summaryrefslogtreecommitdiffstats
path: root/fs/cifs (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'for-linus' of ↵Linus Torvalds2010-08-102-49/+52
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6: (96 commits) no need for list_for_each_entry_safe()/resetting with superblock list Fix sget() race with failing mount vfs: don't hold s_umount over close_bdev_exclusive() call sysv: do not mark superblock dirty on remount sysv: do not mark superblock dirty on mount btrfs: remove junk sb_dirt change BFS: clean up the superblock usage AFFS: wait for sb synchronization when needed AFFS: clean up dirty flag usage cifs: truncate fallout mbcache: fix shrinker function return value mbcache: Remove unused features add f_flags to struct statfs(64) pass a struct path to vfs_statfs update VFS documentation for method changes. All filesystems that need invalidate_inode_buffers() are doing that explicitly convert remaining ->clear_inode() to ->evict_inode() Make ->drop_inode() just return whether inode needs to be dropped fs/inode.c:clear_inode() is gone fs/inode.c:evict() doesn't care about delete vs. non-delete paths now ... Fix up trivial conflicts in fs/nilfs2/super.c
| * cifs: truncate falloutChristoph Hellwig2010-08-091-23/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove the calls to inode_newsize_ok given that we already did it as part of inode_change_ok in the beginning of cifs_setattr_(no)unix. No need to call ->truncate if cifs doesn't have one, so remove the explicit call in cifs_vmtruncate, and replace the calls to vmtruncate with truncate_setsize which is vmtruncate minus inode_newsize_ok and the call to ->truncate. Rename cifs_vmtruncate to cifs_setsize to match the new calling conventions. Question 1: why does cifs do the pagecache munging and i_size update twice for each setattr call, once opencoded in cifs_vmtruncate, and once using the VFS helpers? Question 2: what is supposed to be protected by i_lock in cifs_vmtruncate? Do we need it around the call to inode_change_ok? [AV: fixed build breakage] Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * convert remaining ->clear_inode() to ->evict_inode()Al Viro2010-08-091-2/+4
| | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * Make ->drop_inode() just return whether inode needs to be droppedAl Viro2010-08-091-5/+4
| | | | | | | | | | | | ... and let iput_final() do the actual eviction or retention Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * always call inode_change_ok early in ->setattrChristoph Hellwig2010-08-091-16/+13
| | | | | | | | | | | | | | | | | | Make sure we call inode_change_ok before doing any changes in ->setattr, and make sure to call it even if our fs wants to ignore normal UNIX permissions, but use the ATTR_FORCE to skip those. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * remove inode_setattrChristoph Hellwig2010-08-091-12/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Replace inode_setattr with opencoded variants of it in all callers. This moves the remaining call to vmtruncate into the filesystem methods where it can be replaced with the proper truncate sequence. In a few cases it was obvious that we would never end up calling vmtruncate so it was left out in the opencoded variant: spufs: explicitly checks for ATTR_SIZE earlier btrfs,hugetlbfs,logfs,dlmfs: explicitly clears ATTR_SIZE earlier ufs: contains an opencoded simple_seattr + truncate that sets the filesize just above In addition to that ncpfs called inode_setattr with handcrafted iattrs, which allowed to trim down the opencoded variant. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6Linus Torvalds2010-08-0712-247/+148
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6: [DNS RESOLVER] Minor typo correction DNS: Fixes for the DNS query module cifs: Include linux/err.h for IS_ERR and PTR_ERR DNS: Make AFS go to the DNS for AFSDB records for unknown cells DNS: Separate out CIFS DNS Resolver code cifs: account for new creduid=0x%x parameter in spnego upcall string cifs: reduce false positives with inode aliasing serverino autodisable CIFS: Make cifs_convert_address() take a const src pointer and a length cifs: show features compiled in as part of DebugData cifs: update README Fix up trivial conflicts in fs/cifs/cifsfs.c due to workqueue changes
| * | DNS: Separate out CIFS DNS Resolver codeWang Lei2010-08-054-205/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Separate out the DNS resolver key type from the CIFS filesystem into its own module so that it can be made available for general use, including the AFS filesystem module. This facility makes it possible for the kernel to upcall to userspace to have it issue DNS requests, package up the replies and present them to the kernel in a useful form. The kernel is then able to cache the DNS replies as keys can be retained in keyrings. Resolver keys are of type "dns_resolver" and have a case-insensitive description that is of the form "[<type>:]<domain_name>". The optional <type> indicates the particular DNS lookup and packaging that's required. The <domain_name> is the query to be made. If <type> isn't given, a basic hostname to IP address lookup is made, and the result is stored in the key in the form of a printable string consisting of a comma-separated list of IPv4 and IPv6 addresses. This key type is supported by userspace helpers driven from /sbin/request-key and configured through /etc/request-key.conf. The cifs.upcall utility is invoked for UNC path server name to IP address resolution. The CIFS functionality is encapsulated by the dns_resolve_unc_to_ip() function, which is used to resolve a UNC path to an IP address for CIFS filesystem. This part remains in the CIFS module for now. See the added Documentation/networking/dns_resolver.txt for more information. Signed-off-by: Wang Lei <wang840925@gmail.com> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | cifs: account for new creduid=0x%x parameter in spnego upcall stringJeff Layton2010-08-051-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | The commit that added the creduid=0x%x parameter failed to increase the buffer allocation to account for it. Reported-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | cifs: reduce false positives with inode aliasing serverino autodisableJeff Layton2010-08-051-12/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It turns out that not all directory inodes with dentries on the i_dentry list are unusable here. We only consider them unusable if they are still hashed or if they have a root dentry attached. Full disclosure -- this check is inherently racy. There's nothing that stops someone from slapping a new dentry onto this inode just after this check, or hashing an existing one that's already attached. So, this is really a "best effort" thing to work around misbehaving servers. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | CIFS: Make cifs_convert_address() take a const src pointer and a lengthDavid Howells2010-08-055-37/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make cifs_convert_address() take a const src pointer and a length so that all the strlen() calls in their can be cut out and to make it unnecessary to modify the src string. Also return the data length from dns_resolve_server_name_to_ip() so that a strlen() can be cut out of cifs_compose_mount_options() too. Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | cifs: show features compiled in as part of DebugDataSuresh Jayaraman2010-08-051-0/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixed the nit pointed out by Jeff. From: Suresh Jayaraman <sjayaraman@suse.de> Subject: [PATCH 1/2] cifs: show features compiled in as part of DebugData This patch adds the features that are compiled in to the CIFS debugging data as shown below: $cat /proc/fs/cifs/DebugData Display Internal CIFS Data Structures for Debugging --------------------------------------------------- CIFS Version 1.64 Features: dfs fscache posix spnego xattr Active VFS Requests: 0 ... This patch provides a definitive way to tell what features are currently enabled in the running kernel. This could also help debugging. Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de> Cc: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | cifs: update READMESuresh Jayaraman2010-08-051-2/+3
| |/ | | | | | | | | | | | | | | | | | | | | | | Update the README file to reflect that now DebugData shows all the features enabled. Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de> Cc: Jeff Layton <jlayton@redhat.com> -- fs/cifs/README | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) Signed-off-by: Steve French <sfrench@us.ibm.com>
* | Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wqLinus Torvalds2010-08-076-34/+32
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq: (55 commits) workqueue: mark init_workqueues() as early_initcall() workqueue: explain for_each_*cwq_cpu() iterators fscache: fix build on !CONFIG_SYSCTL slow-work: kill it gfs2: use workqueue instead of slow-work drm: use workqueue instead of slow-work cifs: use workqueue instead of slow-work fscache: drop references to slow-work fscache: convert operation to use workqueue instead of slow-work fscache: convert object to use workqueue instead of slow-work workqueue: fix how cpu number is stored in work->data workqueue: fix mayday_mask handling on UP workqueue: fix build problem on !CONFIG_SMP workqueue: fix locking in retry path of maybe_create_worker() async: use workqueue for worker pool workqueue: remove WQ_SINGLE_CPU and use WQ_UNBOUND instead workqueue: implement unbound workqueue workqueue: prepare for WQ_UNBOUND implementation libata: take advantage of cmwq and remove concurrency limitations workqueue: fix worker management invocation without pending works ... Fixed up conflicts in fs/cifs/* as per Tejun. Other trivial conflicts in include/linux/workqueue.h, kernel/trace/Kconfig and kernel/workqueue.c
| * cifs: use workqueue instead of slow-workTejun Heo2010-07-226-35/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Workqueue can now handle high concurrency. Use system_nrt_wq instead of slow-work. * Updated is_valid_oplock_break() to not call cifs_oplock_break_put() as advised by Steve French. It might cause deadlock. Instead, reference is increased after queueing succeeded and cifs_oplock_break() briefly grabs GlobalSMBSeslock before putting the cfile to make sure it doesn't put before the matching get is finished. * Anton Blanchard reported that cifs conversion was using now gone system_single_wq. Use system_nrt_wq which provides non-reentrance guarantee which is enough and much better. Signed-off-by: Tejun Heo <tj@kernel.org> Acked-by: Steve French <sfrench@samba.org> Cc: Anton Blanchard <anton@samba.org>
* | cifs: fsc should not default to "on"Jeff Layton2010-08-021-3/+0
| | | | | | | | | | | | | | | | | | | | | | I'm not sure why this was merged with this flag hardcoded on, but it seems quite dangerous. Turn it off. Also, mount.cifs hands unrecognized options off to the kernel so there should be no need for changes there in order to support this. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | [CIFS] remove redundant path walking in dfs_do_refmountSteve French2010-08-021-17/+11
| | | | | | | | | | | | Reviewed-by: Dave Howells <dhowells@redhat.com> Signed-off-by: Igor Mammedov <niallain@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | cifs: ignore the "mand", "nomand" and "_netdev" mount optionsJeff Layton2010-08-021-0/+6
| | | | | | | | | | | | | | | | These are all handled by the userspace mount programs, but older versions of mount.cifs also handed them off to the kernel. Ignore them. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | cifs: map NT_STATUS_ERROR_WRITE_PROTECTED to -EROFSJeff Layton2010-08-022-0/+2
| | | | | | | | | | | | | | Seems like a more sensible mapping than -EIO. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | cifs: don't allow cifs_iget to match inodes of the wrong typeJeff Layton2010-08-021-0/+5
| | | | | | | | | | | | | | | | If the type is different from what we think it should be, then don't match the existing inode. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | [CIFS] relinquish fscache cookie before freeing CIFSTconInfoSteve French2010-08-021-1/+1
| | | | | | | | | | | | | | | | Doh, fix a use after free bug. Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de> Reviewed-and-Tested-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | cifs: add separate cred_uid field to sesInfoJeff Layton2010-08-023-3/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Right now, there's no clear separation between the uid that owns the credentials used to do the mount and the overriding owner of the files on that mount. Add a separate cred_uid field that is set to the real uid of the mount user. Unlike the linux_uid, the uid= option does not override this parameter. The parm is sent to cifs.upcall, which can then preferentially use the creduid= parm instead of the uid= parm for finding credentials. This is not the only way to solve this. We could try to do all of this in kernel instead by having a module parameter that affects what gets passed in the uid= field of the upcall. That said, we have a lot more flexibility to change things in userspace so I think it probably makes sense to do it this way. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | fs: cifs: check kmalloc() resultKulikov Vasiliy2010-08-021-0/+5
| | | | | | | | | | | | | | | | | | If kmalloc() fails exit with -ENOMEM. Signed-off-by: Kulikov Vasiliy <segooon@gmail.com> Acked-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com> Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | [CIFS] Missing ifdefSteve French2010-08-021-0/+4
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
* | [CIFS] Missing line from previous commitSteve French2010-08-021-3/+3
| | | | | | | | | | CC: Suresh Jayaraman <sjayaraman@suse.de> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | [CIFS] Fix build break when CONFIG_CIFS_FSCACHE disabledSteve French2010-08-022-2/+2
| | | | | | | | | | CC: Suresh Jayaraman <sjayaraman@suse.de> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | cifs: add mount option to enable local cachingSuresh Jayaraman2010-08-022-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a mount option 'fsc' to enable local caching on CIFS. I considered adding a separate debug bit for caching, but it appears that debugging would be relatively easier with the normal CIFS_INFO level. As the cifs-utils (userspace) changes are not done yet, this patch enables 'fsc' by default to enable testing. Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | cifs: read pages from FS-CacheSuresh Jayaraman2010-08-023-1/+129
| | | | | | | | | | | | | | | | Read pages from a FS-Cache data storage object into a CIFS inode. Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | cifs: store pages into local cacheSuresh Jayaraman2010-08-023-0/+29
| | | | | | | | | | | | | | | | Store pages from an CIFS inode into the data storage object associated with that inode. Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | cifs: FS-Cache page managementSuresh Jayaraman2010-08-024-0/+93
| | | | | | | | | | | | | | | | | | Takes care of invalidation and release of FS-Cache marked pages and also invalidation of the FsCache page flag when the inode is removed. Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | cifs: define inode-level cache object and register themSuresh Jayaraman2010-08-027-0/+183
| | | | | | | | | | | | | | | | | | | | | | | | Define inode-level data storage objects (managed by cifsInodeInfo structs). Each inode-level object is created in a super-block level object and is itself a data storage object in to which pages from the inode are stored. The inode object is keyed by UniqueId. The coherency data being used is LastWriteTime, LastChangeTime and end of file reported by the server. Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | cifs: define superblock-level cache index objects and register themSuresh Jayaraman2010-08-026-0/+142
| | | | | | | | | | | | | | | | | | | | | | | | Define superblock-level cache index objects (managed by cifsTconInfo structs). Each superblock object is created in a server-level index object and in itself an index into which inode-level objects are inserted. The superblock object is keyed by sharename. The UniqueId/IndexNumber is used to validate that the exported share is the same since we accessed it last time. Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | cifs: remove unused cifsUidInfo structJeff Layton2010-08-021-16/+0
| | | | | | | | | | Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | cifs: clean up cifs_find_smb_ses (try #2)Jeff Layton2010-08-022-9/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch replaces the earlier patch by the same name. The only difference is that MAX_PASSWORD_SIZE has been increased to attempt to match the limits that windows enforces. Do a better job of matching sessions by authtype. Matching by username for a Kerberos session is incorrect, and anonymous sessions need special handling. Also, in the case where we do match by username, we also need to match by password. That ensures that someone else doesn't "borrow" an existing session without needing to know the password. Finally, passwords can be longer than 16 bytes. Bump MAX_PASSWORD_SIZE to 512 to match the size that the userspace mount helper allows. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | cifs: match secType when searching for existing tcp sessionJeff Layton2010-08-022-4/+54
| | | | | | | | | | | | | | | | | | The secType is a per-tcp session entity, but the current routine doesn't verify that it is acceptible when attempting to match an existing TCP session. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | cifs: move address comparison into separate functionJeff Layton2010-08-021-37/+36
| | | | | | | | | | | | | | | | | | | | | | Move the address comparator out of cifs_find_tcp_session and into a separate function for cleanliness. Also change the argument to that function to a "struct sockaddr" pointer. Passing pointers to sockaddr_storage is a little odd since that struct is generally for declaring static storage. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | cifs: set the port in sockaddr in a more clearly defined fashionJeff Layton2010-08-024-10/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch should replace the patch I sent a couple of weeks ago to set the port in cifs_convert_address. Currently we set this in cifs_find_tcp_session, but that's more of a side effect than anything. Add a new function called cifs_fill_sockaddr. Have it call cifs_convert_address and then set the port. This also allows us to skip passing in the port as a separate parm to cifs_find_tcp_session. Also, change cifs_convert_address take a struct sockaddr * rather than void * to make it clearer how this function should be called. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | cifs: define server-level cache index objects and register themSuresh Jayaraman2010-08-026-1/+126
| | | | | | | | | | | | | | | | | | | | | | | | Define server-level cache index objects (as managed by TCP_ServerInfo structs) and register then with FS-Cache. Each server object is created in the CIFS top-level index object and is itself an index into which superblock-level objects are inserted. The server objects are now keyed by {IPaddress,family,port} tuple. Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | cifs: register CIFS for cachingSuresh Jayaraman2010-08-024-0/+95
| | | | | | | | | | | | | | | | | | Define CIFS for FS-Cache and register for caching. Upon registration the top-level index object cookie will be stuck to the netfs definition by FS-Cache. Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | fs/cifs: Remove unnecessary casts of private_dataJoe Perches2010-08-023-18/+13
| | | | | | | | | | Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | cifs: add kernel config option for CIFS Client caching supportSuresh Jayaraman2010-08-021-0/+9
| | | | | | | | | | | | | | Add a kernel config option to enable local caching for CIFS. Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | cifs: remove unused ip_address field in struct TCP_Server_InfoSuresh Jayaraman2010-08-021-1/+0
| | | | | | | | | | | | | | | | The ip_address field is not used and seems redundant as there is union addr already and I don't see any future use as well. Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | cifs: remove an potentially confusing, obsolete commentSuresh Jayaraman2010-08-021-6/+0
| | | | | | | | | | | | | | | | | | | | The recent commit 6ca9f3bae8b1854794dfa63cdd3b88b7dfe24c13 modified the code so that filp is full instantiated whenever the file is created and passed back. The below comment is no longer true, remove it. Cc: Jeff Layton <jlayton@redhat.com> Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | cifs: guard cifsglob.h against multiple inclusionSuresh Jayaraman2010-08-021-0/+5
| | | | | | | | | | | | | | | | | | Add conditional compile macros to guard the header file against multiple inclusion. Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de> Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | CIFS: Remove __exit mark from cifs_exit_dns_resolver()David Howells2010-07-312-2/+2
| | | | | | | | | | | | | | | | | | | | Remove the __exit mark from cifs_exit_dns_resolver() as it's called by the module init routine in case of error, and so may have been discarded during linkage. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | CIFS: Fix a malicious redirect problem in the DNS lookup codeDavid Howells2010-07-223-5/+74
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix the security problem in the CIFS filesystem DNS lookup code in which a malicious redirect could be installed by a random user by simply adding a result record into one of their keyrings with add_key() and then invoking a CIFS CFS lookup [CVE-2010-2524]. This is done by creating an internal keyring specifically for the caching of DNS lookups. To enforce the use of this keyring, the module init routine creates a set of override credentials with the keyring installed as the thread keyring and instructs request_key() to only install lookup result keys in that keyring. The override is then applied around the call to request_key(). This has some additional benefits when a kernel service uses this module to request a key: (1) The result keys are owned by root, not the user that caused the lookup. (2) The result keys don't pop up in the user's keyrings. (3) The result keys don't come out of the quota of the user that caused the lookup. The keyring can be viewed as root by doing cat /proc/keys: 2a0ca6c3 I----- 1 perm 1f030000 0 0 keyring .dns_resolver: 1/4 It can then be listed with 'keyctl list' by root. # keyctl list 0x2a0ca6c3 1 key in keyring: 726766307: --alswrv 0 0 dns_resolver: foo.bar.com Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-and-Tested-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <smfrench@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | cifs: remove bogus first_time check in NTLMv2 session setup codeJeff Layton2010-06-161-9/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This bug appears to be the result of a cut-and-paste mistake from the NTLMv1 code. The function to generate the MAC key was commented out, but not the conditional above it. The conditional then ended up causing the session setup key not to be copied to the buffer unless this was the first session on the socket, and that made all but the first NTLMv2 session setup fail. Fix this by removing the conditional and all of the commented clutter that made it difficult to see. Cc: Stable <stable@kernel.org> Reported-by: Gunther Deschner <gdeschne@redhat.com> Signed-off-by: Jeff Layton <jlayton@redhat.com>
* | cifs: don't call cifs_new_fileinfo unless cifs_open succeedsJeff Layton2010-06-161-6/+11
| | | | | | | | | | | | | | | | | | | | | | | | It's currently possible for cifs_open to fail after it has already called cifs_new_fileinfo. In that situation, the new fileinfo will be leaked as the caller doesn't call fput. That in turn leads to a busy inodes after umount problem since the fileinfo holds an extra inode reference now. Shuffle cifs_open around a bit so that it only calls cifs_new_fileinfo if it's going to succeed. Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-and-Tested-by: Suresh Jayaraman <sjayaraman@suse.de>
* | cifs: don't ignore cifs_posix_open_inode_helper return valueSuresh Jayaraman2010-06-161-2/+2
| | | | | | | | | | | | | | ...and ensure that we propagate the error back to avoid any surprises. Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de> Reviewed-and-Tested-by: Jeff Layton <jlayton@redhat.com>
* | cifs: clean up arguments to cifs_open_inode_helperJeff Layton2010-06-161-16/+14
| | | | | | | | | | | | | | | | ...which takes a ton of unneeded arguments and does a lot more pointer dereferencing than is really needed. Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-and-Tested-by: Suresh Jayaraman <sjayaraman@suse.de>