+1 -2

fs/cifs/cifsacl.c

··· 1130 1130 } 1131 1131 1132 1132 /* If it's any one of the ACE we're replacing, skip! */ 1133 1133 - if (!mode_from_sid && 1134 1134 - ((compare_sids(&pntace->sid, &sid_unix_NFS_mode) == 0) || 1133 1133 + if (((compare_sids(&pntace->sid, &sid_unix_NFS_mode) == 0) || 1135 1134 (compare_sids(&pntace->sid, pownersid) == 0) || 1136 1135 (compare_sids(&pntace->sid, pgrpsid) == 0) || 1137 1136 (compare_sids(&pntace->sid, &sid_everyone) == 0) ||

+2 -2

fs/cifs/cifsglob.h

··· 919 919 bool binding:1; /* are we binding the session? */ 920 920 __u16 session_flags; 921 921 __u8 smb3signingkey[SMB3_SIGN_KEY_SIZE]; 922 922 - __u8 smb3encryptionkey[SMB3_SIGN_KEY_SIZE]; 923 923 - __u8 smb3decryptionkey[SMB3_SIGN_KEY_SIZE]; 922 922 + __u8 smb3encryptionkey[SMB3_ENC_DEC_KEY_SIZE]; 923 923 + __u8 smb3decryptionkey[SMB3_ENC_DEC_KEY_SIZE]; 924 924 __u8 preauth_sha_hash[SMB2_PREAUTH_HASH_SIZE]; 925 925 926 926 __u8 binding_preauth_sha_hash[SMB2_PREAUTH_HASH_SIZE];

+5

fs/cifs/cifspdu.h

··· 147 147 */ 148 148 #define SMB3_SIGN_KEY_SIZE (16) 149 149 150 150 + /* 151 151 + * Size of the smb3 encryption/decryption keys 152 152 + */ 153 153 + #define SMB3_ENC_DEC_KEY_SIZE (32) 154 154 + 150 155 #define CIFS_CLIENT_CHALLENGE_SIZE (8) 151 156 #define CIFS_SERVER_CHALLENGE_SIZE (8) 152 157 #define CIFS_HMAC_MD5_HASH_SIZE (16)

+1

fs/cifs/file.c

··· 165 165 goto posix_open_ret; 166 166 } 167 167 } else { 168 168 + cifs_revalidate_mapping(*pinode); 168 169 cifs_fattr_to_inode(*pinode, &fattr); 169 170 } 170 171

+1

fs/cifs/smb2glob.h

··· 58 58 #define SMB2_HMACSHA256_SIZE (32) 59 59 #define SMB2_CMACAES_SIZE (16) 60 60 #define SMB3_SIGNKEY_SIZE (16) 61 61 + #define SMB3_GCM128_CRYPTKEY_SIZE (16) 61 62 #define SMB3_GCM256_CRYPTKEY_SIZE (32) 62 63 63 64 /* Maximum buffer size value we can send with 1 credit */

+2 -2

fs/cifs/smb2misc.c

··· 754 754 } 755 755 } 756 756 spin_unlock(&cifs_tcp_ses_lock); 757 757 - cifs_dbg(FYI, "Can not process oplock break for non-existent connection\n"); 758 758 - return false; 757 757 + cifs_dbg(FYI, "No file id matched, oplock break ignored\n"); 758 758 + return true; 759 759 } 760 760 761 761 void

+20 -7

fs/cifs/smb2ops.c

··· 2038 2038 { 2039 2039 int rc; 2040 2040 unsigned int ret_data_len; 2041 2041 + struct inode *inode; 2041 2042 struct duplicate_extents_to_file dup_ext_buf; 2042 2043 struct cifs_tcon *tcon = tlink_tcon(trgtfile->tlink); 2043 2044 ··· 2055 2054 cifs_dbg(FYI, "Duplicate extents: src off %lld dst off %lld len %lld\n", 2056 2055 src_off, dest_off, len); 2057 2056 2058 2058 - rc = smb2_set_file_size(xid, tcon, trgtfile, dest_off + len, false); 2059 2059 - if (rc) 2060 2060 - goto duplicate_extents_out; 2057 2057 + inode = d_inode(trgtfile->dentry); 2058 2058 + if (inode->i_size < dest_off + len) { 2059 2059 + rc = smb2_set_file_size(xid, tcon, trgtfile, dest_off + len, false); 2060 2060 + if (rc) 2061 2061 + goto duplicate_extents_out; 2061 2062 2063 2063 + /* 2064 2064 + * Although also could set plausible allocation size (i_blocks) 2065 2065 + * here in addition to setting the file size, in reflink 2066 2066 + * it is likely that the target file is sparse. Its allocation 2067 2067 + * size will be queried on next revalidate, but it is important 2068 2068 + * to make sure that file's cached size is updated immediately 2069 2069 + */ 2070 2070 + cifs_setsize(inode, dest_off + len); 2071 2071 + } 2062 2072 rc = SMB2_ioctl(xid, tcon, trgtfile->fid.persistent_fid, 2063 2073 trgtfile->fid.volatile_fid, 2064 2074 FSCTL_DUPLICATE_EXTENTS_TO_FILE, ··· 4170 4158 if (ses->Suid == ses_id) { 4171 4159 ses_enc_key = enc ? ses->smb3encryptionkey : 4172 4160 ses->smb3decryptionkey; 4173 4173 - memcpy(key, ses_enc_key, SMB3_SIGN_KEY_SIZE); 4161 4161 + memcpy(key, ses_enc_key, SMB3_ENC_DEC_KEY_SIZE); 4174 4162 spin_unlock(&cifs_tcp_ses_lock); 4175 4163 return 0; 4176 4164 } ··· 4197 4185 int rc = 0; 4198 4186 struct scatterlist *sg; 4199 4187 u8 sign[SMB2_SIGNATURE_SIZE] = {}; 4200 4200 - u8 key[SMB3_SIGN_KEY_SIZE]; 4188 4188 + u8 key[SMB3_ENC_DEC_KEY_SIZE]; 4201 4189 struct aead_request *req; 4202 4190 char *iv; 4203 4191 unsigned int iv_len; ··· 4221 4209 tfm = enc ? server->secmech.ccmaesencrypt : 4222 4210 server->secmech.ccmaesdecrypt; 4223 4211 4224 4224 - if (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM) 4212 4212 + if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) || 4213 4213 + (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) 4225 4214 rc = crypto_aead_setkey(tfm, key, SMB3_GCM256_CRYPTKEY_SIZE); 4226 4215 else 4227 4227 - rc = crypto_aead_setkey(tfm, key, SMB3_SIGN_KEY_SIZE); 4216 4216 + rc = crypto_aead_setkey(tfm, key, SMB3_GCM128_CRYPTKEY_SIZE); 4228 4217 4229 4218 if (rc) { 4230 4219 cifs_server_dbg(VFS, "%s: Failed to set aead key %d\n", __func__, rc);

+28 -9

fs/cifs/smb2transport.c

··· 298 298 { 299 299 unsigned char zero = 0x0; 300 300 __u8 i[4] = {0, 0, 0, 1}; 301 301 - __u8 L[4] = {0, 0, 0, 128}; 301 301 + __u8 L128[4] = {0, 0, 0, 128}; 302 302 + __u8 L256[4] = {0, 0, 1, 0}; 302 303 int rc = 0; 303 304 unsigned char prfhash[SMB2_HMACSHA256_SIZE]; 304 305 unsigned char *hashptr = prfhash; ··· 355 354 goto smb3signkey_ret; 356 355 } 357 356 358 358 - rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash, 359 359 - L, 4); 357 357 + if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) || 358 358 + (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) { 359 359 + rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash, 360 360 + L256, 4); 361 361 + } else { 362 362 + rc = crypto_shash_update(&server->secmech.sdeschmacsha256->shash, 363 363 + L128, 4); 364 364 + } 360 365 if (rc) { 361 366 cifs_server_dbg(VFS, "%s: Could not update with L\n", __func__); 362 367 goto smb3signkey_ret; ··· 397 390 const struct derivation_triplet *ptriplet) 398 391 { 399 392 int rc; 393 393 + #ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS 394 394 + struct TCP_Server_Info *server = ses->server; 395 395 + #endif 400 396 401 397 /* 402 398 * All channels use the same encryption/decryption keys but ··· 432 422 rc = generate_key(ses, ptriplet->encryption.label, 433 423 ptriplet->encryption.context, 434 424 ses->smb3encryptionkey, 435 435 - SMB3_SIGN_KEY_SIZE); 425 425 + SMB3_ENC_DEC_KEY_SIZE); 436 426 rc = generate_key(ses, ptriplet->decryption.label, 437 427 ptriplet->decryption.context, 438 428 ses->smb3decryptionkey, 439 439 - SMB3_SIGN_KEY_SIZE); 429 429 + SMB3_ENC_DEC_KEY_SIZE); 440 430 if (rc) 441 431 return rc; 442 432 } ··· 452 442 */ 453 443 cifs_dbg(VFS, "Session Id %*ph\n", (int)sizeof(ses->Suid), 454 444 &ses->Suid); 445 445 + cifs_dbg(VFS, "Cipher type %d\n", server->cipher_type); 455 446 cifs_dbg(VFS, "Session Key %*ph\n", 456 447 SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response); 457 448 cifs_dbg(VFS, "Signing Key %*ph\n", 458 449 SMB3_SIGN_KEY_SIZE, ses->smb3signingkey); 459 459 - cifs_dbg(VFS, "ServerIn Key %*ph\n", 460 460 - SMB3_SIGN_KEY_SIZE, ses->smb3encryptionkey); 461 461 - cifs_dbg(VFS, "ServerOut Key %*ph\n", 462 462 - SMB3_SIGN_KEY_SIZE, ses->smb3decryptionkey); 450 450 + if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) || 451 451 + (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) { 452 452 + cifs_dbg(VFS, "ServerIn Key %*ph\n", 453 453 + SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3encryptionkey); 454 454 + cifs_dbg(VFS, "ServerOut Key %*ph\n", 455 455 + SMB3_GCM256_CRYPTKEY_SIZE, ses->smb3decryptionkey); 456 456 + } else { 457 457 + cifs_dbg(VFS, "ServerIn Key %*ph\n", 458 458 + SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3encryptionkey); 459 459 + cifs_dbg(VFS, "ServerOut Key %*ph\n", 460 460 + SMB3_GCM128_CRYPTKEY_SIZE, ses->smb3decryptionkey); 461 461 + } 463 462 #endif 464 463 return rc; 465 464 }