sb->master_tlink = tlink;
3794	spin_lock(lock: &cifs_sb->tlink_tree_lock);
3795	tlink_rb_insert(root: &cifs_sb->tlink_tree, new_tlink: tlink);
3796	spin_unlock(lock: &cifs_sb->tlink_tree_lock);
3797
3798	spin_lock(lock: &tcon->sb_list_lock);
3799	list_add(new: &cifs_sb->tcon_sb_link, head: &tcon->cifs_sb_list);
3800	spin_unlock(lock: &tcon->sb_list_lock);
3801
3802	queue_delayed_work(wq: cifsiod_wq, dwork: &cifs_sb->prune_tlinks,
3803	TLINK_IDLE_EXPIRE);
3804	return 0;
3805	}
3806
3807	static int
3808	cifs_are_all_path_components_accessible(struct TCP_Server_Info *server,
3809	unsigned int xid,
3810	struct cifs_tcon *tcon,
3811	struct cifs_sb_info *cifs_sb,
3812	char *full_path,
3813	int added_treename)
3814	{
3815	int rc;
3816	char *s;
3817	char sep, tmp;
3818	int skip = added_treename ? 1 : 0;
3819
3820	sep = CIFS_DIR_SEP(cifs_sb);
3821	s = full_path;
3822
3823	rc = server->ops->is_path_accessible(xid, tcon, cifs_sb, "");
3824	while (rc == 0) {
3825	/* skip separators */
3826	while (*s == sep)
3827	s++;
3828	if (!*s)
3829	break;
3830	/* next separator */
3831	while (*s && *s != sep)
3832	s++;
3833	/*
3834	* if the treename is added, we then have to skip the first
3835	* part within the separators
3836	*/
3837	if (skip) {
3838	skip = 0;
3839	continue;
3840	}
3841	/*
3842	* temporarily null-terminate the path at the end of
3843	* the current component
3844	*/
3845	tmp = *s;
3846	*s = 0;
3847	rc = server->ops->is_path_accessible(xid, tcon, cifs_sb,
3848	full_path);
3849	*s = tmp;
3850	}
3851	return rc;
3852	}
3853
3854	/*
3855	* Check if path is remote (i.e. a DFS share).
3856	*
3857	* Return -EREMOTE if it is, otherwise 0 or -errno.
3858	*/
3859	int cifs_is_path_remote(struct cifs_mount_ctx *mnt_ctx)
3860	{
3861	int rc;
3862	struct cifs_sb_info *cifs_sb = mnt_ctx->cifs_sb;
3863	struct TCP_Server_Info *server = mnt_ctx->server;
3864	unsigned int xid = mnt_ctx->xid;
3865	struct cifs_tcon *tcon = mnt_ctx->tcon;
3866	struct smb3_fs_context *ctx = mnt_ctx->fs_ctx;
3867	char *full_path;
3868
3869	if (!server->ops->is_path_accessible)
3870	return -EOPNOTSUPP;
3871
3872	/*
3873	* cifs_build_path_to_root works only when we have a valid tcon
3874	*/
3875	full_path = cifs_build_path_to_root(ctx, cifs_sb, tcon,
3876	add_treename: tcon->Flags & SMB_SHARE_IS_IN_DFS);
3877	if (full_path == NULL)
3878	return -ENOMEM;
3879
3880	cifs_dbg(FYI, "%s: full_path: %s\n", __func__, full_path);
3881
3882	rc = server->ops->is_path_accessible(xid, tcon, cifs_sb,
3883	full_path);
3884	if (rc != 0 && rc != -EREMOTE)
3885	goto out;
3886
3887	if (rc != -EREMOTE) {
3888	rc = cifs_are_all_path_components_accessible(server, xid, tcon,
3889	cifs_sb, full_path, added_treename: tcon->Flags & SMB_SHARE_IS_IN_DFS);
3890	if (rc != 0) {
3891	cifs_server_dbg(VFS, "cannot query dirs between root and final path, enabling CIFS_MOUNT_USE_PREFIX_PATH\n");
3892	cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_USE_PREFIX_PATH;
3893	rc = 0;
3894	}
3895	}
3896
3897	out:
3898	kfree(objp: full_path);
3899	return rc;
3900	}
3901
3902	#ifdef CONFIG_CIFS_DFS_UPCALL
3903	int cifs_mount(struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx)
3904	{
3905	struct cifs_mount_ctx mnt_ctx = { .cifs_sb = cifs_sb, .fs_ctx = ctx, };
3906	int rc;
3907
3908	rc = dfs_mount_share(mnt_ctx: &mnt_ctx);
3909	if (rc)
3910	goto error;
3911	if (!ctx->dfs_conn)
3912	goto out;
3913
3914	/*
3915	* After reconnecting to a different server, unique ids won't match anymore, so we disable
3916	* serverino. This prevents dentry revalidation to think the dentry are stale (ESTALE).
