Linux kernel documentation tree maintained by Jonathan Corbet http://mirrors.hust.edu.cn/git/lwn.git/atom?h=docs-4.16 2017-10-18T16:52:39+00:00 2017-10-18T16:52:39+00:00 Long Li longli@microsoft.com 2017-10-02T02:30:24+00:00 urn:sha1:4572f0539c731c588cdce9575cb7d60ef23a521d The channel value for requesting server remote invalidating local memory registration should be 0x00000002 Signed-off-by: Long Li <longli@microsoft.com> Signed-off-by: Steve French <smfrench@gmail.com> 2017-10-18T16:52:39+00:00 Ronnie Sahlberg lsahlber@redhat.com 2017-09-27T23:39:58+00:00 urn:sha1:7cb3def44ce834e5ea462fd900505af4cd68b3d5 Update reading the EA using increasingly larger buffer sizes until the response will fit in the buffer, or we exceed the (arbitrary) maximum set to 64kb. Without this change, a user is able to add more and more EAs using setfattr until the point where the total space of all EAs exceed 2kb at which point the user can no longer list the EAs at all and getfattr will abort with an error. The same issue still exists for EAs in SMB1. Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com> Reported-by: Xiaoli Feng <xifeng@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com> 2017-09-18T04:10:48+00:00 Steve French smfrench@gmail.com 2017-09-17T15:41:35+00:00 urn:sha1:9764c02fcbad40001fd3f63558d918e4d519bb75 With the need to discourage use of less secure dialect, SMB1 (CIFS), we temporarily upgraded the dialect to SMB3 in 4.13, but since there are various servers which only support SMB2.1 (2.1 is more secure than CIFS/SMB1) but not optimal for a default dialect - add support for multidialect negotiation. cifs.ko will now request SMB2.1 or later (ie SMB2.1 or SMB3.0, SMB3.02) and the server will pick the latest most secure one it can support. In addition since we are sending multidialect negotiate, add support for secure negotiate to validate that a man in the middle didn't downgrade us. Signed-off-by: Steve French <smfrench@gmail.com> Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com> CC: Stable <stable@vger.kernel.org> # 4.13+ 2017-09-04T19:03:41+00:00 Ronnie Sahlberg lsahlber@redhat.com 2017-08-24T01:24:55+00:00 urn:sha1:95907fea4fd8ccc736e0a428e52159b4d42b9958 SMB1 already has support to read attributes. This adds similar support to SMB2+. With this patch, tools such as 'getfattr' will now work with SMB2+ shares. RH-bz: 1110709 Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com> Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com> 2017-08-30T19:42:30+00:00 Pavel Shilovsky pshilov@microsoft.com 2017-08-24T22:16:40+00:00 urn:sha1:9e37b1784f2be9397a903307574ee565bbadfd75 Currently the maximum size of SMB2/3 header is set incorrectly which leads to hanging of directory listing operations on encrypted SMB3 connections. Fix this by setting the maximum size to 170 bytes that is calculated as RFC1002 length field size (4) + transform header size (52) + SMB2 header size (64) + create response size (56). Cc: <stable@vger.kernel.org> Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com> Signed-off-by: Steve French <smfrench@gmail.com> Acked-by: Sachin Prabhu <sprabhu@redhat.com> 2017-03-02T23:05:31+00:00 Aurelien Aptel aaptel@suse.com 2017-02-13T15:16:49+00:00 urn:sha1:9d49640a21bffd730a6ebf2a0032e022f7caf84a in SMB2+ the get_dfs_refer operation uses a FSCTL. The request can be made on any Tree Connection according to the specs. Since Samba only accepted it on an IPC connection until recently, try that first. https://lists.samba.org/archive/samba-technical/2017-February/118859.html 3.2.4.20.3 Application Requests DFS Referral Information: > The client MUST search for an existing Session and TreeConnect to any > share on the server identified by ServerName for the user identified by > UserCredentials. If no Session and TreeConnect are found, the client > MUST establish a new Session and TreeConnect to IPC$ on the target > server as described in section 3.2.4.2 using the supplied ServerName and > UserCredentials. Signed-off-by: Aurelien Aptel <aaptel@suse.com> Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com> Signed-off-by: Steve French <smfrench@gmail.com> 2017-02-01T22:46:36+00:00 Pavel Shilovsky pshilov@microsoft.com 2016-11-03T23:47:37+00:00 urn:sha1:026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398 This change allows to encrypt packets if it is required by a server for SMB sessions or tree connections. Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com> 2017-02-01T22:46:35+00:00 Pavel Shilovsky pshilov@microsoft.com 2016-11-23T23:31:54+00:00 urn:sha1:b8f57ee8aad414a3122bff72d7968a94baacb9b6 Allocate and initialize SMB2 read request without RFC1001 length field to directly call cifs_send_recv() rather than SendReceive2() in a read codepath. Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com> 2017-02-01T22:46:35+00:00 Pavel Shilovsky pshilov@microsoft.com 2016-10-24T23:59:57+00:00 urn:sha1:cb200bd6264a80c04e09e8635fa4f3901cabdaef Do not process RFC1001 length in smb2_hdr_assemble() because it is not a part of SMB2 header. This allows to cleanup the code and adds a possibility combine several SMB2 packets into one for compounding. Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com> 2017-02-01T22:46:34+00:00 Pavel Shilovsky pshilov@microsoft.com 2016-10-24T22:33:04+00:00 urn:sha1:31473fc4f9653b73750d3792ffce6a6e1bdf0da7 In order to support compounding and encryption we need to separate RFC1001 length field and SMB2 header structure because the protocol treats them differently. This change will allow to simplify parsing of such complex SMB2 packets further. Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>