Commit Graph

998424 Commits

Author SHA1 Message Date
Steve French fee742b502 smb3.1.1: enable negotiating stronger encryption by default
Now that stronger encryption (gcm256) has been more broadly
tested, and confirmed to work with multiple servers (Windows
and Azure for example), enable it by default.  Although gcm256 is
the second choice we offer (after gcm128 which should be faster),
this change allows mounts to server which are configured to
require the strongest encryption to work (without changing a module
load parameter).

Signed-off-by: Steve French <stfrench@microsoft.com>
Suggested-by: Ronnie Sahlberg <lsahlber@redhat.com>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
2021-04-27 23:18:40 -05:00
Steve French a8a6082d4a cifs: update internal version number
To 2.32

Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 23:59:27 -05:00
Steve French b8d64f8ced smb3: add rasize mount parameter to improve readahead performance
In some cases readahead of more than the read size can help
(to allow parallel i/o of read ahead which can improve performance).

Ceph introduced a mount parameter "rasize" to allow controlling this.
Add mount parameter "rasize" to allow control of amount of readahead
requested of the server. If rasize not set, rasize defaults to
negotiated rsize as before.

Reviewed-by: Shyam Prasad N <sprasad@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 23:59:08 -05:00
Steve French 423333bcba smb3: limit noisy error
For servers which don't support copy_range (SMB3 CopyChunk), the
logging of:
 CIFS: VFS: \\server\share refcpy ioctl error -95 getting resume key
can fill the client logs and make debugging real problems more
difficult.  Change the -EOPNOTSUPP on copy_range to a "warn once"

Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:24 -05:00
David Disseldorp 315db9a05b cifs: fix leak in cifs_smb3_do_mount() ctx
cifs_smb3_do_mount() calls smb3_fs_context_dup() and then
cifs_setup_volume_info(). The latter's subsequent smb3_parse_devname()
call overwrites the cifs_sb->ctx->UNC string already dup'ed by
smb3_fs_context_dup(), resulting in a leak. E.g.

unreferenced object 0xffff888002980420 (size 32):
  comm "mount", pid 160, jiffies 4294892541 (age 30.416s)
  hex dump (first 32 bytes):
    5c 5c 31 39 32 2e 31 36 38 2e 31 37 34 2e 31 30  \\192.168.174.10
    34 5c 72 61 70 69 64 6f 2d 73 68 61 72 65 00 00  4\rapido-share..
  backtrace:
    [<00000000069e12f6>] kstrdup+0x28/0x50
    [<00000000b61f4032>] smb3_fs_context_dup+0x127/0x1d0 [cifs]
    [<00000000c6e3e3bf>] cifs_smb3_do_mount+0x77/0x660 [cifs]
    [<0000000063467a6b>] smb3_get_tree+0xdf/0x220 [cifs]
    [<00000000716f731e>] vfs_get_tree+0x1b/0x90
    [<00000000491d3892>] path_mount+0x62a/0x910
    [<0000000046b2e774>] do_mount+0x50/0x70
    [<00000000ca7b64dd>] __x64_sys_mount+0x81/0xd0
    [<00000000b5122496>] do_syscall_64+0x33/0x40
    [<000000002dd397af>] entry_SYSCALL_64_after_hwframe+0x44/0xae

This change is a bandaid until the cifs_setup_volume_info() TODO and
error handling issues are resolved.

Signed-off-by: David Disseldorp <ddiss@suse.de>
Acked-by: Ronnie Sahlberg <lsahlber@redhat.com>
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
CC: <stable@vger.kernel.org> # v5.11+
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:24 -05:00
Muhammad Usama Anjum ad7567bc65 cifs: remove unnecessary copies of tcon->crfid.fid
pfid is being set to tcon->crfid.fid and they are copied in each other
multiple times. Remove the memcopy between same pointers - memory
locations.

Addresses-Coverity: ("Overlapped copy")
Fixes: 9e81e8ff74 ("cifs: return cached_fid from open_shroot")
Signed-off-by: Muhammad Usama Anjum <musamaanjum@gmail.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:24 -05:00
Paul Aurich 83728cbf36 cifs: Return correct error code from smb2_get_enc_key
Avoid a warning if the error percolates back up:

