10 Oct, 2018
1 commit
-
[ Upstream commit 097f5863b1a0c9901f180bbd56ae7d630655faaa ]
We need to verify that the "data_offset" is within bounds.
Reported-by: Dr Silvio Cesare of InfoSect
Signed-off-by: Dan Carpenter
Signed-off-by: Steve French
Reviewed-by: Aurelien Aptel
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
24 Apr, 2018
1 commit
-
commit 82fb82be05585426405667dd5f0510aa953ba439 upstream.
shash and sdesc and always allocated and freed together.
* abstract this in new functions cifs_alloc_hash() and cifs_free_hash().
* make smb2/3 crypto allocation independent from each other.Signed-off-by: Aurelien Aptel
Signed-off-by: Steve French
Reviewed-by: Ronnie Sahlberg
CC: Stable
Signed-off-by: Greg Kroah-Hartman
17 Feb, 2018
1 commit
-
commit 97f4b7276b829a8927ac903a119bef2f963ccc58 upstream.
also replaces memset()+kfree() by kzfree().
Signed-off-by: Aurelien Aptel
Signed-off-by: Steve French
Reviewed-by: Pavel Shilovsky
Signed-off-by: Greg Kroah-Hartman
09 Jul, 2017
1 commit
-
Remove the CONFIG_CIFS_SMB2 ifdef and Kconfig option since they
must always be on now.For various security reasons, SMB3 and later are STRONGLY preferred
over CIFS and older dialects, and SMB3 (and later) will now be
the default dialects so we do not want to allow them to be
ifdeffed out.In the longer term, we may be able to make older CIFS support
disableable in Kconfig with a new set of #ifdef, but we always
want SMB3 and later support enabled.Signed-off-by: Steven French
Reviewed-by: Pavel Shilovsky
21 Jun, 2017
1 commit
-
pages is being allocated however a null check on bv is being used
to see if the allocation failed. Fix this by checking if pages is
null.Detected by CoverityScan, CID#1432974 ("Logically dead code")
Fixes: ccf7f4088af2dd ("CIFS: Add asynchronous context to support kernel AIO")
Signed-off-by: Colin Ian King
Reviewed-by: Pavel Shilovsky
Signed-off-by: Steve French
03 May, 2017
2 commits
-
When the final cifsFileInfo_put() is called from cifsiod and an oplock
break work is queued, lockdep complains loudly:=============================================
[ INFO: possible recursive locking detected ]
4.11.0+ #21 Not tainted
---------------------------------------------
kworker/0:2/78 is trying to acquire lock:
("cifsiod"){++++.+}, at: flush_work+0x215/0x350but task is already holding lock:
("cifsiod"){++++.+}, at: process_one_work+0x255/0x8e0other info that might help us debug this:
Possible unsafe locking scenario:CPU0
----
lock("cifsiod");
lock("cifsiod");*** DEADLOCK ***
May be due to missing lock nesting notation
2 locks held by kworker/0:2/78:
#0: ("cifsiod"){++++.+}, at: process_one_work+0x255/0x8e0
#1: ((&wdata->work)){+.+...}, at: process_one_work+0x255/0x8e0stack backtrace:
CPU: 0 PID: 78 Comm: kworker/0:2 Not tainted 4.11.0+ #21
Workqueue: cifsiod cifs_writev_complete
Call Trace:
dump_stack+0x85/0xc2
__lock_acquire+0x17dd/0x2260
? match_held_lock+0x20/0x2b0
? trace_hardirqs_off_caller+0x86/0x130
? mark_lock+0xa6/0x920
lock_acquire+0xcc/0x260
? lock_acquire+0xcc/0x260
? flush_work+0x215/0x350
flush_work+0x236/0x350
? flush_work+0x215/0x350
? destroy_worker+0x170/0x170
__cancel_work_timer+0x17d/0x210
? ___preempt_schedule+0x16/0x18
cancel_work_sync+0x10/0x20
cifsFileInfo_put+0x338/0x7f0
cifs_writedata_release+0x2a/0x40
? cifs_writedata_release+0x2a/0x40
cifs_writev_complete+0x29d/0x850
? preempt_count_sub+0x18/0xd0
process_one_work+0x304/0x8e0
worker_thread+0x9b/0x6a0
kthread+0x1b2/0x200
? process_one_work+0x8e0/0x8e0
? kthread_create_on_node+0x40/0x40
ret_from_fork+0x31/0x40This is a real warning. Since the oplock is queued on the same
workqueue this can deadlock if there is only one worker thread active
for the workqueue (which will be the case during memory pressure when
the rescuer thread is handling it).Furthermore, there is at least one other kind of hang possible due to
the oplock break handling if there is only worker. (This can be
reproduced without introducing memory pressure by having passing 1 for
the max_active parameter of cifsiod.) cifs_oplock_break() can wait
indefintely in the filemap_fdatawait() while the cifs_writev_complete()
work is blocked:sysrq: SysRq : Show Blocked State
task PC stack pid father
kworker/0:1 D 0 16 2 0x00000000
Workqueue: cifsiod cifs_oplock_break
Call Trace:
__schedule+0x562/0xf40
? mark_held_locks+0x4a/0xb0
schedule+0x57/0xe0
io_schedule+0x21/0x50
wait_on_page_bit+0x143/0x190
? add_to_page_cache_lru+0x150/0x150
__filemap_fdatawait_range+0x134/0x190
? do_writepages+0x51/0x70
filemap_fdatawait_range+0x14/0x30
filemap_fdatawait+0x3b/0x40
cifs_oplock_break+0x651/0x710
? preempt_count_sub+0x18/0xd0
process_one_work+0x304/0x8e0
worker_thread+0x9b/0x6a0
kthread+0x1b2/0x200
? process_one_work+0x8e0/0x8e0
? kthread_create_on_node+0x40/0x40
ret_from_fork+0x31/0x40
dd D 0 683 171 0x00000000
Call Trace:
__schedule+0x562/0xf40
? mark_held_locks+0x29/0xb0
schedule+0x57/0xe0
io_schedule+0x21/0x50
wait_on_page_bit+0x143/0x190
? add_to_page_cache_lru+0x150/0x150
__filemap_fdatawait_range+0x134/0x190
? do_writepages+0x51/0x70
filemap_fdatawait_range+0x14/0x30
filemap_fdatawait+0x3b/0x40
filemap_write_and_wait+0x4e/0x70
cifs_flush+0x6a/0xb0
filp_close+0x52/0xa0
__close_fd+0xdc/0x150
SyS_close+0x33/0x60
entry_SYSCALL_64_fastpath+0x1f/0xbeShowing all locks held in the system:
2 locks held by kworker/0:1/16:
#0: ("cifsiod"){.+.+.+}, at: process_one_work+0x255/0x8e0
#1: ((&cfile->oplock_break)){+.+.+.}, at: process_one_work+0x255/0x8e0Showing busy workqueues and worker pools:
workqueue cifsiod: flags=0xc
pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/1
in-flight: 16:cifs_oplock_break
delayed: cifs_writev_complete, cifs_echo_request
pool 0: cpus=0 node=0 flags=0x0 nice=0 hung=0s workers=3 idle: 750 3Fix these problems by creating a a new workqueue (with a rescuer) for
the oplock break work.Signed-off-by: Rabin Vincent
Signed-off-by: Steve French
CC: Stable -
Currently the code doesn't recognize asynchronous calls passed
by io_submit() and processes all calls synchronously. This is not
what kernel AIO expects. This patch introduces a new async context
that keeps track of all issued i/o requests and moves a response
collecting procedure to a separate thread. This allows to return
to a caller immediately for async calls and call iocb->ki_complete()
once all requests are completed. For sync calls the current thread
simply waits until all requests are completed.Signed-off-by: Pavel Shilovsky
Signed-off-by: Steve French
28 Apr, 2017
1 commit
-
mempool_alloc() cannot fail if the gfp flags allow it to
sleep, and both GFP_FS allows for sleeping.So these tests of the return value from mempool_alloc()
cannot be needed.Signed-off-by: NeilBrown
Signed-off-by: Steve French
02 Mar, 2017
1 commit
-
since the DFS payload is not tied to the SMB version we can:
* isolate the DFS payload in its own struct, and include that struct in
packet structs
* move the function that parses the response to misc.c and make it work
on the new DFS payload struct (add payload size and utf16 flag as a
result).Signed-off-by: Aurelien Aptel
Acked-by: Pavel Shilovsky
Signed-off-by: Steve French
13 Oct, 2016
1 commit
-
Remove the global file_list_lock to simplify cifs/smb3 locking and
have spinlocks that more closely match the information they are
protecting.Add new tcon->open_file_lock and file->file_info_lock spinlocks.
Locks continue to follow a heirachy,
cifs_socket --> cifs_ses --> cifs_tcon --> cifs_file
where global tcp_ses_lock still protects socket and cifs_ses, while the
the newer locks protect the lower level structure's information
(tcon and cifs_file respectively).CC: Stable
Signed-off-by: Steve French
Signed-off-by: Pavel Shilovsky
Reviewed-by: Aurelien Aptel
Reviewed-by: Germano Percossi
15 Jan, 2016
1 commit
-
…eneration. Thanks to Metze for helping with this.
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Steve French <steve.french@primarydata.com>
16 Apr, 2015
1 commit
-
that's the bulk of filesystem drivers dealing with inodes of their own
Signed-off-by: David Howells
Signed-off-by: Al Viro
08 Dec, 2014
1 commit
-
This patch converts custom dumper to use native print_hex_dump() instead. The
cifs_dump_mem() will have an offsets per each line which differs it from the
original code.In the dump_smb() we may use native print_hex_dump() as well. It will show
slightly different output in ASCII part when character is unprintable,
otherwise it keeps same structure.Signed-off-by: Andy Shevchenko
Signed-off-by: Steve French
11 Aug, 2014
1 commit
-
Commit 743162013d40 ("sched: Remove proliferation of wait_on_bit() action
functions") has removed the call to cifs_oplock_break_wait, making this
function unused; remove it.This fixes the following compilation warning:
fs/cifs/misc.c:578:1: warning: ‘cifs_oplock_break_wait’ defined but not used [-Wunused-function]
Signed-off-by: Vincent Stehlé
Cc: Steve French
Signed-off-by: Steve French
10 Aug, 2014
1 commit
-
Pull CIFS updates from Steve French:
"The most visible change in this set is the additional of multi-credit
support for SMB2/SMB3 which dramatically improves the large file i/o
performance for these dialects and significantly increases the maximum
i/o size used on the wire for SMB2/SMB3.Also reconnection behavior after network failure is improved"
* 'for-next' of git://git.samba.org/sfrench/cifs-2.6: (35 commits)
Add worker function to set allocation size
[CIFS] Fix incorrect hex vs. decimal in some debug print statements
update CIFS TODO list
Add Pavel to contributor list in cifs AUTHORS file
Update cifs version
CIFS: Fix STATUS_CANNOT_DELETE error mapping for SMB2
CIFS: Optimize readpages in a short read case on reconnects
CIFS: Optimize cifs_user_read() in a short read case on reconnects
CIFS: Improve indentation in cifs_user_read()
CIFS: Fix possible buffer corruption in cifs_user_read()
CIFS: Count got bytes in read_into_pages()
CIFS: Use separate var for the number of bytes got in async read
CIFS: Indicate reconnect with ECONNABORTED error code
CIFS: Use multicredits for SMB 2.1/3 reads
CIFS: Fix rsize usage for sync read
CIFS: Fix rsize usage in user read
CIFS: Separate page reading from user read
CIFS: Fix rsize usage in readpages
CIFS: Separate page search from readpages
CIFS: Use multicredits for SMB 2.1/3 writes
...
03 Aug, 2014
1 commit
-
Joe Perches and Hans Wennborg noticed that various places in the
kernel were printing decimal numbers with 0x prefix.
printk("0x%d") or equivalent
This fixes the instances of this in the cifs driver.CC: Hans Wennborg
CC: Joe Perches
Signed-off-by: Steve French
01 Aug, 2014
1 commit
-
The functionality provided by free_rsp_buf() is duplicated in a number
of places. Replace these instances with a call to free_rsp_buf().Signed-off-by: Sachin Prabhu
Reviewed-by: Shirish Pargaonkar
Signed-off-by: Steve French
16 Jul, 2014
1 commit
-
The current "wait_on_bit" interface requires an 'action'
function to be provided which does the actual waiting.
There are over 20 such functions, many of them identical.
Most cases can be satisfied by one of just two functions, one
which uses io_schedule() and one which just uses schedule().So:
Rename wait_on_bit and wait_on_bit_lock to
wait_on_bit_action and wait_on_bit_lock_action
to make it explicit that they need an action function.Introduce new wait_on_bit{,_lock} and wait_on_bit{,_lock}_io
which are *not* given an action function but implicitly use
a standard one.
The decision to error-out if a signal is pending is now made
based on the 'mode' argument rather than being encoded in the action
function.All instances of the old wait_on_bit and wait_on_bit_lock which
can use the new version have been changed accordingly and their
action functions have been discarded.
wait_on_bit{_lock} does not return any specific error code in the
event of a signal so the caller must check for non-zero and
interpolate their own error code as appropriate.The wait_on_bit() call in __fscache_wait_on_invalidate() was
ambiguous as it specified TASK_UNINTERRUPTIBLE but used
fscache_wait_bit_interruptible as an action function.
David Howells confirms this should be uniformly
"uninterruptible"The main remaining user of wait_on_bit{,_lock}_action is NFS
which needs to use a freezer-aware schedule() call.A comment in fs/gfs2/glock.c notes that having multiple 'action'
functions is useful as they display differently in the 'wchan'
field of 'ps'. (and /proc/$PID/wchan).
As the new bit_wait{,_io} functions are tagged "__sched", they
will not show up at all, but something higher in the stack. So
the distinction will still be visible, only with different
function names (gds2_glock_wait versus gfs2_glock_dq_wait in the
gfs2/glock.c case).Since first version of this patch (against 3.15) two new action
functions appeared, on in NFS and one in CIFS. CIFS also now
uses an action function that makes the same freezer aware
schedule call as NFS.Signed-off-by: NeilBrown
Acked-by: David Howells (fscache, keys)
Acked-by: Steven Whitehouse (gfs2)
Acked-by: Peter Zijlstra
Cc: Oleg Nesterov
Cc: Steve French
Cc: Linus Torvalds
Link: http://lkml.kernel.org/r/20140707051603.28027.72349.stgit@notabene.brown
Signed-off-by: Ingo Molnar
17 Apr, 2014
1 commit
-
Problem reported in Red Hat bz 1040329 for strict writes where we cache
only when we hold oplock and write direct to the server when we don't.When we receive an oplock break, we first change the oplock value for
the inode in cifsInodeInfo->oplock to indicate that we no longer hold
the oplock before we enqueue a task to flush changes to the backing
device. Once we have completed flushing the changes, we return the
oplock to the server.There are 2 ways here where we can have data corruption
1) While we flush changes to the backing device as part of the oplock
break, we can have processes write to the file. These writes check for
the oplock, find none and attempt to write directly to the server.
These direct writes made while we are flushing from cache could be
overwritten by data being flushed from the cache causing data
corruption.
2) While a thread runs in cifs_strict_writev, the machine could receive
and process an oplock break after the thread has checked the oplock and
found that it allows us to cache and before we have made changes to the
cache. In that case, we end up with a dirty page in cache when we
shouldn't have any. This will be flushed later and will overwrite all
subsequent writes to the part of the file represented by this page.Before making any writes to the server, we need to confirm that we are
not in the process of flushing data to the server and if we are, we
should wait until the process is complete before we attempt the write.
