ACK/Cmnt: [PATCH 0/14][Focal,Groovy][linux] Enable CIFS GCM256
Stefan Bader
stefan.bader at canonical.com
Wed May 5 08:36:24 UTC 2021
On 02.05.21 23:00, Tim Gardner wrote:
> BugLink: https://bugs.launchpad.net/bugs/1921916
>
> [Impact]
>
> Microsoft has asked to enable CIFS GCM256 encryption support.
> SF#00307143
> This looks like a safe enough feature that the manline kernel
> would benefit from its inclusion. GCM256 is only enabled with
> module parameters, so the default behavior remains unchanged.
Being opt-in is a key argument for allowing this into stable releases. With
patch #7 this is not easy to tell but I think it more or less appears to be ok
(from what I can tell) and I saw no follow-ups, yet.
>
> [Test Plan]
>
> Microsoft has tested Focal and Groovy mainline kernels with these
> patch sets. No regression issues were found.
>
> [Where problems could occur]
>
> Samba servers without GCM256 support may not connect.
This might be related to this change which I noticed (not saying I think it
should be added now but maybe is something that gets asked for once we have the
basic support in):
commit acf96fef46f271642b90aa658ba49e33ae34ddf0
Author: Steve French <stfrench at microsoft.com>
Date: Sat Oct 17 03:54:27 2020 -0500
smb3.1.1: do not fail if no encryption required but server doesn't support it
>
> [Other Info]
>
> These patches originate from v5.10 and v5.10.y. They were
> recommended by the Microsoft CIFS team.
>
>
Overall I think the risk feels lower than the potential use for users of the
generic distro (maybe more server that desktop, but not sure). So
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20210505/477128af/attachment.sig>
More information about the kernel-team
mailing list