1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org>
4 * Copyright (C) 2018 Samsung Electronics Co., Ltd.
5 */
6
7#include "glob.h"
8#include "oplock.h"
9#include "misc.h"
10#include <linux/sched/signal.h>
11#include <linux/workqueue.h>
12#include <linux/sysfs.h>
13#include <linux/module.h>
14#include <linux/moduleparam.h>
15
16#include "server.h"
17#include "smb_common.h"
18#include "smbstatus.h"
19#include "connection.h"
20#include "transport_ipc.h"
21#include "mgmt/user_session.h"
22#include "crypto_ctx.h"
23#include "auth.h"
24
25int ksmbd_debug_types;
26
27struct ksmbd_server_config server_conf;
28
29enum SERVER_CTRL_TYPE {
30 SERVER_CTRL_TYPE_INIT,
31 SERVER_CTRL_TYPE_RESET,
32};
33
34struct server_ctrl_struct {
35 int type;
36 struct work_struct ctrl_work;
37};
38
39static DEFINE_MUTEX(ctrl_lock);
40
41static int ___server_conf_set(int idx, char *val)
42{
43 if (idx >= ARRAY_SIZE(server_conf.conf))
44 return -EINVAL;
45
46 if (!val || val[0] == 0x00)
47 return -EINVAL;
48
49 kfree(objp: server_conf.conf[idx]);
50 server_conf.conf[idx] = kstrdup(s: val, GFP_KERNEL);
51 if (!server_conf.conf[idx])
52 return -ENOMEM;
53 return 0;
54}
55
56int ksmbd_set_netbios_name(char *v)
57{
58 return ___server_conf_set(idx: SERVER_CONF_NETBIOS_NAME, val: v);
59}
60
61int ksmbd_set_server_string(char *v)
62{
63 return ___server_conf_set(idx: SERVER_CONF_SERVER_STRING, val: v);
64}
65
66int ksmbd_set_work_group(char *v)
67{
68 return ___server_conf_set(idx: SERVER_CONF_WORK_GROUP, val: v);
69}
70
71char *ksmbd_netbios_name(void)
72{
73 return server_conf.conf[SERVER_CONF_NETBIOS_NAME];
74}
75
76char *ksmbd_server_string(void)
77{
78 return server_conf.conf[SERVER_CONF_SERVER_STRING];
79}
80
81char *ksmbd_work_group(void)
82{
83 return server_conf.conf[SERVER_CONF_WORK_GROUP];
84}
85
86/**
87 * check_conn_state() - check state of server thread connection
88 * @work: smb work containing server thread information
89 *
90 * Return: 0 on valid connection, otherwise 1 to reconnect
91 */
92static inline int check_conn_state(struct ksmbd_work *work)
93{
94 struct smb_hdr *rsp_hdr;
95
96 if (ksmbd_conn_exiting(conn: work->conn) ||
97 ksmbd_conn_need_reconnect(conn: work->conn)) {
98 rsp_hdr = work->response_buf;
99 rsp_hdr->Status.CifsError = STATUS_CONNECTION_DISCONNECTED;
100 return 1;
101 }
102 return 0;
103}
104
105#define SERVER_HANDLER_CONTINUE 0
106#define SERVER_HANDLER_ABORT 1
107
108static int __process_request(struct ksmbd_work *work, struct ksmbd_conn *conn,
109 u16 *cmd)
110{
111 struct smb_version_cmds *cmds;
112 u16 command;
113 int ret;
114
115 if (check_conn_state(work))
116 return SERVER_HANDLER_CONTINUE;
117
118 if (ksmbd_verify_smb_message(work)) {
119 conn->ops->set_rsp_status(work, STATUS_INVALID_PARAMETER);
120 return SERVER_HANDLER_ABORT;
121 }
122
123 command = conn->ops->get_cmd_val(work);
124 *cmd = command;
125
126andx_again:
127 if (command >= conn->max_cmds) {
128 conn->ops->set_rsp_status(work, STATUS_INVALID_PARAMETER);
129 return SERVER_HANDLER_CONTINUE;
130 }
131
132 cmds = &conn->cmds[command];
133 if (!cmds->proc) {
134 ksmbd_debug(SMB, "*** not implemented yet cmd = %x\n", command);
135 conn->ops->set_rsp_status(work, STATUS_NOT_IMPLEMENTED);
136 return SERVER_HANDLER_CONTINUE;
137 }
138
139 if (work->sess && conn->ops->is_sign_req(work, command)) {
140 ret = conn->ops->check_sign_req(work);
141 if (!ret) {
142 conn->ops->set_rsp_status(work, STATUS_ACCESS_DENIED);
143 return SERVER_HANDLER_CONTINUE;
144 }
145 }
146
147 ret = cmds->proc(work);
148
149 if (ret < 0)
150 ksmbd_debug(CONN, "Failed to process %u [%d]\n", command, ret);
151 /* AndX commands - chained request can return positive values */
152 else if (ret > 0) {
153 command = ret;
154 *cmd = command;
155 goto andx_again;
156 }
157
158 if (work->send_no_response)
159 return SERVER_HANDLER_ABORT;
160 return SERVER_HANDLER_CONTINUE;
161}
162
163static void __handle_ksmbd_work(struct ksmbd_work *work,
164 struct ksmbd_conn *conn)
165{
166 u16 command = 0;
167 int rc;
168 bool is_chained = false;
169
170 if (conn->ops->is_transform_hdr &&
171 conn->ops->is_transform_hdr(work->request_buf)) {
172 rc = conn->ops->decrypt_req(work);
173 if (rc < 0)
174 return;
175 work->encrypted = true;
176 }
177
178 if (conn->ops->allocate_rsp_buf(work))
179 return;
180
181 rc = conn->ops->init_rsp_hdr(work);
182 if (rc) {
183 /* either uid or tid is not correct */
184 conn->ops->set_rsp_status(work, STATUS_INVALID_HANDLE);
185 goto send;
186 }
187
188 do {
189 if (conn->ops->check_user_session) {
190 rc = conn->ops->check_user_session(work);
191 if (rc < 0) {
192 if (rc == -EINVAL)
193 conn->ops->set_rsp_status(work,
194 STATUS_INVALID_PARAMETER);
195 else
196 conn->ops->set_rsp_status(work,
197 STATUS_USER_SESSION_DELETED);
198 goto send;
199 } else if (rc > 0) {
200 rc = conn->ops->get_ksmbd_tcon(work);
201 if (rc < 0) {
202 if (rc == -EINVAL)
203 conn->ops->set_rsp_status(work,
204 STATUS_INVALID_PARAMETER);
205 else
206 conn->ops->set_rsp_status(work,
207 STATUS_NETWORK_NAME_DELETED);
208 goto send;
209 }
210 }
211 }
212
213 rc = __process_request(work, conn, cmd: &command);
214 if (rc == SERVER_HANDLER_ABORT)
215 break;
216
217 /*
218 * Call smb2_set_rsp_credits() function to set number of credits
219 * granted in hdr of smb2 response.
220 */
221 if (conn->ops->set_rsp_credits) {
222 spin_lock(lock: &conn->credits_lock);
223 rc = conn->ops->set_rsp_credits(work);
224 spin_unlock(lock: &conn->credits_lock);
225 if (rc < 0) {
226 conn->ops->set_rsp_status(work,
227 STATUS_INVALID_PARAMETER);
228 goto send;
229 }
230 }
231
232 is_chained = is_chained_smb2_message(work);
233
234 if (work->sess &&
235 (work->sess->sign || smb3_11_final_sess_setup_resp(work) ||
236 conn->ops->is_sign_req(work, command)))
237 conn->ops->set_sign_rsp(work);
238 } while (is_chained == true);
239
240send:
241 if (work->tcon)
242 ksmbd_tree_connect_put(tcon: work->tcon);
243 smb3_preauth_hash_rsp(work);
244 if (work->sess && work->sess->enc && work->encrypted &&
245 conn->ops->encrypt_resp) {
246 rc = conn->ops->encrypt_resp(work);
247 if (rc < 0)
248 conn->ops->set_rsp_status(work, STATUS_DATA_ERROR);
249 }
250
251 ksmbd_conn_write(work);
252}
253
254/**
255 * handle_ksmbd_work() - process pending smb work requests
256 * @wk: smb work containing request command buffer
257 *
258 * called by kworker threads to processing remaining smb work requests
259 */
260static void handle_ksmbd_work(struct work_struct *wk)
261{
262 struct ksmbd_work *work = container_of(wk, struct ksmbd_work, work);
263 struct ksmbd_conn *conn = work->conn;
264
265 atomic64_inc(v: &conn->stats.request_served);
266
267 __handle_ksmbd_work(work, conn);
268
269 ksmbd_conn_try_dequeue_request(work);
270 ksmbd_free_work_struct(work);
271 /*
272 * Checking waitqueue to dropping pending requests on
273 * disconnection. waitqueue_active is safe because it
274 * uses atomic operation for condition.
