2019-05-19 20:07:45 +08:00
|
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
2008-10-19 11:28:49 +08:00
|
|
|
config CIFS
|
2017-07-09 07:48:15 +08:00
|
|
|
tristate "SMB3 and CIFS support (advanced network filesystem)"
|
2008-10-19 11:28:49 +08:00
|
|
|
depends on INET
|
|
|
|
|
select NLS
|
2010-10-22 03:25:08 +08:00
|
|
|
select CRYPTO
|
|
|
|
|
select CRYPTO_MD5
|
2017-10-20 04:09:29 +08:00
|
|
|
select CRYPTO_SHA256
|
2018-09-08 00:24:17 +08:00
|
|
|
select CRYPTO_SHA512
|
2017-10-20 04:09:29 +08:00
|
|
|
select CRYPTO_CMAC
|
2010-11-14 11:34:30 +08:00
|
|
|
select CRYPTO_HMAC
|
2017-10-20 04:09:29 +08:00
|
|
|
select CRYPTO_AEAD2
|
|
|
|
|
select CRYPTO_CCM
|
2019-06-15 03:46:35 +08:00
|
|
|
select CRYPTO_GCM
|
2011-06-03 16:49:01 +08:00
|
|
|
select CRYPTO_ECB
|
2017-10-20 04:09:29 +08:00
|
|
|
select CRYPTO_AES
|
2019-07-01 07:00:41 +08:00
|
|
|
select KEYS
|
2021-03-31 22:35:24 +08:00
|
|
|
select DNS_RESOLVER
|
2021-06-08 22:53:14 +08:00
|
|
|
select ASN1
|
|
|
|
|
select OID_REGISTRY
|
2008-10-19 11:28:49 +08:00
|
|
|
help
|
2017-07-09 07:48:15 +08:00
|
|
|
This is the client VFS module for the SMB3 family of NAS protocols,
|
2018-06-29 08:30:23 +08:00
|
|
|
(including support for the most recent, most secure dialect SMB3.1.1)
|
|
|
|
|
as well as for earlier dialects such as SMB2.1, SMB2 and the older
|
2017-07-09 07:48:15 +08:00
|
|
|
Common Internet File System (CIFS) protocol. CIFS was the successor
|
|
|
|
|
to the original dialect, the Server Message Block (SMB) protocol, the
|
|
|
|
|
native file sharing mechanism for most early PC operating systems.
|
|
|
|
|
|
2018-06-29 08:30:23 +08:00
|
|
|
The SMB3 protocol is supported by most modern operating systems
|
|
|
|
|
and NAS appliances (e.g. Samba, Windows 10, Windows Server 2016,
|
|
|
|
|
MacOS) and even in the cloud (e.g. Microsoft Azure).
|
2017-07-09 07:48:15 +08:00
|
|
|
The older CIFS protocol was included in Windows NT4, 2000 and XP (and
|
|
|
|
|
later) as well by Samba (which provides excellent CIFS and SMB3
|
2018-06-29 08:30:23 +08:00
|
|
|
server support for Linux and many other operating systems). Use of
|
|
|
|
|
dialects older than SMB2.1 is often discouraged on public networks.
|
|
|
|
|
This module also provides limited support for OS/2 and Windows ME
|
|
|
|
|
and similar very old servers.
|
2008-10-19 11:28:49 +08:00
|
|
|
|
2018-06-29 08:30:23 +08:00
|
|
|
This module provides an advanced network file system client
|
2017-07-09 07:48:15 +08:00
|
|
|
for mounting to SMB3 (and CIFS) compliant servers. It includes
|
2008-10-19 11:28:49 +08:00
|
|
|
support for DFS (hierarchical name space), secure per-user
|
2018-06-29 08:30:23 +08:00
|
|
|
session establishment via Kerberos or NTLM or NTLMv2, RDMA
|
|
|
|
|
(smbdirect), advanced security features, per-share encryption,
|
|
|
|
|
directory leases, safe distributed caching (oplock), optional packet
|
2008-10-19 11:28:49 +08:00
|
|
|
signing, Unicode and other internationalization improvements.
|
2017-07-09 07:48:15 +08:00
|
|
|
|
|
|
|
|
In general, the default dialects, SMB3 and later, enable better
|
|
|
|
|
performance, security and features, than would be possible with CIFS.
|
|
|
|
|
Note that when mounting to Samba, due to the CIFS POSIX extensions,
|
|
|
|
|
CIFS mounts can provide slightly better POSIX compatibility
|
|
|
|
|
than SMB3 mounts. SMB2/SMB3 mount options are also
|
|
|
|
|
slightly simpler (compared to CIFS) due to protocol improvements.
|
|
|
|
|
|
2018-06-29 08:30:23 +08:00
|
|
|
If you need to mount to Samba, Azure, Macs or Windows from this machine, say Y.
|
2008-10-19 11:28:49 +08:00
|
|
|
|
|
|
|
|
config CIFS_STATS2
|
|
|
|
|
bool "Extended statistics"
|
2018-07-31 14:21:37 +08:00
|
|
|
depends on CIFS
|
2021-06-09 05:43:41 +08:00
|
|
|
default y
|
2008-10-19 11:28:49 +08:00
|
|
|
help
|
|
|
|
|
Enabling this option will allow more detailed statistics on SMB
|
|
|
|
|
request timing to be displayed in /proc/fs/cifs/DebugData and also
|
|
|
|
|
allow optional logging of slow responses to dmesg (depending on the
|
2020-12-12 13:31:16 +08:00
|
|
|
value of /proc/fs/cifs/cifsFYI). See Documentation/admin-guide/cifs/usage.rst
|
|
|
|
|
for more details. These additional statistics may have a minor effect
|
|
|
|
|
on performance and memory utilization.
|
2008-10-19 11:28:49 +08:00
|
|
|
|
2021-06-09 05:43:41 +08:00
|
|
|
If unsure, say Y.
|
2008-10-19 11:28:49 +08:00
|
|
|
|
2018-06-20 03:34:08 +08:00
|
|
|
config CIFS_ALLOW_INSECURE_LEGACY
|
|
|
|
|
bool "Support legacy servers which use less secure dialects"
|
|
|
|
|
depends on CIFS
|
|
|
|
|
default y
|
|
|
|
|
help
|
|
|
|
|
Modern dialects, SMB2.1 and later (including SMB3 and 3.1.1), have
|
|
|
|
|
additional security features, including protection against
|
|
|
|
|
man-in-the-middle attacks and stronger crypto hashes, so the use
|
|
|
|
|
of legacy dialects (SMB1/CIFS and SMB2.0) is discouraged.
|
|
|
|
|
|
|
|
|
|
Disabling this option prevents users from using vers=1.0 or vers=2.0
|
|
|
|
|
on mounts with cifs.ko
|
|
|
|
|
|
|
|
|
|
If unsure, say Y.
|
|
|
|
|
|
2008-10-19 11:28:49 +08:00
|
|
|
config CIFS_UPCALL
|
2010-08-04 22:16:33 +08:00
|
|
|
bool "Kerberos/SPNEGO advanced session setup"
|
2019-07-01 07:00:41 +08:00
|
|
|
depends on CIFS
|
2010-08-04 22:16:33 +08:00
|
|
|
help
|
|
|
|
|
Enables an upcall mechanism for CIFS which accesses userspace helper
|
|
|
|
|
utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets
|
|
|
|
|
which are needed to mount to certain secure servers (for which more
|
2017-07-09 07:48:15 +08:00
|
|
|
secure Kerberos authentication is required). If unsure, say Y.
|
2008-10-19 11:28:49 +08:00
|
|
|
|
|
|
|
|
config CIFS_XATTR
|
2019-03-07 06:22:59 +08:00
|
|
|
bool "CIFS extended attributes"
|
|
|
|
|
depends on CIFS
|
|
|
|
|
help
|
|
|
|
|
Extended attributes are name:value pairs associated with inodes by
|
|
|
|
|
the kernel or by users (see the attr(5) manual page for details).
