<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/fs/cifs, branch v2.6.35</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>CIFS: Remove __exit mark from cifs_exit_dns_resolver()</title>
<updated>2010-07-31T01:56:09+00:00</updated>
<author>
<name>David Howells</name>
<email>dhowells@redhat.com</email>
</author>
<published>2010-07-30T14:25:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=51c20fcced5badee0e2021c6c89f44aa3cbd72aa'/>
<id>51c20fcced5badee0e2021c6c89f44aa3cbd72aa</id>
<content type='text'>
Remove the __exit mark from cifs_exit_dns_resolver() as it's called by the
module init routine in case of error, and so may have been discarded during
linkage.

Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
Acked-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Remove the __exit mark from cifs_exit_dns_resolver() as it's called by the
module init routine in case of error, and so may have been discarded during
linkage.

Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
Acked-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>CIFS: Fix a malicious redirect problem in the DNS lookup code</title>
<updated>2010-07-22T16:42:40+00:00</updated>
<author>
<name>David Howells</name>
<email>dhowells@redhat.com</email>
</author>
<published>2010-07-22T11:53:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=4c0c03ca54f72fdd5912516ad0a23ec5cf01bda7'/>
<id>4c0c03ca54f72fdd5912516ad0a23ec5cf01bda7</id>
<content type='text'>
Fix the security problem in the CIFS filesystem DNS lookup code in which a
malicious redirect could be installed by a random user by simply adding a
result record into one of their keyrings with add_key() and then invoking a
CIFS CFS lookup [CVE-2010-2524].

This is done by creating an internal keyring specifically for the caching of
DNS lookups.  To enforce the use of this keyring, the module init routine
creates a set of override credentials with the keyring installed as the thread
keyring and instructs request_key() to only install lookup result keys in that
keyring.

The override is then applied around the call to request_key().

This has some additional benefits when a kernel service uses this module to
request a key:

 (1) The result keys are owned by root, not the user that caused the lookup.

 (2) The result keys don't pop up in the user's keyrings.

 (3) The result keys don't come out of the quota of the user that caused the
     lookup.

The keyring can be viewed as root by doing cat /proc/keys:

2a0ca6c3 I-----     1 perm 1f030000     0     0 keyring   .dns_resolver: 1/4

It can then be listed with 'keyctl list' by root.

	# keyctl list 0x2a0ca6c3
	1 key in keyring:
	726766307: --alswrv     0     0 dns_resolver: foo.bar.com

Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
Reviewed-and-Tested-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Acked-by: Steve French &lt;smfrench@gmail.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Fix the security problem in the CIFS filesystem DNS lookup code in which a
malicious redirect could be installed by a random user by simply adding a
result record into one of their keyrings with add_key() and then invoking a
CIFS CFS lookup [CVE-2010-2524].

This is done by creating an internal keyring specifically for the caching of
DNS lookups.  To enforce the use of this keyring, the module init routine
creates a set of override credentials with the keyring installed as the thread
keyring and instructs request_key() to only install lookup result keys in that
keyring.

The override is then applied around the call to request_key().

This has some additional benefits when a kernel service uses this module to
request a key:

 (1) The result keys are owned by root, not the user that caused the lookup.

 (2) The result keys don't pop up in the user's keyrings.

 (3) The result keys don't come out of the quota of the user that caused the
     lookup.

The keyring can be viewed as root by doing cat /proc/keys:

2a0ca6c3 I-----     1 perm 1f030000     0     0 keyring   .dns_resolver: 1/4

It can then be listed with 'keyctl list' by root.

	# keyctl list 0x2a0ca6c3
	1 key in keyring:
	726766307: --alswrv     0     0 dns_resolver: foo.bar.com

Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
Reviewed-and-Tested-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Acked-by: Steve French &lt;smfrench@gmail.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>cifs: remove bogus first_time check in NTLMv2 session setup code</title>
<updated>2010-06-16T17:40:18+00:00</updated>
<author>
<name>Jeff Layton</name>
<email>jlayton@redhat.com</email>
</author>
<published>2010-06-16T17:40:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=8a224d489454b7457105848610cfebebdec5638d'/>
<id>8a224d489454b7457105848610cfebebdec5638d</id>
<content type='text'>
This bug appears to be the result of a cut-and-paste mistake from the
NTLMv1 code. The function to generate the MAC key was commented out, but
not the conditional above it. The conditional then ended up causing the
session setup key not to be copied to the buffer unless this was the
first session on the socket, and that made all but the first NTLMv2
session setup fail.

Fix this by removing the conditional and all of the commented clutter
that made it difficult to see.

Cc: Stable &lt;stable@kernel.org&gt;
Reported-by: Gunther Deschner &lt;gdeschne@redhat.com&gt;
Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This bug appears to be the result of a cut-and-paste mistake from the
NTLMv1 code. The function to generate the MAC key was commented out, but
not the conditional above it. The conditional then ended up causing the
session setup key not to be copied to the buffer unless this was the
first session on the socket, and that made all but the first NTLMv2
session setup fail.

Fix this by removing the conditional and all of the commented clutter
that made it difficult to see.

Cc: Stable &lt;stable@kernel.org&gt;
Reported-by: Gunther Deschner &lt;gdeschne@redhat.com&gt;
Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>cifs: don't call cifs_new_fileinfo unless cifs_open succeeds</title>
<updated>2010-06-16T17:40:17+00:00</updated>
<author>
<name>Jeff Layton</name>
<email>jlayton@redhat.com</email>
</author>
<published>2010-06-16T17:40:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=47c78b7f40a9931a264e3c9bddccacdf8dfb9a30'/>
<id>47c78b7f40a9931a264e3c9bddccacdf8dfb9a30</id>
<content type='text'>
It's currently possible for cifs_open to fail after it has already
called cifs_new_fileinfo. In that situation, the new fileinfo will be
leaked as the caller doesn't call fput. That in turn leads to a busy
inodes after umount problem since the fileinfo holds an extra inode
reference now. Shuffle cifs_open around a bit so that it only calls
cifs_new_fileinfo if it's going to succeed.

Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Reviewed-and-Tested-by: Suresh Jayaraman &lt;sjayaraman@suse.de&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
It's currently possible for cifs_open to fail after it has already
called cifs_new_fileinfo. In that situation, the new fileinfo will be
leaked as the caller doesn't call fput. That in turn leads to a busy
inodes after umount problem since the fileinfo holds an extra inode
reference now. Shuffle cifs_open around a bit so that it only calls
cifs_new_fileinfo if it's going to succeed.

Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Reviewed-and-Tested-by: Suresh Jayaraman &lt;sjayaraman@suse.de&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>cifs: don't ignore cifs_posix_open_inode_helper return value</title>
<updated>2010-06-16T17:40:17+00:00</updated>
<author>
<name>Suresh Jayaraman</name>
<email>sjayaraman@suse.de</email>
</author>
<published>2010-06-16T17:40:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=d9d5d8df953a98621be5b8889e05043d6e32052e'/>
<id>d9d5d8df953a98621be5b8889e05043d6e32052e</id>
<content type='text'>
...and ensure that we propagate the error back to avoid any surprises.

Signed-off-by: Suresh Jayaraman &lt;sjayaraman@suse.de&gt;
Reviewed-and-Tested-by: Jeff Layton &lt;jlayton@redhat.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
...and ensure that we propagate the error back to avoid any surprises.

Signed-off-by: Suresh Jayaraman &lt;sjayaraman@suse.de&gt;
Reviewed-and-Tested-by: Jeff Layton &lt;jlayton@redhat.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>cifs: clean up arguments to cifs_open_inode_helper</title>
<updated>2010-06-16T17:40:17+00:00</updated>
<author>
<name>Jeff Layton</name>
<email>jlayton@redhat.com</email>
</author>
<published>2010-06-16T17:40:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=db460242bf75624344efd670ec0f620f476529a3'/>
<id>db460242bf75624344efd670ec0f620f476529a3</id>
<content type='text'>
...which takes a ton of unneeded arguments and does a lot more pointer
dereferencing than is really needed.

Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Reviewed-and-Tested-by: Suresh Jayaraman &lt;sjayaraman@suse.de&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
...which takes a ton of unneeded arguments and does a lot more pointer
dereferencing than is really needed.

Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Reviewed-and-Tested-by: Suresh Jayaraman &lt;sjayaraman@suse.de&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>cifs: pass instantiated filp back after open call</title>
<updated>2010-06-16T17:40:16+00:00</updated>
<author>
<name>Jeff Layton</name>
<email>jlayton@redhat.com</email>
</author>
<published>2010-06-16T17:40:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=6ca9f3bae8b1854794dfa63cdd3b88b7dfe24c13'/>
<id>6ca9f3bae8b1854794dfa63cdd3b88b7dfe24c13</id>
<content type='text'>
The current scheme of sticking open files on a list and assuming that
cifs_open will scoop them off of it is broken and leads to "Busy
inodes after umount..." errors at unmount time.

The problem is that there is no guarantee that cifs_open will always
be called after a -&gt;lookup or -&gt;create operation. If there are
permissions or other problems, then it's quite likely that it *won't*
be called.

Fix this by fully instantiating the filp whenever the file is created
and pass that filp back to the VFS. If there is a problem, the VFS
can clean up the references.

Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Reviewed-and-Tested-by: Suresh Jayaraman &lt;sjayaraman@suse.de&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The current scheme of sticking open files on a list and assuming that
cifs_open will scoop them off of it is broken and leads to "Busy
inodes after umount..." errors at unmount time.

The problem is that there is no guarantee that cifs_open will always
be called after a -&gt;lookup or -&gt;create operation. If there are
permissions or other problems, then it's quite likely that it *won't*
be called.

Fix this by fully instantiating the filp whenever the file is created
and pass that filp back to the VFS. If there is a problem, the VFS
can clean up the references.

Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Reviewed-and-Tested-by: Suresh Jayaraman &lt;sjayaraman@suse.de&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>cifs: move cifs_new_fileinfo call out of cifs_posix_open</title>
<updated>2010-06-16T17:40:16+00:00</updated>
<author>
<name>Jeff Layton</name>
<email>jlayton@redhat.com</email>
</author>
<published>2010-06-16T17:40:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=2422f676fb78942d054f7e7a2c3ceaeb7945d814'/>
<id>2422f676fb78942d054f7e7a2c3ceaeb7945d814</id>
<content type='text'>
Having cifs_posix_open call cifs_new_fileinfo is problematic and
inconsistent with how "regular" opens work. It's also buggy as
cifs_reopen_file calls this function on a reconnect, which creates a new
struct cifsFileInfo that just gets leaked.

Push it out into the callers. This also allows us to get rid of the
"mnt" arg to cifs_posix_open.

Finally, in the event that a cifsFileInfo isn't or can't be created, we
always want to close the filehandle out on the server as the client
won't have a record of the filehandle and can't actually use it. Make
sure that CIFSSMBClose is called in those cases.

Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Reviewed-and-Tested-by: Suresh Jayaraman &lt;sjayaraman@suse.de&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Having cifs_posix_open call cifs_new_fileinfo is problematic and
inconsistent with how "regular" opens work. It's also buggy as
cifs_reopen_file calls this function on a reconnect, which creates a new
struct cifsFileInfo that just gets leaked.

Push it out into the callers. This also allows us to get rid of the
"mnt" arg to cifs_posix_open.

Finally, in the event that a cifsFileInfo isn't or can't be created, we
always want to close the filehandle out on the server as the client
won't have a record of the filehandle and can't actually use it. Make
sure that CIFSSMBClose is called in those cases.

Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Reviewed-and-Tested-by: Suresh Jayaraman &lt;sjayaraman@suse.de&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>cifs: implement drop_inode superblock op</title>
<updated>2010-06-12T02:06:52+00:00</updated>
<author>
<name>Jeff Layton</name>
<email>jlayton@redhat.com</email>
</author>
<published>2010-06-01T18:47:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=12420ac341533f3715b3deb788637568f22b78ff'/>
<id>12420ac341533f3715b3deb788637568f22b78ff</id>
<content type='text'>
The standard behavior for drop_inode is to delete the inode when the
last reference to it is put and the nlink count goes to 0. This helps
keep inodes that are still considered "not deleted" in cache as long as
possible even when there aren't dentries attached to them.

When server inode numbers are disabled, it's not possible for cifs_iget
to ever match an existing inode (since inode numbers are generated via
iunique). In this situation, cifs can keep a lot of inodes in cache that
will never be used again.

Implement a drop_inode routine that deletes the inode if server inode
numbers are disabled on the mount. This helps keep the cifs inode
caches down to a more manageable size when server inode numbers are
disabled.

Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Signed-off-by: Steve French &lt;sfrench@us.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The standard behavior for drop_inode is to delete the inode when the
last reference to it is put and the nlink count goes to 0. This helps
keep inodes that are still considered "not deleted" in cache as long as
possible even when there aren't dentries attached to them.

When server inode numbers are disabled, it's not possible for cifs_iget
to ever match an existing inode (since inode numbers are generated via
iunique). In this situation, cifs can keep a lot of inodes in cache that
will never be used again.

Implement a drop_inode routine that deletes the inode if server inode
numbers are disabled on the mount. This helps keep the cifs inode
caches down to a more manageable size when server inode numbers are
disabled.

Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Signed-off-by: Steve French &lt;sfrench@us.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>cifs: don't attempt busy-file rename unless it's in same directory</title>
<updated>2010-06-12T01:45:36+00:00</updated>
<author>
<name>Jeff Layton</name>
<email>jlayton@redhat.com</email>
</author>
<published>2010-06-01T20:21:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=ed0e3ace576d297a5c7015401db1060bbf677b94'/>
<id>ed0e3ace576d297a5c7015401db1060bbf677b94</id>
<content type='text'>
Busy-file renames don't actually work across directories, so we need
to limit this code to renames within the same dir.

This fixes the bug detailed here:

    https://bugzilla.redhat.com/show_bug.cgi?id=591938

Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
CC: Stable &lt;stable@kernel.org&gt;
Signed-off-by: Steve French &lt;sfrench@us.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Busy-file renames don't actually work across directories, so we need
to limit this code to renames within the same dir.

This fixes the bug detailed here:

    https://bugzilla.redhat.com/show_bug.cgi?id=591938

Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
CC: Stable &lt;stable@kernel.org&gt;
Signed-off-by: Steve French &lt;sfrench@us.ibm.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
