From 40c594b647660bf91bc95fe7c9358bff7f56cf2e Mon Sep 17 00:00:00 2001 From: Hyunchul Lee Date: Sat, 29 May 2021 22:46:53 +0900 Subject: cifsd: enclose macro variables in parenthesis checkpatch.pl complains as the following: CHECK: Macro argument 'fp' may be better as '(fp)' to avoid precedence issues. Signed-off-by: Hyunchul Lee Signed-off-by: Namjae Jeon Signed-off-by: Steve French --- fs/cifsd/vfs_cache.h | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/fs/cifsd/vfs_cache.h b/fs/cifsd/vfs_cache.h index 823fcb257a42..635eedbd497c 100644 --- a/fs/cifsd/vfs_cache.h +++ b/fs/cifsd/vfs_cache.h @@ -25,14 +25,14 @@ #define KSMBD_NO_FID (UINT_MAX) #define SMB2_NO_FID (0xFFFFFFFFFFFFFFFFULL) -#define FP_FILENAME(fp) fp->filp->f_path.dentry->d_name.name -#define FP_INODE(fp) d_inode(fp->filp->f_path.dentry) -#define PARENT_INODE(fp) d_inode(fp->filp->f_path.dentry->d_parent) - -#define ATTR_FP(fp) (fp->attrib_only && \ - (fp->cdoption != FILE_OVERWRITE_IF_LE && \ - fp->cdoption != FILE_OVERWRITE_LE && \ - fp->cdoption != FILE_SUPERSEDE_LE)) +#define FP_FILENAME(fp) ((fp)->filp->f_path.dentry->d_name.name) +#define FP_INODE(fp) d_inode((fp)->filp->f_path.dentry) +#define PARENT_INODE(fp) d_inode((fp)->filp->f_path.dentry->d_parent) + +#define ATTR_FP(fp) ((fp)->attrib_only && \ + ((fp)->cdoption != FILE_OVERWRITE_IF_LE && \ + (fp)->cdoption != FILE_OVERWRITE_LE && \ + (fp)->cdoption != FILE_SUPERSEDE_LE)) struct ksmbd_conn; struct ksmbd_session; -- cgit v1.3-14-g43fede From d7e5852b4deb121e2c929b2bb7440c5db3e2f90a Mon Sep 17 00:00:00 2001 From: Hyunchul Lee Date: Sat, 29 May 2021 09:59:59 +0900 Subject: cifsd: make alignment match open parenthesis checkpatch.pl complains as the following: Alignment should match open parenthesis. Signed-off-by: Hyunchul Lee Signed-off-by: Namjae Jeon Signed-off-by: Steve French --- fs/cifsd/smb2ops.c | 2 +- fs/cifsd/smb2pdu.c | 2 +- fs/cifsd/smb2pdu.h | 4 ++-- fs/cifsd/smbacl.h | 15 ++++++++------- fs/cifsd/transport_ipc.h | 6 +++--- fs/cifsd/transport_tcp.c | 8 ++++---- fs/cifsd/vfs.c | 4 ++-- 7 files changed, 21 insertions(+), 20 deletions(-) diff --git a/fs/cifsd/smb2ops.c b/fs/cifsd/smb2ops.c index 945bc6a78d3c..c47d60bce9d4 100644 --- a/fs/cifsd/smb2ops.c +++ b/fs/cifsd/smb2ops.c @@ -227,7 +227,7 @@ void init_smb3_0_server(struct ksmbd_conn *conn) conn->vals->capabilities |= SMB2_GLOBAL_CAP_LEASING; if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION && - conn->cli_cap & SMB2_GLOBAL_CAP_ENCRYPTION) + conn->cli_cap & SMB2_GLOBAL_CAP_ENCRYPTION) conn->vals->capabilities |= SMB2_GLOBAL_CAP_ENCRYPTION; } diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index f68e2638d629..3e112fbdc2d9 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -560,7 +560,7 @@ int smb2_allocate_rsp_buf(struct ksmbd_work *work) sz = large_sz; if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_TBUF && - work->set_trans_buf) + work->set_trans_buf) work->response_buf = ksmbd_find_buffer(sz); else work->response_buf = kvmalloc(sz, GFP_KERNEL | __GFP_ZERO); diff --git a/fs/cifsd/smb2pdu.h b/fs/cifsd/smb2pdu.h index 1a8da2122b75..b3d3365d7070 100644 --- a/fs/cifsd/smb2pdu.h +++ b/fs/cifsd/smb2pdu.h @@ -1623,10 +1623,10 @@ void smb2_set_sign_rsp(struct ksmbd_work *work); int smb3_check_sign_req(struct ksmbd_work *work); void smb3_set_sign_rsp(struct ksmbd_work *work); int find_matching_smb2_dialect(int start_index, __le16 *cli_dialects, - __le16 dialects_count); + __le16 dialects_count); struct file_lock *smb_flock_init(struct file *f); int setup_async_work(struct ksmbd_work *work, void (*fn)(void **), - void **arg); + void **arg); void smb2_send_interim_resp(struct ksmbd_work *work, __le32 status); struct channel *lookup_chann_list(struct ksmbd_session *sess); void smb3_preauth_hash_rsp(struct ksmbd_work *work); diff --git a/fs/cifsd/smbacl.h b/fs/cifsd/smbacl.h index 032b6a3ec6f4..fb5480f0aa89 100644 --- a/fs/cifsd/smbacl.h +++ b/fs/cifsd/smbacl.h @@ -180,22 +180,23 @@ struct posix_acl_state { }; int parse_sec_desc(struct smb_ntsd *pntsd, int acl_len, - struct smb_fattr *fattr); + struct smb_fattr *fattr); int build_sec_desc(struct smb_ntsd *pntsd, struct smb_ntsd *ppntsd, - int addition_info, __u32 *secdesclen, struct smb_fattr *fattr); + int addition_info, __u32 *secdesclen, + struct smb_fattr *fattr); int init_acl_state(struct posix_acl_state *state, int cnt); void free_acl_state(struct posix_acl_state *state); void posix_state_to_acl(struct posix_acl_state *state, - struct posix_acl_entry *pace); + struct posix_acl_entry *pace); int compare_sids(const struct smb_sid *ctsid, const struct smb_sid *cwsid); bool smb_inherit_flags(int flags, bool is_dir); int smb_inherit_dacl(struct ksmbd_conn *conn, struct dentry *dentry, - unsigned int uid, unsigned int gid); + unsigned int uid, unsigned int gid); int smb_check_perm_dacl(struct ksmbd_conn *conn, struct dentry *dentry, - __le32 *pdaccess, int uid); + __le32 *pdaccess, int uid); int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon, - struct dentry *dentry, struct smb_ntsd *pntsd, int ntsd_len, - bool type_check); + struct dentry *dentry, struct smb_ntsd *pntsd, int ntsd_len, + bool type_check); void id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid); void ksmbd_init_domain(u32 *sub_auth); #endif /* _SMBACL_H */ diff --git a/fs/cifsd/transport_ipc.h b/fs/cifsd/transport_ipc.h index 523b4df2c783..9eacc895ffdb 100644 --- a/fs/cifsd/transport_ipc.h +++ b/fs/cifsd/transport_ipc.h @@ -20,9 +20,9 @@ struct sockaddr; struct ksmbd_tree_connect_response * ksmbd_ipc_tree_connect_request(struct ksmbd_session *sess, - struct ksmbd_share_config *share, - struct ksmbd_tree_connect *tree_conn, - struct sockaddr *peer_addr); + struct ksmbd_share_config *share, + struct ksmbd_tree_connect *tree_conn, + struct sockaddr *peer_addr); int ksmbd_ipc_tree_disconnect_request(unsigned long long session_id, unsigned long long connect_id); int ksmbd_ipc_logout_request(const char *account); diff --git a/fs/cifsd/transport_tcp.c b/fs/cifsd/transport_tcp.c index 5bd332a58596..d6d5c0038dea 100644 --- a/fs/cifsd/transport_tcp.c +++ b/fs/cifsd/transport_tcp.c @@ -423,10 +423,10 @@ static int create_socket(struct interface *iface) ksmbd_tcp_reuseaddr(ksmbd_socket); ret = sock_setsockopt(ksmbd_socket, - SOL_SOCKET, - SO_BINDTODEVICE, - KERNEL_SOCKPTR(iface->name), - strlen(iface->name)); + SOL_SOCKET, + SO_BINDTODEVICE, + KERNEL_SOCKPTR(iface->name), + strlen(iface->name)); if (ret != -ENODEV && ret < 0) { ksmbd_err("Failed to set SO_BINDTODEVICE: %d\n", ret); goto out_error; diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index 291953eff5fa..cd037594f486 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -934,8 +934,8 @@ ssize_t ksmbd_vfs_getxattr(struct dentry *dentry, char *xattr_name, if (!buf) return -ENOMEM; - xattr_len = vfs_getxattr(&init_user_ns, dentry, xattr_name, (void *)buf, - xattr_len); + xattr_len = vfs_getxattr(&init_user_ns, dentry, xattr_name, + (void *)buf, xattr_len); if (xattr_len > 0) *xattr_buf = buf; else -- cgit v1.3-14-g43fede From 113ef68d47f5d36611c16a6ef4bd2a837aa344ab Mon Sep 17 00:00:00 2001 From: Yang Yingliang Date: Sat, 29 May 2021 16:20:56 +0800 Subject: cifsd: fix memleak in ksmbd_vfs_stream_write() Before assigning wbuf to stream_buf, memory allocate in ksmbd_vfs_getcasexattr() need be freed. Signed-off-by: Yang Yingliang Signed-off-by: Namjae Jeon Signed-off-by: Steve French --- fs/cifsd/vfs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index cd037594f486..e70b67e41cd4 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -429,6 +429,7 @@ static int ksmbd_vfs_stream_write(struct ksmbd_file *fp, char *buf, loff_t *pos, if (v_len > 0) memcpy(wbuf, stream_buf, v_len); + kvfree(stream_buf); stream_buf = wbuf; } -- cgit v1.3-14-g43fede From 673b9ba7a1404fa5beda936b8ad509b70a516b52 Mon Sep 17 00:00:00 2001 From: Yang Yingliang Date: Sat, 29 May 2021 16:20:57 +0800 Subject: cifsd: fix memleak in ksmbd_vfs_stream_read() Before ksmbd_vfs_stream_read() return, memory allocate in ksmbd_vfs_getcasexattr() need be freed. Signed-off-by: Yang Yingliang Signed-off-by: Namjae Jeon Signed-off-by: Steve French --- fs/cifsd/vfs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index e70b67e41cd4..85872416bf9b 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -290,6 +290,7 @@ static int ksmbd_vfs_stream_read(struct ksmbd_file *fp, char *buf, loff_t *pos, } memcpy(buf, &stream_buf[*pos], count); + kvfree(stream_buf); return v_len > count ? count : v_len; } -- cgit v1.3-14-g43fede From fd6de099d7fabc2b86f51dc622453eb279f7cce9 Mon Sep 17 00:00:00 2001 From: Yang Yingliang Date: Mon, 31 May 2021 17:25:05 +0900 Subject: cifsd: check return value of ksmbd_vfs_getcasexattr() correctly If ksmbd_vfs_getcasexattr() returns -ENOMEM, stream_buf is NULL, it will cause null-ptr-deref when using it to copy memory. So we need check the return value of ksmbd_vfs_getcasexattr() by comparing with 0. Signed-off-by: Yang Yingliang Signed-off-by: Namjae Jeon Signed-off-by: Steve French --- fs/cifsd/vfs.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index 85872416bf9b..56b1091473b9 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -274,7 +274,6 @@ static int ksmbd_vfs_stream_read(struct ksmbd_file *fp, char *buf, loff_t *pos, { ssize_t v_len; char *stream_buf = NULL; - int err; ksmbd_debug(VFS, "read stream data pos : %llu, count : %zd\n", *pos, count); @@ -283,11 +282,8 @@ static int ksmbd_vfs_stream_read(struct ksmbd_file *fp, char *buf, loff_t *pos, fp->stream.name, fp->stream.size, &stream_buf); - if (v_len == -ENOENT) { - ksmbd_err("not found stream in xattr : %zd\n", v_len); - err = -ENOENT; - return err; - } + if ((int)v_len <= 0) + return (int)v_len; memcpy(buf, &stream_buf[*pos], count); kvfree(stream_buf); @@ -415,9 +411,9 @@ static int ksmbd_vfs_stream_write(struct ksmbd_file *fp, char *buf, loff_t *pos, fp->stream.name, fp->stream.size, &stream_buf); - if (v_len == -ENOENT) { + if ((int)v_len < 0) { ksmbd_err("not found stream in xattr : %zd\n", v_len); - err = -ENOENT; + err = (int)v_len; goto out; } -- cgit v1.3-14-g43fede From 2ae1a6cc43027d84e33819ac4376c5e5e11b4152 Mon Sep 17 00:00:00 2001 From: Namjae Jeon Date: Mon, 31 May 2021 17:26:43 +0900 Subject: cifsd: fix potential read overflow in ksmbd_vfs_stream_read() If *pos or *pos + count is greater than v_len, It will read beyond the stream_buf buffer. This patch add the check and cut down count with size of the buffer. Signed-off-by: Namjae Jeon Signed-off-by: Steve French --- fs/cifsd/vfs.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c index 56b1091473b9..9111b485d611 100644 --- a/fs/cifsd/vfs.c +++ b/fs/cifsd/vfs.c @@ -285,9 +285,19 @@ static int ksmbd_vfs_stream_read(struct ksmbd_file *fp, char *buf, loff_t *pos, if ((int)v_len <= 0) return (int)v_len; + if (v_len <= *pos) { + count = -EINVAL; + goto free_buf; + } + + if (v_len - *pos < count) + count = v_len - *pos; + memcpy(buf, &stream_buf[*pos], count); + +free_buf: kvfree(stream_buf); - return v_len > count ? count : v_len; + return count; } /** -- cgit v1.3-14-g43fede