summaryrefslogtreecommitdiff
path: root/fs/cifs
AgeCommit message (Collapse)AuthorFilesLines
2013-07-12CIFS: Fix a deadlock when a file is reopenedPavel Shilovsky1-5/+4
If we request reading or writing on a file that needs to be reopened, it causes the deadlock: we are already holding rw semaphore for reading and then we try to acquire it for writing in cifs_relock_file. Fix this by acquiring the semaphore for reading in cifs_relock_file due to we don't make any changes in locks and don't need a write access. CC: <stable@vger.kernel.org> Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-07-12CIFS: Reopen the file if reconnect durable handle failedPavel Shilovsky1-1/+7
This is a follow-on patch for 8/8 patch from the durable handles series. It fixes the problem when durable file handle timeout expired on the server and reopen returns -ENOENT for such files. Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steve French <smfrench@gmail.com>
2013-07-10[CIFS] Fix minor endian error in durable handle patch seriesSteve French1-1/+2
Fix endian warning: CHECK fs/cifs/smb2pdu.c fs/cifs/smb2pdu.c:1068:40: warning: incorrect type in assignment (different base types) fs/cifs/smb2pdu.c:1068:40: expected restricted __le32 [usertype] Next fs/cifs/smb2pdu.c:1068:40: got unsigned long Signed-off-by: Steve French <smfrench@gmail.com>
2013-07-10CIFS: Reconnect durable handles for SMB2Pavel Shilovsky8-12/+58
On reconnects, we need to reopen file and then obtain all byte-range locks held by the client. SMB2 protocol provides feature to make this process atomic by reconnecting to the same file handle with all it's byte-range locks. This patch adds this capability for SMB2 shares. Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steven French <steven@steven-GA-970A-DS3.(none)>
2013-07-10CIFS: Make SMB2_open use cifs_open_parms structPavel Shilovsky5-50/+66
to prepare it for further durable handle reconnect processing. Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steven French <steven@steven-GA-970A-DS3.(none)>
2013-07-10CIFS: Introduce cifs_open_parms structPavel Shilovsky6-41/+73
and pass it to the open() call. Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steven French <steven@steven-GA-970A-DS3.(none)>
2013-07-10CIFS: Request durable open for SMB2 opensPavel Shilovsky3-2/+68
by passing durable context together with a handle caching lease or batch oplock. Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steven French <steven@steven-GA-970A-DS3.(none)>
2013-07-10CIFS: Simplify SMB2 create context handlingPavel Shilovsky1-12/+26
to make it easier to add other create context further. Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steven French <steven@steven-GA-970A-DS3.(none)>
2013-07-10CIFS: Simplify SMB2_open code pathPavel Shilovsky2-36/+25
by passing a filename to a separate iovec regardless of its length. Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steven French <steven@steven-GA-970A-DS3.(none)>
2013-07-10CIFS: Respect create_options in smb2_open_filePavel Shilovsky5-22/+25
and eliminated unused file_attribute parms of SMB2_open. Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steven French <steven@steven-GA-970A-DS3.(none)>
2013-07-10CIFS: Fix lease context buffer parsingPavel Shilovsky1-6/+7
to prevent missing RqLs context if it's not the first one. Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steven French <steven@steven-GA-970A-DS3.(none)>
2013-07-04[CIFS] use sensible file nlink values if unprovidedSteve French1-0/+5
Certain servers may not set the NumberOfLinks field in query file/path info responses. In such a case, cifs_inode_needs_reval() assumes that all regular files are hardlinks and triggers revalidation, leading to excessive and unnecessary network traffic. This change hardcodes cf_nlink (and subsequently i_nlink) when not returned by the server, similar to what already occurs in cifs_mkdir(). Cc: <stable@vger.kernel.org> Signed-off-by: David Disseldorp <ddiss@suse.de> Signed-off-by: Steve French <smfrench@gmail.com>
2013-07-04Limit allocation of crypto mechanisms to dialect which requiresSteve French4-118/+174
Updated patch to try to prevent allocation of cifs, smb2 or smb3 crypto secmech structures unless needed. Currently cifs allocates all crypto mechanisms when the first session is established (4 functions and 4 contexts), rather than only allocating these when needed (smb3 needs two, the rest of the dialects only need one). Acked-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-07-04Merge tag 'pm+acpi-3.11-rc1' of ↵Linus Torvalds1-1/+1
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management and ACPI updates from Rafael Wysocki: "This time the total number of ACPI commits is slightly greater than the number of cpufreq commits, but Viresh Kumar (who works on cpufreq) remains the most active patch submitter. To me, the most significant change is the addition of offline/online device operations to the driver core (with the Greg's blessing) and the related modifications of the ACPI core hotplug code. Next are the freezer updates from Colin Cross that should make the freezing of tasks a bit less heavy weight. We also have a couple of regression fixes, a number of fixes for issues that have not been identified as regressions, two new drivers and a bunch of cleanups all over. Highlights: - Hotplug changes to support graceful hot-removal failures. It sometimes is necessary to fail device hot-removal operations gracefully if they cannot be carried out completely. For example, if memory from a memory module being hot-removed has been allocated for the kernel's own use and cannot be moved elsewhere, it's desirable to fail the hot-removal operation in a graceful way rather than to crash the kernel, but currenty a success or a kernel crash are the only possible outcomes of an attempted memory hot-removal. Needless to say, that is not a very attractive alternative and it had to be addressed. However, in order to make it work for memory, I first had to make it work for CPUs and for this purpose I needed to modify the ACPI processor driver. It's been split into two parts, a resident one handling the low-level initialization/cleanup and a modular one playing the actual driver's role (but it binds to the CPU system device objects rather than to the ACPI device objects representing processors). That's been sort of like a live brain surgery on a patient who's riding a bike. So this is a little scary, but since we found and fixed a couple of regressions it caused to happen during the early linux-next testing (a month ago), nobody has complained. As a bonus we remove some duplicated ACPI hotplug code, because the ACPI-based CPU hotplug is now going to use the common ACPI hotplug code. - Lighter weight freezing of tasks. These changes from Colin Cross and Mandeep Singh Baines are targeted at making the freezing of tasks a bit less heavy weight operation. They reduce the number of tasks woken up every time during the freezing, by using the observation that the freezer simply doesn't need to wake up some of them and wait for them all to call refrigerator(). The time needed for the freezer to decide to report a failure is reduced too. Also reintroduced is the check causing a lockdep warining to trigger when try_to_freeze() is called with locks held (which is generally unsafe and shouldn't happen). - cpufreq updates First off, a commit from Srivatsa S Bhat fixes a resume regression introduced during the 3.10 cycle causing some cpufreq sysfs attributes to return wrong values to user space after resume. The fix is kind of fresh, but also it's pretty obvious once Srivatsa has identified the root cause. Second, we have a new freqdomain_cpus sysfs attribute for the acpi-cpufreq driver to provide information previously available via related_cpus. From Lan Tianyu. Finally, we fix a number of issues, mostly related to the CPUFREQ_POSTCHANGE notifier and cpufreq Kconfig options and clean up some code. The majority of changes from Viresh Kumar with bits from Jacob Shin, Heiko Stübner, Xiaoguang Chen, Ezequiel Garcia, Arnd Bergmann, and Tang Yuantian. - ACPICA update A usual bunch of updates from the ACPICA upstream. During the 3.4 cycle we introduced support for ACPI 5 extended sleep registers, but they are only supposed to be used if the HW-reduced mode bit is set in the FADT flags and the code attempted to use them without checking that bit. That caused suspend/resume regressions to happen on some systems. Fix from Lv Zheng causes those registers to be used only if the HW-reduced mode bit is set. Apart from this some other ACPICA bugs are fixed and code cleanups are made by Bob Moore, Tomasz Nowicki, Lv Zheng, Chao Guan, and Zhang Rui. - cpuidle updates New driver for Xilinx Zynq processors is added by Michal Simek. Multidriver support simplification, addition of some missing kerneldoc comments and Kconfig-related fixes come from Daniel Lezcano. - ACPI power management updates Changes to make suspend/resume work correctly in Xen guests from Konrad Rzeszutek Wilk, sparse warning fix from Fengguang Wu and cleanups and fixes of the ACPI device power state selection routine. - ACPI documentation updates Some previously missing pieces of ACPI documentation are added by Lv Zheng and Aaron Lu (hopefully, that will help people to uderstand how the ACPI subsystem works) and one outdated doc is updated by Hanjun Guo. - Assorted ACPI updates We finally nailed down the IA-64 issue that was the reason for reverting commit 9f29ab11ddbf ("ACPI / scan: do not match drivers against objects having scan handlers"), so we can fix it and move the ACPI scan handler check added to the ACPI video driver back to the core. A mechanism for adding CMOS RTC address space handlers is introduced by Lan Tianyu to allow some EC-related breakage to be fixed on some systems. A spec-compliant implementation of acpi_os_get_timer() is added by Mika Westerberg. The evaluation of _STA is added to do_acpi_find_child() to avoid situations in which a pointer to a disabled device object is returned instead of an enabled one with the same _ADR value. From Jeff Wu. Intel BayTrail PCH (Platform Controller Hub) support is added to the ACPI driver for Intel Low-Power Subsystems (LPSS) and that driver is modified to work around a couple of known BIOS issues. Changes from Mika Westerberg and Heikki Krogerus. The EC driver is fixed by Vasiliy Kulikov to use get_user() and put_user() instead of dereferencing user space pointers blindly. Code cleanups are made by Bjorn Helgaas, Nicholas Mazzuca and Toshi Kani. - Assorted power management updates The "runtime idle" helper routine is changed to take the return values of the callbacks executed by it into account and to call rpm_suspend() if they return 0, which allows us to reduce the overall code bloat a bit (by dropping some code that's not necessary any more after that modification). The runtime PM documentation is updated by Alan Stern (to reflect the "runtime idle" behavior change). New trace points for PM QoS are added by Sahara (<keun-o.park@windriver.com>). PM QoS documentation is updated by Lan Tianyu. Code cleanups are made and minor issues are addressed by Bernie Thompson, Bjorn Helgaas, Julius Werner, and Shuah Khan. - devfreq updates New driver for the Exynos5-bus device from Abhilash Kesavan. Minor cleanups, fixes and MAINTAINERS update from MyungJoo Ham, Abhilash Kesavan, Paul Bolle, Rajagopal Venkat, and Wei Yongjun. - OMAP power management updates Adaptive Voltage Scaling (AVS) SmartReflex voltage control driver updates from Andrii Tseglytskyi and Nishanth Menon." * tag 'pm+acpi-3.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: (162 commits) cpufreq: Fix cpufreq regression after suspend/resume ACPI / PM: Fix possible NULL pointer deref in acpi_pm_device_sleep_state() PM / Sleep: Warn about system time after resume with pm_trace cpufreq: don't leave stale policy pointer in cdbs->cur_policy acpi-cpufreq: Add new sysfs attribute freqdomain_cpus cpufreq: make sure frequency transitions are serialized ACPI: implement acpi_os_get_timer() according the spec ACPI / EC: Add HP Folio 13 to ec_dmi_table in order to skip DSDT scan ACPI: Add CMOS RTC Operation Region handler support ACPI / processor: Drop unused variable from processor_perflib.c cpufreq: tegra: call CPUFREQ_POSTCHANGE notfier in error cases cpufreq: s3c64xx: call CPUFREQ_POSTCHANGE notfier in error cases cpufreq: omap: call CPUFREQ_POSTCHANGE notfier in error cases cpufreq: imx6q: call CPUFREQ_POSTCHANGE notfier in error cases cpufreq: exynos: call CPUFREQ_POSTCHANGE notfier in error cases cpufreq: dbx500: call CPUFREQ_POSTCHANGE notfier in error cases cpufreq: davinci: call CPUFREQ_POSTCHANGE notfier in error cases cpufreq: arm-big-little: call CPUFREQ_POSTCHANGE notfier in error cases cpufreq: powernow-k8: call CPUFREQ_POSTCHANGE notfier in error cases cpufreq: pcc: call CPUFREQ_POSTCHANGE notfier in error cases ...
2013-07-04Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6Linus Torvalds24-505/+1034
Pull cifs updates from Steve French: "Various CIFS/SMB2/SMB3 updates for 3.11. Includes bug fixes - SMB3 support should be much more stable with key DFS fix and also signing possible now (although is more work to do to get SMB3 signing working well with multiuser). Mounts using the new SMB 3.02 dialect can now be done (specify "vers=3.02" on mount) against the most current Microsoft systems. Also includes a big cleanup of the cifs/smb2/smb3 authentication code from Jeff which fixes some long standing problems with the way allowed authentication flavors and signing are configured. Some followon patches later in the cycle will clean up allocation of structures for the various security mechanisms depending on what dialect is chosen (reduces memory usage a little) and to add support for the secure negotiate fsctl (for smb3) which prevents downgrade attacks." * 'for-next' of git://git.samba.org/sfrench/cifs-2.6: (39 commits) cifs: fill TRANS2_QUERY_FILE_INFO ByteCount fields cifs: fix SMB2 signing enablement in cifs_enable_signing [CIFS] Fix build warning [CIFS] SMB3 Signing enablement [CIFS] Do not set DFS flag on SMB2 open [CIFS] fix static checker warning cifs: try to handle the MUST SecurityFlags sanely When server doesn't provide SecurityBuffer on SMB2Negotiate pick default Handle big endianness in NTLM (ntlmv2) authentication revalidate directories instiantiated via FIND_* in order to handle DFS referrals SMB2 FSCTL and IOCTL worker function Charge at least one credit, if server says that it supports multicredit Remove typo Some missing share flags cifs: using strlcpy instead of strncpy Update headers to update various SMB3 ioctl definitions Update cifs version number Add ability to dipslay SMB3 share flags and capabilities for debugging Add some missing SMB3 and SMB3.02 flags Add SMB3.02 dialect support ...
2013-07-03Merge branch 'for-linus' of ↵Linus Torvalds3-14/+12
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull second set of VFS changes from Al Viro: "Assorted f_pos race fixes, making do_splice_direct() safe to call with i_mutex on parent, O_TMPFILE support, Jeff's locks.c series, ->d_hash/->d_compare calling conventions changes from Linus, misc stuff all over the place." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (63 commits) Document ->tmpfile() ext4: ->tmpfile() support vfs: export lseek_execute() to modules lseek_execute() doesn't need an inode passed to it block_dev: switch to fixed_size_llseek() cpqphp_sysfs: switch to fixed_size_llseek() tile-srom: switch to fixed_size_llseek() proc_powerpc: switch to fixed_size_llseek() ubi/cdev: switch to fixed_size_llseek() pci/proc: switch to fixed_size_llseek() isapnp: switch to fixed_size_llseek() lpfc: switch to fixed_size_llseek() locks: give the blocked_hash its own spinlock locks: add a new "lm_owner_key" lock operation locks: turn the blocked_list into a hashtable locks: convert fl_link to a hlist_node locks: avoid taking global lock if possible when waking up blocked waiters locks: protect most of the file_lock handling with i_lock locks: encapsulate the fl_link list handling locks: make "added" in __posix_lock_file a bool ...
2013-07-02Merge tag 'ext4_for_linus' of ↵Linus Torvalds1-2/+3
git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 Pull ext4 update from Ted Ts'o: "Lots of bug fixes, cleanups and optimizations. In the bug fixes category, of note is a fix for on-line resizing file systems where the block size is smaller than the page size (i.e., file systems 1k blocks on x86, or more interestingly file systems with 4k blocks on Power or ia64 systems.) In the cleanup category, the ext4's punch hole implementation was significantly improved by Lukas Czerner, and now supports bigalloc file systems. In addition, Jan Kara significantly cleaned up the write submission code path. We also improved error checking and added a few sanity checks. In the optimizations category, two major optimizations deserve mention. The first is that ext4_writepages() is now used for nodelalloc and ext3 compatibility mode. This allows writes to be submitted much more efficiently as a single bio request, instead of being sent as individual 4k writes into the block layer (which then relied on the elevator code to coalesce the requests in the block queue). Secondly, the extent cache shrink mechanism, which was introduce in 3.9, no longer has a scalability bottleneck caused by the i_es_lru spinlock. Other optimizations include some changes to reduce CPU usage and to avoid issuing empty commits unnecessarily." * tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: (86 commits) ext4: optimize starting extent in ext4_ext_rm_leaf() jbd2: invalidate handle if jbd2_journal_restart() fails ext4: translate flag bits to strings in tracepoints ext4: fix up error handling for mpage_map_and_submit_extent() jbd2: fix theoretical race in jbd2__journal_restart ext4: only zero partial blocks in ext4_zero_partial_blocks() ext4: check error return from ext4_write_inline_data_end() ext4: delete unnecessary C statements ext3,ext4: don't mess with dir_file->f_pos in htree_dirblock_to_tree() jbd2: move superblock checksum calculation to jbd2_write_superblock() ext4: pass inode pointer instead of file pointer to punch hole ext4: improve free space calculation for inline_data ext4: reduce object size when !CONFIG_PRINTK ext4: improve extent cache shrink mechanism to avoid to burn CPU time ext4: implement error handling of ext4_mb_new_preallocation() ext4: fix corruption when online resizing a fs with 1K block size ext4: delete unused variables ext4: return FIEMAP_EXTENT_UNKNOWN for delalloc extents jbd2: remove debug dependency on debug_fs and update Kconfig help text jbd2: use a single printk for jbd_debug() ...
2013-06-29locks: protect most of the file_lock handling with i_lockJeff Layton2-7/+8
Having a global lock that protects all of this code is a clear scalability problem. Instead of doing that, move most of the code to be protected by the i_lock instead. The exceptions are the global lists that the ->fl_link sits on, and the ->fl_block list. ->fl_link is what connects these structures to the global lists, so we must ensure that we hold those locks when iterating over or updating these lists. Furthermore, sound deadlock detection requires that we hold the blocked_list state steady while checking for loops. We also must ensure that the search and update to the list are atomic. For the checking and insertion side of the blocked_list, push the acquisition of the global lock into __posix_lock_file and ensure that checking and update of the blocked_list is done without dropping the lock in between. On the removal side, when waking up blocked lock waiters, take the global lock before walking the blocked list and dequeue the waiters from the global list prior to removal from the fl_block list. With this, deadlock detection should be race free while we minimize excessive file_lock_lock thrashing. Finally, in order to avoid a lock inversion problem when handling /proc/locks output we must ensure that manipulations of the fl_block list are also protected by the file_lock_lock. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-06-29cifs: use posix_unblock_lock instead of locks_delete_blockJeff Layton1-1/+1
commit 66189be74 (CIFS: Fix VFS lock usage for oplocked files) exported the locks_delete_block symbol. There's already an exported helper function that provides this capability however, so make cifs use that instead and turn locks_delete_block back into a static function. Note that if fl->fl_next == NULL then this lock has already been through locks_delete_block(), so we should be OK to ignore an ENOENT error here and simply not retry the lock. Cc: Pavel Shilovsky <piastryyy@gmail.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-06-29Don't pass inode to ->d_hash() and ->d_compare()Linus Torvalds1-6/+3
Instances either don't look at it at all (the majority of cases) or only want it to find the superblock (which can be had as dentry->d_sb). A few cases that want more are actually safe with dentry->d_inode - the only precaution needed is the check that it hadn't been replaced with NULL by rmdir() or by overwriting rename(), which case should be simply treated as cache miss. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-06-29[readdir] convert cifsAl Viro3-100/+82
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-06-29cifs: fill TRANS2_QUERY_FILE_INFO ByteCount fieldsDavid Disseldorp1-0/+2
Currently the trans2 ByteCount field is incorrectly left zero in TRANS2_QUERY_FILE_INFO info_level=SMB_QUERY_FILE_ALL_INFO and info_level=SMB_QUERY_FILE_UNIX_BASIC requests. The field should properly reflect the FID, information_level and padding bytes carried in these requests. Leaving this field zero causes such requests to fail against Novell CIFS servers. Other SMB servers (e.g. Samba) use the parameter count fields for data length calculations instead, so do not suffer the same fate. Signed-off-by: David Disseldorp <ddiss@suse.de> Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-28Merge branch 'freezer'Rafael J. Wysocki1-1/+1
* freezer: af_unix: use freezable blocking calls in read sigtimedwait: use freezable blocking call nanosleep: use freezable blocking call futex: use freezable blocking call select: use freezable blocking call epoll: use freezable blocking call binder: use freezable blocking calls freezer: add new freezable helpers using freezer_do_not_count() freezer: convert freezable helpers to static inline where possible freezer: convert freezable helpers to freezer_do_not_count() freezer: skip waking up tasks with PF_FREEZER_SKIP set freezer: shorten freezer sleep time using exponential backoff lockdep: check that no locks held at freeze time lockdep: remove task argument from debug_check_no_locks_held freezer: add unsafe versions of freezable helpers for CIFS freezer: add unsafe versions of freezable helpers for NFS
2013-06-28cifs: fix SMB2 signing enablement in cifs_enable_signingJeff Layton4-2/+14
Commit 9ddec56131 (cifs: move handling of signed connections into separate function) broke signing on SMB2/3 connections. While the code to enable signing on the connections was very similar between the two, the bits that get set in the sec_mode are different. Declare a couple of new smb_version_values fields and set them appropriately for SMB1 and SMB2/3. Then change cifs_enable_signing to use those instead. Reported-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Tested-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-27[CIFS] Fix build warningSteve French5-4/+8
Fix build warning in Shirish's recent SMB3 signing patch which occurs when SMB2 support is disabled in Kconfig. fs/built-in.o: In function `cifs_setup_session': >> (.text+0xa1767): undefined reference to `generate_smb3signingkey' Pointed out by: automated 0-DAY kernel build testing backend Intel Open Source Technology Center CC: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-27[CIFS] SMB3 Signing enablementSteve French8-2/+188
SMB3 uses a much faster method of signing (which is also better in other ways), AES-CMAC. With the kernel now supporting AES-CMAC since last release, we are overdue to allow SMB3 signing (today only CIFS and SMB2 and SMB2.1, but not SMB3 and SMB3.1 can sign) - and we need this also for checking secure negotation and also per-share encryption (two other new SMB3 features which we need to implement). This patch needs some work in a few areas - for example we need to move signing for SMB2/SMB3 from per-socket to per-user (we may be able to use the "nosharesock" mount option in the interim for the multiuser case), and Shirish found a bug in the earlier authentication overhaul (setting signing flags properly) - but those can be done in followon patches. Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-27[CIFS] Do not set DFS flag on SMB2 openSteve French1-7/+14
If we would set SMB2_FLAGS_DFS_OPERATIONS on open we also would have to pass the path on the Open SMB prefixed by \\server\share. Not sure when we would need to do the augmented path (if ever) and setting this flag breaks the SMB2 open operation since it is illegal to send an empty path name (without \\server\share prefix) when the DFS flag is set in the SMB open header. We could consider setting the flag on all operations other than open but it is safer to net set it for now. Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-27[CIFS] fix static checker warningSteve French1-1/+2
Dan Carpenter wrote: The patch 7f420cee8bd6: "[CIFS] Charge at least one credit, if server says that it supports multicredit" from Jun 23, 2013, leads to the following Smatch complaint: fs/cifs/smb2pdu.c:120 smb2_hdr_assemble() warn: variable dereferenced before check 'tcon->ses' (see line 115) CC: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-27cifs: try to handle the MUST SecurityFlags sanelyJeff Layton1-0/+28
The cifs.ko SecurityFlags interface wins my award for worst-designed interface ever, but we're sort of stuck with it since it's documented and people do use it (even if it doesn't work correctly). Case in point -- you can specify multiple sets of "MUST" flags. It makes absolutely no sense, but you can do it. What should the effect be in such a case? No one knows or seems to have considered this so far, so let's define it now. If you try to specify multiple MUST flags, clear any other MAY or MUST bits except for the ones that involve signing. Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-27When server doesn't provide SecurityBuffer on SMB2Negotiate pick defaultSteve French1-7/+11
According to MS-SMB2 section 2.2.4: if no blob, client picks default which for us will be ses->sectype = RawNTLMSSP; but for time being this is also our only auth choice so doesn't matter as long as we include this fix (which does not treat the empty SecurityBuffer as an error as the code had been doing). We just found a server which sets blob length to zero expecting raw so this fixes negotiation with that server. Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-27Handle big endianness in NTLM (ntlmv2) authenticationSteve French2-7/+7
This is RH bug 970891 Uppercasing of username during calculation of ntlmv2 hash fails because UniStrupr function does not handle big endian wchars. Also fix a comment in the same code to reflect its correct usage. [To make it easier for stable (rather than require 2nd patch) fixed this patch of Shirish's to remove endian warning generated by sparse -- steve f.] Reported-by: steve <sanpatr1@in.ibm.com> Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Cc: <stable@kernel.org> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-27revalidate directories instiantiated via FIND_* in order to handle DFS referralsJeff Layton1-0/+29
We've had a long-standing problem with DFS referral points. CIFS servers generally try to make them look like directories in FIND_FIRST/NEXT responses. When you go to try to do a FIND_FIRST on them though, the server will then (correctly) return STATUS_PATH_NOT_COVERED. Mostly this manifests as spurious EREMOTE errors back to userland. This patch attempts to fix this by marking directories that are discovered via FIND_FIRST/NEXT for revaldiation. When the lookup code runs across them again, we'll reissue a QPathInfo against them and that will make it chase the referral properly. There is some performance penalty involved here and no I haven't measured it -- it'll be highly dependent upon the workload and contents of the mounted share. To try and mitigate that though, the code only marks the inode for revalidation when it's possible to run across a DFS referral. i.e.: when the kernel has DFS support built in and the share is "in DFS" [At the Microsoft plugfest we noted that usually the DFS links had the REPARSE attribute tag enabled - DFS junctions are reparse points after all - so I just added a check for that flag too so the performance impact should be smaller - Steve] Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Sachin Prabhu <sprabhu@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-27SMB2 FSCTL and IOCTL worker functionSteve French4-0/+147
This worker function is needed to send SMB2 fsctl (and ioctl) requests including: validating negotiation info (secure negotiate) querying the servers network interfaces copy offload (refcopy) Followon patches for the above three will use this. This patch also does general validation of the response. In the future, as David Disseldorp notes, for the copychunk ioctl case, we will want to enhance the response processing to allow returning the chunk request limits to the caller (even though the server returns an error, in that case we would return data that the caller could use - see 2.2.32.1). See MS-SMB2 Section 2.2.31 for more details on format of fsctl. Acked-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-27Charge at least one credit, if server says that it supports multicreditSteve French1-1/+8
In SMB2.1 and later the server will usually set the large MTU flag, and we need to charge at least one credit, if server says that since it supports multicredit. Windows seems to let us get away with putting a zero there, but they confirmed that it is wrong and the spec says to put one there (if the request is under 64K and the CAP_LARGE_MTU was returned during protocol negotiation by the server. CC: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-27Remove typoSteve French1-1/+0
Cut and paste likely introduced accidentally inserted spurious #define in d60622eb5a23904facf4a4efac60f5bfa810d7d4 causes no harm but looks weird Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-27Some missing share flagsSteve French1-2/+5
Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-27cifs: using strlcpy instead of strncpyZhao Hongjiang2-2/+2
for NUL terminated string, need alway set '\0' in the end. Signed-off-by: Zhao Hongjiang <zhaohongjiang@huawei.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-24Update headers to update various SMB3 ioctl definitionsSteve French3-3/+80
MS-SMB2 Section 2.2.31 lists fsctls. Update our list of valid cifs/smb2/smb3 fsctls and some related structs based on more recent version of docs. Additional detail on less common ones can be found in MS-FSCC section 2.3. CopyChunk (server side copy, ie refcopy) will depend on a few of these Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-24Update cifs version numberSteve French1-1/+1
More than 160 fixes since we last bumped the version number of cifs.ko. Update to version 2.01 so it is easier in modinfo to tell that fixes are in. Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-24Add ability to dipslay SMB3 share flags and capabilities for debuggingSteve French4-2/+26
SMB3 protocol adds various optional per-share capabilities (and SMB3.02 adds one more beyond that). Add ability to dump (/proc/fs/cifs/DebugData) the share capabilities and share flags to improve debugging. Signed-off-by: Steve French <smfrench@gmail.com> Acked-by: Jeff Layton <jlayton@redhat.com>
2013-06-24Add some missing SMB3 and SMB3.02 flagsSteve French1-5/+18
A few missing flags from SMB3.0 dialect, one missing from 2.1, and the new #define flags for SMB3.02 Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-24Add SMB3.02 dialect supportSteve French5-0/+30
The new Windows update supports SMB3.02 dialect, a minor update to SMB3. This patch adds support for mounting with vers=3.02 Signed-off-by: Steve French <smfrench@gmail.com> Reviewed-by: Jeff Layton <jlayton@redhat.com>
2013-06-24Fix endian error in SMB2 protocol negotiationSteve French1-2/+2
Fix minor endian error in Jeff's auth rewrite Reviewed-by: Jeff Laytonn <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-24cifs: clean up the SecurityFlags write handlerJeff Layton1-6/+14
The SecurityFlags handler uses an obsolete simple_strtoul() call, and doesn't really handle the bounds checking well. Fix it to use kstrtouint() instead. Clean up the error messages as well and fix a bogus check for an unsigned int to be less than 0. Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-24cifs: update the default global_secflags to include "raw" NTLMv2Jeff Layton1-1/+1
Before this patchset, the global_secflags could only offer up a single sectype. With the new set though we have the ability to allow different sectypes since we sort out the one to use after talking to the server. Change the global_secflags to allow NTLMSSP or NTLMv2 by default. If the server sets the extended security bit in the Negotiate response, then we'll use NTLMSSP. If it doesn't then we'll use raw NTLMv2. Mounting a LANMAN server will still require a sec= option by default. Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-24move sectype to the cifs_ses instead of TCP_Server_InfoJeff Layton7-180/+115
Now that we track what sort of NEGOTIATE response was received, stop mandating that every session on a socket use the same type of auth. Push that decision out into the session setup code, and make the sectype a per-session property. This should allow us to mix multiple sectypes on a socket as long as they are compatible with the NEGOTIATE response. With this too, we can now eliminate the ses->secFlg field since that info is redundant and harder to work with than a securityEnum. Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-24cifs: track the enablement of signing in the TCP_Server_InfoJeff Layton10-82/+71
Currently, we determine this according to flags in the sec_mode, flags in the global_secflags and via other methods. That makes the semantics very hard to follow and there are corner cases where we don't handle this correctly. Add a new bool to the TCP_Server_Info that acts as a simple flag to tell us whether signing is enabled on this connection or not, and fix up the places that need to determine this to use that flag. This is a bit weird for the SMB2 case, where signing is per-session. SMB2 needs work in this area already though. The existing SMB2 code has similar logic to what we're using here, so there should be no real change in behavior. These changes should make it easier to implement per-session signing in the future though. Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-24add new fields to smb_vol to track the requested security flavorJeff Layton2-0/+27
We have this to some degree already in secFlgs, but those get "or'ed" so there's no way to know what the last option requested was. Add new fields that will eventually supercede the secFlgs field in the cifs_ses. Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-24cifs: add new fields to cifs_ses to track requested security flavorJeff Layton3-4/+13
Currently we have the overrideSecFlg field, but it's quite cumbersome to work with. Add some new fields that will eventually supercede it. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-06-24cifs: track the flavor of the NEGOTIATE reponseJeff Layton3-5/+16
Track what sort of NEGOTIATE response we get from the server, as that will govern what sort of authentication types this socket will support. There are three possibilities: LANMAN: server sent legacy LANMAN-type response UNENCAP: server sent a newer-style response, but extended security bit wasn't set. This socket will only support unencapsulated auth types. EXTENDED: server sent a newer-style response with the extended security bit set. This is necessary to support krb5 and ntlmssp auth types. Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>