Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'v6.16-rc6-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6

Pull smb client fixes from Steve French:

- fix creating special files to Samba when using SMB3.1.1 POSIX
Extensions

- fix incorrect caching on new file creation with directory leases
enabled

- two use after free fixes: one in oplock_break and one in async
decryption

* tag 'v6.16-rc6-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
Fix SMB311 posix special file creation to servers which do not advertise reparse support
smb: invalidate and close cached directory when creating child entries
smb: client: fix use-after-free in crypt_message when using async crypto
smb: client: fix use-after-free in cifs_oplock_break

+23 -6
+4 -2
fs/smb/client/dir.c
··· 190 190 int disposition; 191 191 struct TCP_Server_Info *server = tcon->ses->server; 192 192 struct cifs_open_parms oparms; 193 + struct cached_fid *parent_cfid = NULL; 193 194 int rdwr_for_fscache = 0; 194 195 __le32 lease_flags = 0; 195 196 ··· 314 313 if (!tcon->unix_ext && (mode & S_IWUGO) == 0) 315 314 create_options |= CREATE_OPTION_READONLY; 316 315 316 + 317 317 retry_open: 318 318 if (tcon->cfids && direntry->d_parent && server->dialect >= SMB30_PROT_ID) { 319 - struct cached_fid *parent_cfid; 320 - 319 + parent_cfid = NULL; 321 320 spin_lock(&tcon->cfids->cfid_list_lock); 322 321 list_for_each_entry(parent_cfid, &tcon->cfids->entries, entry) { 323 322 if (parent_cfid->dentry == direntry->d_parent) { ··· 328 327 memcpy(fid->parent_lease_key, 329 328 parent_cfid->fid.lease_key, 330 329 SMB2_LEASE_KEY_SIZE); 330 + parent_cfid->dirents.is_valid = false; 331 331 } 332 332 break; 333 333 }
+9 -1
fs/smb/client/file.c
··· 3088 3088 struct cifsFileInfo *cfile = container_of(work, struct cifsFileInfo, 3089 3089 oplock_break); 3090 3090 struct inode *inode = d_inode(cfile->dentry); 3091 - struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); 3091 + struct super_block *sb = inode->i_sb; 3092 + struct cifs_sb_info *cifs_sb = CIFS_SB(sb); 3092 3093 struct cifsInodeInfo *cinode = CIFS_I(inode); 3093 3094 struct cifs_tcon *tcon; 3094 3095 struct TCP_Server_Info *server; ··· 3099 3098 __u64 persistent_fid, volatile_fid; 3100 3099 __u16 net_fid; 3101 3100 3101 + /* 3102 + * Hold a reference to the superblock to prevent it and its inodes from 3103 + * being freed while we are accessing cinode. Otherwise, _cifsFileInfo_put() 3104 + * may release the last reference to the sb and trigger inode eviction. 3105 + */ 3106 + cifs_sb_active(sb); 3102 3107 wait_on_bit(&cinode->flags, CIFS_INODE_PENDING_WRITERS, 3103 3108 TASK_UNINTERRUPTIBLE); 3104 3109 ··· 3177 3170 cifs_put_tlink(tlink); 3178 3171 out: 3179 3172 cifs_done_oplock_break(cinode); 3173 + cifs_sb_deactive(sb); 3180 3174 } 3181 3175 3182 3176 static int cifs_swap_activate(struct swap_info_struct *sis,
+2 -1
fs/smb/client/smb2inode.c
··· 1346 1346 * empty object on the server. 1347 1347 */ 1348 1348 if (!(le32_to_cpu(tcon->fsAttrInfo.Attributes) & FILE_SUPPORTS_REPARSE_POINTS)) 1349 - return ERR_PTR(-EOPNOTSUPP); 1349 + if (!tcon->posix_extensions) 1350 + return ERR_PTR(-EOPNOTSUPP); 1350 1351 1351 1352 oparms = CIFS_OPARMS(cifs_sb, tcon, full_path, 1352 1353 SYNCHRONIZE | DELETE |
+8 -2
fs/smb/client/smb2ops.c
··· 4316 4316 u8 key[SMB3_ENC_DEC_KEY_SIZE]; 4317 4317 struct aead_request *req; 4318 4318 u8 *iv; 4319 + DECLARE_CRYPTO_WAIT(wait); 4319 4320 unsigned int crypt_len = le32_to_cpu(tr_hdr->OriginalMessageSize); 4320 4321 void *creq; 4321 4322 size_t sensitive_size; ··· 4367 4366 aead_request_set_crypt(req, sg, sg, crypt_len, iv); 4368 4367 aead_request_set_ad(req, assoc_data_len); 4369 4368 4370 - rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req); 4369 + aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 4370 + crypto_req_done, &wait); 4371 + 4372 + rc = crypto_wait_req(enc ? crypto_aead_encrypt(req) 4373 + : crypto_aead_decrypt(req), &wait); 4371 4374 4372 4375 if (!rc && enc) 4373 4376 memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE); ··· 5260 5255 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_UNX_EMUL) { 5261 5256 rc = cifs_sfu_make_node(xid, inode, dentry, tcon, 5262 5257 full_path, mode, dev); 5263 - } else if (le32_to_cpu(tcon->fsAttrInfo.Attributes) & FILE_SUPPORTS_REPARSE_POINTS) { 5258 + } else if ((le32_to_cpu(tcon->fsAttrInfo.Attributes) & FILE_SUPPORTS_REPARSE_POINTS) 5259 + || (tcon->posix_extensions)) { 5264 5260 rc = smb2_mknod_reparse(xid, inode, dentry, tcon, 5265 5261 full_path, mode, dev); 5266 5262 }