[Xenial][PULL] CIFS: Enable encryption for SMB3

Joseph Salisbury joseph.salisbury at canonical.com
Mon Mar 27 16:00:54 UTC 2017

There has been work upstream to enable encryption support for SMB3 
connections. This is a particularly valuable (and commonly requested) 
feature with the Azure Files service as encryption is required to connect 
to an Azure Files storage share from on-prem or from a different Azure region.

BugLink: http://bugs.launchpad.net/bugs/1670508

The following changes since commit 05022128a513a344d156de5bffd88e3dda4c8da6:

  UBUNTU: Ubuntu-4.4.0-66.87 (2017-03-03 13:13:10 +0100)

are available in the git repository at:


for you to fetch changes up to a16041fde91bd7e13bd1e237a8ca9a1cd28877bf:

  CIFS: Fix possible use after free in demultiplex thread (2017-03-27 11:52:33 -0400)

Al Viro (5):
      [net] drop 'size' argument of sock_recvmsg()
      cifs: merge the hash calculation helpers
      cifs: no need to wank with copying and advancing iovec on recvmsg side either
      cifs: don't bother with kmap on read_pages side
      cifs_readv_receive: use cifs_read_from_socket()

Jean Delvare (3):
      cifs: Simplify SMB2 and SMB311 dependencies
      cifs: Only select the required crypto modules
      cifs: Add soft dependencies

Pavel Shilovsky (16):
      CIFS: Separate SMB2 header structure
      CIFS: Make SendReceive2() takes resp iov
      CIFS: Make send_cancel take rqst as argument
      CIFS: Send RFC1001 length in a separate iov
      CIFS: Separate SMB2 sync header processing
      CIFS: Separate RFC1001 length processing for SMB2 read
      CIFS: Add capability to transform requests before sending
      CIFS: Enable encryption during session setup phase
      CIFS: Encrypt SMB3 requests before sending
      CIFS: Add transform header handling callbacks
      CIFS: Add mid handle callback
      CIFS: Add copy into pages callback for a read operation
      CIFS: Decrypt and process small encrypted packets
      CIFS: Add capability to decrypt big read responses
      CIFS: Allow to switch on encryption with seal mount option
      CIFS: Fix possible use after free in demultiplex thread

Sachin Prabhu (3):
      Fix memory leaks in cifs_do_mount()
      SMB2: Separate Kerberos authentication from SMB2_sess_setup
      SMB2: Separate RawNTLMSSP authentication from SMB2_sess_setup

Steve French (4):
      cifs: Make echo interval tunable
      Prepare for encryption support (first part). Add decryption and encryption key generation. Thanks to Metze for helping with this.
      SMB3: Add mount parameter to allow user to override max credits
      SMB3: parsing for new snapshot timestamp mount parm

 drivers/target/iscsi/iscsi_target_util.c |    5 +-
 fs/cifs/Kconfig                          |   12 +-
 fs/cifs/cifsencrypt.c                    |  130 ++--
 fs/cifs/cifsfs.c                         |   16 +
 fs/cifs/cifsglob.h                       |   64 +-
 fs/cifs/cifsproto.h                      |   28 +-
 fs/cifs/cifssmb.c                        |  146 ++--
 fs/cifs/connect.c                        |  273 ++++----
 fs/cifs/file.c                           |  101 +--
 fs/cifs/misc.c                           |    2 +-
 fs/cifs/sess.c                           |   27 +-
 fs/cifs/smb1ops.c                        |    4 +-
 fs/cifs/smb2glob.h                       |   13 +-
 fs/cifs/smb2maperror.c                   |    5 +-
 fs/cifs/smb2misc.c                       |   83 ++-
 fs/cifs/smb2ops.c                        |  698 ++++++++++++++++++-
 fs/cifs/smb2pdu.c                        | 1104 +++++++++++++++++++-----------
 fs/cifs/smb2pdu.h                        |   35 +-
 fs/cifs/smb2proto.h                      |    8 +-
 fs/cifs/smb2transport.c                  |  337 +++++----
 fs/cifs/transport.c                      |  171 +++--
 include/linux/net.h                      |    3 +-
 net/socket.c                             |   23 +-
 23 files changed, 2297 insertions(+), 991 deletions(-)

More information about the kernel-team mailing list