[PATCH 3/5] cifs: Fix validation of SMB2_OP_QUERY_WSL_EA response size

Linux CIFS filesystem development
 help / color / mirror / Atom feed

From: "Pali Rohár" <pali@kernel.org>
To: Steve French <sfrench@samba.org>, Paulo Alcantara <pc@manguebit.com>
Cc: linux-cifs@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH 3/5] cifs: Fix validation of SMB2_OP_QUERY_WSL_EA response size
Date: Sun,  8 Jun 2025 19:01:17 +0200	[thread overview]
Message-ID: <20250608170119.6813-4-pali@kernel.org> (raw)
In-Reply-To: <20250608170119.6813-1-pali@kernel.org>

Currently the SMB2_OP_QUERY_WSL_EA checks that response buffer has at least
size SMB2_WSL_MIN_QUERY_EA_RESP_SIZE and maximally it is
SMB2_WSL_MAX_QUERY_EA_RESP_SIZE.

Constant SMB2_WSL_MIN_QUERY_EA_RESP_SIZE is defined wrongly because it
expects that the there are at least 3 EAs. But WSL subsystem has only one
mandatory EA: $LXMOD. So fix the SMB2_WSL_MIN_QUERY_EA_RESP_SIZE to be size
of the structure of one EA.

Relax also SMB2_WSL_MAX_QUERY_EA_RESP_SIZE, calculate maximum size from the
size of the largest EA which is 8 bytes for $LXDEV.

This change allows to recognize WSL CHR and BLK reparse points which have
only $LXMOD and $LXDEV EAs (no $LXUID or $LXGID). WSL subsystem recognize
such reparse points too.

Fixes: ea41367b2a60 ("smb: client: introduce SMB2_OP_QUERY_WSL_EA")
Signed-off-by: Pali Rohár <pali@kernel.org>
---
 fs/smb/client/smb2pdu.h | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/fs/smb/client/smb2pdu.h b/fs/smb/client/smb2pdu.h
index 3c09a58dfd07..cdf0ab9ddbcd 100644
--- a/fs/smb/client/smb2pdu.h
+++ b/fs/smb/client/smb2pdu.h
@@ -425,24 +425,23 @@ struct smb2_create_ea_ctx {
 #define SMB2_WSL_XATTR_MODE		"$LXMOD"
 #define SMB2_WSL_XATTR_DEV		"$LXDEV"
 #define SMB2_WSL_XATTR_NAME_LEN	6
-#define SMB2_WSL_NUM_XATTRS		4
 
 #define SMB2_WSL_XATTR_UID_SIZE	4
 #define SMB2_WSL_XATTR_GID_SIZE	4
 #define SMB2_WSL_XATTR_MODE_SIZE	4
 #define SMB2_WSL_XATTR_DEV_SIZE	8
 
+/* minimal size: at least the smallest EA has to be present */
 #define SMB2_WSL_MIN_QUERY_EA_RESP_SIZE \
-	(ALIGN((SMB2_WSL_NUM_XATTRS - 1) * \
-	       (SMB2_WSL_XATTR_NAME_LEN + 1 + \
-		sizeof(struct smb2_file_full_ea_info)), 4) + \
-	 SMB2_WSL_XATTR_NAME_LEN + 1 + sizeof(struct smb2_file_full_ea_info))
+	(sizeof(struct smb2_file_full_ea_info) + SMB2_WSL_XATTR_NAME_LEN + 1 + 4)
 
+/*
+ * maximal size: all 4 EAs are present,
+ * beginning of each EA structure has to be aligned to 4 bytes,
+ * EAs have different size and can be returned in any other,
+ * use the largest EA size for aligning when calculating maximal size
+ */
 #define SMB2_WSL_MAX_QUERY_EA_RESP_SIZE \
-	(ALIGN(SMB2_WSL_MIN_QUERY_EA_RESP_SIZE + \
-	       SMB2_WSL_XATTR_UID_SIZE + \
-	       SMB2_WSL_XATTR_GID_SIZE + \
-	       SMB2_WSL_XATTR_MODE_SIZE + \
-	       SMB2_WSL_XATTR_DEV_SIZE, 4))
+	4 * ALIGN((sizeof(struct smb2_file_full_ea_info) + SMB2_WSL_XATTR_NAME_LEN + 1 + 8), 4)
 
 #endif				/* _SMB2PDU_H */
-- 
2.20.1

next prev parent reply	other threads:[~2025-06-08 17:01 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-06-08 17:01 [PATCH 0/5] cifs: Fix validation of WSL-style special files Pali Rohár
2025-06-08 17:01 ` [PATCH 1/5] cifs: Remove duplicate fattr->cf_dtype assignment from wsl_to_fattr() function Pali Rohár
2025-06-08 17:01 ` [PATCH 2/5] cifs: Fix validation of EAs for WSL reparse points Pali Rohár
2025-06-08 17:01 ` Pali Rohár [this message]
2025-06-08 21:49   ` [PATCH 3/5] cifs: Fix validation of SMB2_OP_QUERY_WSL_EA response size Paulo Alcantara
2025-06-08 22:15     ` Pali Rohár
2025-06-08 23:10       ` Paulo Alcantara
2025-06-09 22:49         ` Pali Rohár
2025-06-08 17:01 ` [PATCH 4/5] cifs: Query EA $LXMOD in cifs_query_path_info() for WSL reparse points Pali Rohár
2025-06-08 17:01 ` [PATCH 5/5] cifs: Validate presence of EA $LXMOD " Pali Rohár

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:3c09a58dfd0 dfblob:cdf0ab9ddbc )
 OR (
bs:"[PATCH 3/5] cifs: Fix validation of SMB2_OP_QUERY_WSL_EA response size" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250608170119.6813-4-pali@kernel.org \
    --to=pali@kernel.org \
    --cc=linux-cifs@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pc@manguebit.com \
    --cc=sfrench@samba.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox