2019-05-19 15:07:45 +03:00
# SPDX-License-Identifier: GPL-2.0-only
2008-10-19 07:28:49 +04:00
config CIFS
2017-07-09 02:48:15 +03:00
tristate "SMB3 and CIFS support (advanced network filesystem)"
2008-10-19 07:28:49 +04:00
depends on INET
select NLS
2010-10-21 23:25:08 +04:00
select CRYPTO
select CRYPTO_MD5
2017-10-19 23:09:29 +03:00
select CRYPTO_SHA256
2018-09-07 19:24:17 +03:00
select CRYPTO_SHA512
2017-10-19 23:09:29 +03:00
select CRYPTO_CMAC
2010-11-14 06:34:30 +03:00
select CRYPTO_HMAC
2017-10-19 23:09:29 +03:00
select CRYPTO_AEAD2
select CRYPTO_CCM
2019-06-14 22:46:35 +03:00
select CRYPTO_GCM
2011-06-03 12:49:01 +04:00
select CRYPTO_ECB
2017-10-19 23:09:29 +03:00
select CRYPTO_AES
2019-07-01 02:00:41 +03:00
select KEYS
2021-03-31 17:35:24 +03:00
select DNS_RESOLVER
2021-06-08 17:53:14 +03:00
select ASN1
select OID_REGISTRY
2008-10-19 07:28:49 +04:00
help
2017-07-09 02:48:15 +03:00
This is the client VFS module for the SMB3 family of NAS protocols,
2018-06-29 03:30:23 +03:00
(including support for the most recent, most secure dialect SMB3.1.1)
as well as for earlier dialects such as SMB2.1, SMB2 and the older
2017-07-09 02:48:15 +03:00
Common Internet File System (CIFS) protocol. CIFS was the successor
to the original dialect, the Server Message Block (SMB) protocol, the
native file sharing mechanism for most early PC operating systems.
2018-06-29 03:30:23 +03:00
The SMB3 protocol is supported by most modern operating systems
and NAS appliances (e.g. Samba, Windows 10, Windows Server 2016,
MacOS) and even in the cloud (e.g. Microsoft Azure).
2017-07-09 02:48:15 +03:00
The older CIFS protocol was included in Windows NT4, 2000 and XP (and
later) as well by Samba (which provides excellent CIFS and SMB3
2018-06-29 03:30:23 +03:00
server support for Linux and many other operating systems). Use of
dialects older than SMB2.1 is often discouraged on public networks.
This module also provides limited support for OS/2 and Windows ME
and similar very old servers.
2008-10-19 07:28:49 +04:00
2018-06-29 03:30:23 +03:00
This module provides an advanced network file system client
2017-07-09 02:48:15 +03:00
for mounting to SMB3 (and CIFS) compliant servers. It includes
2008-10-19 07:28:49 +04:00
support for DFS (hierarchical name space), secure per-user
2018-06-29 03:30:23 +03:00
session establishment via Kerberos or NTLM or NTLMv2, RDMA
(smbdirect), advanced security features, per-share encryption,
directory leases, safe distributed caching (oplock), optional packet
2008-10-19 07:28:49 +04:00
signing, Unicode and other internationalization improvements.
2017-07-09 02:48:15 +03:00
In general, the default dialects, SMB3 and later, enable better
performance, security and features, than would be possible with CIFS.
Note that when mounting to Samba, due to the CIFS POSIX extensions,
CIFS mounts can provide slightly better POSIX compatibility
than SMB3 mounts. SMB2/SMB3 mount options are also
slightly simpler (compared to CIFS) due to protocol improvements.
2018-06-29 03:30:23 +03:00
If you need to mount to Samba, Azure, Macs or Windows from this machine, say Y.
2008-10-19 07:28:49 +04:00
config CIFS_STATS2
bool "Extended statistics"
2018-07-31 09:21:37 +03:00
depends on CIFS
2021-06-09 00:43:41 +03:00
default y
2008-10-19 07:28:49 +04:00
help
Enabling this option will allow more detailed statistics on SMB
request timing to be displayed in /proc/fs/cifs/DebugData and also
allow optional logging of slow responses to dmesg (depending on the
2020-12-12 08:31:16 +03:00
value of /proc/fs/cifs/cifsFYI). See Documentation/admin-guide/cifs/usage.rst
for more details. These additional statistics may have a minor effect
on performance and memory utilization.
2008-10-19 07:28:49 +04:00
2021-06-09 00:43:41 +03:00
If unsure, say Y.
2008-10-19 07:28:49 +04:00
2018-06-19 22:34:08 +03:00
config CIFS_ALLOW_INSECURE_LEGACY
bool "Support legacy servers which use less secure dialects"
depends on CIFS
default y
help
Modern dialects, SMB2.1 and later (including SMB3 and 3.1.1), have
additional security features, including protection against
man-in-the-middle attacks and stronger crypto hashes, so the use
of legacy dialects (SMB1/CIFS and SMB2.0) is discouraged.
Disabling this option prevents users from using vers=1.0 or vers=2.0
on mounts with cifs.ko
If unsure, say Y.
2008-10-19 07:28:49 +04:00
config CIFS_UPCALL
2010-08-04 18:16:33 +04:00
bool "Kerberos/SPNEGO advanced session setup"
2019-07-01 02:00:41 +03:00
depends on CIFS
2010-08-04 18:16:33 +04:00
help
Enables an upcall mechanism for CIFS which accesses userspace helper
utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets
which are needed to mount to certain secure servers (for which more
2017-07-09 02:48:15 +03:00
secure Kerberos authentication is required). If unsure, say Y.
2008-10-19 07:28:49 +04:00
config CIFS_XATTR
2019-03-07 01:22:59 +03:00
bool "CIFS extended attributes"
depends on CIFS
help
Extended attributes are name:value pairs associated with inodes by
the kernel or by users (see the attr(5) manual page for details).
CIFS maps the name of extended attributes beginning with the user
namespace prefix to SMB/CIFS EAs. EAs are stored on Windows
servers without the user namespace prefix, but their names are
seen by Linux cifs clients prefaced by the user namespace prefix.
The system namespace (used by some filesystems to store ACLs) is
not supported at this time.
If unsure, say Y.
2008-10-19 07:28:49 +04:00
config CIFS_POSIX
2019-03-07 01:22:59 +03:00
bool "CIFS POSIX Extensions"
depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY && CIFS_XATTR
help
Enabling this option will cause the cifs client to attempt to
2008-10-19 07:28:49 +04:00
negotiate a newer dialect with servers, such as Samba 3.0.5
or later, that optionally can handle more POSIX like (rather
than Windows like) file behavior. It also enables
support for POSIX ACLs (getfacl and setfacl) to servers
(such as Samba 3.10 and later) which can negotiate
CIFS POSIX ACL support. If unsure, say N.
2012-12-06 00:42:58 +04:00
config CIFS_DEBUG
bool "Enable CIFS debugging routines"
default y
depends on CIFS
help
2019-03-07 01:22:59 +03:00
Enabling this option adds helpful debugging messages to
the cifs code which increases the size of the cifs module.
If unsure, say Y.
2008-10-19 07:28:49 +04:00
config CIFS_DEBUG2
bool "Enable additional CIFS debugging routines"
2012-12-06 00:42:58 +04:00
depends on CIFS_DEBUG
2008-10-19 07:28:49 +04:00
help
2019-03-07 01:22:59 +03:00
Enabling this option adds a few more debugging routines
to the cifs code which slightly increases the size of
the cifs module and can cause additional logging of debug
messages in some error paths, slowing performance. This
option can be turned off unless you are debugging
cifs problems. If unsure, say N.
2008-10-19 07:28:49 +04:00
2017-05-24 17:13:25 +03:00
config CIFS_DEBUG_DUMP_KEYS
bool "Dump encryption keys for offline decryption (Unsafe)"
2017-07-09 02:48:15 +03:00
depends on CIFS_DEBUG
2017-05-24 17:13:25 +03:00
help
2019-03-07 01:22:59 +03:00
Enabling this will dump the encryption and decryption keys
used to communicate on an encrypted share connection on the
console. This allows Wireshark to decrypt and dissect
encrypted network captures. Enable this carefully.
If unsure, say N.
2017-05-24 17:13:25 +03:00
2009-02-22 04:33:07 +03:00
config CIFS_DFS_UPCALL
2019-03-07 01:22:59 +03:00
bool "DFS feature support"
2019-07-01 02:00:41 +03:00
depends on CIFS
2019-03-07 01:22:59 +03:00
help
Distributed File System (DFS) support is used to access shares
transparently in an enterprise name space, even if the share
moves to a different server. This feature also enables
an upcall mechanism for CIFS which contacts userspace helper
utilities to provide server name resolution (host names to
IP addresses) which is needed in order to reconnect to
servers if their addresses change or for implicit mounts of
DFS junction points. If unsure, say Y.
2009-02-22 04:33:07 +03:00
2020-11-30 21:02:49 +03:00
config CIFS_SWN_UPCALL
bool "SWN feature support"
depends on CIFS
help
The Service Witness Protocol (SWN) is used to get notifications
from a highly available server of resource state changes. This
2020-12-12 08:31:16 +03:00
feature enables an upcall mechanism for CIFS which contacts a
2020-11-30 21:02:49 +03:00
userspace daemon to establish the DCE/RPC connection to retrieve
the cluster available interfaces and resource change notifications.
If unsure, say Y.
2011-02-25 19:48:55 +03:00
config CIFS_NFSD_EXPORT
2019-03-07 01:22:59 +03:00
bool "Allow nfsd to export CIFS file system"
depends on CIFS && BROKEN
help
Allows NFS server to export a CIFS mounted share (nfsd over cifs)
2011-02-24 20:58:00 +03:00
2017-11-07 11:54:54 +03:00
config CIFS_SMB_DIRECT
2019-07-16 05:59:41 +03:00
bool "SMB Direct support"
2018-05-26 00:29:59 +03:00
depends on CIFS=m && INFINIBAND && INFINIBAND_ADDR_TRANS || CIFS=y && INFINIBAND=y && INFINIBAND_ADDR_TRANS=y
2017-11-07 11:54:54 +03:00
help
2019-07-16 05:59:41 +03:00
Enables SMB Direct support for SMB 3.0, 3.02 and 3.1.1.
2017-11-07 11:54:54 +03:00
SMB Direct allows transferring SMB packets over RDMA. If unsure,
2020-04-07 18:23:27 +03:00
say Y.
2017-11-07 11:54:54 +03:00
2012-10-01 21:48:03 +04:00
config CIFS_FSCACHE
2019-03-07 01:22:59 +03:00
bool "Provide CIFS client caching support"
cifs: Support fscache indexing rewrite
Change the cifs filesystem to take account of the changes to fscache's
indexing rewrite and reenable caching in cifs.
The following changes have been made:
(1) The fscache_netfs struct is no more, and there's no need to register
the filesystem as a whole.
(2) The session cookie is now an fscache_volume cookie, allocated with
fscache_acquire_volume(). That takes three parameters: a string
representing the "volume" in the index, a string naming the cache to
use (or NULL) and a u64 that conveys coherency metadata for the
volume.
For cifs, I've made it render the volume name string as:
"cifs,<ipaddress>,<sharename>"
where the sharename has '/' characters replaced with ';'.
This probably needs rethinking a bit as the total name could exceed
the maximum filename component length.
Further, the coherency data is currently just set to 0. It needs
something else doing with it - I wonder if it would suffice simply to
sum the resource_id, vol_create_time and vol_serial_number or maybe
hash them.
(3) The fscache_cookie_def is no more and needed information is passed
directly to fscache_acquire_cookie(). The cache no longer calls back
into the filesystem, but rather metadata changes are indicated at
other times.
fscache_acquire_cookie() is passed the same keying and coherency
information as before.
(4) The functions to set/reset cookies are removed and
fscache_use_cookie() and fscache_unuse_cookie() are used instead.
fscache_use_cookie() is passed a flag to indicate if the cookie is
opened for writing. fscache_unuse_cookie() is passed updates for the
metadata if we changed it (ie. if the file was opened for writing).
These are called when the file is opened or closed.
(5) cifs_setattr_*() are made to call fscache_resize() to change the size
of the cache object.
(6) The functions to read and write data are stubbed out pending a
conversion to use netfslib.
Changes
=======
ver #8:
- Abstract cache invalidation into a helper function.
- Fix some checkpatch warnings[3].
ver #7:
- Removed the accidentally added-back call to get the super cookie in
cifs_root_iget().
- Fixed the right call to cifs_fscache_get_super_cookie() to take account
of the "-o fsc" mount flag.
ver #6:
- Moved the change of gfpflags_allow_blocking() to current_is_kswapd() for
cifs here.
- Fixed one of the error paths in cifs_atomic_open() to jump around the
call to use the cookie.
- Fixed an additional successful return in the middle of cifs_open() to
use the cookie on the way out.
- Only get a volume cookie (and thus inode cookies) when "-o fsc" is
supplied to mount.
ver #5:
- Fixed a couple of bits of cookie handling[2]:
- The cookie should be released in cifs_evict_inode(), not
cifsFileInfo_put_final(). The cookie needs to persist beyond file
closure so that writepages will be able to write to it.
- fscache_use_cookie() needs to be called in cifs_atomic_open() as it is
for cifs_open().
ver #4:
- Fixed the use of sizeof with memset.
- tcon->vol_create_time is __le64 so doesn't need cpu_to_le64().
ver #3:
- Canonicalise the cifs coherency data to make the cache portable.
- Set volume coherency data.
ver #2:
- Use gfpflags_allow_blocking() rather than using flag directly.
- Upgraded to -rc4 to allow for upstream changes[1].
- fscache_acquire_volume() now returns errors.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Jeff Layton <jlayton@kernel.org>
cc: Steve French <smfrench@gmail.com>
cc: Shyam Prasad N <nspmangalore@gmail.com>
cc: linux-cifs@vger.kernel.org
cc: linux-cachefs@redhat.com
Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=23b55d673d7527b093cd97b7c217c82e70cd1af0 [1]
Link: https://lore.kernel.org/r/3419813.1641592362@warthog.procyon.org.uk/ [2]
Link: https://lore.kernel.org/r/CAH2r5muTanw9pJqzAHd01d9A8keeChkzGsCEH6=0rHutVLAF-A@mail.gmail.com/ [3]
Link: https://lore.kernel.org/r/163819671009.215744.11230627184193298714.stgit@warthog.procyon.org.uk/ # v1
Link: https://lore.kernel.org/r/163906982979.143852.10672081929614953210.stgit@warthog.procyon.org.uk/ # v2
Link: https://lore.kernel.org/r/163967187187.1823006.247415138444991444.stgit@warthog.procyon.org.uk/ # v3
Link: https://lore.kernel.org/r/164021579335.640689.2681324337038770579.stgit@warthog.procyon.org.uk/ # v4
Link: https://lore.kernel.org/r/3462849.1641593783@warthog.procyon.org.uk/ # v5
Link: https://lore.kernel.org/r/1318953.1642024578@warthog.procyon.org.uk/ # v6
Signed-off-by: Steve French <stfrench@microsoft.com>
2020-11-17 18:56:59 +03:00
depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y
2019-03-07 01:22:59 +03:00
help
Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data
to be cached locally on disk through the general filesystem cache
manager. If unsure, say N.
2019-07-17 01:04:50 +03:00
config CIFS_ROOT
bool "SMB root file system (Experimental)"
depends on CIFS=y && IP_PNP
help
Enables root file system support over SMB protocol.
Most people say N here.
