From: Greg Kroah-Hartman Date: Sun, 29 May 2016 22:04:50 +0000 (-0700) Subject: remove broken cifs patch X-Git-Tag: v3.14.71~9 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5a12aea10e3e58452b21946154a47aca71e0a6cd;p=thirdparty%2Fkernel%2Fstable-queue.git remove broken cifs patch --- diff --git a/queue-3.14/cifs-create-dedicated-keyring-for-spnego-operations.patch b/queue-3.14/cifs-create-dedicated-keyring-for-spnego-operations.patch deleted file mode 100644 index 579608a5338..00000000000 --- a/queue-3.14/cifs-create-dedicated-keyring-for-spnego-operations.patch +++ /dev/null @@ -1,167 +0,0 @@ -From b74cb9a80268be5c80cf4c87c74debf0ff2129ac Mon Sep 17 00:00:00 2001 -From: Sachin Prabhu -Date: Tue, 17 May 2016 18:20:13 -0500 -Subject: cifs: Create dedicated keyring for spnego operations - -From: Sachin Prabhu - -commit b74cb9a80268be5c80cf4c87c74debf0ff2129ac upstream. - -The session key is the default keyring set for request_key operations. -This session key is revoked when the user owning the session logs out. -Any long running daemon processes started by this session ends up with -revoked session keyring which prevents these processes from using the -request_key mechanism from obtaining the krb5 keys. - -The problem has been reported by a large number of autofs users. The -problem is also seen with multiuser mounts where the share may be used -by processes run by a user who has since logged out. A reproducer using -automount is available on the Red Hat bz. - -The patch creates a new keyring which is used to cache cifs spnego -upcalls. - -Red Hat bz: 1267754 - -Signed-off-by: Sachin Prabhu -Reported-by: Scott Mayhew -Reviewed-by: Shirish Pargaonkar -Signed-off-by: Steve French -Signed-off-by: Greg Kroah-Hartman - ---- - fs/cifs/cifs_spnego.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++ - fs/cifs/cifsfs.c | 4 +- - fs/cifs/cifsproto.h | 2 + - 3 files changed, 71 insertions(+), 2 deletions(-) - ---- a/fs/cifs/cifs_spnego.c -+++ b/fs/cifs/cifs_spnego.c -@@ -24,10 +24,13 @@ - #include - #include - #include -+#include - #include - #include "cifsglob.h" - #include "cifs_spnego.h" - #include "cifs_debug.h" -+#include "cifsproto.h" -+static const struct cred *spnego_cred; - - /* create a new cifs key */ - static int -@@ -103,6 +106,7 @@ cifs_get_spnego_key(struct cifs_ses *ses - size_t desc_len; - struct key *spnego_key; - const char *hostname = server->hostname; -+ const struct cred *saved_cred; - - /* length of fields (with semicolons): ver=0xyz ip4=ipaddress - host=hostname sec=mechanism uid=0xFF user=username */ -@@ -164,7 +168,9 @@ cifs_get_spnego_key(struct cifs_ses *ses - sprintf(dp, ";pid=0x%x", current->pid); - - cifs_dbg(FYI, "key description = %s\n", description); -+ saved_cred = override_creds(spnego_cred); - spnego_key = request_key(&cifs_spnego_key_type, description, ""); -+ revert_creds(saved_cred); - - #ifdef CONFIG_CIFS_DEBUG2 - if (cifsFYI && !IS_ERR(spnego_key)) { -@@ -178,3 +184,64 @@ out: - kfree(description); - return spnego_key; - } -+ -+int -+init_cifs_spnego(void) -+{ -+ struct cred *cred; -+ struct key *keyring; -+ int ret; -+ -+ cifs_dbg(FYI, "Registering the %s key type\n", -+ cifs_spnego_key_type.name); -+ -+ /* -+ * Create an override credential set with special thread keyring for -+ * spnego upcalls. -+ */ -+ -+ cred = prepare_kernel_cred(NULL); -+ if (!cred) -+ return -ENOMEM; -+ -+ keyring = keyring_alloc(".cifs_spnego", -+ GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, -+ (KEY_POS_ALL & ~KEY_POS_SETATTR) | -+ KEY_USR_VIEW | KEY_USR_READ, -+ KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL); -+ if (IS_ERR(keyring)) { -+ ret = PTR_ERR(keyring); -+ goto failed_put_cred; -+ } -+ -+ ret = register_key_type(&cifs_spnego_key_type); -+ if (ret < 0) -+ goto failed_put_key; -+ -+ /* -+ * instruct request_key() to use this special keyring as a cache for -+ * the results it looks up -+ */ -+ set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags); -+ cred->thread_keyring = keyring; -+ cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING; -+ spnego_cred = cred; -+ -+ cifs_dbg(FYI, "cifs spnego keyring: %d\n", key_serial(keyring)); -+ return 0; -+ -+failed_put_key: -+ key_put(keyring); -+failed_put_cred: -+ put_cred(cred); -+ return ret; -+} -+ -+void -+exit_cifs_spnego(void) -+{ -+ key_revoke(spnego_cred->thread_keyring); -+ unregister_key_type(&cifs_spnego_key_type); -+ put_cred(spnego_cred); -+ cifs_dbg(FYI, "Unregistered %s key type\n", cifs_spnego_key_type.name); -+} ---- a/fs/cifs/cifsfs.c -+++ b/fs/cifs/cifsfs.c -@@ -1228,7 +1228,7 @@ init_cifs(void) - goto out_destroy_mids; - - #ifdef CONFIG_CIFS_UPCALL -- rc = register_key_type(&cifs_spnego_key_type); -+ rc = init_cifs_spnego(); - if (rc) - goto out_destroy_request_bufs; - #endif /* CONFIG_CIFS_UPCALL */ -@@ -1251,7 +1251,7 @@ out_init_cifs_idmap: - out_register_key_type: - #endif - #ifdef CONFIG_CIFS_UPCALL -- unregister_key_type(&cifs_spnego_key_type); -+ exit_cifs_spnego(); - out_destroy_request_bufs: - #endif - cifs_destroy_request_bufs(); ---- a/fs/cifs/cifsproto.h -+++ b/fs/cifs/cifsproto.h -@@ -59,6 +59,8 @@ do { \ - } while (0) - extern int init_cifs_idmap(void); - extern void exit_cifs_idmap(void); -+extern int init_cifs_spnego(void); -+extern void exit_cifs_spnego(void); - extern char *build_path_from_dentry(struct dentry *); - extern char *cifs_build_path_to_root(struct smb_vol *vol, - struct cifs_sb_info *cifs_sb, diff --git a/queue-3.14/crypto-sun4i-ss-replace-spinlock_bh-by-spin_lock_irq-save-restore.patch b/queue-3.14/crypto-sun4i-ss-replace-spinlock_bh-by-spin_lock_irq-save-restore.patch deleted file mode 100644 index a02a93df00e..00000000000 --- a/queue-3.14/crypto-sun4i-ss-replace-spinlock_bh-by-spin_lock_irq-save-restore.patch +++ /dev/null @@ -1,75 +0,0 @@ -From bdb6cf9f6fe6d9af905ea34b7c4bb78ea601329e Mon Sep 17 00:00:00 2001 -From: Corentin LABBE -Date: Wed, 23 Mar 2016 16:11:24 +0100 -Subject: crypto: sun4i-ss - Replace spinlock_bh by spin_lock_irq{save|restore} - -From: Corentin LABBE - -commit bdb6cf9f6fe6d9af905ea34b7c4bb78ea601329e upstream. - -The current sun4i-ss driver could generate data corruption when ciphering/deciphering. -It occurs randomly on end of handled data. -No root cause have been found and the only way to remove it is to replace -all spin_lock_bh by their irq counterparts. - -Fixes: 6298e948215f ("crypto: sunxi-ss - Add Allwinner Security System crypto accelerator") -Signed-off-by: LABBE Corentin -Signed-off-by: Herbert Xu -Signed-off-by: Greg Kroah-Hartman - -diff --git a/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c b/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c -index 7be3fbcd8d78..3830d7c4e138 100644 ---- a/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c -+++ b/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c -@@ -35,6 +35,7 @@ static int sun4i_ss_opti_poll(struct ablkcipher_request *areq) - unsigned int todo; - struct sg_mapping_iter mi, mo; - unsigned int oi, oo; /* offset for in and out */ -+ unsigned long flags; - - if (areq->nbytes == 0) - return 0; -@@ -49,7 +50,7 @@ static int sun4i_ss_opti_poll(struct ablkcipher_request *areq) - return -EINVAL; - } - -- spin_lock_bh(&ss->slock); -+ spin_lock_irqsave(&ss->slock, flags); - - for (i = 0; i < op->keylen; i += 4) - writel(*(op->key + i / 4), ss->base + SS_KEY0 + i); -@@ -117,7 +118,7 @@ release_ss: - sg_miter_stop(&mi); - sg_miter_stop(&mo); - writel(0, ss->base + SS_CTL); -- spin_unlock_bh(&ss->slock); -+ spin_unlock_irqrestore(&ss->slock, flags); - return err; - } - -@@ -149,6 +150,7 @@ static int sun4i_ss_cipher_poll(struct ablkcipher_request *areq) - unsigned int ob = 0; /* offset in buf */ - unsigned int obo = 0; /* offset in bufo*/ - unsigned int obl = 0; /* length of data in bufo */ -+ unsigned long flags; - - if (areq->nbytes == 0) - return 0; -@@ -181,7 +183,7 @@ static int sun4i_ss_cipher_poll(struct ablkcipher_request *areq) - if (no_chunk == 1) - return sun4i_ss_opti_poll(areq); - -- spin_lock_bh(&ss->slock); -+ spin_lock_irqsave(&ss->slock, flags); - - for (i = 0; i < op->keylen; i += 4) - writel(*(op->key + i / 4), ss->base + SS_KEY0 + i); -@@ -307,7 +309,7 @@ release_ss: - sg_miter_stop(&mi); - sg_miter_stop(&mo); - writel(0, ss->base + SS_CTL); -- spin_unlock_bh(&ss->slock); -+ spin_unlock_irqrestore(&ss->slock, flags); - - return err; - } diff --git a/queue-3.14/series b/queue-3.14/series index a1016ce4e0b..eb56148bf7b 100644 --- a/queue-3.14/series +++ b/queue-3.14/series @@ -2,8 +2,6 @@ btrfs-don-t-use-src-fd-for-printk.patch arm-arm64-kvm-enforce-break-before-make-on-stage-2-page-tables.patch remove-directory-incorrectly-tries-to-set-delete-on-close-on-non-empty-directories.patch fs-cifs-correctly-to-anonymous-authentication-via-ntlmssp.patch -cifs-create-dedicated-keyring-for-spnego-operations.patch ring-buffer-use-long-for-nr_pages-to-avoid-overflow-failures.patch ring-buffer-prevent-overflow-of-size-in-ring_buffer_resize.patch crypto-caam-fix-caam_jr_alloc-ret-code.patch -crypto-sun4i-ss-replace-spinlock_bh-by-spin_lock_irq-save-restore.patch diff --git a/queue-4.4/cifs-create-dedicated-keyring-for-spnego-operations.patch b/queue-4.4/cifs-create-dedicated-keyring-for-spnego-operations.patch deleted file mode 100644 index 3f3fa6e383e..00000000000 --- a/queue-4.4/cifs-create-dedicated-keyring-for-spnego-operations.patch +++ /dev/null @@ -1,167 +0,0 @@ -From b74cb9a80268be5c80cf4c87c74debf0ff2129ac Mon Sep 17 00:00:00 2001 -From: Sachin Prabhu -Date: Tue, 17 May 2016 18:20:13 -0500 -Subject: cifs: Create dedicated keyring for spnego operations - -From: Sachin Prabhu - -commit b74cb9a80268be5c80cf4c87c74debf0ff2129ac upstream. - -The session key is the default keyring set for request_key operations. -This session key is revoked when the user owning the session logs out. -Any long running daemon processes started by this session ends up with -revoked session keyring which prevents these processes from using the -request_key mechanism from obtaining the krb5 keys. - -The problem has been reported by a large number of autofs users. The -problem is also seen with multiuser mounts where the share may be used -by processes run by a user who has since logged out. A reproducer using -automount is available on the Red Hat bz. - -The patch creates a new keyring which is used to cache cifs spnego -upcalls. - -Red Hat bz: 1267754 - -Signed-off-by: Sachin Prabhu -Reported-by: Scott Mayhew -Reviewed-by: Shirish Pargaonkar -Signed-off-by: Steve French -Signed-off-by: Greg Kroah-Hartman - ---- - fs/cifs/cifs_spnego.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++ - fs/cifs/cifsfs.c | 4 +- - fs/cifs/cifsproto.h | 2 + - 3 files changed, 71 insertions(+), 2 deletions(-) - ---- a/fs/cifs/cifs_spnego.c -+++ b/fs/cifs/cifs_spnego.c -@@ -24,10 +24,13 @@ - #include - #include - #include -+#include - #include - #include "cifsglob.h" - #include "cifs_spnego.h" - #include "cifs_debug.h" -+#include "cifsproto.h" -+static const struct cred *spnego_cred; - - /* create a new cifs key */ - static int -@@ -102,6 +105,7 @@ cifs_get_spnego_key(struct cifs_ses *ses - size_t desc_len; - struct key *spnego_key; - const char *hostname = server->hostname; -+ const struct cred *saved_cred; - - /* length of fields (with semicolons): ver=0xyz ip4=ipaddress - host=hostname sec=mechanism uid=0xFF user=username */ -@@ -163,7 +167,9 @@ cifs_get_spnego_key(struct cifs_ses *ses - sprintf(dp, ";pid=0x%x", current->pid); - - cifs_dbg(FYI, "key description = %s\n", description); -+ saved_cred = override_creds(spnego_cred); - spnego_key = request_key(&cifs_spnego_key_type, description, ""); -+ revert_creds(saved_cred); - - #ifdef CONFIG_CIFS_DEBUG2 - if (cifsFYI && !IS_ERR(spnego_key)) { -@@ -177,3 +183,64 @@ out: - kfree(description); - return spnego_key; - } -+ -+int -+init_cifs_spnego(void) -+{ -+ struct cred *cred; -+ struct key *keyring; -+ int ret; -+ -+ cifs_dbg(FYI, "Registering the %s key type\n", -+ cifs_spnego_key_type.name); -+ -+ /* -+ * Create an override credential set with special thread keyring for -+ * spnego upcalls. -+ */ -+ -+ cred = prepare_kernel_cred(NULL); -+ if (!cred) -+ return -ENOMEM; -+ -+ keyring = keyring_alloc(".cifs_spnego", -+ GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, -+ (KEY_POS_ALL & ~KEY_POS_SETATTR) | -+ KEY_USR_VIEW | KEY_USR_READ, -+ KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL); -+ if (IS_ERR(keyring)) { -+ ret = PTR_ERR(keyring); -+ goto failed_put_cred; -+ } -+ -+ ret = register_key_type(&cifs_spnego_key_type); -+ if (ret < 0) -+ goto failed_put_key; -+ -+ /* -+ * instruct request_key() to use this special keyring as a cache for -+ * the results it looks up -+ */ -+ set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags); -+ cred->thread_keyring = keyring; -+ cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING; -+ spnego_cred = cred; -+ -+ cifs_dbg(FYI, "cifs spnego keyring: %d\n", key_serial(keyring)); -+ return 0; -+ -+failed_put_key: -+ key_put(keyring); -+failed_put_cred: -+ put_cred(cred); -+ return ret; -+} -+ -+void -+exit_cifs_spnego(void) -+{ -+ key_revoke(spnego_cred->thread_keyring); -+ unregister_key_type(&cifs_spnego_key_type); -+ put_cred(spnego_cred); -+ cifs_dbg(FYI, "Unregistered %s key type\n", cifs_spnego_key_type.name); -+} ---- a/fs/cifs/cifsfs.c -+++ b/fs/cifs/cifsfs.c -@@ -1233,7 +1233,7 @@ init_cifs(void) - goto out_destroy_mids; - - #ifdef CONFIG_CIFS_UPCALL -- rc = register_key_type(&cifs_spnego_key_type); -+ rc = init_cifs_spnego(); - if (rc) - goto out_destroy_request_bufs; - #endif /* CONFIG_CIFS_UPCALL */ -@@ -1256,7 +1256,7 @@ out_init_cifs_idmap: - out_register_key_type: - #endif - #ifdef CONFIG_CIFS_UPCALL -- unregister_key_type(&cifs_spnego_key_type); -+ exit_cifs_spnego(); - out_destroy_request_bufs: - #endif - cifs_destroy_request_bufs(); ---- a/fs/cifs/cifsproto.h -+++ b/fs/cifs/cifsproto.h -@@ -60,6 +60,8 @@ do { \ - } while (0) - extern int init_cifs_idmap(void); - extern void exit_cifs_idmap(void); -+extern int init_cifs_spnego(void); -+extern void exit_cifs_spnego(void); - extern char *build_path_from_dentry(struct dentry *); - extern char *cifs_build_path_to_root(struct smb_vol *vol, - struct cifs_sb_info *cifs_sb, diff --git a/queue-4.4/series b/queue-4.4/series index d048687e240..3f64b184eaa 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -15,7 +15,6 @@ fs-cifs-correctly-to-anonymous-authentication-via-ntlmssp.patch fs-cifs-correctly-to-anonymous-authentication-for-the-lanman-authentication.patch fs-cifs-correctly-to-anonymous-authentication-for-the-ntlm-v1-authentication.patch fs-cifs-correctly-to-anonymous-authentication-for-the-ntlm-v2-authentication.patch -cifs-create-dedicated-keyring-for-spnego-operations.patch asix-fix-offset-calculation-in-asix_rx_fixup-causing-slow-transmissions.patch ring-buffer-use-long-for-nr_pages-to-avoid-overflow-failures.patch ring-buffer-prevent-overflow-of-size-in-ring_buffer_resize.patch diff --git a/queue-4.5/cifs-create-dedicated-keyring-for-spnego-operations.patch b/queue-4.5/cifs-create-dedicated-keyring-for-spnego-operations.patch deleted file mode 100644 index 373b58f9183..00000000000 --- a/queue-4.5/cifs-create-dedicated-keyring-for-spnego-operations.patch +++ /dev/null @@ -1,167 +0,0 @@ -From b74cb9a80268be5c80cf4c87c74debf0ff2129ac Mon Sep 17 00:00:00 2001 -From: Sachin Prabhu -Date: Tue, 17 May 2016 18:20:13 -0500 -Subject: cifs: Create dedicated keyring for spnego operations - -From: Sachin Prabhu - -commit b74cb9a80268be5c80cf4c87c74debf0ff2129ac upstream. - -The session key is the default keyring set for request_key operations. -This session key is revoked when the user owning the session logs out. -Any long running daemon processes started by this session ends up with -revoked session keyring which prevents these processes from using the -request_key mechanism from obtaining the krb5 keys. - -The problem has been reported by a large number of autofs users. The -problem is also seen with multiuser mounts where the share may be used -by processes run by a user who has since logged out. A reproducer using -automount is available on the Red Hat bz. - -The patch creates a new keyring which is used to cache cifs spnego -upcalls. - -Red Hat bz: 1267754 - -Signed-off-by: Sachin Prabhu -Reported-by: Scott Mayhew -Reviewed-by: Shirish Pargaonkar -Signed-off-by: Steve French -Signed-off-by: Greg Kroah-Hartman - ---- - fs/cifs/cifs_spnego.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++ - fs/cifs/cifsfs.c | 4 +- - fs/cifs/cifsproto.h | 2 + - 3 files changed, 71 insertions(+), 2 deletions(-) - ---- a/fs/cifs/cifs_spnego.c -+++ b/fs/cifs/cifs_spnego.c -@@ -24,10 +24,13 @@ - #include - #include - #include -+#include - #include - #include "cifsglob.h" - #include "cifs_spnego.h" - #include "cifs_debug.h" -+#include "cifsproto.h" -+static const struct cred *spnego_cred; - - /* create a new cifs key */ - static int -@@ -102,6 +105,7 @@ cifs_get_spnego_key(struct cifs_ses *ses - size_t desc_len; - struct key *spnego_key; - const char *hostname = server->hostname; -+ const struct cred *saved_cred; - - /* length of fields (with semicolons): ver=0xyz ip4=ipaddress - host=hostname sec=mechanism uid=0xFF user=username */ -@@ -163,7 +167,9 @@ cifs_get_spnego_key(struct cifs_ses *ses - sprintf(dp, ";pid=0x%x", current->pid); - - cifs_dbg(FYI, "key description = %s\n", description); -+ saved_cred = override_creds(spnego_cred); - spnego_key = request_key(&cifs_spnego_key_type, description, ""); -+ revert_creds(saved_cred); - - #ifdef CONFIG_CIFS_DEBUG2 - if (cifsFYI && !IS_ERR(spnego_key)) { -@@ -177,3 +183,64 @@ out: - kfree(description); - return spnego_key; - } -+ -+int -+init_cifs_spnego(void) -+{ -+ struct cred *cred; -+ struct key *keyring; -+ int ret; -+ -+ cifs_dbg(FYI, "Registering the %s key type\n", -+ cifs_spnego_key_type.name); -+ -+ /* -+ * Create an override credential set with special thread keyring for -+ * spnego upcalls. -+ */ -+ -+ cred = prepare_kernel_cred(NULL); -+ if (!cred) -+ return -ENOMEM; -+ -+ keyring = keyring_alloc(".cifs_spnego", -+ GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, -+ (KEY_POS_ALL & ~KEY_POS_SETATTR) | -+ KEY_USR_VIEW | KEY_USR_READ, -+ KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL); -+ if (IS_ERR(keyring)) { -+ ret = PTR_ERR(keyring); -+ goto failed_put_cred; -+ } -+ -+ ret = register_key_type(&cifs_spnego_key_type); -+ if (ret < 0) -+ goto failed_put_key; -+ -+ /* -+ * instruct request_key() to use this special keyring as a cache for -+ * the results it looks up -+ */ -+ set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags); -+ cred->thread_keyring = keyring; -+ cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING; -+ spnego_cred = cred; -+ -+ cifs_dbg(FYI, "cifs spnego keyring: %d\n", key_serial(keyring)); -+ return 0; -+ -+failed_put_key: -+ key_put(keyring); -+failed_put_cred: -+ put_cred(cred); -+ return ret; -+} -+ -+void -+exit_cifs_spnego(void) -+{ -+ key_revoke(spnego_cred->thread_keyring); -+ unregister_key_type(&cifs_spnego_key_type); -+ put_cred(spnego_cred); -+ cifs_dbg(FYI, "Unregistered %s key type\n", cifs_spnego_key_type.name); -+} ---- a/fs/cifs/cifsfs.c -+++ b/fs/cifs/cifsfs.c -@@ -1309,7 +1309,7 @@ init_cifs(void) - goto out_destroy_mids; - - #ifdef CONFIG_CIFS_UPCALL -- rc = register_key_type(&cifs_spnego_key_type); -+ rc = init_cifs_spnego(); - if (rc) - goto out_destroy_request_bufs; - #endif /* CONFIG_CIFS_UPCALL */ -@@ -1332,7 +1332,7 @@ out_init_cifs_idmap: - out_register_key_type: - #endif - #ifdef CONFIG_CIFS_UPCALL -- unregister_key_type(&cifs_spnego_key_type); -+ exit_cifs_spnego(); - out_destroy_request_bufs: - #endif - cifs_destroy_request_bufs(); ---- a/fs/cifs/cifsproto.h -+++ b/fs/cifs/cifsproto.h -@@ -60,6 +60,8 @@ do { \ - } while (0) - extern int init_cifs_idmap(void); - extern void exit_cifs_idmap(void); -+extern int init_cifs_spnego(void); -+extern void exit_cifs_spnego(void); - extern char *build_path_from_dentry(struct dentry *); - extern char *cifs_build_path_to_root(struct smb_vol *vol, - struct cifs_sb_info *cifs_sb, diff --git a/queue-4.5/series b/queue-4.5/series index 57cd07aa772..715bcbcf47e 100644 --- a/queue-4.5/series +++ b/queue-4.5/series @@ -12,7 +12,6 @@ fs-cifs-correctly-to-anonymous-authentication-via-ntlmssp.patch fs-cifs-correctly-to-anonymous-authentication-for-the-lanman-authentication.patch fs-cifs-correctly-to-anonymous-authentication-for-the-ntlm-v1-authentication.patch fs-cifs-correctly-to-anonymous-authentication-for-the-ntlm-v2-authentication.patch -cifs-create-dedicated-keyring-for-spnego-operations.patch asix-fix-offset-calculation-in-asix_rx_fixup-causing-slow-transmissions.patch ring-buffer-use-long-for-nr_pages-to-avoid-overflow-failures.patch ring-buffer-prevent-overflow-of-size-in-ring_buffer_resize.patch diff --git a/queue-4.6/cifs-create-dedicated-keyring-for-spnego-operations.patch b/queue-4.6/cifs-create-dedicated-keyring-for-spnego-operations.patch deleted file mode 100644 index 9f2b4c6d0e8..00000000000 --- a/queue-4.6/cifs-create-dedicated-keyring-for-spnego-operations.patch +++ /dev/null @@ -1,167 +0,0 @@ -From b74cb9a80268be5c80cf4c87c74debf0ff2129ac Mon Sep 17 00:00:00 2001 -From: Sachin Prabhu -Date: Tue, 17 May 2016 18:20:13 -0500 -Subject: cifs: Create dedicated keyring for spnego operations - -From: Sachin Prabhu - -commit b74cb9a80268be5c80cf4c87c74debf0ff2129ac upstream. - -The session key is the default keyring set for request_key operations. -This session key is revoked when the user owning the session logs out. -Any long running daemon processes started by this session ends up with -revoked session keyring which prevents these processes from using the -request_key mechanism from obtaining the krb5 keys. - -The problem has been reported by a large number of autofs users. The -problem is also seen with multiuser mounts where the share may be used -by processes run by a user who has since logged out. A reproducer using -automount is available on the Red Hat bz. - -The patch creates a new keyring which is used to cache cifs spnego -upcalls. - -Red Hat bz: 1267754 - -Signed-off-by: Sachin Prabhu -Reported-by: Scott Mayhew -Reviewed-by: Shirish Pargaonkar -Signed-off-by: Steve French -Signed-off-by: Greg Kroah-Hartman - ---- - fs/cifs/cifs_spnego.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++ - fs/cifs/cifsfs.c | 4 +- - fs/cifs/cifsproto.h | 2 + - 3 files changed, 71 insertions(+), 2 deletions(-) - ---- a/fs/cifs/cifs_spnego.c -+++ b/fs/cifs/cifs_spnego.c -@@ -24,10 +24,13 @@ - #include - #include - #include -+#include - #include - #include "cifsglob.h" - #include "cifs_spnego.h" - #include "cifs_debug.h" -+#include "cifsproto.h" -+static const struct cred *spnego_cred; - - /* create a new cifs key */ - static int -@@ -102,6 +105,7 @@ cifs_get_spnego_key(struct cifs_ses *ses - size_t desc_len; - struct key *spnego_key; - const char *hostname = server->hostname; -+ const struct cred *saved_cred; - - /* length of fields (with semicolons): ver=0xyz ip4=ipaddress - host=hostname sec=mechanism uid=0xFF user=username */ -@@ -163,7 +167,9 @@ cifs_get_spnego_key(struct cifs_ses *ses - sprintf(dp, ";pid=0x%x", current->pid); - - cifs_dbg(FYI, "key description = %s\n", description); -+ saved_cred = override_creds(spnego_cred); - spnego_key = request_key(&cifs_spnego_key_type, description, ""); -+ revert_creds(saved_cred); - - #ifdef CONFIG_CIFS_DEBUG2 - if (cifsFYI && !IS_ERR(spnego_key)) { -@@ -177,3 +183,64 @@ out: - kfree(description); - return spnego_key; - } -+ -+int -+init_cifs_spnego(void) -+{ -+ struct cred *cred; -+ struct key *keyring; -+ int ret; -+ -+ cifs_dbg(FYI, "Registering the %s key type\n", -+ cifs_spnego_key_type.name); -+ -+ /* -+ * Create an override credential set with special thread keyring for -+ * spnego upcalls. -+ */ -+ -+ cred = prepare_kernel_cred(NULL); -+ if (!cred) -+ return -ENOMEM; -+ -+ keyring = keyring_alloc(".cifs_spnego", -+ GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, -+ (KEY_POS_ALL & ~KEY_POS_SETATTR) | -+ KEY_USR_VIEW | KEY_USR_READ, -+ KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL); -+ if (IS_ERR(keyring)) { -+ ret = PTR_ERR(keyring); -+ goto failed_put_cred; -+ } -+ -+ ret = register_key_type(&cifs_spnego_key_type); -+ if (ret < 0) -+ goto failed_put_key; -+ -+ /* -+ * instruct request_key() to use this special keyring as a cache for -+ * the results it looks up -+ */ -+ set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags); -+ cred->thread_keyring = keyring; -+ cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING; -+ spnego_cred = cred; -+ -+ cifs_dbg(FYI, "cifs spnego keyring: %d\n", key_serial(keyring)); -+ return 0; -+ -+failed_put_key: -+ key_put(keyring); -+failed_put_cred: -+ put_cred(cred); -+ return ret; -+} -+ -+void -+exit_cifs_spnego(void) -+{ -+ key_revoke(spnego_cred->thread_keyring); -+ unregister_key_type(&cifs_spnego_key_type); -+ put_cred(spnego_cred); -+ cifs_dbg(FYI, "Unregistered %s key type\n", cifs_spnego_key_type.name); -+} ---- a/fs/cifs/cifsfs.c -+++ b/fs/cifs/cifsfs.c -@@ -1307,7 +1307,7 @@ init_cifs(void) - goto out_destroy_mids; - - #ifdef CONFIG_CIFS_UPCALL -- rc = register_key_type(&cifs_spnego_key_type); -+ rc = init_cifs_spnego(); - if (rc) - goto out_destroy_request_bufs; - #endif /* CONFIG_CIFS_UPCALL */ -@@ -1330,7 +1330,7 @@ out_init_cifs_idmap: - out_register_key_type: - #endif - #ifdef CONFIG_CIFS_UPCALL -- unregister_key_type(&cifs_spnego_key_type); -+ exit_cifs_spnego(); - out_destroy_request_bufs: - #endif - cifs_destroy_request_bufs(); ---- a/fs/cifs/cifsproto.h -+++ b/fs/cifs/cifsproto.h -@@ -60,6 +60,8 @@ do { \ - } while (0) - extern int init_cifs_idmap(void); - extern void exit_cifs_idmap(void); -+extern int init_cifs_spnego(void); -+extern void exit_cifs_spnego(void); - extern char *build_path_from_dentry(struct dentry *); - extern char *cifs_build_path_to_root(struct smb_vol *vol, - struct cifs_sb_info *cifs_sb, diff --git a/queue-4.6/series b/queue-4.6/series index 8fac49c9d9a..e97ea0ccb1d 100644 --- a/queue-4.6/series +++ b/queue-4.6/series @@ -11,7 +11,6 @@ fs-cifs-correctly-to-anonymous-authentication-via-ntlmssp.patch fs-cifs-correctly-to-anonymous-authentication-for-the-lanman-authentication.patch fs-cifs-correctly-to-anonymous-authentication-for-the-ntlm-v1-authentication.patch fs-cifs-correctly-to-anonymous-authentication-for-the-ntlm-v2-authentication.patch -cifs-create-dedicated-keyring-for-spnego-operations.patch asix-fix-offset-calculation-in-asix_rx_fixup-causing-slow-transmissions.patch ring-buffer-use-long-for-nr_pages-to-avoid-overflow-failures.patch ring-buffer-prevent-overflow-of-size-in-ring_buffer_resize.patch