summaryrefslogtreecommitdiffstats
path: root/fs/cifs
Commit message (Collapse)AuthorAgeFilesLines
* regression: cifs endianness bugAl Viro2007-12-051-16/+17
| | | | | | | | | | | access_flags_to_mode() gets on-the-wire data (little-endian) and treats it as host-endian. Introduced in commit e01b64001359034d04c695388870936ed3d1b56b ("[CIFS] enable get mode from ACL when cifsacl mount option specified") Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* [CIFS] Fix check after use error in ACL codeSteve French2007-11-251-6/+7
| | | | | | | Spotted by the coverity scanner. CC: Adrian Bunk <bunk@kernel.org> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] Fix potential data corruption when writing out cached dirty pagesJeff Layton2007-11-205-30/+58
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix RedHat bug 329431 The idea here is separate "conscious" from "unconscious" flushes. Conscious flushes are those due to a fsync() or close(). Unconscious ones are flushes that occur as a side effect of some other operation or due to memory pressure. Currently, when an error occurs during an unconscious flush (ENOSPC or EIO), we toss out the page and don't preserve that error to report to the user when a conscious flush occurs. If after the unconscious flush, there are no more dirty pages for the inode, the conscious flush will simply return success even though there were previous errors when writing out pages. This can lead to data corruption. The easiest way to reproduce this is to mount up a CIFS share that's very close to being full or where the user is very close to quota. mv a file to the share that's slightly larger than the quota allows. The writes will all succeed (since they go to pagecache). The mv will do a setattr to set the new file's attributes. This calls filemap_write_and_wait, which will return an error since all of the pages can't be written out. Then later, when the flush and release ops occur, there are no more dirty pages in pagecache for the file and those operations return 0. mv then assumes that the file was written out correctly and deletes the original. CIFS already has a write_behind_rc variable where it stores the results from earlier flushes, but that value is only reported in cifs_close. Since the VFS ignores the return value from the release operation, this isn't helpful. We should be reporting this error during the flush operation. This patch does the following: 1) changes cifs_fsync to use filemap_write_and_wait and cifs_flush and also sync to check its return code. If it returns successful, they then check the value of write_behind_rc to see if an earlier flush had reported any errors. If so, they return that error and clear write_behind_rc. 2) sets write_behind_rc in a few other places where pages are written out as a side effect of other operations and the code waits on them. 3) changes cifs_setattr to only call filemap_write_and_wait for ATTR_SIZE changes. 4) makes cifs_writepages accurately distinguish between EIO and ENOSPC errors when writing out pages. Some simple testing indicates that the patch works as expected and that it fixes the reproduceable known problem. Acked-by: Dave Kleikamp <shaggy@austin.rr.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] Fix spurious reconnect on 2nd peek from read of SMB lengthPetr Tesarik2007-11-201-3/+3
| | | | | | | | | | | When retrying kernel_recvmsg() because of a short read, check returned length against the remaining length, not against total length. This avoids unneeded session reconnects which would otherwise occur when kernel_recvmsg() finally returns zero when asked to read zero bytes. Signed-off-by: Petr Tesarik <ptesarik@suse.cz> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] remove build warningSteve French2007-11-173-2/+2
| | | | | CC: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] Have CIFS_SessSetup build correct SPNEGO SessionSetup requestSteve French2007-11-164-18/+77
| | | | | | | | | | | | | | | Have CIFS_SessSetup call cifs_get_spnego_key when Kerberos is negotiated. Use the info in the key payload to build a session setup request packet. Also clean up how the request buffer in the function is freed on error. With appropriate user space helper (in samba/source/client). Kerberos support (secure session establishment can be done now via Kerberos, previously users would have to use NTLMv2 instead for more secure session setup). Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] minor checkpatch cleanupSteve French2007-11-163-9/+9
| | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] have cifs_get_spnego_key get the hostname from TCP_Server_InfoJeff Layton2007-11-162-3/+3
| | | | | Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] add hostname field to TCP_Server_Info structJeff Layton2007-11-162-0/+37
| | | | | | | ...and populate it with the hostname portion of the UNC string. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] clean up error handling in cifs_mountJeff Layton2007-11-161-58/+30
| | | | | | | | | | | Move all of the kfree's sprinkled in the middle of the function to the end, and have the code set rc and just goto there on error. Also zero out the password string before freeing it. Looks like this should also fix a potential memory leak of the prepath string if an error occurs near the end of the function. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] add ver= prefix to upcall format versionSteve French2007-11-161-6/+11
| | | | | | Acked-by: Jeff Layton <jlayton@redhat.com> Acked-by: Igor Mammedov <niallan@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] Fix buffer overflow if server sends corrupt response to smallSteve French2007-11-137-96/+133
| | | | | | | | | | | | | | | | | | | request In SendReceive() function in transport.c - it memcpy's message payload into a buffer passed via out_buf param. The function assumes that all buffers are of size (CIFSMaxBufSize + MAX_CIFS_HDR_SIZE) , unfortunately it is also called with smaller (MAX_CIFS_SMALL_BUFFER_SIZE) buffers. There are eight callers (SMB worker functions) which are primarily affected by this change: TreeDisconnect, uLogoff, Close, findClose, SetFileSize, SetFileTimes, Lock and PosixLock CC: Dave Kleikamp <shaggy@austin.ibm.com> CC: Przemyslaw Wegrzyn <czajnik@czajsoft.pl> Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [NET]: Add the helper kernel_sock_shutdown()Trond Myklebust2007-11-121-1/+1
| | | | | | | | | | | | | | | ...and fix a couple of bugs in the NBD, CIFS and OCFS2 socket handlers. Looking at the sock->op->shutdown() handlers, it looks as if all of them take a SHUT_RD/SHUT_WR/SHUT_RDWR argument instead of the RCV_SHUTDOWN/SEND_SHUTDOWN arguments. Add a helper, and then define the SHUT_* enum to ensure that kernel users of shutdown() don't get confused. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Acked-by: Mark Fasheh <mark.fasheh@oracle.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6Linus Torvalds2007-11-1223-170/+726
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6: (21 commits) [CIFS] fix oops on second mount to same server when null auth is used [CIFS] Fix stale mode after readdir when cifsacl specified [CIFS] add mode to acl conversion helper function [CIFS] Fix incorrect mode when ACL had deny access control entries [CIFS] Add uid to key description so krb can handle user mounts [CIFS] Fix walking out end of cifs dacl [CIFS] Add upcall files for cifs to use spnego/kerberos [CIFS] add OIDs for KRB5 and MSKRB5 to ASN1 parsing routines [CIFS] Register and unregister cifs_spnego_key_type on module init/exit [CIFS] implement upcalls for SPNEGO blob via keyctl API [CIFS] allow cifs_calc_signature2 to deal with a zero length iovec [CIFS] If no Access Control Entries, set mode perm bits to zero [CIFS] when mount helper missing fix slash wrong direction in share [CIFS] Don't request too much permission when reading an ACL [CIFS] enable get mode from ACL when cifsacl mount option specified [CIFS] ACL support part 8 [CIFS] acl support part 7 [CIFS] acl support part 6 [CIFS] acl support part 6 [CIFS] remove unused funtion compile warning when experimental off ...
| * [CIFS] fix oops on second mount to same server when null auth is usedJeff Layton2007-11-092-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a share is mounted using no username, cifs_mount sets volume_info.username as a NULL pointer, and the sesInfo userName as an empty string. The volume_info.username is passed to a couple of other functions to see if there is an existing unc or tcp connection that can be used. These functions assume that the username will be a valid string that can be passed to strncmp. If the pointer is NULL, then the kernel will oops if there's an existing session to which the string can be compared. This patch changes cifs_mount to set volume_info.username to an empty string in this situation, which prevents the oops and should make it so that the comparison to other null auth sessions match. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] Fix stale mode after readdir when cifsacl specifiedSteve French2007-11-081-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When mounted with cifsacl mount option, readdir can not instantiate the inode with the estimated mode based on the ACL for each file since we have not queried for the ACL for each of these files yet. So set the refresh time to zero for these inodes so that the next stat will cause the client to go to the server for the ACL info so we can build the estimated mode (this means we also will issue an extra QueryPathInfo if the stat happens within 1 second, but this is trivial compared to the time required to open/getacl/close for each). ls -l is slower when cifsacl mount option is specified, but displays correct mode information. Signed-off-by: Shirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] add mode to acl conversion helper functionSteve French2007-11-083-3/+37
| | | | | | | | | | Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] Fix incorrect mode when ACL had deny access control entriesSteve French2007-11-081-9/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When mounted with the cifsacl mount option, we were treating any deny ACEs found like allow ACEs and it turns out for SFU and SUA Windows set these type of access control entries often. The order of ACEs is important too. The canonical order that most ACL tools and Windows explorer consruct ACLs with is to begin with DENY entries then follow with ALLOW, otherwise an allow entry could be encountered first, making the subsequent deny entry like "dead code which would be superflous since Windows stops when a match is made for the operation you are trying to perform for your user We start with no permissions in the mode and build up as we find permissions (ie allow ACEs). This fixes deny ACEs so they affect the mask used to set the subsequent allow ACEs. Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com> CC: Alexander Bokovoy <ab@samba.org> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] Add uid to key description so krb can handle user mountsIgor Mammedov2007-11-081-4/+8
| | | | | | | | | | | | | | | | | | Adds uid to key description fro supporting user mounts and minor formating changes Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Igor Mammedov <niallain@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] Fix walking out end of cifs daclSteve French2007-11-057-14/+19
| | | | | | | | | | Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] Add upcall files for cifs to use spnego/kerberosSteve French2007-11-052-0/+170
| | | | | | | | | | Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] add OIDs for KRB5 and MSKRB5 to ASN1 parsing routinesJeff Layton2007-11-033-13/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | Also, fix the parser to recognize them and set the secType accordingly. Make CIFSSMBNegotiate not error out automatically after parsing the securityBlob. Also thanks to Q (Igor) and Simo for their help on this set of kerberos patches (and Dave Howells for help on the upcall). Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] Register and unregister cifs_spnego_key_type on module init/exitJeff Layton2007-11-031-2/+14
| | | | | | | | | | Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] implement upcalls for SPNEGO blob via keyctl APIJeff Layton2007-11-032-1/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add routines to handle upcalls to userspace via keyctl for the purpose of getting a SPNEGO blob for a particular uid and server combination. Clean up the Makefile a bit and set it up to only compile cifs_spnego if CONFIG_CIFS_UPCALL is set. Also change CONFIG_CIFS_UPCALL to depend on CONFIG_KEYS rather than CONFIG_CONNECTOR. cifs_spnego.h defines the communications between kernel and userspace and is intended to be shared with userspace programs. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] allow cifs_calc_signature2 to deal with a zero length iovecJeff Layton2007-11-031-2/+3
| | | | | | | | | | | | | | | | Currently, cifs_calc_signature2 errors out if it gets a zero-length iovec. Fix it to silently continue in that case. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] If no Access Control Entries, set mode perm bits to zeroSteve French2007-11-013-23/+79
| | | | | | | | | | | | | | Also clean up ACL code Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] when mount helper missing fix slash wrong direction in shareSteve French2007-11-012-6/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Kernel bugzilla bug #9228 If mount helper (mount.cifs) missing, mounts with form like //10.11.12.13/c$ would not work (only mounts with slash e.g. //10.11.12.13\\c$ would work) due to problem with slash supposed to be converted to backslash by the mount helper (which is not there). If we fail on converting an IPv4 address in in4_pton then try to canonicalize the first slash (ie between sharename and host ip address) if necessary. If we have to retry to check for IPv6 address the slash is already converted if necessary. Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] Don't request too much permission when reading an ACLSteve French2007-10-314-12/+48
| | | | | | | | | | | | | | | | | | We were requesting GENERIC_READ but that fails when we do not have read permission on the file (even if we could read the ACL). Also move the dump access control entry code into debug ifdef. Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] enable get mode from ACL when cifsacl mount option specifiedShirish Pargaonkar2007-10-302-8/+24
| | | | | | | | | | | | | | | | Part 9 of ACL patch series. getting mode from ACL now works in some cases (and requires CIFS_EXPERIMENTAL config option). Signed-off-by: Shirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] ACL support part 8Steve French2007-10-262-66/+73
| | | | | | | | | | | | | | | | Now GetACL in getinodeinfo path when cifsacl mount option used, and ACL is parsed for SIDs. Missing only one piece now to be able to retrieve the mode Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] acl support part 7Steve French2007-10-262-4/+19
| | | | | | | | | | | | Also fixes typo, build break Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] acl support part 6Steve French2007-10-2510-60/+169
| | | | | | | | | | | | Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com> CC: Cyrill Gorcunov <gorcunov@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] acl support part 6Steve French2007-10-233-65/+28
| | | | | | | | | | CC: Shirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] remove unused funtion compile warning when experimental offParag Warudkar2007-10-231-0/+2
