tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag '6.2-rc5-ksmbd-server-fixes' of git://git.samba.org/ksmbd

Pull ksmbd server fixes from Steve French:
"Four smb3 server fixes, all also for stable:

- fix for signing bug

- fix to more strictly check packet length

- add a max connections parm to limit simultaneous connections

- fix error message flood that can occur with newer Samba xattr
format"

* tag '6.2-rc5-ksmbd-server-fixes' of git://git.samba.org/ksmbd:
ksmbd: downgrade ndr version error message to debug
ksmbd: limit pdu length size according to connection status
ksmbd: do not sign response to session request for guest login
ksmbd: add max connections parameter

Linus Torvalds 2543fdbd 5af6ce70

+46 -10
+15 -2
fs/ksmbd/connection.c
··· 280 280 { 281 281 struct ksmbd_conn *conn = (struct ksmbd_conn *)p; 282 282 struct ksmbd_transport *t = conn->transport; 283 - unsigned int pdu_size; 283 + unsigned int pdu_size, max_allowed_pdu_size; 284 284 char hdr_buf[4] = {0,}; 285 285 int size; 286 286 ··· 305 305 pdu_size = get_rfc1002_len(hdr_buf); 306 306 ksmbd_debug(CONN, "RFC1002 header %u bytes\n", pdu_size); 307 307 308 + if (conn->status == KSMBD_SESS_GOOD) 309 + max_allowed_pdu_size = 310 + SMB3_MAX_MSGSIZE + conn->vals->max_write_size; 311 + else 312 + max_allowed_pdu_size = SMB3_MAX_MSGSIZE; 313 + 314 + if (pdu_size > max_allowed_pdu_size) { 315 + pr_err_ratelimited("PDU length(%u) excceed maximum allowed pdu size(%u) on connection(%d)\n", 316 + pdu_size, max_allowed_pdu_size, 317 + conn->status); 318 + break; 319 + } 320 + 308 321 /* 309 322 * Check if pdu size is valid (min : smb header size, 310 323 * max : 0x00FFFFFF). 311 324 */ 312 325 if (pdu_size < __SMB2_HEADER_STRUCTURE_SIZE || 313 326 pdu_size > MAX_STREAM_PROT_LEN) { 314 - continue; 327 + break; 315 328 } 316 329 317 330 /* 4 for rfc1002 length field */
+2 -1
fs/ksmbd/ksmbd_netlink.h
··· 106 106 __u32 sub_auth[3]; /* Subauth value for Security ID */ 107 107 __u32 smb2_max_credits; /* MAX credits */ 108 108 __u32 smbd_max_io_size; /* smbd read write size */ 109 - __u32 reserved[127]; /* Reserved room */ 109 + __u32 max_connections; /* Number of maximum simultaneous connections */ 110 + __u32 reserved[126]; /* Reserved room */ 110 111 __u32 ifc_list_sz; /* interfaces list size */ 111 112 __s8 ____payload[]; 112 113 };
+4 -4
fs/ksmbd/ndr.c
··· 242 242 return ret; 243 243 244 244 if (da->version != 3 && da->version != 4) { 245 - pr_err("v%d version is not supported\n", da->version); 245 + ksmbd_debug(VFS, "v%d version is not supported\n", da->version); 246 246 return -EINVAL; 247 247 } 248 248 ··· 251 251 return ret; 252 252 253 253 if (da->version != version2) { 254 - pr_err("ndr version mismatched(version: %d, version2: %d)\n", 254 + ksmbd_debug(VFS, "ndr version mismatched(version: %d, version2: %d)\n", 255 255 da->version, version2); 256 256 return -EINVAL; 257 257 } ··· 457 457 if (ret) 458 458 return ret; 459 459 if (acl->version != 4) { 460 - pr_err("v%d version is not supported\n", acl->version); 460 + ksmbd_debug(VFS, "v%d version is not supported\n", acl->version); 461 461 return -EINVAL; 462 462 } 463 463 ··· 465 465 if (ret) 466 466 return ret; 467 467 if (acl->version != version2) { 468 - pr_err("ndr version mismatched(version: %d, version2: %d)\n", 468 + ksmbd_debug(VFS, "ndr version mismatched(version: %d, version2: %d)\n", 469 469 acl->version, version2); 470 470 return -EINVAL; 471 471 }
+1
fs/ksmbd/server.h
··· 41 41 unsigned int share_fake_fscaps; 42 42 struct smb_sid domain_sid; 43 43 unsigned int auth_mechs; 44 + unsigned int max_connections; 44 45 45 46 char *conf[SERVER_CONF_WORK_GROUP + 1]; 46 47 };
+2
fs/ksmbd/smb2pdu.c
··· 8663 8663 bool smb3_11_final_sess_setup_resp(struct ksmbd_work *work) 8664 8664 { 8665 8665 struct ksmbd_conn *conn = work->conn; 8666 + struct ksmbd_session *sess = work->sess; 8666 8667 struct smb2_hdr *rsp = smb2_get_msg(work->response_buf); 8667 8668 8668 8669 if (conn->dialect < SMB30_PROT_ID) ··· 8673 8672 rsp = ksmbd_resp_buf_next(work); 8674 8673 8675 8674 if (le16_to_cpu(rsp->Command) == SMB2_SESSION_SETUP_HE && 8675 + sess->user && !user_guest(sess->user) && 8676 8676 rsp->Status == STATUS_SUCCESS) 8677 8677 return true; 8678 8678 return false;
+3 -2
fs/ksmbd/smb2pdu.h
··· 24 24 25 25 #define SMB21_DEFAULT_IOSIZE (1024 * 1024) 26 26 #define SMB3_DEFAULT_TRANS_SIZE (1024 * 1024) 27 - #define SMB3_MIN_IOSIZE (64 * 1024) 28 - #define SMB3_MAX_IOSIZE (8 * 1024 * 1024) 27 + #define SMB3_MIN_IOSIZE (64 * 1024) 28 + #define SMB3_MAX_IOSIZE (8 * 1024 * 1024) 29 + #define SMB3_MAX_MSGSIZE (4 * 4096) 29 30 30 31 /* 31 32 * Definitions for SMB2 Protocol Data Units (network frames)
+3
fs/ksmbd/transport_ipc.c
··· 308 308 if (req->smbd_max_io_size) 309 309 init_smbd_max_io_size(req->smbd_max_io_size); 310 310 311 + if (req->max_connections) 312 + server_conf.max_connections = req->max_connections; 313 + 311 314 ret = ksmbd_set_netbios_name(req->netbios_name); 312 315 ret |= ksmbd_set_server_string(req->server_string); 313 316 ret |= ksmbd_set_work_group(req->work_group);
+16 -1
fs/ksmbd/transport_tcp.c
··· 15 15 #define IFACE_STATE_DOWN BIT(0) 16 16 #define IFACE_STATE_CONFIGURED BIT(1) 17 17 18 + static atomic_t active_num_conn; 19 + 18 20 struct interface { 19 21 struct task_struct *ksmbd_kthread; 20 22 struct socket *ksmbd_socket; ··· 187 185 struct tcp_transport *t; 188 186 189 187 t = alloc_transport(client_sk); 190 - if (!t) 188 + if (!t) { 189 + sock_release(client_sk); 191 190 return -ENOMEM; 191 + } 192 192 193 193 csin = KSMBD_TCP_PEER_SOCKADDR(KSMBD_TRANS(t)->conn); 194 194 if (kernel_getpeername(client_sk, csin) < 0) { ··· 240 236 if (ret == -EAGAIN) 241 237 /* check for new connections every 100 msecs */ 242 238 schedule_timeout_interruptible(HZ / 10); 239 + continue; 240 + } 241 + 242 + if (server_conf.max_connections && 243 + atomic_inc_return(&active_num_conn) >= server_conf.max_connections) { 244 + pr_info_ratelimited("Limit the maximum number of connections(%u)\n", 245 + atomic_read(&active_num_conn)); 246 + atomic_dec(&active_num_conn); 247 + sock_release(client_sk); 243 248 continue; 244 249 } 245 250 ··· 381 368 static void ksmbd_tcp_disconnect(struct ksmbd_transport *t) 382 369 { 383 370 free_transport(TCP_TRANS(t)); 371 + if (server_conf.max_connections) 372 + atomic_dec(&active_num_conn); 384 373 } 385 374 386 375 static void tcp_destroy_socket(struct socket *ksmbd_socket)