korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-13 14:24:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
1617032af6
linux/fs/smb/server
History
Namjae Jeon ebdb872897 ksmbd: reduce descriptor size if remaining bytes is less than request size 
commit e628bf939a upstream.

Create 3 kinds of files to reproduce this problem.

dd if=/dev/urandom of=127k.bin bs=1024 count=127
dd if=/dev/urandom of=128k.bin bs=1024 count=128
dd if=/dev/urandom of=129k.bin bs=1024 count=129

When copying files from ksmbd share to windows or cifs.ko, The following
error message happen from windows client.

"The file '129k.bin' is too large for the destination filesystem."

We can see the error logs from ksmbd debug prints

[48394.611537] ksmbd: RDMA r/w request 0x0: token 0x669d, length 0x20000
[48394.612054] ksmbd: smb_direct: RDMA write, len 0x20000, needed credits 0x1
[48394.612572] ksmbd: filename 129k.bin, offset 131072, len 131072
[48394.614189] ksmbd: nbytes 1024, offset 132096 mincount 0
[48394.614585] ksmbd: Failed to process 8 [-22]

And we can reproduce it with cifs.ko,
e.g. dd if=129k.bin of=/dev/null bs=128KB count=2

This problem is that ksmbd rdma return error if remaining bytes is less
than Length of Buffer Descriptor V1 Structure.

smb_direct_rdma_xmit()
...
     if (desc_buf_len == 0 || total_length > buf_len ||
           total_length > t->max_rdma_rw_size)
               return -EINVAL;

This patch reduce descriptor size with remaining bytes and remove the
check for total_length and buf_len.

Cc: stable@vger.kernel.org
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-09-06 21:22:21 +01:00
..
mgmt ksmbd: remove unused ksmbd_tree_conn_share function 2023-06-26 00:07:04 -05:00
asn1.c
asn1.h
auth.c ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() 2023-09-06 21:22:21 +01:00
auth.h
connection.c ksmbd: validate smb request protocol id 2023-06-02 12:30:57 -05:00
connection.h
crypto_ctx.c
crypto_ctx.h
glob.h
Kconfig
ksmbd_netlink.h ksmbd: check if a mount point is crossed during path lookup 2023-07-23 10:25:11 -05:00
ksmbd_spnego_negtokeninit.asn1
ksmbd_spnego_negtokentarg.asn1
ksmbd_work.c
ksmbd_work.h
Makefile
misc.c
misc.h
ndr.c
ndr.h
nterr.h
ntlmssp.h
oplock.c ksmbd: fix wrong DataOffset validation of create context 2023-09-06 21:22:21 +01:00
oplock.h
server.c ksmbd: fix out of bounds in init_smb2_rsp_hdr() 2023-07-23 10:25:11 -05:00
server.h
smb2misc.c ksmbd: validate command request size 2023-08-05 20:56:54 -05:00
smb2ops.c
smb2pdu.c ksmbd: replace one-element array with flex-array member in struct smb2_ea_info 2023-09-06 21:22:21 +01:00
smb2pdu.h ksmbd: replace one-element array with flex-array member in struct smb2_ea_info 2023-09-06 21:22:21 +01:00
smb_common.c ksmbd: fix out of bounds in init_smb2_rsp_hdr() 2023-07-23 10:25:11 -05:00
smb_common.h ksmbd: fix out of bounds in init_smb2_rsp_hdr() 2023-07-23 10:25:11 -05:00
smbacl.c ksmbd: Replace the ternary conditional operator with min() 2023-06-26 00:07:04 -05:00
smbacl.h
smbfsctl.h
smbstatus.h
transport_ipc.c ksmbd: use kvzalloc instead of kvmalloc 2023-06-26 00:07:04 -05:00
transport_ipc.h
transport_rdma.c ksmbd: reduce descriptor size if remaining bytes is less than request size 2023-09-06 21:22:21 +01:00
transport_rdma.h
transport_tcp.c
transport_tcp.h
unicode.c
unicode.h
uniupr.h
vfs_cache.c ksmbd: add mnt_want_write to ksmbd vfs functions 2023-06-16 21:04:19 -05:00
vfs_cache.h
vfs.c ksmbd: check if a mount point is crossed during path lookup 2023-07-23 10:25:11 -05:00
vfs.h ksmbd: check if a mount point is crossed during path lookup 2023-07-23 10:25:11 -05:00
xattr.h