Linux-CIFS Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH][SMB3] Allow skipping signing verification for perf sensitive use cases
@ 2019-09-04  2:24 Steve French
  2019-09-04  2:37 ` ronnie sahlberg
  0 siblings, 1 reply; 4+ messages in thread
From: Steve French @ 2019-09-04  2:24 UTC (permalink / raw)
  To: CIFS

[-- Attachment #1: Type: text/plain, Size: 534 bytes --]

Add new mount option "signloosely" which enables signing but skips the
sometimes expensive signing checks in the responses (signatures are
calculated and sent correctly in the SMB2/SMB3 requests even with this
mount option but skipped in the responses).  Although weaker for security
(and also data integrity in case a packet were corrupted), this can provide
enough of a performance benefit (calculating the signature to verify a
packet can be expensive especially for large packets) to be useful in
some cases.


-- 
Thanks,

Steve

[-- Attachment #2: 0001-smb3-allow-skipping-signature-verification-for-perf-.patch --]
[-- Type: text/x-patch, Size: 4224 bytes --]

From 2edfabcb6e31e3de543a066b3886f2db8d84ce47 Mon Sep 17 00:00:00 2001
From: Steve French <stfrench@microsoft.com>
Date: Tue, 3 Sep 2019 21:18:49 -0500
Subject: [PATCH] smb3: allow skipping signature verification for perf
 sensitive configurations

Add new mount option "signloosely" which enables signing but skips the
sometimes expensive signing checks in the responses (signatures are
calculated and sent correctly in the SMB2/SMB3 requests even with this
mount option but skipped in the responses).  Although weaker for security
(and also data integrity in case a packet were corrupted), this can provide
enough of a performance benefit (calculating the signature to verify a
packet can be expensive especially for large packets) to be useful in
some cases.

Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/cifs/cifsglob.h      |  2 ++
 fs/cifs/connect.c       | 13 ++++++++++---
 fs/cifs/smb2transport.c |  1 +
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index fa5abe3a8514..ed31264feea3 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -542,6 +542,7 @@ struct smb_vol {
 	umode_t dir_mode;
 	enum securityEnum sectype; /* sectype requested via mnt opts */
 	bool sign; /* was signing requested via mnt opts? */
+	bool ignore_signature;
 	bool retry:1;
 	bool intr:1;
 	bool setuids:1;
@@ -681,6 +682,7 @@ struct TCP_Server_Info {
 	char server_GUID[16];
 	__u16 sec_mode;
 	bool sign; /* is signing enabled on this connection? */
+	bool ignore_signature; /* skip validation of signatures in SMB2/3 rsp */
 	bool session_estab; /* mark when very first sess is established */
 	int echo_credits;  /* echo reserved slots */
 	int oplock_credits;  /* oplock break reserved slots */
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 85f8d943a05a..17882cede197 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -91,7 +91,7 @@ enum {
 	Opt_serverino, Opt_noserverino,
 	Opt_rwpidforward, Opt_cifsacl, Opt_nocifsacl,
 	Opt_acl, Opt_noacl, Opt_locallease,
-	Opt_sign, Opt_seal, Opt_noac,
+	Opt_sign, Opt_ignore_signature, Opt_seal, Opt_noac,
 	Opt_fsc, Opt_mfsymlinks,
 	Opt_multiuser, Opt_sloppy, Opt_nosharesock,
 	Opt_persistent, Opt_nopersistent,
@@ -183,6 +183,7 @@ static const match_table_t cifs_mount_option_tokens = {
 	{ Opt_noacl, "noacl" },
 	{ Opt_locallease, "locallease" },
 	{ Opt_sign, "sign" },
+	{ Opt_ignore_signature, "signloosely" },
 	{ Opt_seal, "seal" },
 	{ Opt_noac, "noac" },
 	{ Opt_fsc, "fsc" },
@@ -1877,6 +1878,10 @@ cifs_parse_mount_options(const char *mountdata, const char *devname,
 		case Opt_sign:
 			vol->sign = true;
 			break;
+		case Opt_ignore_signature:
+			vol->sign = true;
+			vol->ignore_signature = true;
+			break;
 		case Opt_seal:
 			/* we do not do the following in secFlags because seal
 			 * is a per tree connection (mount) not a per socket
@@ -2608,6 +2613,9 @@ static int match_server(struct TCP_Server_Info *server, struct smb_vol *vol)
 	if (server->rdma != vol->rdma)
 		return 0;
 
+	if (server->ignore_signature != vol->ignore_signature)
+		return 0;
+
 	return 1;
 }
 
@@ -2785,7 +2793,7 @@ cifs_get_tcp_session(struct smb_vol *volume_info)
 	tcp_ses->tcpStatus = CifsNeedNegotiate;
 
 	tcp_ses->nr_targets = 1;
-
+	tcp_ses->ignore_signature = volume_info->ignore_signature;
 	/* thread spawned, put it on the list */
 	spin_lock(&cifs_tcp_ses_lock);
 	list_add(&tcp_ses->tcp_ses_list, &cifs_tcp_ses_list);
@@ -3235,7 +3243,6 @@ cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info)
 
 	ses->sectype = volume_info->sectype;
 	ses->sign = volume_info->sign;
-
 	mutex_lock(&ses->session_mutex);
 	rc = cifs_negotiate_protocol(xid, ses);
 	if (!rc)
diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c
index b02242eacb55..148d7942c796 100644
--- a/fs/cifs/smb2transport.c
+++ b/fs/cifs/smb2transport.c
@@ -522,6 +522,7 @@ smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
 	if ((shdr->Command == SMB2_NEGOTIATE) ||
 	    (shdr->Command == SMB2_SESSION_SETUP) ||
 	    (shdr->Command == SMB2_OPLOCK_BREAK) ||
+	    server->ignore_signature ||
 	    (!server->session_estab))
 		return 0;
 
-- 
2.20.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH][SMB3] Allow skipping signing verification for perf sensitive use cases
  2019-09-04  2:24 [PATCH][SMB3] Allow skipping signing verification for perf sensitive use cases Steve French
@ 2019-09-04  2:37 ` ronnie sahlberg
       [not found]   ` <CAH2r5msuaE_nuEBzxN0LLpriQzv8fYuBkZDUMo09eFqzyfUf9w@mail.gmail.com>
  0 siblings, 1 reply; 4+ messages in thread
From: ronnie sahlberg @ 2019-09-04  2:37 UTC (permalink / raw)
  To: Steve French; +Cc: CIFS

Change
bool ignore_signature;
to
bool ignore_signature:1;

And shouldn't this be part of CIFS_MOUNT_MASK too ?


On Wed, Sep 4, 2019 at 12:25 PM Steve French <smfrench@gmail.com> wrote:
>
> Add new mount option "signloosely" which enables signing but skips the
> sometimes expensive signing checks in the responses (signatures are
> calculated and sent correctly in the SMB2/SMB3 requests even with this
> mount option but skipped in the responses).  Although weaker for security
> (and also data integrity in case a packet were corrupted), this can provide
> enough of a performance benefit (calculating the signature to verify a
> packet can be expensive especially for large packets) to be useful in
> some cases.
>
>
> --
> Thanks,
>
> Steve

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH][SMB3] Allow skipping signing verification for perf sensitive use cases
       [not found]   ` <CAH2r5msuaE_nuEBzxN0LLpriQzv8fYuBkZDUMo09eFqzyfUf9w@mail.gmail.com>
@ 2019-09-04  2:58     ` Steve French
  2019-09-04  3:35       ` ronnie sahlberg
  0 siblings, 1 reply; 4+ messages in thread
From: Steve French @ 2019-09-04  2:58 UTC (permalink / raw)
  To: ronnie sahlberg; +Cc: CIFS

[-- Attachment #1: Type: text/plain, Size: 1116 bytes --]

Updated patch


On Tue, Sep 3, 2019 at 9:53 PM Steve French <smfrench@gmail.com> wrote:
>
> Ok. Will fix the bool. I don't think it belongs in mount mask since it is a server not superblock parm
>
> On Tue, Sep 3, 2019, 21:37 ronnie sahlberg <ronniesahlberg@gmail.com> wrote:
>>
>> Change
>> bool ignore_signature;
>> to
>> bool ignore_signature:1;
>>
>> And shouldn't this be part of CIFS_MOUNT_MASK too ?
>>
>>
>> On Wed, Sep 4, 2019 at 12:25 PM Steve French <smfrench@gmail.com> wrote:
>> >
>> > Add new mount option "signloosely" which enables signing but skips the
>> > sometimes expensive signing checks in the responses (signatures are
>> > calculated and sent correctly in the SMB2/SMB3 requests even with this
>> > mount option but skipped in the responses).  Although weaker for security
>> > (and also data integrity in case a packet were corrupted), this can provide
>> > enough of a performance benefit (calculating the signature to verify a
>> > packet can be expensive especially for large packets) to be useful in
>> > some cases.
>> >
>> >
>> > --
>> > Thanks,
>> >
>> > Steve



-- 
Thanks,

Steve

[-- Attachment #2: 0001-smb3-allow-skipping-signature-verification-for-perf-.patch --]
[-- Type: text/x-patch, Size: 4279 bytes --]

From 8ab8dbe26477d0af8af6bf7b8ae5df1594c6cfa0 Mon Sep 17 00:00:00 2001
From: Steve French <stfrench@microsoft.com>
Date: Tue, 3 Sep 2019 21:18:49 -0500
Subject: [PATCH] smb3: allow skipping signature verification for perf
 sensitive configurations

Add new mount option "signloosely" which enables signing but skips the
sometimes expensive signing checks in the responses (signatures are
calculated and sent correctly in the SMB2/SMB3 requests even with this
mount option but skipped in the responses).  Although weaker for security
(and also data integrity in case a packet were corrupted), this can provide
enough of a performance benefit (calculating the signature to verify a
packet can be expensive especially for large packets) to be useful in
some cases.

Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
---
 fs/cifs/cifsglob.h      |  2 ++
 fs/cifs/connect.c       | 13 ++++++++++---
 fs/cifs/smb2transport.c |  1 +
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index fa5abe3a8514..1f53dee211d8 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -542,6 +542,7 @@ struct smb_vol {
 	umode_t dir_mode;
 	enum securityEnum sectype; /* sectype requested via mnt opts */
 	bool sign; /* was signing requested via mnt opts? */
+	bool ignore_signature:1;
 	bool retry:1;
 	bool intr:1;
 	bool setuids:1;
@@ -681,6 +682,7 @@ struct TCP_Server_Info {
 	char server_GUID[16];
 	__u16 sec_mode;
 	bool sign; /* is signing enabled on this connection? */
+	bool ignore_signature:1; /* skip validation of signatures in SMB2/3 rsp */
 	bool session_estab; /* mark when very first sess is established */
 	int echo_credits;  /* echo reserved slots */
 	int oplock_credits;  /* oplock break reserved slots */
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 85f8d943a05a..17882cede197 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -91,7 +91,7 @@ enum {
 	Opt_serverino, Opt_noserverino,
 	Opt_rwpidforward, Opt_cifsacl, Opt_nocifsacl,
 	Opt_acl, Opt_noacl, Opt_locallease,
-	Opt_sign, Opt_seal, Opt_noac,
+	Opt_sign, Opt_ignore_signature, Opt_seal, Opt_noac,
 	Opt_fsc, Opt_mfsymlinks,
 	Opt_multiuser, Opt_sloppy, Opt_nosharesock,
 	Opt_persistent, Opt_nopersistent,
@@ -183,6 +183,7 @@ static const match_table_t cifs_mount_option_tokens = {
 	{ Opt_noacl, "noacl" },
 	{ Opt_locallease, "locallease" },
 	{ Opt_sign, "sign" },
+	{ Opt_ignore_signature, "signloosely" },
 	{ Opt_seal, "seal" },
 	{ Opt_noac, "noac" },
 	{ Opt_fsc, "fsc" },
@@ -1877,6 +1878,10 @@ cifs_parse_mount_options(const char *mountdata, const char *devname,
 		case Opt_sign:
 			vol->sign = true;
 			break;
+		case Opt_ignore_signature:
+			vol->sign = true;
+			vol->ignore_signature = true;
+			break;
 		case Opt_seal:
 			/* we do not do the following in secFlags because seal
 			 * is a per tree connection (mount) not a per socket
@@ -2608,6 +2613,9 @@ static int match_server(struct TCP_Server_Info *server, struct smb_vol *vol)
 	if (server->rdma != vol->rdma)
 		return 0;
 
+	if (server->ignore_signature != vol->ignore_signature)
+		return 0;
+
 	return 1;
 }
 
@@ -2785,7 +2793,7 @@ cifs_get_tcp_session(struct smb_vol *volume_info)
 	tcp_ses->tcpStatus = CifsNeedNegotiate;
 
 	tcp_ses->nr_targets = 1;
-
+	tcp_ses->ignore_signature = volume_info->ignore_signature;
 	/* thread spawned, put it on the list */
 	spin_lock(&cifs_tcp_ses_lock);
 	list_add(&tcp_ses->tcp_ses_list, &cifs_tcp_ses_list);
@@ -3235,7 +3243,6 @@ cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info)
 
 	ses->sectype = volume_info->sectype;
 	ses->sign = volume_info->sign;
-
 	mutex_lock(&ses->session_mutex);
 	rc = cifs_negotiate_protocol(xid, ses);
 	if (!rc)
diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c
index b02242eacb55..148d7942c796 100644
--- a/fs/cifs/smb2transport.c
+++ b/fs/cifs/smb2transport.c
@@ -522,6 +522,7 @@ smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
 	if ((shdr->Command == SMB2_NEGOTIATE) ||
 	    (shdr->Command == SMB2_SESSION_SETUP) ||
 	    (shdr->Command == SMB2_OPLOCK_BREAK) ||
+	    server->ignore_signature ||
 	    (!server->session_estab))
 		return 0;
 
-- 
2.20.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH][SMB3] Allow skipping signing verification for perf sensitive use cases
  2019-09-04  2:58     ` Steve French
@ 2019-09-04  3:35       ` ronnie sahlberg
  0 siblings, 0 replies; 4+ messages in thread
From: ronnie sahlberg @ 2019-09-04  3:35 UTC (permalink / raw)
  To: Steve French; +Cc: CIFS

reviewed-by me

On Wed, Sep 4, 2019 at 12:59 PM Steve French <smfrench@gmail.com> wrote:
>
> Updated patch
>
>
> On Tue, Sep 3, 2019 at 9:53 PM Steve French <smfrench@gmail.com> wrote:
> >
> > Ok. Will fix the bool. I don't think it belongs in mount mask since it is a server not superblock parm
> >
> > On Tue, Sep 3, 2019, 21:37 ronnie sahlberg <ronniesahlberg@gmail.com> wrote:
> >>
> >> Change
> >> bool ignore_signature;
> >> to
> >> bool ignore_signature:1;
> >>
> >> And shouldn't this be part of CIFS_MOUNT_MASK too ?
> >>
> >>
> >> On Wed, Sep 4, 2019 at 12:25 PM Steve French <smfrench@gmail.com> wrote:
> >> >
> >> > Add new mount option "signloosely" which enables signing but skips the
> >> > sometimes expensive signing checks in the responses (signatures are
> >> > calculated and sent correctly in the SMB2/SMB3 requests even with this
> >> > mount option but skipped in the responses).  Although weaker for security
> >> > (and also data integrity in case a packet were corrupted), this can provide
> >> > enough of a performance benefit (calculating the signature to verify a
> >> > packet can be expensive especially for large packets) to be useful in
> >> > some cases.
> >> >
> >> >
> >> > --
> >> > Thanks,
> >> >
> >> > Steve
>
>
>
> --
> Thanks,
>
> Steve

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, back to index

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-04  2:24 [PATCH][SMB3] Allow skipping signing verification for perf sensitive use cases Steve French
2019-09-04  2:37 ` ronnie sahlberg
     [not found]   ` <CAH2r5msuaE_nuEBzxN0LLpriQzv8fYuBkZDUMo09eFqzyfUf9w@mail.gmail.com>
2019-09-04  2:58     ` Steve French
2019-09-04  3:35       ` ronnie sahlberg

Linux-CIFS Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-cifs/0 linux-cifs/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-cifs linux-cifs/ https://lore.kernel.org/linux-cifs \
		linux-cifs@vger.kernel.org linux-cifs@archiver.kernel.org
	public-inbox-index linux-cifs


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-cifs


AGPL code for this site: git clone https://public-inbox.org/ public-inbox