01 Oct, 2020
3 commits
-
[ Upstream commit 95a3d8f3af9b0d63b43f221b630beaab9739d13a ]
When xfstests generic/451, there is an BUG at mm/memcontrol.c:
page:ffffea000560f2c0 refcount:2 mapcount:0 mapping:000000008544e0ea
index:0xf
mapping->aops:cifs_addr_ops dentry name:"tst-aio-dio-cycle-write.451"
flags: 0x2fffff80000001(locked)
raw: 002fffff80000001 ffffc90002023c50 ffffea0005280088 ffff88815cda0210
raw: 000000000000000f 0000000000000000 00000002ffffffff ffff88817287d000
page dumped because: VM_BUG_ON_PAGE(page->mem_cgroup)
page->mem_cgroup:ffff88817287d000
------------[ cut here ]------------
kernel BUG at mm/memcontrol.c:2659!
invalid opcode: 0000 [#1] SMP
CPU: 2 PID: 2038 Comm: xfs_io Not tainted 5.8.0-rc1 #44
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_
073836-buildvm-ppc64le-16.ppc.4
RIP: 0010:commit_charge+0x35/0x50
Code: 0d 48 83 05 54 b2 02 05 01 48 89 77 38 c3 48 c7
c6 78 4a ea ba 48 83 05 38 b2 02 05 01 e8 63 0d9
RSP: 0018:ffffc90002023a50 EFLAGS: 00010202
RAX: 0000000000000000 RBX: ffff88817287d000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff88817ac97ea0 RDI: ffff88817ac97ea0
RBP: ffffea000560f2c0 R08: 0000000000000203 R09: 0000000000000005
R10: 0000000000000030 R11: ffffc900020237a8 R12: 0000000000000000
R13: 0000000000000001 R14: 0000000000000001 R15: ffff88815a1272c0
FS: 00007f5071ab0800(0000) GS:ffff88817ac80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055efcd5ca000 CR3: 000000015d312000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
mem_cgroup_charge+0x166/0x4f0
__add_to_page_cache_locked+0x4a9/0x710
add_to_page_cache_locked+0x15/0x20
cifs_readpages+0x217/0x1270
read_pages+0x29a/0x670
page_cache_readahead_unbounded+0x24f/0x390
__do_page_cache_readahead+0x3f/0x60
ondemand_readahead+0x1f1/0x470
page_cache_async_readahead+0x14c/0x170
generic_file_buffered_read+0x5df/0x1100
generic_file_read_iter+0x10c/0x1d0
cifs_strict_readv+0x139/0x170
new_sync_read+0x164/0x250
__vfs_read+0x39/0x60
vfs_read+0xb5/0x1e0
ksys_pread64+0x85/0xf0
__x64_sys_pread64+0x22/0x30
do_syscall_64+0x69/0x150
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f5071fcb1af
Code: Bad RIP value.
RSP: 002b:00007ffde2cdb8e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000011
RAX: ffffffffffffffda RBX: 00007ffde2cdb990 RCX: 00007f5071fcb1af
RDX: 0000000000001000 RSI: 000055efcd5ca000 RDI: 0000000000000003
RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000001000 R11: 0000000000000293 R12: 0000000000000001
R13: 000000000009f000 R14: 0000000000000000 R15: 0000000000001000
Modules linked in:
---[ end trace 725fa14a3e1af65c ]---Since commit 3fea5a499d57 ("mm: memcontrol: convert page cache to a new
mem_cgroup_charge() API") not cancel the page charge, the pages maybe
double add to pagecache:
thread1 | thread2
cifs_readpages
readpages_get_pages
add_to_page_cache_locked(head,index=n)=0
| readpages_get_pages
| add_to_page_cache_locked(head,index=n+1)=0
add_to_page_cache_locked(head, index=n+1)=-EEXIST
then, will next loop with list head page's
index=n+1 and the page->mapping not NULL
readpages_get_pages
add_to_page_cache_locked(head, index=n+1)
commit_charge
VM_BUG_ON_PAGESo, we should not do the next loop when any page add to page cache
failed.Reported-by: Hulk Robot
Signed-off-by: Zhang Xiaoxu
Signed-off-by: Steve French
Acked-by: Ronnie Sahlberg
Signed-off-by: Sasha Levin -
[ Upstream commit 9bd4540836684013aaad6070a65d6fcdd9006625 ]
Currenly we doesn't assume that a server may break a lease
from RWH to RW which causes us setting a wrong lease state
on a file and thus mistakenly flushing data and byte-range
locks and purging cached data on the client. This leads to
performance degradation because subsequent IOs go directly
to the server.Fix this by propagating new lease state and epoch values
to the oplock break handler through cifsFileInfo structure
and removing the use of cifsInodeInfo flags for that. It
allows to avoid some races of several lease/oplock breaks
using those flags in parallel.Signed-off-by: Pavel Shilovsky
Signed-off-by: Steve French
Signed-off-by: Sasha Levin -
[ Upstream commit 2b1116bbe898aefdf584838448c6869f69851e0f ]
Move the same error code assignments so that such exception handling
can be better reused at the end of this function.This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring
Signed-off-by: Steve French
Signed-off-by: Sasha Levin
23 Sep, 2020
1 commit
-
[ Upstream commit 01ec372cef1e5afa4ab843bbaf88a6fcb64dc14c ]
RHBZ: 1871246
If during cifs_lookup()/get_inode_info() we encounter a DFS link
and we use the cifsacl or modefromsid mount options we must suppress
any -EREMOTE errors that triggers or else we will not be able to follow
the DFS link and automount the target.This fixes an issue with modefromsid/cifsacl where these mountoptions
would break DFS and we would no longer be able to access the share.Signed-off-by: Ronnie Sahlberg
Reviewed-by: Paulo Alcantara (SUSE)
Signed-off-by: Steve French
Signed-off-by: Sasha Levin
21 Aug, 2020
2 commits
-
commit baf57b56d3604880ccb3956ec6c62ea894f5de99 upstream.
Handling a lease break for the cached root didn't free the
smb2_lease_break_work allocation, resulting in a leak:unreferenced object 0xffff98383a5af480 (size 128):
comm "cifsd", pid 684, jiffies 4294936606 (age 534.868s)
hex dump (first 32 bytes):
c0 ff ff ff 1f 00 00 00 88 f4 5a 3a 38 98 ff ff ..........Z:8...
88 f4 5a 3a 38 98 ff ff 80 88 d6 8a ff ff ff ff ..Z:8...........
backtrace:
[] smb2_is_valid_oplock_break+0x1fa/0x8c0
[] cifs_demultiplex_thread+0x73d/0xcc0
[] kthread+0x11c/0x150
[] ret_from_fork+0x22/0x30Avoid this leak by only allocating when necessary.
Fixes: a93864d93977 ("cifs: add lease tracking to the cached root fid")
Signed-off-by: Paul Aurich
CC: Stable # v4.18+
Reviewed-by: Aurelien Aptel
Signed-off-by: Steve French
Signed-off-by: Greg Kroah-Hartman -
commit 0a018944eee913962bce8ffebbb121960d5125d9 upstream.
When mounting with Kerberos, users have been confused about the
default error returned in scenarios in which either keyutils is
not installed or the user did not properly acquire a krb5 ticket.
Log a warning message in the case that "ENOKEY" is returned
from the get_spnego_key upcall so that users can better understand
why mount failed in those two cases.CC: Stable
Signed-off-by: Steve French
Signed-off-by: Greg Kroah-Hartman
29 Jul, 2020
1 commit
-
commit 0e6705182d4e1b77248a93470d6d7b3013d59b30 upstream.
This reverts commit 9ffad9263b467efd8f8dc7ae1941a0a655a2bab2.
Upon additional testing with older servers, it was found that
the original commit introduced a regression when using the old SMB1
dialect and rsyncing over an existing file.The patch will need to be respun to address this, likely including
a larger refactoring of the SMB1 and SMB3 rename code paths to make
it less confusing and also to address some additional rename error
cases that SMB3 may be able to workaround.Signed-off-by: Steve French
Reported-by: Patrick Fernie
CC: Stable
Acked-by: Ronnie Sahlberg
Acked-by: Pavel Shilovsky
Acked-by: Zhang Xiaoxu
Signed-off-by: Greg Kroah-Hartman
22 Jul, 2020
1 commit
-
[ Upstream commit 19e888678bac8c82206eb915eaf72741b2a2615c ]
The wait_event_... defines evaluate to long so we should not assign it an int as this may truncate
the value.Reported-by: Marshall Midden
Signed-off-by: Ronnie Sahlberg
Signed-off-by: Steve French
Signed-off-by: Sasha Levin
16 Jul, 2020
1 commit
-
[ Upstream commit 5618303d8516f8ac5ecfe53ee8e8bc9a40eaf066 ]
As the man description of the truncate, if the size changed,
then the st_ctime and st_mtime fields should be updated. But
in cifs, we doesn't do it.It lead the xfstests generic/313 failed.
So, add the ATTR_MTIME|ATTR_CTIME flags on attrs when change
the file sizeReported-by: Hulk Robot
Signed-off-by: Zhang Xiaoxu
Signed-off-by: Steve French
Signed-off-by: Sasha Levin
09 Jul, 2020
6 commits
-
commit 9ffad9263b467efd8f8dc7ae1941a0a655a2bab2 upstream.
When xfstest generic/035, we found the target file was deleted
if the rename return -EACESS.In cifs_rename2, we unlink the positive target dentry if rename
failed with EACESS or EEXIST, even if the target dentry is positived
before rename. Then the existing file was deleted.We should just delete the target file which created during the
rename.Reported-by: Hulk Robot
Signed-off-by: Zhang Xiaoxu
Cc: stable@vger.kernel.org
Signed-off-by: Steve French
Reviewed-by: Aurelien Aptel
Signed-off-by: Greg Kroah-Hartman -
commit 6b356f6cf941d5054d7fab072cae4a5f8658e3db upstream.
Fixes: ca567eb2b3f0 ("SMB3: Allow persistent handle timeout to be configurable on mount")
Signed-off-by: Paul Aurich
CC: Stable
Signed-off-by: Steve French
Reviewed-by: Aurelien Aptel
Signed-off-by: Greg Kroah-Hartman -
commit ad35f169db6cd5a4c5c0a5a42fb0cad3efeccb83 upstream.
Fixes: 3e7a02d47872 ("smb3: allow disabling requesting leases")
Signed-off-by: Paul Aurich
CC: Stable
Signed-off-by: Steve French
Reviewed-by: Aurelien Aptel
Signed-off-by: Greg Kroah-Hartman -
commit 00dfbc2f9c61185a2e662f27c45a0bb29b2a134f upstream.
Without this:
- persistent handles will only be enabled for per-user tcons if the
server advertises the 'Continuous Availabity' capability
- resilient handles would never be enabled for per-user tconsSigned-off-by: Paul Aurich
CC: Stable
Signed-off-by: Steve French
Reviewed-by: Aurelien Aptel
Signed-off-by: Greg Kroah-Hartman -
commit cc15461c73d7d044d56c47e869a215e49bd429c8 upstream.
Ensure multiuser SMB3 mounts use encryption for all users' tcons if the
mount options are configured to require encryption. Without this, only
the primary tcon and IPC tcons are guaranteed to be encrypted. Per-user
tcons would only be encrypted if the server was configured to require
encryption.Signed-off-by: Paul Aurich
CC: Stable
Signed-off-by: Steve French
Reviewed-by: Aurelien Aptel
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit 5391b8e1b7b7e5cfa2dd4ffdc4b8c6b64dfd1866 ]
The flag from the primary tcon needs to be copied into the volume info
so that cifs_get_tcon will try to enable extensions on the per-user
tcon. At that point, since posix extensions must have already been
enabled on the superblock, don't try to needlessly adjust the mount
flags.Fixes: ce558b0e17f8 ("smb3: Add posix create context for smb3.11 posix mounts")
Fixes: b326614ea215 ("smb3: allow "posix" mount option to enable new SMB311 protocol extensions")
Signed-off-by: Paul Aurich
Signed-off-by: Steve French
Reviewed-by: Aurelien Aptel
Signed-off-by: Sasha Levin
01 Jul, 2020
3 commits
-
commit 6b69040247e14b43419a520f841f2b3052833df9 upstream.
