Merge tag '6.4-rc5-smb3-server-fixes' of git://git.samba.org/ksmbd (65d7ca59) · Commits · EulixOS / Software / Kernel

fs/smb/server/connection.c

+15 −2

Original line number	Diff line number	Diff line
		@@ -294,6 +294,9 @@ bool ksmbd_conn_alive(struct ksmbd_conn *conn)
		return true;
		}

		#define SMB1_MIN_SUPPORTED_HEADER_SIZE (sizeof(struct smb_hdr))
		#define SMB2_MIN_SUPPORTED_HEADER_SIZE (sizeof(struct smb2_hdr) + 4)

		/**
		* ksmbd_conn_handler_loop() - session thread to listen on new smb requests
		* @p: connection instance
		@@ -350,6 +353,9 @@ int ksmbd_conn_handler_loop(void *p)
		if (pdu_size > MAX_STREAM_PROT_LEN)
		break;

		if (pdu_size < SMB1_MIN_SUPPORTED_HEADER_SIZE)
		break;

		/* 4 for rfc1002 length field */
		/* 1 for implied bcc[0] */
		size = pdu_size + 4 + 1;
		@@ -358,8 +364,6 @@ int ksmbd_conn_handler_loop(void *p)
		break;

		memcpy(conn->request_buf, hdr_buf, sizeof(hdr_buf));
		if (!ksmbd_smb_request(conn))
		break;

		/*
		* We already read 4 bytes to find out PDU size, now
		@@ -377,6 +381,15 @@ int ksmbd_conn_handler_loop(void *p)
		continue;
		}

		if (!ksmbd_smb_request(conn))
		break;

		if (((struct smb2_hdr *)smb2_get_msg(conn->request_buf))->ProtocolId ==
		SMB2_PROTO_NUMBER) {
		if (pdu_size < SMB2_MIN_SUPPORTED_HEADER_SIZE)
		break;
		}

		if (!default_conn_ops.process_fn) {
		pr_err("No connection request callback\n");
		break;

+24 −42

Original line number	Diff line number	Diff line
		@@ -1415,32 +1415,18 @@ void create_lease_buf(u8 rbuf, struct lease lease)
		*/
		struct lease_ctx_info parse_lease_state(void open_req)
		{
		char *data_offset;
		struct create_context *cc;
		unsigned int next = 0;
		char *name;
		bool found = false;
		struct smb2_create_req req = (struct smb2_create_req )open_req;
		struct lease_ctx_info *lreq = kzalloc(sizeof(struct lease_ctx_info),
		GFP_KERNEL);
		if (!lreq)
		struct lease_ctx_info *lreq;

		cc = smb2_find_context_vals(req, SMB2_CREATE_REQUEST_LEASE, 4);
		if (IS_ERR_OR_NULL(cc))
		return NULL;

		data_offset = (char *)req + le32_to_cpu(req->CreateContextsOffset);
		cc = (struct create_context *)data_offset;
		do {
		cc = (struct create_context )((char )cc + next);
		name = le16_to_cpu(cc->NameOffset) + (char *)cc;
		if (le16_to_cpu(cc->NameLength) != 4 \|\|
		strncmp(name, SMB2_CREATE_REQUEST_LEASE, 4)) {
		next = le32_to_cpu(cc->Next);
		continue;
		}
		found = true;
		break;
		} while (next != 0);
		lreq = kzalloc(sizeof(struct lease_ctx_info), GFP_KERNEL);
		if (!lreq)
		return NULL;

		if (found) {
		if (sizeof(struct lease_context_v2) == le32_to_cpu(cc->DataLength)) {
		struct create_lease_v2 lc = (struct create_lease_v2 )cc;

		@@ -1463,10 +1449,6 @@ struct lease_ctx_info parse_lease_state(void open_req)
		return lreq;
		}

		kfree(lreq);
		return NULL;
		}

		/**
		* smb2_find_context_vals() - find a particular context info in open request
		* @open_req: buffer containing smb2 file open(create) request

+6 −7

Original line number	Diff line number	Diff line
		@@ -963,13 +963,13 @@ static void decode_sign_cap_ctxt(struct ksmbd_conn *conn,

		static __le32 deassemble_neg_contexts(struct ksmbd_conn *conn,
		struct smb2_negotiate_req *req,
		int len_of_smb)
		unsigned int len_of_smb)
		{
		/* +4 is to account for the RFC1001 len field */
		struct smb2_neg_context pctx = (struct smb2_neg_context )req;
		int i = 0, len_of_ctxts;
		int offset = le32_to_cpu(req->NegotiateContextOffset);
		int neg_ctxt_cnt = le16_to_cpu(req->NegotiateContextCount);
		unsigned int offset = le32_to_cpu(req->NegotiateContextOffset);
		unsigned int neg_ctxt_cnt = le16_to_cpu(req->NegotiateContextCount);
		__le32 status = STATUS_INVALID_PARAMETER;

		ksmbd_debug(SMB, "decoding %d negotiate contexts\n", neg_ctxt_cnt);
		@@ -983,7 +983,7 @@ static __le32 deassemble_neg_contexts(struct ksmbd_conn *conn,
		while (i++ < neg_ctxt_cnt) {
		int clen, ctxt_len;

		if (len_of_ctxts < sizeof(struct smb2_neg_context))
		if (len_of_ctxts < (int)sizeof(struct smb2_neg_context))
		break;

		pctx = (struct smb2_neg_context )((char )pctx + offset);
		@@ -1038,9 +1038,8 @@ static __le32 deassemble_neg_contexts(struct ksmbd_conn *conn,
		}

		/* offsets must be 8 byte aligned */
		clen = (clen + 7) & ~0x7;
		offset = clen + sizeof(struct smb2_neg_context);
		len_of_ctxts -= clen + sizeof(struct smb2_neg_context);
		offset = (ctxt_len + 7) & ~0x7;
		len_of_ctxts -= offset;
		}
		return status;
		}

+13 −1

Original line number	Diff line number	Diff line
		@@ -158,7 +158,19 @@ int ksmbd_verify_smb_message(struct ksmbd_work *work)
		*/
		bool ksmbd_smb_request(struct ksmbd_conn *conn)
		{
		return conn->request_buf[0] == 0;
		__le32 proto = (__le32 )smb2_get_msg(conn->request_buf);

		if (*proto == SMB2_COMPRESSION_TRANSFORM_ID) {
		pr_err_ratelimited("smb2 compression not support yet");
		return false;
		}

		if (*proto != SMB1_PROTO_NUMBER &&
		*proto != SMB2_PROTO_NUMBER &&
		*proto != SMB2_TRANSFORM_PROTO_NUM)
		return false;

		return true;
		}

		static bool supported_protocol(int idx)

+2 −2

Original line number	Diff line number	Diff line
		@@ -1290,7 +1290,7 @@ int smb_check_perm_dacl(struct ksmbd_conn conn, const struct path path,

		if (IS_ENABLED(CONFIG_FS_POSIX_ACL)) {
		posix_acls = get_inode_acl(d_inode(path->dentry), ACL_TYPE_ACCESS);
		if (posix_acls && !found) {
		if (!IS_ERR_OR_NULL(posix_acls) && !found) {
		unsigned int id = -1;

		pa_entry = posix_acls->a_entries;
		@@ -1314,7 +1314,7 @@ int smb_check_perm_dacl(struct ksmbd_conn conn, const struct path path,
		}
		}
		}
		if (posix_acls)
		if (!IS_ERR_OR_NULL(posix_acls))
		posix_acl_release(posix_acls);
		}