From 1a81917b5fd9c57574c77e66876699255b10caad Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Sat, 11 Jan 2025 09:26:59 -0500 Subject: [PATCH] Fixes for 5.10 Signed-off-by: Sasha Levin --- ...afs-fix-the-maximum-cell-name-length.patch | 112 ++++++++++++++++++ queue-5.10/series | 1 + 2 files changed, 113 insertions(+) create mode 100644 queue-5.10/afs-fix-the-maximum-cell-name-length.patch diff --git a/queue-5.10/afs-fix-the-maximum-cell-name-length.patch b/queue-5.10/afs-fix-the-maximum-cell-name-length.patch new file mode 100644 index 00000000000..2ee65a7cdc1 --- /dev/null +++ b/queue-5.10/afs-fix-the-maximum-cell-name-length.patch @@ -0,0 +1,112 @@ +From 660d79146f00831e7329a5a96349820c3b52ffe6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 6 Jan 2025 16:21:00 +0000 +Subject: afs: Fix the maximum cell name length + +From: David Howells + +[ Upstream commit 8fd56ad6e7c90ac2bddb0741c6b248c8c5d56ac8 ] + +The kafs filesystem limits the maximum length of a cell to 256 bytes, but a +problem occurs if someone actually does that: kafs tries to create a +directory under /proc/net/afs/ with the name of the cell, but that fails +with a warning: + + WARNING: CPU: 0 PID: 9 at fs/proc/generic.c:405 + +because procfs limits the maximum filename length to 255. + +However, the DNS limits the maximum lookup length and, by extension, the +maximum cell name, to 255 less two (length count and trailing NUL). + +Fix this by limiting the maximum acceptable cellname length to 253. This +also allows us to be sure we can create the "/afs/./" mountpoint too. + +Further, split the YFS VL record cell name maximum to be the 256 allowed by +the protocol and ignore the record retrieved by YFSVL.GetCellName if it +exceeds 253. + +Fixes: c3e9f888263b ("afs: Implement client support for the YFSVL.GetCellName RPC op") +Reported-by: syzbot+7848fee1f1e5c53f912b@syzkaller.appspotmail.com +Closes: https://lore.kernel.org/r/6776d25d.050a0220.3a8527.0048.GAE@google.com/ +Signed-off-by: David Howells +Link: https://lore.kernel.org/r/376236.1736180460@warthog.procyon.org.uk +Tested-by: syzbot+7848fee1f1e5c53f912b@syzkaller.appspotmail.com +cc: Marc Dionne +cc: linux-afs@lists.infradead.org +Signed-off-by: Christian Brauner +Signed-off-by: Sasha Levin +--- + fs/afs/afs.h | 2 +- + fs/afs/afs_vl.h | 1 + + fs/afs/vl_alias.c | 8 ++++++-- + fs/afs/vlclient.c | 2 +- + 4 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/fs/afs/afs.h b/fs/afs/afs.h +index 432cb4b23961..3ea5f3e3c922 100644 +--- a/fs/afs/afs.h ++++ b/fs/afs/afs.h +@@ -10,7 +10,7 @@ + + #include + +-#define AFS_MAXCELLNAME 256 /* Maximum length of a cell name */ ++#define AFS_MAXCELLNAME 253 /* Maximum length of a cell name (DNS limited) */ + #define AFS_MAXVOLNAME 64 /* Maximum length of a volume name */ + #define AFS_MAXNSERVERS 8 /* Maximum servers in a basic volume record */ + #define AFS_NMAXNSERVERS 13 /* Maximum servers in a N/U-class volume record */ +diff --git a/fs/afs/afs_vl.h b/fs/afs/afs_vl.h +index 9c65ffb8a523..8da0899fbc08 100644 +--- a/fs/afs/afs_vl.h ++++ b/fs/afs/afs_vl.h +@@ -13,6 +13,7 @@ + #define AFS_VL_PORT 7003 /* volume location service port */ + #define VL_SERVICE 52 /* RxRPC service ID for the Volume Location service */ + #define YFS_VL_SERVICE 2503 /* Service ID for AuriStor upgraded VL service */ ++#define YFS_VL_MAXCELLNAME 256 /* Maximum length of a cell name in YFS protocol */ + + enum AFSVL_Operations { + VLGETENTRYBYID = 503, /* AFS Get VLDB entry by ID */ +diff --git a/fs/afs/vl_alias.c b/fs/afs/vl_alias.c +index f04a80e4f5c3..83cf1bfbe343 100644 +--- a/fs/afs/vl_alias.c ++++ b/fs/afs/vl_alias.c +@@ -302,6 +302,7 @@ static char *afs_vl_get_cell_name(struct afs_cell *cell, struct key *key) + static int yfs_check_canonical_cell_name(struct afs_cell *cell, struct key *key) + { + struct afs_cell *master; ++ size_t name_len; + char *cell_name; + + cell_name = afs_vl_get_cell_name(cell, key); +@@ -313,8 +314,11 @@ static int yfs_check_canonical_cell_name(struct afs_cell *cell, struct key *key) + return 0; + } + +- master = afs_lookup_cell(cell->net, cell_name, strlen(cell_name), +- NULL, false); ++ name_len = strlen(cell_name); ++ if (!name_len || name_len > AFS_MAXCELLNAME) ++ master = ERR_PTR(-EOPNOTSUPP); ++ else ++ master = afs_lookup_cell(cell->net, cell_name, name_len, NULL, false); + kfree(cell_name); + if (IS_ERR(master)) + return PTR_ERR(master); +diff --git a/fs/afs/vlclient.c b/fs/afs/vlclient.c +index dc9327332f06..882f0727c3cd 100644 +--- a/fs/afs/vlclient.c ++++ b/fs/afs/vlclient.c +@@ -670,7 +670,7 @@ static int afs_deliver_yfsvl_get_cell_name(struct afs_call *call) + return ret; + + namesz = ntohl(call->tmp); +- if (namesz > AFS_MAXCELLNAME) ++ if (namesz > YFS_VL_MAXCELLNAME) + return afs_protocol_error(call, afs_eproto_cellname_len); + paddedsz = (namesz + 3) & ~3; + call->count = namesz; +-- +2.39.5 + diff --git a/queue-5.10/series b/queue-5.10/series index 4840611b8c1..2ed7b06c425 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -16,3 +16,4 @@ tls-fix-tls_sw_sendmsg-error-handling.patch net-hns3-initialize-reset_timer-before-hclgevf_misc_.patch netfilter-nf_tables-imbalance-in-flowtable-binding.patch netfilter-conntrack-clamp-maximum-hashtable-size-to-.patch +afs-fix-the-maximum-cell-name-length.patch -- 2.47.2