summaryrefslogtreecommitdiff
path: root/fs/cifs/cifsfs.c
AgeCommit message (Collapse)Author
2019-09-16smb3: only offload decryption of read responses if multiple requestsSteve French
No point in offloading read decryption if no other requests on the wire Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
2019-09-16smb3: enable offload of decryption of large reads via mount optionSteve French
Disable offload of the decryption of encrypted read responses by default (equivalent to setting this new mount option "esize=0"). Allow setting the minimum encrypted read response size that we will choose to offload to a worker thread - it is now configurable via on a new mount option "esize=" Depending on which encryption mechanism (GCM vs. CCM) and the number of reads that will be issued in parallel and the performance of the network and CPU on the client, it may make sense to enable this since it can provide substantial benefit when multiple large reads are in flight at the same time. Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
2019-09-16smb3: allow parallelizing decryption of readsSteve French
decrypting large reads on encrypted shares can be slow (e.g. adding multiple milliseconds per-read on non-GCM capable servers or when mounting with dialects prior to SMB3.1.1) - allow parallelizing of read decryption by launching worker threads. Testing to Samba on localhost showed 25% improvement. Testing to remote server showed very large improvement when doing more than one 'cp' command was called at one time. Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
2019-09-16smb3: add mount option to allow RW caching of share accessed by only 1 clientSteve French
If a share is known to be only to be accessed by one client, we can aggressively cache writes not just reads to it. Add "cache=" option (cache=singleclient) for mounting read write shares (that will not be read or written to from other clients while we have it mounted) in order to improve performance. Signed-off-by: Steve French <stfrench@microsoft.com>
2019-09-16smb3: add mount option to allow forced caching of read only shareSteve French
If a share is immutable (at least for the period that it will be mounted) it would be helpful to not have to revalidate dentries repeatedly that we know can not be changed remotely. Add "cache=" option (cache=ro) for mounting read only shares in order to improve performance in cases in which we know that the share will not be changing while it is in use. Signed-off-by: Steve French <stfrench@microsoft.com>
2019-08-30fs: cifs: Initialize filesystem timestamp rangesDeepa Dinamani
Fill in the appropriate limits to avoid inconsistencies in the vfs cached inode times when timestamps are outside the permitted range. Also fixed cnvrtDosUnixTm calculations to avoid int overflow while computing maximum date. References: http://cifs.com/ https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-cifs/d416ff7c-c536-406e-a951-4f04b2fd1d2b Signed-off-by: Deepa Dinamani <deepa.kernel@gmail.com> Acked-by: Jeff Layton <jlayton@kernel.org> Cc: sfrench@samba.org Cc: linux-cifs@vger.kernel.org
2019-08-22fs: cifs: move from the crypto cipher API to the new DES library interfaceArd Biesheuvel
Some legacy code in the CIFS driver uses single DES to calculate some password hash, and uses the crypto cipher API to do so. Given that there is no point in invoking an accelerated cipher for doing 56-bit symmetric encryption on a single 8-byte block of input, the flexibility of the crypto cipher API does not add much value here, and so we're much better off using a library call into the generic C implementation. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-07-18cifs: copy_file_range needs to strip setuid bits and update timestampsAmir Goldstein
cifs has both source and destination inodes locked throughout the copy. Like ->write_iter(), we update mtime and strip setuid bits of destination file before copy and like ->read_iter(), we update atime of source file after copy. Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Steve French <stfrench@microsoft.com>
2019-07-18Merge tag '4.3-rc-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6Linus Torvalds
Pull cifs updates from Steve French: "Fixes (three for stable) and improvements including much faster encryption (SMB3.1.1 GCM)" * tag '4.3-rc-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6: (27 commits) smb3: smbdirect no longer experimental cifs: fix crash in smb2_compound_op()/smb2_set_next_command() cifs: fix crash in cifs_dfs_do_automount cifs: fix parsing of symbolic link error response cifs: refactor and clean up arguments in the reparse point parsing SMB3: query inode number on open via create context smb3: Send netname context during negotiate protocol smb3: do not send compression info by default smb3: add new mount option to retrieve mode from special ACE smb3: Allow query of symlinks stored as reparse points cifs: Fix a race condition with cifs_echo_request cifs: always add credits back for unsolicited PDUs fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace add some missing definitions cifs: fix typo in debug message with struct field ia_valid smb3: minor cleanup of compound_send_recv CIFS: Fix module dependency cifs: simplify code by removing CONFIG_CIFS_ACL ifdef cifs: Fix check for matching with existing mount cifs: Properly handle auto disabling of serverino option ...
2019-07-10Merge tag 'copy-file-range-fixes-1' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull copy_file_range updates from Darrick Wong: "This fixes numerous parameter checking problems and inconsistent behaviors in the new(ish) copy_file_range system call. Now the system call will actually check its range parameters correctly; refuse to copy into files for which the caller does not have sufficient privileges; update mtime and strip setuid like file writes are supposed to do; and allows copying up to the EOF of the source file instead of failing the call like we used to. Summary: - Create a generic copy_file_range handler and make individual filesystems responsible for calling it (i.e. no more assuming that do_splice_direct will work or is appropriate) - Refactor copy_file_range and remap_range parameter checking where they are the same - Install missing copy_file_range parameter checking(!) - Remove suid/sgid and update mtime like any other file write - Change the behavior so that a copy range crossing the source file's eof will result in a short copy to the source file's eof instead of EINVAL - Permit filesystems to decide if they want to handle cross-superblock copy_file_range in their local handlers" * tag 'copy-file-range-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: fuse: copy_file_range needs to strip setuid bits and update timestamps vfs: allow copy_file_range to copy across devices xfs: use file_modified() helper vfs: introduce file_modified() helper vfs: add missing checks to copy_file_range vfs: remove redundant checks from generic_remap_checks() vfs: introduce generic_file_rw_checks() vfs: no fallback for ->copy_file_range vfs: introduce generic_copy_file_range()
2019-07-08Merge branch 'linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto updates from Herbert Xu: "Here is the crypto update for 5.3: API: - Test shash interface directly in testmgr - cra_driver_name is now mandatory Algorithms: - Replace arc4 crypto_cipher with library helper - Implement 5 way interleave for ECB, CBC and CTR on arm64 - Add xxhash - Add continuous self-test on noise source to drbg - Update jitter RNG Drivers: - Add support for SHA204A random number generator - Add support for 7211 in iproc-rng200 - Fix fuzz test failures in inside-secure - Fix fuzz test failures in talitos - Fix fuzz test failures in qat" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (143 commits) crypto: stm32/hash - remove interruptible condition for dma crypto: stm32/hash - Fix hmac issue more than 256 bytes crypto: stm32/crc32 - rename driver file crypto: amcc - remove memset after dma_alloc_coherent crypto: ccp - Switch to SPDX license identifiers crypto: ccp - Validate the the error value used to index error messages crypto: doc - Fix formatting of new crypto engine content crypto: doc - Add parameter documentation crypto: arm64/aes-ce - implement 5 way interleave for ECB, CBC and CTR crypto: arm64/aes-ce - add 5 way interleave routines crypto: talitos - drop icv_ool crypto: talitos - fix hash on SEC1. crypto: talitos - move struct talitos_edesc into talitos.h lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE crypto/NX: Set receive window credits to max number of CRBs in RxFIFO crypto: asymmetric_keys - select CRYPTO_HASH where needed crypto: serpent - mark __serpent_setkey_sbox noinline crypto: testmgr - dynamically allocate crypto_shash crypto: testmgr - dynamically allocate testvec_config crypto: talitos - eliminate unneeded 'done' functions at build time ...
2019-07-07smb3: add new mount option to retrieve mode from special ACESteve French
There is a special ACE used by some servers to allow the mode bits to be stored. This can be especially helpful in scenarios in which the client is trusted, and access checking on the client vs the POSIX mode bits is sufficient. Add mount option to allow enabling this behavior. Follow on patch will add support for chmod and queryinfo (stat) by retrieving the POSIX mode bits from the special ACE, SID: S-1-5-88-3 See e.g. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/hh509017(v=ws.10) Signed-off-by: Steve French <stfrench@microsoft.com> Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
2019-07-07cifs: simplify code by removing CONFIG_CIFS_ACL ifdefSteve French
SMB3 ACL support is needed for many use cases now and should not be ifdeffed out, even for SMB1 (CIFS). Remove the CONFIG_CIFS_ACL ifdef so ACL support is always built into cifs.ko Signed-off-by: Steve French <stfrench@microsoft.com>
2019-07-07smb3: if max_credits is specified then display it in /proc/mountsSteve French
If "max_credits" is overridden from its default by specifying it on the smb3 mount then display it in /proc/mounts Signed-off-by: Steve French <stfrench@microsoft.com>
2019-07-07cifs: add missing GCM module dependencyAurelien Aptel
Signed-off-by: Aurelien Aptel <aaptel@suse.com> Signed-off-by: Steve French <stfrench@microsoft.com>
2019-06-20fs: cifs: switch to RC4 library interfaceArd Biesheuvel
The CIFS code uses the sync skcipher API to invoke the ecb(arc4) skcipher, of which only a single generic C code implementation exists. This means that going through all the trouble of using scatterlists etc buys us very little, and we're better off just invoking the arc4 library directly. This also reverts commit 5f4b55699aaf ("CIFS: Fix BUG() in calc_seckey()"), since it is no longer necessary to allocate sec_key on the heap. Cc: linux-cifs@vger.kernel.org Cc: Steve French <sfrench@samba.org> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Steve French <stfrench@microsoft.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-06-13cifs: add spinlock for the openFileList to cifsInodeInfoRonnie Sahlberg
We can not depend on the tcon->open_file_lock here since in multiuser mode we may have the same file/inode open via multiple different tcons. The current code is race prone and will crash if one user deletes a file at the same time a different user opens/create the file. To avoid this we need to have a spinlock attached to the inode and not the tcon. RHBZ: 1580165 CC: Stable <stable@vger.kernel.org> Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com> Signed-off-by: Steve French <stfrench@microsoft.com> Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
2019-06-09vfs: allow copy_file_range to copy across devicesAmir Goldstein
We want to enable cross-filesystem copy_file_range functionality where possible, so push the "same superblock only" checks down to the individual filesystem callouts so they can make their own decisions about cross-superblock copy offload and fallack to generic_copy_file_range() for cross-superblock copy. [Amir] We do not call ->remap_file_range() in case the files are not on the same sb and do not call ->copy_file_range() in case the files do not belong to the same filesystem driver. This changes behavior of the copy_file_range(2) syscall, which will now allow cross filesystem in-kernel copy. CIFS already supports cross-superblock copy, between two shares to the same server. This functionality will now be available via the copy_file_range(2) syscall. Cc: Steve French <stfrench@microsoft.com> Signed-off-by: Dave Chinner <dchinner@redhat.com> Signed-off-by: Amir Goldstein <amir73il@gmail.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
2019-06-09vfs: no fallback for ->copy_file_rangeDave Chinner
Now that we have generic_copy_file_range(), remove it as a fallback case when offloads fail. This puts the responsibility for executing fallbacks on the filesystems that implement ->copy_file_range and allows us to add operational validity checks to generic_copy_file_range(). Rework vfs_copy_file_range() to call a new do_copy_file_range() helper to execute the copying callout, and move calls to generic_file_copy_range() into filesystem methods where they currently return failures. [Amir] overlayfs is not responsible of executing the fallback. It is the responsibility of the underlying filesystem. Signed-off-by: Dave Chinner <dchinner@redhat.com> Signed-off-by: Amir Goldstein <amir73il@gmail.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
2019-05-15cifs: add support for SEEK_DATA and SEEK_HOLERonnie Sahlberg
Add llseek op for SEEK_DATA and SEEK_HOLE. Improves xfstests/285,286,436,445,448 and 490 Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com> Signed-off-by: Steve French <stfrench@microsoft.com>
2019-05-15Fixed https://bugzilla.kernel.org/show_bug.cgi?id=202935 allow write on the ↵Kovtunenko Oleksandr
same file Copychunk allows source and target to be on the same file. For details on restrictions see MS-SMB2 3.3.5.15.6 Signed-off-by: Kovtunenko Oleksandr <alexander198961@gmail.com> Signed-off-by: Steve French <stfrench@microsoft.com>
2019-05-07cifs: add fiemap supportRonnie Sahlberg
Useful for improved copy performance as well as for applications which query allocated ranges of sparse files. Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com> Signed-off-by: Steve French <stfrench@microsoft.com>
2019-05-07CIFS: Show locallease in /proc/mounts for cifs shares mounted with ↵Kenneth D'souza
locallease feature. Missing parameter that should be displayed in the mount list Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com> Signed-off-by: Kenneth D'souza <kdsouza@redhat.com> Signed-off-by: Steve French <stfrench@microsoft.com>
2019-05-01cifs: switch to ->free_inode()Al Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2019-04-01SMB3: Allow persistent handle timeout to be configurable on mountSteve French
Reconnecting after server or network failure can be improved (to maintain availability and protect data integrity) by allowing the client to choose the default persistent (or resilient) handle timeout in some use cases. Today we default to 0 which lets the server pick the default timeout (usually 120 seconds) but this can be problematic for some workloads. Add the new mount parameter to cifs.ko for SMB3 mounts "handletimeout" which enables the user to override the default handle timeout for persistent (mount option "persistenthandles") or resilient handles (mount option "resilienthandles"). Maximum allowed is 16 minutes (960000 ms). Units for the timeout are expressed in milliseconds. See section 2.2.14.2.12 and 2.2.31.3 of the MS-SMB2 protocol specification for more information. Signed-off-by: Steve French <stfrench@microsoft.com> Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com> Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com> CC: Stable <stable@vger.kernel.org>
2019-03-22cifs: fix that return -EINVAL when do dedupe operationXiaoli Feng
dedupe_file_range operations is combiled into remap_file_range. But it's always skipped for dedupe operations in function cifs_remap_file_range. Example to test: Before this patch: # dd if=/dev/zero of=cifs/file bs=1M count=1 # xfs_io -c "dedupe cifs/file 4k 64k 4k" cifs/file XFS_IOC_FILE_EXTENT_SAME: Invalid argument After this patch: # dd if=/dev/zero of=cifs/file bs=1M count=1 # xfs_io -c "dedupe cifs/file 4k 64k 4k" cifs/file XFS_IOC_FILE_EXTENT_SAME: Operation not supported Influence for xfstests: generic/091 generic/112 generic/127 generic/263 These tests report this error "do_copy_range:: Invalid argument" instead of "FIDEDUPERANGE: Invalid argument". Because there are still two bugs cause these test failed. https://bugzilla.kernel.org/show_bug.cgi?id=202935 https://bugzilla.kernel.org/show_bug.cgi?id=202785 Signed-off-by: Xiaoli Feng <fengxiaoli0714@gmail.com> Signed-off-by: Steve French <stfrench@microsoft.com>
2019-03-05smb3: for kerberos mounts display the credential uid usedSteve French
For kerberos mounts, the cruid is helpful to display in /proc/mounts in order to tell which uid's krb5 cache we got the ticket for and to tell in the multiuser krb5 case which local users (uids) we have Kerberos authentic sessions for. Signed-off-by: Steve French <stfrench@microsoft.com> Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
2019-03-04smb3: make default i/o size for smb3 mounts largerSteve French
We negotiate rsize mounts (and it can be overridden by user) to typically 4MB, so using larger default I/O sizes from userspace (changing to 1MB default i/o size returned by stat) the performance is much better (and not just for long latency network connections) in most use cases for SMB3 than the default I/O size (which ends up being 128K for cp and can be even smaller for cp). This can be 4x slower or worse depending on network latency. By changing inode->blocksize from 32K (which was perhaps ok for very old SMB1/CIFS) to a larger value, 1MB (but still less than max size negotiated with the server which is 4MB, in order to minimize risk) it significantly increases performance for the noncached case, and slightly increases it for the cached case. This can be changed by the user on mount (specifying bsize= values from 16K to 16MB) to tune better for performance for applications that depend on blocksize. Signed-off-by: Steve French <stfrench@microsoft.com> Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com> CC: Stable <stable@vger.kernel.org>
2018-12-28cifs: Make use of DFS cache to get new DFS referralsPaulo Alcantara
This patch will make use of DFS cache routines where appropriate and do not always request a new referral from server. Signed-off-by: Paulo Alcantara <palcantara@suse.de> Reviewed-by: Aurelien Aptel <aaptel@suse.com> Signed-off-by: Steve French <stfrench@microsoft.com>
2018-11-02cifs: don't dereference smb_file_target before null checkColin Ian King
There is a null check on dst_file->private data which suggests it can be potentially null. However, before this check, pointer smb_file_target is derived from dst_file->private and dereferenced in the call to tlink_tcon, hence there is a potential null pointer deference. Fix this by assigning smb_file_target and target_tcon after the null pointer sanity checks. Detected by CoverityScan, CID#1475302 ("Dereference before null check") Fixes: 04b38d601239 ("vfs: pull btrfs clone API to vfs layer") Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Steve French <stfrench@microsoft.com>
2018-11-02CIFS: Add direct I/O functions to file_operationsLong Li
With direct read/write functions implemented, add them to file_operations. Dircet I/O is used under two conditions: 1. When mounting with "cache=none", CIFS uses direct I/O for all user file data transfer. 2. When opening a file with O_DIRECT, CIFS uses direct I/O for all data transfer on this file. Signed-off-by: Long Li <longli@microsoft.com> Signed-off-by: Steve French <stfrench@microsoft.com> Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
2018-11-02Merge tag 'xfs-4.20-merge-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linuxLinus Torvalds
Pull vfs dedup fixes from Dave Chinner: "This reworks the vfs data cloning infrastructure. We discovered many issues with these interfaces late in the 4.19 cycle - the worst of them (data corruption, setuid stripping) were fixed for XFS in 4.19-rc8, but a larger rework of the infrastructure fixing all the problems was needed. That rework is the contents of this pull request. Rework the vfs_clone_file_range and vfs_dedupe_file_range infrastructure to use a common .remap_file_range method and supply generic bounds and sanity checking functions that are shared with the data write path. The current VFS infrastructure has problems with rlimit, LFS file sizes, file time stamps, maximum filesystem file sizes, stripping setuid bits, etc and so they are addressed in these commits. We also introduce the ability for the ->remap_file_range methods to return short clones so that clones for vfs_copy_file_range() don't get rejected if the entire range can't be cloned. It also allows filesystems to sliently skip deduplication of partial EOF blocks if they are not capable of doing so without requiring errors to be thrown to userspace. Existing filesystems are converted to user the new remap_file_range method, and both XFS and ocfs2 are modified to make use of the new generic checking infrastructure" * tag 'xfs-4.20-merge-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: (28 commits) xfs: remove [cm]time update from reflink calls xfs: remove xfs_reflink_remap_range xfs: remove redundant remap partial EOF block checks xfs: support returning partial reflink results xfs: clean up xfs_reflink_remap_blocks call site xfs: fix pagecache truncation prior to reflink ocfs2: remove ocfs2_reflink_remap_range ocfs2: support partial clone range and dedupe range ocfs2: fix pagecache truncation prior to reflink ocfs2: truncate page cache for clone destination file before remapping vfs: clean up generic_remap_file_range_prep return value vfs: hide file range comparison function vfs: enable remap callers that can handle short operations vfs: plumb remap flags through the vfs dedupe functions vfs: plumb remap flags through the vfs clone functions vfs: make remap_file_range functions take and return bytes completed vfs: remap helper should update destination inode metadata vfs: pass remap flags to generic_remap_checks vfs: pass remap flags to generic_remap_file_range_prep vfs: combine the clone and dedupe into a single remap_file_range ...
2018-10-30vfs: make remap_file_range functions take and return bytes completedDarrick J. Wong
Change the remap_file_range functions to take a number of bytes to operate upon and return the number of bytes they operated on. This is a requirement for allowing fs implementations to return short clone/dedupe results to the user, which will enable us to obey resource limits in a graceful manner. A subsequent patch will enable copy_file_range to signal to the ->clone_file_range implementation that it can handle a short length, which will be returned in the function's return value. For now the short return is not implemented anywhere so the behavior won't change -- either copy_file_range manages to clone the entire range or it tries an alternative. Neither clone ioctl can take advantage of this, alas. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Dave Chinner <david@fromorbit.com>
2018-10-30vfs: combine the clone and dedupe into a single remap_file_rangeDarrick J. Wong
Combine the clone_file_range and dedupe_file_range operations into a single remap_file_range file operation dispatch since they're fundamentally the same operation. The differences between the two can be made in the prep functions. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Amir Goldstein <amir73il@gmail.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Dave Chinner <david@fromorbit.com>
2018-10-23cifs: minor clarification in commentsSteve French
Clarify meaning (in comments) meaning of various options for debug messages in cifs.ko. Also fixed trivial formatting/style issue with previous patch. Signed-off-by: Steve French <stfrench@microsoft.com>
2018-10-23CIFS: Print message when attempting a mountRodrigo Freire
Currently, no messages are printed when mounting a CIFS filesystem and no debug configuration is enabled. However, a CIFS mount information is valuable when troubleshooting and/or forensic analyzing a system and finding out if was a CIFS endpoint mount attempted. Other filesystems such as XFS, EXT* does issue a printk() when mounting their filesystems. A terse log message is printed only if cifsFYI is not enabled. Otherwise, the default full debug message is printed. In order to not clutter and classify correctly the event messages, these are logged as KERN_INFO level. Sample mount operations: [root@corinthians ~]# mount -o user=administrator //172.25.250.18/c$ /mnt (non-existent system) [root@corinthians ~]# mount -o user=administrator //172.25.250.19/c$ /mnt (Valid system) Kernel message log for the mount operations: [ 450.464543] CIFS: Attempting to mount //172.25.250.18/c$ [ 456.478186] CIFS VFS: Error connecting to socket. Aborting operation. [ 456.478381] CIFS VFS: cifs_mount failed w/return code = -113 [ 467.688866] CIFS: Attempting to mount //172.25.250.19/c$ Signed-off-by: Rodrigo Freire <rfreire@redhat.com> Signed-off-by: Steve French <stfrench@microsoft.com>
2018-10-23CIFS: make 'nodfs' mount opt a superblock flagAurelien Aptel
tcon->Flags is only used by SMB1 code and changing it is not permanent (you lose the setting on tcon reconnect). * Move the setting to superblock flags (per mount-points). * Make automount callback exit early when flag present * Make dfs resolving happening in mount syscall exit early if flag present Signed-off-by: Aurelien Aptel <aaptel@suse.com> Signed-off-by: Steve French <stfrench@microsoft.com> Acked-by: Pavel Shilovsky <pshilov@microsoft.com>
2018-10-23smb3: add way to control slow response threshold for logging and statsSteve French
/proc/fs/cifs/Stats when CONFIG_CIFS_STATS2 is enabled logs 'slow' responses, but depending on the server you are debugging a one second timeout may be too fast, so allow setting it to a larger number of seconds via new module parameter /sys/module/cifs/parameters/slow_rsp_threshold or via modprobe: slow_rsp_threshold:Amount of time (in seconds) to wait before logging that a response is delayed. Default: 1 (if set to 0 disables msg). (uint) Recommended values are 0 (disabled) to 32767 (9 hours) with the default remaining as 1 second. Signed-off-by: Steve French <stfrench@microsoft.com> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-23cifs: minor updates to module description for cifs.koSteve French
note smb3 (and common more modern servers) in the module description Signed-off-by: Steve French <stfrench@microsoft.com> Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
2018-08-10cifs: don't show domain= in mount output when domain is emptyRonnie Sahlberg
Reported-by: Xiaoli Feng <xifeng@redhat.com> Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com> Signed-off-by: Steve French <stfrench@microsoft.com> Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
2018-08-07smb3: snapshot mounts are read-only and make sure info is displayable about ↵Steve French
the mount snapshot mounts were not marked as read-only and did not display the snapshot time (in /proc/mounts) specified on mount With this patch - note that can not write to the snapshot mount (see "ro" in /proc/mounts line) and also the missing snapshot timewarp token time is dumped. Sample line from /proc/mounts with the patch: //127.0.0.1/scratch /mnt2 smb3 ro,relatime,vers=default,cache=strict,username=testuser,domain=,uid=0,noforceuid,gid=0,noforcegid,addr=127.0.0.1,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,noperm,rsize=1048576,wsize=1048576,echo_interval=60,snapshot=1234567,actimeo=1 0 0 Signed-off-by: Steve French <stfrench@microsoft.com> Reviewed-by: Paulo Alcantara <palcantara@suse.de>
2018-08-07smb3: simplify code by removing CONFIG_CIFS_SMB311Steve French
We really, really want to be encouraging use of secure dialects, and SMB3.1.1 offers useful security features, and will soon be the recommended dialect for many use cases. Simplify the code by removing the CONFIG_CIFS_SMB311 ifdef so users don't disable it in the build, and create compatibility and/or security issues with modern servers - many of which have been supporting this dialect for multiple years. Also clarify some of the Kconfig text for cifs.ko about SMB3.1.1 and current supported features in the module. Signed-off-by: Steve French <stfrench@microsoft.com> Acked-by: Aurelien Aptel <aaptel@suse.com> Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
2018-08-07smb3: fill in statfs fsid and correct namelenSteve French
Fil in the correct namelen (typically 255 not 4096) in the statfs response and also fill in a reasonably unique fsid (in this case taken from the volume id, and the creation time of the volume). In the case of the POSIX statfs all fields are now filled in, and in the case of non-POSIX mounts, all fields are filled in which can be. Signed-off-by: Steve French <stfrench@gmail.com> CC: Stable <stable@vger.kernel.org> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-06-07smb3: do not allow insecure cifs mounts when using smb3Steve French
if mounting as smb3 do not allow cifs (vers=1.0) or insecure vers=2.0 mounts. For example: root@smf-Thinkpad-P51:~/cifs-2.6# mount -t smb3 //127.0.0.1/scratch /mnt -o username=testuser,password=Testpass1 root@smf-Thinkpad-P51:~/cifs-2.6# umount /mnt root@smf-Thinkpad-P51:~/cifs-2.6# mount -t smb3 //127.0.0.1/scratch /mnt -o username=testuser,password=Testpass1,vers=1.0 mount: /mnt: wrong fs type, bad option, bad superblock on //127.0.0.1/scratch ... root@smf-Thinkpad-P51:~/cifs-2.6# dmesg | grep smb3 [ 4302.200122] CIFS VFS: vers=1.0 (cifs) not permitted when mounting with smb3 root@smf-Thinkpad-P51:~/cifs-2.6# mount -t smb3 //127.0.0.1/scratch /mnt -o username=testuser,password=Testpass1,vers=3.11 Signed-off-by: Steve French <stfrench@microsoft.com> Acked-by: Pavel Shilovsky <pshilov@microsoft.com> Reviewed-by: Aurelien Aptel <aaptel@suse.com> Reviewed-by: Sachin Prabhu <sprabhu@redhat.com>
2018-05-30smb3: allow "posix" mount option to enable new SMB311 protocol extensionsSteve French
If "posix" (or synonym "unix" for backward compatibility) specified on mount, and server advertises support for SMB3.11 POSIX negotiate context, then enable the new posix extensions on the tcon. This can be viewed by looking for "posix" in the mount options displayed by /proc/mounts for that mount (ie if posix extensions allowed by server and the experimental POSIX extensions also requested on the mount by specifying "posix" at mount time). Also add check to warn user if conflicting unix/nounix or posix/noposix specified on mount. Signed-off-by: Steve French <smfrench@gmail.com>
2018-05-30cifs: allow disabling less secure legacy dialectsSteve French
To improve security it may be helpful to have additional ways to restrict the ability to override the default dialects (SMB2.1, SMB3 and SMB3.02) on mount with old dialects (CIFS/SMB1 and SMB2) since vers=1.0 (CIFS/SMB1) and vers=2.0 are weaker and less secure. Add a module parameter "disable_legacy_dialects" (/sys/module/cifs/parameters/disable_legacy_dialects) which can be set to 1 (or equivalently Y) to forbid use of vers=1.0 or vers=2.0 on mount. Also cleans up a few build warnings about globals for various module parms. Signed-off-by: Steve French <smfrench@gmail.com>
2018-05-30cifs: make minor clarifications to module params for cifs.koSteve French
Note which ones of the module params are cifs dialect only (N/A for default dialect now that has moved to SMB2.1 or later) Signed-off-by: Steve French <stfrench@microsoft.com> Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
2018-05-30smb3: add module alias for smb3 to cifs.koSteve French
We really don't want to be encouraging people to use the old (less secure) cifs dialect (SMB1) and it can be confusing for them with SMB3 (or later) being recommended but the module name is cifs. Add a module alias for "smb3" to cifs.ko to make this less confusing. Signed-off-by: Steve French <smfrench@gmail.com>
2018-05-27smb3: fix redundant opens on rootSteve French
In SMB2/SMB3 unlike in cifs we unnecessarily open the root of the share over and over again in various places during mount and path revalidation and also in statfs. This patch cuts redundant traffic (opens and closes) by simply keeping the directory handle for the root around (and reopening it as needed on reconnect), so query calls don't require three round trips to copmlete - just one, and eases load on network, client and server (on mount alone, cuts network traffic by more than a third). Also add a new cifs mount parm "nohandlecache" to allow users whose servers might have resource constraints (eg in case they have a server with so many users connecting to it that this extra handle per mount could possibly be a resource concern). Signed-off-by: Steve French <smfrench@gmail.com> Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
2018-05-10smb3: directory sync should not return an errorSteve French
As with NFS, which ignores sync on directory handles, fsync on a directory handle is a noop for CIFS/SMB3. Do not return an error on it. It breaks some database apps otherwise. Signed-off-by: Steve French <smfrench@gmail.com> CC: Stable <stable@vger.kernel.org> Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com> Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>