5 cifs/smb3 fixes, 3 for stable, including an important ACL fix and security signature fix

-----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmBWHtgACgkQiiy9cAdy T1HRZAv/Z3bxnkLLU/mIHHpaa7VpeB1gsF2dzWy1laF6NQ4hnlPKnTG4didlBvxz E/ekEsxiDx/OYik0/RJnI1VJf/7EJ9VdfNeQmRZHeGMAjLLAxKQeXpIek/XidVfT QQUjneJQBDglzlV/flzxqMAqq+v9fhlRzEq10YuGgMvRSlCXHn8O9lrHEYSQxXFf AehAoaDqRPht+PkDAcAjC90m1rE8zYaxIgwWeeXcKqVuXyxCf+1bWZJuLfNOJ3qY OXSK4YiAWWcW4MhhmLAGnDOqJZ9mGdAw5YPiIv60t9SF5bpvEmmuNv6ApeljzmAd Z2G7Ygr2vXyI+btB6om9gtBfG+1c0jqb8JzK/pGN7w7srIyFtHuUp3OX4Alp59y/ 2kAcW9cV1NYlKvP+0QAnZNqk7J90LmIAo5Dft9fb9PTc5CCmU9R2T6AuYQ+WTV/3 vkUd5gAJDUCarhn+uWQdmJvNuoS7eueht6F/dX+8pZ9t2gGzGerGY5O2+82ByPBn BanDlHwh =h/5R -----END PGP SIGNATURE----- Merge tag '5.12-rc3-smb3' of git://git.samba.org/sfrench/cifs-2.6 Pull cifs fixes from Steve French: "Five cifs/smb3 fixes - three for stable, including an important ACL fix and security signature fix" * tag '5.12-rc3-smb3' of git://git.samba.org/sfrench/cifs-2.6: cifs: fix allocation size on newly created files cifs: warn and fail if trying to use rootfs without the config option fs/cifs/: fix misspellings using codespell tool cifs: Fix preauth hash corruption cifs: update new ACE pointer after populate_new_aces.
2024-11-11 21:38:32 +08:00 · 2021-03-20 11:00:25 -07:00 · 2021-03-20 11:00:25 -07:00 · bfdc4aa9e9
commit bfdc4aa9e9
parent af97713dff 65af8f0166
5 changed files with 26 additions and 8 deletions
--- a/fs/cifs/cifs_swn.c
+++ b/fs/cifs/cifs_swn.c
@ -248,7 +248,7 @@ nlmsg_fail:

 /*
 * Try to find a matching registration for the tcon's server name and share name.
- * Calls to this funciton must be protected by cifs_swnreg_idr_mutex.
+ * Calls to this function must be protected by cifs_swnreg_idr_mutex.
 * TODO Try to avoid memory allocations
 */
 static struct cifs_swn_reg *cifs_find_swn_reg(struct cifs_tcon *tcon)
--- a/fs/cifs/cifsacl.c
+++ b/fs/cifs/cifsacl.c
@ -1118,7 +1118,6 @@ static int set_chmod_dacl(struct cifs_acl *pdacl, struct cifs_acl *pndacl,
 	/* Retain old ACEs which we can retain */
 	for (i = 0; i < src_num_aces; ++i) {
 		pntace = (struct cifs_ace *) (acl_base + size);
-		pnntace = (struct cifs_ace *) (nacl_base + nsize);

 		if (!new_aces_set && (pntace->flags & INHERITED_ACE)) {
 			/* Place the new ACEs in between existing explicit and inherited */
@ -1131,14 +1130,18 @@ static int set_chmod_dacl(struct cifs_acl *pdacl, struct cifs_acl *pndacl,
 		}

 		/* If it's any one of the ACE we're replacing, skip! */
-		if ((compare_sids(&pntace->sid, &sid_unix_NFS_mode) == 0) ||
+		if (!mode_from_sid &&
+				((compare_sids(&pntace->sid, &sid_unix_NFS_mode) == 0) ||
 				(compare_sids(&pntace->sid, pownersid) == 0) ||
 				(compare_sids(&pntace->sid, pgrpsid) == 0) ||
 				(compare_sids(&pntace->sid, &sid_everyone) == 0) ||
-				(compare_sids(&pntace->sid, &sid_authusers) == 0)) {
+				(compare_sids(&pntace->sid, &sid_authusers) == 0))) {
 			goto next_ace;
 		}

+		/* update the pointer to the next ACE to populate*/
+		pnntace = (struct cifs_ace *) (nacl_base + nsize);
+
 		nsize += cifs_copy_ace(pnntace, pntace, NULL);
 		num_aces++;

--- a/fs/cifs/fs_context.c
+++ b/fs/cifs/fs_context.c
@ -1196,9 +1196,11 @@ static int smb3_fs_context_parse_param(struct fs_context *fc,
 		pr_warn_once("Witness protocol support is experimental\n");
 		break;
 	case Opt_rootfs:
-#ifdef CONFIG_CIFS_ROOT
-		ctx->rootfs = true;
+#ifndef CONFIG_CIFS_ROOT
+		cifs_dbg(VFS, "rootfs support requires CONFIG_CIFS_ROOT config option\n");
+		goto cifs_parse_mount_err;
 #endif
+		ctx->rootfs = true;
 		break;
 	case Opt_posixpaths:
 		if (result.negated)
--- a/fs/cifs/inode.c
+++ b/fs/cifs/inode.c
@ -2395,7 +2395,7 @@ int cifs_getattr(struct user_namespace *mnt_userns, const struct path *path,
 	 * We need to be sure that all dirty pages are written and the server
 	 * has actual ctime, mtime and file length.
 	 */
-	if ((request_mask & (STATX_CTIME | STATX_MTIME | STATX_SIZE)) &&
+	if ((request_mask & (STATX_CTIME | STATX_MTIME | STATX_SIZE | STATX_BLOCKS)) &&
 	    !CIFS_CACHE_READ(CIFS_I(inode)) &&
 	    inode->i_mapping && inode->i_mapping->nrpages != 0) {
 		rc = filemap_fdatawait(inode->i_mapping);
@ -2585,6 +2585,14 @@ set_size_out:
 	if (rc == 0) {
 		cifsInode->server_eof = attrs->ia_size;
 		cifs_setsize(inode, attrs->ia_size);
+		/*
+		 * i_blocks is not related to (i_size / i_blksize), but instead
+		 * 512 byte (2**9) size is required for calculating num blocks.
+		 * Until we can query the server for actual allocation size,
+		 * this is best estimate we have for blocks allocated for a file
+		 * Number of blocks must be rounded up so size 1 is not 0 blocks
+		 */
+		inode->i_blocks = (512 - 1 + attrs->ia_size) >> 9;

 		/*
 		 * The man page of truncate says if the size changed,
--- a/fs/cifs/transport.c
+++ b/fs/cifs/transport.c
@ -1196,9 +1196,12 @@ compound_send_recv(const unsigned int xid, struct cifs_ses *ses,
 	/*
 	 * Compounding is never used during session establish.
 	 */
-	if ((ses->status == CifsNew) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP))
+	if ((ses->status == CifsNew) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) {
+		mutex_lock(&server->srv_mutex);
 		smb311_update_preauth_hash(ses, rqst[0].rq_iov,
 					   rqst[0].rq_nvec);
+		mutex_unlock(&server->srv_mutex);
+	}

 	for (i = 0; i < num_rqst; i++) {
 		rc = wait_for_response(server, midQ[i]);
@ -1266,7 +1269,9 @@ compound_send_recv(const unsigned int xid, struct cifs_ses *ses,
 			.iov_base = resp_iov[0].iov_base,
 			.iov_len = resp_iov[0].iov_len
 		};
+		mutex_lock(&server->srv_mutex);
 		smb311_update_preauth_hash(ses, &iov, 1);
+		mutex_unlock(&server->srv_mutex);
 	}

 out: