Received: by 10.223.185.116 with SMTP id b49csp4900908wrg; Tue, 27 Feb 2018 04:41:57 -0800 (PST) X-Google-Smtp-Source: AG47ELt6mPyiSr/OoR9uGAcPoKHX8dnx9PqzzUBuRAzmHsHag4ccKVQoBiLyEvLQPaAXWazNcjzB X-Received: by 2002:a17:902:be14:: with SMTP id r20-v6mr8756622pls.172.1519735317497; Tue, 27 Feb 2018 04:41:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519735317; cv=none; d=google.com; s=arc-20160816; b=Ac1UUvlgk1o/CtRKMIrYjyhlAHGwpBbmWZrLk4Q+tiBBmWCPZie7JR3FV4CLxLJwkn SrdDi9pPowMCHv4+TwN5XzNzJk/0sE9a1StGEg/S2pU4uoNRz0IWmxpyDayBe6B2eNYG Bf/ldESzLkcM+yrSTs4l712rTOsq4Diu3pIfNv4uCQO+t5yYOF/W7RigYDWrub7EC8Zx JeGDVW1KBBS57DTRDaOMbRU33Dg7LMsVZAta4SNre0Adbzpx3cOckxNa8Y6uCKon6bKf 6/NcgB5/y/l5kFdfs+vWT9t1EKn2C/OA9rENz+pFu6CQV4E4XmEwFSIFgSkcgPAglfjA dfZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=/yC15tS3dA96E8OdhARM/pW2GyQ0/IqW+ER4NwPuwvM=; b=P1fma9HyozUQ78v/tg4fQAYIJdo5qdu4x5OQjb0XL9P5AGOpCkXW4SquaT3kuHVfAE cW6Ie8ErwTj4oJOLCSM1WBWyDn/yYwi83olyVbAtXYc3MDqP6z8TGbIR932GkvIFXLIO /B2xLwfNDaFt1qVumSAawU/9hh3NAeV5qp7LjL/faVDWbojZJ2+LMuCQcdgeCkr29pOt AWvrPfx/2+Ew9iRtZMBL4DMV2SUaXNElNv5bNSAEOQA/2pvO8Ax2cBWHd5AJHet0MkWK 9lS5RxlH4ktCP4+vPhLNkXH+ZsklBo07ZdnNEAFSoBV/YvPXThH8R0IKMcjse/rPwIg/ NyAA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q26si6935672pgd.823.2018.02.27.04.41.42; Tue, 27 Feb 2018 04:41:57 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753120AbeB0Mky (ORCPT + 99 others); Tue, 27 Feb 2018 07:40:54 -0500 Received: from mail.linuxfoundation.org ([140.211.169.12]:38100 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752994AbeB0Mkv (ORCPT ); Tue, 27 Feb 2018 07:40:51 -0500 Received: from localhost (clnet-b04-243.ikbnet.co.at [83.175.124.243]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 83A9E10E6; Tue, 27 Feb 2018 12:40:50 +0000 (UTC) Date: Tue, 27 Feb 2018 13:40:50 +0100 From: Greg Kroah-Hartman To: "Srivatsa S. Bhat" Cc: Thomas Backlund , Steve French , =?iso-8859-1?Q?Aur=E9lien?= Aptel , linux-kernel@vger.kernel.org, stable@vger.kernel.org, lsahlber@redhat.com, pshilov@microsoft.com, linux-cifs@vger.kernel.org Subject: Re: [PATCH 4.13 28/43] SMB3: Validate negotiate request must always be signed Message-ID: <20180227124050.GB31888@kroah.com> References: <20171031095530.520746935@linuxfoundation.org> <20171031095531.633196173@linuxfoundation.org> <97340c9a-0ea2-0d3d-cf26-58c799d76cae@mageia.org> <20171101151803.GB31285@kroah.com> <4ba67095-4075-688f-d3fb-157847aee4d9@csail.mit.edu> <28ffc363-5140-5685-d288-6e3dc07c6369@csail.mit.edu> <20180227085428.GA16879@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.3 (2018-01-21) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 27, 2018 at 01:22:31AM -0800, Srivatsa S. Bhat wrote: > On 2/27/18 12:54 AM, Greg Kroah-Hartman wrote: > > On Mon, Feb 26, 2018 at 07:44:28PM -0800, Srivatsa S. Bhat wrote: > >> On 1/3/18 6:15 PM, Srivatsa S. Bhat wrote: > >>> On 11/1/17 8:18 AM, Greg Kroah-Hartman wrote: > >>>> On Tue, Oct 31, 2017 at 03:02:11PM +0200, Thomas Backlund wrote: > >>>>> Den 31.10.2017 kl. 11:55, skrev Greg Kroah-Hartman: > >>>>>> 4.13-stable review patch. If anyone has any objections, please let me know. > >>>>>> > >>>>>> ------------------ > >>>>>> > >>>>>> From: Steve French > >>>>>> > >>>>>> commit 4587eee04e2ac7ac3ac9fa2bc164fb6e548f99cd upstream. > >>>>>> > >>>>>> According to MS-SMB2 3.2.55 validate_negotiate request must > >>>>>> always be signed. Some Windows can fail the request if you send it unsigned > >>>>>> > >>>>>> See kernel bugzilla bug 197311 > >>>>>> > >>>>>> Acked-by: Ronnie Sahlberg > >>>>>> Signed-off-by: Steve French > >>>>>> Signed-off-by: Greg Kroah-Hartman > >>>>>> > >>>>>> --- > >>>>>> fs/cifs/smb2pdu.c | 3 +++ > >>>>>> 1 file changed, 3 insertions(+) > >>>>>> > >>>>>> --- a/fs/cifs/smb2pdu.c > >>>>>> +++ b/fs/cifs/smb2pdu.c > >>>>>> @@ -1963,6 +1963,9 @@ SMB2_ioctl(const unsigned int xid, struc > >>>>>> } else > >>>>>> iov[0].iov_len = get_rfc1002_length(req) + 4; > >>>>>> + /* validate negotiate request must be signed - see MS-SMB2 3.2.5.5 */ > >>>>>> + if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO) > >>>>>> + req->hdr.sync_hdr.Flags |= SMB2_FLAGS_SIGNED; > >>>>>> rc = SendReceive2(xid, ses, iov, n_iov, &resp_buftype, flags, &rsp_iov); > >>>>>> cifs_small_buf_release(req); > >>>>>> > >>>>>> > >>>>>> > >>>>> > >>>>> This one needs to be backported to all stable kernels as the commit that > >>>>> introduced the regression: > >>>>> ' > >>>>> 0603c96f3af50e2f9299fa410c224ab1d465e0f9 > >>>>> SMB: Validate negotiate (to protect against downgrade) even if signing off > >>>>> > >>>>> is backported in stable trees as of: 4.9.53, 4.4.90, 3.18.73 > >>>> > >>>> Oh wait, it breaks the builds on older kernels, that's why I didn't > >>>> apply it :) > >>>> > >>>> Can you provide me with a working backport? > >>>> > >>> > >>> Hi Steve, > >>> > >>> Is there a version of this fix available for stable kernels? > >>> > >> > >> Hi Greg, > >> > >> Mounting SMB3 shares continues to fail for me on 4.4.118 and 4.9.84 > >> due to the issues that I have described in detail on this mail thread. > >> > >> Since there is no apparent fix for this bug on stable kernels, could > >> you please consider reverting the original commit that caused this > >> regression? > >> > >> That commit was intended to enhance security, which is probably why it > >> was backported to stable kernels in the first place; but instead it > >> ends up breaking basic functionality itself (mounting). So in the > >> absence of a proper fix, I don't see much of an option but to revert > >> that commit. > >> > >> So, please consider reverting the following: > >> > >> commit 02ef29f9cbb616bf419 "SMB: Validate negotiate (to protect > >> against downgrade) even if signing off" on 4.4.118 > >> > >> commit 0e1b85a41a25ac888fb "SMB: Validate negotiate (to protect > >> against downgrade) even if signing off" on 4.9.84 > >> > >> They correspond to commit 0603c96f3af50e2f9299fa410c224ab1d465e0f9 > >> upstream. Both these patches should revert cleanly. > > > > Do you still have this same problem on 4.14 and 4.15? If so, the issue > > needs to get fixed there, not papered-over by reverting these old > > changes, as you will hit the issue again in the future when you update > > to a newer kernel version. > > > > 4.14 and 4.15 work great! (I had mentioned this is in my original bug > report but forgot to summarize it here, sorry). Then what is the bugfix that should be applied here in order to keep things working with these patches applied? thanks, greg k-h