3917	*/
3918	cifs_autodisable_serverino(cifs_sb);
3919	/*
3920	* Force the use of prefix path to support failover on DFS paths that resolve to targets
3921	* that have different prefix paths.
3922	*/
3923	cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_USE_PREFIX_PATH;
3924	kfree(objp: cifs_sb->prepath);
3925	cifs_sb->prepath = ctx->prepath;
3926	ctx->prepath = NULL;
3927
3928	out:
3929	smb3_update_ses_channels(ses: mnt_ctx.ses, server: mnt_ctx.server,
3930	from_reconnect: false /* from_reconnect */,
3931	disable_mchan: false /* disable_mchan */);
3932	rc = mount_setup_tlink(cifs_sb, ses: mnt_ctx.ses, tcon: mnt_ctx.tcon);
3933	if (rc)
3934	goto error;
3935
3936	free_xid(mnt_ctx.xid);
3937	return rc;
3938
3939	error:
3940	cifs_mount_put_conns(mnt_ctx: &mnt_ctx);
3941	return rc;
3942	}
3943	#else
3944	int cifs_mount(struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx)
3945	{
3946	int rc = 0;
3947	struct cifs_mount_ctx mnt_ctx = { .cifs_sb = cifs_sb, .fs_ctx = ctx, };
3948
3949	rc = cifs_mount_get_session(&mnt_ctx);
3950	if (rc)
3951	goto error;
3952
3953	rc = cifs_mount_get_tcon(&mnt_ctx);
3954	if (!rc) {
3955	/*
3956	* Prevent superblock from being created with any missing
3957	* connections.
3958	*/
3959	if (WARN_ON(!mnt_ctx.server))
3960	rc = -EHOSTDOWN;
3961	else if (WARN_ON(!mnt_ctx.ses))
3962	rc = -EACCES;
3963	else if (WARN_ON(!mnt_ctx.tcon))
3964	rc = -ENOENT;
3965	}
3966	if (rc)
3967	goto error;
3968
3969	rc = cifs_is_path_remote(&mnt_ctx);
3970	if (rc == -EREMOTE)
3971	rc = -EOPNOTSUPP;
3972	if (rc)
3973	goto error;
3974
3975	rc = mount_setup_tlink(cifs_sb, mnt_ctx.ses, mnt_ctx.tcon);
3976	if (rc)
3977	goto error;
3978
3979	free_xid(mnt_ctx.xid);
3980	return rc;
3981
3982	error:
3983	cifs_mount_put_conns(&mnt_ctx);
3984	return rc;
3985	}
3986	#endif
3987
3988	#ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY
3989	/*
3990	* Issue a TREE_CONNECT request.
3991	*/
3992	int
3993	CIFSTCon(const unsigned int xid, struct cifs_ses *ses,
3994	const char *tree, struct cifs_tcon *tcon,
3995	const struct nls_table *nls_codepage)
3996	{
3997	struct smb_hdr *smb_buffer;
3998	struct smb_hdr *smb_buffer_response;
3999	TCONX_REQ *pSMB;
4000	TCONX_RSP *pSMBr;
4001	unsigned char *bcc_ptr;
4002	int rc = 0;
4003	int length, in_len;
4004	__u16 bytes_left, count;
4005
4006	if (ses == NULL)
4007	return smb_EIO(trace: smb_eio_trace_null_pointers);
4008
4009	smb_buffer = cifs_buf_get();
4010	if (smb_buffer == NULL)
4011	return -ENOMEM;
4012
4013	smb_buffer_response = smb_buffer;
4014
4015	in_len = header_assemble(buffer: smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
4016	NULL /*no tid */, word_count: 4 /*wct */);
4017
4018	smb_buffer->Mid = get_next_mid(server: ses->server);
4019	smb_buffer->Uid = ses->Suid;
4020	pSMB = (TCONX_REQ *) smb_buffer;
4021	pSMBr = (TCONX_RSP *) smb_buffer_response;
4022
4023	pSMB->AndXCommand = 0xFF;
4024	pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
4025	bcc_ptr = &pSMB->Password[0];
4026
4027	pSMB->PasswordLength = cpu_to_le16(1); /* minimum */
4028	*bcc_ptr = 0; /* password is null byte */
4029	bcc_ptr++; /* skip password */
4030	/* already aligned so no need to do it below */
4031
4032	if (ses->server->sign)
4033	smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
4034
4035	if (ses->capabilities & CAP_STATUS32)
4036	smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
4037
4038	if (ses->capabilities & CAP_DFS)
4039	smb_buffer->Flags2 |= SMBFLG2_DFS;
4040
4041	if (ses->capabilities & CAP_UNICODE) {
4042	smb_buffer->Flags2 |= SMBFLG2_UNICODE;
4043	length =
4044	cifs_strtoUTF16((__le16 *) bcc_ptr, tree,
4045	6 /* max utf8 char length in bytes */ *
4046	(/* server len*/ + 256 /* share len */), nls_codepage);
4047	bcc_ptr += 2 * length; /* convert num 16 bit words to bytes */
4048	bcc_ptr += 2; /* skip trailing null */
4049	} else { /* ASCII */
4050	strcpy(p: bcc_ptr, q: tree);
4051	bcc_ptr += strlen(tree) + 1;
4052	}
4053	strcpy(p: bcc_ptr, q: "?????");
4054	bcc_ptr += strlen("?????");
4055	bcc_ptr += 1;
4056	count = bcc_ptr - &pSMB->Password[0];
4057	in_len += count;
4058	pSMB->ByteCount = cpu_to_le16(count);
4059
4060	rc = SendReceive(xid, ses, in_buf: smb_buffer, in_len, out_buf: smb_buffer_response,
4061	pbytes_returned: &length, flags: 0);
4062
4063	/* above now done in SendReceive */
4064	if (rc == 0) {
4065	bool is_unicode;
4066
4067	tcon->tid = smb_buffer_response->Tid;
4068	bcc_ptr = pByteArea(smb_buffer_response);
4069	bytes_left = get_bcc(hdr: smb_buffer_response);
4070	length = strnlen(p: bcc_ptr, maxlen: bytes_left - 2);
4071	if (smb_buffer->Flags2 & SMBFLG2_UNICODE)
4072	is_unicode = true;
4073	else
4074	is_unicode = false;
4075
4076
4077	/* skip service field (NB: this field is always ASCII) */
4078	if (length == 3) {
4079	if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') &&
4080	(bcc_ptr[2] == 'C')) {
4081	cifs_dbg(FYI, "IPC connection\n");
4082	tcon->ipc = true;
4083	tcon->pipe = true;
4084	}
4085	} else if (length == 2) {
4086	if ((bcc_ptr[0] == 'A') && (bcc_ptr[1] == ':')) {
4087	/* the most common case */
4088	cifs_dbg(FYI, "disk share connection\n");
4089	}
4090	}
4091	bcc_ptr += length + 1;
4092	bytes_left -= (length + 1);
4093	strscpy(tcon->tree_name, tree, sizeof(tcon->tree_name));
4094
4095	/* mostly informational -- no need to fail on error here */
4096	kfree(objp: tcon->nativeFileSystem);
4097	tcon->nativeFileSystem = cifs_strndup_from_utf16(src: bcc_ptr,
4098	maxlen: bytes_left, is_unicode,
4099	codepage: nls_codepage);
4100
4101	cifs_dbg(FYI, "nativeFileSystem=%s\n", tcon->nativeFileSystem);
4102
4103	if ((smb_buffer_response->WordCount == 3) ||
4104	(smb_buffer_response->WordCount == 7))
4105	/* field is in same location */
4106	tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
4107	else
4108	tcon->Flags = 0;
4109	cifs_dbg(FYI, "Tcon flags: 0x%x\n", tcon->Flags);
4110
4111	/*
4112	* reset_cifs_unix_caps calls QFSInfo which requires
4113	* need_reconnect to be false, but we would not need to call
4114	* reset_caps if this were not a reconnect case so must check
4115	* need_reconnect flag here. The caller will also clear
4116	* need_reconnect when tcon was successful but needed to be
4117	* cleared earlier in the case of unix extensions reconnect
4118	*/
4119	if (tcon->need_reconnect && tcon->unix_ext) {
4120	cifs_dbg(FYI, "resetting caps for %s\n", tcon->tree_name);
4121	tcon->need_reconnect = false;
4122	reset_cifs_unix_caps(xid, tcon, NULL, NULL);
4123	}
4124	}
4125	cifs_buf_release(smb_buffer);
4126	return rc;
4127	}
4128	#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
4129
4130	static void delayed_free(struct rcu_head *p)
4131	{
4132	struct cifs_sb_info *cifs_sb = container_of(p, struct cifs_sb_info, rcu);
4133
4134	unload_nls(cifs_sb->local_nls);
4135	smb3_cleanup_fs_context(ctx: cifs_sb->ctx);
4136	kfree(objp: cifs_sb);
4137	}
4138
4139	void
4140	cifs_umount(struct cifs_sb_info *cifs_sb)
4141	{
4142	struct rb_root *root = &cifs_sb->tlink_tree;
4143	struct rb_node *node;
4144	struct tcon_link *tlink;
4145	struct cifs_tcon *tcon = NULL;
4146
4147	cancel_delayed_work_sync(dwork: &cifs_sb->prune_tlinks);
4148
4149	if (cifs_sb->master_tlink) {
4150	tcon = cifs_sb->master_tlink->tl_tcon;
4151	if (tcon) {
4152	spin_lock(lock: &tcon->sb_list_lock);
4153	list_del_init(entry: &cifs_sb->tcon_sb_link);
4154	spin_unlock(lock: &tcon->sb_list_lock);
4155	}
4156	}
4157
4158	spin_lock(lock: &cifs_sb->tlink_tree_lock);
4159	while ((node = rb_first(root))) {
4160	tlink = rb_entry(node, struct tcon_link, tl_rbnode);
4161	cifs_get_tlink(tlink);
4162	clear_bit(TCON_LINK_IN_TREE, addr: &tlink->tl_flags);
4163	rb_erase(node, root);
4164
