From nobody Thu Dec 18 12:32:33 2025
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 66DA12BEC2F
	for <linux-kernel@vger.kernel.org>; Wed,  6 Aug 2025 20:39:55 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=170.10.133.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1754512797; cv=none;
 b=OUZJTKLiuoPm2cZolqo13CeoITRlpkW+K3vvrbb54D/z7IzYffpSiqFawN1Sogv45vlGoZ7twnfFF5VgowK3Gydvhy0NHXEvDktzvAo0BgKbuKC133IiIkPq3YrJxg4o+OcjSN+NVsQ4riNX8tsfMVKTS91ANqXQp+339si28jI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1754512797; c=relaxed/simple;
	bh=pScYZK0I9EANIJh7jUKFAeAVWFzRano4dJTf29mBV78=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=XwFS/NKEh9XMO6QD2WfEKWGFBC4dzcxvx3+iLRY15/fM4BB244TR0sRG0aX9KX65b8eQf9h+XepjSlvSHObBpK9szwYWgHGBEilVaAbo0cwAlqgLx5aOOnMl/CmRC5C1RPaS/flASy8yy9aWKuWI1bp8lfPEOK727frEoWzLYYs=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=redhat.com;
 spf=pass smtp.mailfrom=redhat.com;
 dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b=d6edQJL4; arc=none smtp.client-ip=170.10.133.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b="d6edQJL4"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1754512794;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=66jr/y7YOc44P4z2T9xA9okDQqLDR/TOpWQnaz5O5Q0=;
	b=d6edQJL4ij4Kl59A71roGpijxXZbIcKtEyI7M8T3AwGM8T10bICITw9q/1bw4+0hVi0uMX
	ABe0evK2sODA6oLfEdSSI11c6qZ5nICk/l1eRi77Ni/rWegzlfx97XlryZ3ogaysLUyppp
	YS2T8NqwRa8yElyDFb7JSn4YNRDmwUY=
Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-92-cs8AQvgkN9el8UbyoPR5WQ-1; Wed,
 06 Aug 2025 16:39:50 -0400
X-MC-Unique: cs8AQvgkN9el8UbyoPR5WQ-1
X-Mimecast-MFC-AGG-ID: cs8AQvgkN9el8UbyoPR5WQ_1754512779
Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id 395971956089;
	Wed,  6 Aug 2025 20:39:39 +0000 (UTC)
Received: from warthog.procyon.org.com (unknown [10.42.28.17])
	by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 2E80D180035C;
	Wed,  6 Aug 2025 20:39:35 +0000 (UTC)
From: David Howells <dhowells@redhat.com>
To: Steve French <sfrench@samba.org>
Cc: David Howells <dhowells@redhat.com>,
	Paulo Alcantara <pc@manguebit.org>,
	Shyam Prasad N <sprasad@microsoft.com>,
	Tom Talpey <tom@talpey.com>,
	Wang Zhaolong <wangzhaolong@huaweicloud.com>,
	Stefan Metzmacher <metze@samba.org>,
	Mina Almasry <almasrymina@google.com>,
	linux-cifs@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	netfs@lists.linux.dev,
	linux-fsdevel@vger.kernel.org
Subject: [RFC PATCH 30/31] cifs: Convert SMB2 Posix Mkdir request
Date: Wed,  6 Aug 2025 21:36:51 +0100
Message-ID: <20250806203705.2560493-31-dhowells@redhat.com>
In-Reply-To: <20250806203705.2560493-1-dhowells@redhat.com>
References: <20250806203705.2560493-1-dhowells@redhat.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93
Content-Type: text/plain; charset="utf-8"

Signed-off-by: David Howells <dhowells@redhat.com>
cc: Steve French <sfrench@samba.org>
cc: Paulo Alcantara <pc@manguebit.org>
cc: Shyam Prasad N <sprasad@microsoft.com>
cc: Tom Talpey <tom@talpey.com>
cc: linux-cifs@vger.kernel.org
cc: netfs@lists.linux.dev
cc: linux-fsdevel@vger.kernel.org
---
 fs/smb/client/smb2pdu.c | 244 ++++++++++++++++++++++------------------
 1 file changed, 137 insertions(+), 107 deletions(-)

diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c
index 85486748dd7b..9fc55b315474 100644
--- a/fs/smb/client/smb2pdu.c
+++ b/fs/smb/client/smb2pdu.c
@@ -2388,16 +2388,8 @@ SMB2_tdis(const unsigned int xid, struct cifs_tcon *=
tcon)
 }
=20
=20
-static struct create_posix *
-create_posix_buf(umode_t mode)
+static void fill_posix_buf(struct create_posix *buf, umode_t mode)
 {
-	struct create_posix *buf;
-
-	buf =3D kzalloc(sizeof(struct create_posix),
-			GFP_KERNEL);
-	if (!buf)
-		return NULL;
-
 	buf->ccontext.DataOffset =3D
 		cpu_to_le16(offsetof(struct create_posix, Mode));
 	buf->ccontext.DataLength =3D cpu_to_le32(4);
@@ -2424,20 +2416,25 @@ create_posix_buf(umode_t mode)
 	buf->Name[15] =3D 0x7C;
 	buf->Mode =3D cpu_to_le32(mode);
 	cifs_dbg(FYI, "mode on posix create 0%o\n", mode);
-	return buf;
 }
=20
 static int
 add_posix_context(struct kvec *iov, unsigned int *num_iovec, umode_t mode)
 {
+	struct create_posix *buf;
 	unsigned int num =3D *num_iovec;
=20
-	iov[num].iov_base =3D create_posix_buf(mode);
 	if (mode =3D=3D ACL_NO_MODE)
 		cifs_dbg(FYI, "%s: no mode\n", __func__);
-	if (iov[num].iov_base =3D=3D NULL)
+
+	buf =3D kzalloc(sizeof(struct create_posix), GFP_KERNEL);
+	if (!buf)
 		return -ENOMEM;
-	iov[num].iov_len =3D sizeof(struct create_posix);
+
+	fill_posix_buf(buf, mode);
+
+	iov[num].iov_base =3D buf;
+	iov[num].iov_len  =3D sizeof(struct create_posix);
 	*num_iovec =3D num + 1;
 	return 0;
 }
@@ -2906,72 +2903,140 @@ alloc_path_with_tree_prefix(__le16 **out_path, int=
 *out_size, int *out_len,
 	return 0;
 }
=20
+struct smb2_create_layout {
+	const struct nls_table *cp;
+	u16		offset;		/* Running offset for assembly */
+	u16		path_len;	/* Length of utf16 path (or 0) */
+	u16		treename_len;	/* Length of DFS prefix (or 0) */
+	u16		name_len;	/* Total name length */
+	u16		name_offset;	/* Offset in message of name */
+	u16		contexts_offset; /* Offset in message contexts */
+	u16		contexts_len;	/* Length of contexts (or 0) */
+	u16		posix_offset;	/* Offset in message of posix context */
+	u8		name_pad;	/* Amount of name padding needed */
+};
+
+static int smb311_posix_mkdir_layout(struct cifs_tcon *tcon,
+				     struct smb2_create_layout *lay)
+{
+	size_t offset =3D lay->offset;
+	size_t tmp;
+	bool has_contexts =3D false;
+
+	/* [MS-SMB2] 2.2.13 NameOffset: If SMB2_FLAGS_DFS_OPERATIONS
+	 * is set in the Flags field of the SMB2 header, the file name
+	 * includes a prefix that will be processed during DFS name
+	 * normalization as specified in section 3.3.5.9. Otherwise,
+	 * the file name is relative to the share that is identified
+	 * by the TreeId in the SMB2 header.
+	 */
+	lay->name_offset =3D offset;
+	if (tcon->share_flags & SHI1005_FLAGS_DFS) {
+		const char *treename =3D tcon->tree_name;
+		int treename_len;
+
+		/* skip leading "\\" */
+		if (!(treename[0] =3D=3D '\\' && treename[1] =3D=3D '\\'))
+			return -EINVAL;
+
+		treename_len =3D cifs_size_strtoUTF16(treename + 2, INT_MAX, lay->cp);
+
+		lay->treename_len =3D treename_len;
+		lay->name_len =3D treename_len;
+		if (lay->path_len)
+			lay->name_len +=3D 2 + lay->path_len;
+	} else {
+		lay->name_len =3D lay->path_len;
+	}
+
+	offset +=3D lay->name_len;
+	tmp =3D offset;
+	offset =3D ALIGN8(offset);
+	lay->name_pad =3D offset - tmp;
+	lay->contexts_offset =3D offset;
+
+	if (tcon->posix_extensions) {
+		/* resource #3: posix buf */
+		offset +=3D sizeof(struct create_posix);
+		has_contexts =3D true;
+	}
+
+	if (has_contexts)
+		lay->contexts_len =3D offset - lay->contexts_offset;
+	else
+		lay->contexts_offset =3D 0;
+
+	lay->offset =3D offset;
+	return 0;
+}
+
 int smb311_posix_mkdir(const unsigned int xid, struct inode *inode,
 			       umode_t mode, struct cifs_tcon *tcon,
 			       const char *full_path,
 			       struct cifs_sb_info *cifs_sb)
 {
-	struct smb_rqst rqst;
+	struct TCP_Server_Info *server;
 	struct smb2_create_req *req;
 	struct smb2_create_rsp *rsp =3D NULL;
+	struct smb_message *smb =3D NULL;
 	struct cifs_ses *ses =3D tcon->ses;
-	struct kvec iov[3]; /* make sure at least one for each open context */
-	struct kvec rsp_iov =3D {NULL, 0};
-	int resp_buftype;
-	int uni_path_len;
-	__le16 *copy_path =3D NULL;
-	int copy_size;
-	int rc =3D 0;
-	unsigned int n_iov =3D 2;
+	__le16 *utf16_path =3D NULL;
 	__u32 file_attributes =3D 0;
-	char *pc_buf =3D NULL;
+	int retries =3D 0, cur_sleep =3D 1, path_len;
 	int flags =3D 0;
-	unsigned int total_len;
-	__le16 *utf16_path =3D NULL;
-	struct TCP_Server_Info *server;
-	int retries =3D 0, cur_sleep =3D 1;
+	int rc =3D 0;
+
+	/* resource #1: path allocation */
+	utf16_path =3D cifs_convert_path_to_utf16(full_path, cifs_sb);
+	if (!utf16_path)
+		return -ENOMEM;
+	path_len =3D UniStrlen(utf16_path);
=20
 replay_again:
 	/* reinitialize for possible replay */
 	flags =3D 0;
-	n_iov =3D 2;
 	server =3D cifs_pick_channel(ses);
=20
 	cifs_dbg(FYI, "mkdir\n");
=20
-	/* resource #1: path allocation */
-	utf16_path =3D cifs_convert_path_to_utf16(full_path, cifs_sb);
-	if (!utf16_path)
-		return -ENOMEM;
-
-	if (!ses || !server) {
+	if (!server) {
 		rc =3D -EIO;
 		goto err_free_path;
 	}
=20
+	struct smb2_create_layout layout =3D {
+		.offset		=3D sizeof(struct smb2_create_req),
+		.path_len	=3D path_len,
+		.cp		=3D cifs_sb->local_nls,
+	};
+	rc =3D smb311_posix_mkdir_layout(tcon, &layout);
+	if (rc < 0)
+		goto err_free_path;
+
 	/* resource #2: request */
-	rc =3D smb2_plain_req_init(SMB2_CREATE, tcon, server,
-				 (void **) &req, &total_len);
-	if (rc)
+	rc =3D -ENOMEM;
+	smb =3D smb2_create_request(SMB2_CREATE, server, tcon,
+				  sizeof(*req), layout.offset, 0,
+				  SMB2_REQ_DYNAMIC);
+	if (!smb)
 		goto err_free_path;
=20
=20
 	if (smb3_encryption_required(tcon))
 		flags |=3D CIFS_TRANSFORM_REQ;
=20
-	req->ImpersonationLevel =3D IL_IMPERSONATION;
-	req->DesiredAccess =3D cpu_to_le32(FILE_WRITE_ATTRIBUTES);
+	req->ImpersonationLevel	=3D IL_IMPERSONATION;
+	req->DesiredAccess	=3D cpu_to_le32(FILE_WRITE_ATTRIBUTES);
 	/* File attributes ignored on open (used in create though) */
-	req->FileAttributes =3D cpu_to_le32(file_attributes);
-	req->ShareAccess =3D FILE_SHARE_ALL_LE;
-	req->CreateDisposition =3D cpu_to_le32(FILE_CREATE);
-	req->CreateOptions =3D cpu_to_le32(CREATE_NOT_FILE);
-
-	iov[0].iov_base =3D (char *)req;
-	/* -1 since last byte is buf[0] which is sent below (path) */
-	iov[0].iov_len =3D total_len - 1;
-
-	req->NameOffset =3D cpu_to_le16(sizeof(struct smb2_create_req));
+	req->FileAttributes	=3D cpu_to_le32(file_attributes);
+	req->ShareAccess	=3D FILE_SHARE_ALL_LE;
+	req->CreateDisposition	=3D cpu_to_le32(FILE_CREATE);
+	req->CreateOptions	=3D cpu_to_le32(CREATE_NOT_FILE);
+	req->NameOffset		=3D cpu_to_le16(layout.name_offset);
+	req->NameLength		=3D cpu_to_le16(layout.name_len);
+	req->RequestedOplockLevel =3D SMB2_OPLOCK_LEVEL_NONE;
+	req->CreateContextsOffset =3D cpu_to_le32(layout.contexts_offset);
+	req->CreateContextsLength =3D cpu_to_le32(layout.contexts_len);
=20
 	/* [MS-SMB2] 2.2.13 NameOffset:
 	 * If SMB2_FLAGS_DFS_OPERATIONS is set in the Flags field of
@@ -2981,78 +3046,48 @@ int smb311_posix_mkdir(const unsigned int xid, stru=
ct inode *inode,
 	 * the share that is identified by the TreeId in the SMB2
 	 * header.
 	 */
+	__le16 *name =3D smb->request + layout.name_offset;
+
 	if (tcon->share_flags & SHI1005_FLAGS_DFS) {
-		int name_len;
+		int tmp;
=20
 		req->hdr.Flags |=3D SMB2_FLAGS_DFS_OPERATIONS;
-		rc =3D alloc_path_with_tree_prefix(&copy_path, &copy_size,
-						 &name_len,
-						 tcon->tree_name, utf16_path);
-		if (rc)
-			goto err_free_req;
=20
-		req->NameLength =3D cpu_to_le16(name_len * 2);
-		uni_path_len =3D copy_size;
-		/* free before overwriting resource */
-		kfree(utf16_path);
-		utf16_path =3D copy_path;
-	} else {
-		uni_path_len =3D (2 * UniStrnlen((wchar_t *)utf16_path, PATH_MAX)) + 2;
-		/* MUST set path len (NameLength) to 0 opening root of share */
-		req->NameLength =3D cpu_to_le16(uni_path_len - 2);
-		if (uni_path_len % 8 !=3D 0) {
-			copy_size =3D roundup(uni_path_len, 8);
-			copy_path =3D kzalloc(copy_size, GFP_KERNEL);
-			if (!copy_path) {
-				rc =3D -ENOMEM;
-				goto err_free_req;
-			}
-			memcpy((char *)copy_path, (const char *)utf16_path,
-			       uni_path_len);
-			uni_path_len =3D copy_size;
