<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/fs/cifs, branch linux-3.9.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>Handle big endianness in NTLM (ntlmv2) authentication</title>
<updated>2013-07-21T00:16:09+00:00</updated>
<author>
<name>Steve French</name>
<email>smfrench@us.ibm.com</email>
</author>
<published>2013-06-25T19:03:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=0b2bf3e6dae86b256f6ee0fb428166e111278aa8'/>
<id>0b2bf3e6dae86b256f6ee0fb428166e111278aa8</id>
<content type='text'>
commit fdf96a907c1fbb93c633e2b7ede3b8df26d6a4c0 upstream.

This is RH bug 970891
Uppercasing of username during calculation of ntlmv2 hash fails
because UniStrupr function does not handle big endian wchars.

Also fix a comment in the same code to reflect its correct usage.

[To make it easier for stable (rather than require 2nd patch) fixed
this patch of Shirish's to remove endian warning generated
by sparse -- steve f.]

Reported-by: steve &lt;sanpatr1@in.ibm.com&gt;
Signed-off-by: Shirish Pargaonkar &lt;shirishpargaonkar@gmail.com&gt;
Reviewed-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Signed-off-by: Steve French &lt;smfrench@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit fdf96a907c1fbb93c633e2b7ede3b8df26d6a4c0 upstream.

This is RH bug 970891
Uppercasing of username during calculation of ntlmv2 hash fails
because UniStrupr function does not handle big endian wchars.

Also fix a comment in the same code to reflect its correct usage.

[To make it easier for stable (rather than require 2nd patch) fixed
this patch of Shirish's to remove endian warning generated
by sparse -- steve f.]

Reported-by: steve &lt;sanpatr1@in.ibm.com&gt;
Signed-off-by: Shirish Pargaonkar &lt;shirishpargaonkar@gmail.com&gt;
Reviewed-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Signed-off-by: Steve French &lt;smfrench@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>CIFS: Fix a deadlock when a file is reopened</title>
<updated>2013-07-21T00:16:06+00:00</updated>
<author>
<name>Pavel Shilovsky</name>
<email>pshilovsky@samba.org</email>
</author>
<published>2013-07-11T07:17:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=900b565e72018dfa7f4c95dacdb3a3b5a0e4174e'/>
<id>900b565e72018dfa7f4c95dacdb3a3b5a0e4174e</id>
<content type='text'>
commit 689c3db4d57a73bee6c5ad7797fce7b54d32a87c upstream.

If we request reading or writing on a file that needs to be
reopened, it causes the deadlock: we are already holding rw
semaphore for reading and then we try to acquire it for writing
in cifs_relock_file. Fix this by acquiring the semaphore for
reading in cifs_relock_file due to we don't make any changes in
locks and don't need a write access.

Signed-off-by: Pavel Shilovsky &lt;pshilovsky@samba.org&gt;
Acked-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Signed-off-by: Steve French &lt;smfrench@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 689c3db4d57a73bee6c5ad7797fce7b54d32a87c upstream.

If we request reading or writing on a file that needs to be
reopened, it causes the deadlock: we are already holding rw
semaphore for reading and then we try to acquire it for writing
in cifs_relock_file. Fix this by acquiring the semaphore for
reading in cifs_relock_file due to we don't make any changes in
locks and don't need a write access.

Signed-off-by: Pavel Shilovsky &lt;pshilovsky@samba.org&gt;
Acked-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Signed-off-by: Steve French &lt;smfrench@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>CIFS use sensible file nlink values if unprovided</title>
<updated>2013-07-21T00:16:06+00:00</updated>
<author>
<name>Steve French</name>
<email>smfrench@gmail.com</email>
</author>
<published>2013-07-04T19:38:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=44d244a13a27f0eb7b33bb152aa173c0e875df76'/>
<id>44d244a13a27f0eb7b33bb152aa173c0e875df76</id>
<content type='text'>
commit 6658b9f70ebca5fc0795b1d6d733996af1e2caa7 upstream.

Certain servers may not set the NumberOfLinks field in query file/path
info responses. In such a case, cifs_inode_needs_reval() assumes that
all regular files are hardlinks and triggers revalidation, leading to
excessive and unnecessary network traffic.

This change hardcodes cf_nlink (and subsequently i_nlink) when not
returned by the server, similar to what already occurs in cifs_mkdir().

Signed-off-by: David Disseldorp &lt;ddiss@suse.de&gt;
Signed-off-by: Steve French &lt;smfrench@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 6658b9f70ebca5fc0795b1d6d733996af1e2caa7 upstream.

Certain servers may not set the NumberOfLinks field in query file/path
info responses. In such a case, cifs_inode_needs_reval() assumes that
all regular files are hardlinks and triggers revalidation, leading to
excessive and unnecessary network traffic.

