From f01d5e14e764b14b6bf5512678523d009254b209 Mon Sep 17 00:00:00 2001 From: Steve French Date: Thu, 30 Aug 2007 21:13:31 +0000 Subject: [CIFS] fix for incorrect session reconnects cifs reconnect could end up happening incorrectly due to the small initial tcp recvmsg response. When the socket was within three bytes of being full and the recvmsg returned only 1 to 3 bytes of the initial 4 byte read of the RFC1001 length field. Fortunately this seems to be less common on more current kernels, but this fixes it so cifs tries to retrieve all 4 bytes of the initial tcp read. Signed-off-by: Shirish Pargoankar Signed-off-by: Steve French --- fs/cifs/connect.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'fs/cifs/connect.c') diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 4af3588c1a9..8af993f8d0c 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -400,9 +400,11 @@ cifs_demultiplex_thread(struct TCP_Server_Info *server) iov.iov_len = 4; smb_msg.msg_control = NULL; smb_msg.msg_controllen = 0; + pdu_length = 4; /* enough to get RFC1001 header */ +incomplete_rcv: length = kernel_recvmsg(csocket, &smb_msg, - &iov, 1, 4, 0 /* BB see socket.h flags */); + &iov, 1, pdu_length, 0 /* BB other flags? */); if ( kthread_should_stop() ) { break; @@ -437,13 +439,12 @@ cifs_demultiplex_thread(struct TCP_Server_Info *server) wake_up(&server->response_q); continue; } else if (length < 4) { - cFYI(1, - ("Frame under four bytes received (%d bytes long)", + cFYI(1, ("less than four bytes received (%d bytes)", length)); + pdu_length -= length; cifs_reconnect(server); - csocket = server->ssocket; - wake_up(&server->response_q); - continue; + msleep(1); + goto incomplete_rcv; } /* The right amount was read from socket - 4 bytes */ -- cgit v1.2.3 From 26f57364d7cdef9d7ebe27c931fff5e4f21ffb1c Mon Sep 17 00:00:00 2001 From: Steve French Date: Thu, 30 Aug 2007 22:09:15 +0000 Subject: [CIFS] formatting cleanup found by checkpatch Signed-off-by: Steve French --- fs/cifs/connect.c | 48 ++++++++++++++++++++---------------------------- 1 file changed, 20 insertions(+), 28 deletions(-) (limited to 'fs/cifs/connect.c') diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 8af993f8d0c..3dd2d23e064 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -124,7 +124,7 @@ cifs_reconnect(struct TCP_Server_Info *server) struct mid_q_entry *mid_entry; spin_lock(&GlobalMid_Lock); - if ( kthread_should_stop() ) { + if (kthread_should_stop()) { /* the demux thread will exit normally next time through the loop */ spin_unlock(&GlobalMid_Lock); @@ -151,9 +151,8 @@ cifs_reconnect(struct TCP_Server_Info *server) } list_for_each(tmp, &GlobalTreeConnectionList) { tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList); - if ((tcon) && (tcon->ses) && (tcon->ses->server == server)) { + if ((tcon) && (tcon->ses) && (tcon->ses->server == server)) tcon->tidStatus = CifsNeedReconnect; - } } read_unlock(&GlobalSMBSeslock); /* do not want to be sending data on a socket we are freeing */ @@ -187,7 +186,7 @@ cifs_reconnect(struct TCP_Server_Info *server) spin_unlock(&GlobalMid_Lock); up(&server->tcpSem); - while ( (!kthread_should_stop()) && (server->tcpStatus != CifsGood)) { + while ((!kthread_should_stop()) && (server->tcpStatus != CifsGood)) { try_to_freeze(); if (server->protocolType == IPV6) { rc = ipv6_connect(&server->addr.sockAddr6, @@ -204,7 +203,7 @@ cifs_reconnect(struct TCP_Server_Info *server) } else { atomic_inc(&tcpSesReconnectCount); spin_lock(&GlobalMid_Lock); - if ( !kthread_should_stop() ) + if (!kthread_should_stop()) server->tcpStatus = CifsGood; server->sequence_number = 0; spin_unlock(&GlobalMid_Lock); @@ -358,11 +357,9 @@ cifs_demultiplex_thread(struct TCP_Server_Info *server) length = tcpSesAllocCount.counter; write_unlock(&GlobalSMBSeslock); complete(&cifsd_complete); - if (length > 1) { - mempool_resize(cifs_req_poolp, - length + cifs_min_rcv, - GFP_KERNEL); - } + if (length > 1) + mempool_resize(cifs_req_poolp, length + cifs_min_rcv, + GFP_KERNEL); set_freezable(); while (!kthread_should_stop()) { @@ -378,7 +375,7 @@ cifs_demultiplex_thread(struct TCP_Server_Info *server) } } else if (isLargeBuf) { /* we are reusing a dirty large buf, clear its start */ - memset(bigbuf, 0, sizeof (struct smb_hdr)); + memset(bigbuf, 0, sizeof(struct smb_hdr)); } if (smallbuf == NULL) { @@ -391,7 +388,7 @@ cifs_demultiplex_thread(struct TCP_Server_Info *server) } /* beginning of smb buffer is cleared in our buf_get */ } else /* if existing small buf clear beginning */ - memset(smallbuf, 0, sizeof (struct smb_hdr)); + memset(smallbuf, 0, sizeof(struct smb_hdr)); isLargeBuf = FALSE; isMultiRsp = FALSE; @@ -406,7 +403,7 @@ incomplete_rcv: kernel_recvmsg(csocket, &smb_msg, &iov, 1, pdu_length, 0 /* BB other flags? */); - if ( kthread_should_stop() ) { + if (kthread_should_stop()) { break; } else if (server->tcpStatus == CifsNeedReconnect) { cFYI(1, ("Reconnect after server stopped responding")); @@ -505,7 +502,7 @@ incomplete_rcv: /* else we have an SMB response */ if ((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) || - (pdu_length < sizeof (struct smb_hdr) - 1 - 4)) { + (pdu_length < sizeof(struct smb_hdr) - 1 - 4)) { cERROR(1, ("Invalid size SMB length %d pdu_length %d", length, pdu_length+4)); cifs_reconnect(server); @@ -529,7 +526,7 @@ incomplete_rcv: total_read += length) { length = kernel_recvmsg(csocket, &smb_msg, &iov, 1, pdu_length - total_read, 0); - if ( kthread_should_stop() || + if (kthread_should_stop() || (length == -EINTR)) { /* then will exit */ reconnect = 2; @@ -632,9 +629,9 @@ multi_t2_fnd: /* Was previous buf put in mpx struct for multi-rsp? */ if (!isMultiRsp) { /* smb buffer will be freed by user thread */ - if (isLargeBuf) { + if (isLargeBuf) bigbuf = NULL; - } else + else smallbuf = NULL; } wake_up_process(task_to_wake); @@ -703,9 +700,8 @@ multi_t2_fnd: list_for_each(tmp, &GlobalSMBSessionList) { ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList); - if (ses->server == server) { + if (ses->server == server) ses->status = CifsExiting; - } } spin_lock(&GlobalMid_Lock); @@ -715,9 +711,8 @@ multi_t2_fnd: cFYI(1, ("Clearing Mid 0x%x - waking up ", mid_entry->mid)); task_to_wake = mid_entry->tsk; - if (task_to_wake) { + if (task_to_wake) wake_up_process(task_to_wake); - } } } spin_unlock(&GlobalMid_Lock); @@ -750,18 +745,15 @@ multi_t2_fnd: list_for_each(tmp, &GlobalSMBSessionList) { ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList); - if (ses->server == server) { + if (ses->server == server) ses->server = NULL; - } } write_unlock(&GlobalSMBSeslock); kfree(server); - if (length > 0) { - mempool_resize(cifs_req_poolp, - length + cifs_min_rcv, - GFP_KERNEL); - } + if (length > 0) + mempool_resize(cifs_req_poolp, length + cifs_min_rcv, + GFP_KERNEL); return 0; } -- cgit v1.2.3 From 77159b4df894f9e5e31f709fb0e5e52f6c1b1048 Mon Sep 17 00:00:00 2001 From: Steve French Date: Fri, 31 Aug 2007 01:10:17 +0000 Subject: [CIFS] Fix warnings shown by newer version of sparse Signed-off-by: Steve French --- fs/cifs/connect.c | 61 +++++++++++++++++++++++++------------------------------ 1 file changed, 28 insertions(+), 33 deletions(-) (limited to 'fs/cifs/connect.c') diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 3dd2d23e064..f58fef5878c 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -2972,36 +2972,32 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, SecurityBlob->DomainName.Length = 0; SecurityBlob->DomainName.MaximumLength = 0; } else { - __u16 len = - cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64, + __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64, nls_codepage); - len *= 2; + ln *= 2; SecurityBlob->DomainName.MaximumLength = - cpu_to_le16(len); + cpu_to_le16(ln); SecurityBlob->DomainName.Buffer = cpu_to_le32(SecurityBlobLength); - bcc_ptr += len; - SecurityBlobLength += len; - SecurityBlob->DomainName.Length = - cpu_to_le16(len); + bcc_ptr += ln; + SecurityBlobLength += ln; + SecurityBlob->DomainName.Length = cpu_to_le16(ln); } if (user == NULL) { SecurityBlob->UserName.Buffer = 0; SecurityBlob->UserName.Length = 0; SecurityBlob->UserName.MaximumLength = 0; } else { - __u16 len = - cifs_strtoUCS((__le16 *) bcc_ptr, user, 64, + __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, user, 64, nls_codepage); - len *= 2; + ln *= 2; SecurityBlob->UserName.MaximumLength = - cpu_to_le16(len); + cpu_to_le16(ln); SecurityBlob->UserName.Buffer = cpu_to_le32(SecurityBlobLength); - bcc_ptr += len; - SecurityBlobLength += len; - SecurityBlob->UserName.Length = - cpu_to_le16(len); + bcc_ptr += ln; + SecurityBlobLength += ln; + SecurityBlob->UserName.Length = cpu_to_le16(ln); } /* SecurityBlob->WorkstationName.Length = @@ -3045,33 +3041,32 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, SecurityBlob->DomainName.Length = 0; SecurityBlob->DomainName.MaximumLength = 0; } else { - __u16 len; + __u16 ln; negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED; strncpy(bcc_ptr, domain, 63); - len = strnlen(domain, 64); + ln = strnlen(domain, 64); SecurityBlob->DomainName.MaximumLength = - cpu_to_le16(len); + cpu_to_le16(ln); SecurityBlob->DomainName.Buffer = cpu_to_le32(SecurityBlobLength); - bcc_ptr += len; - SecurityBlobLength += len; - SecurityBlob->DomainName.Length = cpu_to_le16(len); + bcc_ptr += ln; + SecurityBlobLength += ln; + SecurityBlob->DomainName.Length = cpu_to_le16(ln); } if (user == NULL) { SecurityBlob->UserName.Buffer = 0; SecurityBlob->UserName.Length = 0; SecurityBlob->UserName.MaximumLength = 0; } else { - __u16 len; + __u16 ln; strncpy(bcc_ptr, user, 63); - len = strnlen(user, 64); - SecurityBlob->UserName.MaximumLength = - cpu_to_le16(len); + ln = strnlen(user, 64); + SecurityBlob->UserName.MaximumLength = cpu_to_le16(ln); SecurityBlob->UserName.Buffer = - cpu_to_le32(SecurityBlobLength); - bcc_ptr += len; - SecurityBlobLength += len; - SecurityBlob->UserName.Length = cpu_to_le16(len); + cpu_to_le32(SecurityBlobLength); + bcc_ptr += ln; + SecurityBlobLength += ln; + SecurityBlob->UserName.Length = cpu_to_le16(ln); } /* BB fill in our workstation name if known BB */ @@ -3138,8 +3133,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, } else { remaining_words = BCC(smb_buffer_response) / 2; } - len = - UniStrnlen((wchar_t *) bcc_ptr,remaining_words - 1); + len = UniStrnlen((wchar_t *) bcc_ptr, + remaining_words - 1); /* We look for obvious messed up bcc or strings in response so we do not go off the end since (at least) WIN2K and Windows XP have a major bug in not null terminating last Unicode string in response */ @@ -3223,7 +3218,7 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, <= BCC(smb_buffer_response)) { if (ses->serverOS) kfree(ses->serverOS); - ses->serverOS = kzalloc(len + 1,GFP_KERNEL); + ses->serverOS = kzalloc(len + 1, GFP_KERNEL); strncpy(ses->serverOS,bcc_ptr, len); bcc_ptr += len; -- cgit v1.2.3 From 638b250766272fcaaa0f7ed2776f58f4ac701914 Mon Sep 17 00:00:00 2001 From: Steve French Date: Sat, 15 Sep 2007 02:35:51 +0000 Subject: [CIFS] typo in earlier cifs_reconnect fix Signed-off-by: Steve French --- fs/cifs/connect.c | 1 - 1 file changed, 1 deletion(-) (limited to 'fs/cifs/connect.c') diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index f58fef5878c..a83684d8eb5 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -439,7 +439,6 @@ incomplete_rcv: cFYI(1, ("less than four bytes received (%d bytes)", length)); pdu_length -= length; - cifs_reconnect(server); msleep(1); goto incomplete_rcv; } -- cgit v1.2.3 From 88f370a688e765de9755a343702ca04e6817e5f5 Mon Sep 17 00:00:00 2001 From: Steve French Date: Sat, 15 Sep 2007 03:01:17 +0000 Subject: [CIFS] Fix potential NULL pointer usage if kzalloc fails Potential problem was noticed by Cyrill Gorcunov CC: Cyrill Gorcunov Signed-off-by: Steve French --- fs/cifs/connect.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'fs/cifs/connect.c') diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index a83684d8eb5..5f2ec194677 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -3386,9 +3386,11 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses, kfree(tcon->nativeFileSystem); tcon->nativeFileSystem = kzalloc(length + 2, GFP_KERNEL); - cifs_strfromUCS_le(tcon->nativeFileSystem, - (__le16 *) bcc_ptr, - length, nls_codepage); + if (tcon->nativeFileSystem) + cifs_strfromUCS_le( + tcon->nativeFileSystem, + (__le16 *) bcc_ptr, + length, nls_codepage); bcc_ptr += 2 * length; bcc_ptr[0] = 0; /* null terminate the string */ bcc_ptr[1] = 0; @@ -3403,8 +3405,9 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses, kfree(tcon->nativeFileSystem); tcon->nativeFileSystem = kzalloc(length + 1, GFP_KERNEL); - strncpy(tcon->nativeFileSystem, bcc_ptr, - length); + if (tcon->nativeFileSystem) + strncpy(tcon->nativeFileSystem, bcc_ptr, + length); } /* else do not bother copying these information fields*/ } -- cgit v1.2.3 From 5a44b3190e3441986648ff664ef045685995324b Mon Sep 17 00:00:00 2001 From: Steve French Date: Thu, 20 Sep 2007 15:16:24 +0000 Subject: [CIFS] Add warning message when broken server fails SetFSInfo call A reasonably common NAS server returns an error on the SetFSInfo of the Unix capabilities. Log a message for this alerting the user that the server may have problems with the Unix extensions, and telling them what they can do to workaround it. Unfortunately the server does not return other clues that we could easily use to turn the Unix Extension support off automatically in this case (since they claim to support it). Signed-off-by: Steve French --- fs/cifs/connect.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'fs/cifs/connect.c') diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 5f2ec194677..73ed9fcab82 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -1742,7 +1742,16 @@ void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon, cFYI(1, ("very large write cap")); #endif /* CIFS_DEBUG2 */ if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) { - cFYI(1, ("setting capabilities failed")); + if (vol_info == NULL) + cFYI(1, ("resetting capabilities failed")); + else + cERROR(1, ("Negotiating Unix capabilities " + "with the server failed. Consider " + "mounting with the Unix Extensions\n" + "disabled, if problems are found, " + "by specifying the nounix mount " + "option."); + } } } -- cgit v1.2.3 From 2224f4e5d5317552d48ce9059761148b1516ba5d Mon Sep 17 00:00:00 2001 From: Steve French Date: Thu, 20 Sep 2007 15:37:29 +0000 Subject: [CIFS] fix typo in previous commit Signed-off-by: Steve French --- fs/cifs/connect.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'fs/cifs/connect.c') diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 73ed9fcab82..5c3cc6487e5 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -1750,7 +1750,7 @@ void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon, "mounting with the Unix Extensions\n" "disabled, if problems are found, " "by specifying the nounix mount " - "option."); + "option.")); } } -- cgit v1.2.3 From 442aa310f3bc49cf4e059da790fbae62411d50db Mon Sep 17 00:00:00 2001 From: Steve French Date: Mon, 24 Sep 2007 20:25:46 +0000 Subject: [CIFS] Support for CIFS ACLs (part 1) Add code to be able to dump CIFS ACL information when Query Posix ACL with cifsacl mount parm enabled. Signed-off-by: Shirish Pargoankar Signed-off-by: Steve French --- fs/cifs/connect.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'fs/cifs/connect.c') diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 5c3cc6487e5..e43cb880f54 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -1742,9 +1742,9 @@ void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon, cFYI(1, ("very large write cap")); #endif /* CIFS_DEBUG2 */ if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) { - if (vol_info == NULL) + if (vol_info == NULL) { cFYI(1, ("resetting capabilities failed")); - else + } else cERROR(1, ("Negotiating Unix capabilities " "with the server failed. Consider " "mounting with the Unix Extensions\n" -- cgit v1.2.3 From 7f8ed420f80c91176dfd27c8089f22cab5c9ba78 Mon Sep 17 00:00:00 2001 From: Steve French Date: Fri, 28 Sep 2007 22:28:55 +0000 Subject: [CIFS] CIFS support for named pipes (part 1) This allows cifs to mount to ipc shares (IPC$) which will allow user space applications to layer over authenticated cifs connections (useful for Wine and others that would want to put DCE/RPC over CIFS or run CIFS named pipes) Acked-by: Rob Shearman Signed-off-by: Steve French --- fs/cifs/connect.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'fs/cifs/connect.c') diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index e43cb880f54..21cac15ed9a 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -2186,8 +2186,10 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, tcon->ses = pSesInfo; /* do not care if following two calls succeed - informational */ - CIFSSMBQFSDeviceInfo(xid, tcon); - CIFSSMBQFSAttributeInfo(xid, tcon); + if (!tcon->ipc) { + CIFSSMBQFSDeviceInfo(xid, tcon); + CIFSSMBQFSAttributeInfo(xid, tcon); + } /* tell server which Unix caps we support */ if (tcon->ses->capabilities & CAP_UNIX) @@ -3385,6 +3387,18 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses, bcc_ptr = pByteArea(smb_buffer_response); length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2); /* skip service field (NB: this field is always ASCII) */ + if (length == 3) { + if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') && + (bcc_ptr[2] == 'C')) { + cFYI(1, ("IPC connection")); + tcon->ipc = 1; + } + } else if (length == 2) { + if ((bcc_ptr[0] == 'A') && (bcc_ptr[1] == ':')) { + /* the most common case */ + cFYI(1, ("disk share connection")); + } + } bcc_ptr += length + 1; strncpy(tcon->treeName, tree, MAX_TREE_SIZE); if (smb_buffer->Flags2 & SMBFLG2_UNICODE) { -- cgit v1.2.3 From a8a11d399fc3c70f2aa645c7472235a06e8b8efa Mon Sep 17 00:00:00 2001 From: Mariusz Kozlowski Date: Wed, 3 Oct 2007 16:41:24 +0000 Subject: [CIFS] remove some redundant argument checks This patch does kmalloc + memset conversion to kzalloc and removes some redundant argument checks. Signed-off-by: Mariusz Kozlowski Signed-off-by: Andrew Morton Signed-off-by: Steve French --- fs/cifs/connect.c | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) (limited to 'fs/cifs/connect.c') diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 21cac15ed9a..fc3a851357f 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -673,9 +673,8 @@ multi_t2_fnd: server->ssocket = NULL; } /* buffer usuallly freed in free_mid - need to free it here on exit */ - if (bigbuf != NULL) - cifs_buf_release(bigbuf); - if (smallbuf != NULL) + cifs_buf_release(bigbuf); + if (smallbuf) /* no sense logging a debug message if NULL */ cifs_small_buf_release(smallbuf); read_lock(&GlobalSMBSeslock); @@ -1910,8 +1909,8 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, return rc; } - srvTcp = kmalloc(sizeof (struct TCP_Server_Info), GFP_KERNEL); - if (srvTcp == NULL) { + srvTcp = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL); + if (!srvTcp) { rc = -ENOMEM; sock_release(csocket); kfree(volume_info.UNC); @@ -1920,7 +1919,6 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, FreeXid(xid); return rc; } else { - memset(srvTcp, 0, sizeof (struct TCP_Server_Info)); memcpy(&srvTcp->addr.sockAddr, &sin_server, sizeof (struct sockaddr_in)); atomic_set(&srvTcp->inFlight, 0); @@ -2529,8 +2527,7 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses, sesssetup_nomem: /* do not return an error on nomem for the info strings, since that could make reconnection harder, and reconnection might be needed to free memory */ - if (smb_buffer) - cifs_buf_release(smb_buffer); + cifs_buf_release(smb_buffer); return rc; } @@ -2868,8 +2865,7 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid, rc = -EIO; } - if (smb_buffer) - cifs_buf_release(smb_buffer); + cifs_buf_release(smb_buffer); return rc; } @@ -3277,8 +3273,7 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, rc = -EIO; } - if (smb_buffer) - cifs_buf_release(smb_buffer); + cifs_buf_release(smb_buffer); return rc; } @@ -3446,8 +3441,7 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses, ses->ipc_tid = smb_buffer_response->Tid; } - if (smb_buffer) - cifs_buf_release(smb_buffer); + cifs_buf_release(smb_buffer); return rc; } -- cgit v1.2.3 From a013689ddb2a4ba5f0452c053c0bf00bafb686f1 Mon Sep 17 00:00:00 2001 From: Steve French Date: Thu, 4 Oct 2007 20:05:09 +0000 Subject: [CIFS] Fix cifsd so shuts down when signing fails during mount Fixes two problems: 1) we dropped down to negotiating lanman if we did not recognize the mechanism (krb5 e.g.) 2) we did not stop cifsd (thus will fail when doing rmod cifs with slab free errors) when we fail tcon but have a bad session (which is the case in which signing is required but we don't allow signing on the client) It also turns on extended security flag in the header when passing "sec=krb5" on mount command (although kerberos support is not done of course) Acked-by: Jeff Layton CC: Shaggy Signed-off-by: Steve French --- fs/cifs/connect.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'fs/cifs/connect.c') diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index fc3a851357f..c0cd3ce56e9 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -2172,8 +2172,18 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, if (tsk) kthread_stop(tsk); } - } else + } else { cFYI(1, ("No session or bad tcon")); + if ((pSesInfo->server) && + (pSesInfo->server->tsk)) { + struct task_struct *tsk; + force_sig(SIGKILL, + pSesInfo->server->tsk); + tsk = pSesInfo->server->tsk; + if (tsk) + kthread_stop(tsk); + } + } sesInfoFree(pSesInfo); /* pSesInfo = NULL; */ } -- cgit v1.2.3 From 6345a3a88012b0060ddeca8874e51cb442e1fb20 Mon Sep 17 00:00:00 2001 From: Cyrill Gorcunov Date: Tue, 16 Oct 2007 17:57:55 +0000 Subject: [CIFS] formatting fixes Signed-off-by: Cyrill Gorcunov Signed-off-by: Steve French --- fs/cifs/connect.c | 57 +++++++++++++++++++++++++------------------------------ 1 file changed, 26 insertions(+), 31 deletions(-) (limited to 'fs/cifs/connect.c') diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index c0cd3ce56e9..494455ed435 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -1468,7 +1468,7 @@ ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket, if (psin_server->sin_port) { /* user overrode default port */ rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *) psin_server, - sizeof (struct sockaddr_in), 0); + sizeof(struct sockaddr_in), 0); if (rc >= 0) connected = 1; } @@ -1484,7 +1484,7 @@ ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket, rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *) psin_server, - sizeof (struct sockaddr_in), 0); + sizeof(struct sockaddr_in), 0); if (rc >= 0) connected = 1; } @@ -1493,7 +1493,7 @@ ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket, psin_server->sin_port = htons(RFC1001_PORT); rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *) psin_server, - sizeof (struct sockaddr_in), 0); + sizeof(struct sockaddr_in), 0); if (rc >= 0) connected = 1; } @@ -1601,7 +1601,7 @@ ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket) if (psin_server->sin6_port) { /* user overrode default port */ rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *) psin_server, - sizeof (struct sockaddr_in6), 0); + sizeof(struct sockaddr_in6), 0); if (rc >= 0) connected = 1; } @@ -1617,7 +1617,7 @@ ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket) rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *) psin_server, - sizeof (struct sockaddr_in6), 0); + sizeof(struct sockaddr_in6), 0); if (rc >= 0) connected = 1; } @@ -1625,7 +1625,7 @@ ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket) if (!connected) { psin_server->sin6_port = htons(RFC1001_PORT); rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *) - psin_server, sizeof (struct sockaddr_in6), 0); + psin_server, sizeof(struct sockaddr_in6), 0); if (rc >= 0) connected = 1; } @@ -1920,7 +1920,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, return rc; } else { memcpy(&srvTcp->addr.sockAddr, &sin_server, - sizeof (struct sockaddr_in)); + sizeof(struct sockaddr_in)); atomic_set(&srvTcp->inFlight, 0); /* BB Add code for ipv6 case too */ srvTcp->ssocket = csocket; @@ -2557,7 +2557,7 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid, int remaining_words = 0; int bytes_returned = 0; int len; - int SecurityBlobLength = sizeof (NEGOTIATE_MESSAGE); + int SecurityBlobLength = sizeof(NEGOTIATE_MESSAGE); PNEGOTIATE_MESSAGE SecurityBlob; PCHALLENGE_MESSAGE SecurityBlob2; __u32 negotiate_flags, capabilities; @@ -2881,8 +2881,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid, } static int CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, - char *ntlm_session_key, int ntlmv2_flag, - const struct nls_table *nls_codepage) + char *ntlm_session_key, int ntlmv2_flag, + const struct nls_table *nls_codepage) { struct smb_hdr *smb_buffer; struct smb_hdr *smb_buffer_response; @@ -2895,7 +2895,7 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, int remaining_words = 0; int bytes_returned = 0; int len; - int SecurityBlobLength = sizeof (AUTHENTICATE_MESSAGE); + int SecurityBlobLength = sizeof(AUTHENTICATE_MESSAGE); PAUTHENTICATE_MESSAGE SecurityBlob; __u32 negotiate_flags, capabilities; __u16 count; @@ -2910,8 +2910,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, return -ENOMEM; } smb_buffer_response = smb_buffer; - pSMB = (SESSION_SETUP_ANDX *) smb_buffer; - pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response; + pSMB = (SESSION_SETUP_ANDX *)smb_buffer; + pSMBr = (SESSION_SETUP_ANDX *)smb_buffer_response; /* send SMBsessionSetup here */ header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX, @@ -2930,7 +2930,7 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE; capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS | - CAP_EXTENDED_SECURITY; + CAP_EXTENDED_SECURITY; if (ses->capabilities & CAP_UNICODE) { smb_buffer->Flags2 |= SMBFLG2_UNICODE; capabilities |= CAP_UNICODE; @@ -2945,15 +2945,14 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, } pSMB->req.Capabilities = cpu_to_le32(capabilities); - bcc_ptr = (char *) &pSMB->req.SecurityBlob; - SecurityBlob = (PAUTHENTICATE_MESSAGE) bcc_ptr; + bcc_ptr = (char *)&pSMB->req.SecurityBlob; + SecurityBlob = (PAUTHENTICATE_MESSAGE)bcc_ptr; strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8); SecurityBlob->MessageType = NtLmAuthenticate; bcc_ptr += SecurityBlobLength; - negotiate_flags = - NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET | - NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO | - 0x80000000 | NTLMSSP_NEGOTIATE_128; + negotiate_flags = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET | + NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO | + 0x80000000 | NTLMSSP_NEGOTIATE_128; if (sign_CIFS_PDUs) negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN; if (ntlmv2_flag) @@ -3104,12 +3103,11 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &bytes_returned, 1); if (rc) { -/* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */ - } else if ((smb_buffer_response->WordCount == 3) - || (smb_buffer_response->WordCount == 4)) { +/* rc = map_smb_to_linux_error(smb_buffer_response) done in SendReceive now */ + } else if ((smb_buffer_response->WordCount == 3) || + (smb_buffer_response->WordCount == 4)) { __u16 action = le16_to_cpu(pSMBr->resp.Action); - __u16 blob_len = - le16_to_cpu(pSMBr->resp.SecurityBlobLength); + __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength); if (action & GUEST_LOGIN) cFYI(1, (" Guest login")); /* BB Should we set anything in SesInfo struct ? */ @@ -3263,22 +3261,19 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, bcc_ptr[0] = 0; bcc_ptr++; } else - cFYI(1, - ("field of length %d " + cFYI(1, ("field of length %d " "extends beyond end of smb ", len)); } } else { - cERROR(1, - (" Security Blob extends beyond end " + cERROR(1, ("Security Blob extends beyond end " "of SMB")); } } else { cERROR(1, ("No session structure passed in.")); } } else { - cERROR(1, - (" Invalid Word count %d: ", + cERROR(1, ("Invalid Word count %d: ", smb_buffer_response->WordCount)); rc = -EIO; } -- cgit v1.2.3 From c18c732ec6bf372aa959ca6534cbfc32e464defd Mon Sep 17 00:00:00 2001 From: Steve French Date: Wed, 17 Oct 2007 18:01:11 +0000 Subject: [CIFS] fix bad handling of EAGAIN error on kernel_recvmsg in cifs_demultiplex_thread When kernel_recvmsg returns -EAGAIN or -ERESTARTSYS, then cifs_demultiplex_thread sleeps for a bit and then tries the read again. When it does this, it's not zeroing out the length and that throws off the value of total_read. Fix it to zero out the length. Can cause memory corruption: If kernel_recvmsg returns an error and total_read is a large enough value, then we'll end up going through the loop again. total_read will be a bogus value, as will (pdu_length-total_read). When this happens we end up calling kernel_recvmsg with a bogus value (possibly larger than the current iov_len). At that point, memcpy_toiovec can overrun iov. It will start walking up the stack, casting other things that are there to struct iovecs (since it assumes that it's been passed an array of them). Any pointer on the stack at an address above the kvec is a candidate for corruption here. Many thanks to Ulrich Obergfell for pointing this out. Signed-off-by: Jeff Layton Signed-off-by: Steve French --- fs/cifs/connect.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'fs/cifs/connect.c') diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 494455ed435..676bbf2bb56 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -415,7 +415,10 @@ incomplete_rcv: msleep(1); /* minimum sleep to prevent looping allowing socket to clear and app threads to set tcpStatus CifsNeedReconnect if server hung */ - continue; + if (pdu_length < 4) + goto incomplete_rcv; + else + continue; } else if (length <= 0) { if (server->tcpStatus == CifsNew) { cFYI(1, ("tcp session abend after SMBnegprot")); @@ -543,6 +546,7 @@ incomplete_rcv: allowing socket to clear and app threads to set tcpStatus CifsNeedReconnect if server hung*/ + length = 0; continue; } else if (length <= 0) { cERROR(1, ("Received no data, expecting %d", -- cgit v1.2.3