20 Jan, 2021
1 commit
-
commit 2659d3bff3e1b000f49907d0839178b101a89887 upstream.
Retry close command if it gets interrupted to not leak open handles on
the server.Signed-off-by: Paulo Alcantara (SUSE)
Reported-by: Duncan Findlay
Suggested-by: Pavel Shilovsky
Fixes: 6988a619f5b7 ("cifs: allow syscalls to be restarted in __smb_send_rqst()")
Cc: stable@vger.kernel.org
Reviewd-by: Pavel Shilovsky
Signed-off-by: Steve French
Signed-off-by: Greg Kroah-Hartman
30 Dec, 2020
1 commit
-
commit 7955f105afb6034af344038d663bc98809483cdd upstream.
In the negotiate protocol preauth context, the server is not required
to populate the salt (although it is done by most servers) so do
not warn on mount.We retain the checks (warn) that the preauth context is the minimum
size and that the salt does not exceed DataLength of the SMB response.
Although we use the defaults in the case that the preauth context
response is invalid, these checks may be useful in the future
as servers add support for additional mechanisms.CC: Stable
Reviewed-by: Shyam Prasad N
Reviewed-by: Pavel Shilovsky
Signed-off-by: Steve French
Signed-off-by: Greg Kroah-Hartman
04 Dec, 2020
1 commit
-
When mounting with "idsfromsid" mount option, Azure
corrupted the owner SIDs due to excessive padding
caused by placing the owner fields at the end of the
security descriptor on create. Placing owners at the
front of the security descriptor (rather than the end)
is also safer, as the number of ACEs (that follow it)
are variable.Signed-off-by: Ronnie Sahlberg
Suggested-by: Rohith Surabattula
CC: Stable # v5.8
Signed-off-by: Steve French
21 Oct, 2020
1 commit
-
Don't populate const array smb3_create_tag_posix on the stack but
instead make it static. Makes the object code smaller by 50 bytes.Before:
text data bss dec hex filename
150184 47167 0 197351 302e7 fs/cifs/smb2pdu.oAfter:
text data bss dec hex filename
150070 47231 0 197301 302b5 fs/cifs/smb2pdu.o(gcc version 10.2.0)
Signed-off-by: Colin Ian King
Reviewed-by: Aurelien Aptel
Signed-off-by: Steve French
20 Oct, 2020
2 commits
-
There are cases where the server can return a cipher type of 0 and
it not be an error. For example server supported no encryption types
(e.g. server completely disabled encryption), or the server and
client didn't support any encryption types in common (e.g. if a
server only supported AES256_CCM). In those cases encryption would
not be supported, but that can be ok if the client did not require
encryption on mount and it should not return an error.In the case in which mount requested encryption ("seal" on mount)
then checks later on during tree connection will return the proper
rc, but if seal was not requested by client, since server is allowed
to return 0 to indicate no supported cipher, we should not fail mount.Reported-by: Pavel Shilovsky
Reviewed-by: Pavel Shilovsky
Signed-off-by: Steve French -
If server does not support AES-256-GCM and it was required on mount, print
warning message. Also log and return a different error message (EOPNOTSUPP)
when encryption mechanism is not supported vs the case when an unknown
unrequested encryption mechanism could be returned (EINVAL).Signed-off-by: Steve French
Reviewed-by: Pavel Shilovsky
16 Oct, 2020
2 commits
-
Add new module load parameter enable_gcm_256. If set, then add
AES-256-GCM (strongest encryption type) to the list of encryption
types requested. Put it in the list as the second choice (since
AES-128-GCM is faster and much more broadly supported by
SMB3 servers). To make this stronger encryption type, GCM-256,
required (the first and only choice, you would use module parameter
"require_gcm_256."Reviewed-by: Ronnie Sahlberg
Signed-off-by: Steve French -
Add new module load parameter require_gcm_256. If set, then only
request AES-256-GCM (strongest encryption type).Reviewed-by: Ronnie Sahlberg
Signed-off-by: Steve French
24 Aug, 2020
1 commit
-
Replace the existing /* fall through */ comments and its variants with
the new pseudo-keyword macro fallthrough[1]. Also, remove unnecessary
fall-through markings when it is the case.[1] https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through
Signed-off-by: Gustavo A. R. Silva
11 Aug, 2020
1 commit
-
Convert the uses of fallthrough comments to fallthrough macro.
Signed-off-by: Hongxiang Lou
Signed-off-by: Miaohe Lin
Signed-off-by: Steve French
03 Aug, 2020
2 commits
-
They were identical execpt to CIFSTCon() vs. SMB2_tcon().
These are also available via ops->tree_connect().Signed-off-by: Stefan Metzmacher
Signed-off-by: Paulo Alcantara (SUSE)
Reviewed-by: Aurelien Aptel
Signed-off-by: Steve French -
When mounting with Kerberos, users have been confused about the
default error returned in scenarios in which either keyutils is
not installed or the user did not properly acquire a krb5 ticket.
Log a warning message in the case that "ENOKEY" is returned
from the get_spnego_key upcall so that users can better understand
why mount failed in those two cases.CC: Stable
Signed-off-by: Steve French
13 Jun, 2020
2 commits
-
Pavel noticed that a debug message (disabled by default) in creating the security
descriptor context could be useful for new file creation owner fields
(as we already have for the mode) when using mount parm idsfromsid.[38120.392272] CIFS: FYI: owner S-1-5-88-1-0, group S-1-5-88-2-0
[38125.792637] CIFS: FYI: owner S-1-5-88-1-1000, group S-1-5-88-2-1000Also cleans up a typo in a comment
Signed-off-by: Steve French
Reviewed-by: Pavel Shilovsky -
Currently idsfromsid mount option allows querying owner information from the
special sids used to represent POSIX uids and gids but needed changes to
populate the security descriptor context with the owner information when
idsfromsid mount option was used.Signed-off-by: Steve French
Reviewed-by: Pavel Shilovsky
12 Jun, 2020
2 commits
-
Add worker function for non-compounded SMB3.1.1 POSIX Extensions query info.
This is needed for revalidate of root (cached) directory for example.Signed-off-by: Steve French
Reviewed-by: Ronnie Sahlberg
Reviewed-by: Aurelien Aptel -
Some of tests in xfstests failed with cifsd kernel server since commit
e80ddeb2f70e. cifsd kernel server validates credit charge from client
by calculating it base on max((InputCount + OutputCount) and
(MaxInputResponse + MaxOutputResponse)) according to specification.MS-SMB2 specification describe credit charge calculation of smb2 ioctl :
If Connection.SupportsMultiCredit is TRUE, the server MUST validate
CreditCharge based on the maximum of (InputCount + OutputCount) and
(MaxInputResponse + MaxOutputResponse), as specified in section 3.3.5.2.5.
If the validation fails, it MUST fail the IOCTL request with
STATUS_INVALID_PARAMETER.This patch add indatalen that can be a non-zero value to calculation of
credit charge in SMB2_ioctl_init().Fixes: e80ddeb2f70e ("smb3: fix incorrect number of credits when ioctl
MaxOutputResponse > 64K")
Cc: Stable
Reviewed-by: Aurelien Aptel
Cc: Steve French
Signed-off-by: Namjae Jeon
Signed-off-by: Steve French
05 Jun, 2020
3 commits
-
first steps in trying to make channels properly reconnect.
* add cifs_ses_find_chan() function to find the enclosing cifs_chan
struct it belongs to
* while we have the session lock and are redoing negprot and
sess.setup in smb2_reconnect() redo the binding of channels.Signed-off-by: Aurelien Aptel
Signed-off-by: Steve French -
Remove static checker warning pointed out by Dan Carpenter:
The patch feeaec621c09: "cifs: multichannel: move channel selection
above transport layer" from Apr 24, 2020, leads to the following
static checker warning:fs/cifs/smb2pdu.c:149 smb2_hdr_assemble()
error: we previously assumed 'tcon->ses' could be null (see line 133)Reported-by: Dan Carpenter
CC: Aurelien Aptel
Signed-off-by: Steve French -
Move the channel (TCP_Server_Info*) selection from the tranport
layer to higher in the call stack so that:- credit handling is done with the server that will actually be used
to send.
* ->wait_mtu_credit
* ->set_credits / set_credits
* ->add_credits / add_credits
* add_credits_and_wake_if- potential reconnection (smb2_reconnect) done when initializing a
request is checked and done with the server that will actually be
used to send.To do this:
- remove the cifs_pick_channel() call out of compound_send_recv()
- select channel and pass it down by adding a cifs_pick_channel(ses)
call in:
- smb311_posix_mkdir
- SMB2_open
- SMB2_ioctl
- __SMB2_close
- query_info
- SMB2_change_notify
- SMB2_flush
- smb2_async_readv (if none provided in context param)
- SMB2_read (if none provided in context param)
- smb2_async_writev (if none provided in context param)
- SMB2_write (if none provided in context param)
- SMB2_query_directory
- send_set_info
- SMB2_oplock_break
- SMB311_posix_qfs_info
- SMB2_QFS_info
- SMB2_QFS_attr
- smb2_lockv
- SMB2_lease_break
- smb2_compound_op
- smb2_set_ea
- smb2_ioctl_query_info
- smb2_query_dir_first
- smb2_query_info_comound
- smb2_query_symlink
- cifs_writepages
- cifs_write_from_iter
- cifs_send_async_read
- cifs_read
- cifs_readpages- add TCP_Server_Info *server param argument to:
- cifs_send_recv
- compound_send_recv
- SMB2_open_init
- SMB2_query_info_init
- SMB2_set_info_init
- SMB2_close_init
- SMB2_ioctl_init
- smb2_iotcl_req_init
- SMB2_query_directory_init
- SMB2_notify_init
- SMB2_flush_init
- build_qfs_info_req
- smb2_hdr_assemble
- smb2_reconnect
- fill_small_buf
- smb2_plain_req_init
- __smb2_plain_req_initThe read/write codepath is different than the rest as it is using
pages, io iterators and async calls. To deal with those we add a
server pointer in the cifs_writedata/cifs_readdata/cifs_io_parms
context struct and set it in:- cifs_writepages (wdata)
- cifs_write_from_iter (wdata)
- cifs_readpages (rdata)
- cifs_send_async_read (rdata)The [rw]data->server pointer is eventually copied to
cifs_io_parms->server to pass it down to SMB2_read/SMB2_write.
If SMB2_read/SMB2_write is called from a different place that doesn't
set the server field it will pick a channel.Some places do not pick a channel and just use ses->server or
cifs_ses_server(ses). All cifs_ses_server(ses) calls are in codepaths
involving negprot/sess.setup.- SMB2_negotiate (binding channel)
- SMB2_sess_alloc_buffer (binding channel)
- SMB2_echo (uses provided one)
- SMB2_logoff (uses master)
- SMB2_tdis (uses master)(list not exhaustive)
Signed-off-by: Aurelien Aptel
Signed-off-by: Steve French
04 Jun, 2020
1 commit
-
We were not checking to see if ioctl requests asked for more than
64K (ie when CIFSMaxBufSize was > 64K) so when setting larger
CIFSMaxBufSize then ioctls would fail with invalid parameter errors.
When requests ask for more than 64K in MaxOutputResponse then we
need to ask for more than 1 credit.Signed-off-by: Steve French
CC: Stable
Reviewed-by: Aurelien Aptel
01 Jun, 2020
3 commits
-
Joe Perches pointed out that we were missing a newline
at the end of two debug messagesReported-by: Joe Perches
Signed-off-by: Steve French -
Use pr_fmt to standardize all logging for fs/cifs.
Some logging output had no CIFS: specific prefix.
Now all output has one of three prefixes:
o CIFS:
o CIFS: VFS:
o Root-CIFS:Miscellanea:
o Convert printks to pr_
o Neaten macro definitions
o Remove embedded CIFS: prefixes from formats
o Convert "illegal" to "invalid"
o Coalesce formats
o Add missing '\n' format terminations
o Consolidate multiple cifs_dbg continuations into single calls
o More consistent use of upper case first word output logging
o Multiline statement argument alignment and wrappingSigned-off-by: Joe Perches
Signed-off-by: Steve French -
In order to support reconnect to hostnames that resolve to same ip
address, besides relying on the currently set hostname to match DFS
targets, attempt to resolve the targets and then match their addresses
with the reconnected server ip address.For instance, if we have two hostnames "FOO" and "BAR", and both
resolve to the same ip address, we would be able to handle failover in
DFS paths like\\FOO\dfs\link1 -> [ \BAZ\share2 (*), \BAR\share1 ]
\\FOO\dfs\link2 -> [ \BAZ\share2 (*), \FOO\share1 ]so when "BAZ" is no longer accessible, link1 and link2 would get
reconnected despite having different target hostnames.Signed-off-by: Paulo Alcantara (SUSE)
Reviewed-by: Aurelien Aptel
Signed-off-by: Steve French
16 Apr, 2020
1 commit
-
We already dump these keys for SMB3, lets also dump it for SMB2
sessions so that we can use the session key in wireshark to check and validate
that the signatures are correct.Signed-off-by: Ronnie Sahlberg
Signed-off-by: Steve French
Reviewed-by: Aurelien Aptel
23 Mar, 2020
6 commits
-
allows SMB2_open() callers to pass down a POSIX data buffer that will
trigger requesting POSIX create context and parsing the response into
the provided buffer.Signed-off-by: Aurelien Aptel
Signed-off-by: Steve French
Reviewed-by: Paulo Alcantara (SUSE) -
* add code to request POSIX info level
* parse dir entries and fill cifs_fattr to get correct inode datasince the POSIX payload is variable size the number of entries in a
FIND response needs to be computed differently.Dirs and regular files are properly reported along with mode bits,
hardlink number, c/m/atime. No special files yet (see below).Current experimental version of Samba with the extension unfortunately
has issues with wildcards and needs the following patch:> --- i/source3/smbd/smb2_query_directory.c
> +++ w/source3/smbd/smb2_query_directory.c
> @@ -397,9 +397,7 @@ smbd_smb2_query_directory_send(TALLOC_CTX
> *mem_ctx,
> }
> }
>
> - if (!state->smbreq->posix_pathnames) {
> wcard_has_wild = ms_has_wild(state->in_file_name);
> - }
>
> /* Ensure we've canonicalized any search path if not a wildcard. */
> if (!wcard_has_wild) {
>Also for special files despite reporting them as reparse point samba
doesn't set the reparse tag field. This patch will mark them as needing
re-evaluation but the re-evaluate code doesn't deal with it yet.Signed-off-by: Aurelien Aptel
Signed-off-by: Steve French -
* add new info level and structs for SMB2 posix extension
* add functions to parse and validate itSigned-off-by: Aurelien Aptel
Signed-off-by: Steve French -
little progress on the posix create response.
* rename struct to create_posix_rsp to match with the request
create_posix context
* make struct packed
* pass smb info struct for parse_posix_ctxt to fill
* use smb info struct as param
* update TODOWhat needs to be done:
SMB2_open() has an optional smb info out argument that it will fill.
Callers making use of this are:- smb3_query_mf_symlink (need to investigate)
- smb2_open_fileCallers of smb2_open_file (via server->ops->open) are passing an
smbinfo struct but that struct cannot hold POSIX information. All the
call stack needs to be changed for a different info type. Maybe pass
SMB generic struct like cifs_fattr instead.Signed-off-by: Aurelien Aptel
Signed-off-by: Steve French -
mod_delayed_work() is safer than queue_delayed_work() if there's a
chance that the work is already in the queue.Signed-off-by: Stefan Metzmacher
Reviewed-by: Pavel Shilovsky
Signed-off-by: Steve French -
For the case where we have a DFS path like below and we're currently
connected to targetA://dfsroot/link -> //targetA/share/foo, //targetB/share/bar
after failover, we should make sure to update cifs_sb->prepath so the
next operations will use the new prefix path "/bar".Besides, in order to simplify the use of different prefix paths,
enforce CIFS_MOUNT_USE_PREFIX_PATH for DFS mounts so we don't have to
revalidate the root dentry every time we set a new prefix path.Signed-off-by: Paulo Alcantara (SUSE)
Acked-by: Ronnie Sahlberg
Reviewed-by: Aurelien Aptel
Signed-off-by: Steve French
25 Feb, 2020
1 commit
-
To rename a file in SMB2 we open it with the DELETE access and do a
special SetInfo on it. If the handle is missing the DELETE bit the
server will fail the SetInfo with STATUS_ACCESS_DENIED.We currently try to reuse any existing opened handle we have with
cifs_get_writable_path(). That function looks for handles with WRITE
access but doesn't check for DELETE, making rename() fail if it finds
a handle to reuse. Simple reproducer below.To select handles with the DELETE bit, this patch adds a flag argument
to cifs_get_writable_path() and find_writable_file() and the existing
'bool fsuid_only' argument is converted to a flag.The cifsFileInfo struct only stores the UNIX open mode but not the
original SMB access flags. Since the DELETE bit is not mapped in that
mode, this patch stores the access mask in cifs_fid on file open,
which is accessible from cifsFileInfo.Simple reproducer:
#include
#include
#include
#include
#include
#include
#define E(s) perror(s), exit(1)int main(int argc, char *argv[])
{
int fd, ret;
if (argc != 3) {
fprintf(stderr, "Usage: %s A B\n"
"create&open A in write mode, "
"rename A to B, close A\n", argv[0]);
