1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org>
4 * Copyright (C) 2019 Samsung Electronics Co., Ltd.
5 */
6
7 #include <linux/fs.h>
8 #include <linux/filelock.h>
9 #include <linux/slab.h>
10 #include <linux/vmalloc.h>
11 #include <linux/kthread.h>
12 #include <linux/freezer.h>
13
14 #include "glob.h"
15 #include "vfs_cache.h"
16 #include "oplock.h"
17 #include "vfs.h"
18 #include "connection.h"
19 #include "misc.h"
20 #include "mgmt/tree_connect.h"
21 #include "mgmt/user_session.h"
22 #include "mgmt/user_config.h"
23 #include "smb_common.h"
24 #include "server.h"
25 #include "smb2pdu.h"
26
27 #define S_DEL_PENDING 1
28 #define S_DEL_ON_CLS 2
29 #define S_DEL_ON_CLS_STREAM 8
30
31 static unsigned int inode_hash_mask __read_mostly;
32 static unsigned int inode_hash_shift __read_mostly;
33 static struct hlist_head *inode_hashtable __read_mostly;
34 static DEFINE_RWLOCK(inode_hash_lock);
35
36 static struct ksmbd_file_table global_ft;
37 static atomic_long_t fd_limit;
38 static struct kmem_cache *filp_cache;
39
40 #define OPLOCK_NONE 0
41 #define OPLOCK_EXCLUSIVE 1
42 #define OPLOCK_BATCH 2
43 #define OPLOCK_READ 3 /* level 2 oplock */
44
45 #ifdef CONFIG_PROC_FS
46
47 static const struct ksmbd_const_name ksmbd_lease_const_names[] = {
48 {le32_to_cpu(SMB2_LEASE_NONE_LE), "LEASE_NONE"},
49 {le32_to_cpu(SMB2_LEASE_READ_CACHING_LE), "LEASE_R"},
50 {le32_to_cpu(SMB2_LEASE_HANDLE_CACHING_LE), "LEASE_H"},
51 {le32_to_cpu(SMB2_LEASE_WRITE_CACHING_LE), "LEASE_W"},
52 {le32_to_cpu(SMB2_LEASE_READ_CACHING_LE |
53 SMB2_LEASE_HANDLE_CACHING_LE), "LEASE_RH"},
54 {le32_to_cpu(SMB2_LEASE_READ_CACHING_LE |
55 SMB2_LEASE_WRITE_CACHING_LE), "LEASE_RW"},
56 {le32_to_cpu(SMB2_LEASE_HANDLE_CACHING_LE |
57 SMB2_LEASE_WRITE_CACHING_LE), "LEASE_WH"},
58 {le32_to_cpu(SMB2_LEASE_READ_CACHING_LE |
59 SMB2_LEASE_HANDLE_CACHING_LE |
60 SMB2_LEASE_WRITE_CACHING_LE), "LEASE_RWH"},
61 };
62
63 static const struct ksmbd_const_name ksmbd_oplock_const_names[] = {
64 {SMB2_OPLOCK_LEVEL_NONE, "OPLOCK_NONE"},
65 {SMB2_OPLOCK_LEVEL_II, "OPLOCK_II"},
66 {SMB2_OPLOCK_LEVEL_EXCLUSIVE, "OPLOCK_EXECL"},
67 {SMB2_OPLOCK_LEVEL_BATCH, "OPLOCK_BATCH"},
68 };
69
proc_show_files(struct seq_file * m,void * v)70 static int proc_show_files(struct seq_file *m, void *v)
71 {
72 struct ksmbd_file *fp = NULL;
73 unsigned int id;
74 struct oplock_info *opinfo;
75
76 seq_printf(m, "#%-10s %-10s %-10s %-10s %-15s %-10s %-10s %s\n",
77 "<tree id>", "<pid>", "<vid>", "<refcnt>",
78 "<oplock>", "<daccess>", "<saccess>",
79 "<name>");
80
81 read_lock(&global_ft.lock);
82 idr_for_each_entry(global_ft.idr, fp, id) {
83 seq_printf(m, "%#-10x %#-10llx %#-10llx %#-10x",
84 fp->tcon->id,
85 fp->persistent_id,
86 fp->volatile_id,
87 atomic_read(&fp->refcount));
88
89 rcu_read_lock();
90 opinfo = rcu_dereference(fp->f_opinfo);
91 if (opinfo) {
92 const struct ksmbd_const_name *const_names;
93 int count;
94 unsigned int level;
95
96 if (opinfo->is_lease) {
97 const_names = ksmbd_lease_const_names;
98 count = ARRAY_SIZE(ksmbd_lease_const_names);
99 level = le32_to_cpu(opinfo->o_lease->state);
100 } else {
101 const_names = ksmbd_oplock_const_names;
102 count = ARRAY_SIZE(ksmbd_oplock_const_names);
103 level = opinfo->level;
104 }
105 rcu_read_unlock();
106 ksmbd_proc_show_const_name(m, " %-15s",
107 const_names, count, level);
108 } else {
109 rcu_read_unlock();
110 seq_printf(m, " %-15s", " ");
111 }
112
113 seq_printf(m, " %#010x %#010x %s\n",
114 le32_to_cpu(fp->daccess),
115 le32_to_cpu(fp->saccess),
116 fp->filp->f_path.dentry->d_name.name);
117 }
118 read_unlock(&global_ft.lock);
119 return 0;
120 }
121
create_proc_files(void)122 static int create_proc_files(void)
123 {
124 ksmbd_proc_create("files", proc_show_files, NULL);
125 return 0;
126 }
127 #else
create_proc_files(void)128 static int create_proc_files(void) { return 0; }
129 #endif
130
131 static bool durable_scavenger_running;
132 static DEFINE_MUTEX(durable_scavenger_lock);
133 static wait_queue_head_t dh_wq;
134
ksmbd_set_fd_limit(unsigned long limit)135 void ksmbd_set_fd_limit(unsigned long limit)
136 {
137 limit = min(limit, get_max_files());
138 atomic_long_set(&fd_limit, limit);
139 }
140
fd_limit_depleted(void)141 static bool fd_limit_depleted(void)
142 {
143 long v = atomic_long_dec_return(&fd_limit);
144
145 if (v >= 0)
146 return false;
147 atomic_long_inc(&fd_limit);
148 return true;
149 }
150
fd_limit_close(void)151 static void fd_limit_close(void)
152 {
153 atomic_long_inc(&fd_limit);
154 }
155
156 /*
157 * INODE hash
158 */
159
inode_hash(struct super_block * sb,unsigned long hashval)160 static unsigned long inode_hash(struct super_block *sb, unsigned long hashval)
161 {
162 unsigned long tmp;
163
164 tmp = (hashval * (unsigned long)sb) ^ (GOLDEN_RATIO_PRIME + hashval) /
165 L1_CACHE_BYTES;
166 tmp = tmp ^ ((tmp ^ GOLDEN_RATIO_PRIME) >> inode_hash_shift);
167 return tmp & inode_hash_mask;
168 }
169
__ksmbd_inode_lookup(struct dentry * de)170 static struct ksmbd_inode *__ksmbd_inode_lookup(struct dentry *de)
171 {
172 struct hlist_head *head = inode_hashtable +
173 inode_hash(d_inode(de)->i_sb, (unsigned long)de);
174 struct ksmbd_inode *ci = NULL, *ret_ci = NULL;
175
176 hlist_for_each_entry(ci, head, m_hash) {
177 if (ci->m_de == de) {
178 if (atomic_inc_not_zero(&ci->m_count))
179 ret_ci = ci;
180 break;
181 }
182 }
183 return ret_ci;
184 }
185
ksmbd_inode_lookup(struct ksmbd_file * fp)186 static struct ksmbd_inode *ksmbd_inode_lookup(struct ksmbd_file *fp)
187 {
188 return __ksmbd_inode_lookup(fp->filp->f_path.dentry);
189 }
190
ksmbd_inode_lookup_lock(struct dentry * d)191 struct ksmbd_inode *ksmbd_inode_lookup_lock(struct dentry *d)
192 {
193 struct ksmbd_inode *ci;
194
195 read_lock(&inode_hash_lock);
196 ci = __ksmbd_inode_lookup(d);
197 read_unlock(&inode_hash_lock);
198
199 return ci;
200 }
201
ksmbd_query_inode_status(struct dentry * dentry)202 int ksmbd_query_inode_status(struct dentry *dentry)
203 {
204 struct ksmbd_inode *ci;
205 int ret = KSMBD_INODE_STATUS_UNKNOWN;
206
207 read_lock(&inode_hash_lock);
208 ci = __ksmbd_inode_lookup(dentry);
209 read_unlock(&inode_hash_lock);
210 if (!ci)
211 return ret;
212
213 down_read(&ci->m_lock);
214 if (ci->m_flags & (S_DEL_PENDING | S_DEL_ON_CLS))
215 ret = KSMBD_INODE_STATUS_PENDING_DELETE;
216 else
217 ret = KSMBD_INODE_STATUS_OK;
218 up_read(&ci->m_lock);
219
220 atomic_dec(&ci->m_count);
221 return ret;
222 }
223
ksmbd_inode_pending_delete(struct ksmbd_file * fp)224 bool ksmbd_inode_pending_delete(struct ksmbd_file *fp)
225 {
226 struct ksmbd_inode *ci = fp->f_ci;
227 int ret;
228
229 down_read(&ci->m_lock);
230 ret = (ci->m_flags & (S_DEL_PENDING | S_DEL_ON_CLS));
231 up_read(&ci->m_lock);
232
233 return ret;
234 }
235
ksmbd_set_inode_pending_delete(struct ksmbd_file * fp)236 void ksmbd_set_inode_pending_delete(struct ksmbd_file *fp)
237 {
238 struct ksmbd_inode *ci = fp->f_ci;
239
240 down_write(&ci->m_lock);
241 ci->m_flags |= S_DEL_PENDING;
242 up_write(&ci->m_lock);
243 }
244
ksmbd_clear_inode_pending_delete(struct ksmbd_file * fp)245 void ksmbd_clear_inode_pending_delete(struct ksmbd_file *fp)
246 {
247 struct ksmbd_inode *ci = fp->f_ci;
248
249 down_write(&ci->m_lock);
250 ci->m_flags &= ~S_DEL_PENDING;
251 up_write(&ci->m_lock);
252 }
253
ksmbd_fd_set_delete_on_close(struct ksmbd_file * fp,int file_info)254 void ksmbd_fd_set_delete_on_close(struct ksmbd_file *fp,
255 int file_info)
256 {
257 struct ksmbd_inode *ci = fp->f_ci;
258
259 down_write(&ci->m_lock);
260 if (ksmbd_stream_fd(fp))
261 ci->m_flags |= S_DEL_ON_CLS_STREAM;
262 else
263 ci->m_flags |= S_DEL_ON_CLS;
264 up_write(&ci->m_lock);
265 }
266
ksmbd_inode_hash(struct ksmbd_inode * ci)267 static void ksmbd_inode_hash(struct ksmbd_inode *ci)
268 {
269 struct hlist_head *b = inode_hashtable +
270 inode_hash(d_inode(ci->m_de)->i_sb, (unsigned long)ci->m_de);
271
272 hlist_add_head(&ci->m_hash, b);
273 }
274
ksmbd_inode_unhash(struct ksmbd_inode * ci)275 static void ksmbd_inode_unhash(struct ksmbd_inode *ci)
276 {
277 write_lock(&inode_hash_lock);
278 hlist_del_init(&ci->m_hash);
279 write_unlock(&inode_hash_lock);
280 }
281
ksmbd_inode_init(struct ksmbd_inode * ci,struct ksmbd_file * fp)282 static int ksmbd_inode_init(struct ksmbd_inode *ci, struct ksmbd_file *fp)
283 {
284 atomic_set(&ci->m_count, 1);
285 atomic_set(&ci->op_count, 0);
286 atomic_set(&ci->sop_count, 0);
287 ci->m_flags = 0;
288 ci->m_fattr = 0;
289 INIT_LIST_HEAD(&ci->m_fp_list);
290 INIT_LIST_HEAD(&ci->m_op_list);
291 init_rwsem(&ci->m_lock);
292 ci->m_de = fp->filp->f_path.dentry;
293 return 0;
294 }
295
ksmbd_inode_get(struct ksmbd_file * fp)296 static struct ksmbd_inode *ksmbd_inode_get(struct ksmbd_file *fp)
297 {
298 struct ksmbd_inode *ci, *tmpci;
299 int rc;
300
301 read_lock(&inode_hash_lock);
302 ci = ksmbd_inode_lookup(fp);
303 read_unlock(&inode_hash_lock);
304 if (ci)
305 return ci;
306
307 ci = kmalloc_obj(struct ksmbd_inode, KSMBD_DEFAULT_GFP);
308 if (!ci)
309 return NULL;
310
311 rc = ksmbd_inode_init(ci, fp);
312 if (rc) {
313 pr_err("inode initialized failed\n");
314 kfree(ci);
315 return NULL;
316 }
317
318 write_lock(&inode_hash_lock);
319 tmpci = ksmbd_inode_lookup(fp);
320 if (!tmpci) {
321 ksmbd_inode_hash(ci);
322 } else {
323 kfree(ci);
324 ci = tmpci;
325 }
326 write_unlock(&inode_hash_lock);
327 return ci;
328 }
329
ksmbd_inode_free(struct ksmbd_inode * ci)330 static void ksmbd_inode_free(struct ksmbd_inode *ci)
331 {
332 ksmbd_inode_unhash(ci);
333 kfree(ci);
334 }
335
ksmbd_inode_put(struct ksmbd_inode * ci)336 void ksmbd_inode_put(struct ksmbd_inode *ci)
337 {
338 if (atomic_dec_and_test(&ci->m_count))
339 ksmbd_inode_free(ci);
340 }
341
ksmbd_inode_hash_init(void)342 int __init ksmbd_inode_hash_init(void)
343 {
344 unsigned int loop;
345 unsigned long numentries = 16384;
346 unsigned long bucketsize = sizeof(struct hlist_head);
347 unsigned long size;
348
349 inode_hash_shift = ilog2(numentries);
350 inode_hash_mask = (1 << inode_hash_shift) - 1;
351
352 size = bucketsize << inode_hash_shift;
353
354 /* init master fp hash table */
355 inode_hashtable = vmalloc(size);
356 if (!inode_hashtable)
357 return -ENOMEM;
358
359 for (loop = 0; loop < (1U << inode_hash_shift); loop++)
360 INIT_HLIST_HEAD(&inode_hashtable[loop]);
361 return 0;
362 }
363
ksmbd_release_inode_hash(void)364 void ksmbd_release_inode_hash(void)
365 {
366 vfree(inode_hashtable);
367 }
368
__ksmbd_inode_close(struct ksmbd_file * fp)369 static void __ksmbd_inode_close(struct ksmbd_file *fp)
370 {
371 struct ksmbd_inode *ci = fp->f_ci;
372 int err;
373 struct file *filp;
374
375 filp = fp->filp;
376
377 if (ksmbd_stream_fd(fp)) {
378 bool remove_stream_xattr = false;
379
380 down_write(&ci->m_lock);
381 if (ci->m_flags & S_DEL_ON_CLS_STREAM) {
382 ci->m_flags &= ~S_DEL_ON_CLS_STREAM;
383 remove_stream_xattr = true;
384 }
385 up_write(&ci->m_lock);
386
387 if (remove_stream_xattr) {
388 err = ksmbd_vfs_remove_xattr(file_mnt_idmap(filp),
389 &filp->f_path,
390 fp->stream.name,
391 true);
392 if (err)
393 pr_err("remove xattr failed : %s\n",
394 fp->stream.name);
395 }
396 }
397
398 if (atomic_dec_and_test(&ci->m_count)) {
399 bool do_unlink = false;
400
401 down_write(&ci->m_lock);
402 if (ci->m_flags & (S_DEL_ON_CLS | S_DEL_PENDING)) {
403 ci->m_flags &= ~(S_DEL_ON_CLS | S_DEL_PENDING);
404 do_unlink = true;
405 }
406 up_write(&ci->m_lock);
407
408 if (do_unlink)
409 ksmbd_vfs_unlink(filp);
410
411 ksmbd_inode_free(ci);
412 }
413 }
414
__ksmbd_remove_durable_fd(struct ksmbd_file * fp)415 static void __ksmbd_remove_durable_fd(struct ksmbd_file *fp)
416 {
417 if (!has_file_id(fp->persistent_id))
418 return;
419
420 idr_remove(global_ft.idr, fp->persistent_id);
421 }
422
ksmbd_remove_durable_fd(struct ksmbd_file * fp)423 static void ksmbd_remove_durable_fd(struct ksmbd_file *fp)
424 {
425 write_lock(&global_ft.lock);
426 __ksmbd_remove_durable_fd(fp);
427 write_unlock(&global_ft.lock);
428 if (waitqueue_active(&dh_wq))
429 wake_up(&dh_wq);
430 }
431
__ksmbd_remove_fd(struct ksmbd_file_table * ft,struct ksmbd_file * fp)432 static void __ksmbd_remove_fd(struct ksmbd_file_table *ft, struct ksmbd_file *fp)
433 {
434 if (!has_file_id(fp->volatile_id))
435 return;
436
437 down_write(&fp->f_ci->m_lock);
438 list_del_init(&fp->node);
439 up_write(&fp->f_ci->m_lock);
440
441 write_lock(&ft->lock);
442 idr_remove(ft->idr, fp->volatile_id);
443 write_unlock(&ft->lock);
444 }
445
__ksmbd_close_fd(struct ksmbd_file_table * ft,struct ksmbd_file * fp)446 static void __ksmbd_close_fd(struct ksmbd_file_table *ft, struct ksmbd_file *fp)
447 {
448 struct file *filp;
449 struct ksmbd_lock *smb_lock, *tmp_lock;
450
451 fd_limit_close();
452 ksmbd_remove_durable_fd(fp);
453 if (ft)
454 __ksmbd_remove_fd(ft, fp);
455
456 close_id_del_oplock(fp);
457 filp = fp->filp;
458
459 __ksmbd_inode_close(fp);
460 if (!IS_ERR_OR_NULL(filp))
461 fput(filp);
462
463 /* because the reference count of fp is 0, it is guaranteed that
464 * there are not accesses to fp->lock_list.
465 */
466 list_for_each_entry_safe(smb_lock, tmp_lock, &fp->lock_list, flist) {
467 if (!list_empty(&smb_lock->clist) && fp->conn) {
468 spin_lock(&fp->conn->llist_lock);
469 list_del(&smb_lock->clist);
470 spin_unlock(&fp->conn->llist_lock);
471 }
472
473 list_del(&smb_lock->flist);
474 locks_free_lock(smb_lock->fl);
475 kfree(smb_lock);
476 }
477
478 if (ksmbd_stream_fd(fp))
479 kfree(fp->stream.name);
480 kfree(fp->owner.name);
481
482 kmem_cache_free(filp_cache, fp);
483 }
484
ksmbd_fp_get(struct ksmbd_file * fp)485 static struct ksmbd_file *ksmbd_fp_get(struct ksmbd_file *fp)
486 {
487 if (fp->f_state != FP_INITED)
488 return NULL;
489
490 if (!atomic_inc_not_zero(&fp->refcount))
491 return NULL;
492 return fp;
493 }
494
__ksmbd_lookup_fd(struct ksmbd_file_table * ft,u64 id)495 static struct ksmbd_file *__ksmbd_lookup_fd(struct ksmbd_file_table *ft,
496 u64 id)
497 {
498 struct ksmbd_file *fp;
499
500 if (!has_file_id(id))
501 return NULL;
502
503 read_lock(&ft->lock);
504 fp = idr_find(ft->idr, id);
505 if (fp)
506 fp = ksmbd_fp_get(fp);
507 read_unlock(&ft->lock);
508 return fp;
509 }
510
__put_fd_final(struct ksmbd_work * work,struct ksmbd_file * fp)511 static void __put_fd_final(struct ksmbd_work *work, struct ksmbd_file *fp)
512 {
513 __ksmbd_close_fd(&work->sess->file_table, fp);
514 atomic_dec(&work->conn->stats.open_files_count);
515 }
516
set_close_state_blocked_works(struct ksmbd_file * fp)517 static void set_close_state_blocked_works(struct ksmbd_file *fp)
518 {
519 struct ksmbd_work *cancel_work;
520
521 spin_lock(&fp->f_lock);
522 list_for_each_entry(cancel_work, &fp->blocked_works,
523 fp_entry) {
524 cancel_work->state = KSMBD_WORK_CLOSED;
525 cancel_work->cancel_fn(cancel_work->cancel_argv);
526 }
527 spin_unlock(&fp->f_lock);
528 }
529
ksmbd_close_fd(struct ksmbd_work * work,u64 id)530 int ksmbd_close_fd(struct ksmbd_work *work, u64 id)
531 {
532 struct ksmbd_file *fp;
533 struct ksmbd_file_table *ft;
534
535 if (!has_file_id(id))
536 return 0;
537
538 ft = &work->sess->file_table;
539 write_lock(&ft->lock);
540 fp = idr_find(ft->idr, id);
541 if (fp) {
542 set_close_state_blocked_works(fp);
543
544 if (fp->f_state != FP_INITED)
545 fp = NULL;
546 else {
547 fp->f_state = FP_CLOSED;
548 if (!atomic_dec_and_test(&fp->refcount))
549 fp = NULL;
550 }
551 }
552 write_unlock(&ft->lock);
553
554 if (!fp)
555 return -EINVAL;
556
557 __put_fd_final(work, fp);
558 return 0;
559 }
560
ksmbd_fd_put(struct ksmbd_work * work,struct ksmbd_file * fp)561 void ksmbd_fd_put(struct ksmbd_work *work, struct ksmbd_file *fp)
562 {
563 if (!fp)
564 return;
565
566 if (!atomic_dec_and_test(&fp->refcount))
567 return;
568 __put_fd_final(work, fp);
569 }
570
__sanity_check(struct ksmbd_tree_connect * tcon,struct ksmbd_file * fp)571 static bool __sanity_check(struct ksmbd_tree_connect *tcon, struct ksmbd_file *fp)
572 {
573 if (!fp)
574 return false;
575 if (fp->tcon != tcon)
576 return false;
577 return true;
578 }
579
ksmbd_lookup_foreign_fd(struct ksmbd_work * work,u64 id)580 struct ksmbd_file *ksmbd_lookup_foreign_fd(struct ksmbd_work *work, u64 id)
581 {
582 return __ksmbd_lookup_fd(&work->sess->file_table, id);
583 }
584
ksmbd_lookup_fd_fast(struct ksmbd_work * work,u64 id)585 struct ksmbd_file *ksmbd_lookup_fd_fast(struct ksmbd_work *work, u64 id)
586 {
587 struct ksmbd_file *fp = __ksmbd_lookup_fd(&work->sess->file_table, id);
588
589 if (__sanity_check(work->tcon, fp))
590 return fp;
591
592 ksmbd_fd_put(work, fp);
593 return NULL;
594 }
595
ksmbd_lookup_fd_slow(struct ksmbd_work * work,u64 id,u64 pid)596 struct ksmbd_file *ksmbd_lookup_fd_slow(struct ksmbd_work *work, u64 id,
597 u64 pid)
598 {
599 struct ksmbd_file *fp;
600
601 if (!has_file_id(id)) {
602 id = work->compound_fid;
603 pid = work->compound_pfid;
604 }
605
606 fp = __ksmbd_lookup_fd(&work->sess->file_table, id);
607 if (!__sanity_check(work->tcon, fp)) {
608 ksmbd_fd_put(work, fp);
609 return NULL;
610 }
611 if (fp->persistent_id != pid) {
612 ksmbd_fd_put(work, fp);
613 return NULL;
614 }
615 return fp;
616 }
617
ksmbd_lookup_global_fd(unsigned long long id)618 struct ksmbd_file *ksmbd_lookup_global_fd(unsigned long long id)
619 {
620 return __ksmbd_lookup_fd(&global_ft, id);
621 }
622
ksmbd_lookup_durable_fd(unsigned long long id)623 struct ksmbd_file *ksmbd_lookup_durable_fd(unsigned long long id)
624 {
625 struct ksmbd_file *fp;
626
627 fp = __ksmbd_lookup_fd(&global_ft, id);
628 if (fp && (fp->conn ||
629 (fp->durable_scavenger_timeout &&
630 (fp->durable_scavenger_timeout <
631 jiffies_to_msecs(jiffies))))) {
632 ksmbd_put_durable_fd(fp);
633 fp = NULL;
634 }
635
636 return fp;
637 }
638
ksmbd_put_durable_fd(struct ksmbd_file * fp)639 void ksmbd_put_durable_fd(struct ksmbd_file *fp)
640 {
641 if (!atomic_dec_and_test(&fp->refcount))
642 return;
643
644 __ksmbd_close_fd(NULL, fp);
645 }
646
ksmbd_lookup_fd_cguid(char * cguid)647 struct ksmbd_file *ksmbd_lookup_fd_cguid(char *cguid)
648 {
649 struct ksmbd_file *fp = NULL;
650 unsigned int id;
651
652 read_lock(&global_ft.lock);
653 idr_for_each_entry(global_ft.idr, fp, id) {
654 if (!memcmp(fp->create_guid,
655 cguid,
656 SMB2_CREATE_GUID_SIZE)) {
657 fp = ksmbd_fp_get(fp);
658 break;
659 }
660 }
661 read_unlock(&global_ft.lock);
662
663 return fp;
664 }
665
ksmbd_lookup_fd_inode(struct dentry * dentry)666 struct ksmbd_file *ksmbd_lookup_fd_inode(struct dentry *dentry)
667 {
668 struct ksmbd_file *lfp;
669 struct ksmbd_inode *ci;
670 struct inode *inode = d_inode(dentry);
671
672 read_lock(&inode_hash_lock);
673 ci = __ksmbd_inode_lookup(dentry);
674 read_unlock(&inode_hash_lock);
675 if (!ci)
676 return NULL;
677
678 down_read(&ci->m_lock);
679 list_for_each_entry(lfp, &ci->m_fp_list, node) {
680 if (inode == file_inode(lfp->filp)) {
681 atomic_dec(&ci->m_count);
682 lfp = ksmbd_fp_get(lfp);
683 up_read(&ci->m_lock);
684 return lfp;
685 }
686 }
687 atomic_dec(&ci->m_count);
688 up_read(&ci->m_lock);
689 return NULL;
690 }
691
692 #define OPEN_ID_TYPE_VOLATILE_ID (0)
693 #define OPEN_ID_TYPE_PERSISTENT_ID (1)
694
__open_id_set(struct ksmbd_file * fp,u64 id,int type)695 static void __open_id_set(struct ksmbd_file *fp, u64 id, int type)
696 {
697 if (type == OPEN_ID_TYPE_VOLATILE_ID)
698 fp->volatile_id = id;
699 if (type == OPEN_ID_TYPE_PERSISTENT_ID)
700 fp->persistent_id = id;
701 }
702
__open_id(struct ksmbd_file_table * ft,struct ksmbd_file * fp,int type)703 static int __open_id(struct ksmbd_file_table *ft, struct ksmbd_file *fp,
704 int type)
705 {
706 u64 id = 0;
707 int ret;
708
709 if (type == OPEN_ID_TYPE_VOLATILE_ID && fd_limit_depleted()) {
710 __open_id_set(fp, KSMBD_NO_FID, type);
711 return -EMFILE;
712 }
713
714 idr_preload(KSMBD_DEFAULT_GFP);
715 write_lock(&ft->lock);
716 ret = idr_alloc_cyclic(ft->idr, fp, 0, INT_MAX - 1, GFP_NOWAIT);
717 if (ret >= 0) {
718 id = ret;
719 ret = 0;
720 } else {
721 id = KSMBD_NO_FID;
722 fd_limit_close();
723 }
724
725 __open_id_set(fp, id, type);
726 write_unlock(&ft->lock);
727 idr_preload_end();
728 return ret;
729 }
730
ksmbd_open_durable_fd(struct ksmbd_file * fp)731 unsigned int ksmbd_open_durable_fd(struct ksmbd_file *fp)
732 {
733 __open_id(&global_ft, fp, OPEN_ID_TYPE_PERSISTENT_ID);
734 return fp->persistent_id;
735 }
736
ksmbd_open_fd(struct ksmbd_work * work,struct file * filp)737 struct ksmbd_file *ksmbd_open_fd(struct ksmbd_work *work, struct file *filp)
738 {
739 struct ksmbd_file *fp;
740 int ret;
741
742 fp = kmem_cache_zalloc(filp_cache, KSMBD_DEFAULT_GFP);
743 if (!fp) {
744 pr_err("Failed to allocate memory\n");
745 return ERR_PTR(-ENOMEM);
746 }
747
748 INIT_LIST_HEAD(&fp->blocked_works);
749 INIT_LIST_HEAD(&fp->node);
750 INIT_LIST_HEAD(&fp->lock_list);
751 spin_lock_init(&fp->f_lock);
752 atomic_set(&fp->refcount, 1);
753
754 fp->filp = filp;
755 fp->conn = work->conn;
756 fp->tcon = work->tcon;
757 fp->volatile_id = KSMBD_NO_FID;
758 fp->persistent_id = KSMBD_NO_FID;
759 fp->f_state = FP_NEW;
760 fp->f_ci = ksmbd_inode_get(fp);
761
762 if (!fp->f_ci) {
763 ret = -ENOMEM;
764 goto err_out;
765 }
766
767 ret = __open_id(&work->sess->file_table, fp, OPEN_ID_TYPE_VOLATILE_ID);
768 if (ret) {
769 ksmbd_inode_put(fp->f_ci);
770 goto err_out;
771 }
772
773 atomic_inc(&work->conn->stats.open_files_count);
774 return fp;
775
776 err_out:
777 kmem_cache_free(filp_cache, fp);
778 return ERR_PTR(ret);
779 }
780
ksmbd_update_fstate(struct ksmbd_file_table * ft,struct ksmbd_file * fp,unsigned int state)781 void ksmbd_update_fstate(struct ksmbd_file_table *ft, struct ksmbd_file *fp,
782 unsigned int state)
783 {
784 if (!fp)
785 return;
786
787 write_lock(&ft->lock);
788 fp->f_state = state;
789 write_unlock(&ft->lock);
790 }
791
792 static int
__close_file_table_ids(struct ksmbd_session * sess,struct ksmbd_tree_connect * tcon,bool (* skip)(struct ksmbd_tree_connect * tcon,struct ksmbd_file * fp,struct ksmbd_user * user))793 __close_file_table_ids(struct ksmbd_session *sess,
794 struct ksmbd_tree_connect *tcon,
795 bool (*skip)(struct ksmbd_tree_connect *tcon,
796 struct ksmbd_file *fp,
797 struct ksmbd_user *user))
798 {
799 struct ksmbd_file_table *ft = &sess->file_table;
800 struct ksmbd_file *fp;
801 unsigned int id = 0;
802 int num = 0;
803
804 while (1) {
805 write_lock(&ft->lock);
806 fp = idr_get_next(ft->idr, &id);
807 if (!fp) {
808 write_unlock(&ft->lock);
809 break;
810 }
811
812 if (skip(tcon, fp, sess->user) ||
813 !atomic_dec_and_test(&fp->refcount)) {
814 id++;
815 write_unlock(&ft->lock);
816 continue;
817 }
818
819 set_close_state_blocked_works(fp);
820 idr_remove(ft->idr, fp->volatile_id);
821 fp->volatile_id = KSMBD_NO_FID;
822 write_unlock(&ft->lock);
823
824 down_write(&fp->f_ci->m_lock);
825 list_del_init(&fp->node);
826 up_write(&fp->f_ci->m_lock);
827
828 __ksmbd_close_fd(ft, fp);
829
830 num++;
831 id++;
832 }
833
834 return num;
835 }
836
is_reconnectable(struct ksmbd_file * fp)837 static inline bool is_reconnectable(struct ksmbd_file *fp)
838 {
839 struct oplock_info *opinfo = opinfo_get(fp);
840 bool reconn = false;
841
842 if (!opinfo)
843 return false;
844
845 if (opinfo->op_state != OPLOCK_STATE_NONE) {
846 opinfo_put(opinfo);
847 return false;
848 }
849
850 if (fp->is_resilient || fp->is_persistent)
851 reconn = true;
852 else if (fp->is_durable && opinfo->is_lease &&
853 opinfo->o_lease->state & SMB2_LEASE_HANDLE_CACHING_LE)
854 reconn = true;
855
856 else if (fp->is_durable && opinfo->level == SMB2_OPLOCK_LEVEL_BATCH)
857 reconn = true;
858
859 opinfo_put(opinfo);
860 return reconn;
861 }
862
tree_conn_fd_check(struct ksmbd_tree_connect * tcon,struct ksmbd_file * fp,struct ksmbd_user * user)863 static bool tree_conn_fd_check(struct ksmbd_tree_connect *tcon,
864 struct ksmbd_file *fp,
865 struct ksmbd_user *user)
866 {
867 return fp->tcon != tcon;
868 }
869
ksmbd_durable_scavenger_alive(void)870 static bool ksmbd_durable_scavenger_alive(void)
871 {
872 if (!durable_scavenger_running)
873 return false;
874
875 if (kthread_should_stop())
876 return false;
877
878 if (idr_is_empty(global_ft.idr))
879 return false;
880
881 return true;
882 }
883
ksmbd_scavenger_dispose_dh(struct list_head * head)884 static void ksmbd_scavenger_dispose_dh(struct list_head *head)
885 {
886 while (!list_empty(head)) {
887 struct ksmbd_file *fp;
888
889 fp = list_first_entry(head, struct ksmbd_file, node);
890 list_del_init(&fp->node);
891 __ksmbd_close_fd(NULL, fp);
892 }
893 }
894
ksmbd_durable_scavenger(void * dummy)895 static int ksmbd_durable_scavenger(void *dummy)
896 {
897 struct ksmbd_file *fp = NULL;
898 unsigned int id;
899 unsigned int min_timeout = 1;
900 bool found_fp_timeout;
901 LIST_HEAD(scavenger_list);
902 unsigned long remaining_jiffies;
903
904 __module_get(THIS_MODULE);
905
906 set_freezable();
907 while (ksmbd_durable_scavenger_alive()) {
908 if (try_to_freeze())
909 continue;
910
911 found_fp_timeout = false;
912
913 remaining_jiffies = wait_event_timeout(dh_wq,
914 ksmbd_durable_scavenger_alive() == false,
915 __msecs_to_jiffies(min_timeout));
916 if (remaining_jiffies)
917 min_timeout = jiffies_to_msecs(remaining_jiffies);
918 else
919 min_timeout = DURABLE_HANDLE_MAX_TIMEOUT;
920
921 write_lock(&global_ft.lock);
922 idr_for_each_entry(global_ft.idr, fp, id) {
923 if (!fp->durable_timeout)
924 continue;
925
926 if (atomic_read(&fp->refcount) > 1 ||
927 fp->conn)
928 continue;
929
930 found_fp_timeout = true;
931 if (fp->durable_scavenger_timeout <=
932 jiffies_to_msecs(jiffies)) {
933 __ksmbd_remove_durable_fd(fp);
934 list_add(&fp->node, &scavenger_list);
935 } else {
936 unsigned long durable_timeout;
937
938 durable_timeout =
939 fp->durable_scavenger_timeout -
940 jiffies_to_msecs(jiffies);
941
942 if (min_timeout > durable_timeout)
943 min_timeout = durable_timeout;
944 }
945 }
946 write_unlock(&global_ft.lock);
947
948 ksmbd_scavenger_dispose_dh(&scavenger_list);
949
950 if (found_fp_timeout == false)
951 break;
952 }
953
954 durable_scavenger_running = false;
955
956 module_put(THIS_MODULE);
957
958 return 0;
959 }
960
ksmbd_launch_ksmbd_durable_scavenger(void)961 void ksmbd_launch_ksmbd_durable_scavenger(void)
962 {
963 if (!(server_conf.flags & KSMBD_GLOBAL_FLAG_DURABLE_HANDLE))
964 return;
965
966 mutex_lock(&durable_scavenger_lock);
967 if (durable_scavenger_running == true) {
968 mutex_unlock(&durable_scavenger_lock);
969 return;
970 }
971
972 durable_scavenger_running = true;
973
974 server_conf.dh_task = kthread_run(ksmbd_durable_scavenger,
975 (void *)NULL, "ksmbd-durable-scavenger");
976 if (IS_ERR(server_conf.dh_task))
977 pr_err("cannot start conn thread, err : %ld\n",
978 PTR_ERR(server_conf.dh_task));
979 mutex_unlock(&durable_scavenger_lock);
980 }
981
ksmbd_stop_durable_scavenger(void)982 void ksmbd_stop_durable_scavenger(void)
983 {
984 if (!(server_conf.flags & KSMBD_GLOBAL_FLAG_DURABLE_HANDLE))
985 return;
986
987 mutex_lock(&durable_scavenger_lock);
988 if (!durable_scavenger_running) {
989 mutex_unlock(&durable_scavenger_lock);
990 return;
991 }
992
993 durable_scavenger_running = false;
994 if (waitqueue_active(&dh_wq))
995 wake_up(&dh_wq);
996 mutex_unlock(&durable_scavenger_lock);
997 kthread_stop(server_conf.dh_task);
998 }
999
1000 /*
1001 * ksmbd_vfs_copy_durable_owner - Copy owner info for durable reconnect
1002 * @fp: ksmbd file pointer to store owner info
1003 * @user: user pointer to copy from
1004 *
1005 * This function binds the current user's identity to the file handle
1006 * to satisfy MS-SMB2 Step 8 (SecurityContext matching) during reconnect.
1007 *
1008 * Return: 0 on success, or negative error code on failure
1009 */
ksmbd_vfs_copy_durable_owner(struct ksmbd_file * fp,struct ksmbd_user * user)1010 static int ksmbd_vfs_copy_durable_owner(struct ksmbd_file *fp,
1011 struct ksmbd_user *user)
1012 {
1013 if (!user)
1014 return -EINVAL;
1015
1016 /* Duplicate the user name to ensure identity persistence */
1017 fp->owner.name = kstrdup(user->name, GFP_KERNEL);
1018 if (!fp->owner.name)
1019 return -ENOMEM;
1020
1021 fp->owner.uid = user->uid;
1022 fp->owner.gid = user->gid;
1023
1024 return 0;
1025 }
1026
1027 /**
1028 * ksmbd_vfs_compare_durable_owner - Verify if the requester is original owner
1029 * @fp: existing ksmbd file pointer
1030 * @user: user pointer of the reconnect requester
1031 *
1032 * Compares the UID, GID, and name of the current requester against the
1033 * original owner stored in the file handle.
1034 *
1035 * Return: true if the user matches, false otherwise
1036 */
ksmbd_vfs_compare_durable_owner(struct ksmbd_file * fp,struct ksmbd_user * user)1037 bool ksmbd_vfs_compare_durable_owner(struct ksmbd_file *fp,
1038 struct ksmbd_user *user)
1039 {
1040 if (!user || !fp->owner.name)
1041 return false;
1042
1043 /* Check if the UID and GID match first (fast path) */
1044 if (fp->owner.uid != user->uid || fp->owner.gid != user->gid)
1045 return false;
1046
1047 /* Validate the account name to ensure the same SecurityContext */
1048 if (strcmp(fp->owner.name, user->name))
1049 return false;
1050
1051 return true;
1052 }
1053
session_fd_check(struct ksmbd_tree_connect * tcon,struct ksmbd_file * fp,struct ksmbd_user * user)1054 static bool session_fd_check(struct ksmbd_tree_connect *tcon,
1055 struct ksmbd_file *fp, struct ksmbd_user *user)
1056 {
1057 struct ksmbd_inode *ci;
1058 struct oplock_info *op;
1059 struct ksmbd_conn *conn;
1060 struct ksmbd_lock *smb_lock, *tmp_lock;
1061
1062 if (!is_reconnectable(fp))
1063 return false;
1064
1065 if (ksmbd_vfs_copy_durable_owner(fp, user))
1066 return false;
1067
1068 conn = fp->conn;
1069 ci = fp->f_ci;
1070 down_write(&ci->m_lock);
1071 list_for_each_entry_rcu(op, &ci->m_op_list, op_entry) {
1072 if (op->conn != conn)
1073 continue;
1074 if (op->conn && atomic_dec_and_test(&op->conn->refcnt))
1075 kfree(op->conn);
1076 op->conn = NULL;
1077 }
1078 up_write(&ci->m_lock);
1079
1080 list_for_each_entry_safe(smb_lock, tmp_lock, &fp->lock_list, flist) {
1081 spin_lock(&fp->conn->llist_lock);
1082 list_del_init(&smb_lock->clist);
1083 spin_unlock(&fp->conn->llist_lock);
1084 }
1085
1086 fp->conn = NULL;
1087 fp->tcon = NULL;
1088 fp->volatile_id = KSMBD_NO_FID;
1089
1090 if (fp->durable_timeout)
1091 fp->durable_scavenger_timeout =
1092 jiffies_to_msecs(jiffies) + fp->durable_timeout;
1093
1094 return true;
1095 }
1096
ksmbd_close_tree_conn_fds(struct ksmbd_work * work)1097 void ksmbd_close_tree_conn_fds(struct ksmbd_work *work)
1098 {
1099 int num = __close_file_table_ids(work->sess,
1100 work->tcon,
1101 tree_conn_fd_check);
1102
1103 atomic_sub(num, &work->conn->stats.open_files_count);
1104 }
1105
ksmbd_close_session_fds(struct ksmbd_work * work)1106 void ksmbd_close_session_fds(struct ksmbd_work *work)
1107 {
1108 int num = __close_file_table_ids(work->sess,
1109 work->tcon,
1110 session_fd_check);
1111
1112 atomic_sub(num, &work->conn->stats.open_files_count);
1113 }
1114
ksmbd_init_global_file_table(void)1115 int ksmbd_init_global_file_table(void)
1116 {
1117 create_proc_files();
1118 return ksmbd_init_file_table(&global_ft);
1119 }
1120
ksmbd_free_global_file_table(void)1121 void ksmbd_free_global_file_table(void)
1122 {
1123 struct ksmbd_file *fp = NULL;
1124 unsigned int id;
1125
1126 idr_for_each_entry(global_ft.idr, fp, id) {
1127 ksmbd_remove_durable_fd(fp);
1128 __ksmbd_close_fd(NULL, fp);
1129 }
1130
1131 idr_destroy(global_ft.idr);
1132 kfree(global_ft.idr);
1133 }
1134
ksmbd_validate_name_reconnect(struct ksmbd_share_config * share,struct ksmbd_file * fp,char * name)1135 int ksmbd_validate_name_reconnect(struct ksmbd_share_config *share,
1136 struct ksmbd_file *fp, char *name)
1137 {
1138 char *pathname, *ab_pathname;
1139 int ret = 0;
1140
1141 pathname = kmalloc(PATH_MAX, KSMBD_DEFAULT_GFP);
1142 if (!pathname)
1143 return -EACCES;
1144
1145 ab_pathname = d_path(&fp->filp->f_path, pathname, PATH_MAX);
1146 if (IS_ERR(ab_pathname)) {
1147 kfree(pathname);
1148 return -EACCES;
1149 }
1150
1151 if (name && strcmp(&ab_pathname[share->path_sz + 1], name)) {
1152 ksmbd_debug(SMB, "invalid name reconnect %s\n", name);
1153 ret = -EINVAL;
1154 }
1155
1156 kfree(pathname);
1157
1158 return ret;
1159 }
1160
ksmbd_reopen_durable_fd(struct ksmbd_work * work,struct ksmbd_file * fp)1161 int ksmbd_reopen_durable_fd(struct ksmbd_work *work, struct ksmbd_file *fp)
1162 {
1163 struct ksmbd_inode *ci;
1164 struct oplock_info *op;
1165 struct ksmbd_conn *conn = work->conn;
1166 struct ksmbd_lock *smb_lock;
1167 unsigned int old_f_state;
1168
1169 if (!fp->is_durable || fp->conn || fp->tcon) {
1170 pr_err("Invalid durable fd [%p:%p]\n", fp->conn, fp->tcon);
1171 return -EBADF;
1172 }
1173
1174 if (has_file_id(fp->volatile_id)) {
1175 pr_err("Still in use durable fd: %llu\n", fp->volatile_id);
1176 return -EBADF;
1177 }
1178
1179 old_f_state = fp->f_state;
1180 fp->f_state = FP_NEW;
1181 __open_id(&work->sess->file_table, fp, OPEN_ID_TYPE_VOLATILE_ID);
1182 if (!has_file_id(fp->volatile_id)) {
1183 fp->f_state = old_f_state;
1184 return -EBADF;
1185 }
1186
1187 fp->conn = conn;
1188 fp->tcon = work->tcon;
1189
1190 list_for_each_entry(smb_lock, &fp->lock_list, flist) {
1191 spin_lock(&conn->llist_lock);
1192 list_add_tail(&smb_lock->clist, &conn->lock_list);
1193 spin_unlock(&conn->llist_lock);
1194 }
1195
1196 ci = fp->f_ci;
1197 down_write(&ci->m_lock);
1198 list_for_each_entry_rcu(op, &ci->m_op_list, op_entry) {
1199 if (op->conn)
1200 continue;
1201 op->conn = fp->conn;
1202 atomic_inc(&op->conn->refcnt);
1203 }
1204 up_write(&ci->m_lock);
1205
1206 fp->owner.uid = fp->owner.gid = 0;
1207 kfree(fp->owner.name);
1208 fp->owner.name = NULL;
1209
1210 return 0;
1211 }
1212
ksmbd_init_file_table(struct ksmbd_file_table * ft)1213 int ksmbd_init_file_table(struct ksmbd_file_table *ft)
1214 {
1215 ft->idr = kzalloc_obj(struct idr, KSMBD_DEFAULT_GFP);
1216 if (!ft->idr)
1217 return -ENOMEM;
1218
1219 idr_init(ft->idr);
1220 rwlock_init(&ft->lock);
1221 return 0;
1222 }
1223
ksmbd_destroy_file_table(struct ksmbd_session * sess)1224 void ksmbd_destroy_file_table(struct ksmbd_session *sess)
1225 {
1226 struct ksmbd_file_table *ft = &sess->file_table;
1227
1228 if (!ft->idr)
1229 return;
1230
1231 __close_file_table_ids(sess, NULL, session_fd_check);
1232 idr_destroy(ft->idr);
1233 kfree(ft->idr);
1234 ft->idr = NULL;
1235 }
1236
ksmbd_init_file_cache(void)1237 int ksmbd_init_file_cache(void)
1238 {
1239 filp_cache = kmem_cache_create("ksmbd_file_cache",
1240 sizeof(struct ksmbd_file), 0,
1241 SLAB_HWCACHE_ALIGN, NULL);
1242 if (!filp_cache)
1243 goto out;
1244
1245 init_waitqueue_head(&dh_wq);
1246
1247 return 0;
1248
1249 out:
1250 pr_err("failed to allocate file cache\n");
1251 return -ENOMEM;
1252 }
1253
ksmbd_exit_file_cache(void)1254 void ksmbd_exit_file_cache(void)
1255 {
1256 kmem_cache_destroy(filp_cache);
1257 }
1258