From mboxrd@z Thu Jan 1 00:00:00 1970 From: Greg Kroah-Hartman Subject: Re: [PATCH 4.13 28/43] SMB3: Validate negotiate request must always be signed Date: Tue, 27 Feb 2018 09:54:28 +0100 Message-ID: <20180227085428.GA16879@kroah.com> References: <20171031095530.520746935@linuxfoundation.org> <20171031095531.633196173@linuxfoundation.org> <97340c9a-0ea2-0d3d-cf26-58c799d76cae@mageia.org> <20171101151803.GB31285@kroah.com> <4ba67095-4075-688f-d3fb-157847aee4d9@csail.mit.edu> <28ffc363-5140-5685-d288-6e3dc07c6369@csail.mit.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Thomas Backlund , Steve French , =?iso-8859-1?Q?Aur=E9lien?= Aptel , linux-kernel@vger.kernel.org, stable@vger.kernel.org, lsahlber@redhat.com, pshilov@microsoft.com, linux-cifs@vger.kernel.org To: "Srivatsa S. Bhat" Return-path: Content-Disposition: inline In-Reply-To: <28ffc363-5140-5685-d288-6e3dc07c6369@csail.mit.edu> Sender: linux-kernel-owner@vger.kernel.org List-Id: linux-cifs.vger.kernel.org On Mon, Feb 26, 2018 at 07:44:28PM -0800, Srivatsa S. Bhat wrote: > On 1/3/18 6:15 PM, Srivatsa S. Bhat wrote: > > On 11/1/17 8:18 AM, Greg Kroah-Hartman wrote: > >> On Tue, Oct 31, 2017 at 03:02:11PM +0200, Thomas Backlund wrote: > >>> Den 31.10.2017 kl. 11:55, skrev Greg Kroah-Hartman: > >>>> 4.13-stable review patch. If anyone has any objections, please let me know. > >>>> > >>>> ------------------ > >>>> > >>>> From: Steve French > >>>> > >>>> commit 4587eee04e2ac7ac3ac9fa2bc164fb6e548f99cd upstream. > >>>> > >>>> According to MS-SMB2 3.2.55 validate_negotiate request must > >>>> always be signed. Some Windows can fail the request if you send it unsigned > >>>> > >>>> See kernel bugzilla bug 197311 > >>>> > >>>> Acked-by: Ronnie Sahlberg > >>>> Signed-off-by: Steve French > >>>> Signed-off-by: Greg Kroah-Hartman > >>>> > >>>> --- > >>>> fs/cifs/smb2pdu.c | 3 +++ > >>>> 1 file changed, 3 insertions(+) > >>>> > >>>> --- a/fs/cifs/smb2pdu.c > >>>> +++ b/fs/cifs/smb2pdu.c > >>>> @@ -1963,6 +1963,9 @@ SMB2_ioctl(const unsigned int xid, struc > >>>> } else > >>>> iov[0].iov_len = get_rfc1002_length(req) + 4; > >>>> + /* validate negotiate request must be signed - see MS-SMB2 3.2.5.5 */ > >>>> + if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO) > >>>> + req->hdr.sync_hdr.Flags |= SMB2_FLAGS_SIGNED; > >>>> rc = SendReceive2(xid, ses, iov, n_iov, &resp_buftype, flags, &rsp_iov); > >>>> cifs_small_buf_release(req); > >>>> > >>>> > >>>> > >>> > >>> This one needs to be backported to all stable kernels as the commit that > >>> introduced the regression: > >>> ' > >>> 0603c96f3af50e2f9299fa410c224ab1d465e0f9 > >>> SMB: Validate negotiate (to protect against downgrade) even if signing off > >>> > >>> is backported in stable trees as of: 4.9.53, 4.4.90, 3.18.73 > >> > >> Oh wait, it breaks the builds on older kernels, that's why I didn't > >> apply it :) > >> > >> Can you provide me with a working backport? > >> > > > > Hi Steve, > > > > Is there a version of this fix available for stable kernels? > > > > Hi Greg, > > Mounting SMB3 shares continues to fail for me on 4.4.118 and 4.9.84 > due to the issues that I have described in detail on this mail thread. > > Since there is no apparent fix for this bug on stable kernels, could > you please consider reverting the original commit that caused this > regression? > > That commit was intended to enhance security, which is probably why it > was backported to stable kernels in the first place; but instead it > ends up breaking basic functionality itself (mounting). So in the > absence of a proper fix, I don't see much of an option but to revert > that commit. > > So, please consider reverting the following: > > commit 02ef29f9cbb616bf419 "SMB: Validate negotiate (to protect > against downgrade) even if signing off" on 4.4.118 > > commit 0e1b85a41a25ac888fb "SMB: Validate negotiate (to protect > against downgrade) even if signing off" on 4.9.84 > > They correspond to commit 0603c96f3af50e2f9299fa410c224ab1d465e0f9 > upstream. Both these patches should revert cleanly. Do you still have this same problem on 4.14 and 4.15? If so, the issue needs to get fixed there, not papered-over by reverting these old changes, as you will hit the issue again in the future when you update to a newer kernel version. thanks, greg k-h