From: Namjae Jeon <linkinjeon@kernel.org>
To: gregkh@linuxfoundation.org, stable@vger.kernel.org
Cc: smfrench@gmail.com, Namjae Jeon <linkinjeon@kernel.org>,
Marios Makassikis <mmakassikis@freebox.fr>,
Steve French <stfrench@microsoft.com>
Subject: [PATCH 5.15.y 149/154] ksmbd: fix possible deadlock in smb2_open
Date: Tue, 19 Dec 2023 00:34:49 +0900 [thread overview]
Message-ID: <20231218153454.8090-150-linkinjeon@kernel.org> (raw)
In-Reply-To: <20231218153454.8090-1-linkinjeon@kernel.org>
[ Upstream commit 864fb5d3716303a045c3ffb397f651bfd37bfb36 ]
[ 8743.393379] ======================================================
[ 8743.393385] WARNING: possible circular locking dependency detected
[ 8743.393391] 6.4.0-rc1+ #11 Tainted: G OE
[ 8743.393397] ------------------------------------------------------
[ 8743.393402] kworker/0:2/12921 is trying to acquire lock:
[ 8743.393408] ffff888127a14460 (sb_writers#8){.+.+}-{0:0}, at: ksmbd_vfs_setxattr+0x3d/0xd0 [ksmbd]
[ 8743.393510]
but task is already holding lock:
[ 8743.393515] ffff8880360d97f0 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: ksmbd_vfs_kern_path_locked+0x181/0x670 [ksmbd]
[ 8743.393618]
which lock already depends on the new lock.
[ 8743.393623]
the existing dependency chain (in reverse order) is:
[ 8743.393628]
-> #1 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}:
[ 8743.393648] down_write_nested+0x9a/0x1b0
[ 8743.393660] filename_create+0x128/0x270
[ 8743.393670] do_mkdirat+0xab/0x1f0
[ 8743.393680] __x64_sys_mkdir+0x47/0x60
[ 8743.393690] do_syscall_64+0x5d/0x90
[ 8743.393701] entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 8743.393711]
-> #0 (sb_writers#8){.+.+}-{0:0}:
[ 8743.393728] __lock_acquire+0x2201/0x3b80
[ 8743.393737] lock_acquire+0x18f/0x440
[ 8743.393746] mnt_want_write+0x5f/0x240
[ 8743.393755] ksmbd_vfs_setxattr+0x3d/0xd0 [ksmbd]
[ 8743.393839] ksmbd_vfs_set_dos_attrib_xattr+0xcc/0x110 [ksmbd]
[ 8743.393924] compat_ksmbd_vfs_set_dos_attrib_xattr+0x39/0x50 [ksmbd]
[ 8743.394010] smb2_open+0x3432/0x3cc0 [ksmbd]
[ 8743.394099] handle_ksmbd_work+0x2c9/0x7b0 [ksmbd]
[ 8743.394187] process_one_work+0x65a/0xb30
[ 8743.394198] worker_thread+0x2cf/0x700
[ 8743.394209] kthread+0x1ad/0x1f0
[ 8743.394218] ret_from_fork+0x29/0x50
This patch add mnt_want_write() above parent inode lock and remove
nested mnt_want_write calls in smb2_open().
Fixes: 40b268d384a2 ("ksmbd: add mnt_want_write to ksmbd vfs functions")
Cc: stable@vger.kernel.org
Reported-by: Marios Makassikis <mmakassikis@freebox.fr>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
fs/ksmbd/smb2pdu.c | 47 +++++++++++++++-----------------
fs/ksmbd/smbacl.c | 7 +++--
fs/ksmbd/smbacl.h | 2 +-
fs/ksmbd/vfs.c | 68 ++++++++++++++++++++++++++++------------------
fs/ksmbd/vfs.h | 10 +++++--
5 files changed, 75 insertions(+), 59 deletions(-)
diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index 8dad33251925..b0fc55bfe920 100644
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -2380,7 +2380,8 @@ static int smb2_set_ea(struct smb2_ea_info *eabuf, unsigned int buf_len,
rc = 0;
} else {
rc = ksmbd_vfs_setxattr(user_ns, path, attr_name, value,
- le16_to_cpu(eabuf->EaValueLength), 0);
+ le16_to_cpu(eabuf->EaValueLength),
+ 0, true);
if (rc < 0) {
ksmbd_debug(SMB,
"ksmbd_vfs_setxattr is failed(%d)\n",
@@ -2443,7 +2444,7 @@ static noinline int smb2_set_stream_name_xattr(const struct path *path,
return -EBADF;
}
- rc = ksmbd_vfs_setxattr(user_ns, path, xattr_stream_name, NULL, 0, 0);
+ rc = ksmbd_vfs_setxattr(user_ns, path, xattr_stream_name, NULL, 0, 0, false);
if (rc < 0)
pr_err("Failed to store XATTR stream name :%d\n", rc);
return 0;
@@ -2518,7 +2519,7 @@ static void smb2_new_xattrs(struct ksmbd_tree_connect *tcon, const struct path *
da.flags = XATTR_DOSINFO_ATTRIB | XATTR_DOSINFO_CREATE_TIME |
XATTR_DOSINFO_ITIME;
- rc = ksmbd_vfs_set_dos_attrib_xattr(mnt_user_ns(path->mnt), path, &da);
+ rc = ksmbd_vfs_set_dos_attrib_xattr(mnt_user_ns(path->mnt), path, &da, false);
if (rc)
ksmbd_debug(SMB, "failed to store file attribute into xattr\n");
}
@@ -2608,7 +2609,7 @@ static int smb2_create_sd_buffer(struct ksmbd_work *work,
sizeof(struct create_sd_buf_req))
return -EINVAL;
return set_info_sec(work->conn, work->tcon, path, &sd_buf->ntsd,
- le32_to_cpu(sd_buf->ccontext.DataLength), true);
+ le32_to_cpu(sd_buf->ccontext.DataLength), true, false);
}
static void ksmbd_acls_fattr(struct smb_fattr *fattr,
@@ -3149,7 +3150,8 @@ int smb2_open(struct ksmbd_work *work)
user_ns,
&path,
pntsd,
- pntsd_size);
+ pntsd_size,
+ false);
kfree(pntsd);
if (rc)
pr_err("failed to store ntacl in xattr : %d\n",
@@ -3225,12 +3227,6 @@ int smb2_open(struct ksmbd_work *work)
if (req->CreateOptions & FILE_DELETE_ON_CLOSE_LE)
ksmbd_fd_set_delete_on_close(fp, file_info);
- if (need_truncate) {
- rc = smb2_create_truncate(&path);
- if (rc)
- goto err_out;
- }
-
if (req->CreateContextsOffset) {
struct create_alloc_size_req *az_req;
@@ -3395,11 +3391,12 @@ int smb2_open(struct ksmbd_work *work)
}
err_out:
- if (file_present || created) {
- inode_unlock(d_inode(parent_path.dentry));
- path_put(&path);
- path_put(&parent_path);
- }
+ if (file_present || created)
+ ksmbd_vfs_kern_path_unlock(&parent_path, &path);
+
+ if (fp && need_truncate)
+ rc = smb2_create_truncate(&fp->filp->f_path);
+
ksmbd_revert_fsids(work);
err_out1:
if (!rc) {
@@ -5537,7 +5534,7 @@ static int smb2_rename(struct ksmbd_work *work,
rc = ksmbd_vfs_setxattr(file_mnt_user_ns(fp->filp),
&fp->filp->f_path,
xattr_stream_name,
- NULL, 0, 0);
+ NULL, 0, 0, true);
if (rc < 0) {
pr_err("failed to store stream name in xattr: %d\n",
rc);
@@ -5630,11 +5627,9 @@ static int smb2_create_link(struct ksmbd_work *work,
if (rc)
rc = -EINVAL;
out:
- if (file_present) {
- inode_unlock(d_inode(parent_path.dentry));
- path_put(&path);
- path_put(&parent_path);
- }
+ if (file_present)
+ ksmbd_vfs_kern_path_unlock(&parent_path, &path);
+
if (!IS_ERR(link_name))
kfree(link_name);
kfree(pathname);
@@ -5701,7 +5696,8 @@ static int set_file_basic_info(struct ksmbd_file *fp,
da.flags = XATTR_DOSINFO_ATTRIB | XATTR_DOSINFO_CREATE_TIME |
XATTR_DOSINFO_ITIME;
- rc = ksmbd_vfs_set_dos_attrib_xattr(user_ns, &filp->f_path, &da);
+ rc = ksmbd_vfs_set_dos_attrib_xattr(user_ns, &filp->f_path, &da,
+ true);
if (rc)
ksmbd_debug(SMB,
"failed to restore file attribute in EA\n");
@@ -6015,7 +6011,7 @@ static int smb2_set_info_sec(struct ksmbd_file *fp, int addition_info,
fp->saccess |= FILE_SHARE_DELETE_LE;
return set_info_sec(fp->conn, fp->tcon, &fp->filp->f_path, pntsd,
- buf_len, false);
+ buf_len, false, true);
}
/**
@@ -7584,7 +7580,8 @@ static inline int fsctl_set_sparse(struct ksmbd_work *work, u64 id,
da.attr = le32_to_cpu(fp->f_ci->m_fattr);
ret = ksmbd_vfs_set_dos_attrib_xattr(user_ns,
- &fp->filp->f_path, &da);
+ &fp->filp->f_path,
+ &da, true);
if (ret)
fp->f_ci->m_fattr = old_fattr;
}
diff --git a/fs/ksmbd/smbacl.c b/fs/ksmbd/smbacl.c
index d7fd5a15dac4..9ace5027684d 100644
--- a/fs/ksmbd/smbacl.c
+++ b/fs/ksmbd/smbacl.c
@@ -1183,7 +1183,7 @@ int smb_inherit_dacl(struct ksmbd_conn *conn,
pntsd_size += sizeof(struct smb_acl) + nt_size;
}
- ksmbd_vfs_set_sd_xattr(conn, user_ns, path, pntsd, pntsd_size);
+ ksmbd_vfs_set_sd_xattr(conn, user_ns, path, pntsd, pntsd_size, false);
kfree(pntsd);
}
@@ -1375,7 +1375,7 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, const struct path *path,
int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon,
const struct path *path, struct smb_ntsd *pntsd, int ntsd_len,
- bool type_check)
+ bool type_check, bool get_write)
{
int rc;
struct smb_fattr fattr = {{0}};
@@ -1435,7 +1435,8 @@ int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon,
if (test_share_config_flag(tcon->share_conf, KSMBD_SHARE_FLAG_ACL_XATTR)) {
/* Update WinACL in xattr */
ksmbd_vfs_remove_sd_xattrs(user_ns, path);
- ksmbd_vfs_set_sd_xattr(conn, user_ns, path, pntsd, ntsd_len);
+ ksmbd_vfs_set_sd_xattr(conn, user_ns, path, pntsd, ntsd_len,
+ get_write);
}
out:
diff --git a/fs/ksmbd/smbacl.h b/fs/ksmbd/smbacl.h
index f06abf247445..17f81a510f23 100644
--- a/fs/ksmbd/smbacl.h
+++ b/fs/ksmbd/smbacl.h
@@ -207,7 +207,7 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, const struct path *path,
__le32 *pdaccess, int uid);
int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon,
const struct path *path, struct smb_ntsd *pntsd, int ntsd_len,
- bool type_check);
+ bool type_check, bool get_write);
void id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid);
void ksmbd_init_domain(u32 *sub_auth);
diff --git a/fs/ksmbd/vfs.c b/fs/ksmbd/vfs.c
index 84571bacadef..99fd29761bca 100644
--- a/fs/ksmbd/vfs.c
+++ b/fs/ksmbd/vfs.c
@@ -97,6 +97,13 @@ static int ksmbd_vfs_path_lookup_locked(struct ksmbd_share_config *share_conf,
return -ENOENT;
}
+ err = mnt_want_write(parent_path->mnt);
+ if (err) {
+ path_put(parent_path);
+ putname(filename);
+ return -ENOENT;
+ }
+
inode_lock_nested(parent_path->dentry->d_inode, I_MUTEX_PARENT);
d = lookup_one_qstr_excl(&last, parent_path->dentry, 0);
if (IS_ERR(d))
@@ -123,6 +130,7 @@ static int ksmbd_vfs_path_lookup_locked(struct ksmbd_share_config *share_conf,
err_out:
inode_unlock(d_inode(parent_path->dentry));
+ mnt_drop_write(parent_path->mnt);
path_put(parent_path);
putname(filename);
return -ENOENT;
@@ -451,7 +459,8 @@ static int ksmbd_vfs_stream_write(struct ksmbd_file *fp, char *buf, loff_t *pos,
fp->stream.name,
(void *)stream_buf,
size,
- 0);
+ 0,
+ true);
if (err < 0)
goto out;
@@ -593,10 +602,6 @@ int ksmbd_vfs_remove_file(struct ksmbd_work *work, const struct path *path)
goto out_err;
}
- err = mnt_want_write(path->mnt);
- if (err)
- goto out_err;
-
user_ns = mnt_user_ns(path->mnt);
if (S_ISDIR(d_inode(path->dentry)->i_mode)) {
err = vfs_rmdir(user_ns, d_inode(parent), path->dentry);
@@ -607,7 +612,6 @@ int ksmbd_vfs_remove_file(struct ksmbd_work *work, const struct path *path)
if (err)
ksmbd_debug(VFS, "unlink failed, err %d\n", err);
}
- mnt_drop_write(path->mnt);
out_err:
ksmbd_revert_fsids(work);
@@ -907,18 +911,22 @@ ssize_t ksmbd_vfs_getxattr(struct user_namespace *user_ns,
* @attr_value: xattr value to set
* @attr_size: size of xattr value
* @flags: destination buffer length
+ * @get_write: get write access to a mount
*
* Return: 0 on success, otherwise error
*/
int ksmbd_vfs_setxattr(struct user_namespace *user_ns,
const struct path *path, const char *attr_name,
- const void *attr_value, size_t attr_size, int flags)
+ const void *attr_value, size_t attr_size, int flags,
+ bool get_write)
{
int err;
- err = mnt_want_write(path->mnt);
- if (err)
- return err;
+ if (get_write == true) {
+ err = mnt_want_write(path->mnt);
+ if (err)
+ return err;
+ }
err = vfs_setxattr(user_ns,
path->dentry,
@@ -928,7 +936,8 @@ int ksmbd_vfs_setxattr(struct user_namespace *user_ns,
flags);
if (err)
ksmbd_debug(VFS, "setxattr failed, err %d\n", err);
- mnt_drop_write(path->mnt);
+ if (get_write == true)
+ mnt_drop_write(path->mnt);
return err;
}
@@ -1254,6 +1263,13 @@ int ksmbd_vfs_kern_path_locked(struct ksmbd_work *work, char *name,
}
if (!err) {
+ err = mnt_want_write(parent_path->mnt);
+ if (err) {
+ path_put(path);
+ path_put(parent_path);
+ return err;
+ }
+
err = ksmbd_vfs_lock_parent(parent_path->dentry, path->dentry);
if (err) {
path_put(path);
@@ -1263,6 +1279,14 @@ int ksmbd_vfs_kern_path_locked(struct ksmbd_work *work, char *name,
return err;
}
+void ksmbd_vfs_kern_path_unlock(struct path *parent_path, struct path *path)
+{
+ inode_unlock(d_inode(parent_path->dentry));
+ mnt_drop_write(parent_path->mnt);
+ path_put(path);
+ path_put(parent_path);
+}
+
struct dentry *ksmbd_vfs_kern_path_create(struct ksmbd_work *work,
const char *name,
unsigned int flags,
@@ -1412,7 +1436,8 @@ static struct xattr_smb_acl *ksmbd_vfs_make_xattr_posix_acl(struct user_namespac
int ksmbd_vfs_set_sd_xattr(struct ksmbd_conn *conn,
struct user_namespace *user_ns,
const struct path *path,
- struct smb_ntsd *pntsd, int len)
+ struct smb_ntsd *pntsd, int len,
+ bool get_write)
{
int rc;
struct ndr sd_ndr = {0}, acl_ndr = {0};
@@ -1472,7 +1497,7 @@ int ksmbd_vfs_set_sd_xattr(struct ksmbd_conn *conn,
rc = ksmbd_vfs_setxattr(user_ns, path,
XATTR_NAME_SD, sd_ndr.data,
- sd_ndr.offset, 0);
+ sd_ndr.offset, 0, get_write);
if (rc < 0)
pr_err("Failed to store XATTR ntacl :%d\n", rc);
@@ -1561,7 +1586,8 @@ int ksmbd_vfs_get_sd_xattr(struct ksmbd_conn *conn,
int ksmbd_vfs_set_dos_attrib_xattr(struct user_namespace *user_ns,
const struct path *path,
- struct xattr_dos_attrib *da)
+ struct xattr_dos_attrib *da,
+ bool get_write)
{
struct ndr n;
int err;
@@ -1571,7 +1597,7 @@ int ksmbd_vfs_set_dos_attrib_xattr(struct user_namespace *user_ns,
return err;
err = ksmbd_vfs_setxattr(user_ns, path, XATTR_NAME_DOS_ATTRIBUTE,
- (void *)n.data, n.offset, 0);
+ (void *)n.data, n.offset, 0, get_write);
if (err)
ksmbd_debug(SMB, "failed to store dos attribute in xattr\n");
kfree(n.data);
@@ -1841,10 +1867,6 @@ int ksmbd_vfs_set_init_posix_acl(struct user_namespace *user_ns,
}
posix_state_to_acl(&acl_state, acls->a_entries);
- rc = mnt_want_write(path->mnt);
- if (rc)
- goto out_err;
-
rc = set_posix_acl(user_ns, inode, ACL_TYPE_ACCESS, acls);
if (rc < 0)
ksmbd_debug(SMB, "Set posix acl(ACL_TYPE_ACCESS) failed, rc : %d\n",
@@ -1857,9 +1879,7 @@ int ksmbd_vfs_set_init_posix_acl(struct user_namespace *user_ns,
ksmbd_debug(SMB, "Set posix acl(ACL_TYPE_DEFAULT) failed, rc : %d\n",
rc);
}
- mnt_drop_write(path->mnt);
-out_err:
free_acl_state(&acl_state);
posix_acl_release(acls);
return rc;
@@ -1888,10 +1908,6 @@ int ksmbd_vfs_inherit_posix_acl(struct user_namespace *user_ns,
}
}
- rc = mnt_want_write(path->mnt);
- if (rc)
- goto out_err;
-
rc = set_posix_acl(user_ns, inode, ACL_TYPE_ACCESS, acls);
if (rc < 0)
ksmbd_debug(SMB, "Set posix acl(ACL_TYPE_ACCESS) failed, rc : %d\n",
@@ -1903,9 +1919,7 @@ int ksmbd_vfs_inherit_posix_acl(struct user_namespace *user_ns,
ksmbd_debug(SMB, "Set posix acl(ACL_TYPE_DEFAULT) failed, rc : %d\n",
rc);
}
- mnt_drop_write(path->mnt);
-out_err:
posix_acl_release(acls);
return rc;
}
diff --git a/fs/ksmbd/vfs.h b/fs/ksmbd/vfs.h
index 97804cb97f27..6d108cba7e0c 100644
--- a/fs/ksmbd/vfs.h
+++ b/fs/ksmbd/vfs.h
@@ -148,7 +148,8 @@ ssize_t ksmbd_vfs_casexattr_len(struct user_namespace *user_ns,
int attr_name_len);
int ksmbd_vfs_setxattr(struct user_namespace *user_ns,
const struct path *path, const char *attr_name,
- const void *attr_value, size_t attr_size, int flags);
+ const void *attr_value, size_t attr_size, int flags,
+ bool get_write);
int ksmbd_vfs_xattr_stream_name(char *stream_name, char **xattr_stream_name,
size_t *xattr_stream_name_size, int s_type);
int ksmbd_vfs_remove_xattr(struct user_namespace *user_ns,
@@ -156,6 +157,7 @@ int ksmbd_vfs_remove_xattr(struct user_namespace *user_ns,
int ksmbd_vfs_kern_path_locked(struct ksmbd_work *work, char *name,
unsigned int flags, struct path *parent_path,
struct path *path, bool caseless);
+void ksmbd_vfs_kern_path_unlock(struct path *parent_path, struct path *path);
struct dentry *ksmbd_vfs_kern_path_create(struct ksmbd_work *work,
const char *name,
unsigned int flags,
@@ -183,14 +185,16 @@ int ksmbd_vfs_remove_sd_xattrs(struct user_namespace *user_ns, const struct path
int ksmbd_vfs_set_sd_xattr(struct ksmbd_conn *conn,
struct user_namespace *user_ns,
const struct path *path,
- struct smb_ntsd *pntsd, int len);
+ struct smb_ntsd *pntsd, int len,
+ bool get_write);
int ksmbd_vfs_get_sd_xattr(struct ksmbd_conn *conn,
struct user_namespace *user_ns,
struct dentry *dentry,
struct smb_ntsd **pntsd);
int ksmbd_vfs_set_dos_attrib_xattr(struct user_namespace *user_ns,
const struct path *path,
- struct xattr_dos_attrib *da);
+ struct xattr_dos_attrib *da,
+ bool get_write);
int ksmbd_vfs_get_dos_attrib_xattr(struct user_namespace *user_ns,
struct dentry *dentry,
struct xattr_dos_attrib *da);
--
2.25.1
next prev parent reply other threads:[~2023-12-18 15:43 UTC|newest]
Thread overview: 158+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-18 15:32 [PATCH 5.15.y 000/154] ksmbd backport patches for 5.15.y Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 001/154] ksmbd: use ksmbd_req_buf_next() in ksmbd_verify_smb_message() Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 002/154] ksmdb: use cmd helper variable in smb2_get_ksmbd_tcon() Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 003/154] ksmbd: Remove redundant 'flush_workqueue()' calls Namjae Jeon
2023-12-18 17:56 ` Christophe JAILLET
2023-12-18 20:31 ` Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 004/154] ksmbd: remove md4 leftovers Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 005/154] ksmbd: remove smb2_buf_length in smb2_hdr Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 006/154] ksmbd: remove smb2_buf_length in smb2_transform_hdr Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 007/154] ksmbd: change LeaseKey data type to u8 array Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 008/154] ksmbd: use oid registry functions to decode OIDs Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 009/154] ksmbd: Remove unused parameter from smb2_get_name() Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 010/154] ksmbd: Remove unused fields from ksmbd_file struct definition Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 011/154] ksmbd: set both ipv4 and ipv6 in FSCTL_QUERY_NETWORK_INTERFACE_INFO Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 012/154] ksmbd: Fix buffer_check_err() kernel-doc comment Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 013/154] ksmbd: Fix smb2_set_info_file() " Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 014/154] ksmbd: Delete an invalid argument description in smb2_populate_readdir_entry() Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 015/154] ksmbd: Fix smb2_get_name() kernel-doc comment Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 016/154] ksmbd: register ksmbd ib client with ib_register_client() Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 017/154] ksmbd: set 445 port to smbdirect port by default Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 018/154] ksmbd: smbd: call rdma_accept() under CM handler Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 019/154] ksmbd: smbd: create MR pool Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 020/154] ksmbd: smbd: change the default maximum read/write, receive size Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 021/154] ksmbd: add smb-direct shutdown Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 022/154] ksmbd: smbd: fix missing client's memory region invalidation Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 023/154] ksmbd: smbd: validate buffer descriptor structures Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 024/154] ksmbd: add support for key exchange Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 025/154] ksmbd: use netif_is_bridge_port Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 026/154] ksmbd: store fids as opaque u64 integers Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 027/154] ksmbd: shorten experimental warning on loading the module Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 028/154] ksmbd: Remove a redundant zeroing of memory Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 029/154] ksmbd: replace usage of found with dedicated list iterator variable Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 030/154] smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 031/154] ksmbd: remove filename in ksmbd_file Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 032/154] ksmbd: validate length in smb2_write() Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 033/154] ksmbd: smbd: change prototypes of RDMA read/write related functions Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 034/154] ksmbd: smbd: introduce read/write credits for RDMA read/write Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 035/154] ksmbd: smbd: simplify tracking pending packets Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 036/154] ksmbd: smbd: change the return value of get_sg_list Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 037/154] ksmbd: smbd: handle multiple Buffer descriptors Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 038/154] ksmbd: fix wrong smbd max read/write size check Namjae Jeon
2023-12-18 15:32 ` [PATCH 5.15.y 039/154] ksmbd: Fix some kernel-doc comments Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 040/154] ksmbd: smbd: fix connection dropped issue Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 041/154] ksmbd: smbd: relax the count of sges required Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 042/154] ksmbd: smbd: Remove useless license text when SPDX-License-Identifier is already used Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 043/154] ksmbd: remove duplicate flag set in smb2_write Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 044/154] ksmbd: remove unused ksmbd_share_configs_cleanup function Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 045/154] ksmbd: use wait_event instead of schedule_timeout() Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 046/154] ksmbd: request update to stale share config Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 047/154] ksmbd: remove unnecessary generic_fillattr in smb2_open Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 048/154] ksmbd: don't open-code file_path() Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 049/154] ksmbd: don't open-code %pD Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 050/154] ksmbd: constify struct path Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 051/154] ksmbd: remove generic_fillattr use in smb2_open() Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 052/154] ksmbd: casefold utf-8 share names and fix ascii lowercase conversion Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 053/154] ksmbd: change security id to the one samba used for posix extension Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 054/154] ksmbd: set file permission mode to match Samba server posix extension behavior Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 055/154] ksmbd: fill sids in SMB_FIND_FILE_POSIX_INFO response Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 056/154] ksmbd: fix encryption failure issue for session logoff response Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 057/154] ksmbd: set NTLMSSP_NEGOTIATE_SEAL flag to challenge blob Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 058/154] ksmbd: decrease the number of SMB3 smbdirect server SGEs Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 059/154] ksmbd: reduce server smbdirect max send/receive segment sizes Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 060/154] ksmbd: hide socket error message when ipv6 config is disable Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 061/154] ksmbd: make utf-8 file name comparison work in __caseless_lookup() Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 062/154] ksmbd: call ib_drain_qp when disconnected Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 063/154] ksmbd: validate share name from share config response Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 064/154] ksmbd: replace one-element arrays with flexible-array members Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 065/154] ksmbd: set SMB2_SESSION_FLAG_ENCRYPT_DATA when enforcing data encryption for this share Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 066/154] ksmbd: use F_SETLK when unlocking a file Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 067/154] ksmbd: Fix resource leak in smb2_lock() Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 068/154] ksmbd: Convert to use sysfs_emit()/sysfs_emit_at() APIs Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 069/154] ksmbd: send proper error response in smb2_tree_connect() Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 070/154] ksmbd: Implements sess->ksmbd_chann_list as xarray Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 071/154] ksmbd: Implements sess->rpc_handle_list " Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 072/154] ksmbd: fix typo, syncronous->synchronous Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 073/154] ksmbd: Remove duplicated codes Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 074/154] ksmbd: update Kconfig to note Kerberos support and fix indentation Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 075/154] ksmbd: Fix spelling mistake "excceed" -> "exceeded" Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 076/154] ksmbd: Fix parameter name and comment mismatch Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 077/154] ksmbd: fix possible memory leak in smb2_lock() Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 078/154] ksmbd: fix wrong signingkey creation when encryption is AES256 Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 079/154] ksmbd: remove unused is_char_allowed function Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 080/154] ksmbd: delete asynchronous work from list Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 081/154] ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 082/154] ksmbd: avoid out of bounds access in decode_preauth_ctxt() Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 083/154] ksmbd: set NegotiateContextCount once instead of every inc Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 084/154] ksmbd: avoid duplicate negotiate ctx offset increments Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 085/154] ksmbd: remove unused compression negotiate ctx packing Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 086/154] fs: introduce lock_rename_child() helper Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 087/154] ksmbd: fix racy issue from using ->d_parent and ->d_name Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 088/154] ksmbd: fix racy issue from session setup and logoff Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 089/154] ksmbd: destroy expired sessions Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 090/154] ksmbd: block asynchronous requests when making a delay on session setup Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 091/154] ksmbd: fix racy issue from smb2 close and logoff with multichannel Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 092/154] ksmbd: fix racy issue under cocurrent smb2 tree disconnect Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 093/154] ksmbd: fix uninitialized pointer read in ksmbd_vfs_rename() Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 094/154] ksmbd: fix uninitialized pointer read in smb2_create_link() Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 095/154] ksmbd: fix multiple out-of-bounds read during context decoding Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 096/154] ksmbd: fix UAF issue from opinfo->conn Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 097/154] ksmbd: call putname after using the last component Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 098/154] ksmbd: fix out-of-bound read in deassemble_neg_contexts() Namjae Jeon
2023-12-18 15:33 ` [PATCH 5.15.y 099/154] ksmbd: fix out-of-bound read in parse_lease_state() Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 100/154] ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR() Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 101/154] ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 102/154] ksmbd: validate smb request protocol id Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 103/154] ksmbd: add mnt_want_write to ksmbd vfs functions Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 104/154] ksmbd: remove unused ksmbd_tree_conn_share function Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 105/154] ksmbd: use kzalloc() instead of __GFP_ZERO Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 106/154] ksmbd: return a literal instead of 'err' in ksmbd_vfs_kern_path_locked() Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 107/154] ksmbd: Change the return value of ksmbd_vfs_query_maximal_access to void Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 108/154] ksmbd: use kvzalloc instead of kvmalloc Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 109/154] ksmbd: Replace the ternary conditional operator with min() Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 110/154] ksmbd: fix out of bounds read in smb2_sess_setup Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 111/154] ksmbd: add missing compound request handing in some commands Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 112/154] ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect() Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 113/154] ksmbd: Replace one-element array with flexible-array member Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 114/154] ksmbd: Fix unsigned expression compared with zero Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 115/154] ksmbd: check if a mount point is crossed during path lookup Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 116/154] ksmbd: validate session id and tree id in compound request Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 117/154] ksmbd: fix out of bounds in init_smb2_rsp_hdr() Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 118/154] ksmbd: switch to use kmemdup_nul() helper Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 119/154] ksmbd: add support for read compound Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 120/154] ksmbd: fix wrong interim response on compound Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 121/154] ksmbd: fix `force create mode' and `force directory mode' Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 122/154] ksmbd: reduce descriptor size if remaining bytes is less than request size Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 123/154] ksmbd: Fix one kernel-doc comment Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 124/154] ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 125/154] ksmbd: add missing calling smb2_set_err_rsp() on error Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 126/154] ksmbd: remove experimental warning Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 127/154] ksmbd: remove unneeded mark_inode_dirty in set_info_sec() Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 128/154] ksmbd: fix passing freed memory 'aux_payload_buf' Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 129/154] ksmbd: return invalid parameter error response if smb2 request is invalid Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 130/154] ksmbd: check iov vector index in ksmbd_conn_write() Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 131/154] ksmbd: fix race condition between session lookup and expire Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 132/154] ksmbd: fix race condition with fp Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 133/154] ksmbd: fix race condition from parallel smb2 logoff requests Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 134/154] ksmbd: fix race condition from parallel smb2 lock requests Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 135/154] ksmbd: fix race condition between tree conn lookup and disconnect Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 136/154] ksmbd: fix wrong error response status by using set_smb2_rsp_status() Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 137/154] ksmbd: fix Null pointer dereferences in ksmbd_update_fstate() Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 138/154] ksmbd: fix potential double free on smb2_read_pipe() error path Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 139/154] ksmbd: Remove unused field in ksmbd_user struct Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 140/154] ksmbd: reorganize ksmbd_iov_pin_rsp() Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 141/154] ksmbd: fix kernel-doc comment of ksmbd_vfs_setxattr() Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 142/154] ksmbd: fix recursive locking in vfs helpers Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 143/154] ksmbd: fix missing RDMA-capable flag for IPoIB device in ksmbd_rdma_capable_netdev() Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 144/154] ksmbd: add support for surrogate pair conversion Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 145/154] ksmbd: no need to wait for binded connection termination at logoff Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 146/154] ksmbd: fix kernel-doc comment of ksmbd_vfs_kern_path_locked() Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 147/154] ksmbd: handle malformed smb1 message Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 148/154] ksmbd: prevent memory leak on error return Namjae Jeon
2023-12-18 15:34 ` Namjae Jeon [this message]
2023-12-18 15:34 ` [PATCH 5.15.y 150/154] ksmbd: separately allocate ci per dentry Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 151/154] ksmbd: move oplock handling after unlock parent dir Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 152/154] ksmbd: release interim response after sending status pending response Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 153/154] ksmbd: move setting SMB2_FLAGS_ASYNC_COMMAND and AsyncId Namjae Jeon
2023-12-18 15:34 ` [PATCH 5.15.y 154/154] ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error Namjae Jeon
2023-12-20 14:41 ` [PATCH 5.15.y 000/154] ksmbd backport patches for 5.15.y Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231218153454.8090-150-linkinjeon@kernel.org \
--to=linkinjeon@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=mmakassikis@freebox.fr \
--cc=smfrench@gmail.com \
--cc=stable@vger.kernel.org \
--cc=stfrench@microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox