1. 21 9月, 2017 1 次提交
  2. 20 9月, 2017 3 次提交
  3. 18 9月, 2017 1 次提交
    • S
      SMB3: Add support for multidialect negotiate (SMB2.1 and later) · 9764c02f
      Steve French 提交于
      With the need to discourage use of less secure dialect, SMB1 (CIFS),
      we temporarily upgraded the dialect to SMB3 in 4.13, but since there
      are various servers which only support SMB2.1 (2.1 is more secure
      than CIFS/SMB1) but not optimal for a default dialect - add support
      for multidialect negotiation.  cifs.ko will now request SMB2.1
      or later (ie SMB2.1 or SMB3.0, SMB3.02) and the server will
      pick the latest most secure one it can support.
      
      In addition since we are sending multidialect negotiate, add
      support for secure negotiate to validate that a man in the
      middle didn't downgrade us.
      Signed-off-by: NSteve French <smfrench@gmail.com>
      Reviewed-by: NPavel Shilovsky <pshilov@microsoft.com>
      CC: Stable <stable@vger.kernel.org> # 4.13+
      9764c02f
  4. 13 9月, 2017 1 次提交
  5. 05 9月, 2017 3 次提交
    • S
      cifs: Check for timeout on Negotiate stage · 76e75270
      Samuel Cabrero 提交于
      Some servers seem to accept connections while booting but never send
      the SMBNegotiate response neither close the connection, causing all
      processes accessing the share hang on uninterruptible sleep state.
      
      This happens when the cifs_demultiplex_thread detects the server is
      unresponsive so releases the socket and start trying to reconnect.
      At some point, the faulty server will accept the socket and the TCP
      status will be set to NeedNegotiate. The first issued command accessing
      the share will start the negotiation (pid 5828 below), but the response
      will never arrive so other commands will be blocked waiting on the mutex
      (pid 55352).
      
      This patch checks for unresponsive servers also on the negotiate stage
      releasing the socket and reconnecting if the response is not received
      and checking again the tcp state when the mutex is acquired.
      
      PID: 55352  TASK: ffff880fd6cc02c0  CPU: 0   COMMAND: "ls"
       #0 [ffff880fd9add9f0] schedule at ffffffff81467eb9
       #1 [ffff880fd9addb38] __mutex_lock_slowpath at ffffffff81468fe0
       #2 [ffff880fd9addba8] mutex_lock at ffffffff81468b1a
       #3 [ffff880fd9addbc0] cifs_reconnect_tcon at ffffffffa042f905 [cifs]
       #4 [ffff880fd9addc60] smb_init at ffffffffa042faeb [cifs]
       #5 [ffff880fd9addca0] CIFSSMBQPathInfo at ffffffffa04360b5 [cifs]
       ....
      
      Which is waiting a mutex owned by:
      
      PID: 5828   TASK: ffff880fcc55e400  CPU: 0   COMMAND: "xxxx"
       #0 [ffff880fbfdc19b8] schedule at ffffffff81467eb9
       #1 [ffff880fbfdc1b00] wait_for_response at ffffffffa044f96d [cifs]
       #2 [ffff880fbfdc1b60] SendReceive at ffffffffa04505ce [cifs]
       #3 [ffff880fbfdc1bb0] CIFSSMBNegotiate at ffffffffa0438d79 [cifs]
       #4 [ffff880fbfdc1c50] cifs_negotiate_protocol at ffffffffa043b383 [cifs]
       #5 [ffff880fbfdc1c80] cifs_reconnect_tcon at ffffffffa042f911 [cifs]
       #6 [ffff880fbfdc1d20] smb_init at ffffffffa042faeb [cifs]
       #7 [ffff880fbfdc1d60] CIFSSMBQFSInfo at ffffffffa0434eb0 [cifs]
       ....
      Signed-off-by: NSamuel Cabrero <scabrero@suse.de>
      Reviewed-by: NAurélien Aptel <aaptel@suse.de>
      Reviewed-by: NRonnie Sahlberg <lsahlber@redhat.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      76e75270
    • R
      cifs: Add support for writing attributes on SMB2+ · 5517554e
      Ronnie Sahlberg 提交于
      This adds support for writing extended attributes on SMB2+ shares.
      Attributes can be written using the setfattr command.
      
      RH-bz: 1110709
      Signed-off-by: NRonnie Sahlberg <lsahlber@redhat.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      Reviewed-by: NPavel Shilovsky <pshilov@microsoft.com>
      5517554e
    • R
      cifs: Add support for reading attributes on SMB2+ · 95907fea
      Ronnie Sahlberg 提交于
      SMB1 already has support to read attributes. This adds similar support
      to SMB2+.
      
      With this patch, tools such as 'getfattr' will now work with SMB2+ shares.
      
      RH-bz: 1110709
      Signed-off-by: NRonnie Sahlberg <lsahlber@redhat.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      Reviewed-by: NPavel Shilovsky <pshilov@microsoft.com>
      95907fea
  6. 01 9月, 2017 1 次提交
  7. 24 8月, 2017 1 次提交
    • S
      cifs: Fix df output for users with quota limits · 42bec214
      Sachin Prabhu 提交于
      The df for a SMB2 share triggers a GetInfo call for
      FS_FULL_SIZE_INFORMATION. The values returned are used to populate
      struct statfs.
      
      The problem is that none of the information returned by the call
      contains the total blocks available on the filesystem. Instead we use
      the blocks available to the user ie. quota limitation when filling out
      statfs.f_blocks. The information returned does contain Actual free units
      on the filesystem and is used to populate statfs.f_bfree. For users with
      quota enabled, it can lead to situations where the total free space
      reported is more than the total blocks on the system ending up with df
      reports like the following
      
       # df -h /mnt/a
      Filesystem         Size  Used Avail Use% Mounted on
      //192.168.22.10/a  2.5G -2.3G  2.5G    - /mnt/a
      
      To fix this problem, we instead populate both statfs.f_bfree with the
      same value as statfs.f_bavail ie. CallerAvailableAllocationUnits. This
      is similar to what is done already in the code for cifs and df now
      reports the quota information for the user used to mount the share.
      
       # df --si /mnt/a
      Filesystem         Size  Used Avail Use% Mounted on
      //192.168.22.10/a  2.7G  101M  2.6G   4% /mnt/a
      Signed-off-by: NSachin Prabhu <sprabhu@redhat.com>
      Signed-off-by: NPierguido Lambri <plambri@redhat.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      Cc: <stable@vger.kernel.org>
      42bec214
  8. 10 7月, 2017 1 次提交
  9. 09 7月, 2017 1 次提交
  10. 06 7月, 2017 1 次提交
  11. 13 5月, 2017 1 次提交
  12. 10 5月, 2017 1 次提交
    • S
      Don't delay freeing mids when blocked on slow socket write of request · de1892b8
      Steve French 提交于
      When processing responses, and in particular freeing mids (DeleteMidQEntry),
      which is very important since it also frees the associated buffers (cifs_buf_release),
      we can block a long time if (writes to) socket is slow due to low memory or networking
      issues.
      
      We can block in send (smb request) waiting for memory, and be blocked in processing
      responess (which could free memory if we let it) - since they both grab the
      server->srv_mutex.
      
      In practice, in the DeleteMidQEntry case - there is no reason we need to
      grab the srv_mutex so remove these around DeleteMidQEntry, and it allows
      us to free memory faster.
      Signed-off-by: NSteve French <steve.french@primarydata.com>
      Acked-by: NPavel Shilovsky <pshilov@microsoft.com>
      de1892b8
  13. 04 5月, 2017 1 次提交
  14. 13 4月, 2017 1 次提交
    • P
      CIFS: Fix SMB3 mount without specifying a security mechanism · 67dbea2c
      Pavel Shilovsky 提交于
      Commit ef65aaed ("smb2: Enforce sec= mount option") changed the
      behavior of a mount command to enforce a specified security mechanism
      during mounting. On another hand according to the spec if SMB3 server
      doesn't respond with a security context it implies that it supports
      NTLMSSP. The current code doesn't keep it in mind and fails a mount
      for such servers if no security mechanism is specified. Fix this by
      indicating that a server supports NTLMSSP if a security context isn't
      returned during negotiate phase. This allows the code to use NTLMSSP
      by default for SMB3 mounts.
      Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      67dbea2c
  15. 11 4月, 2017 2 次提交
  16. 07 4月, 2017 1 次提交
  17. 29 3月, 2017 1 次提交
  18. 03 3月, 2017 2 次提交
    • S
      smb2: Enforce sec= mount option · ef65aaed
      Sachin Prabhu 提交于
      If the security type specified using a mount option is not supported,
      the SMB2 session setup code changes the security type to RawNTLMSSP. We
      should instead fail the mount and return an error.
      
      The patch changes the code for SMB2 to make it similar to the code used
      for SMB1. Like in SMB1, we now use the global security flags to select
      the security method to be used when no security method is specified and
      to return an error when the requested auth method is not available.
      
      For SMB2, we also use ntlmv2 as a synonym for nltmssp.
      Signed-off-by: NSachin Prabhu <sprabhu@redhat.com>
      Acked-by: NPavel Shilovsky <pshilov@microsoft.com>
      Acked-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      ef65aaed
    • A
      CIFS: use DFS pathnames in SMB2+ Create requests · f0712928
      Aurelien Aptel 提交于
      When connected to a DFS capable share, the client must set the
      SMB2_FLAGS_DFS_OPERATIONS flag in the SMB2 header and use
      DFS path names: "<server>\<share>\<path>" *without* leading \\.
      
      Sources:
      
      [MS-SMB2] 3.2.5.5 Receiving an SMB2 TREE_CONNECT Response
      > TreeConnect.IsDfsShare MUST be set to TRUE, if the SMB2_SHARE_CAP_DFS
      > bit is set in the Capabilities field of the response.
      
      [MS-SMB2] 3.2.4.3 Application Requests Opening a File
      > If TreeConnect.IsDfsShare is TRUE, the SMB2_FLAGS_DFS_OPERATIONS flag
      > is set in the Flags field.
      
      [MS-SMB2] 2.2.13 SMB2 CREATE Request, NameOffset:
      > If SMB2_FLAGS_DFS_OPERATIONS is set in the Flags field of the SMB2
      > header, the file name includes a prefix that will be processed during
      > DFS name normalization as specified in section 3.3.5.9. Otherwise, the
      > file name is relative to the share that is identified by the TreeId in
      > the SMB2 header.
      Signed-off-by: NAurelien Aptel <aaptel@suse.com>
      Acked-by: NPavel Shilovsky <pshilov@microsoft.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      f0712928
  19. 02 3月, 2017 2 次提交
  20. 02 2月, 2017 10 次提交
  21. 06 12月, 2016 3 次提交
    • P
      CIFS: Fix a possible double locking of mutex during reconnect · 96a988ff
      Pavel Shilovsky 提交于
      With the current code it is possible to lock a mutex twice when
      a subsequent reconnects are triggered. On the 1st reconnect we
      reconnect sessions and tcons and then persistent file handles.
      If the 2nd reconnect happens during the reconnecting of persistent
      file handles then the following sequence of calls is observed:
      
      cifs_reopen_file -> SMB2_open -> small_smb2_init -> smb2_reconnect
      -> cifs_reopen_persistent_file_handles -> cifs_reopen_file (again!).
      
      So, we are trying to acquire the same cfile->fh_mutex twice which
      is wrong. Fix this by moving reconnecting of persistent handles to
      the delayed work (smb2_reconnect_server) and submitting this work
      every time we reconnect tcon in SMB2 commands handling codepath.
      
      This can also lead to corruption of a temporary file list in
      cifs_reopen_persistent_file_handles() because we can recursively
      call this function twice.
      
      Cc: Stable <stable@vger.kernel.org> # v4.9+
      Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
      96a988ff
    • P
      CIFS: Fix a possible memory corruption during reconnect · 53e0e11e
      Pavel Shilovsky 提交于
      We can not unlock/lock cifs_tcp_ses_lock while walking through ses
      and tcon lists because it can corrupt list iterator pointers and
      a tcon structure can be released if we don't hold an extra reference.
      Fix it by moving a reconnect process to a separate delayed work
      and acquiring a reference to every tcon that needs to be reconnected.
      Also do not send an echo request on newly established connections.
      
      CC: Stable <stable@vger.kernel.org>
      Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
      53e0e11e
    • P
      CIFS: Fix missing nls unload in smb2_reconnect() · 4772c795
      Pavel Shilovsky 提交于
      Cc: Stable <stable@vger.kernel.org>
      Acked-by: NSachin Prabhu <sprabhu@redhat.com>
      Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
      4772c795
  22. 14 10月, 2016 1 次提交