-			/* free before overwriting resource */
-			kfree(utf16_path);
-			utf16_path =3D copy_path;
+		tmp =3D cifs_strtoUTF16(name, tcon->tree_name + 2, INT_MAX,
+				      layout.cp);
+		WARN_ON(tmp !=3D layout.treename_len);
+		name +=3D tmp;
+		if (layout.path_len) {
+			*name++ =3D cpu_to_le16('\\');
+			memcpy(name, utf16_path, layout.path_len);
 		}
+	} else {
+		memcpy(name, utf16_path, layout.path_len);
 	}
=20
-	iov[1].iov_len =3D uni_path_len;
-	iov[1].iov_base =3D utf16_path;
-	req->RequestedOplockLevel =3D SMB2_OPLOCK_LEVEL_NONE;
+	if (layout.name_pad)
+		memset(smb->request + layout.name_offset + layout.name_len,
+		       0, layout.name_pad);
=20
-	if (tcon->posix_extensions) {
+	if (tcon->posix_extensions)
 		/* resource #3: posix buf */
-		rc =3D add_posix_context(iov, &n_iov, mode);
-		if (rc)
-			goto err_free_req;
-		req->CreateContextsOffset =3D cpu_to_le32(
-			sizeof(struct smb2_create_req) +
-			iov[1].iov_len);
-		le32_add_cpu(&req->CreateContextsLength, iov[n_iov-1].iov_len);
-		pc_buf =3D iov[n_iov-1].iov_base;
-	}
-
-
-	memset(&rqst, 0, sizeof(struct smb_rqst));
-	rqst.rq_iov =3D iov;
-	rqst.rq_nvec =3D n_iov;
+		fill_posix_buf(smb->request + layout.posix_offset, mode);
=20
 	/* no need to inc num_remote_opens because we close it just below */
 	trace_smb3_posix_mkdir_enter(xid, tcon->tid, ses->Suid, full_path, CREATE=
_NOT_FILE,
 				    FILE_WRITE_ATTRIBUTES);
=20
 	if (retries)
-		smb2_set_replay(server, &rqst);
+		smb2_set_replay_smb(server, smb);
=20
 	/* resource #4: response buffer */
-	rc =3D cifs_send_recv(xid, ses, server,
-			    &rqst, &resp_buftype, flags, &rsp_iov);
+	rc =3D smb_send_recv_messages(xid, ses, server, smb, flags);
 	if (rc) {
 		cifs_stats_fail_inc(tcon, SMB2_CREATE);
 		trace_smb3_posix_mkdir_err(xid, tcon->tid, ses->Suid,
 					   CREATE_NOT_FILE,
 					   FILE_WRITE_ATTRIBUTES, rc);
-		goto err_free_rsp_buf;
+		goto err_free_req;
 	}
=20
 	/*
@@ -3060,10 +3095,9 @@ int smb311_posix_mkdir(const unsigned int xid, struc=
t inode *inode,
 	 * adding check below is slightly safer long term (and quiets Coverity
 	 * warning)
 	 */
-	rsp =3D (struct smb2_create_rsp *)rsp_iov.iov_base;
+	rsp =3D (struct smb2_create_rsp *)smb->response;
 	if (rsp =3D=3D NULL) {
 		rc =3D -EIO;
-		kfree(pc_buf);
 		goto err_free_req;
 	}
=20
@@ -3074,18 +3108,14 @@ int smb311_posix_mkdir(const unsigned int xid, stru=
ct inode *inode,
=20
 	/* Eventually save off posix specific response info and timestamps */
=20
-err_free_rsp_buf:
-	free_rsp_buf(resp_buftype, rsp_iov.iov_base);
-	kfree(pc_buf);
 err_free_req:
-	cifs_small_buf_release(req);
+	smb_put_messages(smb);
 err_free_path:
-	kfree(utf16_path);
-
 	if (is_replayable_error(rc) &&
 	    smb2_should_replay(tcon, &retries, &cur_sleep))
 		goto replay_again;
=20
+	kfree(utf16_path);
 	return rc;
 }