From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev,
"Kris Karas (Bug Reporting)" <bugs-a21@moonlit-rail.com>,
"Paulo Alcantara (Red Hat)" <pc@manguebit.org>,
David Howells <dhowells@redhat.com>,
linux-cifs@vger.kernel.org, Steve French <stfrench@microsoft.com>
Subject: [PATCH 7.0 22/42] smb: client: fix dir separator in SMB1 UNIX mounts
Date: Fri, 24 Apr 2026 15:30:47 +0200 [thread overview]
Message-ID: <20260424132425.073615531@linuxfoundation.org> (raw)
In-Reply-To: <20260424132420.410310336@linuxfoundation.org>
7.0-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paulo Alcantara <pc@manguebit.org>
commit c4d3fc5844d685441befd0caaab648321013cdfd upstream.
When calling cifs_mount_get_tcon() with SMB1 UNIX mounts,
@cifs_sb->mnt_cifs_flags needs to be read or updated only after
calling reset_cifs_unix_caps(), otherwise it might end up with missing
CIFS_MOUNT_POSIXACL and CIFS_MOUNT_POSIX_PATHS bits.
This fixes the wrong dir separator used in paths caused by the missing
CIFS_MOUNT_POSIX_PATHS bit in cifs_sb_info::mnt_cifs_flags.
Reported-by: "Kris Karas (Bug Reporting)" <bugs-a21@moonlit-rail.com>
Closes: https://lore.kernel.org/r/f758f4ff-4d54-4244-931d-38f469c3ff14@moonlit-rail.com
Fixes: 4fc3a433c139 ("smb: client: use atomic_t for mnt_cifs_flags")
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
Cc: David Howells <dhowells@redhat.com>
Cc: linux-cifs@vger.kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/smb/client/connect.c | 10 +++++-----
fs/smb/client/smb1ops.c | 19 ++++++++-----------
2 files changed, 13 insertions(+), 16 deletions(-)
--- a/fs/smb/client/connect.c
+++ b/fs/smb/client/connect.c
@@ -3610,7 +3610,6 @@ int cifs_mount_get_tcon(struct cifs_moun
server = mnt_ctx->server;
ctx = mnt_ctx->fs_ctx;
cifs_sb = mnt_ctx->cifs_sb;
- sbflags = cifs_sb_flags(cifs_sb);
/* search for existing tcon to this server share */
tcon = cifs_get_tcon(mnt_ctx->ses, ctx);
@@ -3625,9 +3624,10 @@ int cifs_mount_get_tcon(struct cifs_moun
* path (i.e., do not remap / and \ and do not map any special characters)
*/
if (tcon->posix_extensions) {
- sbflags |= CIFS_MOUNT_POSIX_PATHS;
- sbflags &= ~(CIFS_MOUNT_MAP_SFM_CHR |
- CIFS_MOUNT_MAP_SPECIAL_CHR);
+ atomic_or(CIFS_MOUNT_POSIX_PATHS, &cifs_sb->mnt_cifs_flags);
+ atomic_andnot(CIFS_MOUNT_MAP_SFM_CHR |
+ CIFS_MOUNT_MAP_SPECIAL_CHR,
+ &cifs_sb->mnt_cifs_flags);
}
#ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY
@@ -3651,6 +3651,7 @@ int cifs_mount_get_tcon(struct cifs_moun
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
tcon->unix_ext = 0; /* server does not support them */
+ sbflags = cifs_sb_flags(cifs_sb);
/* do not care if a following call succeed - informational */
if (!tcon->pipe && server->ops->qfs_tcon) {
server->ops->qfs_tcon(mnt_ctx->xid, tcon, cifs_sb);
@@ -3675,7 +3676,6 @@ int cifs_mount_get_tcon(struct cifs_moun
out:
mnt_ctx->tcon = tcon;
- atomic_set(&cifs_sb->mnt_cifs_flags, sbflags);
return rc;
}
--- a/fs/smb/client/smb1ops.c
+++ b/fs/smb/client/smb1ops.c
@@ -49,7 +49,6 @@ void reset_cifs_unix_caps(unsigned int x
if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
__u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
- unsigned int sbflags;
cifs_dbg(FYI, "unix caps which server supports %lld\n", cap);
/*
@@ -76,29 +75,27 @@ void reset_cifs_unix_caps(unsigned int x
if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)
cifs_dbg(VFS, "per-share encryption not supported yet\n");
- if (cifs_sb)
- sbflags = cifs_sb_flags(cifs_sb);
-
cap &= CIFS_UNIX_CAP_MASK;
if (ctx && ctx->no_psx_acl)
cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
cifs_dbg(FYI, "negotiated posix acl support\n");
- if (cifs_sb)
- sbflags |= CIFS_MOUNT_POSIXACL;
+ if (cifs_sb) {
+ atomic_or(CIFS_MOUNT_POSIXACL,
+ &cifs_sb->mnt_cifs_flags);
+ }
}
if (ctx && ctx->posix_paths == 0)
cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
cifs_dbg(FYI, "negotiate posix pathnames\n");
- if (cifs_sb)
- sbflags |= CIFS_MOUNT_POSIX_PATHS;
+ if (cifs_sb) {
+ atomic_or(CIFS_MOUNT_POSIX_PATHS,
+ &cifs_sb->mnt_cifs_flags);
+ }
}
- if (cifs_sb)
- atomic_set(&cifs_sb->mnt_cifs_flags, sbflags);
-
cifs_dbg(FYI, "Negotiate caps 0x%x\n", (int)cap);
#ifdef CONFIG_CIFS_DEBUG2
if (cap & CIFS_UNIX_FCNTL_CAP)
next prev parent reply other threads:[~2026-04-24 13:32 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-24 13:30 [PATCH 7.0 00/42] 7.0.2-rc1 review Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 01/42] crypto: authencesn - Fix src offset when decrypting in-place Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 02/42] pwm: th1520: fix `CLIPPY=1` warning Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 03/42] drm/amdgpu: replace PASID IDR with XArray Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 04/42] crypto: krb5enc - fix sleepable flag handling in encrypt dispatch Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 05/42] crypto: krb5enc - fix async decrypt skipping hash verification Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 06/42] ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 07/42] ksmbd: validate owner of durable handle on reconnect Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 08/42] scripts: generate_rust_analyzer.py: define scripts Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 09/42] scripts/dtc: Remove unused dts_version in dtc-lexer.l Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 10/42] fs/ntfs3: validate rec->used in journal-replay file record check Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 11/42] f2fs: fix to do sanity check on dcc->discard_cmd_cnt conditionally Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 12/42] f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io() Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 13/42] f2fs: fix to avoid memory leak in f2fs_rename() Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 14/42] f2fs: fix to avoid uninit-value access in f2fs_sanity_check_node_footer Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 15/42] fuse: reject oversized dirents in page cache Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 16/42] fuse: abort on fatal signal during sync init Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 17/42] fuse: Check for large folio with SPLICE_F_MOVE Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 18/42] fuse: quiet down complaints in fuse_conn_limit_write Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 19/42] fuse: fuse_dev_ioctl_clone() should wait for device file to be initialized Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 20/42] ksmbd: require minimum ACE size in smb_check_perm_dacl() Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 21/42] smb: server: fix active_num_conn leak on transport allocation failure Greg Kroah-Hartman
2026-04-24 13:30 ` Greg Kroah-Hartman [this message]
2026-04-24 13:30 ` [PATCH 7.0 23/42] smb: server: fix max_connections off-by-one in tcp accept path Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 24/42] smb: client: require a full NFS mode SID before reading mode bits Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 25/42] smb: client: validate the whole DACL before rewriting it in cifsacl Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 26/42] smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 27/42] ksmbd: validate response sizes in ipc_validate_msg() Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 28/42] ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl() Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 29/42] ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 30/42] ksmbd: use check_add_overflow() to prevent u16 DACL size overflow Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 31/42] ksmbd: reset rcount per connection in ksmbd_conn_wait_idle_sess_id() Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 32/42] writeback: Fix use after free in inode_switch_wbs_work_fn() Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 33/42] f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io() Greg Kroah-Hartman
2026-04-24 13:30 ` [PATCH 7.0 34/42] ALSA: usb-audio: apply quirk for MOONDROP JU Jiu Greg Kroah-Hartman
2026-04-24 13:31 ` [PATCH 7.0 35/42] ALSA: hda/realtek: Add quirk for Legion S7 15IMH Greg Kroah-Hartman
2026-04-24 13:31 ` [PATCH 7.0 36/42] ALSA: caiaq: take a reference on the USB device in create_card() Greg Kroah-Hartman
2026-04-24 13:31 ` [PATCH 7.0 37/42] net/packet: fix TOCTOU race on mmapd vnet_hdr in tpacket_snd() Greg Kroah-Hartman
2026-04-24 13:31 ` [PATCH 7.0 38/42] crypto: ccp: Dont attempt to copy CSR to userspace if PSP command failed Greg Kroah-Hartman
2026-04-24 13:31 ` [PATCH 7.0 39/42] crypto: ccp: Dont attempt to copy PDH cert " Greg Kroah-Hartman
2026-04-24 13:31 ` [PATCH 7.0 40/42] crypto: ccp: Dont attempt to copy ID " Greg Kroah-Hartman
2026-04-24 13:31 ` [PATCH 7.0 41/42] rxrpc: Fix missing validation of ticket length in non-XDR key preparsing Greg Kroah-Hartman
2026-04-24 13:31 ` [PATCH 7.0 42/42] mshv_vtl: Fix vmemmap_shift exceeding MAX_FOLIO_ORDER Greg Kroah-Hartman
2026-04-24 14:09 ` [PATCH 7.0 00/42] 7.0.2-rc1 review Ronald Warsow
2026-04-24 16:19 ` Takeshi Ogasawara
2026-04-24 21:04 ` Florian Fainelli
2026-04-24 21:22 ` Mark Brown
2026-04-24 22:16 ` Peter Schneider
2026-04-24 22:22 ` Shuah Khan
2026-04-25 7:33 ` Brett A C Sheffield
2026-04-25 11:49 ` Miguel Ojeda
2026-04-25 22:19 ` Dileep malepu
2026-04-26 6:58 ` Barry K. Nathan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260424132425.073615531@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bugs-a21@moonlit-rail.com \
--cc=dhowells@redhat.com \
--cc=linux-cifs@vger.kernel.org \
--cc=patches@lists.linux.dev \
--cc=pc@manguebit.org \
--cc=stable@vger.kernel.org \
--cc=stfrench@microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox