From: Paulo Alcantara <pc@manguebit.org>
To: "Иван Волченко" <ivolchenko86@gmail.com>
Cc: Maria Alexeeva <alxvmr@altlinux.org>,
smfrench@gmail.com, linux-cifs@vger.kernel.org,
samba-technical@lists.samba.org, tom@talpey.com, vt@altlinux.org
Subject: Re: [PATCH v3 1/1] fs/smb/client/fs_context: Add hostname option for CIFS module to work with domain-based dfs resources with Kerberos authentication
Date: Fri, 27 Feb 2026 18:07:54 -0300 [thread overview]
Message-ID: <05a9968f75f32f9c33a16eb7ab4e66f6@manguebit.org> (raw)
In-Reply-To: <CAG5KTOZ6s4AjE0e66D9CMnZTP68YHzUb6p9nQKgeZeBV9ZVVBw@mail.gmail.com>
Иван Волченко <ivolchenko86@gmail.com> writes:
> пт, 27 февр. 2026 г. в 22:46, Paulo Alcantara <pc@manguebit.org>:
>
>> Maria Alexeeva <alxvmr@altlinux.org> writes:
>>
>> > diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c
>> > index d4291d3a9a48..f0d1895fe4bb 100644
>> > --- a/fs/smb/client/fs_context.c
>> > +++ b/fs/smb/client/fs_context.c
>> > @@ -177,6 +177,7 @@ const struct fs_parameter_spec smb3_fs_parameters[]
>> = {
>> > fsparam_string("password2", Opt_pass2),
>> > fsparam_string("ip", Opt_ip),
>> > fsparam_string("addr", Opt_ip),
>> > + fsparam_string("hostname", Opt_hostname),
>> > fsparam_string("domain", Opt_domain),
>> > fsparam_string("dom", Opt_domain),
>> > fsparam_string("srcaddr", Opt_srcaddr),
>> > @@ -866,16 +867,23 @@ static int smb3_fs_context_validate(struct
>> fs_context *fc)
>> > return -ENOENT;
>> > }
>> >
>> > + if (ctx->got_opt_hostname) {
>> > + kfree(ctx->server_hostname);
>> > + ctx->server_hostname = ctx->opt_hostname;
>> > + pr_notice("changing server hostname to name provided in
>> hostname= option\n");
>>
>> This is just too verbose. Consider using pr_notice_once() or
>> cifs_dbg(VFS | ONCE, ...).
>>
>>
> I intentionally used pr_notice() here because the message corresponds
> to a mount-time event. Using pr_notice_once() would suppress the log
> after the first mount, which would make subsequent mount operations
> invisible in the logs.
> Since this path is only executed during filesystem mount, it should
> not be a high-frequency path. Can You provide scenarios
> when that verbosity is the problem?
Consider an DFS mount with hundreds of DFS links. For every DFS link
accessed and automounted, this message would be get logged for every
mount.
Note that the automount will inherit parent mount's fs context, hence it
will have @got_opt_hostname set to true in the new fs context.
>> > + }
>> > +
>> > if (!ctx->got_ip) {
>> > int len;
>> > - const char *slash;
>> >
>> > - /* No ip= option specified? Try to get it from UNC */
>> > - /* Use the address part of the UNC. */
>> > - slash = strchr(&ctx->UNC[2], '\\');
>> > - len = slash - &ctx->UNC[2];
>> > + /*
>> > + * No ip= option specified? Try to get it from
>> server_hostname
>> > + * Use the address part of the UNC parsed into
>> server_hostname
>> > + * or hostname= option if specified.
>> > + */
>> > + len = strlen(ctx->server_hostname);
>> > if (!cifs_convert_address((struct sockaddr *)&ctx->dstaddr,
>> > - &ctx->UNC[2], len)) {
>> > + ctx->server_hostname, len)) {
>> > pr_err("Unable to determine destination
>> address\n");
>> > return -EHOSTUNREACH;
>> > }
>> > @@ -1591,6 +1599,21 @@ static int smb3_fs_context_parse_param(struct
>> fs_context *fc,
>> > }
>> > ctx->got_ip = true;
>> > break;
>> > + case Opt_hostname:
>> > + if (strnlen(param->string, CIFS_NI_MAXHOST) ==
>> CIFS_NI_MAXHOST) {
>> > + pr_warn("host name too long\n");
>> > + goto cifs_parse_mount_err;
>> > + }
>> > +
>> > + kfree(ctx->opt_hostname);
>> > + ctx->opt_hostname = kstrdup(param->string, GFP_KERNEL);
>> > + if (ctx->opt_hostname == NULL) {
>> > + cifs_errorf(fc, "OOM when copying hostname
>> string\n");
>> > + goto cifs_parse_mount_err;
>> > + }
>>
>> No need to kstrdup() @param->string. You can simply replace it with
>>
>> ctx->opt_hostname = no_free_ptr(param->string);
>>
>> > + cifs_dbg(FYI, "Host name set\n");
>>
>> When debugging is enabled, there will be messages logged saying that
>> 'hostname=' has been passed, so no need for this debug message.
>>
>>
> I use kstrdup similar to other options processing code and to simplify
> further
> processing of the replaced "server_hostname" field (see below).
> I will think about no_free_ptr if it's that important. Is it?
This is an unnecessary memory allocation. Could you point out the other
places where kstrdup() is being used for @param->string in mainline
kernel?
>> + ctx->got_opt_hostname = true;
>> > + break;
>> > case Opt_domain:
>> > if (strnlen(param->string, CIFS_MAX_DOMAINNAME_LEN)
>> > == CIFS_MAX_DOMAINNAME_LEN) {
>> > diff --git a/fs/smb/client/fs_context.h b/fs/smb/client/fs_context.h
>> > index 7af7cbbe4208..ff1a04661ef5 100644
>> > --- a/fs/smb/client/fs_context.h
>> > +++ b/fs/smb/client/fs_context.h
>> > @@ -184,6 +184,7 @@ enum cifs_param {
>> > Opt_pass,
>> > Opt_pass2,
>> > Opt_ip,
>> > + Opt_hostname,
>> > Opt_domain,
>> > Opt_srcaddr,
>> > Opt_iocharset,
>> > @@ -214,6 +215,7 @@ struct smb3_fs_context {
>> > bool gid_specified;
>> > bool sloppy;
>> > bool got_ip;
>> > + bool got_opt_hostname;
>> > bool got_version;
>> > bool got_rsize;
>> > bool got_wsize;
>> > @@ -226,6 +228,7 @@ struct smb3_fs_context {
>> > char *domainname;
>> > char *source;
>> > char *server_hostname;
>> > + char *opt_hostname;
>> > char *UNC;
>> > char *nodename;
>> > char workstation_name[CIFS_MAX_WORKSTATION_LEN];
>>
>> You're introducing a new field to smb3_fs_context structure but forgot
>> to update smb3_fs_context_dup() and smb3_cleanup_fs_context_contents().
>>
>> This will break automounts as well as leak
>> smb3_fs_context::opt_hostname.
>>
>
>
> There is no any leak and there is no need to process "opt_hostname"
> explicitly in smb3_fs_context_dup() and smb3_cleanup_fs_context_contents(),
> because it's just a temporary pointer, that just copied into
> "server_hostname" (if specified, i.e. not null),
What happens if @ctx->opt_hostname was set and an invalid option that
follows it was passed? IIUC, @ctx->server_hostname will not be set to
@ctx->opt_hostname and smb3_cleanup_fs_context_contents() will be
called, without freeing @ctx->opt_hostname.
Besides, regarding the automount I mentioned above, if
@ctx->got_opt_hostname was set, the new mount will set
@ctx->server_hostname to @ctx->opt_hostname, causing an UAF bug.
next prev parent reply other threads:[~2026-02-27 21:07 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-16 15:22 [PATCH] fs/smb/client/fs_context: Add hostname option for CIFS module to work with domain-based dfs resources with Kerberos authentication Maria Alexeeva
2025-06-14 3:42 ` Vitaly Chikunov
2025-07-03 12:59 ` Maria Alexeeva
2025-07-24 22:14 ` Steve French
2025-07-24 22:50 ` Steve French
2025-07-30 16:54 ` Maria Alexeeva
2025-07-30 17:03 ` [PATCH v2] fs/smb/client/fs_context: Add dfs_domain_hostname " Maria Alexeeva
2025-07-30 17:09 ` [PATCH] mount.cifs: add support for domain-based DFS targets with Kerberos via hostname resolution Maria Alexeeva
2025-07-31 14:00 ` [PATCH] fs/smb/client/fs_context: Add hostname option for CIFS module to work with domain-based dfs resources with Kerberos authentication Steve French
2025-09-08 13:24 ` Maria Alexeeva
2025-12-30 16:47 ` [PATCH v3 0/1] Add hostname option for CIFS module Maria Alexeeva
2025-12-30 16:47 ` [PATCH v3 1/1] fs/smb/client/fs_context: Add hostname option for CIFS module to work with domain-based dfs resources with Kerberos authentication Maria Alexeeva
2026-02-23 18:02 ` Steve French
2026-02-27 18:46 ` Paulo Alcantara
[not found] ` <CAG5KTOZ6s4AjE0e66D9CMnZTP68YHzUb6p9nQKgeZeBV9ZVVBw@mail.gmail.com>
2026-02-27 21:07 ` Paulo Alcantara [this message]
2025-12-30 16:50 ` [PATCH v2] mount.cifs: add support for domain-based DFS targets with Kerberos via hostname resolution Maria Alexeeva
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=05a9968f75f32f9c33a16eb7ab4e66f6@manguebit.org \
--to=pc@manguebit.org \
--cc=alxvmr@altlinux.org \
--cc=ivolchenko86@gmail.com \
--cc=linux-cifs@vger.kernel.org \
--cc=samba-technical@lists.samba.org \
--cc=smfrench@gmail.com \
--cc=tom@talpey.com \
--cc=vt@altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox