08 Jul, 2020
1 commit
-
read permission, not just read attributes permission, is required
on the directory.See MS-SMB2 (protocol specification) section 3.3.5.19.
Signed-off-by: Steve French
CC: Stable # v5.6+
Reviewed-by: Pavel Shilovsky
24 Jun, 2020
2 commits
-
When punch hole success, we also can read old data from file:
# strace -e trace=pread64,fallocate xfs_io -f -c "pread 20 40" \
-c "fpunch 20 40" -c"pread 20 40" file
pread64(3, " version 5.8.0-rc1+"..., 40, 20) = 40
fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_PUNCH_HOLE, 20, 40) = 0
pread64(3, " version 5.8.0-rc1+"..., 40, 20) = 40CIFS implements the fallocate(FALLOCATE_FL_PUNCH_HOLE) with send SMB
ioctl(FSCTL_SET_ZERO_DATA) to server. It just set the range of the
remote file to zero, but local page caches not updated, then the
local page caches inconsistent with server.Also can be found by xfstests generic/316.
So, we need to remove the page caches before send the SMB
ioctl(FSCTL_SET_ZERO_DATA) to server.Fixes: 31742c5a33176 ("enable fallocate punch hole ("fallocate -p") for SMB3")
Suggested-by: Pavel Shilovsky
Reviewed-by: Pavel Shilovsky
Signed-off-by: Zhang Xiaoxu
Cc: stable@vger.kernel.org # v3.17
Signed-off-by: Steve French -
CIFS implements the fallocate(FALLOC_FL_ZERO_RANGE) with send SMB
ioctl(FSCTL_SET_ZERO_DATA) to server. It just set the range of the
remote file to zero, but local page cache not update, then the data
inconsistent with server, which leads the xfstest generic/008 failed.So we need to remove the local page caches before send SMB
ioctl(FSCTL_SET_ZERO_DATA) to server. After next read, it will
re-cache it.Fixes: 30175628bf7f5 ("[SMB3] Enable fallocate -z support for SMB3 mounts")
Reported-by: Hulk Robot
Signed-off-by: Zhang Xiaoxu
Reviewed-by: Pavel Shilovsky
Cc: stable@vger.kernel.org # v3.17
Signed-off-by: Steve French
22 Jun, 2020
1 commit
-
open_shroot() invokes kref_get(), which increases the refcount of the
"tcon->crfid" object. When open_shroot() returns not zero, it means the
open operation failed and close_shroot() will not be called to decrement
the refcount of the "tcon->crfid".The reference counting issue happens in one normal path of
open_shroot(). When the cached root have been opened successfully in a
concurrent process, the function increases the refcount and jump to
"oshr_free" to return. However the current return value "rc" may not
equal to 0, thus the increased refcount will not be balanced outside the
function, causing a refcnt leak.Fix this issue by setting the value of "rc" to 0 before jumping to
"oshr_free" label.Signed-off-by: Xiyu Yang
Signed-off-by: Xin Tan
Signed-off-by: Steve French
CC: Stable
06 Jun, 2020
1 commit
-
Pull cifs updates from Steve French:
"22 changesets, 2 for stable.Includes big performance improvement for large i/o when using
multichannel, also includes DFS fixes"* tag '5.8-rc-smb3-fixes-part-1' of git://git.samba.org/sfrench/cifs-2.6: (22 commits)
cifs: update internal module version number
cifs: multichannel: try to rebind when reconnecting a channel
cifs: multichannel: use pointer for binding channel
smb3: remove static checker warning
cifs: multichannel: move channel selection above transport layer
cifs: multichannel: always zero struct cifs_io_parms
cifs: dump Security Type info in DebugData
smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K
smb3: default to minimum of two channels when multichannel specified
cifs: multichannel: move channel selection in function
cifs: fix minor typos in comments and log messages
smb3: minor update to compression header definitions
cifs: minor fix to two debug messages
cifs: Standardize logging output
smb3: Add new parm "nodelete"
cifs: move some variables off the stack in smb2_ioctl_query_info
cifs: reduce stack use in smb2_compound_op
cifs: get rid of unused parameter in reconn_setup_dfs_targets()
cifs: handle hostnames that resolve to same ip in failover
cifs: set up next DFS target before generic_ip_connect()
...
05 Jun, 2020
2 commits
-
Move the channel (TCP_Server_Info*) selection from the tranport
layer to higher in the call stack so that:- credit handling is done with the server that will actually be used
to send.