CIFS implements the fallocate(FALLOC_FL_ZERO_RANGE) with send SMB
ioctl(FSCTL_SET_ZERO_DATA) to server. It just set the range of the
remote file to zero, but local page cache not update, then the data
inconsistent with server, which leads the xfstest generic/008 failed.So we need to remove the local page caches before send SMB
ioctl(FSCTL_SET_ZERO_DATA) to server. After next read, it will
re-cache it.Fixes: 30175628bf7f5 ("[SMB3] Enable fallocate -z support for SMB3 mounts")
Reported-by: Hulk Robot
Signed-off-by: Zhang Xiaoxu
Reviewed-by: Pavel Shilovsky
Cc: stable@vger.kernel.org # v3.17
Signed-off-by: Steve French
Signed-off-by: Greg Kroah-Hartman -
commit acc91c2d8de4ef46ed751c5f9df99ed9a109b100 upstream.
When punch hole success, we also can read old data from file:
# strace -e trace=pread64,fallocate xfs_io -f -c "pread 20 40" \
-c "fpunch 20 40" -c"pread 20 40" file
pread64(3, " version 5.8.0-rc1+"..., 40, 20) = 40
fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_PUNCH_HOLE, 20, 40) = 0
pread64(3, " version 5.8.0-rc1+"..., 40, 20) = 40CIFS implements the fallocate(FALLOCATE_FL_PUNCH_HOLE) with send SMB
ioctl(FSCTL_SET_ZERO_DATA) to server. It just set the range of the
remote file to zero, but local page caches not updated, then the
local page caches inconsistent with server.Also can be found by xfstests generic/316.
So, we need to remove the page caches before send the SMB
ioctl(FSCTL_SET_ZERO_DATA) to server.Fixes: 31742c5a33176 ("enable fallocate punch hole ("fallocate -p") for SMB3")
Suggested-by: Pavel Shilovsky
Reviewed-by: Pavel Shilovsky
Signed-off-by: Zhang Xiaoxu
Cc: stable@vger.kernel.org # v3.17
Signed-off-by: Steve French
Signed-off-by: Greg Kroah-Hartman -
commit 77577de64167aa0643d47ffbaacf3642632b321b upstream.
open_shroot() invokes kref_get(), which increases the refcount of the
"tcon->crfid" object. When open_shroot() returns not zero, it means the
open operation failed and close_shroot() will not be called to decrement
the refcount of the "tcon->crfid".The reference counting issue happens in one normal path of
open_shroot(). When the cached root have been opened successfully in a
concurrent process, the function increases the refcount and jump to
"oshr_free" to return. However the current return value "rc" may not
equal to 0, thus the increased refcount will not be balanced outside the
function, causing a refcnt leak.Fix this issue by setting the value of "rc" to 0 before jumping to
"oshr_free" label.Signed-off-by: Xiyu Yang
Signed-off-by: Xin Tan
Signed-off-by: Steve French
CC: Stable
Signed-off-by: Greg Kroah-Hartman
24 Jun, 2020
1 commit
-
[ Upstream commit aaa3aef34d3ab9499a5c7633823429f7a24e6dff ]
If we mount a very specific DFS link
\\FS0.FOO.COM\dfs\link -> \FS0\share1, \FS1\share2
where its target list contains NB names ("FS0" & "FS1") rather than
FQDN ones ("FS0.FOO.COM" & "FS1.FOO.COM"), we end up connecting to
\FOO\share1 but server->hostname will have "FOO.COM". The reason is
because both "FS0" and "FS0.FOO.COM" resolve to same IP address and
they share same TCP server connection, but "FS0.FOO.COM" was the first
hostname set -- which is OK.However, if the echo thread timeouts and we still have a good
connection to "FS0", in cifs_reconnect()rc = generic_ip_connect(server) -> success
if (rc) {
...
reconn_inval_dfs_target(server, cifs_sb, &tgt_list,
&tgt_it);
...
}
...it successfully reconnects to "FS0" server but does not set up next
DFS target - which should be the same target server "\FS0\share1" -
and server->hostname remains set to "FS0.FOO.COM" rather than "FS0",
as reconn_inval_dfs_target() would have it set to "FS0" if called
earlier.Finally, in __smb2_reconnect(), the reconnect of tcons would fail
because tcon->ses->server->hostname (FS0.FOO.COM) does not match DFS
target's hostname (FS0).Fix that by calling reconn_inval_dfs_target() before
generic_ip_connect() so server->hostname will get updated correctly
prior to reconnecting its tcons in __smb2_reconnect().With "cifs: handle hostnames that resolve to same ip in failover"
patch- The above problem would not occur.
- We could save an DNS query to find out that they both resolve to
the same ip address.Signed-off-by: Paulo Alcantara (SUSE)
Reviewed-by: Aurelien Aptel
Signed-off-by: Steve French
Signed-off-by: Sasha Levin
17 Jun, 2020
2 commits
-
commit ebf57440ec59a36e1fc5fe91e31d66ae0d1662d0 upstream.
Some of tests in xfstests failed with cifsd kernel server since commit
e80ddeb2f70e. cifsd kernel server validates credit charge from client
by calculating it base on max((InputCount + OutputCount) and
(MaxInputResponse + MaxOutputResponse)) according to specification.MS-SMB2 specification describe credit charge calculation of smb2 ioctl :
If Connection.SupportsMultiCredit is TRUE, the server MUST validate
CreditCharge based on the maximum of (InputCount + OutputCount) and
(MaxInputResponse + MaxOutputResponse), as specified in section 3.3.5.2.5.
If the validation fails, it MUST fail the IOCTL request with
STATUS_INVALID_PARAMETER.This patch add indatalen that can be a non-zero value to calculation of
credit charge in SMB2_ioctl_init().Fixes: e80ddeb2f70e ("smb3: fix incorrect number of credits when ioctl
MaxOutputResponse > 64K")
Cc: Stable
Reviewed-by: Aurelien Aptel
Cc: Steve French
Signed-off-by: Namjae Jeon
Signed-off-by: Steve French
Signed-off-by: Greg Kroah-Hartman -
commit e80ddeb2f70ebd0786aa7cdba3e58bc931fa0bb5 upstream.
We were not checking to see if ioctl requests asked for more than
64K (ie when CIFSMaxBufSize was > 64K) so when setting larger
CIFSMaxBufSize then ioctls would fail with invalid parameter errors.
When requests ask for more than 64K in MaxOutputResponse then we
need to ask for more than 1 credit.Signed-off-by: Steve French
CC: Stable
Reviewed-by: Aurelien Aptel
Signed-off-by: Greg Kroah-Hartman
03 Jun, 2020
1 commit
-
[ Upstream commit 9bd21d4b1a767c3abebec203342f3820dcb84662 ]
Coverity scan noted a redundant null check
Coverity-id: 728517
Reported-by: Coverity
Signed-off-by: Steve French
Reviewed-by: Shyam Prasad N
Signed-off-by: Sasha Levin
20 May, 2020
1 commit
-
commit a48137996063d22ffba77e077425f49873856ca5 upstream.
Failed async writes that are requeued may not clean up a refcount
on the file, which can result in a leaked open. This scenario arises
very reliably when using persistent handles and a reconnect occurs
while writing.cifs_writev_requeue only releases the reference if the write fails
(rc != 0). The server->ops->async_writev operation will take its own
reference, so the initial reference can always be released.Signed-off-by: Adam McCoy
Signed-off-by: Steve French
CC: Stable
Reviewed-by: Pavel Shilovsky
Signed-off-by: Greg Kroah-Hartman
10 May, 2020
2 commits
-
[ Upstream commit 65303de829dd6d291a4947c1a31de31896f8a060 ]
This disables tcon re-use for DFS shares.
tcon->dfs_path stores the path that the tcon should connect to when
doing failing over.If that tcon is used multiple times e.g. 2 mounts using it with
different prefixpath, each will need a different dfs_path but there is
only one tcon. The other solution would be to split the tcon in 2
tcons during failover but that is much harder.tcons could not be shared with DFS in cifs.ko because in a
DFS namespace like://domain/dfsroot -> /serverA/dfsroot, /serverB/dfsroot
//serverA/dfsroot/link -> /serverA/target1/aa/bb
//serverA/dfsroot/link2 -> /serverA/target1/cc/dd
you can see that link and link2 are two DFS links that both resolve to
the same target share (/serverA/target1), so cifs.ko will only contain a
single tcon for both link and link2.The problem with that is, if we (auto)mount "link" and "link2", cifs.ko
will only contain a single tcon for both DFS links so we couldn't
perform failover or refresh the DFS cache for both links because
tcon->dfs_path was set to either "link" or "link2", but not both --
which is wrong.Signed-off-by: Paulo Alcantara (SUSE)
Reviewed-by: Aurelien Aptel
Reviewed-by: Ronnie Sahlberg
Signed-off-by: Steve French
Signed-off-by: Sasha Levin -
[ Upstream commit fada37f6f62995cc449b36ebba1220594bfe55fe ]
We use a spinlock while we are reading and accessing the destination address for a server.
We need to also use this spinlock to protect when we are modifying this address from
reconn_set_ipaddr().Signed-off-by: Ronnie Sahlberg
Reviewed-by: Jeff Layton
Signed-off-by: Steve French
Signed-off-by: Sasha Levin
29 Apr, 2020
1 commit
-
commit 0fe0781f29dd8ab618999e6bda33c782ebbdb109 upstream.
SMB2_open_init() expects a pre-initialised lease_key when opening a
file with a lease, so set pfid->lease_key prior to calling it in
open_shroot().This issue was observed when performing some DFS failover tests and
the lease key was never randomly generated.Signed-off-by: Paulo Alcantara (SUSE)
Signed-off-by: Steve French
Reviewed-by: Ronnie Sahlberg
Reviewed-by: Aurelien Aptel
CC: Stable
Signed-off-by: Greg Kroah-Hartman
23 Apr, 2020
1 commit
-
[ Upstream commit 3946d0d04bb360acca72db5efe9ae8440012d9dc ]
When encryption is used, smb2_transform_hdr is defined on the stack and is
passed to the transport. This doesn't work with RDMA as the buffer needs to
be DMA'ed.Fix it by using kmalloc.
Signed-off-by: Long Li
Signed-off-by: Steve French
Signed-off-by: Sasha Levin
17 Apr, 2020
2 commits
-
commit 97adda8b3ab703de8e4c8d27646ddd54fe22879c upstream.
This patch is used to fix the bug in collect_uncached_read_data()
that rc is automatically converted from a signed number to an
unsigned number when the CIFS asynchronous read fails.
It will cause ctx->rc is error.Example:
Share a directory and create a file on the Windows OS.
Mount the directory to the Linux OS using CIFS.
On the CIFS client of the Linux OS, invoke the pread interface to
deliver the read request.The size of the read length plus offset of the read request is greater
than the maximum file size.In this case, the CIFS server on the Windows OS returns a failure
message (for example, the return value of
smb2.nt_status is STATUS_INVALID_PARAMETER).After receiving the response message, the CIFS client parses
smb2.nt_status to STATUS_INVALID_PARAMETER
and converts it to the Linux error code (rdata->result=-22).Then the CIFS client invokes the collect_uncached_read_data function to
assign the value of rdata->result to rc, that is, rc=rdata->result=-22.The type of the ctx->total_len variable is unsigned integer,
the type of the rc variable is integer, and the type of
the ctx->rc variable is ssize_t.Therefore, during the ternary operation, the value of rc is
automatically converted to an unsigned number. The final result is
ctx->rc=4294967274. However, the expected result is ctx->rc=-22.Signed-off-by: Yilu Lin
Signed-off-by: Steve French
CC: Stable
Acked-by: Ronnie Sahlberg
Signed-off-by: Greg Kroah-Hartman -
commit cf5371ae460eb8e484e4884747af270c86c3c469 upstream.
There are cases when we don't want to send the SMB2 flush operation
(e.g. when user specifies mount parm "nostrictsync") and it can be
a very expensive operation on the server. In most cases in order
to set mtime, we simply need to flush (write) the dirtry pages from
the client and send the writes to the server not also send a flush
protocol operation to the server.Fixes: aa081859b10c ("cifs: flush before set-info if we have writeable handles")
CC: Stable
Signed-off-by: Steve French
Signed-off-by: Greg Kroah-Hartman
25 Mar, 2020
4 commits
-
commit 979a2665eb6c603ddce0ab374041ab101827b2e7 upstream.
If we call fiemap on a truncated file with none blocks allocated,
it makes sense we get nothing from this call. No output means
no blocks have been counted, but the call succeeded. It's a valid
response.Simple example reproducer:
xfs_io -f 'truncate 2M' -c 'fiemap -v' /cifssch/testfile
xfs_io: ioctl(FS_IOC_FIEMAP) ["/cifssch/testfile"]: Invalid argumentSigned-off-by: Murphy Zhou
Signed-off-by: Steve French
Reviewed-by: Pavel Shilovsky
CC: Stable
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit ec57010acd03428a749d2600bf09bd537eaae993 ]
We were not displaying the mount option "signloosely" in /proc/mounts
for cifs mounts which some users found confusing recentlySigned-off-by: Steve French
Reviewed-by: Aurelien Aptel
Signed-off-by: Sasha Levin -
[ Upstream commit 154255233830e1e4dd0d99ac929a5dce588c0b81 ]
Ensure that full_path is an UNC path that contains '\\' as delimiter,
which is required by cifs_build_devname().The build_path_from_dentry_optional_prefix() function may return a
path with '/' as delimiter when using SMB1 UNIX extensions, for
example.Signed-off-by: Paulo Alcantara (SUSE)
Signed-off-by: Steve French
Acked-by: Ronnie Sahlberg
Signed-off-by: Sasha Levin -
[ Upstream commit dcf23ac3e846ca0cf626c155a0e3fcbbcf4fae8a ]
There is measurable performance impact in some synthetic tests due to
commit 6d390e4b5d48 (locks: fix a potential use-after-free problem when
wakeup a waiter). Fix the race condition instead by clearing the
fl_blocker pointer after the wake_up, using explicit acquire/release
semantics.This does mean that we can no longer use the clearing of fl_blocker as
the wait condition, so switch the waiters over to checking whether the
fl_blocked_member list_head is empty.Reviewed-by: yangerkun
Reviewed-by: NeilBrown
Fixes: 6d390e4b5d48 (locks: fix a potential use-after-free problem when wakeup a waiter)
Signed-off-by: Jeff Layton
Signed-off-by: Linus Torvalds
Signed-off-by: Sasha Levin
18 Mar, 2020
1 commit
-
commit d9a9f4849fe0c9d560851ab22a85a666cddfdd24 upstream.
several iterations of ->atomic_open() calling conventions ago, we
used to need fput() if ->atomic_open() failed at some point after
successful finish_open(). Now (since 2016) it's not needed -
struct file carries enough state to make fput() work regardless
of the point in struct file lifecycle and discarding it on
failure exits in open() got unified. Unfortunately, I'd missed
the fact that we had an instance of ->atomic_open() (cifs one)
that used to need that fput(), as well as the stale comment in
finish_open() demanding such late failure handling. Trivially
fixed...Fixes: fe9ec8291fca "do_last(): take fput() on error after opening to out:"
Cc: stable@kernel.org # v4.7+
Signed-off-by: Al Viro
Signed-off-by: Greg Kroah-Hartman
12 Mar, 2020
2 commits
-
commit 86f740f2aed5ea7fe1aa86dc2df0fb4ab0f71088 upstream.
To rename a file in SMB2 we open it with the DELETE access and do a
special SetInfo on it. If the handle is missing the DELETE bit the
server will fail the SetInfo with STATUS_ACCESS_DENIED.We currently try to reuse any existing opened handle we have with
cifs_get_writable_path(). That function looks for handles with WRITE
access but doesn't check for DELETE, making rename() fail if it finds
a handle to reuse. Simple reproducer below.To select handles with the DELETE bit, this patch adds a flag argument
to cifs_get_writable_path() and find_writable_file() and the existing
'bool fsuid_only' argument is converted to a flag.The cifsFileInfo struct only stores the UNIX open mode but not the
original SMB access flags. Since the DELETE bit is not mapped in that
mode, this patch stores the access mask in cifs_fid on file open,
which is accessible from cifsFileInfo.Simple reproducer:
#include
#include
#include
#include
#include
#include
#define E(s) perror(s), exit(1)int main(int argc, char *argv[])
{
int fd, ret;
if (argc != 3) {
fprintf(stderr, "Usage: %s A B\n"
"create&open A in write mode, "
"rename A to B, close A\n", argv[0]);
return 0;
}fd = openat(AT_FDCWD, argv[1], O_WRONLY|O_CREAT|O_SYNC, 0666);
if (fd == -1) E("openat()");ret = rename(argv[1], argv[2]);
if (ret) E("rename()");ret = close(fd);
if (ret) E("close()");return ret;
}$ gcc -o bugrename bugrename.c
$ ./bugrename /mnt/a /mnt/b
rename(): Permission deniedFixes: 8de9e86c67ba ("cifs: create a helper to find a writeable handle by path name")
CC: Stable
Signed-off-by: Aurelien Aptel
Signed-off-by: Steve French
Reviewed-by: Pavel Shilovsky
Reviewed-by: Paulo Alcantara (SUSE)
Signed-off-by: Greg Kroah-Hartman -
commit fc513fac56e1b626ae48a74d7551d9c35c50129e upstream.
If from cifs_revalidate_dentry_attr() the SMB2/QUERY_INFO call fails with an
error, such as STATUS_SESSION_EXPIRED, causing the session to be reconnected
it is possible we will leak -EAGAIN back to the application even for
system calls such as stat() where this is not a valid error.Fix this by re-trying the operation from within cifs_revalidate_dentry_attr()
if cifs_get_inode_info*() returns -EAGAIN.This fixes stat() and possibly also other system calls that uses
cifs_revalidate_dentry*().Signed-off-by: Ronnie Sahlberg
Signed-off-by: Steve French
Reviewed-by: Pavel Shilovsky
Reviewed-by: Aurelien Aptel
CC: Stable
Signed-off-by: Greg Kroah-Hartman
05 Mar, 2020
1 commit
-
[ Upstream commit f52aa79df43c4509146140de0241bc21a4a3b4c7 ]
A number of the debug statements output file or directory mode
in hex. Change these to print using octal.Signed-off-by: Frank Sorenson
Signed-off-by: Steve French
Signed-off-by: Sasha Levin
24 Feb, 2020
3 commits
-
[ Upstream commit d6fd41905ec577851734623fb905b1763801f5ef ]
We ran into a confusing problem where an application wasn't checking
return code on close and so user didn't realize that the application
ran out of disk space. log a warning message (once) in these
cases. For example:[ 8407.391909] Out of space writing to \\oleg-server\small-share
Signed-off-by: Steve French
Reported-by: Oleg Kravtsov
Reviewed-by: Ronnie Sahlberg
Reviewed-by: Pavel Shilovsky
Signed-off-by: Sasha Levin -
[ Upstream commit fe1292686333d1dadaf84091f585ee903b9ddb84 ]
RHBZ: 1760879
Fix an oops in match_prepath() by making sure that the prepath string is not
NULL before we pass it into strcmp().This is similar to other checks we make for example in cifs_root_iget()
Signed-off-by: Ronnie Sahlberg
Signed-off-by: Steve French
Signed-off-by: Sasha Levin -
[ Upstream commit 5739375ee4230980166807d347cc21c305532bbc ]
Starting from 4a367dc04435, we must set the mount options based on the
DFS full path rather than the resolved target, that is, cifs_mount()
will be responsible for resolving the DFS link (cached) as well as
performing failover to any other targets in the referral.Signed-off-by: Paulo Alcantara (SUSE)
Reported-by: Martijn de Gouw
Fixes: 4a367dc04435 ("cifs: Add support for failover in cifs_mount()")
Link: https://lore.kernel.org/linux-cifs/39643d7d-2abb-14d3-ced6-c394fab9a777@prodrive-technologies.com
Tested-by: Martijn de Gouw
Signed-off-by: Steve French
Signed-off-by: Sasha Levin