commit d2fec01e89447729c7b9d722a8e7ef9d1184c7be · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Merge tag '6.16-rc-ksmbd-server-fixes' of git://git.samba.org/ksmbd

Pull smb server updates from Steve French:
"Four smb3 server fixes:

- Fix for special character handling when mounting with "posix"

- Fix for mounts from Mac for fs that don't provide unique inode
numbers

- Two cleanup patches (e.g. for crypto calls)"

* tag '6.16-rc-ksmbd-server-fixes' of git://git.samba.org/ksmbd:
ksmbd: allow a filename to contain special characters on SMB3.1.1 posix extension
ksmbd: provide zero as a unique ID to the Mac client
ksmbd: remove unnecessary softdep on crc32
ksmbd: use SHA-256 library API instead of crypto_shash API

Linus Torvalds 7 months ago d2fec01e ff0905bb

+53 -93

10 changed files

expand all

unified split

smb

server

Kconfig

auth.c

auth.h

connection.h

crypto_ctx.c

crypto_ctx.h

server.c

smb2pdu.c

smb2pdu.h

vfs.c

fs/smb/server/Kconfig

··· 11 11 select CRYPTO_HMAC 12 12 select CRYPTO_ECB 13 13 select CRYPTO_LIB_DES 14 + select CRYPTO_LIB_SHA256 14 15 select CRYPTO_SHA256 15 16 select CRYPTO_CMAC 16 17 select CRYPTO_SHA512

-34

fs/smb/server/auth.c

··· 979 979 return rc; 980 980 } 981 981 982 - int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len, 983 - __u8 *pi_hash) 984 - { 985 - int rc; 986 - struct ksmbd_crypto_ctx *ctx = NULL; 987 - 988 - ctx = ksmbd_crypto_ctx_find_sha256(); 989 - if (!ctx) { 990 - ksmbd_debug(AUTH, "could not alloc sha256\n"); 991 - return -ENOMEM; 992 - } 993 - 994 - rc = crypto_shash_init(CRYPTO_SHA256(ctx)); 995 - if (rc) { 996 - ksmbd_debug(AUTH, "could not init shashn"); 997 - goto out; 998 - } 999 - 1000 - rc = crypto_shash_update(CRYPTO_SHA256(ctx), sd_buf, len); 1001 - if (rc) { 1002 - ksmbd_debug(AUTH, "could not update with n\n"); 1003 - goto out; 1004 - } 1005 - 1006 - rc = crypto_shash_final(CRYPTO_SHA256(ctx), pi_hash); 1007 - if (rc) { 1008 - ksmbd_debug(AUTH, "Could not generate hash err : %d\n", rc); 1009 - goto out; 1010 - } 1011 - out: 1012 - ksmbd_release_crypto_ctx(ctx); 1013 - return rc; 1014 - } 1015 - 1016 982 static int ksmbd_get_encryption_key(struct ksmbd_work *work, __u64 ses_id, 1017 983 int enc, u8 *key) 1018 984 {

-2

fs/smb/server/auth.h

··· 66 66 struct ksmbd_session *sess); 67 67 int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf, 68 68 __u8 *pi_hash); 69 - int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len, 70 - __u8 *pi_hash); 71 69 #endif

fs/smb/server/connection.h

··· 108 108 __le16 signing_algorithm; 109 109 bool binding; 110 110 atomic_t refcnt; 111 + bool is_aapl; 111 112 }; 112 113 113 114 struct ksmbd_conn_ops {

-8

fs/smb/server/crypto_ctx.c

··· 75 75 case CRYPTO_SHASH_CMACAES: 76 76 tfm = crypto_alloc_shash("cmac(aes)", 0, 0); 77 77 break; 78 - case CRYPTO_SHASH_SHA256: 79 - tfm = crypto_alloc_shash("sha256", 0, 0); 80 - break; 81 78 case CRYPTO_SHASH_SHA512: 82 79 tfm = crypto_alloc_shash("sha512", 0, 0); 83 80 break; ··· 193 196 struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_cmacaes(void) 194 197 { 195 198 return ____crypto_shash_ctx_find(CRYPTO_SHASH_CMACAES); 196 - } 197 - 198 - struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_sha256(void) 199 - { 200 - return ____crypto_shash_ctx_find(CRYPTO_SHASH_SHA256); 201 199 } 202 200 203 201 struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_sha512(void)

-4

fs/smb/server/crypto_ctx.h

··· 13 13 CRYPTO_SHASH_HMACMD5 = 0, 14 14 CRYPTO_SHASH_HMACSHA256, 15 15 CRYPTO_SHASH_CMACAES, 16 - CRYPTO_SHASH_SHA256, 17 16 CRYPTO_SHASH_SHA512, 18 17 CRYPTO_SHASH_MAX, 19 18 }; ··· 38 39 #define CRYPTO_HMACMD5(c) ((c)->desc[CRYPTO_SHASH_HMACMD5]) 39 40 #define CRYPTO_HMACSHA256(c) ((c)->desc[CRYPTO_SHASH_HMACSHA256]) 40 41 #define CRYPTO_CMACAES(c) ((c)->desc[CRYPTO_SHASH_CMACAES]) 41 - #define CRYPTO_SHA256(c) ((c)->desc[CRYPTO_SHASH_SHA256]) 42 42 #define CRYPTO_SHA512(c) ((c)->desc[CRYPTO_SHASH_SHA512]) 43 43 44 44 #define CRYPTO_HMACMD5_TFM(c) ((c)->desc[CRYPTO_SHASH_HMACMD5]->tfm) 45 45 #define CRYPTO_HMACSHA256_TFM(c)\ 46 46 ((c)->desc[CRYPTO_SHASH_HMACSHA256]->tfm) 47 47 #define CRYPTO_CMACAES_TFM(c) ((c)->desc[CRYPTO_SHASH_CMACAES]->tfm) 48 - #define CRYPTO_SHA256_TFM(c) ((c)->desc[CRYPTO_SHASH_SHA256]->tfm) 49 48 #define CRYPTO_SHA512_TFM(c) ((c)->desc[CRYPTO_SHASH_SHA512]->tfm) 50 49 51 50 #define CRYPTO_GCM(c) ((c)->ccmaes[CRYPTO_AEAD_AES_GCM]) ··· 54 57 struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_hmacsha256(void); 55 58 struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_cmacaes(void); 56 59 struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_sha512(void); 57 - struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_sha256(void); 58 60 struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_gcm(void); 59 61 struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_ccm(void); 60 62 void ksmbd_crypto_destroy(void);

-1

fs/smb/server/server.c

··· 631 631 MODULE_SOFTDEP("pre: aead2"); 632 632 MODULE_SOFTDEP("pre: ccm"); 633 633 MODULE_SOFTDEP("pre: gcm"); 634 - MODULE_SOFTDEP("pre: crc32"); 635 634 module_init(ksmbd_server_init) 636 635 module_exit(ksmbd_server_exit)

+44 -28

fs/smb/server/smb2pdu.c

··· 2874 2874 int req_op_level = 0, open_flags = 0, may_flags = 0, file_info = 0; 2875 2875 int rc = 0; 2876 2876 int contxt_cnt = 0, query_disk_id = 0; 2877 - int maximal_access_ctxt = 0, posix_ctxt = 0; 2877 + bool maximal_access_ctxt = false, posix_ctxt = false; 2878 2878 int s_type = 0; 2879 2879 int next_off = 0; 2880 2880 char *name = NULL; ··· 2903 2903 return create_smb2_pipe(work); 2904 2904 } 2905 2905 2906 + if (req->CreateContextsOffset && tcon->posix_extensions) { 2907 + context = smb2_find_context_vals(req, SMB2_CREATE_TAG_POSIX, 16); 2908 + if (IS_ERR(context)) { 2909 + rc = PTR_ERR(context); 2910 + goto err_out2; 2911 + } else if (context) { 2912 + struct create_posix *posix = (struct create_posix *)context; 2913 + 2914 + if (le16_to_cpu(context->DataOffset) + 2915 + le32_to_cpu(context->DataLength) < 2916 + sizeof(struct create_posix) - 4) { 2917 + rc = -EINVAL; 2918 + goto err_out2; 2919 + } 2920 + ksmbd_debug(SMB, "get posix context\n"); 2921 + 2922 + posix_mode = le32_to_cpu(posix->Mode); 2923 + posix_ctxt = true; 2924 + } 2925 + } 2926 + 2906 2927 if (req->NameLength) { 2907 2928 name = smb2_get_name((char *)req + le16_to_cpu(req->NameOffset), 2908 2929 le16_to_cpu(req->NameLength), ··· 2946 2925 goto err_out2; 2947 2926 } 2948 2927 2949 - rc = ksmbd_validate_filename(name); 2950 - if (rc < 0) 2951 - goto err_out2; 2928 + if (posix_ctxt == false) { 2929 + rc = ksmbd_validate_filename(name); 2930 + if (rc < 0) 2931 + goto err_out2; 2932 + } 2952 2933 2953 2934 if (ksmbd_share_veto_filename(share, name)) { 2954 2935 rc = -ENOENT; ··· 3107 3084 ksmbd_debug(SMB, "get timewarp context\n"); 3108 3085 rc = -EBADF; 3109 3086 goto err_out2; 3110 - } 3111 - 3112 - if (tcon->posix_extensions) { 3113 - context = smb2_find_context_vals(req, 3114 - SMB2_CREATE_TAG_POSIX, 16); 3115 - if (IS_ERR(context)) { 3116 - rc = PTR_ERR(context); 3117 - goto err_out2; 3118 - } else if (context) { 3119 - struct create_posix *posix = 3120 - (struct create_posix *)context; 3121 - if (le16_to_cpu(context->DataOffset) + 3122 - le32_to_cpu(context->DataLength) < 3123 - sizeof(struct create_posix) - 4) { 3124 - rc = -EINVAL; 3125 - goto err_out2; 3126 - } 3127 - ksmbd_debug(SMB, "get posix context\n"); 3128 - 3129 - posix_mode = le32_to_cpu(posix->Mode); 3130 - posix_ctxt = 1; 3131 - } 3132 3087 } 3133 3088 } 3134 3089 ··· 3539 3538 } else if (context) { 3540 3539 ksmbd_debug(SMB, "get query on disk id context\n"); 3541 3540 query_disk_id = 1; 3541 + } 3542 + 3543 + if (conn->is_aapl == false) { 3544 + context = smb2_find_context_vals(req, SMB2_CREATE_AAPL, 4); 3545 + if (IS_ERR(context)) { 3546 + rc = PTR_ERR(context); 3547 + goto err_out1; 3548 + } else if (context) 3549 + conn->is_aapl = true; 3542 3550 } 3543 3551 } 3544 3552 ··· 3988 3978 if (dinfo->EaSize) 3989 3979 dinfo->ExtFileAttributes = FILE_ATTRIBUTE_REPARSE_POINT_LE; 3990 3980 dinfo->Reserved = 0; 3991 - dinfo->UniqueId = cpu_to_le64(ksmbd_kstat->kstat->ino); 3981 + if (conn->is_aapl) 3982 + dinfo->UniqueId = 0; 3983 + else 3984 + dinfo->UniqueId = cpu_to_le64(ksmbd_kstat->kstat->ino); 3992 3985 if (d_info->hide_dot_file && d_info->name[0] == '.') 3993 3986 dinfo->ExtFileAttributes |= FILE_ATTRIBUTE_HIDDEN_LE; 3994 3987 memcpy(dinfo->FileName, conv_name, conv_len); ··· 4008 3995 smb2_get_reparse_tag_special_file(ksmbd_kstat->kstat->mode); 4009 3996 if (fibdinfo->EaSize) 4010 3997 fibdinfo->ExtFileAttributes = FILE_ATTRIBUTE_REPARSE_POINT_LE; 4011 - fibdinfo->UniqueId = cpu_to_le64(ksmbd_kstat->kstat->ino); 3998 + if (conn->is_aapl) 3999 + fibdinfo->UniqueId = 0; 4000 + else 4001 + fibdinfo->UniqueId = cpu_to_le64(ksmbd_kstat->kstat->ino); 4012 4002 fibdinfo->ShortNameLength = 0; 4013 4003 fibdinfo->Reserved = 0; 4014 4004 fibdinfo->Reserved2 = cpu_to_le16(0);

fs/smb/server/smb2pdu.h

··· 63 63 64 64 #define SMB2_SESSION_TIMEOUT (10 * HZ) 65 65 66 + /* Apple Defined Contexts */ 67 + #define SMB2_CREATE_AAPL "AAPL" 68 + 66 69 struct create_durable_req_v2 { 67 70 struct create_context_hdr ccontext; 68 71 __u8 Name[8];

+4 -16

fs/smb/server/vfs.c

··· 4 4 * Copyright (C) 2018 Samsung Electronics Co., Ltd. 5 5 */ 6 6 7 + #include <crypto/sha2.h> 7 8 #include <linux/kernel.h> 8 9 #include <linux/fs.h> 9 10 #include <linux/filelock.h> ··· 1477 1476 acl.sd_buf = (char *)pntsd; 1478 1477 acl.sd_size = len; 1479 1478 1480 - rc = ksmbd_gen_sd_hash(conn, acl.sd_buf, acl.sd_size, acl.hash); 1481 - if (rc) { 1482 - pr_err("failed to generate hash for ndr acl\n"); 1483 - return rc; 1484 - } 1479 + sha256(acl.sd_buf, acl.sd_size, acl.hash); 1485 1480 1486 1481 smb_acl = ksmbd_vfs_make_xattr_posix_acl(idmap, inode, 1487 1482 ACL_TYPE_ACCESS); ··· 1492 1495 goto out; 1493 1496 } 1494 1497 1495 - rc = ksmbd_gen_sd_hash(conn, acl_ndr.data, acl_ndr.offset, 1496 - acl.posix_acl_hash); 1497 - if (rc) { 1498 - pr_err("failed to generate hash for ndr acl\n"); 1499 - goto out; 1500 - } 1498 + sha256(acl_ndr.data, acl_ndr.offset, acl.posix_acl_hash); 1501 1499 1502 1500 rc = ndr_encode_v4_ntacl(&sd_ndr, &acl); 1503 1501 if (rc) { ··· 1549 1557 goto out_free; 1550 1558 } 1551 1559 1552 - rc = ksmbd_gen_sd_hash(conn, acl_ndr.data, acl_ndr.offset, cmp_hash); 1553 - if (rc) { 1554 - pr_err("failed to generate hash for ndr acl\n"); 1555 - goto out_free; 1556 - } 1560 + sha256(acl_ndr.data, acl_ndr.offset, cmp_hash); 1557 1561 1558 1562 if (memcmp(cmp_hash, acl.posix_acl_hash, XATTR_SD_HASH_SIZE)) { 1559 1563 pr_err("hash value diff\n");