* ->wait_mtu_credit
* ->set_credits / set_credits
* ->add_credits / add_credits
* add_credits_and_wake_if- potential reconnection (smb2_reconnect) done when initializing a
request is checked and done with the server that will actually be
used to send.To do this:
- remove the cifs_pick_channel() call out of compound_send_recv()
- select channel and pass it down by adding a cifs_pick_channel(ses)
call in:
- smb311_posix_mkdir
- SMB2_open
- SMB2_ioctl
- __SMB2_close
- query_info
- SMB2_change_notify
- SMB2_flush
- smb2_async_readv (if none provided in context param)
- SMB2_read (if none provided in context param)
- smb2_async_writev (if none provided in context param)
- SMB2_write (if none provided in context param)
- SMB2_query_directory
- send_set_info
- SMB2_oplock_break
- SMB311_posix_qfs_info
- SMB2_QFS_info
- SMB2_QFS_attr
- smb2_lockv
- SMB2_lease_break
- smb2_compound_op
- smb2_set_ea
- smb2_ioctl_query_info
- smb2_query_dir_first
- smb2_query_info_comound
- smb2_query_symlink
- cifs_writepages
- cifs_write_from_iter
- cifs_send_async_read
- cifs_read
- cifs_readpages- add TCP_Server_Info *server param argument to:
- cifs_send_recv
- compound_send_recv
- SMB2_open_init
- SMB2_query_info_init
- SMB2_set_info_init
- SMB2_close_init
- SMB2_ioctl_init
- smb2_iotcl_req_init
- SMB2_query_directory_init
- SMB2_notify_init
- SMB2_flush_init
- build_qfs_info_req
- smb2_hdr_assemble
- smb2_reconnect
- fill_small_buf
- smb2_plain_req_init
- __smb2_plain_req_initThe read/write codepath is different than the rest as it is using
pages, io iterators and async calls. To deal with those we add a
server pointer in the cifs_writedata/cifs_readdata/cifs_io_parms
context struct and set it in:- cifs_writepages (wdata)
- cifs_write_from_iter (wdata)
- cifs_readpages (rdata)
- cifs_send_async_read (rdata)The [rw]data->server pointer is eventually copied to
cifs_io_parms->server to pass it down to SMB2_read/SMB2_write.
If SMB2_read/SMB2_write is called from a different place that doesn't
set the server field it will pick a channel.Some places do not pick a channel and just use ses->server or
cifs_ses_server(ses). All cifs_ses_server(ses) calls are in codepaths
involving negprot/sess.setup.- SMB2_negotiate (binding channel)
- SMB2_sess_alloc_buffer (binding channel)
- SMB2_echo (uses provided one)
- SMB2_logoff (uses master)
- SMB2_tdis (uses master)(list not exhaustive)
Signed-off-by: Aurelien Aptel
Signed-off-by: Steve French -
SMB2_read/SMB2_write check and use cifs_io_parms->server, which might
be uninitialized memory.This change makes all callers zero-initialize the struct.
Signed-off-by: Aurelien Aptel
Signed-off-by: Steve French
04 Jun, 2020
3 commits
-
By moving FIEMAP_FLAG_SYNC handling to fiemap_prep we ensure it is
handled once instead of duplicated, but can still be done under fs locks,
like xfs/iomap intended with its duplicate handling. Also make sure the
error value of filemap_write_and_wait is propagated to user space.Signed-off-by: Christoph Hellwig
Reviewed-by: Amir Goldstein
Reviewed-by: Darrick J. Wong
Link: https://lore.kernel.org/r/20200523073016.2944131-8-hch@lst.de
Signed-off-by: Theodore Ts'o -
Replace fiemap_check_flags with a fiemap_prep helper that also takes the
inode and mapped range, and performs the sanity check and truncation
previously done in fiemap_check_range. This way the validation is inside
the file system itself and thus properly works for the stacked overlayfs
case as well.Signed-off-by: Christoph Hellwig
Reviewed-by: Amir Goldstein
Reviewed-by: Darrick J. Wong
Link: https://lore.kernel.org/r/20200523073016.2944131-7-hch@lst.de
Signed-off-by: Theodore Ts'o -
No need to pull the fiemap definitions into almost every file in the
kernel build.Signed-off-by: Christoph Hellwig
Reviewed-by: Ritesh Harjani
Reviewed-by: Darrick J. Wong
Link: https://lore.kernel.org/r/20200523073016.2944131-5-hch@lst.de
Signed-off-by: Theodore Ts'o
01 Jun, 2020
2 commits
-
Use pr_fmt to standardize all logging for fs/cifs.
Some logging output had no CIFS: specific prefix.
Now all output has one of three prefixes:
o CIFS:
o CIFS: VFS:
o Root-CIFS:Miscellanea:
o Convert printks to pr_
o Neaten macro definitions
o Remove embedded CIFS: prefixes from formats
o Convert "illegal" to "invalid"
o Coalesce formats
o Add missing '\n' format terminations
o Consolidate multiple cifs_dbg continuations into single calls
o More consistent use of upper case first word output logging
o Multiline statement argument alignment and wrappingSigned-off-by: Joe Perches
Signed-off-by: Steve French -
Move some large data structures off the stack and into dynamically
allocated memory in the function smb2_ioctl_query_infoSigned-off-by: Ronnie Sahlberg
Signed-off-by: Steve French
23 Apr, 2020
1 commit
-
SMB2_open_init() expects a pre-initialised lease_key when opening a
file with a lease, so set pfid->lease_key prior to calling it in
open_shroot().This issue was observed when performing some DFS failover tests and
the lease key was never randomly generated.Signed-off-by: Paulo Alcantara (SUSE)
Signed-off-by: Steve French
Reviewed-by: Ronnie Sahlberg
Reviewed-by: Aurelien Aptel
CC: Stable
30 Mar, 2020
1 commit
-
The packet size needs to take account of SMB2 header size and possible
encryption header size. This is only done when signing is used and it is for
RDMA send/receive, not read/write.Also remove the dead SMBD code in smb2_negotiate_r(w)size.
Signed-off-by: Long Li
Signed-off-by: Steve French
23 Mar, 2020
3 commits
-
xfstests generic/228 checks if fallocate respect RLIMIT_FSIZE.
After fallocate mode 0 extending enabled, we can hit this failure.
Fix this by check the new file size with vfs helper, return
error if file size is larger then RLIMIT_FSIZE(ulimit -f).This patch has been tested by LTP/xfstests aginst samba and
Windows server.Acked-by: Ronnie Sahlberg
Signed-off-by: Murphy Zhou
Signed-off-by: Steve French
CC: Stable -
allows SMB2_open() callers to pass down a POSIX data buffer that will
trigger requesting POSIX create context and parsing the response into
the provided buffer.Signed-off-by: Aurelien Aptel
Signed-off-by: Steve French
Reviewed-by: Paulo Alcantara (SUSE) -
This means it's consistently called and the callers don't need to
care about it.Signed-off-by: Stefan Metzmacher
Reviewed-by: Pavel Shilovsky
Signed-off-by: Steve French
18 Mar, 2020
2 commits
-
If we call fiemap on a truncated file with none blocks allocated,
it makes sense we get nothing from this call. No output means
no blocks have been counted, but the call succeeded. It's a valid
response.Simple example reproducer:
xfs_io -f 'truncate 2M' -c 'fiemap -v' /cifssch/testfile
xfs_io: ioctl(FS_IOC_FIEMAP) ["/cifssch/testfile"]: Invalid argumentSigned-off-by: Murphy Zhou
Signed-off-by: Steve French
Reviewed-by: Pavel Shilovsky
CC: Stable -
The num_remote_opens counter keeps track of the number of open files which must be
maintained by the server at any point. This is a per-tree-connect counter, and the value
of this counter gets displayed in the /proc/fs/cifs/Stats output as a following...Open files: 0 total (local), 1 open on server
^^^^^^^^^^^^^^^^
As a thumb-rule, we want to increment this counter for each open/create that we
successfully execute on the server. Similarly, we should decrement the counter when
we successfully execute a close.In this case, an increment was being missed in case of smb2_query_dir_first,
in case of successful open. As a result, we would underflow the counter and we
could even see the counter go to negative after sufficient smb2_query_dir_first calls.I tested the stats counter for a bunch of filesystem operations with the fix.
And it looks like the counter looks correct to me.I also check if we missed the increments and decrements elsewhere. It does not
seem so. Few other cases where an open is done and we don't increment the counter are
the compound calls where the corresponding close is also sent in the request.Signed-off-by: Shyam Prasad N
CC: Stable
Signed-off-by: Steve French
Reviewed-by: Aurelien Aptel
Reviewed-by: Pavel Shilovsky
25 Feb, 2020
1 commit
-
To rename a file in SMB2 we open it with the DELETE access and do a
special SetInfo on it. If the handle is missing the DELETE bit the
server will fail the SetInfo with STATUS_ACCESS_DENIED.We currently try to reuse any existing opened handle we have with
cifs_get_writable_path(). That function looks for handles with WRITE
access but doesn't check for DELETE, making rename() fail if it finds
a handle to reuse. Simple reproducer below.To select handles with the DELETE bit, this patch adds a flag argument
to cifs_get_writable_path() and find_writable_file() and the existing
'bool fsuid_only' argument is converted to a flag.The cifsFileInfo struct only stores the UNIX open mode but not the
original SMB access flags. Since the DELETE bit is not mapped in that
mode, this patch stores the access mask in cifs_fid on file open,
which is accessible from cifsFileInfo.Simple reproducer:
#include
#include
#include
#include
#include
#include
#define E(s) perror(s), exit(1)int main(int argc, char *argv[])
{
int fd, ret;
if (argc != 3) {
fprintf(stderr, "Usage: %s A B\n"
"create&open A in write mode, "
"rename A to B, close A\n", argv[0]);
return 0;
}fd = openat(AT_FDCWD, argv[1], O_WRONLY|O_CREAT|O_SYNC, 0666);
if (fd == -1) E("openat()");ret = rename(argv[1], argv[2]);
if (ret) E("rename()");ret = close(fd);
if (ret) E("close()");return ret;
}$ gcc -o bugrename bugrename.c
$ ./bugrename /mnt/a /mnt/b
rename(): Permission deniedFixes: 8de9e86c67ba ("cifs: create a helper to find a writeable handle by path name")
CC: Stable
Signed-off-by: Aurelien Aptel
Signed-off-by: Steve French
Reviewed-by: Pavel Shilovsky
Reviewed-by: Paulo Alcantara (SUSE)
15 Feb, 2020
2 commits
-
RHBZ: 1752437
Before we add a new EA we should check that this will not overflow
the maximum buffer we have available to read the EAs back.
Otherwise we can get into a situation where the EAs are so big that
we can not read them back to the client and thus we can not list EAs
anymore or delete them.Signed-off-by: Ronnie Sahlberg
Signed-off-by: Steve French
CC: Stable -
It was originally enabled only for SMB3 or later dialects, but
had requests to add it to SMB2.1 mounts as well given the
large number of systems at that dialect level.Signed-off-by: Steve French
Reported-by: L Walsh
Acked-by: Ronnie Sahlberg
06 Feb, 2020
1 commit
-
A commonly used SMB3 feature is change notification, allowing an
app to be notified about changes to a directory. The SMB3
Notify request blocks until the server detects a change to that
directory or its contents that matches the completion flags
that were passed in and the "watch_tree" flag (which indicates
whether subdirectories under this directory should be also
included). See MS-SMB2 2.2.35 for additional detail.To use this simply pass in the following structure to ioctl:
struct __attribute__((__packed__)) smb3_notify {
uint32_t completion_filter;
bool watch_tree;
} __packed;using CIFS_IOC_NOTIFY 0x4005cf09
or equivalently _IOW(CIFS_IOCTL_MAGIC, 9, struct smb3_notify)SMB3 change notification is supported by all major servers.
The ioctl will block until the server detects a change to that
directory or its subdirectories (if watch_tree is set).Signed-off-by: Steve French
Reviewed-by: Aurelien Aptel
Acked-by: Paulo Alcantara (SUSE)
05 Feb, 2020
1 commit
-
Add check for null cifs_sb to create_options helper
Signed-off-by: Steve French
Reviewed-by: Amir Goldstein
Reviewed-by: Aurelien Aptel
04 Feb, 2020
1 commit
-
When "backup intent" is requested on the mount (e.g. backupuid or
backupgid mount options), the corresponding flag was missing from
some of the operations.Change all operations to use the macro cifs_create_options() to
set the backup intent flag if needed.Signed-off-by: Amir Goldstein
Signed-off-by: Steve French
27 Jan, 2020
4 commits
-
RHBZ 1336264
When we extend a file we must also force the size to be updated.
This fixes an issue with holetest in xfs-tests which performs the following
sequence :
1, create a new file
2, use fallocate mode==0 to populate the file
3, mmap the file
4, touch each page by reading the mmapped region.Signed-off-by: Ronnie Sahlberg
Signed-off-by: Steve French -
Fix two places where we need to adjust down the max response size for
ioctl when it is used together with compounding.Signed-off-by: Ronnie Sahlberg
Signed-off-by: Steve French
Reviewed-by: Pavel Shilovsky
CC: Stable -
Combine the initial SMB2_Open and the first SMB2_Query_Directory in a compound.
This shaves one round-trip of each directory listing, changing it from 4 to 3
for small directories.Signed-off-by: Ronnie Sahlberg
Signed-off-by: Steve French
Reviewed-by: Pavel Shilovsky -
Fixes coccicheck warning:
fs/cifs/smb2ops.c:807:2-36: WARNING: Assignment of 0/1 to bool variable
Reported-by: Hulk Robot
Signed-off-by: zhengbin
Signed-off-by: Steve French
13 Dec, 2019
1 commit
-
SMB2_tdis() checks if a root handle is valid in order to decide
whether it needs to close the handle or not. However if another
thread has reference for the handle, it may end up with putting
the reference twice. The extra reference that we want to put
during the tree disconnect is the reference that has a directory
lease. So, track the fact that we have a directory lease and
close the handle only in that case.Signed-off-by: Pavel Shilovsky
Reviewed-by: Ronnie Sahlberg
Signed-off-by: Steve French
04 Dec, 2019
1 commit
-
Since timestamps on files on most servers can be updated at
close, and since timestamps on our dentries default to one
second we can have stale timestamps in some common cases
(e.g. open, write, close, stat, wait one second, stat - will
show different mtime for the first and second stat).The SMB2/SMB3 protocol allows querying timestamps at close
so add the code to request timestamp and attr information
(which is cheap for the server to provide) to be returned
when a file is closed (it is not needed for the many
paths that call SMB2_close that are from compounded
query infos and close nor is it needed for some of
the cases where a directory close immediately follows a
directory open.Signed-off-by: Steve French
Acked-by: Ronnie Sahlberg
Reviewed-by: Aurelien Aptel
Reviewed-by: Pavel Shilovsky
25 Nov, 2019
7 commits
-
Currenly we doesn't assume that a server may break a lease
from RWH to RW which causes us setting a wrong lease state
on a file and thus mistakenly flushing data and byte-range
locks and purging cached data on the client. This leads to
performance degradation because subsequent IOs go directly
to the server.Fix this by propagating new lease state and epoch values
to the oplock break handler through cifsFileInfo structure
and removing the use of cifsInodeInfo flags for that. It
allows to avoid some races of several lease/oplock breaks
using those flags in parallel.Signed-off-by: Pavel Shilovsky
Signed-off-by: Steve French -
After doing mount() successfully we call cifs_try_adding_channels()
which will open as many channels as it can.Channels are closed when the master session is closed.
The master connection becomes the first channel.
,-------------> global cifs_tcp_ses_list
Signed-off-by: Steve French -
Currently a lot of the code to initialize a connection & session uses
the cifs_ses as input. But depending on if we are opening a new session
or a new channel we need to use different server pointers.Add a "binding" flag in cifs_ses and a helper function that returns
the server ptr a session should use (only in the sess establishment
code path).Signed-off-by: Aurelien Aptel
Signed-off-by: Steve French -
New channels are going to be opened by walking the list sequentially,
so by sorting it we will connect to the fastest interfaces first.Signed-off-by: Aurelien Aptel
Signed-off-by: Steve French -
There is a race between a system call processing thread
and the demultiplex thread when mid->resp_buf becomes NULL
and later is being accessed to get credits. It happens when
the 1st thread wakes up before a mid callback is called in
the 2nd one but the mid state has already been set to
MID_RESPONSE_RECEIVED. This causes NULL pointer dereference
in mid callback.Fix this by saving credits from the response before we
update the mid state and then use this value in the mid
callback rather then accessing a response buffer.Cc: Stable
Fixes: ee258d79159afed5 ("CIFS: Move credit processing to mid callbacks for SMB3")
Tested-by: Frank Sorenson
Reviewed-by: Ronnie Sahlberg
Signed-off-by: Pavel Shilovsky
Signed-off-by: Steve French -
Move the same error code assignments so that such exception handling
can be better reused at the end of this function.This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring
Signed-off-by: Steve French -
Reuse existing functionality from memdup_user() instead of keeping
duplicate source code.Generated by: scripts/coccinelle/api/memdup_user.cocci
Fixes: f5b05d622a3e99e6a97a189fe500414be802a05c ("cifs: add IOCTL for QUERY_INFO passthrough to userspace")
Signed-off-by: Markus Elfring
Signed-off-by: Steve French
28 Oct, 2019
1 commit
-
Spotted by Ronnie.
Reviewed-by: Ronnie Sahlberg
Signed-off-by: Steve French
27 Sep, 2019
1 commit
-
There may be situations when a server negotiates SMB 2.1
protocol version or higher but responds to a CREATE request
with an oplock rather than a lease.Currently the client doesn't handle such a case correctly:
when another CREATE comes in the server sends an oplock
break to the initial CREATE and the client doesn't send
an ack back due to a wrong caching level being set (READ
instead of RWH). Missing an oplock break ack makes the
server wait until the break times out which dramatically
increases the latency of the second CREATE.Fix this by properly detecting oplocks when using SMB 2.1
protocol version and higher.Cc:
Signed-off-by: Pavel Shilovsky
Signed-off-by: Steve French
Reviewed-by: Ronnie Sahlberg