[CIFS] Prevent OOPs when mounting with remote prefixpath.

Fixes OOPs with message 'kernel BUG at fs/cifs/cifs_dfs_ref.c:274!'. Checks if the prefixpath in an accesible while we are still in cifs_mount and fails with reporting a error if we can't access the prefixpath Should fix Samba bugs 6086 and 5861 and kernel bug 12192 Signed-off-by: Igor Mammedov <niallain@gmail.com> Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
author: Igor Mammedov <niallain@gmail.com> 2009-02-10 06:10:26 -0500
committer: Steve French <sfrench@us.ibm.com> 2009-02-20 22:36:21 -0500
commit: e4cce94c9c8797b08faf6a79396df4d175e377fa (patch)
tree: 6eb306603652bf08ca10fef4f899332f30d71e09 /fs/cifs
parent: e1f81c8a417be466e85a38b61679aa6860ec7331 (diff)
3 files changed, 48 insertions, 2 deletions
diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
index 382ba6298809..ec9f9c1c7d88 100644
--- a/fs/cifs/cifsproto.h
+++ b/fs/cifs/cifsproto.h
@@ -42,6 +42,7 @@ extern void _FreeXid(unsigned int);
 #define GetXid() (int)_GetXid(); cFYI(1,("CIFS VFS: in %s as Xid: %d with uid: %d",__func__, xid,current_fsuid()));
 #define FreeXid(curr_xid) {_FreeXid(curr_xid); cFYI(1,("CIFS VFS: leaving %s (xid = %d) rc = %d",__func__,curr_xid,(int)rc));}
 extern char *build_path_from_dentry(struct dentry *);
+extern char *cifs_build_path_to_root(struct cifs_sb_info *cifs_sb);
 extern char *build_wildcard_path_from_dentry(struct dentry *direntry);
 /* extern void renew_parental_timestamps(struct dentry *direntry);*/
 extern int SendReceive(const unsigned int /* xid */ , struct cifsSesInfo *,
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 005df85219a8..da0f4ffa0613 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -2180,6 +2180,33 @@ static void setup_cifs_sb(struct smb_vol *pvolume_info,
                           "mount option supported"));
 }
+static int
+is_path_accessible(int xid, struct cifsTconInfo *tcon,
+                   struct cifs_sb_info *cifs_sb, const char *full_path)
+{
+        int rc;
+        __u64 inode_num;
+        FILE_ALL_INFO *pfile_info;
+        rc = CIFSGetSrvInodeNumber(xid, tcon, full_path, &inode_num,
+                                   cifs_sb->local_nls,
+                                   cifs_sb->mnt_cifs_flags &
+                                                CIFS_MOUNT_MAP_SPECIAL_CHR);
+        if (rc != -EOPNOTSUPP)
+                return rc;
+        pfile_info = kmalloc(sizeof(FILE_ALL_INFO), GFP_KERNEL);
+        if (pfile_info == NULL)
+                return -ENOMEM;
+        rc = CIFSSMBQPathInfo(xid, tcon, full_path, pfile_info,
+                              0 /* not legacy */, cifs_sb->local_nls,
+                              cifs_sb->mnt_cifs_flags &
+                                CIFS_MOUNT_MAP_SPECIAL_CHR);
+        kfree(pfile_info);
+        return rc;
+}
 int
 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
           char *mount_data, const char *devname)
@@ -2190,6 +2217,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
        struct cifsSesInfo *pSesInfo = NULL;
        struct cifsTconInfo *tcon = NULL;
        struct TCP_Server_Info *srvTcp = NULL;
+        char   *full_path;
        xid = GetXid();
@@ -2426,6 +2454,23 @@ mount_fail_check:
                cifs_sb->rsize = min(cifs_sb->rsize,
                               (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
+        if (!rc && cifs_sb->prepathlen) {
+                /* build_path_to_root works only when we have a valid tcon */
+                full_path = cifs_build_path_to_root(cifs_sb);
+                if (full_path == NULL) {
+                        rc = -ENOMEM;
+                        goto mount_fail_check;
+                }
+                rc = is_path_accessible(xid, tcon, cifs_sb, full_path);
+                if (rc) {
+                        cERROR(1, ("Path %s in not accessible: %d",
+                                                full_path, rc));
+                        kfree(full_path);
+                        goto mount_fail_check;
+                }
+                kfree(full_path);
+        }
        /* volume_info->password is freed above when existing session found
        (in which case it is not needed anymore) but when new sesion is created
        the password ptr is put in the new session structure (in which case the
diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
index bcf7b5184664..7342bfb02ae0 100644
--- a/fs/cifs/inode.c
+++ b/fs/cifs/inode.c
@@ -621,7 +621,7 @@ static const struct inode_operations cifs_ipc_inode_ops = {
        .lookup = cifs_lookup,
 };
-static char *build_path_to_root(struct cifs_sb_info *cifs_sb)
+char *cifs_build_path_to_root(struct cifs_sb_info *cifs_sb)
 {
        int pplen = cifs_sb->prepathlen;
        int dfsplen;
@@ -678,7 +678,7 @@ struct inode *cifs_iget(struct super_block *sb, unsigned long ino)
                return inode;
        cifs_sb = CIFS_SB(inode->i_sb);
-        full_path = build_path_to_root(cifs_sb);
+        full_path = cifs_build_path_to_root(cifs_sb);
        if (full_path == NULL)
                return ERR_PTR(-ENOMEM);
author	Igor Mammedov <niallain@gmail.com>	2009-02-10 06:10:26 -0500
committer	Steve French <sfrench@us.ibm.com>	2009-02-20 22:36:21 -0500
commit	e4cce94c9c8797b08faf6a79396df4d175e377fa (patch)
tree	6eb306603652bf08ca10fef4f899332f30d71e09 /fs/cifs
parent	e1f81c8a417be466e85a38b61679aa6860ec7331 (diff)

diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h index 382ba6298809..ec9f9c1c7d88 100644 --- a/fs/cifs/cifsproto.h +++ b/fs/cifs/cifsproto.h
@@ -42,6 +42,7 @@ extern void _FreeXid(unsigned int);
42	#define GetXid() (int)_GetXid(); cFYI(1,("CIFS VFS: in %s as Xid: %d with uid: %d",__func__, xid,current_fsuid()));	42	#define GetXid() (int)_GetXid(); cFYI(1,("CIFS VFS: in %s as Xid: %d with uid: %d",__func__, xid,current_fsuid()));
43	#define FreeXid(curr_xid) {_FreeXid(curr_xid); cFYI(1,("CIFS VFS: leaving %s (xid = %d) rc = %d",__func__,curr_xid,(int)rc));}	43	#define FreeXid(curr_xid) {_FreeXid(curr_xid); cFYI(1,("CIFS VFS: leaving %s (xid = %d) rc = %d",__func__,curr_xid,(int)rc));}
44	extern char build_path_from_dentry(struct dentry );	44	extern char build_path_from_dentry(struct dentry );
		45	extern char cifs_build_path_to_root(struct cifs_sb_info cifs_sb);
45	extern char build_wildcard_path_from_dentry(struct dentry direntry);	46	extern char build_wildcard_path_from_dentry(struct dentry direntry);
46	/* extern void renew_parental_timestamps(struct dentry direntry);/	47	/* extern void renew_parental_timestamps(struct dentry direntry);/
47	extern int SendReceive(const unsigned int /* xid / , struct cifsSesInfo ,	48	extern int SendReceive(const unsigned int /* xid / , struct cifsSesInfo ,


diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 005df85219a8..da0f4ffa0613 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c
@@ -2180,6 +2180,33 @@ static void setup_cifs_sb(struct smb_vol *pvolume_info,
2180	"mount option supported"));	2180	"mount option supported"));
2181	}	2181	}
2182		2182
		2183	static int
		2184	is_path_accessible(int xid, struct cifsTconInfo *tcon,
		2185	struct cifs_sb_info cifs_sb, const char full_path)
		2186	{
		2187	int rc;
		2188	__u64 inode_num;
		2189	FILE_ALL_INFO *pfile_info;
		2190
		2191	rc = CIFSGetSrvInodeNumber(xid, tcon, full_path, &inode_num,
		2192	cifs_sb->local_nls,
		2193	cifs_sb->mnt_cifs_flags &
		2194	CIFS_MOUNT_MAP_SPECIAL_CHR);
		2195	if (rc != -EOPNOTSUPP)
		2196	return rc;
		2197
		2198	pfile_info = kmalloc(sizeof(FILE_ALL_INFO), GFP_KERNEL);
		2199	if (pfile_info == NULL)
		2200	return -ENOMEM;
		2201
		2202	rc = CIFSSMBQPathInfo(xid, tcon, full_path, pfile_info,
		2203	0 /* not legacy */, cifs_sb->local_nls,
		2204	cifs_sb->mnt_cifs_flags &
		2205	CIFS_MOUNT_MAP_SPECIAL_CHR);
		2206	kfree(pfile_info);
		2207	return rc;
		2208	}
		2209
2183	int	2210	int
2184	cifs_mount(struct super_block sb, struct cifs_sb_info cifs_sb,	2211	cifs_mount(struct super_block sb, struct cifs_sb_info cifs_sb,
2185	char mount_data, const char devname)	2212	char mount_data, const char devname)
@@ -2190,6 +2217,7 @@ cifs_mount(struct super_block sb, struct cifs_sb_info cifs_sb,
2190	struct cifsSesInfo *pSesInfo = NULL;	2217	struct cifsSesInfo *pSesInfo = NULL;
2191	struct cifsTconInfo *tcon = NULL;	2218	struct cifsTconInfo *tcon = NULL;
2192	struct TCP_Server_Info *srvTcp = NULL;	2219	struct TCP_Server_Info *srvTcp = NULL;
		2220	char *full_path;
2193		2221
2194	xid = GetXid();	2222	xid = GetXid();
2195		2223
@@ -2426,6 +2454,23 @@ mount_fail_check:
2426	cifs_sb->rsize = min(cifs_sb->rsize,	2454	cifs_sb->rsize = min(cifs_sb->rsize,
2427	(tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));	2455	(tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2428		2456
		2457	if (!rc && cifs_sb->prepathlen) {
		2458	/* build_path_to_root works only when we have a valid tcon */
		2459	full_path = cifs_build_path_to_root(cifs_sb);
		2460	if (full_path == NULL) {
		2461	rc = -ENOMEM;
		2462	goto mount_fail_check;
		2463	}
		2464	rc = is_path_accessible(xid, tcon, cifs_sb, full_path);
		2465	if (rc) {
		2466	cERROR(1, ("Path %s in not accessible: %d",
		2467	full_path, rc));
		2468	kfree(full_path);
		2469	goto mount_fail_check;
		2470	}
		2471	kfree(full_path);
		2472	}
		2473
2429	/* volume_info->password is freed above when existing session found	2474	/* volume_info->password is freed above when existing session found
2430	(in which case it is not needed anymore) but when new sesion is created	2475	(in which case it is not needed anymore) but when new sesion is created
2431	the password ptr is put in the new session structure (in which case the	2476	the password ptr is put in the new session structure (in which case the


diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c index bcf7b5184664..7342bfb02ae0 100644 --- a/fs/cifs/inode.c +++ b/fs/cifs/inode.c
@@ -621,7 +621,7 @@ static const struct inode_operations cifs_ipc_inode_ops = {
621	.lookup = cifs_lookup,	621	.lookup = cifs_lookup,
622	};	622	};
623		623
624	static char build_path_to_root(struct cifs_sb_info cifs_sb)	624	char cifs_build_path_to_root(struct cifs_sb_info cifs_sb)
625	{	625	{
626	int pplen = cifs_sb->prepathlen;	626	int pplen = cifs_sb->prepathlen;
627	int dfsplen;	627	int dfsplen;
@@ -678,7 +678,7 @@ struct inode cifs_iget(struct super_block sb, unsigned long ino)
678	return inode;	678	return inode;
679		679
680	cifs_sb = CIFS_SB(inode->i_sb);	680	cifs_sb = CIFS_SB(inode->i_sb);
681	full_path = build_path_to_root(cifs_sb);	681	full_path = cifs_build_path_to_root(cifs_sb);
682	if (full_path == NULL)	682	if (full_path == NULL)
683	return ERR_PTR(-ENOMEM);	683	return ERR_PTR(-ENOMEM);
684		684