4165	spin_unlock(lock: &cifs_sb->tlink_tree_lock);
4166	cifs_put_tlink(tlink);
4167	spin_lock(lock: &cifs_sb->tlink_tree_lock);
4168	}
4169	spin_unlock(lock: &cifs_sb->tlink_tree_lock);
4170
4171	kfree(objp: cifs_sb->prepath);
4172	call_rcu(head: &cifs_sb->rcu, func: delayed_free);
4173	}
4174
4175	int
4176	cifs_negotiate_protocol(const unsigned int xid, struct cifs_ses *ses,
4177	struct TCP_Server_Info *server)
4178	{
4179	bool in_retry = false;
4180	int rc = 0;
4181
4182	if (!server->ops->need_neg || !server->ops->negotiate)
4183	return -ENOSYS;
4184
4185	retry:
4186	/* only send once per connect */
4187	spin_lock(lock: &server->srv_lock);
4188	if (server->tcpStatus != CifsGood &&
4189	server->tcpStatus != CifsNew &&
4190	server->tcpStatus != CifsNeedNegotiate) {
4191	spin_unlock(lock: &server->srv_lock);
4192	return -EHOSTDOWN;
4193	}
4194
4195	if (!server->ops->need_neg(server) &&
4196	server->tcpStatus == CifsGood) {
4197	spin_unlock(lock: &server->srv_lock);
4198	return 0;
4199	}
4200
4201	server->tcpStatus = CifsInNegotiate;
4202	server->neg_start = jiffies;
4203	spin_unlock(lock: &server->srv_lock);
4204
4205	rc = server->ops->negotiate(xid, ses, server);
4206	if (rc == -EAGAIN) {
4207	/* Allow one retry attempt */
4208	if (!in_retry) {
4209	in_retry = true;
4210	goto retry;
4211	}
4212	rc = -EHOSTDOWN;
4213	}
4214	if (rc == 0) {
4215	spin_lock(lock: &server->srv_lock);
4216	if (server->tcpStatus == CifsInNegotiate)
4217	server->tcpStatus = CifsGood;
4218	else
4219	rc = -EHOSTDOWN;
4220	spin_unlock(lock: &server->srv_lock);
4221	} else {
4222	spin_lock(lock: &server->srv_lock);
4223	if (server->tcpStatus == CifsInNegotiate)
4224	server->tcpStatus = CifsNeedNegotiate;
4225	spin_unlock(lock: &server->srv_lock);
4226	}
4227
4228	return rc;
4229	}
4230
4231	int
4232	cifs_setup_session(const unsigned int xid, struct cifs_ses *ses,
4233	struct TCP_Server_Info *server,
4234	struct nls_table *nls_info)
4235	{
4236	int rc = 0;
4237	struct TCP_Server_Info *pserver = SERVER_IS_CHAN(server) ? server->primary_server : server;
4238	struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)&pserver->dstaddr;
4239	struct sockaddr_in *addr = (struct sockaddr_in *)&pserver->dstaddr;
4240	bool is_binding = false;
4241	bool new_ses;
4242
4243	spin_lock(lock: &ses->ses_lock);
4244	new_ses = ses->ses_status == SES_NEW;
4245	cifs_dbg(FYI, "%s: channel connect bitmap: 0x%lx\n",
4246	__func__, ses->chans_need_reconnect);
4247
4248	if (ses->ses_status != SES_GOOD &&
4249	ses->ses_status != SES_NEW &&
4250	ses->ses_status != SES_NEED_RECON) {
4251	spin_unlock(lock: &ses->ses_lock);
4252	return -EHOSTDOWN;
4253	}
4254
4255	/* only send once per connect */
4256	spin_lock(lock: &ses->chan_lock);
4257	if (CIFS_ALL_CHANS_GOOD(ses)) {
4258	if (ses->ses_status == SES_NEED_RECON)
4259	ses->ses_status = SES_GOOD;
4260	spin_unlock(lock: &ses->chan_lock);
4261	spin_unlock(lock: &ses->ses_lock);
4262	return 0;
4263	}
4264
4265	cifs_chan_set_in_reconnect(ses, server);
4266	is_binding = !CIFS_ALL_CHANS_NEED_RECONNECT(ses);
4267	spin_unlock(lock: &ses->chan_lock);
4268
4269	if (!is_binding) {
4270	ses->ses_status = SES_IN_SETUP;
4271
4272	/* force iface_list refresh */
4273	ses->iface_last_update = 0;
4274	}
4275	spin_unlock(lock: &ses->ses_lock);
4276
4277	/* update ses ip_addr only for primary chan */
4278	if (server == pserver) {
4279	if (server->dstaddr.ss_family == AF_INET6)
4280	scnprintf(buf: ses->ip_addr, size: sizeof(ses->ip_addr), fmt: "%pI6", &addr6->sin6_addr);
4281	else
4282	scnprintf(buf: ses->ip_addr, size: sizeof(ses->ip_addr), fmt: "%pI4", &addr->sin_addr);
4283	}
4284
4285	if (!is_binding) {
4286	ses->capabilities = server->capabilities;
4287	if (!linuxExtEnabled)
4288	ses->capabilities &= (~server->vals->cap_unix);
4289
4290	/*
4291	* Check if the server supports specified encoding mode.
4292	* Zero value in vals->cap_unicode indidcates that chosen
4293	* protocol dialect does not support non-UNICODE mode.
4294	*/
4295	if (ses->unicode == 1 && server->vals->cap_unicode != 0 &&
4296	!(server->capabilities & server->vals->cap_unicode)) {
4297	cifs_dbg(VFS, "Server does not support mounting in UNICODE mode\n");
4298	rc = -EOPNOTSUPP;
4299	} else if (ses->unicode == 0 && server->vals->cap_unicode == 0) {
4300	cifs_dbg(VFS, "Server does not support mounting in non-UNICODE mode\n");
4301	rc = -EOPNOTSUPP;
4302	} else if (ses->unicode == 0) {
4303	/*
4304	* When UNICODE mode was explicitly disabled then
4305	* do not announce client UNICODE capability.
4306	*/
4307	ses->capabilities &= (~server->vals->cap_unicode);
4308	}
4309
4310	if (ses->auth_key.response) {
4311	cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
4312	ses->auth_key.response);
4313	kfree_sensitive(objp: ses->auth_key.response);
4314	ses->auth_key.response = NULL;
4315	ses->auth_key.len = 0;
4316	}
4317	}
4318
4319	cifs_dbg(FYI, "Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d\n",
4320	server->sec_mode, server->capabilities, server->timeAdj);
4321
4322	if (!rc) {
4323	if (server->ops->sess_setup)
4324	rc = server->ops->sess_setup(xid, ses, server, nls_info);
4325	else
4326	rc = -ENOSYS;
4327	}
4328
4329	if (rc) {
4330	if (new_ses) {
4331	cifs_server_dbg(VFS, "failed to create a new SMB session with %s: %d\n",
4332	get_security_type_str(ses->sectype), rc);
4333	}
4334	spin_lock(lock: &ses->ses_lock);
4335	if (ses->ses_status == SES_IN_SETUP)
4336	ses->ses_status = SES_NEED_RECON;
4337	spin_lock(lock: &ses->chan_lock);
4338	cifs_chan_clear_in_reconnect(ses, server);
4339	spin_unlock(lock: &ses->chan_lock);
4340	spin_unlock(lock: &ses->ses_lock);
4341	} else {
4342	spin_lock(lock: &ses->ses_lock);
4343	if (ses->ses_status == SES_IN_SETUP)
4344	ses->ses_status = SES_GOOD;
4345	spin_lock(lock: &ses->chan_lock);
4346	cifs_chan_clear_in_reconnect(ses, server);
4347	cifs_chan_clear_need_reconnect(ses, server);
4348	spin_unlock(lock: &ses->chan_lock);
4349	spin_unlock(lock: &ses->ses_lock);
4350	}
4351
4352	return rc;
4353	}
4354
4355	static int
4356	cifs_set_vol_auth(struct smb3_fs_context *ctx, struct cifs_ses *ses)
4357	{
4358	ctx->sectype = ses->sectype;
4359
4360	/* krb5 is special, since we don't need username or pw */
4361	if (ctx->sectype == Kerberos)
4362	return 0;
4363
4364	return cifs_set_cifscreds(ctx, ses);
4365	}
4366
4367	static struct cifs_tcon *
4368	cifs_construct_tcon(struct cifs_sb_info *cifs_sb, kuid_t fsuid)
4369	{
4370	int rc;
4371	struct cifs_tcon *master_tcon = cifs_sb_master_tcon(cifs_sb);
4372	struct cifs_ses *ses;
4373	struct cifs_tcon *tcon = NULL;
4374	struct smb3_fs_context *ctx;
4375	char *origin_fullpath = NULL;
4376
4377	ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
4378	if (ctx == NULL)
4379	return ERR_PTR(error: -ENOMEM);
4380
4381	ctx->local_nls = cifs_sb->local_nls;
4382	ctx->linux_uid = fsuid;
4383	ctx->cred_uid = fsuid;
4384	ctx->UNC = master_tcon->tree_name;
4385	ctx->retry = master_tcon->retry;
4386	ctx->nocase = master_tcon->nocase;
4387	ctx->nohandlecache = master_tcon->nohandlecache;
4388	ctx->local_lease = master_tcon->local_lease;
4389	ctx->no_lease = master_tcon->no_lease;
4390	ctx->resilient = master_tcon->use_resilient;
4391	ctx->persistent = master_tcon->use_persistent;
4392	ctx->handle_timeout = master_tcon->handle_timeout;
4393	ctx->no_linux_ext = !master_tcon->unix_ext;
4394	ctx->linux_ext = master_tcon->posix_extensions;
4395	ctx->sectype = master_tcon->ses->sectype;
4396	ctx->sign = master_tcon->ses->sign;
4397	ctx->seal = master_tcon->seal;
4398	ctx->witness = master_tcon->use_witness;
4399	ctx->dfs_root_ses = master_tcon->ses->dfs_root_ses;
4400	ctx->unicode = master_tcon->ses->unicode;
4401
4402	rc = cifs_set_vol_auth(ctx, ses: master_tcon->ses);
4403	if (rc) {
4404	tcon = ERR_PTR(error: rc);
4405	goto out;
4406	}
4407
4408	/* get a reference for the same TCP session */
4409	spin_lock(lock: &cifs_tcp_ses_lock);
4410	++master_tcon->ses->server->srv_count;
4411	spin_unlock(lock: &cifs_tcp_ses_lock);
4412
4413	ses = cifs_get_smb_ses(server: master_tcon->ses->server, ctx);
4414	if (IS_ERR(ptr: ses)) {
4415	tcon = ERR_CAST(ptr: ses);
4416	cifs_put_tcp_session(server: master_tcon->ses->server, from_reconnect: 0);
4417	goto out;
4418	}
4419
4420	#ifdef CONFIG_CIFS_DFS_UPCALL
4421	spin_lock(lock: &master_tcon->tc_lock);
4422	if (master_tcon->origin_fullpath) {
4423	spin_unlock(lock: &master_tcon->tc_lock);
4424	origin_fullpath = dfs_get_path(cifs_sb, path: cifs_sb->ctx->source);
4425	if (IS_ERR(ptr: origin_fullpath)) {
4426	tcon = ERR_CAST(ptr: origin_fullpath);
4427	origin_fullpath = NULL;
4428	cifs_put_smb_ses(ses);
4429	goto out;
4430	}
4431	} else {
4432	spin_unlock(lock: &master_tcon->tc_lock);
4433	}
4434	#endif
4435
4436	tcon = cifs_get_tcon(ses, ctx);
4437	if (IS_ERR(ptr: tcon)) {
4438	cifs_put_smb_ses(ses);
4439	goto out;
4440	}
4441
4442	#ifdef CONFIG_CIFS_DFS_UPCALL
4443	if (origin_fullpath) {
4444	spin_lock(lock: &tcon->tc_lock);
4445	tcon->origin_fullpath = origin_fullpath;
4446	spin_unlock(lock: &tcon->tc_lock);
4447	origin_fullpath = NULL;
4448	queue_delayed_work(wq: dfscache_wq, dwork: &tcon->dfs_cache_work,
4449	delay: dfs_cache_get_ttl() * HZ);
4450	}
4451	#endif
4452
4453	#ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY
4454	if (cap_unix(ses))
4455	reset_cifs_unix_caps(xid: 0, tcon, NULL, ctx);
4456	#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
4457
4458	out:
4459	kfree(objp: ctx->username);
4460	kfree(objp: ctx->domainname);
4461	kfree_sensitive(objp: ctx->password);
4462	kfree(objp: origin_fullpath);
4463	kfree(objp: ctx);
4464
4465	return tcon;
4466	}
4467
4468	struct cifs_tcon *
4469	cifs_sb_master_tcon(struct cifs_sb_info *cifs_sb)
4470	{
4471	return tlink_tcon(tlink: cifs_sb_master_tlink(cifs_sb));
4472	}
4473
4474	/* find and return a tlink with given uid */
4475	static struct tcon_link *
4476	tlink_rb_search(struct rb_root *root, kuid_t uid)
4477	{
4478	struct rb_node *node = root->rb_node;
4479	struct tcon_link *tlink;
4480
4481	while (node) {
4482	tlink = rb_entry(node, struct tcon_link, tl_rbnode);
4483
4484	if (uid_gt(left: tlink->tl_uid, right: uid))
4485	node = node->rb_left;
4486	else if (uid_lt(left: tlink->tl_uid, right: uid))
4487	node = node->rb_right;
4488	else
4489	return tlink;
4490	}
4491	return NULL;
4492	}
4493
4494	/* insert a tcon_link into the tree */
4495	static void
4496	tlink_rb_insert(struct rb_root *root, struct tcon_link *new_tlink)
4497	{
4498	struct rb_node **new = &(root->rb_node), *parent = NULL;
4499	struct tcon_link *tlink;
4500
4501	while (*new) {
4502	tlink = rb_entry(*new, struct tcon_link, tl_rbnode);
4503	parent = *new;
4504
4505	if (uid_gt(left: tlink->tl_uid, right: new_tlink->tl_uid))
4506	new = &((*new)->rb_left);
4507	else
4508	new = &((*new)->rb_right);
4509	}
4510
4511	rb_link_node(node: &new_tlink->tl_rbnode, parent, rb_link: new);
4512	rb_insert_color(&new_tlink->tl_rbnode, root);
4513	}
4514
4515	/*
4516	* Find or construct an appropriate tcon given a cifs_sb and the fsuid of the
4517	* current task.
4518	*
4519	* If the superblock doesn't refer to a multiuser mount, then just return
4520	* the master tcon for the mount.
4521	*
4522	* First, search the rbtree for an existing tcon for this fsuid. If one
4523	* exists, then check to see if it's pending construction. If it is then wait
4524	* for construction to complete. Once it's no longer pending, check to see if
4525	* it failed and either return an error or retry construction, depending on
4526	* the timeout.
4527	*
4528	* If one doesn't exist then insert a new tcon_link struct into the tree and
4529	* try to construct a new one.
4530	*
4531	* REMEMBER to call cifs_put_tlink() after successful calls to cifs_sb_tlink,
4532	* to avoid refcount issues
4533	*/
4534	struct tcon_link *
4535	cifs_sb_tlink(struct cifs_sb_info *cifs_sb)
4536	{
4537	struct tcon_link *tlink, *newtlink;
4538	kuid_t fsuid = current_fsuid();
4539	int err;
4540
4541	if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MULTIUSER))
4542	return cifs_get_tlink(tlink: cifs_sb_master_tlink(cifs_sb));
4543
4544	spin_lock(lock: &cifs_sb->tlink_tree_lock);
4545	tlink = tlink_rb_search(root: &cifs_sb->tlink_tree, uid: fsuid);
4546	if (tlink)
4547	cifs_get_tlink(tlink);
4548	spin_unlock(lock: &cifs_sb->tlink_tree_lock);
4549
4550	if (tlink == NULL) {
4551	newtlink = kzalloc(sizeof(*tlink), GFP_KERNEL);
4552	if (newtlink == NULL)
4553	return ERR_PTR(error: -ENOMEM);
4554	newtlink->tl_uid = fsuid;
4555	newtlink->tl_tcon = ERR_PTR(error: -EACCES);
4556	set_bit(TCON_LINK_PENDING, addr: &newtlink->tl_flags);
4557	set_bit(TCON_LINK_IN_TREE, addr: &newtlink->tl_flags);
4558	cifs_get_tlink(tlink: newtlink);
4559
4560	spin_lock(lock: &cifs_sb->tlink_tree_lock);
4561	/* was one inserted after previous search? */
4562	tlink = tlink_rb_search(root: &cifs_sb->tlink_tree, uid: fsuid);
4563	if (tlink) {
4564	cifs_get_tlink(tlink);
4565	spin_unlock(lock: &cifs_sb->tlink_tree_lock);
4566	kfree(objp: newtlink);
4567	goto wait_for_construction;
4568	}
4569	tlink = newtlink;
4570	tlink_rb_insert(root: &cifs_sb->tlink_tree, new_tlink: tlink);
4571	spin_unlock(lock: &cifs_sb->tlink_tree_lock);
4572	} else {
4573	wait_for_construction:
4574	err = wait_on_bit(word: &tlink->tl_flags, TCON_LINK_PENDING,
4575	TASK_INTERRUPTIBLE);
4576	if (err) {
4577	cifs_put_tlink(tlink);
4578	return ERR_PTR(error: -ERESTARTSYS);
4579	}
4580
4581	/* if it's good, return it */
4582	if (!IS_ERR(ptr: tlink->tl_tcon))
4583	return tlink;
4584
4585	/* return error if we tried this already recently */
4586	if (time_before(jiffies, tlink->tl_time + TLINK_ERROR_EXPIRE)) {
4587	err = PTR_ERR(ptr: tlink->tl_tcon);
4588	cifs_put_tlink(tlink);
4589	return ERR_PTR(error: err);
4590	}
4591
4592	if (test_and_set_bit(TCON_LINK_PENDING, addr: &tlink->tl_flags))
4593	goto wait_for_construction;
4594	}
4595
4596	tlink->tl_tcon = cifs_construct_tcon(cifs_sb, fsuid);
4597	clear_bit(TCON_LINK_PENDING, addr: &tlink->tl_flags);
4598	wake_up_bit(word: &tlink->tl_flags, TCON_LINK_PENDING);
4599
4600	if (IS_ERR(ptr: tlink->tl_tcon)) {
4601	err = PTR_ERR(ptr: tlink->tl_tcon);
4602	if (err == -ENOKEY)
4603	err = -EACCES;
4604	cifs_put_tlink(tlink);
4605	return ERR_PTR(error: err);
4606	}
4607
4608	return tlink;
4609	}
4610
4611	/*
4612	* periodic workqueue job that scans tcon_tree for a superblock and closes
4613	* out tcons.
4614	*/
4615	static void
4616	cifs_prune_tlinks(struct work_struct *work)
4617	{
4618	struct cifs_sb_info *cifs_sb = container_of(work, struct cifs_sb_info,
4619	prune_tlinks.work);
4620	struct rb_root *root = &cifs_sb->tlink_tree;
4621	struct rb_node *node;
4622	struct rb_node *tmp;
4623	struct tcon_link *tlink;
4624
4625	/*
4626	* Because we drop the spinlock in the loop in order to put the tlink
4627	* it's not guarded against removal of links from the tree. The only
4628	* places that remove entries from the tree are this function and
4629	* umounts. Because this function is non-reentrant and is canceled
4630	* before umount can proceed, this is safe.
4631	*/
4632	spin_lock(lock: &cifs_sb->tlink_tree_lock);
4633	node = rb_first(root);
4634	while (node != NULL) {
4635	tmp = node;
4636	node = rb_next(tmp);
4637	tlink = rb_entry(tmp, struct tcon_link, tl_rbnode);
4638
4639	if (test_bit(TCON_LINK_MASTER, &tlink->tl_flags) ||
4640	atomic_read(v: &tlink->tl_count) != 0 ||
4641	time_after(tlink->tl_time + TLINK_IDLE_EXPIRE, jiffies))
4642	continue;
4643
4644	cifs_get_tlink(tlink);
4645	clear_bit(TCON_LINK_IN_TREE, addr: &tlink->tl_flags);
4646	rb_erase(tmp, root);
4647
4648	spin_unlock(lock: &cifs_sb->tlink_tree_lock);
4649	cifs_put_tlink(tlink);
4650	spin_lock(lock: &cifs_sb->tlink_tree_lock);
4651	}
4652	spin_unlock(lock: &cifs_sb->tlink_tree_lock);
4653
4654	queue_delayed_work(wq: cifsiod_wq, dwork: &cifs_sb->prune_tlinks,
4655	TLINK_IDLE_EXPIRE);
4656	}
4657
4658	#ifndef CONFIG_CIFS_DFS_UPCALL
4659	int cifs_tree_connect(const unsigned int xid, struct cifs_tcon *tcon)
4660	{
4661	const struct smb_version_operations *ops = tcon->ses->server->ops;
4662	int rc;
4663
4664	/* only send once per connect */
4665	spin_lock(&tcon->tc_lock);
4666
4667	/* if tcon is marked for needing reconnect, update state */
4668	if (tcon->need_reconnect)
4669	tcon->status = TID_NEED_TCON;
4670
4671	if (tcon->status == TID_GOOD) {
4672	spin_unlock(&tcon->tc_lock);
4673	return 0;
4674	}
4675
4676	if (tcon->status != TID_NEW &&
4677	tcon->status != TID_NEED_TCON) {
4678	spin_unlock(&tcon->tc_lock);
4679	return -EHOSTDOWN;
4680	}
4681
4682	tcon->status = TID_IN_TCON;
4683	spin_unlock(&tcon->tc_lock);
4684
4685	rc = ops->tree_connect(xid, tcon->ses, tcon->tree_name,
4686	tcon, tcon->ses->local_nls);
4687	if (rc) {
4688	spin_lock(&tcon->tc_lock);
4689	if (tcon->status == TID_IN_TCON)
4690	tcon->status = TID_NEED_TCON;
4691	spin_unlock(&tcon->tc_lock);
4692	} else {
4693	spin_lock(&tcon->tc_lock);
4694	if (tcon->status == TID_IN_TCON)
4695	tcon->status = TID_GOOD;
4696	tcon->need_reconnect = false;
4697	spin_unlock(&tcon->tc_lock);
4698	}
4699
4700	return rc;
4701	}
4702	#endif
4703