[Xenial][PULL] CIFS: Enable encryption for SMB3

Thadeu Lima de Souza Cascardo cascardo at canonical.com
Wed Jun 21 15:14:33 UTC 2017


Ping?

On Thu, Jun 15, 2017 at 09:42:56AM -0300, Thadeu Lima de Souza Cascardo wrote:
> On Mon, May 08, 2017 at 02:11:36PM -0700, Joshua R. Poulson wrote:
> > I'll add it to our queue.
> 
> Hi, Joshua.
> 
> Did you get the chance to test it? I just rebased it on top of
> master-next.
> 
> I just realized I had pushed it to the ubuntu-kernel repo, not mine. I
> have removed the branch from the ubuntu-kernel repo and pushed it to the
> one below.
> 
> git+ssh://git.launchpad.net/~cascardo/ubuntu/+source/linux/+git/xenial
> 
> Thanks.
> Cascardo.
> 
> > 
> > On Mon, May 8, 2017 at 12:31 PM, Thadeu Lima de Souza Cascardo
> > <cascardo at canonical.com> wrote:
> > > On Mon, Mar 27, 2017 at 12:00:54PM -0400, Joseph Salisbury wrote:
> > >> There has been work upstream to enable encryption support for SMB3
> > >> connections. This is a particularly valuable (and commonly requested)
> > >> feature with the Azure Files service as encryption is required to connect
> > >> to an Azure Files storage share from on-prem or from a different Azure region.
> > >>
> > >> BugLink: http://bugs.launchpad.net/bugs/1670508
> > >
> > > This does not apply to xenial master-next, mainly due to commits
> > > 35067b7fba326a76624769e03afeb4b5ff182041 and
> > > f068ccac8a390dca36ee914ca3dfe7c8fb82bc12.
> > >
> > > I have reverted those, rebased, did a simple fixup on cherry-pick of
> > > ae6f8dd4d0c87bfb72da9d9b56342adf53e69c31 (now a backport), then applied
> > > those two commits again, by the way of cherry picking.
> > >
> > > It builds, but can we get some testing before the end of the week?
> > >
> > > It's at
> > > git+ssh://git.launchpad.net/~cascardo/ubuntu/+source/linux/+git/xenial,
> > > branch cifs.
> > >
> > > Thanks.
> > > Cascardo.
> > >
> > >>
> > >> The following changes since commit 05022128a513a344d156de5bffd88e3dda4c8da6:
> > >>
> > >>   UBUNTU: Ubuntu-4.4.0-66.87 (2017-03-03 13:13:10 +0100)
> > >>
> > >> are available in the git repository at:
> > >>
> > >>   kernel.ubuntu.com:/srv/kernel.ubuntu.com/git/jsalisbury/bugs/lp1670508/ubuntu-xenial.git
> > >>
> > >> for you to fetch changes up to a16041fde91bd7e13bd1e237a8ca9a1cd28877bf:
> > >>
> > >>   CIFS: Fix possible use after free in demultiplex thread (2017-03-27 11:52:33 -0400)
> > >>
> > >> ----------------------------------------------------------------
> > >> Al Viro (5):
> > >>       [net] drop 'size' argument of sock_recvmsg()
> > >>       cifs: merge the hash calculation helpers
> > >>       cifs: no need to wank with copying and advancing iovec on recvmsg side either
> > >>       cifs: don't bother with kmap on read_pages side
> > >>       cifs_readv_receive: use cifs_read_from_socket()
> > >>
> > >> Jean Delvare (3):
> > >>       cifs: Simplify SMB2 and SMB311 dependencies
> > >>       cifs: Only select the required crypto modules
> > >>       cifs: Add soft dependencies
> > >>
> > >> Pavel Shilovsky (16):
> > >>       CIFS: Separate SMB2 header structure
> > >>       CIFS: Make SendReceive2() takes resp iov
> > >>       CIFS: Make send_cancel take rqst as argument
> > >>       CIFS: Send RFC1001 length in a separate iov
> > >>       CIFS: Separate SMB2 sync header processing
> > >>       CIFS: Separate RFC1001 length processing for SMB2 read
> > >>       CIFS: Add capability to transform requests before sending
> > >>       CIFS: Enable encryption during session setup phase
> > >>       CIFS: Encrypt SMB3 requests before sending
> > >>       CIFS: Add transform header handling callbacks
> > >>       CIFS: Add mid handle callback
> > >>       CIFS: Add copy into pages callback for a read operation
> > >>       CIFS: Decrypt and process small encrypted packets
> > >>       CIFS: Add capability to decrypt big read responses
> > >>       CIFS: Allow to switch on encryption with seal mount option
> > >>       CIFS: Fix possible use after free in demultiplex thread
> > >>
> > >> Sachin Prabhu (3):
> > >>       Fix memory leaks in cifs_do_mount()
> > >>       SMB2: Separate Kerberos authentication from SMB2_sess_setup
> > >>       SMB2: Separate RawNTLMSSP authentication from SMB2_sess_setup
> > >>
> > >> Steve French (4):
> > >>       cifs: Make echo interval tunable
> > >>       Prepare for encryption support (first part). Add decryption and encryption key generation. Thanks to Metze for helping with this.
> > >>       SMB3: Add mount parameter to allow user to override max credits
> > >>       SMB3: parsing for new snapshot timestamp mount parm
> > >>
> > >>  drivers/target/iscsi/iscsi_target_util.c |    5 +-
> > >>  fs/cifs/Kconfig                          |   12 +-
> > >>  fs/cifs/cifsencrypt.c                    |  130 ++--
> > >>  fs/cifs/cifsfs.c                         |   16 +
> > >>  fs/cifs/cifsglob.h                       |   64 +-
> > >>  fs/cifs/cifsproto.h                      |   28 +-
> > >>  fs/cifs/cifssmb.c                        |  146 ++--
> > >>  fs/cifs/connect.c                        |  273 ++++----
> > >>  fs/cifs/file.c                           |  101 +--
> > >>  fs/cifs/misc.c                           |    2 +-
> > >>  fs/cifs/sess.c                           |   27 +-
> > >>  fs/cifs/smb1ops.c                        |    4 +-
> > >>  fs/cifs/smb2glob.h                       |   13 +-
> > >>  fs/cifs/smb2maperror.c                   |    5 +-
> > >>  fs/cifs/smb2misc.c                       |   83 ++-
> > >>  fs/cifs/smb2ops.c                        |  698 ++++++++++++++++++-
> > >>  fs/cifs/smb2pdu.c                        | 1104 +++++++++++++++++++-----------
> > >>  fs/cifs/smb2pdu.h                        |   35 +-
> > >>  fs/cifs/smb2proto.h                      |    8 +-
> > >>  fs/cifs/smb2transport.c                  |  337 +++++----
> > >>  fs/cifs/transport.c                      |  171 +++--
> > >>  include/linux/net.h                      |    3 +-
> > >>  net/socket.c                             |   23 +-
> > >>  23 files changed, 2297 insertions(+), 991 deletions(-)
> > >>
> > >> --
> > >> kernel-team mailing list
> > >> kernel-team at lists.ubuntu.com
> > >> https://lists.ubuntu.com/mailman/listinfo/kernel-team
> > >
> > > --
> > > kernel-team mailing list
> > > kernel-team at lists.ubuntu.com
> > > https://lists.ubuntu.com/mailman/listinfo/kernel-team
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team



More information about the kernel-team mailing list