06 Jan, 2017
1 commit
-
commit 53e0e11efe9289535b060a51d4cf37c25e0d0f2b upstream.
We can not unlock/lock cifs_tcp_ses_lock while walking through ses
and tcon lists because it can corrupt list iterator pointers and
a tcon structure can be released if we don't hold an extra reference.
Fix it by moving a reconnect process to a separate delayed work
and acquiring a reference to every tcon that needs to be reconnected.
Also do not send an echo request on newly established connections.Signed-off-by: Pavel Shilovsky
Signed-off-by: Greg Kroah-Hartman
13 Oct, 2016
1 commit
-
Continuous Availability features like persistent handles
require that clients reconnect their open files, not
just the sessions, soon after the network connection comes
back up, otherwise the server will throw away the state
(byte range locks, leases, deny modes) on those handles
after a timeout.Add code to reconnect handles when use_persistent set
(e.g. Continuous Availability shares) after tree reconnect.Signed-off-by: Aurelien Aptel
Reviewed-by: Germano Percossi
Signed-off-by: Steve French
28 Sep, 2016
1 commit
-
they used to be used, but...
Signed-off-by: Al Viro
10 Sep, 2016
1 commit
-
Fix memory leaks introduced by the patch
fs/cifs: make share unaccessible at root level mountableAlso move allocation of cifs_sb->prepath to cifs_setup_cifs_sb().
Signed-off-by: Sachin Prabhu
Tested-by: Aurelien Aptel
Signed-off-by: Steve French
20 May, 2016
1 commit
-
The session key is the default keyring set for request_key operations.
This session key is revoked when the user owning the session logs out.
Any long running daemon processes started by this session ends up with
revoked session keyring which prevents these processes from using the
request_key mechanism from obtaining the krb5 keys.The problem has been reported by a large number of autofs users. The
problem is also seen with multiuser mounts where the share may be used
by processes run by a user who has since logged out. A reproducer using
automount is available on the Red Hat bz.The patch creates a new keyring which is used to cache cifs spnego
upcalls.Red Hat bz: 1267754
Signed-off-by: Sachin Prabhu
Reported-by: Scott Mayhew
Reviewed-by: Shirish Pargaonkar
CC: Stable
Signed-off-by: Steve French
29 Mar, 2016
3 commits
-
just do ITER_BVEC recvmsg
Signed-off-by: Al Viro
-
... and use ITER_BVEC for the page part of request to send
Signed-off-by: Al Viro
-
three practically identical copies...
Signed-off-by: Al Viro
15 Jan, 2016
1 commit
-
…eneration. Thanks to Metze for helping with this.
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Steve French <steve.french@primarydata.com>
11 May, 2015
1 commit
-
Cifs client has problem with reserved chars filename.
[BUG1] : several functions handle incorrect value of mapchars
- cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);
+ cifs_remap(cifs_sb));[BUG2] : forget to convert reserved chars when creating SymbolicLink.
- CIFSUnixCreateSymLink() calls cifs_strtoUTF16
+ CIFSUnixCreateSymLink() calls cifsConvertToUTF16() with remap[BUG3] : forget to convert reserved chars when getting SymbolicLink.
- CIFSSMBUnixQuerySymLink() calls cifs_strtoUTF16
+ CIFSSMBUnixQuerySymLink() calls cifsConvertToUTF16() with remap[BUG4] : /proc/mounts don't show "mapposix" when using mapposix mount option
+ cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SFM_CHR)
+ seq_puts(s, ",mapposix");Reported-by: t.wede@kw-reneg.de
Reported-by: Nakajima Akira
Signed-off-by: Nakajima Akira
Signed-off-by: Carl Schaefer
Signed-off-by: Steve French
02 Aug, 2014
1 commit
-
If we negotiate SMB 2.1 and higher version of the protocol and
a server supports large write buffer size, we need to consume 1
credit per 65536 bytes. So, we need to know how many credits
we have and obtain the required number of them before constructing
a writedata structure in writepages and iovec write.Reviewed-by: Shirish Pargaonkar
Signed-off-by: Pavel Shilovsky
Signed-off-by: Steve French
01 Aug, 2014
1 commit
-
The functionality provided by free_rsp_buf() is duplicated in a number
of places. Replace these instances with a call to free_rsp_buf().Signed-off-by: Sachin Prabhu
Reviewed-by: Shirish Pargaonkar
Signed-off-by: Steve French
17 Apr, 2014
1 commit
-
Problem reported in Red Hat bz 1040329 for strict writes where we cache
only when we hold oplock and write direct to the server when we don't.When we receive an oplock break, we first change the oplock value for
the inode in cifsInodeInfo->oplock to indicate that we no longer hold
the oplock before we enqueue a task to flush changes to the backing
device. Once we have completed flushing the changes, we return the
oplock to the server.There are 2 ways here where we can have data corruption
1) While we flush changes to the backing device as part of the oplock
break, we can have processes write to the file. These writes check for
the oplock, find none and attempt to write directly to the server.
These direct writes made while we are flushing from cache could be
overwritten by data being flushed from the cache causing data
corruption.
2) While a thread runs in cifs_strict_writev, the machine could receive
and process an oplock break after the thread has checked the oplock and
found that it allows us to cache and before we have made changes to the
cache. In that case, we end up with a dirty page in cache when we
shouldn't have any. This will be flushed later and will overwrite all
subsequent writes to the part of the file represented by this page.Before making any writes to the server, we need to confirm that we are
not in the process of flushing data to the server and if we are, we
should wait until the process is complete before we attempt the write.
We should also wait for existing writes to complete before we process
an oplock break request which changes oplock values.We add a version specific downgrade_oplock() operation to allow for
differences in the oplock values set for the different smb versions.Cc: stable@vger.kernel.org
Signed-off-by: Sachin Prabhu
Reviewed-by: Jeff Layton
Reviewed-by: Pavel Shilovsky
Signed-off-by: Steve French
11 Feb, 2014
1 commit
-
When mounting with smb2/smb3 (e.g. vers=2.1) and cifsacl mount option,
it was trying to get the mode by querying the acl over the cifs
rather than smb2 protocol. This patch makes that protocol
independent and makes cifsacl smb2 mounts return a more intuitive
operation not supported error (until we add a worker function
for smb2_get_acl).Note that a previous patch fixed getxattr/setxattr for the CIFSACL xattr
which would unconditionally call cifs_get_acl and cifs_set_acl (even when
mounted smb2). I made those protocol independent last week (new protocol
version operations "get_acl" and "set_acl" but did not add an
smb2_get_acl and smb2_set_acl yet so those now simply return EOPNOTSUPP
which at least is better than sending cifs requests on smb2 mount)The previous patches did not fix the one remaining case though ie
mounting with "cifsacl" when getting mode from acl would unconditionally
end up calling "cifs_get_acl_from_fid" even for smb2 - so made that protocol
independent but to make that protocol independent had to make sure that the callers
were passing the protocol independent handle structure (cifs_fid) instead
of cifs specific _u16 network file handle (ie cifs_fid instead of cifs_fid->fid)Now mount with smb2 and cifsacl mount options will return EOPNOTSUP (instead
of timing out) and a future patch will add smb2 operations (e.g. get_smb2_acl)
to enable this.Signed-off-by: Steve French
08 Feb, 2014
1 commit
-
In the event that a send fails in an uncached write, or we end up
needing to reissue it (-EAGAIN case), we'll kfree the wdata but
the pages currently leak.Fix this by adding a new kref release routine for uncached writedata
that releases the pages, and have the uncached codepaths use that.[original patch by Jeff modified to fix minor formatting problems]
Signed-off-by: Jeff Layton
Reviewed-by: Pavel Shilovsky
Signed-off-by: Steve French
20 Jan, 2014
5 commits
-
Rename CIFSSMBOpen to CIFS_open and make it take
cifs_open_parms structure as a parm.Signed-off-by: Pavel Shilovsky
Signed-off-by: Steve French -
Remove indentation, fix comment style, rename camel case
variables in preparation to make it work with cifs_open_parms
structure as a parm.Signed-off-by: Pavel Shilovsky
Signed-off-by: Steve French -
Add a new protocol ops function create_mf_symlink and have
create_mf_symlink() use it.This patchset moves the MFSymlink operations completely to the
ops structure so that we only use the right protocol versions when
querying or creating MFSymlinks.Signed-off-by: Sachin Prabhu
Reviewed-by: Jeff Layton
Signed-off-by: Steve French -
Clean up camel case in functionnames.
Signed-off-by: Sachin Prabhu
Reviewed-by: Jeff Layton
Signed-off-by: Steve French -
Rename open_query_close_cifs_symlink to cifs_query_mf_symlink() to make
the name more consistent with other protocol version specific functions.We also pass tcon as an argument to the function. This is already
available in the calling functions and we can avoid having to make an
unnecessary lookup.Signed-off-by: Sachin Prabhu
Reviewed-by: Jeff Layton
Signed-off-by: Steve French
28 Dec, 2013
1 commit
-
When we obtain tcon from cifs_sb, we use cifs_sb_tlink() to first obtain
tlink which also grabs a reference to it. We do not drop this reference
to tlink once we are done with the call.The patch fixes this issue by instead passing tcon as a parameter and
avoids having to obtain a reference to the tlink. A lookup for the tcon
is already made in the calling functions and this way we avoid having to
re-run the lookup. This is also consistent with the argument list for
other similar calls for M-F symlinks.We should also return an ENOSYS when we do not find a protocol specific
function to lookup the MF Symlink data.Signed-off-by: Sachin Prabhu
Reviewed-by: Jeff Layton
CC: Stable
Signed-off-by: Steve French
03 Nov, 2013
1 commit
-
An earlier patch allowed setting the per-file compression flag
"chattr +c filename"
on an smb2 or smb3 mount, and also allowed lsattr to return
whether a file on a cifs, or smb2/smb3 mount was compressed.This patch extends the ability to set the per-file
compression flag to the cifs protocol, which uses a somewhat
different IOCTL mechanism than SMB2, although the payload
(the flags stored in the compression_state) are the same.Reviewed-by: Jeff Layton
Signed-off-by: Steve French
09 Sep, 2013
2 commits
-
Switch smb2 code to use per session session key and smb3 code to
use per session signing key instead of per connection key to
generate signatures.For that, we need to find a session to fetch the session key to
generate signature to match for every request and response packet.We also forgo checking signature for a session setup response
from the server.Acked-by: Jeff Layton
Signed-off-by: Shirish Pargaonkar
Signed-off-by: Steve French -
by using a query reparse ioctl request.
Acked-by: Jeff Layton
Signed-off-by: Pavel Shilovsky
Signed-off-by: Steve French
31 Jul, 2013
1 commit
-
When use of symlinks is enabled (mounting with mfsymlinks option) to
non-Samba servers, we always tried to use cifs, even when we
were mounted with SMB2 or SMB3, which causes the server to drop the
network connection.This patch separates out the protocol specific operations for cifs from
the code which recognizes symlinks, and fixes the problem where
with SMB2 mounts we attempt cifs operations to open and read
symlinks. The next patch will add support for SMB2 for opening
and reading symlinks. Additional followon patches will address
the similar problem creating symlinks.Signed-off-by: Steve French
05 Jul, 2013
1 commit
-
Updated patch to try to prevent allocation of cifs, smb2 or smb3 crypto
secmech structures unless needed. Currently cifs allocates all crypto
mechanisms when the first session is established (4 functions and
4 contexts), rather than only allocating these when needed (smb3 needs
two, the rest of the dialects only need one).Acked-by: Jeff Layton
Reviewed-by: Shirish Pargaonkar
Signed-off-by: Steve French
27 Jun, 2013
2 commits
-
Fix build warning in Shirish's recent SMB3 signing patch
which occurs when SMB2 support is disabled in Kconfig.fs/built-in.o: In function `cifs_setup_session':
>> (.text+0xa1767): undefined reference to `generate_smb3signingkey'Pointed out by: automated 0-DAY kernel build testing backend
Intel Open Source Technology CenterCC: Shirish Pargaonkar
Signed-off-by: Steve French -
SMB3 uses a much faster method of signing (which is also better in other ways),
AES-CMAC. With the kernel now supporting AES-CMAC since last release, we
are overdue to allow SMB3 signing (today only CIFS and SMB2 and SMB2.1,
but not SMB3 and SMB3.1 can sign) - and we need this also for checking
secure negotation and also per-share encryption (two other new SMB3 features
which we need to implement).This patch needs some work in a few areas - for example we need to
move signing for SMB2/SMB3 from per-socket to per-user (we may be able to
use the "nosharesock" mount option in the interim for the multiuser case),
and Shirish found a bug in the earlier authentication overhaul
(setting signing flags properly) - but those can be done in followon
patches.Signed-off-by: Shirish Pargaonkar
Signed-off-by: Steve French
24 Jun, 2013
3 commits
-
Now that we track what sort of NEGOTIATE response was received, stop
mandating that every session on a socket use the same type of auth.Push that decision out into the session setup code, and make the sectype
a per-session property. This should allow us to mix multiple sectypes on
a socket as long as they are compatible with the NEGOTIATE response.With this too, we can now eliminate the ses->secFlg field since that
info is redundant and harder to work with than a securityEnum.Signed-off-by: Jeff Layton
Acked-by: Pavel Shilovsky
Signed-off-by: Steve French -
Currently, we determine this according to flags in the sec_mode, flags
in the global_secflags and via other methods. That makes the semantics
very hard to follow and there are corner cases where we don't handle
this correctly.Add a new bool to the TCP_Server_Info that acts as a simple flag to tell
us whether signing is enabled on this connection or not, and fix up the
places that need to determine this to use that flag.This is a bit weird for the SMB2 case, where signing is per-session.
SMB2 needs work in this area already though. The existing SMB2 code has
similar logic to what we're using here, so there should be no real
change in behavior. These changes should make it easier to implement
per-session signing in the future though.Signed-off-by: Jeff Layton
Reviewed-by: Pavel Shilovsky
Signed-off-by: Steve French -
Move the sanity checks for signed connections into a separate function.
SMB2's was a cut-and-paste job from CIFS code, so we can make them use
the same function.Signed-off-by: Jeff Layton
Reviewed-by: Pavel Shilovsky
Signed-off-by: Steve French
05 May, 2013
1 commit
-
It's not obvious from reading the macro names that these macros
are for debugging. Convert the names to a single more typical
kernel style cifs_dbg macro.cERROR(1, ...) -> cifs_dbg(VFS, ...)
cFYI(1, ...) -> cifs_dbg(FYI, ...)
cFYI(DBG2, ...) -> cifs_dbg(NOISY, ...)Move the terminating format newline from the macro to the call site.
Add CONFIG_CIFS_DEBUG function cifs_vfs_err to emit the
"CIFS VFS: " prefix for VFS messages.Size is reduced ~ 1% when CONFIG_CIFS_DEBUG is set (default y)
$ size fs/cifs/cifs.ko*
text data bss dec hex filename
265245 2525 132 267902 4167e fs/cifs/cifs.ko.new
268359 2525 132 271016 422a8 fs/cifs/cifs.ko.oldOther miscellaneous changes around these conversions:
o Miscellaneous typo fixes
o Add terminating \n's to almost all formats and remove them
from the macros to be more kernel style like. A few formats
previously had defective \n's
o Remove unnecessary OOM messages as kmalloc() calls dump_stack
o Coalesce formats to make grep easier,
added missing spaces when coalescing formats
o Use %s, __func__ instead of embedded function name
o Removed unnecessary "cifs: " prefixes
o Convert kzalloc with multiply to kcalloc
o Remove unused cifswarn macroSigned-off-by: Joe Perches
Signed-off-by: Jeff Layton
Signed-off-by: Steve French
13 Feb, 2013
3 commits
-
Use INVALID_UID and INVALID_GID instead of NO_CHANGE_64 to indicate
the value should not be changed.In cifs_fill_unix_set_info convert from kuids and kgids into uids and
gids that will fit in FILE_UNIX_BASIC_INFO.Cc: Steve French
Signed-off-by: "Eric W. Biederman" -
Cc: Steve French
Signed-off-by: "Eric W. Biederman" -
Update id_mode_to_cifs_acl to take a kuid_t and a kgid_t.
Replace NO_CHANGE_32 with INVALID_UID and INVALID_GID, and tests for
NO_CHANGE_32 with uid_valid and gid_valid.Carefully unpack the value returned from request_key. memcpy the
value into the expected type. The convert the uid/gid into a
kuid/kgid. And then only if the result is a valid kuid or kgid update
fuid/fgid.Cc: Steve French
Signed-off-by: "Eric W. Biederman"
09 Dec, 2012
1 commit
-
The cifs.idmap handling code currently causes the kernel to cache the
data from userspace twice. It first looks in a rbtree to see if there is
a matching entry for the given id. If there isn't then it calls
request_key which then checks its cache and then calls out to userland
if it doesn't have one. If the userland program establishes a mapping
and downcalls with that info, it then gets cached in the keyring and in
this rbtree.Aside from the double memory usage and the performance penalty in doing
all of these extra copies, there are some nasty bugs in here too. The
code declares four rbtrees and spinlocks to protect them, but only seems
to use two of them. The upshot is that the same tree is used to hold
(eg) uid:sid and sid:uid mappings. The comparitors aren't equipped to
deal with that.I think we'd be best off to remove a layer of caching in this code. If
this was originally done for performance reasons, then that really seems
like a premature optimization.This patch does that -- it removes the rbtrees and the locks that
protect them and simply has the code do a request_key call on each call
into sid_to_id and id_to_sid. This greatly simplifies this code and
should roughly halve the memory utilization from using the idmapping
code.Reviewed-by: Shirish Pargaonkar
Signed-off-by: Jeff Layton
Signed-off-by: Steve French
08 Dec, 2012
1 commit
-
We don't need to permit a write to the area locked with a read lock
by any process including the process that issues the write.Reviewed-by: Jeff Layton
Signed-off-by: Pavel Shilovsky
Signed-off-by: Steve French
06 Dec, 2012
2 commits
-
Passing this around as a string is contorted and painful. Instead, just
convert these to a sockaddr as soon as possible, since that's how we're
going to work with it later anyway.Signed-off-by: Jeff Layton
Signed-off-by: Steve French -
because the is no difference here. This also adds support of prefixpath
mount option for SMB2.Signed-off-by: Pavel Shilovsky
Reviewed-by: Jeff Layton
Signed-off-by: Steve French
29 Sep, 2012
1 commit
-
Rebased and resending the patch.
Path based queries can fail for lack of access, especially during lookup
during open.
open itself would actually succeed becasue of back up intent bit
but queries (either path or file handle based) do not have a means to
specifiy backup intent bit.
So query the file info during lookup using
trans2 / findfirst / file_id_full_dir_info
to obtain file info as well as file_id/inode value.Signed-off-by: Shirish Pargaonkar
Acked-by: Jeff Layton
Signed-off-by: Steve French