1. 14 9月, 2021 2 次提交
  2. 21 6月, 2021 1 次提交
  3. 28 5月, 2021 1 次提交
    • A
      cifs: change format of CIFS_FULL_KEY_DUMP ioctl · 1bb56810
      Aurelien Aptel 提交于
      Make CIFS_FULL_KEY_DUMP ioctl able to return variable-length keys.
      
      * userspace needs to pass the struct size along with optional
        session_id and some space at the end to store keys
      * if there is enough space kernel returns keys in the extra space and
        sets the length of each key via xyz_key_length fields
      
      This also fixes the build error for get_user() on ARM.
      
      Sample program:
      
      	#include <stdlib.h>
      	#include <stdio.h>
      	#include <stdint.h>
      	#include <sys/fcntl.h>
      	#include <sys/ioctl.h>
      
      	struct smb3_full_key_debug_info {
      	        uint32_t   in_size;
      	        uint64_t   session_id;
      	        uint16_t   cipher_type;
      	        uint8_t    session_key_length;
      	        uint8_t    server_in_key_length;
      	        uint8_t    server_out_key_length;
      	        uint8_t    data[];
      	        /*
      	         * return this struct with the keys appended at the end:
      	         * uint8_t session_key[session_key_length];
      	         * uint8_t server_in_key[server_in_key_length];
      	         * uint8_t server_out_key[server_out_key_length];
      	         */
      	} __attribute__((packed));
      
      	#define CIFS_IOCTL_MAGIC 0xCF
      	#define CIFS_DUMP_FULL_KEY _IOWR(CIFS_IOCTL_MAGIC, 10, struct smb3_full_key_debug_info)
      
      	void dump(const void *p, size_t len) {
      	        const char *hex = "0123456789ABCDEF";
      	        const uint8_t *b = p;
      	        for (int i = 0; i < len; i++)
      	                printf("%c%c ", hex[(b[i]>>4)&0xf], hex[b[i]&0xf]);
      	        putchar('\n');
      	}
      
      	int main(int argc, char **argv)
      	{
      	        struct smb3_full_key_debug_info *keys;
      	        uint8_t buf[sizeof(*keys)+1024] = {0};
      	        size_t off = 0;
      	        int fd, rc;
      
      	        keys = (struct smb3_full_key_debug_info *)&buf;
      	        keys->in_size = sizeof(buf);
      
      	        fd = open(argv[1], O_RDONLY);
      	        if (fd < 0)
      	                perror("open"), exit(1);
      
      	        rc = ioctl(fd, CIFS_DUMP_FULL_KEY, keys);
      	        if (rc < 0)
      	                perror("ioctl"), exit(1);
      
      	        printf("SessionId      ");
      	        dump(&keys->session_id, 8);
      	        printf("Cipher         %04x\n", keys->cipher_type);
      
      	        printf("SessionKey     ");
      	        dump(keys->data+off, keys->session_key_length);
      	        off += keys->session_key_length;
      
      	        printf("ServerIn Key   ");
      	        dump(keys->data+off, keys->server_in_key_length);
      	        off += keys->server_in_key_length;
      
      	        printf("ServerOut Key  ");
      	        dump(keys->data+off, keys->server_out_key_length);
      
      	        return 0;
      	}
      
      Usage:
      
      	$ gcc -o dumpkeys dumpkeys.c
      
      Against Windows Server 2020 preview (with AES-256-GCM support):
      
      	# mount.cifs //$ip/test /mnt -o "username=administrator,password=foo,vers=3.0,seal"
      	# ./dumpkeys /mnt/somefile
      	SessionId      0D 00 00 00 00 0C 00 00
      	Cipher         0002
      	SessionKey     AB CD CC 0D E4 15 05 0C 6F 3C 92 90 19 F3 0D 25
      	ServerIn Key   73 C6 6A C8 6B 08 CF A2 CB 8E A5 7D 10 D1 5B DC
      	ServerOut Key  6D 7E 2B A1 71 9D D7 2B 94 7B BA C4 F0 A5 A4 F8
      	# umount /mnt
      
      	With 256 bit keys:
      
      	# echo 1 > /sys/module/cifs/parameters/require_gcm_256
      	# mount.cifs //$ip/test /mnt -o "username=administrator,password=foo,vers=3.11,seal"
      	# ./dumpkeys /mnt/somefile
      	SessionId      09 00 00 00 00 0C 00 00
      	Cipher         0004
      	SessionKey     93 F5 82 3B 2F B7 2A 50 0B B9 BA 26 FB 8C 8B 03
      	ServerIn Key   6C 6A 89 B2 CB 7B 78 E8 04 93 37 DA 22 53 47 DF B3 2C 5F 02 26 70 43 DB 8D 33 7B DC 66 D3 75 A9
      	ServerOut Key  04 11 AA D7 52 C7 A8 0F ED E3 93 3A 65 FE 03 AD 3F 63 03 01 2B C0 1B D7 D7 E5 52 19 7F CC 46 B4
      Signed-off-by: NAurelien Aptel <aaptel@suse.com>
      Reviewed-by: NRonnie Sahlberg <lsahlber@redhat.com>
      Signed-off-by: NSteve French <stfrench@microsoft.com>
      1bb56810
  4. 04 5月, 2021 3 次提交
  5. 26 4月, 2021 2 次提交
    • A
      cifs: allocate buffer in the caller of build_path_from_dentry() · f6a9bc33
      Al Viro 提交于
      build_path_from_dentry() open-codes dentry_path_raw().  The reason
      we can't use dentry_path_raw() in there (and postprocess the
      result as needed) is that the callers of build_path_from_dentry()
      expect that the object to be freed on cleanup and the string to
      be used are at the same address.  That's painful, since the path
      is naturally built end-to-beginning - we start at the leaf and
      go through the ancestors, accumulating the pathname.
      
      Life would be easier if we left the buffer allocation to callers.
      It wouldn't be exact-sized buffer, but none of the callers keep
      the result for long - it's always freed before the caller returns.
      So there's no need to do exact-sized allocation; better use
      __getname()/__putname(), same as we do for pathname arguments
      of syscalls.  What's more, there's no need to do allocation under
      spinlocks, so GFP_ATOMIC is not needed.
      
      Next patch will replace the open-coded dentry_path_raw() (in
      build_path_from_dentry_optional_prefix()) with calling the real
      thing.  This patch only introduces wrappers for allocating/freeing
      the buffers and switches to new calling conventions:
      	build_path_from_dentry(dentry, buf)
      expects buf to be address of a page-sized object or NULL,
      return value is a pathname built inside that buffer on success,
      ERR_PTR(-ENOMEM) if buf is NULL and ERR_PTR(-ENAMETOOLONG) if
      the pathname won't fit into page.  Note that we don't need to
      check for failure when allocating the buffer in the caller -
      build_path_from_dentry() will do the right thing.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: NSteve French <stfrench@microsoft.com>
      f6a9bc33
    • A
      cifs: make build_path_from_dentry() return const char * · 8e33cf20
      Al Viro 提交于
      ... and adjust the callers.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: NSteve French <stfrench@microsoft.com>
      8e33cf20
  6. 09 7月, 2020 1 次提交
  7. 06 2月, 2020 1 次提交
    • S
      cifs: add SMB3 change notification support · d26c2ddd
      Steve French 提交于
      A commonly used SMB3 feature is change notification, allowing an
      app to be notified about changes to a directory. The SMB3
      Notify request blocks until the server detects a change to that
      directory or its contents that matches the completion flags
      that were passed in and the "watch_tree" flag (which indicates
      whether subdirectories under this directory should be also
      included).  See MS-SMB2 2.2.35 for additional detail.
      
      To use this simply pass in the following structure to ioctl:
      
       struct __attribute__((__packed__)) smb3_notify {
              uint32_t completion_filter;
              bool    watch_tree;
       } __packed;
      
       using CIFS_IOC_NOTIFY  0x4005cf09
       or equivalently _IOW(CIFS_IOCTL_MAGIC, 9, struct smb3_notify)
      
      SMB3 change notification is supported by all major servers.
      The ioctl will block until the server detects a change to that
      directory or its subdirectories (if watch_tree is set).
      Signed-off-by: NSteve French <stfrench@microsoft.com>
      Reviewed-by: NAurelien Aptel <aaptel@suse.com>
      Acked-by: NPaulo Alcantara (SUSE) <pc@cjr.nz>
      d26c2ddd
  8. 04 2月, 2020 1 次提交
  9. 21 9月, 2019 1 次提交
    • S
      smb3: allow decryption keys to be dumped by admin for debugging · 7e7db86c
      Steve French 提交于
      In order to debug certain problems it is important to be able
      to decrypt network traces (e.g. wireshark) but to do this we
      need to be able to dump out the encryption/decryption keys.
      Dumping them to an ioctl is safer than dumping then to dmesg,
      (and better than showing all keys in a pseudofile).
      