We should also wait for existing writes to complete before we process
an oplock break request which changes oplock values.We add a version specific downgrade_oplock() operation to allow for
differences in the oplock values set for the different smb versions.Cc: stable@vger.kernel.org
Signed-off-by: Sachin Prabhu
Reviewed-by: Jeff Layton
Reviewed-by: Pavel Shilovsky
Signed-off-by: Steve French
03 Nov, 2013
1 commit
-
The multiplex identifier (MID) in the SMB header is only
ever used by the client, in conjunction with PID, to match responses
from the server. As such, the endianess of the MID is not important.
However, When tracing packet sequences on the wire, protocol analyzers
such as wireshark display MID as little endian. It is much more informative
for the on-the-wire MID sequences to match debug information emitted by the
CIFS driver. Therefore, one should write and read MID in the SMB header
assuming it is always little endian.Observed from wireshark during the protocol negotiation
and session setup:Multiplex ID: 256
Multiplex ID: 256
Multiplex ID: 512
Multiplex ID: 512
Multiplex ID: 768
Multiplex ID: 768After this patch on-the-wire MID values begin at 1 and increase monotonically.
Introduce get_next_mid64() for the internal consumers that use the full 64 bit
multiplex identifier.Introduce the helpers get_mid() and compare_mid() to make the endian
translation clear.Reviewed-by: Jeff Layton
Signed-off-by: Tim Gardner
Signed-off-by: Steve French
28 Oct, 2013
1 commit
-
The only call site for check_smb_header() assigns 'mid' from the SMB
packet, which is then checked again in check_smb_header(). This seems
like redundant redundancy.Reviewed-by: Jeff Layton
Signed-off-by: Tim Gardner
Signed-off-by: Steve French
09 Sep, 2013
2 commits
-
that prepare the code to handle different types of SMB2 leases.
Signed-off-by: Pavel Shilovsky
Signed-off-by: Steve French -
Move the post (successful) session setup code to respective dialect routines.
For smb1, session key is per smb connection.
For smb2/smb3, session key is per smb session.If client and server do not require signing, free session key for smb1/2/3.
If client and server require signing
smb1 - Copy (kmemdup) session key for the first session to connection.
Free session key of that and subsequent sessions on this connection.
smb2 - For every session, keep the session key and free it when the
session is being shutdown.
smb3 - For every session, generate the smb3 signing key using the session key
and then free the session key.There are two unrelated line formatting changes as well.
Reviewed-by: Jeff Layton
Signed-off-by: Shirish Pargaonkar
Signed-off-by: Steve French
24 Jun, 2013
1 commit
-
Currently, we determine this according to flags in the sec_mode, flags
in the global_secflags and via other methods. That makes the semantics
very hard to follow and there are corner cases where we don't handle
this correctly.Add a new bool to the TCP_Server_Info that acts as a simple flag to tell
us whether signing is enabled on this connection or not, and fix up the
places that need to determine this to use that flag.This is a bit weird for the SMB2 case, where signing is per-session.
SMB2 needs work in this area already though. The existing SMB2 code has
similar logic to what we're using here, so there should be no real
change in behavior. These changes should make it easier to implement
per-session signing in the future though.Signed-off-by: Jeff Layton
Reviewed-by: Pavel Shilovsky
Signed-off-by: Steve French
05 May, 2013
1 commit
-
It's not obvious from reading the macro names that these macros
are for debugging. Convert the names to a single more typical
kernel style cifs_dbg macro.cERROR(1, ...) -> cifs_dbg(VFS, ...)
cFYI(1, ...) -> cifs_dbg(FYI, ...)
cFYI(DBG2, ...) -> cifs_dbg(NOISY, ...)Move the terminating format newline from the macro to the call site.
