| Message ID | 20221011231207.1458541-1-lsahlber@redhat.com |
|---|---|
| State | New |
| Headers | show |
| Series | cifs: fix regression in very old smb1 mounts | expand |
On 12.10.22 01:12, Ronnie Sahlberg wrote: > BZ: 215375 > > Fixes: 76a3c92ec9e0668e4cd0e9ff1782eb68f61a179c ("cifs: remove support for NTLM and weaker authentication algorithms") > Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com> Ronnie, Steve, did this change create any trouble in 6.1 pre-releases so far? If not: could you please consider submitting this change for inclusion in 6.0 and 5.15, as this is a regression from the 5.15 days that according to the bugzilla ticket seem to annoy some people a lot. Ciao, Thorsten > --- > fs/cifs/connect.c | 11 +++++------ > 1 file changed, 5 insertions(+), 6 deletions(-) > > diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c > index 93e59b3b36c7..c77232096c12 100644 > --- a/fs/cifs/connect.c > +++ b/fs/cifs/connect.c > @@ -3922,12 +3922,11 @@ CIFSTCon(const unsigned int xid, struct cifs_ses *ses, > pSMB->AndXCommand = 0xFF; > pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO); > bcc_ptr = &pSMB->Password[0]; > - if (tcon->pipe || (ses->server->sec_mode & SECMODE_USER)) { > - pSMB->PasswordLength = cpu_to_le16(1); /* minimum */ > - *bcc_ptr = 0; /* password is null byte */ > - bcc_ptr++; /* skip password */ > - /* already aligned so no need to do it below */ > - } > + > + pSMB->PasswordLength = cpu_to_le16(1); /* minimum */ > + *bcc_ptr = 0; /* password is null byte */ > + bcc_ptr++; /* skip password */ > + /* already aligned so no need to do it below */ > > if (ses->server->sign) > smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
On 01.11.22 18:53, Thorsten Leemhuis wrote: > On 12.10.22 01:12, Ronnie Sahlberg wrote: >> BZ: 215375 >> >> Fixes: 76a3c92ec9e0668e4cd0e9ff1782eb68f61a179c ("cifs: remove support for NTLM and weaker authentication algorithms") >> Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com> > > Ronnie, Steve, did this change create any trouble in 6.1 pre-releases so > far? If not: could you please consider submitting this change for > inclusion in 6.0 and 5.15, as this is a regression from the 5.15 days > that according to the bugzilla ticket seem to annoy some people a lot. Ronnie, Steve, if you have a minute, I would really appreciate your help in this matter, you are the best people to judge here. Ciao, Thorsten >> --- >> fs/cifs/connect.c | 11 +++++------ >> 1 file changed, 5 insertions(+), 6 deletions(-) >> >> diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c >> index 93e59b3b36c7..c77232096c12 100644 >> --- a/fs/cifs/connect.c >> +++ b/fs/cifs/connect.c >> @@ -3922,12 +3922,11 @@ CIFSTCon(const unsigned int xid, struct cifs_ses *ses, >> pSMB->AndXCommand = 0xFF; >> pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO); >> bcc_ptr = &pSMB->Password[0]; >> - if (tcon->pipe || (ses->server->sec_mode & SECMODE_USER)) { >> - pSMB->PasswordLength = cpu_to_le16(1); /* minimum */ >> - *bcc_ptr = 0; /* password is null byte */ >> - bcc_ptr++; /* skip password */ >> - /* already aligned so no need to do it below */ >> - } >> + >> + pSMB->PasswordLength = cpu_to_le16(1); /* minimum */ >> + *bcc_ptr = 0; /* password is null byte */ >> + bcc_ptr++; /* skip password */ >> + /* already aligned so no need to do it below */ >> >> if (ses->server->sign) >> smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
On Mon, 7 Nov 2022 at 23:20, Thorsten Leemhuis <regressions@leemhuis.info> wrote: > > On 01.11.22 18:53, Thorsten Leemhuis wrote: > > On 12.10.22 01:12, Ronnie Sahlberg wrote: > >> BZ: 215375 > >> > >> Fixes: 76a3c92ec9e0668e4cd0e9ff1782eb68f61a179c ("cifs: remove support for NTLM and weaker authentication algorithms") > >> Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com> > > > > Ronnie, Steve, did this change create any trouble in 6.1 pre-releases so > > far? If not: could you please consider submitting this change for > > inclusion in 6.0 and 5.15, as this is a regression from the 5.15 days > > that according to the bugzilla ticket seem to annoy some people a lot. > > Ronnie, Steve, if you have a minute, I would really appreciate your help > in this matter, you are the best people to judge here. Thanks for the reminder. I don't think there were any issues in the pre-release so we should try to get it into the stable kernels. I am not sure how that process works since the patch is already in upstream. (I have only seen the process where you flag the patch with cc-stable.) Can you explain the process on how to flag this existing patch for backporting? > > Ciao, Thorsten > > >> --- > >> fs/cifs/connect.c | 11 +++++------ > >> 1 file changed, 5 insertions(+), 6 deletions(-) > >> > >> diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c > >> index 93e59b3b36c7..c77232096c12 100644 > >> --- a/fs/cifs/connect.c > >> +++ b/fs/cifs/connect.c > >> @@ -3922,12 +3922,11 @@ CIFSTCon(const unsigned int xid, struct cifs_ses *ses, > >> pSMB->AndXCommand = 0xFF; > >> pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO); > >> bcc_ptr = &pSMB->Password[0]; > >> - if (tcon->pipe || (ses->server->sec_mode & SECMODE_USER)) { > >> - pSMB->PasswordLength = cpu_to_le16(1); /* minimum */ > >> - *bcc_ptr = 0; /* password is null byte */ > >> - bcc_ptr++; /* skip password */ > >> - /* already aligned so no need to do it below */ > >> - } > >> + > >> + pSMB->PasswordLength = cpu_to_le16(1); /* minimum */ > >> + *bcc_ptr = 0; /* password is null byte */ > >> + bcc_ptr++; /* skip password */ > >> + /* already aligned so no need to do it below */ > >> > >> if (ses->server->sign) > >> smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
On 07.11.22 14:31, ronnie sahlberg wrote: > On Mon, 7 Nov 2022 at 23:20, Thorsten Leemhuis > <regressions@leemhuis.info> wrote: >> >> On 01.11.22 18:53, Thorsten Leemhuis wrote: >>> On 12.10.22 01:12, Ronnie Sahlberg wrote: >>>> BZ: 215375 >>>> >>>> Fixes: 76a3c92ec9e0668e4cd0e9ff1782eb68f61a179c ("cifs: remove support for NTLM and weaker authentication algorithms") >>>> Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com> >>> >>> Ronnie, Steve, did this change create any trouble in 6.1 pre-releases so >>> far? If not: could you please consider submitting this change for >>> inclusion in 6.0 and 5.15, as this is a regression from the 5.15 days >>> that according to the bugzilla ticket seem to annoy some people a lot. >> >> Ronnie, Steve, if you have a minute, I would really appreciate your help >> in this matter, you are the best people to judge here. > > Thanks for the reminder. I don't think there were any issues in the > pre-release so we should try to get it into the stable kernels. Great. > I am not sure how that process works since the patch is already in upstream. > (I have only seen the process where you flag the patch with cc-stable.) > Can you explain the process on how to flag this existing patch for backporting? Documentation/process/stable-kernel-rules.rst (or https://docs.kernel.org/process/stable-kernel-rules.html ) explains this (see option 3 there) better than I can. The patch afaics needs to got to 6.0 and 5.15. Many thx for taking care of this! Ciao, Thorsten >>>> --- >>>> fs/cifs/connect.c | 11 +++++------ >>>> 1 file changed, 5 insertions(+), 6 deletions(-) >>>> >>>> diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c >>>> index 93e59b3b36c7..c77232096c12 100644 >>>> --- a/fs/cifs/connect.c >>>> +++ b/fs/cifs/connect.c >>>> @@ -3922,12 +3922,11 @@ CIFSTCon(const unsigned int xid, struct cifs_ses *ses, >>>> pSMB->AndXCommand = 0xFF; >>>> pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO); >>>> bcc_ptr = &pSMB->Password[0]; >>>> - if (tcon->pipe || (ses->server->sec_mode & SECMODE_USER)) { >>>> - pSMB->PasswordLength = cpu_to_le16(1); /* minimum */ >>>> - *bcc_ptr = 0; /* password is null byte */ >>>> - bcc_ptr++; /* skip password */ >>>> - /* already aligned so no need to do it below */ >>>> - } >>>> + >>>> + pSMB->PasswordLength = cpu_to_le16(1); /* minimum */ >>>> + *bcc_ptr = 0; /* password is null byte */ >>>> + bcc_ptr++; /* skip password */ >>>> + /* already aligned so no need to do it below */ >>>> >>>> if (ses->server->sign) >>>> smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE; >
On Mon, 7 Nov 2022 at 23:40, Thorsten Leemhuis <regressions@leemhuis.info> wrote: > > On 07.11.22 14:31, ronnie sahlberg wrote: > > On Mon, 7 Nov 2022 at 23:20, Thorsten Leemhuis > > <regressions@leemhuis.info> wrote: > >> > >> On 01.11.22 18:53, Thorsten Leemhuis wrote: > >>> On 12.10.22 01:12, Ronnie Sahlberg wrote: > >>>> BZ: 215375 > >>>> > >>>> Fixes: 76a3c92ec9e0668e4cd0e9ff1782eb68f61a179c ("cifs: remove support for NTLM and weaker authentication algorithms") > >>>> Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com> > >>> > >>> Ronnie, Steve, did this change create any trouble in 6.1 pre-releases so > >>> far? If not: could you please consider submitting this change for > >>> inclusion in 6.0 and 5.15, as this is a regression from the 5.15 days > >>> that according to the bugzilla ticket seem to annoy some people a lot. > >> > >> Ronnie, Steve, if you have a minute, I would really appreciate your help > >> in this matter, you are the best people to judge here. > > > > Thanks for the reminder. I don't think there were any issues in the > > pre-release so we should try to get it into the stable kernels. > > Great. > > > I am not sure how that process works since the patch is already in upstream. > > (I have only seen the process where you flag the patch with cc-stable.) > > Can you explain the process on how to flag this existing patch for backporting? > > Documentation/process/stable-kernel-rules.rst (or > https://docs.kernel.org/process/stable-kernel-rules.html ) explains this > (see option 3 there) better than I can. The patch afaics needs to got to > 6.0 and 5.15. Thanks. What we need here is option 2. Steve, can you send an email for option 2 so we get it in the older kernels? > > Many thx for taking care of this! > > Ciao, Thorsten > > > >>>> --- > >>>> fs/cifs/connect.c | 11 +++++------ > >>>> 1 file changed, 5 insertions(+), 6 deletions(-) > >>>> > >>>> diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c > >>>> index 93e59b3b36c7..c77232096c12 100644 > >>>> --- a/fs/cifs/connect.c > >>>> +++ b/fs/cifs/connect.c > >>>> @@ -3922,12 +3922,11 @@ CIFSTCon(const unsigned int xid, struct cifs_ses *ses, > >>>> pSMB->AndXCommand = 0xFF; > >>>> pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO); > >>>> bcc_ptr = &pSMB->Password[0]; > >>>> - if (tcon->pipe || (ses->server->sec_mode & SECMODE_USER)) { > >>>> - pSMB->PasswordLength = cpu_to_le16(1); /* minimum */ > >>>> - *bcc_ptr = 0; /* password is null byte */ > >>>> - bcc_ptr++; /* skip password */ > >>>> - /* already aligned so no need to do it below */ > >>>> - } > >>>> + > >>>> + pSMB->PasswordLength = cpu_to_le16(1); /* minimum */ > >>>> + *bcc_ptr = 0; /* password is null byte */ > >>>> + bcc_ptr++; /* skip password */ > >>>> + /* already aligned so no need to do it below */ > >>>> > >>>> if (ses->server->sign) > >>>> smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE; > >
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 93e59b3b36c7..c77232096c12 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -3922,12 +3922,11 @@ CIFSTCon(const unsigned int xid, struct cifs_ses *ses, pSMB->AndXCommand = 0xFF; pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO); bcc_ptr = &pSMB->Password[0]; - if (tcon->pipe || (ses->server->sec_mode & SECMODE_USER)) { - pSMB->PasswordLength = cpu_to_le16(1); /* minimum */ - *bcc_ptr = 0; /* password is null byte */ - bcc_ptr++; /* skip password */ - /* already aligned so no need to do it below */ - } + + pSMB->PasswordLength = cpu_to_le16(1); /* minimum */ + *bcc_ptr = 0; /* password is null byte */ + bcc_ptr++; /* skip password */ + /* already aligned so no need to do it below */ if (ses->server->sign) smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
BZ: 215375 Fixes: 76a3c92ec9e0668e4cd0e9ff1782eb68f61a179c ("cifs: remove support for NTLM and weaker authentication algorithms") Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com> --- fs/cifs/connect.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-)