275 */
276 if (!atomic_dec_return(v: &conn->r_count) && waitqueue_active(wq_head: &conn->r_count_q))
277 wake_up(&conn->r_count_q);
278}
279
280/**
281 * queue_ksmbd_work() - queue a smb request to worker thread queue
282 * for proccessing smb command and sending response
283 * @conn: connection instance
284 *
285 * read remaining data from socket create and submit work.
286 */
287static int queue_ksmbd_work(struct ksmbd_conn *conn)
288{
289 struct ksmbd_work *work;
290 int err;
291
292 work = ksmbd_alloc_work_struct();
293 if (!work) {
294 pr_err("allocation for work failed\n");
295 return -ENOMEM;
296 }
297
298 work->conn = conn;
299 work->request_buf = conn->request_buf;
300 conn->request_buf = NULL;
301
302 err = ksmbd_init_smb_server(work);
303 if (err) {
304 ksmbd_free_work_struct(work);
305 return 0;
306 }
307
308 ksmbd_conn_enqueue_request(work);
309 atomic_inc(v: &conn->r_count);
310 /* update activity on connection */
311 conn->last_active = jiffies;
312 INIT_WORK(&work->work, handle_ksmbd_work);
313 ksmbd_queue_work(work);
314 return 0;
315}
316
317static int ksmbd_server_process_request(struct ksmbd_conn *conn)
318{
319 return queue_ksmbd_work(conn);
320}
321
322static int ksmbd_server_terminate_conn(struct ksmbd_conn *conn)
323{
324 ksmbd_sessions_deregister(conn);
325 destroy_lease_table(conn);
326 return 0;
327}
328
329static void ksmbd_server_tcp_callbacks_init(void)
330{
331 struct ksmbd_conn_ops ops;
332
333 ops.process_fn = ksmbd_server_process_request;
334 ops.terminate_fn = ksmbd_server_terminate_conn;
335
336 ksmbd_conn_init_server_callbacks(ops: &ops);
337}
338
339static void server_conf_free(void)
340{
341 int i;
342
343 for (i = 0; i < ARRAY_SIZE(server_conf.conf); i++) {
344 kfree(objp: server_conf.conf[i]);
345 server_conf.conf[i] = NULL;
346 }
347}
348
349static int server_conf_init(void)
350{
351 WRITE_ONCE(server_conf.state, SERVER_STATE_STARTING_UP);
352 server_conf.enforced_signing = 0;
353 server_conf.min_protocol = ksmbd_min_protocol();
354 server_conf.max_protocol = ksmbd_max_protocol();
355 server_conf.auth_mechs = KSMBD_AUTH_NTLMSSP;
356#ifdef CONFIG_SMB_SERVER_KERBEROS5
357 server_conf.auth_mechs |= KSMBD_AUTH_KRB5 |
358 KSMBD_AUTH_MSKRB5;
359#endif
360 return 0;
361}
362
363static void server_ctrl_handle_init(struct server_ctrl_struct *ctrl)
364{
365 int ret;
366
367 ret = ksmbd_conn_transport_init();
368 if (ret) {
369 server_queue_ctrl_reset_work();
370 return;
371 }
372
373 WRITE_ONCE(server_conf.state, SERVER_STATE_RUNNING);
374}
375
376static void server_ctrl_handle_reset(struct server_ctrl_struct *ctrl)
377{
378 ksmbd_ipc_soft_reset();
379 ksmbd_conn_transport_destroy();
380 server_conf_free();
381 server_conf_init();
382 WRITE_ONCE(server_conf.state, SERVER_STATE_STARTING_UP);
383}
384
385static void server_ctrl_handle_work(struct work_struct *work)
386{
387 struct server_ctrl_struct *ctrl;
388
389 ctrl = container_of(work, struct server_ctrl_struct, ctrl_work);
390
391 mutex_lock(&ctrl_lock);
392 switch (ctrl->type) {
393 case SERVER_CTRL_TYPE_INIT:
394 server_ctrl_handle_init(ctrl);
395 break;
396 case SERVER_CTRL_TYPE_RESET:
