[PATCH 5.15.y 00/11] ksmbd: backport patches from 6.8-rc1

[PATCH 5.15.y 00/11] ksmbd: backport patches from 6.8-rc1

[Namjae Jeon]

This patchset is backport patches from 6.8-rc1.

-- 
2.25.1

[PATCH 5.15.y 01/11] ksmbd: validate the zero field of packet header

[Namjae Jeon]

From: Li Nan <linan122@huawei.com>

[ Upstream commit 516b3eb8c8065f7465f87608d37a7ed08298c7a5 ]

The SMB2 Protocol requires that "The first byte of the Direct TCP
transport packet header MUST be zero (0x00)"[1]. Commit 1c1bcf2d3ea0
("ksmbd: validate smb request protocol id") removed the validation of
this 1-byte zero. Add the validation back now.

[1]: [MS-SMB2] - v20230227, page 30.
https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-SMB2/%5bMS-SMB2%5d-230227.pdf

Fixes: 1c1bcf2d3ea0 ("ksmbd: validate smb request protocol id")
Signed-off-by: Li Nan <linan122@huawei.com>
Acked-by: Tom Talpey <tom@talpey.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/ksmbd/smb_common.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fs/ksmbd/smb_common.c b/fs/ksmbd/smb_common.c
index d160363c09eb..e90a1e8c1951 100644
--- a/fs/ksmbd/smb_common.c
+++ b/fs/ksmbd/smb_common.c
@@ -158,8 +158,12 @@ int ksmbd_verify_smb_message(struct ksmbd_work *work)
  */
 bool ksmbd_smb_request(struct ksmbd_conn *conn)
 {
-	__le32 *proto = (__le32 *)smb2_get_msg(conn->request_buf);
+	__le32 *proto;
 
+	if (conn->request_buf[0] != 0)
+		return false;
+
+	proto = (__le32 *)smb2_get_msg(conn->request_buf);
 	if (*proto == SMB2_COMPRESSION_TRANSFORM_ID) {
 		pr_err_ratelimited("smb2 compression not support yet");
 		return false;
-- 
2.25.1

[PATCH 5.15.y 02/11] ksmbd: set v2 lease version on lease upgrade

[Namjae Jeon]

[ Upstream commit bb05367a66a9990d2c561282f5620bb1dbe40c28 ]

If file opened with v2 lease is upgraded with v1 lease, smb server
should response v2 lease create context to client.
This patch fix smb2.lease.v2_epoch2 test failure.

This test case assumes the following scenario:
 1. smb2 create with v2 lease(R, LEASE1 key)
 2. smb server return smb2 create response with v2 lease context(R,
LEASE1 key, epoch + 1)
 3. smb2 create with v1 lease(RH, LEASE1 key)
 4. smb server return smb2 create response with v2 lease context(RH,
LEASE1 key, epoch + 2)

i.e. If same client(same lease key) try to open a file that is being
opened with v2 lease with v1 lease, smb server should return v2 lease.

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Acked-by: Tom Talpey <tom@talpey.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/ksmbd/oplock.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/ksmbd/oplock.c b/fs/ksmbd/oplock.c
index 2da256259722..f8a2efa2dae7 100644
--- a/fs/ksmbd/oplock.c
+++ b/fs/ksmbd/oplock.c
@@ -1036,6 +1036,7 @@ static void copy_lease(struct oplock_info *op1, struct oplock_info *op2)
 	lease2->duration = lease1->duration;
 	lease2->flags = lease1->flags;
 	lease2->epoch = lease1->epoch++;
+	lease2->version = lease1->version;
 }
 
 static int add_lease_global_list(struct oplock_info *opinfo)
-- 
2.25.1

[PATCH 5.15.y 03/11] ksmbd: fix potential circular locking issue in smb2_set_ea()

[Namjae Jeon]

[ Upstream commit 6fc0a265e1b932e5e97a038f99e29400a93baad0 ]

smb2_set_ea() can be called in parent inode lock range.
So add get_write argument to smb2_set_ea() not to call nested
mnt_want_write().

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/ksmbd/smb2pdu.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index 8875c04e8382..5975a2bc471f 100644
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -2311,11 +2311,12 @@ static noinline int create_smb2_pipe(struct ksmbd_work *work)
  * @eabuf:	set info command buffer
  * @buf_len:	set info command buffer length
  * @path:	dentry path for get ea
+ * @get_write:	get write access to a mount
  *
  * Return:	0 on success, otherwise error
  */
 static int smb2_set_ea(struct smb2_ea_info *eabuf, unsigned int buf_len,
-		       const struct path *path)
+		       const struct path *path, bool get_write)
 {
 	struct user_namespace *user_ns = mnt_user_ns(path->mnt);
 	char *attr_name = NULL, *value;
@@ -3000,7 +3001,7 @@ int smb2_open(struct ksmbd_work *work)
 
 			rc = smb2_set_ea(&ea_buf->ea,
 					 le32_to_cpu(ea_buf->ccontext.DataLength),
-					 &path);
+					 &path, false);
 			if (rc == -EOPNOTSUPP)
 				rc = 0;
 			else if (rc)
@@ -5994,7 +5995,7 @@ static int smb2_set_info_file(struct ksmbd_work *work, struct ksmbd_file *fp,
 			return -EINVAL;
 
 		return smb2_set_ea((struct smb2_ea_info *)req->Buffer,
-				   buf_len, &fp->filp->f_path);
+				   buf_len, &fp->filp->f_path, true);
 	}
 	case FILE_POSITION_INFORMATION:
 	{
-- 
2.25.1

[PATCH 5.15.y 04/11] ksmbd: don't increment epoch if current state and request state are same

[Namjae Jeon]

[ Upstream commit b6e9a44e99603fe10e1d78901fdd97681a539612 ]

If existing lease state and request state are same, don't increment
epoch in create context.

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/ksmbd/oplock.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/fs/ksmbd/oplock.c b/fs/ksmbd/oplock.c
index f8a2efa2dae7..d798c1d8f126 100644
--- a/fs/ksmbd/oplock.c
+++ b/fs/ksmbd/oplock.c
@@ -105,7 +105,7 @@ static int alloc_lease(struct oplock_info *opinfo, struct lease_ctx_info *lctx)
 	lease->is_dir = lctx->is_dir;
 	memcpy(lease->parent_lease_key, lctx->parent_lease_key, SMB2_LEASE_KEY_SIZE);
 	lease->version = lctx->version;
-	lease->epoch = le16_to_cpu(lctx->epoch);
+	lease->epoch = le16_to_cpu(lctx->epoch) + 1;
 	INIT_LIST_HEAD(&opinfo->lease_entry);
 	opinfo->o_lease = lease;
 
@@ -541,6 +541,9 @@ static struct oplock_info *same_client_has_lease(struct ksmbd_inode *ci,
 				continue;
 			}
 
+			if (lctx->req_state != lease->state)
+				lease->epoch++;
+
 			/* upgrading lease */
 			if ((atomic_read(&ci->op_count) +
 			     atomic_read(&ci->sop_count)) == 1) {
@@ -1035,7 +1038,7 @@ static void copy_lease(struct oplock_info *op1, struct oplock_info *op2)
 	       SMB2_LEASE_KEY_SIZE);
 	lease2->duration = lease1->duration;
 	lease2->flags = lease1->flags;
-	lease2->epoch = lease1->epoch++;
+	lease2->epoch = lease1->epoch;
 	lease2->version = lease1->version;
 }
 
@@ -1448,7 +1451,7 @@ void create_lease_buf(u8 *rbuf, struct lease *lease)
 		memcpy(buf->lcontext.LeaseKey, lease->lease_key,
 		       SMB2_LEASE_KEY_SIZE);
 		buf->lcontext.LeaseFlags = lease->flags;
-		buf->lcontext.Epoch = cpu_to_le16(++lease->epoch);
+		buf->lcontext.Epoch = cpu_to_le16(lease->epoch);
 		buf->lcontext.LeaseState = lease->state;
 		memcpy(buf->lcontext.ParentLeaseKey, lease->parent_lease_key,
 		       SMB2_LEASE_KEY_SIZE);
-- 
2.25.1

[PATCH 5.15.y 05/11] ksmbd: don't allow O_TRUNC open on read-only share

[Namjae Jeon]

[ Upstream commit d592a9158a112d419f341f035d18d02f8d232def ]

When file is changed using notepad on read-only share(read_only = yes in
ksmbd.conf), There is a problem where existing data is truncated.
notepad in windows try to O_TRUNC open(FILE_OVERWRITE_IF) and all data
in file is truncated. This patch don't allow  O_TRUNC open on read-only
share and add KSMBD_TREE_CONN_FLAG_WRITABLE check in smb2_set_info().

Cc: stable@vger.kernel.org
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/ksmbd/smb2pdu.c | 23 +++++++++--------------
 1 file changed, 9 insertions(+), 14 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index 5975a2bc471f..4d6663ab3d03 100644
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -2969,7 +2969,7 @@ int smb2_open(struct ksmbd_work *work)
 					    &may_flags);
 
 	if (!test_tree_conn_flag(tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) {
-		if (open_flags & O_CREAT) {
+		if (open_flags & (O_CREAT | O_TRUNC)) {
 			ksmbd_debug(SMB,
 				    "User does not have write permission\n");
 			rc = -EACCES;
@@ -5946,12 +5946,6 @@ static int smb2_set_info_file(struct ksmbd_work *work, struct ksmbd_file *fp,
 	}
 	case FILE_RENAME_INFORMATION:
 	{
-		if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) {
-			ksmbd_debug(SMB,
-				    "User does not have write permission\n");
-			return -EACCES;
-		}
-
 		if (buf_len < sizeof(struct smb2_file_rename_info))
 			return -EINVAL;
 
@@ -5971,12 +5965,6 @@ static int smb2_set_info_file(struct ksmbd_work *work, struct ksmbd_file *fp,
 	}
 	case FILE_DISPOSITION_INFORMATION:
 	{
-		if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) {
-			ksmbd_debug(SMB,
-				    "User does not have write permission\n");
-			return -EACCES;
-		}
-
 		if (buf_len < sizeof(struct smb2_file_disposition_info))
 			return -EINVAL;
 
@@ -6038,7 +6026,7 @@ int smb2_set_info(struct ksmbd_work *work)
 {
 	struct smb2_set_info_req *req;
 	struct smb2_set_info_rsp *rsp;
-	struct ksmbd_file *fp;
+	struct ksmbd_file *fp = NULL;
 	int rc = 0;
 	unsigned int id = KSMBD_NO_FID, pid = KSMBD_NO_FID;
 
@@ -6058,6 +6046,13 @@ int smb2_set_info(struct ksmbd_work *work)
 		rsp = smb2_get_msg(work->response_buf);
 	}
 
+	if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) {
+		ksmbd_debug(SMB, "User does not have write permission\n");
+		pr_err("User does not have write permission\n");
+		rc = -EACCES;
+		goto err_out;
+	}
+
 	if (!has_file_id(id)) {
 		id = req->VolatileFileId;
 		pid = req->PersistentFileId;
-- 
2.25.1

[PATCH 5.15.y 06/11] ksmbd: send lease break notification on FILE_RENAME_INFORMATION

[Namjae Jeon]

[ Upstream commit 3fc74c65b367476874da5fe6f633398674b78e5a ]

Send lease break notification on FILE_RENAME_INFORMATION request.
This patch fix smb2.lease.v2_epoch2 test failure.

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/ksmbd/oplock.c  | 12 +++++++-----
 fs/ksmbd/smb2pdu.c |  1 +
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/fs/ksmbd/oplock.c b/fs/ksmbd/oplock.c
index d798c1d8f126..5baabcb818f0 100644
--- a/fs/ksmbd/oplock.c
+++ b/fs/ksmbd/oplock.c
@@ -541,14 +541,12 @@ static struct oplock_info *same_client_has_lease(struct ksmbd_inode *ci,
 				continue;
 			}
 
-			if (lctx->req_state != lease->state)
-				lease->epoch++;
-
 			/* upgrading lease */
 			if ((atomic_read(&ci->op_count) +
 			     atomic_read(&ci->sop_count)) == 1) {
 				if (lease->state != SMB2_LEASE_NONE_LE &&
 				    lease->state == (lctx->req_state & lease->state)) {
+					lease->epoch++;
 					lease->state |= lctx->req_state;
 					if (lctx->req_state &
 						SMB2_LEASE_WRITE_CACHING_LE)
@@ -559,13 +557,17 @@ static struct oplock_info *same_client_has_lease(struct ksmbd_inode *ci,
 				    atomic_read(&ci->sop_count)) > 1) {
 				if (lctx->req_state ==
 				    (SMB2_LEASE_READ_CACHING_LE |
-				     SMB2_LEASE_HANDLE_CACHING_LE))
+				     SMB2_LEASE_HANDLE_CACHING_LE)) {
+					lease->epoch++;
 					lease->state = lctx->req_state;
+				}
 			}
 
 			if (lctx->req_state && lease->state ==
-			    SMB2_LEASE_NONE_LE)
+			    SMB2_LEASE_NONE_LE) {
+				lease->epoch++;
 				lease_none_upgrade(opinfo, lctx->req_state);
+			}
 		}
 		read_lock(&ci->m_lock);
 	}
diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index 4d6663ab3d03..795d3554abe2 100644
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -5569,6 +5569,7 @@ static int smb2_rename(struct ksmbd_work *work,
 	if (!file_info->ReplaceIfExists)
 		flags = RENAME_NOREPLACE;
 
+	smb_break_all_levII_oplock(work, fp, 0);
 	rc = ksmbd_vfs_rename(work, &fp->filp->f_path, new_name, flags);
 out:
 	kfree(new_name);
-- 
2.25.1

[PATCH 5.15.y 07/11] ksmbd: free ppace array on error in parse_dacl

[Namjae Jeon]

From: Fedor Pchelkin <pchelkin@ispras.ru>

[ Upstream commit 8cf9bedfc3c47d24bb0de386f808f925dc52863e ]

The ppace array is not freed if one of the init_acl_state() calls inside
parse_dacl() fails. At the moment the function may fail only due to the
memory allocation errors so it's highly unlikely in this case but
nevertheless a fix is needed.

Move ppace allocation after the init_acl_state() calls with proper error
handling.

Found by Linux Verification Center (linuxtesting.org).

Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
Cc: stable@vger.kernel.org
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/ksmbd/smbacl.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/fs/ksmbd/smbacl.c b/fs/ksmbd/smbacl.c
index 9ace5027684d..3a6c0abdb035 100644
--- a/fs/ksmbd/smbacl.c
+++ b/fs/ksmbd/smbacl.c
@@ -399,10 +399,6 @@ static void parse_dacl(struct user_namespace *user_ns,
 	if (num_aces > ULONG_MAX / sizeof(struct smb_ace *))
 		return;
 
-	ppace = kmalloc_array(num_aces, sizeof(struct smb_ace *), GFP_KERNEL);
-	if (!ppace)
-		return;
-
 	ret = init_acl_state(&acl_state, num_aces);
 	if (ret)
 		return;
@@ -412,6 +408,13 @@ static void parse_dacl(struct user_namespace *user_ns,
 		return;
 	}
 
+	ppace = kmalloc_array(num_aces, sizeof(struct smb_ace *), GFP_KERNEL);
+	if (!ppace) {
+		free_acl_state(&default_acl_state);
+		free_acl_state(&acl_state);
+		return;
+	}
+
 	/*
 	 * reset rwx permissions for user/group/other.
 	 * Also, if num_aces is 0 i.e. DACL has no ACEs,
-- 
2.25.1

[PATCH 5.15.y 08/11] ksmbd: Add missing set_freezable() for freezable kthread

[Namjae Jeon]

From: Kevin Hao <haokexin@gmail.com>

[ Upstream commit 8fb7b723924cc9306bc161f45496497aec733904 ]

The kernel thread function ksmbd_conn_handler_loop() invokes
the try_to_freeze() in its loop. But all the kernel threads are
non-freezable by default. So if we want to make a kernel thread to be
freezable, we have to invoke set_freezable() explicitly.

Signed-off-by: Kevin Hao <haokexin@gmail.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/ksmbd/connection.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/ksmbd/connection.c b/fs/ksmbd/connection.c
index 0a7a30bd531f..f9fbde916a09 100644
--- a/fs/ksmbd/connection.c
+++ b/fs/ksmbd/connection.c
@@ -284,6 +284,7 @@ int ksmbd_conn_handler_loop(void *p)
 		goto out;
 
 	conn->last_active = jiffies;
+	set_freezable();
 	while (ksmbd_conn_alive(conn)) {
 		if (try_to_freeze())
 			continue;
-- 
2.25.1

[PATCH 5.15.y 09/11] ksmbd: validate mech token in session setup

[Namjae Jeon]

[ Upstream commit 92e470163d96df8db6c4fa0f484e4a229edb903d ]

If client send invalid mech token in session setup request, ksmbd
validate and make the error if it is invalid.

Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-22890
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/ksmbd/asn1.c       |  5 +++++
 fs/ksmbd/connection.h |  1 +
 fs/ksmbd/smb2pdu.c    | 22 +++++++++++++++++-----
 3 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/fs/ksmbd/asn1.c b/fs/ksmbd/asn1.c
index 4a4b2b03ff33..b931a99ab9c8 100644
--- a/fs/ksmbd/asn1.c
+++ b/fs/ksmbd/asn1.c
@@ -214,10 +214,15 @@ static int ksmbd_neg_token_alloc(void *context, size_t hdrlen,
 {
 	struct ksmbd_conn *conn = context;
 
+	if (!vlen)
+		return -EINVAL;
+
 	conn->mechToken = kmemdup_nul(value, vlen, GFP_KERNEL);
 	if (!conn->mechToken)
 		return -ENOMEM;
 
+	conn->mechTokenLen = (unsigned int)vlen;
+
 	return 0;
 }
 
diff --git a/fs/ksmbd/connection.h b/fs/ksmbd/connection.h
index 3c005246a32e..342f935f5770 100644
--- a/fs/ksmbd/connection.h
+++ b/fs/ksmbd/connection.h
@@ -88,6 +88,7 @@ struct ksmbd_conn {
 	__u16				dialect;
 
 	char				*mechToken;
+	unsigned int			mechTokenLen;
 
 	struct ksmbd_conn_ops	*conn_ops;
 
diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index 795d3554abe2..7e8f1c89124f 100644
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -1414,7 +1414,10 @@ static struct ksmbd_user *session_user(struct ksmbd_conn *conn,
 	char *name;
 	unsigned int name_off, name_len, secbuf_len;
 
-	secbuf_len = le16_to_cpu(req->SecurityBufferLength);
+	if (conn->use_spnego && conn->mechToken)
+		secbuf_len = conn->mechTokenLen;
+	else
+		secbuf_len = le16_to_cpu(req->SecurityBufferLength);
 	if (secbuf_len < sizeof(struct authenticate_message)) {
 		ksmbd_debug(SMB, "blob len %d too small\n", secbuf_len);
 		return NULL;
@@ -1505,7 +1508,10 @@ static int ntlm_authenticate(struct ksmbd_work *work,
 		struct authenticate_message *authblob;
 
 		authblob = user_authblob(conn, req);
-		sz = le16_to_cpu(req->SecurityBufferLength);
+		if (conn->use_spnego && conn->mechToken)
+			sz = conn->mechTokenLen;
+		else
+			sz = le16_to_cpu(req->SecurityBufferLength);
 		rc = ksmbd_decode_ntlmssp_auth_blob(authblob, sz, conn, sess);
 		if (rc) {
 			set_user_flag(sess->user, KSMBD_USER_FLAG_BAD_PASSWORD);
@@ -1778,8 +1784,7 @@ int smb2_sess_setup(struct ksmbd_work *work)
 
 	negblob_off = le16_to_cpu(req->SecurityBufferOffset);
 	negblob_len = le16_to_cpu(req->SecurityBufferLength);
-	if (negblob_off < offsetof(struct smb2_sess_setup_req, Buffer) ||
-	    negblob_len < offsetof(struct negotiate_message, NegotiateFlags)) {
+	if (negblob_off < offsetof(struct smb2_sess_setup_req, Buffer)) {
 		rc = -EINVAL;
 		goto out_err;
 	}
@@ -1788,8 +1793,15 @@ int smb2_sess_setup(struct ksmbd_work *work)
 			negblob_off);
 
 	if (decode_negotiation_token(conn, negblob, negblob_len) == 0) {
-		if (conn->mechToken)
+		if (conn->mechToken) {
 			negblob = (struct negotiate_message *)conn->mechToken;
+			negblob_len = conn->mechTokenLen;
+		}
+	}
+
+	if (negblob_len < offsetof(struct negotiate_message, NegotiateFlags)) {
+		rc = -EINVAL;
+		goto out_err;
 	}
 
 	if (server_conf.auth_mechs & conn->auth_mechs) {
-- 
2.25.1

[PATCH 5.15.y 10/11] ksmbd: fix UAF issue in ksmbd_tcp_new_connection()

[Namjae Jeon]

[ Upstream commit 38d20c62903d669693a1869aa68c4dd5674e2544 ]

The race is between the handling of a new TCP connection and
its disconnection. It leads to UAF on  in
ksmbd_tcp_new_connection() function.

Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-22991
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/ksmbd/connection.c     |  6 ------
 fs/ksmbd/connection.h     |  1 -
 fs/ksmbd/transport_rdma.c | 11 ++++++-----
 fs/ksmbd/transport_tcp.c  | 13 +++++++------
 4 files changed, 13 insertions(+), 18 deletions(-)

diff --git a/fs/ksmbd/connection.c b/fs/ksmbd/connection.c
index f9fbde916a09..63815c4df133 100644
--- a/fs/ksmbd/connection.c
+++ b/fs/ksmbd/connection.c
@@ -416,13 +416,7 @@ static void stop_sessions(void)
 again:
 	down_read(&conn_list_lock);
 	list_for_each_entry(conn, &conn_list, conns_list) {
-		struct task_struct *task;
-
 		t = conn->transport;
-		task = t->handler;
-		if (task)
-			ksmbd_debug(CONN, "Stop session handler %s/%d\n",
-				    task->comm, task_pid_nr(task));
 		ksmbd_conn_set_exiting(conn);
 		if (t->ops->shutdown) {
 			up_read(&conn_list_lock);
diff --git a/fs/ksmbd/connection.h b/fs/ksmbd/connection.h
index 342f935f5770..0e04cf8b1d89 100644
--- a/fs/ksmbd/connection.h
+++ b/fs/ksmbd/connection.h
@@ -135,7 +135,6 @@ struct ksmbd_transport_ops {
 struct ksmbd_transport {
 	struct ksmbd_conn		*conn;
 	struct ksmbd_transport_ops	*ops;
-	struct task_struct		*handler;
 };
 
 #define KSMBD_TCP_RECV_TIMEOUT	(7 * HZ)
diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c
index 252a1e7afcc0..355673f2830b 100644
--- a/fs/ksmbd/transport_rdma.c
+++ b/fs/ksmbd/transport_rdma.c
@@ -2039,6 +2039,7 @@ static bool rdma_frwr_is_supported(struct ib_device_attr *attrs)
 static int smb_direct_handle_connect_request(struct rdma_cm_id *new_cm_id)
 {
 	struct smb_direct_transport *t;
+	struct task_struct *handler;
 	int ret;
 
 	if (!rdma_frwr_is_supported(&new_cm_id->device->attrs)) {
@@ -2056,11 +2057,11 @@ static int smb_direct_handle_connect_request(struct rdma_cm_id *new_cm_id)
 	if (ret)
 		goto out_err;
 
-	KSMBD_TRANS(t)->handler = kthread_run(ksmbd_conn_handler_loop,
-					      KSMBD_TRANS(t)->conn, "ksmbd:r%u",
-					      smb_direct_port);
-	if (IS_ERR(KSMBD_TRANS(t)->handler)) {
-		ret = PTR_ERR(KSMBD_TRANS(t)->handler);
+	handler = kthread_run(ksmbd_conn_handler_loop,
+			      KSMBD_TRANS(t)->conn, "ksmbd:r%u",
+			      smb_direct_port);
+	if (IS_ERR(handler)) {
+		ret = PTR_ERR(handler);
 		pr_err("Can't start thread\n");
 		goto out_err;
 	}
diff --git a/fs/ksmbd/transport_tcp.c b/fs/ksmbd/transport_tcp.c
index eff7a1d793f0..9d4222154dcc 100644
--- a/fs/ksmbd/transport_tcp.c
+++ b/fs/ksmbd/transport_tcp.c
@@ -185,6 +185,7 @@ static int ksmbd_tcp_new_connection(struct socket *client_sk)
 	struct sockaddr *csin;
 	int rc = 0;
 	struct tcp_transport *t;
+	struct task_struct *handler;
 
 	t = alloc_transport(client_sk);
 	if (!t) {
@@ -199,13 +200,13 @@ static int ksmbd_tcp_new_connection(struct socket *client_sk)
 		goto out_error;
 	}
 
-	KSMBD_TRANS(t)->handler = kthread_run(ksmbd_conn_handler_loop,
-					      KSMBD_TRANS(t)->conn,
-					      "ksmbd:%u",
-					      ksmbd_tcp_get_port(csin));
-	if (IS_ERR(KSMBD_TRANS(t)->handler)) {
+	handler = kthread_run(ksmbd_conn_handler_loop,
+			      KSMBD_TRANS(t)->conn,
+			      "ksmbd:%u",
+			      ksmbd_tcp_get_port(csin));
+	if (IS_ERR(handler)) {
 		pr_err("cannot start conn thread\n");
-		rc = PTR_ERR(KSMBD_TRANS(t)->handler);
+		rc = PTR_ERR(handler);
 		free_transport(t);
 	}
 	return rc;
-- 
2.25.1

[PATCH 5.15.y 11/11] ksmbd: only v2 leases handle the directory

[Namjae Jeon]

[ Upstream commit 77bebd186442a7d703b796784db7495129cc3e70 ]

When smb2 leases is disable, ksmbd can send oplock break notification
and cause wait oplock break ack timeout. It may appear like hang when
accessing a directory. This patch make only v2 leases handle the
directory.

