Merge tag '4.21-smb3-small-fixes' of git://git.samba.org/sfrench/cifs-2.6

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Pull smb3 fixes from Steve French:
"Three fixes, one for stable, one adds the (most secure) SMB3.1.1
dialect to default list requested"

* tag '4.21-smb3-small-fixes' of git://git.samba.org/sfrench/cifs-2.6:
smb3: add smb3.1.1 to default dialect list
cifs: fix confusing warning message on reconnect
smb3: fix large reads on encrypted connections

Linus Torvalds 7 years ago 7e928df8 3cd6d495

+32 -16

4 changed files

expand all

cifs

connect.c

smb2ops.c

smb2pdu.c

smb2pdu.h

+1 -1

fs/cifs/connect.c

··· 483 483 cifs_sb = NULL; 484 484 } else { 485 485 rc = reconn_setup_dfs_targets(cifs_sb, &tgt_list, &tgt_it); 486 - if (rc) { 486 + if (rc && (rc != -EOPNOTSUPP)) { 487 487 cifs_dbg(VFS, "%s: no target servers for DFS failover\n", 488 488 __func__); 489 489 } else {

+3 -1

fs/cifs/smb2ops.c

··· 3472 3472 } 3473 3473 3474 3474 /* TODO: add support for compounds containing READ. */ 3475 - if (pdu_length > CIFSMaxBufSize + MAX_HEADER_SIZE(server)) 3475 + if (pdu_length > CIFSMaxBufSize + MAX_HEADER_SIZE(server)) { 3476 + *num_mids = 1; 3476 3477 return receive_encrypted_read(server, &mids[0]); 3478 + } 3477 3479 3478 3480 return receive_encrypted_standard(server, mids, bufs, num_mids); 3479 3481 }

+27 -13

fs/cifs/smb2pdu.c

··· 451 451 } 452 452 453 453 454 - /* offset is sizeof smb2_negotiate_req but rounded up to 8 bytes */ 455 - #define OFFSET_OF_NEG_CONTEXT 0x68 /* sizeof(struct smb2_negotiate_req) */ 456 - 457 - 458 454 #define SMB2_PREAUTH_INTEGRITY_CAPABILITIES cpu_to_le16(1) 459 455 #define SMB2_ENCRYPTION_CAPABILITIES cpu_to_le16(2) 460 456 #define SMB2_POSIX_EXTENSIONS_AVAILABLE cpu_to_le16(0x100) ··· 487 491 assemble_neg_contexts(struct smb2_negotiate_req *req, 488 492 unsigned int *total_len) 489 493 { 490 - char *pneg_ctxt = (char *)req + OFFSET_OF_NEG_CONTEXT; 494 + char *pneg_ctxt = (char *)req; 491 495 unsigned int ctxt_len; 492 496 493 - *total_len += 2; /* Add 2 due to round to 8 byte boundary for 1st ctxt */ 497 + if (*total_len > 200) { 498 + /* In case length corrupted don't want to overrun smb buffer */ 499 + cifs_dbg(VFS, "Bad frame length assembling neg contexts\n"); 500 + return; 501 + } 502 + 503 + /* 504 + * round up total_len of fixed part of SMB3 negotiate request to 8 505 + * byte boundary before adding negotiate contexts 506 + */ 507 + *total_len = roundup(*total_len, 8); 508 + 509 + pneg_ctxt = (*total_len) + (char *)req; 510 + req->NegotiateContextOffset = cpu_to_le32(*total_len); 511 + 494 512 build_preauth_ctxt((struct smb2_preauth_neg_context *)pneg_ctxt); 495 513 ctxt_len = DIV_ROUND_UP(sizeof(struct smb2_preauth_neg_context), 8) * 8; 496 514 *total_len += ctxt_len; ··· 518 508 build_posix_ctxt((struct smb2_posix_neg_context *)pneg_ctxt); 519 509 *total_len += sizeof(struct smb2_posix_neg_context); 520 510 521 - req->NegotiateContextOffset = cpu_to_le32(OFFSET_OF_NEG_CONTEXT); 522 511 req->NegotiateContextCount = cpu_to_le16(3); 523 512 } 524 513 ··· 733 724 req->Dialects[0] = cpu_to_le16(SMB21_PROT_ID); 734 725 req->Dialects[1] = cpu_to_le16(SMB30_PROT_ID); 735 726 req->Dialects[2] = cpu_to_le16(SMB302_PROT_ID); 736 - req->DialectCount = cpu_to_le16(3); 737 - total_len += 6; 727 + req->Dialects[3] = cpu_to_le16(SMB311_PROT_ID); 728 + req->DialectCount = cpu_to_le16(4); 729 + total_len += 8; 738 730 } else { 739 731 /* otherwise send specific dialect */ 740 732 req->Dialects[0] = cpu_to_le16(ses->server->vals->protocol_id); ··· 759 749 else { 760 750 memcpy(req->ClientGUID, server->client_guid, 761 751 SMB2_CLIENT_GUID_SIZE); 762 - if (ses->server->vals->protocol_id == SMB311_PROT_ID) 752 + if ((ses->server->vals->protocol_id == SMB311_PROT_ID) || 753 + (strcmp(ses->server->vals->version_string, 754 + SMBDEFAULT_VERSION_STRING) == 0)) 763 755 assemble_neg_contexts(req, &total_len); 764 756 } 765 757 iov[0].iov_base = (char *)req; ··· 806 794 } else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) { 807 795 /* ops set to 3.0 by default for default so update */ 808 796 ses->server->ops = &smb21_operations; 809 - } 797 + } else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) 798 + ses->server->ops = &smb311_operations; 810 799 } else if (le16_to_cpu(rsp->DialectRevision) != 811 800 ses->server->vals->protocol_id) { 812 801 /* if requested single dialect ensure returned dialect matched */ ··· 954 941 pneg_inbuf->DialectCount = cpu_to_le16(2); 955 942 /* structure is big enough for 3 dialects, sending only 2 */ 956 943 inbuflen = sizeof(*pneg_inbuf) - 957 - sizeof(pneg_inbuf->Dialects[0]); 944 + (2 * sizeof(pneg_inbuf->Dialects[0])); 958 945 } else if (strcmp(tcon->ses->server->vals->version_string, 959 946 SMBDEFAULT_VERSION_STRING) == 0) { 960 947 pneg_inbuf->Dialects[0] = cpu_to_le16(SMB21_PROT_ID); 961 948 pneg_inbuf->Dialects[1] = cpu_to_le16(SMB30_PROT_ID); 962 949 pneg_inbuf->Dialects[2] = cpu_to_le16(SMB302_PROT_ID); 963 - pneg_inbuf->DialectCount = cpu_to_le16(3); 950 + pneg_inbuf->Dialects[3] = cpu_to_le16(SMB311_PROT_ID); 951 + pneg_inbuf->DialectCount = cpu_to_le16(4); 964 952 /* structure is big enough for 3 dialects */ 965 953 inbuflen = sizeof(*pneg_inbuf); 966 954 } else {

+1 -1

fs/cifs/smb2pdu.h

··· 898 898 __u8 Guid[SMB2_CLIENT_GUID_SIZE]; 899 899 __le16 SecurityMode; 900 900 __le16 DialectCount; 901 - __le16 Dialects[3]; /* BB expand this if autonegotiate > 3 dialects */ 901 + __le16 Dialects[4]; /* BB expand this if autonegotiate > 4 dialects */ 902 902 } __packed; 903 903 904 904 struct validate_negotiate_info_rsp {