An error occurred fetching the project authors.
  1. 05 Oct, 2019 1 commit
  2. 21 Sep, 2019 2 commits
  3. 16 Sep, 2019 1 commit
  4. 06 Aug, 2019 1 commit
  5. 05 Apr, 2019 1 commit
    • Yao Liu's avatar
      cifs: Fix NULL pointer dereference of devname · 36a3219e
      Yao Liu authored
      [ Upstream commit 68e2672f ]
      
      There is a NULL pointer dereference of devname in strspn()
      
      The oops looks something like:
      
        CIFS: Attempting to mount (null)
        BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
        ...
        RIP: 0010:strspn+0x0/0x50
        ...
        Call Trace:
         ? cifs_parse_mount_options+0x222/0x1710 [cifs]
         ? cifs_get_volume_info+0x2f/0x80 [cifs]
         cifs_setup_volume_info+0x20/0x190 [cifs]
         cifs_get_volume_info+0x50/0x80 [cifs]
         cifs_smb3_do_mount+0x59/0x630 [cifs]
         ? ida_alloc_range+0x34b/0x3d0
         cifs_do_mount+0x11/0x20 [cifs]
         mount_fs+0x52/0x170
         vfs_kern_mount+0x6b/0x170
         do_mount+0x216/0xdc0
         ksys_mount+0x83/0xd0
         __x64_sys_mount+0x25/0x30
         do_syscall_64+0x65/0x220
         entry_SYSCALL_64_after_hwframe+0x49/0xbe
      
      Fix this by adding a NULL check on devname in cifs_parse_devname()
      Signed-off-by: default avatarYao Liu <yotta.liu@ucloud.cn>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      36a3219e
  6. 06 Feb, 2019 1 commit
  7. 31 Jan, 2019 1 commit
  8. 02 Oct, 2018 2 commits
  9. 03 Sep, 2018 1 commit
  10. 10 Aug, 2018 1 commit
  11. 07 Aug, 2018 4 commits
  12. 05 Jul, 2018 1 commit
    • Lars Persson's avatar
      cifs: Fix use after free of a mid_q_entry · 696e420b
      Lars Persson authored
      With protocol version 2.0 mounts we have seen crashes with corrupt mid
      entries. Either the server->pending_mid_q list becomes corrupt with a
      cyclic reference in one element or a mid object fetched by the
      demultiplexer thread becomes overwritten during use.
      
      Code review identified a race between the demultiplexer thread and the
      request issuing thread. The demultiplexer thread seems to be written
      with the assumption that it is the sole user of the mid object until
      it calls the mid callback which either wakes the issuer task or
      deletes the mid.
      
      This assumption is not true because the issuer task can be woken up
      earlier by a signal. If the demultiplexer thread has proceeded as far
      as setting the mid_state to MID_RESPONSE_RECEIVED then the issuer
      thread will happily end up calling cifs_delete_mid while the
      demultiplexer thread still is using the mid object.
      
      Inserting a delay in the cifs demultiplexer thread widens the race
      window and makes reproduction of the race very easy:
      
      		if (server->large_buf)
      			buf = server->bigbuf;
      
      +		usleep_range(500, 4000);
      
      		server->lstrp = jiffies;
      
      To resolve this I think the proper solution involves putting a
      reference count on the mid object. This patch makes sure that the
      demultiplexer thread holds a reference until it has finished
      processing the transaction.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarLars Persson <larper@axis.com>
      Acked-by: default avatarPaulo Alcantara <palcantara@suse.de>
      Reviewed-by: default avatarRonnie Sahlberg <lsahlber@redhat.com>
      Reviewed-by: default avatarPavel Shilovsky <pshilov@microsoft.com>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      696e420b
  13. 15 Jun, 2018 2 commits
  14. 07 Jun, 2018 2 commits
  15. 02 Jun, 2018 2 commits
  16. 01 Jun, 2018 2 commits
  17. 30 May, 2018 2 commits
    • Steve French's avatar
      smb3: allow "posix" mount option to enable new SMB311 protocol extensions · b326614e
      Steve French authored
      If "posix" (or synonym "unix" for backward compatibility) specified on mount,
      and server advertises support for SMB3.11 POSIX negotiate context, then
      enable the new posix extensions on the tcon.  This can be viewed by
      looking for "posix" in the mount options displayed by /proc/mounts
      for that mount (ie if posix extensions allowed by server and the
      experimental POSIX extensions also requested on the mount by specifying
      "posix" at mount time).
      
      Also add check to warn user if conflicting unix/nounix or posix/noposix specified
      on mount.
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      b326614e
    • Steve French's avatar
      cifs: allow disabling less secure legacy dialects · f92a720e
      Steve French authored
      To improve security it may be helpful to have additional ways to restrict the
      ability to override the default dialects (SMB2.1, SMB3 and SMB3.02) on mount
      with old dialects (CIFS/SMB1 and SMB2) since vers=1.0 (CIFS/SMB1) and vers=2.0
      are weaker and less secure.
      
      Add a module parameter "disable_legacy_dialects"
      (/sys/module/cifs/parameters/disable_legacy_dialects) which can be set to
      1 (or equivalently Y) to forbid use of vers=1.0 or vers=2.0 on mount.
      
      Also cleans up a few build warnings about globals for various module parms.
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      f92a720e
  18. 27 May, 2018 2 commits
    • Steve French's avatar
      cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled · 71992e62
      Steve French authored
      Previous patches "cifs: update calc_size to take a server argument"
      and
        "cifs: add server argument to the dump_detail method"
      were broken if CONFIG_CIFS_DEBUG2 enabled
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      CC: Ronnie Sahlberg <lsahlber@redhat.com>
      71992e62
    • Steve French's avatar
      smb3: fix redundant opens on root · 3d4ef9a1
      Steve French authored
      In SMB2/SMB3 unlike in cifs we unnecessarily open the root of the share
      over and over again in various places during mount and path revalidation
      and also in statfs.  This patch cuts redundant traffic (opens and closes)
      by simply keeping the directory handle for the root around (and reopening
      it as needed on reconnect), so query calls don't require three round
      trips to copmlete - just one, and eases load on network, client and
      server (on mount alone, cuts network traffic by more than a third).
      
      Also add a new cifs mount parm "nohandlecache" to allow users whose
      servers might have resource constraints (eg in case they have a server
      with so many users connecting to it that this extra handle per mount
      could possibly be a resource concern).
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      Reviewed-by: default avatarRonnie Sahlberg <lsahlber@redhat.com>
      3d4ef9a1
  19. 09 May, 2018 1 commit
  20. 24 Apr, 2018 1 commit
  21. 13 Apr, 2018 1 commit
  22. 12 Apr, 2018 1 commit
  23. 02 Apr, 2018 2 commits
  24. 26 Jan, 2018 3 commits
  25. 25 Jan, 2018 2 commits