add new system file

hc

2024-02-20 102a0743326a03cd1a1202ceda21e175b7d3575c

 kernel/fs/cifs/smb2transport.c
..
..
@@ -41,14 +41,6 @@
41
41
 #include "smb2glob.h"
42
42
 
43
43
 static int
44
-smb2_crypto_shash_allocate(struct TCP_Server_Info *server)
45
-{
46
-	return cifs_alloc_hash("hmac(sha256)",
47
-			       &server->secmech.hmacsha256,
48
-			       &server->secmech.sdeschmacsha256);
49
-}
50
-
51
-static int
52
44
 smb3_crypto_shash_allocate(struct TCP_Server_Info *server)
53
45
 {
54
46
 	struct cifs_secmech *p = &server->secmech;
..
..
@@ -95,6 +87,62 @@
95
87
 err:
96
88
 	cifs_free_hash(&p->cmacaes, &p->sdesccmacaes);
97
89
 	cifs_free_hash(&p->hmacsha256, &p->sdeschmacsha256);
90
+	return rc;
91
+}
92
+
93
+
94
+static
95
+int smb2_get_sign_key(__u64 ses_id, struct TCP_Server_Info *server, u8 *key)
96
+{
97
+	struct cifs_chan *chan;
98
+	struct cifs_ses *ses = NULL;
99
+	struct TCP_Server_Info *it = NULL;
100
+	int i;
101
+	int rc = 0;
102
+
103
+	spin_lock(&cifs_tcp_ses_lock);
104
+
105
+	list_for_each_entry(it, &cifs_tcp_ses_list, tcp_ses_list) {
106
+		list_for_each_entry(ses, &it->smb_ses_list, smb_ses_list) {
107
+			if (ses->Suid == ses_id)
108
+				goto found;
109
+		}
110
+	}
111
+	cifs_server_dbg(VFS, "%s: Could not find session 0x%llx\n",
112
+			__func__, ses_id);
113
+	rc = -ENOENT;
114
+	goto out;
115
+
116
+found:
117
+	if (ses->binding) {
118
+		/*
119
+		 * If we are in the process of binding a new channel
120
+		 * to an existing session, use the master connection
121
+		 * session key
122
+		 */
123
+		memcpy(key, ses->smb3signingkey, SMB3_SIGN_KEY_SIZE);
124
+		goto out;
125
+	}
126
+
127
+	/*
128
+	 * Otherwise, use the channel key.
129
+	 */
130
+
131
+	for (i = 0; i < ses->chan_count; i++) {
132
+		chan = ses->chans + i;
133
+		if (chan->server == server) {
134
+			memcpy(key, chan->signkey, SMB3_SIGN_KEY_SIZE);
135
+			goto out;
136
+		}
137
+	}
138
+
139
+	cifs_dbg(VFS,
140
+		 "%s: Could not find channel signing key for session 0x%llx\n",
141
+		 __func__, ses_id);
142
+	rc = -ENOENT;
143
+
144
+out:
145
+	spin_unlock(&cifs_tcp_ses_lock);
98
146
 	return rc;
99
147
 }
100
148
 
..
..
@@ -163,7 +211,8 @@
163
211
 }
164
212
 
165
213
 int
166
-smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
214
+smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,
215
+			bool allocate_crypto)
167
216
 {
168
217
 	int rc;
169
218
 	unsigned char smb2_signature[SMB2_HMACSHA256_SIZE];
..
..
@@ -172,35 +221,45 @@
172
221
 	struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[0].iov_base;
173
222
 	struct cifs_ses *ses;
174
223
 	struct shash_desc *shash;
224
+	struct crypto_shash *hash;
225
+	struct sdesc *sdesc = NULL;
175
226
 	struct smb_rqst drqst;
176
227
 
177
228
 	ses = smb2_find_smb_ses(server, shdr->SessionId);
178
229
 	if (!ses) {
179
-		cifs_dbg(VFS, "%s: Could not find session\n", __func__);
230
+		cifs_server_dbg(VFS, "%s: Could not find session\n", __func__);
180
231
 		return 0;
181
232
 	}
182
233
 
183
234
 	memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE);
184
235
 	memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE);
185
236
 
