diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-02-09 17:42:57 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-02-09 17:42:57 -0500 |
| commit | a28348322f79799d34867138806aa3cd15993d59 (patch) | |
| tree | 41521d484e29c27f928cd99b42b9a6bb5cffec96 | |
| parent | 58fcba61dea4a238f907bf7eb8b9c95427c27f28 (diff) | |
| parent | 5f60a56494ea5518376b274dd93b3ceee9a783fb (diff) | |
Merge tag '4.16-minor-rc-SMB3-fixes' of git://git.samba.org/sfrench/cifs-2.6
Pull cifs fixes from Steve French:
"There are a couple additional security fixes that are still being
tested that are not in this set."
* tag '4.16-minor-rc-SMB3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
Add missing structs and defines from recent SMB3.1.1 documentation
address lock imbalance warnings in smbdirect.c
cifs: silence compiler warnings showing up with gcc-8.0.0
Add some missing debug fields in server and tcon structs
| -rw-r--r-- | fs/cifs/cifs_debug.c | 9 | ||||
| -rw-r--r-- | fs/cifs/cifssmb.c | 4 | ||||
| -rw-r--r-- | fs/cifs/smb2pdu.h | 114 | ||||
| -rw-r--r-- | fs/cifs/smbdirect.c | 16 |
4 files changed, 130 insertions, 13 deletions
diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c index c7a863219fa3..e35e711db68e 100644 --- a/fs/cifs/cifs_debug.c +++ b/fs/cifs/cifs_debug.c | |||
| @@ -128,6 +128,10 @@ static void cifs_debug_tcon(struct seq_file *m, struct cifs_tcon *tcon) | |||
| 128 | seq_puts(m, " type: CDROM "); | 128 | seq_puts(m, " type: CDROM "); |
| 129 | else | 129 | else |
| 130 | seq_printf(m, " type: %d ", dev_type); | 130 | seq_printf(m, " type: %d ", dev_type); |
| 131 | if (tcon->seal) | ||
| 132 | seq_printf(m, " Encrypted"); | ||
| 133 | if (tcon->unix_ext) | ||
| 134 | seq_printf(m, " POSIX Extensions"); | ||
| 131 | if (tcon->ses->server->ops->dump_share_caps) | 135 | if (tcon->ses->server->ops->dump_share_caps) |
| 132 | tcon->ses->server->ops->dump_share_caps(m, tcon); | 136 | tcon->ses->server->ops->dump_share_caps(m, tcon); |
| 133 | 137 | ||
| @@ -246,7 +250,10 @@ static int cifs_debug_data_proc_show(struct seq_file *m, void *v) | |||
| 246 | atomic_read(&server->smbd_conn->mr_used_count)); | 250 | atomic_read(&server->smbd_conn->mr_used_count)); |
| 247 | skip_rdma: | 251 | skip_rdma: |
| 248 | #endif | 252 | #endif |
| 249 | seq_printf(m, "\nNumber of credits: %d", server->credits); | 253 | seq_printf(m, "\nNumber of credits: %d Dialect 0x%x", |
| 254 | server->credits, server->dialect); | ||
| 255 | if (server->sign) | ||
| 256 | seq_printf(m, " signed"); | ||
| 250 | i++; | 257 | i++; |
| 251 | list_for_each(tmp2, &server->smb_ses_list) { | 258 | list_for_each(tmp2, &server->smb_ses_list) { |
| 252 | ses = list_entry(tmp2, struct cifs_ses, | 259 | ses = list_entry(tmp2, struct cifs_ses, |
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index 4e0922d24eb2..9ceebf30eb22 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c | |||
| @@ -6343,9 +6343,7 @@ SetEARetry: | |||
| 6343 | pSMB->InformationLevel = | 6343 | pSMB->InformationLevel = |
| 6344 | cpu_to_le16(SMB_SET_FILE_EA); | 6344 | cpu_to_le16(SMB_SET_FILE_EA); |
| 6345 | 6345 | ||
| 6346 | parm_data = | 6346 | parm_data = (void *)pSMB + offsetof(struct smb_hdr, Protocol) + offset; |
| 6347 | (struct fealist *) (((char *) &pSMB->hdr.Protocol) + | ||
| 6348 | offset); | ||
| 6349 | pSMB->ParameterOffset = cpu_to_le16(param_offset); | 6347 | pSMB->ParameterOffset = cpu_to_le16(param_offset); |
| 6350 | pSMB->DataOffset = cpu_to_le16(offset); | 6348 | pSMB->DataOffset = cpu_to_le16(offset); |
| 6351 | pSMB->SetupCount = 1; | 6349 | pSMB->SetupCount = 1; |
diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h index 6eb9f9691ed4..2a2b34ccaf49 100644 --- a/fs/cifs/smb2pdu.h +++ b/fs/cifs/smb2pdu.h | |||
| @@ -192,6 +192,35 @@ struct smb2_symlink_err_rsp { | |||
| 192 | __u8 PathBuffer[0]; | 192 | __u8 PathBuffer[0]; |
| 193 | } __packed; | 193 | } __packed; |
| 194 | 194 | ||
| 195 | /* SMB 3.1.1 and later dialects. See MS-SMB2 section 2.2.2.1 */ | ||
| 196 | struct smb2_error_context_rsp { | ||
| 197 | __le32 ErrorDataLength; | ||
| 198 | __le32 ErrorId; | ||
| 199 | __u8 ErrorContextData; /* ErrorDataLength long array */ | ||
| 200 | } __packed; | ||
| 201 | |||
| 202 | /* Defines for Type field below (see MS-SMB2 2.2.2.2.2.1) */ | ||
| 203 | #define MOVE_DST_IPADDR_V4 cpu_to_le32(0x00000001) | ||
| 204 | #define MOVE_DST_IPADDR_V6 cpu_to_le32(0x00000002) | ||
| 205 | |||
| 206 | struct move_dst_ipaddr { | ||
| 207 | __le32 Type; | ||
| 208 | __u32 Reserved; | ||
| 209 | __u8 address[16]; /* IPv4 followed by 12 bytes rsvd or IPv6 address */ | ||
| 210 | } __packed; | ||
| 211 | |||
| 212 | struct share_redirect_error_context_rsp { | ||
| 213 | __le32 StructureSize; | ||
| 214 | __le32 NotificationType; | ||
| 215 | __le32 ResourceNameOffset; | ||
| 216 | __le32 ResourceNameLength; | ||
| 217 | __le16 Flags; | ||
| 218 | __le16 TargetType; | ||
| 219 | __le32 IPAddrCount; | ||
| 220 | struct move_dst_ipaddr IpAddrMoveList[0]; | ||
| 221 | /* __u8 ResourceName[] */ /* Name of share as counted Unicode string */ | ||
| 222 | } __packed; | ||
| 223 | |||
| 195 | #define SMB2_CLIENT_GUID_SIZE 16 | 224 | #define SMB2_CLIENT_GUID_SIZE 16 |
| 196 | 225 | ||
| 197 | struct smb2_negotiate_req { | 226 | struct smb2_negotiate_req { |
| @@ -320,7 +349,9 @@ struct smb2_logoff_rsp { | |||
| 320 | } __packed; | 349 | } __packed; |
| 321 | 350 | ||
| 322 | /* Flags/Reserved for SMB3.1.1 */ | 351 | /* Flags/Reserved for SMB3.1.1 */ |
| 323 | #define SMB2_SHAREFLAG_CLUSTER_RECONNECT 0x0001 | 352 | #define SMB2_TREE_CONNECT_FLAG_CLUSTER_RECONNECT cpu_to_le16(0x0001) |
| 353 | #define SMB2_TREE_CONNECT_FLAG_REDIRECT_TO_OWNER cpu_to_le16(0x0002) | ||
| 354 | #define SMB2_TREE_CONNECT_FLAG_EXTENSION_PRESENT cpu_to_le16(0x0004) | ||
| 324 | 355 | ||
| 325 | struct smb2_tree_connect_req { | 356 | struct smb2_tree_connect_req { |
| 326 | struct smb2_sync_hdr sync_hdr; | 357 | struct smb2_sync_hdr sync_hdr; |
| @@ -331,6 +362,82 @@ struct smb2_tree_connect_req { | |||
| 331 | __u8 Buffer[1]; /* variable length */ | 362 | __u8 Buffer[1]; /* variable length */ |
| 332 | } __packed; | 363 | } __packed; |
| 333 | 364 | ||
| 365 | /* See MS-SMB2 section 2.2.9.2 */ | ||
| 366 | /* Context Types */ | ||
| 367 | #define SMB2_RESERVED_TREE_CONNECT_CONTEXT_ID 0x0000 | ||
| 368 | #define SMB2_REMOTED_IDENTITY_TREE_CONNECT_CONTEXT_ID cpu_to_le16(0x0001) | ||
| 369 | |||
| 370 | struct tree_connect_contexts { | ||
| 371 | __le16 ContextType; | ||
| 372 | __le16 DataLength; | ||
| 373 | __le32 Reserved; | ||
| 374 | __u8 Data[0]; | ||
| 375 | } __packed; | ||
| 376 | |||
| 377 | /* Remoted identity tree connect context structures - see MS-SMB2 2.2.9.2.1 */ | ||
| 378 | struct smb3_blob_data { | ||
| 379 | __le16 BlobSize; | ||
| 380 | __u8 BlobData[0]; | ||
| 381 | } __packed; | ||
| 382 | |||
| 383 | /* Valid values for Attr */ | ||
| 384 | #define SE_GROUP_MANDATORY 0x00000001 | ||
| 385 | #define SE_GROUP_ENABLED_BY_DEFAULT 0x00000002 | ||
| 386 | #define SE_GROUP_ENABLED 0x00000004 | ||
| 387 | #define SE_GROUP_OWNER 0x00000008 | ||
| 388 | #define SE_GROUP_USE_FOR_DENY_ONLY 0x00000010 | ||
| 389 | #define SE_GROUP_INTEGRITY 0x00000020 | ||
| 390 | #define SE_GROUP_INTEGRITY_ENABLED 0x00000040 | ||
| 391 | #define SE_GROUP_RESOURCE 0x20000000 | ||
| 392 | #define SE_GROUP_LOGON_ID 0xC0000000 | ||
| 393 | |||
| 394 | /* struct sid_attr_data is SidData array in BlobData format then le32 Attr */ | ||
| 395 | |||
| 396 | struct sid_array_data { | ||
| 397 | __le16 SidAttrCount; | ||
| 398 | /* SidAttrList - array of sid_attr_data structs */ | ||
| 399 | } __packed; | ||
| 400 | |||
| 401 | struct luid_attr_data { | ||
| 402 | |||
| 403 | } __packed; | ||
| 404 | |||
| 405 | /* | ||
| 406 | * struct privilege_data is the same as BLOB_DATA - see MS-SMB2 2.2.9.2.1.5 | ||
| 407 | * but with size of LUID_ATTR_DATA struct and BlobData set to LUID_ATTR DATA | ||
| 408 | */ | ||
| 409 | |||
| 410 | struct privilege_array_data { | ||
| 411 | __le16 PrivilegeCount; | ||
| 412 | /* array of privilege_data structs */ | ||
| 413 | } __packed; | ||
| 414 | |||
| 415 | struct remoted_identity_tcon_context { | ||
| 416 | __le16 TicketType; /* must be 0x0001 */ | ||
| 417 | __le16 TicketSize; /* total size of this struct */ | ||
| 418 | __le16 User; /* offset to SID_ATTR_DATA struct with user info */ | ||
| 419 | __le16 UserName; /* offset to null terminated Unicode username string */ | ||
| 420 | __le16 Domain; /* offset to null terminated Unicode domain name */ | ||
| 421 | __le16 Groups; /* offset to SID_ARRAY_DATA struct with group info */ | ||
| 422 | __le16 RestrictedGroups; /* similar to above */ | ||
| 423 | __le16 Privileges; /* offset to PRIVILEGE_ARRAY_DATA struct */ | ||
| 424 | __le16 PrimaryGroup; /* offset to SID_ARRAY_DATA struct */ | ||
| 425 | __le16 Owner; /* offset to BLOB_DATA struct */ | ||
| 426 | __le16 DefaultDacl; /* offset to BLOB_DATA struct */ | ||
| 427 | __le16 DeviceGroups; /* offset to SID_ARRAY_DATA struct */ | ||
| 428 | __le16 UserClaims; /* offset to BLOB_DATA struct */ | ||
| 429 | __le16 DeviceClaims; /* offset to BLOB_DATA struct */ | ||
| 430 | __u8 TicketInfo[0]; /* variable length buf - remoted identity data */ | ||
| 431 | } __packed; | ||
| 432 | |||
| 433 | struct smb2_tree_connect_req_extension { | ||
| 434 | __le32 TreeConnectContextOffset; | ||
| 435 | __le16 TreeConnectContextCount; | ||
| 436 | __u8 Reserved[10]; | ||
| 437 | __u8 PathName[0]; /* variable sized array */ | ||
| 438 | /* followed by array of TreeConnectContexts */ | ||
| 439 | } __packed; | ||
| 440 | |||
| 334 | struct smb2_tree_connect_rsp { | 441 | struct smb2_tree_connect_rsp { |
| 335 | struct smb2_hdr hdr; | 442 | struct smb2_hdr hdr; |
| 336 | __le16 StructureSize; /* Must be 16 */ | 443 | __le16 StructureSize; /* Must be 16 */ |
| @@ -365,7 +472,8 @@ struct smb2_tree_connect_rsp { | |||
| 365 | #define SHI1005_FLAGS_ENABLE_HASH_V1 0x00002000 | 472 | #define SHI1005_FLAGS_ENABLE_HASH_V1 0x00002000 |
| 366 | #define SHI1005_FLAGS_ENABLE_HASH_V2 0x00004000 | 473 | #define SHI1005_FLAGS_ENABLE_HASH_V2 0x00004000 |
| 367 | #define SHI1005_FLAGS_ENCRYPT_DATA 0x00008000 | 474 | #define SHI1005_FLAGS_ENCRYPT_DATA 0x00008000 |
| 368 | #define SHI1005_FLAGS_ALL 0x0000FF33 | 475 | #define SMB2_SHAREFLAG_IDENTITY_REMOTING 0x00040000 /* 3.1.1 */ |
| 476 | #define SHI1005_FLAGS_ALL 0x0004FF33 | ||
| 369 | 477 | ||
| 370 | /* Possible share capabilities */ | 478 | /* Possible share capabilities */ |
| 371 | #define SMB2_SHARE_CAP_DFS cpu_to_le32(0x00000008) /* all dialects */ | 479 | #define SMB2_SHARE_CAP_DFS cpu_to_le32(0x00000008) /* all dialects */ |
| @@ -373,6 +481,7 @@ struct smb2_tree_connect_rsp { | |||
| 373 | #define SMB2_SHARE_CAP_SCALEOUT cpu_to_le32(0x00000020) /* 3.0 */ | 481 | #define SMB2_SHARE_CAP_SCALEOUT cpu_to_le32(0x00000020) /* 3.0 */ |
| 374 | #define SMB2_SHARE_CAP_CLUSTER cpu_to_le32(0x00000040) /* 3.0 */ | 482 | #define SMB2_SHARE_CAP_CLUSTER cpu_to_le32(0x00000040) /* 3.0 */ |
| 375 | #define SMB2_SHARE_CAP_ASYMMETRIC cpu_to_le32(0x00000080) /* 3.02 */ | 483 | #define SMB2_SHARE_CAP_ASYMMETRIC cpu_to_le32(0x00000080) /* 3.02 */ |
| 484 | #define SMB2_SHARE_CAP_REDIRECT_TO_OWNER cpu_to_le32(0x00000100) /* 3.1.1 */ | ||
| 376 | 485 | ||
| 377 | struct smb2_tree_disconnect_req { | 486 | struct smb2_tree_disconnect_req { |
| 378 | struct smb2_sync_hdr sync_hdr; | 487 | struct smb2_sync_hdr sync_hdr; |
| @@ -556,6 +665,7 @@ struct create_context { | |||
| 556 | #define SMB2_LEASE_WRITE_CACHING cpu_to_le32(0x04) | 665 | #define SMB2_LEASE_WRITE_CACHING cpu_to_le32(0x04) |
| 557 | 666 | ||
| 558 | #define SMB2_LEASE_FLAG_BREAK_IN_PROGRESS cpu_to_le32(0x02) | 667 | #define SMB2_LEASE_FLAG_BREAK_IN_PROGRESS cpu_to_le32(0x02) |
| 668 | #define SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET cpu_to_le32(0x00000004) | ||
| 559 | 669 | ||
| 560 | #define SMB2_LEASE_KEY_SIZE 16 | 670 | #define SMB2_LEASE_KEY_SIZE 16 |
| 561 | 671 | ||
diff --git a/fs/cifs/smbdirect.c b/fs/cifs/smbdirect.c index 5130492847eb..91710eb571fb 100644 --- a/fs/cifs/smbdirect.c +++ b/fs/cifs/smbdirect.c | |||
| @@ -217,9 +217,10 @@ static void smbd_destroy_rdma_work(struct work_struct *work) | |||
| 217 | spin_unlock_irqrestore( | 217 | spin_unlock_irqrestore( |
| 218 | &info->reassembly_queue_lock, flags); | 218 | &info->reassembly_queue_lock, flags); |
| 219 | put_receive_buffer(info, response); | 219 | put_receive_buffer(info, response); |
| 220 | } | 220 | } else |
| 221 | spin_unlock_irqrestore(&info->reassembly_queue_lock, flags); | ||
| 221 | } while (response); | 222 | } while (response); |
| 222 | spin_unlock_irqrestore(&info->reassembly_queue_lock, flags); | 223 | |
| 223 | info->reassembly_data_length = 0; | 224 | info->reassembly_data_length = 0; |
| 224 | 225 | ||
| 225 | log_rdma_event(INFO, "free receive buffers\n"); | 226 | log_rdma_event(INFO, "free receive buffers\n"); |
| @@ -1934,15 +1935,16 @@ again: | |||
| 1934 | * No need to lock if we are not at the | 1935 | * No need to lock if we are not at the |
| 1935 | * end of the queue | 1936 | * end of the queue |
| 1936 | */ | 1937 | */ |
| 1937 | if (!queue_length) | 1938 | if (queue_length) |
| 1939 | list_del(&response->list); | ||
| 1940 | else { | ||
| 1938 | spin_lock_irq( | 1941 | spin_lock_irq( |
| 1939 | &info->reassembly_queue_lock); | 1942 | &info->reassembly_queue_lock); |
| 1940 | list_del(&response->list); | 1943 | list_del(&response->list); |
| 1941 | queue_removed++; | ||
| 1942 | if (!queue_length) | ||
| 1943 | spin_unlock_irq( | 1944 | spin_unlock_irq( |
| 1944 | &info->reassembly_queue_lock); | 1945 | &info->reassembly_queue_lock); |
| 1945 | 1946 | } | |
| 1947 | queue_removed++; | ||
| 1946 | info->count_reassembly_queue--; | 1948 | info->count_reassembly_queue--; |
| 1947 | info->count_dequeue_reassembly_queue++; | 1949 | info->count_dequeue_reassembly_queue++; |
| 1948 | put_receive_buffer(info, response); | 1950 | put_receive_buffer(info, response); |