      Restrict this to root (CAP_SYS_ADMIN), and only for a mount
      that this admin has access to.
      
      Sample smbinfo output:
      SMB3.0 encryption
      Session Id:   0x82d2ec52
      Session Key:  a5 6d 81 d0 e c1 ca e1 d8 13 aa 20 e8 f2 cc 71
      Server Encryption Key:  1a c3 be ba 3d fc dc 3c e bc 93 9e 50 9e 19 c1
      Server Decryption Key:  e0 d4 d9 43 1b a2 1b e3 d8 76 77 49 56 f7 20 88
      Reviewed-by: NAurelien Aptel <aaptel@suse.com>
      Pavel Shilovsky <pshilov@microsoft.com>
      Signed-off-by: NSteve French <stfrench@microsoft.com>
      7e7db86c
  10. 24 10月, 2018 3 次提交
  11. 09 7月, 2017 1 次提交
  12. 04 5月, 2017 1 次提交
  13. 03 5月, 2017 1 次提交
  14. 28 4月, 2017 1 次提交
  15. 07 4月, 2017 2 次提交
    • S
      Introduce cifs_copy_file_range() · 620d8745
      Sachin Prabhu 提交于
      The earlier changes to copy range for cifs unintentionally disabled the more
      common form of server side copy.
      
      The patch introduces the file_operations helper cifs_copy_file_range()
      which is used by the syscall copy_file_range. The new file operations
      helper allows us to perform server side copies for SMB2.0 and 2.1
      servers as well as SMB 3.0+ servers which do not support the ioctl
      FSCTL_DUPLICATE_EXTENTS_TO_FILE.
      
      The new helper uses the ioctl FSCTL_SRV_COPYCHUNK_WRITE to perform
      server side copies. The helper is called by vfs_copy_file_range() only
      once an attempt to clone the file using the ioctl
      FSCTL_DUPLICATE_EXTENTS_TO_FILE has failed.
      Signed-off-by: NSachin Prabhu <sprabhu@redhat.com>
      Reviewed-by: NPavel Shilovsky <pshilov@microsoft.com>
      CC: Stable  <stable@vger.kernel.org>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      620d8745
    • S
      SMB3: Rename clone_range to copychunk_range · 312bbc59
      Sachin Prabhu 提交于
      Server side copy is one of the most important mechanisms smb2/smb3
      supports and it was unintentionally disabled for most use cases.
      
      Renaming calls to reflect the underlying smb2 ioctl called. This is
      similar to the name duplicate_extents used for a similar ioctl which is
      also used to duplicate files by reusing fs blocks. The name change is to
      avoid confusion.
      Signed-off-by: NSachin Prabhu <sprabhu@redhat.com>
      CC: Stable <stable@vger.kernel.org>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      Reviewed-by: NPavel Shilovsky <pshilov@microsoft.com>
      312bbc59
  16. 03 12月, 2016 1 次提交
  17. 14 10月, 2016 1 次提交
  18. 08 12月, 2015 1 次提交
    • C
      vfs: pull btrfs clone API to vfs layer · 04b38d60
      Christoph Hellwig 提交于
      The btrfs clone ioctls are now adopted by other file systems, with NFS
      and CIFS already having support for them, and XFS being under active
      development.  To avoid growth of various slightly incompatible
      implementations, add one to the VFS.  Note that clones are different from
      file copies in several ways:
      
       - they are atomic vs other writers
       - they support whole file clones
       - they support 64-bit legth clones
       - they do not allow partial success (aka short writes)
       - clones are expected to be a fast metadata operation
      
      Because of that it would be rather cumbersome to try to piggyback them on
      top of the recent clone_file_range infrastructure.  The converse isn't
      true and the clone_file_range system call could try clone file range as
      a first attempt to copy, something that further patches will enable.
      
      Based on earlier work from Peng Tao.
      Signed-off-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      04b38d60
  19. 09 11月, 2015 1 次提交
  20. 11 9月, 2015 1 次提交
    • J
      CIFS: fix type confusion in copy offload ioctl · 4c17a6d5
      Jann Horn 提交于
      This might lead to local privilege escalation (code execution as
      kernel) for systems where the following conditions are met:
      
       - CONFIG_CIFS_SMB2 and CONFIG_CIFS_POSIX are enabled
       - a cifs filesystem is mounted where:
        - the mount option "vers" was used and set to a value >=2.0
        - the attacker has write access to at least one file on the filesystem
      
      To attack this, an attacker would have to guess the target_tcon
      pointer (but guessing wrong doesn't cause a crash, it just returns an
      error code) and win a narrow race.
      
      CC: Stable <stable@vger.kernel.org>
      Signed-off-by: NJann Horn <jann@thejh.net>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      4c17a6d5
  21. 20 8月, 2015 1 次提交
    • S
      Add way to query server fs info for smb3 · 0de1f4c6
      Steve French 提交于
      The server exports information about the share and underlying
      device under an SMB3 export, including its attributes and
      capabilities, which is stored by cifs.ko when first connecting
      to the share.
      
      Add ioctl to cifs.ko to allow user space smb3 helper utilities
      (in cifs-utils) to display this (e.g. via smb3util).
      
      This information is also useful for debugging and for
      resolving configuration errors.
      Signed-off-by: NSteve French <steve.french@primarydata.com>
      0de1f4c6
  22. 29 6月, 2015 2 次提交
    • S
      Add ioctl to set integrity · b3152e2c
      Steve French 提交于
      set integrity increases reliability of files stored on SMB3 servers.
      Add ioctl to allow setting this on files on SMB3 and later mounts.
      Signed-off-by: NSteve French <steve.french@primarydata.com>
      b3152e2c
    • S
      Add reflink copy over SMB3.11 with new FSCTL_DUPLICATE_EXTENTS · 02b16665
      Steve French 提交于
       Getting fantastic copy performance with cp --reflink over SMB3.11
       using the new FSCTL_DUPLICATE_EXTENTS.
      
       This FSCTL was added in the SMB3.11 dialect (testing was
       against REFS file system) so have put it as a 3.11 protocol
       specific operation ("vers=3.1.1" on the mount).  Tested at
       the SMB3 plugfest in Redmond.
      
       It depends on the new FS Attribute (BLOCK_REFCOUNTING) which
       is used to advertise support for the ability to do this ioctl
       (if you can support multiple files pointing to the same block
       than this refcounting ability or equivalent is needed to
       support the new reflink-like duplicate extent SMB3 ioctl.
      Signed-off-by: NSteve French <steve.french@primarydata.com>
      02b16665
  23. 19 1月, 2015 1 次提交
    • A
      fix deadlock in cifs_ioctl_clone() · 378ff1a5
      Al Viro 提交于
      It really needs to check that src is non-directory *and* use
      {un,}lock_two_nodirectories().  As it is, it's trivial to cause
      double-lock (ioctl(fd, CIFS_IOC_COPYCHUNK_FILE, fd)) and if the
      last argument is an fd of directory, we are asking for trouble
      by violating the locking order - all directories go before all
      non-directories.  If the last argument is an fd of parent
      directory, it has 50% odds of locking child before parent,
      which will cause AB-BA deadlock if we race with unlink().
      
      Cc: stable@vger.kernel.org @ 3.13+
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      378ff1a5
  24. 22 5月, 2014 1 次提交
  25. 25 11月, 2013 1 次提交
    • S
      [CIFS] Do not use btrfs refcopy ioctl for SMB2 copy offload · f19e84df
      Steve French 提交于
      Change cifs.ko to using CIFS_IOCTL_COPYCHUNK instead
      of BTRFS_IOC_CLONE to avoid confusion about whether
      copy-on-write is required or optional for this operation.
      
      SMB2/SMB3 copyoffload had used the BTRFS_IOC_CLONE ioctl since
      they both speed up copy by offloading the copy rather than
      passing many read and write requests back and forth and both have
      identical syntax (passing file handles), but for SMB2/SMB3
      CopyChunk the server is not required to use copy-on-write
      to make a copy of the file (although some do), and Christoph
      has commented that since CopyChunk does not require
      copy-on-write we should not reuse BTRFS_IOC_CLONE.
      
      This patch renames the ioctl to use a cifs specific IOCTL
      CIFS_IOCTL_COPYCHUNK.  This ioctl is particularly important
      for SMB2/SMB3 since large file copy over the network otherwise
      can be very slow, and with this is often more than 100 times
      faster putting less load on server and client.
      
      Note that if a copy syscall is ever introduced, depending on
      its requirements/format it could end up using one of the other
      three methods that CIFS/SMB2/SMB3 can do for copy offload,
      but this method is particularly useful for file copy
      and broadly supported (not just by Samba server).
      Signed-off-by: NSteve French <smfrench@gmail.com>
      Reviewed-by: NJeff Layton <jlayton@redhat.com>
      Reviewed-by: NDavid Disseldorp <ddiss@samba.org>
      f19e84df
  26. 14 11月, 2013 1 次提交
    • S
      CIFS: SMB2/SMB3 Copy offload support (refcopy) phase 1 · 41c1358e
      Steve French 提交于
      This first patch adds the ability for us to do a server side copy
      (ie fast copy offloaded to the server to perform, aka refcopy)
      
      "cp --reflink"
      
      of one file to another located on the same server.  This
      is much faster than traditional copy (which requires
      reading and writing over the network and extra
      memcpys).
      
      This first version is not going to be copy
      files larger than about 1MB (to Samba) until I add
      support for multiple chunks and for autoconfiguring
      the chunksize.
      
      It includes:
      1) processing of the ioctl
      2) marshalling and sending the SMB2/SMB3 fsctl over the network
      3) simple parsing of the response
      
      It does not include yet (these will be in followon patches to come soon):
      1) support for multiple chunks
      2) support for autoconfiguring and remembering the chunksize
      3) Support for the older style copychunk which Samba 4.1 server supports
      (because this requires write permission on the target file, which
      cp does not give you, apparently per-posix).  This may require
      a distinct tool (other than cp) and other ioctl to implement.
      Reviewed-by: NPavel Shilovsky <piastry@etersoft.ru>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      41c1358e
  27. 03 11月, 2013 1 次提交
  28. 28 10月, 2013 1 次提交
    • S
      Allow setting per-file compression via SMB2/3 · 64a5cfa6
      Steve French 提交于
      Allow cifs/smb2/smb3 to return whether or not a file is compressed
      via lsattr, and allow SMB2/SMB3 to set the per-file compression
      flag ("chattr +c filename" on an smb3 mount).
      
      Windows users often set the compressed flag (it can be
      done from the desktop and file manager).  David Disseldorp
      has patches to Samba server to support this (at least on btrfs)
      which are complementary to this
      Signed-off-by: NSteve French <smfrench@gmail.com>
      64a5cfa6
  29. 05 5月, 2013 1 次提交
    • J
      [CIFS] cifs: Rename cERROR and cFYI to cifs_dbg · f96637be
      Joe Perches 提交于
      It's not obvious from reading the macro names that these macros
      are for debugging.  Convert the names to a single more typical
      kernel style cifs_dbg macro.
      
      	cERROR(1, ...)   -> cifs_dbg(VFS, ...)
      	cFYI(1, ...)     -> cifs_dbg(FYI, ...)
      	cFYI(DBG2, ...)  -> cifs_dbg(NOISY, ...)
      
      Move the terminating format newline from the macro to the call site.
      
      Add CONFIG_CIFS_DEBUG function cifs_vfs_err to emit the
      "CIFS VFS: " prefix for VFS messages.
      
      Size is reduced ~ 1% when CONFIG_CIFS_DEBUG is set (default y)
      
      $ size fs/cifs/cifs.ko*
         text    data     bss     dec     hex filename
       265245	   2525	    132	 267902	  4167e	fs/cifs/cifs.ko.new
       268359    2525     132  271016   422a8 fs/cifs/cifs.ko.old
      
      Other miscellaneous changes around these conversions:
      
      o Miscellaneous typo fixes
      o Add terminating \n's to almost all formats and remove them
        from the macros to be more kernel style like.  A few formats
        previously had defective \n's
      o Remove unnecessary OOM messages as kmalloc() calls dump_stack
      o Coalesce formats to make grep easier,
        added missing spaces when coalescing formats
      o Use %s, __func__ instead of embedded function name
      o Removed unnecessary "cifs: " prefixes
      o Convert kzalloc with multiply to kcalloc
      o Remove unused cifswarn macro
      Signed-off-by: NJoe Perches <joe@perches.com>
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      f96637be
  30. 23 2月, 2013 1 次提交
  31. 25 9月, 2012 2 次提交
新手
引导
客服 返回
顶部