1. 17 Feb, 2018 1 commit
  2. 18 Oct, 2017 1 commit
  3. 05 Oct, 2017 1 commit
    • Shu Wang's avatar
      cifs: release auth_key.response for reconnect. · b6a77c7b
      Shu Wang authored
      commit f5c4ba81 upstream.
      
      There is a race that cause cifs reconnect in cifs_mount,
      - cifs_mount
        - cifs_get_tcp_session
          - [ start thread cifs_demultiplex_thread
            - cifs_read_from_socket: -ECONNABORTED
              - DELAY_WORK smb2_reconnect_server ]
        - cifs_setup_session
        - [ smb2_reconnect_server ]
      
      auth_key.response was allocated in cifs_setup_session, and
      will release when the session destoried. So when session re-
      connect, auth_key.response should be check and released.
      
      Tested with my system:
      CIFS VFS: Free previous auth_key.response = ffff8800320bbf80
      
      A simple auth_key.response allocation call trace:
      - cifs_setup_session
      - SMB2_sess_setup
      - SMB2_sess_auth_rawntlmssp_authenticate
      - build_ntlmssp_auth_blob
      - setup_ntlmv2_rsp
      Signed-off-by: default avatarShu Wang <shuwang@redhat.com>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      Reviewed-by: default avatarRonnie Sahlberg <lsahlber@redhat.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b6a77c7b
  4. 20 May, 2017 1 commit
  5. 08 May, 2017 1 commit
  6. 06 Jan, 2017 1 commit
  7. 29 Nov, 2016 1 commit
  8. 14 Oct, 2016 1 commit
  9. 12 Oct, 2016 3 commits
  10. 10 Sep, 2016 2 commits
  11. 28 Jul, 2016 1 commit
  12. 19 Jul, 2016 1 commit
    • Rabin Vincent's avatar
      cifs: unbreak TCP session reuse · b782fcc1
      Rabin Vincent authored
      adfeb3e0 ("cifs: Make echo interval tunable") added a comparison of
      vol->echo_interval to server->echo_interval as a criterium to
      match_server(), but:
      
       (1) A default value is set for server->echo_interval but not for
       vol->echo_interval, meaning these can never match if the echo_interval
       option is not specified.
      
       (2) vol->echo_interval is in seconds but server->echo_interval is in
       jiffies, meaning these can never match even if the echo_interval option
       is specified.
      
      This broke TCP session reuse since match_server() can never return 1.
      Fix it.
      
      Fixes: adfeb3e0 ("cifs: Make echo interval tunable")
      Signed-off-by: default avatarRabin Vincent <rabinv@axis.com>
      Acked-by: default avatarSachin Prabhu <sprabhu@redhat.com>
      CC: Stable <stable@vger.kernel.org>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      b782fcc1
  13. 24 Jun, 2016 1 commit
    • Steve French's avatar
      Fix reconnect to not defer smb3 session reconnect long after socket reconnect · 4fcd1813
      Steve French authored
      Azure server blocks clients that open a socket and don't do anything on it.
      In our reconnect scenarios, we can reconnect the tcp session and
      detect the socket is available but we defer the negprot and SMB3 session
      setup and tree connect reconnection until the next i/o is requested, but
      this looks suspicous to some servers who expect SMB3 negprog and session
      setup soon after a socket is created.
      
      In the echo thread, reconnect SMB3 sessions and tree connections
      that are disconnected.  A later patch will replay persistent (and
      resilient) handle opens.
      
      CC: Stable <stable@vger.kernel.org>
      Signed-off-by: default avatarSteve French <steve.french@primarydata.com>
      Acked-by: default avatarPavel Shilovsky <pshilovsky@samba.org>
      4fcd1813
  14. 17 May, 2016 1 commit
    • Sachin Prabhu's avatar
      cifs: remove any preceding delimiter from prefix_path · 11e31647
      Sachin Prabhu authored
      We currently do not check if any delimiter exists before the prefix
      path in cifs_compose_mount_options(). Consequently when building the
      devname using cifs_build_devname() we can end up with multiple
      delimiters separating the UNC and the prefix path.
      
      An issue was reported by the customer mounting a folder within a DFS
      share from a Netapp server which uses McAfee antivirus. We have
      narrowed down the cause to the use of double backslashes in the file
      name used to open the file. This was determined to be caused because of
      additional delimiters as a result of the bug.
      
      In addition to changes in cifs_build_devname(), we also fix
      cifs_parse_devname() to ignore any preceding delimiter for the prefix
      path.
      
      The problem was originally reported on RHEL 6 in RHEL bz 1252721. This
      is the upstream version of the fix. The fix was confirmed by looking at
      the packet capture of a DFS mount.
      Signed-off-by: default avatarSachin Prabhu <sprabhu@redhat.com>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      11e31647
  15. 14 Apr, 2016 1 commit
  16. 04 Apr, 2016 1 commit
    • Kirill A. Shutemov's avatar
      mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros · 09cbfeaf
      Kirill A. Shutemov authored
      PAGE_CACHE_{SIZE,SHIFT,MASK,ALIGN} macros were introduced *long* time
      ago with promise that one day it will be possible to implement page
      cache with bigger chunks than PAGE_SIZE.
      
      This promise never materialized.  And unlikely will.
      
      We have many places where PAGE_CACHE_SIZE assumed to be equal to
      PAGE_SIZE.  And it's constant source of confusion on whether
      PAGE_CACHE_* or PAGE_* constant should be used in a particular case,
      especially on the border between fs and mm.
      
      Global switching to PAGE_CACHE_SIZE != PAGE_SIZE would cause to much
      breakage to be doable.
      
      Let's stop pretending that pages in page cache are special.  They are
      not.
      
      The changes are pretty straight-forward:
      
       - <foo> << (PAGE_CACHE_SHIFT - PAGE_SHIFT) -> <foo>;
      
       - <foo> >> (PAGE_CACHE_SHIFT - PAGE_SHIFT) -> <foo>;
      
       - PAGE_CACHE_{SIZE,SHIFT,MASK,ALIGN} -> PAGE_{SIZE,SHIFT,MASK,ALIGN};
      
       - page_cache_get() -> get_page();
      
       - page_cache_release() -> put_page();
      
      This patch contains automated changes generated with coccinelle using
      script below.  For some reason, coccinelle doesn't patch header files.
      I've called spatch for them manually.
      
      The only adjustment after coccinelle is revert of changes to
      PAGE_CAHCE_ALIGN definition: we are going to drop it later.
      
      There are few places in the code where coccinelle didn't reach.  I'll
      fix them manually in a separate patch.  Comments and documentation also
      will be addressed with the separate patch.
      
      virtual patch
      
      @@
      expression E;
      @@
      - E << (PAGE_CACHE_SHIFT - PAGE_SHIFT)
      + E
      
      @@
      expression E;
      @@
      - E >> (PAGE_CACHE_SHIFT - PAGE_SHIFT)
      + E
      
      @@
      @@
      - PAGE_CACHE_SHIFT
      + PAGE_SHIFT
      
      @@
      @@
      - PAGE_CACHE_SIZE
      + PAGE_SIZE
      
      @@
      @@
      - PAGE_CACHE_MASK
      + PAGE_MASK
      
      @@
      expression E;
      @@
      - PAGE_CACHE_ALIGN(E)
      + PAGE_ALIGN(E)
      
      @@
      expression E;
      @@
      - page_cache_get(E)
      + get_page(E)
      
      @@
      expression E;
      @@
      - page_cache_release(E)
      + put_page(E)
      Signed-off-by: default avatarKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Acked-by: default avatarMichal Hocko <mhocko@suse.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      09cbfeaf
  17. 28 Mar, 2016 2 commits
  18. 11 Feb, 2016 1 commit
  19. 14 Jan, 2016 4 commits
    • Rabin Vincent's avatar
      cifs: fix race between call_async() and reconnect() · 820962dc
      Rabin Vincent authored
      cifs_call_async() queues the MID to the pending list and calls
      smb_send_rqst().  If smb_send_rqst() performs a partial send, it sets
      the tcpStatus to CifsNeedReconnect and returns an error code to
      cifs_call_async().  In this case, cifs_call_async() removes the MID
      from the list and returns to the caller.
      
      However, cifs_call_async() releases the server mutex _before_ removing
      the MID.  This means that a cifs_reconnect() can race with this function
      and manage to remove the MID from the list and delete the entry before
      cifs_call_async() calls cifs_delete_mid().  This leads to various
      crashes due to the use after free in cifs_delete_mid().
      
      Task1				Task2
      
      cifs_call_async():
       - rc = -EAGAIN
       - mutex_unlock(srv_mutex)
      
      				cifs_reconnect():
      				 - mutex_lock(srv_mutex)
      				 - mutex_unlock(srv_mutex)
      				 - list_delete(mid)
      				 - mid->callback()
      				 	cifs_writev_callback():
      				 		- mutex_lock(srv_mutex)
      						- delete(mid)
      				 		- mutex_unlock(srv_mutex)
      
       - cifs_delete_mid(mid) <---- use after free
      
      Fix this by removing the MID in cifs_call_async() before releasing the
      srv_mutex.  Also hold the srv_mutex in cifs_reconnect() until the MIDs
      are moved out of the pending list.
      Signed-off-by: default avatarRabin Vincent <rabin.vincent@axis.com>
      Acked-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
      CC: Stable <stable@vger.kernel.org>
      Signed-off-by: default avatarSteve French <sfrench@localhost.localdomain>
      820962dc
    • Steve French's avatar
      Prepare for encryption support (first part). Add decryption and encryption key... · 373512ec
      Steve French authored
      Prepare for encryption support (first part). Add decryption and encryption key generation. Thanks to Metze for helping with this.
      Reviewed-by: default avatarStefan Metzmacher <metze@samba.org>
      Signed-off-by: default avatarSteve French <steve.french@primarydata.com>
      373512ec
    • Steve French's avatar
      cifs: Make echo interval tunable · adfeb3e0
      Steve French authored
      Currently the echo interval is set to 60 seconds using a macro. This
      setting determines the interval at which echo requests are sent to the
      server on an idling connection. This setting also affects the time
      required for a connection to an unresponsive server to timeout.
      
      Making this setting a tunable allows users to control the echo interval
      times as well as control the time after which the connecting to an
      unresponsive server times out.
      
      To set echo interval, pass the echo_interval=n mount option.
      
      Version four of the patch.
      v2: Change MIN and MAX timeout values
      v3: Remove incorrect comment in cifs_get_tcp_session
      v4: Fix bug in setting echo_intervalw
      Signed-off-by: default avatarSachin Prabhu <sprabhu@redhat.com>
      Acked-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
      adfeb3e0
    • Arnd Hannemann's avatar
      Print IP address of unresponsive server · 275516cd
      Arnd Hannemann authored
      Before this patch, only the hostname of the server
      is printed when it becomes unresponsive.
      This might not be helpful, if the IP-Address has
      changed since initial mount when the name was
      resolved (e.g. because the IPv6-Prefix changed).
      
      This patch adds the cached IP address of the unresponsive server,
      to the log message.
      Signed-off-by: default avatarArnd Hannemann <arnd@arndnet.de>
      Signed-off-by: default avatarSteve French <sfrench@localhost.localdomain>
      275516cd
  20. 03 Nov, 2015 3 commits
  21. 21 Oct, 2015 1 commit
    • David Howells's avatar
      KEYS: Merge the type-specific data with the payload data · 146aa8b1
      David Howells authored
      Merge the type-specific data with the payload data into one four-word chunk
      as it seems pointless to keep them separate.
      
      Use user_key_payload() for accessing the payloads of overloaded
      user-defined keys.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: linux-cifs@vger.kernel.org
      cc: ecryptfs@vger.kernel.org
      cc: linux-ext4@vger.kernel.org
      cc: linux-f2fs-devel@lists.sourceforge.net
      cc: linux-nfs@vger.kernel.org
      cc: ceph-devel@vger.kernel.org
      cc: linux-ima-devel@lists.sourceforge.net
      146aa8b1
  22. 29 Jun, 2015 1 commit
  23. 28 Jun, 2015 2 commits
  24. 20 May, 2015 1 commit
    • Federico Sauter's avatar
      CIFS: Fix race condition on RFC1002_NEGATIVE_SESSION_RESPONSE · 4afe260b
      Federico Sauter authored
      This patch fixes a race condition that occurs when connecting
      to a NT 3.51 host without specifying a NetBIOS name.
      In that case a RFC1002_NEGATIVE_SESSION_RESPONSE is received
      and the SMB negotiation is reattempted, but under some conditions
      it leads SendReceive() to hang forever while waiting for srv_mutex.
      This, in turn, sets the calling process to an uninterruptible sleep
      state and makes it unkillable.
      
      The solution is to unlock the srv_mutex acquired in the demux
      thread *before* going to sleep (after the reconnect error) and
      before reattempting the connection.
      4afe260b
  25. 14 Apr, 2015 1 commit
  26. 01 Apr, 2015 2 commits
  27. 21 Mar, 2015 1 commit
  28. 20 Jan, 2015 1 commit
  29. 08 Dec, 2014 1 commit