From: ChenXiaoSong <chenxiaosong.chenxiaosong@linux.dev>
To: David Howells <dhowells@redhat.com>,
Namjae Jeon <linkinjeon@kernel.org>,
Steve French <sfrench@samba.org>
Cc: Sergey Senozhatsky <senozhatsky@chromium.org>,
Tom Talpey <tom@talpey.com>, Paulo Alcantara <pc@manguebit.org>,
Shyam Prasad N <sprasad@microsoft.com>,
linux-cifs@vger.kernel.org, netfs@lists.linux.dev,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] ksmbd: Fix to handle removal of rfc1002 header from smb_hdr
Date: Thu, 18 Dec 2025 23:46:50 +0800 [thread overview]
Message-ID: <cb002f72-3e2a-4d23-b08d-f6d987a29661@linux.dev> (raw)
In-Reply-To: <b5ebd3be-c567-44bb-9411-add5e79234dc@linux.dev>
Hi David,
Since the size of `struct smb_hdr` has changed, the value of
`SMB1_MIN_SUPPORTED_HEADER_SIZE` should also be updated to
`(sizeof(struct smb_hdr) + 4)`. `SMB1_MIN_SUPPORTED_HEADER_SIZE` is used
in `ksmbd_conn_handler_loop()`.
Thanks,
ChenXiaoSong.
On 12/18/25 11:09 PM, ChenXiaoSong wrote:
> `ksmbd_conn_handler_loop()` calls `get_rfc1002_len()`. Does this need to
> be updated as well?
>
> Thanks,
> ChenXiaoSong.
>
> On 12/18/25 10:48 PM, David Howells wrote:
>> Hi Namjae,
>>
>> Does this (untested) patch fix the problem for you?
>>
>> David
>> ---
>> The commit that removed the RFC1002 header from struct smb_hdr didn't
>> also
>> fix the places in ksmbd that use it in order to provide graceful
>> rejection
>> of SMB1 protocol requests.
>>
>> Fixes: 83bfbd0bb902 ("cifs: Remove the RFC1002 header from smb_hdr")
>> Reported-by: Namjae Jeon <linkinjeon@kernel.org>
>> Link: https://lore.kernel.org/r/
>> CAKYAXd9Ju4MFkkH5Jxfi1mO0AWEr=R35M3vQ_Xa7Yw34JoNZ0A@mail.gmail.com/
>> Signed-off-by: David Howells <dhowells@redhat.com>
>> cc: Steve French <sfrench@samba.org>
>> cc: Sergey Senozhatsky <senozhatsky@chromium.org>
>> cc: Tom Talpey <tom@talpey.com>
>> cc: Paulo Alcantara <pc@manguebit.org>
>> cc: Shyam Prasad N <sprasad@microsoft.com>
>> cc: linux-cifs@vger.kernel.org
>> cc: netfs@lists.linux.dev
>> cc: linux-fsdevel@vger.kernel.org
>> ---
>> fs/smb/server/server.c | 2 +-
>> fs/smb/server/smb_common.c | 10 +++++-----
>> 2 files changed, 6 insertions(+), 6 deletions(-)
>>
>> diff --git a/fs/smb/server/server.c b/fs/smb/server/server.c
>> index 3cea16050e4f..bedc8390b6db 100644
>> --- a/fs/smb/server/server.c
>> +++ b/fs/smb/server/server.c
>> @@ -95,7 +95,7 @@ static inline int check_conn_state(struct ksmbd_work
>> *work)
>> if (ksmbd_conn_exiting(work->conn) ||
>> ksmbd_conn_need_reconnect(work->conn)) {
>> - rsp_hdr = work->response_buf;
>> + rsp_hdr = smb2_get_msg(work->response_buf);
>> rsp_hdr->Status.CifsError = STATUS_CONNECTION_DISCONNECTED;
>> return 1;
>> }
>> diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c
>> index b23203a1c286..d6084580b59d 100644
>> --- a/fs/smb/server/smb_common.c
>> +++ b/fs/smb/server/smb_common.c
>> @@ -140,7 +140,7 @@ int ksmbd_verify_smb_message(struct ksmbd_work *work)
>> if (smb2_hdr->ProtocolId == SMB2_PROTO_NUMBER)
>> return ksmbd_smb2_check_message(work);
>> - hdr = work->request_buf;
>> + hdr = smb2_get_msg(work->request_buf);
>> if (*(__le32 *)hdr->Protocol == SMB1_PROTO_NUMBER &&
>> hdr->Command == SMB_COM_NEGOTIATE) {
>> work->conn->outstanding_credits++;
>> @@ -278,7 +278,6 @@ static int ksmbd_negotiate_smb_dialect(void *buf)
>> req->DialectCount);
>> }
>> - proto = *(__le32 *)((struct smb_hdr *)buf)->Protocol;
>> if (proto == SMB1_PROTO_NUMBER) {
>> struct smb_negotiate_req *req;
>> @@ -320,8 +319,8 @@ static u16 get_smb1_cmd_val(struct ksmbd_work *work)
>> */
>> static int init_smb1_rsp_hdr(struct ksmbd_work *work)
>> {
>> - struct smb_hdr *rsp_hdr = (struct smb_hdr *)work->response_buf;
>> - struct smb_hdr *rcv_hdr = (struct smb_hdr *)work->request_buf;
>> + struct smb_hdr *rsp_hdr = (struct smb_hdr *)smb2_get_msg(work-
>> >response_buf);
>> + struct smb_hdr *rcv_hdr = (struct smb_hdr *)smb2_get_msg(work-
>> >request_buf);
>> rsp_hdr->Command = SMB_COM_NEGOTIATE;
>> *(__le32 *)rsp_hdr->Protocol = SMB1_PROTO_NUMBER;
>> @@ -412,9 +411,10 @@ static int init_smb1_server(struct ksmbd_conn *conn)
>> int ksmbd_init_smb_server(struct ksmbd_conn *conn)
>> {
>> + struct smb_hdr *rcv_hdr = (struct smb_hdr *)smb2_get_msg(conn-
>> >request_buf);
>> __le32 proto;
>> - proto = *(__le32 *)((struct smb_hdr *)conn->request_buf)->Protocol;
>> + proto = *(__le32 *)rcv_hdr->Protocol;
>> if (conn->need_neg == false) {
>> if (proto == SMB1_PROTO_NUMBER)
>> return -EINVAL;
>>
>>
>
next prev parent reply other threads:[~2025-12-18 15:47 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-18 14:48 [PATCH] ksmbd: Fix to handle removal of rfc1002 header from smb_hdr David Howells
2025-12-18 15:09 ` ChenXiaoSong
2025-12-18 15:46 ` ChenXiaoSong [this message]
2025-12-18 15:55 ` Namjae Jeon
2025-12-18 16:01 ` David Howells
2025-12-18 16:49 ` ChenXiaoSong
2025-12-18 16:21 ` Namjae Jeon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cb002f72-3e2a-4d23-b08d-f6d987a29661@linux.dev \
--to=chenxiaosong.chenxiaosong@linux.dev \
--cc=dhowells@redhat.com \
--cc=linkinjeon@kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netfs@lists.linux.dev \
--cc=pc@manguebit.org \
--cc=senozhatsky@chromium.org \
--cc=sfrench@samba.org \
--cc=sprasad@microsoft.com \
--cc=tom@talpey.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.