From patchwork Tue Nov 5 22:47:33 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve French X-Patchwork-Id: 11228907 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3F4611599 for ; Tue, 5 Nov 2019 22:47:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id E3FC02084D for ; Tue, 5 Nov 2019 22:47:48 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="irEHQcbb" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730192AbfKEWrs (ORCPT ); Tue, 5 Nov 2019 17:47:48 -0500 Received: from mail-io1-f44.google.com ([209.85.166.44]:35212 "EHLO mail-io1-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729895AbfKEWrs (ORCPT ); Tue, 5 Nov 2019 17:47:48 -0500 Received: by mail-io1-f44.google.com with SMTP id x21so9009529iol.2 for ; Tue, 05 Nov 2019 14:47:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=EhTEtmkiVf0HGhI9gyTJ+Dwc3+HlPDHEPZfYmmf3TtY=; b=irEHQcbbAjv5okQrgNrw1tiLHjdXmChKOAIYq0K2eLc3Gd0xciHyvd1YP8yIDQ766g MxF47Ck4z/z+CK2ggcX7D6Jrt3L0IWSNxUSHXRwHJxkU5Gj4P0E1dZFt02gxbyflfrgM EW0QqMBUm9vwb76vWQBVvtnyzd+Fzq+NbN7w/I3jZ6AlcGZ87ixt3PyeXXS/WMTR1s3e YBuqLvx2NLdj4DZXdocWpECeADmCFO1T9X6jXPFVE9U5PI/0H5wJrYDArpJwYlf6o7Gm ppTXA23cEkLe8rWZbQhDoDonhV2pOjuwzskUcG6eKt1pgSrbKV8ZwhmyJJSKV3hShNha znTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=EhTEtmkiVf0HGhI9gyTJ+Dwc3+HlPDHEPZfYmmf3TtY=; b=AYa0Lzs6bjWrPtRuS7IXYT29IPqxHt5YYRN979QCgHsc+DknWCHP/PKDg16qvTtcv3 pBCqBfFzdXQ8+oDI9wrMbuXvpeNsvMUI5xf2jjsFJOQ21hWftDiD+l+9BgAU+OTVIazm 9ifOMwn7UdHMbcalkevj6nRpL7Tpv+RGfMSN2/e6MOo55B+oKCDqqhIZKxFcX8O0Gvz5 kgqbwvScMDP145+dB0tb5Ex7J5fAbeq01B0OvhVUa0yvCybzuyePUzjIKM1Tx6lVg/9j RT7hpohHktm77CvcX9tY8ezcl0gJWT8vE4vYzGZJH5H/QVCib6Y14I3/QHB5f6XP0AWx Tfrw== X-Gm-Message-State: APjAAAUVMAN53V7pPRoXk+/w6Cj6JLxPPEUEX/pxlUFpGIVlJiMiFSxP XQ9xD0ycgkZdZtproIwmWK3lSA3ADfIWEkHu84EzrKBCC2E= X-Google-Smtp-Source: APXvYqywW4MFwu3K3lhFSvWrJC47FKo47jJSUV4+yay5jwXtoKB4cn9kO43szhMzkyT+yVJ42pyjsgOj1k35n3oTgA8= X-Received: by 2002:a02:1c41:: with SMTP id c62mr27498866jac.132.1572994065281; Tue, 05 Nov 2019 14:47:45 -0800 (PST) MIME-Version: 1.0 From: Steve French Date: Tue, 5 Nov 2019 16:47:33 -0600 Message-ID: Subject: [PATCH][SMB3] remove confusing dmesg when mounting with encryption To: CIFS Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org The smb2/smb3 message checking code was logging to dmesg when mounting with encryption ("seal") for compounded SMB3 requests. When encrypted the whole frame (including potentially multiple compounds) is read so the length field is longer than in the case of non-encrypted case (where length field will match the the calculated length for the particular SMB3 request in the compound being validated). Avoids the warning on mount (with "seal"): "srv rsp padded more than expected. Length 384 not ..." From 429f3ce8446a9af2cf306a0894ef7a3cb512d7fe Mon Sep 17 00:00:00 2001 From: Steve French Date: Tue, 5 Nov 2019 16:36:41 -0600 Subject: [PATCH] smb3: remove confusing dmesg when mounting with encryption ("seal") The smb2/smb3 message checking code was logging to dmesg when mounting with encryption ("seal") for compounded SMB3 requests. When encrypted the whole frame (including potentially multiple compounds) is read so the length field is longer than in the case of non-encrypted case (where length field will match the the calculated length for the particular SMB3 request in the compound being validated). Avoids the warning on mount (with "seal"): "srv rsp padded more than expected. Length 384 not ..." Signed-off-by: Steve French --- fs/cifs/cifsglob.h | 3 ++- fs/cifs/cifsproto.h | 3 ++- fs/cifs/connect.c | 3 ++- fs/cifs/misc.c | 3 ++- fs/cifs/smb2misc.c | 18 ++++++++++++++---- fs/cifs/smb2proto.h | 2 +- 6 files changed, 23 insertions(+), 9 deletions(-) diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index 77a807408877..aa0fca853d4b 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -266,7 +266,8 @@ struct smb_version_operations { void (*print_stats)(struct seq_file *m, struct cifs_tcon *); void (*dump_share_caps)(struct seq_file *, struct cifs_tcon *); /* verify the message */ - int (*check_message)(char *, unsigned int, struct TCP_Server_Info *); + int (*check_message)(char *buf, unsigned int len, + struct TCP_Server_Info *srv, bool decrypted); bool (*is_oplock_break)(char *, struct TCP_Server_Info *); int (*handle_cancelled_mid)(char *, struct TCP_Server_Info *); void (*downgrade_oplock)(struct TCP_Server_Info *, diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h index 1ed695336f62..f9c4a821c3da 100644 --- a/fs/cifs/cifsproto.h +++ b/fs/cifs/cifsproto.h @@ -128,7 +128,8 @@ extern int SendReceiveBlockingLock(const unsigned int xid, struct smb_hdr *out_buf, int *bytes_returned); extern int cifs_reconnect(struct TCP_Server_Info *server); -extern int checkSMB(char *buf, unsigned int len, struct TCP_Server_Info *srvr); +extern int checkSMB(char *buf, unsigned int len, struct TCP_Server_Info *srvr, + bool decrypted); extern bool is_valid_oplock_break(char *, struct TCP_Server_Info *); extern bool backup_cred(struct cifs_sb_info *); extern bool is_size_safe_to_change(struct cifsInodeInfo *, __u64 eof); diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index d1b6e9475fb7..dcc52c8ebd9e 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -1071,7 +1071,8 @@ cifs_handle_standard(struct TCP_Server_Info *server, struct mid_q_entry *mid) * 48 bytes is enough to display the header and a little bit * into the payload for debugging purposes. */ - length = server->ops->check_message(buf, server->total_read, server); + length = server->ops->check_message(buf, server->total_read, server, + mid->decrypted); if (length != 0) cifs_dump_mem("Bad SMB: ", buf, min_t(unsigned int, server->total_read, 48)); diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c index 5ad83bdb9bea..a14759d14a89 100644 --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c @@ -312,7 +312,8 @@ check_smb_hdr(struct smb_hdr *smb) } int -checkSMB(char *buf, unsigned int total_read, struct TCP_Server_Info *server) +checkSMB(char *buf, unsigned int total_read, struct TCP_Server_Info *server, + bool decrypted /* unused for SMB1 */) { struct smb_hdr *smb = (struct smb_hdr *)buf; __u32 rfclen = be32_to_cpu(smb->smb_buf_length); diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c index 4b7ff3d1e830..68c9fdbf3ff7 100644 --- a/fs/cifs/smb2misc.c +++ b/fs/cifs/smb2misc.c @@ -129,7 +129,8 @@ static __u32 get_neg_ctxt_len(struct smb2_sync_hdr *hdr, __u32 len, } int -smb2_check_message(char *buf, unsigned int len, struct TCP_Server_Info *srvr) +smb2_check_message(char *buf, unsigned int len, struct TCP_Server_Info *srvr, + bool decrypted) { struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)buf; struct smb2_sync_pdu *pdu = (struct smb2_sync_pdu *)shdr; @@ -253,11 +254,20 @@ smb2_check_message(char *buf, unsigned int len, struct TCP_Server_Info *srvr) * If pad is longer than eight bytes, log the server behavior * (once), since may indicate a problem but allow it and continue * since the frame is parseable. + * (once), since may indicate a problem but allow it and + * continue since the frame is parseable. + * + * Do not log warning below if decrypted since for the encrypted + * case len can include total of more than one SMB request + * when part of a compounded req while clc_len will be smaller + * since it is calculated for only one of the requests */ if (clc_len < len) { - pr_warn_once( - "srv rsp padded more than expected. Length %d not %d for cmd:%d mid:%llu\n", - len, clc_len, command, mid); + if (!decrypted) + pr_warn_once( + "srv rsp padded more than expected. " + "Length %d not %d for cmd:%d mid:%llu\n", + len, clc_len, command, mid); return 0; } pr_warn_once( diff --git a/fs/cifs/smb2proto.h b/fs/cifs/smb2proto.h index a469fa211f37..50fd8a67accc 100644 --- a/fs/cifs/smb2proto.h +++ b/fs/cifs/smb2proto.h @@ -35,7 +35,7 @@ struct smb_rqst; */ extern int map_smb2_to_linux_error(char *buf, bool log_err); extern int smb2_check_message(char *buf, unsigned int length, - struct TCP_Server_Info *server); + struct TCP_Server_Info *server, bool decrypted); extern unsigned int smb2_calc_size(void *buf, struct TCP_Server_Info *server); extern char *smb2_get_data_area_len(int *off, int *len, struct smb2_sync_hdr *shdr); -- 2.23.0