Browse code
kernels: Revert SMB commit to fix mount regression with SMB3
Mounting SMB3 shares was broken by this upstream commit:
commit 0603c96f3af50 "SMB: Validate negotiate (to protect against
downgrade) even if signing off"
It has been fixed in upstream by a subsequent commit:
commit 4587eee04e2ac "SMB3: Validate negotiate request must always be
signed"
However, backporting this patch to stable kernels (4.4 or 4.9) doesn't
fix the problem; it appears that a more involved patch is required. So
in the meantime, fix the regression by reverting the original commit
that broke SMB3 mounting.
Change-Id: I3df18860d3de682c6082a9f5a501aba8cde6fe1e
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4594
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Alexey Makhalov <amakhalov@vmware.com>
Srivatsa S. Bhat authored on 2018/01/04 12:25:28Showing 3 changed files
- SPECS/linux/linux-esx.spec
- SPECS/linux/linux.spec
- SPECS/linux/revert-SMB-validate-negotiate-even-if-signing-off.patch
| ... | ... |
@@ -2,7 +2,7 @@ |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux-esx |
| 4 | 4 |
Version: 4.4.109 |
| 5 |
-Release: 1%{?dist}
|
|
| 5 |
+Release: 2%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| ... | ... |
@@ -45,6 +45,7 @@ Patch27: dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch |
| 45 | 45 |
Patch28: netfilter-nfnetlink_cthelper-Add-missing-permission-checks.patch |
| 46 | 46 |
# Fix CVE-2017-17450 |
| 47 | 47 |
Patch29: netfilter-xt_osf-Add-missing-permission-checks.patch |
| 48 |
+Patch30: revert-SMB-validate-negotiate-even-if-signing-off.patch |
|
| 48 | 49 |
|
| 49 | 50 |
BuildRequires: bc |
| 50 | 51 |
BuildRequires: kbd |
| ... | ... |
@@ -111,6 +112,7 @@ The Linux package contains the Linux kernel doc files |
| 111 | 111 |
%patch27 -p1 |
| 112 | 112 |
%patch28 -p1 |
| 113 | 113 |
%patch29 -p1 |
| 114 |
+%patch30 -p1 |
|
| 114 | 115 |
|
| 115 | 116 |
%build |
| 116 | 117 |
# patch vmw_balloon driver |
| ... | ... |
@@ -199,6 +201,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
|
| 199 | 199 |
/usr/src/linux-headers-%{uname_r}
|
| 200 | 200 |
|
| 201 | 201 |
%changelog |
| 202 |
+* Wed Jan 03 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.109-2 |
|
| 203 |
+- Fix SMB3 mount regression. |
|
| 202 | 204 |
* Tue Jan 02 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.109-1 |
| 203 | 205 |
- Version update |
| 204 | 206 |
- Add patches to fix CVE-2017-8824, CVE-2017-17448 and CVE-2017-17450. |
| ... | ... |
@@ -2,7 +2,7 @@ |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux |
| 4 | 4 |
Version: 4.4.109 |
| 5 |
-Release: 1%{?kat_build:.%kat_build}%{?dist}
|
|
| 5 |
+Release: 2%{?kat_build:.%kat_build}%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| ... | ... |
@@ -44,6 +44,7 @@ Patch21: dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch |
| 44 | 44 |
Patch22: netfilter-nfnetlink_cthelper-Add-missing-permission-checks.patch |
| 45 | 45 |
# Fix CVE-2017-17450 |
| 46 | 46 |
Patch23: netfilter-xt_osf-Add-missing-permission-checks.patch |
| 47 |
+Patch24: revert-SMB-validate-negotiate-even-if-signing-off.patch |
|
| 47 | 48 |
|
| 48 | 49 |
%if 0%{?kat_build:1}
|
| 49 | 50 |
Patch1000: %{kat_build}.patch
|
| ... | ... |
@@ -140,6 +141,7 @@ This package contains the 'perf' performance analysis tools for Linux kernel. |
| 140 | 140 |
%patch21 -p1 |
| 141 | 141 |
%patch22 -p1 |
| 142 | 142 |
%patch23 -p1 |
| 143 |
+%patch24 -p1 |
|
| 143 | 144 |
|
| 144 | 145 |
%if 0%{?kat_build:1}
|
| 145 | 146 |
%patch1000 -p1 |
| ... | ... |
@@ -296,6 +298,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
|
| 296 | 296 |
/usr/share/perf-core |
| 297 | 297 |
|
| 298 | 298 |
%changelog |
| 299 |
+* Wed Jan 03 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.109-2 |
|
| 300 |
+- Fix SMB3 mount regression. |
|
| 299 | 301 |
* Tue Jan 02 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.109-1 |
| 300 | 302 |
- Version update |
| 301 | 303 |
- Add patches to fix CVE-2017-8824, CVE-2017-17448 and CVE-2017-17450. |
| 302 | 304 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,57 @@ |
| 0 |
+ |
|
| 1 |
+This code reverts the commit mentioned below. (Apply it with patch -p1, |
|
| 2 |
+not patch -p1 -R). |
|
| 3 |
+ |
|
| 4 |
+commit 02ef29f9cbb616bf41900c427830dc8bf3f52d99 |
|
| 5 |
+Author: Steve French <smfrench@gmail.com> |
|
| 6 |
+Date: Wed Sep 20 19:57:18 2017 -0500 |
|
| 7 |
+ |
|
| 8 |
+ SMB: Validate negotiate (to protect against downgrade) even if signing off |
|
| 9 |
+ |
|
| 10 |
+ commit 0603c96f3af50e2f9299fa410c224ab1d465e0f9 upstream. |
|
| 11 |
+ |
|
| 12 |
+ As long as signing is supported (ie not a guest user connection) and |
|
| 13 |
+ connection is SMB3 or SMB3.02, then validate negotiate (protect |
|
| 14 |
+ against man in the middle downgrade attacks). We had been doing this |
|
| 15 |
+ only when signing was required, not when signing was just enabled, |
|
| 16 |
+ but this more closely matches recommended SMB3 behavior and is |
|
| 17 |
+ better security. Suggested by Metze. |
|
| 18 |
+ |
|
| 19 |
+ Signed-off-by: Steve French <smfrench@gmail.com> |
|
| 20 |
+ Reviewed-by: Jeremy Allison <jra@samba.org> |
|
| 21 |
+ Acked-by: Stefan Metzmacher <metze@samba.org> |
|
| 22 |
+ Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com> |
|
| 23 |
+ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
|
| 24 |
+ |
|
| 25 |
+diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c |
|
| 26 |
+index f2ff60e..7123289 100644 |
|
| 27 |
+--- a/fs/cifs/smb2pdu.c |
|
| 28 |
+@@ -526,22 +526,15 @@ int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon) |
|
| 29 |
+ |
|
| 30 |
+ /* |
|
| 31 |
+ * validation ioctl must be signed, so no point sending this if we |
|
| 32 |
+- * can not sign it (ie are not known user). Even if signing is not |
|
| 33 |
+- * required (enabled but not negotiated), in those cases we selectively |
|
| 34 |
++ * can not sign it. We could eventually change this to selectively |
|
| 35 |
+ * sign just this, the first and only signed request on a connection. |
|
| 36 |
+- * Having validation of negotiate info helps reduce attack vectors. |
|
| 37 |
++ * This is good enough for now since a user who wants better security |
|
| 38 |
++ * would also enable signing on the mount. Having validation of |
|
| 39 |
++ * negotiate info for signed connections helps reduce attack vectors |
|
| 40 |
+ */ |
|
| 41 |
+- if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_GUEST) |
|
| 42 |
++ if (tcon->ses->server->sign == false) |
|
| 43 |
+ return 0; /* validation requires signing */ |
|
| 44 |
+ |
|
| 45 |
+- if (tcon->ses->user_name == NULL) {
|
|
| 46 |
+- cifs_dbg(FYI, "Can't validate negotiate: null user mount\n"); |
|
| 47 |
+- return 0; /* validation requires signing */ |
|
| 48 |
+- } |
|
| 49 |
+- |
|
| 50 |
+- if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_NULL) |
|
| 51 |
+- cifs_dbg(VFS, "Unexpected null user (anonymous) auth flag sent by server\n"); |
|
| 52 |
+- |
|
| 53 |
+ vneg_inbuf.Capabilities = |
|
| 54 |
+ cpu_to_le32(tcon->ses->server->vals->req_capabilities); |
|
| 55 |
+ memcpy(vneg_inbuf.Guid, tcon->ses->server->client_guid, |