From: Steve French stfrench@microsoft.com
[ Upstream commit f765fdfcd8b5bce92c6aa1a517ff549529ddf590 ]
Fix typo in description of enable_gcm_256 module parameter
Suggested-by: Thomas Spear speeddymon@gmail.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Sasha Levin sashal@kernel.org ---
LLM Generated explanations, may be completely bogus:
Based on my comprehensive analysis using semantic code analysis tools and git history examination, here is my determination:
## **Backport Status: YES**
### Analysis Summary
**1. Semantic Code Analysis Findings:**
Using `mcp__semcode__grep_functions` and `mcp__semcode__find_function`, I identified that `enable_gcm_256` is used in the `build_encrypt_ctxt` function (fs/smb/client/smb2pdu.c:643), which controls SMB encryption cipher negotiation. Using `mcp__semcode__find_callers`, I found this function is called by `assemble_neg_contexts`, which is part of the SMB2 protocol negotiation path.
**2. Historical Context (Critical Finding):**
Through git history analysis, I discovered this is actually the **second fix** for this documentation bug:
- **April 2021** (commit fee742b50289): Changed `enable_gcm_256` default from `false` to `true`, but **forgot to update documentation** (left as "Default: n/N/0")
- **June 2024** (commit 8bf0287528da1): **Partial fix** - changed documentation from "n/N/0" to "y/Y/0" - This commit was **explicitly tagged with `Cc: stable@vger.kernel.org`** - Included `Fixes: fee742b50289` tag - **Was successfully backported to multiple stable trees**
- **October 2025** (commit f765fdfcd8b5b - the commit being analyzed): **Completes the fix** - changes "y/Y/0" to "y/Y/1" - Fixes the remaining typo left by the partial June 2024 fix - Already appears to be in backporting pipeline (commit 66b5c330b9223)
**3. Why This Should Be Backported:**
1. **Precedent**: The June 2024 partial fix was deemed important enough for stable backporting by maintainers, even though it was "just documentation"
2. **Incomplete Fix in Stable Trees**: Stable trees that received the June 2024 backport currently have **contradictory documentation** stating "Default: y/Y/0" where "y/Y" suggests true but "0" suggests false
3. **Security Context**: This affects user understanding of encryption settings for CIFS/SMB mounts. The variable controls whether 256-bit GCM encryption is offered during protocol negotiation (fs/smb/client/smb2pdu.c:643-648)
4. **User Impact**: Users running `modinfo cifs` on stable kernels with the partial fix see confusing/incorrect information about security- related defaults
5. **Zero Risk**: Single character change in a MODULE_PARM_DESC string - cannot cause regressions
6. **Completes Backported Work**: This is a continuation of fix 8bf0287528da1 that was already backported to stable
**4. Code Impact Analysis:**
- **Files Changed**: 1 (fs/smb/client/cifsfs.c) - **Lines Changed**: 1 (documentation string only) - **Functional Changes**: None (pure documentation) - **Actual Code Default**: `bool enable_gcm_256 = true;` (line 68) - unchanged since April 2021
### Recommendation
**YES - This commit should be backported** because it completes a documentation fix that was already deemed worthy of stable backporting. Stable trees currently have misleading documentation ("y/Y/0") that contradicts itself, and this trivial, zero-risk change corrects user- visible information about security-related module parameters. The precedent for backporting documentation fixes for this specific parameter was already established in June 2024.
fs/smb/client/cifsfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/smb/client/cifsfs.c b/fs/smb/client/cifsfs.c index e1848276bab41..984545cfe30b7 100644 --- a/fs/smb/client/cifsfs.c +++ b/fs/smb/client/cifsfs.c @@ -133,7 +133,7 @@ module_param(enable_oplocks, bool, 0644); MODULE_PARM_DESC(enable_oplocks, "Enable or disable oplocks. Default: y/Y/1");
module_param(enable_gcm_256, bool, 0644); -MODULE_PARM_DESC(enable_gcm_256, "Enable requesting strongest (256 bit) GCM encryption. Default: y/Y/0"); +MODULE_PARM_DESC(enable_gcm_256, "Enable requesting strongest (256 bit) GCM encryption. Default: y/Y/1");
module_param(require_gcm_256, bool, 0644); MODULE_PARM_DESC(require_gcm_256, "Require strongest (256 bit) GCM encryption. Default: n/N/0");