Merge pull request torvalds#62 from namjaejeon/cifsd-for-next

ksmbd-fixes

fs/ksmbd/connection.h

@@ -109,6 +109,8 @@ struct ksmbd_conn {
 	__le16				cipher_type;
 	__le16				compress_algorithm;
 	bool				posix_ext_supported;
+	bool				signing_negotiated;
+	__le16				signing_algorithm;
 	bool				binding;
 };
 

fs/ksmbd/ndr.c

@@ -65,13 +65,15 @@ static int ndr_write_bytes(struct ndr *n, void *value, size_t sz)
 	return 0;
 }
 
-static int ndr_write_string(struct ndr *n, void *value, size_t sz)
+static int ndr_write_string(struct ndr *n, char *value)
 {
+	size_t sz;
+
+	sz = strlen(value) + 1;
 	if (n->length <= n->offset + sz)
 		try_to_realloc_ndr_blob(n, sz);
 
-	strncpy(ndr_get_field(n), value, sz);
-	sz++;
+	memcpy(ndr_get_field(n), value, sz);
 	n->offset += sz;
 	n->offset = ALIGN(n->offset, 2);
 	return 0;
@@ -134,9 +136,9 @@ int ndr_encode_dos_attr(struct ndr *n, struct xattr_dos_attrib *da)
 
 	if (da->version == 3) {
 		snprintf(hex_attr, 10, "0x%x", da->attr);
-		ndr_write_string(n, hex_attr, strlen(hex_attr));
+		ndr_write_string(n, hex_attr);
 	} else {
-		ndr_write_string(n, "", strlen(""));
+		ndr_write_string(n, "");
 	}
 	ndr_write_int16(n, da->version);
 	ndr_write_int32(n, da->version);

fs/ksmbd/server.c

@@ -101,8 +101,8 @@ static inline int check_conn_state(struct ksmbd_work *work)
 	return 0;
 }
 
-#define TCP_HANDLER_CONTINUE	0
-#define TCP_HANDLER_ABORT	1
+#define SERVER_HANDLER_CONTINUE		0
+#define SERVER_HANDLER_ABORT		1
 
 static int __process_request(struct ksmbd_work *work, struct ksmbd_conn *conn,
 			     u16 *cmd)
@@ -112,32 +112,32 @@ static int __process_request(struct ksmbd_work *work, struct ksmbd_conn *conn,
 	int ret;
 
 	if (check_conn_state(work))
-		return TCP_HANDLER_CONTINUE;
+		return SERVER_HANDLER_CONTINUE;
 
 	if (ksmbd_verify_smb_message(work))
-		return TCP_HANDLER_ABORT;
+		return SERVER_HANDLER_ABORT;
 
 	command = conn->ops->get_cmd_val(work);
 	*cmd = command;
 
 andx_again:
 	if (command >= conn->max_cmds) {
 		conn->ops->set_rsp_status(work, STATUS_INVALID_PARAMETER);
-		return TCP_HANDLER_CONTINUE;
+		return SERVER_HANDLER_CONTINUE;
 	}
 
 	cmds = &conn->cmds[command];
 	if (!cmds->proc) {
 		ksmbd_debug(SMB, "*** not implemented yet cmd = %x\n", command);
 		conn->ops->set_rsp_status(work, STATUS_NOT_IMPLEMENTED);
-		return TCP_HANDLER_CONTINUE;
+		return SERVER_HANDLER_CONTINUE;
 	}
 
 	if (work->sess && conn->ops->is_sign_req(work, command)) {
 		ret = conn->ops->check_sign_req(work);
 		if (!ret) {
 			conn->ops->set_rsp_status(work, STATUS_ACCESS_DENIED);
-			return TCP_HANDLER_CONTINUE;
+			return SERVER_HANDLER_CONTINUE;
 		}
 	}
 
@@ -153,8 +153,8 @@ static int __process_request(struct ksmbd_work *work, struct ksmbd_conn *conn,
 	}
 
 	if (work->send_no_response)
-		return TCP_HANDLER_ABORT;
-	return TCP_HANDLER_CONTINUE;
+		return SERVER_HANDLER_ABORT;
+	return SERVER_HANDLER_CONTINUE;
 }
 
 static void __handle_ksmbd_work(struct ksmbd_work *work,
@@ -203,7 +203,7 @@ static void __handle_ksmbd_work(struct ksmbd_work *work,
 
 	do {
 		rc = __process_request(work, conn, &command);
-		if (rc == TCP_HANDLER_ABORT)
+		if (rc == SERVER_HANDLER_ABORT)
 			break;
 
 		/*

fs/ksmbd/smb2misc.c

@@ -385,6 +385,12 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work)
 		}
 	}
 
+	if ((work->conn->vals->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU) &&
+	    smb2_validate_credit_charge(hdr)) {
+		work->conn->ops->set_rsp_status(work, STATUS_INVALID_PARAMETER);
+		return 1;
+	}
+
 	clc_len = smb2_calc_size(hdr);
 	if (len != clc_len) {
 		/* server can return one byte more due to implied bcc[0] */
@@ -423,8 +429,7 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work)
 		return 1;
 	}
 
-	return work->conn->vals->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU ?
-		smb2_validate_credit_charge(hdr) : 0;
+	return 0;
 }
 
 int smb2_negotiate_request(struct ksmbd_work *work)

fs/ksmbd/smb2ops.c

@@ -204,6 +204,7 @@ void init_smb2_1_server(struct ksmbd_conn *conn)
 	conn->cmds = smb2_0_server_cmds;
 	conn->max_cmds = ARRAY_SIZE(smb2_0_server_cmds);
 	conn->max_credits = SMB2_MAX_CREDITS;
+	conn->signing_algorithm = SIGNING_ALG_HMAC_SHA256;
 
 	if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_LEASES)
 		conn->vals->capabilities |= SMB2_GLOBAL_CAP_LEASING;
@@ -221,6 +222,7 @@ void init_smb3_0_server(struct ksmbd_conn *conn)
 	conn->cmds = smb2_0_server_cmds;
 	conn->max_cmds = ARRAY_SIZE(smb2_0_server_cmds);
 	conn->max_credits = SMB2_MAX_CREDITS;
+	conn->signing_algorithm = SIGNING_ALG_AES_CMAC;
 
 	if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_LEASES)
 		conn->vals->capabilities |= SMB2_GLOBAL_CAP_LEASING;
@@ -245,6 +247,7 @@ void init_smb3_02_server(struct ksmbd_conn *conn)
 	conn->cmds = smb2_0_server_cmds;
 	conn->max_cmds = ARRAY_SIZE(smb2_0_server_cmds);
 	conn->max_credits = SMB2_MAX_CREDITS;
+	conn->signing_algorithm = SIGNING_ALG_AES_CMAC;
 
 	if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_LEASES)
 		conn->vals->capabilities |= SMB2_GLOBAL_CAP_LEASING;
@@ -269,6 +272,7 @@ int init_smb3_11_server(struct ksmbd_conn *conn)
 	conn->cmds = smb2_0_server_cmds;
 	conn->max_cmds = ARRAY_SIZE(smb2_0_server_cmds);
 	conn->max_credits = SMB2_MAX_CREDITS;
+	conn->signing_algorithm = SIGNING_ALG_AES_CMAC;
 
 	if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_LEASES)
 		conn->vals->capabilities |= SMB2_GLOBAL_CAP_LEASING;