This change hardcodes cf_nlink (and subsequently i_nlink) when not
returned by the server, similar to what already occurs in cifs_mkdir().

Signed-off-by: David Disseldorp &lt;ddiss@suse.de&gt;
Signed-off-by: Steve French &lt;smfrench@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>cifs: fix off-by-one bug in build_unc_path_to_root</title>
<updated>2013-06-13T17:49:31+00:00</updated>
<author>
<name>Jeff Layton</name>
<email>jlayton@redhat.com</email>
</author>
<published>2013-05-31T14:00:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=cd73e0b96b03189cbd4881b6176d841d700a4485'/>
<id>cd73e0b96b03189cbd4881b6176d841d700a4485</id>
<content type='text'>
commit 1fc29bacedeabb278080e31bb9c1ecb49f143c3b upstream.

commit 839db3d10a (cifs: fix up handling of prefixpath= option) changed
the code such that the vol-&gt;prepath no longer contained a leading
delimiter and then fixed up the places that accessed that field to
account for that change.

One spot in build_unc_path_to_root was missed however. When doing the
pointer addition on pos, that patch failed to account for the fact that
we had already incremented "pos" by one when adding the length of the
prepath. This caused a buffer overrun by one byte.

This patch fixes the problem by correcting the handling of "pos".

Reported-by: Marcus Moeller &lt;marcus.moeller@gmx.ch&gt;
Reported-by: Ken Fallon &lt;ken.fallon@gmail.com&gt;
Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Signed-off-by: Steve French &lt;sfrench@us.ibm.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 1fc29bacedeabb278080e31bb9c1ecb49f143c3b upstream.

commit 839db3d10a (cifs: fix up handling of prefixpath= option) changed
the code such that the vol-&gt;prepath no longer contained a leading
delimiter and then fixed up the places that accessed that field to
account for that change.

One spot in build_unc_path_to_root was missed however. When doing the
pointer addition on pos, that patch failed to account for the fact that
we had already incremented "pos" by one when adding the length of the
prepath. This caused a buffer overrun by one byte.

This patch fixes the problem by correcting the handling of "pos".

Reported-by: Marcus Moeller &lt;marcus.moeller@gmx.ch&gt;
Reported-by: Ken Fallon &lt;ken.fallon@gmail.com&gt;
Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Signed-off-by: Steve French &lt;sfrench@us.ibm.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>cifs: fix potential buffer overrun when composing a new options string</title>
<updated>2013-06-07T19:53:04+00:00</updated>
<author>
<name>Jeff Layton</name>
<email>jlayton@redhat.com</email>
</author>
<published>2013-05-24T11:40:04+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=661926a0a9594143ed7f189521d8b8c848f480c7'/>
<id>661926a0a9594143ed7f189521d8b8c848f480c7</id>
<content type='text'>
commit 166faf21bd14bc5c5295a44874bf7f3930c30b20 upstream.

Consider the case where we have a very short ip= string in the original
mount options, and when we chase a referral we end up with a very long
IPv6 address. Be sure to allow for that possibility when estimating the
size of the string to allocate.

Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Signed-off-by: Steve French &lt;sfrench@us.ibm.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 166faf21bd14bc5c5295a44874bf7f3930c30b20 upstream.

Consider the case where we have a very short ip= string in the original
mount options, and when we chase a referral we end up with a very long
IPv6 address. Be sure to allow for that possibility when estimating the
size of the string to allocate.

Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Signed-off-by: Steve French &lt;sfrench@us.ibm.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>cifs: only set ops for inodes in I_NEW state</title>
<updated>2013-06-07T19:52:26+00:00</updated>
<author>
<name>Jeff Layton</name>
<email>jlayton@redhat.com</email>
</author>
<published>2013-05-07T15:28:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=92f3a29f74d31f4d2d055e0eaeb21145019c4a0a'/>
<id>92f3a29f74d31f4d2d055e0eaeb21145019c4a0a</id>
<content type='text'>
commit c2b93e0699723700f886ce17bb65ffd771195a6d upstream.

It's generally not safe to reset the inode ops once they've been set. In
the case where the inode was originally thought to be a directory and
then later found to be a DFS referral, this can lead to an oops when we
try to trigger an inode op on it after changing the ops to the blank
referral operations.

Reported-and-Tested-by: Sachin Prabhu &lt;sprabhu@redhat.com&gt;
Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Signed-off-by: Steve French &lt;smfrench@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit c2b93e0699723700f886ce17bb65ffd771195a6d upstream.

It's generally not safe to reset the inode ops once they've been set. In
the case where the inode was originally thought to be a directory and
then later found to be a DFS referral, this can lead to an oops when we
try to trigger an inode op on it after changing the ops to the blank
referral operations.

Reported-and-Tested-by: Sachin Prabhu &lt;sprabhu@redhat.com&gt;
Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Signed-off-by: Steve French &lt;smfrench@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>cifs: Allow passwords which begin with a delimitor</title>
<updated>2013-04-10T20:54:14+00:00</updated>
<author>
<name>Sachin Prabhu</name>
<email>sprabhu@redhat.com</email>
</author>
<published>2013-04-09T17:17:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c369c9a4a7c82d33329d869cbaf93304cc7a0c40'/>
<id>c369c9a4a7c82d33329d869cbaf93304cc7a0c40</id>
<content type='text'>
Fixes a regression in cifs_parse_mount_options where a password
which begins with a delimitor is parsed incorrectly as being a blank
password.

Signed-off-by: Sachin Prabhu &lt;sprabhu@redhat.com&gt;
Acked-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Cc: &lt;stable@vger.kernel.org&gt;
Signed-off-by: Steve French &lt;sfrench@us.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Fixes a regression in cifs_parse_mount_options where a password
which begins with a delimitor is parsed incorrectly as being a blank
password.

Signed-off-by: Sachin Prabhu &lt;sprabhu@redhat.com&gt;
Acked-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Cc: &lt;stable@vger.kernel.org&gt;
Signed-off-by: Steve French &lt;sfrench@us.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6</title>
<updated>2013-03-22T00:59:22+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2013-03-22T00:59:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=9217cbb8df31c10efc96362227b2ebdbb9fe996c'/>
<id>9217cbb8df31c10efc96362227b2ebdbb9fe996c</id>
<content type='text'>
Pull CIFS fixes from Steve French:
 "Three small CIFS Fixes (the most important of the three fixes a recent
  problem authenticating to Windows 8 using cifs rather than SMB2)"

* 'for-next' of git://git.samba.org/sfrench/cifs-2.6:
  cifs: ignore everything in SPNEGO blob after mechTypes
  cifs: delay super block destruction until all cifsFileInfo objects are gone
  cifs: map NT_STATUS_SHARING_VIOLATION to EBUSY instead of ETXTBSY
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull CIFS fixes from Steve French:
 "Three small CIFS Fixes (the most important of the three fixes a recent
  problem authenticating to Windows 8 using cifs rather than SMB2)"

* 'for-next' of git://git.samba.org/sfrench/cifs-2.6:
  cifs: ignore everything in SPNEGO blob after mechTypes
  cifs: delay super block destruction until all cifsFileInfo objects are gone
  cifs: map NT_STATUS_SHARING_VIOLATION to EBUSY instead of ETXTBSY
</pre>
</div>
</content>
</entry>
<entry>
<title>cifs: ignore everything in SPNEGO blob after mechTypes</title>
<updated>2013-03-21T17:40:19+00:00</updated>
<author>
<name>Jeff Layton</name>
<email>jlayton@redhat.com</email>
</author>
<published>2013-03-11T13:52:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=f853c616883a8de966873a1dab283f1369e275a1'/>
<id>f853c616883a8de966873a1dab283f1369e275a1</id>
<content type='text'>
We've had several reports of people attempting to mount Windows 8 shares
and getting failures with a return code of -EINVAL. The default sec=
mode changed recently to sec=ntlmssp. With that, we expect and parse a
SPNEGO blob from the server in the NEGOTIATE reply.

The current decode_negTokenInit function first parses all of the
mechTypes and then tries to parse the rest of the negTokenInit reply.
The parser however currently expects a mechListMIC or nothing to follow the
mechTypes, but Windows 8 puts a mechToken field there instead to carry
some info for the new NegoEx stuff.

In practice, we don't do anything with the fields after the mechTypes
anyway so I don't see any real benefit in continuing to parse them.
This patch just has the kernel ignore the fields after the mechTypes.
We'll probably need to reinstate some of this if we ever want to support
NegoEx.

Reported-by: Jason Burgess &lt;jason@jacknife2.dns2go.com&gt;
Reported-by: Yan Li &lt;elliot.li.tech@gmail.com&gt;
Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Cc: &lt;stable@vger.kernel.org&gt;
Signed-off-by: Steve French &lt;sfrench@us.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
We've had several reports of people attempting to mount Windows 8 shares
and getting failures with a return code of -EINVAL. The default sec=
mode changed recently to sec=ntlmssp. With that, we expect and parse a
SPNEGO blob from the server in the NEGOTIATE reply.

The current decode_negTokenInit function first parses all of the
mechTypes and then tries to parse the rest of the negTokenInit reply.
The parser however currently expects a mechListMIC or nothing to follow the
mechTypes, but Windows 8 puts a mechToken field there instead to carry
some info for the new NegoEx stuff.

In practice, we don't do anything with the fields after the mechTypes
anyway so I don't see any real benefit in continuing to parse them.
This patch just has the kernel ignore the fields after the mechTypes.
We'll probably need to reinstate some of this if we ever want to support
NegoEx.

Reported-by: Jason Burgess &lt;jason@jacknife2.dns2go.com&gt;
Reported-by: Yan Li &lt;elliot.li.tech@gmail.com&gt;
Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Cc: &lt;stable@vger.kernel.org&gt;
Signed-off-by: Steve French &lt;sfrench@us.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>cifs: delay super block destruction until all cifsFileInfo objects are gone</title>
<updated>2013-03-13T19:12:06+00:00</updated>
<author>
<name>Mateusz Guzik</name>
<email>mguzik@redhat.com</email>
</author>
<published>2013-03-08T15:30:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=24261fc23db950951760d00c188ba63cc756b932'/>
<id>24261fc23db950951760d00c188ba63cc756b932</id>
<content type='text'>
cifsFileInfo objects hold references to dentries and it is possible that
these will still be around in workqueues when VFS decides to kill super
block during unmount.

This results in panics like this one:
BUG: Dentry ffff88001f5e76c0{i=66b4a,n=1M-2} still in use (1) [unmount of cifs cifs]
------------[ cut here ]------------
kernel BUG at fs/dcache.c:943!
[..]
Process umount (pid: 1781, threadinfo ffff88003d6e8000, task ffff880035eeaec0)
[..]
Call Trace:
 [&lt;ffffffff811b44f3&gt;] shrink_dcache_for_umount+0x33/0x60
 [&lt;ffffffff8119f7fc&gt;] generic_shutdown_super+0x2c/0xe0
 [&lt;ffffffff8119f946&gt;] kill_anon_super+0x16/0x30
 [&lt;ffffffffa036623a&gt;] cifs_kill_sb+0x1a/0x30 [cifs]
 [&lt;ffffffff8119fcc7&gt;] deactivate_locked_super+0x57/0x80
 [&lt;ffffffff811a085e&gt;] deactivate_super+0x4e/0x70
 [&lt;ffffffff811bb417&gt;] mntput_no_expire+0xd7/0x130
 [&lt;ffffffff811bc30c&gt;] sys_umount+0x9c/0x3c0
 [&lt;ffffffff81657c19&gt;] system_call_fastpath+0x16/0x1b

Fix this by making each cifsFileInfo object hold a reference to cifs
super block, which implicitly keeps VFS super block around as well.

Signed-off-by: Mateusz Guzik &lt;mguzik@redhat.com&gt;
Reviewed-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Cc: &lt;stable@vger.kernel.org&gt;
Reported-and-Tested-by: Ben Greear &lt;greearb@candelatech.com&gt;
Signed-off-by: Steve French &lt;sfrench@us.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
cifsFileInfo objects hold references to dentries and it is possible that
these will still be around in workqueues when VFS decides to kill super
block during unmount.

This results in panics like this one:
BUG: Dentry ffff88001f5e76c0{i=66b4a,n=1M-2} still in use (1) [unmount of cifs cifs]
------------[ cut here ]------------
kernel BUG at fs/dcache.c:943!
[..]
Process umount (pid: 1781, threadinfo ffff88003d6e8000, task ffff880035eeaec0)
[..]
Call Trace:
 [&lt;ffffffff811b44f3&gt;] shrink_dcache_for_umount+0x33/0x60
 [&lt;ffffffff8119f7fc&gt;] generic_shutdown_super+0x2c/0xe0
 [&lt;ffffffff8119f946&gt;] kill_anon_super+0x16/0x30
 [&lt;ffffffffa036623a&gt;] cifs_kill_sb+0x1a/0x30 [cifs]
 [&lt;ffffffff8119fcc7&gt;] deactivate_locked_super+0x57/0x80
 [&lt;ffffffff811a085e&gt;] deactivate_super+0x4e/0x70
 [&lt;ffffffff811bb417&gt;] mntput_no_expire+0xd7/0x130
 [&lt;ffffffff811bc30c&gt;] sys_umount+0x9c/0x3c0
 [&lt;ffffffff81657c19&gt;] system_call_fastpath+0x16/0x1b

Fix this by making each cifsFileInfo object hold a reference to cifs
super block, which implicitly keeps VFS super block around as well.

Signed-off-by: Mateusz Guzik &lt;mguzik@redhat.com&gt;
Reviewed-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Cc: &lt;stable@vger.kernel.org&gt;
Reported-and-Tested-by: Ben Greear &lt;greearb@candelatech.com&gt;
Signed-off-by: Steve French &lt;sfrench@us.ibm.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
