- 02 2月, 2017 16 次提交
-
-
由 Pavel Shilovsky 提交于
Since we have two different types of reads (pagecache and direct) we need to process such responses differently after decryption of a packet. The change allows to specify a callback that copies a read payload data into preallocated pages. Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
-
由 Pavel Shilovsky 提交于
We need to process read responses differently because the data should go directly into preallocated pages. This can be done by specifying a mid handle callback. Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
-
由 Pavel Shilovsky 提交于
We need to recognize and parse transformed packets in demultiplex thread to find a corresponsing mid and process it further. Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
-
由 Pavel Shilovsky 提交于
This change allows to encrypt packets if it is required by a server for SMB sessions or tree connections. Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
-
由 Pavel Shilovsky 提交于
In order to allow encryption on SMB connection we need to exchange a session key and generate encryption and decryption keys. Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
-
由 Pavel Shilovsky 提交于
This will allow us to do protocol specific tranformations of packets before sending to the server. For SMB3 it can be used to support encryption. Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
-
由 Pavel Shilovsky 提交于
Allocate and initialize SMB2 read request without RFC1001 length field to directly call cifs_send_recv() rather than SendReceive2() in a read codepath. Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
-
由 Pavel Shilovsky 提交于
Do not process RFC1001 length in smb2_hdr_assemble() because it is not a part of SMB2 header. This allows to cleanup the code and adds a possibility combine several SMB2 packets into one for compounding. Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
-
由 Pavel Shilovsky 提交于
In order to simplify further encryption support we need to separate RFC1001 length and SMB2 header when sending a request. Put the length field in iov[0] and the rest of the packet into following iovs. Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
-
由 Pavel Shilovsky 提交于
Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
-
由 Pavel Shilovsky 提交于
Now SendReceive2 frees the first iov and returns a response buffer in it that increases a code complexity. Simplify this by making a caller responsible for freeing request buffer itself and returning a response buffer in a separate iov. Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
-
由 Pavel Shilovsky 提交于
In order to support compounding and encryption we need to separate RFC1001 length field and SMB2 header structure because the protocol treats them differently. This change will allow to simplify parsing of such complex SMB2 packets further. Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
-
由 Pavel Shilovsky 提交于
Currently we call copy_page_to_iter() for uncached reading into a pipe. This is wrong because it treats pages as VFS cache pages and copies references rather than actual data. When we are trying to read from the pipe we end up calling page_cache_pipe_buf_confirm() which returns -ENODATA. This error is translated into 0 which is returned to a user. This issue is reproduced by running xfs-tests suite (generic test #249) against mount points with "cache=none". Fix it by mapping pages manually and calling copy_to_iter() that copies data into the pipe. Cc: Stable <stable@vger.kernel.org> Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
-
由 Jean Delvare 提交于
List soft dependencies of cifs so that mkinitrd and dracut can include the required helper modules. Reviewed-by: NPavel Shilovsky <pshilov@microsoft.com> Signed-off-by: NJean Delvare <jdelvare@suse.de> Cc: Steve French <sfrench@samba.org>
-
由 Jean Delvare 提交于
The sha256 and cmac crypto modules are only needed for SMB2+, so move the select statements to config CIFS_SMB2. Also select CRYPTO_AES there as SMB2+ needs it. Reviewed-by: NPavel Shilovsky <pshilov@microsoft.com> Signed-off-by: NJean Delvare <jdelvare@suse.de> Cc: Steve French <sfrench@samba.org>
-
由 Jean Delvare 提交于
* CIFS_SMB2 depends on CIFS, which depends on INET and selects NLS. So these dependencies do not need to be repeated for CIFS_SMB2. * CIFS_SMB311 depends on CIFS_SMB2, which depends on INET. So this dependency doesn't need to be repeated for CIFS_SMB311. Reviewed-by: NPavel Shilovsky <pshilov@microsoft.com> Signed-off-by: NJean Delvare <jdelvare@suse.de> Cc: Steve French <sfrench@samba.org>
-
- 15 1月, 2017 1 次提交
-
-
由 Rabin Vincent 提交于
Reviewed-by: NJeff Layton <jlayton@redhat.com> CC: Stable <stable@vger.kernel.org> file_info_lock is not initalized in initiate_cifs_search(), leading to the following splat after a simple "mount.cifs ... dir && ls dir/": BUG: spinlock bad magic on CPU#0, ls/486 lock: 0xffff880009301110, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0 CPU: 0 PID: 486 Comm: ls Not tainted 4.9.0 #27 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) ffffc900042f3db0 ffffffff81327533 0000000000000000 ffff880009301110 ffffc900042f3dd0 ffffffff810baf75 ffff880009301110 ffffffff817ae077 ffffc900042f3df0 ffffffff810baff6 ffff880009301110 ffff880008d69900 Call Trace: [<ffffffff81327533>] dump_stack+0x65/0x92 [<ffffffff810baf75>] spin_dump+0x85/0xe0 [<ffffffff810baff6>] spin_bug+0x26/0x30 [<ffffffff810bb159>] do_raw_spin_lock+0xe9/0x130 [<ffffffff8159ad2f>] _raw_spin_lock+0x1f/0x30 [<ffffffff8127e50d>] cifs_closedir+0x4d/0x100 [<ffffffff81181cfd>] __fput+0x5d/0x160 [<ffffffff81181e3e>] ____fput+0xe/0x10 [<ffffffff8109410e>] task_work_run+0x7e/0xa0 [<ffffffff81002512>] exit_to_usermode_loop+0x92/0xa0 [<ffffffff810026f9>] syscall_return_slowpath+0x49/0x50 [<ffffffff8159b484>] entry_SYSCALL_64_fastpath+0xa7/0xa9 Fixes: 3afca265 ("Clarify locking of cifs file and tcon structures and make more granular") Signed-off-by: NRabin Vincent <rabinv@axis.com> Signed-off-by: NSteve French <smfrench@gmail.com>
-
- 25 12月, 2016 1 次提交
-
-
由 Linus Torvalds 提交于
This was entirely automated, using the script by Al: PATT='^[[:blank:]]*#[[:blank:]]*include[[:blank:]]*<asm/uaccess.h>' sed -i -e "s!$PATT!#include <linux/uaccess.h>!" \ $(git grep -l "$PATT"|grep -v ^include/linux/uaccess.h) to do the replacement at the end of the merge window. Requested-by: NAl Viro <viro@zeniv.linux.org.uk> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 15 12月, 2016 3 次提交
-
-
由 Sachin Prabhu 提交于
When a server returns the optional flag SMB_SHARE_IS_IN_DFS in response to a tree connect, cifs_build_path_to_root() will return a pathname which includes the hostname. This causes problems with cifs_get_root() which separates each component and does a lookup for each component of the path which in this case will incorrectly include looking up the hostname component as a path component. We encountered a problem with dfs shares hosted by a Netapp. When connecting to nodes pointed to by the DFS share. The tree connect for these nodes return SMB_SHARE_IS_IN_DFS resulting failures in lookup in cifs_get_root(). RH bz: 1373153 The patch was tested against a Netapp simulator and by a user using an actual Netapp server. Signed-off-by: NSachin Prabhu <sprabhu@redhat.com> Reported-by: NPierguido Lambri <plambri@redhat.com> Reviewed-by: NJeff Layton <jlayton@redhat.com> Signed-off-by: NSteve French <smfrench@gmail.com>
-
由 Germano Percossi 提交于
With commit 2b149f11 many things have been fixed/introduced. However, the default behaviour for RawNTLMSSP authentication seems to be wrong in case the domain is not passed on the command line. The main points (see below) of the patch are: - It alignes behaviour with Windows clients - It fixes backward compatibility - It fixes UPN I compared this behavour with the one from a Windows 10 command line client. When no domains are specified on the command line, I traced the packets and observed that the client does send an empty domain to the server. In the linux kernel case, the empty domain is replaced by the primary domain communicated by the SMB server. This means that, if the credentials are valid against the local server but that server is part of a domain, then the kernel module will ask to authenticate against that domain and we will get LOGON failure. I compared the packet trace from the smbclient when no domain is passed and, in that case, a default domain from the client smb.conf is taken. Apparently, connection succeeds anyway, because when the domain passed is not valid (in my case WORKGROUP), then the local one is tried and authentication succeeds. I tried with any kind of invalid domain and the result was always a connection. So, trying to interpret what to do and picking a valid domain if none is passed, seems the wrong thing to do. To this end, a new option "domainauto" has been added in case the user wants a mechanism for guessing. Without this patch, backward compatibility also is broken. With kernel 3.10, the default auth mechanism was NTLM. One of our testing servers accepted NTLM and, because no domains are passed, authentication was local. Moving to RawNTLMSSP forced us to change our command line to add a fake domain to pass to prevent this mechanism to kick in. For the same reasons, UPN is broken because the domain is specified in the username. The SMB server will work out the domain from the UPN and authenticate against the right server. Without the patch, though, given the domain is empty, it gets replaced with another domain that could be the wrong one for the authentication. Signed-off-by: NGermano Percossi <germano.percossi@citrix.com> Acked-by: NPavel Shilovsky <pshilov@microsoft.com> Signed-off-by: NSteve French <smfrench@gmail.com>
-
由 Rasmus Villemoes 提交于
Passing a gazillion arguments takes a lot of code: add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-253 (-253) Signed-off-by: NRasmus Villemoes <linux@rasmusvillemoes.dk> Reviewed-by: NPavel Shilovsky <pshilov@microsoft.com> Signed-off-by: NSteve French <smfrench@gmail.com>
-
- 14 12月, 2016 1 次提交
-
-
由 Andy Lutomirski 提交于
smbencrypt() points a scatterlist to the stack, which is breaks if CONFIG_VMAP_STACK=y. Fix it by switching to crypto_cipher_encrypt_one(). The new code should be considerably faster as an added benefit. This code is nearly identical to some code that Eric Biggers suggested. Cc: stable@vger.kernel.org # 4.9 only Reported-by: NEric Biggers <ebiggers3@gmail.com> Signed-off-by: NAndy Lutomirski <luto@kernel.org> Acked-by: NJeff Layton <jlayton@redhat.com> Signed-off-by: NSteve French <smfrench@gmail.com>
-
- 09 12月, 2016 1 次提交
-
-
由 Miklos Szeredi 提交于
If .readlink == NULL implies generic_readlink(). Generated by: to_del="\.readlink.*=.*generic_readlink" for i in `git grep -l $to_del`; do sed -i "/$to_del"/d $i; done Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
-
- 06 12月, 2016 4 次提交
-
-
由 Pavel Shilovsky 提交于
With the current code it is possible to lock a mutex twice when a subsequent reconnects are triggered. On the 1st reconnect we reconnect sessions and tcons and then persistent file handles. If the 2nd reconnect happens during the reconnecting of persistent file handles then the following sequence of calls is observed: cifs_reopen_file -> SMB2_open -> small_smb2_init -> smb2_reconnect -> cifs_reopen_persistent_file_handles -> cifs_reopen_file (again!). So, we are trying to acquire the same cfile->fh_mutex twice which is wrong. Fix this by moving reconnecting of persistent handles to the delayed work (smb2_reconnect_server) and submitting this work every time we reconnect tcon in SMB2 commands handling codepath. This can also lead to corruption of a temporary file list in cifs_reopen_persistent_file_handles() because we can recursively call this function twice. Cc: Stable <stable@vger.kernel.org> # v4.9+ Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
-
由 Pavel Shilovsky 提交于
We can not unlock/lock cifs_tcp_ses_lock while walking through ses and tcon lists because it can corrupt list iterator pointers and a tcon structure can be released if we don't hold an extra reference. Fix it by moving a reconnect process to a separate delayed work and acquiring a reference to every tcon that needs to be reconnected. Also do not send an echo request on newly established connections. CC: Stable <stable@vger.kernel.org> Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
-
由 Pavel Shilovsky 提交于
If maxBuf is not 0 but less than a size of SMB2 lock structure we can end up with a memory corruption. Cc: Stable <stable@vger.kernel.org> Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
-
由 Pavel Shilovsky 提交于
Cc: Stable <stable@vger.kernel.org> Acked-by: NSachin Prabhu <sprabhu@redhat.com> Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
-
- 03 12月, 2016 1 次提交
-
-
由 Pavel Shilovsky 提交于
Cc: Stable <stable@vger.kernel.org> # v4.9+ Reviewed-by: NAurelien Aptel <aaptel@suse.com> Acked-by: NSachin Prabhu <sprabhu@redhat.com> Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
-
- 01 12月, 2016 1 次提交
-
-
由 Steve French 提交于
New mount option "snapshot=<time>" to allow mounting an earlier version of the remote volume (if such a snapshot exists on the server). Note that eventually specifying a snapshot time of 1 will allow the user to mount the oldest snapshot. A subsequent patch add the processing for that and another for actually specifying the "time warp" create context on SMB2/SMB3 open. Check to make sure SMB2 negotiated, and ensure that we use a different tcon if mount same share twice but with different snaphshot times Signed-off-by: NSteve French <smfrench@gmail.com> Reviewed-by: NPavel Shilovsky <pshilov@microsoft.com>
-
- 29 11月, 2016 3 次提交
-
-
由 Eryu Guan 提交于
Commit 2211d5ba ("posix_acl: xattr representation cleanups") removes the typedefs and the zero-length a_entries array in struct posix_acl_xattr_header, and uses bare struct posix_acl_xattr_header and struct posix_acl_xattr_entry directly. But it failed to iterate over posix acl slots when converting posix acls to CIFS format, which results in several test failures in xfstests (generic/053 generic/105) when testing against a samba v1 server, starting from v4.9-rc1 kernel. e.g. [root@localhost xfstests]# diff -u tests/generic/105.out /root/xfstests/results//generic/105.out.bad --- tests/generic/105.out 2016-09-19 16:33:28.577962575 +0800 +++ /root/xfstests/results//generic/105.out.bad 2016-10-22 15:41:15.201931110 +0800 @@ -1,3 +1,4 @@ QA output created by 105 -rw-r--r-- root +setfacl: subdir: Invalid argument -rw-r--r-- root Fix it by introducing a new "ace" var, like what cifs_copy_posix_acl() does, and iterating posix acl xattr entries over it in the for loop. Signed-off-by: NEryu Guan <guaneryu@gmail.com> Signed-off-by: NSteve French <smfrench@gmail.com>
-
由 Sachin Prabhu 提交于
Commit 4fcd1813 ("Fix reconnect to not defer smb3 session reconnect long after socket reconnect") changes the behaviour of the SMB2 echo service and causes it to renegotiate after a socket reconnect. However under default settings, the echo service could take up to 120 seconds to be scheduled. The patch forces the echo service to be called immediately resulting a negotiate call being made immediately on reconnect. Signed-off-by: NSachin Prabhu <sprabhu@redhat.com> Reviewed-by: NPavel Shilovsky <pshilov@microsoft.com> Signed-off-by: NSteve French <smfrench@gmail.com>
-
由 Sachin Prabhu 提交于
Andy Lutromirski's new virtually mapped kernel stack allocations moves kernel stacks the vmalloc area. This triggers the bug kernel BUG at ./include/linux/scatterlist.h:140! at calc_seckey()->sg_init() Signed-off-by: NSachin Prabhu <sprabhu@redhat.com> Signed-off-by: NSteve French <smfrench@gmail.com> Reviewed-by: NJeff Layton <jlayton@redhat.com>
-
- 01 11月, 2016 1 次提交
-
-
由 Christoph Hellwig 提交于
Nothing in fs.h should require blk_types.h to be included. Signed-off-by: NChristoph Hellwig <hch@lst.de> Signed-off-by: NJens Axboe <axboe@fb.com>
-
- 15 10月, 2016 2 次提交
-
-
由 Steve French 提交于
New mount option "idsfromsid" indicates to cifs.ko that it should try to retrieve the uid and gid owner fields from special sids. This patch adds the code to parse the owner sids in the ACL to see if they match, and if so populate the uid and/or gid from them. This is faster than upcalling for them and asking winbind, and is a fairly common case, and is also helpful when cifs.upcall and idmapping is not configured. Signed-off-by: NSteve French <steve.french@primarydata.com> Reviewed-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com> Reviewed-by: NJeff Layton <jlayton@redhat.com> Reviewed-by: NPavel Shilovsky <pshilov@microsoft.com>
-
由 Steve French 提交于
Add "idsfromsid" mount option to indicate to cifs.ko that it should try to retrieve the uid and gid owner fields from special sids in the ACL if present. This first patch just adds the parsing for the mount option. Signed-off-by: NSteve French <steve.french@primarydata.com> Reviewed-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com> Reviewed-by: NPavel Shilovsky <pshilov@microsoft.com>
-
- 14 10月, 2016 5 次提交
-
-
由 Pavel Shilovsky 提交于
We are already doing the same thing for an ordinary open case: we can't keep read oplock on a file if we have mandatory byte-range locks because pagereading can conflict with these locks on a server. Fix it by setting oplock level to NONE. Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com> Signed-off-by: NSteve French <smfrench@gmail.com>
-
由 Pavel Shilovsky 提交于
openFileList of tcon can be changed while cifs_reopen_file() is called that can lead to an unexpected behavior when we return to the loop. Fix this by introducing a temp list for keeping all file handles that need to be reopen. Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com> Signed-off-by: NSteve French <smfrench@gmail.com>
-
由 Sachin Prabhu 提交于
We split the rawntlmssp authentication into negotiate and authencate parts. We also clean up the code and add helpers. Signed-off-by: NSachin Prabhu <sprabhu@redhat.com> Signed-off-by: NSteve French <smfrench@gmail.com> Reviewed-by: NPavel Shilovsky <pshilov@microsoft.com>
-
由 Sachin Prabhu 提交于
Add helper functions and split Kerberos authentication off SMB2_sess_setup. Signed-off-by: NSachin Prabhu <sprabhu@redhat.com> Signed-off-by: NSteve French <smfrench@gmail.com> Reviewed-by: NPavel Shilovsky <pshilov@microsoft.com>
-
由 Germano Percossi 提交于
/sys/module/cifs/parameters should display the three other module load time configuration settings for cifs.ko Signed-off-by: NGermano Percossi <germano.percossi@citrix.com> Signed-off-by: NSteve French <steve.french@primarydata.com>
-