[PATCH 3/5] cifs: Fix validation of SMB2_OP_QUERY_WSL_EA response size

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Pali Rohár" <pali@kernel.org>
To: Steve French <sfrench@samba.org>, Paulo Alcantara <pc@manguebit.com>
Cc: linux-cifs@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH 3/5] cifs: Fix validation of SMB2_OP_QUERY_WSL_EA response size
Date: Sun,  8 Jun 2025 19:01:17 +0200	[thread overview]
Message-ID: <20250608170119.6813-4-pali@kernel.org> (raw)
In-Reply-To: <20250608170119.6813-1-pali@kernel.org>

Currently the SMB2_OP_QUERY_WSL_EA checks that response buffer has at least
size SMB2_WSL_MIN_QUERY_EA_RESP_SIZE and maximally it is
SMB2_WSL_MAX_QUERY_EA_RESP_SIZE.

Constant SMB2_WSL_MIN_QUERY_EA_RESP_SIZE is defined wrongly because it
expects that the there are at least 3 EAs. But WSL subsystem has only one
mandatory EA: $LXMOD. So fix the SMB2_WSL_MIN_QUERY_EA_RESP_SIZE to be size
of the structure of one EA.

Relax also SMB2_WSL_MAX_QUERY_EA_RESP_SIZE, calculate maximum size from the
size of the largest EA which is 8 bytes for $LXDEV.

This change allows to recognize WSL CHR and BLK reparse points which have
only $LXMOD and $LXDEV EAs (no $LXUID or $LXGID). WSL subsystem recognize
such reparse points too.

Fixes: ea41367b2a60 ("smb: client: introduce SMB2_OP_QUERY_WSL_EA")
Signed-off-by: Pali Rohár <pali@kernel.org>
---
 fs/smb/client/smb2pdu.h | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/fs/smb/client/smb2pdu.h b/fs/smb/client/smb2pdu.h
index 3c09a58dfd07..cdf0ab9ddbcd 100644
--- a/fs/smb/client/smb2pdu.h
+++ b/fs/smb/client/smb2pdu.h
@@ -425,24 +425,23 @@ struct smb2_create_ea_ctx {
 #define SMB2_WSL_XATTR_MODE		"$LXMOD"
 #define SMB2_WSL_XATTR_DEV		"$LXDEV"
 #define SMB2_WSL_XATTR_NAME_LEN	6
-#define SMB2_WSL_NUM_XATTRS		4
 
 #define SMB2_WSL_XATTR_UID_SIZE	4
 #define SMB2_WSL_XATTR_GID_SIZE	4
 #define SMB2_WSL_XATTR_MODE_SIZE	4
 #define SMB2_WSL_XATTR_DEV_SIZE	8
 
+/* minimal size: at least the smallest EA has to be present */
 #define SMB2_WSL_MIN_QUERY_EA_RESP_SIZE \
-	(ALIGN((SMB2_WSL_NUM_XATTRS - 1) * \
-	       (SMB2_WSL_XATTR_NAME_LEN + 1 + \
-		sizeof(struct smb2_file_full_ea_info)), 4) + \
-	 SMB2_WSL_XATTR_NAME_LEN + 1 + sizeof(struct smb2_file_full_ea_info))
+	(sizeof(struct smb2_file_full_ea_info) + SMB2_WSL_XATTR_NAME_LEN + 1 + 4)
 
+/*
+ * maximal size: all 4 EAs are present,
+ * beginning of each EA structure has to be aligned to 4 bytes,
+ * EAs have different size and can be returned in any other,
+ * use the largest EA size for aligning when calculating maximal size
+ */
 #define SMB2_WSL_MAX_QUERY_EA_RESP_SIZE \
-	(ALIGN(SMB2_WSL_MIN_QUERY_EA_RESP_SIZE + \
-	       SMB2_WSL_XATTR_UID_SIZE + \
-	       SMB2_WSL_XATTR_GID_SIZE + \
-	       SMB2_WSL_XATTR_MODE_SIZE + \
-	       SMB2_WSL_XATTR_DEV_SIZE, 4))
+	4 * ALIGN((sizeof(struct smb2_file_full_ea_info) + SMB2_WSL_XATTR_NAME_LEN + 1 + 8), 4)
 
 #endif				/* _SMB2PDU_H */
-- 
2.20.1

next prev parent reply	other threads:[~2025-06-08 17:01 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-06-08 17:01 [PATCH 0/5] cifs: Fix validation of WSL-style special files Pali Rohár
2025-06-08 17:01 ` [PATCH 1/5] cifs: Remove duplicate fattr->cf_dtype assignment from wsl_to_fattr() function Pali Rohár
2025-06-08 17:01 ` [PATCH 2/5] cifs: Fix validation of EAs for WSL reparse points Pali Rohár
2025-06-08 17:01 ` Pali Rohár [this message]
2025-06-08 21:49   ` [PATCH 3/5] cifs: Fix validation of SMB2_OP_QUERY_WSL_EA response size Paulo Alcantara
2025-06-08 22:15     ` Pali Rohár
2025-06-08 23:10       ` Paulo Alcantara
2025-06-09 22:49         ` Pali Rohár
2025-06-08 17:01 ` [PATCH 4/5] cifs: Query EA $LXMOD in cifs_query_path_info() for WSL reparse points Pali Rohár
2025-06-08 17:01 ` [PATCH 5/5] cifs: Validate presence of EA $LXMOD " Pali Rohár

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:3c09a58dfd0 dfblob:cdf0ab9ddbc )
 OR (
bs:"[PATCH 3/5] cifs: Fix validation of SMB2_OP_QUERY_WSL_EA response size" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250608170119.6813-4-pali@kernel.org \
    --to=pali@kernel.org \
    --cc=linux-cifs@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pc@manguebit.com \
    --cc=sfrench@samba.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.