From patchwork Fri May 5 15:11:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Namjae Jeon X-Patchwork-Id: 1777652 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2620:137:e000::1:20; helo=out1.vger.email; envelope-from=linux-cifs-owner@vger.kernel.org; receiver=) Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by legolas.ozlabs.org (Postfix) with ESMTP id 4QCZ063RNLz213r for ; Sat, 6 May 2023 01:11:33 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231987AbjEEPL3 (ORCPT ); Fri, 5 May 2023 11:11:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47410 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231686AbjEEPL3 (ORCPT ); Fri, 5 May 2023 11:11:29 -0400 Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8B4C72722 for ; Fri, 5 May 2023 08:11:28 -0700 (PDT) Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-1ab1b79d3a7so12820145ad.3 for ; Fri, 05 May 2023 08:11:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683299488; x=1685891488; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=uyQl8GszF4qIx3gXTjoyJRAZVJDr5tKMtNpsSU0My9w=; b=VAja3Y78oap63/OsVQ/gRy+ZHRt6Yt2uQw0kiIF48RjWeAloAXl2aDXwCE/stJLTx7 SeeNyb8KuNcugH4fHsohsfvuqL/ssbqqcGsepakvNLSPcgETGWrlUxHQSNQlmQlPPOpQ pChMJfSJCkGGcfLyZIP4xUR8WpQVP97g8ovnUjCg0x/qylJyGYAzk72F6orVsMQOuvba xrTgPQtGbMnob4VHcOlHTBxeQwHoFqhNKTZAqTi04MIaPoHTzay2Cy2pKc/u9rqIKxvb hRqGLl6LxXdNHldtAhtCbyZDYbAgcTKw2HDeXAI5zyv+Jrr3xbM2XaiASAZhlLgeGEVq R1Cg== X-Gm-Message-State: AC+VfDzpixq2lq7AvgkkuoMWqxctuE2J1045A8sq0beULp0c2haJHaVN anTfOBHuld8TjkLaGCEAjEqkGmUx07k= X-Google-Smtp-Source: ACHHUZ5V0P1s7zCp2TUo/cVZaULn5X4KeYhb7J7MSgoFvRIWi2zRp5v+cnrzGdsS+C6XFJBuZv1HFA== X-Received: by 2002:a17:902:ce8d:b0:1aa:fc8c:8f1f with SMTP id f13-20020a170902ce8d00b001aafc8c8f1fmr1971641plg.50.1683299487722; Fri, 05 May 2023 08:11:27 -0700 (PDT) Received: from localhost.localdomain ([211.49.23.9]) by smtp.gmail.com with ESMTPSA id o4-20020a170902d4c400b001a2135e7eabsm1950898plg.16.2023.05.05.08.11.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 May 2023 08:11:27 -0700 (PDT) From: Namjae Jeon To: linux-cifs@vger.kernel.org Cc: smfrench@gmail.com, senozhatsky@chromium.org, tom@talpey.com, atteh.mailbox@gmail.com, Namjae Jeon , Pumpkin Subject: [PATCH 1/6] ksmbd: fix global-out-of-bounds in smb2_find_context_vals Date: Sat, 6 May 2023 00:11:03 +0900 Message-Id: <20230505151108.5911-1-linkinjeon@kernel.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org From: Pumpkin If the length of CreateContext name is larger than the tag, it will access the data following the tag and trigger KASAN global-out-of-bounds. Currently all CreateContext names are defined as string, so we can use strcmp instead of memcmp to avoid the out-of-bound access. [ 7.995411] ================================================================== [ 7.995866] BUG: KASAN: global-out-of-bounds in memcmp+0x83/0xa0 [ 7.996248] Read of size 8 at addr ffffffff8258d940 by task kworker/0:0/7 ... [ 7.998191] Call Trace: [ 7.998358] [ 7.998503] dump_stack_lvl+0x33/0x50 [ 7.998743] print_report+0xcc/0x620 [ 7.999458] kasan_report+0xae/0xe0 [ 7.999895] kasan_check_range+0x35/0x1b0 [ 8.000152] memcmp+0x83/0xa0 [ 8.000347] smb2_find_context_vals+0xf7/0x1e0 [ 8.000635] smb2_open+0x1df2/0x43a0 [ 8.006398] handle_ksmbd_work+0x274/0x810 [ 8.006666] process_one_work+0x419/0x760 [ 8.006922] worker_thread+0x2a2/0x6f0 [ 8.007429] kthread+0x160/0x190 [ 8.007946] ret_from_fork+0x1f/0x30 [ 8.008181] Signed-off-by: Pumpkin Signed-off-by: Namjae Jeon --- fs/ksmbd/oplock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ksmbd/oplock.c b/fs/ksmbd/oplock.c index 2e54ded4d92c..5e09834016bb 100644 --- a/fs/ksmbd/oplock.c +++ b/fs/ksmbd/oplock.c @@ -1492,7 +1492,7 @@ struct create_context *smb2_find_context_vals(void *open_req, const char *tag) return ERR_PTR(-EINVAL); name = (char *)cc + name_off; - if (memcmp(name, tag, name_len) == 0) + if (!strcmp(name, tag)) return cc; remain_len -= next; From patchwork Fri May 5 15:11:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Namjae Jeon X-Patchwork-Id: 1777653 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2620:137:e000::1:20; helo=out1.vger.email; envelope-from=linux-cifs-owner@vger.kernel.org; receiver=) Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by legolas.ozlabs.org (Postfix) with ESMTP id 4QCZ066Vrkz214J for ; Sat, 6 May 2023 01:11:34 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232033AbjEEPLd (ORCPT ); Fri, 5 May 2023 11:11:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47422 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231686AbjEEPLc (ORCPT ); Fri, 5 May 2023 11:11:32 -0400 Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 01C7E2719 for ; Fri, 5 May 2023 08:11:32 -0700 (PDT) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-1aaf7067647so12931375ad.0 for ; Fri, 05 May 2023 08:11:31 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683299491; x=1685891491; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IUt2rEYpR6+/BQaN734mLnNH678//hSLjEdufO3SP0k=; b=iMqzP+Z5AlSagIQp5labq9B7zS3nHtLGNb9m45XDSk/DfcaZ//CUbeFijQh5bRW+W9 HHgUfH/nuj7BXOizeiKt1YTxZmHcTSvuZFCDQtw4iH0gzwmhTXpSNej9ghhz2mKsa2JV KYGxU/xOJcR5sZwHXGKb5ucPwtAi4ClOPowdkzBEIRS5L807ILtre/4BAqatG34U/Bn8 UHZ1qRFr92FfyQvSBPVVlDzHVkMiBhdqaYP4xJ7zyqn0TLriu/YfAU1LynN/YyXJ3rLa tf/OL16mexNoiznJ30vzNGH5l62qYtkx0V1BX7hm2jE+4ZN7GxxUWdVMs04A3GgPI2OY 1aJQ== X-Gm-Message-State: AC+VfDzzNNFa1Bpcm4Gtgdhv4fvm568SsQln3dK6dKZpgHZXndwRPW0B yDcEicjiQhgJVn56CsgBHXaA/IJNbWE= X-Google-Smtp-Source: ACHHUZ7y9myTbDU8U8Mr4HtVo9Q8LY1QRNehDcjW4BadfTDYKCQdYknlci45SJTBNn6vbxylaciuWA== X-Received: by 2002:a17:902:d505:b0:1ab:1351:979e with SMTP id b5-20020a170902d50500b001ab1351979emr2263267plg.10.1683299490987; Fri, 05 May 2023 08:11:30 -0700 (PDT) Received: from localhost.localdomain ([211.49.23.9]) by smtp.gmail.com with ESMTPSA id o4-20020a170902d4c400b001a2135e7eabsm1950898plg.16.2023.05.05.08.11.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 May 2023 08:11:30 -0700 (PDT) From: Namjae Jeon To: linux-cifs@vger.kernel.org Cc: smfrench@gmail.com, senozhatsky@chromium.org, tom@talpey.com, atteh.mailbox@gmail.com, Namjae Jeon , Pumpkin Subject: [PATCH 2/6] ksmbd: fix wrong UserName check in session_user Date: Sat, 6 May 2023 00:11:04 +0900 Message-Id: <20230505151108.5911-2-linkinjeon@kernel.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230505151108.5911-1-linkinjeon@kernel.org> References: <20230505151108.5911-1-linkinjeon@kernel.org> MIME-Version: 1.0 X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org From: Pumpkin The offset of UserName is related to the address of security buffer. To ensure the validaty of UserName, we need to compare name_off + name_len with secbuf_len instead of auth_msg_len. [ 27.096243] ================================================================== [ 27.096890] BUG: KASAN: slab-out-of-bounds in smb_strndup_from_utf16+0x188/0x350 [ 27.097609] Read of size 2 at addr ffff888005e3b542 by task kworker/0:0/7 ... [ 27.099950] Call Trace: [ 27.100194] [ 27.100397] dump_stack_lvl+0x33/0x50 [ 27.100752] print_report+0xcc/0x620 [ 27.102305] kasan_report+0xae/0xe0 [ 27.103072] kasan_check_range+0x35/0x1b0 [ 27.103757] smb_strndup_from_utf16+0x188/0x350 [ 27.105474] smb2_sess_setup+0xaf8/0x19c0 [ 27.107935] handle_ksmbd_work+0x274/0x810 [ 27.108315] process_one_work+0x419/0x760 [ 27.108689] worker_thread+0x2a2/0x6f0 [ 27.109385] kthread+0x160/0x190 [ 27.110129] ret_from_fork+0x1f/0x30 [ 27.110454] Signed-off-by: Pumpkin Signed-off-by: Namjae Jeon --- fs/ksmbd/smb2pdu.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index cb93fd231f4e..8de8afd473ae 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -1356,7 +1356,7 @@ static struct ksmbd_user *session_user(struct ksmbd_conn *conn, struct authenticate_message *authblob; struct ksmbd_user *user; char *name; - unsigned int auth_msg_len, name_off, name_len, secbuf_len; + unsigned int name_off, name_len, secbuf_len; secbuf_len = le16_to_cpu(req->SecurityBufferLength); if (secbuf_len < sizeof(struct authenticate_message)) { @@ -1366,9 +1366,8 @@ static struct ksmbd_user *session_user(struct ksmbd_conn *conn, authblob = user_authblob(conn, req); name_off = le32_to_cpu(authblob->UserName.BufferOffset); name_len = le16_to_cpu(authblob->UserName.Length); - auth_msg_len = le16_to_cpu(req->SecurityBufferOffset) + secbuf_len; - if (auth_msg_len < (u64)name_off + name_len) + if (secbuf_len < (u64)name_off + name_len) return NULL; name = smb_strndup_from_utf16((const char *)authblob + name_off, From patchwork Fri May 5 15:11:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Namjae Jeon X-Patchwork-Id: 1777654 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2620:137:e000::1:20; helo=out1.vger.email; envelope-from=linux-cifs-owner@vger.kernel.org; receiver=) Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by legolas.ozlabs.org (Postfix) with ESMTP id 4QCZ0968Kqz213r for ; Sat, 6 May 2023 01:11:37 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232213AbjEEPLg (ORCPT ); Fri, 5 May 2023 11:11:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47436 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231686AbjEEPLf (ORCPT ); Fri, 5 May 2023 11:11:35 -0400 Received: from mail-pg1-f175.google.com (mail-pg1-f175.google.com [209.85.215.175]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 15B4B6EB5 for ; Fri, 5 May 2023 08:11:35 -0700 (PDT) Received: by mail-pg1-f175.google.com with SMTP id 41be03b00d2f7-51b4ef5378bso1666146a12.1 for ; Fri, 05 May 2023 08:11:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683299494; x=1685891494; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=H/CdgG7gn6PUq2E/FvriiLf3vI1YTBomKC3uP2GmAzQ=; b=EfxwYM9UwSBSLYuWt7JQEVCpkkEcTnwSQLGwQdUMh79pFO8o3GG79U+YjVLgPTIkjF uBMd0GTpwNYPm0gIDuQRuKZK8/m7Liujcv5d1dkE+myfMZxLeFcDFfDPcK6ixM3F2kZB +eV11X67hIBWKYLvhh1zJcw0r7Lqhj1GmU5h7F0Yc1XmpulFkhML7Zu3teou/iL6e7+0 I1jwrm9OgsguRAshlUf22yfYhAoJbY7D6sE0ikbYoQPV9x82L3rx3iNNr2FaDupxaEWw vpoaaGQQo7tq6fkjmJafpzaqyUTWX9myO42gEdcR9Gx69v9N9osp6ELGIYPQEnMSOJOk ArCQ== X-Gm-Message-State: AC+VfDyVp/6xWvrGNk50hdzPQVgGtJy3c13fJhiI9Epjziu14lqjKtou wNmjBhRNwn5weguaps27cgg6rpo0zdw= X-Google-Smtp-Source: ACHHUZ6rPLbBgrJe80/455lSpnvSLn1PFUnN+Wuj6aZa97EYbMd5qAzvumBxAtvocsWVcd99TGKi+g== X-Received: by 2002:a17:902:f7d3:b0:1a6:dfb3:5f4b with SMTP id h19-20020a170902f7d300b001a6dfb35f4bmr1553096plw.55.1683299494050; Fri, 05 May 2023 08:11:34 -0700 (PDT) Received: from localhost.localdomain ([211.49.23.9]) by smtp.gmail.com with ESMTPSA id o4-20020a170902d4c400b001a2135e7eabsm1950898plg.16.2023.05.05.08.11.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 May 2023 08:11:33 -0700 (PDT) From: Namjae Jeon To: linux-cifs@vger.kernel.org Cc: smfrench@gmail.com, senozhatsky@chromium.org, tom@talpey.com, atteh.mailbox@gmail.com, Namjae Jeon , Pumpkin Subject: [PATCH 3/6] ksmbd: allocate one more byte for implied bcc[0] Date: Sat, 6 May 2023 00:11:05 +0900 Message-Id: <20230505151108.5911-3-linkinjeon@kernel.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230505151108.5911-1-linkinjeon@kernel.org> References: <20230505151108.5911-1-linkinjeon@kernel.org> MIME-Version: 1.0 X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org From: Pumpkin ksmbd_smb2_check_message allows client to return one byte more, so we need to allocate additional memory in ksmbd_conn_handler_loop to avoid out-of-bound access. Signed-off-by: Pumpkin Signed-off-by: Namjae Jeon --- fs/ksmbd/connection.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/ksmbd/connection.c b/fs/ksmbd/connection.c index 4ed379f9b1aa..4882a812ea86 100644 --- a/fs/ksmbd/connection.c +++ b/fs/ksmbd/connection.c @@ -351,7 +351,8 @@ int ksmbd_conn_handler_loop(void *p) break; /* 4 for rfc1002 length field */ - size = pdu_size + 4; + /* 1 for implied bcc[0] */ + size = pdu_size + 4 + 1; conn->request_buf = kvmalloc(size, GFP_KERNEL); if (!conn->request_buf) break; From patchwork Fri May 5 15:11:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Namjae Jeon X-Patchwork-Id: 1777655 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2620:137:e000::1:20; helo=out1.vger.email; envelope-from=linux-cifs-owner@vger.kernel.org; receiver=) Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by legolas.ozlabs.org (Postfix) with ESMTP id 4QCZ0F3LM7z213r for ; Sat, 6 May 2023 01:11:41 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231686AbjEEPLk (ORCPT ); Fri, 5 May 2023 11:11:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47460 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232122AbjEEPLj (ORCPT ); Fri, 5 May 2023 11:11:39 -0400 Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 13E482722 for ; Fri, 5 May 2023 08:11:38 -0700 (PDT) Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-1ab14cb3aaeso13485755ad.2 for ; Fri, 05 May 2023 08:11:38 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683299497; x=1685891497; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WV5ybtRR3ORMkRDjTYyyT1UGlYuJ3V24X2JTsvfRzyg=; b=WQ3gCyC30+EnHkKc2ZHH/mXop9qnyJnbv1IKEvctINENhDBSLscT+chp+zFxsiGyc2 UtSQeM96A0msPbV2xuZutJqaobewSm+HJoCTCRa6GApJSYlnMOw7I+PDdkKgzLHVtClK Zr2XkifxRln2RF2qvOQo9PZ/CXbzin4qsBb0VPzj5t8hNjeFPRdg3Wm+G3GpAltTXkTI MfoSHhndNWaz/xm98i1l7/P/8RNToVG2L+DiVq8/21EMc/LdWOayUhA8GAcrFltOg4c3 8fsM+bQmULCoZPBLe1yQTaMPFIqv/z/PIx7pxWtWURHnaJyWWc+7ceto1TYBp1q0PVoK KX8Q== X-Gm-Message-State: AC+VfDxf1VBIgJwA1YOuTEhMsUKgtI6+37HI2WVIw9kaZBS1rYkwfsOC WDqDGnVjs8TgSHl9K/BZifTQReUeSkI= X-Google-Smtp-Source: ACHHUZ7XJMHEGm817fvZi59rCnSu3PiypVdUYjyascZ35OVwIDuiXcPlwr90w3/QFcK2of3k/LtdzA== X-Received: by 2002:a17:902:ab94:b0:1ab:1cf:5a56 with SMTP id f20-20020a170902ab9400b001ab01cf5a56mr1560772plr.22.1683299497045; Fri, 05 May 2023 08:11:37 -0700 (PDT) Received: from localhost.localdomain ([211.49.23.9]) by smtp.gmail.com with ESMTPSA id o4-20020a170902d4c400b001a2135e7eabsm1950898plg.16.2023.05.05.08.11.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 May 2023 08:11:36 -0700 (PDT) From: Namjae Jeon To: linux-cifs@vger.kernel.org Cc: smfrench@gmail.com, senozhatsky@chromium.org, tom@talpey.com, atteh.mailbox@gmail.com, Namjae Jeon , Gustav Johansson Subject: [PATCH 4/6] ksmbd: smb2: Allow messages padded to 8byte boundary Date: Sat, 6 May 2023 00:11:06 +0900 Message-Id: <20230505151108.5911-4-linkinjeon@kernel.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230505151108.5911-1-linkinjeon@kernel.org> References: <20230505151108.5911-1-linkinjeon@kernel.org> MIME-Version: 1.0 X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org From: Gustav Johansson clc length is now accepted to <= 8 less than length, rather than < 8. Solve issues on some of Axis's smb clients which send messages where clc length is 8 bytes less than length. The specific client was running kernel 4.19.217 with smb dialect 3.0.2 on armv7l. Signed-off-by: Gustav Johansson Signed-off-by: Namjae Jeon --- fs/ksmbd/smb2misc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c index fbdde426dd01..0ffe663b7590 100644 --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -416,8 +416,11 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) /* * Allow a message that padded to 8byte boundary. + * Linux 4.19.217 with smb 3.0.2 are sometimes + * sending messages where the cls_len is exactly + * 8 bytes less than len. */ - if (clc_len < len && (len - clc_len) < 8) + if (clc_len < len && (len - clc_len) <= 8) goto validate_credit; pr_err_ratelimited( From patchwork Fri May 5 15:11:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Namjae Jeon X-Patchwork-Id: 1777656 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2620:137:e000::1:20; helo=out1.vger.email; envelope-from=linux-cifs-owner@vger.kernel.org; receiver=) Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by legolas.ozlabs.org (Postfix) with ESMTP id 4QCZ0J3jLvz213r for ; Sat, 6 May 2023 01:11:44 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232420AbjEEPLn (ORCPT ); Fri, 5 May 2023 11:11:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47470 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232122AbjEEPLl (ORCPT ); Fri, 5 May 2023 11:11:41 -0400 Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9F6D81BCA for ; Fri, 5 May 2023 08:11:40 -0700 (PDT) Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-64115eef620so20304506b3a.1 for ; Fri, 05 May 2023 08:11:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683299500; x=1685891500; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8DXrSaE6zOPFKBmuperzy90vB6D7jP30vHLQQ+YPNwU=; b=eX8VHuugCeXWwJ7Pjsdc0BFefTOehaRWKwsxZQJ94sxTgwqq6x+PzSR4P7av2X9h04 Xf1Vp1+MBVB9tDEiXYRbUglXjJX1ZbypEpNLbHgpTrP8cFqwnZW66jnYjtGmNLPyOUMi /vd8k4D3tpHrIghs/0gz5x0nJ8IT9aVbUY+Eob/BOmW/IvD9p92rgeOvDDnZOMMQ+9Ti XY33cPaAC5OsehMZjfTCqeNUgzYpE4TAKUoil9NAKWNgWqczlETjVFjQd41PDDIBj7IX 5N5BmVD073HfI1dFam5zmUwe6dyDnNNvTADmGFssixaV8Kj/dnp+V+IKRB9DIE2A9y+f 9Prg== X-Gm-Message-State: AC+VfDx0yrk9H1o/RhLYqQF3maMBR/q9ORwcVs0C5ZGFKlZvJGCwYCqS xpjMkW4EMKRDNp9yuFFfkn6mHY9qs3A= X-Google-Smtp-Source: ACHHUZ6/MkjJBr1Id9+72OG97xdU+HBISKXqy2TCjor3TjdyD8iI2569/fCyHafL7j+BWryFpw5+Ag== X-Received: by 2002:a17:90b:1e51:b0:24e:d06:6912 with SMTP id pi17-20020a17090b1e5100b0024e0d066912mr2397630pjb.18.1683299499879; Fri, 05 May 2023 08:11:39 -0700 (PDT) Received: from localhost.localdomain ([211.49.23.9]) by smtp.gmail.com with ESMTPSA id o4-20020a170902d4c400b001a2135e7eabsm1950898plg.16.2023.05.05.08.11.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 May 2023 08:11:39 -0700 (PDT) From: Namjae Jeon To: linux-cifs@vger.kernel.org Cc: smfrench@gmail.com, senozhatsky@chromium.org, tom@talpey.com, atteh.mailbox@gmail.com, Namjae Jeon Subject: [PATCH 5/6] ksmbd: remove unused ksmbd_tree_conn_share function Date: Sat, 6 May 2023 00:11:07 +0900 Message-Id: <20230505151108.5911-5-linkinjeon@kernel.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230505151108.5911-1-linkinjeon@kernel.org> References: <20230505151108.5911-1-linkinjeon@kernel.org> MIME-Version: 1.0 X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org Remove unused ksmbd_tree_conn_share function. Signed-off-by: Namjae Jeon Reviewed-by: Sergey Senozhatsky --- fs/ksmbd/mgmt/tree_connect.c | 11 ----------- fs/ksmbd/mgmt/tree_connect.h | 3 --- 2 files changed, 14 deletions(-) diff --git a/fs/ksmbd/mgmt/tree_connect.c b/fs/ksmbd/mgmt/tree_connect.c index f07a05f37651..408cddf2f094 100644 --- a/fs/ksmbd/mgmt/tree_connect.c +++ b/fs/ksmbd/mgmt/tree_connect.c @@ -120,17 +120,6 @@ struct ksmbd_tree_connect *ksmbd_tree_conn_lookup(struct ksmbd_session *sess, return tcon; } -struct ksmbd_share_config *ksmbd_tree_conn_share(struct ksmbd_session *sess, - unsigned int id) -{ - struct ksmbd_tree_connect *tc; - - tc = ksmbd_tree_conn_lookup(sess, id); - if (tc) - return tc->share_conf; - return NULL; -} - int ksmbd_tree_conn_session_logoff(struct ksmbd_session *sess) { int ret = 0; diff --git a/fs/ksmbd/mgmt/tree_connect.h b/fs/ksmbd/mgmt/tree_connect.h index 700df36cf3e3..562d647ad9fa 100644 --- a/fs/ksmbd/mgmt/tree_connect.h +++ b/fs/ksmbd/mgmt/tree_connect.h @@ -53,9 +53,6 @@ int ksmbd_tree_conn_disconnect(struct ksmbd_session *sess, struct ksmbd_tree_connect *ksmbd_tree_conn_lookup(struct ksmbd_session *sess, unsigned int id); -struct ksmbd_share_config *ksmbd_tree_conn_share(struct ksmbd_session *sess, - unsigned int id); - int ksmbd_tree_conn_session_logoff(struct ksmbd_session *sess); #endif /* __TREE_CONNECT_MANAGEMENT_H__ */ From patchwork Fri May 5 15:11:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Namjae Jeon X-Patchwork-Id: 1777657 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2620:137:e000::1:20; helo=out1.vger.email; envelope-from=linux-cifs-owner@vger.kernel.org; receiver=) Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by legolas.ozlabs.org (Postfix) with ESMTP id 4QCZ0L3hTjz213r for ; Sat, 6 May 2023 01:11:46 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232229AbjEEPLp (ORCPT ); Fri, 5 May 2023 11:11:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47486 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232122AbjEEPLo (ORCPT ); Fri, 5 May 2023 11:11:44 -0400 Received: from mail-pg1-f175.google.com (mail-pg1-f175.google.com [209.85.215.175]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BDB186EB5 for ; Fri, 5 May 2023 08:11:43 -0700 (PDT) Received: by mail-pg1-f175.google.com with SMTP id 41be03b00d2f7-5191796a483so1325453a12.0 for ; Fri, 05 May 2023 08:11:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683299503; x=1685891503; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qOXPjqvMMoAafjBIsNZ3V+vTfWMMSzGigeANy4HIEwE=; b=Vg/LR4dsHwo4wwG5DD8k0MWpRJNXPbvKHpy984vWyF8BNhlNob1eYOlrb03/2Quxn6 ay2N7zy8O5Qp4D17+B0CElg9zUdOslaE+9SYnCZoG6FEbtDQcm7dgm9zXIXPn8v4zAik 3glKwk4crKOSkhAFQG3/WNpFGD6uxQE9n02oaUSzjl42wRmX6FUmBhuWECj6qxrYkt0G O8jCQpK0gXhevaE83Kqyfr5ERSuDp1jC1QWawLidM5AnT1jxngoj3epbcoVUOlUUs1qg rKw8KDfwWe4Q05AlsrOpIhBKNggD5qOFPq95kNx+H4YHf5fEty43akNjptLclIxmCvJy zlag== X-Gm-Message-State: AC+VfDyvmJBdeIQFaEfWDpCpuA96M9qJG0TerwvcgNfVwxKgVkHgQo7D ox66EeDGMV0P3SCRjIFj5NdXiGZamxM= X-Google-Smtp-Source: ACHHUZ7ih3k9/U4McizhdoPmKthf5ZUraZt6rrqiuAh64OD9XGeXg3D3/rwfuIOmK4ydO3qvfXNrFQ== X-Received: by 2002:a17:902:e850:b0:1aa:e5e9:6769 with SMTP id t16-20020a170902e85000b001aae5e96769mr2214028plg.23.1683299503003; Fri, 05 May 2023 08:11:43 -0700 (PDT) Received: from localhost.localdomain ([211.49.23.9]) by smtp.gmail.com with ESMTPSA id o4-20020a170902d4c400b001a2135e7eabsm1950898plg.16.2023.05.05.08.11.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 May 2023 08:11:42 -0700 (PDT) From: Namjae Jeon To: linux-cifs@vger.kernel.org Cc: smfrench@gmail.com, senozhatsky@chromium.org, tom@talpey.com, atteh.mailbox@gmail.com, Namjae Jeon , Dan Carpenter Subject: [PATCH 6/6] ksmbd: use kzalloc() instead of __GFP_ZERO Date: Sat, 6 May 2023 00:11:08 +0900 Message-Id: <20230505151108.5911-6-linkinjeon@kernel.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230505151108.5911-1-linkinjeon@kernel.org> References: <20230505151108.5911-1-linkinjeon@kernel.org> MIME-Version: 1.0 X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org Use kzalloc() instead of __GFP_ZERO. Reported-by: Dan Carpenter Signed-off-by: Namjae Jeon Reviewed-by: Sergey Senozhatsky --- fs/ksmbd/smb_common.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ksmbd/smb_common.c b/fs/ksmbd/smb_common.c index af0c2a9b8529..c6e4d38319df 100644 --- a/fs/ksmbd/smb_common.c +++ b/fs/ksmbd/smb_common.c @@ -347,8 +347,8 @@ static int smb1_check_user_session(struct ksmbd_work *work) */ static int smb1_allocate_rsp_buf(struct ksmbd_work *work) { - work->response_buf = kmalloc(MAX_CIFS_SMALL_BUFFER_SIZE, - GFP_KERNEL | __GFP_ZERO); + work->response_buf = kzalloc(MAX_CIFS_SMALL_BUFFER_SIZE, + GFP_KERNEL); work->response_sz = MAX_CIFS_SMALL_BUFFER_SIZE; if (!work->response_buf) {