1. 29 4月, 2011 1 次提交
  2. 22 4月, 2011 1 次提交
  3. 12 4月, 2011 6 次提交
    • S
      [CIFS] Warn on requesting default security (ntlm) on mount · d9b94201
      Steve French 提交于
      Warn once if default security (ntlm) requested. We will
      update the default to the stronger security mechanism
      (ntlmv2) in 2.6.41.  Kerberos is also stronger than
      ntlm, but more servers support ntlmv2 and ntlmv2
      does not require an upcall, so ntlmv2 is a better
      default.
      Reviewed-by: NJeff Layton <jlayton@redhat.com>
      CC: Suresh Jayaraman <sjayaraman@suse.de>
      Reviewed-by: NShirish Pargaonkar <shirishp@us.ibm.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      d9b94201
    • S
      [CIFS] cifs: clarify the meaning of tcpStatus == CifsGood · fd88ce93
      Steve French 提交于
      When the TCP_Server_Info is first allocated and connected, tcpStatus ==
      CifsGood means that the NEGOTIATE_PROTOCOL request has completed and the
      socket is ready for other calls. cifs_reconnect however sets tcpStatus
      to CifsGood as soon as the socket is reconnected and the optional
      RFC1001 session setup is done. We have no clear way to tell the
      difference between these two states, and we need to know this in order
      to know whether we can send an echo or not.
      
      Resolve this by adding a new statusEnum value -- CifsNeedNegotiate. When
      the socket has been connected but has not yet had a NEGOTIATE_PROTOCOL
      request done, set it to this value. Once the NEGOTIATE is done,
      cifs_negotiate_protocol will set tcpStatus to CifsGood.
      
      This also fixes and cleans the logic in cifs_reconnect and
      cifs_reconnect_tcon. The old code checked for specific states when what
      it really wants to know is whether the state has actually changed from
      CifsNeedReconnect.
      Reported-and-Tested-by: NJG <jg@cms.ac>
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      fd88ce93
    • J
      cifs: clean up length checks in check2ndT2 · c0c7b905
      Jeff Layton 提交于
      Thus spake David Howells:
      
      The code that follows this:
      
        	remaining = total_data_size - data_in_this_rsp;
      	if (remaining == 0)
      		return 0;
      	else if (remaining < 0) {
      
      generates better code if you drop the 'remaining' variable and compare
      the values directly.
      
      Clean it up per his recommendation...
      Reported-and-acked-by: NDavid Howells <dhowells@redhat.com>
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      c0c7b905
    • J
      cifs: always do is_path_accessible check in cifs_mount · 70945643
      Jeff Layton 提交于
      Currently, we skip doing the is_path_accessible check in cifs_mount if
      there is no prefixpath. I have a report of at least one server however
      that allows a TREE_CONNECT to a share that has a DFS referral at its
      root. The reporter in this case was using a UNC that had no prefixpath,
      so the is_path_accessible check was not triggered and the box later hit
      a BUG() because we were chasing a DFS referral on the root dentry for
      the mount.
      
      This patch fixes this by removing the check for a zero-length
      prefixpath.  That should make the is_path_accessible check be done in
      this situation and should allow the client to chase the DFS referral at
      mount time instead.
      
      Cc: stable@kernel.org
      Reported-and-Tested-by: NYogesh Sharma <ysharma@cymer.com>
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      70945643
    • S
      Elminate sparse __CHECK_ENDIAN__ warnings on port conversion · 6da97910
      Steve French 提交于
      Ports are __be16 not unsigned short int
      
      Eliminates the remaining fixable endian warnings:
      
      ~/cifs-2.6$ make modules C=1 M=fs/cifs CF=-D__CHECK_ENDIAN__
        CHECK   fs/cifs/connect.c
      fs/cifs/connect.c:2408:23: warning: incorrect type in assignment (different base types)
      fs/cifs/connect.c:2408:23:    expected unsigned short *sport
      fs/cifs/connect.c:2408:23:    got restricted __be16 *<noident>
      fs/cifs/connect.c:2410:23: warning: incorrect type in assignment (different base types)
      fs/cifs/connect.c:2410:23:    expected unsigned short *sport
      fs/cifs/connect.c:2410:23:    got restricted __be16 *<noident>
      fs/cifs/connect.c:2416:24: warning: incorrect type in assignment (different base types)
      fs/cifs/connect.c:2416:24:    expected unsigned short [unsigned] [short] <noident>
      fs/cifs/connect.c:2416:24:    got restricted __be16 [usertype] <noident>
      fs/cifs/connect.c:2423:24: warning: incorrect type in assignment (different base types)
      fs/cifs/connect.c:2423:24:    expected unsigned short [unsigned] [short] <noident>
      fs/cifs/connect.c:2423:24:    got restricted __be16 [usertype] <noident>
      fs/cifs/connect.c:2326:23: warning: incorrect type in assignment (different base types)
      fs/cifs/connect.c:2326:23:    expected unsigned short [unsigned] sport
      fs/cifs/connect.c:2326:23:    got restricted __be16 [usertype] sin6_port
      fs/cifs/connect.c:2330:23: warning: incorrect type in assignment (different base types)
      fs/cifs/connect.c:2330:23:    expected unsigned short [unsigned] sport
      fs/cifs/connect.c:2330:23:    got restricted __be16 [usertype] sin_port
      fs/cifs/connect.c:2394:22: warning: restricted __be16 degrades to integer
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      6da97910
    • S
      Allow user names longer than 32 bytes · 8727c8a8
      Steve French 提交于
      We artificially limited the user name to 32 bytes, but modern servers handle
      larger.  Set the maximum length to a reasonable 256, and make the user name
      string dynamically allocated rather than a fixed size in session structure.
      Also clean up old checkpatch warning.
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      8727c8a8
  4. 31 3月, 2011 1 次提交
  5. 11 2月, 2011 1 次提交
    • J
      cifs: don't always drop malformed replies on the floor (try #3) · 71823baf
      Jeff Layton 提交于
      Slight revision to this patch...use min_t() instead of conditional
      assignment. Also, remove the FIXME comment and replace it with the
      explanation that Steve gave earlier.
      
      After receiving a packet, we currently check the header. If it's no
      good, then we toss it out and continue the loop, leaving the caller
      waiting on that response.
      
      In cases where the packet has length inconsistencies, but the MID is
      valid, this leads to unneeded delays. That's especially problematic now
      that the client waits indefinitely for responses.
      
      Instead, don't immediately discard the packet if checkSMB fails. Try to
      find a matching mid_q_entry, mark it as having a malformed response and
      issue the callback.
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      71823baf
  6. 10 2月, 2011 1 次提交
  7. 09 2月, 2011 1 次提交
  8. 05 2月, 2011 2 次提交
  9. 02 2月, 2011 1 次提交
  10. 28 1月, 2011 1 次提交
  11. 26 1月, 2011 1 次提交
  12. 24 1月, 2011 1 次提交
    • R
      Make CIFS mount work in a container. · f1d0c998
      Rob Landley 提交于
      Teach cifs about network namespaces, so mounting uses adresses/routing
      visible from the container rather than from init context.
      
      A container is a chroot on steroids that changes more than just the root
      filesystem the new processes see.  One thing containers can isolate is
      "network namespaces", meaning each container can have its own set of
      ethernet interfaces, each with its own own IP address and routing to the
      outside world.  And if you open a socket in _userspace_ from processes
      within such a container, this works fine.
      
      But sockets opened from within the kernel still use a single global
      networking context in a lot of places, meaning the new socket's address
      and routing are correct for PID 1 on the host, but are _not_ what
      userspace processes in the container get to use.
      
      So when you mount a network filesystem from within in a container, the
      mount code in the CIFS driver uses the host's networking context and not
      the container's networking context, so it gets the wrong address, uses
      the wrong routing, and may even try to go out an interface that the
      container can't even access...  Bad stuff.
      
      This patch copies the mount process's network context into the CIFS
      structure that stores the rest of the server information for that mount
      point, and changes the socket open code to use the saved network context
      instead of the global network context.  I.E. "when you attempt to use
      these addresses, do so relative to THIS set of network interfaces and
      routing rules, not the old global context from back before we supported
      containers".
      
      The big long HOWTO sets up a test environment on the assumption you've
      never used ocntainers before.  It basically says:
      
      1) configure and build a new kernel that has container support
      2) build a new root filesystem that includes the userspace container
      control package (LXC)
      3) package/run them under KVM (so you don't have to mess up your host
      system in order to play with containers).
      4) set up some containers under the KVM system
      5) set up contradictory routing in the KVM system and the container so
      that the host and the container see different things for the same address
      6) try to mount a CIFS share from both contexts so you can both force it
      to work and force it to fail.
      
      For a long drawn out test reproduction sequence, see:
      
        http://landley.livejournal.com/47024.html
        http://landley.livejournal.com/47205.html
        http://landley.livejournal.com/47476.htmlSigned-off-by: NRob Landley <rlandley@parallels.com>
      Reviewed-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      f1d0c998
  13. 21 1月, 2011 6 次提交
  14. 20 1月, 2011 3 次提交
  15. 15 1月, 2011 1 次提交
    • J
      cifs: add cruid= mount option · bd763319
      Jeff Layton 提交于
      In commit 3e4b3e1f we separated the "uid" mount option such that it
      no longer determined the owner of the credential cache by default. When
      we did this, we added a new option to cifs.upcall (--legacy-uid) to
      try to make it so that it would behave the same was as it did before.
      
      This ignored a rather important point -- the kernel has no way to know
      what options are being passed to cifs.upcall, so it doesn't know what
      uid it should use to determine whether to match an existing krb5 session.
      
      The simplest solution is to simply add a new "cruid=" mount option that
      only governs the uid owner of the credential cache for the mount.
      
      Unfortunately, this means that the --legacy-uid option in cifs.upcall was
      ill-considered and is now useless, but I don't see a better way to deal
      with this.
      
      A patch for the mount.cifs manpage will follow once this patch has been
      accepted.
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      bd763319
  16. 10 1月, 2011 2 次提交
  17. 07 1月, 2011 2 次提交
  18. 08 12月, 2010 2 次提交
  19. 07 12月, 2010 1 次提交
  20. 03 12月, 2010 1 次提交
    • S
      cifs: add attribute cache timeout (actimeo) tunable · 6d20e840
      Suresh Jayaraman 提交于
      Currently, the attribute cache timeout for CIFS is hardcoded to 1 second. This
      means that the client might have to issue a QPATHINFO/QFILEINFO call every 1
      second to verify if something has changes, which seems too expensive. On the
      other hand, if the timeout is hardcoded to a higher value, workloads that
      expect strict cache coherency might see unexpected results.
      
      Making attribute cache timeout as a tunable will allow us to make a tradeoff
      between performance and cache metadata correctness depending on the
      application/workload needs.
      
      Add 'actimeo' tunable that can be used to tune the attribute cache timeout.
      The default timeout is set to 1 second. Also, display actimeo option value in
      /proc/mounts.
      
      It appears to me that 'actimeo' and the proposed (but not yet merged)
      'strictcache' option cannot coexist, so care must be taken that we reset the
      other option if one of them is set.
      
      Changes since last post:
         - fix option parsing and handle possible values correcly
      Reviewed-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSuresh Jayaraman <sjayaraman@suse.de>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      6d20e840
  21. 30 11月, 2010 1 次提交
  22. 05 11月, 2010 1 次提交
  23. 03 11月, 2010 2 次提交
    • J
      cifs: convert tlink_tree to a rbtree · b647c35f
      Jeff Layton 提交于
      Radix trees are ideal when you want to track a bunch of pointers and
      can't embed a tracking structure within the target of those pointers.
      The tradeoff is an increase in memory, particularly if the tree is
      sparse.
      
      In CIFS, we use the tlink_tree to track tcon_link structs. A tcon_link
      can never be in more than one tlink_tree, so there's no impediment to
      using a rb_tree here instead of a radix tree.
      
      Convert the new multiuser mount code to use a rb_tree instead. This
      should reduce the memory required to manage the tlink_tree.
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      b647c35f
    • J
      cifs: store pointer to master tlink in superblock (try #2) · 413e661c
      Jeff Layton 提交于
      This is the second version of this patch, the only difference between
      it and the first one is that this explicitly makes cifs_sb_master_tlink
      a static inline.
      
      Instead of keeping a tag on the master tlink in the tree, just keep a
      pointer to the master in the superblock. That eliminates the need for
      using the radix tree to look up a tagged entry.
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      413e661c