mirror of
https://github.com/torvalds/linux.git
synced 2024-12-16 08:02:17 +00:00
70431bfd82
Change the cifs filesystem to take account of the changes to fscache's indexing rewrite and reenable caching in cifs. The following changes have been made: (1) The fscache_netfs struct is no more, and there's no need to register the filesystem as a whole. (2) The session cookie is now an fscache_volume cookie, allocated with fscache_acquire_volume(). That takes three parameters: a string representing the "volume" in the index, a string naming the cache to use (or NULL) and a u64 that conveys coherency metadata for the volume. For cifs, I've made it render the volume name string as: "cifs,<ipaddress>,<sharename>" where the sharename has '/' characters replaced with ';'. This probably needs rethinking a bit as the total name could exceed the maximum filename component length. Further, the coherency data is currently just set to 0. It needs something else doing with it - I wonder if it would suffice simply to sum the resource_id, vol_create_time and vol_serial_number or maybe hash them. (3) The fscache_cookie_def is no more and needed information is passed directly to fscache_acquire_cookie(). The cache no longer calls back into the filesystem, but rather metadata changes are indicated at other times. fscache_acquire_cookie() is passed the same keying and coherency information as before. (4) The functions to set/reset cookies are removed and fscache_use_cookie() and fscache_unuse_cookie() are used instead. fscache_use_cookie() is passed a flag to indicate if the cookie is opened for writing. fscache_unuse_cookie() is passed updates for the metadata if we changed it (ie. if the file was opened for writing). These are called when the file is opened or closed. (5) cifs_setattr_*() are made to call fscache_resize() to change the size of the cache object. (6) The functions to read and write data are stubbed out pending a conversion to use netfslib. Changes ======= ver #8: - Abstract cache invalidation into a helper function. - Fix some checkpatch warnings[3]. ver #7: - Removed the accidentally added-back call to get the super cookie in cifs_root_iget(). - Fixed the right call to cifs_fscache_get_super_cookie() to take account of the "-o fsc" mount flag. ver #6: - Moved the change of gfpflags_allow_blocking() to current_is_kswapd() for cifs here. - Fixed one of the error paths in cifs_atomic_open() to jump around the call to use the cookie. - Fixed an additional successful return in the middle of cifs_open() to use the cookie on the way out. - Only get a volume cookie (and thus inode cookies) when "-o fsc" is supplied to mount. ver #5: - Fixed a couple of bits of cookie handling[2]: - The cookie should be released in cifs_evict_inode(), not cifsFileInfo_put_final(). The cookie needs to persist beyond file closure so that writepages will be able to write to it. - fscache_use_cookie() needs to be called in cifs_atomic_open() as it is for cifs_open(). ver #4: - Fixed the use of sizeof with memset. - tcon->vol_create_time is __le64 so doesn't need cpu_to_le64(). ver #3: - Canonicalise the cifs coherency data to make the cache portable. - Set volume coherency data. ver #2: - Use gfpflags_allow_blocking() rather than using flag directly. - Upgraded to -rc4 to allow for upstream changes[1]. - fscache_acquire_volume() now returns errors. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Jeff Layton <jlayton@kernel.org> cc: Steve French <smfrench@gmail.com> cc: Shyam Prasad N <nspmangalore@gmail.com> cc: linux-cifs@vger.kernel.org cc: linux-cachefs@redhat.com Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=23b55d673d7527b093cd97b7c217c82e70cd1af0 [1] Link: https://lore.kernel.org/r/3419813.1641592362@warthog.procyon.org.uk/ [2] Link: https://lore.kernel.org/r/CAH2r5muTanw9pJqzAHd01d9A8keeChkzGsCEH6=0rHutVLAF-A@mail.gmail.com/ [3] Link: https://lore.kernel.org/r/163819671009.215744.11230627184193298714.stgit@warthog.procyon.org.uk/ # v1 Link: https://lore.kernel.org/r/163906982979.143852.10672081929614953210.stgit@warthog.procyon.org.uk/ # v2 Link: https://lore.kernel.org/r/163967187187.1823006.247415138444991444.stgit@warthog.procyon.org.uk/ # v3 Link: https://lore.kernel.org/r/164021579335.640689.2681324337038770579.stgit@warthog.procyon.org.uk/ # v4 Link: https://lore.kernel.org/r/3462849.1641593783@warthog.procyon.org.uk/ # v5 Link: https://lore.kernel.org/r/1318953.1642024578@warthog.procyon.org.uk/ # v6 Signed-off-by: Steve French <stfrench@microsoft.com>
204 lines
7.7 KiB
Plaintext
204 lines
7.7 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0-only
|
|
config CIFS
|
|
tristate "SMB3 and CIFS support (advanced network filesystem)"
|
|
depends on INET
|
|
select NLS
|
|
select CRYPTO
|
|
select CRYPTO_MD5
|
|
select CRYPTO_SHA256
|
|
select CRYPTO_SHA512
|
|
select CRYPTO_CMAC
|
|
select CRYPTO_HMAC
|
|
select CRYPTO_AEAD2
|
|
select CRYPTO_CCM
|
|
select CRYPTO_GCM
|
|
select CRYPTO_ECB
|
|
select CRYPTO_AES
|
|
select KEYS
|
|
select DNS_RESOLVER
|
|
select ASN1
|
|
select OID_REGISTRY
|
|
help
|
|
This is the client VFS module for the SMB3 family of NAS protocols,
|
|
(including support for the most recent, most secure dialect SMB3.1.1)
|
|
as well as for earlier dialects such as SMB2.1, SMB2 and the older
|
|
Common Internet File System (CIFS) protocol. CIFS was the successor
|
|
to the original dialect, the Server Message Block (SMB) protocol, the
|
|
native file sharing mechanism for most early PC operating systems.
|
|
|
|
The SMB3 protocol is supported by most modern operating systems
|
|
and NAS appliances (e.g. Samba, Windows 10, Windows Server 2016,
|
|
MacOS) and even in the cloud (e.g. Microsoft Azure).
|
|
The older CIFS protocol was included in Windows NT4, 2000 and XP (and
|
|
later) as well by Samba (which provides excellent CIFS and SMB3
|
|
server support for Linux and many other operating systems). Use of
|
|
dialects older than SMB2.1 is often discouraged on public networks.
|
|
This module also provides limited support for OS/2 and Windows ME
|
|
and similar very old servers.
|
|
|
|
This module provides an advanced network file system client
|
|
for mounting to SMB3 (and CIFS) compliant servers. It includes
|
|
support for DFS (hierarchical name space), secure per-user
|
|
session establishment via Kerberos or NTLM or NTLMv2, RDMA
|
|
(smbdirect), advanced security features, per-share encryption,
|
|
directory leases, safe distributed caching (oplock), optional packet
|
|
signing, Unicode and other internationalization improvements.
|
|
|
|
In general, the default dialects, SMB3 and later, enable better
|
|
performance, security and features, than would be possible with CIFS.
|
|
Note that when mounting to Samba, due to the CIFS POSIX extensions,
|
|
CIFS mounts can provide slightly better POSIX compatibility
|
|
than SMB3 mounts. SMB2/SMB3 mount options are also
|
|
slightly simpler (compared to CIFS) due to protocol improvements.
|
|
|
|
If you need to mount to Samba, Azure, Macs or Windows from this machine, say Y.
|
|
|
|
config CIFS_STATS2
|
|
bool "Extended statistics"
|
|
depends on CIFS
|
|
default y
|
|
help
|
|
Enabling this option will allow more detailed statistics on SMB
|
|
request timing to be displayed in /proc/fs/cifs/DebugData and also
|
|
allow optional logging of slow responses to dmesg (depending on the
|
|
value of /proc/fs/cifs/cifsFYI). See Documentation/admin-guide/cifs/usage.rst
|
|
for more details. These additional statistics may have a minor effect
|
|
on performance and memory utilization.
|
|
|
|
If unsure, say Y.
|
|
|
|
config CIFS_ALLOW_INSECURE_LEGACY
|
|
bool "Support legacy servers which use less secure dialects"
|
|
depends on CIFS
|
|
default y
|
|
help
|
|
Modern dialects, SMB2.1 and later (including SMB3 and 3.1.1), have
|
|
additional security features, including protection against
|
|
man-in-the-middle attacks and stronger crypto hashes, so the use
|
|
of legacy dialects (SMB1/CIFS and SMB2.0) is discouraged.
|
|
|
|
Disabling this option prevents users from using vers=1.0 or vers=2.0
|
|
on mounts with cifs.ko
|
|
|
|
If unsure, say Y.
|
|
|
|
config CIFS_UPCALL
|
|
bool "Kerberos/SPNEGO advanced session setup"
|
|
depends on CIFS
|
|
help
|
|
Enables an upcall mechanism for CIFS which accesses userspace helper
|
|
utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets
|
|
which are needed to mount to certain secure servers (for which more
|
|
secure Kerberos authentication is required). If unsure, say Y.
|
|
|
|
config CIFS_XATTR
|
|
bool "CIFS extended attributes"
|
|
depends on CIFS
|
|
help
|
|
Extended attributes are name:value pairs associated with inodes by
|
|
the kernel or by users (see the attr(5) manual page for details).
|
|
CIFS maps the name of extended attributes beginning with the user
|
|
namespace prefix to SMB/CIFS EAs. EAs are stored on Windows
|
|
servers without the user namespace prefix, but their names are
|
|
seen by Linux cifs clients prefaced by the user namespace prefix.
|
|
The system namespace (used by some filesystems to store ACLs) is
|
|
not supported at this time.
|
|
|
|
If unsure, say Y.
|
|
|
|
config CIFS_POSIX
|
|
bool "CIFS POSIX Extensions"
|
|
depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY && CIFS_XATTR
|
|
help
|
|
Enabling this option will cause the cifs client to attempt to
|
|
negotiate a newer dialect with servers, such as Samba 3.0.5
|
|
or later, that optionally can handle more POSIX like (rather
|
|
than Windows like) file behavior. It also enables
|
|
support for POSIX ACLs (getfacl and setfacl) to servers
|
|
(such as Samba 3.10 and later) which can negotiate
|
|
CIFS POSIX ACL support. If unsure, say N.
|
|
|
|
config CIFS_DEBUG
|
|
bool "Enable CIFS debugging routines"
|
|
default y
|
|
depends on CIFS
|
|
help
|
|
Enabling this option adds helpful debugging messages to
|
|
the cifs code which increases the size of the cifs module.
|
|
If unsure, say Y.
|
|
|
|
config CIFS_DEBUG2
|
|
bool "Enable additional CIFS debugging routines"
|
|
depends on CIFS_DEBUG
|
|
help
|
|
Enabling this option adds a few more debugging routines
|
|
to the cifs code which slightly increases the size of
|
|
the cifs module and can cause additional logging of debug
|
|
messages in some error paths, slowing performance. This
|
|
option can be turned off unless you are debugging
|
|
cifs problems. If unsure, say N.
|
|
|
|
config CIFS_DEBUG_DUMP_KEYS
|
|
bool "Dump encryption keys for offline decryption (Unsafe)"
|
|
depends on CIFS_DEBUG
|
|
help
|
|
Enabling this will dump the encryption and decryption keys
|
|
used to communicate on an encrypted share connection on the
|
|
console. This allows Wireshark to decrypt and dissect
|
|
encrypted network captures. Enable this carefully.
|
|
If unsure, say N.
|
|
|
|
config CIFS_DFS_UPCALL
|
|
bool "DFS feature support"
|
|
depends on CIFS
|
|
help
|
|
Distributed File System (DFS) support is used to access shares
|
|
transparently in an enterprise name space, even if the share
|
|
moves to a different server. This feature also enables
|
|
an upcall mechanism for CIFS which contacts userspace helper
|
|
utilities to provide server name resolution (host names to
|
|
IP addresses) which is needed in order to reconnect to
|
|
servers if their addresses change or for implicit mounts of
|
|
DFS junction points. If unsure, say Y.
|
|
|
|
config CIFS_SWN_UPCALL
|
|
bool "SWN feature support"
|
|
depends on CIFS
|
|
help
|
|
The Service Witness Protocol (SWN) is used to get notifications
|
|
from a highly available server of resource state changes. This
|
|
feature enables an upcall mechanism for CIFS which contacts a
|
|
userspace daemon to establish the DCE/RPC connection to retrieve
|
|
the cluster available interfaces and resource change notifications.
|
|
If unsure, say Y.
|
|
|
|
config CIFS_NFSD_EXPORT
|
|
bool "Allow nfsd to export CIFS file system"
|
|
depends on CIFS && BROKEN
|
|
help
|
|
Allows NFS server to export a CIFS mounted share (nfsd over cifs)
|
|
|
|
config CIFS_SMB_DIRECT
|
|
bool "SMB Direct support"
|
|
depends on CIFS=m && INFINIBAND && INFINIBAND_ADDR_TRANS || CIFS=y && INFINIBAND=y && INFINIBAND_ADDR_TRANS=y
|
|
help
|
|
Enables SMB Direct support for SMB 3.0, 3.02 and 3.1.1.
|
|
SMB Direct allows transferring SMB packets over RDMA. If unsure,
|
|
say Y.
|
|
|
|
config CIFS_FSCACHE
|
|
bool "Provide CIFS client caching support"
|
|
depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y
|
|
help
|
|
Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data
|
|
to be cached locally on disk through the general filesystem cache
|
|
manager. If unsure, say N.
|
|
|
|
config CIFS_ROOT
|
|
bool "SMB root file system (Experimental)"
|
|
depends on CIFS=y && IP_PNP
|
|
help
|
|
Enables root file system support over SMB protocol.
|
|
|
|
Most people say N here.
|