tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag '5.0-rc4-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6

Pull smb3 fixes from Steve French:
"SMB3 fixes, some from this week's SMB3 test evemt, 5 for stable and a
particularly important one for queryxattr (see xfstests 70 and 117)"

* tag '5.0-rc4-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
cifs: update internal module version number
CIFS: fix use-after-free of the lease keys
CIFS: Do not consider -ENODATA as stat failure for reads
CIFS: Do not count -ENODATA as failure for query directory
CIFS: Fix trace command logging for SMB2 reads and writes
CIFS: Fix possible oops and memory leaks in async IO
cifs: limit amount of data we request for xattrs to CIFSMaxBufSize
cifs: fix computation for MAX_SMB2_HDR_SIZE

Linus Torvalds 33640d71 b7bd29b5

+61 -29
+1 -1
fs/cifs/cifsfs.h
··· 150 150 extern const struct export_operations cifs_export_ops; 151 151 #endif /* CONFIG_CIFS_NFSD_EXPORT */ 152 152 153 - #define CIFS_VERSION "2.16" 153 + #define CIFS_VERSION "2.17" 154 154 #endif /* _CIFSFS_H */
+8 -3
fs/cifs/file.c
··· 2696 2696 2697 2697 rc = cifs_write_allocate_pages(wdata->pages, nr_pages); 2698 2698 if (rc) { 2699 + kvfree(wdata->pages); 2699 2700 kfree(wdata); 2700 2701 add_credits_and_wake_if(server, credits, 0); 2701 2702 break; ··· 2708 2707 if (rc) { 2709 2708 for (i = 0; i < nr_pages; i++) 2710 2709 put_page(wdata->pages[i]); 2710 + kvfree(wdata->pages); 2711 2711 kfree(wdata); 2712 2712 add_credits_and_wake_if(server, credits, 0); 2713 2713 break; ··· 3388 3386 } 3389 3387 3390 3388 rc = cifs_read_allocate_pages(rdata, npages); 3391 - if (rc) 3392 - goto error; 3389 + if (rc) { 3390 + kvfree(rdata->pages); 3391 + kfree(rdata); 3392 + add_credits_and_wake_if(server, credits, 0); 3393 + break; 3394 + } 3393 3395 3394 3396 rdata->tailsz = PAGE_SIZE; 3395 3397 } ··· 3413 3407 if (!rdata->cfile->invalidHandle || 3414 3408 !(rc = cifs_reopen_file(rdata->cfile, true))) 3415 3409 rc = server->ops->async_readv(rdata); 3416 - error: 3417 3410 if (rc) { 3418 3411 add_credits_and_wake_if(server, rdata->credits, 0); 3419 3412 kref_put(&rdata->refcount,
+3 -1
fs/cifs/smb2ops.c
··· 866 866 FILE_READ_EA, 867 867 FILE_FULL_EA_INFORMATION, 868 868 SMB2_O_INFO_FILE, 869 - SMB2_MAX_EA_BUF, 869 + CIFSMaxBufSize - 870 + MAX_SMB2_CREATE_RESPONSE_SIZE - 871 + MAX_SMB2_CLOSE_RESPONSE_SIZE, 870 872 &rsp_iov, &buftype, cifs_sb); 871 873 if (rc) { 872 874 /*
+34 -20
fs/cifs/smb2pdu.c
··· 3241 3241 rdata->mr = NULL; 3242 3242 } 3243 3243 #endif 3244 - if (rdata->result) 3244 + if (rdata->result && rdata->result != -ENODATA) { 3245 3245 cifs_stats_fail_inc(tcon, SMB2_READ_HE); 3246 + trace_smb3_read_err(0 /* xid */, 3247 + rdata->cfile->fid.persistent_fid, 3248 + tcon->tid, tcon->ses->Suid, rdata->offset, 3249 + rdata->bytes, rdata->result); 3250 + } else 3251 + trace_smb3_read_done(0 /* xid */, 3252 + rdata->cfile->fid.persistent_fid, 3253 + tcon->tid, tcon->ses->Suid, 3254 + rdata->offset, rdata->got_bytes); 3246 3255 3247 3256 queue_work(cifsiod_wq, &rdata->work); 3248 3257 DeleteMidQEntry(mid); ··· 3326 3317 if (rc) { 3327 3318 kref_put(&rdata->refcount, cifs_readdata_release); 3328 3319 cifs_stats_fail_inc(io_parms.tcon, SMB2_READ_HE); 3329 - trace_smb3_read_err(rc, 0 /* xid */, io_parms.persistent_fid, 3330 - io_parms.tcon->tid, io_parms.tcon->ses->Suid, 3331 - io_parms.offset, io_parms.length); 3332 - } else 3333 - trace_smb3_read_done(0 /* xid */, io_parms.persistent_fid, 3334 - io_parms.tcon->tid, io_parms.tcon->ses->Suid, 3335 - io_parms.offset, io_parms.length); 3320 + trace_smb3_read_err(0 /* xid */, io_parms.persistent_fid, 3321 + io_parms.tcon->tid, 3322 + io_parms.tcon->ses->Suid, 3323 + io_parms.offset, io_parms.length, rc); 3324 + } 3336 3325 3337 3326 cifs_small_buf_release(buf); 3338 3327 return rc; ··· 3374 3367 if (rc != -ENODATA) { 3375 3368 cifs_stats_fail_inc(io_parms->tcon, SMB2_READ_HE); 3376 3369 cifs_dbg(VFS, "Send error in read = %d\n", rc); 3370 + trace_smb3_read_err(xid, req->PersistentFileId, 3371 + io_parms->tcon->tid, ses->Suid, 3372 + io_parms->offset, io_parms->length, 3373 + rc); 3377 3374 } 3378 - trace_smb3_read_err(rc, xid, req->PersistentFileId, 3379 - io_parms->tcon->tid, ses->Suid, 3380 - io_parms->offset, io_parms->length); 3381 3375 free_rsp_buf(resp_buftype, rsp_iov.iov_base); 3382 3376 return rc == -ENODATA ? 0 : rc; 3383 3377 } else ··· 3467 3459 wdata->mr = NULL; 3468 3460 } 3469 3461 #endif 3470 - if (wdata->result) 3462 + if (wdata->result) { 3471 3463 cifs_stats_fail_inc(tcon, SMB2_WRITE_HE); 3464 + trace_smb3_write_err(0 /* no xid */, 3465 + wdata->cfile->fid.persistent_fid, 3466 + tcon->tid, tcon->ses->Suid, wdata->offset, 3467 + wdata->bytes, wdata->result); 3468 + } else 3469 + trace_smb3_write_done(0 /* no xid */, 3470 + wdata->cfile->fid.persistent_fid, 3471 + tcon->tid, tcon->ses->Suid, 3472 + wdata->offset, wdata->bytes); 3472 3473 3473 3474 queue_work(cifsiod_wq, &wdata->work); 3474 3475 DeleteMidQEntry(mid); ··· 3619 3602 wdata->bytes, rc); 3620 3603 kref_put(&wdata->refcount, release); 3621 3604 cifs_stats_fail_inc(tcon, SMB2_WRITE_HE); 3622 - } else 3623 - trace_smb3_write_done(0 /* no xid */, req->PersistentFileId, 3624 - tcon->tid, tcon->ses->Suid, wdata->offset, 3625 - wdata->bytes); 3605 + } 3626 3606 3627 3607 async_writev_out: 3628 3608 cifs_small_buf_release(req); ··· 3845 3831 rsp->sync_hdr.Status == STATUS_NO_MORE_FILES) { 3846 3832 srch_inf->endOfSearch = true; 3847 3833 rc = 0; 3848 - } 3849 - cifs_stats_fail_inc(tcon, SMB2_QUERY_DIRECTORY_HE); 3834 + } else 3835 + cifs_stats_fail_inc(tcon, SMB2_QUERY_DIRECTORY_HE); 3850 3836 goto qdir_exit; 3851 3837 } 3852 3838 ··· 4441 4427 rc = cifs_send_recv(xid, ses, &rqst, &resp_buf_type, flags, &rsp_iov); 4442 4428 cifs_small_buf_release(req); 4443 4429 4444 - please_key_low = (__u64 *)req->LeaseKey; 4445 - please_key_high = (__u64 *)(req->LeaseKey+8); 4430 + please_key_low = (__u64 *)lease_key; 4431 + please_key_high = (__u64 *)(lease_key+8); 4446 4432 if (rc) { 4447 4433 cifs_stats_fail_inc(tcon, SMB2_OPLOCK_BREAK_HE); 4448 4434 trace_smb3_lease_err(le32_to_cpu(lease_state), tcon->tid,
+15 -4
fs/cifs/smb2pdu.h
··· 84 84 85 85 #define NUMBER_OF_SMB2_COMMANDS 0x0013 86 86 87 - /* 4 len + 52 transform hdr + 64 hdr + 56 create rsp */ 88 - #define MAX_SMB2_HDR_SIZE 0x00b0 87 + /* 52 transform hdr + 64 hdr + 88 create rsp */ 88 + #define SMB2_TRANSFORM_HEADER_SIZE 52 89 + #define MAX_SMB2_HDR_SIZE 204 89 90 90 91 #define SMB2_PROTO_NUMBER cpu_to_le32(0x424d53fe) 91 92 #define SMB2_TRANSFORM_PROTO_NUM cpu_to_le32(0x424d53fd) ··· 649 648 __u8 Buffer[0]; 650 649 } __packed; 651 650 651 + /* 652 + * Maximum size of a SMB2_CREATE response is 64 (smb2 header) + 653 + * 88 (fixed part of create response) + 520 (path) + 150 (contexts) + 654 + * 2 bytes of padding. 655 + */ 656 + #define MAX_SMB2_CREATE_RESPONSE_SIZE 824 657 + 652 658 struct smb2_create_rsp { 653 659 struct smb2_sync_hdr sync_hdr; 654 660 __le16 StructureSize; /* Must be 89 */ ··· 1003 995 __u64 PersistentFileId; /* opaque endianness */ 1004 996 __u64 VolatileFileId; /* opaque endianness */ 1005 997 } __packed; 998 + 999 + /* 1000 + * Maximum size of a SMB2_CLOSE response is 64 (smb2 header) + 60 (data) 1001 + */ 1002 + #define MAX_SMB2_CLOSE_RESPONSE_SIZE 124 1006 1003 1007 1004 struct smb2_close_rsp { 1008 1005 struct smb2_sync_hdr sync_hdr; ··· 1410 1397 __le32 FileNameLength; 1411 1398 char FileName[0]; /* Name to be assigned to new link */ 1412 1399 } __packed; /* level 11 Set */ 1413 - 1414 - #define SMB2_MAX_EA_BUF 65536 1415 1400 1416 1401 struct smb2_file_full_ea_info { /* encoding of response for level 15 */ 1417 1402 __le32 next_entry_offset;