tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'v6.14-rc-ksmbd-server-fixes' of git://git.samba.org/ksmbd

Pull smb server updates from Steve French:
"Three ksmbd server fixes:

- Fix potential memory corruption in IPC calls

- Support FSCTL_QUERY_INTERFACE_INFO for more configurations

- Remove some unused functions"

* tag 'v6.14-rc-ksmbd-server-fixes' of git://git.samba.org/ksmbd:
ksmbd: fix integer overflows on 32 bit systems
ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL
ksmbd: Remove unused functions

Linus Torvalds e814f3fd 8883957b

+49 -76
+2 -1
fs/smb/server/ksmbd_netlink.h
··· 111 111 __u32 smb2_max_credits; /* MAX credits */ 112 112 __u32 smbd_max_io_size; /* smbd read write size */ 113 113 __u32 max_connections; /* Number of maximum simultaneous connections */ 114 - __u32 reserved[126]; /* Reserved room */ 114 + __s8 bind_interfaces_only; 115 + __s8 reserved[503]; /* Reserved room */ 115 116 __u32 ifc_list_sz; /* interfaces list size */ 116 117 __s8 ____payload[]; 117 118 };
+1
fs/smb/server/server.h
··· 46 46 47 47 char *conf[SERVER_CONF_WORK_GROUP + 1]; 48 48 struct task_struct *dh_task; 49 + bool bind_interfaces_only; 49 50 }; 50 51 51 52 extern struct ksmbd_server_config server_conf;
+4
fs/smb/server/smb2pdu.c
··· 38 38 #include "mgmt/user_session.h" 39 39 #include "mgmt/ksmbd_ida.h" 40 40 #include "ndr.h" 41 + #include "transport_tcp.h" 41 42 42 43 static void __wbuf(struct ksmbd_work *work, void **req, void **rsp) 43 44 { ··· 7758 7757 bool ipv4_set = false; 7759 7758 7760 7759 if (netdev->type == ARPHRD_LOOPBACK) 7760 + continue; 7761 + 7762 + if (!ksmbd_find_netdev_name_iface_list(netdev->name)) 7761 7763 continue; 7762 7764 7763 7765 flags = dev_get_flags(netdev);
+10 -25
fs/smb/server/transport_ipc.c
··· 333 333 ret = ksmbd_set_netbios_name(req->netbios_name); 334 334 ret |= ksmbd_set_server_string(req->server_string); 335 335 ret |= ksmbd_set_work_group(req->work_group); 336 + server_conf.bind_interfaces_only = req->bind_interfaces_only; 336 337 ret |= ksmbd_tcp_set_interfaces(KSMBD_STARTUP_CONFIG_INTERFACES(req), 337 338 req->ifc_list_sz); 338 339 if (ret) { ··· 627 626 struct ksmbd_spnego_authen_request *req; 628 627 struct ksmbd_spnego_authen_response *resp; 629 628 629 + if (blob_len > KSMBD_IPC_MAX_PAYLOAD) 630 + return NULL; 631 + 630 632 msg = ipc_msg_alloc(sizeof(struct ksmbd_spnego_authen_request) + 631 633 blob_len + 1); 632 634 if (!msg) ··· 809 805 struct ksmbd_rpc_command *req; 810 806 struct ksmbd_rpc_command *resp; 811 807 808 + if (payload_sz > KSMBD_IPC_MAX_PAYLOAD) 809 + return NULL; 810 + 812 811 msg = ipc_msg_alloc(sizeof(struct ksmbd_rpc_command) + payload_sz + 1); 813 812 if (!msg) 814 813 return NULL; ··· 860 853 struct ksmbd_rpc_command *req; 861 854 struct ksmbd_rpc_command *resp; 862 855 856 + if (payload_sz > KSMBD_IPC_MAX_PAYLOAD) 857 + return NULL; 858 + 863 859 msg = ipc_msg_alloc(sizeof(struct ksmbd_rpc_command) + payload_sz + 1); 864 860 if (!msg) 865 861 return NULL; ··· 877 867 memcpy(req->payload, payload, payload_sz); 878 868 879 869 resp = ipc_msg_send_request(msg, req->handle); 880 - ipc_msg_free(msg); 881 - return resp; 882 - } 883 - 884 - struct ksmbd_rpc_command *ksmbd_rpc_rap(struct ksmbd_session *sess, void *payload, 885 - size_t payload_sz) 886 - { 887 - struct ksmbd_ipc_msg *msg; 888 - struct ksmbd_rpc_command *req; 889 - struct ksmbd_rpc_command *resp; 890 - 891 - msg = ipc_msg_alloc(sizeof(struct ksmbd_rpc_command) + payload_sz + 1); 892 - if (!msg) 893 - return NULL; 894 - 895 - msg->type = KSMBD_EVENT_RPC_REQUEST; 896 - req = (struct ksmbd_rpc_command *)msg->payload; 897 - req->handle = ksmbd_acquire_id(&ipc_ida); 898 - req->flags = rpc_context_flags(sess); 899 - req->flags |= KSMBD_RPC_RAP_METHOD; 900 - req->payload_sz = payload_sz; 901 - memcpy(req->payload, payload, payload_sz); 902 - 903 - resp = ipc_msg_send_request(msg, req->handle); 904 - ipc_msg_handle_free(req->handle); 905 870 ipc_msg_free(msg); 906 871 return resp; 907 872 }
-2
fs/smb/server/transport_ipc.h
··· 41 41 struct ksmbd_rpc_command *ksmbd_rpc_read(struct ksmbd_session *sess, int handle); 42 42 struct ksmbd_rpc_command *ksmbd_rpc_ioctl(struct ksmbd_session *sess, int handle, 43 43 void *payload, size_t payload_sz); 44 - struct ksmbd_rpc_command *ksmbd_rpc_rap(struct ksmbd_session *sess, void *payload, 45 - size_t payload_sz); 46 44 void ksmbd_ipc_release(void); 47 45 void ksmbd_ipc_soft_reset(void); 48 46 int ksmbd_ipc_init(void);
+31 -40
fs/smb/server/transport_tcp.c
··· 504 504 return ret; 505 505 } 506 506 507 + struct interface *ksmbd_find_netdev_name_iface_list(char *netdev_name) 508 + { 509 + struct interface *iface; 510 + 511 + list_for_each_entry(iface, &iface_list, entry) 512 + if (!strcmp(iface->name, netdev_name)) 513 + return iface; 514 + return NULL; 515 + } 516 + 507 517 static int ksmbd_netdev_event(struct notifier_block *nb, unsigned long event, 508 518 void *ptr) 509 519 { 510 520 struct net_device *netdev = netdev_notifier_info_to_dev(ptr); 511 521 struct interface *iface; 512 - int ret, found = 0; 522 + int ret; 513 523 514 524 switch (event) { 515 525 case NETDEV_UP: 516 526 if (netif_is_bridge_port(netdev)) 517 527 return NOTIFY_OK; 518 528 519 - list_for_each_entry(iface, &iface_list, entry) { 520 - if (!strcmp(iface->name, netdev->name)) { 521 - found = 1; 522 - if (iface->state != IFACE_STATE_DOWN) 523 - break; 524 - ksmbd_debug(CONN, "netdev-up event: netdev(%s) is going up\n", 525 - iface->name); 526 - ret = create_socket(iface); 527 - if (ret) 528 - return NOTIFY_OK; 529 - break; 530 - } 529 + iface = ksmbd_find_netdev_name_iface_list(netdev->name); 530 + if (iface && iface->state == IFACE_STATE_DOWN) { 531 + ksmbd_debug(CONN, "netdev-up event: netdev(%s) is going up\n", 532 + iface->name); 533 + ret = create_socket(iface); 534 + if (ret) 535 + return NOTIFY_OK; 531 536 } 532 - if (!found && bind_additional_ifaces) { 537 + if (!iface && bind_additional_ifaces) { 533 538 iface = alloc_iface(kstrdup(netdev->name, KSMBD_DEFAULT_GFP)); 534 539 if (!iface) 535 540 return NOTIFY_OK; ··· 546 541 } 547 542 break; 548 543 case NETDEV_DOWN: 549 - list_for_each_entry(iface, &iface_list, entry) { 550 - if (!strcmp(iface->name, netdev->name) && 551 - iface->state == IFACE_STATE_CONFIGURED) { 552 - ksmbd_debug(CONN, "netdev-down event: netdev(%s) is going down\n", 553 - iface->name); 554 - tcp_stop_kthread(iface->ksmbd_kthread); 555 - iface->ksmbd_kthread = NULL; 556 - mutex_lock(&iface->sock_release_lock); 557 - tcp_destroy_socket(iface->ksmbd_socket); 558 - iface->ksmbd_socket = NULL; 559 - mutex_unlock(&iface->sock_release_lock); 544 + iface = ksmbd_find_netdev_name_iface_list(netdev->name); 545 + if (iface && iface->state == IFACE_STATE_CONFIGURED) { 546 + ksmbd_debug(CONN, "netdev-down event: netdev(%s) is going down\n", 547 + iface->name); 548 + tcp_stop_kthread(iface->ksmbd_kthread); 549 + iface->ksmbd_kthread = NULL; 550 + mutex_lock(&iface->sock_release_lock); 551 + tcp_destroy_socket(iface->ksmbd_socket); 552 + iface->ksmbd_socket = NULL; 553 + mutex_unlock(&iface->sock_release_lock); 560 554 561 - iface->state = IFACE_STATE_DOWN; 562 - break; 563 - } 555 + iface->state = IFACE_STATE_DOWN; 556 + break; 564 557 } 565 558 break; 566 559 } ··· 627 624 int sz = 0; 628 625 629 626 if (!ifc_list_sz) { 630 - struct net_device *netdev; 631 - 632 - rtnl_lock(); 633 - for_each_netdev(&init_net, netdev) { 634 - if (netif_is_bridge_port(netdev)) 635 - continue; 636 - if (!alloc_iface(kstrdup(netdev->name, KSMBD_DEFAULT_GFP))) { 637 - rtnl_unlock(); 638 - return -ENOMEM; 639 - } 640 - } 641 - rtnl_unlock(); 642 627 bind_additional_ifaces = 1; 643 628 return 0; 644 629 }
+1
fs/smb/server/transport_tcp.h
··· 7 7 #define __KSMBD_TRANSPORT_TCP_H__ 8 8 9 9 int ksmbd_tcp_set_interfaces(char *ifc_list, int ifc_list_sz); 10 + struct interface *ksmbd_find_netdev_name_iface_list(char *netdev_name); 10 11 int ksmbd_tcp_init(void); 11 12 void ksmbd_tcp_destroy(void); 12 13
-7
fs/smb/server/vfs.c
··· 1856 1856 wait_event(flock->c.flc_wait, !flock->c.flc_blocker); 1857 1857 } 1858 1858 1859 - int ksmbd_vfs_posix_lock_wait_timeout(struct file_lock *flock, long timeout) 1860 - { 1861 - return wait_event_interruptible_timeout(flock->c.flc_wait, 1862 - !flock->c.flc_blocker, 1863 - timeout); 1864 - } 1865 - 1866 1859 void ksmbd_vfs_posix_lock_unblock(struct file_lock *flock) 1867 1860 { 1868 1861 locks_delete_block(flock);
-1
fs/smb/server/vfs.h
··· 140 140 struct dentry *dentry, 141 141 struct ksmbd_kstat *ksmbd_kstat); 142 142 void ksmbd_vfs_posix_lock_wait(struct file_lock *flock); 143 - int ksmbd_vfs_posix_lock_wait_timeout(struct file_lock *flock, long timeout); 144 143 void ksmbd_vfs_posix_lock_unblock(struct file_lock *flock); 145 144 int ksmbd_vfs_remove_acl_xattrs(struct mnt_idmap *idmap, 146 145 const struct path *path);