FAILED: patch "[PATCH] ksmbd: the buffer of smb2 query dir response has at least 1" failed to apply to 5.15-stable tree

FAILED: patch "[PATCH] ksmbd: the buffer of smb2 query dir response has at least 1" failed to apply to 5.15-stable tree

[gregkh]

The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.

To reproduce the conflict and resubmit, you may use the following commands:

git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x ce61b605a00502c59311d0a4b1f58d62b48272d0
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable@vger.kernel.org>' --in-reply-to '2024082604-depose-iphone-7d55@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..

Possible dependencies:

ce61b605a005 ("ksmbd: the buffer of smb2 query dir response has at least 1 byte")
e2b76ab8b5c9 ("ksmbd: add support for read compound")
e202a1e8634b ("ksmbd: no response from compound read")
7b7d709ef7cf ("ksmbd: add missing compound request handing in some commands")
81a94b27847f ("ksmbd: use kvzalloc instead of kvmalloc")
38c8a9a52082 ("smb: move client and server files to common directory fs/smb")
30210947a343 ("ksmbd: fix racy issue under cocurrent smb2 tree disconnect")
abcc506a9a71 ("ksmbd: fix racy issue from smb2 close and logoff with multichannel")
ea174a918939 ("ksmbd: destroy expired sessions")
f5c779b7ddbd ("ksmbd: fix racy issue from session setup and logoff")
74d7970febf7 ("ksmbd: fix racy issue from using ->d_parent and ->d_name")
34e8ccf9ce24 ("ksmbd: set NegotiateContextCount once instead of every inc")
42bc6793e452 ("Merge tag 'pull-lock_rename_child' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs into ksmbd-for-next")

thanks,

greg k-h

------------------ original commit in Linus's tree ------------------

From ce61b605a00502c59311d0a4b1f58d62b48272d0 Mon Sep 17 00:00:00 2001
From: Namjae Jeon <linkinjeon@kernel.org>
Date: Tue, 20 Aug 2024 22:07:38 +0900
Subject: [PATCH] ksmbd: the buffer of smb2 query dir response has at least 1
 byte

When STATUS_NO_MORE_FILES status is set to smb2 query dir response,
->StructureSize is set to 9, which mean buffer has 1 byte.
This issue occurs because ->Buffer[1] in smb2_query_directory_rsp to
flex-array.

Fixes: eb3e28c1e89b ("smb3: Replace smb2pdu 1-element arrays with flex-arrays")
Cc: stable@vger.kernel.org # v6.1+
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c
index 0bc9edf22ba4..e9204180919e 100644
--- a/fs/smb/server/smb2pdu.c
+++ b/fs/smb/server/smb2pdu.c
@@ -4409,7 +4409,8 @@ int smb2_query_dir(struct ksmbd_work *work)
 		rsp->OutputBufferLength = cpu_to_le32(0);
 		rsp->Buffer[0] = 0;
 		rc = ksmbd_iov_pin_rsp(work, (void *)rsp,
-				       sizeof(struct smb2_query_directory_rsp));
+				       offsetof(struct smb2_query_directory_rsp, Buffer)
+				       + 1);
 		if (rc)
 			goto err_out;
 	} else {

Re: FAILED: patch "[PATCH] ksmbd: the buffer of smb2 query dir response has at least 1" failed to apply to 5.15-stable tree

[Namjae Jeon]

On Mon, Aug 26, 2024 at 8:38 PM <gregkh@linuxfoundation.org> wrote:
>
>
> The patch below does not apply to the 5.15-stable tree.
> If someone wants it applied there, or to any other stable or longterm
> tree, then please email the backport, including the original git commit
> id to <stable@vger.kernel.org>.
As follows, I have marked stable tag(v6.1+) in patch to apply to 6.1
kernel versions or later.

 Cc: stable@vger.kernel.org # v6.1+

This patch does not need to be applied to 5.15 or 5.10.

Thanks!
>
> To reproduce the conflict and resubmit, you may use the following commands:
>
> git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
> git checkout FETCH_HEAD
> git cherry-pick -x ce61b605a00502c59311d0a4b1f58d62b48272d0
> # <resolve conflicts, build, test, etc.>
> git commit -s
> git send-email --to '<stable@vger.kernel.org>' --in-reply-to '2024082604-depose-iphone-7d55@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
>
> Possible dependencies:
>
> ce61b605a005 ("ksmbd: the buffer of smb2 query dir response has at least 1 byte")
> e2b76ab8b5c9 ("ksmbd: add support for read compound")
> e202a1e8634b ("ksmbd: no response from compound read")
> 7b7d709ef7cf ("ksmbd: add missing compound request handing in some commands")
> 81a94b27847f ("ksmbd: use kvzalloc instead of kvmalloc")
> 38c8a9a52082 ("smb: move client and server files to common directory fs/smb")
> 30210947a343 ("ksmbd: fix racy issue under cocurrent smb2 tree disconnect")
> abcc506a9a71 ("ksmbd: fix racy issue from smb2 close and logoff with multichannel")
> ea174a918939 ("ksmbd: destroy expired sessions")
> f5c779b7ddbd ("ksmbd: fix racy issue from session setup and logoff")
> 74d7970febf7 ("ksmbd: fix racy issue from using ->d_parent and ->d_name")
> 34e8ccf9ce24 ("ksmbd: set NegotiateContextCount once instead of every inc")
> 42bc6793e452 ("Merge tag 'pull-lock_rename_child' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs into ksmbd-for-next")
>
> thanks,
>
> greg k-h
>
> ------------------ original commit in Linus's tree ------------------
>
> From ce61b605a00502c59311d0a4b1f58d62b48272d0 Mon Sep 17 00:00:00 2001
> From: Namjae Jeon <linkinjeon@kernel.org>
> Date: Tue, 20 Aug 2024 22:07:38 +0900
> Subject: [PATCH] ksmbd: the buffer of smb2 query dir response has at least 1
>  byte
>
> When STATUS_NO_MORE_FILES status is set to smb2 query dir response,
> ->StructureSize is set to 9, which mean buffer has 1 byte.
> This issue occurs because ->Buffer[1] in smb2_query_directory_rsp to
> flex-array.
>
> Fixes: eb3e28c1e89b ("smb3: Replace smb2pdu 1-element arrays with flex-arrays")
> Cc: stable@vger.kernel.org # v6.1+
> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
> Signed-off-by: Steve French <stfrench@microsoft.com>
>
> diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c
> index 0bc9edf22ba4..e9204180919e 100644
> --- a/fs/smb/server/smb2pdu.c
> +++ b/fs/smb/server/smb2pdu.c
> @@ -4409,7 +4409,8 @@ int smb2_query_dir(struct ksmbd_work *work)
>                 rsp->OutputBufferLength = cpu_to_le32(0);
>                 rsp->Buffer[0] = 0;
>                 rc = ksmbd_iov_pin_rsp(work, (void *)rsp,
> -                                      sizeof(struct smb2_query_directory_rsp));
> +                                      offsetof(struct smb2_query_directory_rsp, Buffer)
> +                                      + 1);
>                 if (rc)
>                         goto err_out;
>         } else {
>

Re: FAILED: patch "[PATCH] ksmbd: the buffer of smb2 query dir response has at least 1" failed to apply to 5.15-stable tree

[Greg KH]

On Tue, Aug 27, 2024 at 11:54:56AM +0900, Namjae Jeon wrote:
> On Mon, Aug 26, 2024 at 8:38 PM <gregkh@linuxfoundation.org> wrote:
> >
> >
> > The patch below does not apply to the 5.15-stable tree.
> > If someone wants it applied there, or to any other stable or longterm
> > tree, then please email the backport, including the original git commit
> > id to <stable@vger.kernel.org>.
> As follows, I have marked stable tag(v6.1+) in patch to apply to 6.1
> kernel versions or later.
> 
>  Cc: stable@vger.kernel.org # v6.1+

Yes, but you also say:

	Fixes: eb3e28c1e89b ("smb3: Replace smb2pdu 1-element arrays with flex-arrays")

Which has been backported to the 5.10.y and 5.15.y kernel trees, so this
is why the FAILED email was triggered.

> This patch does not need to be applied to 5.15 or 5.10.

Are you sure?  If so, why is that the Fixes: tag?

thanks,

greg k-h

Re: FAILED: patch "[PATCH] ksmbd: the buffer of smb2 query dir response has at least 1" failed to apply to 5.15-stable tree

[Namjae Jeon]

On Tue, Aug 27, 2024 at 2:14 PM Greg KH <gregkh@linuxfoundation.org> wrote:
>
> On Tue, Aug 27, 2024 at 11:54:56AM +0900, Namjae Jeon wrote:
> > On Mon, Aug 26, 2024 at 8:38 PM <gregkh@linuxfoundation.org> wrote:
> > >
> > >
> > > The patch below does not apply to the 5.15-stable tree.
> > > If someone wants it applied there, or to any other stable or longterm
> > > tree, then please email the backport, including the original git commit
> > > id to <stable@vger.kernel.org>.
> > As follows, I have marked stable tag(v6.1+) in patch to apply to 6.1
> > kernel versions or later.
> >
> >  Cc: stable@vger.kernel.org # v6.1+
>
> Yes, but you also say:
>
>         Fixes: eb3e28c1e89b ("smb3: Replace smb2pdu 1-element arrays with flex-arrays")
>
> Which has been backported to the 5.10.y and 5.15.y kernel trees, so this
> is why the FAILED email was triggered.
>
> > This patch does not need to be applied to 5.15 or 5.10.
>
> Are you sure?
Yes, I have checked it.
5.10 : ksmbd is not here because it was merged into the 5.15 kernel.
5.15: smb client developer backported eb3e28c1e89b commit for only smb
client's header.
So it doesn't affect the ksmbd server.

> If so, why is that the Fixes: tag?
checkpatch.pl guide to add Fixes tag if there is a stable tag in the patch.

WARNING: The commit message has 'stable@', perhaps it also needs a 'Fixes:' tag?

In this case, I should not add fixes: tag...? I didn't know that.

Thanks.


>
> thanks,
>
> greg k-h

Re: FAILED: patch "[PATCH] ksmbd: the buffer of smb2 query dir response has at least 1" failed to apply to 5.15-stable tree

[Greg KH]

On Tue, Aug 27, 2024 at 03:45:40PM +0900, Namjae Jeon wrote:
> On Tue, Aug 27, 2024 at 2:14 PM Greg KH <gregkh@linuxfoundation.org> wrote:
> >
> > On Tue, Aug 27, 2024 at 11:54:56AM +0900, Namjae Jeon wrote:
> > > On Mon, Aug 26, 2024 at 8:38 PM <gregkh@linuxfoundation.org> wrote:
> > > >
> > > >
> > > > The patch below does not apply to the 5.15-stable tree.
> > > > If someone wants it applied there, or to any other stable or longterm
> > > > tree, then please email the backport, including the original git commit
> > > > id to <stable@vger.kernel.org>.
> > > As follows, I have marked stable tag(v6.1+) in patch to apply to 6.1
> > > kernel versions or later.
> > >
> > >  Cc: stable@vger.kernel.org # v6.1+
> >
> > Yes, but you also say:
> >
> >         Fixes: eb3e28c1e89b ("smb3: Replace smb2pdu 1-element arrays with flex-arrays")
> >
> > Which has been backported to the 5.10.y and 5.15.y kernel trees, so this
> > is why the FAILED email was triggered.
> >
> > > This patch does not need to be applied to 5.15 or 5.10.
> >
> > Are you sure?
> Yes, I have checked it.
> 5.10 : ksmbd is not here because it was merged into the 5.15 kernel.
> 5.15: smb client developer backported eb3e28c1e89b commit for only smb
> client's header.
> So it doesn't affect the ksmbd server.

Ok, thanks for looking into this.

> > If so, why is that the Fixes: tag?
> checkpatch.pl guide to add Fixes tag if there is a stable tag in the patch.
> 
> WARNING: The commit message has 'stable@', perhaps it also needs a 'Fixes:' tag?
> 
> In this case, I should not add fixes: tag...? I didn't know that.

No, it is correct to do so, smb is a bit odd in how things have been
backported recently to different kernel trees, so all is good.

Thanks!

greg k-h