summaryrefslogtreecommitdiffstats
path: root/fs/cifs/cifsglob.h
diff options
context:
space:
mode:
authorSteve French <stfrench@microsoft.com>2019-09-04 04:18:49 +0200
committerSteve French <stfrench@microsoft.com>2019-09-16 18:43:38 +0200
commit4f5c10f1ad45ae453822113dd0fe39ed757037fb (patch)
treefd8938313cc6abd264afeb09e599e565945e9dab /fs/cifs/cifsglob.h
parentsmb3: add dynamic tracepoints for flush and close (diff)
downloadlinux-4f5c10f1ad45ae453822113dd0fe39ed757037fb.tar.xz
linux-4f5c10f1ad45ae453822113dd0fe39ed757037fb.zip
smb3: allow skipping signature verification for perf sensitive configurations
Add new mount option "signloosely" which enables signing but skips the sometimes expensive signing checks in the responses (signatures are calculated and sent correctly in the SMB2/SMB3 requests even with this mount option but skipped in the responses). Although weaker for security (and also data integrity in case a packet were corrupted), this can provide enough of a performance benefit (calculating the signature to verify a packet can be expensive especially for large packets) to be useful in some cases. Signed-off-by: Steve French <stfrench@microsoft.com> Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Diffstat (limited to 'fs/cifs/cifsglob.h')
-rw-r--r--fs/cifs/cifsglob.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index fa5abe3a8514..1f53dee211d8 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -542,6 +542,7 @@ struct smb_vol {
umode_t dir_mode;
enum securityEnum sectype; /* sectype requested via mnt opts */
bool sign; /* was signing requested via mnt opts? */
+ bool ignore_signature:1;
bool retry:1;
bool intr:1;
bool setuids:1;
@@ -681,6 +682,7 @@ struct TCP_Server_Info {
char server_GUID[16];
__u16 sec_mode;
bool sign; /* is signing enabled on this connection? */
+ bool ignore_signature:1; /* skip validation of signatures in SMB2/3 rsp */
bool session_estab; /* mark when very first sess is established */
int echo_credits; /* echo reserved slots */
int oplock_credits; /* oplock break reserved slots */