1. 13 Jul, 2023 2 commits
    • Paulo Alcantara's avatar
      smb: client: fix missed ses refcounting · bf99f6be
      Paulo Alcantara authored
      Use new cifs_smb_ses_inc_refcount() helper to get an active reference
      of @ses and @ses->dfs_root_ses (if set).  This will prevent
      @ses->dfs_root_ses of being put in the next call to cifs_put_smb_ses()
      and thus potentially causing an use-after-free bug.
      
      Fixes: 8e355415 ("cifs: fix sharing of DFS connections")
      Signed-off-by: default avatarPaulo Alcantara (SUSE) <pc@manguebit.com>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      bf99f6be
    • Gustavo A. R. Silva's avatar
      smb: client: Fix -Wstringop-overflow issues · f1f047bd
      Gustavo A. R. Silva authored
      pSMB->hdr.Protocol is an array of size 4 bytes, hence when the compiler
      analyzes this line of code
      
      	parm_data = ((char *) &pSMB->hdr.Protocol) + offset;
      
      it legitimately complains about the fact that offset points outside the
      bounds of the array. Notice that the compiler gives priority to the object
      as an array, rather than merely the address of one more byte in a structure
      to wich offset should be added (which seems to be the actual intention of
      the original implementation).
      
      Fix this by explicitly instructing the compiler to treat the code as a
      sequence of bytes in struct smb_com_transaction2_spi_req, and not as an
      array accessed through pointer notation.
      
      Notice that ((char *)pSMB) + sizeof(pSMB->hdr.smb_buf_length) points to
      the same address as ((char *) &pSMB->hdr.Protocol), therefore this results
      in no differences in binary output.
      
      Fixes the following -Wstringop-overflow warnings when built s390
      architecture with defconfig (GCC 13):
        CC [M]  fs/smb/client/cifssmb.o
      In function 'cifs_init_ace',
          inlined from 'posix_acl_to_cifs' at fs/smb/client/cifssmb.c:3046:3,
          inlined from 'cifs_do_set_acl' at fs/smb/client/cifssmb.c:3191:15:
      fs/smb/client/cifssmb.c:2987:31: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
       2987 |         cifs_ace->cifs_e_perm = local_ace->e_perm;
            |         ~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~
      In file included from fs/smb/client/cifssmb.c:27:
      fs/smb/client/cifspdu.h: In function 'cifs_do_set_acl':
      fs/smb/client/cifspdu.h:384:14: note: at offset [7, 11] into destination object 'Protocol' of size 4
        384 |         __u8 Protocol[4];
            |              ^~~~~~~~
      In function 'cifs_init_ace',
          inlined from 'posix_acl_to_cifs' at fs/smb/client/cifssmb.c:3046:3,
          inlined from 'cifs_do_set_acl' at fs/smb/client/cifssmb.c:3191:15:
      fs/smb/client/cifssmb.c:2988:30: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
       2988 |         cifs_ace->cifs_e_tag =  local_ace->e_tag;
            |         ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~
      fs/smb/client/cifspdu.h: In function 'cifs_do_set_acl':
      fs/smb/client/cifspdu.h:384:14: note: at offset [6, 10] into destination object 'Protocol' of size 4
        384 |         __u8 Protocol[4];
            |              ^~~~~~~~
      
      This helps with the ongoing efforts to globally enable
      -Wstringop-overflow.
      
      Link: https://github.com/KSPP/linux/issues/310
      Fixes: dc1af4c4 ("cifs: implement set acl method")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarGustavo A. R. Silva <gustavoars@kernel.org>
      Reviewed-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      f1f047bd
  2. 10 Jul, 2023 1 commit
  3. 09 Jul, 2023 10 commits
  4. 08 Jul, 2023 27 commits