From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Namjae Jeon <linkinjeon@kernel.org>,
Steve French <stfrench@microsoft.com>,
zdi-disclosures@trendmicro.com
Subject: [PATCH 5.15 088/159] ksmbd: fix racy issue from session setup and logoff
Date: Wed, 20 Dec 2023 17:09:13 +0100 [thread overview]
Message-ID: <20231220160935.480188228@linuxfoundation.org> (raw)
In-Reply-To: <20231220160931.251686445@linuxfoundation.org>
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Namjae Jeon <linkinjeon@kernel.org>
[ Upstream commit f5c779b7ddbda30866cf2a27c63e34158f858c73 ]
This racy issue is triggered by sending concurrent session setup and
logoff requests. This patch does not set connection status as
KSMBD_SESS_GOOD if state is KSMBD_SESS_NEED_RECONNECT in session setup.
And relookup session to validate if session is deleted in logoff.
Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20481, ZDI-CAN-20590, ZDI-CAN-20596
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ksmbd/connection.c | 14 ++++----
fs/ksmbd/connection.h | 39 ++++++++++++++-----------
fs/ksmbd/mgmt/user_session.c | 1
fs/ksmbd/server.c | 3 +
fs/ksmbd/smb2pdu.c | 67 +++++++++++++++++++++++++++----------------
fs/ksmbd/transport_tcp.c | 2 -
6 files changed, 77 insertions(+), 49 deletions(-)
--- a/fs/ksmbd/connection.c
+++ b/fs/ksmbd/connection.c
@@ -56,7 +56,7 @@ struct ksmbd_conn *ksmbd_conn_alloc(void
return NULL;
conn->need_neg = true;
- conn->status = KSMBD_SESS_NEW;
+ ksmbd_conn_set_new(conn);
conn->local_nls = load_nls("utf8");
if (!conn->local_nls)
conn->local_nls = load_nls_default();
@@ -147,12 +147,12 @@ int ksmbd_conn_try_dequeue_request(struc
return ret;
}
-static void ksmbd_conn_lock(struct ksmbd_conn *conn)
+void ksmbd_conn_lock(struct ksmbd_conn *conn)
{
mutex_lock(&conn->srv_mutex);
}
-static void ksmbd_conn_unlock(struct ksmbd_conn *conn)
+void ksmbd_conn_unlock(struct ksmbd_conn *conn)
{
mutex_unlock(&conn->srv_mutex);
}
@@ -243,7 +243,7 @@ bool ksmbd_conn_alive(struct ksmbd_conn
if (!ksmbd_server_running())
return false;
- if (conn->status == KSMBD_SESS_EXITING)
+ if (ksmbd_conn_exiting(conn))
return false;
if (kthread_should_stop())
@@ -303,7 +303,7 @@ int ksmbd_conn_handler_loop(void *p)
pdu_size = get_rfc1002_len(hdr_buf);
ksmbd_debug(CONN, "RFC1002 header %u bytes\n", pdu_size);
- if (conn->status == KSMBD_SESS_GOOD)
+ if (ksmbd_conn_good(conn))
max_allowed_pdu_size =
SMB3_MAX_MSGSIZE + conn->vals->max_write_size;
else
@@ -312,7 +312,7 @@ int ksmbd_conn_handler_loop(void *p)
if (pdu_size > max_allowed_pdu_size) {
pr_err_ratelimited("PDU length(%u) exceeded maximum allowed pdu size(%u) on connection(%d)\n",
pdu_size, max_allowed_pdu_size,
- conn->status);
+ READ_ONCE(conn->status));
break;
}
@@ -417,7 +417,7 @@ again:
if (task)
ksmbd_debug(CONN, "Stop session handler %s/%d\n",
task->comm, task_pid_nr(task));
- conn->status = KSMBD_SESS_EXITING;
+ ksmbd_conn_set_exiting(conn);
if (t->ops->shutdown) {
read_unlock(&conn_list_lock);
t->ops->shutdown(t);
--- a/fs/ksmbd/connection.h
+++ b/fs/ksmbd/connection.h
@@ -162,6 +162,8 @@ void ksmbd_conn_init_server_callbacks(st
int ksmbd_conn_handler_loop(void *p);
int ksmbd_conn_transport_init(void);
void ksmbd_conn_transport_destroy(void);
+void ksmbd_conn_lock(struct ksmbd_conn *conn);
+void ksmbd_conn_unlock(struct ksmbd_conn *conn);
/*
* WARNING
@@ -169,43 +171,48 @@ void ksmbd_conn_transport_destroy(void);
* This is a hack. We will move status to a proper place once we land
* a multi-sessions support.
*/
-static inline bool ksmbd_conn_good(struct ksmbd_work *work)
+static inline bool ksmbd_conn_good(struct ksmbd_conn *conn)
{
- return work->conn->status == KSMBD_SESS_GOOD;
+ return READ_ONCE(conn->status) == KSMBD_SESS_GOOD;
}
-static inline bool ksmbd_conn_need_negotiate(struct ksmbd_work *work)
+static inline bool ksmbd_conn_need_negotiate(struct ksmbd_conn *conn)
{
- return work->conn->status == KSMBD_SESS_NEED_NEGOTIATE;
+ return READ_ONCE(conn->status) == KSMBD_SESS_NEED_NEGOTIATE;
}
-static inline bool ksmbd_conn_need_reconnect(struct ksmbd_work *work)
+static inline bool ksmbd_conn_need_reconnect(struct ksmbd_conn *conn)
{
- return work->conn->status == KSMBD_SESS_NEED_RECONNECT;
+ return READ_ONCE(conn->status) == KSMBD_SESS_NEED_RECONNECT;
}
-static inline bool ksmbd_conn_exiting(struct ksmbd_work *work)
+static inline bool ksmbd_conn_exiting(struct ksmbd_conn *conn)
{
- return work->conn->status == KSMBD_SESS_EXITING;
+ return READ_ONCE(conn->status) == KSMBD_SESS_EXITING;
}
-static inline void ksmbd_conn_set_good(struct ksmbd_work *work)
+static inline void ksmbd_conn_set_new(struct ksmbd_conn *conn)
{
- work->conn->status = KSMBD_SESS_GOOD;
+ WRITE_ONCE(conn->status, KSMBD_SESS_NEW);
}
-static inline void ksmbd_conn_set_need_negotiate(struct ksmbd_work *work)
+static inline void ksmbd_conn_set_good(struct ksmbd_conn *conn)
{
- work->conn->status = KSMBD_SESS_NEED_NEGOTIATE;
+ WRITE_ONCE(conn->status, KSMBD_SESS_GOOD);
}
-static inline void ksmbd_conn_set_need_reconnect(struct ksmbd_work *work)
+static inline void ksmbd_conn_set_need_negotiate(struct ksmbd_conn *conn)
{
- work->conn->status = KSMBD_SESS_NEED_RECONNECT;
+ WRITE_ONCE(conn->status, KSMBD_SESS_NEED_NEGOTIATE);
}
-static inline void ksmbd_conn_set_exiting(struct ksmbd_work *work)
+static inline void ksmbd_conn_set_need_reconnect(struct ksmbd_conn *conn)
{
- work->conn->status = KSMBD_SESS_EXITING;
+ WRITE_ONCE(conn->status, KSMBD_SESS_NEED_RECONNECT);
+}
+
+static inline void ksmbd_conn_set_exiting(struct ksmbd_conn *conn)
+{
+ WRITE_ONCE(conn->status, KSMBD_SESS_EXITING);
}
#endif /* __CONNECTION_H__ */
--- a/fs/ksmbd/mgmt/user_session.c
+++ b/fs/ksmbd/mgmt/user_session.c
@@ -315,6 +315,7 @@ static struct ksmbd_session *__session_c
if (ksmbd_init_file_table(&sess->file_table))
goto error;
+ sess->state = SMB2_SESSION_IN_PROGRESS;
set_session_flag(sess, protocol);
xa_init(&sess->tree_conns);
xa_init(&sess->ksmbd_chann_list);
--- a/fs/ksmbd/server.c
+++ b/fs/ksmbd/server.c
@@ -93,7 +93,8 @@ static inline int check_conn_state(struc
{
struct smb_hdr *rsp_hdr;
- if (ksmbd_conn_exiting(work) || ksmbd_conn_need_reconnect(work)) {
+ if (ksmbd_conn_exiting(work->conn) ||
+ ksmbd_conn_need_reconnect(work->conn)) {
rsp_hdr = work->response_buf;
rsp_hdr->Status.CifsError = STATUS_CONNECTION_DISCONNECTED;
return 1;
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -265,7 +265,7 @@ int init_smb2_neg_rsp(struct ksmbd_work
rsp = smb2_get_msg(work->response_buf);
- WARN_ON(ksmbd_conn_good(work));
+ WARN_ON(ksmbd_conn_good(conn));
rsp->StructureSize = cpu_to_le16(65);
ksmbd_debug(SMB, "conn->dialect 0x%x\n", conn->dialect);
@@ -295,7 +295,7 @@ int init_smb2_neg_rsp(struct ksmbd_work
rsp->SecurityMode |= SMB2_NEGOTIATE_SIGNING_REQUIRED_LE;
conn->use_spnego = true;
- ksmbd_conn_set_need_negotiate(work);
+ ksmbd_conn_set_need_negotiate(conn);
return 0;
}
@@ -574,7 +574,7 @@ int smb2_check_user_session(struct ksmbd
cmd == SMB2_SESSION_SETUP_HE)
return 0;
- if (!ksmbd_conn_good(work))
+ if (!ksmbd_conn_good(conn))
return -EIO;
sess_id = le64_to_cpu(req_hdr->SessionId);
@@ -625,7 +625,7 @@ static void destroy_previous_session(str
prev_sess->state = SMB2_SESSION_EXPIRED;
xa_for_each(&prev_sess->ksmbd_chann_list, index, chann)
- chann->conn->status = KSMBD_SESS_EXITING;
+ ksmbd_conn_set_exiting(chann->conn);
}
/**
@@ -1081,7 +1081,7 @@ int smb2_handle_negotiate(struct ksmbd_w
ksmbd_debug(SMB, "Received negotiate request\n");
conn->need_neg = false;
- if (ksmbd_conn_good(work)) {
+ if (ksmbd_conn_good(conn)) {
pr_err("conn->tcp_status is already in CifsGood State\n");
work->send_no_response = 1;
return rc;
@@ -1236,7 +1236,7 @@ int smb2_handle_negotiate(struct ksmbd_w
}
conn->srv_sec_mode = le16_to_cpu(rsp->SecurityMode);
- ksmbd_conn_set_need_negotiate(work);
+ ksmbd_conn_set_need_negotiate(conn);
err_out:
if (rc < 0)
@@ -1658,6 +1658,7 @@ int smb2_sess_setup(struct ksmbd_work *w
rsp->SecurityBufferLength = 0;
inc_rfc1001_len(work->response_buf, 9);
+ ksmbd_conn_lock(conn);
if (!req->hdr.SessionId) {
sess = ksmbd_smb2_session_create();
if (!sess) {
@@ -1705,6 +1706,12 @@ int smb2_sess_setup(struct ksmbd_work *w
goto out_err;
}
+ if (ksmbd_conn_need_reconnect(conn)) {
+ rc = -EFAULT;
+ sess = NULL;
+ goto out_err;
+ }
+
if (ksmbd_session_lookup(conn, sess_id)) {
rc = -EACCES;
goto out_err;
@@ -1729,12 +1736,20 @@ int smb2_sess_setup(struct ksmbd_work *w
rc = -ENOENT;
goto out_err;
}
+
+ if (sess->state == SMB2_SESSION_EXPIRED) {
+ rc = -EFAULT;
+ goto out_err;
+ }
+
+ if (ksmbd_conn_need_reconnect(conn)) {
+ rc = -EFAULT;
+ sess = NULL;
+ goto out_err;
+ }
}
work->sess = sess;
- if (sess->state == SMB2_SESSION_EXPIRED)
- sess->state = SMB2_SESSION_IN_PROGRESS;
-
negblob_off = le16_to_cpu(req->SecurityBufferOffset);
negblob_len = le16_to_cpu(req->SecurityBufferLength);
if (negblob_off < offsetof(struct smb2_sess_setup_req, Buffer) ||
@@ -1764,8 +1779,10 @@ int smb2_sess_setup(struct ksmbd_work *w
goto out_err;
}
- ksmbd_conn_set_good(work);
- sess->state = SMB2_SESSION_VALID;
+ if (!ksmbd_conn_need_reconnect(conn)) {
+ ksmbd_conn_set_good(conn);
+ sess->state = SMB2_SESSION_VALID;
+ }
kfree(sess->Preauth_HashValue);
sess->Preauth_HashValue = NULL;
} else if (conn->preferred_auth_mech == KSMBD_AUTH_NTLMSSP) {
@@ -1787,8 +1804,10 @@ int smb2_sess_setup(struct ksmbd_work *w
if (rc)
goto out_err;
- ksmbd_conn_set_good(work);
- sess->state = SMB2_SESSION_VALID;
+ if (!ksmbd_conn_need_reconnect(conn)) {
+ ksmbd_conn_set_good(conn);
+ sess->state = SMB2_SESSION_VALID;
+ }
if (conn->binding) {
struct preauth_session *preauth_sess;
@@ -1856,14 +1875,13 @@ out_err:
if (sess->user && sess->user->flags & KSMBD_USER_FLAG_DELAY_SESSION)
try_delay = true;
- xa_erase(&conn->sessions, sess->id);
- ksmbd_session_destroy(sess);
- work->sess = NULL;
+ sess->state = SMB2_SESSION_EXPIRED;
if (try_delay)
ssleep(5);
}
}
+ ksmbd_conn_unlock(conn);
return rc;
}
@@ -2087,21 +2105,24 @@ int smb2_session_logoff(struct ksmbd_wor
{
struct ksmbd_conn *conn = work->conn;
struct smb2_logoff_rsp *rsp = smb2_get_msg(work->response_buf);
- struct ksmbd_session *sess = work->sess;
+ struct ksmbd_session *sess;
+ struct smb2_logoff_req *req = smb2_get_msg(work->request_buf);
rsp->StructureSize = cpu_to_le16(4);
inc_rfc1001_len(work->response_buf, 4);
ksmbd_debug(SMB, "request\n");
- /* setting CifsExiting here may race with start_tcp_sess */
- ksmbd_conn_set_need_reconnect(work);
+ ksmbd_conn_set_need_reconnect(conn);
ksmbd_close_session_fds(work);
ksmbd_conn_wait_idle(conn);
+ /*
+ * Re-lookup session to validate if session is deleted
+ * while waiting request complete
+ */
+ sess = ksmbd_session_lookup(conn, le64_to_cpu(req->hdr.SessionId));
if (ksmbd_tree_conn_session_logoff(sess)) {
- struct smb2_logoff_req *req = smb2_get_msg(work->request_buf);
-
ksmbd_debug(SMB, "Invalid tid %d\n", req->hdr.Id.SyncId.TreeId);
rsp->hdr.Status = STATUS_NETWORK_NAME_DELETED;
smb2_set_err_rsp(work);
@@ -2113,9 +2134,7 @@ int smb2_session_logoff(struct ksmbd_wor
ksmbd_free_user(sess->user);
sess->user = NULL;
-
- /* let start_tcp_sess free connection info now */
- ksmbd_conn_set_need_negotiate(work);
+ ksmbd_conn_set_need_negotiate(conn);
return 0;
}
--- a/fs/ksmbd/transport_tcp.c
+++ b/fs/ksmbd/transport_tcp.c
@@ -333,7 +333,7 @@ static int ksmbd_tcp_readv(struct tcp_tr
if (length == -EINTR) {
total_read = -ESHUTDOWN;
break;
- } else if (conn->status == KSMBD_SESS_NEED_RECONNECT) {
+ } else if (ksmbd_conn_need_reconnect(conn)) {
total_read = -EAGAIN;
break;
} else if (length == -ERESTARTSYS || length == -EAGAIN) {
next prev parent reply other threads:[~2023-12-20 16:14 UTC|newest]
Thread overview: 169+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-20 16:07 [PATCH 5.15 000/159] 5.15.145-rc1 review Greg Kroah-Hartman
2023-12-20 16:07 ` [PATCH 5.15 001/159] ksmbd: use ksmbd_req_buf_next() in ksmbd_verify_smb_message() Greg Kroah-Hartman
2023-12-20 16:07 ` [PATCH 5.15 002/159] ksmdb: use cmd helper variable in smb2_get_ksmbd_tcon() Greg Kroah-Hartman
2023-12-20 16:07 ` [PATCH 5.15 003/159] ksmbd: Remove redundant flush_workqueue() calls Greg Kroah-Hartman
2023-12-20 16:07 ` [PATCH 5.15 004/159] ksmbd: remove md4 leftovers Greg Kroah-Hartman
2023-12-20 16:07 ` [PATCH 5.15 005/159] ksmbd: remove smb2_buf_length in smb2_hdr Greg Kroah-Hartman
2023-12-20 16:07 ` [PATCH 5.15 006/159] ksmbd: remove smb2_buf_length in smb2_transform_hdr Greg Kroah-Hartman
2023-12-20 16:07 ` [PATCH 5.15 007/159] ksmbd: change LeaseKey data type to u8 array Greg Kroah-Hartman
2023-12-20 16:07 ` [PATCH 5.15 008/159] ksmbd: use oid registry functions to decode OIDs Greg Kroah-Hartman
2023-12-20 16:07 ` [PATCH 5.15 009/159] ksmbd: Remove unused parameter from smb2_get_name() Greg Kroah-Hartman
2023-12-20 16:07 ` [PATCH 5.15 010/159] ksmbd: Remove unused fields from ksmbd_file struct definition Greg Kroah-Hartman
2023-12-20 16:07 ` [PATCH 5.15 011/159] ksmbd: set both ipv4 and ipv6 in FSCTL_QUERY_NETWORK_INTERFACE_INFO Greg Kroah-Hartman
2023-12-20 16:07 ` [PATCH 5.15 012/159] ksmbd: Fix buffer_check_err() kernel-doc comment Greg Kroah-Hartman
2023-12-20 16:07 ` [PATCH 5.15 013/159] ksmbd: Fix smb2_set_info_file() " Greg Kroah-Hartman
2023-12-20 16:07 ` [PATCH 5.15 014/159] ksmbd: Delete an invalid argument description in smb2_populate_readdir_entry() Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 015/159] ksmbd: Fix smb2_get_name() kernel-doc comment Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 016/159] ksmbd: register ksmbd ib client with ib_register_client() Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 017/159] ksmbd: set 445 port to smbdirect port by default Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 018/159] ksmbd: smbd: call rdma_accept() under CM handler Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 019/159] ksmbd: smbd: create MR pool Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 020/159] ksmbd: smbd: change the default maximum read/write, receive size Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 021/159] ksmbd: add smb-direct shutdown Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 022/159] ksmbd: smbd: fix missing clients memory region invalidation Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 023/159] ksmbd: smbd: validate buffer descriptor structures Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 024/159] ksmbd: add support for key exchange Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 025/159] ksmbd: use netif_is_bridge_port Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 026/159] ksmbd: store fids as opaque u64 integers Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 027/159] ksmbd: shorten experimental warning on loading the module Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 028/159] ksmbd: Remove a redundant zeroing of memory Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 029/159] ksmbd: replace usage of found with dedicated list iterator variable Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 030/159] smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 031/159] ksmbd: remove filename in ksmbd_file Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 032/159] ksmbd: validate length in smb2_write() Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 033/159] ksmbd: smbd: change prototypes of RDMA read/write related functions Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 034/159] ksmbd: smbd: introduce read/write credits for RDMA read/write Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 035/159] ksmbd: smbd: simplify tracking pending packets Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 036/159] ksmbd: smbd: change the return value of get_sg_list Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 037/159] ksmbd: smbd: handle multiple Buffer descriptors Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 038/159] ksmbd: fix wrong smbd max read/write size check Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 039/159] ksmbd: Fix some kernel-doc comments Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 040/159] ksmbd: smbd: fix connection dropped issue Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 041/159] ksmbd: smbd: relax the count of sges required Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 042/159] ksmbd: smbd: Remove useless license text when SPDX-License-Identifier is already used Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 043/159] ksmbd: remove duplicate flag set in smb2_write Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 044/159] ksmbd: remove unused ksmbd_share_configs_cleanup function Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 045/159] ksmbd: use wait_event instead of schedule_timeout() Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 046/159] ksmbd: request update to stale share config Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 047/159] ksmbd: remove unnecessary generic_fillattr in smb2_open Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 048/159] ksmbd: dont open-code file_path() Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 049/159] ksmbd: dont open-code %pD Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 050/159] ksmbd: constify struct path Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 051/159] ksmbd: remove generic_fillattr use in smb2_open() Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 052/159] ksmbd: casefold utf-8 share names and fix ascii lowercase conversion Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 053/159] ksmbd: change security id to the one samba used for posix extension Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 054/159] ksmbd: set file permission mode to match Samba server posix extension behavior Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 055/159] ksmbd: fill sids in SMB_FIND_FILE_POSIX_INFO response Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 056/159] ksmbd: fix encryption failure issue for session logoff response Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 057/159] ksmbd: set NTLMSSP_NEGOTIATE_SEAL flag to challenge blob Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 058/159] ksmbd: decrease the number of SMB3 smbdirect server SGEs Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 059/159] ksmbd: reduce server smbdirect max send/receive segment sizes Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 060/159] ksmbd: hide socket error message when ipv6 config is disable Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 061/159] ksmbd: make utf-8 file name comparison work in __caseless_lookup() Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 062/159] ksmbd: call ib_drain_qp when disconnected Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 063/159] ksmbd: validate share name from share config response Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 064/159] ksmbd: replace one-element arrays with flexible-array members Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 065/159] ksmbd: set SMB2_SESSION_FLAG_ENCRYPT_DATA when enforcing data encryption for this share Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 066/159] ksmbd: use F_SETLK when unlocking a file Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 067/159] ksmbd: Fix resource leak in smb2_lock() Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 068/159] ksmbd: Convert to use sysfs_emit()/sysfs_emit_at() APIs Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 069/159] ksmbd: send proper error response in smb2_tree_connect() Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 070/159] ksmbd: Implements sess->ksmbd_chann_list as xarray Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 071/159] ksmbd: Implements sess->rpc_handle_list " Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 072/159] ksmbd: fix typo, syncronous->synchronous Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 073/159] ksmbd: Remove duplicated codes Greg Kroah-Hartman
2023-12-20 16:08 ` [PATCH 5.15 074/159] ksmbd: update Kconfig to note Kerberos support and fix indentation Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 075/159] ksmbd: Fix spelling mistake "excceed" -> "exceeded" Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 076/159] ksmbd: Fix parameter name and comment mismatch Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 077/159] ksmbd: fix possible memory leak in smb2_lock() Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 078/159] ksmbd: fix wrong signingkey creation when encryption is AES256 Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 079/159] ksmbd: remove unused is_char_allowed function Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 080/159] ksmbd: delete asynchronous work from list Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 081/159] ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 082/159] ksmbd: avoid out of bounds access in decode_preauth_ctxt() Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 083/159] ksmbd: set NegotiateContextCount once instead of every inc Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 084/159] ksmbd: avoid duplicate negotiate ctx offset increments Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 085/159] ksmbd: remove unused compression negotiate ctx packing Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 086/159] fs: introduce lock_rename_child() helper Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 087/159] ksmbd: fix racy issue from using ->d_parent and ->d_name Greg Kroah-Hartman
2023-12-20 16:09 ` Greg Kroah-Hartman [this message]
2023-12-20 16:09 ` [PATCH 5.15 089/159] ksmbd: destroy expired sessions Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 090/159] ksmbd: block asynchronous requests when making a delay on session setup Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 091/159] ksmbd: fix racy issue from smb2 close and logoff with multichannel Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 092/159] ksmbd: fix racy issue under cocurrent smb2 tree disconnect Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 093/159] ksmbd: fix uninitialized pointer read in ksmbd_vfs_rename() Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 094/159] ksmbd: fix uninitialized pointer read in smb2_create_link() Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 095/159] ksmbd: fix multiple out-of-bounds read during context decoding Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 096/159] ksmbd: fix UAF issue from opinfo->conn Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 097/159] ksmbd: call putname after using the last component Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 098/159] ksmbd: fix out-of-bound read in deassemble_neg_contexts() Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 099/159] ksmbd: fix out-of-bound read in parse_lease_state() Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 100/159] ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR() Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 101/159] ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 102/159] ksmbd: validate smb request protocol id Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 103/159] ksmbd: add mnt_want_write to ksmbd vfs functions Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 104/159] ksmbd: remove unused ksmbd_tree_conn_share function Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 105/159] ksmbd: use kzalloc() instead of __GFP_ZERO Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 106/159] ksmbd: return a literal instead of err in ksmbd_vfs_kern_path_locked() Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 107/159] ksmbd: Change the return value of ksmbd_vfs_query_maximal_access to void Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 108/159] ksmbd: use kvzalloc instead of kvmalloc Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 109/159] ksmbd: Replace the ternary conditional operator with min() Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 110/159] ksmbd: fix out of bounds read in smb2_sess_setup Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 111/159] ksmbd: add missing compound request handing in some commands Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 112/159] ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect() Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 113/159] ksmbd: Replace one-element array with flexible-array member Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 114/159] ksmbd: Fix unsigned expression compared with zero Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 115/159] ksmbd: check if a mount point is crossed during path lookup Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 116/159] ksmbd: validate session id and tree id in compound request Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 117/159] ksmbd: fix out of bounds in init_smb2_rsp_hdr() Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 118/159] ksmbd: switch to use kmemdup_nul() helper Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 119/159] ksmbd: add support for read compound Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 120/159] ksmbd: fix wrong interim response on compound Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 121/159] ksmbd: fix `force create mode and `force directory mode Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 122/159] ksmbd: reduce descriptor size if remaining bytes is less than request size Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 123/159] ksmbd: Fix one kernel-doc comment Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 124/159] ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 125/159] ksmbd: add missing calling smb2_set_err_rsp() on error Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 126/159] ksmbd: remove experimental warning Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 127/159] ksmbd: remove unneeded mark_inode_dirty in set_info_sec() Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 128/159] ksmbd: fix passing freed memory aux_payload_buf Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 129/159] ksmbd: return invalid parameter error response if smb2 request is invalid Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 130/159] ksmbd: check iov vector index in ksmbd_conn_write() Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 131/159] ksmbd: fix race condition between session lookup and expire Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 132/159] ksmbd: fix race condition with fp Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 133/159] ksmbd: fix race condition from parallel smb2 logoff requests Greg Kroah-Hartman
2023-12-20 16:09 ` [PATCH 5.15 134/159] ksmbd: fix race condition from parallel smb2 lock requests Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 135/159] ksmbd: fix race condition between tree conn lookup and disconnect Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 136/159] ksmbd: fix wrong error response status by using set_smb2_rsp_status() Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 137/159] ksmbd: fix Null pointer dereferences in ksmbd_update_fstate() Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 138/159] ksmbd: fix potential double free on smb2_read_pipe() error path Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 139/159] ksmbd: Remove unused field in ksmbd_user struct Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 140/159] ksmbd: reorganize ksmbd_iov_pin_rsp() Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 141/159] ksmbd: fix kernel-doc comment of ksmbd_vfs_setxattr() Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 142/159] ksmbd: fix recursive locking in vfs helpers Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 143/159] ksmbd: fix missing RDMA-capable flag for IPoIB device in ksmbd_rdma_capable_netdev() Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 144/159] ksmbd: add support for surrogate pair conversion Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 145/159] ksmbd: no need to wait for binded connection termination at logoff Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 146/159] ksmbd: fix kernel-doc comment of ksmbd_vfs_kern_path_locked() Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 147/159] ksmbd: handle malformed smb1 message Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 148/159] ksmbd: prevent memory leak on error return Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 149/159] ksmbd: fix possible deadlock in smb2_open Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 150/159] ksmbd: separately allocate ci per dentry Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 151/159] ksmbd: move oplock handling after unlock parent dir Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 152/159] ksmbd: release interim response after sending status pending response Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 153/159] ksmbd: move setting SMB2_FLAGS_ASYNC_COMMAND and AsyncId Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 154/159] ksmbd: dont update ->op_state as OPLOCK_STATE_NONE on error Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 155/159] Revert "drm/bridge: lt9611uxc: fix the race in the error path" Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 156/159] Revert "drm/bridge: lt9611uxc: Register and attach our DSI device at probe" Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 157/159] Revert "drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers" Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 158/159] tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols Greg Kroah-Hartman
2023-12-20 16:10 ` [PATCH 5.15 159/159] kasan: disable kasan_non_canonical_hook() for HW tags Greg Kroah-Hartman
2023-12-20 19:31 ` [PATCH 5.15 000/159] 5.15.145-rc1 review Florian Fainelli
2023-12-20 19:38 ` Allen
2023-12-21 4:52 ` Shuah Khan
2023-12-21 5:41 ` Namjae Jeon
2023-12-21 6:48 ` Naresh Kamboju
2023-12-21 9:17 ` Ron Economos
2023-12-21 14:57 ` Guenter Roeck
2023-12-21 23:37 ` SeongJae Park
2023-12-22 13:28 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231220160935.480188228@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linkinjeon@kernel.org \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
--cc=stfrench@microsoft.com \
--cc=zdi-disclosures@trendmicro.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox