Revision tags: v6.6.25, v6.6.24, v6.6.23 |
|
#
c8f7ad2d |
| 22-Feb-2024 |
Marios Makassikis <mmakassikis@freebox.fr> |
ksmbd: replace generic_fillattr with vfs_getattr
[ Upstream commit 5614c8c487f6af627614dd2efca038e4afe0c6d7 ]
generic_fillattr should not be used outside of ->getattr implementations.
Use vfs_geta
ksmbd: replace generic_fillattr with vfs_getattr
[ Upstream commit 5614c8c487f6af627614dd2efca038e4afe0c6d7 ]
generic_fillattr should not be used outside of ->getattr implementations.
Use vfs_getattr instead, and adapt functions to return an error code to the caller.
Cc: stable@vger.kernel.org Signed-off-by: Marios Makassikis <mmakassikis@freebox.fr> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
Revision tags: v6.6.25, v6.6.24, v6.6.23 |
|
#
c8f7ad2d |
| 22-Feb-2024 |
Marios Makassikis <mmakassikis@freebox.fr> |
ksmbd: replace generic_fillattr with vfs_getattr
[ Upstream commit 5614c8c487f6af627614dd2efca038e4afe0c6d7 ]
generic_fillattr should not be used outside of ->getattr implementations.
Use vfs_geta
ksmbd: replace generic_fillattr with vfs_getattr
[ Upstream commit 5614c8c487f6af627614dd2efca038e4afe0c6d7 ]
generic_fillattr should not be used outside of ->getattr implementations.
Use vfs_getattr instead, and adapt functions to return an error code to the caller.
Cc: stable@vger.kernel.org Signed-off-by: Marios Makassikis <mmakassikis@freebox.fr> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
Revision tags: v6.6.16, v6.6.15, v6.6.14, v6.6.13, v6.6.12, v6.6.11, v6.6.10, v6.6.9, v6.6.8, v6.6.7, v6.6.6, v6.6.5 |
|
#
acf50ff9 |
| 08-Dec-2023 |
Li Nan <linan122@huawei.com> |
ksmbd: validate the zero field of packet header
[ Upstream commit 516b3eb8c8065f7465f87608d37a7ed08298c7a5 ]
The SMB2 Protocol requires that "The first byte of the Direct TCP transport packet heade
ksmbd: validate the zero field of packet header
[ Upstream commit 516b3eb8c8065f7465f87608d37a7ed08298c7a5 ]
The SMB2 Protocol requires that "The first byte of the Direct TCP transport packet header MUST be zero (0x00)"[1]. Commit 1c1bcf2d3ea0 ("ksmbd: validate smb request protocol id") removed the validation of this 1-byte zero. Add the validation back now.
[1]: [MS-SMB2] - v20230227, page 30. https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-SMB2/%5bMS-SMB2%5d-230227.pdf
Fixes: 1c1bcf2d3ea0 ("ksmbd: validate smb request protocol id") Signed-off-by: Li Nan <linan122@huawei.com> Acked-by: Tom Talpey <tom@talpey.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
Revision tags: v6.6.4, v6.6.3, v6.6.2, v6.5.11, v6.6.1 |
|
#
f4f863a0 |
| 07-Nov-2023 |
Namjae Jeon <linkinjeon@kernel.org> |
ksmbd: handle malformed smb1 message
commit 5a5409d90bd05f87fe5623a749ccfbf3f7c7d400 upstream.
If set_smb1_rsp_status() is not implemented, It will cause NULL pointer dereferece error when client s
ksmbd: handle malformed smb1 message
commit 5a5409d90bd05f87fe5623a749ccfbf3f7c7d400 upstream.
If set_smb1_rsp_status() is not implemented, It will cause NULL pointer dereferece error when client send malformed smb1 message. This patch add set_smb1_rsp_status() to ignore malformed smb1 message.
Cc: stable@vger.kernel.org Reported-by: Robert Morris <rtm@csail.mit.edu> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
Revision tags: v6.5.10, v6.6, v6.5.9, v6.5.8, v6.5.7, v6.5.6, v6.5.5, v6.5.4, v6.5.3, v6.5.2, v6.1.51, v6.5.1, v6.1.50 |
|
#
e2b76ab8 |
| 29-Aug-2023 |
Namjae Jeon <linkinjeon@kernel.org> |
ksmbd: add support for read compound
MacOS sends a compound request including read to the server (e.g. open-read-close). So far, ksmbd has not handled read as a compound request. For compatibility b
ksmbd: add support for read compound
MacOS sends a compound request including read to the server (e.g. open-read-close). So far, ksmbd has not handled read as a compound request. For compatibility between ksmbd and an OS that supports SMB, This patch provides compound support for read requests.
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
show more ...
|
Revision tags: v6.5, v6.1.49, v6.1.48, v6.1.46, v6.1.45, v6.1.44, v6.1.43, v6.1.42, v6.1.41, v6.1.40 |
|
#
536bb492 |
| 23-Jul-2023 |
Namjae Jeon <linkinjeon@kernel.org> |
ksmbd: fix out of bounds in init_smb2_rsp_hdr()
If client send smb2 negotiate request and then send smb1 negotiate request, init_smb2_rsp_hdr is called for smb1 negotiate request since need_neg is s
ksmbd: fix out of bounds in init_smb2_rsp_hdr()
If client send smb2 negotiate request and then send smb1 negotiate request, init_smb2_rsp_hdr is called for smb1 negotiate request since need_neg is set to false. This patch ignore smb1 packets after ->need_neg is set to false.
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21541 Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
show more ...
|
Revision tags: v6.1.39, v6.1.38, v6.1.37, v6.1.36, v6.4, v6.1.35 |
|
#
9cedc58b |
| 19-Jun-2023 |
Arnd Bergmann <arnd@arndb.de> |
ksmbd: avoid field overflow warning
clang warns about a possible field overflow in a memcpy:
In file included from fs/smb/server/smb_common.c:7: include/linux/fortify-string.h:583:4: error: call to
ksmbd: avoid field overflow warning
clang warns about a possible field overflow in a memcpy:
In file included from fs/smb/server/smb_common.c:7: include/linux/fortify-string.h:583:4: error: call to '__write_overflow_field' declared with 'warning' attribute: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror,-Wattribute-warning] __write_overflow_field(p_size_field, size);
It appears to interpret the "&out[baselen + 4]" as referring to a single byte of the character array, while the equivalen "out + baselen + 4" is seen as an offset into the array.
I don't see that kind of warning elsewhere, so just go with the simple rework.
Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
show more ...
|
#
5211cc87 |
| 21-Jun-2023 |
Gustavo A. R. Silva <gustavoars@kernel.org> |
ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect()
Prefer struct_size() over open-coded versions.
Link: https://github.com/KSPP/linux/issues/160 Signed-off-by: Gustavo A. R. Silva <gu
ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect()
Prefer struct_size() over open-coded versions.
Link: https://github.com/KSPP/linux/issues/160 Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org> Signed-off-by: Steve French <stfrench@microsoft.com>
show more ...
|
Revision tags: v6.1.34, v6.1.33, v6.1.32, v6.1.31, v6.1.30, v6.1.29, v6.1.28 |
|
#
f87d4f85 |
| 05-May-2023 |
Namjae Jeon <linkinjeon@kernel.org> |
ksmbd: use kzalloc() instead of __GFP_ZERO
Use kzalloc() instead of __GFP_ZERO.
Reported-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Reviewed-by: Sergey
ksmbd: use kzalloc() instead of __GFP_ZERO
Use kzalloc() instead of __GFP_ZERO.
Reported-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org> Signed-off-by: Steve French <stfrench@microsoft.com>
show more ...
|
#
1c1bcf2d |
| 31-May-2023 |
Namjae Jeon <linkinjeon@kernel.org> |
ksmbd: validate smb request protocol id
This patch add the validation for smb request protocol id. If it is not one of the four ids(SMB1_PROTO_NUMBER, SMB2_PROTO_NUMBER, SMB2_TRANSFORM_PROTO_NUM, SM
ksmbd: validate smb request protocol id
This patch add the validation for smb request protocol id. If it is not one of the four ids(SMB1_PROTO_NUMBER, SMB2_PROTO_NUMBER, SMB2_TRANSFORM_PROTO_NUM, SMB2_COMPRESSION_TRANSFORM_ID), don't allow processing the request. And this will fix the following KASAN warning also.
[ 13.905265] BUG: KASAN: slab-out-of-bounds in init_smb2_rsp_hdr+0x1b9/0x1f0 [ 13.905900] Read of size 16 at addr ffff888005fd2f34 by task kworker/0:2/44 ... [ 13.908553] Call Trace: [ 13.908793] <TASK> [ 13.908995] dump_stack_lvl+0x33/0x50 [ 13.909369] print_report+0xcc/0x620 [ 13.910870] kasan_report+0xae/0xe0 [ 13.911519] kasan_check_range+0x35/0x1b0 [ 13.911796] init_smb2_rsp_hdr+0x1b9/0x1f0 [ 13.912492] handle_ksmbd_work+0xe5/0x820
Cc: stable@vger.kernel.org Reported-by: Chih-Yen Chang <cc85nod@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
show more ...
|
#
38c8a9a5 |
| 21-May-2023 |
Steve French <stfrench@microsoft.com> |
smb: move client and server files to common directory fs/smb
Move CIFS/SMB3 related client and server files (cifs.ko and ksmbd.ko and helper modules) to new fs/smb subdirectory:
fs/cifs --> fs/s
smb: move client and server files to common directory fs/smb
Move CIFS/SMB3 related client and server files (cifs.ko and ksmbd.ko and helper modules) to new fs/smb subdirectory:
fs/cifs --> fs/smb/client fs/ksmbd --> fs/smb/server fs/smbfs_common --> fs/smb/common
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
show more ...
|