186
-	rc = smb2_crypto_shash_allocate(server);
187
-	if (rc) {
188
-		cifs_dbg(VFS, "%s: sha256 alloc failed\n", __func__);
189
-		return rc;
237
+	if (allocate_crypto) {
238
+		rc = cifs_alloc_hash("hmac(sha256)", &hash, &sdesc);
239
+		if (rc) {
240
+			cifs_server_dbg(VFS,
241
+					"%s: sha256 alloc failed\n", __func__);
242
+			return rc;
243
+		}
244
+		shash = &sdesc->shash;
245
+	} else {
246
+		hash = server->secmech.hmacsha256;
247
+		shash = &server->secmech.sdeschmacsha256->shash;
190
248
 	}
191
249
 
192
-	rc = crypto_shash_setkey(server->secmech.hmacsha256,
193
-				 ses->auth_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
250
+	rc = crypto_shash_setkey(hash, ses->auth_key.response,
251
+			SMB2_NTLMV2_SESSKEY_SIZE);
194
252
 	if (rc) {
195
-		cifs_dbg(VFS, "%s: Could not update with response\n", __func__);
196
-		return rc;
253
+		cifs_server_dbg(VFS,
254
+				"%s: Could not update with response\n",
255
+				__func__);
256
+		goto out;
197
257
 	}
198
258
 
199
-	shash = &server->secmech.sdeschmacsha256->shash;
200
259
 	rc = crypto_shash_init(shash);
201
260
 	if (rc) {
202
-		cifs_dbg(VFS, "%s: Could not init sha256", __func__);
203
-		return rc;
261
+		cifs_server_dbg(VFS, "%s: Could not init sha256", __func__);
262
+		goto out;
204
263
 	}
205
264
 
206
265
 	/*
..
..
@@ -215,9 +274,10 @@
215
274
 		rc = crypto_shash_update(shash, iov[0].iov_base,
216
275
 					 iov[0].iov_len);
217
276
 		if (rc) {
218
-			cifs_dbg(VFS, "%s: Could not update with payload\n",
219
-				 __func__);
220
-			return rc;
277
+			cifs_server_dbg(VFS,
278
+					"%s: Could not update with payload\n",
279
+					__func__);
280
+			goto out;
221
281
 		}
222
282
 		drqst.rq_iov++;
223
283
 		drqst.rq_nvec--;
..
..
@@ -227,6 +287,9 @@
227
287
 	if (!rc)
228
288
 		memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE);
229
289
 
290
+out:
291
+	if (allocate_crypto)
292
+		cifs_free_hash(&hash, &sdesc);
230
293
 	return rc;
231
294
 }
232
295
 
..
..
@@ -235,72 +298,80 @@
235
298
 {
236
299
 	unsigned char zero = 0x0;
237
300
 	__u8 i[4] = {0, 0, 0, 1};
238
-	__u8 L[4] = {0, 0, 0, 128};
301
+	__u8 L128[4] = {0, 0, 0, 128};
302
+	__u8 L256[4] = {0, 0, 1, 0};
239
303
 	int rc = 0;
240
304
 	unsigned char prfhash[SMB2_HMACSHA256_SIZE];
241
305
 	unsigned char *hashptr = prfhash;
306
+	struct TCP_Server_Info *server = ses->server;
242
307
 
243
308
 	memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
244
309
 	memset(key, 0x0, key_size);
245
310
 
246
-	rc = smb3_crypto_shash_allocate(ses->server);
311
+	rc = smb3_crypto_shash_allocate(server);
247
312
 	if (rc) {
248
-		cifs_dbg(VFS, "%s: crypto alloc failed\n", __func__);
313
+		cifs_server_dbg(VFS, "%s: crypto alloc failed\n", __func__);
249
314
 		goto smb3signkey_ret;
250
315
 	}
251
316
 
252
-	rc = crypto_shash_setkey(ses->server->secmech.hmacsha256,
317
+	rc = crypto_shash_setkey(server->secmech.hmacsha256,
253
318
 		ses->auth_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
254
319
 	if (rc) {
255
-		cifs_dbg(VFS, "%s: Could not set with session key\n", __func__);
320
+		cifs_server_dbg(VFS, "%s: Could not set with session key\n", __func__);
256
321
 		goto smb3signkey_ret;
257
322
 	}
258
323
 
259
-	rc = crypto_shash_init(&ses->server->secmech.sdeschmacsha256->shash);
324
+	rc = crypto_shash_init(&server->secmech.sdeschmacsha256->shash);
260
325
 	if (rc) {
261
-		cifs_dbg(VFS, "%s: Could not init sign hmac\n", __func__);
326
+		cifs_server_dbg(VFS, "%s: Could not init sign hmac\n", __func__);
262
327
 		goto smb3signkey_ret;
263
328
 	}
264
329
 
265
-	rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
330
+	rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
266
331
 				i, 4);
267
332
 	if (rc) {
268
-		cifs_dbg(VFS, "%s: Could not update with n\n", __func__);
333
+		cifs_server_dbg(VFS, "%s: Could not update with n\n", __func__);
269
334
 		goto smb3signkey_ret;
270
335
 	}
271
336
 
272
-	rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
337
+	rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
273
338
 				label.iov_base, label.iov_len);
274
339
 	if (rc) {
275
-		cifs_dbg(VFS, "%s: Could not update with label\n", __func__);
340
+		cifs_server_dbg(VFS, "%s: Could not update with label\n", __func__);
276
341
 		goto smb3signkey_ret;
277
342
 	}
278
343
 
279
-	rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
344
+	rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
280
345
 				&zero, 1);
281
346
 	if (rc) {
282
-		cifs_dbg(VFS, "%s: Could not update with zero\n", __func__);
347
+		cifs_server_dbg(VFS, "%s: Could not update with zero\n", __func__);
283
348
 		goto smb3signkey_ret;
284
349
 	}
285
350
 
286
-	rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
351
+	rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
287
352
 				context.iov_base, context.iov_len);
288
353
 	if (rc) {
289
-		cifs_dbg(VFS, "%s: Could not update with context\n", __func__);
354
+		cifs_server_dbg(VFS, "%s: Could not update with context\n", __func__);
290
355
 		goto smb3signkey_ret;
291
356
 	}
292
357
 
293
-	rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
294
-				L, 4);
358
+	if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) ||
359
+		(server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) {
360
+		rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
361
+				L256, 4);
362
+	} else {
363
+		rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash,
364
+				L128, 4);
365
+	}
295
366
 	if (rc) {
296
-		cifs_dbg(VFS, "%s: Could not update with L\n", __func__);
367
+		cifs_server_dbg(VFS, "%s: Could not update with L\n", __func__);
297
368
 		goto smb3signkey_ret;
298
369
 	}
299
370
 
300
-	rc = crypto_shash_final(&ses->server->secmech.sdeschmacsha256->shash,
371
+	rc = crypto_shash_final(&server->secmech.sdeschmacsha256->shash,
301
372
 				hashptr);
302
373
 	if (rc) {
303
-		cifs_dbg(VFS, "%s: Could not generate sha256 hash\n", __func__);
374
+		cifs_server_dbg(VFS, "%s: Could not generate sha256 hash\n", __func__);
304
375
 		goto smb3signkey_ret;
305
376
 	}
306
377
 
..
..
@@ -326,22 +397,49 @@
326
397
 			const struct derivation_triplet *ptriplet)
327
398
 {
328
399
 	int rc;
400
+#ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS
401
+	struct TCP_Server_Info *server = ses->server;
402
+#endif
329
403
 
330
-	rc = generate_key(ses, ptriplet->signing.label,
331
-			  ptriplet->signing.context, ses->smb3signingkey,
332
-			  SMB3_SIGN_KEY_SIZE);
333
-	if (rc)
334
-		return rc;
404
+	/*
405
+	 * All channels use the same encryption/decryption keys but
406
+	 * they have their own signing key.
407
+	 *
408
+	 * When we generate the keys, check if it is for a new channel
409
+	 * (binding) in which case we only need to generate a signing
410
+	 * key and store it in the channel as to not overwrite the
411
+	 * master connection signing key stored in the session
412
+	 */
335
413
 
336
-	rc = generate_key(ses, ptriplet->encryption.label,
337
-			  ptriplet->encryption.context, ses->smb3encryptionkey,
338
-			  SMB3_SIGN_KEY_SIZE);
339
-	if (rc)
340
-		return rc;
414
+	if (ses->binding) {
415
+		rc = generate_key(ses, ptriplet->signing.label,
416
+				  ptriplet->signing.context,
417
+				  cifs_ses_binding_channel(ses)->signkey,
418
+				  SMB3_SIGN_KEY_SIZE);
419
+		if (rc)
420
+			return rc;
421
+	} else {
422
+		rc = generate_key(ses, ptriplet->signing.label,
423
+				  ptriplet->signing.context,
424
+				  ses->smb3signingkey,
425
+				  SMB3_SIGN_KEY_SIZE);
426
+		if (rc)
427
+			return rc;
341
428
 
342
-	rc = generate_key(ses, ptriplet->decryption.label,
343
-			  ptriplet->decryption.context,
344
-			  ses->smb3decryptionkey, SMB3_SIGN_KEY_SIZE);
429
+		memcpy(ses->chans[0].signkey, ses->smb3signingkey,
430
+		       SMB3_SIGN_KEY_SIZE);
431
+
432
+		rc = generate_key(ses, ptriplet->encryption.label,
433
+				  ptriplet->encryption.context,
434
+				  ses->smb3encryptionkey,
435
+				  SMB3_ENC_DEC_KEY_SIZE);
436
+		rc = generate_key(ses, ptriplet->decryption.label,
437
+				  ptriplet->decryption.context,
438
+				  ses->smb3decryptionkey,
439
+				  SMB3_ENC_DEC_KEY_SIZE);
440
+		if (rc)
441
+			return rc;
442
+	}
345
443
 
346
444
 	if (rc)
347
445
 		return rc;
..
..
@@ -354,14 +452,23 @@
354
452
 	 */
355
453
 	cifs_dbg(VFS, "Session Id    %*ph\n", (int)sizeof(ses->Suid),
356
454
 			&ses->Suid);
455
+	cifs_dbg(VFS, "Cipher type   %d\n", server->cipher_type);
357
456
 	cifs_dbg(VFS, "Session Key   %*ph\n",
358
457
 		 SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response);
359
458
 	cifs_dbg(VFS, "Signing Key   %*ph\n",
360
459
 		 SMB3_SIGN_KEY_SIZE, ses->smb3signingkey);
361
-	cifs_dbg(VFS, "ServerIn Key  %*ph\n",
362
-		 SMB3_SIGN_KEY_SIZE, ses->smb3encryptionkey);
363
-	cifs_dbg(VFS, "ServerOut Key %*ph\n",
364
-		 SMB3_SIGN_KEY_SIZE, ses->smb3decryptionkey);
460
+	if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) ||
461
+		(server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) {
462
+		cifs_dbg(VFS, "ServerIn Key  %*ph\n",
463
+				SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3encryptionkey);
464
+		cifs_dbg(VFS, "ServerOut Key %*ph\n",
465
+				SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3decryptionkey);
466
+	} else {
467
+		cifs_dbg(VFS, "ServerIn Key  %*ph\n",
468
+				SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3encryptionkey);
469
+		cifs_dbg(VFS, "ServerOut Key %*ph\n",
470
+				SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3decryptionkey);
471
+	}
365
472
 #endif
366
473
 	return rc;
367
474
 }
..
..
@@ -423,31 +530,42 @@
423
530
 }
424
531
 
425
532
 int
426
-smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
533
+smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,
534
+			bool allocate_crypto)
427
535
 {
428
536
 	int rc;
429
537
 	unsigned char smb3_signature[SMB2_CMACAES_SIZE];
430
538
 	unsigned char *sigptr = smb3_signature;
431
539
 	struct kvec *iov = rqst->rq_iov;
432
540
 	struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[0].iov_base;
433
-	struct cifs_ses *ses;
434
-	struct shash_desc *shash = &server->secmech.sdesccmacaes->shash;
541
+	struct shash_desc *shash;
542
+	struct crypto_shash *hash;
543
+	struct sdesc *sdesc = NULL;
435
544
 	struct smb_rqst drqst;
545
+	u8 key[SMB3_SIGN_KEY_SIZE];
436
546
 
437
-	ses = smb2_find_smb_ses(server, shdr->SessionId);
438
-	if (!ses) {
439
-		cifs_dbg(VFS, "%s: Could not find session\n", __func__);
547
+	rc = smb2_get_sign_key(shdr->SessionId, server, key);
548
+	if (rc)
440
549
 		return 0;
550
+
551
+	if (allocate_crypto) {
552
+		rc = cifs_alloc_hash("cmac(aes)", &hash, &sdesc);
553
+		if (rc)
554
+			return rc;
555
+
556
+		shash = &sdesc->shash;
557
+	} else {
558
+		hash = server->secmech.cmacaes;
559
+		shash = &server->secmech.sdesccmacaes->shash;
441
560
 	}
442
561
 
443
562
 	memset(smb3_signature, 0x0, SMB2_CMACAES_SIZE);
444
563
 	memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE);
445
564
 
446
-	rc = crypto_shash_setkey(server->secmech.cmacaes,
447
-				 ses->smb3signingkey, SMB2_CMACAES_SIZE);
565
+	rc = crypto_shash_setkey(hash, key, SMB2_CMACAES_SIZE);
448
566
 	if (rc) {
449
-		cifs_dbg(VFS, "%s: Could not set key for cmac aes\n", __func__);
450
-		return rc;
567
+		cifs_server_dbg(VFS, "%s: Could not set key for cmac aes\n", __func__);
568
+		goto out;
451
569
 	}
452
570
 
453
571
 	/*
..
..
@@ -457,8 +575,8 @@
457
575
 	 */
458
576
 	rc = crypto_shash_init(shash);
459
577
 	if (rc) {
460
-		cifs_dbg(VFS, "%s: Could not init cmac aes\n", __func__);
461
-		return rc;
578
+		cifs_server_dbg(VFS, "%s: Could not init cmac aes\n", __func__);
579
+		goto out;
462
580
 	}
463
581
 
464
582
 	/*
..
..
@@ -473,9 +591,9 @@
473
591
 		rc = crypto_shash_update(shash, iov[0].iov_base,
474
592
 					 iov[0].iov_len);
475
593
 		if (rc) {
476
-			cifs_dbg(VFS, "%s: Could not update with payload\n",
594
+			cifs_server_dbg(VFS, "%s: Could not update with payload\n",
477
595
 				 __func__);
478
-			return rc;
596
+			goto out;
479
597
 		}
480
598
 		drqst.rq_iov++;
481
599
 		drqst.rq_nvec--;
..
..
@@ -485,6 +603,9 @@
485
603
 	if (!rc)
486
604
 		memcpy(shdr->Signature, sigptr, SMB2_SIGNATURE_SIZE);
487
605
 
606
+out:
607
+	if (allocate_crypto)
608
+		cifs_free_hash(&hash, &sdesc);
488
609
 	return rc;
489
610
 }
490
611
 
..
..
@@ -493,19 +614,28 @@
493
614
 smb2_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server)
494
615
 {
495
616
 	int rc = 0;
496
-	struct smb2_sync_hdr *shdr =
497
-			(struct smb2_sync_hdr *)rqst->rq_iov[0].iov_base;
617
+	struct smb2_sync_hdr *shdr;
618
+	struct smb2_sess_setup_req *ssr;
619
+	bool is_binding;
620
+	bool is_signed;
498
621
 
499
-	if (!(shdr->Flags & SMB2_FLAGS_SIGNED) ||
500
-	    server->tcpStatus == CifsNeedNegotiate)
501
-		return rc;
622
+	shdr = (struct smb2_sync_hdr *)rqst->rq_iov[0].iov_base;
623
+	ssr = (struct smb2_sess_setup_req *)shdr;
502
624
 
503
-	if (!server->session_estab) {
625
+	is_binding = shdr->Command == SMB2_SESSION_SETUP &&
626
+		(ssr->Flags & SMB2_SESSION_REQ_FLAG_BINDING);
627
+	is_signed = shdr->Flags & SMB2_FLAGS_SIGNED;
628
+
629
+	if (!is_signed)
630
+		return 0;
631
+	if (server->tcpStatus == CifsNeedNegotiate)
632
+		return 0;
633
+	if (!is_binding && !server->session_estab) {
504
634
 		strncpy(shdr->Signature, "BSRSPYL", 8);
505
-		return rc;
635
+		return 0;
506
636
 	}
507
637
 
508
-	rc = server->ops->calc_signature(rqst, server);
638
+	rc = server->ops->calc_signature(rqst, server, false);
509
639
 
510
640
 	return rc;
511
641
 }
..
..
@@ -514,13 +644,14 @@
514
644
 smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
515
645
 {
516
646
 	unsigned int rc;
517
-	char server_response_sig[16];
647
+	char server_response_sig[SMB2_SIGNATURE_SIZE];
518
648
 	struct smb2_sync_hdr *shdr =
519
649
 			(struct smb2_sync_hdr *)rqst->rq_iov[0].iov_base;
520
650
 
521
651
 	if ((shdr->Command == SMB2_NEGOTIATE) ||
522
652
 	    (shdr->Command == SMB2_SESSION_SETUP) ||
523
653
 	    (shdr->Command == SMB2_OPLOCK_BREAK) ||
654
+	    server->ignore_signature ||
524
655
 	    (!server->session_estab))
525
656
 		return 0;
526
657
 
..
..
@@ -542,16 +673,16 @@
542
673
 
543
674
 	memset(shdr->Signature, 0, SMB2_SIGNATURE_SIZE);
544
675
 
545
-	mutex_lock(&server->srv_mutex);
546
-	rc = server->ops->calc_signature(rqst, server);
547
-	mutex_unlock(&server->srv_mutex);
676
+	rc = server->ops->calc_signature(rqst, server, true);
548
677
 
549
678
 	if (rc)
550
679
 		return rc;
551
680
 
552
-	if (memcmp(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE))
681
+	if (memcmp(server_response_sig, shdr->Signature, SMB2_SIGNATURE_SIZE)) {
682
+		cifs_dbg(VFS, "sign fail cmd 0x%x message id 0x%llx\n",
683
+			shdr->Command, shdr->MessageId);
553
684
 		return -EACCES;
554
-	else
685
+	} else
555
686
 		return 0;
556
687
 }
557
688
 
..
..
@@ -597,25 +728,33 @@
597
728
 	 * The default is for the mid to be synchronous, so the
598
729
 	 * default callback just wakes up the current task.
599
730
 	 */
731
+	get_task_struct(current);
732
+	temp->creator = current;
600
733
 	temp->callback = cifs_wake_up_task;
601
734
 	temp->callback_data = current;
602
735
 
603
736
 	atomic_inc(&midCount);
604
737
 	temp->mid_state = MID_REQUEST_ALLOCATED;
738
+	trace_smb3_cmd_enter(shdr->TreeId, shdr->SessionId,
739
+		le16_to_cpu(shdr->Command), temp->mid);
605
740
 	return temp;
606
741
 }
607
742
 
608
743
 static int
609
-smb2_get_mid_entry(struct cifs_ses *ses, struct smb2_sync_hdr *shdr,
610
-		   struct mid_q_entry **mid)
744
+smb2_get_mid_entry(struct cifs_ses *ses, struct TCP_Server_Info *server,
745
+		   struct smb2_sync_hdr *shdr, struct mid_q_entry **mid)
611
746
 {
612
-	if (ses->server->tcpStatus == CifsExiting)
747
+	if (server->tcpStatus == CifsExiting)
613
748
 		return -ENOENT;
614
749
 
615
-	if (ses->server->tcpStatus == CifsNeedReconnect) {
750
+	if (server->tcpStatus == CifsNeedReconnect) {
616
751
 		cifs_dbg(FYI, "tcp session dead - return to caller to retry\n");
617
752
 		return -EAGAIN;
618
753
 	}
754
+
755
+	if (server->tcpStatus == CifsNeedNegotiate &&
756
+	   shdr->Command != SMB2_NEGOTIATE)
757
+		return -EAGAIN;
619
758
 
620
759
 	if (ses->status == CifsNew) {
621
760
 		if ((shdr->Command != SMB2_SESSION_SETUP) &&
..
..
@@ -630,12 +769,13 @@
630
769
 		/* else ok - we are shutting down the session */
631
770
 	}
632
771
 
633
-	*mid = smb2_mid_entry_alloc(shdr, ses->server);
772
+	*mid = smb2_mid_entry_alloc(shdr, server);
634
773
 	if (*mid == NULL)
635
774
 		return -ENOMEM;
636
775
 	spin_lock(&GlobalMid_Lock);
637
-	list_add_tail(&(*mid)->qhead, &ses->server->pending_mid_q);
776
+	list_add_tail(&(*mid)->qhead, &server->pending_mid_q);
638
777
 	spin_unlock(&GlobalMid_Lock);
778
+
639
779
 	return 0;
640
780
 }
641
781
 
..
..
@@ -658,7 +798,7 @@
658
798
 
659
799
 		rc = smb2_verify_signature(&rqst, server);
660
800
 		if (rc)
661
-			cifs_dbg(VFS, "SMB signature verification returned error = %d\n",
801
+			cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n",
662
802
 				 rc);
663
803
 	}
664
804
 
..
..
@@ -666,24 +806,25 @@
666
806
 }
667
807
 
668
808
 struct mid_q_entry *
669
-smb2_setup_request(struct cifs_ses *ses, struct smb_rqst *rqst)
809
+smb2_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *server,
810
+		   struct smb_rqst *rqst)
670
811
 {
671
812
 	int rc;
672
813
 	struct smb2_sync_hdr *shdr =
673
814
 			(struct smb2_sync_hdr *)rqst->rq_iov[0].iov_base;
674
815
 	struct mid_q_entry *mid;
675
816
 
676
-	smb2_seq_num_into_buf(ses->server, shdr);
817
+	smb2_seq_num_into_buf(server, shdr);
677
818
 
678
-	rc = smb2_get_mid_entry(ses, shdr, &mid);
819
+	rc = smb2_get_mid_entry(ses, server, shdr, &mid);
679
820
 	if (rc) {
680
-		revert_current_mid_from_hdr(ses->server, shdr);
821
+		revert_current_mid_from_hdr(server, shdr);
681
822
 		return ERR_PTR(rc);
682
823
 	}
683
824
 
684
-	rc = smb2_sign_rqst(rqst, ses->server);
825
+	rc = smb2_sign_rqst(rqst, server);
685
826
 	if (rc) {
686
-		revert_current_mid_from_hdr(ses->server, shdr);
827
+		revert_current_mid_from_hdr(server, shdr);
687
828
 		cifs_delete_mid(mid);
688
829
 		return ERR_PTR(rc);
689
830
 	}
..
..
@@ -698,6 +839,10 @@
698
839
 	struct smb2_sync_hdr *shdr =
699
840
 			(struct smb2_sync_hdr *)rqst->rq_iov[0].iov_base;
700
841
 	struct mid_q_entry *mid;
842
+
843
+	if (server->tcpStatus == CifsNeedNegotiate &&
844
+	   shdr->Command != SMB2_NEGOTIATE)
845
+		return ERR_PTR(-EAGAIN);
701
846
 
702
847
 	smb2_seq_num_into_buf(server, shdr);
703
848
 
..
..
@@ -723,9 +868,13 @@
723
868
 	struct crypto_aead *tfm;
724
869
 
725
870
 	if (!server->secmech.ccmaesencrypt) {
726
-		tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
871
+		if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) ||
872
+		    (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
873
+			tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
874
+		else
875
+			tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
727
876
 		if (IS_ERR(tfm)) {
728
-			cifs_dbg(VFS, "%s: Failed to alloc encrypt aead\n",
877
+			cifs_server_dbg(VFS, "%s: Failed alloc encrypt aead\n",
729
878
 				 __func__);
730
879
 			return PTR_ERR(tfm);
731
880
 		}
..
..
@@ -733,11 +882,15 @@
733
882
 	}
734
883
 
735
884
 	if (!server->secmech.ccmaesdecrypt) {
736
-		tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
885
+		if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) ||
886
+		    (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
887
+			tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
888
+		else
889
+			tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
737
890
 		if (IS_ERR(tfm)) {
738
891
 			crypto_free_aead(server->secmech.ccmaesencrypt);
739
892
 			server->secmech.ccmaesencrypt = NULL;
740
-			cifs_dbg(VFS, "%s: Failed to alloc decrypt aead\n",
893
+			cifs_server_dbg(VFS, "%s: Failed to alloc decrypt aead\n",
741
894
 				 __func__);
742
895
 			return PTR_ERR(tfm);
743
896
 		}