smb: client: fix NULL ptr deref in cifs_mark_open_handles_for_deleted_file()

[ Upstream commit ec4535b2a1d709d3a1fbec26739c672f13c98a7b ]

cifs_get_fattr() may be called with a NULL inode, so check

smb: client: fix NULL ptr deref in cifs_mark_open_handles_for_deleted_file()

[ Upstream commit ec4535b2a1d709d3a1fbec26739c672f13c98a7b ]

cifs_get_fattr() may be called with a NULL inode, so check for a
non-NULL inode before calling
cifs_mark_open_handles_for_deleted_file().

This fixes the following oops:

mount.cifs //srv/share /mnt -o ...,vers=3.1.1
cd /mnt
touch foo; tail -f foo &
rm foo
cat foo

BUG: kernel NULL pointer dereference, address: 00000000000005c0
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 2 PID: 696 Comm: cat Not tainted 6.9.0-rc2 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
1.16.3-1.fc39 04/01/2014
RIP: 0010:__lock_acquire+0x5d/0x1c70
Code: 00 00 44 8b a4 24 a0 00 00 00 45 85 f6 0f 84 bb 06 00 00 8b 2d
48 e2 95 01 45 89 c3 41 89 d2 45 89 c8 85 ed 0 0 <48> 81 3f 40 7a 76
83 44 0f 44 d8 83 fe 01 0f 86 1b 03 00 00 31 d2
RSP: 0018:ffffc90000b37490 EFLAGS: 00010002
RAX: 0000000000000000 RBX: ffff888110021ec0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000000005c0
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000200
FS: 00007f2a1fa08740(0000) GS:ffff888157a00000(0000)
knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
CR2: 00000000000005c0 CR3: 000000011ac7c000 CR4: 0000000000750ef0
PKRU: 55555554
Call Trace:
<TASK>
? __die+0x23/0x70
? page_fault_oops+0x180/0x490
? srso_alias_return_thunk+0x5/0xfbef5
? exc_page_fault+0x70/0x230
? asm_exc_page_fault+0x26/0x30
? __lock_acquire+0x5d/0x1c70
? srso_alias_return_thunk+0x5/0xfbef5
? srso_alias_return_thunk+0x5/0xfbef5
lock_acquire+0xc0/0x2d0
? cifs_mark_open_handles_for_deleted_file+0x3a/0x100 [cifs]
? srso_alias_return_thunk+0x5/0xfbef5
? kmem_cache_alloc+0x2d9/0x370
_raw_spin_lock+0x34/0x80
? cifs_mark_open_handles_for_deleted_file+0x3a/0x100 [cifs]
cifs_mark_open_handles_for_deleted_file+0x3a/0x100 [cifs]
cifs_get_fattr+0x24c/0x940 [cifs]
? srso_alias_return_thunk+0x5/0xfbef5
cifs_get_inode_info+0x96/0x120 [cifs]
cifs_lookup+0x16e/0x800 [cifs]
cifs_atomic_open+0xc7/0x5d0 [cifs]
? lookup_open.isra.0+0x3ce/0x5f0
? __pfx_cifs_atomic_open+0x10/0x10 [cifs]
lookup_open.isra.0+0x3ce/0x5f0
path_openat+0x42b/0xc30
? srso_alias_return_thunk+0x5/0xfbef5
? srso_alias_return_thunk+0x5/0xfbef5
? srso_alias_return_thunk+0x5/0xfbef5
do_filp_open+0xc4/0x170
do_sys_openat2+0xab/0xe0
__x64_sys_openat+0x57/0xa0
do_syscall_64+0xc1/0x1e0
entry_SYSCALL_64_after_hwframe+0x72/0x7a

Fixes: ffceb7640cbf ("smb: client: do not defer close open handles to deleted files")
Reviewed-by: Meetakshi Setiya <msetiya@microsoft.com>
Reviewed-by: Bharath SM <bharathsm@microsoft.com>
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

cifs: remove redundant variable assignment

[ Upstream commit 2760161d149f8d60c3f767fc62a823a1ead9d367 ]

This removes an unnecessary variable assignment. The assigned
value will be overwritten by ci

cifs: remove redundant variable assignment

[ Upstream commit 2760161d149f8d60c3f767fc62a823a1ead9d367 ]

This removes an unnecessary variable assignment. The assigned
value will be overwritten by cifs_fattr_to_inode before it
is accessed, making the line redundant.

Signed-off-by: Bharath SM <bharathsm@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

cifs: fixes for get_inode_info

[ Upstream commit fc20c523211a38b87fc850a959cb2149e4fd64b0 ]

Fix potential memory leaks, add error checking, remove unnecessary
initialisation of status_file_deleted

cifs: fixes for get_inode_info

[ Upstream commit fc20c523211a38b87fc850a959cb2149e4fd64b0 ]

Fix potential memory leaks, add error checking, remove unnecessary
initialisation of status_file_deleted and do not use cifs_iget() to get
inode in reparse_info_to_fattr since fattrs may not be fully set.

Fixes: ffceb7640cbf ("smb: client: do not defer close open handles to deleted files")
Reported-by: Paulo Alcantara <pc@manguebit.com>
Signed-off-by: Meetakshi Setiya <msetiya@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

smb: client: parse uid, gid, mode and dev from WSL reparse points

[ Upstream commit 78e26bec4d6d3aef04276e28bed48a45fd00e116 ]

Parse the extended attributes from WSL reparse points to correctly
rep

smb: client: parse uid, gid, mode and dev from WSL reparse points

[ Upstream commit 78e26bec4d6d3aef04276e28bed48a45fd00e116 ]

Parse the extended attributes from WSL reparse points to correctly
report uid, gid mode and dev from ther instantiated inodes.

Signed-off-by: Paulo Alcantara <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

smb: client: move most of reparse point handling code to common file

[ Upstream commit c520ba7573a84bd37f8803a3beeb8f6f995bf9e1 ]

In preparation to add support for creating special files also via W

smb: client: move most of reparse point handling code to common file

[ Upstream commit c520ba7573a84bd37f8803a3beeb8f6f995bf9e1 ]

In preparation to add support for creating special files also via WSL
reparse points in next commits.

Signed-off-by: Paulo Alcantara <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

smb: client: do not defer close open handles to deleted files

[ Upstream commit ffceb7640cbfe6ea60e7769e107451d63a2fe3d3 ]

When a file/dentry has been deleted before closing all its open
handles, c

smb: client: do not defer close open handles to deleted files

[ Upstream commit ffceb7640cbfe6ea60e7769e107451d63a2fe3d3 ]

When a file/dentry has been deleted before closing all its open
handles, currently, closing them can add them to the deferred
close list. This can lead to problems in creating file with the
same name when the file is re-created before the deferred close
completes. This issue was seen while reusing a client's already
existing lease on a file for compound operations and xfstest 591
failed because of the deferred close handle that remained valid
even after the file was deleted and was being reused to create a
file with the same name. The server in this case returns an error
on open with STATUS_DELETE_PENDING. Recreating the file would
fail till the deferred handles are closed (duration specified in
closetimeo).

This patch fixes the issue by flagging all open handles for the
deleted file (file path to be precise) by setting
status_file_deleted to true in the cifsFileInfo structure. As per
the information classes specified in MS-FSCC, SMB2 query info
response from the server has a DeletePending field, set to true
to indicate that deletion has been requested on that file. If
this is the case, flag the open handles for this file too.

When doing close in cifs_close for each of these handles, check the
value of this boolean field and do not defer close these handles
if the corresponding filepath has been deleted.

Signed-off-by: Meetakshi Setiya <msetiya@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

smb: client: reuse file lease key in compound operations

[ Upstream commit 2c7d399e551ccfd87bcae4ef5573097f3313d779 ]

Currently, when a rename, unlink or set path size compound operation
is request

smb: client: reuse file lease key in compound operations

[ Upstream commit 2c7d399e551ccfd87bcae4ef5573097f3313d779 ]

Currently, when a rename, unlink or set path size compound operation
is requested on a file that has a lot of dirty pages to be written
to the server, we do not send the lease key for these requests. As a
result, the server can assume that this request is from a new client, and
send a lease break notification to the same client, on the same
connection. As a response to the lease break, the client can consume
several credits to write the dirty pages to the server. Depending on the
server's credit grant implementation, the server can stop granting more
credits to this connection, and this can cause a deadlock (which can only
be resolved when the lease timer on the server expires).
One of the problems here is that the client is sending no lease key,
even if it has a lease for the file. This patch fixes the problem by
reusing the existing lease key on the file for rename, unlink and set path
size compound operations so that the client does not break its own lease.

A very trivial example could be a set of commands by a client that
maintains open handle (for write) to a file and then tries to copy the
contents of that file to another one, eg.,

tail -f /dev/null > myfile &
mv myfile myfile2

Presently, the network capture on the client shows that the move (or
rename) would trigger a lease break on the same client, for the same file.
With the lease key reused, the lease break request-response overhead is
eliminated, thereby reducing the roundtrips performed for this set of
operations.

The patch fixes the bug described above and also provides perf benefit.

Signed-off-by: Meetakshi Setiya <msetiya@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

smb: client: get rid of smb311_posix_query_path_info()

[ Upstream commit f83709b9e0eb7048d74ba4515f268c6eacbce9c9 ]

Merge smb311_posix_query_path_info into ->query_path_info() to get rid
of duplica

smb: client: get rid of smb311_posix_query_path_info()

[ Upstream commit f83709b9e0eb7048d74ba4515f268c6eacbce9c9 ]

Merge smb311_posix_query_path_info into ->query_path_info() to get rid
of duplicate code.

Signed-off-by: Paulo Alcantara <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

smb: client: parse owner/group when creating reparse points

[ Upstream commit 858e74876c5cbff1dfd5bace99e32fbce2abd4b5 ]

Parse owner/group when creating special files and symlinks under
SMB3.1.1 PO

smb: client: parse owner/group when creating reparse points

[ Upstream commit 858e74876c5cbff1dfd5bace99e32fbce2abd4b5 ]

Parse owner/group when creating special files and symlinks under
SMB3.1.1 POSIX mounts.

Move the parsing of owner/group to smb2_compound_op() so we don't have
to duplicate it in both smb2_get_reparse_inode() and
smb311_posix_query_path_info().

Signed-off-by: Paulo Alcantara <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

smb: client: handle special files and symlinks in SMB3 POSIX

[ Upstream commit 9c38568a75c160786d5f5d5b96aeefed0c1b76bd ]

Parse reparse points in SMB3 posix query info as they will be
supported and

smb: client: handle special files and symlinks in SMB3 POSIX

[ Upstream commit 9c38568a75c160786d5f5d5b96aeefed0c1b76bd ]

Parse reparse points in SMB3 posix query info as they will be
supported and required by the new specification.

Signed-off-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

smb: client: optimise reparse point querying

[ Upstream commit 67ec9949b0dfe78c99e110dd975eb7dc5645630c ]

Reduce number of roundtrips to server when querying reparse points in
->query_path_info() b

smb: client: optimise reparse point querying

[ Upstream commit 67ec9949b0dfe78c99e110dd975eb7dc5645630c ]

Reduce number of roundtrips to server when querying reparse points in
->query_path_info() by sending a single compound request of
create+get_reparse+get_info+close.

Signed-off-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

smb: client: allow creating special files via reparse points

[ Upstream commit 102466f303ffcd5cff207b3c122557f73f1041e6 ]

Add support for creating special files (e.g. char/block devices,
sockets, f

smb: client: allow creating special files via reparse points

[ Upstream commit 102466f303ffcd5cff207b3c122557f73f1041e6 ]

Add support for creating special files (e.g. char/block devices,
sockets, fifos) via NFS reparse points on SMB2+, which are fully
supported by most SMB servers and documented in MS-FSCC.

smb2_get_reparse_inode() creates the file with a corresponding reparse
point buffer set in @iov through a single roundtrip to the server.

Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202311260746.HOJ039BV-lkp@intel.com/
Signed-off-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

smb: client: fix NULL ptr deref in cifs_mark_open_handles_for_deleted_file()

[ Upstream commit ec4535b2a1d709d3a1fbec26739c672f13c98a7b ]

cifs_get_fattr() may be called with a NULL inode, so check

smb: client: fix NULL ptr deref in cifs_mark_open_handles_for_deleted_file()

[ Upstream commit ec4535b2a1d709d3a1fbec26739c672f13c98a7b ]

cifs_get_fattr() may be called with a NULL inode, so check for a
non-NULL inode before calling
cifs_mark_open_handles_for_deleted_file().

This fixes the following oops:

mount.cifs //srv/share /mnt -o ...,vers=3.1.1
cd /mnt
touch foo; tail -f foo &
rm foo
cat foo

BUG: kernel NULL pointer dereference, address: 00000000000005c0
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 2 PID: 696 Comm: cat Not tainted 6.9.0-rc2 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
1.16.3-1.fc39 04/01/2014
RIP: 0010:__lock_acquire+0x5d/0x1c70
Code: 00 00 44 8b a4 24 a0 00 00 00 45 85 f6 0f 84 bb 06 00 00 8b 2d
48 e2 95 01 45 89 c3 41 89 d2 45 89 c8 85 ed 0 0 <48> 81 3f 40 7a 76
83 44 0f 44 d8 83 fe 01 0f 86 1b 03 00 00 31 d2
RSP: 0018:ffffc90000b37490 EFLAGS: 00010002
RAX: 0000000000000000 RBX: ffff888110021ec0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000000005c0
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000200
FS: 00007f2a1fa08740(0000) GS:ffff888157a00000(0000)
knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
CR2: 00000000000005c0 CR3: 000000011ac7c000 CR4: 0000000000750ef0
PKRU: 55555554
Call Trace:
<TASK>
? __die+0x23/0x70
? page_fault_oops+0x180/0x490
? srso_alias_return_thunk+0x5/0xfbef5
? exc_page_fault+0x70/0x230
? asm_exc_page_fault+0x26/0x30
? __lock_acquire+0x5d/0x1c70
? srso_alias_return_thunk+0x5/0xfbef5
? srso_alias_return_thunk+0x5/0xfbef5
lock_acquire+0xc0/0x2d0
? cifs_mark_open_handles_for_deleted_file+0x3a/0x100 [cifs]
? srso_alias_return_thunk+0x5/0xfbef5
? kmem_cache_alloc+0x2d9/0x370
_raw_spin_lock+0x34/0x80
? cifs_mark_open_handles_for_deleted_file+0x3a/0x100 [cifs]
cifs_mark_open_handles_for_deleted_file+0x3a/0x100 [cifs]
cifs_get_fattr+0x24c/0x940 [cifs]
? srso_alias_return_thunk+0x5/0xfbef5
cifs_get_inode_info+0x96/0x120 [cifs]
cifs_lookup+0x16e/0x800 [cifs]
cifs_atomic_open+0xc7/0x5d0 [cifs]
? lookup_open.isra.0+0x3ce/0x5f0
? __pfx_cifs_atomic_open+0x10/0x10 [cifs]
lookup_open.isra.0+0x3ce/0x5f0
path_openat+0x42b/0xc30
? srso_alias_return_thunk+0x5/0xfbef5
? srso_alias_return_thunk+0x5/0xfbef5
? srso_alias_return_thunk+0x5/0xfbef5
do_filp_open+0xc4/0x170
do_sys_openat2+0xab/0xe0
__x64_sys_openat+0x57/0xa0
do_syscall_64+0xc1/0x1e0
entry_SYSCALL_64_after_hwframe+0x72/0x7a

Fixes: ffceb7640cbf ("smb: client: do not defer close open handles to deleted files")
Reviewed-by: Meetakshi Setiya <msetiya@microsoft.com>
Reviewed-by: Bharath SM <bharathsm@microsoft.com>
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

cifs: remove redundant variable assignment

[ Upstream commit 2760161d149f8d60c3f767fc62a823a1ead9d367 ]

This removes an unnecessary variable assignment. The assigned
value will be overwritten by ci

cifs: remove redundant variable assignment

[ Upstream commit 2760161d149f8d60c3f767fc62a823a1ead9d367 ]

This removes an unnecessary variable assignment. The assigned
value will be overwritten by cifs_fattr_to_inode before it
is accessed, making the line redundant.

Signed-off-by: Bharath SM <bharathsm@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

cifs: fixes for get_inode_info

[ Upstream commit fc20c523211a38b87fc850a959cb2149e4fd64b0 ]

Fix potential memory leaks, add error checking, remove unnecessary
initialisation of status_file_deleted

cifs: fixes for get_inode_info

[ Upstream commit fc20c523211a38b87fc850a959cb2149e4fd64b0 ]

Fix potential memory leaks, add error checking, remove unnecessary
initialisation of status_file_deleted and do not use cifs_iget() to get
inode in reparse_info_to_fattr since fattrs may not be fully set.

Fixes: ffceb7640cbf ("smb: client: do not defer close open handles to deleted files")
Reported-by: Paulo Alcantara <pc@manguebit.com>
Signed-off-by: Meetakshi Setiya <msetiya@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

smb: client: parse uid, gid, mode and dev from WSL reparse points

[ Upstream commit 78e26bec4d6d3aef04276e28bed48a45fd00e116 ]

Parse the extended attributes from WSL reparse points to correctly
rep

smb: client: parse uid, gid, mode and dev from WSL reparse points

[ Upstream commit 78e26bec4d6d3aef04276e28bed48a45fd00e116 ]

Parse the extended attributes from WSL reparse points to correctly
report uid, gid mode and dev from ther instantiated inodes.

Signed-off-by: Paulo Alcantara <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

smb: client: move most of reparse point handling code to common file

[ Upstream commit c520ba7573a84bd37f8803a3beeb8f6f995bf9e1 ]

In preparation to add support for creating special files also via W

smb: client: move most of reparse point handling code to common file

[ Upstream commit c520ba7573a84bd37f8803a3beeb8f6f995bf9e1 ]

In preparation to add support for creating special files also via WSL
reparse points in next commits.

Signed-off-by: Paulo Alcantara <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

smb: client: do not defer close open handles to deleted files

[ Upstream commit ffceb7640cbfe6ea60e7769e107451d63a2fe3d3 ]

When a file/dentry has been deleted before closing all its open
handles, c

smb: client: do not defer close open handles to deleted files

[ Upstream commit ffceb7640cbfe6ea60e7769e107451d63a2fe3d3 ]

When a file/dentry has been deleted before closing all its open
handles, currently, closing them can add them to the deferred
close list. This can lead to problems in creating file with the
same name when the file is re-created before the deferred close
completes. This issue was seen while reusing a client's already
existing lease on a file for compound operations and xfstest 591
failed because of the deferred close handle that remained valid
even after the file was deleted and was being reused to create a
file with the same name. The server in this case returns an error
on open with STATUS_DELETE_PENDING. Recreating the file would
fail till the deferred handles are closed (duration specified in
closetimeo).

This patch fixes the issue by flagging all open handles for the
deleted file (file path to be precise) by setting
status_file_deleted to true in the cifsFileInfo structure. As per
the information classes specified in MS-FSCC, SMB2 query info
response from the server has a DeletePending field, set to true
to indicate that deletion has been requested on that file. If
this is the case, flag the open handles for this file too.

When doing close in cifs_close for each of these handles, check the
value of this boolean field and do not defer close these handles
if the corresponding filepath has been deleted.

Signed-off-by: Meetakshi Setiya <msetiya@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

smb: client: reuse file lease key in compound operations

[ Upstream commit 2c7d399e551ccfd87bcae4ef5573097f3313d779 ]

Currently, when a rename, unlink or set path size compound operation
is request

smb: client: reuse file lease key in compound operations

[ Upstream commit 2c7d399e551ccfd87bcae4ef5573097f3313d779 ]

Currently, when a rename, unlink or set path size compound operation
is requested on a file that has a lot of dirty pages to be written
to the server, we do not send the lease key for these requests. As a
result, the server can assume that this request is from a new client, and
send a lease break notification to the same client, on the same
connection. As a response to the lease break, the client can consume
several credits to write the dirty pages to the server. Depending on the
server's credit grant implementation, the server can stop granting more
credits to this connection, and this can cause a deadlock (which can only
be resolved when the lease timer on the server expires).
One of the problems here is that the client is sending no lease key,
even if it has a lease for the file. This patch fixes the problem by
reusing the existing lease key on the file for rename, unlink and set path
size compound operations so that the client does not break its own lease.

A very trivial example could be a set of commands by a client that
maintains open handle (for write) to a file and then tries to copy the
contents of that file to another one, eg.,

tail -f /dev/null > myfile &
mv myfile myfile2

Presently, the network capture on the client shows that the move (or
rename) would trigger a lease break on the same client, for the same file.
With the lease key reused, the lease break request-response overhead is
eliminated, thereby reducing the roundtrips performed for this set of
operations.

The patch fixes the bug described above and also provides perf benefit.

Signed-off-by: Meetakshi Setiya <msetiya@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

smb: client: get rid of smb311_posix_query_path_info()

[ Upstream commit f83709b9e0eb7048d74ba4515f268c6eacbce9c9 ]

Merge smb311_posix_query_path_info into ->query_path_info() to get rid
of duplica

smb: client: get rid of smb311_posix_query_path_info()

[ Upstream commit f83709b9e0eb7048d74ba4515f268c6eacbce9c9 ]

Merge smb311_posix_query_path_info into ->query_path_info() to get rid
of duplicate code.

Signed-off-by: Paulo Alcantara <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

smb: client: parse owner/group when creating reparse points

[ Upstream commit 858e74876c5cbff1dfd5bace99e32fbce2abd4b5 ]

Parse owner/group when creating special files and symlinks under
SMB3.1.1 PO

smb: client: parse owner/group when creating reparse points

[ Upstream commit 858e74876c5cbff1dfd5bace99e32fbce2abd4b5 ]

Parse owner/group when creating special files and symlinks under
SMB3.1.1 POSIX mounts.

Move the parsing of owner/group to smb2_compound_op() so we don't have
to duplicate it in both smb2_get_reparse_inode() and
smb311_posix_query_path_info().

Signed-off-by: Paulo Alcantara <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

smb: client: handle special files and symlinks in SMB3 POSIX

[ Upstream commit 9c38568a75c160786d5f5d5b96aeefed0c1b76bd ]

Parse reparse points in SMB3 posix query info as they will be
supported and

smb: client: handle special files and symlinks in SMB3 POSIX

[ Upstream commit 9c38568a75c160786d5f5d5b96aeefed0c1b76bd ]

Parse reparse points in SMB3 posix query info as they will be
supported and required by the new specification.

Signed-off-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

smb: client: optimise reparse point querying

[ Upstream commit 67ec9949b0dfe78c99e110dd975eb7dc5645630c ]

Reduce number of roundtrips to server when querying reparse points in
->query_path_info() b

smb: client: optimise reparse point querying

[ Upstream commit 67ec9949b0dfe78c99e110dd975eb7dc5645630c ]

Reduce number of roundtrips to server when querying reparse points in
->query_path_info() by sending a single compound request of
create+get_reparse+get_info+close.

Signed-off-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

smb: client: allow creating special files via reparse points

[ Upstream commit 102466f303ffcd5cff207b3c122557f73f1041e6 ]

Add support for creating special files (e.g. char/block devices,
sockets, f

smb: client: allow creating special files via reparse points

[ Upstream commit 102466f303ffcd5cff207b3c122557f73f1041e6 ]

Add support for creating special files (e.g. char/block devices,
sockets, fifos) via NFS reparse points on SMB2+, which are fully
supported by most SMB servers and documented in MS-FSCC.

smb2_get_reparse_inode() creates the file with a corresponding reparse
point buffer set in @iov through a single roundtrip to the server.

Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202311260746.HOJ039BV-lkp@intel.com/
Signed-off-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

smb: client: fix NULL ptr deref in cifs_mark_open_handles_for_deleted_file()

[ Upstream commit ec4535b2a1d709d3a1fbec26739c672f13c98a7b ]

cifs_get_fattr() may be called with a NULL inode, so check

smb: client: fix NULL ptr deref in cifs_mark_open_handles_for_deleted_file()

[ Upstream commit ec4535b2a1d709d3a1fbec26739c672f13c98a7b ]

cifs_get_fattr() may be called with a NULL inode, so check for a
non-NULL inode before calling
cifs_mark_open_handles_for_deleted_file().

This fixes the following oops:

mount.cifs //srv/share /mnt -o ...,vers=3.1.1
cd /mnt
touch foo; tail -f foo &
rm foo
cat foo

BUG: kernel NULL pointer dereference, address: 00000000000005c0
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 2 PID: 696 Comm: cat Not tainted 6.9.0-rc2 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
1.16.3-1.fc39 04/01/2014
RIP: 0010:__lock_acquire+0x5d/0x1c70
Code: 00 00 44 8b a4 24 a0 00 00 00 45 85 f6 0f 84 bb 06 00 00 8b 2d
48 e2 95 01 45 89 c3 41 89 d2 45 89 c8 85 ed 0 0 <48> 81 3f 40 7a 76
83 44 0f 44 d8 83 fe 01 0f 86 1b 03 00 00 31 d2
RSP: 0018:ffffc90000b37490 EFLAGS: 00010002
RAX: 0000000000000000 RBX: ffff888110021ec0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000000005c0
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000200
FS: 00007f2a1fa08740(0000) GS:ffff888157a00000(0000)
knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
CR2: 00000000000005c0 CR3: 000000011ac7c000 CR4: 0000000000750ef0
PKRU: 55555554
Call Trace:
<TASK>
? __die+0x23/0x70
? page_fault_oops+0x180/0x490
? srso_alias_return_thunk+0x5/0xfbef5
? exc_page_fault+0x70/0x230
? asm_exc_page_fault+0x26/0x30
? __lock_acquire+0x5d/0x1c70
? srso_alias_return_thunk+0x5/0xfbef5
? srso_alias_return_thunk+0x5/0xfbef5
lock_acquire+0xc0/0x2d0
? cifs_mark_open_handles_for_deleted_file+0x3a/0x100 [cifs]
? srso_alias_return_thunk+0x5/0xfbef5
? kmem_cache_alloc+0x2d9/0x370
_raw_spin_lock+0x34/0x80
? cifs_mark_open_handles_for_deleted_file+0x3a/0x100 [cifs]
cifs_mark_open_handles_for_deleted_file+0x3a/0x100 [cifs]
cifs_get_fattr+0x24c/0x940 [cifs]
? srso_alias_return_thunk+0x5/0xfbef5
cifs_get_inode_info+0x96/0x120 [cifs]
cifs_lookup+0x16e/0x800 [cifs]
cifs_atomic_open+0xc7/0x5d0 [cifs]
? lookup_open.isra.0+0x3ce/0x5f0
? __pfx_cifs_atomic_open+0x10/0x10 [cifs]
lookup_open.isra.0+0x3ce/0x5f0
path_openat+0x42b/0xc30
? srso_alias_return_thunk+0x5/0xfbef5
? srso_alias_return_thunk+0x5/0xfbef5
? srso_alias_return_thunk+0x5/0xfbef5
do_filp_open+0xc4/0x170
do_sys_openat2+0xab/0xe0
__x64_sys_openat+0x57/0xa0
do_syscall_64+0xc1/0x1e0
entry_SYSCALL_64_after_hwframe+0x72/0x7a

Fixes: ffceb7640cbf ("smb: client: do not defer close open handles to deleted files")
Reviewed-by: Meetakshi Setiya <msetiya@microsoft.com>
Reviewed-by: Bharath SM <bharathsm@microsoft.com>
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...