Add CONFIG_CIFS_DEBUG function cifs_vfs_err to emit the
"CIFS VFS: " prefix for VFS messages.Size is reduced ~ 1% when CONFIG_CIFS_DEBUG is set (default y)
$ size fs/cifs/cifs.ko*
text data bss dec hex filename
265245 2525 132 267902 4167e fs/cifs/cifs.ko.new
268359 2525 132 271016 422a8 fs/cifs/cifs.ko.oldOther miscellaneous changes around these conversions:
o Miscellaneous typo fixes
o Add terminating \n's to almost all formats and remove them
from the macros to be more kernel style like. A few formats
previously had defective \n's
o Remove unnecessary OOM messages as kmalloc() calls dump_stack
o Coalesce formats to make grep easier,
added missing spaces when coalescing formats
o Use %s, __func__ instead of embedded function name
o Removed unnecessary "cifs: " prefixes
o Convert kzalloc with multiply to kcalloc
o Remove unused cifswarn macroSigned-off-by: Joe Perches
Signed-off-by: Jeff Layton
Signed-off-by: Steve French
13 Feb, 2013
1 commit
-
Cc: Steve French
Signed-off-by: "Eric W. Biederman"
25 Sep, 2012
2 commits
-
Now we walk though cifsFileInfo's list for every incoming lease
break and look for an equivalent there. That approach misses lease
breaks that come just after an open response - we don't have time
to populate new cifsFileInfo structure to the list. Fix this by
adding new list of pending opens and look for a lease there if we
didn't find it in the list of cifsFileInfo structures.Signed-off-by: Pavel Shilovsky
Signed-off-by: Steve French -
This is help us to extend the code for future protocols that can use
another fid mechanism (as SMB2 that has it divided into two parts:
persistent and violatile).Also rename variables and refactor the code around the changes.
Reviewed-by: Jeff Layton
Signed-off-by: Pavel Shilovsky
Signed-off-by: Steve French
25 Jul, 2012
2 commits
-
Signed-off-by: Pavel Shilovsky
Signed-off-by: Steve French -
Use SMB2 header size values for allocation and memset because they
are bigger and suitable for both CIFS and SMB2.Signed-off-by: Pavel Shilovsky
Signed-off-by: Steve French
24 Jul, 2012
1 commit
-
Acked-by: Jeff Layton
Signed-off-by: Pavel Shilovsky
Signed-off-by: Steve French
02 Jun, 2012
1 commit
-
Reviewed-by: Jeff Layton
Signed-off-by: Pavel Shilovsky
Signed-off-by: Steve French
23 May, 2012
1 commit
-
Acked-by: Shirish Pargaonkar
Reviewed-by: Jeff Layton
Signed-off-by: Pavel Shilovsky
Signed-off-by: Steve French
17 May, 2012
1 commit
-
We've now warned about this for two releases. Remove it for 3.5.
Signed-off-by: Jeff Layton
24 Mar, 2012
5 commits
-
...and convert existing cifs users of system_nrt_wq to use that instead.
Also, make it freezable, and set WQ_MEM_RECLAIM since we use it to
deal with write reply handling.Signed-off-by: Jeff Layton
Acked-by: Shirish Pargaonkar -
to be protocol-unspecific and big enough to keep both CIFS
and SMB2 values.Signed-off-by: Pavel Shilovsky
-
While in CIFS/SMB we have 16 bit mid, in SMB2 it is 64 bit.
Convert the existing field to 64 bit and mask off higher bits
for CIFS/SMB.Signed-off-by: Pavel Shilovsky
-
Signed-off-by: Pavel Shilovsky
-
that lets us use this functions for SMB2.
Signed-off-by: Pavel Shilovsky
22 Mar, 2012
1 commit
-
and send no more than credits value requests at once. For SMB/CIFS
it's trivial: increment this value by receiving any message and
decrement by sending one.Reviewed-by: Jeff Layton
Signed-off-by: Pavel Shilovsky
Signed-off-by: Steve French