lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20250831123602.14037-35-pali@kernel.org>
Date: Sun, 31 Aug 2025 14:36:01 +0200
From: Pali Rohár <pali@...nel.org>
To: Steve French <sfrench@...ba.org>,
	Paulo Alcantara <pc@...guebit.com>,
	ronnie sahlberg <ronniesahlberg@...il.com>
Cc: linux-cifs@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH 34/35] cifs: Use CREATE_OPTION_EXCLUSIVE when opening file/dir for SMB2+ non-POSIX unlink/rmdir

Using of CREATE_OPTION_EXCLUSIVE against non-POSIX SMB2+ server ensures
that the smb2_remove() function either success and removes the directory
entry or it returns an error that file or directory is in use by other SMB
client and silly rename is required to use.

POSIX-based SMB2+ servers do not have this problems as they should unlink
the directory entry immediately and not transition them into delete pending
state.

This allows the cifs_unlink() and cifs_rmdir() functions against non-POSIX
servers to detect these failures via -EBUSY error from smb2_unlink() and
smb2_rmdir() calls and fallbacks to cifs_rename_pending_delete() which
implements silly rename.

This is the final change which enables the silly rename functionality for
the unlink and rmdir calls in SMB2+ dialects on mounted exports from
Windows servers.

With this change Linux unlink() and rmdir() syscalls called on SMB2+ mounts
from Windows servers cause that on success the path would not exist anymore
and new file or directory with that path can be created.

Signed-off-by: Pali Rohár <pali@...nel.org>
---
 fs/smb/client/smb2inode.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/fs/smb/client/smb2inode.c b/fs/smb/client/smb2inode.c
index 0dd4a77dfb64..727349ed76b9 100644
--- a/fs/smb/client/smb2inode.c
+++ b/fs/smb/client/smb2inode.c
@@ -1351,6 +1351,23 @@ smb2_remove(const unsigned int xid, struct cifs_tcon *tcon, const char *name,
 		op = SMB2_OP_DELETE;
 		op_flags = CREATE_NOT_DIR;
 	}
+
+	/*
+	 * CREATE_OPTION_EXCLUSIVE ensures exclusive access to the path.
+	 * If some other client has that path opened then our open fails.
+	 * So together with remove operation it cause that either the path
+	 * is immediately unlinked or the command fails with -EBUSY.
+	 * It should not let the path in the delete pending state.
+	 *
+	 * When using POSIX extensions then we do not need any exclusive
+	 * access to the file or directory.
+	 * In this case the path is unlinked immediately even if it is opened
+	 * by other client. Unlink fails only in case path is directory and
+	 * that directory is not empty.
+	 */
+	if (!tcon->posix_extensions)
+		op_flags |= CREATE_OPTION_EXCLUSIVE;
+
 	oparms = CIFS_OPARMS(cifs_sb, tcon, name,
 			     DELETE, FILE_OPEN,
 			     OPEN_REPARSE_POINT | op_flags,
-- 
2.20.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