return 0;
}fd = openat(AT_FDCWD, argv[1], O_WRONLY|O_CREAT|O_SYNC, 0666);
if (fd == -1) E("openat()");ret = rename(argv[1], argv[2]);
if (ret) E("rename()");ret = close(fd);
if (ret) E("close()");return ret;
}$ gcc -o bugrename bugrename.c
$ ./bugrename /mnt/a /mnt/b
rename(): Permission deniedFixes: 8de9e86c67ba ("cifs: create a helper to find a writeable handle by path name")
CC: Stable
Signed-off-by: Aurelien Aptel
Signed-off-by: Steve French
Reviewed-by: Pavel Shilovsky
Reviewed-by: Paulo Alcantara (SUSE)
07 Feb, 2020
1 commit
-
SMB3.1.1 POSIX Context processing is not complete yet - so print warning
(once) if server returns it on open.Signed-off-by: Steve French
Reviewed-by: Aurelien Aptel
06 Feb, 2020
2 commits
-
A commonly used SMB3 feature is change notification, allowing an
app to be notified about changes to a directory. The SMB3
Notify request blocks until the server detects a change to that
directory or its contents that matches the completion flags
that were passed in and the "watch_tree" flag (which indicates
whether subdirectories under this directory should be also
included). See MS-SMB2 2.2.35 for additional detail.To use this simply pass in the following structure to ioctl:
struct __attribute__((__packed__)) smb3_notify {
uint32_t completion_filter;
bool watch_tree;
} __packed;using CIFS_IOC_NOTIFY 0x4005cf09
or equivalently _IOW(CIFS_IOCTL_MAGIC, 9, struct smb3_notify)SMB3 change notification is supported by all major servers.
The ioctl will block until the server detects a change to that
directory or its subdirectories (if watch_tree is set).Signed-off-by: Steve French
Reviewed-by: Aurelien Aptel
Acked-by: Paulo Alcantara (SUSE) -
We ran into a confusing problem where an application wasn't checking
return code on close and so user didn't realize that the application
ran out of disk space. log a warning message (once) in these
cases. For example:[ 8407.391909] Out of space writing to \\oleg-server\small-share
Signed-off-by: Steve French
Reported-by: Oleg Kravtsov
Reviewed-by: Ronnie Sahlberg
Reviewed-by: Pavel Shilovsky
05 Feb, 2020
1 commit
-
RHBZ: 1579050
If we have a soft mount we should fail commands for session-setup
failures (such as the password having changed/ account being deleted/ ...)
and return an error back to the application.Signed-off-by: Ronnie Sahlberg
Signed-off-by: Steve French
CC: Stable
31 Jan, 2020
1 commit
-
RHBZ: 1795429
In recent DFS updates we have a new variable controlling how many times we will
retry to reconnect the share.
If DFS is not used, then this variable is initialized to 0 in:static inline int
dfs_cache_get_nr_tgts(const struct dfs_cache_tgt_list *tl)
{
return tl ? tl->tl_numtgts : 0;
}This means that in the reconnect loop in smb2_reconnect() we will immediately wrap retries to -1
and never actually get to pass this conditional:if (--retries)
continue;The effect is that we no longer reach the point where we fail the commands with -EHOSTDOWN
and basically the kernel threads are virtually hung and unkillable.Fixes: a3a53b7603798fd8 (cifs: Add support for failover in smb2_reconnect())
Signed-off-by: Ronnie Sahlberg
Signed-off-by: Steve French
Reviewed-by: Paulo Alcantara (SUSE)
CC: Stable
27 Jan, 2020
4 commits
-
When mounting with "modefromsid" mount parm most servers will require
that some default permissions are given to users in the ACL on newly
created files, files created with the new 'sd context' - when passing in
an sd context on create, permissions are not inherited from the parent
directory, so in addition to the ACE with the special SID which contains
the mode, we also must pass in an ACE allowing users to access the file
(GENERIC_ALL for authenticated users seemed like a reasonable default,
although later we could allow a mount option or config switch to make
it GENERIC_ALL for EVERYONE special sid).CC: Stable
Signed-off-by: Steve French
Reviewed-By: Ronnie Sahlberg
Reviewed-by: Pavel Shilovsky -
fs/cifs/smb2pdu.c: In function 'SMB2_query_directory':
fs/cifs/smb2pdu.c:4444:26: warning:
variable 'server' set but not used [-Wunused-but-set-variable]
struct TCP_Server_Info *server;It is not used, so remove it.
Reported-by: Hulk Robot
Signed-off-by: YueHaibing
Signed-off-by: Steve French -
Signed-off-by: Ronnie Sahlberg
Signed-off-by: Steve French
Reviewed-by: Pavel Shilovsky -
Signed-off-by: Ronnie Sahlberg
Signed-off-by: Steve French
Reviewed-by: Pavel Shilovsky
