mirror of
git://git.yoctoproject.org/linux-yocto.git
synced 2025-10-22 15:03:53 +02:00
three ksmbd server fixes
-----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmeRfHwACgkQiiy9cAdy T1GD0Qv/WGSmbVNn5S//zslAomMXzI1cuklBVek2wTm+PU8TQT4P5heF1Nn1CLGR 2ejIDr0YgZtYf07qHC6jXkvUhfuqRo7VUNfqKvCOhCMGxqNDPmfgMUCmDHP2Wkw5 dzabYjd37R7ljrTylrcUCZHU9nJQnm8ttttAyRcmKENxgqmHAAgSKYY9TuwzLAeg 58DWPAZewqllYynTEdT/ayWfS5vl+l2nl578ApgLPTRKmYaOepFITYFmNg9iDgVy jGKjydeHFBR5FDMg+EKtWa2o0rR0N5Y0v/2bXgx58kbI4ovKejG1Os7RywdCLmkX z4RyIzE7v1I4i/3bBfVYbpErfpiXjGoVLMAEDCE+a64RY2WEedqhX4Rfn02jmEdP CW7wtuQJeIc40bH2eCxJqLm77FQViBH9M3IJ1O5ypXLTzdzZ9FDClQv+TccPMZu/ rBYfYh5CGjSBpe5u5jYBsxqXcTRXGbNwn7XvrCzsxKKuTFHql+s3RO9NcPfRPQBA boVIsw1p =v8+6 -----END PGP SIGNATURE----- Merge tag 'v6.14-rc-ksmbd-server-fixes' of git://git.samba.org/ksmbd Pull smb server updates from Steve French: "Three ksmbd server fixes: - Fix potential memory corruption in IPC calls - Support FSCTL_QUERY_INTERFACE_INFO for more configurations - Remove some unused functions" * tag 'v6.14-rc-ksmbd-server-fixes' of git://git.samba.org/ksmbd: ksmbd: fix integer overflows on 32 bit systems ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL ksmbd: Remove unused functions
This commit is contained in:
Linus Torvalds
commit
e814f3fd16
|
|
@ -111,7 +111,8 @@ struct ksmbd_startup_request {
|
|||
__u32 smb2_max_credits; /* MAX credits */
|
||||
__u32 smbd_max_io_size; /* smbd read write size */
|
||||
__u32 max_connections; /* Number of maximum simultaneous connections */
|
||||
__u32 reserved[126]; /* Reserved room */
|
||||
__s8 bind_interfaces_only;
|
||||
__s8 reserved[503]; /* Reserved room */
|
||||
__u32 ifc_list_sz; /* interfaces list size */
|
||||
__s8 ____payload[];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -46,6 +46,7 @@ struct ksmbd_server_config {
|
|||
|
||||
char *conf[SERVER_CONF_WORK_GROUP + 1];
|
||||
struct task_struct *dh_task;
|
||||
bool bind_interfaces_only;
|
||||
};
|
||||
|
||||
extern struct ksmbd_server_config server_conf;
|
||||
|
|
|
|||
|
|
@ -38,6 +38,7 @@
|
|||
#include "mgmt/user_session.h"
|
||||
#include "mgmt/ksmbd_ida.h"
|
||||
#include "ndr.h"
|
||||
#include "transport_tcp.h"
|
||||
|
||||
static void __wbuf(struct ksmbd_work *work, void **req, void **rsp)
|
||||
{
|
||||
|
|
@ -7759,6 +7760,9 @@ static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn,
|
|||
if (netdev->type == ARPHRD_LOOPBACK)
|
||||
continue;
|
||||
|
||||
if (!ksmbd_find_netdev_name_iface_list(netdev->name))
|
||||
continue;
|
||||
|
||||
flags = dev_get_flags(netdev);
|
||||
if (!(flags & IFF_RUNNING))
|
||||
continue;
|
||||
|
|
|
|||
|
|
@ -333,6 +333,7 @@ static int ipc_server_config_on_startup(struct ksmbd_startup_request *req)
|
|||
ret = ksmbd_set_netbios_name(req->netbios_name);
|
||||
ret |= ksmbd_set_server_string(req->server_string);
|
||||
ret |= ksmbd_set_work_group(req->work_group);
|
||||
server_conf.bind_interfaces_only = req->bind_interfaces_only;
|
||||
ret |= ksmbd_tcp_set_interfaces(KSMBD_STARTUP_CONFIG_INTERFACES(req),
|
||||
req->ifc_list_sz);
|
||||
if (ret) {
|
||||
|
|
@ -626,6 +627,9 @@ ksmbd_ipc_spnego_authen_request(const char *spnego_blob, int blob_len)
|
|||
struct ksmbd_spnego_authen_request *req;
|
||||
struct ksmbd_spnego_authen_response *resp;
|
||||
|
||||
if (blob_len > KSMBD_IPC_MAX_PAYLOAD)
|
||||
return NULL;
|
||||
|
||||
msg = ipc_msg_alloc(sizeof(struct ksmbd_spnego_authen_request) +
|
||||
blob_len + 1);
|
||||
if (!msg)
|
||||
|
|
@ -805,6 +809,9 @@ struct ksmbd_rpc_command *ksmbd_rpc_write(struct ksmbd_session *sess, int handle
|
|||
struct ksmbd_rpc_command *req;
|
||||
struct ksmbd_rpc_command *resp;
|
||||
|
||||
if (payload_sz > KSMBD_IPC_MAX_PAYLOAD)
|
||||
return NULL;
|
||||
|
||||
msg = ipc_msg_alloc(sizeof(struct ksmbd_rpc_command) + payload_sz + 1);
|
||||
if (!msg)
|
||||
return NULL;
|
||||
|
|
@ -853,6 +860,9 @@ struct ksmbd_rpc_command *ksmbd_rpc_ioctl(struct ksmbd_session *sess, int handle
|
|||
struct ksmbd_rpc_command *req;
|
||||
struct ksmbd_rpc_command *resp;
|
||||
|
||||
if (payload_sz > KSMBD_IPC_MAX_PAYLOAD)
|
||||
return NULL;
|
||||
|
||||
msg = ipc_msg_alloc(sizeof(struct ksmbd_rpc_command) + payload_sz + 1);
|
||||
if (!msg)
|
||||
return NULL;
|
||||
|
|
@ -871,31 +881,6 @@ struct ksmbd_rpc_command *ksmbd_rpc_ioctl(struct ksmbd_session *sess, int handle
|
|||
return resp;
|
||||
}
|
||||
|
||||
struct ksmbd_rpc_command *ksmbd_rpc_rap(struct ksmbd_session *sess, void *payload,
|
||||
size_t payload_sz)
|
||||
{
|
||||
struct ksmbd_ipc_msg *msg;
|
||||
struct ksmbd_rpc_command *req;
|
||||
struct ksmbd_rpc_command *resp;
|
||||
|
||||
msg = ipc_msg_alloc(sizeof(struct ksmbd_rpc_command) + payload_sz + 1);
|
||||
if (!msg)
|
||||
return NULL;
|
||||
|
||||
msg->type = KSMBD_EVENT_RPC_REQUEST;
|
||||
req = (struct ksmbd_rpc_command *)msg->payload;
|
||||
req->handle = ksmbd_acquire_id(&ipc_ida);
|
||||
req->flags = rpc_context_flags(sess);
|
||||
req->flags |= KSMBD_RPC_RAP_METHOD;
|
||||
req->payload_sz = payload_sz;
|
||||
memcpy(req->payload, payload, payload_sz);
|
||||
|
||||
resp = ipc_msg_send_request(msg, req->handle);
|
||||
ipc_msg_handle_free(req->handle);
|
||||
ipc_msg_free(msg);
|
||||
return resp;
|
||||
}
|
||||
|
||||
static int __ipc_heartbeat(void)
|
||||
{
|
||||
unsigned long delta;
|
||||
|
|
|
|||
|
|
@ -41,8 +41,6 @@ struct ksmbd_rpc_command *ksmbd_rpc_write(struct ksmbd_session *sess, int handle
|
|||
struct ksmbd_rpc_command *ksmbd_rpc_read(struct ksmbd_session *sess, int handle);
|
||||
struct ksmbd_rpc_command *ksmbd_rpc_ioctl(struct ksmbd_session *sess, int handle,
|
||||
void *payload, size_t payload_sz);
|
||||
struct ksmbd_rpc_command *ksmbd_rpc_rap(struct ksmbd_session *sess, void *payload,
|
||||
size_t payload_sz);
|
||||
void ksmbd_ipc_release(void);
|
||||
void ksmbd_ipc_soft_reset(void);
|
||||
int ksmbd_ipc_init(void);
|
||||
|
|
|
|||
|
|
@ -504,32 +504,37 @@ out_clear:
|
|||
return ret;
|
||||
}
|
||||
|
||||
struct interface *ksmbd_find_netdev_name_iface_list(char *netdev_name)
|
||||
{
|
||||
struct interface *iface;
|
||||
|
||||
list_for_each_entry(iface, &iface_list, entry)
|
||||
if (!strcmp(iface->name, netdev_name))
|
||||
return iface;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static int ksmbd_netdev_event(struct notifier_block *nb, unsigned long event,
|
||||
void *ptr)
|
||||
{
|
||||
struct net_device *netdev = netdev_notifier_info_to_dev(ptr);
|
||||
struct interface *iface;
|
||||
int ret, found = 0;
|
||||
int ret;
|
||||
|
||||
switch (event) {
|
||||
case NETDEV_UP:
|
||||
if (netif_is_bridge_port(netdev))
|
||||
return NOTIFY_OK;
|
||||
|
||||
list_for_each_entry(iface, &iface_list, entry) {
|
||||
if (!strcmp(iface->name, netdev->name)) {
|
||||
found = 1;
|
||||
if (iface->state != IFACE_STATE_DOWN)
|
||||
break;
|
||||
ksmbd_debug(CONN, "netdev-up event: netdev(%s) is going up\n",
|
||||
iface->name);
|
||||
ret = create_socket(iface);
|
||||
if (ret)
|
||||
return NOTIFY_OK;
|
||||
break;
|
||||
}
|
||||
iface = ksmbd_find_netdev_name_iface_list(netdev->name);
|
||||
if (iface && iface->state == IFACE_STATE_DOWN) {
|
||||
ksmbd_debug(CONN, "netdev-up event: netdev(%s) is going up\n",
|
||||
iface->name);
|
||||
ret = create_socket(iface);
|
||||
if (ret)
|
||||
return NOTIFY_OK;
|
||||
}
|
||||
if (!found && bind_additional_ifaces) {
|
||||
if (!iface && bind_additional_ifaces) {
|
||||
iface = alloc_iface(kstrdup(netdev->name, KSMBD_DEFAULT_GFP));
|
||||
if (!iface)
|
||||
return NOTIFY_OK;
|
||||
|
|
@ -541,21 +546,19 @@ static int ksmbd_netdev_event(struct notifier_block *nb, unsigned long event,
|
|||
}
|
||||
break;
|
||||
case NETDEV_DOWN:
|
||||
list_for_each_entry(iface, &iface_list, entry) {
|
||||
if (!strcmp(iface->name, netdev->name) &&
|
||||
iface->state == IFACE_STATE_CONFIGURED) {
|
||||
ksmbd_debug(CONN, "netdev-down event: netdev(%s) is going down\n",
|
||||
iface->name);
|
||||
tcp_stop_kthread(iface->ksmbd_kthread);
|
||||
iface->ksmbd_kthread = NULL;
|
||||
mutex_lock(&iface->sock_release_lock);
|
||||
tcp_destroy_socket(iface->ksmbd_socket);
|
||||
iface->ksmbd_socket = NULL;
|
||||
mutex_unlock(&iface->sock_release_lock);
|
||||
iface = ksmbd_find_netdev_name_iface_list(netdev->name);
|
||||
if (iface && iface->state == IFACE_STATE_CONFIGURED) {
|
||||
ksmbd_debug(CONN, "netdev-down event: netdev(%s) is going down\n",
|
||||
iface->name);
|
||||
tcp_stop_kthread(iface->ksmbd_kthread);
|
||||
iface->ksmbd_kthread = NULL;
|
||||
mutex_lock(&iface->sock_release_lock);
|
||||
tcp_destroy_socket(iface->ksmbd_socket);
|
||||
iface->ksmbd_socket = NULL;
|
||||
mutex_unlock(&iface->sock_release_lock);
|
||||
|
||||
iface->state = IFACE_STATE_DOWN;
|
||||
break;
|
||||
}
|
||||
iface->state = IFACE_STATE_DOWN;
|
||||
break;
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
|
@ -624,18 +627,6 @@ int ksmbd_tcp_set_interfaces(char *ifc_list, int ifc_list_sz)
|
|||
int sz = 0;
|
||||
|
||||
if (!ifc_list_sz) {
|
||||
struct net_device *netdev;
|
||||
|
||||
rtnl_lock();
|
||||
for_each_netdev(&init_net, netdev) {
|
||||
if (netif_is_bridge_port(netdev))
|
||||
continue;
|
||||
if (!alloc_iface(kstrdup(netdev->name, KSMBD_DEFAULT_GFP))) {
|
||||
rtnl_unlock();
|
||||
return -ENOMEM;
|
||||
}
|
||||
}
|
||||
rtnl_unlock();
|
||||
bind_additional_ifaces = 1;
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@
|
|||
#define __KSMBD_TRANSPORT_TCP_H__
|
||||
|
||||
int ksmbd_tcp_set_interfaces(char *ifc_list, int ifc_list_sz);
|
||||
struct interface *ksmbd_find_netdev_name_iface_list(char *netdev_name);
|
||||
int ksmbd_tcp_init(void);
|
||||
void ksmbd_tcp_destroy(void);
|
||||
|
||||
|
|
|
|||
|
|
@ -1856,13 +1856,6 @@ void ksmbd_vfs_posix_lock_wait(struct file_lock *flock)
|
|||
wait_event(flock->c.flc_wait, !flock->c.flc_blocker);
|
||||
}
|
||||
|
||||
int ksmbd_vfs_posix_lock_wait_timeout(struct file_lock *flock, long timeout)
|
||||
{
|
||||
return wait_event_interruptible_timeout(flock->c.flc_wait,
|
||||
!flock->c.flc_blocker,
|
||||
timeout);
|
||||
}
|
||||
|
||||
void ksmbd_vfs_posix_lock_unblock(struct file_lock *flock)
|
||||
{
|
||||
locks_delete_block(flock);
|
||||
|
|
|
|||
|
|
@ -140,7 +140,6 @@ int ksmbd_vfs_fill_dentry_attrs(struct ksmbd_work *work,
|
|||
struct dentry *dentry,
|
||||
struct ksmbd_kstat *ksmbd_kstat);
|
||||
void ksmbd_vfs_posix_lock_wait(struct file_lock *flock);
|
||||
int ksmbd_vfs_posix_lock_wait_timeout(struct file_lock *flock, long timeout);
|
||||
void ksmbd_vfs_posix_lock_unblock(struct file_lock *flock);
|
||||
int ksmbd_vfs_remove_acl_xattrs(struct mnt_idmap *idmap,
|
||||
const struct path *path);
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user