From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Enzo Matsumiya <ematsumiya@suse.de>,
"Paulo Alcantara (SUSE)" <pc@cjr.nz>,
Steve French <stfrench@microsoft.com>
Subject: [PATCH 5.4 33/55] cifs: do not include page data when checking signature
Date: Sun, 22 Jan 2023 16:04:20 +0100 [thread overview]
Message-ID: <20230122150223.578637995@linuxfoundation.org> (raw)
In-Reply-To: <20230122150222.210885219@linuxfoundation.org>
From: Enzo Matsumiya <ematsumiya@suse.de>
commit 30b2b2196d6e4cc24cbec633535a2404f258ce69 upstream.
On async reads, page data is allocated before sending. When the
response is received but it has no data to fill (e.g.
STATUS_END_OF_FILE), __calc_signature() will still include the pages in
its computation, leading to an invalid signature check.
This patch fixes this by not setting the async read smb_rqst page data
(zeroed by default) if its got_bytes is 0.
This can be reproduced/verified with xfstests generic/465.
Cc: <stable@vger.kernel.org>
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/smb2pdu.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -3639,12 +3639,15 @@ smb2_readv_callback(struct mid_q_entry *
(struct smb2_sync_hdr *)rdata->iov[0].iov_base;
struct cifs_credits credits = { .value = 0, .instance = 0 };
struct smb_rqst rqst = { .rq_iov = &rdata->iov[1],
- .rq_nvec = 1,
- .rq_pages = rdata->pages,
- .rq_offset = rdata->page_offset,
- .rq_npages = rdata->nr_pages,
- .rq_pagesz = rdata->pagesz,
- .rq_tailsz = rdata->tailsz };
+ .rq_nvec = 1, };
+
+ if (rdata->got_bytes) {
+ rqst.rq_pages = rdata->pages;
+ rqst.rq_offset = rdata->page_offset;
+ rqst.rq_npages = rdata->nr_pages;
+ rqst.rq_pagesz = rdata->pagesz;
+ rqst.rq_tailsz = rdata->tailsz;
+ }
cifs_dbg(FYI, "%s: mid=%llu state=%d result=%d bytes=%u\n",
__func__, mid->mid, mid->mid_state, rdata->result,
next prev parent reply other threads:[~2023-01-22 15:09 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-22 15:03 [PATCH 5.4 00/55] 5.4.230-rc1 review Greg Kroah-Hartman
2023-01-22 15:03 ` [PATCH 5.4 01/55] pNFS/filelayout: Fix coalescing test for single DS Greg Kroah-Hartman
2023-01-22 15:03 ` [PATCH 5.4 02/55] selftests/bpf: check null propagation only neither reg is PTR_TO_BTF_ID Greg Kroah-Hartman
2023-01-22 15:03 ` [PATCH 5.4 03/55] net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats Greg Kroah-Hartman
2023-01-22 15:03 ` [PATCH 5.4 04/55] RDMA/srp: Move large values to a new enum for gcc13 Greg Kroah-Hartman
2023-01-22 15:03 ` [PATCH 5.4 05/55] f2fs: lets avoid panic if extent_tree is not created Greg Kroah-Hartman
2023-01-22 15:03 ` [PATCH 5.4 06/55] wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices Greg Kroah-Hartman
2023-01-22 15:03 ` [PATCH 5.4 07/55] Add exception protection processing for vd in axi_chan_handle_err function Greg Kroah-Hartman
2023-01-22 15:03 ` [PATCH 5.4 08/55] nilfs2: fix general protection fault in nilfs_btree_insert() Greg Kroah-Hartman
2023-01-22 15:03 ` [PATCH 5.4 09/55] efi: fix userspace infinite retry read efivars after EFI runtime services page fault Greg Kroah-Hartman
2023-01-22 15:03 ` [PATCH 5.4 10/55] drm/i915/gt: Reset twice Greg Kroah-Hartman
2023-01-22 15:03 ` [PATCH 5.4 11/55] ALSA: hda/realtek - Turn on power early Greg Kroah-Hartman
2023-01-22 15:03 ` [PATCH 5.4 12/55] xhci-pci: set the dma max_seg_size Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 13/55] usb: xhci: Check endpoint is valid before dereferencing it Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 14/55] xhci: Fix null pointer dereference when host dies Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 15/55] xhci: Add update_hub_device override for PCI xHCI hosts Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 16/55] xhci: Add a flag to disable USB3 lpm on a xhci root port level Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 17/55] usb: acpi: add helper to check port lpm capability using acpi _DSM Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 18/55] xhci: Detect lpm incapable xHC USB3 roothub ports from ACPI tables Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 19/55] prlimit: do_prlimit needs to have a speculation check Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 20/55] USB: serial: option: add Quectel EM05-G (GR) modem Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 21/55] USB: serial: option: add Quectel EM05-G (CS) modem Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 22/55] USB: serial: option: add Quectel EM05-G (RS) modem Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 23/55] USB: serial: option: add Quectel EC200U modem Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 24/55] USB: serial: option: add Quectel EM05CN (SG) modem Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 25/55] USB: serial: option: add Quectel EM05CN modem Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 26/55] USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 27/55] misc: fastrpc: Dont remove map on creater_process and device_release Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 28/55] misc: fastrpc: Fix use-after-free race condition for maps Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 29/55] usb: core: hub: disable autosuspend for TI TUSB8041 Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 30/55] comedi: adv_pci1760: Fix PWM instruction handling Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 31/55] mmc: sunxi-mmc: Fix clock refcount imbalance during unbind Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 32/55] btrfs: fix race between quota rescan and disable leading to NULL pointer deref Greg Kroah-Hartman
2023-01-22 15:04 ` Greg Kroah-Hartman [this message]
2023-01-22 15:04 ` [PATCH 5.4 34/55] USB: gadgetfs: Fix race between mounting and unmounting Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 35/55] USB: serial: cp210x: add SCALANCE LPE-9000 device id Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 36/55] usb: host: ehci-fsl: Fix module alias Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 37/55] usb: typec: altmodes/displayport: Add pin assignment helper Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 38/55] usb: typec: altmodes/displayport: Fix pin assignment calculation Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 39/55] usb: gadget: g_webcam: Send color matching descriptor per frame Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 40/55] usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 41/55] usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 42/55] dt-bindings: phy: g12a-usb3-pcie-phy: fix compatible string documentation Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 43/55] serial: pch_uart: Pass correct sg to dma_unmap_sg() Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 44/55] dmaengine: tegra210-adma: fix global intr clear Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 45/55] serial: atmel: fix incorrect baudrate setup Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 46/55] gsmi: fix null-deref in gsmi_get_variable Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 47/55] drm/i915: re-disable RC6p on Sandy Bridge Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 48/55] drm/amd/display: Fix set scaling doesns work Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 49/55] drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 50/55] x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 51/55] arch: fix broken BuildID for arm64 and riscv Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 52/55] s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 53/55] powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 54/55] powerpc/vmlinux.lds: Dont discard .rela* for relocatable builds Greg Kroah-Hartman
2023-01-22 15:04 ` [PATCH 5.4 55/55] powerpc/vmlinux.lds: Dont discard .comment Greg Kroah-Hartman
2023-01-23 7:09 ` [PATCH 5.4 00/55] 5.4.230-rc1 review Naresh Kamboju
2023-01-23 11:19 ` Sudip Mukherjee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230122150223.578637995@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ematsumiya@suse.de \
--cc=patches@lists.linux.dev \
--cc=pc@cjr.nz \
--cc=stable@vger.kernel.org \
--cc=stfrench@microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox