[Xenial][PULL] CIFS: Enable encryption for SMB3

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Xenial][PULL] CIFS: Enable encryption for SMB3

Joseph Salisbury-3
There has been work upstream to enable encryption support for SMB3
connections. This is a particularly valuable (and commonly requested)
feature with the Azure Files service as encryption is required to connect
to an Azure Files storage share from on-prem or from a different Azure region.

BugLink: http://bugs.launchpad.net/bugs/1670508

The following changes since commit 05022128a513a344d156de5bffd88e3dda4c8da6:

  UBUNTU: Ubuntu-4.4.0-66.87 (2017-03-03 13:13:10 +0100)

are available in the git repository at:

  kernel.ubuntu.com:/srv/kernel.ubuntu.com/git/jsalisbury/bugs/lp1670508/ubuntu-xenial.git

for you to fetch changes up to a16041fde91bd7e13bd1e237a8ca9a1cd28877bf:

  CIFS: Fix possible use after free in demultiplex thread (2017-03-27 11:52:33 -0400)

----------------------------------------------------------------
Al Viro (5):
      [net] drop 'size' argument of sock_recvmsg()
      cifs: merge the hash calculation helpers
      cifs: no need to wank with copying and advancing iovec on recvmsg side either
      cifs: don't bother with kmap on read_pages side
      cifs_readv_receive: use cifs_read_from_socket()

Jean Delvare (3):
      cifs: Simplify SMB2 and SMB311 dependencies
      cifs: Only select the required crypto modules
      cifs: Add soft dependencies

Pavel Shilovsky (16):
      CIFS: Separate SMB2 header structure
      CIFS: Make SendReceive2() takes resp iov
      CIFS: Make send_cancel take rqst as argument
      CIFS: Send RFC1001 length in a separate iov
      CIFS: Separate SMB2 sync header processing
      CIFS: Separate RFC1001 length processing for SMB2 read
      CIFS: Add capability to transform requests before sending
      CIFS: Enable encryption during session setup phase
      CIFS: Encrypt SMB3 requests before sending
      CIFS: Add transform header handling callbacks
      CIFS: Add mid handle callback
      CIFS: Add copy into pages callback for a read operation
      CIFS: Decrypt and process small encrypted packets
      CIFS: Add capability to decrypt big read responses
      CIFS: Allow to switch on encryption with seal mount option
      CIFS: Fix possible use after free in demultiplex thread

Sachin Prabhu (3):
      Fix memory leaks in cifs_do_mount()
      SMB2: Separate Kerberos authentication from SMB2_sess_setup
      SMB2: Separate RawNTLMSSP authentication from SMB2_sess_setup

Steve French (4):
      cifs: Make echo interval tunable
      Prepare for encryption support (first part). Add decryption and encryption key generation. Thanks to Metze for helping with this.
      SMB3: Add mount parameter to allow user to override max credits
      SMB3: parsing for new snapshot timestamp mount parm

 drivers/target/iscsi/iscsi_target_util.c |    5 +-
 fs/cifs/Kconfig                          |   12 +-
 fs/cifs/cifsencrypt.c                    |  130 ++--
 fs/cifs/cifsfs.c                         |   16 +
 fs/cifs/cifsglob.h                       |   64 +-
 fs/cifs/cifsproto.h                      |   28 +-
 fs/cifs/cifssmb.c                        |  146 ++--
 fs/cifs/connect.c                        |  273 ++++----
 fs/cifs/file.c                           |  101 +--
 fs/cifs/misc.c                           |    2 +-
 fs/cifs/sess.c                           |   27 +-
 fs/cifs/smb1ops.c                        |    4 +-
 fs/cifs/smb2glob.h                       |   13 +-
 fs/cifs/smb2maperror.c                   |    5 +-
 fs/cifs/smb2misc.c                       |   83 ++-
 fs/cifs/smb2ops.c                        |  698 ++++++++++++++++++-
 fs/cifs/smb2pdu.c                        | 1104 +++++++++++++++++++-----------
 fs/cifs/smb2pdu.h                        |   35 +-
 fs/cifs/smb2proto.h                      |    8 +-
 fs/cifs/smb2transport.c                  |  337 +++++----
 fs/cifs/transport.c                      |  171 +++--
 include/linux/net.h                      |    3 +-
 net/socket.c                             |   23 +-
 23 files changed, 2297 insertions(+), 991 deletions(-)

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Xenial][PULL] CIFS: Enable encryption for SMB3

Tim Gardner-2
I'm less sanguine about this patch set. Some of these patches are huge,
many of which were not clean cherry picks. Furthermore, this is abusing
our SRU policy in that it is a new feature that is not at all
independent of existing code. While the test results in the Azure
environment look good, I wonder about regressions in other environments.

rtg
--
Tim Gardner [hidden email]

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Xenial][PULL] CIFS: Enable encryption for SMB3

Stefan Bader-2
In reply to this post by Joseph Salisbury-3
On 27.03.2017 18:00, Joseph Salisbury wrote:

> There has been work upstream to enable encryption support for SMB3
> connections. This is a particularly valuable (and commonly requested)
> feature with the Azure Files service as encryption is required to connect
> to an Azure Files storage share from on-prem or from a different Azure region.
>
> BugLink: http://bugs.launchpad.net/bugs/1670508
>
> The following changes since commit 05022128a513a344d156de5bffd88e3dda4c8da6:
>
>   UBUNTU: Ubuntu-4.4.0-66.87 (2017-03-03 13:13:10 +0100)
>
> are available in the git repository at:
>
>   kernel.ubuntu.com:/srv/kernel.ubuntu.com/git/jsalisbury/bugs/lp1670508/ubuntu-xenial.git
>
> for you to fetch changes up to a16041fde91bd7e13bd1e237a8ca9a1cd28877bf:
>
>   CIFS: Fix possible use after free in demultiplex thread (2017-03-27 11:52:33 -0400)
>
> ----------------------------------------------------------------
> Al Viro (5):
>       [net] drop 'size' argument of sock_recvmsg()
>       cifs: merge the hash calculation helpers
>       cifs: no need to wank with copying and advancing iovec on recvmsg side either
>       cifs: don't bother with kmap on read_pages side
>       cifs_readv_receive: use cifs_read_from_socket()
>
> Jean Delvare (3):
>       cifs: Simplify SMB2 and SMB311 dependencies
>       cifs: Only select the required crypto modules
>       cifs: Add soft dependencies
>
> Pavel Shilovsky (16):
>       CIFS: Separate SMB2 header structure
>       CIFS: Make SendReceive2() takes resp iov
>       CIFS: Make send_cancel take rqst as argument
>       CIFS: Send RFC1001 length in a separate iov
>       CIFS: Separate SMB2 sync header processing
>       CIFS: Separate RFC1001 length processing for SMB2 read
>       CIFS: Add capability to transform requests before sending
>       CIFS: Enable encryption during session setup phase
>       CIFS: Encrypt SMB3 requests before sending
>       CIFS: Add transform header handling callbacks
>       CIFS: Add mid handle callback
>       CIFS: Add copy into pages callback for a read operation
>       CIFS: Decrypt and process small encrypted packets
>       CIFS: Add capability to decrypt big read responses
>       CIFS: Allow to switch on encryption with seal mount option
>       CIFS: Fix possible use after free in demultiplex thread
>
> Sachin Prabhu (3):
>       Fix memory leaks in cifs_do_mount()
>       SMB2: Separate Kerberos authentication from SMB2_sess_setup
>       SMB2: Separate RawNTLMSSP authentication from SMB2_sess_setup
>
> Steve French (4):
>       cifs: Make echo interval tunable
>       Prepare for encryption support (first part). Add decryption and encryption key generation. Thanks to Metze for helping with this.
>       SMB3: Add mount parameter to allow user to override max credits
>       SMB3: parsing for new snapshot timestamp mount parm
>
>  drivers/target/iscsi/iscsi_target_util.c |    5 +-
>  fs/cifs/Kconfig                          |   12 +-
>  fs/cifs/cifsencrypt.c                    |  130 ++--
>  fs/cifs/cifsfs.c                         |   16 +
>  fs/cifs/cifsglob.h                       |   64 +-
>  fs/cifs/cifsproto.h                      |   28 +-
>  fs/cifs/cifssmb.c                        |  146 ++--
>  fs/cifs/connect.c                        |  273 ++++----
>  fs/cifs/file.c                           |  101 +--
>  fs/cifs/misc.c                           |    2 +-
>  fs/cifs/sess.c                           |   27 +-
>  fs/cifs/smb1ops.c                        |    4 +-
>  fs/cifs/smb2glob.h                       |   13 +-
>  fs/cifs/smb2maperror.c                   |    5 +-
>  fs/cifs/smb2misc.c                       |   83 ++-
>  fs/cifs/smb2ops.c                        |  698 ++++++++++++++++++-
>  fs/cifs/smb2pdu.c                        | 1104 +++++++++++++++++++-----------
>  fs/cifs/smb2pdu.h                        |   35 +-
>  fs/cifs/smb2proto.h                      |    8 +-
>  fs/cifs/smb2transport.c                  |  337 +++++----
>  fs/cifs/transport.c                      |  171 +++--
>  include/linux/net.h                      |    3 +-
>  net/socket.c                             |   23 +-
>  23 files changed, 2297 insertions(+), 991 deletions(-)
>
That is a pretty huge set that modifies the cifs driver. Is there any wider
scoped testing done to ensure that this does not break some existing functionality?

-Stefan


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

ACK: [Xenial][PULL] CIFS: Enable encryption for SMB3

brad.figg
In reply to this post by Joseph Salisbury-3
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

ACK: [Xenial][PULL] CIFS: Enable encryption for SMB3

Kamal Mostafa-2
In reply to this post by Joseph Salisbury-3
Sufficient internal testing.  ACK for Xenial.

 -Kamal

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Xenial][PULL] CIFS: Enable encryption for SMB3

Thadeu Lima de Souza Cascardo-3
In reply to this post by Joseph Salisbury-3
On Mon, Mar 27, 2017 at 12:00:54PM -0400, Joseph Salisbury wrote:
> There has been work upstream to enable encryption support for SMB3
> connections. This is a particularly valuable (and commonly requested)
> feature with the Azure Files service as encryption is required to connect
> to an Azure Files storage share from on-prem or from a different Azure region.
>
> BugLink: http://bugs.launchpad.net/bugs/1670508

This does not apply to xenial master-next, mainly due to commits
35067b7fba326a76624769e03afeb4b5ff182041 and
f068ccac8a390dca36ee914ca3dfe7c8fb82bc12.

I have reverted those, rebased, did a simple fixup on cherry-pick of
ae6f8dd4d0c87bfb72da9d9b56342adf53e69c31 (now a backport), then applied
those two commits again, by the way of cherry picking.

It builds, but can we get some testing before the end of the week?

It's at
git+ssh://git.launchpad.net/~cascardo/ubuntu/+source/linux/+git/xenial,
branch cifs.

Thanks.
Cascardo.

>
> The following changes since commit 05022128a513a344d156de5bffd88e3dda4c8da6:
>
>   UBUNTU: Ubuntu-4.4.0-66.87 (2017-03-03 13:13:10 +0100)
>
> are available in the git repository at:
>
>   kernel.ubuntu.com:/srv/kernel.ubuntu.com/git/jsalisbury/bugs/lp1670508/ubuntu-xenial.git
>
> for you to fetch changes up to a16041fde91bd7e13bd1e237a8ca9a1cd28877bf:
>
>   CIFS: Fix possible use after free in demultiplex thread (2017-03-27 11:52:33 -0400)
>
> ----------------------------------------------------------------
> Al Viro (5):
>       [net] drop 'size' argument of sock_recvmsg()
>       cifs: merge the hash calculation helpers
>       cifs: no need to wank with copying and advancing iovec on recvmsg side either
>       cifs: don't bother with kmap on read_pages side
>       cifs_readv_receive: use cifs_read_from_socket()
>
> Jean Delvare (3):
>       cifs: Simplify SMB2 and SMB311 dependencies
>       cifs: Only select the required crypto modules
>       cifs: Add soft dependencies
>
> Pavel Shilovsky (16):
>       CIFS: Separate SMB2 header structure
>       CIFS: Make SendReceive2() takes resp iov
>       CIFS: Make send_cancel take rqst as argument
>       CIFS: Send RFC1001 length in a separate iov
>       CIFS: Separate SMB2 sync header processing
>       CIFS: Separate RFC1001 length processing for SMB2 read
>       CIFS: Add capability to transform requests before sending
>       CIFS: Enable encryption during session setup phase
>       CIFS: Encrypt SMB3 requests before sending
>       CIFS: Add transform header handling callbacks
>       CIFS: Add mid handle callback
>       CIFS: Add copy into pages callback for a read operation
>       CIFS: Decrypt and process small encrypted packets
>       CIFS: Add capability to decrypt big read responses
>       CIFS: Allow to switch on encryption with seal mount option
>       CIFS: Fix possible use after free in demultiplex thread
>
> Sachin Prabhu (3):
>       Fix memory leaks in cifs_do_mount()
>       SMB2: Separate Kerberos authentication from SMB2_sess_setup
>       SMB2: Separate RawNTLMSSP authentication from SMB2_sess_setup
>
> Steve French (4):
>       cifs: Make echo interval tunable
>       Prepare for encryption support (first part). Add decryption and encryption key generation. Thanks to Metze for helping with this.
>       SMB3: Add mount parameter to allow user to override max credits
>       SMB3: parsing for new snapshot timestamp mount parm
>
>  drivers/target/iscsi/iscsi_target_util.c |    5 +-
>  fs/cifs/Kconfig                          |   12 +-
>  fs/cifs/cifsencrypt.c                    |  130 ++--
>  fs/cifs/cifsfs.c                         |   16 +
>  fs/cifs/cifsglob.h                       |   64 +-
>  fs/cifs/cifsproto.h                      |   28 +-
>  fs/cifs/cifssmb.c                        |  146 ++--
>  fs/cifs/connect.c                        |  273 ++++----
>  fs/cifs/file.c                           |  101 +--
>  fs/cifs/misc.c                           |    2 +-
>  fs/cifs/sess.c                           |   27 +-
>  fs/cifs/smb1ops.c                        |    4 +-
>  fs/cifs/smb2glob.h                       |   13 +-
>  fs/cifs/smb2maperror.c                   |    5 +-
>  fs/cifs/smb2misc.c                       |   83 ++-
>  fs/cifs/smb2ops.c                        |  698 ++++++++++++++++++-
>  fs/cifs/smb2pdu.c                        | 1104 +++++++++++++++++++-----------
>  fs/cifs/smb2pdu.h                        |   35 +-
>  fs/cifs/smb2proto.h                      |    8 +-
>  fs/cifs/smb2transport.c                  |  337 +++++----
>  fs/cifs/transport.c                      |  171 +++--
>  include/linux/net.h                      |    3 +-
>  net/socket.c                             |   23 +-
>  23 files changed, 2297 insertions(+), 991 deletions(-)
>
> --
> kernel-team mailing list
> [hidden email]
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Xenial][PULL] CIFS: Enable encryption for SMB3

Joshua R. Poulson
I'll add it to our queue.

On Mon, May 8, 2017 at 12:31 PM, Thadeu Lima de Souza Cascardo
<[hidden email]> wrote:

> On Mon, Mar 27, 2017 at 12:00:54PM -0400, Joseph Salisbury wrote:
>> There has been work upstream to enable encryption support for SMB3
>> connections. This is a particularly valuable (and commonly requested)
>> feature with the Azure Files service as encryption is required to connect
>> to an Azure Files storage share from on-prem or from a different Azure region.
>>
>> BugLink: http://bugs.launchpad.net/bugs/1670508
>
> This does not apply to xenial master-next, mainly due to commits
> 35067b7fba326a76624769e03afeb4b5ff182041 and
> f068ccac8a390dca36ee914ca3dfe7c8fb82bc12.
>
> I have reverted those, rebased, did a simple fixup on cherry-pick of
> ae6f8dd4d0c87bfb72da9d9b56342adf53e69c31 (now a backport), then applied
> those two commits again, by the way of cherry picking.
>
> It builds, but can we get some testing before the end of the week?
>
> It's at
> git+ssh://git.launchpad.net/~cascardo/ubuntu/+source/linux/+git/xenial,
> branch cifs.
>
> Thanks.
> Cascardo.
>
>>
>> The following changes since commit 05022128a513a344d156de5bffd88e3dda4c8da6:
>>
>>   UBUNTU: Ubuntu-4.4.0-66.87 (2017-03-03 13:13:10 +0100)
>>
>> are available in the git repository at:
>>
>>   kernel.ubuntu.com:/srv/kernel.ubuntu.com/git/jsalisbury/bugs/lp1670508/ubuntu-xenial.git
>>
>> for you to fetch changes up to a16041fde91bd7e13bd1e237a8ca9a1cd28877bf:
>>
>>   CIFS: Fix possible use after free in demultiplex thread (2017-03-27 11:52:33 -0400)
>>
>> ----------------------------------------------------------------
>> Al Viro (5):
>>       [net] drop 'size' argument of sock_recvmsg()
>>       cifs: merge the hash calculation helpers
>>       cifs: no need to wank with copying and advancing iovec on recvmsg side either
>>       cifs: don't bother with kmap on read_pages side
>>       cifs_readv_receive: use cifs_read_from_socket()
>>
>> Jean Delvare (3):
>>       cifs: Simplify SMB2 and SMB311 dependencies
>>       cifs: Only select the required crypto modules
>>       cifs: Add soft dependencies
>>
>> Pavel Shilovsky (16):
>>       CIFS: Separate SMB2 header structure
>>       CIFS: Make SendReceive2() takes resp iov
>>       CIFS: Make send_cancel take rqst as argument
>>       CIFS: Send RFC1001 length in a separate iov
>>       CIFS: Separate SMB2 sync header processing
>>       CIFS: Separate RFC1001 length processing for SMB2 read
>>       CIFS: Add capability to transform requests before sending
>>       CIFS: Enable encryption during session setup phase
>>       CIFS: Encrypt SMB3 requests before sending
>>       CIFS: Add transform header handling callbacks
>>       CIFS: Add mid handle callback
>>       CIFS: Add copy into pages callback for a read operation
>>       CIFS: Decrypt and process small encrypted packets
>>       CIFS: Add capability to decrypt big read responses
>>       CIFS: Allow to switch on encryption with seal mount option
>>       CIFS: Fix possible use after free in demultiplex thread
>>
>> Sachin Prabhu (3):
>>       Fix memory leaks in cifs_do_mount()
>>       SMB2: Separate Kerberos authentication from SMB2_sess_setup
>>       SMB2: Separate RawNTLMSSP authentication from SMB2_sess_setup
>>
>> Steve French (4):
>>       cifs: Make echo interval tunable
>>       Prepare for encryption support (first part). Add decryption and encryption key generation. Thanks to Metze for helping with this.
>>       SMB3: Add mount parameter to allow user to override max credits
>>       SMB3: parsing for new snapshot timestamp mount parm
>>
>>  drivers/target/iscsi/iscsi_target_util.c |    5 +-
>>  fs/cifs/Kconfig                          |   12 +-
>>  fs/cifs/cifsencrypt.c                    |  130 ++--
>>  fs/cifs/cifsfs.c                         |   16 +
>>  fs/cifs/cifsglob.h                       |   64 +-
>>  fs/cifs/cifsproto.h                      |   28 +-
>>  fs/cifs/cifssmb.c                        |  146 ++--
>>  fs/cifs/connect.c                        |  273 ++++----
>>  fs/cifs/file.c                           |  101 +--
>>  fs/cifs/misc.c                           |    2 +-
>>  fs/cifs/sess.c                           |   27 +-
>>  fs/cifs/smb1ops.c                        |    4 +-
>>  fs/cifs/smb2glob.h                       |   13 +-
>>  fs/cifs/smb2maperror.c                   |    5 +-
>>  fs/cifs/smb2misc.c                       |   83 ++-
>>  fs/cifs/smb2ops.c                        |  698 ++++++++++++++++++-
>>  fs/cifs/smb2pdu.c                        | 1104 +++++++++++++++++++-----------
>>  fs/cifs/smb2pdu.h                        |   35 +-
>>  fs/cifs/smb2proto.h                      |    8 +-
>>  fs/cifs/smb2transport.c                  |  337 +++++----
>>  fs/cifs/transport.c                      |  171 +++--
>>  include/linux/net.h                      |    3 +-
>>  net/socket.c                             |   23 +-
>>  23 files changed, 2297 insertions(+), 991 deletions(-)
>>
>> --
>> kernel-team mailing list
>> [hidden email]
>> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
> --
> kernel-team mailing list
> [hidden email]
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Xenial][PULL] CIFS: Enable encryption for SMB3

Thadeu Lima de Souza Cascardo-3
On Mon, May 08, 2017 at 02:11:36PM -0700, Joshua R. Poulson wrote:
> I'll add it to our queue.

Hi, Joshua.

Did you get the chance to test it? I just rebased it on top of
master-next.

I just realized I had pushed it to the ubuntu-kernel repo, not mine. I
have removed the branch from the ubuntu-kernel repo and pushed it to the
one below.

git+ssh://git.launchpad.net/~cascardo/ubuntu/+source/linux/+git/xenial

Thanks.
Cascardo.

>
> On Mon, May 8, 2017 at 12:31 PM, Thadeu Lima de Souza Cascardo
> <[hidden email]> wrote:
> > On Mon, Mar 27, 2017 at 12:00:54PM -0400, Joseph Salisbury wrote:
> >> There has been work upstream to enable encryption support for SMB3
> >> connections. This is a particularly valuable (and commonly requested)
> >> feature with the Azure Files service as encryption is required to connect
> >> to an Azure Files storage share from on-prem or from a different Azure region.
> >>
> >> BugLink: http://bugs.launchpad.net/bugs/1670508
> >
> > This does not apply to xenial master-next, mainly due to commits
> > 35067b7fba326a76624769e03afeb4b5ff182041 and
> > f068ccac8a390dca36ee914ca3dfe7c8fb82bc12.
> >
> > I have reverted those, rebased, did a simple fixup on cherry-pick of
> > ae6f8dd4d0c87bfb72da9d9b56342adf53e69c31 (now a backport), then applied
> > those two commits again, by the way of cherry picking.
> >
> > It builds, but can we get some testing before the end of the week?
> >
> > It's at
> > git+ssh://git.launchpad.net/~cascardo/ubuntu/+source/linux/+git/xenial,
> > branch cifs.
> >
> > Thanks.
> > Cascardo.
> >
> >>
> >> The following changes since commit 05022128a513a344d156de5bffd88e3dda4c8da6:
> >>
> >>   UBUNTU: Ubuntu-4.4.0-66.87 (2017-03-03 13:13:10 +0100)
> >>
> >> are available in the git repository at:
> >>
> >>   kernel.ubuntu.com:/srv/kernel.ubuntu.com/git/jsalisbury/bugs/lp1670508/ubuntu-xenial.git
> >>
> >> for you to fetch changes up to a16041fde91bd7e13bd1e237a8ca9a1cd28877bf:
> >>
> >>   CIFS: Fix possible use after free in demultiplex thread (2017-03-27 11:52:33 -0400)
> >>
> >> ----------------------------------------------------------------
> >> Al Viro (5):
> >>       [net] drop 'size' argument of sock_recvmsg()
> >>       cifs: merge the hash calculation helpers
> >>       cifs: no need to wank with copying and advancing iovec on recvmsg side either
> >>       cifs: don't bother with kmap on read_pages side
> >>       cifs_readv_receive: use cifs_read_from_socket()
> >>
> >> Jean Delvare (3):
> >>       cifs: Simplify SMB2 and SMB311 dependencies
> >>       cifs: Only select the required crypto modules
> >>       cifs: Add soft dependencies
> >>
> >> Pavel Shilovsky (16):
> >>       CIFS: Separate SMB2 header structure
> >>       CIFS: Make SendReceive2() takes resp iov
> >>       CIFS: Make send_cancel take rqst as argument
> >>       CIFS: Send RFC1001 length in a separate iov
> >>       CIFS: Separate SMB2 sync header processing
> >>       CIFS: Separate RFC1001 length processing for SMB2 read
> >>       CIFS: Add capability to transform requests before sending
> >>       CIFS: Enable encryption during session setup phase
> >>       CIFS: Encrypt SMB3 requests before sending
> >>       CIFS: Add transform header handling callbacks
> >>       CIFS: Add mid handle callback
> >>       CIFS: Add copy into pages callback for a read operation
> >>       CIFS: Decrypt and process small encrypted packets
> >>       CIFS: Add capability to decrypt big read responses
> >>       CIFS: Allow to switch on encryption with seal mount option
> >>       CIFS: Fix possible use after free in demultiplex thread
> >>
> >> Sachin Prabhu (3):
> >>       Fix memory leaks in cifs_do_mount()
> >>       SMB2: Separate Kerberos authentication from SMB2_sess_setup
> >>       SMB2: Separate RawNTLMSSP authentication from SMB2_sess_setup
> >>
> >> Steve French (4):
> >>       cifs: Make echo interval tunable
> >>       Prepare for encryption support (first part). Add decryption and encryption key generation. Thanks to Metze for helping with this.
> >>       SMB3: Add mount parameter to allow user to override max credits
> >>       SMB3: parsing for new snapshot timestamp mount parm
> >>
> >>  drivers/target/iscsi/iscsi_target_util.c |    5 +-
> >>  fs/cifs/Kconfig                          |   12 +-
> >>  fs/cifs/cifsencrypt.c                    |  130 ++--
> >>  fs/cifs/cifsfs.c                         |   16 +
> >>  fs/cifs/cifsglob.h                       |   64 +-
> >>  fs/cifs/cifsproto.h                      |   28 +-
> >>  fs/cifs/cifssmb.c                        |  146 ++--
> >>  fs/cifs/connect.c                        |  273 ++++----
> >>  fs/cifs/file.c                           |  101 +--
> >>  fs/cifs/misc.c                           |    2 +-
> >>  fs/cifs/sess.c                           |   27 +-
> >>  fs/cifs/smb1ops.c                        |    4 +-
> >>  fs/cifs/smb2glob.h                       |   13 +-
> >>  fs/cifs/smb2maperror.c                   |    5 +-
> >>  fs/cifs/smb2misc.c                       |   83 ++-
> >>  fs/cifs/smb2ops.c                        |  698 ++++++++++++++++++-
> >>  fs/cifs/smb2pdu.c                        | 1104 +++++++++++++++++++-----------
> >>  fs/cifs/smb2pdu.h                        |   35 +-
> >>  fs/cifs/smb2proto.h                      |    8 +-
> >>  fs/cifs/smb2transport.c                  |  337 +++++----
> >>  fs/cifs/transport.c                      |  171 +++--
> >>  include/linux/net.h                      |    3 +-
> >>  net/socket.c                             |   23 +-
> >>  23 files changed, 2297 insertions(+), 991 deletions(-)
> >>
> >> --
> >> kernel-team mailing list
> >> [hidden email]
> >> https://lists.ubuntu.com/mailman/listinfo/kernel-team
> >
> > --
> > kernel-team mailing list
> > [hidden email]
> > https://lists.ubuntu.com/mailman/listinfo/kernel-team

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Xenial][PULL] CIFS: Enable encryption for SMB3

Thadeu Lima de Souza Cascardo-3
Ping?

On Thu, Jun 15, 2017 at 09:42:56AM -0300, Thadeu Lima de Souza Cascardo wrote:

> On Mon, May 08, 2017 at 02:11:36PM -0700, Joshua R. Poulson wrote:
> > I'll add it to our queue.
>
> Hi, Joshua.
>
> Did you get the chance to test it? I just rebased it on top of
> master-next.
>
> I just realized I had pushed it to the ubuntu-kernel repo, not mine. I
> have removed the branch from the ubuntu-kernel repo and pushed it to the
> one below.
>
> git+ssh://git.launchpad.net/~cascardo/ubuntu/+source/linux/+git/xenial
>
> Thanks.
> Cascardo.
>
> >
> > On Mon, May 8, 2017 at 12:31 PM, Thadeu Lima de Souza Cascardo
> > <[hidden email]> wrote:
> > > On Mon, Mar 27, 2017 at 12:00:54PM -0400, Joseph Salisbury wrote:
> > >> There has been work upstream to enable encryption support for SMB3
> > >> connections. This is a particularly valuable (and commonly requested)
> > >> feature with the Azure Files service as encryption is required to connect
> > >> to an Azure Files storage share from on-prem or from a different Azure region.
> > >>
> > >> BugLink: http://bugs.launchpad.net/bugs/1670508
> > >
> > > This does not apply to xenial master-next, mainly due to commits
> > > 35067b7fba326a76624769e03afeb4b5ff182041 and
> > > f068ccac8a390dca36ee914ca3dfe7c8fb82bc12.
> > >
> > > I have reverted those, rebased, did a simple fixup on cherry-pick of
> > > ae6f8dd4d0c87bfb72da9d9b56342adf53e69c31 (now a backport), then applied
> > > those two commits again, by the way of cherry picking.
> > >
> > > It builds, but can we get some testing before the end of the week?
> > >
> > > It's at
> > > git+ssh://git.launchpad.net/~cascardo/ubuntu/+source/linux/+git/xenial,
> > > branch cifs.
> > >
> > > Thanks.
> > > Cascardo.
> > >
> > >>
> > >> The following changes since commit 05022128a513a344d156de5bffd88e3dda4c8da6:
> > >>
> > >>   UBUNTU: Ubuntu-4.4.0-66.87 (2017-03-03 13:13:10 +0100)
> > >>
> > >> are available in the git repository at:
> > >>
> > >>   kernel.ubuntu.com:/srv/kernel.ubuntu.com/git/jsalisbury/bugs/lp1670508/ubuntu-xenial.git
> > >>
> > >> for you to fetch changes up to a16041fde91bd7e13bd1e237a8ca9a1cd28877bf:
> > >>
> > >>   CIFS: Fix possible use after free in demultiplex thread (2017-03-27 11:52:33 -0400)
> > >>
> > >> ----------------------------------------------------------------
> > >> Al Viro (5):
> > >>       [net] drop 'size' argument of sock_recvmsg()
> > >>       cifs: merge the hash calculation helpers
> > >>       cifs: no need to wank with copying and advancing iovec on recvmsg side either
> > >>       cifs: don't bother with kmap on read_pages side
> > >>       cifs_readv_receive: use cifs_read_from_socket()
> > >>
> > >> Jean Delvare (3):
> > >>       cifs: Simplify SMB2 and SMB311 dependencies
> > >>       cifs: Only select the required crypto modules
> > >>       cifs: Add soft dependencies
> > >>
> > >> Pavel Shilovsky (16):
> > >>       CIFS: Separate SMB2 header structure
> > >>       CIFS: Make SendReceive2() takes resp iov
> > >>       CIFS: Make send_cancel take rqst as argument
> > >>       CIFS: Send RFC1001 length in a separate iov
> > >>       CIFS: Separate SMB2 sync header processing
> > >>       CIFS: Separate RFC1001 length processing for SMB2 read
> > >>       CIFS: Add capability to transform requests before sending
> > >>       CIFS: Enable encryption during session setup phase
> > >>       CIFS: Encrypt SMB3 requests before sending
> > >>       CIFS: Add transform header handling callbacks
> > >>       CIFS: Add mid handle callback
> > >>       CIFS: Add copy into pages callback for a read operation
> > >>       CIFS: Decrypt and process small encrypted packets
> > >>       CIFS: Add capability to decrypt big read responses
> > >>       CIFS: Allow to switch on encryption with seal mount option
> > >>       CIFS: Fix possible use after free in demultiplex thread
> > >>
> > >> Sachin Prabhu (3):
> > >>       Fix memory leaks in cifs_do_mount()
> > >>       SMB2: Separate Kerberos authentication from SMB2_sess_setup
> > >>       SMB2: Separate RawNTLMSSP authentication from SMB2_sess_setup
> > >>
> > >> Steve French (4):
> > >>       cifs: Make echo interval tunable
> > >>       Prepare for encryption support (first part). Add decryption and encryption key generation. Thanks to Metze for helping with this.
> > >>       SMB3: Add mount parameter to allow user to override max credits
> > >>       SMB3: parsing for new snapshot timestamp mount parm
> > >>
> > >>  drivers/target/iscsi/iscsi_target_util.c |    5 +-
> > >>  fs/cifs/Kconfig                          |   12 +-
> > >>  fs/cifs/cifsencrypt.c                    |  130 ++--
> > >>  fs/cifs/cifsfs.c                         |   16 +
> > >>  fs/cifs/cifsglob.h                       |   64 +-
> > >>  fs/cifs/cifsproto.h                      |   28 +-
> > >>  fs/cifs/cifssmb.c                        |  146 ++--
> > >>  fs/cifs/connect.c                        |  273 ++++----
> > >>  fs/cifs/file.c                           |  101 +--
> > >>  fs/cifs/misc.c                           |    2 +-
> > >>  fs/cifs/sess.c                           |   27 +-
> > >>  fs/cifs/smb1ops.c                        |    4 +-
> > >>  fs/cifs/smb2glob.h                       |   13 +-
> > >>  fs/cifs/smb2maperror.c                   |    5 +-
> > >>  fs/cifs/smb2misc.c                       |   83 ++-
> > >>  fs/cifs/smb2ops.c                        |  698 ++++++++++++++++++-
> > >>  fs/cifs/smb2pdu.c                        | 1104 +++++++++++++++++++-----------
> > >>  fs/cifs/smb2pdu.h                        |   35 +-
> > >>  fs/cifs/smb2proto.h                      |    8 +-
> > >>  fs/cifs/smb2transport.c                  |  337 +++++----
> > >>  fs/cifs/transport.c                      |  171 +++--
> > >>  include/linux/net.h                      |    3 +-
> > >>  net/socket.c                             |   23 +-
> > >>  23 files changed, 2297 insertions(+), 991 deletions(-)
> > >>
> > >> --
> > >> kernel-team mailing list
> > >> [hidden email]
> > >> https://lists.ubuntu.com/mailman/listinfo/kernel-team
> > >
> > > --
> > > kernel-team mailing list
> > > [hidden email]
> > > https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
> --
> kernel-team mailing list
> [hidden email]
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Xenial][PULL] CIFS: Enable encryption for SMB3

Joshua R. Poulson
Pavel replied in the bug. --jrp

On Wed, Jun 21, 2017 at 8:14 AM, Thadeu Lima de Souza Cascardo
<[hidden email]> wrote:

> Ping?
>
> On Thu, Jun 15, 2017 at 09:42:56AM -0300, Thadeu Lima de Souza Cascardo wrote:
>> On Mon, May 08, 2017 at 02:11:36PM -0700, Joshua R. Poulson wrote:
>> > I'll add it to our queue.
>>
>> Hi, Joshua.
>>
>> Did you get the chance to test it? I just rebased it on top of
>> master-next.
>>
>> I just realized I had pushed it to the ubuntu-kernel repo, not mine. I
>> have removed the branch from the ubuntu-kernel repo and pushed it to the
>> one below.
>>
>> git+ssh://git.launchpad.net/~cascardo/ubuntu/+source/linux/+git/xenial
>>
>> Thanks.
>> Cascardo.
>>
>> >
>> > On Mon, May 8, 2017 at 12:31 PM, Thadeu Lima de Souza Cascardo
>> > <[hidden email]> wrote:
>> > > On Mon, Mar 27, 2017 at 12:00:54PM -0400, Joseph Salisbury wrote:
>> > >> There has been work upstream to enable encryption support for SMB3
>> > >> connections. This is a particularly valuable (and commonly requested)
>> > >> feature with the Azure Files service as encryption is required to connect
>> > >> to an Azure Files storage share from on-prem or from a different Azure region.
>> > >>
>> > >> BugLink: http://bugs.launchpad.net/bugs/1670508
>> > >
>> > > This does not apply to xenial master-next, mainly due to commits
>> > > 35067b7fba326a76624769e03afeb4b5ff182041 and
>> > > f068ccac8a390dca36ee914ca3dfe7c8fb82bc12.
>> > >
>> > > I have reverted those, rebased, did a simple fixup on cherry-pick of
>> > > ae6f8dd4d0c87bfb72da9d9b56342adf53e69c31 (now a backport), then applied
>> > > those two commits again, by the way of cherry picking.
>> > >
>> > > It builds, but can we get some testing before the end of the week?
>> > >
>> > > It's at
>> > > git+ssh://git.launchpad.net/~cascardo/ubuntu/+source/linux/+git/xenial,
>> > > branch cifs.
>> > >
>> > > Thanks.
>> > > Cascardo.
>> > >
>> > >>
>> > >> The following changes since commit 05022128a513a344d156de5bffd88e3dda4c8da6:
>> > >>
>> > >>   UBUNTU: Ubuntu-4.4.0-66.87 (2017-03-03 13:13:10 +0100)
>> > >>
>> > >> are available in the git repository at:
>> > >>
>> > >>   kernel.ubuntu.com:/srv/kernel.ubuntu.com/git/jsalisbury/bugs/lp1670508/ubuntu-xenial.git
>> > >>
>> > >> for you to fetch changes up to a16041fde91bd7e13bd1e237a8ca9a1cd28877bf:
>> > >>
>> > >>   CIFS: Fix possible use after free in demultiplex thread (2017-03-27 11:52:33 -0400)
>> > >>
>> > >> ----------------------------------------------------------------
>> > >> Al Viro (5):
>> > >>       [net] drop 'size' argument of sock_recvmsg()
>> > >>       cifs: merge the hash calculation helpers
>> > >>       cifs: no need to wank with copying and advancing iovec on recvmsg side either
>> > >>       cifs: don't bother with kmap on read_pages side
>> > >>       cifs_readv_receive: use cifs_read_from_socket()
>> > >>
>> > >> Jean Delvare (3):
>> > >>       cifs: Simplify SMB2 and SMB311 dependencies
>> > >>       cifs: Only select the required crypto modules
>> > >>       cifs: Add soft dependencies
>> > >>
>> > >> Pavel Shilovsky (16):
>> > >>       CIFS: Separate SMB2 header structure
>> > >>       CIFS: Make SendReceive2() takes resp iov
>> > >>       CIFS: Make send_cancel take rqst as argument
>> > >>       CIFS: Send RFC1001 length in a separate iov
>> > >>       CIFS: Separate SMB2 sync header processing
>> > >>       CIFS: Separate RFC1001 length processing for SMB2 read
>> > >>       CIFS: Add capability to transform requests before sending
>> > >>       CIFS: Enable encryption during session setup phase
>> > >>       CIFS: Encrypt SMB3 requests before sending
>> > >>       CIFS: Add transform header handling callbacks
>> > >>       CIFS: Add mid handle callback
>> > >>       CIFS: Add copy into pages callback for a read operation
>> > >>       CIFS: Decrypt and process small encrypted packets
>> > >>       CIFS: Add capability to decrypt big read responses
>> > >>       CIFS: Allow to switch on encryption with seal mount option
>> > >>       CIFS: Fix possible use after free in demultiplex thread
>> > >>
>> > >> Sachin Prabhu (3):
>> > >>       Fix memory leaks in cifs_do_mount()
>> > >>       SMB2: Separate Kerberos authentication from SMB2_sess_setup
>> > >>       SMB2: Separate RawNTLMSSP authentication from SMB2_sess_setup
>> > >>
>> > >> Steve French (4):
>> > >>       cifs: Make echo interval tunable
>> > >>       Prepare for encryption support (first part). Add decryption and encryption key generation. Thanks to Metze for helping with this.
>> > >>       SMB3: Add mount parameter to allow user to override max credits
>> > >>       SMB3: parsing for new snapshot timestamp mount parm
>> > >>
>> > >>  drivers/target/iscsi/iscsi_target_util.c |    5 +-
>> > >>  fs/cifs/Kconfig                          |   12 +-
>> > >>  fs/cifs/cifsencrypt.c                    |  130 ++--
>> > >>  fs/cifs/cifsfs.c                         |   16 +
>> > >>  fs/cifs/cifsglob.h                       |   64 +-
>> > >>  fs/cifs/cifsproto.h                      |   28 +-
>> > >>  fs/cifs/cifssmb.c                        |  146 ++--
>> > >>  fs/cifs/connect.c                        |  273 ++++----
>> > >>  fs/cifs/file.c                           |  101 +--
>> > >>  fs/cifs/misc.c                           |    2 +-
>> > >>  fs/cifs/sess.c                           |   27 +-
>> > >>  fs/cifs/smb1ops.c                        |    4 +-
>> > >>  fs/cifs/smb2glob.h                       |   13 +-
>> > >>  fs/cifs/smb2maperror.c                   |    5 +-
>> > >>  fs/cifs/smb2misc.c                       |   83 ++-
>> > >>  fs/cifs/smb2ops.c                        |  698 ++++++++++++++++++-
>> > >>  fs/cifs/smb2pdu.c                        | 1104 +++++++++++++++++++-----------
>> > >>  fs/cifs/smb2pdu.h                        |   35 +-
>> > >>  fs/cifs/smb2proto.h                      |    8 +-
>> > >>  fs/cifs/smb2transport.c                  |  337 +++++----
>> > >>  fs/cifs/transport.c                      |  171 +++--
>> > >>  include/linux/net.h                      |    3 +-
>> > >>  net/socket.c                             |   23 +-
>> > >>  23 files changed, 2297 insertions(+), 991 deletions(-)
>> > >>
>> > >> --
>> > >> kernel-team mailing list
>> > >> [hidden email]
>> > >> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>> > >
>> > > --
>> > > kernel-team mailing list
>> > > [hidden email]
>> > > https://lists.ubuntu.com/mailman/listinfo/kernel-team
>>
>> --
>> kernel-team mailing list
>> [hidden email]
>> https://lists.ubuntu.com/mailman/listinfo/kernel-team

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Xenial][PULL] CIFS: Enable encryption for SMB3

Thadeu Lima de Souza Cascardo-3
On Wed, Jun 21, 2017 at 08:18:10AM -0700, Joshua R. Poulson wrote:
> Pavel replied in the bug. --jrp
>

I don't see any message referring to the test of this particular rebase,
which required some patches to be reverted and applied back again.

I would like to see this to be somewhat tested before applying to
xenial. Can you or Pavel do it until Friday?

Thanks.
Cascardo.

> On Wed, Jun 21, 2017 at 8:14 AM, Thadeu Lima de Souza Cascardo
> <[hidden email]> wrote:
> > Ping?
> >
> > On Thu, Jun 15, 2017 at 09:42:56AM -0300, Thadeu Lima de Souza Cascardo wrote:
> >> On Mon, May 08, 2017 at 02:11:36PM -0700, Joshua R. Poulson wrote:
> >> > I'll add it to our queue.
> >>
> >> Hi, Joshua.
> >>
> >> Did you get the chance to test it? I just rebased it on top of
> >> master-next.
> >>
> >> I just realized I had pushed it to the ubuntu-kernel repo, not mine. I
> >> have removed the branch from the ubuntu-kernel repo and pushed it to the
> >> one below.
> >>
> >> git+ssh://git.launchpad.net/~cascardo/ubuntu/+source/linux/+git/xenial
> >>
> >> Thanks.
> >> Cascardo.
> >>
> >> >
> >> > On Mon, May 8, 2017 at 12:31 PM, Thadeu Lima de Souza Cascardo
> >> > <[hidden email]> wrote:
> >> > > On Mon, Mar 27, 2017 at 12:00:54PM -0400, Joseph Salisbury wrote:
> >> > >> There has been work upstream to enable encryption support for SMB3
> >> > >> connections. This is a particularly valuable (and commonly requested)
> >> > >> feature with the Azure Files service as encryption is required to connect
> >> > >> to an Azure Files storage share from on-prem or from a different Azure region.
> >> > >>
> >> > >> BugLink: http://bugs.launchpad.net/bugs/1670508
> >> > >
> >> > > This does not apply to xenial master-next, mainly due to commits
> >> > > 35067b7fba326a76624769e03afeb4b5ff182041 and
> >> > > f068ccac8a390dca36ee914ca3dfe7c8fb82bc12.
> >> > >
> >> > > I have reverted those, rebased, did a simple fixup on cherry-pick of
> >> > > ae6f8dd4d0c87bfb72da9d9b56342adf53e69c31 (now a backport), then applied
> >> > > those two commits again, by the way of cherry picking.
> >> > >
> >> > > It builds, but can we get some testing before the end of the week?
> >> > >
> >> > > It's at
> >> > > git+ssh://git.launchpad.net/~cascardo/ubuntu/+source/linux/+git/xenial,
> >> > > branch cifs.
> >> > >
> >> > > Thanks.
> >> > > Cascardo.
> >> > >
> >> > >>
> >> > >> The following changes since commit 05022128a513a344d156de5bffd88e3dda4c8da6:
> >> > >>
> >> > >>   UBUNTU: Ubuntu-4.4.0-66.87 (2017-03-03 13:13:10 +0100)
> >> > >>
> >> > >> are available in the git repository at:
> >> > >>
> >> > >>   kernel.ubuntu.com:/srv/kernel.ubuntu.com/git/jsalisbury/bugs/lp1670508/ubuntu-xenial.git
> >> > >>
> >> > >> for you to fetch changes up to a16041fde91bd7e13bd1e237a8ca9a1cd28877bf:
> >> > >>
> >> > >>   CIFS: Fix possible use after free in demultiplex thread (2017-03-27 11:52:33 -0400)
> >> > >>
> >> > >> ----------------------------------------------------------------
> >> > >> Al Viro (5):
> >> > >>       [net] drop 'size' argument of sock_recvmsg()
> >> > >>       cifs: merge the hash calculation helpers
> >> > >>       cifs: no need to wank with copying and advancing iovec on recvmsg side either
> >> > >>       cifs: don't bother with kmap on read_pages side
> >> > >>       cifs_readv_receive: use cifs_read_from_socket()
> >> > >>
> >> > >> Jean Delvare (3):
> >> > >>       cifs: Simplify SMB2 and SMB311 dependencies
> >> > >>       cifs: Only select the required crypto modules
> >> > >>       cifs: Add soft dependencies
> >> > >>
> >> > >> Pavel Shilovsky (16):
> >> > >>       CIFS: Separate SMB2 header structure
> >> > >>       CIFS: Make SendReceive2() takes resp iov
> >> > >>       CIFS: Make send_cancel take rqst as argument
> >> > >>       CIFS: Send RFC1001 length in a separate iov
> >> > >>       CIFS: Separate SMB2 sync header processing
> >> > >>       CIFS: Separate RFC1001 length processing for SMB2 read
> >> > >>       CIFS: Add capability to transform requests before sending
> >> > >>       CIFS: Enable encryption during session setup phase
> >> > >>       CIFS: Encrypt SMB3 requests before sending
> >> > >>       CIFS: Add transform header handling callbacks
> >> > >>       CIFS: Add mid handle callback
> >> > >>       CIFS: Add copy into pages callback for a read operation
> >> > >>       CIFS: Decrypt and process small encrypted packets
> >> > >>       CIFS: Add capability to decrypt big read responses
> >> > >>       CIFS: Allow to switch on encryption with seal mount option
> >> > >>       CIFS: Fix possible use after free in demultiplex thread
> >> > >>
> >> > >> Sachin Prabhu (3):
> >> > >>       Fix memory leaks in cifs_do_mount()
> >> > >>       SMB2: Separate Kerberos authentication from SMB2_sess_setup
> >> > >>       SMB2: Separate RawNTLMSSP authentication from SMB2_sess_setup
> >> > >>
> >> > >> Steve French (4):
> >> > >>       cifs: Make echo interval tunable
> >> > >>       Prepare for encryption support (first part). Add decryption and encryption key generation. Thanks to Metze for helping with this.
> >> > >>       SMB3: Add mount parameter to allow user to override max credits
> >> > >>       SMB3: parsing for new snapshot timestamp mount parm
> >> > >>
> >> > >>  drivers/target/iscsi/iscsi_target_util.c |    5 +-
> >> > >>  fs/cifs/Kconfig                          |   12 +-
> >> > >>  fs/cifs/cifsencrypt.c                    |  130 ++--
> >> > >>  fs/cifs/cifsfs.c                         |   16 +
> >> > >>  fs/cifs/cifsglob.h                       |   64 +-
> >> > >>  fs/cifs/cifsproto.h                      |   28 +-
> >> > >>  fs/cifs/cifssmb.c                        |  146 ++--
> >> > >>  fs/cifs/connect.c                        |  273 ++++----
> >> > >>  fs/cifs/file.c                           |  101 +--
> >> > >>  fs/cifs/misc.c                           |    2 +-
> >> > >>  fs/cifs/sess.c                           |   27 +-
> >> > >>  fs/cifs/smb1ops.c                        |    4 +-
> >> > >>  fs/cifs/smb2glob.h                       |   13 +-
> >> > >>  fs/cifs/smb2maperror.c                   |    5 +-
> >> > >>  fs/cifs/smb2misc.c                       |   83 ++-
> >> > >>  fs/cifs/smb2ops.c                        |  698 ++++++++++++++++++-
> >> > >>  fs/cifs/smb2pdu.c                        | 1104 +++++++++++++++++++-----------
> >> > >>  fs/cifs/smb2pdu.h                        |   35 +-
> >> > >>  fs/cifs/smb2proto.h                      |    8 +-
> >> > >>  fs/cifs/smb2transport.c                  |  337 +++++----
> >> > >>  fs/cifs/transport.c                      |  171 +++--
> >> > >>  include/linux/net.h                      |    3 +-
> >> > >>  net/socket.c                             |   23 +-
> >> > >>  23 files changed, 2297 insertions(+), 991 deletions(-)
> >> > >>
> >> > >> --
> >> > >> kernel-team mailing list
> >> > >> [hidden email]
> >> > >> https://lists.ubuntu.com/mailman/listinfo/kernel-team
> >> > >
> >> > > --
> >> > > kernel-team mailing list
> >> > > [hidden email]
> >> > > https://lists.ubuntu.com/mailman/listinfo/kernel-team
> >>
> >> --
> >> kernel-team mailing list
> >> [hidden email]
> >> https://lists.ubuntu.com/mailman/listinfo/kernel-team

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Xenial][PULL] CIFS: Enable encryption for SMB3

Joshua R. Poulson
He tested 4.8 CIFS/SMB on Xenial, but I can test the rest of the
rebase. I didn't realize the entire rebase had come in.

Thanks, --jrp

On Wed, Jun 21, 2017 at 12:07 PM, Thadeu Lima de Souza Cascardo
<[hidden email]> wrote:

> On Wed, Jun 21, 2017 at 08:18:10AM -0700, Joshua R. Poulson wrote:
>> Pavel replied in the bug. --jrp
>>
>
> I don't see any message referring to the test of this particular rebase,
> which required some patches to be reverted and applied back again.
>
> I would like to see this to be somewhat tested before applying to
> xenial. Can you or Pavel do it until Friday?
>
> Thanks.
> Cascardo.
>
>> On Wed, Jun 21, 2017 at 8:14 AM, Thadeu Lima de Souza Cascardo
>> <[hidden email]> wrote:
>> > Ping?
>> >
>> > On Thu, Jun 15, 2017 at 09:42:56AM -0300, Thadeu Lima de Souza Cascardo wrote:
>> >> On Mon, May 08, 2017 at 02:11:36PM -0700, Joshua R. Poulson wrote:
>> >> > I'll add it to our queue.
>> >>
>> >> Hi, Joshua.
>> >>
>> >> Did you get the chance to test it? I just rebased it on top of
>> >> master-next.
>> >>
>> >> I just realized I had pushed it to the ubuntu-kernel repo, not mine. I
>> >> have removed the branch from the ubuntu-kernel repo and pushed it to the
>> >> one below.
>> >>
>> >> git+ssh://git.launchpad.net/~cascardo/ubuntu/+source/linux/+git/xenial
>> >>
>> >> Thanks.
>> >> Cascardo.
>> >>
>> >> >
>> >> > On Mon, May 8, 2017 at 12:31 PM, Thadeu Lima de Souza Cascardo
>> >> > <[hidden email]> wrote:
>> >> > > On Mon, Mar 27, 2017 at 12:00:54PM -0400, Joseph Salisbury wrote:
>> >> > >> There has been work upstream to enable encryption support for SMB3
>> >> > >> connections. This is a particularly valuable (and commonly requested)
>> >> > >> feature with the Azure Files service as encryption is required to connect
>> >> > >> to an Azure Files storage share from on-prem or from a different Azure region.
>> >> > >>
>> >> > >> BugLink: http://bugs.launchpad.net/bugs/1670508
>> >> > >
>> >> > > This does not apply to xenial master-next, mainly due to commits
>> >> > > 35067b7fba326a76624769e03afeb4b5ff182041 and
>> >> > > f068ccac8a390dca36ee914ca3dfe7c8fb82bc12.
>> >> > >
>> >> > > I have reverted those, rebased, did a simple fixup on cherry-pick of
>> >> > > ae6f8dd4d0c87bfb72da9d9b56342adf53e69c31 (now a backport), then applied
>> >> > > those two commits again, by the way of cherry picking.
>> >> > >
>> >> > > It builds, but can we get some testing before the end of the week?
>> >> > >
>> >> > > It's at
>> >> > > git+ssh://git.launchpad.net/~cascardo/ubuntu/+source/linux/+git/xenial,
>> >> > > branch cifs.
>> >> > >
>> >> > > Thanks.
>> >> > > Cascardo.
>> >> > >
>> >> > >>
>> >> > >> The following changes since commit 05022128a513a344d156de5bffd88e3dda4c8da6:
>> >> > >>
>> >> > >>   UBUNTU: Ubuntu-4.4.0-66.87 (2017-03-03 13:13:10 +0100)
>> >> > >>
>> >> > >> are available in the git repository at:
>> >> > >>
>> >> > >>   kernel.ubuntu.com:/srv/kernel.ubuntu.com/git/jsalisbury/bugs/lp1670508/ubuntu-xenial.git
>> >> > >>
>> >> > >> for you to fetch changes up to a16041fde91bd7e13bd1e237a8ca9a1cd28877bf:
>> >> > >>
>> >> > >>   CIFS: Fix possible use after free in demultiplex thread (2017-03-27 11:52:33 -0400)
>> >> > >>
>> >> > >> ----------------------------------------------------------------
>> >> > >> Al Viro (5):
>> >> > >>       [net] drop 'size' argument of sock_recvmsg()
>> >> > >>       cifs: merge the hash calculation helpers
>> >> > >>       cifs: no need to wank with copying and advancing iovec on recvmsg side either
>> >> > >>       cifs: don't bother with kmap on read_pages side
>> >> > >>       cifs_readv_receive: use cifs_read_from_socket()
>> >> > >>
>> >> > >> Jean Delvare (3):
>> >> > >>       cifs: Simplify SMB2 and SMB311 dependencies
>> >> > >>       cifs: Only select the required crypto modules
>> >> > >>       cifs: Add soft dependencies
>> >> > >>
>> >> > >> Pavel Shilovsky (16):
>> >> > >>       CIFS: Separate SMB2 header structure
>> >> > >>       CIFS: Make SendReceive2() takes resp iov
>> >> > >>       CIFS: Make send_cancel take rqst as argument
>> >> > >>       CIFS: Send RFC1001 length in a separate iov
>> >> > >>       CIFS: Separate SMB2 sync header processing
>> >> > >>       CIFS: Separate RFC1001 length processing for SMB2 read
>> >> > >>       CIFS: Add capability to transform requests before sending
>> >> > >>       CIFS: Enable encryption during session setup phase
>> >> > >>       CIFS: Encrypt SMB3 requests before sending
>> >> > >>       CIFS: Add transform header handling callbacks
>> >> > >>       CIFS: Add mid handle callback
>> >> > >>       CIFS: Add copy into pages callback for a read operation
>> >> > >>       CIFS: Decrypt and process small encrypted packets
>> >> > >>       CIFS: Add capability to decrypt big read responses
>> >> > >>       CIFS: Allow to switch on encryption with seal mount option
>> >> > >>       CIFS: Fix possible use after free in demultiplex thread
>> >> > >>
>> >> > >> Sachin Prabhu (3):
>> >> > >>       Fix memory leaks in cifs_do_mount()
>> >> > >>       SMB2: Separate Kerberos authentication from SMB2_sess_setup
>> >> > >>       SMB2: Separate RawNTLMSSP authentication from SMB2_sess_setup
>> >> > >>
>> >> > >> Steve French (4):
>> >> > >>       cifs: Make echo interval tunable
>> >> > >>       Prepare for encryption support (first part). Add decryption and encryption key generation. Thanks to Metze for helping with this.
>> >> > >>       SMB3: Add mount parameter to allow user to override max credits
>> >> > >>       SMB3: parsing for new snapshot timestamp mount parm
>> >> > >>
>> >> > >>  drivers/target/iscsi/iscsi_target_util.c |    5 +-
>> >> > >>  fs/cifs/Kconfig                          |   12 +-
>> >> > >>  fs/cifs/cifsencrypt.c                    |  130 ++--
>> >> > >>  fs/cifs/cifsfs.c                         |   16 +
>> >> > >>  fs/cifs/cifsglob.h                       |   64 +-
>> >> > >>  fs/cifs/cifsproto.h                      |   28 +-
>> >> > >>  fs/cifs/cifssmb.c                        |  146 ++--
>> >> > >>  fs/cifs/connect.c                        |  273 ++++----
>> >> > >>  fs/cifs/file.c                           |  101 +--
>> >> > >>  fs/cifs/misc.c                           |    2 +-
>> >> > >>  fs/cifs/sess.c                           |   27 +-
>> >> > >>  fs/cifs/smb1ops.c                        |    4 +-
>> >> > >>  fs/cifs/smb2glob.h                       |   13 +-
>> >> > >>  fs/cifs/smb2maperror.c                   |    5 +-
>> >> > >>  fs/cifs/smb2misc.c                       |   83 ++-
>> >> > >>  fs/cifs/smb2ops.c                        |  698 ++++++++++++++++++-
>> >> > >>  fs/cifs/smb2pdu.c                        | 1104 +++++++++++++++++++-----------
>> >> > >>  fs/cifs/smb2pdu.h                        |   35 +-
>> >> > >>  fs/cifs/smb2proto.h                      |    8 +-
>> >> > >>  fs/cifs/smb2transport.c                  |  337 +++++----
>> >> > >>  fs/cifs/transport.c                      |  171 +++--
>> >> > >>  include/linux/net.h                      |    3 +-
>> >> > >>  net/socket.c                             |   23 +-
>> >> > >>  23 files changed, 2297 insertions(+), 991 deletions(-)
>> >> > >>
>> >> > >> --
>> >> > >> kernel-team mailing list
>> >> > >> [hidden email]
>> >> > >> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>> >> > >
>> >> > > --
>> >> > > kernel-team mailing list
>> >> > > [hidden email]
>> >> > > https://lists.ubuntu.com/mailman/listinfo/kernel-team
>> >>
>> >> --
>> >> kernel-team mailing list
>> >> [hidden email]
>> >> https://lists.ubuntu.com/mailman/listinfo/kernel-team

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

APPLIED: [Xenial][PULL] CIFS: Enable encryption for SMB3

Thadeu Lima de Souza Cascardo-3
I have applied this to xenial master-next branch.

However, we would like to have seen this tested with the 4.4 kernel, and
a build was given in the bug for the last rebase. We are going to watch
for any problems on CIFS during the next weeks.

Thanks.
Cascardo.

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Loading...