From patchwork Tue Oct 5 05:03:35 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralph Boehme X-Patchwork-Id: 12535473 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73FD7C433F5 for ; Tue, 5 Oct 2021 05:25:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5342D61373 for ; Tue, 5 Oct 2021 05:25:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231740AbhJEF1C (ORCPT ); Tue, 5 Oct 2021 01:27:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58618 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230403AbhJEF1C (ORCPT ); Tue, 5 Oct 2021 01:27:02 -0400 Received: from hr2.samba.org (hr2.samba.org [IPv6:2a01:4f8:192:486::2:0]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0927AC061745 for ; Mon, 4 Oct 2021 22:25:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=samba.org; s=42; h=Message-Id:Date:Cc:To:From; bh=FbToP3cBCVM9Ma6brMXNh+tonQqcwo/eFaZFr4z6ESg=; b=wyHUIsyvNpRcIpO9BmJc4A4OaE xxUztab4d0eUxx+y4wL01/W3qbiTM4bZwDXZTAPgP88TAVDgGpjwQimoDnCq7j4KvMxfopvfYMutd gGVkMkP68gAM15pqcjVYeCOuTOYn7S6tkJvbFVpbKSVNU1e2D9QlAHYGbKf+6iX9O3b3tX3rcGOAC 0MxZTo+PFEzguoTV+nBr/l4G/541abNt7ikaPYjKOOI1SmS/o5ID3pLMo9waC6vB9oiYn4J/VgVuP nGQP7liinhblRq6NdiEHHmHafniw79+99BhDj/auP0qXTxNnQzU0C5Xd3q95x+FSkQRIGV5KVA+I+ jCpWX6aql7HZftNSU6Vqe84i53MM/RN6mtxtXxY7tzq3xOH4l8Ik5W0gEl9m/b9uNHIRkzDD+pzBQ 0+xlfi69KWVYrtSsnAMuaDIEZbojKrI3kzPFLiacMoVUgBwujV1/G++dJCLgGp++LcfvCz3RIuDQU wfmaDjKWQKbgd+Fxm4N7vTLN; Received: from [127.0.0.2] (localhost [127.0.0.1]) by hr2.samba.org with esmtpsa (TLS1.3:ECDHE_SECP256R1__ECDSA_SECP256R1_SHA256__CHACHA20_POLY1305:256) (Exim) id 1mXccZ-001Yyq-8k; Tue, 05 Oct 2021 05:04:07 +0000 From: Ralph Boehme To: linux-cifs@vger.kernel.org Cc: Ralph Boehme Subject: [PATCH v7 1/9] ksmbd: use ksmbd_req_buf_next() in ksmbd_verify_smb_message() Date: Tue, 5 Oct 2021 07:03:35 +0200 Message-Id: <20211005050343.268514-2-slow@samba.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20211005050343.268514-1-slow@samba.org> References: <20211005050343.268514-1-slow@samba.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org No change in behaviour. Signed-off-by: Ralph Boehme Acked-by: Namjae Jeon --- fs/ksmbd/smb_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ksmbd/smb_common.c b/fs/ksmbd/smb_common.c index 707490ab1f4c..e1e5a071678e 100644 --- a/fs/ksmbd/smb_common.c +++ b/fs/ksmbd/smb_common.c @@ -132,7 +132,7 @@ int ksmbd_lookup_protocol_idx(char *str) */ int ksmbd_verify_smb_message(struct ksmbd_work *work) { - struct smb2_hdr *smb2_hdr = work->request_buf + work->next_smb2_rcv_hdr_off; + struct smb2_hdr *smb2_hdr = ksmbd_req_buf_next(work); struct smb_hdr *hdr; if (smb2_hdr->ProtocolId == SMB2_PROTO_NUMBER) From patchwork Tue Oct 5 05:03:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralph Boehme X-Patchwork-Id: 12535475 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A2983C433F5 for ; Tue, 5 Oct 2021 05:25:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 89A6561381 for ; Tue, 5 Oct 2021 05:25:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231751AbhJEF1E (ORCPT ); Tue, 5 Oct 2021 01:27:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58628 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230403AbhJEF1E (ORCPT ); Tue, 5 Oct 2021 01:27:04 -0400 Received: from hr2.samba.org (hr2.samba.org [IPv6:2a01:4f8:192:486::2:0]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2B2AEC061745 for ; Mon, 4 Oct 2021 22:25:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=samba.org; s=42; h=Message-Id:Date:Cc:To:From; bh=Q0neQf3DKShcAntux8ELXSZVcbd+9OfbnnszLV4r0Y8=; b=tyhxwEAIPpRg5pyYhxjCBXDf9k CxGRHae6aj/mjeBHaEqwEmWiqAUaNjiQ/1ZKNdHuJxnqzlVMQxh2F5iSKxmkzi3YotdpkeF0QESWR gLDjCsu0tWCU5OsZkaO9+Pl+NZ5Memo3Gjwex0Ig7iNUKHxuPbQ/YLcbdluAJcHG9NnRs/lL5cMJ6 jdAmPX+hJ3zA6ZMEq7pV2GomwdPVyXSHHh9T6Fl8KsGkidunzdgtNzeDgR2rQIncuolPzN/erfA5q 3/M2c9LyfhLiURWhO0ki8b1Yge5lahtiEA1Dz/rJO3IGUCV72qhiVoxTw/WSYvKofEoQJ0WxAbzWw 04+FwBh0Xa4FxjI5BF05XyMP+hLR1KESC8b65EfnKVWeX6Rpmo2rOb9SxPVgcgmen6wjlSpb2yKBw ieA8TYjvDDnlPFKlubmCQev8qi5BDbRRbAzncZV1uG0yPwjayXFv6+kb5VKX8mg+a3kwIaI5ioA8z hQ1rarbqlVTIc8Cn221dYOx4; Received: from [127.0.0.2] (localhost [127.0.0.1]) by hr2.samba.org with esmtpsa (TLS1.3:ECDHE_SECP256R1__ECDSA_SECP256R1_SHA256__CHACHA20_POLY1305:256) (Exim) id 1mXccZ-001Yyq-T0; Tue, 05 Oct 2021 05:04:08 +0000 From: Ralph Boehme To: linux-cifs@vger.kernel.org Cc: Ralph Boehme , Namjae Jeon , Tom Talpey , Ronnie Sahlberg , Steve French , Hyunchul Lee Subject: [PATCH v7 2/9] ksmbd: use ksmbd_req_buf_next() in ksmbd_smb2_check_message() Date: Tue, 5 Oct 2021 07:03:36 +0200 Message-Id: <20211005050343.268514-3-slow@samba.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20211005050343.268514-1-slow@samba.org> References: <20211005050343.268514-1-slow@samba.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org No change in behaviour. Cc: Namjae Jeon Cc: Tom Talpey Cc: Ronnie Sahlberg Cc: Steve French Cc: Hyunchul Lee Signed-off-by: Ralph Boehme Acked-by: Namjae Jeon --- fs/ksmbd/smb2misc.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c index 9edd9c161b27..2cc031c39514 100644 --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -329,17 +329,12 @@ static int smb2_validate_credit_charge(struct smb2_hdr *hdr) int ksmbd_smb2_check_message(struct ksmbd_work *work) { - struct smb2_pdu *pdu = work->request_buf; + struct smb2_pdu *pdu = ksmbd_req_buf_next(work); struct smb2_hdr *hdr = &pdu->hdr; int command; __u32 clc_len; /* calculated length */ __u32 len = get_rfc1002_len(pdu); - if (work->next_smb2_rcv_hdr_off) { - pdu = ksmbd_req_buf_next(work); - hdr = &pdu->hdr; - } - if (le32_to_cpu(hdr->NextCommand) > 0) { len = le32_to_cpu(hdr->NextCommand); } else if (work->next_smb2_rcv_hdr_off) { From patchwork Tue Oct 5 05:03:37 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralph Boehme X-Patchwork-Id: 12535481 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4BABEC433EF for ; Tue, 5 Oct 2021 05:25:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 32E0C61381 for ; Tue, 5 Oct 2021 05:25:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231688AbhJEF1O (ORCPT ); Tue, 5 Oct 2021 01:27:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58664 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230526AbhJEF1N (ORCPT ); Tue, 5 Oct 2021 01:27:13 -0400 Received: from hr2.samba.org (hr2.samba.org [IPv6:2a01:4f8:192:486::2:0]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7FC96C061745 for ; Mon, 4 Oct 2021 22:25:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=samba.org; s=42; h=Message-Id:Date:Cc:To:From; bh=RUdFWXqKL86Vn/W/JmGHXQDoh/kv/WS0AT06GqsQiCc=; b=is9IiUNxg+y10i3jgmWx0EmVdl P17V1Yi+EtdPLpZh5AkkU1b5hRMkff4nr1YkbtHyM84MeTcx3d4Z8rfI/SoZ+4fLVE97utbSdzHyl srTkFRxEwpiR/bAq+3EmK9MuRtIF7aS4SHiaO2h2tC3JsVrrhHKZutE2/ATxZWTIXlyzZYb7S92hJ pzzfDoh0n3BtvWqWaCLhO8XYZCJ9EE9mnUiq9ygop5pKx3nhH9MDUISpidFJe2qvMzNWw8yomYv4C rZO9BQiv87GMP8TPWlMPGNaHCd2YBc5BZoVHC1RYDbvyw8LrjN0Sbm4/OLsuv7gY6f4iNsxlPq13u hMxbWh8j5E//HkRs6QoYJPou5D2qFZNQlChisUWfgthaBolY97uMPAkAJyL58aqEdQpGkyqWwOAoI Gsm0QuX2z9q4GTvah8ydw49jPOTliUgo7oQTRsT8s2oeD7uw4h56rg2avt9SMX4IKIiC43PRHe9a0 NfOdiQ1Dfga190I65dnJFRsP; Received: from [127.0.0.2] (localhost [127.0.0.1]) by hr2.samba.org with esmtpsa (TLS1.3:ECDHE_SECP256R1__ECDSA_SECP256R1_SHA256__CHACHA20_POLY1305:256) (Exim) id 1mXcca-001Yyq-GI; Tue, 05 Oct 2021 05:04:08 +0000 From: Ralph Boehme To: linux-cifs@vger.kernel.org Cc: Ralph Boehme , Namjae Jeon , Tom Talpey , Ronnie Sahlberg , Steve French , Hyunchul Lee Subject: [PATCH v7 3/9] ksmbd: add and use ksmbd_smb2_cur_pdu_buflen() in ksmbd_smb2_check_message() Date: Tue, 5 Oct 2021 07:03:37 +0200 Message-Id: <20211005050343.268514-4-slow@samba.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20211005050343.268514-1-slow@samba.org> References: <20211005050343.268514-1-slow@samba.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org No change in behaviour. Cc: Namjae Jeon Cc: Tom Talpey Cc: Ronnie Sahlberg Cc: Steve French Cc: Hyunchul Lee Signed-off-by: Ralph Boehme --- fs/ksmbd/smb2misc.c | 36 +++++++++++++++++++++++++++--------- fs/ksmbd/smb2pdu.h | 1 + 2 files changed, 28 insertions(+), 9 deletions(-) diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c index 2cc031c39514..7ed266eb6c5e 100644 --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -333,14 +333,7 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) struct smb2_hdr *hdr = &pdu->hdr; int command; __u32 clc_len; /* calculated length */ - __u32 len = get_rfc1002_len(pdu); - - if (le32_to_cpu(hdr->NextCommand) > 0) { - len = le32_to_cpu(hdr->NextCommand); - } else if (work->next_smb2_rcv_hdr_off) { - len -= work->next_smb2_rcv_hdr_off; - len = round_up(len, 8); - } + __u32 len = ksmbd_smb2_cur_pdu_buflen(work); if (check_smb2_hdr(hdr)) return 1; @@ -395,7 +388,7 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) * Some windows servers (win2016) will pad also the final * PDU in a compound to 8 bytes. */ - if (ALIGN(clc_len, 8) == len) + if (ALIGN(clc_len, 8) == ALIGN(len, 8)) return 0; /* @@ -427,3 +420,28 @@ int smb2_negotiate_request(struct ksmbd_work *work) { return ksmbd_smb_negotiate_common(work, SMB2_NEGOTIATE_HE); } + +/** + * ksmbd_smb2_cur_pdu_buflen() - Get len of current SMB2 PDU buffer + * This returns the lenght including any possible padding. + * @work: smb work containing request buffer + */ +unsigned int ksmbd_smb2_cur_pdu_buflen(struct ksmbd_work *work) +{ + struct smb2_hdr *hdr = ksmbd_req_buf_next(work); + unsigned int buf_len; + unsigned int pdu_len; + + if (hdr->NextCommand != 0) { + /* + * hdr->NextCommand has already been validated by + * init_chained_smb2_rsp(). + */ + return __le32_to_cpu(hdr->NextCommand); + } + + buf_len = get_rfc1002_len(work->request_buf); + pdu_len = buf_len - work->next_smb2_rcv_hdr_off; + return pdu_len; +} + diff --git a/fs/ksmbd/smb2pdu.h b/fs/ksmbd/smb2pdu.h index a6dec5ec6a54..c5fa8256b0bb 100644 --- a/fs/ksmbd/smb2pdu.h +++ b/fs/ksmbd/smb2pdu.h @@ -1680,6 +1680,7 @@ int smb2_set_rsp_credits(struct ksmbd_work *work); /* smb2 misc functions */ int ksmbd_smb2_check_message(struct ksmbd_work *work); +unsigned int ksmbd_smb2_cur_pdu_buflen(struct ksmbd_work *work); /* smb2 command handlers */ int smb2_handle_negotiate(struct ksmbd_work *work); From patchwork Tue Oct 5 05:03:38 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralph Boehme X-Patchwork-Id: 12535467 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B2C4FC433EF for ; Tue, 5 Oct 2021 05:04:12 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8FBD561354 for ; Tue, 5 Oct 2021 05:04:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231842AbhJEFGB (ORCPT ); Tue, 5 Oct 2021 01:06:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54072 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230493AbhJEFGB (ORCPT ); Tue, 5 Oct 2021 01:06:01 -0400 Received: from hr2.samba.org (hr2.samba.org [IPv6:2a01:4f8:192:486::2:0]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2FC71C061745 for ; Mon, 4 Oct 2021 22:04:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=samba.org; s=42; h=Message-Id:Date:Cc:To:From; bh=hTRbEAqucp4EFXp/e8btO1P5REZqGdjAp7JF89IXpXM=; b=L1MLcAgaTNyeqPB6fRJHkcRvZ8 /KxAaCdVJQAyGKN5bnitGP7pluD5Y6IndOHiPc1BW2pwTeQnp2XBmulz6QoVCRCJ5XkH9dmrKzTqW LE0b5sWxq3uTphrRnHYbVwC/wmX0kVmBHCPEtiv3JyNDfyDgLpW7+2Sj+4PNDW2OFnZZe4fEVbeO1 6Dk+lCTTph0rLZsGpfpB9YS895l6MaWq75YFEQB5uf0I+jnWjbGHkXx+K/FWHgqvyHa8mvdxf1qHZ JOQdSMnidU1J0lwFKOWULljfNPcXgp9s8w7Dzk1fzdQplkQhpNdqsc2FqBTcK6A97cDh5JMwjg4Er KqJ4NsFrNwD+cHkB6u6dXahf9zosqDaP5mpxEGrQ8nXeUuBpRXKSSaDF4Y4RjUFvUPfRu4m11aok8 kQgqDASUD0B4Vh1vNZTNOHkLHp0pGhuL9BwvokzEEVSc98WUTz/zruoU8S5GuauCikDGthuq66AMw uDZx2xGV8WwkYDSy1V9YKsqg; Received: from [127.0.0.2] (localhost [127.0.0.1]) by hr2.samba.org with esmtpsa (TLS1.3:ECDHE_SECP256R1__ECDSA_SECP256R1_SHA256__CHACHA20_POLY1305:256) (Exim) id 1mXccb-001Yyq-3a; Tue, 05 Oct 2021 05:04:09 +0000 From: Ralph Boehme To: linux-cifs@vger.kernel.org Cc: Ralph Boehme , Namjae Jeon , Tom Talpey , Ronnie Sahlberg , Steve French , Hyunchul Lee Subject: [PATCH v7 4/9] ksmbd: check buffer is big enough to access the SMB2 PUD body size field Date: Tue, 5 Oct 2021 07:03:38 +0200 Message-Id: <20211005050343.268514-5-slow@samba.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20211005050343.268514-1-slow@samba.org> References: <20211005050343.268514-1-slow@samba.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org Cc: Namjae Jeon Cc: Tom Talpey Cc: Ronnie Sahlberg Cc: Steve French Cc: Hyunchul Lee Signed-off-by: Ralph Boehme --- fs/ksmbd/smb2misc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c index 7ed266eb6c5e..50521b5a50b5 100644 --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -350,6 +350,9 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) return 1; } + if (len < sizeof(struct smb2_pdu) - 4) + return 1; + if (smb2_req_struct_sizes[command] != pdu->StructureSize2) { if (command != SMB2_OPLOCK_BREAK_HE && (hdr->Status == 0 || pdu->StructureSize2 != SMB2_ERROR_STRUCTURE_SIZE2_LE)) { From patchwork Tue Oct 5 05:03:39 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralph Boehme X-Patchwork-Id: 12535477 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE889C433F5 for ; Tue, 5 Oct 2021 05:25:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CEDD261373 for ; Tue, 5 Oct 2021 05:25:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231752AbhJEF1H (ORCPT ); Tue, 5 Oct 2021 01:27:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58636 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230403AbhJEF1G (ORCPT ); Tue, 5 Oct 2021 01:27:06 -0400 Received: from hr2.samba.org (hr2.samba.org [IPv6:2a01:4f8:192:486::2:0]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 501FCC061745 for ; Mon, 4 Oct 2021 22:25:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=samba.org; s=42; h=Message-Id:Date:Cc:To:From; bh=acdj2rVLpy5Dy5k7x+SeWtBBddAAA6m51QOfa2uKNQs=; b=aBA0QqfsHcVn3bOdzeaap/ZBlG CcLiATrrRwodoucZeAfYh6e1s6+UTAWAptys93V8k0YD9xOXU4jmCC1api9nvxXQk+2yf9TfEvOqd ks54lbKb9ZY5xPHjKBti2lfS7R2grQwhWMCrzZ/X2h9UmXhjJrIk67NJFDEZi02Gzd0zw6Q1+hEyh dv79pqpF0yDlhCyTiJfSrDGw+UgorxKSMK5QbGuHTXhUuWzaL5aJI2XLNC7kmmB4nHSrKsIhlMRai 3kJeXDP7BevT6Udv1Q3k+SB0DUqZTE1d+EelOHq7cI4q3+0dXph2JwvTiQET9QKtvr5yEE0/OmmJG iDN2rOsGlOFI7jV26HrEvNZradfpIj8Hg/+WOdthc90/oexqplYdEIR2HqjDmKlefA5uMcmFDdg3p 2QTrXsM5sYQyN3RApEUPEsLZra9I8gwhdRHUfsxLjfeNjHWqMRhNQTy7KOPmlHr+pM+wHlCaQhYZ/ mMinOflFBHEO+sQ2cqKSbWNr; Received: from [127.0.0.2] (localhost [127.0.0.1]) by hr2.samba.org with esmtpsa (TLS1.3:ECDHE_SECP256R1__ECDSA_SECP256R1_SHA256__CHACHA20_POLY1305:256) (Exim) id 1mXccb-001Yyq-NH; Tue, 05 Oct 2021 05:04:09 +0000 From: Ralph Boehme To: linux-cifs@vger.kernel.org Cc: Ralph Boehme Subject: [PATCH v7 5/9] ksmdb: validate credit charge after validating SMB2 PDU body size Date: Tue, 5 Oct 2021 07:03:39 +0200 Message-Id: <20211005050343.268514-6-slow@samba.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20211005050343.268514-1-slow@samba.org> References: <20211005050343.268514-1-slow@samba.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org smb2_validate_credit_charge() accesses fields in the SMB2 PDU body, but until smb2_calc_size() is called the PDU has not yet been verified to be large enough to access the PDU dynamic part length field. Signed-off-by: Ralph Boehme Acked-by: Namjae Jeon --- fs/ksmbd/smb2misc.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c index 50521b5a50b5..1f14120a0e48 100644 --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -373,12 +373,6 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) } } - if ((work->conn->vals->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU) && - smb2_validate_credit_charge(hdr)) { - work->conn->ops->set_rsp_status(work, STATUS_INVALID_PARAMETER); - return 1; - } - if (smb2_calc_size(hdr, &clc_len)) return 1; @@ -416,6 +410,12 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) return 1; } + if ((work->conn->vals->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU) && + smb2_validate_credit_charge(hdr)) { + work->conn->ops->set_rsp_status(work, STATUS_INVALID_PARAMETER); + return 1; + } + return 0; } From patchwork Tue Oct 5 05:03:40 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralph Boehme X-Patchwork-Id: 12535479 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8F61FC433EF for ; Tue, 5 Oct 2021 05:25:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 763EB61373 for ; Tue, 5 Oct 2021 05:25:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230403AbhJEF1J (ORCPT ); Tue, 5 Oct 2021 01:27:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58648 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231753AbhJEF1J (ORCPT ); Tue, 5 Oct 2021 01:27:09 -0400 Received: from hr2.samba.org (hr2.samba.org [IPv6:2a01:4f8:192:486::2:0]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2426BC061745 for ; Mon, 4 Oct 2021 22:25:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=samba.org; s=42; h=Message-Id:Date:Cc:To:From; bh=kCIffVkTqm0C4KWFGoZnffHe/6WW9WX5+3VdjIPYhs8=; b=ZL8HrOL6xtZ1SbUKJACrKcv8xa m0iAcazZChbfrAgs8GApwsexB0981JSxBEWBDGp3x4LTBtx/j+m+tjCmf9t+sgqqD3nzfql0SZ7hb dQ09jtCZVzVjFHuhg8Hybb0Llri0hmy/te+loSKrdIktxNxNy1SoM5x+OQwy7Lv2juKFPOfeA3egN WEjj+L2iqDdCKaYtcFddfmYuFTRA2uY5Nswu4fP/jSAF1fzdBbxymK7ND2J3rugGnZfcjBojzrJz6 a9tjfQNcuT/7Fb6/xtk8Qim6zcsksNHMen5qY+rxV4YlKhbivPJJLou/2XFlAAKq3fhoAc3CA3nWe 4XYLzO8sA1eHzVXFK86e6y+8FG4hLh9oSuspiKZUDlMiUJnYzNOEBhd5V8WrVV5qlbGC9VW75CFw2 D3O4zOTUZJnXgB8VBbxwyN4HNxaqcOoIsQnr+ZT7SBXetDz+2fYjH+a2RJo9o5Blg94e3sBrOBIvL o3sxyolq6jutiX3rBwsGDudz; Received: from [127.0.0.2] (localhost [127.0.0.1]) by hr2.samba.org with esmtpsa (TLS1.3:ECDHE_SECP256R1__ECDSA_SECP256R1_SHA256__CHACHA20_POLY1305:256) (Exim) id 1mXccc-001Yyq-9q; Tue, 05 Oct 2021 05:04:10 +0000 From: Ralph Boehme To: linux-cifs@vger.kernel.org Cc: Ralph Boehme , Namjae Jeon , Tom Talpey , Ronnie Sahlberg , Steve French , Hyunchul Lee Subject: [PATCH v7 6/9] ksmdb: use cmd helper variable in smb2_get_ksmbd_tcon() Date: Tue, 5 Oct 2021 07:03:40 +0200 Message-Id: <20211005050343.268514-7-slow@samba.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20211005050343.268514-1-slow@samba.org> References: <20211005050343.268514-1-slow@samba.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org No change in behaviour. Cc: Namjae Jeon Cc: Tom Talpey Cc: Ronnie Sahlberg Cc: Steve French Cc: Hyunchul Lee Signed-off-by: Ralph Boehme Acked-by: Namjae Jeon --- fs/ksmbd/smb2pdu.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index ed8324f9c2bd..e10ddc1fce09 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -94,12 +94,13 @@ struct channel *lookup_chann_list(struct ksmbd_session *sess, struct ksmbd_conn int smb2_get_ksmbd_tcon(struct ksmbd_work *work) { struct smb2_hdr *req_hdr = work->request_buf; + unsigned int cmd = le16_to_cpu(req_hdr->Command); int tree_id; work->tcon = NULL; - if (work->conn->ops->get_cmd_val(work) == SMB2_TREE_CONNECT_HE || - work->conn->ops->get_cmd_val(work) == SMB2_CANCEL_HE || - work->conn->ops->get_cmd_val(work) == SMB2_LOGOFF_HE) { + if (cmd == SMB2_TREE_CONNECT_HE || + cmd == SMB2_CANCEL_HE || + cmd == SMB2_LOGOFF_HE) { ksmbd_debug(SMB, "skip to check tree connect request\n"); return 0; } From patchwork Tue Oct 5 05:03:41 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralph Boehme X-Patchwork-Id: 12535483 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E9FC0C433F5 for ; Tue, 5 Oct 2021 05:25:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CCE1761381 for ; Tue, 5 Oct 2021 05:25:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231786AbhJEF1V (ORCPT ); Tue, 5 Oct 2021 01:27:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58694 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230526AbhJEF1U (ORCPT ); Tue, 5 Oct 2021 01:27:20 -0400 Received: from hr2.samba.org (hr2.samba.org [IPv6:2a01:4f8:192:486::2:0]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 17B4AC061745 for ; Mon, 4 Oct 2021 22:25:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=samba.org; s=42; h=Message-Id:Date:Cc:To:From; bh=SFlPCGxJhT7S8Y9nmDzpW7DdvXgifH+PEARq7tlvL+g=; b=o+TJuVVDLAmDkQe6N8TruhjWBq z+0oXXD7/bD0lc8D0PIOjqVTEgoRed04ICNdulO8kAo9/SLoIzDHtrCU1ztRLJM/3t0FgMZBPaTg9 TezrbHBBJysXp2DazDsTK20HsMxa/IeFhYYcWH0OoW3I2+CCKLg8ItXdbPba+BEmGh8LVWxXbr7bf zegsv8b3CUpoPN8sa3VRTXARFhw0DMYNAbF0ngrJoHgZSHrFvArmIVk3EIStk4XpcXCcWXdPf9VWR fidxVf3FYC0awe/7D+3qaIzd77aDJOTWVC6u/873ElAIw8K7t/7sPtONkLhxfE/8eXALYv68bExYQ 1WRJWGqPXDrOlnLkGUQ3lghCIdXC3SEItZFp8LKOW4KTZ4UeS77ucXNFhrc4lv/scuz1G/CYBK1vZ vvQB6Dpn0NygVNIrll5BH5pdMx7clJmHPSVdJpDZ8rBl90yp7D4o0k+jthvbwfbkyOZ+E0FicO3CN r2I6ZQe+b75xsLMeLwFjXhbV; Received: from [127.0.0.2] (localhost [127.0.0.1]) by hr2.samba.org with esmtpsa (TLS1.3:ECDHE_SECP256R1__ECDSA_SECP256R1_SHA256__CHACHA20_POLY1305:256) (Exim) id 1mXccc-001Yyq-Sl; Tue, 05 Oct 2021 05:04:11 +0000 From: Ralph Boehme To: linux-cifs@vger.kernel.org Cc: Ralph Boehme , Namjae Jeon , Tom Talpey , Ronnie Sahlberg , Steve French , Hyunchul Lee Subject: [PATCH v7 7/9] ksmdb: make smb2_get_ksmbd_tcon() callable with chained PDUs Date: Tue, 5 Oct 2021 07:03:41 +0200 Message-Id: <20211005050343.268514-8-slow@samba.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20211005050343.268514-1-slow@samba.org> References: <20211005050343.268514-1-slow@samba.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org Also track the tcon id of compound requests. Cc: Namjae Jeon Cc: Tom Talpey Cc: Ronnie Sahlberg Cc: Steve French Cc: Hyunchul Lee Signed-off-by: Ralph Boehme --- fs/ksmbd/ksmbd_work.h | 1 + fs/ksmbd/smb2pdu.c | 14 +++++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/fs/ksmbd/ksmbd_work.h b/fs/ksmbd/ksmbd_work.h index f7156bc50049..91363d508909 100644 --- a/fs/ksmbd/ksmbd_work.h +++ b/fs/ksmbd/ksmbd_work.h @@ -46,6 +46,7 @@ struct ksmbd_work { u64 compound_fid; u64 compound_pfid; u64 compound_sid; + u32 compound_tid; const struct cred *saved_cred; diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index e10ddc1fce09..1755a524beb3 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -97,7 +97,6 @@ int smb2_get_ksmbd_tcon(struct ksmbd_work *work) unsigned int cmd = le16_to_cpu(req_hdr->Command); int tree_id; - work->tcon = NULL; if (cmd == SMB2_TREE_CONNECT_HE || cmd == SMB2_CANCEL_HE || cmd == SMB2_LOGOFF_HE) { @@ -110,13 +109,26 @@ int smb2_get_ksmbd_tcon(struct ksmbd_work *work) return -ENOENT; } + if (req_hdr->Flags & SMB2_FLAGS_RELATED_OPERATIONS) { + if (!work->tcon) { + pr_err("Missing tcon\n"); + return -EINVAL; + } + return 1; + } + + work->tcon = NULL; + work->compound_tid = 0; + tree_id = le32_to_cpu(req_hdr->Id.SyncId.TreeId); + work->tcon = ksmbd_tree_conn_lookup(work->sess, tree_id); if (!work->tcon) { pr_err("Invalid tid %d\n", tree_id); return -EINVAL; } + work->compound_tid = tree_id; return 1; } From patchwork Tue Oct 5 05:03:42 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralph Boehme X-Patchwork-Id: 12535469 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 44668C433F5 for ; Tue, 5 Oct 2021 05:04:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2935A61186 for ; Tue, 5 Oct 2021 05:04:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231854AbhJEFGE (ORCPT ); Tue, 5 Oct 2021 01:06:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54084 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230493AbhJEFGD (ORCPT ); Tue, 5 Oct 2021 01:06:03 -0400 Received: from hr2.samba.org (hr2.samba.org [IPv6:2a01:4f8:192:486::2:0]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 94635C061745 for ; Mon, 4 Oct 2021 22:04:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=samba.org; s=42; h=Message-Id:Date:Cc:To:From; bh=Z8f4dUKuaaj6WW6TSTFylzXwyNsHQwH8N/ljzXsw7m4=; b=LwRj3sc4/Azigm2pDyLVvy3DOI NC1ce6//ZwUFN6xL0zkztStjjAt4gIUw4Dgq7yXmhNa0IAp6dXiQsZaoOsTxgvKLia6n6FqP7oYQ1 Bm6UUvn1kCix9aGKHlSk5lufcl8XK/+KAymbGkCBUHFUUzHgW/n7NjOPfB2oE1G/Av1b10mJ+PRo8 41sV0MyF03OwHN6uK7PEbZBMQtVxkRlYhtFz93sF5tslBWPIGlbGUkfn8F5pgZtEqD2SJnQ1OlviB uJf6e2aGHL+2w1twEHS5qZ14o21Lk+Pge2y2PQYioSLJRjSPV1li9JXQJjXacpZxZaiyn2riLvCOb YzSqABVHRHpqp/YmyIf+K8hemdr0SsskF+fwkC13dI7dNWUMQhL7NiPcmlFxx7DxT8GVYdPX7wX3A w+rAxdK0UWnAScalNa8Lt2As2MQrdoWURfuJAEQg/rqzQwCpDHwkclKwTyHGxwH8b9QAKaM67Mp0j Y/hDTAi36zEsFOMDr/izHEdh; Received: from [127.0.0.2] (localhost [127.0.0.1]) by hr2.samba.org with esmtpsa (TLS1.3:ECDHE_SECP256R1__ECDSA_SECP256R1_SHA256__CHACHA20_POLY1305:256) (Exim) id 1mXccd-001Yyq-Hi; Tue, 05 Oct 2021 05:04:11 +0000 From: Ralph Boehme To: linux-cifs@vger.kernel.org Cc: Ralph Boehme , Namjae Jeon , Tom Talpey , Ronnie Sahlberg , Steve French , Hyunchul Lee Subject: [PATCH v7 8/9] ksmbd: make smb2_check_user_session() callable for compound PDUs Date: Tue, 5 Oct 2021 07:03:42 +0200 Message-Id: <20211005050343.268514-9-slow@samba.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20211005050343.268514-1-slow@samba.org> References: <20211005050343.268514-1-slow@samba.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org Cc: Namjae Jeon Cc: Tom Talpey Cc: Ronnie Sahlberg Cc: Steve French Cc: Hyunchul Lee Signed-off-by: Ralph Boehme --- fs/ksmbd/smb2pdu.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 1755a524beb3..c137c1a94b99 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -416,7 +416,6 @@ static void init_chained_smb2_rsp(struct ksmbd_work *work) work->compound_pfid = le64_to_cpu(((struct smb2_create_rsp *)rsp)-> PersistentFileId); - work->compound_sid = le64_to_cpu(rsp->SessionId); } len = get_rfc1002_len(work->response_buf) - work->next_smb2_rsp_hdr_off; @@ -596,7 +595,6 @@ int smb2_check_user_session(struct ksmbd_work *work) unsigned int cmd = conn->ops->get_cmd_val(work); unsigned long long sess_id; - work->sess = NULL; /* * SMB2_ECHO, SMB2_NEGOTIATE, SMB2_SESSION_SETUP command do not * require a session id, so no need to validate user session's for @@ -609,11 +607,25 @@ int smb2_check_user_session(struct ksmbd_work *work) if (!ksmbd_conn_good(work)) return -EINVAL; + if (req_hdr->Flags & SMB2_FLAGS_RELATED_OPERATIONS) { + if (work->sess) { + pr_err("Missing session\n"); + return -EINVAL; + } + return 1; + } + + work->sess = NULL; + work->compound_sid = 0; + sess_id = le64_to_cpu(req_hdr->SessionId); + /* Check for validity of user session */ work->sess = ksmbd_session_lookup_all(conn, sess_id); - if (work->sess) + if (work->sess) { + work->compound_sid = sess_id; return 1; + } ksmbd_debug(SMB, "Invalid user session, Uid %llu\n", sess_id); return -EINVAL; } From patchwork Tue Oct 5 05:03:43 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralph Boehme X-Patchwork-Id: 12535485 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 463BFC433F5 for ; Tue, 5 Oct 2021 05:25:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2C710613AC for ; Tue, 5 Oct 2021 05:25:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231142AbhJEF1Y (ORCPT ); Tue, 5 Oct 2021 01:27:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58706 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231753AbhJEF1X (ORCPT ); Tue, 5 Oct 2021 01:27:23 -0400 Received: from hr2.samba.org (hr2.samba.org [IPv6:2a01:4f8:192:486::2:0]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3BB2AC061745 for ; Mon, 4 Oct 2021 22:25:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=samba.org; s=42; h=Message-Id:Date:Cc:To:From; bh=Umiz6jNkxJhh7bHGki0vDMexgYdOtVbyRz8bFzWT1jc=; b=J++e8P4WsuFEIdFLY3HlEpDP0l VVdwbIEOvszoIy9gQ2PPYjfUR4LihIybvDUPqDJNPmaFP+P4SU1XOyIJjdexzi5D2wDwVxVfvrMzS vSk4jdZfLUodfY0ZOl/fHjxHcN+cZetHwjPzTdPeUj8U/SA0S5jBGlvTbTYcc4arluwljLQ2kHp73 +SmZSwURfmFaz71EcCyHpMXB+yq5TNr6rgGEN5l3WEVSi+sIwi2my4zVWFFt54zioOBwzx5hsEkTZ apx7Ilr0jbSdohFuiewTWZBRRztSGR1MSQQ0VlQyUrD2Mg8VGJ6pwwemPcqT+6PTTUJGFXzNYyaJK 8p8l4S87yXudO/0xiJQb4teXEWm97O5rAdgbfJEEqVaKO2TsRqqiulPwwVv1TxNTjTCNm9RU7Xpch dUNNyCMVvcS+nCzT8ts6Z/+V48avjrw0036m0L2pGUoFRTSgfh4HLMoRTvk1355YxiS9xhkXnR/yT 8xC3gdENFrCZ7vI7G7xni734; Received: from [127.0.0.2] (localhost [127.0.0.1]) by hr2.samba.org with esmtpsa (TLS1.3:ECDHE_SECP256R1__ECDSA_SECP256R1_SHA256__CHACHA20_POLY1305:256) (Exim) id 1mXcce-001Yyq-83; Tue, 05 Oct 2021 05:04:12 +0000 From: Ralph Boehme To: linux-cifs@vger.kernel.org Cc: Ralph Boehme , Namjae Jeon , Tom Talpey , Ronnie Sahlberg , Steve French , Hyunchul Lee Subject: [PATCH v7 9/9] ksmdb: move session and tcon validation to __process_request() Date: Tue, 5 Oct 2021 07:03:43 +0200 Message-Id: <20211005050343.268514-10-slow@samba.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20211005050343.268514-1-slow@samba.org> References: <20211005050343.268514-1-slow@samba.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org For compound non-related operations session id and tree id must be taken from earch PDU. Cc: Namjae Jeon Cc: Tom Talpey Cc: Ronnie Sahlberg Cc: Steve French Cc: Hyunchul Lee Signed-off-by: Ralph Boehme --- fs/ksmbd/server.c | 46 +++++++++++++++++++++++++++++----------------- 1 file changed, 29 insertions(+), 17 deletions(-) diff --git a/fs/ksmbd/server.c b/fs/ksmbd/server.c index 2a2b2135bfde..5d1ef277653f 100644 --- a/fs/ksmbd/server.c +++ b/fs/ksmbd/server.c @@ -101,6 +101,32 @@ static inline int check_conn_state(struct ksmbd_work *work) return 0; } +static int check_session_and_tcon(struct ksmbd_work *work) +{ + int rc; + + if (work->conn->ops->check_user_session == NULL) + return 0; + + rc = work->conn->ops->check_user_session(work); + if (rc < 0) { + work->conn->ops->set_rsp_status(work, + STATUS_USER_SESSION_DELETED); + return 1; + } + if (rc == 0) + return 0; + + rc = work->conn->ops->get_ksmbd_tcon(work); + if (rc < 0) { + work->conn->ops->set_rsp_status(work, + STATUS_NETWORK_NAME_DELETED); + return 1; + } + + return 0; +} + #define SERVER_HANDLER_CONTINUE 0 #define SERVER_HANDLER_ABORT 1 @@ -117,6 +143,9 @@ static int __process_request(struct ksmbd_work *work, struct ksmbd_conn *conn, if (ksmbd_verify_smb_message(work)) return SERVER_HANDLER_ABORT; + if (check_session_and_tcon(work)) + return SERVER_HANDLER_ABORT; + command = conn->ops->get_cmd_val(work); *cmd = command; @@ -184,23 +213,6 @@ static void __handle_ksmbd_work(struct ksmbd_work *work, goto send; } - if (conn->ops->check_user_session) { - rc = conn->ops->check_user_session(work); - if (rc < 0) { - command = conn->ops->get_cmd_val(work); - conn->ops->set_rsp_status(work, - STATUS_USER_SESSION_DELETED); - goto send; - } else if (rc > 0) { - rc = conn->ops->get_ksmbd_tcon(work); - if (rc < 0) { - conn->ops->set_rsp_status(work, - STATUS_NETWORK_NAME_DELETED); - goto send; - } - } - } - do { rc = __process_request(work, conn, &command); if (rc == SERVER_HANDLER_ABORT)