diff options
| author | Steve French <stfrench@microsoft.com> | 2024-09-30 20:03:44 -0500 |
|---|---|---|
| committer | Steve French <stfrench@microsoft.com> | 2024-09-30 22:07:45 -0500 |
| commit | 1eecd880a3ffb42e8cfbc4895998bdb178449b8b (patch) | |
| tree | ced12687488f5cf5ccc43b275e364962187f901a /fs/smb | |
| parent | dd0d7edb866db2b9d23dc50553cbdd3f6a159fba (diff) | |
Revert "smb: client: make SHA-512 TFM ephemeral"
The original patch causes a crash with signed mounts when using
the SMB2.1 dialect
RIP: 0010:smb2_calc_signature+0x10e/0x460 [cifs]
Code: 46 30 00 00 00 00 49 c7 46 38 00 00 00 00 0f 85 3e 01 00 00 48 8b 83 a8 02 00 00 48 89 85 68 ff ff ff 49 8b b4 24 58 01 00 00 <48> 8b 38 ba 10 00 00 00 e8 55 0f 0c e0 41 89 c7 85 c0 0f 85 44 01
RSP: 0018:ffffb349422fb5c8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff98028765b800 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff980200f2b100 RDI: 0000000000000000
RBP: ffffb349422fb680 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff980235e37800
R13: ffffb349422fb900 R14: ffff98027c160700 R15: ffff98028765b820
FS: 000074139b98f780(0000) GS:ffff98097b980000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000011cb78006 CR4: 00000000003726f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
? show_regs+0x6c/0x80
? __die+0x24/0x80
? page_fault_oops+0x175/0x5c0
? hrtimer_try_to_cancel.part.0+0x55/0xf0
? do_user_addr_fault+0x4b2/0x870
? exc_page_fault+0x85/0x1c0
? asm_exc_page_fault+0x27/0x30
? smb2_calc_signature+0x10e/0x460 [cifs]
? smb2_calc_signature+0xa7/0x460 [cifs]
? kmem_cache_alloc_noprof+0x101/0x300
smb2_sign_rqst+0xa2/0xe0 [cifs]
smb2_setup_request+0x12d/0x240 [cifs]
compound_send_recv+0x304/0x1220 [cifs]
cifs_send_recv+0x22/0x40 [cifs]
SMB2_tcon+0x2d9/0x8c0 [cifs]
cifs_get_smb_ses+0x910/0xef0 [cifs]
? cifs_get_smb_ses+0x910/0xef0 [cifs]
cifs_mount_get_session+0x6a/0x250 [cifs]
Reported-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
Suggested-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
This reverts commit 220d83b52c7d16ec3c168b82f4e6ce59c645f7ab.
Diffstat (limited to 'fs/smb')
| -rw-r--r-- | fs/smb/client/cifsencrypt.c | 1 | ||||
| -rw-r--r-- | fs/smb/client/cifsglob.h | 1 | ||||
| -rw-r--r-- | fs/smb/client/sess.c | 2 | ||||
| -rw-r--r-- | fs/smb/client/smb2misc.c | 28 | ||||
| -rw-r--r-- | fs/smb/client/smb2proto.h | 2 | ||||
| -rw-r--r-- | fs/smb/client/smb2transport.c | 30 |
6 files changed, 47 insertions, 17 deletions
diff --git a/fs/smb/client/cifsencrypt.c b/fs/smb/client/cifsencrypt.c index 2d851f596a72..464e6ccdfa5f 100644 --- a/fs/smb/client/cifsencrypt.c +++ b/fs/smb/client/cifsencrypt.c @@ -700,6 +700,7 @@ cifs_crypto_secmech_release(struct TCP_Server_Info *server) cifs_free_hash(&server->secmech.aes_cmac); cifs_free_hash(&server->secmech.hmacsha256); cifs_free_hash(&server->secmech.md5); + cifs_free_hash(&server->secmech.sha512); if (!SERVER_IS_CHAN(server)) { if (server->secmech.enc) { diff --git a/fs/smb/client/cifsglob.h b/fs/smb/client/cifsglob.h index 315aac5dec05..da35c160e7dd 100644 --- a/fs/smb/client/cifsglob.h +++ b/fs/smb/client/cifsglob.h @@ -180,6 +180,7 @@ struct session_key { struct cifs_secmech { struct shash_desc *md5; /* md5 hash function, for CIFS/SMB1 signatures */ struct shash_desc *hmacsha256; /* hmac-sha256 hash function, for SMB2 signatures */ + struct shash_desc *sha512; /* sha512 hash function, for SMB3.1.1 preauth hash */ struct shash_desc *aes_cmac; /* block-cipher based MAC function, for SMB3 signatures */ struct crypto_aead *enc; /* smb3 encryption AEAD TFM (AES-CCM and AES-GCM) */ diff --git a/fs/smb/client/sess.c b/fs/smb/client/sess.c index 03c0b484a4b5..3216f786908f 100644 --- a/fs/smb/client/sess.c +++ b/fs/smb/client/sess.c @@ -624,7 +624,7 @@ cifs_ses_add_channel(struct cifs_ses *ses, * to sign packets before we generate the channel signing key * (we sign with the session key) */ - rc = smb3_crypto_shash_allocate(chan->server); + rc = smb311_crypto_shash_allocate(chan->server); if (rc) { cifs_dbg(VFS, "%s: crypto alloc failed\n", __func__); mutex_unlock(&ses->session_mutex); diff --git a/fs/smb/client/smb2misc.c b/fs/smb/client/smb2misc.c index bdeb12ff53e3..f3c4b70b77b9 100644 --- a/fs/smb/client/smb2misc.c +++ b/fs/smb/client/smb2misc.c @@ -906,41 +906,41 @@ smb311_update_preauth_hash(struct cifs_ses *ses, struct TCP_Server_Info *server, || (hdr->Status != cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED)))) return 0; + ok: - rc = cifs_alloc_hash("sha512", &sha512); - if (rc) { - cifs_dbg(VFS, "%s: Could not allocate SHA512 shash, rc=%d\n", __func__, rc); + rc = smb311_crypto_shash_allocate(server); + if (rc) return rc; - } + sha512 = server->secmech.sha512; rc = crypto_shash_init(sha512); if (rc) { - cifs_dbg(VFS, "%s: Could not init SHA512 shash, rc=%d\n", __func__, rc); - goto err_free; + cifs_dbg(VFS, "%s: Could not init sha512 shash\n", __func__); + return rc; } rc = crypto_shash_update(sha512, ses->preauth_sha_hash, SMB2_PREAUTH_HASH_SIZE); if (rc) { - cifs_dbg(VFS, "%s: Could not update SHA512 shash, rc=%d\n", __func__, rc); - goto err_free; + cifs_dbg(VFS, "%s: Could not update sha512 shash\n", __func__); + return rc; } for (i = 0; i < nvec; i++) { rc = crypto_shash_update(sha512, iov[i].iov_base, iov[i].iov_len); if (rc) { - cifs_dbg(VFS, "%s: Could not update SHA512 shash, rc=%d\n", __func__, rc); - goto err_free; + cifs_dbg(VFS, "%s: Could not update sha512 shash\n", + __func__); + return rc; } } rc = crypto_shash_final(sha512, ses->preauth_sha_hash); if (rc) { - cifs_dbg(VFS, "%s: Could not finalize SHA12 shash, rc=%d\n", __func__, rc); - goto err_free; + cifs_dbg(VFS, "%s: Could not finalize sha512 shash\n", + __func__); + return rc; } -err_free: - cifs_free_hash(&sha512); return 0; } diff --git a/fs/smb/client/smb2proto.h b/fs/smb/client/smb2proto.h index 56a896ff7cd9..c7e1b149877a 100644 --- a/fs/smb/client/smb2proto.h +++ b/fs/smb/client/smb2proto.h @@ -291,7 +291,7 @@ extern int smb2_validate_and_copy_iov(unsigned int offset, extern void smb2_copy_fs_info_to_kstatfs( struct smb2_fs_full_size_info *pfs_inf, struct kstatfs *kst); -extern int smb3_crypto_shash_allocate(struct TCP_Server_Info *server); +extern int smb311_crypto_shash_allocate(struct TCP_Server_Info *server); extern int smb311_update_preauth_hash(struct cifs_ses *ses, struct TCP_Server_Info *server, struct kvec *iov, int nvec); diff --git a/fs/smb/client/smb2transport.c b/fs/smb/client/smb2transport.c index f7e04c40d22e..c8bf0000f73b 100644 --- a/fs/smb/client/smb2transport.c +++ b/fs/smb/client/smb2transport.c @@ -26,7 +26,8 @@ #include "../common/smb2status.h" #include "smb2glob.h" -int smb3_crypto_shash_allocate(struct TCP_Server_Info *server) +static int +smb3_crypto_shash_allocate(struct TCP_Server_Info *server) { struct cifs_secmech *p = &server->secmech; int rc; @@ -45,6 +46,33 @@ err: return rc; } +int +smb311_crypto_shash_allocate(struct TCP_Server_Info *server) +{ + struct cifs_secmech *p = &server->secmech; + int rc = 0; + + rc = cifs_alloc_hash("hmac(sha256)", &p->hmacsha256); + if (rc) + return rc; + + rc = cifs_alloc_hash("cmac(aes)", &p->aes_cmac); + if (rc) + goto err; + + rc = cifs_alloc_hash("sha512", &p->sha512); + if (rc) + goto err; + + return 0; + +err: + cifs_free_hash(&p->aes_cmac); + cifs_free_hash(&p->hmacsha256); + return rc; +} + + static int smb2_get_sign_key(__u64 ses_id, struct TCP_Server_Info *server, u8 *key) { |