mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-01 10:43:43 +00:00
Three smb3 client fixes including two for stable
-----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAma2k9YACgkQiiy9cAdy T1GkqAv7B8wyDp7pVU8qtTxct1gVtDEqvd2Kte6962uwvKWEhhf8SKzagypICudL vXxwJuPsRlFM5jWd8h36/xXC17BYM1mEsz6GVq9viUYUcqtrKrGPsOL7+OLVR3Mp SwPRPLYyLyMBHhc3Su2/6uGr87NMkcgDTzugZrx67ojAaw/xkYsiuz+Wm8ijbdik waDkJ3zosj0Nbhud47sf6rkrymiqC5kP717rhlcXF+TxNscFDQ/eFO8b0lt3g5q5 +Y338a4pLLFWXBm1jP9EOtbx7NSDKaqWVYYtnwEBs6EV3QGpKjbT1zBQ07wWjfT4 FhcFhYYukq7Jc4X39JouBXqYWR2wjB8VpMzCuwNsDNJ7FahNaGTgfXCMx6C0Bi0w XICAMoZfBXGSAs+NTyi38AHyPQ+KdYJeSgA9doL+3FhMGx9KKAVkT6XB3twhxoOS w/iMyzhx/1mwv4CukCKm3lDflN09AseB688QiFsTshTmnTlWFcHdEnORqWbNrd2N evhrKvxK =GIpz -----END PGP SIGNATURE----- Merge tag '6.11-rc2-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 Pull smb client fixes from Steve French: - DFS fix - fix for security flags for requiring encryption - minor cleanup * tag '6.11-rc2-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6: cifs: cifs_inval_name_dfs_link_error: correct the check for fullpath Fix spelling errors in Server Message Block smb3: fix setting SecurityFlags when encryption is required
This commit is contained in:
commit
34ac1e82e5
@ -742,7 +742,7 @@ SecurityFlags Flags which control security negotiation and
|
||||
may use NTLMSSP 0x00080
|
||||
must use NTLMSSP 0x80080
|
||||
seal (packet encryption) 0x00040
|
||||
must seal (not implemented yet) 0x40040
|
||||
must seal 0x40040
|
||||
|
||||
cifsFYI If set to non-zero value, additional debug information
|
||||
will be logged to the system error log. This field
|
||||
|
@ -1072,7 +1072,7 @@ static int cifs_security_flags_proc_open(struct inode *inode, struct file *file)
|
||||
static void
|
||||
cifs_security_flags_handle_must_flags(unsigned int *flags)
|
||||
{
|
||||
unsigned int signflags = *flags & CIFSSEC_MUST_SIGN;
|
||||
unsigned int signflags = *flags & (CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL);
|
||||
|
||||
if ((*flags & CIFSSEC_MUST_KRB5) == CIFSSEC_MUST_KRB5)
|
||||
*flags = CIFSSEC_MUST_KRB5;
|
||||
|
@ -345,7 +345,7 @@ struct smb_version_operations {
|
||||
/* connect to a server share */
|
||||
int (*tree_connect)(const unsigned int, struct cifs_ses *, const char *,
|
||||
struct cifs_tcon *, const struct nls_table *);
|
||||
/* close tree connecion */
|
||||
/* close tree connection */
|
||||
int (*tree_disconnect)(const unsigned int, struct cifs_tcon *);
|
||||
/* get DFS referrals */
|
||||
int (*get_dfs_refer)(const unsigned int, struct cifs_ses *,
|
||||
@ -816,7 +816,7 @@ struct TCP_Server_Info {
|
||||
* Protected by @refpath_lock and @srv_lock. The @refpath_lock is
|
||||
* mostly used for not requiring a copy of @leaf_fullpath when getting
|
||||
* cached or new DFS referrals (which might also sleep during I/O).
|
||||
* While @srv_lock is held for making string and NULL comparions against
|
||||
* While @srv_lock is held for making string and NULL comparisons against
|
||||
* both fields as in mount(2) and cache refresh.
|
||||
*
|
||||
* format: \\HOST\SHARE[\OPTIONAL PATH]
|
||||
@ -1881,7 +1881,7 @@ static inline bool is_replayable_error(int error)
|
||||
#define CIFSSEC_MAY_SIGN 0x00001
|
||||
#define CIFSSEC_MAY_NTLMV2 0x00004
|
||||
#define CIFSSEC_MAY_KRB5 0x00008
|
||||
#define CIFSSEC_MAY_SEAL 0x00040 /* not supported yet */
|
||||
#define CIFSSEC_MAY_SEAL 0x00040
|
||||
#define CIFSSEC_MAY_NTLMSSP 0x00080 /* raw ntlmssp with ntlmv2 */
|
||||
|
||||
#define CIFSSEC_MUST_SIGN 0x01001
|
||||
@ -1891,11 +1891,11 @@ require use of the stronger protocol */
|
||||
#define CIFSSEC_MUST_NTLMV2 0x04004
|
||||
#define CIFSSEC_MUST_KRB5 0x08008
|
||||
#ifdef CONFIG_CIFS_UPCALL
|
||||
#define CIFSSEC_MASK 0x8F08F /* flags supported if no weak allowed */
|
||||
#define CIFSSEC_MASK 0xCF0CF /* flags supported if no weak allowed */
|
||||
#else
|
||||
#define CIFSSEC_MASK 0x87087 /* flags supported if no weak allowed */
|
||||
#define CIFSSEC_MASK 0xC70C7 /* flags supported if no weak allowed */
|
||||
#endif /* UPCALL */
|
||||
#define CIFSSEC_MUST_SEAL 0x40040 /* not supported yet */
|
||||
#define CIFSSEC_MUST_SEAL 0x40040
|
||||
#define CIFSSEC_MUST_NTLMSSP 0x80080 /* raw ntlmssp with ntlmv2 */
|
||||
|
||||
#define CIFSSEC_DEF (CIFSSEC_MAY_SIGN | CIFSSEC_MAY_NTLMV2 | CIFSSEC_MAY_NTLMSSP | CIFSSEC_MAY_SEAL)
|
||||
|
@ -352,7 +352,7 @@ checkSMB(char *buf, unsigned int total_read, struct TCP_Server_Info *server)
|
||||
* on simple responses (wct, bcc both zero)
|
||||
* in particular have seen this on
|
||||
* ulogoffX and FindClose. This leaves
|
||||
* one byte of bcc potentially unitialized
|
||||
* one byte of bcc potentially uninitialized
|
||||
*/
|
||||
/* zero rest of bcc */
|
||||
tmp[sizeof(struct smb_hdr)+1] = 0;
|
||||
@ -1234,6 +1234,7 @@ int cifs_inval_name_dfs_link_error(const unsigned int xid,
|
||||
const char *full_path,
|
||||
bool *islink)
|
||||
{
|
||||
struct TCP_Server_Info *server = tcon->ses->server;
|
||||
struct cifs_ses *ses = tcon->ses;
|
||||
size_t len;
|
||||
char *path;
|
||||
@ -1250,12 +1251,12 @@ int cifs_inval_name_dfs_link_error(const unsigned int xid,
|
||||
!is_tcon_dfs(tcon))
|
||||
return 0;
|
||||
|
||||
spin_lock(&tcon->tc_lock);
|
||||
if (!tcon->origin_fullpath) {
|
||||
spin_unlock(&tcon->tc_lock);
|
||||
spin_lock(&server->srv_lock);
|
||||
if (!server->leaf_fullpath) {
|
||||
spin_unlock(&server->srv_lock);
|
||||
return 0;
|
||||
}
|
||||
spin_unlock(&tcon->tc_lock);
|
||||
spin_unlock(&server->srv_lock);
|
||||
|
||||
/*
|
||||
* Slow path - tcon is DFS and @full_path has prefix path, so attempt
|
||||
|
@ -82,6 +82,9 @@ int smb3_encryption_required(const struct cifs_tcon *tcon)
|
||||
if (tcon->seal &&
|
||||
(tcon->ses->server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION))
|
||||
return 1;
|
||||
if (((global_secflags & CIFSSEC_MUST_SEAL) == CIFSSEC_MUST_SEAL) &&
|
||||
(tcon->ses->server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION))
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -406,7 +406,7 @@ static void smbd_post_send_credits(struct work_struct *work)
|
||||
else
|
||||
response = get_empty_queue_buffer(info);
|
||||
if (!response) {
|
||||
/* now switch to emtpy packet queue */
|
||||
/* now switch to empty packet queue */
|
||||
if (use_receive_queue) {
|
||||
use_receive_queue = 0;
|
||||
continue;
|
||||
@ -618,7 +618,7 @@ static struct rdma_cm_id *smbd_create_id(
|
||||
|
||||
/*
|
||||
* Test if FRWR (Fast Registration Work Requests) is supported on the device
|
||||
* This implementation requries FRWR on RDMA read/write
|
||||
* This implementation requires FRWR on RDMA read/write
|
||||
* return value: true if it is supported
|
||||
*/
|
||||
static bool frwr_is_supported(struct ib_device_attr *attrs)
|
||||
@ -2177,7 +2177,7 @@ static int allocate_mr_list(struct smbd_connection *info)
|
||||
* MR available in the list. It may access the list while the
|
||||
* smbd_mr_recovery_work is recovering the MR list. This doesn't need a lock
|
||||
* as they never modify the same places. However, there may be several CPUs
|
||||
* issueing I/O trying to get MR at the same time, mr_list_lock is used to
|
||||
* issuing I/O trying to get MR at the same time, mr_list_lock is used to
|
||||
* protect this situation.
|
||||
*/
|
||||
static struct smbd_mr *get_mr(struct smbd_connection *info)
|
||||
@ -2311,7 +2311,7 @@ struct smbd_mr *smbd_register_mr(struct smbd_connection *info,
|
||||
/*
|
||||
* There is no need for waiting for complemtion on ib_post_send
|
||||
* on IB_WR_REG_MR. Hardware enforces a barrier and order of execution
|
||||
* on the next ib_post_send when we actaully send I/O to remote peer
|
||||
* on the next ib_post_send when we actually send I/O to remote peer
|
||||
*/
|
||||
rc = ib_post_send(info->id->qp, ®_wr->wr, NULL);
|
||||
if (!rc)
|
||||
|
@ -1289,7 +1289,7 @@ compound_send_recv(const unsigned int xid, struct cifs_ses *ses,
|
||||
out:
|
||||
/*
|
||||
* This will dequeue all mids. After this it is important that the
|
||||
* demultiplex_thread will not process any of these mids any futher.
|
||||
* demultiplex_thread will not process any of these mids any further.
|
||||
* This is prevented above by using a noop callback that will not
|
||||
* wake this thread except for the very last PDU.
|
||||
*/
|
||||
|
Loading…
Reference in New Issue
Block a user