Added cc:stable On Fri, May 21, 2021 at 10:19 AM Aurélien Aptel <aaptel@xxxxxxxx> wrote: > > From: Aurelien Aptel <aaptel@xxxxxxxx> > > SMB3.0 doesn't have encryption negotiate context but simply uses > the SMB2_GLOBAL_CAP_ENCRYPTION flag. > > When that flag is present in the neg response cifs.ko uses AES-128-CCM > which is the only cipher available in this context. > > cipher_type was set to the server cipher only when parsing encryption > negotiate context (SMB3.1.1). > > For SMB3.0 it was set to 0. This means cipher_type value can be 0 or 1 > for AES-128-CCM. > > Fix this by checking for SMB3.0 and encryption capability and setting > cipher_type appropriately. > > Signed-off-by: Aurelien Aptel <aaptel@xxxxxxxx> > --- > fs/cifs/smb2pdu.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c > index 9f24eb88297a..c205f93e0a10 100644 > --- a/fs/cifs/smb2pdu.c > +++ b/fs/cifs/smb2pdu.c > @@ -958,6 +958,13 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses) > /* Internal types */ > server->capabilities |= SMB2_NT_FIND | SMB2_LARGE_FILES; > > + /* > + * SMB3.0 supports only 1 cipher and doesn't have a encryption neg context > + * Set the cipher type manually. > + */ > + if (server->dialect == SMB30_PROT_ID && (server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION)) > + server->cipher_type = SMB2_ENCRYPTION_AES128_CCM; > + > security_blob = smb2_get_data_area_len(&blob_offset, &blob_length, > (struct smb2_sync_hdr *)rsp); > /* > -- > 2.31.1 > -- Thanks, Steve