From patchwork Tue Sep 13 10:40:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "zhangxiaoxu (A)" X-Patchwork-Id: 1677196 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2620:137:e000::1:20; helo=out1.vger.email; envelope-from=linux-cifs-owner@vger.kernel.org; receiver=) Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by legolas.ozlabs.org (Postfix) with ESMTP id 4MRdjr41n8z1ypR for ; Tue, 13 Sep 2022 19:40:16 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231735AbiIMJkM (ORCPT ); Tue, 13 Sep 2022 05:40:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48180 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231744AbiIMJkG (ORCPT ); Tue, 13 Sep 2022 05:40:06 -0400 Received: from dggsgout11.his.huawei.com (unknown [45.249.212.51]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9D4CB2C135 for ; Tue, 13 Sep 2022 02:40:03 -0700 (PDT) Received: from mail02.huawei.com (unknown [172.30.67.143]) by dggsgout11.his.huawei.com (SkyGuard) with ESMTP id 4MRdgP2F5HzKChn for ; Tue, 13 Sep 2022 17:38:09 +0800 (CST) Received: from huaweicloud.com (unknown [10.175.104.170]) by APP2 (Coremail) with SMTP id Syh0CgC3VW_uTyBjIj4hAw--.48825S5; Tue, 13 Sep 2022 17:40:01 +0800 (CST) From: Zhang Xiaoxu To: linux-cifs@vger.kernel.org, zhangxiaoxu5@huawei.com, sfrench@samba.org, pc@cjr.nz, lsahlber@redhat.com, sprasad@microsoft.com, rohiths@microsoft.com, smfrench@gmail.com, tom@talpey.com, linkinjeon@kernel.org, hyc.lee@gmail.com Subject: [PATCH v5 1/5] cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message Date: Tue, 13 Sep 2022 18:40:55 +0800 Message-Id: <20220913104059.2545304-2-zhangxiaoxu5@huawei.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220913104059.2545304-1-zhangxiaoxu5@huawei.com> References: <20220913104059.2545304-1-zhangxiaoxu5@huawei.com> MIME-Version: 1.0 X-CM-TRANSID: Syh0CgC3VW_uTyBjIj4hAw--.48825S5 X-Coremail-Antispam: 1UD129KBjvJXoW7ZFW8tr47GF13tryDWr43GFg_yoW8GF45pr n2grykGFZ3Xry8Cw1UA3Wkuas8Kwn5WF129r4DCw13J3WF9F15KFWv93s5W34rKayFyFWj qr42ya45twn0y3DanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUPab4IE77IF4wAFF20E14v26ryj6rWUM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6r1S6rWUM7CIcVAFz4kK6r1j6r18M28IrcIa0xkI8VA2jI8067AKxVWUGw A2048vs2IY020Ec7CjxVAFwI0_Gr0_Xr1l8cAvFVAK0II2c7xJM28CjxkF64kEwVA0rcxS w2x7M28EF7xvwVC0I7IYx2IY67AKxVWDJVCq3wA2z4x0Y4vE2Ix0cI8IcVCY1x0267AKxV W8Jr0_Cr1UM28EF7xvwVC2z280aVAFwI0_GcCE3s1l84ACjcxK6I8E87Iv6xkF7I0E14v2 6rxl6s0DM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrVACY4xI64kE6c02F40Ex7xfMc Ij6xIIjxv20xvE14v26r106r15McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x0Yz7v_ Jr0_Gr1lF7xvr2IYc2Ij64vIr41lFIxGxcIEc7CjxVA2Y2ka0xkIwI1l42xK82IYc2Ij64 vIr41l42xK82IY64kExVAvwVAq07x20xyl4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAq x4xG67AKxVWUJVWUGwC20s026x8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r1q6r 43MIIYrxkI7VAKI48JMIIF0xvE2Ix0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF 7I0E14v26r4j6F4UMIIF0xvE42xK8VAvwI8IcIk0rVWUJVWUCwCI42IY6I8E87Iv67AKxV WUJVW8JwCI42IY6I8E87Iv6xkF7I0E14v26r4j6r4UJbIYCTnIWIevJa73UjIFyTuYvjxU 7Pl1DUUUU Sender: zhangxiaoxu@huaweicloud.com X-CM-SenderInfo: x2kd0wp0ld053x6k3tpzhluzxrxghudrp/ X-CFilter-Loop: Reflected X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,KHOP_HELO_FCRDNS,MAY_BE_FORGED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org Commit d5c7076b772a ("smb3: add smb3.1.1 to default dialect list") extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect, then the message length is larger than expected. This maybe leak some info through network because not initialize the message body. After apply this patch, the VALIDATE_NEGOTIATE_INFO message length is reduced from 28 bytes to 26 bytes. Fixes: d5c7076b772a ("smb3: add smb3.1.1 to default dialect list") Signed-off-by: Zhang Xiaoxu Cc: Reviewed-by: Tom Talpey --- fs/cifs/smb2pdu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 6352ab32c7e7..223056097b54 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -1169,9 +1169,9 @@ int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon) pneg_inbuf->Dialects[0] = cpu_to_le16(server->vals->protocol_id); pneg_inbuf->DialectCount = cpu_to_le16(1); - /* structure is big enough for 3 dialects, sending only 1 */ + /* structure is big enough for 4 dialects, sending only 1 */ inbuflen = sizeof(*pneg_inbuf) - - sizeof(pneg_inbuf->Dialects[0]) * 2; + sizeof(pneg_inbuf->Dialects[0]) * 3; } rc = SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID, From patchwork Tue Sep 13 10:40:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "zhangxiaoxu (A)" X-Patchwork-Id: 1677195 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2620:137:e000::1:20; helo=out1.vger.email; envelope-from=linux-cifs-owner@vger.kernel.org; receiver=) Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by legolas.ozlabs.org (Postfix) with ESMTP id 4MRdjr0wwJz1ynm for ; Tue, 13 Sep 2022 19:40:15 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230478AbiIMJkL (ORCPT ); Tue, 13 Sep 2022 05:40:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49346 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231707AbiIMJkG (ORCPT ); Tue, 13 Sep 2022 05:40:06 -0400 Received: from dggsgout11.his.huawei.com (unknown [45.249.212.51]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9DE782CC97 for ; Tue, 13 Sep 2022 02:40:03 -0700 (PDT) Received: from mail02.huawei.com (unknown [172.30.67.143]) by dggsgout11.his.huawei.com (SkyGuard) with ESMTP id 4MRdgP5BFLzKCyC for ; Tue, 13 Sep 2022 17:38:09 +0800 (CST) Received: from huaweicloud.com (unknown [10.175.104.170]) by APP2 (Coremail) with SMTP id Syh0CgC3VW_uTyBjIj4hAw--.48825S6; Tue, 13 Sep 2022 17:40:01 +0800 (CST) From: Zhang Xiaoxu To: linux-cifs@vger.kernel.org, zhangxiaoxu5@huawei.com, sfrench@samba.org, pc@cjr.nz, lsahlber@redhat.com, sprasad@microsoft.com, rohiths@microsoft.com, smfrench@gmail.com, tom@talpey.com, linkinjeon@kernel.org, hyc.lee@gmail.com Subject: [PATCH v5 2/5] ksmbd: Fix wrong return value in smb2_ioctl() Date: Tue, 13 Sep 2022 18:40:56 +0800 Message-Id: <20220913104059.2545304-3-zhangxiaoxu5@huawei.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220913104059.2545304-1-zhangxiaoxu5@huawei.com> References: <20220913104059.2545304-1-zhangxiaoxu5@huawei.com> MIME-Version: 1.0 X-CM-TRANSID: Syh0CgC3VW_uTyBjIj4hAw--.48825S6 X-Coremail-Antispam: 1UD129KBjvdXoWrKw4rur43WFyrAryxKFWruFg_yoWkGrX_XF ZYvr97WFyUJF4rJw4Dt3WvvF93Jw4rGwn7Way8tFZ8JayDJw1Svw48Xa93GFy7uw4UWrWk Cwn8u3WfZryIgjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUIcSsGvfJTRUUUbqkYFVCjjxCrM7AC8VAFwI0_Wr0E3s1l1xkIjI8I6I8E6xAIw20E Y4v20xvaj40_JFC_Wr1l1IIY67AEw4v_Jr0_Jr4l82xGYIkIc2x26280x7IE14v26r15M2 8IrcIa0xkI8VCY1x0267AKxVW5JVCq3wA2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK 021l84ACjcxK6xIIjxv20xvE14v26w1j6s0DM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26r 4UJVWxJr1l84ACjcxK6I8E87Iv67AKxVW0oVCq3wA2z4x0Y4vEx4A2jsIEc7CjxVAFwI0_ GcCE3s1le2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4xG64xvF2IEw4CE5I8CrVC2j2WlYx 0E2Ix0cI8IcVAFwI0_JrI_JrylYx0Ex4A2jsIE14v26r1j6r4UMcvjeVCFs4IE7xkEbVWU JVW8JwACjcxG0xvY0x0EwIxGrwACI402YVCY1x02628vn2kIc2xKxwCF04k20xvY0x0EwI xGrwCF04k20xvEw4C26cxK6c8Ij28IcwCFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s026c02 F40E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_Jw0_GF ylIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI42IY6xIIjxv20xvEc7Cj xVAFwI0_Gr0_Cr1lIxAIcVCF04k26cxKx2IYs7xG6r1j6r1xMIIF0xvEx4A2jsIE14v26r 1j6r4UMIIF0xvEx4A2jsIEc7CjxVAFwI0_Gr0_Gr1UYxBIdaVFxhVjvjDU0xZFpf9x07Ud UUUUUUUU= Sender: zhangxiaoxu@huaweicloud.com X-CM-SenderInfo: x2kd0wp0ld053x6k3tpzhluzxrxghudrp/ X-CFilter-Loop: Reflected X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,KHOP_HELO_FCRDNS,MAY_BE_FORGED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org When the {in, out}_buf_len is less than the required, should goto out to initialize the status in the response header. Fixes: f7db8fd03a4bc ("ksmbd: add validation in smb2_ioctl") Signed-off-by: Zhang Xiaoxu Cc: --- fs/ksmbd/smb2pdu.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index c49f65146ab3..b56d7688ccf1 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -7640,11 +7640,15 @@ int smb2_ioctl(struct ksmbd_work *work) goto out; } - if (in_buf_len < sizeof(struct validate_negotiate_info_req)) - return -EINVAL; + if (in_buf_len < sizeof(struct validate_negotiate_info_req)) { + ret = -EINVAL; + goto out; + } - if (out_buf_len < sizeof(struct validate_negotiate_info_rsp)) - return -EINVAL; + if (out_buf_len < sizeof(struct validate_negotiate_info_rsp)) { + ret = -EINVAL; + goto out; + } ret = fsctl_validate_negotiate_info(conn, (struct validate_negotiate_info_req *)&req->Buffer[0], From patchwork Tue Sep 13 10:40:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "zhangxiaoxu (A)" X-Patchwork-Id: 1677198 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2620:137:e000::1:20; helo=out1.vger.email; envelope-from=linux-cifs-owner@vger.kernel.org; receiver=) Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by legolas.ozlabs.org (Postfix) with ESMTP id 4MRdjs3Q2rz1ynm for ; Tue, 13 Sep 2022 19:40:17 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231495AbiIMJkO (ORCPT ); Tue, 13 Sep 2022 05:40:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48490 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231748AbiIMJkH (ORCPT ); Tue, 13 Sep 2022 05:40:07 -0400 Received: from dggsgout12.his.huawei.com (dggsgout12.his.huawei.com [45.249.212.56]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B7D27101C0 for ; Tue, 13 Sep 2022 02:40:04 -0700 (PDT) Received: from mail02.huawei.com (unknown [172.30.67.143]) by dggsgout12.his.huawei.com (SkyGuard) with ESMTP id 4MRdgQ6dhvz6PfVP for ; Tue, 13 Sep 2022 17:38:10 +0800 (CST) Received: from huaweicloud.com (unknown [10.175.104.170]) by APP2 (Coremail) with SMTP id Syh0CgC3VW_uTyBjIj4hAw--.48825S7; Tue, 13 Sep 2022 17:40:02 +0800 (CST) From: Zhang Xiaoxu To: linux-cifs@vger.kernel.org, zhangxiaoxu5@huawei.com, sfrench@samba.org, pc@cjr.nz, lsahlber@redhat.com, sprasad@microsoft.com, rohiths@microsoft.com, smfrench@gmail.com, tom@talpey.com, linkinjeon@kernel.org, hyc.lee@gmail.com Subject: [PATCH v5 3/5] ksmbd: Fix FSCTL_VALIDATE_NEGOTIATE_INFO message length check in smb2_ioctl() Date: Tue, 13 Sep 2022 18:40:57 +0800 Message-Id: <20220913104059.2545304-4-zhangxiaoxu5@huawei.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220913104059.2545304-1-zhangxiaoxu5@huawei.com> References: <20220913104059.2545304-1-zhangxiaoxu5@huawei.com> MIME-Version: 1.0 X-CM-TRANSID: Syh0CgC3VW_uTyBjIj4hAw--.48825S7 X-Coremail-Antispam: 1UD129KBjvdXoWrtrWxXryrKw1kAr4rXFyxKrg_yoWfJwb_GF WrAa1xXa4UJF4xJw1DJF40qFn8Xw4rGr1rWF48tFWDJa9rJr93Z3saqa97try2ka15Gr48 u3s0g3WDurW2gjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUIcSsGvfJTRUUUbqkYFVCjjxCrM7AC8VAFwI0_Wr0E3s1l1xkIjI8I6I8E6xAIw20E Y4v20xvaj40_JFC_Wr1l1IIY67AEw4v_Jr0_Jr4l82xGYIkIc2x26280x7IE14v26r1rM2 8IrcIa0xkI8VCY1x0267AKxVW5JVCq3wA2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK 021l84ACjcxK6xIIjxv20xvE14v26w1j6s0DM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26r 4UJVWxJr1l84ACjcxK6I8E87Iv67AKxVW0oVCq3wA2z4x0Y4vEx4A2jsIEc7CjxVAFwI0_ GcCE3s1le2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4xG64xvF2IEw4CE5I8CrVC2j2WlYx 0E2Ix0cI8IcVAFwI0_JrI_JrylYx0Ex4A2jsIE14v26r1j6r4UMcvjeVCFs4IE7xkEbVWU JVW8JwACjcxG0xvY0x0EwIxGrwACI402YVCY1x02628vn2kIc2xKxwCF04k20xvY0x0EwI xGrwCF04k20xvEw4C26cxK6c8Ij28IcwCFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s026c02 F40E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_Jw0_GF ylIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI42IY6xIIjxv20xvEc7Cj xVAFwI0_Gr0_Cr1lIxAIcVCF04k26cxKx2IYs7xG6r1j6r1xMIIF0xvEx4A2jsIE14v26r 1j6r4UMIIF0xvEx4A2jsIEc7CjxVAFwI0_Gr0_Gr1UYxBIdaVFxhVjvjDU0xZFpf9x07UQ iSdUUUUU= Sender: zhangxiaoxu@huaweicloud.com X-CM-SenderInfo: x2kd0wp0ld053x6k3tpzhluzxrxghudrp/ X-CFilter-Loop: Reflected X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org The structure size includes 4 dialect slots, but the protocol does not require the client to send all 4. So this allows the negotiation to not fail. Fixes: c7803b05f74b ("smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common") Signed-off-by: Zhang Xiaoxu Cc: --- fs/ksmbd/smb2pdu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index b56d7688ccf1..09ae601e64f9 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -7640,7 +7640,8 @@ int smb2_ioctl(struct ksmbd_work *work) goto out; } - if (in_buf_len < sizeof(struct validate_negotiate_info_req)) { + if (in_buf_len < offsetof(struct validate_negotiate_info_req, + Dialects)) { ret = -EINVAL; goto out; } From patchwork Tue Sep 13 10:40:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "zhangxiaoxu (A)" X-Patchwork-Id: 1677200 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2620:137:e000::1:20; helo=out1.vger.email; envelope-from=linux-cifs-owner@vger.kernel.org; receiver=) Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by legolas.ozlabs.org (Postfix) with ESMTP id 4MRdjv1wXTz1ynm for ; Tue, 13 Sep 2022 19:40:19 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231742AbiIMJkP (ORCPT ); Tue, 13 Sep 2022 05:40:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49048 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231719AbiIMJkH (ORCPT ); Tue, 13 Sep 2022 05:40:07 -0400 Received: from dggsgout12.his.huawei.com (dggsgout12.his.huawei.com [45.249.212.56]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B7E252F007 for ; Tue, 13 Sep 2022 02:40:04 -0700 (PDT) Received: from mail02.huawei.com (unknown [172.30.67.143]) by dggsgout12.his.huawei.com (SkyGuard) with ESMTP id 4MRdgR2TlTz6PYlf for ; Tue, 13 Sep 2022 17:38:11 +0800 (CST) Received: from huaweicloud.com (unknown [10.175.104.170]) by APP2 (Coremail) with SMTP id Syh0CgC3VW_uTyBjIj4hAw--.48825S8; Tue, 13 Sep 2022 17:40:02 +0800 (CST) From: Zhang Xiaoxu To: linux-cifs@vger.kernel.org, zhangxiaoxu5@huawei.com, sfrench@samba.org, pc@cjr.nz, lsahlber@redhat.com, sprasad@microsoft.com, rohiths@microsoft.com, smfrench@gmail.com, tom@talpey.com, linkinjeon@kernel.org, hyc.lee@gmail.com Subject: [PATCH v5 4/5] cifs: Add neg dialects info to smb version values Date: Tue, 13 Sep 2022 18:40:58 +0800 Message-Id: <20220913104059.2545304-5-zhangxiaoxu5@huawei.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220913104059.2545304-1-zhangxiaoxu5@huawei.com> References: <20220913104059.2545304-1-zhangxiaoxu5@huawei.com> MIME-Version: 1.0 X-CM-TRANSID: Syh0CgC3VW_uTyBjIj4hAw--.48825S8 X-Coremail-Antispam: 1UD129KBjvJXoW3GFWkuw1ftr4rCrW8ArWxCrg_yoW3GFy3pF s09rWxGF4fXay7Zw13Ary8CFZ5Kw1fWw1xKrWqk34Fgryq9w4FqFyktryDX3sYy3yUtrWY qw4qva1j9w40vr7anT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUPmb4IE77IF4wAFF20E14v26rWj6s0DM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6r1S6rWUM7CIcVAFz4kK6r1j6r18M28IrcIa0xkI8VA2jI8067AKxVWUAV Cq3wA2048vs2IY020Ec7CjxVAFwI0_Xr0E3s1l8cAvFVAK0II2c7xJM28CjxkF64kEwVA0 rcxSw2x7M28EF7xvwVC0I7IYx2IY67AKxVWDJVCq3wA2z4x0Y4vE2Ix0cI8IcVCY1x0267 AKxVW8Jr0_Cr1UM28EF7xvwVC2z280aVAFwI0_GcCE3s1l84ACjcxK6I8E87Iv6xkF7I0E 14v26rxl6s0DM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrVACY4xI64kE6c02F40Ex7 xfMcIj6xIIjxv20xvE14v26r106r15McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x0Y z7v_Jr0_Gr1lF7xvr2IYc2Ij64vIr41lFIxGxcIEc7CjxVA2Y2ka0xkIwI1l42xK82IYc2 Ij64vIr41l42xK82IY64kExVAvwVAq07x20xyl4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2Iq xVAqx4xG67AKxVWUJVWUGwC20s026x8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r 1q6r43MIIYrxkI7VAKI48JMIIF0xvE2Ix0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY 6xkF7I0E14v26F4j6r4UJwCI42IY6xAIw20EY4v20xvaj40_Jr0_JF4lIxAIcVC2z280aV AFwI0_Jr0_Gr1lIxAIcVC2z280aVCY1x0267AKxVW8JVW8JrUvcSsGvfC2KfnxnUUI43ZE Xa7IUbX4S5UUUUU== Sender: zhangxiaoxu@huaweicloud.com X-CM-SenderInfo: x2kd0wp0ld053x6k3tpzhluzxrxghudrp/ X-CFilter-Loop: Reflected X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org The dialects information when negotiate with server is depends on the smb version, add it to the version values and make code simple. Signed-off-by: Zhang Xiaoxu Acked-by: Tom Talpey --- fs/cifs/cifsglob.h | 2 ++ fs/cifs/smb2ops.c | 35 ++++++++++++++++++++++++++++ fs/cifs/smb2pdu.c | 58 +++++++--------------------------------------- 3 files changed, 46 insertions(+), 49 deletions(-) diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index ae7f571a7dba..376421b63738 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -553,6 +553,8 @@ struct smb_version_values { __u16 signing_enabled; __u16 signing_required; size_t create_lease_size; + int neg_dialect_cnt; + __le16 *neg_dialects; }; #define HEADER_SIZE(server) (server->vals->header_size) diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index 421be43af425..3df330806490 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -5664,6 +5664,12 @@ struct smb_version_values smb21_values = { .create_lease_size = sizeof(struct create_lease), }; +__le16 smb3any_neg_dialects[] = { + cpu_to_le16(SMB30_PROT_ID), + cpu_to_le16(SMB302_PROT_ID), + cpu_to_le16(SMB311_PROT_ID) +}; + struct smb_version_values smb3any_values = { .version_string = SMB3ANY_VERSION_STRING, .protocol_id = SMB302_PROT_ID, /* doesn't matter, send protocol array */ @@ -5683,6 +5689,15 @@ struct smb_version_values smb3any_values = { .signing_enabled = SMB2_NEGOTIATE_SIGNING_ENABLED | SMB2_NEGOTIATE_SIGNING_REQUIRED, .signing_required = SMB2_NEGOTIATE_SIGNING_REQUIRED, .create_lease_size = sizeof(struct create_lease_v2), + .neg_dialect_cnt = ARRAY_SIZE(smb3any_neg_dialects), + .neg_dialects = smb3any_neg_dialects, +}; + +__le16 smbdefault_neg_dialects[] = { + cpu_to_le16(SMB21_PROT_ID), + cpu_to_le16(SMB30_PROT_ID), + cpu_to_le16(SMB302_PROT_ID), + cpu_to_le16(SMB311_PROT_ID) }; struct smb_version_values smbdefault_values = { @@ -5704,6 +5719,12 @@ struct smb_version_values smbdefault_values = { .signing_enabled = SMB2_NEGOTIATE_SIGNING_ENABLED | SMB2_NEGOTIATE_SIGNING_REQUIRED, .signing_required = SMB2_NEGOTIATE_SIGNING_REQUIRED, .create_lease_size = sizeof(struct create_lease_v2), + .neg_dialect_cnt = ARRAY_SIZE(smbdefault_neg_dialects), + .neg_dialects = smbdefault_neg_dialects, +}; + +__le16 smb30_neg_dialects[] = { + cpu_to_le16(SMB30_PROT_ID), }; struct smb_version_values smb30_values = { @@ -5725,6 +5746,12 @@ struct smb_version_values smb30_values = { .signing_enabled = SMB2_NEGOTIATE_SIGNING_ENABLED | SMB2_NEGOTIATE_SIGNING_REQUIRED, .signing_required = SMB2_NEGOTIATE_SIGNING_REQUIRED, .create_lease_size = sizeof(struct create_lease_v2), + .neg_dialect_cnt = ARRAY_SIZE(smb30_neg_dialects), + .neg_dialects = smb30_neg_dialects, +}; + +__le16 smb302_neg_dialects[] = { + cpu_to_le16(SMB302_PROT_ID), }; struct smb_version_values smb302_values = { @@ -5746,6 +5773,12 @@ struct smb_version_values smb302_values = { .signing_enabled = SMB2_NEGOTIATE_SIGNING_ENABLED | SMB2_NEGOTIATE_SIGNING_REQUIRED, .signing_required = SMB2_NEGOTIATE_SIGNING_REQUIRED, .create_lease_size = sizeof(struct create_lease_v2), + .neg_dialect_cnt = ARRAY_SIZE(smb302_neg_dialects), + .neg_dialects = smb302_neg_dialects, +}; + +__le16 smb311_neg_dialects[] = { + cpu_to_le16(SMB311_PROT_ID), }; struct smb_version_values smb311_values = { @@ -5767,4 +5800,6 @@ struct smb_version_values smb311_values = { .signing_enabled = SMB2_NEGOTIATE_SIGNING_ENABLED | SMB2_NEGOTIATE_SIGNING_REQUIRED, .signing_required = SMB2_NEGOTIATE_SIGNING_REQUIRED, .create_lease_size = sizeof(struct create_lease_v2), + .neg_dialect_cnt = ARRAY_SIZE(smb311_neg_dialects), + .neg_dialects = smb311_neg_dialects, }; diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 223056097b54..482ed480fbc6 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -897,27 +897,10 @@ SMB2_negotiate(const unsigned int xid, memset(server->preauth_sha_hash, 0, SMB2_PREAUTH_HASH_SIZE); memset(ses->preauth_sha_hash, 0, SMB2_PREAUTH_HASH_SIZE); - if (strcmp(server->vals->version_string, - SMB3ANY_VERSION_STRING) == 0) { - req->Dialects[0] = cpu_to_le16(SMB30_PROT_ID); - req->Dialects[1] = cpu_to_le16(SMB302_PROT_ID); - req->Dialects[2] = cpu_to_le16(SMB311_PROT_ID); - req->DialectCount = cpu_to_le16(3); - total_len += 6; - } else if (strcmp(server->vals->version_string, - SMBDEFAULT_VERSION_STRING) == 0) { - req->Dialects[0] = cpu_to_le16(SMB21_PROT_ID); - req->Dialects[1] = cpu_to_le16(SMB30_PROT_ID); - req->Dialects[2] = cpu_to_le16(SMB302_PROT_ID); - req->Dialects[3] = cpu_to_le16(SMB311_PROT_ID); - req->DialectCount = cpu_to_le16(4); - total_len += 8; - } else { - /* otherwise send specific dialect */ - req->Dialects[0] = cpu_to_le16(server->vals->protocol_id); - req->DialectCount = cpu_to_le16(1); - total_len += 2; - } + req->DialectCount = cpu_to_le16(server->vals->neg_dialect_cnt); + memcpy(req->Dialects, server->vals->neg_dialects, + sizeof(__le16) * server->vals->neg_dialect_cnt); + total_len += sizeof(__le16) * server->vals->neg_dialect_cnt; /* only one of SMB2 signing flags may be set in SMB2 request */ if (ses->sign) @@ -1145,34 +1128,11 @@ int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon) else pneg_inbuf->SecurityMode = 0; - - if (strcmp(server->vals->version_string, - SMB3ANY_VERSION_STRING) == 0) { - pneg_inbuf->Dialects[0] = cpu_to_le16(SMB30_PROT_ID); - pneg_inbuf->Dialects[1] = cpu_to_le16(SMB302_PROT_ID); - pneg_inbuf->Dialects[2] = cpu_to_le16(SMB311_PROT_ID); - pneg_inbuf->DialectCount = cpu_to_le16(3); - /* SMB 2.1 not included so subtract one dialect from len */ - inbuflen = sizeof(*pneg_inbuf) - - (sizeof(pneg_inbuf->Dialects[0])); - } else if (strcmp(server->vals->version_string, - SMBDEFAULT_VERSION_STRING) == 0) { - pneg_inbuf->Dialects[0] = cpu_to_le16(SMB21_PROT_ID); - pneg_inbuf->Dialects[1] = cpu_to_le16(SMB30_PROT_ID); - pneg_inbuf->Dialects[2] = cpu_to_le16(SMB302_PROT_ID); - pneg_inbuf->Dialects[3] = cpu_to_le16(SMB311_PROT_ID); - pneg_inbuf->DialectCount = cpu_to_le16(4); - /* structure is big enough for 4 dialects */ - inbuflen = sizeof(*pneg_inbuf); - } else { - /* otherwise specific dialect was requested */ - pneg_inbuf->Dialects[0] = - cpu_to_le16(server->vals->protocol_id); - pneg_inbuf->DialectCount = cpu_to_le16(1); - /* structure is big enough for 4 dialects, sending only 1 */ - inbuflen = sizeof(*pneg_inbuf) - - sizeof(pneg_inbuf->Dialects[0]) * 3; - } + pneg_inbuf->DialectCount = cpu_to_le16(server->vals->neg_dialect_cnt); + memcpy(pneg_inbuf->Dialects, server->vals->neg_dialects, + server->vals->neg_dialect_cnt * sizeof(__le16)); + inbuflen = offsetof(struct validate_negotiate_info_req, Dialects) + + sizeof(pneg_inbuf->Dialects[0]) * server->vals->neg_dialect_cnt; rc = SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID, FSCTL_VALIDATE_NEGOTIATE_INFO, From patchwork Tue Sep 13 10:40:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "zhangxiaoxu (A)" X-Patchwork-Id: 1677199 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2620:137:e000::1:20; helo=out1.vger.email; envelope-from=linux-cifs-owner@vger.kernel.org; receiver=) Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by legolas.ozlabs.org (Postfix) with ESMTP id 4MRdjt2rR6z1ypV for ; Tue, 13 Sep 2022 19:40:18 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231586AbiIMJkO (ORCPT ); Tue, 13 Sep 2022 05:40:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48486 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231671AbiIMJkH (ORCPT ); Tue, 13 Sep 2022 05:40:07 -0400 Received: from dggsgout11.his.huawei.com (unknown [45.249.212.51]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 37EB6EE24 for ; Tue, 13 Sep 2022 02:40:04 -0700 (PDT) Received: from mail02.huawei.com (unknown [172.30.67.143]) by dggsgout11.his.huawei.com (SkyGuard) with ESMTP id 4MRdgR0TvszK63p for ; Tue, 13 Sep 2022 17:38:11 +0800 (CST) Received: from huaweicloud.com (unknown [10.175.104.170]) by APP2 (Coremail) with SMTP id Syh0CgC3VW_uTyBjIj4hAw--.48825S9; Tue, 13 Sep 2022 17:40:03 +0800 (CST) From: Zhang Xiaoxu To: linux-cifs@vger.kernel.org, zhangxiaoxu5@huawei.com, sfrench@samba.org, pc@cjr.nz, lsahlber@redhat.com, sprasad@microsoft.com, rohiths@microsoft.com, smfrench@gmail.com, tom@talpey.com, linkinjeon@kernel.org, hyc.lee@gmail.com Subject: [PATCH v5 5/5] cifs: Refactor dialects in validate_negotiate_info_req to variable array Date: Tue, 13 Sep 2022 18:40:59 +0800 Message-Id: <20220913104059.2545304-6-zhangxiaoxu5@huawei.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220913104059.2545304-1-zhangxiaoxu5@huawei.com> References: <20220913104059.2545304-1-zhangxiaoxu5@huawei.com> MIME-Version: 1.0 X-CM-TRANSID: Syh0CgC3VW_uTyBjIj4hAw--.48825S9 X-Coremail-Antispam: 1UD129KBjvJXoWxAF17tFy7XF43ZFy3GFWDCFg_yoW5AFWxpr 9agFn7GF93Jr4xur18trn8Wa4Ygrn5Wr1jkr4DG34SqF9avr1Uu3ZYy3s8Gw1FkayDAr40 qw4vva12yay5AaDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUPmb4IE77IF4wAFF20E14v26rWj6s0DM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6r1S6rWUM7CIcVAFz4kK6r1j6r18M28IrcIa0xkI8VA2jI8067AKxVWUAV Cq3wA2048vs2IY020Ec7CjxVAFwI0_Xr0E3s1l8cAvFVAK0II2c7xJM28CjxkF64kEwVA0 rcxSw2x7M28EF7xvwVC0I7IYx2IY67AKxVWDJVCq3wA2z4x0Y4vE2Ix0cI8IcVCY1x0267 AKxVW8Jr0_Cr1UM28EF7xvwVC2z280aVAFwI0_GcCE3s1l84ACjcxK6I8E87Iv6xkF7I0E 14v26rxl6s0DM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrVACY4xI64kE6c02F40Ex7 xfMcIj6xIIjxv20xvE14v26r106r15McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x0Y z7v_Jr0_Gr1lF7xvr2IYc2Ij64vIr41lFIxGxcIEc7CjxVA2Y2ka0xkIwI1l42xK82IYc2 Ij64vIr41l42xK82IY64kExVAvwVAq07x20xyl4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2Iq xVAqx4xG67AKxVWUJVWUGwC20s026x8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r 1q6r43MIIYrxkI7VAKI48JMIIF0xvE2Ix0cI8IcVAFwI0_JFI_Gr1lIxAIcVC0I7IYx2IY 6xkF7I0E14v26F4j6r4UJwCI42IY6xAIw20EY4v20xvaj40_Jr0_JF4lIxAIcVC2z280aV AFwI0_Jr0_Gr1lIxAIcVC2z280aVCY1x0267AKxVW8JVW8JrUvcSsGvfC2KfnxnUUI43ZE Xa7IUbX4S5UUUUU== Sender: zhangxiaoxu@huaweicloud.com X-CM-SenderInfo: x2kd0wp0ld053x6k3tpzhluzxrxghudrp/ X-CFilter-Loop: Reflected X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,KHOP_HELO_FCRDNS,MAY_BE_FORGED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org The length of the message FSCTL_VALIDATE_NEGOTIATE_INFO is depends on the count of the dialects, the dialects count is depending on the smb version, so the dialects should be variable array. Signed-off-by: Zhang Xiaoxu --- fs/cifs/smb2pdu.c | 7 ++++--- fs/ksmbd/smb2pdu.c | 5 ++--- fs/smbfs_common/smb2pdu.h | 3 +-- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 482ed480fbc6..70a3fce85e7c 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -1107,7 +1107,10 @@ int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon) if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_NULL) cifs_tcon_dbg(VFS, "Unexpected null user (anonymous) auth flag sent by server\n"); - pneg_inbuf = kmalloc(sizeof(*pneg_inbuf), GFP_NOFS); + inbuflen = sizeof(*pneg_inbuf) + + sizeof(__le16) * server->vals->neg_dialect_cnt; + + pneg_inbuf = kmalloc(inbuflen, GFP_NOFS); if (!pneg_inbuf) return -ENOMEM; @@ -1131,8 +1134,6 @@ int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon) pneg_inbuf->DialectCount = cpu_to_le16(server->vals->neg_dialect_cnt); memcpy(pneg_inbuf->Dialects, server->vals->neg_dialects, server->vals->neg_dialect_cnt * sizeof(__le16)); - inbuflen = offsetof(struct validate_negotiate_info_req, Dialects) + - sizeof(pneg_inbuf->Dialects[0]) * server->vals->neg_dialect_cnt; rc = SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID, FSCTL_VALIDATE_NEGOTIATE_INFO, diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 09ae601e64f9..aa86f31aa2cd 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -7392,7 +7392,7 @@ static int fsctl_validate_negotiate_info(struct ksmbd_conn *conn, int ret = 0; int dialect; - if (in_buf_len < offsetof(struct validate_negotiate_info_req, Dialects) + + if (in_buf_len < sizeof(*neg_req) + le16_to_cpu(neg_req->DialectCount) * sizeof(__le16)) return -EINVAL; @@ -7640,8 +7640,7 @@ int smb2_ioctl(struct ksmbd_work *work) goto out; } - if (in_buf_len < offsetof(struct validate_negotiate_info_req, - Dialects)) { + if (in_buf_len < sizeof(struct validate_negotiate_info_req)) { ret = -EINVAL; goto out; } diff --git a/fs/smbfs_common/smb2pdu.h b/fs/smbfs_common/smb2pdu.h index 2cab413fffee..4780c72e9b3a 100644 --- a/fs/smbfs_common/smb2pdu.h +++ b/fs/smbfs_common/smb2pdu.h @@ -1388,13 +1388,12 @@ struct reparse_symlink_data_buffer { } __packed; /* See MS-FSCC 2.1.2.6 and cifspdu.h for struct reparse_posix_data */ - struct validate_negotiate_info_req { __le32 Capabilities; __u8 Guid[SMB2_CLIENT_GUID_SIZE]; __le16 SecurityMode; __le16 DialectCount; - __le16 Dialects[4]; /* BB expand this if autonegotiate > 4 dialects */ + __le16 Dialects[]; } __packed; struct validate_negotiate_info_rsp {