[440700.376476] CIFS VFS: \\otters.example.com crypt_message: Could not get encryption key
[440700.386947] ------------[ cut here ]------------
[440700.386948] err = 1
[440700.386977] WARNING: CPU: 11 PID: 2733 at /build/linux-hwe-5.4-p6lk6L/linux-hwe-5.4-5.4.0/lib/errseq.c:74 errseq_set+0x5c/0x70
...
[440700.397304] CPU: 11 PID: 2733 Comm: tar Tainted: G           OE     5.4.0-70-generic #78~18.04.1-Ubuntu
...
[440700.397334] Call Trace:
[440700.397346]  __filemap_set_wb_err+0x1a/0x70
[440700.397419]  cifs_writepages+0x9c7/0xb30 [cifs]
[440700.397426]  do_writepages+0x4b/0xe0
[440700.397444]  __filemap_fdatawrite_range+0xcb/0x100
[440700.397455]  filemap_write_and_wait+0x42/0xa0
[440700.397486]  cifs_setattr+0x68b/0xf30 [cifs]
[440700.397493]  notify_change+0x358/0x4a0
[440700.397500]  utimes_common+0xe9/0x1c0
[440700.397510]  do_utimes+0xc5/0x150
[440700.397520]  __x64_sys_utimensat+0x88/0xd0

Fixes: 61cfac6f26 ("CIFS: Fix possible use after free in demultiplex thread")
Signed-off-by: Paul Aurich <paul@darkrain42.org>
CC: stable@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:24 -05:00
Eugene Korenevsky a637f4ae03 cifs: fix out-of-bound memory access when calling smb3_notify() at mount point
If smb3_notify() is called at mount point of CIFS, build_path_from_dentry()
returns the pointer to kmalloc-ed memory with terminating zero (this is
empty FileName to be passed to SMB2 CREATE request). This pointer is assigned
to the `path` variable.
Then `path + 1` (to skip first backslash symbol) is passed to
cifs_convert_path_to_utf16(). This is incorrect for empty path and causes
out-of-bound memory access.

Get rid of this "increase by one". cifs_convert_path_to_utf16() already
contains the check for leading backslash in the path.

BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=212693
CC: <stable@vger.kernel.org> # v5.6+
Signed-off-by: Eugene Korenevsky <ekorenevsky@astralinux.ru>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:24 -05:00
Aurelien Aptel ccd48ec3d4 smb2: fix use-after-free in smb2_ioctl_query_info()
* rqst[1,2,3] is allocated in vars
* each rqst->rq_iov is also allocated in vars or using pooled memory

SMB2_open_free, SMB2_ioctl_free, SMB2_query_info_free are iterating on
each rqst after vars has been freed (use-after-free), and they are
freeing the kvec a second time (double-free).

How to trigger:

* compile with KASAN
* mount a share

$ smbinfo quota /mnt/foo
Segmentation fault
$ dmesg

 ==================================================================
 BUG: KASAN: use-after-free in SMB2_open_free+0x1c/0xa0
 Read of size 8 at addr ffff888007b10c00 by task python3/1200

 CPU: 2 PID: 1200 Comm: python3 Not tainted 5.12.0-rc6+ #107
 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.14.0-0-g155821a-rebuilt.opensuse.org 04/01/2014
 Call Trace:
  dump_stack+0x93/0xc2
  print_address_description.constprop.0+0x18/0x130
  ? SMB2_open_free+0x1c/0xa0
  ? SMB2_open_free+0x1c/0xa0
  kasan_report.cold+0x7f/0x111
  ? smb2_ioctl_query_info+0x240/0x990
  ? SMB2_open_free+0x1c/0xa0
  SMB2_open_free+0x1c/0xa0
  smb2_ioctl_query_info+0x2bf/0x990
  ? smb2_query_reparse_tag+0x600/0x600
  ? cifs_mapchar+0x250/0x250
  ? rcu_read_lock_sched_held+0x3f/0x70
  ? cifs_strndup_to_utf16+0x12c/0x1c0
  ? rwlock_bug.part.0+0x60/0x60
  ? rcu_read_lock_sched_held+0x3f/0x70
  ? cifs_convert_path_to_utf16+0xf8/0x140
  ? smb2_check_message+0x6f0/0x6f0
  cifs_ioctl+0xf18/0x16b0
  ? smb2_query_reparse_tag+0x600/0x600
  ? cifs_readdir+0x1800/0x1800
  ? selinux_bprm_creds_for_exec+0x4d0/0x4d0
  ? do_user_addr_fault+0x30b/0x950
  ? __x64_sys_openat+0xce/0x140
  __x64_sys_ioctl+0xb9/0xf0
  do_syscall_64+0x33/0x40
  entry_SYSCALL_64_after_hwframe+0x44/0xae
 RIP: 0033:0x7fdcf1f4ba87
 Code: b3 66 90 48 8b 05 11 14 2c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 13 2c 00 f7 d8 64 89 01 48
 RSP: 002b:00007ffef1ce7748 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
 RAX: ffffffffffffffda RBX: 00000000c018cf07 RCX: 00007fdcf1f4ba87
 RDX: 0000564c467c5590 RSI: 00000000c018cf07 RDI: 0000000000000003
 RBP: 00007ffef1ce7770 R08: 00007ffef1ce7420 R09: 00007fdcf0e0562b
 R10: 0000000000000100 R11: 0000000000000246 R12: 0000000000004018
 R13: 0000000000000001 R14: 0000000000000003 R15: 0000564c467c5590

 Allocated by task 1200:
  kasan_save_stack+0x1b/0x40
  __kasan_kmalloc+0x7a/0x90
  smb2_ioctl_query_info+0x10e/0x990
  cifs_ioctl+0xf18/0x16b0
  __x64_sys_ioctl+0xb9/0xf0
  do_syscall_64+0x33/0x40
  entry_SYSCALL_64_after_hwframe+0x44/0xae

 Freed by task 1200:
  kasan_save_stack+0x1b/0x40
  kasan_set_track+0x1c/0x30
  kasan_set_free_info+0x20/0x30
  __kasan_slab_free+0xe5/0x110
  slab_free_freelist_hook+0x53/0x130
  kfree+0xcc/0x320
  smb2_ioctl_query_info+0x2ad/0x990
  cifs_ioctl+0xf18/0x16b0
  __x64_sys_ioctl+0xb9/0xf0
  do_syscall_64+0x33/0x40
  entry_SYSCALL_64_after_hwframe+0x44/0xae

 The buggy address belongs to the object at ffff888007b10c00
  which belongs to the cache kmalloc-512 of size 512
 The buggy address is located 0 bytes inside of
  512-byte region [ffff888007b10c00, ffff888007b10e00)
 The buggy address belongs to the page:
 page:0000000044e14b75 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b10
 head:0000000044e14b75 order:2 compound_mapcount:0 compound_pincount:0
 flags: 0x100000000010200(slab|head)
 raw: 0100000000010200 ffffea000015f500 0000000400000004 ffff888001042c80
 raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
 page dumped because: kasan: bad access detected

 Memory state around the buggy address:
  ffff888007b10b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
  ffff888007b10b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 >ffff888007b10c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                    ^
  ffff888007b10c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
  ffff888007b10d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ==================================================================

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:24 -05:00
Aurelien Aptel 94b0595a8e cifs: export supported mount options via new mount_params /proc file
Can aid in making mount problems easier to diagnose

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:24 -05:00
Aurelien Aptel 24fedddc95 cifs: log mount errors using cifs_errorf()
This makes the errors accessible from userspace via dmesg and
the fs_context fd.

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:24 -05:00
Aurelien Aptel d9a8692277 cifs: add fs_context param to parsing helpers
Add fs_context param to parsing helpers to be able to log into it in
next patch.

Make some helper static as they are not used outside of fs_context.c

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:24 -05:00
Aurelien Aptel 9d4ac8b630 cifs: make fs_context error logging wrapper
This new helper will be used in the fs_context mount option parsing
code. It log errors both in:
* the fs_context log queue for userspace to read
* kernel printk buffer (dmesg, old behaviour)

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:24 -05:00
Ronnie Sahlberg 7fe6fe95b9 cifs: add FALLOC_FL_INSERT_RANGE support
Emulated via server side copy and setsize for
SMB3 and later. In the future we could compound
this (and/or optionally use DUPLICATE_EXTENTS
if supported by the server).

Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:24 -05:00
Ronnie Sahlberg 5476b5dd82 cifs: add support for FALLOC_FL_COLLAPSE_RANGE
Emulated for SMB3 and later via server side copy
and setsize. Eventually this could be compounded.

Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:24 -05:00
Ronnie Sahlberg f6d2353a50 cifs: check the timestamp for the cached dirent when deciding on revalidate
Improves directory metadata caching

Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:24 -05:00
Ronnie Sahlberg ed8561fa1d cifs: pass the dentry instead of the inode down to the revalidation check functions
Needed for the final patch in the directory caching series

Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:24 -05:00
Ronnie Sahlberg ed20f54a3c cifs: add a timestamp to track when the lease of the cached dir was taken
and clear the timestamp when we receive a lease break.

Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:23 -05:00
Ronnie Sahlberg 6ef4e9cbe1 cifs: add a function to get a cached dir based on its dentry
Needed for subsequent patches in the directory caching
series.

Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:23 -05:00
Ronnie Sahlberg 5e9c89d43f cifs: Grab a reference for the dentry of the cached directory during the lifetime of the cache
We need to hold both a reference for the root/superblock as well as the directory that we
are caching. We need to drop these references before we call kill_anon_sb().

At this point, the root and the cached dentries are always the same but this will change
once we start caching other directories as well.

Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:23 -05:00
Ronnie Sahlberg 269f67e1ff cifs: store a pointer to the root dentry in cifs_sb_info once we have completed mounting the share
And use this to only allow to take out a shared handle once the mount has completed and the
sb becomes available.
This will become important in follow up patches where we will start holding a reference to the
directory dentry for the shared handle during the lifetime of the handle.

Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:23 -05:00
Ronnie Sahlberg 45c0f1aabe cifs: rename the *_shroot* functions to *_cached_dir*
These functions will eventually be used to cache any directory, not just the root
so change the names.

Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:23 -05:00
Ronnie Sahlberg e6eb19504e cifs: pass a path to open_shroot and check if it is the root or not
Move the check for the directory path into the open_shroot() function
but still fail for any non-root directories.
This is preparation for later when we will start using the cache also
for other directories than the root.

Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:23 -05:00
Ronnie Sahlberg 4df3d976dd cifs: move the check for nohandlecache into open_shroot
instead of doing it in the callsites for open_shroot.

Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:23 -05:00
Al Viro 991e72eb0e cifs: switch build_path_from_dentry() to using dentry_path_raw()
The cost is that we might need to flip '/' to '\\' in more than
just the prefix.  Needs profiling, but I suspect that we won't
get slowdown on that.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:23 -05:00
Al Viro f6a9bc336b cifs: allocate buffer in the caller of build_path_from_dentry()
build_path_from_dentry() open-codes dentry_path_raw().  The reason
we can't use dentry_path_raw() in there (and postprocess the
result as needed) is that the callers of build_path_from_dentry()
expect that the object to be freed on cleanup and the string to
be used are at the same address.  That's painful, since the path
is naturally built end-to-beginning - we start at the leaf and
go through the ancestors, accumulating the pathname.

Life would be easier if we left the buffer allocation to callers.
It wouldn't be exact-sized buffer, but none of the callers keep
the result for long - it's always freed before the caller returns.
So there's no need to do exact-sized allocation; better use
__getname()/__putname(), same as we do for pathname arguments
of syscalls.  What's more, there's no need to do allocation under
spinlocks, so GFP_ATOMIC is not needed.

Next patch will replace the open-coded dentry_path_raw() (in
build_path_from_dentry_optional_prefix()) with calling the real
thing.  This patch only introduces wrappers for allocating/freeing
the buffers and switches to new calling conventions:
	build_path_from_dentry(dentry, buf)
expects buf to be address of a page-sized object or NULL,
return value is a pathname built inside that buffer on success,
ERR_PTR(-ENOMEM) if buf is NULL and ERR_PTR(-ENAMETOOLONG) if
the pathname won't fit into page.  Note that we don't need to
check for failure when allocating the buffer in the caller -
build_path_from_dentry() will do the right thing.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:23 -05:00
Al Viro 8e33cf20ce cifs: make build_path_from_dentry() return const char *
... and adjust the callers.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:23 -05:00
Al Viro f6f1f17907 cifs: constify pathname arguments in a bunch of helpers
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:23 -05:00
Al Viro 558691393a cifs: constify path argument of ->make_node()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:23 -05:00
Al Viro 9cfdb1c12b cifs: constify get_normalized_path() properly
As it is, it takes const char * and, in some cases, stores it in
caller's variable that is plain char *.  Fortunately, none of the
callers actually proceeded to modify the string via now-non-const
alias, but that's trouble waiting to happen.

It's easy to do properly, anyway...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:23 -05:00
Al Viro 8d76722355 cifs: don't cargo-cult strndup()
strndup(s, strlen(s)) is a highly unidiomatic way to spell strdup(s);
it's *NOT* safer in any way, since strlen() is just as sensitive to
NUL-termination as strdup() is.

strndup() is for situations when you need a copy of a known-sized
substring, not a magic security juju to drive the bad spirits away.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:23 -05:00
Steve French b9335f6210 SMB3: update structures for new compression protocol definitions
Protocol has been extended for additional compression headers.
See MS-SMB2 section 2.2.42

Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:23 -05:00
Aurelien Aptel ec4e4862a9 cifs: remove old dead code
While reviewing a patch clarifying locks and locking hierarchy I
realized some locks were unused.

This commit removes old data and code that isn't actually used
anywhere, or hidden in ifdefs which cannot be enabled from the kernel
config.

* The uid/gid trees and associated locks are left-overs from when
  uid/sid mapping had an extra caching layer on top of the keyring and
  are now unused.
  See commit faa65f07d2 ("cifs: simplify id_to_sid and sid_to_id mapping code")
  from 2012.

* cifs_oplock_break_ops is a left-over from when slow_work was remplaced
  by regular workqueue and is now unused.
  See commit 9b64697246 ("cifs: use workqueue instead of slow-work")
  from 2010.

* CIFSSMBSetAttrLegacy is SMB1 cruft dealing with some legacy
  NT4/Win9x behaviour.

* Remove CONFIG_CIFS_DNOTIFY_EXPERIMENTAL left-overs. This was already
  partially removed in 392e1c5dc9 ("cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP")
  from 2019. Kill it completely.

* Another candidate that was considered but spared is
  CONFIG_CIFS_NFSD_EXPORT which has an empty implementation and cannot
  be enabled by a config option (although it is listed but disabled with
  "BROKEN" as a dep). It's unclear whether this could even function
  today in its current form but it has it's own .c file and Kconfig
  entry which is a bit more involved to remove and might make a come
  back?

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:22 -05:00
Gustavo A. R. Silva 9f4c6eed26 cifs: cifspdu.h: Replace one-element array with flexible-array member
There is a regular need in the kernel to provide a way to declare having
a dynamically sized set of trailing elements in a structure. Kernel code
should always use “flexible array members”[1] for these cases. The older
style of one-element or zero-length arrays should no longer be used[2].

Also, this helps with the ongoing efforts to enable -Warray-bounds by
fixing the following warning:

  CC [M]  fs/cifs/cifssmb.o
fs/cifs/cifssmb.c: In function ‘CIFSFindNext’:
fs/cifs/cifssmb.c:4636:23: warning: array subscript 1 is above array bounds of ‘char[1]’ [-Warray-bounds]
 4636 |   pSMB->ResumeFileName[name_len+1] = 0;
      |   ~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~

[1] https://en.wikipedia.org/wiki/Flexible_array_member
[2] https://www.kernel.org/doc/html/v5.10/process/deprecated.html#zero-length-and-one-element-arrays

Link: https://github.com/KSPP/linux/issues/79
Link: https://github.com/KSPP/linux/issues/109
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:22 -05:00
Wan Jiabing 5e14c7240a fs: cifs: Remove repeated struct declaration
struct cifs_writedata is declared twice.
One is declared at 209th line.
And struct cifs_writedata is defined blew.
The declaration hear is not needed. Remove the duplicate.

Signed-off-by: Wan Jiabing <wanjiabing@vivo.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:22 -05:00
Aurelien Aptel 443dd65d48 Documentation/admin-guide/cifs: document open_files and dfscache
Add missing documentation for open_files and dfscache /proc files.

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:22 -05:00
Aurelien Aptel b7fd0fa0ea cifs: simplify SWN code with dummy funcs instead of ifdefs
This commit doesn't change the logic of SWN.

Add dummy implementation of SWN functions when SWN is disabled instead
of using ifdef sections.

The dummy functions get optimized out, this leads to clearer code and
compile time type-checking regardless of config options with no
runtime penalty.

Leave the simple ifdefs section as-is.

A single bitfield (bool foo:1) on its own will use up one int. Move
tcon->use_witness out of ifdefs with the other tcon bitfields.

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Samuel Cabrero <scabrero@suse.de>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:22 -05:00
Steve French bb9cad1b49 smb3: update protocol header definitions based to include new flags
[MS-SMB2] protocol specification was recently updated to include
new flags, new negotiate context and some minor changes to fields.
Update smb2pdu.h structure definitions to match the newest version
of the protocol specification.  Updates to the compression context
values will be in a followon patch.

Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:22 -05:00
Steve French edc9dd1e3c cifs: correct comments explaining internal semaphore usage in the module
A few of the semaphores had been removed, and one additional one
needed to be noted in the comments.

Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:22 -05:00
Jiapeng Chong 83cd9ed7ae cifs: Remove useless variable
Fix the following gcc warning:

fs/cifs/cifsacl.c:1097:8: warning: variable ‘nmode’ set but not used
[-Wunused-but-set-variable].

Reported-by: Abaci Robot <abaci@linux.alibaba.com>
Signed-off-by: Jiapeng Chong <jiapeng.chong@linux.alibaba.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:22 -05:00
jack1.li_cp c45adff786 cifs: Fix spelling of 'security'
secuirty -> security

Signed-off-by: jack1.li_cp <liliu1@yulong.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-04-25 16:28:22 -05:00
Linus Torvalds 9f4ad9e425 Linux 5.12 2021-04-25 13:49:08 -07:00
Linus Torvalds d2d09fbe33 perf tools fixes for v5.12: 4th batch
- Fix potential NULL pointer dereference in the auxtrace option parser.
 
 - Fix access to PID in an array when setting a PID filter in 'perf ftrace'.
 
 - Fix error return code in the 'perf data' tool and in maps__clone(),
   found using a static analysis tool from Huawei.
 
 Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQR2GiIUctdOfX2qHhGyPKLppCJ+JwUCYIV2gQAKCRCyPKLppCJ+
 JxlaAP9OUoT+/2lsgnMcU5b+m18TNR4RSTZwfmPszpeyOlfaEgD/YDB8OErUA5VT
 VxtLeyOisker3EwZFHzYhN7hxqh9sgU=
 =wvGY
 -----END PGP SIGNATURE-----

Merge tag 'perf-tools-fixes-for-v5.12-2021-04-25' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux

Pull perf tools fixes from Arnaldo Carvalho de Melo:

 - Fix potential NULL pointer dereference in the auxtrace option parser

 - Fix access to PID in an array when setting a PID filter in 'perf ftrace'

 - Fix error return code in the 'perf data' tool and in maps__clone(),
   found using a static analysis tool from Huawei

* tag 'perf-tools-fixes-for-v5.12-2021-04-25' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
  perf map: Fix error return code in maps__clone()
  perf ftrace: Fix access to pid in array when setting a pid filter
  perf auxtrace: Fix potential NULL pointer dereference
  perf data: Fix error return code in perf_data__create_dir()
2021-04-25 09:48:46 -07:00
Linus Torvalds 24dfc39007 - Fix BDW Xeon's stepping in the PEBS isolation table of CPUs
- Fix a panic when initializing perf uncore machinery on HSW and BDW servers
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmCFOhsACgkQEsHwGGHe
 VUppNA/+OqvGd0hye+LXlRYULqojOMmqDublMswx9KfUCpwTy3bysECt+Z9MIdZD
 6GHZ/6xd1/O5LG9EDJV7Mr66EIor2aDKnbMB8+VZhG4rF8+hk/03CKiqN+Xr6gTR
 cQn30RUS1E9e4z5sswa49LZJnFRuKxhcCMjv9lVvsiPeGhEkbECZqCkwFbWv9cwE
 /AqM4bmiRhSFWPHox6Iy9ixPYbcRf1muwqZF2Nwl129F4gxfWio3bNrupAkHGDG/
 KEbIDPaPxJ56eyLC1DfxIcfB/7FIwGHFZ5iduIqZ9nVReuSFgHo5OyPKP5a3OPFA
 yygdnC3woDfLw9KbBO3R7GhN8OXwT+y6qPV3YpHnze63GZ4acAVcaE3ZiOL/IDQk
 XY1owlNNlJFg7ibtbXNOYA9B1iLS4uG9yd5h3lzb2R2FYxUNy4towE/+d4cu6pt/
 FP5JCyTDSMUHs4t33E4wV19ytUl58dKkuZTCAAn9E0GLQVeIQkw/QARSkClATUie
 GKQqxfZt8BbLr/PPk++aFeNXDPnp0sPuxBIDzx/bmoDsPTJmsc7GFGm/DpZS6PQD
 m9qxrUProT0ITKhc3BeEunW6tjaycwt6BwXCfJuBtgLTR7UsccQaid8AEQ9hDFKz
 ihKgQsBoTvNT6EP6v0IIC2bfp2U5GNWVAx6PjFHaCuLZQ7h/Rsk=
 =H1RU
 -----END PGP SIGNATURE-----

Merge tag 'perf_urgent_for_v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 perf fixes from Borislav Petkov:

 - Fix Broadwell Xeon's stepping in the PEBS isolation table of CPUs

 - Fix a panic when initializing perf uncore machinery on Haswell and
   Broadwell servers

* tag 'perf_urgent_for_v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf/x86/kvm: Fix Broadwell Xeon stepping in isolation_ucodes[]
  perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3
2021-04-25 09:42:06 -07:00
Linus Torvalds 0146da0d4c - Fix ordering in the queued writer lock's slowpath.
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmCFOD4ACgkQEsHwGGHe
 VUrwChAAr3r3Qr60WDUVTtbx0TS+d7Rk+aq63DhN6PvFADMlZe3PfjRFnw9bamIO
 hgf/65+BsYPTbO8w9CdSdgrv00oVw0v1pbYVdIAJDBzzwrG489gjJxozrIgQHU+X
 ixpxnG7R8e4dZrA4Q/ip2EZYRwGfWyO1H2Z1K6/W/sSk3HGi2EKa3+4BGBIhVtnI
 K81ckR59H+/+Fi8D3PZozK0HmC1XXKuoA5I0Yx0mgivy6i1XQ6UPohgWLXW76uae
 JtvbC2E9APhlYaRlIzdAAA7bx2REvyic6JjfTR515llIo3X2npVWlbusipjQdnOG
 enuFmHCCu49z9IAgGzI/ez+jEC41/SwJtma6lyDlcrW8j3Ovw5j6eMju14rrZD72
 8wqFXll7eAoFNbln0H9xUwvOVVWeIvMbF0+WluFWMsX5nDY4XRnEtYa24XPdeOFA
 aDhtuSmyQzcLi/mzgOU9q3dg/VKPb4i9XROwaXtJXXD8GVzbN2i5yOMleLmfHJ0K
 e1o/qc4VFItF+nCyp0v+yqEB8sQ23zRWiuw7zE1PvolBsULp+gO1lmJIJvSwaGaB
 nKJ04k7AvdkK82926cjfnhC6TvsOdHMWsdFBq+J/01bSnFGXwtzSJ6qoFTCts3TX
 zi7E5u+TEDAa4EZ4eO4Ds0yaKdJ0tBncoKUDLkTg7M98dLqv+dI=
 =GDTe
 -----END PGP SIGNATURE-----

Merge tag 'locking_urgent_for_v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull locking fix from Borislav Petkov:
 "Fix ordering in the queued writer lock's slowpath"

* tag 'locking_urgent_for_v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  locking/qrwlock: Fix ordering in queued_write_lock_slowpath()
2021-04-25 09:10:10 -07:00
Linus Torvalds 682b26bd80 - Fix a typo in a macro ifdeffery.
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmCFNfAACgkQEsHwGGHe
 VUoebg//cZf3az92fY7OTPOvEZrE1PgZhSYWDnjt6++1LSzOowh2lIXobPXfrFtF
 UAVojnqNZMEvV2CbUtpXMI9WGXyi6JdpeFI40wpfFvX5EaZkMlKtTG8q7jmGzus1
 akysbFmI3KwKT7ifu2Jmb7Olf4kaG+WfEP39E9s0TG20eCeduz4xSvfWo8OFesIY
 BZX1WC5xsdoCk2nlF2SQXqVr6tUxTrW5JumG2yS7cOzFEYTWODzza/BephmuMRgv
 /KeAEBPRzTY8mtdnERWaeH8cm2HvR6nlcblRYIL16B9StwFSPo1CMBV3FOd5gMhy
 l5JFR7j/AiL4LSaAOUbZffoIGl03nrTnVt+/GTGCbj4dScIVM5Cscx2exJx9oWuO
 vqF6LOq7yILK/OmN1/d+uiBSmBiQ1i9tuuKl1o8CWVRmh2WaDPh0VPnVAtrfqrKZ
 lTb6r8rFGywn7Zczdx7imjgxEYRJFqZXeR9Vr390Q7qc4uyNUrBOQWEWNeU+PbJc
 dJT0enVgUooNjjw/1piEyJ8e851JGOdYFmhBV92mdD7htCceJEBHwqI/hVY4OPzE
 BVxnojxrosEwBYqkA3ysdjzqWk7h1dhiRY4E9HD8Rc3hL2TqH1qlzfvjCBsZdjPS
 IqOlXUCsekBaGTNpAWa63slpfybwjt/tTW5m3NaEQ88Yvt9Ikj0=
 =D4bF
 -----END PGP SIGNATURE-----

Merge tag 'sched_urgent_for_v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull scheduler fix from Borislav Petkov:
 "Fix a typo in a macro ifdeffery"

* tag 'sched_urgent_for_v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  preempt/dynamic: Fix typo in macro conditional statement
2021-04-25 09:08:19 -07:00
Linus Torvalds 11fac7a004 - Fix an out-of-bounds memory access when setting up a crash kernel with kexec.
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmCFNHgACgkQEsHwGGHe
 VUqfPQ/+PdSjMIAiMoc8tFz5jMM6ci2+yI+Gl+AjUBzt33rtId4y1dPxHU/Olis/
 t80I6jvBuChYAfdZ+zL7eBw2z1aXTUifyFNduO//UK5Lf4njme+GSh8RFrd8NyfW
 +FkXFoG6KGsEWRdCoEHHB1p3gmQh6MIoE/8rmp9C2ursAH8xRbqtRw9teAvEln8Z
 nqZDM9eHat6GhAv+Up3dYAltHK4E/FfrOAcdrSrEbakvHiCw+rLXTw2a3997GMnW
 9SrXrEbiy0jKIkQ3pIfYUfv9FZt8qCeO5HpscBM1QeWWxUvLobiBzp3LzDki4Lo9
 ZV5ygvZt3sJOWzxkIP2b4oaryySI7Y6MKLpWdAuzoQe8hZ52SqJaWWY82MD+K5gL
 dDvWYXEn1Ml1mk5aruAhpxM1OIFuC0qpTFFzug8WPaal/wSNjApAg1pEbjko9kgF
 7W14B1UYj+M+NC92FPdYsHBApuk4Y20gD4WZ5hYKqlOrxZ9gNNP82hxxkmnZPL2x
 OB35H61whSGnICDYdBLO6pol68GA65BTQQAhEOXY7pNi2nD45Qtu4Zwfv4tL5+yu
 j+Jb3tDAlogTidsn5xl3XArSBhc3aK2VlPcxOA9/R8rv5ct+na9kBkAe7zYiii1Y
 pNf6vkyYrW825A7SwyNhP0CKJmLHzMk6jbeQ1PKQaNO9UR0GxH4=
 =oSCg
 -----END PGP SIGNATURE-----

Merge tag 'x86_urgent_for_v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 fix from Borislav Petkov:
 "Fix an out-of-bounds memory access when setting up a crash kernel with
  kexec"

* tag 'x86_urgent_for_v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access
2021-04-25 09:02:13 -07:00
Linus Torvalds 2a1d7946fa SRCU bug introduced in the merge window
-----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmCDNcIUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroOiHwf/Za0UAgNc3Vuk+8PU6tBHOuLYt87o
 Td1LHbiuBjbNMC17NRCD5maZ+E2d5+5kvOSBLykcZ7/O/hCrdnAsGp5WdIJ+1gz6
 Z3xMUHxzvlD3nFBIH+osQGaHFauNkoLzIBs4KQvGgWG1Lck38MKdJ+8P44uoTPHx
 Iz+vWX3Y2uN707XO7sciyl8R9jVI3RQYYMZyaf+kCjQCB1loFGvLd+37b4dwwB9c
 MIA8AkGWV0es+QFIkgc6TriA2zh02rRkCGzmuwsh2KpzgPHSFf96QZiSoCPFL/YP
 t8EstrsXiCUikLRkcS4QFSDqLhiDAnG8SQeNM+8V5YENNRZoXrmyC3E9ww==
 =bBbH
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull kvm fix from Paolo Bonzini:
 "Fix SRCU bug introduced in the merge window"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: x86/xen: Take srcu lock when accessing kvm_memslots()
2021-04-24 09:40:18 -07:00
Linus Torvalds 799bac5512 Revert "net/rds: Avoid potential use after free in rds_send_remove_from_sock"
This reverts commit 0c85a7e874.

The games with 'rm' are on (two separate instances) of a local variable,
and make no difference.

Quoting Aditya Pakki:
 "I was the author of the patch and it was the cause of the giant UMN
  revert.

  The patch is garbage and I was unaware of the steps involved in
  retracting it. I *believed* the maintainers would pull it, given it
  was already under Greg's list. The patch does not introduce any bugs
  but is pointless and is stupid. I accept my incompetence and for not
  requesting a revert earlier."

Link: https://lwn.net/Articles/854319/
Requested-by: Aditya Pakki <pakki001@umn.edu>
Cc: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2021-04-24 09:32:35 -07:00
Linus Torvalds 8db5efb83f Late pin control fixes for v5.12:
- Fix the number of pins in the community of the Intel
   Lewisburg SoC.
 
 - Show pin numbers for controllers with base = 0 in the
   new debugfs feature.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEElDRnuGcz/wPCXQWMQRCzN7AZXXMFAmCDVSEACgkQQRCzN7AZ
 XXMZFA//TOed1OfNe3FOxNMZ9bTemv/SQJYLrfcfT+m0VzDp27N07aywCW47axVF
 63udoLzJvPFhp8hTJabr2bsxHZ4A51k49YDJLbIEh1ZTuuLuzaWl2rSuNKCY/ogT
 Kvqjb8/c73TC7sbV24z1dBefHP34wFHB2BEJHogwiS7Z2Jdyb0i5G5G/dcjRtzkB
 y8JGLfYsSOygccOzSqlkAbAPni7ktzbf0AiDcaGdP5lgBWeiEjROZpncLmsMV5Dn
 vgzdT3PYNctjEDz/pUlwHr+VUER2ybDzz9s87TbB0p6gyWUqsV1Uaq38YxvP/qx8
 n50JOERhG/216yFvXZCWmA1Znx/tPew9ys7hdDFGcyzUfr1yyQRkgSTLg5NV//TB
 aTBb/qaXC8NtNXhiQZtLLKxFnizvMDtFj6e5ljfAA9Pj7yxfxfFb+1bwQn045nsN
 q4OZ9TegYAIarBAFZn4jcrxSrA5ep3qaYi1p4JhdayPzF5w+SMeWMX5wlpTLaERB
 sts8uBuPa2/LOPXRsdfERPFA5YZKTTcfy70DMP2z0O+UwLCntp7119e3FfefhyaQ
 97aocxhR+tKa46Nk0HbU1G9cTNkL2FFnnIP3cRvkY409KGppcxGKIeJLwNSTYwKo
 fsxbPywM1VegAQQWjl7TNIQYmIqL5CdTbF6gvsYq0q4h9rw8scM=
 =zhfn
 -----END PGP SIGNATURE-----

Merge tag 'pinctrl-v5.12-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl

Pull pin control fixes from Linus Walleij:
 "Late pin control fixes, would have been in the main pull request
  normally but hey I got lucky and we got another week to polish up
  v5.12 so here we go.

  One driver fix and one making the core debugfs work:

   - Fix the number of pins in the community of the Intel Lewisburg SoC

   - Show pin numbers for controllers with base = 0 in the new debugfs
     feature"

* tag 'pinctrl-v5.12-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
  pinctrl: core: Show pin numbers for the controllers with base = 0
  pinctrl: lewisburg: Update number of pins in community
2021-04-23 17:11:10 -07:00