-
-
Notifications
You must be signed in to change notification settings - Fork 1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Revert kernel patch causing failures on CIFS share disk usage (#3051)
* Revert kernel patch causing failures on CIFS share disk usage The issue was reported upstream, waiting for a fix there. Reverting the patch for a quick resolution of the bug that breaks some things in HA and add-ons badly. Refs #3041 * Move the patch to 6.1.71 subdirectory That way Raspberry Pi's kernel won't be patched (unless it's the same version which it's currently not).
- Loading branch information
Showing
1 changed file
with
113 additions
and
0 deletions.
There are no files selected for viewing
113 changes: 113 additions & 0 deletions
113
...xternal/patches/linux/6.1.71/0001-Revert-smb-client-fix-OOB-in-SMB2_query_info_init.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,113 @@ | ||
| From 0ef7210b8779b04a380775764ad1a6b8dbfc40ee Mon Sep 17 00:00:00 2001 | ||
| From: =?UTF-8?q?Jan=20=C4=8Cerm=C3=A1k?= <[email protected]> | ||
| Date: Mon, 8 Jan 2024 12:27:41 +0100 | ||
| Subject: [PATCH] Revert "smb: client: fix OOB in SMB2_query_info_init()" | ||
|
|
||
| This reverts commit bef4315f19ba6f434054f58b958c0cf058c7a43f. | ||
|
|
||
| This commit introduced regression causing stat operations on CIFS shares | ||
| to fail [1]. Issue was reported in mailing lists [2], reverting the patch | ||
| before it is resolved in linux-stable 6.1.y. | ||
|
|
||
| [1] https://github.com/home-assistant/operating-system/issues/3041 | ||
| [2] https://lore.kernel.org/stable/[email protected]/ | ||
| --- | ||
| fs/smb/client/smb2pdu.c | 29 +++++++---------------------- | ||
| 1 file changed, 7 insertions(+), 22 deletions(-) | ||
|
|
||
| diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c | ||
| index 05ff8a457a3d..847d69d327c2 100644 | ||
| --- a/fs/smb/client/smb2pdu.c | ||
| +++ b/fs/smb/client/smb2pdu.c | ||
| @@ -372,15 +372,10 @@ static int __smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon, | ||
| void **request_buf, unsigned int *total_len) | ||
| { | ||
| /* BB eventually switch this to SMB2 specific small buf size */ | ||
| - switch (smb2_command) { | ||
| - case SMB2_SET_INFO: | ||
| - case SMB2_QUERY_INFO: | ||
| + if (smb2_command == SMB2_SET_INFO) | ||
| *request_buf = cifs_buf_get(); | ||
| - break; | ||
| - default: | ||
| + else | ||
| *request_buf = cifs_small_buf_get(); | ||
| - break; | ||
| - } | ||
| if (*request_buf == NULL) { | ||
| /* BB should we add a retry in here if not a writepage? */ | ||
| return -ENOMEM; | ||
| @@ -3528,13 +3523,8 @@ SMB2_query_info_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server, | ||
| struct smb2_query_info_req *req; | ||
| struct kvec *iov = rqst->rq_iov; | ||
| unsigned int total_len; | ||
| - size_t len; | ||
| int rc; | ||
|
|
||
| - if (unlikely(check_add_overflow(input_len, sizeof(*req), &len) || | ||
| - len > CIFSMaxBufSize)) | ||
| - return -EINVAL; | ||
| - | ||
| rc = smb2_plain_req_init(SMB2_QUERY_INFO, tcon, server, | ||
| (void **) &req, &total_len); | ||
| if (rc) | ||
| @@ -3556,7 +3546,7 @@ SMB2_query_info_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server, | ||
|
|
||
| iov[0].iov_base = (char *)req; | ||
| /* 1 for Buffer */ | ||
| - iov[0].iov_len = len; | ||
| + iov[0].iov_len = total_len - 1 + input_len; | ||
| return 0; | ||
| } | ||
|
|
||
| @@ -3564,7 +3554,7 @@ void | ||
| SMB2_query_info_free(struct smb_rqst *rqst) | ||
| { | ||
| if (rqst && rqst->rq_iov) | ||
| - cifs_buf_release(rqst->rq_iov[0].iov_base); /* request */ | ||
| + cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */ | ||
| } | ||
|
|
||
| static int | ||
| @@ -5449,11 +5439,6 @@ build_qfs_info_req(struct kvec *iov, struct cifs_tcon *tcon, | ||
| return 0; | ||
| } | ||
|
|
||
| -static inline void free_qfs_info_req(struct kvec *iov) | ||
| -{ | ||
| - cifs_buf_release(iov->iov_base); | ||
| -} | ||
| - | ||
| int | ||
| SMB311_posix_qfs_info(const unsigned int xid, struct cifs_tcon *tcon, | ||
| u64 persistent_fid, u64 volatile_fid, struct kstatfs *fsdata) | ||
| @@ -5485,7 +5470,7 @@ SMB311_posix_qfs_info(const unsigned int xid, struct cifs_tcon *tcon, | ||
|
|
||
| rc = cifs_send_recv(xid, ses, server, | ||
| &rqst, &resp_buftype, flags, &rsp_iov); | ||
| - free_qfs_info_req(&iov); | ||
| + cifs_small_buf_release(iov.iov_base); | ||
| if (rc) { | ||
| cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE); | ||
| goto posix_qfsinf_exit; | ||
| @@ -5536,7 +5521,7 @@ SMB2_QFS_info(const unsigned int xid, struct cifs_tcon *tcon, | ||
|
|
||
| rc = cifs_send_recv(xid, ses, server, | ||
| &rqst, &resp_buftype, flags, &rsp_iov); | ||
| - free_qfs_info_req(&iov); | ||
| + cifs_small_buf_release(iov.iov_base); | ||
| if (rc) { | ||
| cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE); | ||
| goto qfsinf_exit; | ||
| @@ -5603,7 +5588,7 @@ SMB2_QFS_attr(const unsigned int xid, struct cifs_tcon *tcon, | ||
|
|
||
| rc = cifs_send_recv(xid, ses, server, | ||
| &rqst, &resp_buftype, flags, &rsp_iov); | ||
| - free_qfs_info_req(&iov); | ||
| + cifs_small_buf_release(iov.iov_base); | ||
| if (rc) { | ||
| cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE); | ||
| goto qfsattr_exit; | ||
| -- | ||
| 2.34.1 | ||
|
|