summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* fs/cifs: correctly to anonymous authentication for the LANMAN authenticationStefan Metzmacher2016-05-171-12/+16
| | | | | | | | | | | | | Only server which map unknown users to guest will allow access using a non-null LMChallengeResponse. For Samba it's the "map to guest = bad user" option. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11913 Signed-off-by: Stefan Metzmacher <metze@samba.org> CC: Stable <stable@vger.kernel.org> Signed-off-by: Steve French <smfrench@gmail.com>
* fs/cifs: correctly to anonymous authentication via NTLMSSPStefan Metzmacher2016-05-171-12/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | See [MS-NLMP] 3.2.5.1.2 Server Receives an AUTHENTICATE_MESSAGE from the Client: ... Set NullSession to FALSE If (AUTHENTICATE_MESSAGE.UserNameLen == 0 AND AUTHENTICATE_MESSAGE.NtChallengeResponse.Length == 0 AND (AUTHENTICATE_MESSAGE.LmChallengeResponse == Z(1) OR AUTHENTICATE_MESSAGE.LmChallengeResponse.Length == 0)) -- Special case: client requested anonymous authentication Set NullSession to TRUE ... Only server which map unknown users to guest will allow access using a non-null NTChallengeResponse. For Samba it's the "map to guest = bad user" option. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11913 CC: Stable <stable@vger.kernel.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Steve French <smfrench@gmail.com>
* cifs: remove any preceding delimiter from prefix_pathSachin Prabhu2016-05-172-3/+11
| | | | | | | | | | | | | | | | | | | | | | | | We currently do not check if any delimiter exists before the prefix path in cifs_compose_mount_options(). Consequently when building the devname using cifs_build_devname() we can end up with multiple delimiters separating the UNC and the prefix path. An issue was reported by the customer mounting a folder within a DFS share from a Netapp server which uses McAfee antivirus. We have narrowed down the cause to the use of double backslashes in the file name used to open the file. This was determined to be caused because of additional delimiters as a result of the bug. In addition to changes in cifs_build_devname(), we also fix cifs_parse_devname() to ignore any preceding delimiter for the prefix path. The problem was originally reported on RHEL 6 in RHEL bz 1252721. This is the upstream version of the fix. The fix was confirmed by looking at the packet capture of a DFS mount. Signed-off-by: Sachin Prabhu <sprabhu@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
* cifs: Use file_dentry()Goldwyn Rodrigues2016-05-172-4/+4
| | | | | | | | | | | | CIFS may be used as lower layer of overlayfs and accessing f_path.dentry can lead to a crash. Fix by replacing direct access of file->f_path.dentry with the file_dentry() accessor, which will always return a native object. Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com> Acked-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <smfrench@gmail.com>
* Merge branch 'for-linus' of ↵Linus Torvalds2016-05-17195-1230/+1449
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull parallel filesystem directory handling update from Al Viro. This is the main parallel directory work by Al that makes the vfs layer able to do lookup and readdir in parallel within a single directory. That's a big change, since this used to be all protected by the directory inode mutex. The inode mutex is replaced by an rwsem, and serialization of lookups of a single name is done by a "in-progress" dentry marker. The series begins with xattr cleanups, and then ends with switching filesystems over to actually doing the readdir in parallel (switching to the "iterate_shared()" that only takes the read lock). A more detailed explanation of the process from Al Viro: "The xattr work starts with some acl fixes, then switches ->getxattr to passing inode and dentry separately. This is the point where the things start to get tricky - that got merged into the very beginning of the -rc3-based #work.lookups, to allow untangling the security_d_instantiate() mess. The xattr work itself proceeds to switch a lot of filesystems to generic_...xattr(); no complications there. After that initial xattr work, the series then does the following: - untangle security_d_instantiate() - convert a bunch of open-coded lookup_one_len_unlocked() to calls of that thing; one such place (in overlayfs) actually yields a trivial conflict with overlayfs fixes later in the cycle - overlayfs ended up switching to a variant of lookup_one_len_unlocked() sans the permission checks. I would've dropped that commit (it gets overridden on merge from #ovl-fixes in #for-next; proper resolution is to use the variant in mainline fs/overlayfs/super.c), but I didn't want to rebase the damn thing - it was fairly late in the cycle... - some filesystems had managed to depend on lookup/lookup exclusion for *fs-internal* data structures in a way that would break if we relaxed the VFS exclusion. Fixing hadn't been hard, fortunately. - core of that series - parallel lookup machinery, replacing ->i_mutex with rwsem, making lookup_slow() take it only shared. At that point lookups happen in parallel; lookups on the same name wait for the in-progress one to be done with that dentry. Surprisingly little code, at that - almost all of it is in fs/dcache.c, with fs/namei.c changes limited to lookup_slow() - making it use the new primitive and actually switching to locking shared. - parallel readdir stuff - first of all, we provide the exclusion on per-struct file basis, same as we do for read() vs lseek() for regular files. That takes care of most of the needed exclusion in readdir/readdir; however, these guys are trickier than lookups, so I went for switching them one-by-one. To do that, a new method '->iterate_shared()' is added and filesystems are switched to it as they are either confirmed to be OK with shared lock on directory or fixed to be OK with that. I hope to kill the original method come next cycle (almost all in-tree filesystems are switched already), but it's still not quite finished. - several filesystems get switched to parallel readdir. The interesting part here is dealing with dcache preseeding by readdir; that needs minor adjustment to be safe with directory locked only shared. Most of the filesystems doing that got switched to in those commits. Important exception: NFS. Turns out that NFS folks, with their, er, insistence on VFS getting the fuck out of the way of the Smart Filesystem Code That Knows How And What To Lock(tm) have grown the locking of their own. They had their own homegrown rwsem, with lookup/readdir/atomic_open being *writers* (sillyunlink is the reader there). Of course, with VFS getting the fuck out of the way, as requested, the actual smarts of the smart filesystem code etc. had become exposed... - do_last/lookup_open/atomic_open cleanups. As the result, open() without O_CREAT locks the directory only shared. Including the ->atomic_open() case. Backmerge from #for-linus in the middle of that - atomic_open() fix got brought in. - then comes NFS switch to saner (VFS-based ;-) locking, killing the homegrown "lookup and readdir are writers" kinda-sorta rwsem. All exclusion for sillyunlink/lookup is done by the parallel lookups mechanism. Exclusion between sillyunlink and rmdir is a real rwsem now - rmdir being the writer. Result: NFS lookups/readdirs/O_CREAT-less opens happen in parallel now. - the rest of the series consists of switching a lot of filesystems to parallel readdir; in a lot of cases ->llseek() gets simplified as well. One backmerge in there (again, #for-linus - rockridge fix)" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (74 commits) ext4: switch to ->iterate_shared() hfs: switch to ->iterate_shared() hfsplus: switch to ->iterate_shared() hostfs: switch to ->iterate_shared() hpfs: switch to ->iterate_shared() hpfs: handle allocation failures in hpfs_add_pos() gfs2: switch to ->iterate_shared() f2fs: switch to ->iterate_shared() afs: switch to ->iterate_shared() befs: switch to ->iterate_shared() befs: constify stuff a bit isofs: switch to ->iterate_shared() get_acorn_filename(): deobfuscate a bit btrfs: switch to ->iterate_shared() logfs: no need to lock directory in lseek switch ecryptfs to ->iterate_shared 9p: switch to ->iterate_shared() fat: switch to ->iterate_shared() romfs, squashfs: switch to ->iterate_shared() more trivial ->iterate_shared conversions ...
| * Merge branch 'ovl-fixes' into for-linusAl Viro2016-05-17745-4038/+7529
| |\ | | | | | | | | | | | | | | | Backmerge to resolve a conflict in ovl_lookup_real(); "ovl_lookup_real(): use lookup_one_len_unlocked()" instead, but it was too late in the cycle to rebase.
| * | ext4: switch to ->iterate_shared()Al Viro2016-05-132-2/+9
| | | | | | | | | | | | | | | | | | | | | Note that we need relax_dir() equivalent for directories locked shared. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | hfs: switch to ->iterate_shared()Al Viro2016-05-134-3/+15
| | | | | | | | | | | | | | | | | | exact parallel of hfsplus analogue Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | hfsplus: switch to ->iterate_shared()Al Viro2016-05-135-3/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to protect the list of hfsplus_readdir_data against parallel insertions (in readdir) and removals (in release). Add a spinlock for that. Note that it has nothing to do with protection of hfsplus_readdir_data->key - we have an exclusion between hfsplus_readdir() and hfsplus_delete_cat() on directory lock and between several hfsplus_readdir() for the same struct file on ->f_pos_lock. The spinlock is strictly for list changes. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | hostfs: switch to ->iterate_shared()Al Viro2016-05-131-1/+1
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | hpfs: switch to ->iterate_shared()Al Viro2016-05-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | NOTE: the only reason we can do that without ->i_rdir_offs races is that hpfs_lock() serializes everything in there anyway. It's not that hard to get rid of, but not as part of this series... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | hpfs: handle allocation failures in hpfs_add_pos()Al Viro2016-05-133-6/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | pr_err() is nice, but we'd better propagate the error to caller and not proceed to violate the invariants (namely, "every file with f_pos tied to directory block should have its address visible in per-inode array"). Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | gfs2: switch to ->iterate_shared()Al Viro2016-05-121-2/+2
| | | | | | | | | | | | | | | | | | | | | protected by glock and already used without locking the directory by gfs2_get_name() Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | f2fs: switch to ->iterate_shared()Al Viro2016-05-101-1/+1
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | afs: switch to ->iterate_shared()Al Viro2016-05-101-1/+1
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | befs: switch to ->iterate_shared()Al Viro2016-05-101-1/+1
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | befs: constify stuff a bitAl Viro2016-05-106-31/+34
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | isofs: switch to ->iterate_shared()Al Viro2016-05-091-1/+1
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | get_acorn_filename(): deobfuscate a bitAl Viro2016-05-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Lots of Idiotic Silly Parentheses is -> that way... What that condition checks is that there's exactly 32 bytes between the end of name and the end of entire drectory record. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | btrfs: switch to ->iterate_shared()Al Viro2016-05-091-1/+1
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | logfs: no need to lock directory in lseekAl Viro2016-05-091-1/+1
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | switch ecryptfs to ->iterate_sharedAl Viro2016-05-091-1/+1
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | Merge branch 'for-linus' into work.lookupsAl Viro2016-05-092-19/+65
| |\ \
| * | | 9p: switch to ->iterate_shared()Al Viro2016-05-091-2/+2
| | | | | | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | fat: switch to ->iterate_shared()Al Viro2016-05-091-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | ... and make that weird ioctl lock directory only shared. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | romfs, squashfs: switch to ->iterate_shared()Al Viro2016-05-092-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | don't need to lock directory in ->llseek(), either Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | more trivial ->iterate_shared conversionsAl Viro2016-05-0916-17/+16
| | | | | | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | lustre: don't need to lock inode in directory lseekAl Viro2016-05-091-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Note that lustre has its private mutex protecting directory pagecache; if they ever remove it, they'll need to be careful with PageChecked() use. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | kernfs: no point locking directory around that generic_file_llseek()Al Viro2016-05-091-15/+2
| | | | | | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | configfs_readdir(): make safe under shared lockAl Viro2016-05-091-13/+7
| | | | | | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | nfs: per-name sillyunlink exclusionAl Viro2016-05-097-164/+61
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | use d_alloc_parallel() for sillyunlink/lookup exclusion and explicit rwsem (nfs_rmdir() being a writer and nfs_call_unlink() - a reader) for rmdir/sillyunlink one. That ought to make lookup/readdir/!O_CREAT atomic_open really parallel on NFS. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | nfs: switch to ->iterate_shared()Al Viro2016-05-031-28/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | aside of the usual care about seeding dcache from readdir, we need to be careful about the pagecache evictions here. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | lookup_open(): lock the parent shared unless O_CREAT is givenAl Viro2016-05-032-3/+12
| | | | | | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | lookup_open(): put the dentry fed to ->lookup() or ->atomic_open() into ↵Al Viro2016-05-031-11/+26
| | | | | | | | | | | | | | | | | | | | | | | | in-lookup hash Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | lookup_open(): expand the call of real_lookup()Al Viro2016-05-031-3/+10
| | | | | | | | | | | | | | | | | | | | | | | | ... and lose the duplicate IS_DEADDIR() - we'd already checked that. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | atomic_open(): reorder and clean up a bitAl Viro2016-05-031-34/+27
| | | | | | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | lookup_open(): lift the "fallback to !O_CREAT" logics from atomic_open()Al Viro2016-05-031-89/+55
| | | | | | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | atomic_open(): be paranoid about may_open() return valueAl Viro2016-05-031-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | It should never return positives; however, with Linux S&M crowd involved, no bogosity is impossible. Results would be unpleasant... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | atomic_open(): delay open_to_namei_flags() until the method callAl Viro2016-05-031-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | nobody else needs that transformation. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | do_last(): take fput() on error after opening to out:Al Viro2016-05-031-17/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | make it conditional on *opened & FILE_OPENED; in addition to getting rid of exit_fput: thing, it simplifies atomic_open() cleanup on may_open() failure. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | do_last(): get rid of duplicate ELOOP checkAl Viro2016-05-031-4/+0
| | | | | | | | | | | | | | | | | | | | | | | | may_open() will catch it Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | atomic_open(): massage the create_error logics a bitAl Viro2016-05-031-23/+20
| | | | | | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | atomic_open(): consolidate "overridden ENOENT" in open-yourself casesAl Viro2016-05-031-8/+1
| | | | | | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | atomic_open(): don't bother with EEXIST check - it's done in do_last()Al Viro2016-05-031-5/+0
| | | | | | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | Merge branch 'for-linus' into work.lookupsAl Viro2016-05-035-55/+35
| |\ \ \
| * | | | lookup_open(): expand the call of vfs_create()Al Viro2016-05-031-9/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Lift IS_DEADDIR handling up into the part common with atomic_open(), remove it from the latter. Collapse permission checks into the call of may_o_create(), getting it closer to atomic_open() case. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | | path_openat(): take O_PATH handling out of do_last()Al Viro2016-05-031-7/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | do_last() and lookup_open() simpler that way and so does O_PATH itself. As it bloody well should: we find what the pathname resolves to, same way as in stat() et.al. and associate it with FMODE_PATH struct file. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | | simple local filesystems: switch to ->iterate_shared()Al Viro2016-05-036-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | no changes needed (XFS isn't simple, but it has the same parallelism in the interesting parts exercised from CXFS). Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | | dcache_{readdir,dir_lseek}() users: switch to ->iterate_sharedAl Viro2016-05-033-7/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | no need to lock directory in dcache_dir_lseek(), while we are at it - per-struct file exclusion is enough. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | | cifs: switch to ->iterate_shared()Al Viro2016-05-032-27/+30
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>