From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-qt1-f177.google.com (mail-qt1-f177.google.com [209.85.160.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 232471A01BE for ; Wed, 15 Apr 2026 02:35:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.177 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776220539; cv=none; b=Dx2nwCrPwaZHmV3zO7a3SBZI4dqSmVVCP2LtmQ2elZu+my2BZFijNJSGizQYdu29JksoK3hXg3ryRZKsGyE6XITvrkSi0jsOS3Lqi6ZYGRQRfZykREIi1ztACN0msg26uo3Vo9Y2mbqCa4JmNfjBpiyM0ugQEuqKKnCdD7OEQO4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776220539; c=relaxed/simple; bh=N7nd/B1pYZ752n6f4YzwrOygZLD87ZZMTZQ8yqMGFMU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PRBYG8DUh6E91TjBIdAIhpq20luV052N8n8E/MNWwIOdONp8ULFCaZM1/rZ0l5JxEiFcOki0PTAs5BomXV/0SHtbYyaXENJN9Pw3KxAyS+P9Giwd6DUljDbLHW9CDBd7pyyCB2E+Jl9foT49HsUdDbY55WY+gRhoITrCVRAQnPg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=QxQFlZoR; arc=none smtp.client-ip=209.85.160.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="QxQFlZoR" Received: by mail-qt1-f177.google.com with SMTP id d75a77b69052e-50b2ebca625so55341131cf.0 for ; Tue, 14 Apr 2026 19:35:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776220537; x=1776825337; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mxRyy2kZK3WlZTfAxVXCb9nX2k5y4s491rvePkeOc2c=; b=QxQFlZoRzLOGo7XEGFiTuu3ynPzC/dTjnOrTVpiFA3rXz6E+98yyKs2KbcjcKKs0/h 9VVZsEQRpI/t1hUX416raV4knVLK4qEPTZ55ME0QWU1iTcJmLS/sG8OtzCn3mdhl1gtw XGf+GVRFcUfa47a81CtpgUUcy5xhBI+Adi8Z7G+s2cQnFbOzVji2JUY54Lw5y93mtoL2 iQVkkzY6z0JDEXyoAb3DlFgoSeKJTwZHU7MmFAhnsL9eSSYRzQ5JCcoRALACdx7c01PY 60syfQudK0MXpnYoqCJC0XoJ+RyQqkI5mdbARMCINmPx1wjBO7lJHxmHp97byldGUpvD +Wcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776220537; x=1776825337; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=mxRyy2kZK3WlZTfAxVXCb9nX2k5y4s491rvePkeOc2c=; b=AXnChnO+nToQMwBHePyTVw/u0Radlxng9mWDjAk/HaoQ6LyukFwFzDq2B806GUY7WP ei3Iab9iegrof4VtQebY7qoPMThV/9ZoaQnRZEvvBMO0EaSRGLslJ+HMiGqy+Nzi2eeE k7p2TpxhC583C72o0wwDt7q/TDeFe9eWo1LZZuL5FYDgsaVlfKUUVW9sYqDir8C5+Gr3 TaalGLMaumcB+U/BmydOJtBsHmShF4vSGu7+P/VgHTeWmTWJIM4IeWu/C3yexCIrwOfn qRf4ix64xXhFqoGkKSV34iS060ldcDwuIVKxKRsTcoSw5UeppqtsXumYmm0Pw9Rp5LDA T3Lw== X-Forwarded-Encrypted: i=1; AFNElJ8aGpRXf8j0u0rqrIWgrt9Tku+nJorasZz1swS9jpl7cwOcP2mNeeI21Pwe3gHS70CsW0xvRI4=@vger.kernel.org X-Gm-Message-State: AOJu0YzHMOlwmzwNI6ZPvFrlbBii3xYqezM32KV6cD3wHD6n8FQXjQw2 c5NM+fs+tywJYOUNrelKvh29E8NatBs59tKnRycdmCbpCqRUOxnbYeKv X-Gm-Gg: AeBDietqxSVvMAgMvZQ7g3K5EvzztNaYIiWhO+K4umpxTgmAyqf1v9Ka1+DtYD+6z7x mPONN4Dg7l12ZKv03Td4bt4m3SekfAICEaFA4WpwQXCmKDAO9jzeGvNU2RWeEbGoAoHcp/TLE4i VygmQ1q1nXMcmt/Bh3VZwOnWuXHIjkNiikhM6h0bfkBlWloYUcpwMUljn8qjxhwez+SCW4Bnsut IFrKdeqASbTGG/bsiQgOvQnrufryRoO4PC7VfKzSB/i9aDYKnuQNUOt+k6mcWEHmy7Ra74hz5SA Hj09h0uyo/EG5npwCGsD8eDX+jDdkteDNKvpkpCoQIqCpTZx5dbaTj1s8uqVTEiIFKdAhzJedfS w3sL8y/jXRGwVP0gXdVdYMMgTh0kyBviM7iwhfJXWQEzov1AgbMyBvCB3D0J1vBS1FIP4FOL0mw QBgcGnR8j1M+JjaNbn3BZmgcW3m2Tj/DmaM0kqxTBDwIkVxvy4ZVOG3P+XWOZnIzUpWR3xN/+6W 3K7W2lsLoMzEbOchLXeWRFpyYwnRgCFO052wAxcxA== X-Received: by 2002:ac8:7c4e:0:b0:50d:5b0e:1ff2 with SMTP id d75a77b69052e-50dd6bb6139mr240699491cf.22.1776220537078; Tue, 14 Apr 2026 19:35:37 -0700 (PDT) Received: from server0 (c-68-48-65-54.hsd1.mi.comcast.net. [68.48.65.54]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-50e1afdd385sm3024161cf.25.2026.04.14.19.35.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Apr 2026 19:35:36 -0700 (PDT) From: Michael Bommarito To: Namjae Jeon Cc: linux-cifs@vger.kernel.org, Steve French , Sergey Senozhatsky , Tom Talpey , stable@vger.kernel.org Subject: Re: [PATCH 2/3] ksmbd: reject negative ngroups in ksmbd_alloc_user() Date: Tue, 14 Apr 2026 22:35:31 -0400 Message-ID: <20260415023531.2659989-1-michael.bommarito@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: <20260414191533.1467353-1-michael.bommarito@gmail.com> <20260414191533.1467353-3-michael.bommarito@gmail.com> Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit On Wed, Apr 15, 2026 at 11:05:45AM +0900, Namjae Jeon wrote: > With the previous patch ("ksmbd: cap response sizes in > ipc_validate_msg()"), negative ngroups is now rejected early in IPC > validation. > However, ksmbd_alloc_user() still needs an explicit negative check ? Yup, good point. I originally wrote the tests and fixes independently and missed the overlap, so if you accept the cap in patch 1, then we can skip it. Two Qs: 1. Should I add a comment in case someone refactors the flow to emphasize that a check would be needed here if not covered earlier? 2. Do you want me to fold this into 1/3 above? Thanks, Mike