Message ID | edf29319d776d6aa71c73f563f599c1eb68ba574.1504874922.git.joseph.salisbury@canonical.com |
---|---|
State | New |
Headers | show |
Series | CIFS: Fix maximum SMB2 header size | expand |
On 08.09.2017 15:06, Joseph Salisbury wrote: > From: Pavel Shilovsky <pshilov@microsoft.com> > > BugLink: http://bugs.launchpad.net/bugs/1713884 > > Currently the maximum size of SMB2/3 header is set incorrectly which > leads to hanging of directory listing operations on encrypted SMB3 > connections. Fix this by setting the maximum size to 170 bytes that > is calculated as RFC1002 length field size (4) + transform header > size (52) + SMB2 header size (64) + create response size (56). > > Cc: <stable@vger.kernel.org> > Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com> > Signed-off-by: Steve French <smfrench@gmail.com> > Acked-by: Sachin Prabhu <sprabhu@redhat.com> > (cherry picked from commit 9e37b1784f2be9397a903307574ee565bbadfd75) > Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> > --- Note that this is part of 4.4.87 stable for Xenial. -Stefan > fs/cifs/smb2pdu.h | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h > index 18700fd..2826882 100644 > --- a/fs/cifs/smb2pdu.h > +++ b/fs/cifs/smb2pdu.h > @@ -84,8 +84,8 @@ > > #define NUMBER_OF_SMB2_COMMANDS 0x0013 > > -/* BB FIXME - analyze following length BB */ > -#define MAX_SMB2_HDR_SIZE 0x78 /* 4 len + 64 hdr + (2*24 wct) + 2 bct + 2 pad */ > +/* 4 len + 52 transform hdr + 64 hdr + 56 create rsp */ > +#define MAX_SMB2_HDR_SIZE 0x00b0 > > #define SMB2_PROTO_NUMBER cpu_to_le32(0x424d53fe) > #define SMB2_TRANSFORM_PROTO_NUM cpu_to_le32(0x424d53fd) >
On 08/09/17 14:06, Joseph Salisbury wrote: > From: Pavel Shilovsky <pshilov@microsoft.com> > > BugLink: http://bugs.launchpad.net/bugs/1713884 > > Currently the maximum size of SMB2/3 header is set incorrectly which > leads to hanging of directory listing operations on encrypted SMB3 > connections. Fix this by setting the maximum size to 170 bytes that > is calculated as RFC1002 length field size (4) + transform header > size (52) + SMB2 header size (64) + create response size (56). > > Cc: <stable@vger.kernel.org> > Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com> > Signed-off-by: Steve French <smfrench@gmail.com> > Acked-by: Sachin Prabhu <sprabhu@redhat.com> > (cherry picked from commit 9e37b1784f2be9397a903307574ee565bbadfd75) > Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com> > --- > fs/cifs/smb2pdu.h | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h > index 18700fd..2826882 100644 > --- a/fs/cifs/smb2pdu.h > +++ b/fs/cifs/smb2pdu.h > @@ -84,8 +84,8 @@ > > #define NUMBER_OF_SMB2_COMMANDS 0x0013 > > -/* BB FIXME - analyze following length BB */ > -#define MAX_SMB2_HDR_SIZE 0x78 /* 4 len + 64 hdr + (2*24 wct) + 2 bct + 2 pad */ > +/* 4 len + 52 transform hdr + 64 hdr + 56 create rsp */ > +#define MAX_SMB2_HDR_SIZE 0x00b0 > > #define SMB2_PROTO_NUMBER cpu_to_le32(0x424d53fe) > #define SMB2_TRANSFORM_PROTO_NUM cpu_to_le32(0x424d53fd) > Clean cherry pick. Acked-by: Colin Ian King <colin.king@canonical.com>
On 08.09.2017 15:06, Joseph Salisbury wrote: > From: Pavel Shilovsky <pshilov@microsoft.com> > > BugLink: http://bugs.launchpad.net/bugs/1713884 > > Currently the maximum size of SMB2/3 header is set incorrectly which > leads to hanging of directory listing operations on encrypted SMB3 > connections. Fix this by setting the maximum size to 170 bytes that > is calculated as RFC1002 length field size (4) + transform header > size (52) + SMB2 header size (64) + create response size (56). > > Cc: <stable@vger.kernel.org> > Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com> > Signed-off-by: Steve French <smfrench@gmail.com> > Acked-by: Sachin Prabhu <sprabhu@redhat.com> > (cherry picked from commit 9e37b1784f2be9397a903307574ee565bbadfd75) > Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com> > --- > fs/cifs/smb2pdu.h | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h > index 18700fd..2826882 100644 > --- a/fs/cifs/smb2pdu.h > +++ b/fs/cifs/smb2pdu.h > @@ -84,8 +84,8 @@ > > #define NUMBER_OF_SMB2_COMMANDS 0x0013 > > -/* BB FIXME - analyze following length BB */ > -#define MAX_SMB2_HDR_SIZE 0x78 /* 4 len + 64 hdr + (2*24 wct) + 2 bct + 2 pad */ > +/* 4 len + 52 transform hdr + 64 hdr + 56 create rsp */ > +#define MAX_SMB2_HDR_SIZE 0x00b0 > > #define SMB2_PROTO_NUMBER cpu_to_le32(0x424d53fe) > #define SMB2_TRANSFORM_PROTO_NUM cpu_to_le32(0x424d53fd) > Applied to Xenial and Zesty master-next
On Fri, Sep 08, 2017 at 09:06:11AM -0400, Joseph Salisbury wrote: > From: Pavel Shilovsky <pshilov@microsoft.com> > > BugLink: http://bugs.launchpad.net/bugs/1713884 > > Currently the maximum size of SMB2/3 header is set incorrectly which > leads to hanging of directory listing operations on encrypted SMB3 > connections. Fix this by setting the maximum size to 170 bytes that > is calculated as RFC1002 length field size (4) + transform header > size (52) + SMB2 header size (64) + create response size (56). > > Cc: <stable@vger.kernel.org> > Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com> > Signed-off-by: Steve French <smfrench@gmail.com> > Acked-by: Sachin Prabhu <sprabhu@redhat.com> > (cherry picked from commit 9e37b1784f2be9397a903307574ee565bbadfd75) > Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com> Artful master-next already includes this patch by virtue of having been updated to 4.13.
diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h index 18700fd..2826882 100644 --- a/fs/cifs/smb2pdu.h +++ b/fs/cifs/smb2pdu.h @@ -84,8 +84,8 @@ #define NUMBER_OF_SMB2_COMMANDS 0x0013 -/* BB FIXME - analyze following length BB */ -#define MAX_SMB2_HDR_SIZE 0x78 /* 4 len + 64 hdr + (2*24 wct) + 2 bct + 2 pad */ +/* 4 len + 52 transform hdr + 64 hdr + 56 create rsp */ +#define MAX_SMB2_HDR_SIZE 0x00b0 #define SMB2_PROTO_NUMBER cpu_to_le32(0x424d53fe) #define SMB2_TRANSFORM_PROTO_NUM cpu_to_le32(0x424d53fd)