two fixes for stable, and two small cleanup fixes
-----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmcSdmYACgkQiiy9cAdy T1EnnAwAoNbY+odLB9atHIuaBftpyINrhzRrzpwTfYNtPKUPGxxGk2fiP29YqMLb OF4jnC87E3P/xhydoZHXXe3kKBQFVMAkJZKHiZBvJd+brk/EadfQnNmIio1pwOGh zFNxSujFtsM/1HU/ZoI2kaHzrqj5KxWKWFytZ6umd8C3NyKK9Lo/lcqUBKv8MpJy XXkMBh+7HGKRfDQlU+n6NQ5+dqFL5xDjTXlm9dM8LXuInKy5oKTGnRhLA7OA8lt7 EenFo8joy0IpXUByHt+ksQ8P88NCnU2h9kGp1UrGrBPh90+MokRr9GAcH8twK8jt /bpL4yzAwuk1TAg+L9mSLT2OtWYsDpsQZmsBMbxBZGr2qmtjwgbxSgjf6DNiJZgn jz15nFsuEsU5AbX4EAE67fwRWAo9AmQFyOOcYgkiIWOFHaRU6D/2NzCxCDZ+mfpy Z5f7dF/sA158iY4wmB5BrQpFamxzpLADz6Qy4NA9hXjEKsbyFAuf22EjE64ruxZ4 8nMB3buh =peum -----END PGP SIGNATURE----- Merge tag 'v6.12-rc3-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 Pull smb client fixes from Steve French: - Fix possible double free setting xattrs - Fix slab out of bounds with large ioctl payload - Remove three unused functions, and an unused variable that could be confusing * tag 'v6.12-rc3-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6: cifs: Remove unused functions smb/client: Fix logically dead code smb: client: fix OOBs when building SMB2_IOCTL request smb: client: fix possible double free in smb2_set_ea()
This commit is contained in:
commit
b04ae0f451
@ -252,10 +252,6 @@ extern int cifs_read_from_socket(struct TCP_Server_Info *server, char *buf,
|
||||
unsigned int to_read);
|
||||
extern ssize_t cifs_discard_from_socket(struct TCP_Server_Info *server,
|
||||
size_t to_read);
|
||||
extern int cifs_read_page_from_socket(struct TCP_Server_Info *server,
|
||||
struct page *page,
|
||||
unsigned int page_offset,
|
||||
unsigned int to_read);
|
||||
int cifs_read_iter_from_socket(struct TCP_Server_Info *server,
|
||||
struct iov_iter *iter,
|
||||
unsigned int to_read);
|
||||
@ -623,8 +619,6 @@ enum securityEnum cifs_select_sectype(struct TCP_Server_Info *,
|
||||
int cifs_alloc_hash(const char *name, struct shash_desc **sdesc);
|
||||
void cifs_free_hash(struct shash_desc **sdesc);
|
||||
|
||||
struct cifs_chan *
|
||||
cifs_ses_find_chan(struct cifs_ses *ses, struct TCP_Server_Info *server);
|
||||
int cifs_try_adding_channels(struct cifs_ses *ses);
|
||||
bool is_server_using_iface(struct TCP_Server_Info *server,
|
||||
struct cifs_server_iface *iface);
|
||||
@ -640,9 +634,6 @@ cifs_chan_set_in_reconnect(struct cifs_ses *ses,
|
||||
void
|
||||
cifs_chan_clear_in_reconnect(struct cifs_ses *ses,
|
||||
struct TCP_Server_Info *server);
|
||||
bool
|
||||
cifs_chan_in_reconnect(struct cifs_ses *ses,
|
||||
struct TCP_Server_Info *server);
|
||||
void
|
||||
cifs_chan_set_need_reconnect(struct cifs_ses *ses,
|
||||
struct TCP_Server_Info *server);
|
||||
|
@ -166,7 +166,6 @@ static int collect_sample(const struct iov_iter *iter, ssize_t max, u8 *sample)
|
||||
loff_t start = iter->xarray_start + iter->iov_offset;
|
||||
pgoff_t last, index = start / PAGE_SIZE;
|
||||
size_t len, off, foff;
|
||||
ssize_t ret = 0;
|
||||
void *p;
|
||||
int s = 0;
|
||||
|
||||
@ -193,9 +192,6 @@ static int collect_sample(const struct iov_iter *iter, ssize_t max, u8 *sample)
|
||||
memcpy(&sample[s], p, len2);
|
||||
kunmap_local(p);
|
||||
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
|
||||
s += len2;
|
||||
|
||||
if (len2 < SZ_2K || s >= max - SZ_2K)
|
||||
|
@ -794,18 +794,6 @@ cifs_discard_from_socket(struct TCP_Server_Info *server, size_t to_read)
|
||||
return cifs_readv_from_socket(server, &smb_msg);
|
||||
}
|
||||
|
||||
int
|
||||
cifs_read_page_from_socket(struct TCP_Server_Info *server, struct page *page,
|
||||
unsigned int page_offset, unsigned int to_read)
|
||||
{
|
||||
struct msghdr smb_msg = {};
|
||||
struct bio_vec bv;
|
||||
|
||||
bvec_set_page(&bv, page, to_read, page_offset);
|
||||
iov_iter_bvec(&smb_msg.msg_iter, ITER_DEST, &bv, 1, to_read);
|
||||
return cifs_readv_from_socket(server, &smb_msg);
|
||||
}
|
||||
|
||||
int
|
||||
cifs_read_iter_from_socket(struct TCP_Server_Info *server, struct iov_iter *iter,
|
||||
unsigned int to_read)
|
||||
|
@ -115,18 +115,6 @@ cifs_chan_clear_in_reconnect(struct cifs_ses *ses,
|
||||
ses->chans[chan_index].in_reconnect = false;
|
||||
}
|
||||
|
||||
bool
|
||||
cifs_chan_in_reconnect(struct cifs_ses *ses,
|
||||
struct TCP_Server_Info *server)
|
||||
{
|
||||
unsigned int chan_index = cifs_ses_get_chan_index(ses, server);
|
||||
|
||||
if (chan_index == CIFS_INVAL_CHAN_INDEX)
|
||||
return true; /* err on the safer side */
|
||||
|
||||
return CIFS_CHAN_IN_RECONNECT(ses, chan_index);
|
||||
}
|
||||
|
||||
void
|
||||
cifs_chan_set_need_reconnect(struct cifs_ses *ses,
|
||||
struct TCP_Server_Info *server)
|
||||
@ -487,26 +475,6 @@ cifs_chan_update_iface(struct cifs_ses *ses, struct TCP_Server_Info *server)
|
||||
spin_unlock(&ses->chan_lock);
|
||||
}
|
||||
|
||||
/*
|
||||
* If server is a channel of ses, return the corresponding enclosing
|
||||
* cifs_chan otherwise return NULL.
|
||||
*/
|
||||
struct cifs_chan *
|
||||
cifs_ses_find_chan(struct cifs_ses *ses, struct TCP_Server_Info *server)
|
||||
{
|
||||
int i;
|
||||
|
||||
spin_lock(&ses->chan_lock);
|
||||
for (i = 0; i < ses->chan_count; i++) {
|
||||
if (ses->chans[i].server == server) {
|
||||
spin_unlock(&ses->chan_lock);
|
||||
return &ses->chans[i];
|
||||
}
|
||||
}
|
||||
spin_unlock(&ses->chan_lock);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static int
|
||||
cifs_ses_add_channel(struct cifs_ses *ses,
|
||||
struct cifs_server_iface *iface)
|
||||
|
@ -1158,7 +1158,7 @@ smb2_set_ea(const unsigned int xid, struct cifs_tcon *tcon,
|
||||
struct cifs_fid fid;
|
||||
unsigned int size[1];
|
||||
void *data[1];
|
||||
struct smb2_file_full_ea_info *ea = NULL;
|
||||
struct smb2_file_full_ea_info *ea;
|
||||
struct smb2_query_info_rsp *rsp;
|
||||
int rc, used_len = 0;
|
||||
int retries = 0, cur_sleep = 1;
|
||||
@ -1179,6 +1179,7 @@ replay_again:
|
||||
if (!utf16_path)
|
||||
return -ENOMEM;
|
||||
|
||||
ea = NULL;
|
||||
resp_buftype[0] = resp_buftype[1] = resp_buftype[2] = CIFS_NO_BUFFER;
|
||||
vars = kzalloc(sizeof(*vars), GFP_KERNEL);
|
||||
if (!vars) {
|
||||
|
@ -3313,6 +3313,15 @@ SMB2_ioctl_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server,
|
||||
return rc;
|
||||
|
||||
if (indatalen) {
|
||||
unsigned int len;
|
||||
|
||||
if (WARN_ON_ONCE(smb3_encryption_required(tcon) &&
|
||||
(check_add_overflow(total_len - 1,
|
||||
ALIGN(indatalen, 8), &len) ||
|
||||
len > MAX_CIFS_SMALL_BUFFER_SIZE))) {
|
||||
cifs_small_buf_release(req);
|
||||
return -EIO;
|
||||
}
|
||||
/*
|
||||
* indatalen is usually small at a couple of bytes max, so
|
||||
* just allocate through generic pool
|
||||
|
Loading…
Reference in New Issue
Block a user