commit d93fa2c78854d25ed4b67ac87f1c3c264d8b27fb Author: Greg Kroah-Hartman Date: Sat Dec 23 10:42:00 2023 +0100 Linux 5.15.145 Link: https://lore.kernel.org/r/20231220160931.251686445@linuxfoundation.org Tested-by: Florian Fainelli Tested-by: Allen Pais Tested-by: Shuah Khan Tested-by: Namjae Jeon Tested-by: Linux Kernel Functional Testing Tested-by: Ron Economos Tested-by: Guenter Roeck Tested-by: SeongJae Park Tested-by: Jon Hunter Signed-off-by: Greg Kroah-Hartman commit ee41f667aa6483faeca1770eada38beeb92d8930 Author: Arnd Bergmann Date: Mon Oct 16 22:08:38 2023 +0200 kasan: disable kasan_non_canonical_hook() for HW tags commit 17c17567fe510857b18fe01b7a88027600e76ac6 upstream. On arm64, building with CONFIG_KASAN_HW_TAGS now causes a compile-time error: mm/kasan/report.c: In function 'kasan_non_canonical_hook': mm/kasan/report.c:637:20: error: 'KASAN_SHADOW_OFFSET' undeclared (first use in this function) 637 | if (addr < KASAN_SHADOW_OFFSET) | ^~~~~~~~~~~~~~~~~~~ mm/kasan/report.c:637:20: note: each undeclared identifier is reported only once for each function it appears in mm/kasan/report.c:640:77: error: expected expression before ';' token 640 | orig_addr = (addr - KASAN_SHADOW_OFFSET) << KASAN_SHADOW_SCALE_SHIFT; This was caused by removing the dependency on CONFIG_KASAN_INLINE that used to prevent this from happening. Use the more specific dependency on KASAN_SW_TAGS || KASAN_GENERIC to only ignore the function for hwasan mode. Link: https://lkml.kernel.org/r/20231016200925.984439-1-arnd@kernel.org Fixes: 12ec6a919b0f ("kasan: print the original fault addr when access invalid shadow") Signed-off-by: Arnd Bergmann Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Haibo Li Cc: Kees Cook Cc: Vincenzo Frascino Cc: AngeloGioacchino Del Regno Cc: Matthias Brugger Signed-off-by: Andrew Morton Signed-off-by: Amit Pundir Signed-off-by: Greg Kroah-Hartman commit f30f893143b92107ba603d6e5070474877677f0e Author: Francis Laniel Date: Tue Dec 5 19:57:49 2023 +0100 tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols commit b022f0c7e404887a7c5229788fc99eff9f9a80d5 upstream. When a kprobe is attached to a function that's name is not unique (is static and shares the name with other functions in the kernel), the kprobe is attached to the first function it finds. This is a bug as the function that it is attaching to is not necessarily the one that the user wants to attach to. Instead of blindly picking a function to attach to what is ambiguous, error with EADDRNOTAVAIL to let the user know that this function is not unique, and that the user must use another unique function with an address offset to get to the function they want to attach to. Link: https://lore.kernel.org/all/20231020104250.9537-2-flaniel@linux.microsoft.com/ Cc: stable@vger.kernel.org Fixes: 413d37d1eb69 ("tracing: Add kprobe-based event tracer") Suggested-by: Masami Hiramatsu Signed-off-by: Francis Laniel Link: https://lore.kernel.org/lkml/20230819101105.b0c104ae4494a7d1f2eea742@kernel.org/ Acked-by: Masami Hiramatsu (Google) Signed-off-by: Masami Hiramatsu (Google) Signed-off-by: Greg Kroah-Hartman commit 7aa33c99b513413aff5a0c6a9bce179773c6e869 Author: Amit Pundir Date: Tue Dec 19 15:41:18 2023 +0530 Revert "drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers" This reverts commit f53a045793289483b3c2930007fc52c7f1f642d5. This and the dependent fixes broke display on RB5. Signed-off-by: Amit Pundir Signed-off-by: Greg Kroah-Hartman commit 4a8350a0ea766ee8f5c580fd930ce9af06711f58 Author: Amit Pundir Date: Tue Dec 19 15:41:17 2023 +0530 Revert "drm/bridge: lt9611uxc: Register and attach our DSI device at probe" This reverts commit 29aba28ea195182f547cd8dac1b80eed51b6b73d. This and the dependent fixes broke display on RB5. Signed-off-by: Amit Pundir Signed-off-by: Greg Kroah-Hartman commit e21817ce167e89958a4fa45c9433902e3ada09ce Author: Amit Pundir Date: Tue Dec 19 15:41:16 2023 +0530 Revert "drm/bridge: lt9611uxc: fix the race in the error path" This reverts commit d0d01bb4a56093fa214c0949e9e7ccb9fb437795. This and the dependent fixes broke display on RB5. Signed-off-by: Amit Pundir Signed-off-by: Greg Kroah-Hartman commit 811b5eaee70e24a94c94d8f10b7238eb570369eb Author: Namjae Jeon Date: Tue Dec 19 00:34:54 2023 +0900 ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error [ Upstream commit cd80ce7e68f1624ac29cd0a6b057789d1236641e ] ksmbd set ->op_state as OPLOCK_STATE_NONE on lease break ack error. op_state of lease should not be updated because client can send lease break ack again. This patch fix smb2.lease.breaking2 test failure. Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit bd47f9c8b53be0cabf69f303d1262de5a06bdd2c Author: Namjae Jeon Date: Tue Dec 19 00:34:53 2023 +0900 ksmbd: move setting SMB2_FLAGS_ASYNC_COMMAND and AsyncId [ Upstream commit 9ac45ac7cf65b0623ceeab9b28b307a08efa22dc ] Directly set SMB2_FLAGS_ASYNC_COMMAND flags and AsyncId in smb2 header of interim response instead of current response header. Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 5e1f31378a811c1b3b6dabd14a75acdc77af62bd Author: Namjae Jeon Date: Tue Dec 19 00:34:52 2023 +0900 ksmbd: release interim response after sending status pending response [ Upstream commit 2a3f7857ec742e212d6cee7fbbf7b0e2ae7f5161 ] Add missing release async id and delete interim response entry after sending status pending response. This only cause when smb2 lease is enable. Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit c21d0445088dcc5d83e9983a0aadfc4bd5e73d16 Author: Namjae Jeon Date: Tue Dec 19 00:34:51 2023 +0900 ksmbd: move oplock handling after unlock parent dir [ Upstream commit 2e450920d58b4991a436c8cecf3484bcacd8e535 ] ksmbd should process secound parallel smb2 create request during waiting oplock break ack. parent lock range that is too large in smb2_open() causes smb2_open() to be serialized. Move the oplock handling to the bottom of smb2_open() and make it called after parent unlock. This fixes the failure of smb2.lease.breaking1 testcase. Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 772d81aeecd32f7993a8eba870102484c5c8368d Author: Namjae Jeon Date: Tue Dec 19 00:34:50 2023 +0900 ksmbd: separately allocate ci per dentry [ Upstream commit 4274a9dc6aeb9fea66bffba15697a35ae8983b6a ] xfstests generic/002 test fail when enabling smb2 leases feature. This test create hard link file, but removeal failed. ci has a file open count to count file open through the smb client, but in the case of hard link files, The allocation of ci per inode cause incorrectly open count for file deletion. This patch allocate ci per dentry to counts open counts for hard link. Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 8ed1118da8c4905783a5f68657b451975ef3c7a5 Author: Namjae Jeon Date: Tue Dec 19 00:34:49 2023 +0900 ksmbd: fix possible deadlock in smb2_open [ Upstream commit 864fb5d3716303a045c3ffb397f651bfd37bfb36 ] [ 8743.393379] ====================================================== [ 8743.393385] WARNING: possible circular locking dependency detected [ 8743.393391] 6.4.0-rc1+ #11 Tainted: G OE [ 8743.393397] ------------------------------------------------------ [ 8743.393402] kworker/0:2/12921 is trying to acquire lock: [ 8743.393408] ffff888127a14460 (sb_writers#8){.+.+}-{0:0}, at: ksmbd_vfs_setxattr+0x3d/0xd0 [ksmbd] [ 8743.393510] but task is already holding lock: [ 8743.393515] ffff8880360d97f0 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: ksmbd_vfs_kern_path_locked+0x181/0x670 [ksmbd] [ 8743.393618] which lock already depends on the new lock. [ 8743.393623] the existing dependency chain (in reverse order) is: [ 8743.393628] -> #1 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}: [ 8743.393648] down_write_nested+0x9a/0x1b0 [ 8743.393660] filename_create+0x128/0x270 [ 8743.393670] do_mkdirat+0xab/0x1f0 [ 8743.393680] __x64_sys_mkdir+0x47/0x60 [ 8743.393690] do_syscall_64+0x5d/0x90 [ 8743.393701] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 8743.393711] -> #0 (sb_writers#8){.+.+}-{0:0}: [ 8743.393728] __lock_acquire+0x2201/0x3b80 [ 8743.393737] lock_acquire+0x18f/0x440 [ 8743.393746] mnt_want_write+0x5f/0x240 [ 8743.393755] ksmbd_vfs_setxattr+0x3d/0xd0 [ksmbd] [ 8743.393839] ksmbd_vfs_set_dos_attrib_xattr+0xcc/0x110 [ksmbd] [ 8743.393924] compat_ksmbd_vfs_set_dos_attrib_xattr+0x39/0x50 [ksmbd] [ 8743.394010] smb2_open+0x3432/0x3cc0 [ksmbd] [ 8743.394099] handle_ksmbd_work+0x2c9/0x7b0 [ksmbd] [ 8743.394187] process_one_work+0x65a/0xb30 [ 8743.394198] worker_thread+0x2cf/0x700 [ 8743.394209] kthread+0x1ad/0x1f0 [ 8743.394218] ret_from_fork+0x29/0x50 This patch add mnt_want_write() above parent inode lock and remove nested mnt_want_write calls in smb2_open(). Fixes: 40b268d384a2 ("ksmbd: add mnt_want_write to ksmbd vfs functions") Cc: stable@vger.kernel.org Reported-by: Marios Makassikis Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit ae3356cbe9ac83e19c58169f0890437a08d70427 Author: Zongmin Zhou Date: Tue Dec 19 00:34:48 2023 +0900 ksmbd: prevent memory leak on error return [ Upstream commit 90044481e7cca6cb3125b3906544954a25f1309f ] When allocated memory for 'new' failed,just return will cause memory leak of 'ar'. Fixes: 1819a9042999 ("ksmbd: reorganize ksmbd_iov_pin_rsp()") Reported-by: kernel test robot Reported-by: Dan Carpenter Closes: https://lore.kernel.org/r/202311031837.H3yo7JVl-lkp@intel.com/ Signed-off-by: Zongmin Zhou Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 8dc9eb7d3503ad48a5b919cddcc12f2eba29027e Author: Namjae Jeon Date: Tue Dec 19 00:34:47 2023 +0900 ksmbd: handle malformed smb1 message [ Upstream commit 5a5409d90bd05f87fe5623a749ccfbf3f7c7d400 ] If set_smb1_rsp_status() is not implemented, It will cause NULL pointer dereferece error when client send malformed smb1 message. This patch add set_smb1_rsp_status() to ignore malformed smb1 message. Cc: stable@vger.kernel.org Reported-by: Robert Morris Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 1f50c418d47aa0437971732c5203908f2a702cea Author: Namjae Jeon Date: Tue Dec 19 00:34:46 2023 +0900 ksmbd: fix kernel-doc comment of ksmbd_vfs_kern_path_locked() [ Upstream commit f6049712e520287ad695e9d4f1572ab76807fa0c ] Fix argument list that the kdoc format and script verified in ksmbd_vfs_kern_path_locked(). fs/smb/server/vfs.c:1207: warning: Function parameter or member 'parent_path' not described in 'ksmbd_vfs_kern_path_locked' Reported-by: kernel test robot Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 3fecda5d853c55df2c8527077d2a258e584b4b9b Author: Namjae Jeon Date: Tue Dec 19 00:34:45 2023 +0900 ksmbd: no need to wait for binded connection termination at logoff [ Upstream commit 67797da8a4b82446d42c52b6ee1419a3100d78ff ] The connection could be binded to the existing session for Multichannel. session will be destroyed when binded connections are released. So no need to wait for that's connection at logoff. Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 841bcade09640511168e7e768dc9a5652e9e3612 Author: Namjae Jeon Date: Tue Dec 19 00:34:44 2023 +0900 ksmbd: add support for surrogate pair conversion [ Upstream commit 0c180317c654a494fe429adbf7bc9b0793caf9e2 ] ksmbd is missing supporting to convert filename included surrogate pair characters. It triggers a "file or folder does not exist" error in Windows client. [Steps to Reproduce for bug] 1. Create surrogate pair file touch $(echo -e '\xf0\x9d\x9f\xa3') touch $(echo -e '\xf0\x9d\x9f\xa4') 2. Try to open these files in ksmbd share through Windows client. This patch update unicode functions not to consider about surrogate pair (and IVS). Reviewed-by: Marios Makassikis Tested-by: Marios Makassikis Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 0eaeb8aec49fd572a1ffbddc92d65030acdf55b6 Author: Kangjing Huang Date: Tue Dec 19 00:34:43 2023 +0900 ksmbd: fix missing RDMA-capable flag for IPoIB device in ksmbd_rdma_capable_netdev() [ Upstream commit ecce70cf17d91c3dd87a0c4ea00b2d1387729701 ] Physical ib_device does not have an underlying net_device, thus its association with IPoIB net_device cannot be retrieved via ops.get_netdev() or ib_device_get_by_netdev(). ksmbd reads physical ib_device port GUID from the lower 16 bytes of the hardware addresses on IPoIB net_device and match its underlying ib_device using ib_find_gid() Signed-off-by: Kangjing Huang Acked-by: Namjae Jeon Reviewed-by: Tom Talpey Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 20b4f6bd4cf9430fda01848d3eddea2bb9bf7580 Author: Marios Makassikis Date: Tue Dec 19 00:34:42 2023 +0900 ksmbd: fix recursive locking in vfs helpers [ Upstream commit 807252f028c59b9a3bac4d62ad84761548c10f11 ] Running smb2.rename test from Samba smbtorture suite against a kernel built with lockdep triggers a "possible recursive locking detected" warning. This is because mnt_want_write() is called twice with no mnt_drop_write() in between: -> ksmbd_vfs_mkdir() -> ksmbd_vfs_kern_path_create() -> kern_path_create() -> filename_create() -> mnt_want_write() -> mnt_want_write() Fix this by removing the mnt_want_write/mnt_drop_write calls from vfs helpers that call kern_path_create(). Full lockdep trace below: ============================================ WARNING: possible recursive locking detected 6.6.0-rc5 #775 Not tainted -------------------------------------------- kworker/1:1/32 is trying to acquire lock: ffff888005ac83f8 (sb_writers#5){.+.+}-{0:0}, at: ksmbd_vfs_mkdir+0xe1/0x410 but task is already holding lock: ffff888005ac83f8 (sb_writers#5){.+.+}-{0:0}, at: filename_create+0xb6/0x260 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(sb_writers#5); lock(sb_writers#5); *** DEADLOCK *** May be due to missing lock nesting notation 4 locks held by kworker/1:1/32: #0: ffff8880064e4138 ((wq_completion)ksmbd-io){+.+.}-{0:0}, at: process_one_work+0x40e/0x980 #1: ffff888005b0fdd0 ((work_completion)(&work->work)){+.+.}-{0:0}, at: process_one_work+0x40e/0x980 #2: ffff888005ac83f8 (sb_writers#5){.+.+}-{0:0}, at: filename_create+0xb6/0x260 #3: ffff8880057ce760 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}, at: filename_create+0x123/0x260 Cc: stable@vger.kernel.org Fixes: 40b268d384a2 ("ksmbd: add mnt_want_write to ksmbd vfs functions") Signed-off-by: Marios Makassikis Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit f30a2ff715618f913b4de854e95f3ae8a36f57e6 Author: Namjae Jeon Date: Tue Dec 19 00:34:41 2023 +0900 ksmbd: fix kernel-doc comment of ksmbd_vfs_setxattr() [ Upstream commit 3354db668808d5b6d7c5e0cb19ff4c9da4bb5e58 ] Fix argument list that the kdoc format and script verified in ksmbd_vfs_setxattr(). fs/smb/server/vfs.c:929: warning: Function parameter or member 'path' not described in 'ksmbd_vfs_setxattr' Reported-by: kernel test robot Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit df79244f7339b8a9f9cf66ca4bbeb14237662724 Author: Namjae Jeon Date: Tue Dec 19 00:34:40 2023 +0900 ksmbd: reorganize ksmbd_iov_pin_rsp() [ Upstream commit 1819a904299942b309f687cc0f08b123500aa178 ] If ksmbd_iov_pin_rsp fail, io vertor should be rollback. This patch moves memory allocations to before setting the io vector to avoid rollbacks. Fixes: e2b76ab8b5c9 ("ksmbd: add support for read compound") Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 845837fbfe799b184290a8dd55d386f26c510590 Author: Cheng-Han Wu Date: Tue Dec 19 00:34:39 2023 +0900 ksmbd: Remove unused field in ksmbd_user struct [ Upstream commit eacc655e18d1dec9b50660d16a1ddeeb4d6c48f2 ] fs/smb/server/mgmt/user_config.h:21: Remove the unused field 'failed_login_count' from the ksmbd_user struct. Signed-off-by: Cheng-Han Wu Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit fab0175b7f8e41be75f984f422ce5cf20fa39ead Author: Namjae Jeon Date: Tue Dec 19 00:34:38 2023 +0900 ksmbd: fix potential double free on smb2_read_pipe() error path [ Upstream commit 1903e6d0578118e9aab1ee23f4a9de55737d1d05 ] Fix new smatch warnings: fs/smb/server/smb2pdu.c:6131 smb2_read_pipe() error: double free of 'rpc_resp' Fixes: e2b76ab8b5c9 ("ksmbd: add support for read compound") Reported-by: kernel test robot Reported-by: Dan Carpenter Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit ef435dec8a847e41c29ae13ad43ddf0f83590e89 Author: Namjae Jeon Date: Tue Dec 19 00:34:37 2023 +0900 ksmbd: fix Null pointer dereferences in ksmbd_update_fstate() [ Upstream commit 414849040fcf11d45025b8ae26c9fd91da1465da ] Coverity Scan report the following one. This report is a false alarm. Because fp is never NULL when rc is zero. This patch add null check for fp in ksmbd_update_fstate to make alarm silence. *** CID 1568583: Null pointer dereferences (FORWARD_NULL) /fs/smb/server/smb2pdu.c: 3408 in smb2_open() 3402 path_put(&path); 3403 path_put(&parent_path); 3404 } 3405 ksmbd_revert_fsids(work); 3406 err_out1: 3407 if (!rc) { >>> CID 1568583: Null pointer dereferences (FORWARD_NULL) >>> Passing null pointer "fp" to "ksmbd_update_fstate", which dereferences it. 3408 ksmbd_update_fstate(&work->sess->file_table, fp, FP_INITED); 3409 rc = ksmbd_iov_pin_rsp(work, (void *)rsp, iov_len); 3410 } 3411 if (rc) { 3412 if (rc == -EINVAL) 3413 rsp->hdr.Status = STATUS_INVALID_PARAMETER; Fixes: e2b76ab8b5c9 ("ksmbd: add support for read compound") Reported-by: Coverity Scan Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 4b9b7ea1ffb1e34f01fa5726d0c184931b9ba565 Author: Namjae Jeon Date: Tue Dec 19 00:34:36 2023 +0900 ksmbd: fix wrong error response status by using set_smb2_rsp_status() [ Upstream commit be0f89d4419dc5413a1cf06db3671c9949be0d52 ] set_smb2_rsp_status() after __process_request() sets the wrong error status. This patch resets all iov vectors and sets the error status on clean one. Fixes: e2b76ab8b5c9 ("ksmbd: add support for read compound") Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit dd45db4d9bbc8f122a9b4db5ce94ae29fcf03d3c Author: Namjae Jeon Date: Tue Dec 19 00:34:35 2023 +0900 ksmbd: fix race condition between tree conn lookup and disconnect [ Upstream commit 33b235a6e6ebe0f05f3586a71e8d281d00f71e2e ] if thread A in smb2_write is using work-tcon, other thread B use smb2_tree_disconnect free the tcon, then thread A will use free'd tcon. Time + Thread A | Thread A smb2_write | smb2_tree_disconnect | | | kfree(tree_conn) | // UAF! | work->tcon->share_conf | + This patch add state, reference count and lock for tree conn to fix race condition issue. Reported-by: luosili Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 0901be8dc6ea7c5916c6c6244effc7a2e1198e83 Author: Namjae Jeon Date: Tue Dec 19 00:34:34 2023 +0900 ksmbd: fix race condition from parallel smb2 lock requests [ Upstream commit 75ac9a3dd65f7eab4d12b0a0f744234b5300a491 ] There is a race condition issue between parallel smb2 lock request. Time + Thread A | Thread A smb2_lock | smb2_lock | insert smb_lock to lock_list | spin_unlock(&work->conn->llist_lock) | | | spin_lock(&conn->llist_lock); | kfree(cmp_lock); | // UAF! | list_add(&smb_lock->llist, &rollback_list) + This patch swaps the line for adding the smb lock to the rollback list and adding the lock list of connection to fix the race issue. Reported-by: luosili Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 50e13932ba556025ad122e37f81aa102daf65bc8 Author: Namjae Jeon Date: Tue Dec 19 00:34:33 2023 +0900 ksmbd: fix race condition from parallel smb2 logoff requests [ Upstream commit 7ca9da7d873ee8024e9548d3366101c2b6843eab ] If parallel smb2 logoff requests come in before closing door, running request count becomes more than 1 even though connection status is set to KSMBD_SESS_NEED_RECONNECT. It can't get condition true, and sleep forever. This patch fix race condition problem by returning error if connection status was already set to KSMBD_SESS_NEED_RECONNECT. Reported-by: luosili Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit f99d5d1d2a255c517ffe2ffab8bc7563c651aafb Author: Namjae Jeon Date: Tue Dec 19 00:34:32 2023 +0900 ksmbd: fix race condition with fp [ Upstream commit 5a7ee91d1154f35418367a6eaae74046fd06ed89 ] fp can used in each command. If smb2_close command is coming at the same time, UAF issue can happen by race condition. Time + Thread A | Thread B1 B2 .... B5 smb2_open | smb2_close | __open_id | insert fp to file_table | | | atomic_dec_and_test(&fp->refcount) | if fp->refcount == 0, free fp by kfree. // UAF! | use fp | + This patch add f_state not to use freed fp is used and not to free fp in use. Reported-by: luosili Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit c77fd3e25a51ac92b0f1b347a96eff6a0b4f066f Author: Namjae Jeon Date: Tue Dec 19 00:34:31 2023 +0900 ksmbd: fix race condition between session lookup and expire [ Upstream commit 53ff5cf89142b978b1a5ca8dc4d4425e6a09745f ] Thread A + Thread B ksmbd_session_lookup | smb2_sess_setup sess = xa_load | | | xa_erase(&conn->sessions, sess->id); | | ksmbd_session_destroy(sess) --> kfree(sess) | // UAF! | sess->last_active = jiffies | + This patch add rwsem to fix race condition between ksmbd_session_lookup and ksmbd_expire_session. Reported-by: luosili Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit b9a3e4549676857bf4b1b5f92200fbb1740dfa2e Author: Namjae Jeon Date: Tue Dec 19 00:34:30 2023 +0900 ksmbd: check iov vector index in ksmbd_conn_write() [ Upstream commit 73f949ea87c7d697210653501ca21efe57295327 ] If ->iov_idx is zero, This means that the iov vector for the response was not added during the request process. In other words, it means that there is a problem in generating a response, So this patch return as an error to avoid NULL pointer dereferencing problem. Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 01df133b1a7d6ad52ed3e430d43fa930c2d3b8d9 Author: Namjae Jeon Date: Tue Dec 19 00:34:29 2023 +0900 ksmbd: return invalid parameter error response if smb2 request is invalid [ Upstream commit f2f11fca5d7112e2f91c4854cddd68a059fdaa4a ] If smb2 request from client is invalid, The following kernel oops could happen. The patch e2b76ab8b5c9: "ksmbd: add support for read compound" leads this issue. When request is invalid, It doesn't set anything in the response buffer. This patch add missing set invalid parameter error response. [ 673.085542] ksmbd: cli req too short, len 184 not 142. cmd:5 mid:109 [ 673.085580] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 673.085591] #PF: supervisor read access in kernel mode [ 673.085600] #PF: error_code(0x0000) - not-present page [ 673.085608] PGD 0 P4D 0 [ 673.085620] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 673.085631] CPU: 3 PID: 1039 Comm: kworker/3:0 Not tainted 6.6.0-rc2-tmt #16 [ 673.085643] Hardware name: AZW U59/U59, BIOS JTKT001 05/05/2022 [ 673.085651] Workqueue: ksmbd-io handle_ksmbd_work [ksmbd] [ 673.085719] RIP: 0010:ksmbd_conn_write+0x68/0xc0 [ksmbd] [ 673.085808] RAX: 0000000000000000 RBX: ffff88811ade4f00 RCX: 0000000000000000 [ 673.085817] RDX: 0000000000000000 RSI: ffff88810c2a9780 RDI: ffff88810c2a9ac0 [ 673.085826] RBP: ffffc900005e3e00 R08: 0000000000000000 R09: 0000000000000000 [ 673.085834] R10: ffffffffa3168160 R11: 63203a64626d736b R12: ffff8881057c8800 [ 673.085842] R13: ffff8881057c8820 R14: ffff8882781b2380 R15: ffff8881057c8800 [ 673.085852] FS: 0000000000000000(0000) GS:ffff888278180000(0000) knlGS:0000000000000000 [ 673.085864] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 673.085872] CR2: 0000000000000000 CR3: 000000015b63c000 CR4: 0000000000350ee0 [ 673.085883] Call Trace: [ 673.085890] [ 673.085900] ? show_regs+0x6a/0x80 [ 673.085916] ? __die+0x25/0x70 [ 673.085926] ? page_fault_oops+0x154/0x4b0 [ 673.085938] ? tick_nohz_tick_stopped+0x18/0x50 [ 673.085954] ? __irq_work_queue_local+0xba/0x140 [ 673.085967] ? do_user_addr_fault+0x30f/0x6c0 [ 673.085979] ? exc_page_fault+0x79/0x180 [ 673.085992] ? asm_exc_page_fault+0x27/0x30 [ 673.086009] ? ksmbd_conn_write+0x68/0xc0 [ksmbd] [ 673.086067] ? ksmbd_conn_write+0x46/0xc0 [ksmbd] [ 673.086123] handle_ksmbd_work+0x28d/0x4b0 [ksmbd] [ 673.086177] process_one_work+0x178/0x350 [ 673.086193] ? __pfx_worker_thread+0x10/0x10 [ 673.086202] worker_thread+0x2f3/0x420 [ 673.086210] ? _raw_spin_unlock_irqrestore+0x27/0x50 [ 673.086222] ? __pfx_worker_thread+0x10/0x10 [ 673.086230] kthread+0x103/0x140 [ 673.086242] ? __pfx_kthread+0x10/0x10 [ 673.086253] ret_from_fork+0x39/0x60 [ 673.086263] ? __pfx_kthread+0x10/0x10 [ 673.086274] ret_from_fork_asm+0x1b/0x30 Fixes: e2b76ab8b5c9 ("ksmbd: add support for read compound") Reported-by: Tom Talpey Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 4a67467f11340eaf3ee849d4945de4d457bf1941 Author: Namjae Jeon Date: Tue Dec 19 00:34:28 2023 +0900 ksmbd: fix passing freed memory 'aux_payload_buf' [ Upstream commit 59d8d24f4610333560cf2e8fe3f44cafe30322eb ] The patch e2b76ab8b5c9: "ksmbd: add support for read compound" leads to the following Smatch static checker warning: fs/smb/server/smb2pdu.c:6329 smb2_read() warn: passing freed memory 'aux_payload_buf' It doesn't matter that we're passing a freed variable because nbytes is zero. This patch set "aux_payload_buf = NULL" to make smatch silence. Fixes: e2b76ab8b5c9 ("ksmbd: add support for read compound") Reported-by: Dan Carpenter Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit fbed0adfe5072c73499f0cdf695ddcdb4a73419d Author: Namjae Jeon Date: Tue Dec 19 00:34:27 2023 +0900 ksmbd: remove unneeded mark_inode_dirty in set_info_sec() [ Upstream commit e4e14095cc68a2efefba6f77d95efe1137e751d4 ] mark_inode_dirty will be called in notify_change(). This patch remove unneeded mark_inode_dirty in set_info_sec(). Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit a9128c4134f1f7dc822f727bd800ae703678e6ea Author: Steve French Date: Tue Dec 19 00:34:26 2023 +0900 ksmbd: remove experimental warning [ Upstream commit f5069159f32c8c943e047f22731317463c8e9b84 ] ksmbd has made significant improvements over the past two years and is regularly tested and used. Remove the experimental warning. Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 6997fa65bf9ede54502d6d0496f6267227ca7821 Author: Namjae Jeon Date: Tue Dec 19 00:34:25 2023 +0900 ksmbd: add missing calling smb2_set_err_rsp() on error [ Upstream commit 0e2378eaa2b3a663726cf740d4aaa8a801e2cb31 ] If some error happen on smb2_sess_setup(), Need to call smb2_set_err_rsp() to set error response. This patch add missing calling smb2_set_err_rsp() on error. Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit bd554ed4fdc3d38404a1c43d428432577573e809 Author: Namjae Jeon Date: Tue Dec 19 00:34:24 2023 +0900 ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() [ Upstream commit 4b081ce0d830b684fdf967abc3696d1261387254 ] If authblob->SessionKey.Length is bigger than session key size(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes. cifs_arc4_crypt copy to session key array from SessionKey from client. Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21940 Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 7019440463dfd38b1c41774d7ad771f9cc6cf0ce Author: Yang Li Date: Tue Dec 19 00:34:23 2023 +0900 ksmbd: Fix one kernel-doc comment [ Upstream commit bf26f1b4e0918f017775edfeacf6d867204b680b ] Fix one kernel-doc comment to silence the warning: fs/smb/server/smb2pdu.c:4160: warning: Excess function parameter 'infoclass_size' description in 'buffer_check_err' Signed-off-by: Yang Li Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit c5aa74449a41d9c10900d82d2c2e62d5462ef932 Author: Namjae Jeon Date: Tue Dec 19 00:34:22 2023 +0900 ksmbd: reduce descriptor size if remaining bytes is less than request size [ Upstream commit e628bf939aafb61fbc56e9bdac8795cea5127e25 ] Create 3 kinds of files to reproduce this problem. dd if=/dev/urandom of=127k.bin bs=1024 count=127 dd if=/dev/urandom of=128k.bin bs=1024 count=128 dd if=/dev/urandom of=129k.bin bs=1024 count=129 When copying files from ksmbd share to windows or cifs.ko, The following error message happen from windows client. "The file '129k.bin' is too large for the destination filesystem." We can see the error logs from ksmbd debug prints [48394.611537] ksmbd: RDMA r/w request 0x0: token 0x669d, length 0x20000 [48394.612054] ksmbd: smb_direct: RDMA write, len 0x20000, needed credits 0x1 [48394.612572] ksmbd: filename 129k.bin, offset 131072, len 131072 [48394.614189] ksmbd: nbytes 1024, offset 132096 mincount 0 [48394.614585] ksmbd: Failed to process 8 [-22] And we can reproduce it with cifs.ko, e.g. dd if=129k.bin of=/dev/null bs=128KB count=2 This problem is that ksmbd rdma return error if remaining bytes is less than Length of Buffer Descriptor V1 Structure. smb_direct_rdma_xmit() ... if (desc_buf_len == 0 || total_length > buf_len || total_length > t->max_rdma_rw_size) return -EINVAL; This patch reduce descriptor size with remaining bytes and remove the check for total_length and buf_len. Cc: stable@vger.kernel.org Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit e12b092416939338445e5604e0fc45afedbb7239 Author: Atte Heikkilä Date: Tue Dec 19 00:34:21 2023 +0900 ksmbd: fix `force create mode' and `force directory mode' [ Upstream commit 65656f5242e500dcfeffa6a0a1519eae14724f86 ] `force create mode' and `force directory mode' should be bitwise ORed with the perms after `create mask' and `directory mask' have been applied, respectively. Signed-off-by: Atte Heikkilä Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 6f0207218c4c125f5bf32055ac4220b4ef3b7e67 Author: Namjae Jeon Date: Tue Dec 19 00:34:20 2023 +0900 ksmbd: fix wrong interim response on compound [ Upstream commit 041bba4414cda37d00063952c9bff9c3d5812a19 ] If smb2_lock or smb2_open request is compound, ksmbd could send wrong interim response to client. ksmbd allocate new interim buffer instead of using resonse buffer to support compound request. Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit f2283680a80571ca82d710bc6ecd8f8beac67d63 Author: Namjae Jeon Date: Tue Dec 19 00:34:19 2023 +0900 ksmbd: add support for read compound [ Upstream commit e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d ] MacOS sends a compound request including read to the server (e.g. open-read-close). So far, ksmbd has not handled read as a compound request. For compatibility between ksmbd and an OS that supports SMB, This patch provides compound support for read requests. Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit d7ad0ac5a8f66c3527da2e85392e75095481768a Author: Yang Yingliang Date: Tue Dec 19 00:34:18 2023 +0900 ksmbd: switch to use kmemdup_nul() helper [ Upstream commit 084ba46fc41c21ba827fd92e61f78def7a6e52ea ] Use kmemdup_nul() helper instead of open-coding to simplify the code. Acked-by: Namjae Jeon Signed-off-by: Yang Yingliang Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40b Author: Namjae Jeon Date: Tue Dec 19 00:34:17 2023 +0900 ksmbd: fix out of bounds in init_smb2_rsp_hdr() [ Upstream commit 536bb492d39bb6c080c92f31e8a55fe9934f452b ] If client send smb2 negotiate request and then send smb1 negotiate request, init_smb2_rsp_hdr is called for smb1 negotiate request since need_neg is set to false. This patch ignore smb1 packets after ->need_neg is set to false. Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21541 Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 017d85c94f02090a87f4a473dbe0d6ee0da72693 Author: Namjae Jeon Date: Tue Dec 19 00:34:16 2023 +0900 ksmbd: validate session id and tree id in compound request [ Upstream commit 3df0411e132ee74a87aa13142dfd2b190275332e ] `smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session() will always return the first request smb2 header in a compound request. if `SMB2_TREE_CONNECT_HE` is the first command in compound request, will return 0, i.e. The tree id check is skipped. This patch use ksmbd_req_buf_next() to get current command in compound. Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21506 Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 4a027b96515e30e831047cf5cc1f8bd80ea55050 Author: Namjae Jeon Date: Tue Dec 19 00:34:15 2023 +0900 ksmbd: check if a mount point is crossed during path lookup [ Upstream commit 2b57a4322b1b14348940744fdc02f9a86cbbdbeb ] Since commit 74d7970febf7 ("ksmbd: fix racy issue from using ->d_parent and ->d_name"), ksmbd can not lookup cross mount points. If last component is a cross mount point during path lookup, check if it is crossed to follow it down. And allow path lookup to cross a mount point when a crossmnt parameter is set to 'yes' in smb.conf. Cc: stable@vger.kernel.org Fixes: 74d7970febf7 ("ksmbd: fix racy issue from using ->d_parent and ->d_name") Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit cf63b94fec603f3f699e77bf30df146c5e5f943f Author: Wang Ming Date: Tue Dec 19 00:34:14 2023 +0900 ksmbd: Fix unsigned expression compared with zero [ Upstream commit 0266a2f791294e0b4ba36f4a1d89b8615ea3cac0 ] The return value of the ksmbd_vfs_getcasexattr() is signed. However, the return value is being assigned to an unsigned variable and subsequently recasted, causing warnings. Use a signed type. Signed-off-by: Wang Ming Acked-by: Tom Talpey Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 5f36e22910c2b3ac19309a7ffc5d3feb4f45cf1a Author: Gustavo A. R. Silva Date: Tue Dec 19 00:34:13 2023 +0900 ksmbd: Replace one-element array with flexible-array member [ Upstream commit 11d5e2061e973a8d4ff2b95a114b4b8ef8652633 ] One-element arrays are deprecated, and we are replacing them with flexible array members instead. So, replace one-element array with flexible-array member in struct smb_negotiate_req. This results in no differences in binary output. Link: https://github.com/KSPP/linux/issues/79 Link: https://github.com/KSPP/linux/issues/317 Signed-off-by: Gustavo A. R. Silva Reviewed-by: Kees Cook Acked-by: Namjae Jeon Reviewed-by: Sergey Senozhatsky Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit d9902ad14f82422c552be893f72fb518cdb751d3 Author: Gustavo A. R. Silva Date: Tue Dec 19 00:34:12 2023 +0900 ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect() [ Upstream commit 5211cc8727ed9701b04976ab47602955e5641bda ] Prefer struct_size() over open-coded versions. Link: https://github.com/KSPP/linux/issues/160 Signed-off-by: Gustavo A. R. Silva Reviewed-by: Kees Cook Acked-by: Namjae Jeon Reviewed-by: Sergey Senozhatsky Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 97f5c1e3086c8ba1473c265d9a5523cc9ef5579e Author: Namjae Jeon Date: Tue Dec 19 00:34:11 2023 +0900 ksmbd: add missing compound request handing in some commands [ Upstream commit 7b7d709ef7cf285309157fb94c33f625dd22c5e1 ] This patch add the compound request handling to the some commands. Existing clients do not send these commands as compound requests, but ksmbd should consider that they may come. Cc: stable@vger.kernel.org Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 676392184785ace61e939831e7ca44a03d438c3b Author: Namjae Jeon Date: Tue Dec 19 00:34:10 2023 +0900 ksmbd: fix out of bounds read in smb2_sess_setup [ Upstream commit 98422bdd4cb3ca4d08844046f6507d7ec2c2b8d8 ] ksmbd does not consider the case of that smb2 session setup is in compound request. If this is the second payload of the compound, OOB read issue occurs while processing the first payload in the smb2_sess_setup(). Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21355 Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit d91ba80185e4a0eea471d794638c1b2935fd90f4 Author: Lu Hongfei Date: Tue Dec 19 00:34:09 2023 +0900 ksmbd: Replace the ternary conditional operator with min() [ Upstream commit f65fadb0422537d73f9a6472861852dc2f7a6a5b ] It would be better to replace the traditional ternary conditional operator with min() in compare_sids. Signed-off-by: Lu Hongfei Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 2222ada0959be7467b18e34e4dab36792e327d55 Author: Namjae Jeon Date: Tue Dec 19 00:34:08 2023 +0900 ksmbd: use kvzalloc instead of kvmalloc [ Upstream commit 81a94b27847f7d2e499415db14dd9dc7c22b19b0 ] Use kvzalloc instead of kvmalloc. Reported-by: kernel test robot Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 638043bef94a55461cc8b4207b6f1725553afca9 Author: Lu Hongfei Date: Tue Dec 19 00:34:07 2023 +0900 ksmbd: Change the return value of ksmbd_vfs_query_maximal_access to void [ Upstream commit ccb5889af97c03c67a83fcd649602034578c0d61 ] The return value of ksmbd_vfs_query_maximal_access is meaningless, it is better to modify it to void. Signed-off-by: Lu Hongfei Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 7585898ddf5a46780617b8450beeb5425309429c Author: Namjae Jeon Date: Tue Dec 19 00:34:06 2023 +0900 ksmbd: return a literal instead of 'err' in ksmbd_vfs_kern_path_locked() [ Upstream commit cf5e7f734f445588a30350591360bca2f6bf016f ] Return a literal instead of 'err' in ksmbd_vfs_kern_path_locked(). Reported-by: Dan Carpenter Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 4910a79a5f61ccbc81358a26c8a84c1578f23698 Author: Namjae Jeon Date: Tue Dec 19 00:34:05 2023 +0900 ksmbd: use kzalloc() instead of __GFP_ZERO [ Upstream commit f87d4f85f43f0d4b12ef64b015478d8053e1a33e ] Use kzalloc() instead of __GFP_ZERO. Reported-by: Dan Carpenter Signed-off-by: Namjae Jeon Reviewed-by: Sergey Senozhatsky Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit b657622862bad53b1e54f492bd4daa250fd522c8 Author: Namjae Jeon Date: Tue Dec 19 00:34:04 2023 +0900 ksmbd: remove unused ksmbd_tree_conn_share function [ Upstream commit 7bd9f0876fdef00f4e155be35e6b304981a53f80 ] Remove unused ksmbd_tree_conn_share function. Signed-off-by: Namjae Jeon Reviewed-by: Sergey Senozhatsky Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit ce95f7d2dcdf260907c970301219b286c6abd690 Author: Namjae Jeon Date: Tue Dec 19 00:34:03 2023 +0900 ksmbd: add mnt_want_write to ksmbd vfs functions [ Upstream commit 40b268d384a22276dca1450549f53eed60e21deb ] ksmbd is doing write access using vfs helpers. There are the cases that mnt_want_write() is not called in vfs helper. This patch add missing mnt_want_write() to ksmbd vfs functions. Cc: stable@vger.kernel.org Cc: Amir Goldstein Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 0d1a3f97efbe73fe6d6c18574e6ac94cd2492c11 Author: Namjae Jeon Date: Tue Dec 19 00:34:02 2023 +0900 ksmbd: validate smb request protocol id [ Upstream commit 1c1bcf2d3ea061613119b534f57507c377df20f9 ] This patch add the validation for smb request protocol id. If it is not one of the four ids(SMB1_PROTO_NUMBER, SMB2_PROTO_NUMBER, SMB2_TRANSFORM_PROTO_NUM, SMB2_COMPRESSION_TRANSFORM_ID), don't allow processing the request. And this will fix the following KASAN warning also. [ 13.905265] BUG: KASAN: slab-out-of-bounds in init_smb2_rsp_hdr+0x1b9/0x1f0 [ 13.905900] Read of size 16 at addr ffff888005fd2f34 by task kworker/0:2/44 ... [ 13.908553] Call Trace: [ 13.908793] [ 13.908995] dump_stack_lvl+0x33/0x50 [ 13.909369] print_report+0xcc/0x620 [ 13.910870] kasan_report+0xae/0xe0 [ 13.911519] kasan_check_range+0x35/0x1b0 [ 13.911796] init_smb2_rsp_hdr+0x1b9/0x1f0 [ 13.912492] handle_ksmbd_work+0xe5/0x820 Cc: stable@vger.kernel.org Reported-by: Chih-Yen Chang Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit df3a4518aee64f21bcafa891105b468413f27431 Author: Namjae Jeon Date: Tue Dec 19 00:34:01 2023 +0900 ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop [ Upstream commit 368ba06881c395f1c9a7ba22203cf8d78b4addc0 ] The length field of netbios header must be greater than the SMB header sizes(smb1 or smb2 header), otherwise the packet is an invalid SMB packet. If `pdu_size` is 0, ksmbd allocates a 4 bytes chunk to `conn->request_buf`. In the function `get_smb2_cmd_val` ksmbd will read cmd from `rcv_hdr->Command`, which is `conn->request_buf + 12`, causing the KASAN detector to print the following error message: [ 7.205018] BUG: KASAN: slab-out-of-bounds in get_smb2_cmd_val+0x45/0x60 [ 7.205423] Read of size 2 at addr ffff8880062d8b50 by task ksmbd:42632/248 ... [ 7.207125] [ 7.209191] get_smb2_cmd_val+0x45/0x60 [ 7.209426] ksmbd_conn_enqueue_request+0x3a/0x100 [ 7.209712] ksmbd_server_process_request+0x72/0x160 [ 7.210295] ksmbd_conn_handler_loop+0x30c/0x550 [ 7.212280] kthread+0x160/0x190 [ 7.212762] ret_from_fork+0x1f/0x30 [ 7.212981] Cc: stable@vger.kernel.org Reported-by: Chih-Yen Chang Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit ae33f07c87ab298ba5c084948a21f7fb5e13ff5e Author: Namjae Jeon Date: Tue Dec 19 00:34:00 2023 +0900 ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR() [ Upstream commit 25933573ef48f3586f559c2cac6c436c62dcf63f ] Dan reported the following error message: fs/smb/server/smbacl.c:1296 smb_check_perm_dacl() error: 'posix_acls' dereferencing possible ERR_PTR() fs/smb/server/vfs.c:1323 ksmbd_vfs_make_xattr_posix_acl() error: 'posix_acls' dereferencing possible ERR_PTR() fs/smb/server/vfs.c:1830 ksmbd_vfs_inherit_posix_acl() error: 'acls' dereferencing possible ERR_PTR() __get_acl() returns a mix of error pointers and NULL. This change it with IS_ERR_OR_NULL(). Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Cc: stable@vger.kernel.org Reported-by: Dan Carpenter Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 55ceeb4e1c71793e852c20ad01ffd31515303546 Author: Namjae Jeon Date: Tue Dec 19 00:33:59 2023 +0900 ksmbd: fix out-of-bound read in parse_lease_state() [ Upstream commit fc6c6a3c324c1b3e93a03d0cfa3749c781f23de0 ] This bug is in parse_lease_state, and it is caused by the missing check of `struct create_context`. When the ksmbd traverses the create_contexts, it doesn't check if the field of `NameOffset` and `Next` is valid, The KASAN message is following: [ 6.664323] BUG: KASAN: slab-out-of-bounds in parse_lease_state+0x7d/0x280 [ 6.664738] Read of size 2 at addr ffff888005c08988 by task kworker/0:3/103 ... [ 6.666644] Call Trace: [ 6.666796] [ 6.666933] dump_stack_lvl+0x33/0x50 [ 6.667167] print_report+0xcc/0x620 [ 6.667903] kasan_report+0xae/0xe0 [ 6.668374] kasan_check_range+0x35/0x1b0 [ 6.668621] parse_lease_state+0x7d/0x280 [ 6.668868] smb2_open+0xbe8/0x4420 [ 6.675137] handle_ksmbd_work+0x282/0x820 Use smb2_find_context_vals() to find smb2 create request lease context. smb2_find_context_vals validate create context fields. Cc: stable@vger.kernel.org Reported-by: Chih-Yen Chang Tested-by: Chih-Yen Chang Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 4adb4fbd74812aeada97e7cc6de3dad41952443e Author: Namjae Jeon Date: Tue Dec 19 00:33:58 2023 +0900 ksmbd: fix out-of-bound read in deassemble_neg_contexts() [ Upstream commit f1a411873c85b642f13b01f21b534c2bab81fc1b ] The check in the beginning is `clen + sizeof(struct smb2_neg_context) <= len_of_ctxts`, but in the end of loop, `len_of_ctxts` will subtract `((clen + 7) & ~0x7) + sizeof(struct smb2_neg_context)`, which causes integer underflow when clen does the 8 alignment. We should use `(clen + 7) & ~0x7` in the check to avoid underflow from happening. Then there are some variables that need to be declared unsigned instead of signed. [ 11.671070] BUG: KASAN: slab-out-of-bounds in smb2_handle_negotiate+0x799/0x1610 [ 11.671533] Read of size 2 at addr ffff888005e86cf2 by task kworker/0:0/7 ... [ 11.673383] Call Trace: [ 11.673541] [ 11.673679] dump_stack_lvl+0x33/0x50 [ 11.673913] print_report+0xcc/0x620 [ 11.674671] kasan_report+0xae/0xe0 [ 11.675171] kasan_check_range+0x35/0x1b0 [ 11.675412] smb2_handle_negotiate+0x799/0x1610 [ 11.676217] ksmbd_smb_negotiate_common+0x526/0x770 [ 11.676795] handle_ksmbd_work+0x274/0x810 ... Cc: stable@vger.kernel.org Signed-off-by: Chih-Yen Chang Tested-by: Chih-Yen Chang Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 049ed0f953da554f75a5486940607b0d147e603f Author: Namjae Jeon Date: Tue Dec 19 00:33:57 2023 +0900 ksmbd: call putname after using the last component [ Upstream commit 6fe55c2799bc29624770c26f98ba7b06214f43e0 ] last component point filename struct. Currently putname is called after vfs_path_parent_lookup(). And then last component is used for lookup_one_qstr_excl(). name in last component is freed by previous calling putname(). And It cause file lookup failure when testing generic/464 test of xfstest. Fixes: 74d7970febf7 ("ksmbd: fix racy issue from using ->d_parent and ->d_name") Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit b423ddab61383077953b8246e6caa2cea3e446c4 Author: Namjae Jeon Date: Tue Dec 19 00:33:56 2023 +0900 ksmbd: fix UAF issue from opinfo->conn [ Upstream commit 36322523dddb11107e9f7f528675a0dec2536103 ] If opinfo->conn is another connection and while ksmbd send oplock break request to cient on current connection, The connection for opinfo->conn can be disconnect and conn could be freed. When sending oplock break request, this ksmbd_conn can be used and cause user-after-free issue. When getting opinfo from the list, ksmbd check connection is being released. If it is not released, Increase ->r_count to wait that connection is freed. Cc: stable@vger.kernel.org Reported-by: Per Forlin Tested-by: Per Forlin Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 19b2b9af315e295d3afc55ab5158f0808cb8754e Author: Kuan-Ting Chen Date: Tue Dec 19 00:33:55 2023 +0900 ksmbd: fix multiple out-of-bounds read during context decoding [ Upstream commit 0512a5f89e1fae74251fde6893ff634f1c96c6fb ] Check the remaining data length before accessing the context structure to ensure that the entire structure is contained within the packet. Additionally, since the context data length `ctxt_len` has already been checked against the total packet length `len_of_ctxts`, update the comparison to use `ctxt_len`. Cc: stable@vger.kernel.org Signed-off-by: Kuan-Ting Chen Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 61a306c1cc750b15c8b13b3ded623b94cd521fac Author: Namjae Jeon Date: Tue Dec 19 00:33:54 2023 +0900 ksmbd: fix uninitialized pointer read in smb2_create_link() [ Upstream commit df14afeed2e6c1bbadef7d2f9c46887bbd6d8d94 ] There is a case that file_present is true and path is uninitialized. This patch change file_present is set to false by default and set to true when patch is initialized. Fixes: 74d7970febf7 ("ksmbd: fix racy issue from using ->d_parent and ->d_name") Reported-by: Coverity Scan Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit ea799dd27584451b70b40320ab9846804a044bdd Author: Namjae Jeon Date: Tue Dec 19 00:33:53 2023 +0900 ksmbd: fix uninitialized pointer read in ksmbd_vfs_rename() [ Upstream commit 48b47f0caaa8a9f05ed803cb4f335fa3a7bfc622 ] Uninitialized rd.delegated_inode can be used in vfs_rename(). Fix this by setting rd.delegated_inode to NULL to avoid the uninitialized read. Fixes: 74d7970febf7 ("ksmbd: fix racy issue from using ->d_parent and ->d_name") Reported-by: Coverity Scan Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit b36295c17fb97424406f0c3ab321b1ccaabb9be8 Author: Namjae Jeon Date: Tue Dec 19 00:33:52 2023 +0900 ksmbd: fix racy issue under cocurrent smb2 tree disconnect [ Upstream commit 30210947a343b6b3ca13adc9bfc88e1543e16dd5 ] There is UAF issue under cocurrent smb2 tree disconnect. This patch introduce TREE_CONN_EXPIRE flags for tcon to avoid cocurrent access. Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20592 Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit ae06b798f72d6cc792cfa1745490be65da90eb03 Author: Namjae Jeon Date: Tue Dec 19 00:33:51 2023 +0900 ksmbd: fix racy issue from smb2 close and logoff with multichannel [ Upstream commit abcc506a9a71976a8b4c9bf3ee6efd13229c1e19 ] When smb client send concurrent smb2 close and logoff request with multichannel connection, It can cause racy issue. logoff request free tcon and can cause UAF issues in smb2 close. When receiving logoff request with multichannel, ksmbd should wait until all remaning requests complete as well as ones in the current connection, and then make session expired. Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20796 ZDI-CAN-20595 Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit dff87902d96082e6e271385b14adda8f65fc3e03 Author: Namjae Jeon Date: Tue Dec 19 00:33:50 2023 +0900 ksmbd: block asynchronous requests when making a delay on session setup [ Upstream commit b096d97f47326b1e2dbdef1c91fab69ffda54d17 ] ksmbd make a delay of 5 seconds on session setup to avoid dictionary attacks. But the 5 seconds delay can be bypassed by using asynchronous requests. This patch block all requests on current connection when making a delay on sesstion setup failure. Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20482 Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit a6a9601ba995d0fec635324cb9fd8d14f9bea14e Author: Namjae Jeon Date: Tue Dec 19 00:33:49 2023 +0900 ksmbd: destroy expired sessions [ Upstream commit ea174a91893956450510945a0c5d1a10b5323656 ] client can indefinitely send smb2 session setup requests with the SessionId set to 0, thus indefinitely spawning new sessions, and causing indefinite memory usage. This patch limit to the number of sessions using expired timeout and session state. Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20478 Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 708c304b583d789957399dd8237f212cf8ad1e4d Author: Namjae Jeon Date: Tue Dec 19 00:33:48 2023 +0900 ksmbd: fix racy issue from session setup and logoff [ Upstream commit f5c779b7ddbda30866cf2a27c63e34158f858c73 ] This racy issue is triggered by sending concurrent session setup and logoff requests. This patch does not set connection status as KSMBD_SESS_GOOD if state is KSMBD_SESS_NEED_RECONNECT in session setup. And relookup session to validate if session is deleted in logoff. Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20481, ZDI-CAN-20590, ZDI-CAN-20596 Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 019aae488dbc67c97a33db03652e20e2c9e3afa7 Author: Namjae Jeon Date: Tue Dec 19 00:33:47 2023 +0900 ksmbd: fix racy issue from using ->d_parent and ->d_name [ Upstream commit 74d7970febf7e9005375aeda0df821d2edffc9f7 ] Al pointed out that ksmbd has racy issue from using ->d_parent and ->d_name in ksmbd_vfs_unlink and smb2_vfs_rename(). and use new lock_rename_child() to lock stable parent while underlying rename racy. Introduce vfs_path_parent_lookup helper to avoid out of share access and export vfs functions like the following ones to use vfs_path_parent_lookup(). - rename __lookup_hash() to lookup_one_qstr_excl(). - export lookup_one_qstr_excl(). - export getname_kernel() and putname(). vfs_path_parent_lookup() is used for parent lookup of destination file using absolute pathname given from FILE_RENAME_INFORMATION request. Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit b31e1ef30107b5cbd393075633ecb078e6052509 Author: Al Viro Date: Tue Dec 19 00:33:46 2023 +0900 fs: introduce lock_rename_child() helper [ Upstream commit 9bc37e04823b5280dd0f22b6680fc23fe81ca325 ] Pass the dentry of a source file and the dentry of a destination directory to lock parent inodes for rename. As soon as this function returns, ->d_parent of the source file dentry is stable and inodes are properly locked for calling vfs-rename. This helper is needed for ksmbd server. rename request of SMB protocol has to rename an opened file, no matter which directory it's in. Signed-off-by: Al Viro Signed-off-by: Namjae Jeon Signed-off-by: Al Viro Signed-off-by: Greg Kroah-Hartman commit 380a0fe8bd606a246ab3dec5f94d70a1bf229af2 Author: David Disseldorp Date: Tue Dec 19 00:33:45 2023 +0900 ksmbd: remove unused compression negotiate ctx packing [ Upstream commit af36c51e0e111de4e908328d49cba49de758f66e ] build_compression_ctxt() is currently unreachable due to conn.compress_algorithm remaining zero (SMB3_COMPRESS_NONE). It appears to have been broken in a couple of subtle ways over the years: - prior to d6c9ad23b421 ("ksmbd: use the common definitions for NEGOTIATE_PROTOCOL") smb2_compression_ctx.DataLength was set to 8, which didn't account for the single CompressionAlgorithms flexible array member. - post d6c9ad23b421 smb2_compression_capabilities_context CompressionAlgorithms is a three member array, while CompressionAlgorithmCount is set to indicate only one member. assemble_neg_contexts() ctxt_size is also incorrectly incremented by sizeof(struct smb2_compression_capabilities_context) + 2, which assumes one flexible array member. Signed-off-by: David Disseldorp Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 0dbfcc34efabcdb677ccafc155d185594284d885 Author: David Disseldorp Date: Tue Dec 19 00:33:44 2023 +0900 ksmbd: avoid duplicate negotiate ctx offset increments [ Upstream commit a12a07a85aff72e19520328f78b1c64d2281a1ec ] Both pneg_ctxt and ctxt_size change in unison, with each adding the length of the previously added context, rounded up to an eight byte boundary. Drop pneg_ctxt increments and instead use the ctxt_size offset when passing output pointers to per-context helper functions. This slightly simplifies offset tracking and shaves off a few text bytes. Before (x86-64 gcc 7.5): text data bss dec hex filename 213234 8677 672 222583 36577 ksmbd.ko After: text data bss dec hex filename 213218 8677 672 222567 36567 ksmbd.ko Signed-off-by: David Disseldorp Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 2ca23947df8964603885d7fc3e6d90b0aa62fc60 Author: David Disseldorp Date: Tue Dec 19 00:33:43 2023 +0900 ksmbd: set NegotiateContextCount once instead of every inc [ Upstream commit 34e8ccf9ce24b6b2e275bbe35cd392e18fbbd369 ] There are no early returns, so marshalling the incremented NegotiateContextCount with every context is unnecessary. Signed-off-by: David Disseldorp Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 39f5b4b313b445c980a2a295bed28228c29228ed Author: David Disseldorp Date: Tue Dec 19 00:33:42 2023 +0900 ksmbd: avoid out of bounds access in decode_preauth_ctxt() [ Upstream commit e7067a446264a7514fa1cfaa4052cdb6803bc6a2 ] Confirm that the accessed pneg_ctxt->HashAlgorithms address sits within the SMB request boundary; deassemble_neg_contexts() only checks that the eight byte smb2_neg_context header + (client controlled) DataLength are within the packet boundary, which is insufficient. Checking for sizeof(struct smb2_preauth_neg_context) is overkill given that the type currently assumes SMB311_SALT_SIZE bytes of trailing Salt. Signed-off-by: David Disseldorp Acked-by: Namjae Jeon Cc: Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 921536046bd165efeb07beef5630aff35cd6a489 Author: Namjae Jeon Date: Tue Dec 19 00:33:41 2023 +0900 ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr [ Upstream commit dc8289f912387c3bcfbc5d2db29c8947fa207c11 ] When smb1 mount fails, KASAN detect slab-out-of-bounds in init_smb2_rsp_hdr like the following one. For smb1 negotiate(56bytes) , init_smb2_rsp_hdr() for smb2 is called. The issue occurs while handling smb1 negotiate as smb2 server operations. Add smb server operations for smb1 (get_cmd_val, init_rsp_hdr, allocate_rsp_buf, check_user_session) to handle smb1 negotiate so that smb2 server operation does not handle it. [ 411.400423] CIFS: VFS: Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers [ 411.400452] CIFS: Attempting to mount \\192.168.45.139\homes [ 411.479312] ksmbd: init_smb2_rsp_hdr : 492 [ 411.479323] ================================================================== [ 411.479327] BUG: KASAN: slab-out-of-bounds in init_smb2_rsp_hdr+0x1e2/0x1f4 [ksmbd] [ 411.479369] Read of size 16 at addr ffff888488ed0734 by task kworker/14:1/199 [ 411.479379] CPU: 14 PID: 199 Comm: kworker/14:1 Tainted: G OE 6.1.21 #3 [ 411.479386] Hardware name: ASUSTeK COMPUTER INC. Z10PA-D8 Series/Z10PA-D8 Series, BIOS 3801 08/23/2019 [ 411.479390] Workqueue: ksmbd-io handle_ksmbd_work [ksmbd] [ 411.479425] Call Trace: [ 411.479428] [ 411.479432] dump_stack_lvl+0x49/0x63 [ 411.479444] print_report+0x171/0x4a8 [ 411.479452] ? kasan_complete_mode_report_info+0x3c/0x200 [ 411.479463] ? init_smb2_rsp_hdr+0x1e2/0x1f4 [ksmbd] [ 411.479497] kasan_report+0xb4/0x130 [ 411.479503] ? init_smb2_rsp_hdr+0x1e2/0x1f4 [ksmbd] [ 411.479537] kasan_check_range+0x149/0x1e0 [ 411.479543] memcpy+0x24/0x70 [ 411.479550] init_smb2_rsp_hdr+0x1e2/0x1f4 [ksmbd] [ 411.479585] handle_ksmbd_work+0x109/0x760 [ksmbd] [ 411.479616] ? _raw_spin_unlock_irqrestore+0x50/0x50 [ 411.479624] ? smb3_encrypt_resp+0x340/0x340 [ksmbd] [ 411.479656] process_one_work+0x49c/0x790 [ 411.479667] worker_thread+0x2b1/0x6e0 [ 411.479674] ? process_one_work+0x790/0x790 [ 411.479680] kthread+0x177/0x1b0 [ 411.479686] ? kthread_complete_and_exit+0x30/0x30 [ 411.479692] ret_from_fork+0x22/0x30 [ 411.479702] Fixes: 39b291b86b59 ("ksmbd: return unsupported error on smb1 mount") Cc: stable@vger.kernel.org Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 9494242c8e76e6a98c8ab5f6aed0fa4bd56ac6d5 Author: Namjae Jeon Date: Tue Dec 19 00:33:40 2023 +0900 ksmbd: delete asynchronous work from list [ Upstream commit 3a9b557f44ea8f216aab515a7db20e23f0eb51b9 ] When smb2_lock request is canceled by smb2_cancel or smb2_close(), ksmbd is missing deleting async_request_entry async_requests list. Because calling init_smb2_rsp_hdr() in smb2_lock() mark ->synchronous as true and then it will not be deleted in ksmbd_conn_try_dequeue_request(). This patch add release_async_work() to release the ones allocated for async work. Cc: stable@vger.kernel.org Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 427caadf90e93c60c9b01aadf9fa3e16308f300e Author: Tom Rix Date: Tue Dec 19 00:33:39 2023 +0900 ksmbd: remove unused is_char_allowed function [ Upstream commit 2824861773eb512b37547516d81ef78108032cb2 ] clang with W=1 reports fs/ksmbd/unicode.c:122:19: error: unused function 'is_char_allowed' [-Werror,-Wunused-function] static inline int is_char_allowed(char *ch) ^ This function is not used so remove it. Signed-off-by: Tom Rix Reviewed-by: Sergey Senozhatsky Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 289b46fd11dd63ca147aa7f4f9267b25306fb01c Author: Namjae Jeon Date: Tue Dec 19 00:33:38 2023 +0900 ksmbd: fix wrong signingkey creation when encryption is AES256 [ Upstream commit 7a891d4b62d62566323676cb0e922ded4f37afe1 ] MacOS and Win11 support AES256 encrytion and it is included in the cipher array of encryption context. Especially on macOS, The most preferred cipher is AES256. Connecting to ksmbd fails on newer MacOS clients that support AES256 encryption. MacOS send disconnect request after receiving final session setup response from ksmbd. Because final session setup is signed with signing key was generated incorrectly. For signging key, 'L' value should be initialized to 128 if key size is 16bytes. Cc: stable@vger.kernel.org Reported-by: Miao Lihua <441884205@qq.com> Tested-by: Miao Lihua <441884205@qq.com> Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit bfe8372ef2dbdce97f13b21d76e2080ddeef5a79 Author: Hangyu Hua Date: Tue Dec 19 00:33:37 2023 +0900 ksmbd: fix possible memory leak in smb2_lock() [ Upstream commit d3ca9f7aeba793d74361d88a8800b2f205c9236b ] argv needs to be free when setup_async_work fails or when the current process is woken up. Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Cc: stable@vger.kernel.org Signed-off-by: Hangyu Hua Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit d625db885a10625e0a2db542139933a37b8a8774 Author: Jiapeng Chong Date: Tue Dec 19 00:33:36 2023 +0900 ksmbd: Fix parameter name and comment mismatch [ Upstream commit 63f09a9986eb58578ed6ad0e27a6e2c54e49f797 ] fs/ksmbd/vfs.c:965: warning: Function parameter or member 'attr_value' not described in 'ksmbd_vfs_setxattr'. Reported-by: Abaci Robot Link: https://bugzilla.openanolis.cn/show_bug.cgi?id=3946 Signed-off-by: Jiapeng Chong Acked-by: Namjae Jeon Reviewed-by: Sergey Senozhatsky Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 0d3f06fd65fe8d09fb6613fe8eca03586b0ccaa4 Author: Colin Ian King Date: Tue Dec 19 00:33:35 2023 +0900 ksmbd: Fix spelling mistake "excceed" -> "exceeded" [ Upstream commit 7a17c61ee3b2683c40090179c273f4701fca9677 ] There is a spelling mistake in an error message. Fix it. Signed-off-by: Colin Ian King Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 1f1aca1d500dca606161b2f934102804ba8f2ad6 Author: Steve French Date: Tue Dec 19 00:33:34 2023 +0900 ksmbd: update Kconfig to note Kerberos support and fix indentation [ Upstream commit d280a958f8b2b62610c280ecdf35d780e7922620 ] Fix indentation of server config options, and also since support for very old, less secure, NTLM authentication was removed (and quite a while ago), remove the mention of that in Kconfig, but do note Kerberos (not just NTLMv2) which are supported and much more secure. Acked-by: Namjae Jeon Acked-by: David Howells Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit a35ebf65899344cf1d4cbc8c8c773b4185bf8388 Author: Dawei Li Date: Tue Dec 19 00:33:33 2023 +0900 ksmbd: Remove duplicated codes [ Upstream commit 7010357004096e54c884813e702d71147dc081f8 ] ksmbd_neg_token_init_mech_token() and ksmbd_neg_token_targ_resp_token() share same implementation, unify them. Signed-off-by: Dawei Li Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit b15734ec29b6cbd8c422222fbf41ac0404304037 Author: Dawei Li Date: Tue Dec 19 00:33:32 2023 +0900 ksmbd: fix typo, syncronous->synchronous [ Upstream commit f8d6e7442aa716a233c7eba99dec628f8885e00b ] syncronous->synchronous Signed-off-by: Dawei Li Acked-by: Namjae Jeon Reviewed-by: Sergey Senozhatsky Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 1f485b54d04a920723984062c912174330a05178 Author: Dawei Li Date: Tue Dec 19 00:33:31 2023 +0900 ksmbd: Implements sess->rpc_handle_list as xarray [ Upstream commit b685757c7b08d5073046fb379be965fd6c06aafc ] For some ops on rpc handle: 1. ksmbd_session_rpc_method(), possibly on high frequency. 2. ksmbd_session_rpc_close(). id is used as indexing key to lookup channel, in that case, linear search based on list may suffer a bit for performance. Implements sess->rpc_handle_list as xarray. Signed-off-by: Dawei Li Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit b1caecbf34b8c8260d851ec4efde71f3694460b7 Author: Dawei Li Date: Tue Dec 19 00:33:30 2023 +0900 ksmbd: Implements sess->ksmbd_chann_list as xarray [ Upstream commit 1d9c4172110e645b383ff13eee759728d74f1a5d ] For some ops on channel: 1. lookup_chann_list(), possibly on high frequency. 2. ksmbd_chann_del(). Connection is used as indexing key to lookup channel, in that case, linear search based on list may suffer a bit for performance. Implements sess->ksmbd_chann_list as xarray. Signed-off-by: Dawei Li Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit d7f088dc279441ace8b5ef70259c089142f89497 Author: Marios Makassikis Date: Tue Dec 19 00:33:29 2023 +0900 ksmbd: send proper error response in smb2_tree_connect() [ Upstream commit cdfb2fef522d0c3f9cf293db51de88e9b3d46846 ] Currently, smb2_tree_connect doesn't send an error response packet on error. This causes libsmb2 to skip the specific error code and fail with the following: smb2_service failed with : Failed to parse fixed part of command payload. Unexpected size of Error reply. Expected 9, got 8 Signed-off-by: Marios Makassikis Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit bcab5c810544ea5dda4a1d50319da556677d22a2 Author: ye xingchen Date: Tue Dec 19 00:33:28 2023 +0900 ksmbd: Convert to use sysfs_emit()/sysfs_emit_at() APIs [ Upstream commit 72ee45fd46d0d3578c4e6046f66fae3218543ce3 ] Follow the advice of the Documentation/filesystems/sysfs.rst and show() should only use sysfs_emit() or sysfs_emit_at() when formatting the value to be returned to user space. Signed-off-by: ye xingchen Reviewed-by: Sergey Senozhatsky Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 46c517bc0ac6f681745adb572bc76bfc02191fb7 Author: Marios Makassikis Date: Tue Dec 19 00:33:27 2023 +0900 ksmbd: Fix resource leak in smb2_lock() [ Upstream commit 01f6c61bae3d658058ee6322af77acea26a5ee3a ] "flock" is leaked if an error happens before smb2_lock_init(), as the lock is not added to the lock_list to be cleaned up. Signed-off-by: Marios Makassikis Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 9ea6b43d8a7d7f3d90779787a3ee77e5e95a87a8 Author: Jeff Layton Date: Tue Dec 19 00:33:26 2023 +0900 ksmbd: use F_SETLK when unlocking a file [ Upstream commit 7ecbe92696bb7fe32c80b6cf64736a0d157717a9 ] ksmbd seems to be trying to use a cmd value of 0 when unlocking a file. That activity requires a type of F_UNLCK with a cmd of F_SETLK. For local POSIX locking, it doesn't matter much since vfs_lock_file ignores @cmd, but filesystems that define their own ->lock operation expect to see it set sanely. Cc: David Howells Signed-off-by: Jeff Layton Reviewed-by: David Howells Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 8263acd267f76170c170099c9cb3cd8861a48e7f Author: Namjae Jeon Date: Tue Dec 19 00:33:25 2023 +0900 ksmbd: set SMB2_SESSION_FLAG_ENCRYPT_DATA when enforcing data encryption for this share [ Upstream commit 37ba7b005a7a4454046bd8659c7a9c5330552396 ] Currently, SMB2_SESSION_FLAG_ENCRYPT_DATA is always set session setup response. Since this forces data encryption from the client, there is a problem that data is always encrypted regardless of the use of the cifs seal mount option. SMB2_SESSION_FLAG_ENCRYPT_DATA should be set according to KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION flags, and in case of KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION_OFF, encryption mode is turned off for all connections. Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 64b4d72c596a3722b6fe8a6aca74faf424db0499 Author: Gustavo A. R. Silva Date: Tue Dec 19 00:33:24 2023 +0900 ksmbd: replace one-element arrays with flexible-array members [ Upstream commit d272e01fa0a2f15c5c331a37cd99c6875c7b7186 ] One-element arrays are deprecated, and we are replacing them with flexible array members instead. So, replace one-element arrays with flexible-array members in multiple structs in fs/ksmbd/smb_common.h and one in fs/ksmbd/smb2pdu.h. Important to mention is that doing a build before/after this patch results in no binary output differences. This helps with the ongoing efforts to tighten the FORTIFY_SOURCE routines on memcpy() and help us make progress towards globally enabling -fstrict-flex-arrays=3 [1]. Link: https://github.com/KSPP/linux/issues/242 Link: https://github.com/KSPP/linux/issues/79 Link: https://gcc.gnu.org/pipermail/gcc-patches/2022-October/602902.html [1] Signed-off-by: Gustavo A. R. Silva Reviewed-by: Sergey Senozhatsky Acked-by: Namjae Jeon Reviewed-by: Kees Cook Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/Y3OxronfaPYv9qGP@work Signed-off-by: Greg Kroah-Hartman commit 2bdd995f139c0520705bbe1bbaf81c5e038ea3dc Author: Atte Heikkilä Date: Tue Dec 19 00:33:23 2023 +0900 ksmbd: validate share name from share config response [ Upstream commit f5ba1cdaf5eb380e148183bda06d4844b457d095 ] Share config response may contain the share name without casefolding as it is known to the user space daemon. When it is present, casefold and compare it to the share name the share config request was made with. If they differ, we have a share config which is incompatible with the way share config caching is done. This is the case when CONFIG_UNICODE is not set, the share name contains non-ASCII characters, and those non- ASCII characters do not match those in the share name known to user space. In other words, when CONFIG_UNICODE is not set, UTF-8 share names now work but are only case-insensitive in the ASCII range. Signed-off-by: Atte Heikkilä Acked-by: Tom Talpey Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit ef97ccd0fc64ccab2ac04157928432b61be4f8f6 Author: Namjae Jeon Date: Tue Dec 19 00:33:22 2023 +0900 ksmbd: call ib_drain_qp when disconnected [ Upstream commit 141fa9824c0fc11d44b2d5bb1266a33e95fa67fd ] When disconnected, call ib_drain_qp to cancel all pending work requests and prevent ksmbd_conn_handler_loop from waiting for a long time for those work requests to compelete. Signed-off-by: Hyunchul Lee Signed-off-by: Namjae Jeon Reviewed-by: Tom Talpey Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit b3e852bea8a7440af69c577545cbc602aa8539d5 Author: Atte Heikkilä Date: Tue Dec 19 00:33:21 2023 +0900 ksmbd: make utf-8 file name comparison work in __caseless_lookup() [ Upstream commit dbab80e2071ad8c702e50dab43326608a127d27b ] Case-insensitive file name lookups with __caseless_lookup() use strncasecmp() for file name comparison. strncasecmp() assumes an ISO8859-1-compatible encoding, which is not the case here as UTF-8 is always used. As such, use of strncasecmp() here produces correct results only if both strings use characters in the ASCII range only. Fix this by using utf8_strncasecmp() if CONFIG_UNICODE is set. On failure or if CONFIG_UNICODE is not set, fallback to strncasecmp(). Also, as we are adding an include for `linux/unicode.h', include it in `fs/ksmbd/connection.h' as well since it should be explicit there. Signed-off-by: Atte Heikkilä Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 131e308593e6d03a2d93b75a8c8c45f13e39cf93 Author: Namjae Jeon Date: Tue Dec 19 00:33:20 2023 +0900 ksmbd: hide socket error message when ipv6 config is disable [ Upstream commit 5876e99611a91dfb2fb1f7af9d1ae5c017c8331c ] When ipv6 config is disable(CONFIG_IPV6 is not set), ksmbd fallback to create ipv4 socket. User reported that this error message lead to misunderstood some issue. Users have requested not to print this error message that occurs even though there is no problem. Signed-off-by: Namjae Jeon Acked-by: Tom Talpey Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 507cb106c3b9f9cd17d73186f9c9f0be89de70f0 Author: Tom Talpey Date: Tue Dec 19 00:33:19 2023 +0900 ksmbd: reduce server smbdirect max send/receive segment sizes [ Upstream commit 78af146e109bef5b3c411964141c6f8adbccd3b0 ] Reduce ksmbd smbdirect max segment send and receive size to 1364 to match protocol norms. Larger buffers are unnecessary and add significant memory overhead. Signed-off-by: Tom Talpey Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit fe4d09792bc68897b8504fcba0e9eb03edb7a3c6 Author: Tom Talpey Date: Tue Dec 19 00:33:18 2023 +0900 ksmbd: decrease the number of SMB3 smbdirect server SGEs [ Upstream commit 2b4eeeaa90617c5e37da7c804c422b4e833b87b2 ] The server-side SMBDirect layer requires no more than 6 send SGEs The previous default of 8 causes ksmbd to fail on the SoftiWARP (siw) provider, and possibly others. Additionally, large numbers of SGEs reduces performance significantly on adapter implementations. Signed-off-by: Tom Talpey Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit d5a3b1024aab939a65e316fb245dda10751b5389 Author: Namjae Jeon Date: Tue Dec 19 00:33:17 2023 +0900 ksmbd: set NTLMSSP_NEGOTIATE_SEAL flag to challenge blob [ Upstream commit 5bedae90b369ca1a7660b9af39591ed19009b495 ] If NTLMSSP_NEGOTIATE_SEAL flags is set in negotiate blob from client, Set NTLMSSP_NEGOTIATE_SEAL flag to challenge blob. Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 4d796ff8995adb71b265d64c533c412dfae754ab Author: Namjae Jeon Date: Tue Dec 19 00:33:16 2023 +0900 ksmbd: fix encryption failure issue for session logoff response [ Upstream commit af705ef2b0ded0d8f54c238fdf3c17a1d47ad924 ] If client send encrypted session logoff request on seal mount, Encryption for that response fails. ksmbd: Could not get encryption key CIFS: VFS: cifs_put_smb_ses: Session Logoff failure rc=-512 Session lookup fails in ksmbd_get_encryption_key() because sess->state is set to SMB2_SESSION_EXPIRED in session logoff. There is no need to do session lookup again to encrypt the response. This patch change to use ksmbd_session in ksmbd_work. Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit e925de7defff35caee89399f62e48759a229a95c Author: Namjae Jeon Date: Tue Dec 19 00:33:15 2023 +0900 ksmbd: fill sids in SMB_FIND_FILE_POSIX_INFO response [ Upstream commit d5919f2a1459083bd0aaede7fc44e945290e44df ] This patch fill missing sids in SMB_FIND_FILE_POSIX_INFO response. Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 95b72edca5d255e31fe4485567be5acb785200dc Author: Namjae Jeon Date: Tue Dec 19 00:33:14 2023 +0900 ksmbd: set file permission mode to match Samba server posix extension behavior [ Upstream commit f6c2b201da7588f7f7688ddc99b7bb000609129c ] Set file permission mode to match Samba server posix extension behavior. Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 813ef06ea2a30db7c60ec34506b82ce50222ce6e Author: Namjae Jeon Date: Tue Dec 19 00:33:13 2023 +0900 ksmbd: change security id to the one samba used for posix extension [ Upstream commit 5609bdd9ffdccd83f9003511b1801584b703baa5 ] Samba set SIDOWNER and SIDUNIX_GROUP in create posix context and set SIDUNIX_USER/GROUP in other sids for posix extension. This patch change security id to the one samba used. Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 62e6846ee3bae7fc2607f30136b5566a7c4685bf Author: Atte Heikkilä Date: Tue Dec 19 00:33:12 2023 +0900 ksmbd: casefold utf-8 share names and fix ascii lowercase conversion [ Upstream commit 16b5f54e30c1ddec36bdf946a299b3254aace477 ] strtolower() corrupts all UTF-8 share names that have a byte in the C0 (À ISO8859-1) to DE (Þ ISO8859-1) range, since the non-ASCII part of ISO8859-1 is incompatible with UTF-8. Prevent this by checking that a byte is in the ASCII range with isascii(), before the conversion to lowercase with tolower(). Properly handle case-insensitivity of UTF-8 share names by casefolding them, but fallback to ASCII lowercase conversion on failure or if CONFIG_UNICODE is not set. Refactor to move the share name casefolding immediately after the share name extraction. Also, make the associated constness corrections. Signed-off-by: Atte Heikkilä Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 43e2963be171bee6bdc527d8ba4720e2974270d5 Author: Namjae Jeon Date: Tue Dec 19 00:33:11 2023 +0900 ksmbd: remove generic_fillattr use in smb2_open() [ Upstream commit 823d0d3e2b05791ba8cbab22574b947c21f89c18 ] Removed the use of unneeded generic_fillattr() in smb2_open(). Reviewed-by: Hyunchul Lee Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit aa77fc81825b7cc5b20eee21c0b722d279fddb66 Author: Al Viro Date: Tue Dec 19 00:33:10 2023 +0900 ksmbd: constify struct path [ Upstream commit c22180a5e2a9e1426fab01d9e54011ec531b1b52 ] ... in particular, there should never be a non-const pointers to any file->f_path. Acked-by: Namjae Jeon Signed-off-by: Al Viro Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit b79a9f991eb939683b5cf8eae6e6ed66ddfc3efb Author: Al Viro Date: Tue Dec 19 00:33:09 2023 +0900 ksmbd: don't open-code %pD [ Upstream commit 369c1634cc7ae8645a5cba4c7eb874755c2a6a07 ] a bunch of places used %pd with file->f_path.dentry; shorter (and saner) way to spell that is %pD with file... Acked-by: Namjae Jeon Signed-off-by: Al Viro Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit d6686d57919df3a174c576e63fb0b42742951340 Author: Al Viro Date: Tue Dec 19 00:33:08 2023 +0900 ksmbd: don't open-code file_path() [ Upstream commit 2f5930c1d7936b74eb820c5b157011994c707a74 ] Acked-by: Namjae Jeon Signed-off-by: Al Viro Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit a7ddc4951f0f3c3647334380c3eda1d7d33bd7f5 Author: Hyunchul Lee Date: Tue Dec 19 00:33:07 2023 +0900 ksmbd: remove unnecessary generic_fillattr in smb2_open [ Upstream commit c90b31eaf9e77269d3803ed9223a2e0168b519ac ] Remove unnecessary generic_fillattr to fix wrong AllocationSize of SMB2_CREATE response, And Move the call of ksmbd_vfs_getattr above the place where stat is needed because of truncate. This patch fixes wrong AllocationSize of SMB2_CREATE response. Because ext4 updates inode->i_blocks only when disk space is allocated, generic_fillattr does not set stat.blocks properly for delayed allocation. But ext4 returns the blocks that include the delayed allocation blocks when getattr is called. The issue can be reproduced with commands below: touch ${FILENAME} xfs_io -c "pwrite -S 0xAB 0 40k" ${FILENAME} xfs_io -c "stat" ${FILENAME} 40KB are written, but the count of blocks is 8. Signed-off-by: Hyunchul Lee Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit ebb8c616574adf715093f2fcdbd7afe54c4481a1 Author: Atte Heikkilä Date: Tue Dec 19 00:33:06 2023 +0900 ksmbd: request update to stale share config [ Upstream commit 4963d74f8a6cc0eafd71d9ffc13e3a11ff1dd160 ] ksmbd_share_config_get() retrieves the cached share config as long as there is at least one connection to the share. This is an issue when the user space utilities are used to update share configs. In that case there is a need to inform ksmbd that it should not use the cached share config for a new connection to the share. With these changes the tree connection flag KSMBD_TREE_CONN_FLAG_UPDATE indicates this. When this flag is set, ksmbd removes the share config from the shares hash table meaning that ksmbd_share_config_get() ends up requesting a share config from user space. Signed-off-by: Atte Heikkilä Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit c7aff8b8ffdb70e1bfd2be9f122f410c20ff6af1 Author: Namjae Jeon Date: Tue Dec 19 00:33:05 2023 +0900 ksmbd: use wait_event instead of schedule_timeout() [ Upstream commit a14c573870a664386adc10526a6c2648ea56dae1 ] ksmbd threads eating masses of cputime when connection is disconnected. If connection is disconnected, ksmbd thread waits for pending requests to be processed using schedule_timeout. schedule_timeout() incorrectly is used, and it is more efficient to use wait_event/wake_up than to check r_count every time with timeout. Signed-off-by: Namjae Jeon Reviewed-by: Hyunchul Lee Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 1f82ecbc7f1e779ee974aca72de550414a74f4ea Author: Namjae Jeon Date: Tue Dec 19 00:33:04 2023 +0900 ksmbd: remove unused ksmbd_share_configs_cleanup function [ Upstream commit 1c90b54718fdea4f89e7e0c2415803f33f6d0b00 ] remove unused ksmbd_share_configs_cleanup function. Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 8d0f823193f1fed1b3944a3014d6d55e57100445 Author: Hyunchul Lee Date: Tue Dec 19 00:33:03 2023 +0900 ksmbd: remove duplicate flag set in smb2_write [ Upstream commit 745bbc0995c25917dfafb645b8efb29813ef9e0b ] The writethrough flag is set again if is_rdma_channel is false. Signed-off-by: Hyunchul Lee Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit d4b374ff2a3a547a9ff0b99f2462643cb1208a37 Author: Christophe JAILLET Date: Tue Dec 19 00:33:02 2023 +0900 ksmbd: smbd: Remove useless license text when SPDX-License-Identifier is already used [ Upstream commit 06ee1c0aebd5dfdf6bf237165b22415f64f38b7c ] An SPDX-License-Identifier is already in place. There is no need to duplicate part of the corresponding license. Signed-off-by: Christophe JAILLET Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit ff403dbe43a1eda2e759cb675928d68dbb014b59 Author: Hyunchul Lee Date: Tue Dec 19 00:33:01 2023 +0900 ksmbd: smbd: relax the count of sges required [ Upstream commit 621433b7e25d6d42e5f75bd8c4a62d6c7251511b ] Remove the condition that the count of sges must be greater than or equal to SMB_DIRECT_MAX_SEND_SGES(8). Because ksmbd needs sges only for SMB direct header, SMB2 transform header, SMB2 response, and optional payload. Signed-off-by: Hyunchul Lee Acked-by: Namjae Jeon Reviewed-by: Tom Talpey Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 9d609b52f9526e3cf3a9a67f707256e3a41ea145 Author: Hyunchul Lee Date: Tue Dec 19 00:33:00 2023 +0900 ksmbd: smbd: fix connection dropped issue [ Upstream commit 5366afc4065075a4456941fbd51c33604d631ee5 ] When there are bursty connection requests, RDMA connection event handler is deferred and Negotiation requests are received even if connection status is NEW. To handle it, set the status to CONNECTED if Negotiation requests are received. Reported-by: Yufan Chen Signed-off-by: Hyunchul Lee Tested-by: Yufan Chen Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 32af379e13dfbe8761deae273bd9bd8b83f31b55 Author: Yang Li Date: Tue Dec 19 00:32:59 2023 +0900 ksmbd: Fix some kernel-doc comments [ Upstream commit 7820c6ee029548290b318e522eb2578516d05393 ] Remove some warnings found by running scripts/kernel-doc, which is caused by using 'make W=1'. fs/ksmbd/misc.c:30: warning: Function parameter or member 'str' not described in 'match_pattern' fs/ksmbd/misc.c:30: warning: Excess function parameter 'string' description in 'match_pattern' fs/ksmbd/misc.c:163: warning: Function parameter or member 'share' not described in 'convert_to_nt_pathname' fs/ksmbd/misc.c:163: warning: Function parameter or member 'path' not described in 'convert_to_nt_pathname' fs/ksmbd/misc.c:163: warning: Excess function parameter 'filename' description in 'convert_to_nt_pathname' fs/ksmbd/misc.c:163: warning: Excess function parameter 'sharepath' description in 'convert_to_nt_pathname' fs/ksmbd/misc.c:259: warning: Function parameter or member 'share' not described in 'convert_to_unix_name' fs/ksmbd/misc.c:259: warning: Function parameter or member 'name' not described in 'convert_to_unix_name' fs/ksmbd/misc.c:259: warning: Excess function parameter 'path' description in 'convert_to_unix_name' fs/ksmbd/misc.c:259: warning: Excess function parameter 'tid' description in 'convert_to_unix_name' Reported-by: Abaci Robot Signed-off-by: Yang Li Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 81602ee1c4fb9891844da62088b930a86529edd5 Author: Namjae Jeon Date: Tue Dec 19 00:32:58 2023 +0900 ksmbd: fix wrong smbd max read/write size check [ Upstream commit 7a84399e1ce3f5f2fbec3e7dd93459ba25badc2f ] smb-direct max read/write size can be different with smb2 max read/write size. So smb2_read() can return error by wrong max read/write size check. This patch use smb_direct_max_read_write_size for this check in smb-direct read/write(). Signed-off-by: Namjae Jeon Reviewed-by: Hyunchul Lee Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 918a690d8ab650b78c0cae4be9227f6cfcd779f0 Author: Hyunchul Lee Date: Tue Dec 19 00:32:57 2023 +0900 ksmbd: smbd: handle multiple Buffer descriptors [ Upstream commit ee1b0558965909872775183dc237cdf9f8eddaba ] Make ksmbd handle multiple buffer descriptors when reading and writing files using SMB direct: Post the work requests of rdma_rw_ctx for RDMA read/write in smb_direct_rdma_xmit(), and the work request for the READ/WRITE response with a remote invalidation in smb_direct_writev(). Signed-off-by: Hyunchul Lee Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 673c186f810501bb20785561c3dd8edb5a55dadc Author: Hyunchul Lee Date: Tue Dec 19 00:32:56 2023 +0900 ksmbd: smbd: change the return value of get_sg_list [ Upstream commit 4e3edd0092704b25626a0fe60a974f6f382ff93d ] Make get_sg_list return EINVAL if there aren't mapped scatterlists. Signed-off-by: Hyunchul Lee Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 30bd0df6e6675862f702639fc897452171d87151 Author: Hyunchul Lee Date: Tue Dec 19 00:32:55 2023 +0900 ksmbd: smbd: simplify tracking pending packets [ Upstream commit 11659a8ddbd9c4c1ab6f3b8f52837178ef121b20 ] Because we don't have to tracking pending packets by dividing these into packets with payload and packets without payload, merge the tracking code. Signed-off-by: Hyunchul Lee Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit f17ed7b338999d9ba1e0b4d4cfb9c95c19033daf Author: Hyunchul Lee Date: Tue Dec 19 00:32:54 2023 +0900 ksmbd: smbd: introduce read/write credits for RDMA read/write [ Upstream commit ddbdc861e37c168cf2fb8a7b7477f5d18b4daf76 ] SMB2_READ/SMB2_WRITE request has to be granted the number of rw credits, the pages the request wants to transfer / the maximum pages which can be registered with one MR to read and write a file. And allocate enough RDMA resources for the maximum number of rw credits allowed by ksmbd. Signed-off-by: Hyunchul Lee Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 982fcdec10fffb1a1db129cbdb2375e4ada4e9f4 Author: Hyunchul Lee Date: Tue Dec 19 00:32:53 2023 +0900 ksmbd: smbd: change prototypes of RDMA read/write related functions [ Upstream commit 1807abcf8778bcbbf584fe54da9ccbe9029c49bb ] Change the prototypes of RDMA read/write operations to accept a pointer and length of buffer descriptors. Signed-off-by: Hyunchul Lee Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 6bb4399303383c2c06bce33f2335c39fbf35d979 Author: Namjae Jeon Date: Tue Dec 19 00:32:52 2023 +0900 ksmbd: validate length in smb2_write() [ Upstream commit 158a66b245739e15858de42c0ba60fcf3de9b8e6 ] The SMB2 Write packet contains data that is to be written to a file or to a pipe. Depending on the client, there may be padding between the header and the data field. Currently, the length is validated only in the case padding is present. Since the DataOffset field always points to the beginning of the data, there is no need to have a special case for padding. By removing this, the length is validated in both cases. Signed-off-by: Marios Makassikis Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Namjae Jeon Signed-off-by: Greg Kroah-Hartman commit 8e32e15840256c647fdfef02f5737a701edb3cb9 Author: Namjae Jeon Date: Tue Dec 19 00:32:51 2023 +0900 ksmbd: remove filename in ksmbd_file [ Upstream commit 50f500b7f6335404b18bbffa93e3a905a08d061a ] If the filename is change by underlying rename the server, fp->filename and real filename can be different. This patch remove the uses of fp->filename in ksmbd and replace it with d_path(). Signed-off-by: Namjae Jeon Reviewed-by: Hyunchul Lee Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit e9a3251246117c247eb369314ae82934e9f95475 Author: Steve French Date: Tue Dec 19 00:32:50 2023 +0900 smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common [ Upstream commit c7803b05f74bc3941b127f3155671e1944f632ae ] Fix an endian bug in ksmbd for one remaining use of Persistent/VolatileFid that unnecessarily converted it (it is an opaque endian field that does not need to be and should not be converted) in oplock_break for ksmbd, and move the definitions for the oplock and lease break protocol requests and responses to fs/smbfs_common/smb2pdu.h Also move a few more definitions for various protocol requests that were duplicated (in fs/cifs/smb2pdu.h and fs/ksmbd/smb2pdu.h) into fs/smbfs_common/smb2pdu.h including: - various ioctls and reparse structures - validate negotiate request and response structs - duplicate extents structs Reviewed-by: Paulo Alcantara (SUSE) Reviewed-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit dc232946d10817fc1c49a1021793570b64784254 Author: Jakob Koschel Date: Tue Dec 19 00:32:49 2023 +0900 ksmbd: replace usage of found with dedicated list iterator variable [ Upstream commit edf5f0548fbb77e20b898460dc25281b0f4d974d ] To move the list iterator variable into the list_for_each_entry_*() macro in the future it should be avoided to use the list iterator variable after the loop body. To *never* use the list iterator variable after the loop it was concluded to use a separate iterator variable instead of a found boolean [1]. This removes the need to use a found variable and simply checking if the variable was set, can determine if the break/goto was hit. Link: https://lore.kernel.org/all/CAHk-=wgRr_D8CB-D9Kg-c=EHreAsk5SqXPwr9Y7k9sA6cWXJ6w@mail.gmail.com/ Signed-off-by: Jakob Koschel Reviewed-by: Hyunchul Lee Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit a5213868c62b43a91d6aa0cedbec83b493c706ca Author: Christophe JAILLET Date: Tue Dec 19 00:32:48 2023 +0900 ksmbd: Remove a redundant zeroing of memory [ Upstream commit 56b401fb0c506120f25c1b4feeb96d9117efe171 ] fill_transform_hdr() has only one caller that already clears tr_buf (it is kzalloc'ed). So there is no need to clear it another time here. Remove the superfluous memset() and add a comment to remind that the caller must clear the buffer. Signed-off-by: Christophe JAILLET Acked-by: Hyunchul Lee Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 7ee6f9ba978391bda6d2602d1b96f8e54ff49025 Author: Steve French Date: Tue Dec 19 00:32:47 2023 +0900 ksmbd: shorten experimental warning on loading the module [ Upstream commit adc32821409aef8d7f6d868c20a96f4901f48705 ] ksmbd is continuing to improve. Shorten the warning message logged the first time it is loaded to: "The ksmbd server is experimental" Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit a5a8c9133d974be891805748bb9f7d0f7aea7185 Author: Paulo Alcantara (SUSE) Date: Tue Dec 19 00:32:46 2023 +0900 ksmbd: store fids as opaque u64 integers [ Upstream commit 2d004c6cae567e33ab2e197757181c72a322451f ] There is no need to store the fids as le64 integers as they are opaque to the client and only used for equality. Signed-off-by: Paulo Alcantara (SUSE) Reviewed-by: Tom Talpey Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 170598b6f354ea6723fb7276ed288905ef80b1d9 Author: Tobias Klauser Date: Tue Dec 19 00:32:45 2023 +0900 ksmbd: use netif_is_bridge_port [ Upstream commit 1b699bf3a8786f7d41eebd9f6ba673185fa5b6bd ] Use netif_is_bridge_port defined in instead of open-coding it. Acked-by: Namjae Jeon Signed-off-by: Tobias Klauser Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit c5049d2d73b2dc8e6bb64be633250bad1ae3d9ef Author: Namjae Jeon Date: Tue Dec 19 00:32:44 2023 +0900 ksmbd: add support for key exchange [ Upstream commit f9929ef6a2a55f03aac61248c6a3a987b8546f2a ] When mounting cifs client, can see the following warning message. CIFS: decode_ntlmssp_challenge: authentication has been weakened as server does not support key exchange To remove this warning message, Add support for key exchange feature to ksmbd. This patch decrypts 16-byte ciphertext value sent by the client using RC4 with session key. The decrypted value is the recovered secondary key that will use instead of the session key for signing and sealing. Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 09b4c603831d7e482da66a4c6e41871370343d16 Author: Hyunchul Lee Date: Tue Dec 19 00:32:43 2023 +0900 ksmbd: smbd: validate buffer descriptor structures [ Upstream commit 6d896d3b44cf64ab9b2483697e222098e7b72f70 ] Check ChannelInfoOffset and ChannelInfoLength to validate buffer descriptor structures. And add a debug log to print the structures' content. Acked-by: Namjae Jeon Signed-off-by: Hyunchul Lee Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 858b9644518f3b7b6e019fe5cebee15ff31eff04 Author: Hyunchul Lee Date: Tue Dec 19 00:32:42 2023 +0900 ksmbd: smbd: fix missing client's memory region invalidation [ Upstream commit 2fd5dcb1c8ef96c9f0fa8bda53ca480524b80ae7 ] if the Channel of a SMB2 WRITE request is SMB2_CHANNEL_RDMA_V1_INVALIDTE, a client does not invalidate its memory regions but ksmbd must do it by sending a SMB2 WRITE response with IB_WR_SEND_WITH_INV. But if errors occur while processing a SMB2 READ/WRITE request, ksmbd sends a response with IB_WR_SEND. So a client could use memory regions already in use. Acked-by: Namjae Jeon Signed-off-by: Hyunchul Lee Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 51d0b879d6f54a0454ec0dbb4bceed2b819a6662 Author: Namjae Jeon Date: Tue Dec 19 00:32:41 2023 +0900 ksmbd: add smb-direct shutdown [ Upstream commit 136dff3a6b71dc16c30b35cc390feb0bfc32ed50 ] When killing ksmbd server after connecting rdma, ksmbd threads does not terminate properly because the rdma connection is still alive. This patch add shutdown operation to disconnect rdma connection while ksmbd threads terminate. Signed-off-by: Yufan Chen Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit d15077ad35afb78e33ab22c9e8a459eb9c13990a Author: Hyunchul Lee Date: Tue Dec 19 00:32:40 2023 +0900 ksmbd: smbd: change the default maximum read/write, receive size [ Upstream commit 4d02c4fdc0e256b493f9a3b604c7ff18f0019f17 ] Due to restriction that cannot handle multiple buffer descriptor structures, decrease the maximum read/write size for Windows clients. And set the maximum fragmented receive size in consideration of the receive queue size. Acked-by: Namjae Jeon Signed-off-by: Hyunchul Lee Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit ba7c3ff9053b8b7fe41f2dbcd6a239440a8c9d40 Author: Hyunchul Lee Date: Tue Dec 19 00:32:39 2023 +0900 ksmbd: smbd: create MR pool [ Upstream commit c9f189271cff85d5d735e25dfa4bc95952ec12d8 ] Create a memory region pool because rdma_rw_ctx_init() uses memory registration if memory registration yields better performance than using multiple SGE entries. Acked-by: Namjae Jeon Signed-off-by: Hyunchul Lee Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 97b3a08892c0a054c94f73cb9eaa6f5808b4cb6c Author: Hyunchul Lee Date: Tue Dec 19 00:32:38 2023 +0900 ksmbd: smbd: call rdma_accept() under CM handler [ Upstream commit 99b7650ac51847e81b4d5139824e321e6cb76130 ] if CONFIG_LOCKDEP is enabled, the following kernel warning message is generated because rdma_accept() checks whehter the handler_mutex is held by lockdep_assert_held. CM(Connection Manager) holds the mutex before CM handler callback is called. [ 63.211405 ] WARNING: CPU: 1 PID: 345 at drivers/infiniband/core/cma.c:4405 rdma_accept+0x17a/0x350 [ 63.212080 ] RIP: 0010:rdma_accept+0x17a/0x350 ... [ 63.214036 ] Call Trace: [ 63.214098 ] [ 63.214185 ] smb_direct_accept_client+0xb4/0x170 [ksmbd] [ 63.214412 ] smb_direct_prepare+0x322/0x8c0 [ksmbd] [ 63.214555 ] ? rcu_read_lock_sched_held+0x3a/0x70 [ 63.214700 ] ksmbd_conn_handler_loop+0x63/0x270 [ksmbd] [ 63.214826 ] ? ksmbd_conn_alive+0x80/0x80 [ksmbd] [ 63.214952 ] kthread+0x171/0x1a0 [ 63.215039 ] ? set_kthread_struct+0x40/0x40 [ 63.215128 ] ret_from_fork+0x22/0x30 To avoid this, move creating a queue pair and accepting a client from transport_ops->prepare() to smb_direct_handle_connect_request(). Acked-by: Namjae Jeon Signed-off-by: Hyunchul Lee Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 8a49ab3e59ed5b1a61063e3f74c15b0b1e628d1c Author: Namjae Jeon Date: Tue Dec 19 00:32:37 2023 +0900 ksmbd: set 445 port to smbdirect port by default [ Upstream commit cb097b3dd5ece9596a0a0b7e33893c02a9bde8c6 ] When SMB Direct is used with iWARP, Windows use 5445 port for smb direct port, 445 port for SMB. This patch check ib_device using ib_client to know if NICs type is iWARP or Infiniband. Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 178ecc3257285032655509b330f900f316979587 Author: Hyunchul Lee Date: Tue Dec 19 00:32:36 2023 +0900 ksmbd: register ksmbd ib client with ib_register_client() [ Upstream commit 31928a001bed0d9642711d2eba520fc46d41c376 ] Register ksmbd ib client with ib_register_client() to find the rdma capable network adapter. If ops.get_netdev(Chelsio NICs) is NULL, ksmbd will find it using ib_device_get_by_netdev in old way. Signed-off-by: Hyunchul Lee Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 91d730756980b219211471483012a289d86094ff Author: Yang Li Date: Tue Dec 19 00:32:35 2023 +0900 ksmbd: Fix smb2_get_name() kernel-doc comment [ Upstream commit d4eeb82674acadf789277b577986e8e7d3faf695 ] Remove some warnings found by running scripts/kernel-doc, which is caused by using 'make W=1'. fs/ksmbd/smb2pdu.c:623: warning: Function parameter or member 'local_nls' not described in 'smb2_get_name' fs/ksmbd/smb2pdu.c:623: warning: Excess function parameter 'nls_table' description in 'smb2_get_name' Reported-by: Abaci Robot Acked-by: Namjae Jeon Signed-off-by: Yang Li Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit dd56eb361f3a70a03b0ee7ef16467c3fbc4de712 Author: Yang Li Date: Tue Dec 19 00:32:34 2023 +0900 ksmbd: Delete an invalid argument description in smb2_populate_readdir_entry() [ Upstream commit f5c381392948dcae19f854b9586b806654f08a11 ] A warning is reported because an invalid argument description, it is found by running scripts/kernel-doc, which is caused by using 'make W=1'. fs/ksmbd/smb2pdu.c:3406: warning: Excess function parameter 'user_ns' description in 'smb2_populate_readdir_entry' Reported-by: Abaci Robot Fixes: 475d6f98804c ("ksmbd: fix translation in smb2_populate_readdir_entry()") Acked-by: Namjae Jeon Signed-off-by: Yang Li Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 36167446ce680cd0caaca8add69ff9d16f38f2b0 Author: Yang Li Date: Tue Dec 19 00:32:33 2023 +0900 ksmbd: Fix smb2_set_info_file() kernel-doc comment [ Upstream commit 4bfd9eed15e163969156e976c62db5ef423e5b0f ] Fix argument list that the kdoc format and script verified in smb2_set_info_file(). The warnings were found by running scripts/kernel-doc, which is caused by using 'make W=1'. fs/ksmbd/smb2pdu.c:5862: warning: Function parameter or member 'req' not described in 'smb2_set_info_file' fs/ksmbd/smb2pdu.c:5862: warning: Excess function parameter 'info_class' description in 'smb2_set_info_file' Reported-by: Abaci Robot Fixes: 9496e268e3af ("ksmbd: add request buffer validation in smb2_set_info") Acked-by: Namjae Jeon Signed-off-by: Yang Li Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 2fa426c9d7418c099e102e3cbbea59e44fe43e90 Author: Yang Li Date: Tue Dec 19 00:32:32 2023 +0900 ksmbd: Fix buffer_check_err() kernel-doc comment [ Upstream commit e230d013378489bcd4b5589ca1d2a5b91ff8d098 ] Add the description of @rsp_org in buffer_check_err() kernel-doc comment to remove a warning found by running scripts/kernel-doc, which is caused by using 'make W=1'. fs/ksmbd/smb2pdu.c:4028: warning: Function parameter or member 'rsp_org' not described in 'buffer_check_err' Reported-by: Abaci Robot Fixes: cb4517201b8a ("ksmbd: remove smb2_buf_length in smb2_hdr") Acked-by: Namjae Jeon Signed-off-by: Yang Li Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit e5b04973e720211b8ab7201727b35d561e435c41 Author: Namjae Jeon Date: Tue Dec 19 00:32:31 2023 +0900 ksmbd: set both ipv4 and ipv6 in FSCTL_QUERY_NETWORK_INTERFACE_INFO [ Upstream commit a58b45a4dbfd0bf2ebb157789da4d8e6368afb1b ] Set ipv4 and ipv6 address in FSCTL_QUERY_NETWORK_INTERFACE_INFO. Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit a63256708a99a4ab5746fad234ecaba0849a2833 Author: Marios Makassikis Date: Tue Dec 19 00:32:30 2023 +0900 ksmbd: Remove unused fields from ksmbd_file struct definition [ Upstream commit 305f8bda15ebbe4004681286a5c67d0dc296c771 ] These fields are remnants of the not upstreamed SMB1 code. Acked-by: Namjae Jeon Signed-off-by: Marios Makassikis Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit de203cdf1ee56e84a027dab04a7f19ea0dbd5f37 Author: Marios Makassikis Date: Tue Dec 19 00:32:29 2023 +0900 ksmbd: Remove unused parameter from smb2_get_name() [ Upstream commit 80917f17e3f99027661a45262c310139e53a9faa ] The 'share' parameter is no longer used by smb2_get_name() since commit 265fd1991c1d ("ksmbd: use LOOKUP_BENEATH to prevent the out of share access"). Acked-by: Namjae Jeon Signed-off-by: Marios Makassikis Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 82ae5fe3e629521f9d953f9a887b5a40b65ae8de Author: Hyunchul Lee Date: Tue Dec 19 00:32:28 2023 +0900 ksmbd: use oid registry functions to decode OIDs [ Upstream commit 294277410cf3b46bee2b8282ab754e52975c0a70 ] Use look_up_OID to decode OIDs rather than implementing functions. Acked-by: Namjae Jeon Signed-off-by: Hyunchul Lee Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 7833bd31bc6b051fedcf4a7390b955827469cf63 Author: Namjae Jeon Date: Tue Dec 19 00:32:27 2023 +0900 ksmbd: change LeaseKey data type to u8 array [ Upstream commit 2734b692f7b8167b93498dcd698067623d4267ca ] cifs define LeaseKey as u8 array in structure. To move lease structure to smbfs_common, ksmbd change LeaseKey data type to u8 array. Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 199b8b5ceba31a64b3e43c050a0d736e3024cd01 Author: Namjae Jeon Date: Tue Dec 19 00:32:26 2023 +0900 ksmbd: remove smb2_buf_length in smb2_transform_hdr [ Upstream commit 2dd9129f7dec1de369e4447a54ea2edf695f765b ] To move smb2_transform_hdr to smbfs_common, This patch remove smb2_buf_length variable in smb2_transform_hdr. Cc: Ronnie Sahlberg Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit e0c58420570cc00af5889136cc362c71e6b53f21 Author: Namjae Jeon Date: Tue Dec 19 00:32:25 2023 +0900 ksmbd: remove smb2_buf_length in smb2_hdr [ Upstream commit cb4517201b8acdb5fd5314494aaf86c267f22345 ] To move smb2_hdr to smbfs_common, This patch remove smb2_buf_length variable in smb2_hdr. Also, declare smb2_get_msg function to get smb2 request/response from ->request/response_buf. Cc: Ronnie Sahlberg Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 6cd90c01b032f335d18966b2d979eef43eb2cfc1 Author: Namjae Jeon Date: Tue Dec 19 00:32:24 2023 +0900 ksmbd: remove md4 leftovers [ Upstream commit 561a1cf57535154f094f31167a9170197caae686 ] As NTLM authentication is removed, md4 is no longer used. ksmbd remove md4 leftovers, i.e. select CRYPTO_MD4, MODULE_SOFTDEP md4. Acked-by: Hyunchul Lee Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 84af59bcab8e66925c6649b4a9bd9266c85cac29 Author: Christophe JAILLET Date: Tue Dec 19 00:32:23 2023 +0900 ksmbd: Remove redundant 'flush_workqueue()' calls [ Upstream commit e8d585b2f68c0b10c966ee55146de043429085a3 ] 'destroy_workqueue()' already drains the queue before destroying it, so there is no need to flush it explicitly. Remove the redundant 'flush_workqueue()' calls. This was generated with coccinelle: @@ expression E; @@ - flush_workqueue(E); destroy_workqueue(E); Acked-by: Namjae Jeon Signed-off-by: Christophe JAILLET Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit a33bb607a1b2be13713096ce11299b51e99e4644 Author: Ralph Boehme Date: Tue Dec 19 00:32:22 2023 +0900 ksmdb: use cmd helper variable in smb2_get_ksmbd_tcon() [ Upstream commit 341b16014bf871115f0883e831372c4b76389d03 ] Use cmd helper variable in smb2_get_ksmbd_tcon(). Cc: Tom Talpey Cc: Ronnie Sahlberg Cc: Steve French Cc: Hyunchul Lee Acked-by: Namjae Jeon Signed-off-by: Ralph Boehme Signed-off-by: Steve French Signed-off-by: Namjae Jeon Signed-off-by: Greg Kroah-Hartman commit 5fed9cbbafcbe228cdcc8e628cefdaa6ab431de7 Author: Ralph Boehme Date: Tue Dec 19 00:32:21 2023 +0900 ksmbd: use ksmbd_req_buf_next() in ksmbd_verify_smb_message() [ Upstream commit a088ac859f8124d491f02a19d080fc5ee4dbd202 ] Use ksmbd_req_buf_next() in ksmbd_verify_smb_message(). Acked-by: Namjae Jeon Signed-off-by: Ralph Boehme Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman