1. 02 2月, 2017 3 次提交
  2. 15 12月, 2016 1 次提交
    • S
      cifs_get_root shouldn't use path with tree name · 374402a2
      Sachin Prabhu 提交于
      When a server returns the optional flag SMB_SHARE_IS_IN_DFS in response
      to a tree connect, cifs_build_path_to_root() will return a pathname
      which includes the hostname. This causes problems with cifs_get_root()
      which separates each component and does a lookup for each component of
      the path which in this case will incorrectly include looking up the
      hostname component as a path component.
      
      We encountered a problem with dfs shares hosted by a Netapp. When
      connecting to nodes pointed to by the DFS share. The tree connect for
      these nodes return SMB_SHARE_IS_IN_DFS resulting failures in lookup
      in cifs_get_root().
      
      RH bz: 1373153
      The patch was tested against a Netapp simulator and by a user using an
      actual Netapp server.
      Signed-off-by: NSachin Prabhu <sprabhu@redhat.com>
      Reported-by: NPierguido Lambri <plambri@redhat.com>
      Reviewed-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      374402a2
  3. 06 12月, 2016 1 次提交
    • P
      CIFS: Fix a possible memory corruption during reconnect · 53e0e11e
      Pavel Shilovsky 提交于
      We can not unlock/lock cifs_tcp_ses_lock while walking through ses
      and tcon lists because it can corrupt list iterator pointers and
      a tcon structure can be released if we don't hold an extra reference.
      Fix it by moving a reconnect process to a separate delayed work
      and acquiring a reference to every tcon that needs to be reconnected.
      Also do not send an echo request on newly established connections.
      
      CC: Stable <stable@vger.kernel.org>
      Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
      53e0e11e
  4. 13 10月, 2016 1 次提交
  5. 28 9月, 2016 1 次提交
  6. 10 9月, 2016 1 次提交
  7. 20 5月, 2016 1 次提交
    • S
      cifs: Create dedicated keyring for spnego operations · b74cb9a8
      Sachin Prabhu 提交于
      The session key is the default keyring set for request_key operations.
      This session key is revoked when the user owning the session logs out.
      Any long running daemon processes started by this session ends up with
      revoked session keyring which prevents these processes from using the
      request_key mechanism from obtaining the krb5 keys.
      
      The problem has been reported by a large number of autofs users. The
      problem is also seen with multiuser mounts where the share may be used
      by processes run by a user who has since logged out. A reproducer using
      automount is available on the Red Hat bz.
      
      The patch creates a new keyring which is used to cache cifs spnego
      upcalls.
      
      Red Hat bz: 1267754
      Signed-off-by: NSachin Prabhu <sprabhu@redhat.com>
      Reported-by: NScott Mayhew <smayhew@redhat.com>
      Reviewed-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
      CC: Stable <stable@vger.kernel.org>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      b74cb9a8
  8. 29 3月, 2016 3 次提交
  9. 15 1月, 2016 1 次提交
  10. 11 5月, 2015 1 次提交
  11. 02 8月, 2014 1 次提交
  12. 01 8月, 2014 1 次提交
  13. 17 4月, 2014 1 次提交
    • S
      cifs: Wait for writebacks to complete before attempting write. · c11f1df5
      Sachin Prabhu 提交于
      Problem reported in Red Hat bz 1040329 for strict writes where we cache
      only when we hold oplock and write direct to the server when we don't.
      
      When we receive an oplock break, we first change the oplock value for
      the inode in cifsInodeInfo->oplock to indicate that we no longer hold
      the oplock before we enqueue a task to flush changes to the backing
      device. Once we have completed flushing the changes, we return the
      oplock to the server.
      
      There are 2 ways here where we can have data corruption
      1) While we flush changes to the backing device as part of the oplock
      break, we can have processes write to the file. These writes check for
      the oplock, find none and attempt to write directly to the server.
      These direct writes made while we are flushing from cache could be
      overwritten by data being flushed from the cache causing data
      corruption.
      2) While a thread runs in cifs_strict_writev, the machine could receive
      and process an oplock break after the thread has checked the oplock and
      found that it allows us to cache and before we have made changes to the
      cache. In that case, we end up with a dirty page in cache when we
      shouldn't have any. This will be flushed later and will overwrite all
      subsequent writes to the part of the file represented by this page.
      
      Before making any writes to the server, we need to confirm that we are
      not in the process of flushing data to the server and if we are, we
      should wait until the process is complete before we attempt the write.
      We should also wait for existing writes to complete before we process
      an oplock break request which changes oplock values.
      
      We add a version specific  downgrade_oplock() operation to allow for
      differences in the oplock values set for the different smb versions.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NSachin Prabhu <sprabhu@redhat.com>
      Reviewed-by: NJeff Layton <jlayton@redhat.com>
      Reviewed-by: NPavel Shilovsky <piastry@etersoft.ru>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      c11f1df5
  14. 11 2月, 2014 1 次提交
    • S
      [CIFS] Fix cifsacl mounts over smb2 to not call cifs · 42eacf9e
      Steve French 提交于
      When mounting with smb2/smb3 (e.g. vers=2.1) and cifsacl mount option,
      it was trying to get the mode by querying the acl over the cifs
      rather than smb2 protocol.  This patch makes that protocol
      independent and makes cifsacl smb2 mounts return a more intuitive
      operation not supported error (until we add a worker function
      for smb2_get_acl).
      
      Note that a previous patch fixed getxattr/setxattr for the CIFSACL xattr
      which would unconditionally call cifs_get_acl and cifs_set_acl (even when
      mounted smb2). I made those protocol independent last week (new protocol
      version operations "get_acl" and "set_acl" but did not add an
      smb2_get_acl and smb2_set_acl yet so those now simply return EOPNOTSUPP
      which at least is better than sending cifs requests on smb2 mount)
      
      The previous patches did not fix the one remaining case though ie
      mounting with "cifsacl" when getting mode from acl would unconditionally
      end up calling "cifs_get_acl_from_fid" even for smb2 - so made that protocol
      independent but to make that protocol independent had to make sure that the callers
      were passing the protocol independent handle structure (cifs_fid) instead
      of cifs specific _u16 network file handle (ie cifs_fid instead of cifs_fid->fid)
      
      Now mount with smb2 and cifsacl mount options will return EOPNOTSUP (instead
      of timing out) and a future patch will add smb2 operations (e.g. get_smb2_acl)
      to enable this.
      Signed-off-by: NSteve French <smfrench@gmail.com>
      42eacf9e
  15. 08 2月, 2014 1 次提交
  16. 20 1月, 2014 5 次提交
  17. 28 12月, 2013 1 次提交
    • S
      cifs: We do not drop reference to tlink in CIFSCheckMFSymlink() · 750b8de6
      Sachin Prabhu 提交于
      When we obtain tcon from cifs_sb, we use cifs_sb_tlink() to first obtain
      tlink which also grabs a reference to it. We do not drop this reference
      to tlink once we are done with the call.
      
      The patch fixes this issue by instead passing tcon as a parameter and
      avoids having to obtain a reference to the tlink. A lookup for the tcon
      is already made in the calling functions and this way we avoid having to
      re-run the lookup. This is also consistent with the argument list for
      other similar calls for M-F symlinks.
      
      We should also return an ENOSYS when we do not find a protocol specific
      function to lookup the MF Symlink data.
      Signed-off-by: NSachin Prabhu <sprabhu@redhat.com>
      Reviewed-by: NJeff Layton <jlayton@redhat.com>
      CC: Stable <stable@kernel.org>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      750b8de6
  18. 03 11月, 2013 1 次提交
    • S
      Allow setting per-file compression via CIFS protocol · c7f508a9
      Steve French 提交于
      An earlier patch allowed setting the per-file compression flag
      
      "chattr +c filename"
      
      on an smb2 or smb3 mount, and also allowed lsattr to return
      whether a file on a cifs, or smb2/smb3 mount was compressed.
      
      This patch extends the ability to set the per-file
      compression flag to the cifs protocol, which uses a somewhat
      different IOCTL mechanism than SMB2, although the payload
      (the flags stored in the compression_state) are the same.
      Reviewed-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      c7f508a9
  19. 09 9月, 2013 2 次提交
  20. 31 7月, 2013 1 次提交
    • S
      Do not attempt to do cifs operations reading symlinks with SMB2 · 1b244081
      Steve French 提交于
      When use of symlinks is enabled (mounting with mfsymlinks option) to
      non-Samba servers, we always tried to use cifs, even when we
      were mounted with SMB2 or SMB3, which causes the server to drop the
      network connection.
      
      This patch separates out the protocol specific operations for cifs from
      the code which recognizes symlinks, and fixes the problem where
      with SMB2 mounts we attempt cifs operations to open and read
      symlinks.  The next patch will add support for SMB2 for opening
      and reading symlinks.  Additional followon patches will address
      the similar problem creating symlinks.
      Signed-off-by: NSteve French <smfrench@gmail.com>
      1b244081
  21. 05 7月, 2013 1 次提交
  22. 27 6月, 2013 2 次提交
    • S
      [CIFS] Fix build warning · e65a5cb4
      Steve French 提交于
      Fix build warning in Shirish's recent SMB3 signing patch
      which occurs when SMB2 support is disabled in Kconfig.
      
      fs/built-in.o: In function `cifs_setup_session':
      >> (.text+0xa1767): undefined reference to `generate_smb3signingkey'
      
      Pointed out by: automated 0-DAY kernel build testing backend
      Intel Open Source Technology Center
      
      CC: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      e65a5cb4
    • S
      [CIFS] SMB3 Signing enablement · 429b46f4
      Steve French 提交于
      SMB3 uses a much faster method of signing (which is also better in other ways),
      AES-CMAC.  With the kernel now supporting AES-CMAC since last release, we
      are overdue to allow SMB3 signing (today only CIFS and SMB2 and SMB2.1,
      but not SMB3 and SMB3.1 can sign) - and we need this also for checking
      secure negotation and also per-share encryption (two other new SMB3 features
      which we need to implement).
      
      This patch needs some work in a few areas - for example we need to
      move signing for SMB2/SMB3 from per-socket to per-user (we may be able to
      use the "nosharesock" mount option in the interim for the multiuser case),
      and Shirish found a bug in the earlier authentication overhaul
      (setting signing flags properly) - but those can be done in followon
      patches.
      Signed-off-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      429b46f4
  23. 24 6月, 2013 3 次提交
  24. 05 5月, 2013 1 次提交
    • J
      [CIFS] cifs: Rename cERROR and cFYI to cifs_dbg · f96637be
      Joe Perches 提交于
      It's not obvious from reading the macro names that these macros
      are for debugging.  Convert the names to a single more typical
      kernel style cifs_dbg macro.
      
      	cERROR(1, ...)   -> cifs_dbg(VFS, ...)
      	cFYI(1, ...)     -> cifs_dbg(FYI, ...)
      	cFYI(DBG2, ...)  -> cifs_dbg(NOISY, ...)
      
      Move the terminating format newline from the macro to the call site.
      
      Add CONFIG_CIFS_DEBUG function cifs_vfs_err to emit the
      "CIFS VFS: " prefix for VFS messages.
      
      Size is reduced ~ 1% when CONFIG_CIFS_DEBUG is set (default y)
      
      $ size fs/cifs/cifs.ko*
         text    data     bss     dec     hex filename
       265245	   2525	    132	 267902	  4167e	fs/cifs/cifs.ko.new
       268359    2525     132  271016   422a8 fs/cifs/cifs.ko.old
      
      Other miscellaneous changes around these conversions:
      
      o Miscellaneous typo fixes
      o Add terminating \n's to almost all formats and remove them
        from the macros to be more kernel style like.  A few formats
        previously had defective \n's
      o Remove unnecessary OOM messages as kmalloc() calls dump_stack
      o Coalesce formats to make grep easier,
        added missing spaces when coalescing formats
      o Use %s, __func__ instead of embedded function name
      o Removed unnecessary "cifs: " prefixes
      o Convert kzalloc with multiply to kcalloc
      o Remove unused cifswarn macro
      Signed-off-by: NJoe Perches <joe@perches.com>
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      f96637be
  25. 13 2月, 2013 3 次提交
  26. 09 12月, 2012 1 次提交
    • J
      cifs: simplify id_to_sid and sid_to_id mapping code · faa65f07
      Jeff Layton 提交于
      The cifs.idmap handling code currently causes the kernel to cache the
      data from userspace twice. It first looks in a rbtree to see if there is
      a matching entry for the given id. If there isn't then it calls
      request_key which then checks its cache and then calls out to userland
      if it doesn't have one. If the userland program establishes a mapping
      and downcalls with that info, it then gets cached in the keyring and in
      this rbtree.
      
      Aside from the double memory usage and the performance penalty in doing
      all of these extra copies, there are some nasty bugs in here too. The
      code declares four rbtrees and spinlocks to protect them, but only seems
      to use two of them. The upshot is that the same tree is used to hold
      (eg) uid:sid and sid:uid mappings. The comparitors aren't equipped to
      deal with that.
      
      I think we'd be best off to remove a layer of caching in this code. If
      this was originally done for performance reasons, then that really seems
      like a premature optimization.
      
      This patch does that -- it removes the rbtrees and the locks that
      protect them and simply has the code do a request_key call on each call
      into sid_to_id and id_to_sid. This greatly simplifies this code and
      should roughly halve the memory utilization from using the idmapping
      code.
      Reviewed-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      faa65f07