- 28 Jun, 2017 33 commits
-
-
Pavel Shilovsky authored
BugLink: http://bugs.launchpad.net/bugs/1670508 The recent changes that added SMB3 encryption support introduced a possible use after free in the demultiplex thread. When we process an encrypted packed we obtain a pointer to SMB session but do not obtain a reference. This can possibly lead to a situation when this session was freed before we copy a decryption key from there. Fix this by obtaining a copy of the key rather than a pointer to the session under a spinlock. Signed-off-by:
Pavel Shilovsky <pshilov@microsoft.com> Signed-off-by:
Steve French <smfrench@gmail.com> (cherry picked from commit 61cfac6f) Signed-off-by:
Joseph Salisbury <joseph.salisbury@canonical.com>
-
Pavel Shilovsky authored
BugLink: http://bugs.launchpad.net/bugs/1670508 This allows users to inforce encryption for SMB3 shares if a server supports it. Signed-off-by:
Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-
Pavel Shilovsky authored
BugLink: http://bugs.launchpad.net/bugs/1670508 Allow to decrypt transformed packets that are bigger than the big buffer size. In particular it is used for read responses that can only exceed the big buffer size. Signed-off-by:
-
Pavel Shilovsky authored
BugLink: http://bugs.launchpad.net/bugs/1670508 Allow to decrypt transformed packets, find a corresponding mid and process as usual further. Signed-off-by:
-
Pavel Shilovsky authored
BugLink: http://bugs.launchpad.net/bugs/1670508 Since we have two different types of reads (pagecache and direct) we need to process such responses differently after decryption of a packet. The change allows to specify a callback that copies a read payload data into preallocated pages. Signed-off-by:
-
Pavel Shilovsky authored
BugLink: http://bugs.launchpad.net/bugs/1670508 We need to process read responses differently because the data should go directly into preallocated pages. This can be done by specifying a mid handle callback. Signed-off-by:
-
Pavel Shilovsky authored
BugLink: http://bugs.launchpad.net/bugs/1670508 We need to recognize and parse transformed packets in demultiplex thread to find a corresponsing mid and process it further. Signed-off-by:
-
Pavel Shilovsky authored
BugLink: http://bugs.launchpad.net/bugs/1670508 This change allows to encrypt packets if it is required by a server for SMB sessions or tree connections. Signed-off-by:
-
Pavel Shilovsky authored
BugLink: http://bugs.launchpad.net/bugs/1670508 In order to allow encryption on SMB connection we need to exchange a session key and generate encryption and decryption keys. Signed-off-by:
-
Pavel Shilovsky authored
BugLink: http://bugs.launchpad.net/bugs/1670508 This will allow us to do protocol specific tranformations of packets before sending to the server. For SMB3 it can be used to support encryption. Signed-off-by:
-
Pavel Shilovsky authored
BugLink: http://bugs.launchpad.net/bugs/1670508 Allocate and initialize SMB2 read request without RFC1001 length field to directly call cifs_send_recv() rather than SendReceive2() in a read codepath. Signed-off-by:
-
Pavel Shilovsky authored
BugLink: http://bugs.launchpad.net/bugs/1670508 Do not process RFC1001 length in smb2_hdr_assemble() because it is not a part of SMB2 header. This allows to cleanup the code and adds a possibility combine several SMB2 packets into one for compounding. Signed-off-by:
-
Pavel Shilovsky authored
BugLink: http://bugs.launchpad.net/bugs/1670508 In order to simplify further encryption support we need to separate RFC1001 length and SMB2 header when sending a request. Put the length field in iov[0] and the rest of the packet into following iovs. Signed-off-by:
-
Pavel Shilovsky authored
BugLink: http://bugs.launchpad.net/bugs/1670508Signed-off-by:
-
Pavel Shilovsky authored
BugLink: http://bugs.launchpad.net/bugs/1670508 Now SendReceive2 frees the first iov and returns a response buffer in it that increases a code complexity. Simplify this by making a caller responsible for freeing request buffer itself and returning a response buffer in a separate iov. Signed-off-by:
-
Pavel Shilovsky authored
BugLink: http://bugs.launchpad.net/bugs/1670508 In order to support compounding and encryption we need to separate RFC1001 length field and SMB2 header structure because the protocol treats them differently. This change will allow to simplify parsing of such complex SMB2 packets further. Signed-off-by:
-
Jean Delvare authored
BugLink: http://bugs.launchpad.net/bugs/1670508 List soft dependencies of cifs so that mkinitrd and dracut can include the required helper modules. Reviewed-by:
Jean Delvare <jdelvare@suse.de> Cc: Steve French <sfrench@samba.org> (cherry picked from commit b9be76d5) Signed-off-by:
-
Jean Delvare authored
BugLink: http://bugs.launchpad.net/bugs/1670508 The sha256 and cmac crypto modules are only needed for SMB2+, so move the select statements to config CIFS_SMB2. Also select CRYPTO_AES there as SMB2+ needs it. Reviewed-by:
-
Jean Delvare authored
BugLink: http://bugs.launchpad.net/bugs/1670508 * CIFS_SMB2 depends on CIFS, which depends on INET and selects NLS. So these dependencies do not need to be repeated for CIFS_SMB2. * CIFS_SMB311 depends on CIFS_SMB2, which depends on INET. So this dependency doesn't need to be repeated for CIFS_SMB311. Reviewed-by:
-
Steve French authored
BugLink: http://bugs.launchpad.net/bugs/1670508 New mount option "snapshot=<time>" to allow mounting an earlier version of the remote volume (if such a snapshot exists on the server). Note that eventually specifying a snapshot time of 1 will allow the user to mount the oldest snapshot. A subsequent patch add the processing for that and another for actually specifying the "time warp" create context on SMB2/SMB3 open. Check to make sure SMB2 negotiated, and ensure that we use a different tcon if mount same share twice but with different snaphshot times Signed-off-by:
-
Sachin Prabhu authored
BugLink: http://bugs.launchpad.net/bugs/1670508 We split the rawntlmssp authentication into negotiate and authencate parts. We also clean up the code and add helpers. Signed-off-by:
Sachin Prabhu <sprabhu@redhat.com> Signed-off-by:
-
Sachin Prabhu authored
BugLink: http://bugs.launchpad.net/bugs/1670508 Add helper functions and split Kerberos authentication off SMB2_sess_setup. Signed-off-by:
-
Steve French authored
BugLink: http://bugs.launchpad.net/bugs/1670508 Add mount option "max_credits" to allow setting maximum SMB3 credits to any value from 10 to 64000 (default is 32000). This can be useful to workaround servers with problems allocating credits, or to throttle the client to use smaller amount of simultaneous i/o or to workaround server performance issues. Also adds a cap, so that even if the server granted us more than 65000 credits due to a server bug, we would not use that many. Signed-off-by:
Steve French <steve.french@primarydata.com> (cherry picked from commit 141891f4) Signed-off-by:
-
Sachin Prabhu authored
BugLink: http://bugs.launchpad.net/bugs/1670508 Fix memory leaks introduced by the patch fs/cifs: make share unaccessible at root level mountable Also move allocation of cifs_sb->prepath to cifs_setup_cifs_sb(). Signed-off-by:
Aurelien Aptel <aaptel@suse.com> Signed-off-by:
-
Al Viro authored
BugLink: http://bugs.launchpad.net/bugs/1670508Signed-off-by:
Al Viro <viro@zeniv.linux.org.uk> (cherry picked from commit a6137305) Signed-off-by:
-
Al Viro authored
BugLink: http://bugs.launchpad.net/bugs/1670508 just do ITER_BVEC recvmsg Signed-off-by:
-
Al Viro authored
BugLink: http://bugs.launchpad.net/bugs/1670508Signed-off-by:
-
Al Viro authored
BugLink: http://bugs.launchpad.net/bugs/1670508 three practically identical copies... Signed-off-by:
-
Al Viro authored
BugLink: http://bugs.launchpad.net/bugs/1670508 all callers have it equal to msg_data_left(msg). Signed-off-by:
-
Steve French authored
Prepare for encryption support (first part). Add decryption and encryption key generation. Thanks to Metze for helping with this. BugLink: http://bugs.launchpad.net/bugs/1670508Reviewed-by:
Stefan Metzmacher <metze@samba.org> Signed-off-by:
-
Steve French authored
BugLink: http://bugs.launchpad.net/bugs/1670508 Currently the echo interval is set to 60 seconds using a macro. This setting determines the interval at which echo requests are sent to the server on an idling connection. This setting also affects the time required for a connection to an unresponsive server to timeout. Making this setting a tunable allows users to control the echo interval times as well as control the time after which the connecting to an unresponsive server times out. To set echo interval, pass the echo_interval=n mount option. Version four of the patch. v2: Change MIN and MAX timeout values v3: Remove incorrect comment in cifs_get_tcp_session v4: Fix bug in setting echo_intervalw Signed-off-by:
Shirish Pargaonkar <shirishpargaonkar@gmail.com> (backported from commit adfeb3e0) Signed-off-by:
-
Thadeu Lima de Souza Cascardo authored
BugLink: http://bugs.launchpad.net/bugs/1670508 This reverts commit f068ccac. The revert is in favor of cherry-picking the upstream commit, so the rest of the patchset can apply. Signed-off-by:
-
Thadeu Lima de Souza Cascardo authored
BugLink: http://bugs.launchpad.net/bugs/1670508 This reverts commit 35067b7f. The revert is in favor of cherry-picking the upstream commit, so the rest of the patchset can apply. Signed-off-by:
-
- 27 Jun, 2017 7 commits
-
-
Daniel Borkmann authored
CVE-2017-9150 The patch fixes two things at once: 1) It checks the env->allow_ptr_leaks and only prints the map address to the log if we have the privileges to do so, otherwise it just dumps 0 as we would when kptr_restrict is enabled on %pK. Given the latter is off by default and not every distro sets it, I don't want to rely on this, hence the 0 by default for unprivileged. 2) Printing of ldimm64 in the verifier log is currently broken in that we don't print the full immediate, but only the 32 bit part of the first insn part for ldimm64. Thus, fix this up as well; it's okay to access, since we verified all ldimm64 earlier already (including just constants) through replace_map_fd_with_map_ptr(). Fixes: 1be7f75d ("bpf: enable non-root eBPF programs") Fixes: cbd35700 ("bpf: verifier (add ability to receive verification log)") Reported-by:
Jann Horn <jannh@google.com> Signed-off-by:
Daniel Borkmann <daniel@iogearbox.net> Acked-by:
Alexei Starovoitov <ast@kernel.org> Signed-off-by:
David S. Miller <davem@davemloft.net> (backported from commit 0d0e5769) Signed-off-by:
Wen-chien Jesse Sung <jesse.sung@canonical.com> Acked-by:
Stefan Bader <stefan.bader@canonical.com> Acked-by:
Shrirang Bagul <shrirang.bagul@canonical.com> Signed-off-by:
-
Linus Torvalds authored
CVE-2015-8944 In commit c4004b02 ("x86: remove the kernel code/data/bss resources from /proc/iomem") I was hoping to remove the phyiscal kernel address data from /proc/iomem entirely, but that had to be reverted because some system programs actually use it. This limits all the detailed resource information to properly credentialed users instead. Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org> (cherry picked from commit 51d7b120) Signed-off-by:
Brad Figg <brad.figg@canonical.com> Acked-by:
Andy Whitcroft <andy.whitcroft@canonical.com> Acked-by:
Colin King <colin.king@canonical.com> Signed-off-by:
-
Linus Torvalds authored
A lot of seqfile users seem to be using things like %pK that uses the credentials of the current process, but that is actually completely wrong for filesystem interfaces. The unix semantics for permission checking files is to check permissions at _open_ time, not at read or write time, and that is not just a small detail: passing off stdin/stdout/stderr to a suid application and making the actual IO happen in privileged context is a classic exploit technique. So if we want to be able to look at permissions at read time, we need to use the file open credentials, not the current ones. Normal file accesses can just use "f_cred" (or any of the helper functions that do that, like file_ns_capable()), but the seqfile interfaces do not have any such options. It turns out that seq_file _does_ save away the user_ns information of the file, though. Since user_ns is just part of the full credential information, replace that special case with saving off the cred pointer instead, and suddenly seq_file has all the permission information it needs. Signed-off-by:
-
Greg Kroah-Hartman authored
BugLink: http://bugs.launchpad.net/bugs/1698817Signed-off-by:
-
Dan Carpenter authored
BugLink: http://bugs.launchpad.net/bugs/1698817 commit b5c32061 upstream. My static checker complains that if "lvl" is ULONG_MAX (this is 64 bit) then some of the strings will overflow. I don't know if that's possible but it seems simple enough to make the buffers slightly larger. Signed-off-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by:
-
Christian Borntraeger authored
BugLink: http://bugs.launchpad.net/bugs/1698817 commit c0e7bb38 upstream. For most cases a protection exception in the host (e.g. copy on write or dirty tracking) on the sie instruction will indicate an instruction length of 4. Turns out that there are some corner cases (e.g. runtime instrumentation) where this is not necessarily true and the ILC is unpredictable. Let's replace our 4 byte rewind_pad with 3 byte nops to prepare for all possible ILCs. Signed-off-by:
Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by:
Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by:
-
Max Filippov authored
BugLink: http://bugs.launchpad.net/bugs/1698817 commit e5c86679 upstream. Linux IRQ #0 is reserved for error reporting and may not be used. Increase NR_IRQS for one additional slot and increase irq_domain_add_legacy parameter first_irq value to 1, so that linux IRQ #0 is not associated with hardware IRQ #0 in legacy IRQ domains. Introduce macro XTENSA_PIC_LINUX_IRQ for static translation of xtensa PIC hardware IRQ # to linux IRQ #. Use this macro in XTFPGA platform data definitions. This fixes inability to use hardware IRQ #0 in configurations that don't use device tree and allows for non-identity mapping between linux IRQ # and hardware IRQ #. Signed-off-by:
Max Filippov <jcmvbkbc@gmail.com> Signed-off-by:
-
