[PATCH] cifs: do not include page data when checking signature

linux-cifs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] cifs: do not include page data when checking signature
@ 2023-01-18 17:06 Enzo Matsumiya
  2023-01-18 20:06 ` Paulo Alcantara
  0 siblings, 1 reply; 7+ messages in thread
From: Enzo Matsumiya @ 2023-01-18 17:06 UTC (permalink / raw)
  To: linux-cifs; +Cc: smfrench, pc, ronniesahlberg, nspmangalore

On async reads, page data is allocated before sending.  When the
response is received but it has no data to fill (e.g.
STATUS_END_OF_FILE), __calc_signature() will still include the pages in
its computation, leading to an invalid signature check.

This patch fixes this by not setting the async read smb_rqst page data
(zeroed by default) if its got_bytes is 0.

This can be reproduced/verified with xfstests generic/465.

Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
---
 fs/cifs/smb2pdu.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 4b71f4a92f76..2c9ffa921e6f 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -4163,12 +4163,15 @@ smb2_readv_callback(struct mid_q_entry *mid)
 				(struct smb2_hdr *)rdata->iov[0].iov_base;
 	struct cifs_credits credits = { .value = 0, .instance = 0 };
 	struct smb_rqst rqst = { .rq_iov = &rdata->iov[1],
-				 .rq_nvec = 1,
-				 .rq_pages = rdata->pages,
-				 .rq_offset = rdata->page_offset,
-				 .rq_npages = rdata->nr_pages,
-				 .rq_pagesz = rdata->pagesz,
-				 .rq_tailsz = rdata->tailsz };
+				 .rq_nvec = 1, };
+
+	if (rdata->got_bytes) {
+		rqst.rq_pages = rdata->pages;
+		rqst.rq_offset = rdata->page_offset;
+		rqst.rq_npages = rdata->nr_pages;
+		rqst.rq_pagesz = rdata->pagesz;
+		rqst.rq_tailsz = rdata->tailsz;
+	}
 
 	WARN_ONCE(rdata->server != mid->server,
 		  "rdata server %p != mid server %p",
-- 
2.35.3


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [PATCH] cifs: do not include page data when checking signature
  2023-01-18 17:06 [PATCH] cifs: do not include page data when checking signature Enzo Matsumiya
@ 2023-01-18 20:06 ` Paulo Alcantara
  2023-01-18 20:50   ` Steve French
  2023-01-18 22:07   ` Steve French
  0 siblings, 2 replies; 7+ messages in thread
From: Paulo Alcantara @ 2023-01-18 20:06 UTC (permalink / raw)
  To: Enzo Matsumiya, linux-cifs; +Cc: smfrench, ronniesahlberg, nspmangalore

Enzo Matsumiya <ematsumiya@suse.de> writes:

> On async reads, page data is allocated before sending.  When the
> response is received but it has no data to fill (e.g.
> STATUS_END_OF_FILE), __calc_signature() will still include the pages in
> its computation, leading to an invalid signature check.
>
> This patch fixes this by not setting the async read smb_rqst page data
> (zeroed by default) if its got_bytes is 0.
>
> This can be reproduced/verified with xfstests generic/465.
>
> Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
> ---
>  fs/cifs/smb2pdu.c | 15 +++++++++------
>  1 file changed, 9 insertions(+), 6 deletions(-)

Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] cifs: do not include page data when checking signature
  2023-01-18 20:06 ` Paulo Alcantara
@ 2023-01-18 20:50   ` Steve French
  2023-01-18 22:07   ` Steve French
  1 sibling, 0 replies; 7+ messages in thread
From: Steve French @ 2023-01-18 20:50 UTC (permalink / raw)
  To: Paulo Alcantara; +Cc: Enzo Matsumiya, linux-cifs, ronniesahlberg, nspmangalore

merged into cifs-2.6.git for-next pending additional testing

On Wed, Jan 18, 2023 at 2:07 PM Paulo Alcantara <pc@cjr.nz> wrote:
>
> Enzo Matsumiya <ematsumiya@suse.de> writes:
>
> > On async reads, page data is allocated before sending.  When the
> > response is received but it has no data to fill (e.g.
> > STATUS_END_OF_FILE), __calc_signature() will still include the pages in
> > its computation, leading to an invalid signature check.
> >
> > This patch fixes this by not setting the async read smb_rqst page data
> > (zeroed by default) if its got_bytes is 0.
> >
> > This can be reproduced/verified with xfstests generic/465.
> >
> > Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
> > ---
> >  fs/cifs/smb2pdu.c | 15 +++++++++------
> >  1 file changed, 9 insertions(+), 6 deletions(-)
>
> Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>



-- 
Thanks,

Steve

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] cifs: do not include page data when checking signature
  2023-01-18 20:06 ` Paulo Alcantara
  2023-01-18 20:50   ` Steve French
@ 2023-01-18 22:07   ` Steve French
  2023-01-18 22:17     ` Paulo Alcantara
  1 sibling, 1 reply; 7+ messages in thread
From: Steve French @ 2023-01-18 22:07 UTC (permalink / raw)
  To: Paulo Alcantara; +Cc: Enzo Matsumiya, linux-cifs, ronniesahlberg, nspmangalore

I wasn't able to reproduce this with generic/465 - at least not
running to current Samba.  Any thoughts on how to reproduce the
original problem?

On Wed, Jan 18, 2023 at 2:07 PM Paulo Alcantara <pc@cjr.nz> wrote:
>
> Enzo Matsumiya <ematsumiya@suse.de> writes:
>
> > On async reads, page data is allocated before sending.  When the
> > response is received but it has no data to fill (e.g.
> > STATUS_END_OF_FILE), __calc_signature() will still include the pages in
> > its computation, leading to an invalid signature check.
> >
> > This patch fixes this by not setting the async read smb_rqst page data
> > (zeroed by default) if its got_bytes is 0.
> >
> > This can be reproduced/verified with xfstests generic/465.
> >
> > Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
> > ---
> >  fs/cifs/smb2pdu.c | 15 +++++++++------
> >  1 file changed, 9 insertions(+), 6 deletions(-)
>
> Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>



-- 
Thanks,

Steve

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] cifs: do not include page data when checking signature
  2023-01-18 22:07   ` Steve French
@ 2023-01-18 22:17     ` Paulo Alcantara
       [not found]       ` <CAH2r5mt2UvW32AZrvjde75NL3V5qWLbc=WTTdaLZsi2B4oYEhA@mail.gmail.com>
  0 siblings, 1 reply; 7+ messages in thread
From: Paulo Alcantara @ 2023-01-18 22:17 UTC (permalink / raw)
  To: Steve French; +Cc: Enzo Matsumiya, linux-cifs, ronniesahlberg, nspmangalore

Steve French <smfrench@gmail.com> writes:

> I wasn't able to reproduce this with generic/465 - at least not
> running to current Samba.  Any thoughts on how to reproduce the
> original problem?

The test actually doesn't fail.  You can, however, observe the signature
verification failures on dmesg while running it, e.g.

        CIFS: VFS: \\ada.test\test SMB signature verification returned error = -13

^ permalink raw reply	[flat|nested] 7+ messages in thread

[parent not found: <CAH2r5mt2UvW32AZrvjde75NL3V5qWLbc=WTTdaLZsi2B4oYEhA@mail.gmail.com>]

* Re: [PATCH] cifs: do not include page data when checking signature
       [not found]       ` <CAH2r5mt2UvW32AZrvjde75NL3V5qWLbc=WTTdaLZsi2B4oYEhA@mail.gmail.com>
@ 2023-01-18 22:31         ` ronnie sahlberg
  2023-01-18 22:59           ` Paulo Alcantara
  0 siblings, 1 reply; 7+ messages in thread
From: ronnie sahlberg @ 2023-01-18 22:31 UTC (permalink / raw)
  To: Steve French; +Cc: Paulo Alcantara, Enzo Matsumiya, CIFS, Shyam Prasad N

We should update the buildbot so we clear dmesg before every test and
then check for and fail any test that results in something unexpected.

On Thu, 19 Jan 2023 at 08:18, Steve French <smfrench@gmail.com> wrote:
>
> Aah yes. I see it now
>
> On Wed, Jan 18, 2023, 16:17 Paulo Alcantara <pc@cjr.nz> wrote:
>>
>> Steve French <smfrench@gmail.com> writes:
>>
>> > I wasn't able to reproduce this with generic/465 - at least not
>> > running to current Samba.  Any thoughts on how to reproduce the
>> > original problem?
>>
>> The test actually doesn't fail.  You can, however, observe the signature
>> verification failures on dmesg while running it, e.g.
>>
>>         CIFS: VFS: \\ada.test\test SMB signature verification returned error = -13

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] cifs: do not include page data when checking signature
  2023-01-18 22:31         ` ronnie sahlberg
@ 2023-01-18 22:59           ` Paulo Alcantara
  0 siblings, 0 replies; 7+ messages in thread
From: Paulo Alcantara @ 2023-01-18 22:59 UTC (permalink / raw)
  To: ronnie sahlberg, Steve French; +Cc: Enzo Matsumiya, CIFS, Shyam Prasad N

ronnie sahlberg <ronniesahlberg@gmail.com> writes:

> We should update the buildbot so we clear dmesg before every test and
> then check for and fail any test that results in something unexpected.

Yes, agreed.

Our internal buildbot does this after running a single test

        bad_dmesg_rx = re.compile(r'Call trace:|blocked for more than.*seconds|BUG: sleeping function called from invalid context|^WARNING|possible recursive locking detected')
        if bad_dmesg_rx.search(dmesg):
            ...

We should probably have 'CIFS VFS:' in that regex as well.

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2023-01-18 22:59 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-01-18 17:06 [PATCH] cifs: do not include page data when checking signature Enzo Matsumiya
2023-01-18 20:06 ` Paulo Alcantara
2023-01-18 20:50   ` Steve French
2023-01-18 22:07   ` Steve French
2023-01-18 22:17     ` Paulo Alcantara
     [not found]       ` <CAH2r5mt2UvW32AZrvjde75NL3V5qWLbc=WTTdaLZsi2B4oYEhA@mail.gmail.com>
2023-01-18 22:31         ` ronnie sahlberg
2023-01-18 22:59           ` Paulo Alcantara

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).