| | | | | | | | | | | | | | | | | | get rid of couple of unused function warnings which show up when CONFIG_CIFS_EXPERIMENTAL is not defined - wrap them in #ifdef CONFIG_CIFS_EXPERIMENTAL. Patch against current git. Signed-off-by: Parag Warudkar <kernel-stuff@comcast.net> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] ACL support part 5Steve French2007-10-193-1/+30
| | | | | | | | | | Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | exportfs: make struct export_operations constChristoph Hellwig2007-10-222-2/+2
|/ | | | | | | | | | | | | | | | | | | | | | | Now that nfsd has stopped writing to the find_exported_dentry member we an mark the export_operations const Signed-off-by: Christoph Hellwig <hch@lst.de> Cc: Neil Brown <neilb@suse.de> Cc: "J. Bruce Fields" <bfields@fieldses.org> Cc: <linux-ext4@vger.kernel.org> Cc: Dave Kleikamp <shaggy@austin.ibm.com> Cc: Anton Altaparmakov <aia21@cantab.net> Cc: David Chinner <dgc@sgi.com> Cc: Timothy Shimmin <tes@sgi.com> Cc: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> Cc: Hugh Dickins <hugh@veritas.com> Cc: Chris Mason <mason@suse.com> Cc: Jeff Mahoney <jeffm@suse.com> Cc: "Vladimir V. Saveliev" <vs@namesys.com> Cc: Steven Whitehouse <swhiteho@redhat.com> Cc: Mark Fasheh <mark.fasheh@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6Linus Torvalds2007-10-1926-383/+961
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6: (51 commits) [CIFS] log better errors on failed mounts [CIFS] Return better error when server requires signing but client forbids [CIFS] fix typo [CIFS] acl support part 4 [CIFS] Fix minor problems noticed by scan [CIFS] fix bad handling of EAGAIN error on kernel_recvmsg in cifs_demultiplex_thread [CIFS] build break [CIFS] endian fixes [CIFS] endian fixes in new acl code [CIFS] Fix some endianness problems in new acl code [CIFS] missing #endif from a previous patch [CIFS] formatting fixes [CIFS] Break up unicode_sessetup string functions [CIFS] parse server_GUID in SPNEGO negProt response [CIFS] [CIFS] Fix endian conversion problem in posix mkdir [CIFS] fix build break when lanman not enabled [CIFS] remove two sparse warnings [CIFS] remove compile warnings when debug disabled [CIFS] CIFS ACL support part 3 ...
| * [CIFS] log better errors on failed mountsSteve French2007-10-186-26/+35
| | | | | | | | | | | | | | | | Also returns more accurate errors to mount for the cases of account expired and password expired Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] Return better error when server requires signing but client forbidsSteve French2007-10-182-2/+5
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] fix typoSteve French2007-10-171-1/+1
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] acl support part 4Steve French2007-10-173-9/+25
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] Fix minor problems noticed by scanSteve French2007-10-172-7/+10
| | | | | | | | | | | | Coverity scan pointed out some minor possible errors. Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] fix bad handling of EAGAIN error on kernel_recvmsg in ↵Steve French2007-10-172-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | cifs_demultiplex_thread When kernel_recvmsg returns -EAGAIN or -ERESTARTSYS, then cifs_demultiplex_thread sleeps for a bit and then tries the read again. When it does this, it's not zeroing out the length and that throws off the value of total_read. Fix it to zero out the length. Can cause memory corruption: If kernel_recvmsg returns an error and total_read is a large enough value, then we'll end up going through the loop again. total_read will be a bogus value, as will (pdu_length-total_read). When this happens we end up calling kernel_recvmsg with a bogus value (possibly larger than the current iov_len). At that point, memcpy_toiovec can overrun iov. It will start walking up the stack, casting other things that are there to struct iovecs (since it assumes that it's been passed an array of them). Any pointer on the stack at an address above the kvec is a candidate for corruption here. Many thanks to Ulrich Obergfell for pointing this out. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] build breakSteve French2007-10-171-1/+1
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] endian fixesSteve French2007-10-171-3/+3
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] endian fixes in new acl codeDave Kleikamp2007-10-161-11/+11
| | | | | | | | | | Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] Fix some endianness problems in new acl codeSteve French2007-10-163-27/+26
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] missing #endif from a previous patchSteve French2007-10-161-0/+2
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] formatting fixesCyrill Gorcunov2007-10-161-31/+26
| | | | | | | | | | Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] Break up unicode_sessetup string functionsJeff Layton2007-10-162-26/+55
| | | | | | | | | | | | | | | | SPNEGO setup needs only some of these strings. Break up unicode_ssetup_strings so we can call them individually. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
OpenPOWER on IntegriCloud