From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Namjae Jeon <linkinjeon@kernel.org>,
Steve French <stfrench@microsoft.com>
Subject: [PATCH 6.4 05/32] ksmbd: reduce descriptor size if remaining bytes is less than request size
Date: Mon, 4 Sep 2023 19:30:03 +0100 [thread overview]
Message-ID: <20230904182948.146317808@linuxfoundation.org> (raw)
In-Reply-To: <20230904182947.899158313@linuxfoundation.org>
6.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Namjae Jeon <linkinjeon@kernel.org>
commit e628bf939aafb61fbc56e9bdac8795cea5127e25 upstream.
Create 3 kinds of files to reproduce this problem.
dd if=/dev/urandom of=127k.bin bs=1024 count=127
dd if=/dev/urandom of=128k.bin bs=1024 count=128
dd if=/dev/urandom of=129k.bin bs=1024 count=129
When copying files from ksmbd share to windows or cifs.ko, The following
error message happen from windows client.
"The file '129k.bin' is too large for the destination filesystem."
We can see the error logs from ksmbd debug prints
[48394.611537] ksmbd: RDMA r/w request 0x0: token 0x669d, length 0x20000
[48394.612054] ksmbd: smb_direct: RDMA write, len 0x20000, needed credits 0x1
[48394.612572] ksmbd: filename 129k.bin, offset 131072, len 131072
[48394.614189] ksmbd: nbytes 1024, offset 132096 mincount 0
[48394.614585] ksmbd: Failed to process 8 [-22]
And we can reproduce it with cifs.ko,
e.g. dd if=129k.bin of=/dev/null bs=128KB count=2
This problem is that ksmbd rdma return error if remaining bytes is less
than Length of Buffer Descriptor V1 Structure.
smb_direct_rdma_xmit()
...
if (desc_buf_len == 0 || total_length > buf_len ||
total_length > t->max_rdma_rw_size)
return -EINVAL;
This patch reduce descriptor size with remaining bytes and remove the
check for total_length and buf_len.
Cc: stable@vger.kernel.org
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/smb/server/transport_rdma.c | 25 ++++++++++++++++++-------
1 file changed, 18 insertions(+), 7 deletions(-)
--- a/fs/smb/server/transport_rdma.c
+++ b/fs/smb/server/transport_rdma.c
@@ -1366,24 +1366,35 @@ static int smb_direct_rdma_xmit(struct s
LIST_HEAD(msg_list);
char *desc_buf;
int credits_needed;
- unsigned int desc_buf_len;
- size_t total_length = 0;
+ unsigned int desc_buf_len, desc_num = 0;
if (t->status != SMB_DIRECT_CS_CONNECTED)
return -ENOTCONN;
+ if (buf_len > t->max_rdma_rw_size)
+ return -EINVAL;
+
/* calculate needed credits */
credits_needed = 0;
desc_buf = buf;
for (i = 0; i < desc_len / sizeof(*desc); i++) {
+ if (!buf_len)
+ break;
+
desc_buf_len = le32_to_cpu(desc[i].length);
+ if (!desc_buf_len)
+ return -EINVAL;
+
+ if (desc_buf_len > buf_len) {
+ desc_buf_len = buf_len;
+ desc[i].length = cpu_to_le32(desc_buf_len);
+ buf_len = 0;
+ }
credits_needed += calc_rw_credits(t, desc_buf, desc_buf_len);
desc_buf += desc_buf_len;
- total_length += desc_buf_len;
- if (desc_buf_len == 0 || total_length > buf_len ||
- total_length > t->max_rdma_rw_size)
- return -EINVAL;
+ buf_len -= desc_buf_len;
+ desc_num++;
}
ksmbd_debug(RDMA, "RDMA %s, len %#x, needed credits %#x\n",
@@ -1395,7 +1406,7 @@ static int smb_direct_rdma_xmit(struct s
/* build rdma_rw_ctx for each descriptor */
desc_buf = buf;
- for (i = 0; i < desc_len / sizeof(*desc); i++) {
+ for (i = 0; i < desc_num; i++) {
msg = kzalloc(offsetof(struct smb_direct_rdma_rw_msg, sg_list) +
sizeof(struct scatterlist) * SG_CHUNK_SIZE, GFP_KERNEL);
if (!msg) {
next prev parent reply other threads:[~2023-09-04 18:33 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-04 18:29 [PATCH 6.4 00/32] 6.4.15-rc1 review Greg Kroah-Hartman
2023-09-04 18:29 ` [PATCH 6.4 01/32] erofs: ensure that the post-EOF tails are all zeroed Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 02/32] ksmbd: fix wrong DataOffset validation of create context Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 03/32] ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 04/32] ksmbd: replace one-element array with flex-array member in struct smb2_ea_info Greg Kroah-Hartman
2023-09-04 18:30 ` Greg Kroah-Hartman [this message]
2023-09-04 18:30 ` [PATCH 6.4 06/32] ARM: pxa: remove use of symbol_get() Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 07/32] mmc: au1xmmc: force non-modular build and remove symbol_get usage Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 08/32] net: enetc: use EXPORT_SYMBOL_GPL for enetc_phc_index Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 09/32] rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 10/32] modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 11/32] USB: serial: option: add Quectel EM05G variant (0x030e) Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 12/32] USB: serial: option: add FOXCONN T99W368/T99W373 product Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 13/32] ALSA: usb-audio: Fix init call orders for UAC1 Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 14/32] usb: dwc3: meson-g12a: do post init to fix broken usb after resumption Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 15/32] usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 16/32] HID: wacom: remove the battery when the EKR is off Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 17/32] staging: rtl8712: fix race condition Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 18/32] wifi: mt76: mt7921: do not support one stream on secondary antenna only Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 19/32] wifi: mt76: mt7921: fix skb leak by txs missing in AMSDU Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 20/32] wifi: rtw88: usb: kill and free rx urbs on probe failure Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 21/32] wifi: ath11k: Dont drop tx_status when peer cannot be found Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 22/32] wifi: ath11k: Cleanup mac80211 references on failure during tx_complete Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 23/32] serial: qcom-geni: fix opp vote on shutdown Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 24/32] serial: sc16is7xx: fix broken port 0 uart init Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 25/32] serial: sc16is7xx: fix bug when first setting GPIO direction Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 26/32] firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 27/32] fsi: master-ast-cf: Add MODULE_FIRMWARE macro Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 28/32] tcpm: Avoid soft reset when partner does not support get_status Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 29/32] dt-bindings: sc16is7xx: Add property to change GPIO function Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 30/32] nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 31/32] usb: typec: tcpci: clear the fault status bit Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.4 32/32] pinctrl: amd: Dont show `Invalid config param` errors Greg Kroah-Hartman
2023-09-05 0:09 ` [PATCH 6.4 00/32] 6.4.15-rc1 review Joel Fernandes
2023-09-05 4:28 ` Bagas Sanjaya
2023-09-05 8:28 ` Naresh Kamboju
2023-09-05 9:41 ` Sudip Mukherjee (Codethink)
2023-09-05 11:08 ` Jon Hunter
2023-09-05 17:09 ` Justin Forbes
2023-09-05 20:54 ` Shuah Khan
2023-09-05 21:01 ` Florian Fainelli
2023-09-05 23:06 ` Ron Economos
2023-09-06 5:13 ` SeongJae Park
2023-09-06 17:30 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230904182948.146317808@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linkinjeon@kernel.org \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
--cc=stfrench@microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).