Commit 8976e9d0 authored by Linus Torvalds's avatar Linus Torvalds

Merge tag '6.5-rc-ksmbd-server-fixes-part1' of git://git.samba.org/ksmbd

Pull ksmbd server updates from Steve French:

 - two fixes for compounding bugs (make sure no out of bound reads with
   less common combinations of commands in the compound)

 - eight minor cleanup patches (e.g. simplifying return values, replace
   one element array, use of kzalloc where simpler)

 - fix for clang warning on possible overflow in filename conversion

* tag '6.5-rc-ksmbd-server-fixes-part1' of git://git.samba.org/ksmbd:
  ksmbd: avoid field overflow warning
  ksmbd: Replace one-element array with flexible-array member
  ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect()
  ksmbd: add missing compound request handing in some commands
  ksmbd: fix out of bounds read in smb2_sess_setup
  ksmbd: Replace the ternary conditional operator with min()
  ksmbd: use kvzalloc instead of kvmalloc
  ksmbd: Change the return value of ksmbd_vfs_query_maximal_access to void
  ksmbd: return a literal instead of 'err' in ksmbd_vfs_kern_path_locked()
  ksmbd: use kzalloc() instead of __GFP_ZERO
  ksmbd: remove unused ksmbd_tree_conn_share function
parents ee152be1 9cedc58b
...@@ -120,17 +120,6 @@ struct ksmbd_tree_connect *ksmbd_tree_conn_lookup(struct ksmbd_session *sess, ...@@ -120,17 +120,6 @@ struct ksmbd_tree_connect *ksmbd_tree_conn_lookup(struct ksmbd_session *sess,
return tcon; return tcon;
} }
struct ksmbd_share_config *ksmbd_tree_conn_share(struct ksmbd_session *sess,
unsigned int id)
{
struct ksmbd_tree_connect *tc;
tc = ksmbd_tree_conn_lookup(sess, id);
if (tc)
return tc->share_conf;
return NULL;
}
int ksmbd_tree_conn_session_logoff(struct ksmbd_session *sess) int ksmbd_tree_conn_session_logoff(struct ksmbd_session *sess)
{ {
int ret = 0; int ret = 0;
......
...@@ -53,9 +53,6 @@ int ksmbd_tree_conn_disconnect(struct ksmbd_session *sess, ...@@ -53,9 +53,6 @@ int ksmbd_tree_conn_disconnect(struct ksmbd_session *sess,
struct ksmbd_tree_connect *ksmbd_tree_conn_lookup(struct ksmbd_session *sess, struct ksmbd_tree_connect *ksmbd_tree_conn_lookup(struct ksmbd_session *sess,
unsigned int id); unsigned int id);
struct ksmbd_share_config *ksmbd_tree_conn_share(struct ksmbd_session *sess,
unsigned int id);
int ksmbd_tree_conn_session_logoff(struct ksmbd_session *sess); int ksmbd_tree_conn_session_logoff(struct ksmbd_session *sess);
#endif /* __TREE_CONNECT_MANAGEMENT_H__ */ #endif /* __TREE_CONNECT_MANAGEMENT_H__ */
This diff is collapsed.
...@@ -266,7 +266,7 @@ static int ksmbd_negotiate_smb_dialect(void *buf) ...@@ -266,7 +266,7 @@ static int ksmbd_negotiate_smb_dialect(void *buf)
if (smb2_neg_size > smb_buf_length) if (smb2_neg_size > smb_buf_length)
goto err_out; goto err_out;
if (smb2_neg_size + le16_to_cpu(req->DialectCount) * sizeof(__le16) > if (struct_size(req, Dialects, le16_to_cpu(req->DialectCount)) >
smb_buf_length) smb_buf_length)
goto err_out; goto err_out;
...@@ -359,8 +359,8 @@ static int smb1_check_user_session(struct ksmbd_work *work) ...@@ -359,8 +359,8 @@ static int smb1_check_user_session(struct ksmbd_work *work)
*/ */
static int smb1_allocate_rsp_buf(struct ksmbd_work *work) static int smb1_allocate_rsp_buf(struct ksmbd_work *work)
{ {
work->response_buf = kmalloc(MAX_CIFS_SMALL_BUFFER_SIZE, work->response_buf = kzalloc(MAX_CIFS_SMALL_BUFFER_SIZE,
GFP_KERNEL | __GFP_ZERO); GFP_KERNEL);
work->response_sz = MAX_CIFS_SMALL_BUFFER_SIZE; work->response_sz = MAX_CIFS_SMALL_BUFFER_SIZE;
if (!work->response_buf) { if (!work->response_buf) {
...@@ -536,7 +536,7 @@ int ksmbd_extract_shortname(struct ksmbd_conn *conn, const char *longname, ...@@ -536,7 +536,7 @@ int ksmbd_extract_shortname(struct ksmbd_conn *conn, const char *longname,
out[baselen + 3] = PERIOD; out[baselen + 3] = PERIOD;
if (dot_present) if (dot_present)
memcpy(&out[baselen + 4], extension, 4); memcpy(out + baselen + 4, extension, 4);
else else
out[baselen + 4] = '\0'; out[baselen + 4] = '\0';
smbConvertToUTF16((__le16 *)shortname, out, PATH_MAX, smbConvertToUTF16((__le16 *)shortname, out, PATH_MAX,
......
...@@ -200,7 +200,7 @@ struct smb_hdr { ...@@ -200,7 +200,7 @@ struct smb_hdr {
struct smb_negotiate_req { struct smb_negotiate_req {
struct smb_hdr hdr; /* wct = 0 */ struct smb_hdr hdr; /* wct = 0 */
__le16 ByteCount; __le16 ByteCount;
unsigned char DialectsArray[1]; unsigned char DialectsArray[];
} __packed; } __packed;
struct smb_negotiate_rsp { struct smb_negotiate_rsp {
......
...@@ -97,7 +97,7 @@ int compare_sids(const struct smb_sid *ctsid, const struct smb_sid *cwsid) ...@@ -97,7 +97,7 @@ int compare_sids(const struct smb_sid *ctsid, const struct smb_sid *cwsid)
/* compare all of the subauth values if any */ /* compare all of the subauth values if any */
num_sat = ctsid->num_subauth; num_sat = ctsid->num_subauth;
num_saw = cwsid->num_subauth; num_saw = cwsid->num_subauth;
num_subauth = num_sat < num_saw ? num_sat : num_saw; num_subauth = min(num_sat, num_saw);
if (num_subauth) { if (num_subauth) {
for (i = 0; i < num_subauth; ++i) { for (i = 0; i < num_subauth; ++i) {
if (ctsid->sub_auth[i] != cwsid->sub_auth[i]) { if (ctsid->sub_auth[i] != cwsid->sub_auth[i]) {
......
...@@ -229,7 +229,7 @@ static struct ksmbd_ipc_msg *ipc_msg_alloc(size_t sz) ...@@ -229,7 +229,7 @@ static struct ksmbd_ipc_msg *ipc_msg_alloc(size_t sz)
struct ksmbd_ipc_msg *msg; struct ksmbd_ipc_msg *msg;
size_t msg_sz = sz + sizeof(struct ksmbd_ipc_msg); size_t msg_sz = sz + sizeof(struct ksmbd_ipc_msg);
msg = kvmalloc(msg_sz, GFP_KERNEL | __GFP_ZERO); msg = kvzalloc(msg_sz, GFP_KERNEL);
if (msg) if (msg)
msg->sz = sz; msg->sz = sz;
return msg; return msg;
...@@ -268,7 +268,7 @@ static int handle_response(int type, void *payload, size_t sz) ...@@ -268,7 +268,7 @@ static int handle_response(int type, void *payload, size_t sz)
entry->type + 1, type); entry->type + 1, type);
} }
entry->response = kvmalloc(sz, GFP_KERNEL | __GFP_ZERO); entry->response = kvzalloc(sz, GFP_KERNEL);
if (!entry->response) { if (!entry->response) {
ret = -ENOMEM; ret = -ENOMEM;
break; break;
......
...@@ -121,11 +121,9 @@ static int ksmbd_vfs_path_lookup_locked(struct ksmbd_share_config *share_conf, ...@@ -121,11 +121,9 @@ static int ksmbd_vfs_path_lookup_locked(struct ksmbd_share_config *share_conf,
return -ENOENT; return -ENOENT;
} }
int ksmbd_vfs_query_maximal_access(struct mnt_idmap *idmap, void ksmbd_vfs_query_maximal_access(struct mnt_idmap *idmap,
struct dentry *dentry, __le32 *daccess) struct dentry *dentry, __le32 *daccess)
{ {
int ret = 0;
*daccess = cpu_to_le32(FILE_READ_ATTRIBUTES | READ_CONTROL); *daccess = cpu_to_le32(FILE_READ_ATTRIBUTES | READ_CONTROL);
if (!inode_permission(idmap, d_inode(dentry), MAY_OPEN | MAY_WRITE)) if (!inode_permission(idmap, d_inode(dentry), MAY_OPEN | MAY_WRITE))
...@@ -142,8 +140,6 @@ int ksmbd_vfs_query_maximal_access(struct mnt_idmap *idmap, ...@@ -142,8 +140,6 @@ int ksmbd_vfs_query_maximal_access(struct mnt_idmap *idmap,
if (!inode_permission(idmap, d_inode(dentry->d_parent), MAY_EXEC | MAY_WRITE)) if (!inode_permission(idmap, d_inode(dentry->d_parent), MAY_EXEC | MAY_WRITE))
*daccess |= FILE_DELETE_LE; *daccess |= FILE_DELETE_LE;
return ret;
} }
/** /**
...@@ -440,7 +436,7 @@ static int ksmbd_vfs_stream_write(struct ksmbd_file *fp, char *buf, loff_t *pos, ...@@ -440,7 +436,7 @@ static int ksmbd_vfs_stream_write(struct ksmbd_file *fp, char *buf, loff_t *pos,
} }
if (v_len < size) { if (v_len < size) {
wbuf = kvmalloc(size, GFP_KERNEL | __GFP_ZERO); wbuf = kvzalloc(size, GFP_KERNEL);
if (!wbuf) { if (!wbuf) {
err = -ENOMEM; err = -ENOMEM;
goto out; goto out;
...@@ -857,7 +853,7 @@ ssize_t ksmbd_vfs_listxattr(struct dentry *dentry, char **list) ...@@ -857,7 +853,7 @@ ssize_t ksmbd_vfs_listxattr(struct dentry *dentry, char **list)
if (size <= 0) if (size <= 0)
return size; return size;
vlist = kvmalloc(size, GFP_KERNEL | __GFP_ZERO); vlist = kvzalloc(size, GFP_KERNEL);
if (!vlist) if (!vlist)
return -ENOMEM; return -ENOMEM;
...@@ -1207,7 +1203,7 @@ int ksmbd_vfs_kern_path_locked(struct ksmbd_work *work, char *name, ...@@ -1207,7 +1203,7 @@ int ksmbd_vfs_kern_path_locked(struct ksmbd_work *work, char *name,
err = ksmbd_vfs_path_lookup_locked(share_conf, name, flags, path); err = ksmbd_vfs_path_lookup_locked(share_conf, name, flags, path);
if (!err) if (!err)
return err; return 0;
if (caseless) { if (caseless) {
char *filepath; char *filepath;
......
...@@ -72,7 +72,7 @@ struct ksmbd_kstat { ...@@ -72,7 +72,7 @@ struct ksmbd_kstat {
}; };
int ksmbd_vfs_lock_parent(struct dentry *parent, struct dentry *child); int ksmbd_vfs_lock_parent(struct dentry *parent, struct dentry *child);
int ksmbd_vfs_query_maximal_access(struct mnt_idmap *idmap, void ksmbd_vfs_query_maximal_access(struct mnt_idmap *idmap,
struct dentry *dentry, __le32 *daccess); struct dentry *dentry, __le32 *daccess);
int ksmbd_vfs_create(struct ksmbd_work *work, const char *name, umode_t mode); int ksmbd_vfs_create(struct ksmbd_work *work, const char *name, umode_t mode);
int ksmbd_vfs_mkdir(struct ksmbd_work *work, const char *name, umode_t mode); int ksmbd_vfs_mkdir(struct ksmbd_work *work, const char *name, umode_t mode);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment