From: Li Nan linan122@huawei.com
[ Upstream commit 516b3eb8c8065f7465f87608d37a7ed08298c7a5 ]
The SMB2 Protocol requires that "The first byte of the Direct TCP transport packet header MUST be zero (0x00)"[1]. Commit 1c1bcf2d3ea0 ("ksmbd: validate smb request protocol id") removed the validation of this 1-byte zero. Add the validation back now.
[1]: [MS-SMB2] - v20230227, page 30. https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-SM...
Fixes: 1c1bcf2d3ea0 ("ksmbd: validate smb request protocol id") Signed-off-by: Li Nan linan122@huawei.com Acked-by: Tom Talpey tom@talpey.com Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com --- fs/ksmbd/smb_common.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/fs/ksmbd/smb_common.c b/fs/ksmbd/smb_common.c index d160363c09eb..e90a1e8c1951 100644 --- a/fs/ksmbd/smb_common.c +++ b/fs/ksmbd/smb_common.c @@ -158,8 +158,12 @@ int ksmbd_verify_smb_message(struct ksmbd_work *work) */ bool ksmbd_smb_request(struct ksmbd_conn *conn) { - __le32 *proto = (__le32 *)smb2_get_msg(conn->request_buf); + __le32 *proto;
+ if (conn->request_buf[0] != 0) + return false; + + proto = (__le32 *)smb2_get_msg(conn->request_buf); if (*proto == SMB2_COMPRESSION_TRANSFORM_ID) { pr_err_ratelimited("smb2 compression not support yet"); return false;
[ Upstream commit bb05367a66a9990d2c561282f5620bb1dbe40c28 ]
If file opened with v2 lease is upgraded with v1 lease, smb server should response v2 lease create context to client. This patch fix smb2.lease.v2_epoch2 test failure.
This test case assumes the following scenario: 1. smb2 create with v2 lease(R, LEASE1 key) 2. smb server return smb2 create response with v2 lease context(R, LEASE1 key, epoch + 1) 3. smb2 create with v1 lease(RH, LEASE1 key) 4. smb server return smb2 create response with v2 lease context(RH, LEASE1 key, epoch + 2)
i.e. If same client(same lease key) try to open a file that is being opened with v2 lease with v1 lease, smb server should return v2 lease.
Signed-off-by: Namjae Jeon linkinjeon@kernel.org Acked-by: Tom Talpey tom@talpey.com Signed-off-by: Steve French stfrench@microsoft.com --- fs/ksmbd/oplock.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/fs/ksmbd/oplock.c b/fs/ksmbd/oplock.c index 2da256259722..f8a2efa2dae7 100644 --- a/fs/ksmbd/oplock.c +++ b/fs/ksmbd/oplock.c @@ -1036,6 +1036,7 @@ static void copy_lease(struct oplock_info *op1, struct oplock_info *op2) lease2->duration = lease1->duration; lease2->flags = lease1->flags; lease2->epoch = lease1->epoch++; + lease2->version = lease1->version; }
static int add_lease_global_list(struct oplock_info *opinfo)
[ Upstream commit 6fc0a265e1b932e5e97a038f99e29400a93baad0 ]
smb2_set_ea() can be called in parent inode lock range. So add get_write argument to smb2_set_ea() not to call nested mnt_want_write().
Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com --- fs/ksmbd/smb2pdu.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 8875c04e8382..5975a2bc471f 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -2311,11 +2311,12 @@ static noinline int create_smb2_pipe(struct ksmbd_work *work) * @eabuf: set info command buffer * @buf_len: set info command buffer length * @path: dentry path for get ea + * @get_write: get write access to a mount * * Return: 0 on success, otherwise error */ static int smb2_set_ea(struct smb2_ea_info *eabuf, unsigned int buf_len, - const struct path *path) + const struct path *path, bool get_write) { struct user_namespace *user_ns = mnt_user_ns(path->mnt); char *attr_name = NULL, *value; @@ -3000,7 +3001,7 @@ int smb2_open(struct ksmbd_work *work)
rc = smb2_set_ea(&ea_buf->ea, le32_to_cpu(ea_buf->ccontext.DataLength), - &path); + &path, false); if (rc == -EOPNOTSUPP) rc = 0; else if (rc) @@ -5994,7 +5995,7 @@ static int smb2_set_info_file(struct ksmbd_work *work, struct ksmbd_file *fp, return -EINVAL;
return smb2_set_ea((struct smb2_ea_info *)req->Buffer, - buf_len, &fp->filp->f_path); + buf_len, &fp->filp->f_path, true); } case FILE_POSITION_INFORMATION: {
[ Upstream commit b6e9a44e99603fe10e1d78901fdd97681a539612 ]
If existing lease state and request state are same, don't increment epoch in create context.
Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com --- fs/ksmbd/oplock.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/fs/ksmbd/oplock.c b/fs/ksmbd/oplock.c index f8a2efa2dae7..d798c1d8f126 100644 --- a/fs/ksmbd/oplock.c +++ b/fs/ksmbd/oplock.c @@ -105,7 +105,7 @@ static int alloc_lease(struct oplock_info *opinfo, struct lease_ctx_info *lctx) lease->is_dir = lctx->is_dir; memcpy(lease->parent_lease_key, lctx->parent_lease_key, SMB2_LEASE_KEY_SIZE); lease->version = lctx->version; - lease->epoch = le16_to_cpu(lctx->epoch); + lease->epoch = le16_to_cpu(lctx->epoch) + 1; INIT_LIST_HEAD(&opinfo->lease_entry); opinfo->o_lease = lease;
@@ -541,6 +541,9 @@ static struct oplock_info *same_client_has_lease(struct ksmbd_inode *ci, continue; }
+ if (lctx->req_state != lease->state) + lease->epoch++; + /* upgrading lease */ if ((atomic_read(&ci->op_count) + atomic_read(&ci->sop_count)) == 1) { @@ -1035,7 +1038,7 @@ static void copy_lease(struct oplock_info *op1, struct oplock_info *op2) SMB2_LEASE_KEY_SIZE); lease2->duration = lease1->duration; lease2->flags = lease1->flags; - lease2->epoch = lease1->epoch++; + lease2->epoch = lease1->epoch; lease2->version = lease1->version; }
@@ -1448,7 +1451,7 @@ void create_lease_buf(u8 *rbuf, struct lease *lease) memcpy(buf->lcontext.LeaseKey, lease->lease_key, SMB2_LEASE_KEY_SIZE); buf->lcontext.LeaseFlags = lease->flags; - buf->lcontext.Epoch = cpu_to_le16(++lease->epoch); + buf->lcontext.Epoch = cpu_to_le16(lease->epoch); buf->lcontext.LeaseState = lease->state; memcpy(buf->lcontext.ParentLeaseKey, lease->parent_lease_key, SMB2_LEASE_KEY_SIZE);
[ Upstream commit d592a9158a112d419f341f035d18d02f8d232def ]
When file is changed using notepad on read-only share(read_only = yes in ksmbd.conf), There is a problem where existing data is truncated. notepad in windows try to O_TRUNC open(FILE_OVERWRITE_IF) and all data in file is truncated. This patch don't allow O_TRUNC open on read-only share and add KSMBD_TREE_CONN_FLAG_WRITABLE check in smb2_set_info().
Cc: stable@vger.kernel.org Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com --- fs/ksmbd/smb2pdu.c | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-)
diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 5975a2bc471f..4d6663ab3d03 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -2969,7 +2969,7 @@ int smb2_open(struct ksmbd_work *work) &may_flags);
if (!test_tree_conn_flag(tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { - if (open_flags & O_CREAT) { + if (open_flags & (O_CREAT | O_TRUNC)) { ksmbd_debug(SMB, "User does not have write permission\n"); rc = -EACCES; @@ -5946,12 +5946,6 @@ static int smb2_set_info_file(struct ksmbd_work *work, struct ksmbd_file *fp, } case FILE_RENAME_INFORMATION: { - if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { - ksmbd_debug(SMB, - "User does not have write permission\n"); - return -EACCES; - } - if (buf_len < sizeof(struct smb2_file_rename_info)) return -EINVAL;
@@ -5971,12 +5965,6 @@ static int smb2_set_info_file(struct ksmbd_work *work, struct ksmbd_file *fp, } case FILE_DISPOSITION_INFORMATION: { - if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { - ksmbd_debug(SMB, - "User does not have write permission\n"); - return -EACCES; - } - if (buf_len < sizeof(struct smb2_file_disposition_info)) return -EINVAL;
@@ -6038,7 +6026,7 @@ int smb2_set_info(struct ksmbd_work *work) { struct smb2_set_info_req *req; struct smb2_set_info_rsp *rsp; - struct ksmbd_file *fp; + struct ksmbd_file *fp = NULL; int rc = 0; unsigned int id = KSMBD_NO_FID, pid = KSMBD_NO_FID;
@@ -6058,6 +6046,13 @@ int smb2_set_info(struct ksmbd_work *work) rsp = smb2_get_msg(work->response_buf); }
+ if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { + ksmbd_debug(SMB, "User does not have write permission\n"); + pr_err("User does not have write permission\n"); + rc = -EACCES; + goto err_out; + } + if (!has_file_id(id)) { id = req->VolatileFileId; pid = req->PersistentFileId;
[ Upstream commit 3fc74c65b367476874da5fe6f633398674b78e5a ]
Send lease break notification on FILE_RENAME_INFORMATION request. This patch fix smb2.lease.v2_epoch2 test failure.
Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com --- fs/ksmbd/oplock.c | 12 +++++++----- fs/ksmbd/smb2pdu.c | 1 + 2 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/fs/ksmbd/oplock.c b/fs/ksmbd/oplock.c index d798c1d8f126..5baabcb818f0 100644 --- a/fs/ksmbd/oplock.c +++ b/fs/ksmbd/oplock.c @@ -541,14 +541,12 @@ static struct oplock_info *same_client_has_lease(struct ksmbd_inode *ci, continue; }
- if (lctx->req_state != lease->state) - lease->epoch++; - /* upgrading lease */ if ((atomic_read(&ci->op_count) + atomic_read(&ci->sop_count)) == 1) { if (lease->state != SMB2_LEASE_NONE_LE && lease->state == (lctx->req_state & lease->state)) { + lease->epoch++; lease->state |= lctx->req_state; if (lctx->req_state & SMB2_LEASE_WRITE_CACHING_LE) @@ -559,13 +557,17 @@ static struct oplock_info *same_client_has_lease(struct ksmbd_inode *ci, atomic_read(&ci->sop_count)) > 1) { if (lctx->req_state == (SMB2_LEASE_READ_CACHING_LE | - SMB2_LEASE_HANDLE_CACHING_LE)) + SMB2_LEASE_HANDLE_CACHING_LE)) { + lease->epoch++; lease->state = lctx->req_state; + } }
if (lctx->req_state && lease->state == - SMB2_LEASE_NONE_LE) + SMB2_LEASE_NONE_LE) { + lease->epoch++; lease_none_upgrade(opinfo, lctx->req_state); + } } read_lock(&ci->m_lock); } diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 4d6663ab3d03..795d3554abe2 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -5569,6 +5569,7 @@ static int smb2_rename(struct ksmbd_work *work, if (!file_info->ReplaceIfExists) flags = RENAME_NOREPLACE;
+ smb_break_all_levII_oplock(work, fp, 0); rc = ksmbd_vfs_rename(work, &fp->filp->f_path, new_name, flags); out: kfree(new_name);
From: Fedor Pchelkin pchelkin@ispras.ru
[ Upstream commit 8cf9bedfc3c47d24bb0de386f808f925dc52863e ]
The ppace array is not freed if one of the init_acl_state() calls inside parse_dacl() fails. At the moment the function may fail only due to the memory allocation errors so it's highly unlikely in this case but nevertheless a fix is needed.
Move ppace allocation after the init_acl_state() calls with proper error handling.
Found by Linux Verification Center (linuxtesting.org).
Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Cc: stable@vger.kernel.org Signed-off-by: Fedor Pchelkin pchelkin@ispras.ru Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com --- fs/ksmbd/smbacl.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/fs/ksmbd/smbacl.c b/fs/ksmbd/smbacl.c index 9ace5027684d..3a6c0abdb035 100644 --- a/fs/ksmbd/smbacl.c +++ b/fs/ksmbd/smbacl.c @@ -399,10 +399,6 @@ static void parse_dacl(struct user_namespace *user_ns, if (num_aces > ULONG_MAX / sizeof(struct smb_ace *)) return;
- ppace = kmalloc_array(num_aces, sizeof(struct smb_ace *), GFP_KERNEL); - if (!ppace) - return; - ret = init_acl_state(&acl_state, num_aces); if (ret) return; @@ -412,6 +408,13 @@ static void parse_dacl(struct user_namespace *user_ns, return; }
+ ppace = kmalloc_array(num_aces, sizeof(struct smb_ace *), GFP_KERNEL); + if (!ppace) { + free_acl_state(&default_acl_state); + free_acl_state(&acl_state); + return; + } + /* * reset rwx permissions for user/group/other. * Also, if num_aces is 0 i.e. DACL has no ACEs,
From: Kevin Hao haokexin@gmail.com
[ Upstream commit 8fb7b723924cc9306bc161f45496497aec733904 ]
The kernel thread function ksmbd_conn_handler_loop() invokes the try_to_freeze() in its loop. But all the kernel threads are non-freezable by default. So if we want to make a kernel thread to be freezable, we have to invoke set_freezable() explicitly.
Signed-off-by: Kevin Hao haokexin@gmail.com Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com --- fs/ksmbd/connection.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/fs/ksmbd/connection.c b/fs/ksmbd/connection.c index 0a7a30bd531f..f9fbde916a09 100644 --- a/fs/ksmbd/connection.c +++ b/fs/ksmbd/connection.c @@ -284,6 +284,7 @@ int ksmbd_conn_handler_loop(void *p) goto out;
conn->last_active = jiffies; + set_freezable(); while (ksmbd_conn_alive(conn)) { if (try_to_freeze()) continue;
[ Upstream commit 92e470163d96df8db6c4fa0f484e4a229edb903d ]
If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid.
Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-22890 Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com --- fs/ksmbd/asn1.c | 5 +++++ fs/ksmbd/connection.h | 1 + fs/ksmbd/smb2pdu.c | 22 +++++++++++++++++----- 3 files changed, 23 insertions(+), 5 deletions(-)
diff --git a/fs/ksmbd/asn1.c b/fs/ksmbd/asn1.c index 4a4b2b03ff33..b931a99ab9c8 100644 --- a/fs/ksmbd/asn1.c +++ b/fs/ksmbd/asn1.c @@ -214,10 +214,15 @@ static int ksmbd_neg_token_alloc(void *context, size_t hdrlen, { struct ksmbd_conn *conn = context;
+ if (!vlen) + return -EINVAL; + conn->mechToken = kmemdup_nul(value, vlen, GFP_KERNEL); if (!conn->mechToken) return -ENOMEM;
+ conn->mechTokenLen = (unsigned int)vlen; + return 0; }
diff --git a/fs/ksmbd/connection.h b/fs/ksmbd/connection.h index 3c005246a32e..342f935f5770 100644 --- a/fs/ksmbd/connection.h +++ b/fs/ksmbd/connection.h @@ -88,6 +88,7 @@ struct ksmbd_conn { __u16 dialect;
char *mechToken; + unsigned int mechTokenLen;
struct ksmbd_conn_ops *conn_ops;
diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 795d3554abe2..7e8f1c89124f 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -1414,7 +1414,10 @@ static struct ksmbd_user *session_user(struct ksmbd_conn *conn, char *name; unsigned int name_off, name_len, secbuf_len;
- secbuf_len = le16_to_cpu(req->SecurityBufferLength); + if (conn->use_spnego && conn->mechToken) + secbuf_len = conn->mechTokenLen; + else + secbuf_len = le16_to_cpu(req->SecurityBufferLength); if (secbuf_len < sizeof(struct authenticate_message)) { ksmbd_debug(SMB, "blob len %d too small\n", secbuf_len); return NULL; @@ -1505,7 +1508,10 @@ static int ntlm_authenticate(struct ksmbd_work *work, struct authenticate_message *authblob;
authblob = user_authblob(conn, req); - sz = le16_to_cpu(req->SecurityBufferLength); + if (conn->use_spnego && conn->mechToken) + sz = conn->mechTokenLen; + else + sz = le16_to_cpu(req->SecurityBufferLength); rc = ksmbd_decode_ntlmssp_auth_blob(authblob, sz, conn, sess); if (rc) { set_user_flag(sess->user, KSMBD_USER_FLAG_BAD_PASSWORD); @@ -1778,8 +1784,7 @@ int smb2_sess_setup(struct ksmbd_work *work)
negblob_off = le16_to_cpu(req->SecurityBufferOffset); negblob_len = le16_to_cpu(req->SecurityBufferLength); - if (negblob_off < offsetof(struct smb2_sess_setup_req, Buffer) || - negblob_len < offsetof(struct negotiate_message, NegotiateFlags)) { + if (negblob_off < offsetof(struct smb2_sess_setup_req, Buffer)) { rc = -EINVAL; goto out_err; } @@ -1788,8 +1793,15 @@ int smb2_sess_setup(struct ksmbd_work *work) negblob_off);
if (decode_negotiation_token(conn, negblob, negblob_len) == 0) { - if (conn->mechToken) + if (conn->mechToken) { negblob = (struct negotiate_message *)conn->mechToken; + negblob_len = conn->mechTokenLen; + } + } + + if (negblob_len < offsetof(struct negotiate_message, NegotiateFlags)) { + rc = -EINVAL; + goto out_err; }
if (server_conf.auth_mechs & conn->auth_mechs) {
[ Upstream commit 38d20c62903d669693a1869aa68c4dd5674e2544 ]
The race is between the handling of a new TCP connection and its disconnection. It leads to UAF on in ksmbd_tcp_new_connection() function.
Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-22991 Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com --- fs/ksmbd/connection.c | 6 ------ fs/ksmbd/connection.h | 1 - fs/ksmbd/transport_rdma.c | 11 ++++++----- fs/ksmbd/transport_tcp.c | 13 +++++++------ 4 files changed, 13 insertions(+), 18 deletions(-)
diff --git a/fs/ksmbd/connection.c b/fs/ksmbd/connection.c index f9fbde916a09..63815c4df133 100644 --- a/fs/ksmbd/connection.c +++ b/fs/ksmbd/connection.c @@ -416,13 +416,7 @@ static void stop_sessions(void) again: down_read(&conn_list_lock); list_for_each_entry(conn, &conn_list, conns_list) { - struct task_struct *task; - t = conn->transport; - task = t->handler; - if (task) - ksmbd_debug(CONN, "Stop session handler %s/%d\n", - task->comm, task_pid_nr(task)); ksmbd_conn_set_exiting(conn); if (t->ops->shutdown) { up_read(&conn_list_lock); diff --git a/fs/ksmbd/connection.h b/fs/ksmbd/connection.h index 342f935f5770..0e04cf8b1d89 100644 --- a/fs/ksmbd/connection.h +++ b/fs/ksmbd/connection.h @@ -135,7 +135,6 @@ struct ksmbd_transport_ops { struct ksmbd_transport { struct ksmbd_conn *conn; struct ksmbd_transport_ops *ops; - struct task_struct *handler; };
#define KSMBD_TCP_RECV_TIMEOUT (7 * HZ) diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c index 252a1e7afcc0..355673f2830b 100644 --- a/fs/ksmbd/transport_rdma.c +++ b/fs/ksmbd/transport_rdma.c @@ -2039,6 +2039,7 @@ static bool rdma_frwr_is_supported(struct ib_device_attr *attrs) static int smb_direct_handle_connect_request(struct rdma_cm_id *new_cm_id) { struct smb_direct_transport *t; + struct task_struct *handler; int ret;
if (!rdma_frwr_is_supported(&new_cm_id->device->attrs)) { @@ -2056,11 +2057,11 @@ static int smb_direct_handle_connect_request(struct rdma_cm_id *new_cm_id) if (ret) goto out_err;
- KSMBD_TRANS(t)->handler = kthread_run(ksmbd_conn_handler_loop, - KSMBD_TRANS(t)->conn, "ksmbd:r%u", - smb_direct_port); - if (IS_ERR(KSMBD_TRANS(t)->handler)) { - ret = PTR_ERR(KSMBD_TRANS(t)->handler); + handler = kthread_run(ksmbd_conn_handler_loop, + KSMBD_TRANS(t)->conn, "ksmbd:r%u", + smb_direct_port); + if (IS_ERR(handler)) { + ret = PTR_ERR(handler); pr_err("Can't start thread\n"); goto out_err; } diff --git a/fs/ksmbd/transport_tcp.c b/fs/ksmbd/transport_tcp.c index eff7a1d793f0..9d4222154dcc 100644 --- a/fs/ksmbd/transport_tcp.c +++ b/fs/ksmbd/transport_tcp.c @@ -185,6 +185,7 @@ static int ksmbd_tcp_new_connection(struct socket *client_sk) struct sockaddr *csin; int rc = 0; struct tcp_transport *t; + struct task_struct *handler;
t = alloc_transport(client_sk); if (!t) { @@ -199,13 +200,13 @@ static int ksmbd_tcp_new_connection(struct socket *client_sk) goto out_error; }
- KSMBD_TRANS(t)->handler = kthread_run(ksmbd_conn_handler_loop, - KSMBD_TRANS(t)->conn, - "ksmbd:%u", - ksmbd_tcp_get_port(csin)); - if (IS_ERR(KSMBD_TRANS(t)->handler)) { + handler = kthread_run(ksmbd_conn_handler_loop, + KSMBD_TRANS(t)->conn, + "ksmbd:%u", + ksmbd_tcp_get_port(csin)); + if (IS_ERR(handler)) { pr_err("cannot start conn thread\n"); - rc = PTR_ERR(KSMBD_TRANS(t)->handler); + rc = PTR_ERR(handler); free_transport(t); } return rc;
[ Upstream commit 77bebd186442a7d703b796784db7495129cc3e70 ]
When smb2 leases is disable, ksmbd can send oplock break notification and cause wait oplock break ack timeout. It may appear like hang when accessing a directory. This patch make only v2 leases handle the directory.
Cc: stable@vger.kernel.org Signed-off-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Steve French stfrench@microsoft.com --- fs/ksmbd/oplock.c | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/fs/ksmbd/oplock.c b/fs/ksmbd/oplock.c index 5baabcb818f0..4e444d01a3c3 100644 --- a/fs/ksmbd/oplock.c +++ b/fs/ksmbd/oplock.c @@ -1197,6 +1197,12 @@ int smb_grant_oplock(struct ksmbd_work *work, int req_op_level, u64 pid, bool prev_op_has_lease; __le32 prev_op_state = 0;
+ /* Only v2 leases handle the directory */ + if (S_ISDIR(file_inode(fp->filp)->i_mode)) { + if (!lctx || lctx->version != 2) + return 0; + } + opinfo = alloc_opinfo(work, pid, tid); if (!opinfo) return -ENOMEM;
On Sun, Jan 21, 2024 at 11:30:27PM +0900, Namjae Jeon wrote:
This patchset is backport patches from 6.8-rc1.
Nice, but we obviously can not take patches only to 5.15.y as that would be a regression when people upgrade to a newer kernel. Can you also provide the needed backports for 6.1.y and 6.6.y and 6.7.y?
thanks,
greg k-h
2024-01-23 0:03 GMT+09:00, Greg KH gregkh@linuxfoundation.org:
On Sun, Jan 21, 2024 at 11:30:27PM +0900, Namjae Jeon wrote:
This patchset is backport patches from 6.8-rc1.
Nice, but we obviously can not take patches only to 5.15.y as that would be a regression when people upgrade to a newer kernel. Can you also provide the needed backports for 6.1.y and 6.6.y and 6.7.y?
Sure, I will do that. Thanks!
thanks,
greg k-h
2024-01-23 8:28 GMT+09:00, Namjae Jeon linkinjeon@kernel.org:
2024-01-23 0:03 GMT+09:00, Greg KH gregkh@linuxfoundation.org:
On Sun, Jan 21, 2024 at 11:30:27PM +0900, Namjae Jeon wrote:
This patchset is backport patches from 6.8-rc1.
Nice, but we obviously can not take patches only to 5.15.y as that would be a regression when people upgrade to a newer kernel. Can you also provide the needed backports for 6.1.y and 6.6.y and 6.7.y?
Sure, I will do that. Thanks!
I have sent ksmbd backport patches for 5.15, 6.1, 6.6, 6.7 kernel. Could you please check them ?
Thanks!
thanks,
greg k-h
On Fri, Jan 26, 2024 at 10:25:36AM +0900, Namjae Jeon wrote:
2024-01-23 8:28 GMT+09:00, Namjae Jeon linkinjeon@kernel.org:
2024-01-23 0:03 GMT+09:00, Greg KH gregkh@linuxfoundation.org:
On Sun, Jan 21, 2024 at 11:30:27PM +0900, Namjae Jeon wrote:
This patchset is backport patches from 6.8-rc1.
Nice, but we obviously can not take patches only to 5.15.y as that would be a regression when people upgrade to a newer kernel. Can you also provide the needed backports for 6.1.y and 6.6.y and 6.7.y?
Sure, I will do that. Thanks!
I have sent ksmbd backport patches for 5.15, 6.1, 6.6, 6.7 kernel. Could you please check them ?
Give us a chance, we just released kernels a few hours ago and couldn't do anything until that happened...
greg k-h
2024-01-26 10:36 GMT+09:00, Greg KH gregkh@linuxfoundation.org:
On Fri, Jan 26, 2024 at 10:25:36AM +0900, Namjae Jeon wrote:
2024-01-23 8:28 GMT+09:00, Namjae Jeon linkinjeon@kernel.org:
2024-01-23 0:03 GMT+09:00, Greg KH gregkh@linuxfoundation.org:
On Sun, Jan 21, 2024 at 11:30:27PM +0900, Namjae Jeon wrote:
This patchset is backport patches from 6.8-rc1.
Nice, but we obviously can not take patches only to 5.15.y as that would be a regression when people upgrade to a newer kernel. Can you also provide the needed backports for 6.1.y and 6.6.y and 6.7.y?
Sure, I will do that. Thanks!
I have sent ksmbd backport patches for 5.15, 6.1, 6.6, 6.7 kernel. Could you please check them ?
Give us a chance, we just released kernels a few hours ago and couldn't do anything until that happened...
Okay, I would really appreciate it if you could apply them into the next version!
Thanks!
greg k-h
On Fri, Jan 26, 2024 at 10:59:17AM +0900, Namjae Jeon wrote:
2024-01-26 10:36 GMT+09:00, Greg KH gregkh@linuxfoundation.org:
On Fri, Jan 26, 2024 at 10:25:36AM +0900, Namjae Jeon wrote:
2024-01-23 8:28 GMT+09:00, Namjae Jeon linkinjeon@kernel.org:
2024-01-23 0:03 GMT+09:00, Greg KH gregkh@linuxfoundation.org:
On Sun, Jan 21, 2024 at 11:30:27PM +0900, Namjae Jeon wrote:
This patchset is backport patches from 6.8-rc1.
Nice, but we obviously can not take patches only to 5.15.y as that would be a regression when people upgrade to a newer kernel. Can you also provide the needed backports for 6.1.y and 6.6.y and 6.7.y?
Sure, I will do that. Thanks!
I have sent ksmbd backport patches for 5.15, 6.1, 6.6, 6.7 kernel. Could you please check them ?
Give us a chance, we just released kernels a few hours ago and couldn't do anything until that happened...
Okay, I would really appreciate it if you could apply them into the next version!
All now queued up, thanks.
greg k-h
2024-01-27 9:43 GMT+09:00, Greg KH gregkh@linuxfoundation.org:
On Fri, Jan 26, 2024 at 10:59:17AM +0900, Namjae Jeon wrote:
2024-01-26 10:36 GMT+09:00, Greg KH gregkh@linuxfoundation.org:
On Fri, Jan 26, 2024 at 10:25:36AM +0900, Namjae Jeon wrote:
2024-01-23 8:28 GMT+09:00, Namjae Jeon linkinjeon@kernel.org:
2024-01-23 0:03 GMT+09:00, Greg KH gregkh@linuxfoundation.org:
On Sun, Jan 21, 2024 at 11:30:27PM +0900, Namjae Jeon wrote: > This patchset is backport patches from 6.8-rc1.
Nice, but we obviously can not take patches only to 5.15.y as that would be a regression when people upgrade to a newer kernel. Can you also provide the needed backports for 6.1.y and 6.6.y and 6.7.y?
Sure, I will do that. Thanks!
I have sent ksmbd backport patches for 5.15, 6.1, 6.6, 6.7 kernel. Could you please check them ?
Give us a chance, we just released kernels a few hours ago and couldn't do anything until that happened...
Okay, I would really appreciate it if you could apply them into the next version!
All now queued up, thanks.
Thanks a lot!
greg k-h
linux-stable-mirror@lists.linaro.org
-
Greg KH -
Namjae Jeon