397 server_ctrl_handle_reset(ctrl);
398 break;
399 default:
400 pr_err("Unknown server work type: %d\n", ctrl->type);
401 }
402 mutex_unlock(lock: &ctrl_lock);
403 kfree(objp: ctrl);
404 module_put(THIS_MODULE);
405}
406
407static int __queue_ctrl_work(int type)
408{
409 struct server_ctrl_struct *ctrl;
410
411 ctrl = kmalloc(size: sizeof(struct server_ctrl_struct), GFP_KERNEL);
412 if (!ctrl)
413 return -ENOMEM;
414
415 __module_get(THIS_MODULE);
416 ctrl->type = type;
417 INIT_WORK(&ctrl->ctrl_work, server_ctrl_handle_work);
418 queue_work(wq: system_long_wq, work: &ctrl->ctrl_work);
419 return 0;
420}
421
422int server_queue_ctrl_init_work(void)
423{
424 return __queue_ctrl_work(type: SERVER_CTRL_TYPE_INIT);
425}
426
427int server_queue_ctrl_reset_work(void)
428{
429 return __queue_ctrl_work(type: SERVER_CTRL_TYPE_RESET);
430}
431
432static ssize_t stats_show(const struct class *class, const struct class_attribute *attr,
433 char *buf)
434{
435 /*
436 * Inc this each time you change stats output format,
437 * so user space will know what to do.
438 */
439 static int stats_version = 2;
440 static const char * const state[] = {
441 "startup",
442 "running",
443 "reset",
444 "shutdown"
445 };
446 return sysfs_emit(buf, fmt: "%d %s %d %lu\n", stats_version,
447 state[server_conf.state], server_conf.tcp_port,
448 server_conf.ipc_last_active / HZ);
449}
450
451static ssize_t kill_server_store(const struct class *class,
452 const struct class_attribute *attr, const char *buf,
453 size_t len)
454{
455 if (!sysfs_streq(s1: buf, s2: "hard"))
456 return len;
457
458 pr_info("kill command received\n");
459 mutex_lock(&ctrl_lock);
460 WRITE_ONCE(server_conf.state, SERVER_STATE_RESETTING);
461 __module_get(THIS_MODULE);
462 server_ctrl_handle_reset(NULL);
463 module_put(THIS_MODULE);
464 mutex_unlock(lock: &ctrl_lock);
465 return len;
466}
467
468static const char * const debug_type_strings[] = {"smb", "auth", "vfs",
469 "oplock", "ipc", "conn",
470 "rdma"};
471
472static ssize_t debug_show(const struct class *class, const struct class_attribute *attr,
473 char *buf)
474{
475 ssize_t sz = 0;
476 int i, pos = 0;
477
478 for (i = 0; i < ARRAY_SIZE(debug_type_strings); i++) {
479 if ((ksmbd_debug_types >> i) & 1) {
480 pos = sysfs_emit_at(buf, at: sz, fmt: "[%s] ", debug_type_strings[i]);
481 } else {
482 pos = sysfs_emit_at(buf, at: sz, fmt: "%s ", debug_type_strings[i]);
483 }
484 sz += pos;
485 }
486 sz += sysfs_emit_at(buf, at: sz, fmt: "\n");
487 return sz;
488}
489
490static ssize_t debug_store(const struct class *class, const struct class_attribute *attr,
491 const char *buf, size_t len)
492{
493 int i;
494
495 for (i = 0; i < ARRAY_SIZE(debug_type_strings); i++) {
496 if (sysfs_streq(s1: buf, s2: "all")) {
497 if (ksmbd_debug_types == KSMBD_DEBUG_ALL)
498 ksmbd_debug_types = 0;
499 else
500 ksmbd_debug_types = KSMBD_DEBUG_ALL;
501 break;
502 }
503
504 if (sysfs_streq(s1: buf, s2: debug_type_strings[i])) {
505 if (ksmbd_debug_types & (1 << i))
506 ksmbd_debug_types &= ~(1 << i);
507 else
508 ksmbd_debug_types |= (1 << i);
509 break;
510 }
511 }
512
513 return len;
514}
515
516static CLASS_ATTR_RO(stats);
517static CLASS_ATTR_WO(kill_server);
518static CLASS_ATTR_RW(debug);
519
520static struct attribute *ksmbd_control_class_attrs[] = {
521 &class_attr_stats.attr,
522 &class_attr_kill_server.attr,
523 &class_attr_debug.attr,
524 NULL,
525};
526ATTRIBUTE_GROUPS(ksmbd_control_class);
527
528static struct class ksmbd_control_class = {
529 .name = "ksmbd-control",
530 .class_groups = ksmbd_control_class_groups,
531};
532
533static int ksmbd_server_shutdown(void)
534{
535 WRITE_ONCE(server_conf.state, SERVER_STATE_SHUTTING_DOWN);
536
537 class_unregister(class: &ksmbd_control_class);
538 ksmbd_workqueue_destroy();
539 ksmbd_ipc_release();
540 ksmbd_conn_transport_destroy();
541 ksmbd_crypto_destroy();
542 ksmbd_free_global_file_table();
543 destroy_lease_table(NULL);
544 ksmbd_work_pool_destroy();
545 ksmbd_exit_file_cache();
546 server_conf_free();
547 return 0;
548}
549
550static int __init ksmbd_server_init(void)
551{
552 int ret;
553
554 ret = class_register(class: &ksmbd_control_class);
555 if (ret) {
556 pr_err("Unable to register ksmbd-control class\n");
557 return ret;
558 }
559
560 ksmbd_server_tcp_callbacks_init();
561
562 ret = server_conf_init();
563 if (ret)
564 goto err_unregister;
565
566 ret = ksmbd_work_pool_init();
567 if (ret)
568 goto err_unregister;
569
570 ret = ksmbd_init_file_cache();
571 if (ret)
572 goto err_destroy_work_pools;
573
574 ret = ksmbd_ipc_init();
575 if (ret)
576 goto err_exit_file_cache;
577
578 ret = ksmbd_init_global_file_table();
579 if (ret)
580 goto err_ipc_release;
581
582 ret = ksmbd_inode_hash_init();
583 if (ret)
584 goto err_destroy_file_table;
585
586 ret = ksmbd_crypto_create();
587 if (ret)
588 goto err_release_inode_hash;
589
590 ret = ksmbd_workqueue_init();
591 if (ret)
592 goto err_crypto_destroy;
593
594 return 0;
595
596err_crypto_destroy:
597 ksmbd_crypto_destroy();
598err_release_inode_hash:
599 ksmbd_release_inode_hash();
600err_destroy_file_table:
601 ksmbd_free_global_file_table();
602err_ipc_release:
603 ksmbd_ipc_release();
604err_exit_file_cache:
605 ksmbd_exit_file_cache();
606err_destroy_work_pools:
607 ksmbd_work_pool_destroy();
608err_unregister:
609 class_unregister(class: &ksmbd_control_class);
610
611 return ret;
612}
613
614/**
615 * ksmbd_server_exit() - shutdown forker thread and free memory at module exit
616 */
617static void __exit ksmbd_server_exit(void)
618{
619 ksmbd_server_shutdown();
620 rcu_barrier();
621 ksmbd_release_inode_hash();
622}
623
624MODULE_AUTHOR("Namjae Jeon <linkinjeon@kernel.org>");
625MODULE_DESCRIPTION("Linux kernel CIFS/SMB SERVER");
626MODULE_LICENSE("GPL");
627MODULE_SOFTDEP("pre: ecb");
628MODULE_SOFTDEP("pre: hmac");
629MODULE_SOFTDEP("pre: md5");
630MODULE_SOFTDEP("pre: nls");
631MODULE_SOFTDEP("pre: aes");
632MODULE_SOFTDEP("pre: cmac");
633MODULE_SOFTDEP("pre: sha256");
634MODULE_SOFTDEP("pre: sha512");
635MODULE_SOFTDEP("pre: aead2");
636MODULE_SOFTDEP("pre: ccm");
637MODULE_SOFTDEP("pre: gcm");
638MODULE_SOFTDEP("pre: crc32");
639module_init(ksmbd_server_init)
640module_exit(ksmbd_server_exit)
641

source code of linux/fs/smb/server/server.c