1. 25 10月, 2019 1 次提交
    • D
      cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs · d46b0da7
      Dave Wysochanski 提交于
      There's a deadlock that is possible and can easily be seen with
      a test where multiple readers open/read/close of the same file
      and a disruption occurs causing reconnect.  The deadlock is due
      a reader thread inside cifs_strict_readv calling down_read and
      obtaining lock_sem, and then after reconnect inside
      cifs_reopen_file calling down_read a second time.  If in
      between the two down_read calls, a down_write comes from
      another process, deadlock occurs.
      
              CPU0                    CPU1
              ----                    ----
      cifs_strict_readv()
       down_read(&cifsi->lock_sem);
                                     _cifsFileInfo_put
                                        OR
                                     cifs_new_fileinfo
                                      down_write(&cifsi->lock_sem);
      cifs_reopen_file()
       down_read(&cifsi->lock_sem);
      
      Fix the above by changing all down_write(lock_sem) calls to
      down_write_trylock(lock_sem)/msleep() loop, which in turn
      makes the second down_read call benign since it will never
      block behind the writer while holding lock_sem.
      Signed-off-by: NDave Wysochanski <dwysocha@redhat.com>
      Suggested-by: NRonnie Sahlberg <lsahlber@redhat.com>
      Reviewed--by: NRonnie Sahlberg <lsahlber@redhat.com>
      Reviewed-by: NPavel Shilovsky <pshilov@microsoft.com>
      d46b0da7
  2. 26 9月, 2019 1 次提交
  3. 17 9月, 2019 3 次提交
  4. 28 8月, 2019 1 次提交
  5. 08 5月, 2019 1 次提交
  6. 06 3月, 2019 3 次提交
  7. 29 12月, 2018 3 次提交
    • P
      cifs: Add support for failover in smb2_reconnect() · a3a53b76
      Paulo Alcantara 提交于
      After a successful failover in cifs_reconnect(), the smb2_reconnect()
      function will make sure to reconnect every tcon to new target server.
      
      For SMB2+.
      Signed-off-by: NPaulo Alcantara <palcantara@suse.de>
      Signed-off-by: NAurelien Aptel <aaptel@suse.com>
      Signed-off-by: NSteve French <stfrench@microsoft.com>
      a3a53b76
    • P
      cifs: Make use of DFS cache to get new DFS referrals · 1c780228
      Paulo Alcantara 提交于
      This patch will make use of DFS cache routines where appropriate and
      do not always request a new referral from server.
      Signed-off-by: NPaulo Alcantara <palcantara@suse.de>
      Reviewed-by: NAurelien Aptel <aaptel@suse.com>
      Signed-off-by: NSteve French <stfrench@microsoft.com>
      1c780228
    • P
      cifs: Add DFS cache routines · 54be1f6c
      Paulo Alcantara 提交于
      * Add new dfs_cache.[ch] files
      
      * Add new /proc/fs/cifs/dfscache file
        - dump current cache when read
        - clear current cache when writing "0" to it
      
      * Add delayed_work to periodically refresh cache entries
      
      The new interface will be used for caching DFS referrals, as well as
      supporting client target failover.
      
      The DFS cache is a hashtable that maps UNC paths to cache entries.
      
      A cache entry contains:
      - the UNC path it is mapped on
      - how much the the UNC path the entry consumes
      - flags
      - a Time-To-Live after which the entry expires
      - a list of possible targets (linked lists of UNC paths)
      - a "hint target" pointing the last known working target or the first
        target if none were tried. This hint lets cifs.ko remember and try
        working targets first.
      
      * Looking for an entry in the cache is done with dfs_cache_find()
        - if no valid entries are found, a DFS query is made, stored in the
          cache and returned
        - the full target list can be copied and returned to avoid race
          conditions and looped on with the help with the
          dfs_cache_tgt_iterator
      
      * Updating the target hint to the next target is done with
        dfs_cache_update_tgthint()
      
      These functions have a dfs_cache_noreq_XXX() version that doesn't
      fetches referrals if no entries are found. These versions don't
      require the tcp/ses/tcon/cifs_sb parameters as a result.
      
      Expired entries cannot be used and since they have a pretty short TTL
      [1] in order for them to be useful for failover the DFS cache adds a
      delayed work called periodically to keep them fresh.
      
      Since we might not have available connections to issue the referral
      request when refreshing we need to store volume_info structs with
      credentials and other needed info to be able to connect to the right
      server.
      
      1: Windows defaults: 5mn for domain-based referrals, 30mn for regular
      links
      Signed-off-by: NPaulo Alcantara <palcantara@suse.de>
      Signed-off-by: NAurelien Aptel <aaptel@suse.com>
      Signed-off-by: NSteve French <stfrench@microsoft.com>
      54be1f6c
  8. 24 12月, 2018 1 次提交
  9. 24 10月, 2018 1 次提交
  10. 08 8月, 2018 2 次提交
  11. 06 7月, 2018 1 次提交
    • L
      cifs: Fix use after free of a mid_q_entry · 696e420b
      Lars Persson 提交于
      With protocol version 2.0 mounts we have seen crashes with corrupt mid
      entries. Either the server->pending_mid_q list becomes corrupt with a
      cyclic reference in one element or a mid object fetched by the
      demultiplexer thread becomes overwritten during use.
      
      Code review identified a race between the demultiplexer thread and the
      request issuing thread. The demultiplexer thread seems to be written
      with the assumption that it is the sole user of the mid object until
      it calls the mid callback which either wakes the issuer task or
      deletes the mid.
      
      This assumption is not true because the issuer task can be woken up
      earlier by a signal. If the demultiplexer thread has proceeded as far
      as setting the mid_state to MID_RESPONSE_RECEIVED then the issuer
      thread will happily end up calling cifs_delete_mid while the
      demultiplexer thread still is using the mid object.
      
      Inserting a delay in the cifs demultiplexer thread widens the race
      window and makes reproduction of the race very easy:
      
      		if (server->large_buf)
      			buf = server->bigbuf;
      
      +		usleep_range(500, 4000);
      
      		server->lstrp = jiffies;
      
      To resolve this I think the proper solution involves putting a
      reference count on the mid object. This patch makes sure that the
      demultiplexer thread holds a reference until it has finished
      processing the transaction.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NLars Persson <larper@axis.com>
      Acked-by: NPaulo Alcantara <palcantara@suse.de>
      Reviewed-by: NRonnie Sahlberg <lsahlber@redhat.com>
      Reviewed-by: NPavel Shilovsky <pshilov@microsoft.com>
      Signed-off-by: NSteve French <stfrench@microsoft.com>
      696e420b
  12. 15 6月, 2018 3 次提交
  13. 07 6月, 2018 1 次提交
    • S
      smb3: do not allow insecure cifs mounts when using smb3 · c7c137b9
      Steve French 提交于
      if mounting as smb3 do not allow cifs (vers=1.0) or insecure vers=2.0
      mounts.
      
      For example:
      root@smf-Thinkpad-P51:~/cifs-2.6# mount -t smb3 //127.0.0.1/scratch /mnt -o username=testuser,password=Testpass1
      root@smf-Thinkpad-P51:~/cifs-2.6# umount /mnt
      root@smf-Thinkpad-P51:~/cifs-2.6# mount -t smb3 //127.0.0.1/scratch /mnt -o username=testuser,password=Testpass1,vers=1.0
      mount: /mnt: wrong fs type, bad option, bad superblock on //127.0.0.1/scratch ...
      root@smf-Thinkpad-P51:~/cifs-2.6# dmesg | grep smb3
      [ 4302.200122] CIFS VFS: vers=1.0 (cifs) not permitted when mounting with smb3
      root@smf-Thinkpad-P51:~/cifs-2.6# mount -t smb3 //127.0.0.1/scratch /mnt -o username=testuser,password=Testpass1,vers=3.11
      Signed-off-by: NSteve French <stfrench@microsoft.com>
      Acked-by: NPavel Shilovsky <pshilov@microsoft.com>
      Reviewed-by: NAurelien Aptel <aaptel@suse.com>
      Reviewed-by: NSachin Prabhu <sprabhu@redhat.com>
      c7c137b9
  14. 06 6月, 2018 1 次提交
  15. 05 6月, 2018 1 次提交
    • A
      CIFS: Fix signing for SMB2/3 · 57f933ce
      Aurelien Aptel 提交于
      It seems Ronnie's preamble removal broke signing.
      
      the signing functions are called when:
      
      A) we send a request (to sign it)
      B) when we recv a response (to check the signature).
      
      On code path A, the smb2 header is in iov[1] but on code path B, the
      smb2 header is in iov[0] (and there's only one vector).
      
      So we have different iov indexes for the smb2 header but the signing
      function always use index 1. Fix this by checking the nb of io vectors
      in the signing function as a hint.
      Signed-off-by: NAurelien Aptel <aaptel@suse.com>
      Reviewed-by: NRonnie Sahlberg <lsahlber@redhat.com>
      Signed-off-by: NSteve French <stfrench@microsoft.com>
      57f933ce
  16. 03 6月, 2018 2 次提交
  17. 31 5月, 2018 1 次提交
  18. 28 5月, 2018 1 次提交
  19. 02 4月, 2018 1 次提交
  20. 25 1月, 2018 1 次提交
  21. 05 9月, 2017 1 次提交
  22. 13 5月, 2017 1 次提交
  23. 03 5月, 2017 1 次提交
    • P
      CIFS: Add asynchronous context to support kernel AIO · ccf7f408
      Pavel Shilovsky 提交于
      Currently the code doesn't recognize asynchronous calls passed
      by io_submit() and processes all calls synchronously. This is not
      what kernel AIO expects. This patch introduces a new async context
      that keeps track of all issued i/o requests and moves a response
      collecting procedure to a separate thread. This allows to return
      to a caller immediately for async calls and call iocb->ki_complete()
      once all requests are completed. For sync calls the current thread
      simply waits until all requests are completed.
      Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      ccf7f408
  24. 11 4月, 2017 1 次提交
  25. 07 4月, 2017 1 次提交
    • S
      Handle mismatched open calls · 38bd4906
      Sachin Prabhu 提交于
      A signal can interrupt a SendReceive call which result in incoming
      responses to the call being ignored. This is a problem for calls such as
      open which results in the successful response being ignored. This
      results in an open file resource on the server.
      
      The patch looks into responses which were cancelled after being sent and
      in case of successful open closes the open fids.
      
      For this patch, the check is only done in SendReceive2()
      
      RH-bz: 1403319
      Signed-off-by: NSachin Prabhu <sprabhu@redhat.com>
      Reviewed-by: NPavel Shilovsky <pshilov@microsoft.com>
      Cc: Stable <stable@vger.kernel.org>
      38bd4906
  26. 03 3月, 2017 1 次提交
  27. 02 3月, 2017 2 次提交
  28. 02 2月, 2017 2 次提交