[Xenial][PULL] CIFS: Enable encryption for SMB3
Stefan Bader
stefan.bader at canonical.com
Tue Mar 28 12:47:18 UTC 2017
On 27.03.2017 18:00, Joseph Salisbury wrote:
> There has been work upstream to enable encryption support for SMB3
> connections. This is a particularly valuable (and commonly requested)
> feature with the Azure Files service as encryption is required to connect
> to an Azure Files storage share from on-prem or from a different Azure region.
>
> BugLink: http://bugs.launchpad.net/bugs/1670508
>
> The following changes since commit 05022128a513a344d156de5bffd88e3dda4c8da6:
>
> UBUNTU: Ubuntu-4.4.0-66.87 (2017-03-03 13:13:10 +0100)
>
> are available in the git repository at:
>
> kernel.ubuntu.com:/srv/kernel.ubuntu.com/git/jsalisbury/bugs/lp1670508/ubuntu-xenial.git
>
> for you to fetch changes up to a16041fde91bd7e13bd1e237a8ca9a1cd28877bf:
>
> CIFS: Fix possible use after free in demultiplex thread (2017-03-27 11:52:33 -0400)
>
> ----------------------------------------------------------------
> Al Viro (5):
> [net] drop 'size' argument of sock_recvmsg()
> cifs: merge the hash calculation helpers
> cifs: no need to wank with copying and advancing iovec on recvmsg side either
> cifs: don't bother with kmap on read_pages side
> cifs_readv_receive: use cifs_read_from_socket()
>
> Jean Delvare (3):
> cifs: Simplify SMB2 and SMB311 dependencies
> cifs: Only select the required crypto modules
> cifs: Add soft dependencies
>
> Pavel Shilovsky (16):
> CIFS: Separate SMB2 header structure
> CIFS: Make SendReceive2() takes resp iov
> CIFS: Make send_cancel take rqst as argument
> CIFS: Send RFC1001 length in a separate iov
> CIFS: Separate SMB2 sync header processing
> CIFS: Separate RFC1001 length processing for SMB2 read
> CIFS: Add capability to transform requests before sending
> CIFS: Enable encryption during session setup phase
> CIFS: Encrypt SMB3 requests before sending
> CIFS: Add transform header handling callbacks
> CIFS: Add mid handle callback
> CIFS: Add copy into pages callback for a read operation
> CIFS: Decrypt and process small encrypted packets
> CIFS: Add capability to decrypt big read responses
> CIFS: Allow to switch on encryption with seal mount option
> CIFS: Fix possible use after free in demultiplex thread
>
> Sachin Prabhu (3):
> Fix memory leaks in cifs_do_mount()
> SMB2: Separate Kerberos authentication from SMB2_sess_setup
> SMB2: Separate RawNTLMSSP authentication from SMB2_sess_setup
>
> Steve French (4):
> cifs: Make echo interval tunable
> Prepare for encryption support (first part). Add decryption and encryption key generation. Thanks to Metze for helping with this.
> SMB3: Add mount parameter to allow user to override max credits
> SMB3: parsing for new snapshot timestamp mount parm
>
> drivers/target/iscsi/iscsi_target_util.c | 5 +-
> fs/cifs/Kconfig | 12 +-
> fs/cifs/cifsencrypt.c | 130 ++--
> fs/cifs/cifsfs.c | 16 +
> fs/cifs/cifsglob.h | 64 +-
> fs/cifs/cifsproto.h | 28 +-
> fs/cifs/cifssmb.c | 146 ++--
> fs/cifs/connect.c | 273 ++++----
> fs/cifs/file.c | 101 +--
> fs/cifs/misc.c | 2 +-
> fs/cifs/sess.c | 27 +-
> fs/cifs/smb1ops.c | 4 +-
> fs/cifs/smb2glob.h | 13 +-
> fs/cifs/smb2maperror.c | 5 +-
> fs/cifs/smb2misc.c | 83 ++-
> fs/cifs/smb2ops.c | 698 ++++++++++++++++++-
> fs/cifs/smb2pdu.c | 1104 +++++++++++++++++++-----------
> fs/cifs/smb2pdu.h | 35 +-
> fs/cifs/smb2proto.h | 8 +-
> fs/cifs/smb2transport.c | 337 +++++----
> fs/cifs/transport.c | 171 +++--
> include/linux/net.h | 3 +-
> net/socket.c | 23 +-
> 23 files changed, 2297 insertions(+), 991 deletions(-)
>
That is a pretty huge set that modifies the cifs driver. Is there any wider
scoped testing done to ensure that this does not break some existing functionality?
-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20170328/35169623/attachment.sig>
More information about the kernel-team
mailing list