Cc: stable@vger.kernel.org
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/ksmbd/oplock.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/fs/ksmbd/oplock.c b/fs/ksmbd/oplock.c
index 5baabcb818f0..4e444d01a3c3 100644
--- a/fs/ksmbd/oplock.c
+++ b/fs/ksmbd/oplock.c
@@ -1197,6 +1197,12 @@ int smb_grant_oplock(struct ksmbd_work *work, int req_op_level, u64 pid,
 	bool prev_op_has_lease;
 	__le32 prev_op_state = 0;
 
+	/* Only v2 leases handle the directory */
+	if (S_ISDIR(file_inode(fp->filp)->i_mode)) {
+		if (!lctx || lctx->version != 2)
+			return 0;
+	}
+
 	opinfo = alloc_opinfo(work, pid, tid);
 	if (!opinfo)
 		return -ENOMEM;
-- 
2.25.1

Re: [PATCH 5.15.y 00/11] ksmbd: backport patches from 6.8-rc1

[Greg KH]

On Sun, Jan 21, 2024 at 11:30:27PM +0900, Namjae Jeon wrote:
> This patchset is backport patches from 6.8-rc1.

Nice, but we obviously can not take patches only to 5.15.y as that would
be a regression when people upgrade to a newer kernel.  Can you also
provide the needed backports for 6.1.y and 6.6.y and 6.7.y?

thanks,

greg k-h

Re: [PATCH 5.15.y 00/11] ksmbd: backport patches from 6.8-rc1

[Namjae Jeon]

2024-01-23 0:03 GMT+09:00, Greg KH <gregkh@linuxfoundation.org>:
> On Sun, Jan 21, 2024 at 11:30:27PM +0900, Namjae Jeon wrote:
>> This patchset is backport patches from 6.8-rc1.
>
> Nice, but we obviously can not take patches only to 5.15.y as that would
> be a regression when people upgrade to a newer kernel.  Can you also
> provide the needed backports for 6.1.y and 6.6.y and 6.7.y?
Sure, I will do that.
Thanks!
>
> thanks,
>
> greg k-h
>

Re: [PATCH 5.15.y 00/11] ksmbd: backport patches from 6.8-rc1

[Namjae Jeon]

2024-01-23 8:28 GMT+09:00, Namjae Jeon <linkinjeon@kernel.org>:
> 2024-01-23 0:03 GMT+09:00, Greg KH <gregkh@linuxfoundation.org>:
>> On Sun, Jan 21, 2024 at 11:30:27PM +0900, Namjae Jeon wrote:
>>> This patchset is backport patches from 6.8-rc1.
>>
>> Nice, but we obviously can not take patches only to 5.15.y as that would
>> be a regression when people upgrade to a newer kernel.  Can you also
>> provide the needed backports for 6.1.y and 6.6.y and 6.7.y?
> Sure, I will do that.
> Thanks!
I have sent ksmbd backport patches for 5.15, 6.1, 6.6, 6.7 kernel.
Could you please check them ?

Thanks!
>>
>> thanks,
>>
>> greg k-h
>>
>

Re: [PATCH 5.15.y 00/11] ksmbd: backport patches from 6.8-rc1

[Greg KH]

On Fri, Jan 26, 2024 at 10:25:36AM +0900, Namjae Jeon wrote:
> 2024-01-23 8:28 GMT+09:00, Namjae Jeon <linkinjeon@kernel.org>:
> > 2024-01-23 0:03 GMT+09:00, Greg KH <gregkh@linuxfoundation.org>:
> >> On Sun, Jan 21, 2024 at 11:30:27PM +0900, Namjae Jeon wrote:
> >>> This patchset is backport patches from 6.8-rc1.
> >>
> >> Nice, but we obviously can not take patches only to 5.15.y as that would
> >> be a regression when people upgrade to a newer kernel.  Can you also
> >> provide the needed backports for 6.1.y and 6.6.y and 6.7.y?
> > Sure, I will do that.
> > Thanks!
> I have sent ksmbd backport patches for 5.15, 6.1, 6.6, 6.7 kernel.
> Could you please check them ?

Give us a chance, we just released kernels a few hours ago and couldn't
do anything until that happened...

greg k-h

Re: [PATCH 5.15.y 00/11] ksmbd: backport patches from 6.8-rc1

[Namjae Jeon]

2024-01-26 10:36 GMT+09:00, Greg KH <gregkh@linuxfoundation.org>:
> On Fri, Jan 26, 2024 at 10:25:36AM +0900, Namjae Jeon wrote:
>> 2024-01-23 8:28 GMT+09:00, Namjae Jeon <linkinjeon@kernel.org>:
>> > 2024-01-23 0:03 GMT+09:00, Greg KH <gregkh@linuxfoundation.org>:
>> >> On Sun, Jan 21, 2024 at 11:30:27PM +0900, Namjae Jeon wrote:
>> >>> This patchset is backport patches from 6.8-rc1.
>> >>
>> >> Nice, but we obviously can not take patches only to 5.15.y as that
>> >> would
>> >> be a regression when people upgrade to a newer kernel.  Can you also
>> >> provide the needed backports for 6.1.y and 6.6.y and 6.7.y?
>> > Sure, I will do that.
>> > Thanks!
>> I have sent ksmbd backport patches for 5.15, 6.1, 6.6, 6.7 kernel.
>> Could you please check them ?
>
> Give us a chance, we just released kernels a few hours ago and couldn't
> do anything until that happened...
Okay, I would really appreciate it if you could apply them into the
next version!

Thanks!
>
> greg k-h
>

Re: [PATCH 5.15.y 00/11] ksmbd: backport patches from 6.8-rc1

[Greg KH]

On Fri, Jan 26, 2024 at 10:59:17AM +0900, Namjae Jeon wrote:
> 2024-01-26 10:36 GMT+09:00, Greg KH <gregkh@linuxfoundation.org>:
> > On Fri, Jan 26, 2024 at 10:25:36AM +0900, Namjae Jeon wrote:
> >> 2024-01-23 8:28 GMT+09:00, Namjae Jeon <linkinjeon@kernel.org>:
> >> > 2024-01-23 0:03 GMT+09:00, Greg KH <gregkh@linuxfoundation.org>:
> >> >> On Sun, Jan 21, 2024 at 11:30:27PM +0900, Namjae Jeon wrote:
> >> >>> This patchset is backport patches from 6.8-rc1.
> >> >>
> >> >> Nice, but we obviously can not take patches only to 5.15.y as that
> >> >> would
> >> >> be a regression when people upgrade to a newer kernel.  Can you also
> >> >> provide the needed backports for 6.1.y and 6.6.y and 6.7.y?
> >> > Sure, I will do that.
> >> > Thanks!
> >> I have sent ksmbd backport patches for 5.15, 6.1, 6.6, 6.7 kernel.
> >> Could you please check them ?
> >
> > Give us a chance, we just released kernels a few hours ago and couldn't
> > do anything until that happened...
> Okay, I would really appreciate it if you could apply them into the
> next version!

All now queued up, thanks.

greg k-h

Re: [PATCH 5.15.y 00/11] ksmbd: backport patches from 6.8-rc1

[Namjae Jeon]

2024-01-27 9:43 GMT+09:00, Greg KH <gregkh@linuxfoundation.org>:
> On Fri, Jan 26, 2024 at 10:59:17AM +0900, Namjae Jeon wrote:
>> 2024-01-26 10:36 GMT+09:00, Greg KH <gregkh@linuxfoundation.org>:
>> > On Fri, Jan 26, 2024 at 10:25:36AM +0900, Namjae Jeon wrote:
>> >> 2024-01-23 8:28 GMT+09:00, Namjae Jeon <linkinjeon@kernel.org>:
>> >> > 2024-01-23 0:03 GMT+09:00, Greg KH <gregkh@linuxfoundation.org>:
>> >> >> On Sun, Jan 21, 2024 at 11:30:27PM +0900, Namjae Jeon wrote:
>> >> >>> This patchset is backport patches from 6.8-rc1.
>> >> >>
>> >> >> Nice, but we obviously can not take patches only to 5.15.y as that
>> >> >> would
>> >> >> be a regression when people upgrade to a newer kernel.  Can you
>> >> >> also
>> >> >> provide the needed backports for 6.1.y and 6.6.y and 6.7.y?
>> >> > Sure, I will do that.
>> >> > Thanks!
>> >> I have sent ksmbd backport patches for 5.15, 6.1, 6.6, 6.7 kernel.
>> >> Could you please check them ?
>> >
>> > Give us a chance, we just released kernels a few hours ago and couldn't
>> > do anything until that happened...
>> Okay, I would really appreciate it if you could apply them into the
>> next version!
>
> All now queued up, thanks.
Thanks a lot!
>
> greg k-h
>