|
|
|
|
|
CIFS maps the name of extended attributes beginning with the user
|
|
|
|
|
namespace prefix to SMB/CIFS EAs. EAs are stored on Windows
|
|
|
|
|
servers without the user namespace prefix, but their names are
|
|
|
|
|
seen by Linux cifs clients prefaced by the user namespace prefix.
|
|
|
|
|
The system namespace (used by some filesystems to store ACLs) is
|
|
|
|
|
not supported at this time.
|
|
|
|
|
|
|
|
|
|
If unsure, say Y.
|
2008-10-19 11:28:49 +08:00
|
|
|
|
|
|
|
|
config CIFS_POSIX
|
2019-03-07 06:22:59 +08:00
|
|
|
bool "CIFS POSIX Extensions"
|
|
|
|
|
depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY && CIFS_XATTR
|
|
|
|
|
help
|
|
|
|
|
Enabling this option will cause the cifs client to attempt to
|
2008-10-19 11:28:49 +08:00
|
|
|
negotiate a newer dialect with servers, such as Samba 3.0.5
|
|
|
|
|
or later, that optionally can handle more POSIX like (rather
|
|
|
|
|
than Windows like) file behavior. It also enables
|
|
|
|
|
support for POSIX ACLs (getfacl and setfacl) to servers
|
|
|
|
|
(such as Samba 3.10 and later) which can negotiate
|
|
|
|
|
CIFS POSIX ACL support. If unsure, say N.
|
|
|
|
|
|
2012-12-06 04:42:58 +08:00
|
|
|
config CIFS_DEBUG
|
|
|
|
|
bool "Enable CIFS debugging routines"
|
|
|
|
|
default y
|
|
|
|
|
depends on CIFS
|
|
|
|
|
help
|
2019-03-07 06:22:59 +08:00
|
|
|
Enabling this option adds helpful debugging messages to
|
|
|
|
|
the cifs code which increases the size of the cifs module.
|
|
|
|
|
If unsure, say Y.
|
|
|
|
|
|
2008-10-19 11:28:49 +08:00
|
|
|
config CIFS_DEBUG2
|
|
|
|
|
bool "Enable additional CIFS debugging routines"
|
2012-12-06 04:42:58 +08:00
|
|
|
depends on CIFS_DEBUG
|
2008-10-19 11:28:49 +08:00
|
|
|
help
|
2019-03-07 06:22:59 +08:00
|
|
|
Enabling this option adds a few more debugging routines
|
|
|
|
|
to the cifs code which slightly increases the size of
|
|
|
|
|
the cifs module and can cause additional logging of debug
|
|
|
|
|
messages in some error paths, slowing performance. This
|
|
|
|
|
option can be turned off unless you are debugging
|
|
|
|
|
cifs problems. If unsure, say N.
|
2008-10-19 11:28:49 +08:00
|
|
|
|
2017-05-24 22:13:25 +08:00
|
|
|
config CIFS_DEBUG_DUMP_KEYS
|
|
|
|
|
bool "Dump encryption keys for offline decryption (Unsafe)"
|
2017-07-09 07:48:15 +08:00
|
|
|
depends on CIFS_DEBUG
|
2017-05-24 22:13:25 +08:00
|
|
|
help
|
2019-03-07 06:22:59 +08:00
|
|
|
Enabling this will dump the encryption and decryption keys
|
|
|
|
|
used to communicate on an encrypted share connection on the
|
|
|
|
|
console. This allows Wireshark to decrypt and dissect
|
|
|
|
|
encrypted network captures. Enable this carefully.
|
|
|
|
|
If unsure, say N.
|
2017-05-24 22:13:25 +08:00
|
|
|
|
2009-02-22 09:33:07 +08:00
|
|
|
config CIFS_DFS_UPCALL
|
2019-03-07 06:22:59 +08:00
|
|
|
bool "DFS feature support"
|
2019-07-01 07:00:41 +08:00
|
|
|
depends on CIFS
|
2019-03-07 06:22:59 +08:00
|
|
|
help
|
|
|
|
|
Distributed File System (DFS) support is used to access shares
|
|
|
|
|
transparently in an enterprise name space, even if the share
|
|
|
|
|
moves to a different server. This feature also enables
|
|
|
|
|
an upcall mechanism for CIFS which contacts userspace helper
|
|
|
|
|
utilities to provide server name resolution (host names to
|
|
|
|
|
IP addresses) which is needed in order to reconnect to
|
|
|
|
|
servers if their addresses change or for implicit mounts of
|
|
|
|
|
DFS junction points. If unsure, say Y.
|
2009-02-22 09:33:07 +08:00
|
|
|
|
2020-12-01 02:02:49 +08:00
|
|
|
config CIFS_SWN_UPCALL
|
|
|
|
|
bool "SWN feature support"
|
|
|
|
|
depends on CIFS
|
|
|
|
|
help
|
|
|
|
|
The Service Witness Protocol (SWN) is used to get notifications
|
|
|
|
|
from a highly available server of resource state changes. This
|
2020-12-12 13:31:16 +08:00
|
|
|
feature enables an upcall mechanism for CIFS which contacts a
|
2020-12-01 02:02:49 +08:00
|
|
|
userspace daemon to establish the DCE/RPC connection to retrieve
|
|
|
|
|
the cluster available interfaces and resource change notifications.
|
|
|
|
|
If unsure, say Y.
|
|
|
|
|
|
2011-02-26 00:48:55 +08:00
|
|
|
config CIFS_NFSD_EXPORT
|
2019-03-07 06:22:59 +08:00
|
|
|
bool "Allow nfsd to export CIFS file system"
|
|
|
|
|
depends on CIFS && BROKEN
|
|
|
|
|
help
|
|
|
|
|
Allows NFS server to export a CIFS mounted share (nfsd over cifs)
|
2011-02-25 01:58:00 +08:00
|
|
|
|
2017-11-07 16:54:54 +08:00
|
|
|
config CIFS_SMB_DIRECT
|
2019-07-16 10:59:41 +08:00
|
|
|
bool "SMB Direct support"
|
2018-05-26 05:29:59 +08:00
|
|
|
depends on CIFS=m && INFINIBAND && INFINIBAND_ADDR_TRANS || CIFS=y && INFINIBAND=y && INFINIBAND_ADDR_TRANS=y
|
2017-11-07 16:54:54 +08:00
|
|
|
help
|
2019-07-16 10:59:41 +08:00
|
|
|
Enables SMB Direct support for SMB 3.0, 3.02 and 3.1.1.
|
2017-11-07 16:54:54 +08:00
|
|
|
SMB Direct allows transferring SMB packets over RDMA. If unsure,
|
2020-04-07 23:23:27 +08:00
|
|
|
say Y.
|
2017-11-07 16:54:54 +08:00
|
|
|
|
2012-10-02 01:48:03 +08:00
|
|
|
config CIFS_FSCACHE
|
2019-03-07 06:22:59 +08:00
|
|
|
bool "Provide CIFS client caching support"
|
cifs: Support fscache indexing rewrite
Change the cifs filesystem to take account of the changes to fscache's
indexing rewrite and reenable caching in cifs.
The following changes have been made:
(1) The fscache_netfs struct is no more, and there's no need to register
the filesystem as a whole.
(2) The session cookie is now an fscache_volume cookie, allocated with
fscache_acquire_volume(). That takes three parameters: a string
representing the "volume" in the index, a string naming the cache to
use (or NULL) and a u64 that conveys coherency metadata for the
volume.
For cifs, I've made it render the volume name string as:
"cifs,<ipaddress>,<sharename>"
where the sharename has '/' characters replaced with ';'.
This probably needs rethinking a bit as the total name could exceed
the maximum filename component length.
Further, the coherency data is currently just set to 0. It needs
something else doing with it - I wonder if it would suffice simply to
sum the resource_id, vol_create_time and vol_serial_number or maybe
hash them.
(3) The fscache_cookie_def is no more and needed information is passed
directly to fscache_acquire_cookie(). The cache no longer calls back
into the filesystem, but rather metadata changes are indicated at
other times.
fscache_acquire_cookie() is passed the same keying and coherency
information as before.
