* [PATCH AUTOSEL 6.1 03/17] ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error
[not found] <20231204203514.2093855-1-sashal@kernel.org>
@ 2023-12-04 20:34 ` Sasha Levin
2023-12-04 20:35 ` [PATCH AUTOSEL 6.1 15/17] smb: client, common: fix fortify warnings Sasha Levin
1 sibling, 0 replies; 3+ messages in thread
From: Sasha Levin @ 2023-12-04 20:34 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Namjae Jeon, Steve French, Sasha Levin, sfrench, linux-cifs
From: Namjae Jeon <linkinjeon@kernel.org>
[ Upstream commit cd80ce7e68f1624ac29cd0a6b057789d1236641e ]
ksmbd set ->op_state as OPLOCK_STATE_NONE on lease break ack error.
op_state of lease should not be updated because client can send lease
break ack again. This patch fix smb2.lease.breaking2 test failure.
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/server/smb2pdu.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c
index 683152007566c..603d9170d28a7 100644
--- a/fs/smb/server/smb2pdu.c
+++ b/fs/smb/server/smb2pdu.c
@@ -8294,7 +8294,6 @@ static void smb21_lease_break_ack(struct ksmbd_work *work)
return;
err_out:
- opinfo->op_state = OPLOCK_STATE_NONE;
wake_up_interruptible_all(&opinfo->oplock_q);
atomic_dec(&opinfo->breaking_cnt);
wake_up_interruptible_all(&opinfo->oplock_brk);
--
2.42.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH AUTOSEL 6.1 15/17] smb: client, common: fix fortify warnings
[not found] <20231204203514.2093855-1-sashal@kernel.org>
2023-12-04 20:34 ` [PATCH AUTOSEL 6.1 03/17] ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error Sasha Levin
@ 2023-12-04 20:35 ` Sasha Levin
2024-04-23 18:57 ` Steve French
1 sibling, 1 reply; 3+ messages in thread
From: Sasha Levin @ 2023-12-04 20:35 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Dmitry Antipov, Namjae Jeon, Steve French, Sasha Levin, sfrench,
linux-cifs, samba-technical
From: Dmitry Antipov <dmantipov@yandex.ru>
[ Upstream commit 0015eb6e12384ff1c589928e84deac2ad1ceb236 ]
When compiling with gcc version 14.0.0 20231126 (experimental)
and CONFIG_FORTIFY_SOURCE=y, I've noticed the following:
In file included from ./include/linux/string.h:295,
from ./include/linux/bitmap.h:12,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/paravirt.h:17,
from ./arch/x86/include/asm/cpuid.h:62,
from ./arch/x86/include/asm/processor.h:19,
from ./arch/x86/include/asm/cpufeature.h:5,
from ./arch/x86/include/asm/thread_info.h:53,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:9,
from ./include/linux/preempt.h:79,
from ./include/linux/spinlock.h:56,
from ./include/linux/wait.h:9,
from ./include/linux/wait_bit.h:8,
from ./include/linux/fs.h:6,
from fs/smb/client/smb2pdu.c:18:
In function 'fortify_memcpy_chk',
inlined from '__SMB2_close' at fs/smb/client/smb2pdu.c:3480:4:
./include/linux/fortify-string.h:588:25: warning: call to '__read_overflow2_field'
declared with attribute warning: detected read beyond size of field (2nd parameter);
maybe use struct_group()? [-Wattribute-warning]
588 | __read_overflow2_field(q_size_field, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
and:
In file included from ./include/linux/string.h:295,
from ./include/linux/bitmap.h:12,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/paravirt.h:17,
from ./arch/x86/include/asm/cpuid.h:62,
from ./arch/x86/include/asm/processor.h:19,
from ./arch/x86/include/asm/cpufeature.h:5,
from ./arch/x86/include/asm/thread_info.h:53,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:9,
from ./include/linux/preempt.h:79,
from ./include/linux/spinlock.h:56,
from ./include/linux/wait.h:9,
from ./include/linux/wait_bit.h:8,
from ./include/linux/fs.h:6,
from fs/smb/client/cifssmb.c:17:
In function 'fortify_memcpy_chk',
inlined from 'CIFS_open' at fs/smb/client/cifssmb.c:1248:3:
./include/linux/fortify-string.h:588:25: warning: call to '__read_overflow2_field'
declared with attribute warning: detected read beyond size of field (2nd parameter);
maybe use struct_group()? [-Wattribute-warning]
588 | __read_overflow2_field(q_size_field, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In both cases, the fortification logic inteprets calls to 'memcpy()' as an
attempts to copy an amount of data which exceeds the size of the specified
field (i.e. more than 8 bytes from __le64 value) and thus issues an overread
warning. Both of these warnings may be silenced by using the convenient
'struct_group()' quirk.
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/client/cifspdu.h | 24 ++++++++++++++----------
fs/smb/client/cifssmb.c | 6 ++++--
fs/smb/client/smb2pdu.c | 8 +++-----
fs/smb/client/smb2pdu.h | 16 +++++++++-------
fs/smb/common/smb2pdu.h | 17 ++++++++++-------
5 files changed, 40 insertions(+), 31 deletions(-)
diff --git a/fs/smb/client/cifspdu.h b/fs/smb/client/cifspdu.h
index c403816d0b6c1..97bb1838555b4 100644
--- a/fs/smb/client/cifspdu.h
+++ b/fs/smb/client/cifspdu.h
@@ -882,11 +882,13 @@ typedef struct smb_com_open_rsp {
__u8 OplockLevel;
__u16 Fid;
__le32 CreateAction;
- __le64 CreationTime;
- __le64 LastAccessTime;
- __le64 LastWriteTime;
- __le64 ChangeTime;
- __le32 FileAttributes;
+ struct_group(common_attributes,
+ __le64 CreationTime;
+ __le64 LastAccessTime;
+ __le64 LastWriteTime;
+ __le64 ChangeTime;
+ __le32 FileAttributes;
+ );
__le64 AllocationSize;
__le64 EndOfFile;
__le16 FileType;
@@ -2268,11 +2270,13 @@ typedef struct {
/* QueryFileInfo/QueryPathinfo (also for SetPath/SetFile) data buffer formats */
/******************************************************************************/
typedef struct { /* data block encoding of response to level 263 QPathInfo */
- __le64 CreationTime;
- __le64 LastAccessTime;
- __le64 LastWriteTime;
- __le64 ChangeTime;
- __le32 Attributes;
+ struct_group(common_attributes,
+ __le64 CreationTime;
+ __le64 LastAccessTime;
+ __le64 LastWriteTime;
+ __le64 ChangeTime;
+ __le32 Attributes;
+ );
__u32 Pad1;
__le64 AllocationSize;
__le64 EndOfFile; /* size ie offset to first free byte in file */
diff --git a/fs/smb/client/cifssmb.c b/fs/smb/client/cifssmb.c
index c90d4ec9292ca..67c5fc2b2db94 100644
--- a/fs/smb/client/cifssmb.c
+++ b/fs/smb/client/cifssmb.c
@@ -1234,8 +1234,10 @@ CIFS_open(const unsigned int xid, struct cifs_open_parms *oparms, int *oplock,
*oplock |= CIFS_CREATE_ACTION;
if (buf) {
- /* copy from CreationTime to Attributes */
- memcpy((char *)buf, (char *)&rsp->CreationTime, 36);
+ /* copy commonly used attributes */
+ memcpy(&buf->common_attributes,
+ &rsp->common_attributes,
+ sizeof(buf->common_attributes));
/* the file_info buf is endian converted by caller */
buf->AllocationSize = rsp->AllocationSize;
buf->EndOfFile = rsp->EndOfFile;
diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c
index 847d69d327c2a..aea7770fb5631 100644
--- a/fs/smb/client/smb2pdu.c
+++ b/fs/smb/client/smb2pdu.c
@@ -3425,12 +3425,10 @@ __SMB2_close(const unsigned int xid, struct cifs_tcon *tcon,
} else {
trace_smb3_close_done(xid, persistent_fid, tcon->tid,
ses->Suid);
- /*
- * Note that have to subtract 4 since struct network_open_info
- * has a final 4 byte pad that close response does not have
- */
if (pbuf)
- memcpy(pbuf, (char *)&rsp->CreationTime, sizeof(*pbuf) - 4);
+ memcpy(&pbuf->network_open_info,
+ &rsp->network_open_info,
+ sizeof(pbuf->network_open_info));
}
atomic_dec(&tcon->num_remote_opens);
diff --git a/fs/smb/client/smb2pdu.h b/fs/smb/client/smb2pdu.h
index 1237bb86e93a8..8ac99563487c1 100644
--- a/fs/smb/client/smb2pdu.h
+++ b/fs/smb/client/smb2pdu.h
@@ -339,13 +339,15 @@ struct smb2_file_reparse_point_info {
} __packed;
struct smb2_file_network_open_info {
- __le64 CreationTime;
- __le64 LastAccessTime;
- __le64 LastWriteTime;
- __le64 ChangeTime;
- __le64 AllocationSize;
- __le64 EndOfFile;
- __le32 Attributes;
+ struct_group(network_open_info,
+ __le64 CreationTime;
+ __le64 LastAccessTime;
+ __le64 LastWriteTime;
+ __le64 ChangeTime;
+ __le64 AllocationSize;
+ __le64 EndOfFile;
+ __le32 Attributes;
+ );
__le32 Reserved;
} __packed; /* level 34 Query also similar returned in close rsp and open rsp */
diff --git a/fs/smb/common/smb2pdu.h b/fs/smb/common/smb2pdu.h
index 9619015d78f29..778c1e3b70bc1 100644
--- a/fs/smb/common/smb2pdu.h
+++ b/fs/smb/common/smb2pdu.h
@@ -699,13 +699,16 @@ struct smb2_close_rsp {
__le16 StructureSize; /* 60 */
__le16 Flags;
__le32 Reserved;
- __le64 CreationTime;
- __le64 LastAccessTime;
- __le64 LastWriteTime;
- __le64 ChangeTime;
- __le64 AllocationSize; /* Beginning of FILE_STANDARD_INFO equivalent */
- __le64 EndOfFile;
- __le32 Attributes;
+ struct_group(network_open_info,
+ __le64 CreationTime;
+ __le64 LastAccessTime;
+ __le64 LastWriteTime;
+ __le64 ChangeTime;
+ /* Beginning of FILE_STANDARD_INFO equivalent */
+ __le64 AllocationSize;
+ __le64 EndOfFile;
+ __le32 Attributes;
+ );
} __packed;
--
2.42.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH AUTOSEL 6.1 15/17] smb: client, common: fix fortify warnings
2023-12-04 20:35 ` [PATCH AUTOSEL 6.1 15/17] smb: client, common: fix fortify warnings Sasha Levin
@ 2024-04-23 18:57 ` Steve French
0 siblings, 0 replies; 3+ messages in thread
From: Steve French @ 2024-04-23 18:57 UTC (permalink / raw)
To: Sasha Levin
Cc: linux-kernel, stable, Dmitry Antipov, Namjae Jeon, Steve French,
sfrench, linux-cifs, samba-technical
Note that kernels that backported this fix will also need this ksmbd
fix (fixes a bug when Macs mount to ksmbd)
commit 0268a7cc7fdc47d90b6c18859de7718d5059f6f1
Author: Namjae Jeon <linkinjeon@kernel.org>
Date: Fri Apr 19 23:46:34 2024 +0900
ksmbd: common: use struct_group_attr instead of struct_group for
network_open_info
4byte padding cause the connection issue with the applications of MacOS.
smb2_close response size increases by 4 bytes by padding, And the smb
client of MacOS check it and stop the connection. This patch use
struct_group_attr instead of struct_group for network_open_info to use
__packed to avoid padding.
Fixes: 0015eb6e1238 ("smb: client, common: fix fortify warnings")
Cc: stable@vger.kernel.org
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
On Mon, Dec 4, 2023 at 2:36 PM Sasha Levin <sashal@kernel.org> wrote:
>
> From: Dmitry Antipov <dmantipov@yandex.ru>
>
> [ Upstream commit 0015eb6e12384ff1c589928e84deac2ad1ceb236 ]
>
> When compiling with gcc version 14.0.0 20231126 (experimental)
> and CONFIG_FORTIFY_SOURCE=y, I've noticed the following:
>
> In file included from ./include/linux/string.h:295,
> from ./include/linux/bitmap.h:12,
> from ./include/linux/cpumask.h:12,
> from ./arch/x86/include/asm/paravirt.h:17,
> from ./arch/x86/include/asm/cpuid.h:62,
> from ./arch/x86/include/asm/processor.h:19,
> from ./arch/x86/include/asm/cpufeature.h:5,
> from ./arch/x86/include/asm/thread_info.h:53,
> from ./include/linux/thread_info.h:60,
> from ./arch/x86/include/asm/preempt.h:9,
> from ./include/linux/preempt.h:79,
> from ./include/linux/spinlock.h:56,
> from ./include/linux/wait.h:9,
> from ./include/linux/wait_bit.h:8,
> from ./include/linux/fs.h:6,
> from fs/smb/client/smb2pdu.c:18:
> In function 'fortify_memcpy_chk',
> inlined from '__SMB2_close' at fs/smb/client/smb2pdu.c:3480:4:
> ./include/linux/fortify-string.h:588:25: warning: call to '__read_overflow2_field'
> declared with attribute warning: detected read beyond size of field (2nd parameter);
> maybe use struct_group()? [-Wattribute-warning]
> 588 | __read_overflow2_field(q_size_field, size);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> and:
>
> In file included from ./include/linux/string.h:295,
> from ./include/linux/bitmap.h:12,
> from ./include/linux/cpumask.h:12,
> from ./arch/x86/include/asm/paravirt.h:17,
> from ./arch/x86/include/asm/cpuid.h:62,
> from ./arch/x86/include/asm/processor.h:19,
> from ./arch/x86/include/asm/cpufeature.h:5,
> from ./arch/x86/include/asm/thread_info.h:53,
> from ./include/linux/thread_info.h:60,
> from ./arch/x86/include/asm/preempt.h:9,
> from ./include/linux/preempt.h:79,
> from ./include/linux/spinlock.h:56,
> from ./include/linux/wait.h:9,
> from ./include/linux/wait_bit.h:8,
> from ./include/linux/fs.h:6,
> from fs/smb/client/cifssmb.c:17:
> In function 'fortify_memcpy_chk',
> inlined from 'CIFS_open' at fs/smb/client/cifssmb.c:1248:3:
> ./include/linux/fortify-string.h:588:25: warning: call to '__read_overflow2_field'
> declared with attribute warning: detected read beyond size of field (2nd parameter);
> maybe use struct_group()? [-Wattribute-warning]
> 588 | __read_overflow2_field(q_size_field, size);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> In both cases, the fortification logic inteprets calls to 'memcpy()' as an
> attempts to copy an amount of data which exceeds the size of the specified
> field (i.e. more than 8 bytes from __le64 value) and thus issues an overread
> warning. Both of these warnings may be silenced by using the convenient
> 'struct_group()' quirk.
>
> Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
> Acked-by: Namjae Jeon <linkinjeon@kernel.org>
> Signed-off-by: Steve French <stfrench@microsoft.com>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> ---
> fs/smb/client/cifspdu.h | 24 ++++++++++++++----------
> fs/smb/client/cifssmb.c | 6 ++++--
> fs/smb/client/smb2pdu.c | 8 +++-----
> fs/smb/client/smb2pdu.h | 16 +++++++++-------
> fs/smb/common/smb2pdu.h | 17 ++++++++++-------
> 5 files changed, 40 insertions(+), 31 deletions(-)
>
> diff --git a/fs/smb/client/cifspdu.h b/fs/smb/client/cifspdu.h
> index c403816d0b6c1..97bb1838555b4 100644
> --- a/fs/smb/client/cifspdu.h
> +++ b/fs/smb/client/cifspdu.h
> @@ -882,11 +882,13 @@ typedef struct smb_com_open_rsp {
> __u8 OplockLevel;
> __u16 Fid;
> __le32 CreateAction;
> - __le64 CreationTime;
> - __le64 LastAccessTime;
> - __le64 LastWriteTime;
> - __le64 ChangeTime;
> - __le32 FileAttributes;
> + struct_group(common_attributes,
> + __le64 CreationTime;
> + __le64 LastAccessTime;
> + __le64 LastWriteTime;
> + __le64 ChangeTime;
> + __le32 FileAttributes;
> + );
> __le64 AllocationSize;
> __le64 EndOfFile;
> __le16 FileType;
> @@ -2268,11 +2270,13 @@ typedef struct {
> /* QueryFileInfo/QueryPathinfo (also for SetPath/SetFile) data buffer formats */
> /******************************************************************************/
> typedef struct { /* data block encoding of response to level 263 QPathInfo */
> - __le64 CreationTime;
> - __le64 LastAccessTime;
> - __le64 LastWriteTime;
> - __le64 ChangeTime;
> - __le32 Attributes;
> + struct_group(common_attributes,
> + __le64 CreationTime;
> + __le64 LastAccessTime;
> + __le64 LastWriteTime;
> + __le64 ChangeTime;
> + __le32 Attributes;
> + );
> __u32 Pad1;
> __le64 AllocationSize;
> __le64 EndOfFile; /* size ie offset to first free byte in file */
> diff --git a/fs/smb/client/cifssmb.c b/fs/smb/client/cifssmb.c
> index c90d4ec9292ca..67c5fc2b2db94 100644
> --- a/fs/smb/client/cifssmb.c
> +++ b/fs/smb/client/cifssmb.c
> @@ -1234,8 +1234,10 @@ CIFS_open(const unsigned int xid, struct cifs_open_parms *oparms, int *oplock,
> *oplock |= CIFS_CREATE_ACTION;
>
> if (buf) {
> - /* copy from CreationTime to Attributes */
> - memcpy((char *)buf, (char *)&rsp->CreationTime, 36);
> + /* copy commonly used attributes */
> + memcpy(&buf->common_attributes,
> + &rsp->common_attributes,
> + sizeof(buf->common_attributes));
> /* the file_info buf is endian converted by caller */
> buf->AllocationSize = rsp->AllocationSize;
> buf->EndOfFile = rsp->EndOfFile;
> diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c
> index 847d69d327c2a..aea7770fb5631 100644
> --- a/fs/smb/client/smb2pdu.c
> +++ b/fs/smb/client/smb2pdu.c
> @@ -3425,12 +3425,10 @@ __SMB2_close(const unsigned int xid, struct cifs_tcon *tcon,
> } else {
> trace_smb3_close_done(xid, persistent_fid, tcon->tid,
> ses->Suid);
> - /*
> - * Note that have to subtract 4 since struct network_open_info
> - * has a final 4 byte pad that close response does not have
> - */
> if (pbuf)
> - memcpy(pbuf, (char *)&rsp->CreationTime, sizeof(*pbuf) - 4);
> + memcpy(&pbuf->network_open_info,
> + &rsp->network_open_info,
> + sizeof(pbuf->network_open_info));
> }
>
> atomic_dec(&tcon->num_remote_opens);
> diff --git a/fs/smb/client/smb2pdu.h b/fs/smb/client/smb2pdu.h
> index 1237bb86e93a8..8ac99563487c1 100644
> --- a/fs/smb/client/smb2pdu.h
> +++ b/fs/smb/client/smb2pdu.h
> @@ -339,13 +339,15 @@ struct smb2_file_reparse_point_info {
> } __packed;
>
> struct smb2_file_network_open_info {
> - __le64 CreationTime;
> - __le64 LastAccessTime;
> - __le64 LastWriteTime;
> - __le64 ChangeTime;
> - __le64 AllocationSize;
> - __le64 EndOfFile;
> - __le32 Attributes;
> + struct_group(network_open_info,
> + __le64 CreationTime;
> + __le64 LastAccessTime;
> + __le64 LastWriteTime;
> + __le64 ChangeTime;
> + __le64 AllocationSize;
> + __le64 EndOfFile;
> + __le32 Attributes;
> + );
> __le32 Reserved;
> } __packed; /* level 34 Query also similar returned in close rsp and open rsp */
>
> diff --git a/fs/smb/common/smb2pdu.h b/fs/smb/common/smb2pdu.h
> index 9619015d78f29..778c1e3b70bc1 100644
> --- a/fs/smb/common/smb2pdu.h
> +++ b/fs/smb/common/smb2pdu.h
> @@ -699,13 +699,16 @@ struct smb2_close_rsp {
> __le16 StructureSize; /* 60 */
> __le16 Flags;
> __le32 Reserved;
> - __le64 CreationTime;
> - __le64 LastAccessTime;
> - __le64 LastWriteTime;
> - __le64 ChangeTime;
> - __le64 AllocationSize; /* Beginning of FILE_STANDARD_INFO equivalent */
> - __le64 EndOfFile;
> - __le32 Attributes;
> + struct_group(network_open_info,
> + __le64 CreationTime;
> + __le64 LastAccessTime;
> + __le64 LastWriteTime;
> + __le64 ChangeTime;
> + /* Beginning of FILE_STANDARD_INFO equivalent */
> + __le64 AllocationSize;
> + __le64 EndOfFile;
> + __le32 Attributes;
> + );
> } __packed;
>
>
> --
> 2.42.0
>
>
--
Thanks,
Steve
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-04-23 18:57 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20231204203514.2093855-1-sashal@kernel.org>
2023-12-04 20:34 ` [PATCH AUTOSEL 6.1 03/17] ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error Sasha Levin
2023-12-04 20:35 ` [PATCH AUTOSEL 6.1 15/17] smb: client, common: fix fortify warnings Sasha Levin
2024-04-23 18:57 ` Steve French
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).