+++ /dev/null
-From b74cb9a80268be5c80cf4c87c74debf0ff2129ac Mon Sep 17 00:00:00 2001
-From: Sachin Prabhu <sprabhu@redhat.com>
-Date: Tue, 17 May 2016 18:20:13 -0500
-Subject: cifs: Create dedicated keyring for spnego operations
-
-From: Sachin Prabhu <sprabhu@redhat.com>
-
-commit b74cb9a80268be5c80cf4c87c74debf0ff2129ac upstream.
-
-The session key is the default keyring set for request_key operations.
-This session key is revoked when the user owning the session logs out.
-Any long running daemon processes started by this session ends up with
-revoked session keyring which prevents these processes from using the
-request_key mechanism from obtaining the krb5 keys.
-
-The problem has been reported by a large number of autofs users. The
-problem is also seen with multiuser mounts where the share may be used
-by processes run by a user who has since logged out. A reproducer using
-automount is available on the Red Hat bz.
-
-The patch creates a new keyring which is used to cache cifs spnego
-upcalls.
-
-Red Hat bz: 1267754
-
-Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
-Reported-by: Scott Mayhew <smayhew@redhat.com>
-Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
-Signed-off-by: Steve French <smfrench@gmail.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- fs/cifs/cifs_spnego.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++
- fs/cifs/cifsfs.c | 4 +-
- fs/cifs/cifsproto.h | 2 +
- 3 files changed, 71 insertions(+), 2 deletions(-)
-
---- a/fs/cifs/cifs_spnego.c
-+++ b/fs/cifs/cifs_spnego.c
-@@ -24,10 +24,13 @@
- #include <linux/string.h>
- #include <keys/user-type.h>
- #include <linux/key-type.h>
-+#include <linux/keyctl.h>
- #include <linux/inet.h>
- #include "cifsglob.h"
- #include "cifs_spnego.h"
- #include "cifs_debug.h"
-+#include "cifsproto.h"
-+static const struct cred *spnego_cred;
-
- /* create a new cifs key */
- static int
-@@ -103,6 +106,7 @@ cifs_get_spnego_key(struct cifs_ses *ses
- size_t desc_len;
- struct key *spnego_key;
- const char *hostname = server->hostname;
-+ const struct cred *saved_cred;
-
- /* length of fields (with semicolons): ver=0xyz ip4=ipaddress
- host=hostname sec=mechanism uid=0xFF user=username */
-@@ -164,7 +168,9 @@ cifs_get_spnego_key(struct cifs_ses *ses
- sprintf(dp, ";pid=0x%x", current->pid);
-
- cifs_dbg(FYI, "key description = %s\n", description);
-+ saved_cred = override_creds(spnego_cred);
- spnego_key = request_key(&cifs_spnego_key_type, description, "");
-+ revert_creds(saved_cred);
-
- #ifdef CONFIG_CIFS_DEBUG2
- if (cifsFYI && !IS_ERR(spnego_key)) {
-@@ -178,3 +184,64 @@ out:
- kfree(description);
- return spnego_key;
- }
-+
-+int
-+init_cifs_spnego(void)
-+{
-+ struct cred *cred;
-+ struct key *keyring;
-+ int ret;
-+
-+ cifs_dbg(FYI, "Registering the %s key type\n",
-+ cifs_spnego_key_type.name);
-+
-+ /*
-+ * Create an override credential set with special thread keyring for
-+ * spnego upcalls.
-+ */
-+
-+ cred = prepare_kernel_cred(NULL);
-+ if (!cred)
-+ return -ENOMEM;
-+
-+ keyring = keyring_alloc(".cifs_spnego",
-+ GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,
-+ (KEY_POS_ALL & ~KEY_POS_SETATTR) |
-+ KEY_USR_VIEW | KEY_USR_READ,
-+ KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
-+ if (IS_ERR(keyring)) {
-+ ret = PTR_ERR(keyring);
-+ goto failed_put_cred;
-+ }
-+
-+ ret = register_key_type(&cifs_spnego_key_type);
-+ if (ret < 0)
-+ goto failed_put_key;
-+
-+ /*
-+ * instruct request_key() to use this special keyring as a cache for
-+ * the results it looks up
-+ */
-+ set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags);
-+ cred->thread_keyring = keyring;
-+ cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
-+ spnego_cred = cred;
-+
-+ cifs_dbg(FYI, "cifs spnego keyring: %d\n", key_serial(keyring));
-+ return 0;
-+
-+failed_put_key:
-+ key_put(keyring);
-+failed_put_cred:
-+ put_cred(cred);
-+ return ret;
-+}
-+
-+void
-+exit_cifs_spnego(void)
-+{
-+ key_revoke(spnego_cred->thread_keyring);
-+ unregister_key_type(&cifs_spnego_key_type);
-+ put_cred(spnego_cred);
-+ cifs_dbg(FYI, "Unregistered %s key type\n", cifs_spnego_key_type.name);
-+}
---- a/fs/cifs/cifsfs.c
-+++ b/fs/cifs/cifsfs.c
-@@ -1228,7 +1228,7 @@ init_cifs(void)
- goto out_destroy_mids;
-
- #ifdef CONFIG_CIFS_UPCALL
-- rc = register_key_type(&cifs_spnego_key_type);
-+ rc = init_cifs_spnego();
- if (rc)
- goto out_destroy_request_bufs;
- #endif /* CONFIG_CIFS_UPCALL */
-@@ -1251,7 +1251,7 @@ out_init_cifs_idmap:
- out_register_key_type:
- #endif
- #ifdef CONFIG_CIFS_UPCALL
-- unregister_key_type(&cifs_spnego_key_type);
-+ exit_cifs_spnego();
- out_destroy_request_bufs:
- #endif
- cifs_destroy_request_bufs();
---- a/fs/cifs/cifsproto.h
-+++ b/fs/cifs/cifsproto.h
-@@ -59,6 +59,8 @@ do { \
- } while (0)
- extern int init_cifs_idmap(void);
- extern void exit_cifs_idmap(void);
-+extern int init_cifs_spnego(void);
-+extern void exit_cifs_spnego(void);
- extern char *build_path_from_dentry(struct dentry *);
- extern char *cifs_build_path_to_root(struct smb_vol *vol,
- struct cifs_sb_info *cifs_sb,
+++ /dev/null
-From bdb6cf9f6fe6d9af905ea34b7c4bb78ea601329e Mon Sep 17 00:00:00 2001
-From: Corentin LABBE <clabbe.montjoie@gmail.com>
-Date: Wed, 23 Mar 2016 16:11:24 +0100
-Subject: crypto: sun4i-ss - Replace spinlock_bh by spin_lock_irq{save|restore}
-
-From: Corentin LABBE <clabbe.montjoie@gmail.com>
-
-commit bdb6cf9f6fe6d9af905ea34b7c4bb78ea601329e upstream.
-
-The current sun4i-ss driver could generate data corruption when ciphering/deciphering.
-It occurs randomly on end of handled data.
-No root cause have been found and the only way to remove it is to replace
-all spin_lock_bh by their irq counterparts.
-
-Fixes: 6298e948215f ("crypto: sunxi-ss - Add Allwinner Security System crypto accelerator")
-Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
-Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
-diff --git a/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c b/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c
-index 7be3fbcd8d78..3830d7c4e138 100644
---- a/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c
-+++ b/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c
-@@ -35,6 +35,7 @@ static int sun4i_ss_opti_poll(struct ablkcipher_request *areq)
- unsigned int todo;
- struct sg_mapping_iter mi, mo;
- unsigned int oi, oo; /* offset for in and out */
-+ unsigned long flags;
-
- if (areq->nbytes == 0)
- return 0;
-@@ -49,7 +50,7 @@ static int sun4i_ss_opti_poll(struct ablkcipher_request *areq)
- return -EINVAL;
- }
-
-- spin_lock_bh(&ss->slock);
-+ spin_lock_irqsave(&ss->slock, flags);
-
- for (i = 0; i < op->keylen; i += 4)
- writel(*(op->key + i / 4), ss->base + SS_KEY0 + i);
-@@ -117,7 +118,7 @@ release_ss:
- sg_miter_stop(&mi);
- sg_miter_stop(&mo);
- writel(0, ss->base + SS_CTL);
-- spin_unlock_bh(&ss->slock);
-+ spin_unlock_irqrestore(&ss->slock, flags);
- return err;
- }
-
-@@ -149,6 +150,7 @@ static int sun4i_ss_cipher_poll(struct ablkcipher_request *areq)
- unsigned int ob = 0; /* offset in buf */
- unsigned int obo = 0; /* offset in bufo*/
- unsigned int obl = 0; /* length of data in bufo */
-+ unsigned long flags;
-
- if (areq->nbytes == 0)
- return 0;
-@@ -181,7 +183,7 @@ static int sun4i_ss_cipher_poll(struct ablkcipher_request *areq)
- if (no_chunk == 1)
- return sun4i_ss_opti_poll(areq);
-
-- spin_lock_bh(&ss->slock);
-+ spin_lock_irqsave(&ss->slock, flags);
-
- for (i = 0; i < op->keylen; i += 4)
- writel(*(op->key + i / 4), ss->base + SS_KEY0 + i);
-@@ -307,7 +309,7 @@ release_ss:
- sg_miter_stop(&mi);
- sg_miter_stop(&mo);
- writel(0, ss->base + SS_CTL);
-- spin_unlock_bh(&ss->slock);
-+ spin_unlock_irqrestore(&ss->slock, flags);
-
- return err;
- }
arm-arm64-kvm-enforce-break-before-make-on-stage-2-page-tables.patch
remove-directory-incorrectly-tries-to-set-delete-on-close-on-non-empty-directories.patch
fs-cifs-correctly-to-anonymous-authentication-via-ntlmssp.patch
-cifs-create-dedicated-keyring-for-spnego-operations.patch
ring-buffer-use-long-for-nr_pages-to-avoid-overflow-failures.patch
ring-buffer-prevent-overflow-of-size-in-ring_buffer_resize.patch
crypto-caam-fix-caam_jr_alloc-ret-code.patch
-crypto-sun4i-ss-replace-spinlock_bh-by-spin_lock_irq-save-restore.patch
+++ /dev/null
-From b74cb9a80268be5c80cf4c87c74debf0ff2129ac Mon Sep 17 00:00:00 2001
-From: Sachin Prabhu <sprabhu@redhat.com>
-Date: Tue, 17 May 2016 18:20:13 -0500
-Subject: cifs: Create dedicated keyring for spnego operations
-
-From: Sachin Prabhu <sprabhu@redhat.com>
-
-commit b74cb9a80268be5c80cf4c87c74debf0ff2129ac upstream.
-
-The session key is the default keyring set for request_key operations.
-This session key is revoked when the user owning the session logs out.
-Any long running daemon processes started by this session ends up with
-revoked session keyring which prevents these processes from using the
-request_key mechanism from obtaining the krb5 keys.
-
-The problem has been reported by a large number of autofs users. The
-problem is also seen with multiuser mounts where the share may be used
-by processes run by a user who has since logged out. A reproducer using
-automount is available on the Red Hat bz.
-
-The patch creates a new keyring which is used to cache cifs spnego
-upcalls.
-
-Red Hat bz: 1267754
-
-Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
-Reported-by: Scott Mayhew <smayhew@redhat.com>
-Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
-Signed-off-by: Steve French <smfrench@gmail.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- fs/cifs/cifs_spnego.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++
- fs/cifs/cifsfs.c | 4 +-
- fs/cifs/cifsproto.h | 2 +
- 3 files changed, 71 insertions(+), 2 deletions(-)
-
---- a/fs/cifs/cifs_spnego.c
-+++ b/fs/cifs/cifs_spnego.c
-@@ -24,10 +24,13 @@
- #include <linux/string.h>
- #include <keys/user-type.h>
- #include <linux/key-type.h>
-+#include <linux/keyctl.h>
- #include <linux/inet.h>
- #include "cifsglob.h"
- #include "cifs_spnego.h"
- #include "cifs_debug.h"
-+#include "cifsproto.h"
-+static const struct cred *spnego_cred;
-
- /* create a new cifs key */
- static int
-@@ -102,6 +105,7 @@ cifs_get_spnego_key(struct cifs_ses *ses
- size_t desc_len;
- struct key *spnego_key;
- const char *hostname = server->hostname;
-+ const struct cred *saved_cred;
-
- /* length of fields (with semicolons): ver=0xyz ip4=ipaddress
- host=hostname sec=mechanism uid=0xFF user=username */
-@@ -163,7 +167,9 @@ cifs_get_spnego_key(struct cifs_ses *ses
- sprintf(dp, ";pid=0x%x", current->pid);
-
- cifs_dbg(FYI, "key description = %s\n", description);
-+ saved_cred = override_creds(spnego_cred);
- spnego_key = request_key(&cifs_spnego_key_type, description, "");
-+ revert_creds(saved_cred);
-
- #ifdef CONFIG_CIFS_DEBUG2
- if (cifsFYI && !IS_ERR(spnego_key)) {
-@@ -177,3 +183,64 @@ out:
- kfree(description);
- return spnego_key;
- }
-+
-+int
-+init_cifs_spnego(void)
-+{
-+ struct cred *cred;
-+ struct key *keyring;
-+ int ret;
-+
-+ cifs_dbg(FYI, "Registering the %s key type\n",
-+ cifs_spnego_key_type.name);
-+
-+ /*
-+ * Create an override credential set with special thread keyring for
-+ * spnego upcalls.
-+ */
-+
-+ cred = prepare_kernel_cred(NULL);
-+ if (!cred)
-+ return -ENOMEM;
-+
-+ keyring = keyring_alloc(".cifs_spnego",
-+ GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,
-+ (KEY_POS_ALL & ~KEY_POS_SETATTR) |
-+ KEY_USR_VIEW | KEY_USR_READ,
-+ KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
-+ if (IS_ERR(keyring)) {
-+ ret = PTR_ERR(keyring);
-+ goto failed_put_cred;
-+ }
-+
-+ ret = register_key_type(&cifs_spnego_key_type);
-+ if (ret < 0)
-+ goto failed_put_key;
-+
-+ /*
-+ * instruct request_key() to use this special keyring as a cache for
-+ * the results it looks up
-+ */
-+ set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags);
-+ cred->thread_keyring = keyring;
-+ cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
-+ spnego_cred = cred;
-+
-+ cifs_dbg(FYI, "cifs spnego keyring: %d\n", key_serial(keyring));
-+ return 0;
-+
-+failed_put_key:
-+ key_put(keyring);
-+failed_put_cred:
-+ put_cred(cred);
-+ return ret;
-+}
-+
-+void
-+exit_cifs_spnego(void)
-+{
-+ key_revoke(spnego_cred->thread_keyring);
-+ unregister_key_type(&cifs_spnego_key_type);
-+ put_cred(spnego_cred);
-+ cifs_dbg(FYI, "Unregistered %s key type\n", cifs_spnego_key_type.name);
-+}
---- a/fs/cifs/cifsfs.c
-+++ b/fs/cifs/cifsfs.c
-@@ -1233,7 +1233,7 @@ init_cifs(void)
- goto out_destroy_mids;
-
- #ifdef CONFIG_CIFS_UPCALL
-- rc = register_key_type(&cifs_spnego_key_type);
-+ rc = init_cifs_spnego();
- if (rc)
- goto out_destroy_request_bufs;
- #endif /* CONFIG_CIFS_UPCALL */
-@@ -1256,7 +1256,7 @@ out_init_cifs_idmap:
- out_register_key_type:
- #endif
- #ifdef CONFIG_CIFS_UPCALL
-- unregister_key_type(&cifs_spnego_key_type);
-+ exit_cifs_spnego();
- out_destroy_request_bufs:
- #endif
- cifs_destroy_request_bufs();
---- a/fs/cifs/cifsproto.h
-+++ b/fs/cifs/cifsproto.h
-@@ -60,6 +60,8 @@ do { \
- } while (0)
- extern int init_cifs_idmap(void);
- extern void exit_cifs_idmap(void);
-+extern int init_cifs_spnego(void);
-+extern void exit_cifs_spnego(void);
- extern char *build_path_from_dentry(struct dentry *);
- extern char *cifs_build_path_to_root(struct smb_vol *vol,
- struct cifs_sb_info *cifs_sb,
fs-cifs-correctly-to-anonymous-authentication-for-the-lanman-authentication.patch
fs-cifs-correctly-to-anonymous-authentication-for-the-ntlm-v1-authentication.patch
fs-cifs-correctly-to-anonymous-authentication-for-the-ntlm-v2-authentication.patch
-cifs-create-dedicated-keyring-for-spnego-operations.patch
asix-fix-offset-calculation-in-asix_rx_fixup-causing-slow-transmissions.patch
ring-buffer-use-long-for-nr_pages-to-avoid-overflow-failures.patch
ring-buffer-prevent-overflow-of-size-in-ring_buffer_resize.patch
+++ /dev/null
-From b74cb9a80268be5c80cf4c87c74debf0ff2129ac Mon Sep 17 00:00:00 2001
-From: Sachin Prabhu <sprabhu@redhat.com>
-Date: Tue, 17 May 2016 18:20:13 -0500
-Subject: cifs: Create dedicated keyring for spnego operations
-
-From: Sachin Prabhu <sprabhu@redhat.com>
-
-commit b74cb9a80268be5c80cf4c87c74debf0ff2129ac upstream.
-
-The session key is the default keyring set for request_key operations.
-This session key is revoked when the user owning the session logs out.
-Any long running daemon processes started by this session ends up with
-revoked session keyring which prevents these processes from using the
-request_key mechanism from obtaining the krb5 keys.
-
-The problem has been reported by a large number of autofs users. The
-problem is also seen with multiuser mounts where the share may be used
-by processes run by a user who has since logged out. A reproducer using
-automount is available on the Red Hat bz.
-
-The patch creates a new keyring which is used to cache cifs spnego
-upcalls.
-
-Red Hat bz: 1267754
-
-Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
-Reported-by: Scott Mayhew <smayhew@redhat.com>
-Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
-Signed-off-by: Steve French <smfrench@gmail.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- fs/cifs/cifs_spnego.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++
- fs/cifs/cifsfs.c | 4 +-
- fs/cifs/cifsproto.h | 2 +
- 3 files changed, 71 insertions(+), 2 deletions(-)
-
---- a/fs/cifs/cifs_spnego.c
-+++ b/fs/cifs/cifs_spnego.c
-@@ -24,10 +24,13 @@
- #include <linux/string.h>
- #include <keys/user-type.h>
- #include <linux/key-type.h>
-+#include <linux/keyctl.h>
- #include <linux/inet.h>
- #include "cifsglob.h"
- #include "cifs_spnego.h"
- #include "cifs_debug.h"
-+#include "cifsproto.h"
-+static const struct cred *spnego_cred;
-
- /* create a new cifs key */
- static int
-@@ -102,6 +105,7 @@ cifs_get_spnego_key(struct cifs_ses *ses
- size_t desc_len;
- struct key *spnego_key;
- const char *hostname = server->hostname;
-+ const struct cred *saved_cred;
-
- /* length of fields (with semicolons): ver=0xyz ip4=ipaddress
- host=hostname sec=mechanism uid=0xFF user=username */
-@@ -163,7 +167,9 @@ cifs_get_spnego_key(struct cifs_ses *ses
- sprintf(dp, ";pid=0x%x", current->pid);
-
- cifs_dbg(FYI, "key description = %s\n", description);
-+ saved_cred = override_creds(spnego_cred);
- spnego_key = request_key(&cifs_spnego_key_type, description, "");
-+ revert_creds(saved_cred);
-
- #ifdef CONFIG_CIFS_DEBUG2
- if (cifsFYI && !IS_ERR(spnego_key)) {
-@@ -177,3 +183,64 @@ out:
- kfree(description);
- return spnego_key;
- }
-+
-+int
-+init_cifs_spnego(void)
-+{
-+ struct cred *cred;
-+ struct key *keyring;
-+ int ret;
-+
-+ cifs_dbg(FYI, "Registering the %s key type\n",
-+ cifs_spnego_key_type.name);
-+
-+ /*
-+ * Create an override credential set with special thread keyring for
-+ * spnego upcalls.
-+ */
-+
-+ cred = prepare_kernel_cred(NULL);
-+ if (!cred)
-+ return -ENOMEM;
-+
-+ keyring = keyring_alloc(".cifs_spnego",
-+ GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,
-+ (KEY_POS_ALL & ~KEY_POS_SETATTR) |
-+ KEY_USR_VIEW | KEY_USR_READ,
-+ KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
-+ if (IS_ERR(keyring)) {
-+ ret = PTR_ERR(keyring);
-+ goto failed_put_cred;
-+ }
-+
-+ ret = register_key_type(&cifs_spnego_key_type);
-+ if (ret < 0)
-+ goto failed_put_key;
-+
-+ /*
-+ * instruct request_key() to use this special keyring as a cache for
-+ * the results it looks up
-+ */
-+ set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags);
-+ cred->thread_keyring = keyring;
-+ cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
-+ spnego_cred = cred;
-+
-+ cifs_dbg(FYI, "cifs spnego keyring: %d\n", key_serial(keyring));
-+ return 0;
-+
-+failed_put_key:
-+ key_put(keyring);
-+failed_put_cred:
-+ put_cred(cred);
-+ return ret;
-+}
-+
-+void
-+exit_cifs_spnego(void)
-+{
-+ key_revoke(spnego_cred->thread_keyring);
-+ unregister_key_type(&cifs_spnego_key_type);
-+ put_cred(spnego_cred);
-+ cifs_dbg(FYI, "Unregistered %s key type\n", cifs_spnego_key_type.name);
-+}
---- a/fs/cifs/cifsfs.c
-+++ b/fs/cifs/cifsfs.c
-@@ -1309,7 +1309,7 @@ init_cifs(void)
- goto out_destroy_mids;
-
- #ifdef CONFIG_CIFS_UPCALL
-- rc = register_key_type(&cifs_spnego_key_type);
-+ rc = init_cifs_spnego();
- if (rc)
- goto out_destroy_request_bufs;
- #endif /* CONFIG_CIFS_UPCALL */
-@@ -1332,7 +1332,7 @@ out_init_cifs_idmap:
- out_register_key_type:
- #endif
- #ifdef CONFIG_CIFS_UPCALL
-- unregister_key_type(&cifs_spnego_key_type);
-+ exit_cifs_spnego();
- out_destroy_request_bufs:
- #endif
- cifs_destroy_request_bufs();
---- a/fs/cifs/cifsproto.h
-+++ b/fs/cifs/cifsproto.h
-@@ -60,6 +60,8 @@ do { \
- } while (0)
- extern int init_cifs_idmap(void);
- extern void exit_cifs_idmap(void);
-+extern int init_cifs_spnego(void);
-+extern void exit_cifs_spnego(void);
- extern char *build_path_from_dentry(struct dentry *);
- extern char *cifs_build_path_to_root(struct smb_vol *vol,
- struct cifs_sb_info *cifs_sb,
fs-cifs-correctly-to-anonymous-authentication-for-the-lanman-authentication.patch
fs-cifs-correctly-to-anonymous-authentication-for-the-ntlm-v1-authentication.patch
fs-cifs-correctly-to-anonymous-authentication-for-the-ntlm-v2-authentication.patch
-cifs-create-dedicated-keyring-for-spnego-operations.patch
asix-fix-offset-calculation-in-asix_rx_fixup-causing-slow-transmissions.patch
ring-buffer-use-long-for-nr_pages-to-avoid-overflow-failures.patch
ring-buffer-prevent-overflow-of-size-in-ring_buffer_resize.patch
+++ /dev/null
-From b74cb9a80268be5c80cf4c87c74debf0ff2129ac Mon Sep 17 00:00:00 2001
-From: Sachin Prabhu <sprabhu@redhat.com>
-Date: Tue, 17 May 2016 18:20:13 -0500
-Subject: cifs: Create dedicated keyring for spnego operations
-
-From: Sachin Prabhu <sprabhu@redhat.com>
-
-commit b74cb9a80268be5c80cf4c87c74debf0ff2129ac upstream.
-
-The session key is the default keyring set for request_key operations.
-This session key is revoked when the user owning the session logs out.
-Any long running daemon processes started by this session ends up with
-revoked session keyring which prevents these processes from using the
-request_key mechanism from obtaining the krb5 keys.
-
-The problem has been reported by a large number of autofs users. The
-problem is also seen with multiuser mounts where the share may be used
-by processes run by a user who has since logged out. A reproducer using
-automount is available on the Red Hat bz.
-
-The patch creates a new keyring which is used to cache cifs spnego
-upcalls.
-
-Red Hat bz: 1267754
-
-Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
-Reported-by: Scott Mayhew <smayhew@redhat.com>
-Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
-Signed-off-by: Steve French <smfrench@gmail.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- fs/cifs/cifs_spnego.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++
- fs/cifs/cifsfs.c | 4 +-
- fs/cifs/cifsproto.h | 2 +
- 3 files changed, 71 insertions(+), 2 deletions(-)
-
---- a/fs/cifs/cifs_spnego.c
-+++ b/fs/cifs/cifs_spnego.c
-@@ -24,10 +24,13 @@
- #include <linux/string.h>
- #include <keys/user-type.h>
- #include <linux/key-type.h>
-+#include <linux/keyctl.h>
- #include <linux/inet.h>
- #include "cifsglob.h"
- #include "cifs_spnego.h"
- #include "cifs_debug.h"
-+#include "cifsproto.h"
-+static const struct cred *spnego_cred;
-
- /* create a new cifs key */
- static int
-@@ -102,6 +105,7 @@ cifs_get_spnego_key(struct cifs_ses *ses
- size_t desc_len;
- struct key *spnego_key;
- const char *hostname = server->hostname;
-+ const struct cred *saved_cred;
-
- /* length of fields (with semicolons): ver=0xyz ip4=ipaddress
- host=hostname sec=mechanism uid=0xFF user=username */
-@@ -163,7 +167,9 @@ cifs_get_spnego_key(struct cifs_ses *ses
- sprintf(dp, ";pid=0x%x", current->pid);
-
- cifs_dbg(FYI, "key description = %s\n", description);
-+ saved_cred = override_creds(spnego_cred);
- spnego_key = request_key(&cifs_spnego_key_type, description, "");
-+ revert_creds(saved_cred);
-
- #ifdef CONFIG_CIFS_DEBUG2
- if (cifsFYI && !IS_ERR(spnego_key)) {
-@@ -177,3 +183,64 @@ out:
- kfree(description);
- return spnego_key;
- }
-+
-+int
-+init_cifs_spnego(void)
-+{
-+ struct cred *cred;
-+ struct key *keyring;
-+ int ret;
-+
-+ cifs_dbg(FYI, "Registering the %s key type\n",
-+ cifs_spnego_key_type.name);
-+
-+ /*
-+ * Create an override credential set with special thread keyring for
-+ * spnego upcalls.
-+ */
-+
-+ cred = prepare_kernel_cred(NULL);
-+ if (!cred)
-+ return -ENOMEM;
-+
-+ keyring = keyring_alloc(".cifs_spnego",
-+ GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,
-+ (KEY_POS_ALL & ~KEY_POS_SETATTR) |
-+ KEY_USR_VIEW | KEY_USR_READ,
-+ KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
-+ if (IS_ERR(keyring)) {
-+ ret = PTR_ERR(keyring);
-+ goto failed_put_cred;
-+ }
-+
-+ ret = register_key_type(&cifs_spnego_key_type);
-+ if (ret < 0)
-+ goto failed_put_key;
-+
-+ /*
-+ * instruct request_key() to use this special keyring as a cache for
-+ * the results it looks up
-+ */
-+ set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags);
-+ cred->thread_keyring = keyring;
-+ cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
-+ spnego_cred = cred;
-+
-+ cifs_dbg(FYI, "cifs spnego keyring: %d\n", key_serial(keyring));
-+ return 0;
-+
-+failed_put_key:
-+ key_put(keyring);
-+failed_put_cred:
-+ put_cred(cred);
-+ return ret;
-+}
-+
-+void
-+exit_cifs_spnego(void)
-+{
-+ key_revoke(spnego_cred->thread_keyring);
-+ unregister_key_type(&cifs_spnego_key_type);
-+ put_cred(spnego_cred);
-+ cifs_dbg(FYI, "Unregistered %s key type\n", cifs_spnego_key_type.name);
-+}
---- a/fs/cifs/cifsfs.c
-+++ b/fs/cifs/cifsfs.c
-@@ -1307,7 +1307,7 @@ init_cifs(void)
- goto out_destroy_mids;
-
- #ifdef CONFIG_CIFS_UPCALL
-- rc = register_key_type(&cifs_spnego_key_type);
-+ rc = init_cifs_spnego();
- if (rc)
- goto out_destroy_request_bufs;
- #endif /* CONFIG_CIFS_UPCALL */
-@@ -1330,7 +1330,7 @@ out_init_cifs_idmap:
- out_register_key_type:
- #endif
- #ifdef CONFIG_CIFS_UPCALL
-- unregister_key_type(&cifs_spnego_key_type);
-+ exit_cifs_spnego();
- out_destroy_request_bufs:
- #endif
- cifs_destroy_request_bufs();
---- a/fs/cifs/cifsproto.h
-+++ b/fs/cifs/cifsproto.h
-@@ -60,6 +60,8 @@ do { \
- } while (0)
- extern int init_cifs_idmap(void);
- extern void exit_cifs_idmap(void);
-+extern int init_cifs_spnego(void);
-+extern void exit_cifs_spnego(void);
- extern char *build_path_from_dentry(struct dentry *);
- extern char *cifs_build_path_to_root(struct smb_vol *vol,
- struct cifs_sb_info *cifs_sb,
fs-cifs-correctly-to-anonymous-authentication-for-the-lanman-authentication.patch
fs-cifs-correctly-to-anonymous-authentication-for-the-ntlm-v1-authentication.patch
fs-cifs-correctly-to-anonymous-authentication-for-the-ntlm-v2-authentication.patch
-cifs-create-dedicated-keyring-for-spnego-operations.patch
asix-fix-offset-calculation-in-asix_rx_fixup-causing-slow-transmissions.patch
ring-buffer-use-long-for-nr_pages-to-avoid-overflow-failures.patch
ring-buffer-prevent-overflow-of-size-in-ring_buffer_resize.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
