[Xenial][PULL] CIFS: Enable encryption for SMB3

Joshua R. Poulson jrp at pun.org
Wed Jun 21 15:18:10 UTC 2017


Pavel replied in the bug. --jrp

On Wed, Jun 21, 2017 at 8:14 AM, Thadeu Lima de Souza Cascardo
<cascardo at canonical.com> wrote:
> Ping?
>
> On Thu, Jun 15, 2017 at 09:42:56AM -0300, Thadeu Lima de Souza Cascardo wrote:
>> On Mon, May 08, 2017 at 02:11:36PM -0700, Joshua R. Poulson wrote:
>> > I'll add it to our queue.
>>
>> Hi, Joshua.
>>
>> Did you get the chance to test it? I just rebased it on top of
>> master-next.
>>
>> I just realized I had pushed it to the ubuntu-kernel repo, not mine. I
>> have removed the branch from the ubuntu-kernel repo and pushed it to the
>> one below.
>>
>> git+ssh://git.launchpad.net/~cascardo/ubuntu/+source/linux/+git/xenial
>>
>> Thanks.
>> Cascardo.
>>
>> >
>> > On Mon, May 8, 2017 at 12:31 PM, Thadeu Lima de Souza Cascardo
>> > <cascardo at canonical.com> wrote:
>> > > On Mon, Mar 27, 2017 at 12:00:54PM -0400, Joseph Salisbury wrote:
>> > >> There has been work upstream to enable encryption support for SMB3
>> > >> connections. This is a particularly valuable (and commonly requested)
>> > >> feature with the Azure Files service as encryption is required to connect
>> > >> to an Azure Files storage share from on-prem or from a different Azure region.
>> > >>
>> > >> BugLink: http://bugs.launchpad.net/bugs/1670508
>> > >
>> > > This does not apply to xenial master-next, mainly due to commits
>> > > 35067b7fba326a76624769e03afeb4b5ff182041 and
>> > > f068ccac8a390dca36ee914ca3dfe7c8fb82bc12.
>> > >
>> > > I have reverted those, rebased, did a simple fixup on cherry-pick of
>> > > ae6f8dd4d0c87bfb72da9d9b56342adf53e69c31 (now a backport), then applied
>> > > those two commits again, by the way of cherry picking.
>> > >
>> > > It builds, but can we get some testing before the end of the week?
>> > >
>> > > It's at
>> > > git+ssh://git.launchpad.net/~cascardo/ubuntu/+source/linux/+git/xenial,
>> > > branch cifs.
>> > >
>> > > Thanks.
>> > > Cascardo.
>> > >
>> > >>
>> > >> The following changes since commit 05022128a513a344d156de5bffd88e3dda4c8da6:
>> > >>
>> > >>   UBUNTU: Ubuntu-4.4.0-66.87 (2017-03-03 13:13:10 +0100)
>> > >>
>> > >> are available in the git repository at:
>> > >>
>> > >>   kernel.ubuntu.com:/srv/kernel.ubuntu.com/git/jsalisbury/bugs/lp1670508/ubuntu-xenial.git
>> > >>
>> > >> for you to fetch changes up to a16041fde91bd7e13bd1e237a8ca9a1cd28877bf:
>> > >>
>> > >>   CIFS: Fix possible use after free in demultiplex thread (2017-03-27 11:52:33 -0400)
>> > >>
>> > >> ----------------------------------------------------------------
>> > >> Al Viro (5):
>> > >>       [net] drop 'size' argument of sock_recvmsg()
>> > >>       cifs: merge the hash calculation helpers
>> > >>       cifs: no need to wank with copying and advancing iovec on recvmsg side either
>> > >>       cifs: don't bother with kmap on read_pages side
>> > >>       cifs_readv_receive: use cifs_read_from_socket()
>> > >>
>> > >> Jean Delvare (3):
>> > >>       cifs: Simplify SMB2 and SMB311 dependencies
>> > >>       cifs: Only select the required crypto modules
>> > >>       cifs: Add soft dependencies
>> > >>
>> > >> Pavel Shilovsky (16):
>> > >>       CIFS: Separate SMB2 header structure
>> > >>       CIFS: Make SendReceive2() takes resp iov
>> > >>       CIFS: Make send_cancel take rqst as argument
>> > >>       CIFS: Send RFC1001 length in a separate iov
>> > >>       CIFS: Separate SMB2 sync header processing
>> > >>       CIFS: Separate RFC1001 length processing for SMB2 read
>> > >>       CIFS: Add capability to transform requests before sending
>> > >>       CIFS: Enable encryption during session setup phase
>> > >>       CIFS: Encrypt SMB3 requests before sending
>> > >>       CIFS: Add transform header handling callbacks
>> > >>       CIFS: Add mid handle callback
>> > >>       CIFS: Add copy into pages callback for a read operation
>> > >>       CIFS: Decrypt and process small encrypted packets
>> > >>       CIFS: Add capability to decrypt big read responses
>> > >>       CIFS: Allow to switch on encryption with seal mount option
>> > >>       CIFS: Fix possible use after free in demultiplex thread
>> > >>
>> > >> Sachin Prabhu (3):
>> > >>       Fix memory leaks in cifs_do_mount()
>> > >>       SMB2: Separate Kerberos authentication from SMB2_sess_setup
>> > >>       SMB2: Separate RawNTLMSSP authentication from SMB2_sess_setup
>> > >>
>> > >> Steve French (4):
>> > >>       cifs: Make echo interval tunable
>> > >>       Prepare for encryption support (first part). Add decryption and encryption key generation. Thanks to Metze for helping with this.
>> > >>       SMB3: Add mount parameter to allow user to override max credits
>> > >>       SMB3: parsing for new snapshot timestamp mount parm
>> > >>
>> > >>  drivers/target/iscsi/iscsi_target_util.c |    5 +-
>> > >>  fs/cifs/Kconfig                          |   12 +-
>> > >>  fs/cifs/cifsencrypt.c                    |  130 ++--
>> > >>  fs/cifs/cifsfs.c                         |   16 +
>> > >>  fs/cifs/cifsglob.h                       |   64 +-
>> > >>  fs/cifs/cifsproto.h                      |   28 +-
>> > >>  fs/cifs/cifssmb.c                        |  146 ++--
>> > >>  fs/cifs/connect.c                        |  273 ++++----
>> > >>  fs/cifs/file.c                           |  101 +--
>> > >>  fs/cifs/misc.c                           |    2 +-
>> > >>  fs/cifs/sess.c                           |   27 +-
>> > >>  fs/cifs/smb1ops.c                        |    4 +-
>> > >>  fs/cifs/smb2glob.h                       |   13 +-
>> > >>  fs/cifs/smb2maperror.c                   |    5 +-
>> > >>  fs/cifs/smb2misc.c                       |   83 ++-
>> > >>  fs/cifs/smb2ops.c                        |  698 ++++++++++++++++++-
>> > >>  fs/cifs/smb2pdu.c                        | 1104 +++++++++++++++++++-----------
>> > >>  fs/cifs/smb2pdu.h                        |   35 +-
>> > >>  fs/cifs/smb2proto.h                      |    8 +-
>> > >>  fs/cifs/smb2transport.c                  |  337 +++++----
>> > >>  fs/cifs/transport.c                      |  171 +++--
>> > >>  include/linux/net.h                      |    3 +-
>> > >>  net/socket.c                             |   23 +-
>> > >>  23 files changed, 2297 insertions(+), 991 deletions(-)
>> > >>
>> > >> --
>> > >> kernel-team mailing list
>> > >> kernel-team at lists.ubuntu.com
>> > >> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>> > >
>> > > --
>> > > kernel-team mailing list
>> > > kernel-team at lists.ubuntu.com
>> > > https://lists.ubuntu.com/mailman/listinfo/kernel-team
>>
>> --
>> kernel-team mailing list
>> kernel-team at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/kernel-team




More information about the kernel-team mailing list