Commit a6132241 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag '5.16-rc-ksmbd-fixes' of git://git.samba.org/ksmbd 

Pull ksmbd updates from Steve French:
 "Several smb server fixes; three for stable:

   - important fix for negotiation info validation

   - fix alignment check in packet validation

   - cleanup of dead code (like MD4)

   - refactoring some protocol headers to use common code in smbfs_common"

* tag '5.16-rc-ksmbd-fixes' of git://git.samba.org/ksmbd:
  ksmbd: Use the SMB3_Create definitions from the shared
  ksmbd: Move more definitions into the shared area
  ksmbd: use the common definitions for NEGOTIATE_PROTOCOL
  ksmbd: switch to use shared definitions where available
  ksmbd: change LeaseKey data type to u8 array
  ksmbd: remove smb2_buf_length in smb2_transform_hdr
  ksmbd: remove smb2_buf_length in smb2_hdr
  ksmbd: remove md4 leftovers
  ksmbd: set unique value to volume serial field in FS_VOLUME_INFORMATION
  ksmbd: don't need 8byte alignment for request length in ksmbd_check_message
  ksmbd: Fix buffer length check in fsctl_validate_negotiate_info()
  ksmbd: Remove redundant 'flush_workqueue()' calls
  ksmdb: use cmd helper variable in smb2_get_ksmbd_tcon()
  ksmbd: use ksmbd_req_buf_next() in ksmbd_smb2_check_message()
  ksmbd: use ksmbd_req_buf_next() in ksmbd_verify_smb_message()
parents 0ecca62b 26a2787d

fs/ksmbd/Kconfig

+1 −1
Original line number Diff line number Diff line
@@ -6,7 +6,6 @@ config SMB_SERVER 
	select NLS

	select NLS_UTF8

	select CRYPTO

	select CRYPTO_MD4

	select CRYPTO_MD5

	select CRYPTO_HMAC

	select CRYPTO_ECB
@@ -19,6 +18,7 @@ config SMB_SERVER 
	select CRYPTO_GCM

	select ASN1

	select OID_REGISTRY

	select CRC32

	default n

	help

	  Choose Y here if you want to allow SMB3 compliant clients

fs/ksmbd/auth.c

+5 −6
Original line number Diff line number Diff line
@@ -873,9 +873,9 @@ int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf, 
				     __u8 *pi_hash)

{

	int rc;

	struct smb2_hdr *rcv_hdr = (struct smb2_hdr *)buf;

	struct smb2_hdr *rcv_hdr = smb2_get_msg(buf);

	char *all_bytes_msg = (char *)&rcv_hdr->ProtocolId;

	int msg_size = be32_to_cpu(rcv_hdr->smb2_buf_length);

	int msg_size = get_rfc1002_len(buf);

	struct ksmbd_crypto_ctx *ctx = NULL;



	if (conn->preauth_info->Preauth_HashId !=
@@ -983,7 +983,7 @@ static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec, 
					 u8 *sign)

{

	struct scatterlist *sg;

	unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 24;

	unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;

	int i, nr_entries[3] = {0}, total_entries = 0, sg_idx = 0;



	if (!nvec)
@@ -1047,9 +1047,8 @@ static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec, 
int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov,

			unsigned int nvec, int enc)

{

	struct smb2_transform_hdr *tr_hdr =

		(struct smb2_transform_hdr *)iov[0].iov_base;

	unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 24;

	struct smb2_transform_hdr *tr_hdr = smb2_get_msg(iov[0].iov_base);

	unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;

	int rc;

	struct scatterlist *sg;

	u8 sign[SMB2_SIGNATURE_SIZE] = {};

fs/ksmbd/connection.c

+5 −6
Original line number Diff line number Diff line
@@ -158,26 +158,25 @@ void ksmbd_conn_wait_idle(struct ksmbd_conn *conn) 
int ksmbd_conn_write(struct ksmbd_work *work)

{

	struct ksmbd_conn *conn = work->conn;

	struct smb_hdr *rsp_hdr = work->response_buf;

	size_t len = 0;

	int sent;

	struct kvec iov[3];

	int iov_idx = 0;



	ksmbd_conn_try_dequeue_request(work);

	if (!rsp_hdr) {

	if (!work->response_buf) {

		pr_err("NULL response header\n");

		return -EINVAL;

	}



	if (work->tr_buf) {

		iov[iov_idx] = (struct kvec) { work->tr_buf,

				sizeof(struct smb2_transform_hdr) };

				sizeof(struct smb2_transform_hdr) + 4 };

		len += iov[iov_idx++].iov_len;

	}



	if (work->aux_payload_sz) {

		iov[iov_idx] = (struct kvec) { rsp_hdr, work->resp_hdr_sz };

		iov[iov_idx] = (struct kvec) { work->response_buf, work->resp_hdr_sz };

		len += iov[iov_idx++].iov_len;

		iov[iov_idx] = (struct kvec) { work->aux_payload_buf, work->aux_payload_sz };

		len += iov[iov_idx++].iov_len;
@@ -185,8 +184,8 @@ int ksmbd_conn_write(struct ksmbd_work *work) 
		if (work->tr_buf)

			iov[iov_idx].iov_len = work->resp_hdr_sz;

		else

			iov[iov_idx].iov_len = get_rfc1002_len(rsp_hdr) + 4;

		iov[iov_idx].iov_base = rsp_hdr;

			iov[iov_idx].iov_len = get_rfc1002_len(work->response_buf) + 4;

		iov[iov_idx].iov_base = work->response_buf;

		len += iov[iov_idx++].iov_len;

	}

fs/ksmbd/ksmbd_work.c

+0 −1
Original line number Diff line number Diff line
@@ -69,7 +69,6 @@ int ksmbd_workqueue_init(void) 


void ksmbd_workqueue_destroy(void)

{

	flush_workqueue(ksmbd_wq);

	destroy_workqueue(ksmbd_wq);

	ksmbd_wq = NULL;

}

fs/ksmbd/ksmbd_work.h

+2 −2
Original line number Diff line number Diff line
@@ -92,7 +92,7 @@ struct ksmbd_work { 
 */

static inline void *ksmbd_resp_buf_next(struct ksmbd_work *work)

{

	return work->response_buf + work->next_smb2_rsp_hdr_off;

	return work->response_buf + work->next_smb2_rsp_hdr_off + 4;

}



/**
@@ -101,7 +101,7 @@ static inline void *ksmbd_resp_buf_next(struct ksmbd_work *work) 
 */

static inline void *ksmbd_req_buf_next(struct ksmbd_work *work)

{

	return work->request_buf + work->next_smb2_rcv_hdr_off;

	return work->request_buf + work->next_smb2_rcv_hdr_off + 4;

}



struct ksmbd_work *ksmbd_alloc_work_struct(void);