8e2f6a0e | 24-Sep-2024 |
Namjae Jeon <linkinjeon@kernel.org> |
ksmbd: fix open failure from block and char device file
char/block device file can't be opened with dentry_open() if device driver is not loaded. Use O_PATH flags for fake opening file to handle it
ksmbd: fix open failure from block and char device file
char/block device file can't be opened with dentry_open() if device driver is not loaded. Use O_PATH flags for fake opening file to handle it if file is a block or char file.
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
show more ...
|
d782d6e1 | 23-Sep-2024 |
Namjae Jeon <linkinjeon@kernel.org> |
ksmbd: remove unsafe_memcpy use in session setup
Kees pointed out to just use directly ->Buffer instead of pointing ->Buffer using offset not to use unsafe_memcpy().
Suggested-by: Kees Cook <kees@k
ksmbd: remove unsafe_memcpy use in session setup
Kees pointed out to just use directly ->Buffer instead of pointing ->Buffer using offset not to use unsafe_memcpy().
Suggested-by: Kees Cook <kees@kernel.org> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
show more ...
|
8bb04fb2 | 20-Aug-2024 |
Thorsten Blum <thorsten.blum@toblux.com> |
ksmbd: Replace one-element arrays with flexible-array members
Replace the deprecated one-element arrays with flexible-array members in the structs copychunk_ioctl_req and smb2_ea_info_req.
There ar
ksmbd: Replace one-element arrays with flexible-array members
Replace the deprecated one-element arrays with flexible-array members in the structs copychunk_ioctl_req and smb2_ea_info_req.
There are no binary differences after this conversion.
Link: https://github.com/KSPP/linux/issues/79 Signed-off-by: Thorsten Blum <thorsten.blum@toblux.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
show more ...
|
289ebd9a | 19-Sep-2024 |
Namjae Jeon <linkinjeon@kernel.org> |
ksmbd: fix warning: comparison of distinct pointer types lacks a cast
smb2pdu.c: In function ‘smb2_open’: ./include/linux/minmax.h:20:28: warning: comparison of distinct pointer types lacks a cast
ksmbd: fix warning: comparison of distinct pointer types lacks a cast
smb2pdu.c: In function ‘smb2_open’: ./include/linux/minmax.h:20:28: warning: comparison of distinct pointer types lacks a cast 20 | (!!(sizeof((typeof(x) *)1 == (typeof(y) *)1))) | ^~ ./include/linux/minmax.h:26:4: note: in expansion of macro ‘__typecheck’ 26 | (__typecheck(x, y) && __no_side_effects(x, y)) | ^~~~~~~~~~~ ./include/linux/minmax.h:36:24: note: in expansion of macro ‘__safe_cmp’ 36 | __builtin_choose_expr(__safe_cmp(x, y), \ | ^~~~~~~~~~ ./include/linux/minmax.h:45:19: note: in expansion of macro ‘__careful_cmp’ 45 | #define min(x, y) __careful_cmp(x, y, <) | ^~~~~~~~~~~~~ /home/linkinjeon/git/smbd_work/ksmbd/smb2pdu.c:3713:27: note: in expansion of macro ‘min’ 3713 | fp->durable_timeout = min(dh_info.timeout,
Fixes: c8efcc786146 ("ksmbd: add support for durable handles v1/v2") Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
show more ...
|
c5a709f0 | 08-Sep-2024 |
Namjae Jeon <linkinjeon@kernel.org> |
ksmbd: handle caseless file creation
Ray Zhang reported ksmbd can not create file if parent filename is caseless.
Y:\>mkdir A Y:\>echo 123 >a\b.txt The system cannot find the path specified. Y:\>ec
ksmbd: handle caseless file creation
Ray Zhang reported ksmbd can not create file if parent filename is caseless.
Y:\>mkdir A Y:\>echo 123 >a\b.txt The system cannot find the path specified. Y:\>echo 123 >A\b.txt
This patch convert name obtained by caseless lookup to parent name.
Cc: stable@vger.kernel.org # v5.15+ Reported-by: Ray Zhang <zhanglei002@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
show more ...
|
ca4974ca | 04-Sep-2024 |
Hobin Woo <hobin.woo@samsung.com> |
ksmbd: make __dir_empty() compatible with POSIX
Some file systems may not provide dot (.) and dot-dot (..) as they are optional in POSIX. ksmbd can misjudge emptiness of a directory in those file sy
ksmbd: make __dir_empty() compatible with POSIX
Some file systems may not provide dot (.) and dot-dot (..) as they are optional in POSIX. ksmbd can misjudge emptiness of a directory in those file systems, since it assumes there are always at least two entries: dot and dot-dot. Just don't count dot and dot-dot.
Cc: stable@vger.kernel.org # v6.1+ Signed-off-by: Hobin Woo <hobin.woo@samsung.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
show more ...
|
ee426bfb | 03-Sep-2024 |
Namjae Jeon <linkinjeon@kernel.org> |
ksmbd: add refcnt to ksmbd_conn struct
When sending an oplock break request, opinfo->conn is used, But freed ->conn can be used on multichannel. This patch add a reference count to the ksmbd_conn st
ksmbd: add refcnt to ksmbd_conn struct
When sending an oplock break request, opinfo->conn is used, But freed ->conn can be used on multichannel. This patch add a reference count to the ksmbd_conn struct so that it can be freed when it is no longer used.
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
show more ...
|
844436e0 | 29-Aug-2024 |
Dan Carpenter <dan.carpenter@linaro.org> |
ksmbd: Unlock on in ksmbd_tcp_set_interfaces()
Unlock before returning an error code if this allocation fails.
Fixes: 0626e6641f6b ("cifsd: add server handler for central processing and tranport la
ksmbd: Unlock on in ksmbd_tcp_set_interfaces()
Unlock before returning an error code if this allocation fails.
Fixes: 0626e6641f6b ("cifsd: add server handler for central processing and tranport layers") Cc: stable@vger.kernel.org # v5.15+ Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
show more ...
|
78c5a6f1 | 27-Aug-2024 |
Namjae Jeon <linkinjeon@kernel.org> |
ksmbd: unset the binding mark of a reused connection
Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused con
ksmbd: unset the binding mark of a reused connection
Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding session, conn->binding can still remain true and generate_preauth_hash() will not set sess->Preauth_HashValue and it will be NULL. It is used as a material to create an encryption key in ksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue cause null pointer dereference error from crypto_shash_update().
BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 8 PID: 429254 Comm: kworker/8:39 Hardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 ) Workqueue: ksmbd-io handle_ksmbd_work [ksmbd] RIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] <TASK> ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? do_user_addr_fault+0x2ee/0x6b0 ? exc_page_fault+0x83/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] _sha256_update+0x77/0xa0 [sha256_ssse3] sha256_avx2_update+0x15/0x30 [sha256_ssse3] crypto_shash_update+0x1e/0x40 hmac_update+0x12/0x20 crypto_shash_update+0x1e/0x40 generate_key+0x234/0x380 [ksmbd] generate_smb3encryptionkey+0x40/0x1c0 [ksmbd] ksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd] ntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd] smb2_sess_setup+0x952/0xaa0 [ksmbd] __process_request+0xa3/0x1d0 [ksmbd] __handle_ksmbd_work+0x1c4/0x2f0 [ksmbd] handle_ksmbd_work+0x2d/0xa0 [ksmbd] process_one_work+0x16c/0x350 worker_thread+0x306/0x440 ? __pfx_worker_thread+0x10/0x10 kthread+0xef/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x44/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK>
Fixes: f5a544e3bab7 ("ksmbd: add support for SMB3 multichannel") Cc: stable@vger.kernel.org # v5.15+ Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
show more ...
|
2b7e0573 | 22-Aug-2024 |
ChenXiaoSong <chenxiaosong@kylinos.cn> |
smb/server: update misguided comment of smb2_allocate_rsp_buf()
smb2_allocate_rsp_buf() will return other error code except -ENOMEM.
Signed-off-by: ChenXiaoSong <chenxiaosong@kylinos.cn> Acked-by:
smb/server: update misguided comment of smb2_allocate_rsp_buf()
smb2_allocate_rsp_buf() will return other error code except -ENOMEM.
Signed-off-by: ChenXiaoSong <chenxiaosong@kylinos.cn> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
show more ...
|
0dd771b7 | 22-Aug-2024 |
ChenXiaoSong <chenxiaosong@kylinos.cn> |
smb/server: remove useless assignment of 'file_present' in smb2_open()
The variable is already true here.
Signed-off-by: ChenXiaoSong <chenxiaosong@kylinos.cn> Acked-by: Namjae Jeon <linkinjeon@ker
smb/server: remove useless assignment of 'file_present' in smb2_open()
The variable is already true here.
Signed-off-by: ChenXiaoSong <chenxiaosong@kylinos.cn> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
show more ...
|
4e8771a3 | 22-Aug-2024 |
ChenXiaoSong <chenxiaosong@kylinos.cn> |
smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()
null-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) and parse_lease_state() return NULL.
Fix this by c
smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()
null-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) and parse_lease_state() return NULL.
Fix this by check if 'lease_ctx_info' is NULL.
Additionally, remove the redundant parentheses in parse_durable_handle_context().
Signed-off-by: ChenXiaoSong <chenxiaosong@kylinos.cn> Signed-off-by: Steve French <stfrench@microsoft.com>
show more ...
|
2186a116 | 22-Aug-2024 |
ChenXiaoSong <chenxiaosong@kylinos.cn> |
smb/server: fix return value of smb2_open()
In most error cases, error code is not returned in smb2_open(), __process_request() will not print error message.
Fix this by returning the correct value
smb/server: fix return value of smb2_open()
In most error cases, error code is not returned in smb2_open(), __process_request() will not print error message.
Fix this by returning the correct value at the end of smb2_open().
Signed-off-by: ChenXiaoSong <chenxiaosong@kylinos.cn> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
show more ...
|
ce61b605 | 20-Aug-2024 |
Namjae Jeon <linkinjeon@kernel.org> |
ksmbd: the buffer of smb2 query dir response has at least 1 byte
When STATUS_NO_MORE_FILES status is set to smb2 query dir response, ->StructureSize is set to 9, which mean buffer has 1 byte. This i
ksmbd: the buffer of smb2 query dir response has at least 1 byte
When STATUS_NO_MORE_FILES status is set to smb2 query dir response, ->StructureSize is set to 9, which mean buffer has 1 byte. This issue occurs because ->Buffer[1] in smb2_query_directory_rsp to flex-array.
Fixes: eb3e28c1e89b ("smb3: Replace smb2pdu 1-element arrays with flex-arrays") Cc: stable@vger.kernel.org # v6.1+ Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
show more ...
|
7c525ddd | 16-Aug-2024 |
Thorsten Blum <thorsten.blum@toblux.com> |
ksmbd: Replace one-element arrays with flexible-array members
Replace the deprecated one-element arrays with flexible-array members in the structs filesystem_attribute_info and filesystem_device_inf
ksmbd: Replace one-element arrays with flexible-array members
Replace the deprecated one-element arrays with flexible-array members in the structs filesystem_attribute_info and filesystem_device_info.
There are no binary differences after this conversion.
Link: https://github.com/KSPP/linux/issues/79 Signed-off-by: Thorsten Blum <thorsten.blum@toblux.com> Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
show more ...
|
76e98a15 | 17-Aug-2024 |
Namjae Jeon <linkinjeon@kernel.org> |
ksmbd: fix race condition between destroy_previous_session() and smb2 operations()
If there is ->PreviousSessionId field in the session setup request, The session of the previous connection should b
ksmbd: fix race condition between destroy_previous_session() and smb2 operations()
If there is ->PreviousSessionId field in the session setup request, The session of the previous connection should be destroyed. During this, if the smb2 operation requests in the previous session are being processed, a racy issue could happen with ksmbd_destroy_file_table(). This patch sets conn->status to KSMBD_SESS_NEED_RECONNECT to block incoming operations and waits until on-going operations are complete (i.e. idle) before desctorying the previous session.
Fixes: c8efcc786146 ("ksmbd: add support for durable handles v1/v2") Cc: stable@vger.kernel.org # v6.6+ Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-25040 Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
show more ...
|
f6bd4128 | 05-Aug-2024 |
Namjae Jeon <linkinjeon@kernel.org> |
ksmbd: override fsids for smb2_query_info()
Sangsoo reported that a DAC denial error occurred when accessing files through the ksmbd thread. This patch override fsids for smb2_query_info().
Reporte
ksmbd: override fsids for smb2_query_info()
Sangsoo reported that a DAC denial error occurred when accessing files through the ksmbd thread. This patch override fsids for smb2_query_info().
Reported-by: Sangsoo Lee <constant.lee@samsung.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
show more ...
|