* [PATCH AUTOSEL 6.1 03/17] ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error [not found] <20231204203514.2093855-1-sashal@kernel.org> @ 2023-12-04 20:34 ` Sasha Levin 2023-12-04 20:35 ` [PATCH AUTOSEL 6.1 15/17] smb: client, common: fix fortify warnings Sasha Levin 1 sibling, 0 replies; 3+ messages in thread From: Sasha Levin @ 2023-12-04 20:34 UTC (permalink / raw) To: linux-kernel, stable Cc: Namjae Jeon, Steve French, Sasha Levin, sfrench, linux-cifs From: Namjae Jeon <linkinjeon@kernel.org> [ Upstream commit cd80ce7e68f1624ac29cd0a6b057789d1236641e ] ksmbd set ->op_state as OPLOCK_STATE_NONE on lease break ack error. op_state of lease should not be updated because client can send lease break ack again. This patch fix smb2.lease.breaking2 test failure. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Sasha Levin <sashal@kernel.org> --- fs/smb/server/smb2pdu.c | 1 - 1 file changed, 1 deletion(-) diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 683152007566c..603d9170d28a7 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -8294,7 +8294,6 @@ static void smb21_lease_break_ack(struct ksmbd_work *work) return; err_out: - opinfo->op_state = OPLOCK_STATE_NONE; wake_up_interruptible_all(&opinfo->oplock_q); atomic_dec(&opinfo->breaking_cnt); wake_up_interruptible_all(&opinfo->oplock_brk); -- 2.42.0 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH AUTOSEL 6.1 15/17] smb: client, common: fix fortify warnings [not found] <20231204203514.2093855-1-sashal@kernel.org> 2023-12-04 20:34 ` [PATCH AUTOSEL 6.1 03/17] ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error Sasha Levin @ 2023-12-04 20:35 ` Sasha Levin 2024-04-23 18:57 ` Steve French 1 sibling, 1 reply; 3+ messages in thread From: Sasha Levin @ 2023-12-04 20:35 UTC (permalink / raw) To: linux-kernel, stable Cc: Dmitry Antipov, Namjae Jeon, Steve French, Sasha Levin, sfrench, linux-cifs, samba-technical From: Dmitry Antipov <dmantipov@yandex.ru> [ Upstream commit 0015eb6e12384ff1c589928e84deac2ad1ceb236 ] When compiling with gcc version 14.0.0 20231126 (experimental) and CONFIG_FORTIFY_SOURCE=y, I've noticed the following: In file included from ./include/linux/string.h:295, from ./include/linux/bitmap.h:12, from ./include/linux/cpumask.h:12, from ./arch/x86/include/asm/paravirt.h:17, from ./arch/x86/include/asm/cpuid.h:62, from ./arch/x86/include/asm/processor.h:19, from ./arch/x86/include/asm/cpufeature.h:5, from ./arch/x86/include/asm/thread_info.h:53, from ./include/linux/thread_info.h:60, from ./arch/x86/include/asm/preempt.h:9, from ./include/linux/preempt.h:79, from ./include/linux/spinlock.h:56, from ./include/linux/wait.h:9, from ./include/linux/wait_bit.h:8, from ./include/linux/fs.h:6, from fs/smb/client/smb2pdu.c:18: In function 'fortify_memcpy_chk', inlined from '__SMB2_close' at fs/smb/client/smb2pdu.c:3480:4: ./include/linux/fortify-string.h:588:25: warning: call to '__read_overflow2_field' declared with attribute warning: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Wattribute-warning] 588 | __read_overflow2_field(q_size_field, size); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ and: In file included from ./include/linux/string.h:295, from ./include/linux/bitmap.h:12, from ./include/linux/cpumask.h:12, from ./arch/x86/include/asm/paravirt.h:17, from ./arch/x86/include/asm/cpuid.h:62, from ./arch/x86/include/asm/processor.h:19, from ./arch/x86/include/asm/cpufeature.h:5, from ./arch/x86/include/asm/thread_info.h:53, from ./include/linux/thread_info.h:60, from ./arch/x86/include/asm/preempt.h:9, from ./include/linux/preempt.h:79, from ./include/linux/spinlock.h:56, from ./include/linux/wait.h:9, from ./include/linux/wait_bit.h:8, from ./include/linux/fs.h:6, from fs/smb/client/cifssmb.c:17: In function 'fortify_memcpy_chk', inlined from 'CIFS_open' at fs/smb/client/cifssmb.c:1248:3: ./include/linux/fortify-string.h:588:25: warning: call to '__read_overflow2_field' declared with attribute warning: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Wattribute-warning] 588 | __read_overflow2_field(q_size_field, size); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In both cases, the fortification logic inteprets calls to 'memcpy()' as an attempts to copy an amount of data which exceeds the size of the specified field (i.e. more than 8 bytes from __le64 value) and thus issues an overread warning. Both of these warnings may be silenced by using the convenient 'struct_group()' quirk. Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Sasha Levin <sashal@kernel.org> --- fs/smb/client/cifspdu.h | 24 ++++++++++++++---------- fs/smb/client/cifssmb.c | 6 ++++-- fs/smb/client/smb2pdu.c | 8 +++----- fs/smb/client/smb2pdu.h | 16 +++++++++------- fs/smb/common/smb2pdu.h | 17 ++++++++++------- 5 files changed, 40 insertions(+), 31 deletions(-) diff --git a/fs/smb/client/cifspdu.h b/fs/smb/client/cifspdu.h index c403816d0b6c1..97bb1838555b4 100644 --- a/fs/smb/client/cifspdu.h +++ b/fs/smb/client/cifspdu.h @@ -882,11 +882,13 @@ typedef struct smb_com_open_rsp { __u8 OplockLevel; __u16 Fid; __le32 CreateAction; - __le64 CreationTime; - __le64 LastAccessTime; - __le64 LastWriteTime; - __le64 ChangeTime; - __le32 FileAttributes; + struct_group(common_attributes, + __le64 CreationTime; + __le64 LastAccessTime; + __le64 LastWriteTime; + __le64 ChangeTime; + __le32 FileAttributes; + ); __le64 AllocationSize; __le64 EndOfFile; __le16 FileType; @@ -2268,11 +2270,13 @@ typedef struct { /* QueryFileInfo/QueryPathinfo (also for SetPath/SetFile) data buffer formats */ /******************************************************************************/ typedef struct { /* data block encoding of response to level 263 QPathInfo */ - __le64 CreationTime; - __le64 LastAccessTime; - __le64 LastWriteTime; - __le64 ChangeTime; - __le32 Attributes; + struct_group(common_attributes, + __le64 CreationTime; + __le64 LastAccessTime; + __le64 LastWriteTime; + __le64 ChangeTime; + __le32 Attributes; + ); __u32 Pad1; __le64 AllocationSize; __le64 EndOfFile; /* size ie offset to first free byte in file */ diff --git a/fs/smb/client/cifssmb.c b/fs/smb/client/cifssmb.c index c90d4ec9292ca..67c5fc2b2db94 100644 --- a/fs/smb/client/cifssmb.c +++ b/fs/smb/client/cifssmb.c @@ -1234,8 +1234,10 @@ CIFS_open(const unsigned int xid, struct cifs_open_parms *oparms, int *oplock, *oplock |= CIFS_CREATE_ACTION; if (buf) { - /* copy from CreationTime to Attributes */ - memcpy((char *)buf, (char *)&rsp->CreationTime, 36); + /* copy commonly used attributes */ + memcpy(&buf->common_attributes, + &rsp->common_attributes, + sizeof(buf->common_attributes)); /* the file_info buf is endian converted by caller */ buf->AllocationSize = rsp->AllocationSize; buf->EndOfFile = rsp->EndOfFile; diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c index 847d69d327c2a..aea7770fb5631 100644 --- a/fs/smb/client/smb2pdu.c +++ b/fs/smb/client/smb2pdu.c @@ -3425,12 +3425,10 @@ __SMB2_close(const unsigned int xid, struct cifs_tcon *tcon, } else { trace_smb3_close_done(xid, persistent_fid, tcon->tid, ses->Suid); - /* - * Note that have to subtract 4 since struct network_open_info - * has a final 4 byte pad that close response does not have - */ if (pbuf) - memcpy(pbuf, (char *)&rsp->CreationTime, sizeof(*pbuf) - 4); + memcpy(&pbuf->network_open_info, + &rsp->network_open_info, + sizeof(pbuf->network_open_info)); } atomic_dec(&tcon->num_remote_opens); diff --git a/fs/smb/client/smb2pdu.h b/fs/smb/client/smb2pdu.h index 1237bb86e93a8..8ac99563487c1 100644 --- a/fs/smb/client/smb2pdu.h +++ b/fs/smb/client/smb2pdu.h @@ -339,13 +339,15 @@ struct smb2_file_reparse_point_info { } __packed; struct smb2_file_network_open_info { - __le64 CreationTime; - __le64 LastAccessTime; - __le64 LastWriteTime; - __le64 ChangeTime; - __le64 AllocationSize; - __le64 EndOfFile; - __le32 Attributes; + struct_group(network_open_info, + __le64 CreationTime; + __le64 LastAccessTime; + __le64 LastWriteTime; + __le64 ChangeTime; + __le64 AllocationSize; + __le64 EndOfFile; + __le32 Attributes; + ); __le32 Reserved; } __packed; /* level 34 Query also similar returned in close rsp and open rsp */ diff --git a/fs/smb/common/smb2pdu.h b/fs/smb/common/smb2pdu.h index 9619015d78f29..778c1e3b70bc1 100644 --- a/fs/smb/common/smb2pdu.h +++ b/fs/smb/common/smb2pdu.h @@ -699,13 +699,16 @@ struct smb2_close_rsp { __le16 StructureSize; /* 60 */ __le16 Flags; __le32 Reserved; - __le64 CreationTime; - __le64 LastAccessTime; - __le64 LastWriteTime; - __le64 ChangeTime; - __le64 AllocationSize; /* Beginning of FILE_STANDARD_INFO equivalent */ - __le64 EndOfFile; - __le32 Attributes; + struct_group(network_open_info, + __le64 CreationTime; + __le64 LastAccessTime; + __le64 LastWriteTime; + __le64 ChangeTime; + /* Beginning of FILE_STANDARD_INFO equivalent */ + __le64 AllocationSize; + __le64 EndOfFile; + __le32 Attributes; + ); } __packed; -- 2.42.0 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH AUTOSEL 6.1 15/17] smb: client, common: fix fortify warnings 2023-12-04 20:35 ` [PATCH AUTOSEL 6.1 15/17] smb: client, common: fix fortify warnings Sasha Levin @ 2024-04-23 18:57 ` Steve French 0 siblings, 0 replies; 3+ messages in thread From: Steve French @ 2024-04-23 18:57 UTC (permalink / raw) To: Sasha Levin Cc: linux-kernel, stable, Dmitry Antipov, Namjae Jeon, Steve French, sfrench, linux-cifs, samba-technical Note that kernels that backported this fix will also need this ksmbd fix (fixes a bug when Macs mount to ksmbd) commit 0268a7cc7fdc47d90b6c18859de7718d5059f6f1 Author: Namjae Jeon <linkinjeon@kernel.org> Date: Fri Apr 19 23:46:34 2024 +0900 ksmbd: common: use struct_group_attr instead of struct_group for network_open_info 4byte padding cause the connection issue with the applications of MacOS. smb2_close response size increases by 4 bytes by padding, And the smb client of MacOS check it and stop the connection. This patch use struct_group_attr instead of struct_group for network_open_info to use __packed to avoid padding. Fixes: 0015eb6e1238 ("smb: client, common: fix fortify warnings") Cc: stable@vger.kernel.org Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> On Mon, Dec 4, 2023 at 2:36 PM Sasha Levin <sashal@kernel.org> wrote: > > From: Dmitry Antipov <dmantipov@yandex.ru> > > [ Upstream commit 0015eb6e12384ff1c589928e84deac2ad1ceb236 ] > > When compiling with gcc version 14.0.0 20231126 (experimental) > and CONFIG_FORTIFY_SOURCE=y, I've noticed the following: > > In file included from ./include/linux/string.h:295, > from ./include/linux/bitmap.h:12, > from ./include/linux/cpumask.h:12, > from ./arch/x86/include/asm/paravirt.h:17, > from ./arch/x86/include/asm/cpuid.h:62, > from ./arch/x86/include/asm/processor.h:19, > from ./arch/x86/include/asm/cpufeature.h:5, > from ./arch/x86/include/asm/thread_info.h:53, > from ./include/linux/thread_info.h:60, > from ./arch/x86/include/asm/preempt.h:9, > from ./include/linux/preempt.h:79, > from ./include/linux/spinlock.h:56, > from ./include/linux/wait.h:9, > from ./include/linux/wait_bit.h:8, > from ./include/linux/fs.h:6, > from fs/smb/client/smb2pdu.c:18: > In function 'fortify_memcpy_chk', > inlined from '__SMB2_close' at fs/smb/client/smb2pdu.c:3480:4: > ./include/linux/fortify-string.h:588:25: warning: call to '__read_overflow2_field' > declared with attribute warning: detected read beyond size of field (2nd parameter); > maybe use struct_group()? [-Wattribute-warning] > 588 | __read_overflow2_field(q_size_field, size); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > and: > > In file included from ./include/linux/string.h:295, > from ./include/linux/bitmap.h:12, > from ./include/linux/cpumask.h:12, > from ./arch/x86/include/asm/paravirt.h:17, > from ./arch/x86/include/asm/cpuid.h:62, > from ./arch/x86/include/asm/processor.h:19, > from ./arch/x86/include/asm/cpufeature.h:5, > from ./arch/x86/include/asm/thread_info.h:53, > from ./include/linux/thread_info.h:60, > from ./arch/x86/include/asm/preempt.h:9, > from ./include/linux/preempt.h:79, > from ./include/linux/spinlock.h:56, > from ./include/linux/wait.h:9, > from ./include/linux/wait_bit.h:8, > from ./include/linux/fs.h:6, > from fs/smb/client/cifssmb.c:17: > In function 'fortify_memcpy_chk', > inlined from 'CIFS_open' at fs/smb/client/cifssmb.c:1248:3: > ./include/linux/fortify-string.h:588:25: warning: call to '__read_overflow2_field' > declared with attribute warning: detected read beyond size of field (2nd parameter); > maybe use struct_group()? [-Wattribute-warning] > 588 | __read_overflow2_field(q_size_field, size); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > In both cases, the fortification logic inteprets calls to 'memcpy()' as an > attempts to copy an amount of data which exceeds the size of the specified > field (i.e. more than 8 bytes from __le64 value) and thus issues an overread > warning. Both of these warnings may be silenced by using the convenient > 'struct_group()' quirk. > > Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru> > Acked-by: Namjae Jeon <linkinjeon@kernel.org> > Signed-off-by: Steve French <stfrench@microsoft.com> > Signed-off-by: Sasha Levin <sashal@kernel.org> > --- > fs/smb/client/cifspdu.h | 24 ++++++++++++++---------- > fs/smb/client/cifssmb.c | 6 ++++-- > fs/smb/client/smb2pdu.c | 8 +++----- > fs/smb/client/smb2pdu.h | 16 +++++++++------- > fs/smb/common/smb2pdu.h | 17 ++++++++++------- > 5 files changed, 40 insertions(+), 31 deletions(-) > > diff --git a/fs/smb/client/cifspdu.h b/fs/smb/client/cifspdu.h > index c403816d0b6c1..97bb1838555b4 100644 > --- a/fs/smb/client/cifspdu.h > +++ b/fs/smb/client/cifspdu.h > @@ -882,11 +882,13 @@ typedef struct smb_com_open_rsp { > __u8 OplockLevel; > __u16 Fid; > __le32 CreateAction; > - __le64 CreationTime; > - __le64 LastAccessTime; > - __le64 LastWriteTime; > - __le64 ChangeTime; > - __le32 FileAttributes; > + struct_group(common_attributes, > + __le64 CreationTime; > + __le64 LastAccessTime; > + __le64 LastWriteTime; > + __le64 ChangeTime; > + __le32 FileAttributes; > + ); > __le64 AllocationSize; > __le64 EndOfFile; > __le16 FileType; > @@ -2268,11 +2270,13 @@ typedef struct { > /* QueryFileInfo/QueryPathinfo (also for SetPath/SetFile) data buffer formats */ > /******************************************************************************/ > typedef struct { /* data block encoding of response to level 263 QPathInfo */ > - __le64 CreationTime; > - __le64 LastAccessTime; > - __le64 LastWriteTime; > - __le64 ChangeTime; > - __le32 Attributes; > + struct_group(common_attributes, > + __le64 CreationTime; > + __le64 LastAccessTime; > + __le64 LastWriteTime; > + __le64 ChangeTime; > + __le32 Attributes; > + ); > __u32 Pad1; > __le64 AllocationSize; > __le64 EndOfFile; /* size ie offset to first free byte in file */ > diff --git a/fs/smb/client/cifssmb.c b/fs/smb/client/cifssmb.c > index c90d4ec9292ca..67c5fc2b2db94 100644 > --- a/fs/smb/client/cifssmb.c > +++ b/fs/smb/client/cifssmb.c > @@ -1234,8 +1234,10 @@ CIFS_open(const unsigned int xid, struct cifs_open_parms *oparms, int *oplock, > *oplock |= CIFS_CREATE_ACTION; > > if (buf) { > - /* copy from CreationTime to Attributes */ > - memcpy((char *)buf, (char *)&rsp->CreationTime, 36); > + /* copy commonly used attributes */ > + memcpy(&buf->common_attributes, > + &rsp->common_attributes, > + sizeof(buf->common_attributes)); > /* the file_info buf is endian converted by caller */ > buf->AllocationSize = rsp->AllocationSize; > buf->EndOfFile = rsp->EndOfFile; > diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c > index 847d69d327c2a..aea7770fb5631 100644 > --- a/fs/smb/client/smb2pdu.c > +++ b/fs/smb/client/smb2pdu.c > @@ -3425,12 +3425,10 @@ __SMB2_close(const unsigned int xid, struct cifs_tcon *tcon, > } else { > trace_smb3_close_done(xid, persistent_fid, tcon->tid, > ses->Suid); > - /* > - * Note that have to subtract 4 since struct network_open_info > - * has a final 4 byte pad that close response does not have > - */ > if (pbuf) > - memcpy(pbuf, (char *)&rsp->CreationTime, sizeof(*pbuf) - 4); > + memcpy(&pbuf->network_open_info, > + &rsp->network_open_info, > + sizeof(pbuf->network_open_info)); > } > > atomic_dec(&tcon->num_remote_opens); > diff --git a/fs/smb/client/smb2pdu.h b/fs/smb/client/smb2pdu.h > index 1237bb86e93a8..8ac99563487c1 100644 > --- a/fs/smb/client/smb2pdu.h > +++ b/fs/smb/client/smb2pdu.h > @@ -339,13 +339,15 @@ struct smb2_file_reparse_point_info { > } __packed; > > struct smb2_file_network_open_info { > - __le64 CreationTime; > - __le64 LastAccessTime; > - __le64 LastWriteTime; > - __le64 ChangeTime; > - __le64 AllocationSize; > - __le64 EndOfFile; > - __le32 Attributes; > + struct_group(network_open_info, > + __le64 CreationTime; > + __le64 LastAccessTime; > + __le64 LastWriteTime; > + __le64 ChangeTime; > + __le64 AllocationSize; > + __le64 EndOfFile; > + __le32 Attributes; > + ); > __le32 Reserved; > } __packed; /* level 34 Query also similar returned in close rsp and open rsp */ > > diff --git a/fs/smb/common/smb2pdu.h b/fs/smb/common/smb2pdu.h > index 9619015d78f29..778c1e3b70bc1 100644 > --- a/fs/smb/common/smb2pdu.h > +++ b/fs/smb/common/smb2pdu.h > @@ -699,13 +699,16 @@ struct smb2_close_rsp { > __le16 StructureSize; /* 60 */ > __le16 Flags; > __le32 Reserved; > - __le64 CreationTime; > - __le64 LastAccessTime; > - __le64 LastWriteTime; > - __le64 ChangeTime; > - __le64 AllocationSize; /* Beginning of FILE_STANDARD_INFO equivalent */ > - __le64 EndOfFile; > - __le32 Attributes; > + struct_group(network_open_info, > + __le64 CreationTime; > + __le64 LastAccessTime; > + __le64 LastWriteTime; > + __le64 ChangeTime; > + /* Beginning of FILE_STANDARD_INFO equivalent */ > + __le64 AllocationSize; > + __le64 EndOfFile; > + __le32 Attributes; > + ); > } __packed; > > > -- > 2.42.0 > > -- Thanks, Steve ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-04-23 18:57 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20231204203514.2093855-1-sashal@kernel.org>
2023-12-04 20:34 ` [PATCH AUTOSEL 6.1 03/17] ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error Sasha Levin
2023-12-04 20:35 ` [PATCH AUTOSEL 6.1 15/17] smb: client, common: fix fortify warnings Sasha Levin
2024-04-23 18:57 ` Steve French
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox