Commit 8976e9d0 authored by Linus Torvalds's avatar Linus Torvalds

Merge tag '6.5-rc-ksmbd-server-fixes-part1' of git://git.samba.org/ksmbd

Pull ksmbd server updates from Steve French:

 - two fixes for compounding bugs (make sure no out of bound reads with
   less common combinations of commands in the compound)

 - eight minor cleanup patches (e.g. simplifying return values, replace
   one element array, use of kzalloc where simpler)

 - fix for clang warning on possible overflow in filename conversion

* tag '6.5-rc-ksmbd-server-fixes-part1' of git://git.samba.org/ksmbd:
  ksmbd: avoid field overflow warning
  ksmbd: Replace one-element array with flexible-array member
  ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect()
  ksmbd: add missing compound request handing in some commands
  ksmbd: fix out of bounds read in smb2_sess_setup
  ksmbd: Replace the ternary conditional operator with min()
  ksmbd: use kvzalloc instead of kvmalloc
  ksmbd: Change the return value of ksmbd_vfs_query_maximal_access to void
  ksmbd: return a literal instead of 'err' in ksmbd_vfs_kern_path_locked()
  ksmbd: use kzalloc() instead of __GFP_ZERO
  ksmbd: remove unused ksmbd_tree_conn_share function
parents ee152be1 9cedc58b
......@@ -120,17 +120,6 @@ struct ksmbd_tree_connect *ksmbd_tree_conn_lookup(struct ksmbd_session *sess,
return tcon;
}
struct ksmbd_share_config *ksmbd_tree_conn_share(struct ksmbd_session *sess,
unsigned int id)
{
struct ksmbd_tree_connect *tc;
tc = ksmbd_tree_conn_lookup(sess, id);
if (tc)
return tc->share_conf;
return NULL;
}
int ksmbd_tree_conn_session_logoff(struct ksmbd_session *sess)
{
int ret = 0;
......
......@@ -53,9 +53,6 @@ int ksmbd_tree_conn_disconnect(struct ksmbd_session *sess,
struct ksmbd_tree_connect *ksmbd_tree_conn_lookup(struct ksmbd_session *sess,
unsigned int id);
struct ksmbd_share_config *ksmbd_tree_conn_share(struct ksmbd_session *sess,
unsigned int id);
int ksmbd_tree_conn_session_logoff(struct ksmbd_session *sess);
#endif /* __TREE_CONNECT_MANAGEMENT_H__ */
This diff is collapsed.
......@@ -266,7 +266,7 @@ static int ksmbd_negotiate_smb_dialect(void *buf)
if (smb2_neg_size > smb_buf_length)
goto err_out;
if (smb2_neg_size + le16_to_cpu(req->DialectCount) * sizeof(__le16) >
if (struct_size(req, Dialects, le16_to_cpu(req->DialectCount)) >
smb_buf_length)
goto err_out;
......@@ -359,8 +359,8 @@ static int smb1_check_user_session(struct ksmbd_work *work)
*/
static int smb1_allocate_rsp_buf(struct ksmbd_work *work)
{
work->response_buf = kmalloc(MAX_CIFS_SMALL_BUFFER_SIZE,
GFP_KERNEL | __GFP_ZERO);
work->response_buf = kzalloc(MAX_CIFS_SMALL_BUFFER_SIZE,
GFP_KERNEL);
work->response_sz = MAX_CIFS_SMALL_BUFFER_SIZE;
if (!work->response_buf) {
......@@ -536,7 +536,7 @@ int ksmbd_extract_shortname(struct ksmbd_conn *conn, const char *longname,
out[baselen + 3] = PERIOD;
if (dot_present)
memcpy(&out[baselen + 4], extension, 4);
memcpy(out + baselen + 4, extension, 4);
else
out[baselen + 4] = '\0';
smbConvertToUTF16((__le16 *)shortname, out, PATH_MAX,
......
......@@ -200,7 +200,7 @@ struct smb_hdr {
struct smb_negotiate_req {
struct smb_hdr hdr; /* wct = 0 */
__le16 ByteCount;
unsigned char DialectsArray[1];
unsigned char DialectsArray[];
} __packed;
struct smb_negotiate_rsp {
......
......@@ -97,7 +97,7 @@ int compare_sids(const struct smb_sid *ctsid, const struct smb_sid *cwsid)
/* compare all of the subauth values if any */
num_sat = ctsid->num_subauth;
num_saw = cwsid->num_subauth;
num_subauth = num_sat < num_saw ? num_sat : num_saw;
num_subauth = min(num_sat, num_saw);
if (num_subauth) {
for (i = 0; i < num_subauth; ++i) {
if (ctsid->sub_auth[i] != cwsid->sub_auth[i]) {
......
......@@ -229,7 +229,7 @@ static struct ksmbd_ipc_msg *ipc_msg_alloc(size_t sz)
struct ksmbd_ipc_msg *msg;
size_t msg_sz = sz + sizeof(struct ksmbd_ipc_msg);
msg = kvmalloc(msg_sz, GFP_KERNEL | __GFP_ZERO);
msg = kvzalloc(msg_sz, GFP_KERNEL);
if (msg)
msg->sz = sz;
return msg;
......@@ -268,7 +268,7 @@ static int handle_response(int type, void *payload, size_t sz)
entry->type + 1, type);
}
entry->response = kvmalloc(sz, GFP_KERNEL | __GFP_ZERO);
entry->response = kvzalloc(sz, GFP_KERNEL);
if (!entry->response) {
ret = -ENOMEM;
break;
......
......@@ -121,11 +121,9 @@ static int ksmbd_vfs_path_lookup_locked(struct ksmbd_share_config *share_conf,
return -ENOENT;
}
int ksmbd_vfs_query_maximal_access(struct mnt_idmap *idmap,
void ksmbd_vfs_query_maximal_access(struct mnt_idmap *idmap,
struct dentry *dentry, __le32 *daccess)
{
int ret = 0;
*daccess = cpu_to_le32(FILE_READ_ATTRIBUTES | READ_CONTROL);
if (!inode_permission(idmap, d_inode(dentry), MAY_OPEN | MAY_WRITE))
......@@ -142,8 +140,6 @@ int ksmbd_vfs_query_maximal_access(struct mnt_idmap *idmap,
if (!inode_permission(idmap, d_inode(dentry->d_parent), MAY_EXEC | MAY_WRITE))
*daccess |= FILE_DELETE_LE;
return ret;
}
/**
......@@ -440,7 +436,7 @@ static int ksmbd_vfs_stream_write(struct ksmbd_file *fp, char *buf, loff_t *pos,
}
if (v_len < size) {
wbuf = kvmalloc(size, GFP_KERNEL | __GFP_ZERO);
wbuf = kvzalloc(size, GFP_KERNEL);
if (!wbuf) {
err = -ENOMEM;
goto out;
......@@ -857,7 +853,7 @@ ssize_t ksmbd_vfs_listxattr(struct dentry *dentry, char **list)
if (size <= 0)
return size;
vlist = kvmalloc(size, GFP_KERNEL | __GFP_ZERO);
vlist = kvzalloc(size, GFP_KERNEL);
if (!vlist)
return -ENOMEM;
......@@ -1207,7 +1203,7 @@ int ksmbd_vfs_kern_path_locked(struct ksmbd_work *work, char *name,
err = ksmbd_vfs_path_lookup_locked(share_conf, name, flags, path);
if (!err)
return err;
return 0;
if (caseless) {
char *filepath;
......
......@@ -72,7 +72,7 @@ struct ksmbd_kstat {
};
int ksmbd_vfs_lock_parent(struct dentry *parent, struct dentry *child);
int ksmbd_vfs_query_maximal_access(struct mnt_idmap *idmap,
void ksmbd_vfs_query_maximal_access(struct mnt_idmap *idmap,
struct dentry *dentry, __le32 *daccess);
int ksmbd_vfs_create(struct ksmbd_work *work, const char *name, umode_t mode);
int ksmbd_vfs_mkdir(struct ksmbd_work *work, const char *name, umode_t mode);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment