ACK/Cmnt: [PATCH 0/14][Focal,Groovy][linux] Enable CIFS GCM256
Tim Gardner
tim.gardner at canonical.com
Wed May 5 12:23:51 UTC 2021
On 5/5/21 2:36 AM, Stefan Bader wrote:
> On 02.05.21 23:00, Tim Gardner wrote:
>> BugLink: https://bugs.launchpad.net/bugs/1921916
>>
>> [Impact]
>>
>> Microsoft has asked to enable CIFS GCM256 encryption support.
>> SF#00307143
>> This looks like a safe enough feature that the manline kernel
>> would benefit from its inclusion. GCM256 is only enabled with
>> module parameters, so the default behavior remains unchanged.
>
> Being opt-in is a key argument for allowing this into stable releases.
> With patch #7 this is not easy to tell but I think it more or less
> appears to be ok (from what I can tell) and I saw no follow-ups, yet.
>
>>
>> [Test Plan]
>>
>> Microsoft has tested Focal and Groovy mainline kernels with these
>> patch sets. No regression issues were found.
>>
>> [Where problems could occur]
>>
>> Samba servers without GCM256 support may not connect.
>
> This might be related to this change which I noticed (not saying I think
> it should be added now but maybe is something that gets asked for once
> we have the basic support in):
>
> commit acf96fef46f271642b90aa658ba49e33ae34ddf0
> Author: Steve French <stfrench at microsoft.com>
> Date: Sat Oct 17 03:54:27 2020 -0500
>
> smb3.1.1: do not fail if no encryption required but server doesn't
> support it
>
While this is a righteous patch all on it's own, it is unrelated to this
series in that it impacts _all_ encryption support (or lack thereof). If
someone complains then I think it should be a separate bug report.
rtg
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list