From: Namjae Jeon <namjae.jeon@samsung.com>
To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: smfrench@gmail.com, senozhatsky@chromium.org, hyc.lee@gmail.com,
viro@zeniv.linux.org.uk, hch@lst.de, hch@infradead.org,
ronniesahlberg@gmail.com, aurelien.aptel@gmail.com,
aaptel@suse.com, sandeen@sandeen.net, dan.carpenter@oracle.com,
colin.king@canonical.com, rdunlap@infradead.org,
willy@infradead.org, Namjae Jeon <namjae.jeon@samsung.com>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
Steve French <stfrench@microsoft.com>
Subject: [PATCH v2 01/10] cifsd: add document
Date: Thu, 22 Apr 2021 09:28:15 +0900 [thread overview]
Message-ID: <20210422002824.12677-2-namjae.jeon@samsung.com> (raw)
In-Reply-To: <20210422002824.12677-1-namjae.jeon@samsung.com>
This adds a document describing ksmbd design, key features and usage.
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com>
Acked-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
Documentation/filesystems/cifs/cifsd.rst | 152 +++++++++++++++++++++++
Documentation/filesystems/cifs/index.rst | 10 ++
Documentation/filesystems/index.rst | 2 +-
3 files changed, 163 insertions(+), 1 deletion(-)
create mode 100644 Documentation/filesystems/cifs/cifsd.rst
create mode 100644 Documentation/filesystems/cifs/index.rst
diff --git a/Documentation/filesystems/cifs/cifsd.rst b/Documentation/filesystems/cifs/cifsd.rst
new file mode 100644
index 000000000000..cb9f87b8529f
--- /dev/null
+++ b/Documentation/filesystems/cifs/cifsd.rst
@@ -0,0 +1,152 @@
+.. SPDX-License-Identifier: GPL-2.0
+
+==========================
+CIFSD - SMB3 Kernel Server
+==========================
+
+CIFSD is a linux kernel server which implements SMB3 protocol in kernel space
+for sharing files over network.
+
+CIFSD architecture
+==================
+
+The subset of performance related operations belong in kernelspace and
+the other subset which belong to operations which are not really related with
+performance in userspace. So, DCE/RPC management that has historically resulted
+into number of buffer overflow issues and dangerous security bugs and user
+account management are implemented in user space as ksmbd.mountd.
+File operations that are related with performance (open/read/write/close etc.)
+in kernel space (ksmbd). This also allows for easier integration with VFS
+interface for all file operations.
+
+ksmbd (kernel daemon)
+---------------------
+
+When the server daemon is started, It starts up a forker thread
+(ksmbd/interface name) at initialization time and open a dedicated port 445
+for listening to SMB requests. Whenever new clients make request, Forker
+thread will accept the client connection and fork a new thread for dedicated
+communication channel between the client and the server. It allows for parallel
+processing of SMB requests(commands) from clients as well as allowing for new
+clients to make new connections. Each instance is named ksmbd/1~n(port number)
+to indicate connected clients. Depending on the SMB request types, each new
+thread can decide to pass through the commands to the user space (ksmbd.mountd),
+currently DCE/RPC commands are identified to be handled through the user space.
+To further utilize the linux kernel, it has been chosen to process the commands
+as workitems and to be executed in the handlers of the ksmbd-io kworker threads.
+It allows for multiplexing of the handlers as the kernel take care of initiating
+extra worker threads if the load is increased and vice versa, if the load is
+decreased it destroys the extra worker threads. So, after connection is
+established with client. Dedicated ksmbd/1..n(port number) takes complete
+ownership of receiving/parsing of SMB commands. Each received command is worked
+in parallel i.e., There can be multiple clients commands which are worked in
+parallel. After receiving each command a separated kernel workitem is prepared
+for each command which is further queued to be handled by ksmbd-io kworkers.
+So, each SMB workitem is queued to the kworkers. This allows the benefit of load
+sharing to be managed optimally by the default kernel and optimizing client
+performance by handling client commands in parallel.
+
+ksmbd.mountd (user space daemon)
+--------------------------------
+
+ksmbd.mountd is userspace process to, transfer user account and password that
+are registered using ksmbd.adduser(part of utils for user space). Further it
+allows sharing information parameters that parsed from smb.conf to ksmbd in
+kernel. For the execution part it has a daemon which is continuously running
+and connected to the kernel interface using netlink socket, it waits for the
+requests(dcerpc and share/user info). It handles RPC calls (at a minimum few
+dozen) that are most important for file server from NetShareEnum and
+NetServerGetInfo. Complete DCE/RPC response is prepared from the user space
+and passed over to the associated kernel thread for the client.
+
+
+CIFSD Feature Status
+====================
+
+============================== =================================================
+Feature name Status
+============================== =================================================
+Dialects Supported. SMB2.1 SMB3.0, SMB3.1.1 dialects
+ excluding security vulnerable SMB1.
+Auto Negotiation Supported.
+Compound Request Supported.
+Oplock Cache Mechanism Supported.
+SMB2 leases(v1 lease) Supported.
+Directory leases(v2 lease) Planned for future.
+Multi-credits Supported.
+NTLM/NTLMv2 Supported.
+HMAC-SHA256 Signing Supported.
+Secure negotiate Supported.
+Signing Update Supported.
+Pre-authentication integrity Supported.
+SMB3 encryption(CCM, GCM) Supported.
+SMB direct(RDMA) Partial Supported. SMB3 Multi-channel is required
+ to connect to Windows client.
+SMB3 Multi-channel In Progress.
+SMB3.1.1 POSIX extension Supported.
+ACLs Partial Supported. only DACLs available, SACLs is
+ planned for future. ksmbd generate random subauth
+ values(then store it to disk) and use uid/gid
+ get from inode as RID for local domain SID.
+ The current acl implementation is limited to
+ standalone server, not a domain member.
+Kerberos Supported.
+Durable handle v1,v2 Planned for future.
+Persistent handle Planned for future.
+SMB2 notify Planned for future.
+Sparse file support Supported.
+DCE/RPC support Partial Supported. a few calls(NetShareEnumAll,
+ NetServerGetInfo, SAMR, LSARPC) that needed as
+ file server via netlink interface from
+ ksmbd.mountd.
+============================== =================================================
+
+
+How to run
+==========
+
+1. Download ksmbd-tools and compile them.
+ - https://github.com/cifsd-team/ksmbd-tools
+
+2. Create user/password for SMB share.
+
+ # mkdir /etc/ksmbd/
+ # ksmbd.adduser -a <Enter USERNAME for SMB share access>
+
+3. Create /etc/ksmbd/smb.conf file, add SMB share in smb.conf file
+ - Refer smb.conf.example and
+ https://github.com/cifsd-team/ksmbd-tools/blob/master/Documentation/configuration.txt
+
+4. Insert ksmbd.ko module
+
+ # insmod ksmbd.ko
+
+5. Start ksmbd user space daemon
+ # ksmbd.mountd
+
+6. Access share from Windows or Linux using CIFS
+
+Shutdown CIFSD
+==============
+
+1. kill user and kernel space daemon
+ # sudo ksmbd.control -s
+
+How to turn debug print on
+==========================
+
+Each layer
+/sys/class/ksmbd-control/debug
+
+1. Enable all component prints
+ # sudo ksmbd.control -d "all"
+
+2. Enable one of components(smb, auth, vfs, oplock, ipc, conn, rdma)
+ # sudo ksmbd.control -d "smb"
+
+3. Show what prints are enable.
+ # cat/sys/class/ksmbd-control/debug
+ [smb] auth vfs oplock ipc conn [rdma]
+
+4. Disable prints:
+ If you try the selected component once more, It is disabled without brackets.
diff --git a/Documentation/filesystems/cifs/index.rst b/Documentation/filesystems/cifs/index.rst
new file mode 100644
index 000000000000..e762586b5dc7
--- /dev/null
+++ b/Documentation/filesystems/cifs/index.rst
@@ -0,0 +1,10 @@
+===============================
+CIFS
+===============================
+
+
+.. toctree::
+ :maxdepth: 1
+
+ cifsd
+ cifsroot
diff --git a/Documentation/filesystems/index.rst b/Documentation/filesystems/index.rst
index 1f76b1cb3348..085702b5dbba 100644
--- a/Documentation/filesystems/index.rst
+++ b/Documentation/filesystems/index.rst
@@ -71,7 +71,7 @@ Documentation for filesystem implementations.
befs
bfs
btrfs
- cifs/cifsroot
+ cifs/index
ceph
coda
configfs
--
2.17.1
next prev parent reply other threads:[~2021-04-22 0:38 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20210422003835epcas1p246c40c6a6bbc0e9f5d4ccf9b69bef0d7@epcas1p2.samsung.com>
2021-04-22 0:28 ` [PATCH v2 00/10] cifsd: introduce new SMB3 kernel server Namjae Jeon
[not found] ` <CGME20210422003836epcas1p391ed30aed1cf7b010b93c32fc1aebe89@epcas1p3.samsung.com>
2021-04-22 0:28 ` Namjae Jeon [this message]
[not found] ` <CGME20210422003837epcas1p48d3a9bc060df8e8dca3fab76201000fc@epcas1p4.samsung.com>
2021-04-22 0:28 ` [PATCH v2 02/10] cifsd: add server handler Namjae Jeon
[not found] ` <CGME20210422003838epcas1p3c4529c7bc5a5a5e9e20187713d924033@epcas1p3.samsung.com>
2021-04-22 0:28 ` [PATCH v2 03/10] cifsd: add trasport layers Namjae Jeon
[not found] ` <CGME20210422003839epcas1p470ba6caba45731e45e84a296cf3880ad@epcas1p4.samsung.com>
2021-04-22 0:28 ` [PATCH v2 04/10] cifsd: add authentication Namjae Jeon
[not found] ` <CGME20210422003841epcas1p46060d68382b3e91046ade85cb9c1b6fe@epcas1p4.samsung.com>
2021-04-22 0:28 ` [PATCH v2 05/10] cifsd: add smb3 engine part 1 Namjae Jeon
[not found] ` <CGME20210422003842epcas1p1774510f2e4ccdb47dad4c1493842162d@epcas1p1.samsung.com>
2021-04-22 0:28 ` [PATCH v2 06/10] cifsd: add smb3 engine part 2 Namjae Jeon
[not found] ` <CGME20210422003843epcas1p374627e9b9bc86da8408892407a0b4428@epcas1p3.samsung.com>
2021-04-22 0:28 ` [PATCH v2 07/10] cifsd: add oplock/lease cache mechanism Namjae Jeon
2021-04-28 20:16 ` J. Bruce Fields
2021-04-29 0:36 ` Namjae Jeon
[not found] ` <CGME20210422003844epcas1p498d837c44d537534bc3b81da6ce302c3@epcas1p4.samsung.com>
2021-04-22 0:28 ` [PATCH v2 08/10] cifsd: add file operations Namjae Jeon
[not found] ` <CGME20210422003845epcas1p26e9145c0651b8ac8e3ad855df39163c7@epcas1p2.samsung.com>
2021-04-22 0:28 ` [PATCH v2 09/10] cifsd: add Kconfig and Makefile Namjae Jeon
[not found] ` <CGME20210422003846epcas1p1c8e4f9e46f77d2974e488785cd16d529@epcas1p1.samsung.com>
2021-04-22 0:28 ` [PATCH v2 10/10] MAINTAINERS: add cifsd kernel server Namjae Jeon
2021-04-27 20:53 ` [PATCH v2 00/10] cifsd: introduce new SMB3 " J. Bruce Fields
2021-04-27 21:38 ` Namjae Jeon
2021-04-28 19:13 ` J. Bruce Fields
2021-04-29 0:07 ` Namjae Jeon
2021-04-28 19:18 ` J. Bruce Fields
2021-04-28 20:19 ` Aurélien Aptel
2021-04-28 20:40 ` J. Bruce Fields
2021-04-28 22:24 ` Aurélien Aptel
2021-04-28 23:57 ` J. Bruce Fields
2021-04-29 0:18 ` Namjae Jeon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210422002824.12677-2-namjae.jeon@samsung.com \
--to=namjae.jeon@samsung.com \
--cc=aaptel@suse.com \
--cc=aurelien.aptel@gmail.com \
--cc=colin.king@canonical.com \
--cc=dan.carpenter@oracle.com \
--cc=hch@infradead.org \
--cc=hch@lst.de \
--cc=hyc.lee@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rdunlap@infradead.org \
--cc=ronniesahlberg@gmail.com \
--cc=sandeen@sandeen.net \
--cc=senozhatsky@chromium.org \
--cc=sergey.senozhatsky@gmail.com \
--cc=smfrench@gmail.com \
--cc=stfrench@microsoft.com \
--cc=viro@zeniv.linux.org.uk \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).