(4) The functions to set/reset cookies are removed and
fscache_use_cookie() and fscache_unuse_cookie() are used instead.
fscache_use_cookie() is passed a flag to indicate if the cookie is
opened for writing. fscache_unuse_cookie() is passed updates for the
metadata if we changed it (ie. if the file was opened for writing).
These are called when the file is opened or closed.
(5) cifs_setattr_*() are made to call fscache_resize() to change the size
of the cache object.
(6) The functions to read and write data are stubbed out pending a
conversion to use netfslib.
Changes
=======
ver #8:
- Abstract cache invalidation into a helper function.
- Fix some checkpatch warnings[3].
ver #7:
- Removed the accidentally added-back call to get the super cookie in
cifs_root_iget().
- Fixed the right call to cifs_fscache_get_super_cookie() to take account
of the "-o fsc" mount flag.
ver #6:
- Moved the change of gfpflags_allow_blocking() to current_is_kswapd() for
cifs here.
- Fixed one of the error paths in cifs_atomic_open() to jump around the
call to use the cookie.
- Fixed an additional successful return in the middle of cifs_open() to
use the cookie on the way out.
- Only get a volume cookie (and thus inode cookies) when "-o fsc" is
supplied to mount.
ver #5:
- Fixed a couple of bits of cookie handling[2]:
- The cookie should be released in cifs_evict_inode(), not
cifsFileInfo_put_final(). The cookie needs to persist beyond file
closure so that writepages will be able to write to it.
- fscache_use_cookie() needs to be called in cifs_atomic_open() as it is
for cifs_open().
ver #4:
- Fixed the use of sizeof with memset.
- tcon->vol_create_time is __le64 so doesn't need cpu_to_le64().
ver #3:
- Canonicalise the cifs coherency data to make the cache portable.
- Set volume coherency data.
ver #2:
- Use gfpflags_allow_blocking() rather than using flag directly.
- Upgraded to -rc4 to allow for upstream changes[1].
- fscache_acquire_volume() now returns errors.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Jeff Layton <jlayton@kernel.org>
cc: Steve French <smfrench@gmail.com>
cc: Shyam Prasad N <nspmangalore@gmail.com>
cc: linux-cifs@vger.kernel.org
cc: linux-cachefs@redhat.com
Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=23b55d673d7527b093cd97b7c217c82e70cd1af0 [1]
Link: https://lore.kernel.org/r/3419813.1641592362@warthog.procyon.org.uk/ [2]
Link: https://lore.kernel.org/r/CAH2r5muTanw9pJqzAHd01d9A8keeChkzGsCEH6=0rHutVLAF-A@mail.gmail.com/ [3]
Link: https://lore.kernel.org/r/163819671009.215744.11230627184193298714.stgit@warthog.procyon.org.uk/ # v1
Link: https://lore.kernel.org/r/163906982979.143852.10672081929614953210.stgit@warthog.procyon.org.uk/ # v2
Link: https://lore.kernel.org/r/163967187187.1823006.247415138444991444.stgit@warthog.procyon.org.uk/ # v3
Link: https://lore.kernel.org/r/164021579335.640689.2681324337038770579.stgit@warthog.procyon.org.uk/ # v4
Link: https://lore.kernel.org/r/3462849.1641593783@warthog.procyon.org.uk/ # v5
Link: https://lore.kernel.org/r/1318953.1642024578@warthog.procyon.org.uk/ # v6
Signed-off-by: Steve French <stfrench@microsoft.com>
2020-11-17 23:56:59 +08:00
|
|
|
depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y
|
2019-03-07 06:22:59 +08:00
|
|
|
help
|
|
|
|
|
Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data
|
|
|
|
|
to be cached locally on disk through the general filesystem cache
|
|
|
|
|
manager. If unsure, say N.
|
2019-07-17 06:04:50 +08:00
|
|
|
|
|
|
|
|
config CIFS_ROOT
|
|
|
|
|
bool "SMB root file system (Experimental)"
|
|
|
|
|
depends on CIFS=y && IP_PNP
|
|
|
|
|
help
|
|
|
|
|
Enables root file system support over SMB protocol.
|
|
|
|
|
|
|
|
|
|
Most people say N here.
|
