3 files changed, 71 insertions, 14 deletions
diff --git a/fs/cifs/cifspdu.h b/fs/cifs/cifspdu.h
index a630475e421c..08f9dfb1a894 100644
--- a/fs/cifs/cifspdu.h
+++ b/fs/cifs/cifspdu.h
@@ -1491,15 +1491,30 @@ struct file_notify_information {
        __u8  FileName[0];
 } __attribute__((packed));
-struct reparse_data {
+/* For IO_REPARSE_TAG_SYMLINK */
-        __u32   ReparseTag;
+struct reparse_symlink_data {
-        __u16   ReparseDataLength;
+        __le32  ReparseTag;
+        __le16  ReparseDataLength;
        __u16   Reserved;
-        __u16   SubstituteNameOffset;
+        __le16  SubstituteNameOffset;
-        __u16   SubstituteNameLength;
+        __le16  SubstituteNameLength;
-        __u16   PrintNameOffset;
+        __le16  PrintNameOffset;
-        __u16   PrintNameLength;
+        __le16  PrintNameLength;
-        __u32   Flags;
+        __le32  Flags;
+        char    PathBuffer[0];
+} __attribute__((packed));
+/* For IO_REPARSE_TAG_NFS */
+#define NFS_SPECFILE_LNK        0x00000000014B4E4C
+#define NFS_SPECFILE_CHR        0x0000000000524843
+#define NFS_SPECFILE_BLK        0x00000000004B4C42
+#define NFS_SPECFILE_FIFO       0x000000004F464946
+#define NFS_SPECFILE_SOCK       0x000000004B434F53
+struct reparse_posix_data {
+        __le32  ReparseTag;
+        __le16  ReparseDataLength;
+        __u16   Reserved;
+        __le64  InodeType; /* LNK, FIFO, CHR etc. */
        char    PathBuffer[0];
 } __attribute__((packed));
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 4baf35949b51..ccd31ab815d4 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -3088,7 +3088,8 @@ CIFSSMBQuerySymLink(const unsigned int xid, struct cifs_tcon *tcon,
        bool is_unicode;
        unsigned int sub_len;
        char *sub_start;
-        struct reparse_data *reparse_buf;
+        struct reparse_symlink_data *reparse_buf;
+        struct reparse_posix_data *posix_buf;
        __u32 data_offset, data_count;
        char *end_of_smb;
@@ -3137,20 +3138,47 @@ CIFSSMBQuerySymLink(const unsigned int xid, struct cifs_tcon *tcon,
                goto qreparse_out;
        }
        end_of_smb = 2 + get_bcc(&pSMBr->hdr) + (char *)&pSMBr->ByteCount;
-        reparse_buf = (struct reparse_data *)
+        reparse_buf = (struct reparse_symlink_data *)
                                ((char *)&pSMBr->hdr.Protocol + data_offset);
        if ((char *)reparse_buf >= end_of_smb) {
                rc = -EIO;
                goto qreparse_out;
        }
-        if ((reparse_buf->PathBuffer + reparse_buf->PrintNameOffset +
+        if (reparse_buf->ReparseTag == cpu_to_le32(IO_REPARSE_TAG_NFS)) {
-                                reparse_buf->PrintNameLength) > end_of_smb) {
+                cifs_dbg(FYI, "NFS style reparse tag\n");
+                posix_buf =  (struct reparse_posix_data *)reparse_buf;
+                if (posix_buf->InodeType != cpu_to_le64(NFS_SPECFILE_LNK)) {
+                        cifs_dbg(FYI, "unsupported file type 0x%llx\n",
+                                 le64_to_cpu(posix_buf->InodeType));
+                        rc = -EOPNOTSUPP;
+                        goto qreparse_out;
+                }
+                is_unicode = true;
+                sub_len = le16_to_cpu(reparse_buf->ReparseDataLength);
+                if (posix_buf->PathBuffer + sub_len > end_of_smb) {
+                        cifs_dbg(FYI, "reparse buf beyond SMB\n");
+                        rc = -EIO;
+                        goto qreparse_out;
+                }
+                *symlinkinfo = cifs_strndup_from_utf16(posix_buf->PathBuffer,
+                                sub_len, is_unicode, nls_codepage);
+                goto qreparse_out;
+        } else if (reparse_buf->ReparseTag !=
+                        cpu_to_le32(IO_REPARSE_TAG_SYMLINK)) {
+                rc = -EOPNOTSUPP;
+                goto qreparse_out;
+        }
+        /* Reparse tag is NTFS symlink */
+        sub_start = le16_to_cpu(reparse_buf->SubstituteNameOffset) +
+                                reparse_buf->PathBuffer;
+        sub_len = le16_to_cpu(reparse_buf->SubstituteNameLength);
+        if (sub_start + sub_len > end_of_smb) {
                cifs_dbg(FYI, "reparse buf beyond SMB\n");
                rc = -EIO;
                goto qreparse_out;
        }
-        sub_start = reparse_buf->SubstituteNameOffset + reparse_buf->PathBuffer;
-        sub_len = reparse_buf->SubstituteNameLength;
        if (pSMBr->hdr.Flags2 & SMBFLG2_UNICODE)
                is_unicode = true;
        else
diff --git a/fs/cifs/smbfsctl.h b/fs/cifs/smbfsctl.h
index d952ee48f4dc..a4b2391fe66e 100644
--- a/fs/cifs/smbfsctl.h
+++ b/fs/cifs/smbfsctl.h
@@ -97,9 +97,23 @@
 #define FSCTL_QUERY_NETWORK_INTERFACE_INFO 0x001401FC /* BB add struct */
 #define FSCTL_SRV_READ_HASH          0x001441BB /* BB add struct */
+/* See FSCC 2.1.2.5 */
 #define IO_REPARSE_TAG_MOUNT_POINT   0xA0000003
 #define IO_REPARSE_TAG_HSM           0xC0000004
 #define IO_REPARSE_TAG_SIS           0x80000007
+#define IO_REPARSE_TAG_HSM2          0x80000006
+#define IO_REPARSE_TAG_DRIVER_EXTENDER 0x80000005
+/* Used by the DFS filter. See MS-DFSC */
+#define IO_REPARSE_TAG_DFS           0x8000000A
+/* Used by the DFS filter See MS-DFSC */
+#define IO_REPARSE_TAG_DFSR          0x80000012
+#define IO_REPARSE_TAG_FILTER_MANAGER 0x8000000B
+/* See section MS-FSCC 2.1.2.4 */
+#define IO_REPARSE_TAG_SYMLINK       0xA000000C
+#define IO_REPARSE_TAG_DEDUP         0x80000013
+#define IO_REPARSE_APPXSTREAM        0xC0000014
+/* NFS symlinks, Win 8/SMB3 and later */
+#define IO_REPARSE_TAG_NFS           0x80000014
 /* fsctl flags */
 /* If Flags is set to this value, the request is an FSCTL not ioctl request */

diff --git a/fs/cifs/cifspdu.h b/fs/cifs/cifspdu.h index a630475e421c..08f9dfb1a894 100644 --- a/fs/cifs/cifspdu.h +++ b/fs/cifs/cifspdu.h
@@ -1491,15 +1491,30 @@ struct file_notify_information {
1491	__u8 FileName[0];	1491	__u8 FileName[0];
1492	} __attribute__((packed));	1492	} __attribute__((packed));
1493		1493
1494	struct reparse_data {	1494	/* For IO_REPARSE_TAG_SYMLINK */
1495	__u32 ReparseTag;	1495	struct reparse_symlink_data {
1496	__u16 ReparseDataLength;	1496	__le32 ReparseTag;
		1497	__le16 ReparseDataLength;
1497	__u16 Reserved;	1498	__u16 Reserved;
1498	__u16 SubstituteNameOffset;	1499	__le16 SubstituteNameOffset;
1499	__u16 SubstituteNameLength;	1500	__le16 SubstituteNameLength;
1500	__u16 PrintNameOffset;	1501	__le16 PrintNameOffset;
1501	__u16 PrintNameLength;	1502	__le16 PrintNameLength;
1502	__u32 Flags;	1503	__le32 Flags;
		1504	char PathBuffer[0];
		1505	} __attribute__((packed));
		1506
		1507	/* For IO_REPARSE_TAG_NFS */
		1508	#define NFS_SPECFILE_LNK 0x00000000014B4E4C
		1509	#define NFS_SPECFILE_CHR 0x0000000000524843
		1510	#define NFS_SPECFILE_BLK 0x00000000004B4C42
		1511	#define NFS_SPECFILE_FIFO 0x000000004F464946
		1512	#define NFS_SPECFILE_SOCK 0x000000004B434F53
		1513	struct reparse_posix_data {
		1514	__le32 ReparseTag;
		1515	__le16 ReparseDataLength;
		1516	__u16 Reserved;
		1517	__le64 InodeType; /* LNK, FIFO, CHR etc. */
1503	char PathBuffer[0];	1518	char PathBuffer[0];
1504	} __attribute__((packed));	1519	} __attribute__((packed));
1505		1520


diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index 4baf35949b51..ccd31ab815d4 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c
@@ -3088,7 +3088,8 @@ CIFSSMBQuerySymLink(const unsigned int xid, struct cifs_tcon *tcon,
3088	bool is_unicode;	3088	bool is_unicode;
3089	unsigned int sub_len;	3089	unsigned int sub_len;
3090	char *sub_start;	3090	char *sub_start;
3091	struct reparse_data *reparse_buf;	3091	struct reparse_symlink_data *reparse_buf;
		3092	struct reparse_posix_data *posix_buf;
3092	__u32 data_offset, data_count;	3093	__u32 data_offset, data_count;
3093	char *end_of_smb;	3094	char *end_of_smb;
3094		3095
@@ -3137,20 +3138,47 @@ CIFSSMBQuerySymLink(const unsigned int xid, struct cifs_tcon *tcon,
3137	goto qreparse_out;	3138	goto qreparse_out;
3138	}	3139	}
3139	end_of_smb = 2 + get_bcc(&pSMBr->hdr) + (char *)&pSMBr->ByteCount;	3140	end_of_smb = 2 + get_bcc(&pSMBr->hdr) + (char *)&pSMBr->ByteCount;
3140	reparse_buf = (struct reparse_data *)	3141	reparse_buf = (struct reparse_symlink_data *)
3141	((char *)&pSMBr->hdr.Protocol + data_offset);	3142	((char *)&pSMBr->hdr.Protocol + data_offset);
3142	if ((char *)reparse_buf >= end_of_smb) {	3143	if ((char *)reparse_buf >= end_of_smb) {
3143	rc = -EIO;	3144	rc = -EIO;
3144	goto qreparse_out;	3145	goto qreparse_out;
3145	}	3146	}
3146	if ((reparse_buf->PathBuffer + reparse_buf->PrintNameOffset +	3147	if (reparse_buf->ReparseTag == cpu_to_le32(IO_REPARSE_TAG_NFS)) {
3147	reparse_buf->PrintNameLength) > end_of_smb) {	3148	cifs_dbg(FYI, "NFS style reparse tag\n");
		3149	posix_buf = (struct reparse_posix_data *)reparse_buf;
		3150
		3151	if (posix_buf->InodeType != cpu_to_le64(NFS_SPECFILE_LNK)) {
		3152	cifs_dbg(FYI, "unsupported file type 0x%llx\n",
		3153	le64_to_cpu(posix_buf->InodeType));
		3154	rc = -EOPNOTSUPP;
		3155	goto qreparse_out;
		3156	}
		3157	is_unicode = true;
		3158	sub_len = le16_to_cpu(reparse_buf->ReparseDataLength);
		3159	if (posix_buf->PathBuffer + sub_len > end_of_smb) {
		3160	cifs_dbg(FYI, "reparse buf beyond SMB\n");
		3161	rc = -EIO;
		3162	goto qreparse_out;
		3163	}
		3164	*symlinkinfo = cifs_strndup_from_utf16(posix_buf->PathBuffer,
		3165	sub_len, is_unicode, nls_codepage);
		3166	goto qreparse_out;
		3167	} else if (reparse_buf->ReparseTag !=
		3168	cpu_to_le32(IO_REPARSE_TAG_SYMLINK)) {
		3169	rc = -EOPNOTSUPP;
		3170	goto qreparse_out;
		3171	}
		3172
		3173	/* Reparse tag is NTFS symlink */
		3174	sub_start = le16_to_cpu(reparse_buf->SubstituteNameOffset) +
		3175	reparse_buf->PathBuffer;
		3176	sub_len = le16_to_cpu(reparse_buf->SubstituteNameLength);
		3177	if (sub_start + sub_len > end_of_smb) {
3148	cifs_dbg(FYI, "reparse buf beyond SMB\n");	3178	cifs_dbg(FYI, "reparse buf beyond SMB\n");
3149	rc = -EIO;	3179	rc = -EIO;
3150	goto qreparse_out;	3180	goto qreparse_out;
3151	}	3181	}
3152	sub_start = reparse_buf->SubstituteNameOffset + reparse_buf->PathBuffer;
3153	sub_len = reparse_buf->SubstituteNameLength;
3154	if (pSMBr->hdr.Flags2 & SMBFLG2_UNICODE)	3182	if (pSMBr->hdr.Flags2 & SMBFLG2_UNICODE)
3155	is_unicode = true;	3183	is_unicode = true;
3156	else	3184	else


diff --git a/fs/cifs/smbfsctl.h b/fs/cifs/smbfsctl.h index d952ee48f4dc..a4b2391fe66e 100644 --- a/fs/cifs/smbfsctl.h +++ b/fs/cifs/smbfsctl.h
@@ -97,9 +97,23 @@
97	#define FSCTL_QUERY_NETWORK_INTERFACE_INFO 0x001401FC /* BB add struct */	97	#define FSCTL_QUERY_NETWORK_INTERFACE_INFO 0x001401FC /* BB add struct */
98	#define FSCTL_SRV_READ_HASH 0x001441BB /* BB add struct */	98	#define FSCTL_SRV_READ_HASH 0x001441BB /* BB add struct */
99		99
		100	/* See FSCC 2.1.2.5 */
100	#define IO_REPARSE_TAG_MOUNT_POINT 0xA0000003	101	#define IO_REPARSE_TAG_MOUNT_POINT 0xA0000003
101	#define IO_REPARSE_TAG_HSM 0xC0000004	102	#define IO_REPARSE_TAG_HSM 0xC0000004
102	#define IO_REPARSE_TAG_SIS 0x80000007	103	#define IO_REPARSE_TAG_SIS 0x80000007
		104	#define IO_REPARSE_TAG_HSM2 0x80000006
		105	#define IO_REPARSE_TAG_DRIVER_EXTENDER 0x80000005
		106	/* Used by the DFS filter. See MS-DFSC */
		107	#define IO_REPARSE_TAG_DFS 0x8000000A
		108	/* Used by the DFS filter See MS-DFSC */
		109	#define IO_REPARSE_TAG_DFSR 0x80000012
		110	#define IO_REPARSE_TAG_FILTER_MANAGER 0x8000000B
		111	/* See section MS-FSCC 2.1.2.4 */
		112	#define IO_REPARSE_TAG_SYMLINK 0xA000000C
		113	#define IO_REPARSE_TAG_DEDUP 0x80000013
		114	#define IO_REPARSE_APPXSTREAM 0xC0000014
		115	/* NFS symlinks, Win 8/SMB3 and later */
		116	#define IO_REPARSE_TAG_NFS 0x80000014
103		117
104	/* fsctl flags */	118	/* fsctl flags */
105	/* If Flags is set to this value, the request is an FSCTL not ioctl request */	119	/* If Flags is set to this value, the request is an FSCTL not ioctl request */