Commit 5b716ac7 authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6

Pull CIFS fixes from Steve French.

* 'for-next' of git://git.samba.org/sfrench/cifs-2.6:
  CIFS: Fix cifs_do_create error hadnling
  cifs: print error code if smb signature verification fails
  CIFS: Fix log messages in packet checking for SMB2
  CIFS: Protect i_nlink from being negative
parents 0b1a34c9 ea7b4887
...@@ -1576,9 +1576,14 @@ cifs_readv_callback(struct mid_q_entry *mid) ...@@ -1576,9 +1576,14 @@ cifs_readv_callback(struct mid_q_entry *mid)
/* result already set, check signature */ /* result already set, check signature */
if (server->sec_mode & if (server->sec_mode &
(SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) { (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) {
if (cifs_verify_signature(rdata->iov, rdata->nr_iov, int rc = 0;
server, mid->sequence_number + 1))
cERROR(1, "Unexpected SMB signature"); rc = cifs_verify_signature(rdata->iov, rdata->nr_iov,
server,
mid->sequence_number + 1);
if (rc)
cERROR(1, "SMB signature verification returned "
"error = %d", rc);
} }
/* FIXME: should this be counted toward the initiating task? */ /* FIXME: should this be counted toward the initiating task? */
task_io_account_read(rdata->bytes); task_io_account_read(rdata->bytes);
......
...@@ -356,19 +356,12 @@ cifs_do_create(struct inode *inode, struct dentry *direntry, unsigned int xid, ...@@ -356,19 +356,12 @@ cifs_do_create(struct inode *inode, struct dentry *direntry, unsigned int xid,
cifs_create_set_dentry: cifs_create_set_dentry:
if (rc != 0) { if (rc != 0) {
cFYI(1, "Create worked, get_inode_info failed rc = %d", rc); cFYI(1, "Create worked, get_inode_info failed rc = %d", rc);
CIFSSMBClose(xid, tcon, *fileHandle);
goto out; goto out;
} }
d_drop(direntry); d_drop(direntry);
d_add(direntry, newinode); d_add(direntry, newinode);
/* ENOENT for create? How weird... */
rc = -ENOENT;
if (!newinode) {
CIFSSMBClose(xid, tcon, *fileHandle);
goto out;
}
rc = 0;
out: out:
kfree(buf); kfree(buf);
kfree(full_path); kfree(full_path);
......
...@@ -124,10 +124,10 @@ cifs_fattr_to_inode(struct inode *inode, struct cifs_fattr *fattr) ...@@ -124,10 +124,10 @@ cifs_fattr_to_inode(struct inode *inode, struct cifs_fattr *fattr)
{ {
struct cifsInodeInfo *cifs_i = CIFS_I(inode); struct cifsInodeInfo *cifs_i = CIFS_I(inode);
struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb);
unsigned long oldtime = cifs_i->time;
cifs_revalidate_cache(inode, fattr); cifs_revalidate_cache(inode, fattr);
spin_lock(&inode->i_lock);
inode->i_atime = fattr->cf_atime; inode->i_atime = fattr->cf_atime;
inode->i_mtime = fattr->cf_mtime; inode->i_mtime = fattr->cf_mtime;
inode->i_ctime = fattr->cf_ctime; inode->i_ctime = fattr->cf_ctime;
...@@ -148,9 +148,6 @@ cifs_fattr_to_inode(struct inode *inode, struct cifs_fattr *fattr) ...@@ -148,9 +148,6 @@ cifs_fattr_to_inode(struct inode *inode, struct cifs_fattr *fattr)
else else
cifs_i->time = jiffies; cifs_i->time = jiffies;
cFYI(1, "inode 0x%p old_time=%ld new_time=%ld", inode,
oldtime, cifs_i->time);
cifs_i->delete_pending = fattr->cf_flags & CIFS_FATTR_DELETE_PENDING; cifs_i->delete_pending = fattr->cf_flags & CIFS_FATTR_DELETE_PENDING;
cifs_i->server_eof = fattr->cf_eof; cifs_i->server_eof = fattr->cf_eof;
...@@ -158,7 +155,6 @@ cifs_fattr_to_inode(struct inode *inode, struct cifs_fattr *fattr) ...@@ -158,7 +155,6 @@ cifs_fattr_to_inode(struct inode *inode, struct cifs_fattr *fattr)
* Can't safely change the file size here if the client is writing to * Can't safely change the file size here if the client is writing to
* it due to potential races. * it due to potential races.
*/ */
spin_lock(&inode->i_lock);
if (is_size_safe_to_change(cifs_i, fattr->cf_eof)) { if (is_size_safe_to_change(cifs_i, fattr->cf_eof)) {
i_size_write(inode, fattr->cf_eof); i_size_write(inode, fattr->cf_eof);
...@@ -859,12 +855,14 @@ struct inode *cifs_root_iget(struct super_block *sb) ...@@ -859,12 +855,14 @@ struct inode *cifs_root_iget(struct super_block *sb)
if (rc && tcon->ipc) { if (rc && tcon->ipc) {
cFYI(1, "ipc connection - fake read inode"); cFYI(1, "ipc connection - fake read inode");
spin_lock(&inode->i_lock);
inode->i_mode |= S_IFDIR; inode->i_mode |= S_IFDIR;
set_nlink(inode, 2); set_nlink(inode, 2);
inode->i_op = &cifs_ipc_inode_ops; inode->i_op = &cifs_ipc_inode_ops;
inode->i_fop = &simple_dir_operations; inode->i_fop = &simple_dir_operations;
inode->i_uid = cifs_sb->mnt_uid; inode->i_uid = cifs_sb->mnt_uid;
inode->i_gid = cifs_sb->mnt_gid; inode->i_gid = cifs_sb->mnt_gid;
spin_unlock(&inode->i_lock);
} else if (rc) { } else if (rc) {
iget_failed(inode); iget_failed(inode);
inode = ERR_PTR(rc); inode = ERR_PTR(rc);
...@@ -1110,6 +1108,15 @@ cifs_rename_pending_delete(char *full_path, struct dentry *dentry, ...@@ -1110,6 +1108,15 @@ cifs_rename_pending_delete(char *full_path, struct dentry *dentry,
goto out_close; goto out_close;
} }
/* copied from fs/nfs/dir.c with small changes */
static void
cifs_drop_nlink(struct inode *inode)
{
spin_lock(&inode->i_lock);
if (inode->i_nlink > 0)
drop_nlink(inode);
spin_unlock(&inode->i_lock);
}
/* /*
* If dentry->d_inode is null (usually meaning the cached dentry * If dentry->d_inode is null (usually meaning the cached dentry
...@@ -1166,13 +1173,13 @@ int cifs_unlink(struct inode *dir, struct dentry *dentry) ...@@ -1166,13 +1173,13 @@ int cifs_unlink(struct inode *dir, struct dentry *dentry)
psx_del_no_retry: psx_del_no_retry:
if (!rc) { if (!rc) {
if (inode) if (inode)
drop_nlink(inode); cifs_drop_nlink(inode);
} else if (rc == -ENOENT) { } else if (rc == -ENOENT) {
d_drop(dentry); d_drop(dentry);
} else if (rc == -ETXTBSY) { } else if (rc == -ETXTBSY) {
rc = cifs_rename_pending_delete(full_path, dentry, xid); rc = cifs_rename_pending_delete(full_path, dentry, xid);
if (rc == 0) if (rc == 0)
drop_nlink(inode); cifs_drop_nlink(inode);
} else if ((rc == -EACCES) && (dosattr == 0) && inode) { } else if ((rc == -EACCES) && (dosattr == 0) && inode) {
attrs = kzalloc(sizeof(*attrs), GFP_KERNEL); attrs = kzalloc(sizeof(*attrs), GFP_KERNEL);
if (attrs == NULL) { if (attrs == NULL) {
...@@ -1241,9 +1248,10 @@ cifs_mkdir_qinfo(struct inode *inode, struct dentry *dentry, umode_t mode, ...@@ -1241,9 +1248,10 @@ cifs_mkdir_qinfo(struct inode *inode, struct dentry *dentry, umode_t mode,
* setting nlink not necessary except in cases where we failed to get it * setting nlink not necessary except in cases where we failed to get it
* from the server or was set bogus * from the server or was set bogus
*/ */
spin_lock(&dentry->d_inode->i_lock);
if ((dentry->d_inode) && (dentry->d_inode->i_nlink < 2)) if ((dentry->d_inode) && (dentry->d_inode->i_nlink < 2))
set_nlink(dentry->d_inode, 2); set_nlink(dentry->d_inode, 2);
spin_unlock(&dentry->d_inode->i_lock);
mode &= ~current_umask(); mode &= ~current_umask();
/* must turn on setgid bit if parent dir has it */ /* must turn on setgid bit if parent dir has it */
if (inode->i_mode & S_ISGID) if (inode->i_mode & S_ISGID)
......
...@@ -433,7 +433,9 @@ cifs_hardlink(struct dentry *old_file, struct inode *inode, ...@@ -433,7 +433,9 @@ cifs_hardlink(struct dentry *old_file, struct inode *inode,
if (old_file->d_inode) { if (old_file->d_inode) {
cifsInode = CIFS_I(old_file->d_inode); cifsInode = CIFS_I(old_file->d_inode);
if (rc == 0) { if (rc == 0) {
spin_lock(&old_file->d_inode->i_lock);
inc_nlink(old_file->d_inode); inc_nlink(old_file->d_inode);
spin_unlock(&old_file->d_inode->i_lock);
/* BB should we make this contingent on superblock flag NOATIME? */ /* BB should we make this contingent on superblock flag NOATIME? */
/* old_file->d_inode->i_ctime = CURRENT_TIME;*/ /* old_file->d_inode->i_ctime = CURRENT_TIME;*/
/* parent dir timestamps will update from srv /* parent dir timestamps will update from srv
......
...@@ -52,7 +52,8 @@ check_smb2_hdr(struct smb2_hdr *hdr, __u64 mid) ...@@ -52,7 +52,8 @@ check_smb2_hdr(struct smb2_hdr *hdr, __u64 mid)
cERROR(1, "Bad protocol string signature header %x", cERROR(1, "Bad protocol string signature header %x",
*(unsigned int *) hdr->ProtocolId); *(unsigned int *) hdr->ProtocolId);
if (mid != hdr->MessageId) if (mid != hdr->MessageId)
cERROR(1, "Mids do not match"); cERROR(1, "Mids do not match: %llu and %llu", mid,
hdr->MessageId);
} }
cERROR(1, "Bad SMB detected. The Mid=%llu", hdr->MessageId); cERROR(1, "Bad SMB detected. The Mid=%llu", hdr->MessageId);
return 1; return 1;
...@@ -107,7 +108,7 @@ smb2_check_message(char *buf, unsigned int length) ...@@ -107,7 +108,7 @@ smb2_check_message(char *buf, unsigned int length)
* ie Validate the wct via smb2_struct_sizes table above * ie Validate the wct via smb2_struct_sizes table above
*/ */
if (length < 2 + sizeof(struct smb2_hdr)) { if (length < sizeof(struct smb2_pdu)) {
if ((length >= sizeof(struct smb2_hdr)) && (hdr->Status != 0)) { if ((length >= sizeof(struct smb2_hdr)) && (hdr->Status != 0)) {
pdu->StructureSize2 = 0; pdu->StructureSize2 = 0;
/* /*
...@@ -121,15 +122,15 @@ smb2_check_message(char *buf, unsigned int length) ...@@ -121,15 +122,15 @@ smb2_check_message(char *buf, unsigned int length)
return 1; return 1;
} }
if (len > CIFSMaxBufSize + MAX_SMB2_HDR_SIZE - 4) { if (len > CIFSMaxBufSize + MAX_SMB2_HDR_SIZE - 4) {
cERROR(1, "SMB length greater than maximum, mid=%lld", mid); cERROR(1, "SMB length greater than maximum, mid=%llu", mid);
return 1; return 1;
} }
if (check_smb2_hdr(hdr, mid)) if (check_smb2_hdr(hdr, mid))
return 1; return 1;
if (hdr->StructureSize != SMB2_HEADER_SIZE) { if (hdr->StructureSize != SMB2_HEADER_STRUCTURE_SIZE) {
cERROR(1, "Illegal structure size %d", cERROR(1, "Illegal structure size %u",
le16_to_cpu(hdr->StructureSize)); le16_to_cpu(hdr->StructureSize));
return 1; return 1;
} }
...@@ -161,8 +162,9 @@ smb2_check_message(char *buf, unsigned int length) ...@@ -161,8 +162,9 @@ smb2_check_message(char *buf, unsigned int length)
if (4 + len != clc_len) { if (4 + len != clc_len) {
cFYI(1, "Calculated size %u length %u mismatch mid %llu", cFYI(1, "Calculated size %u length %u mismatch mid %llu",
clc_len, 4 + len, mid); clc_len, 4 + len, mid);
if (clc_len == 4 + len + 1) /* BB FIXME (fix samba) */ /* server can return one byte more */
return 0; /* BB workaround Samba 3 bug SessSetup rsp */ if (clc_len == 4 + len + 1)
return 0;
return 1; return 1;
} }
return 0; return 0;
......
...@@ -87,10 +87,6 @@ ...@@ -87,10 +87,6 @@
#define SMB2_PROTO_NUMBER __constant_cpu_to_le32(0x424d53fe) #define SMB2_PROTO_NUMBER __constant_cpu_to_le32(0x424d53fe)
#define SMB2_HEADER_SIZE __constant_le16_to_cpu(64)
#define SMB2_ERROR_STRUCTURE_SIZE2 __constant_le16_to_cpu(9)
/* /*
* SMB2 Header Definition * SMB2 Header Definition
* *
...@@ -99,6 +95,9 @@ ...@@ -99,6 +95,9 @@
* "PDU" : "Protocol Data Unit" (ie a network "frame") * "PDU" : "Protocol Data Unit" (ie a network "frame")
* *
*/ */
#define SMB2_HEADER_STRUCTURE_SIZE __constant_le16_to_cpu(64)
struct smb2_hdr { struct smb2_hdr {
__be32 smb2_buf_length; /* big endian on wire */ __be32 smb2_buf_length; /* big endian on wire */
/* length is only two or three bytes - with /* length is only two or three bytes - with
...@@ -140,6 +139,9 @@ struct smb2_pdu { ...@@ -140,6 +139,9 @@ struct smb2_pdu {
* command code name for the struct. Note that structures must be packed. * command code name for the struct. Note that structures must be packed.
* *
*/ */
#define SMB2_ERROR_STRUCTURE_SIZE2 __constant_le16_to_cpu(9)
struct smb2_err_rsp { struct smb2_err_rsp {
struct smb2_hdr hdr; struct smb2_hdr hdr;
__le16 StructureSize; __le16 StructureSize;
......
...@@ -503,13 +503,16 @@ cifs_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server, ...@@ -503,13 +503,16 @@ cifs_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
/* convert the length into a more usable form */ /* convert the length into a more usable form */
if (server->sec_mode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) { if (server->sec_mode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) {
struct kvec iov; struct kvec iov;
int rc = 0;
iov.iov_base = mid->resp_buf; iov.iov_base = mid->resp_buf;
iov.iov_len = len; iov.iov_len = len;
/* FIXME: add code to kill session */ /* FIXME: add code to kill session */
if (cifs_verify_signature(&iov, 1, server, rc = cifs_verify_signature(&iov, 1, server,
mid->sequence_number + 1) != 0) mid->sequence_number + 1);
cERROR(1, "Unexpected SMB signature"); if (rc)
cERROR(1, "SMB signature verification returned error = "
"%d", rc);
} }
/* BB special case reconnect tid and uid here? */ /* BB special case reconnect tid and uid here? */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment