projects / wrapfs-5.10.y.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cf113ff) | patch
cifs: Fix preauth hash corruption
authorVincent Whitchurch <vincent.whitchurch@axis.com>
Wed, 10 Mar 2021 12:20:40 +0000 (13:20 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 24 Mar 2021 10:26:45 +0000 (11:26 +0100)
commit819eb4d7a85e5b11da8596f01b1f2c53bc3211b2
tree904b9556a587ac239074c58f939c45b6a1d652ebtree | snapshot
parentcf113ffd620da6750b2e24dad1a25702b27f8f7dcommit | diff
cifs: Fix preauth hash corruption

commit 05946d4b7a7349ae58bfa2d51ae832e64a394c2d upstream.

smb311_update_preauth_hash() uses the shash in server->secmech without
appropriate locking, and this can lead to sessions corrupting each
other's preauth hashes.

The following script can easily trigger the problem:

#!/bin/sh -e

NMOUNTS=10
for i in $(seq $NMOUNTS);
mkdir -p /tmp/mnt$i
umount /tmp/mnt$i 2>/dev/null || :
done
while :; do
for i in $(seq $NMOUNTS); do
mount -t cifs //192.168.0.1/test /tmp/mnt$i -o ... &
done
wait
for i in $(seq $NMOUNTS); do
umount /tmp/mnt$i
done
done

Usually within seconds this leads to one or more of the mounts failing
with the following errors, and a "Bad SMB2 signature for message" is
seen in the server logs:

 CIFS: VFS: \\192.168.0.1 failed to connect to IPC (rc=-13)
 CIFS: VFS: cifs_mount failed w/return code = -13

Fix it by holding the server mutex just like in the other places where
the shashes are used.

Fixes: 8bd68c6e47abff34e4 ("CIFS: implement v3.11 preauth integrity")
Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
CC: <stable@vger.kernel.org>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
[aaptel: backport to kernel without CIFS_SESS_OP]
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/cifs/transport.c diff | blob | history
wrapfs-5.10.y