git.ipfire.org Git - thirdparty/kernel/stable-queue.git/blob

   1 From ebf57440ec59a36e1fc5fe91e31d66ae0d1662d0 Mon Sep 17 00:00:00 2001
   2 From: Namjae Jeon <namjae.jeon@samsung.com>
   3 Date: Thu, 11 Jun 2020 11:21:19 +0900
   4 Subject: smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl
   5
   6 From: Namjae Jeon <namjae.jeon@samsung.com>
   7
   8 commit ebf57440ec59a36e1fc5fe91e31d66ae0d1662d0 upstream.
   9
  10 Some of tests in xfstests failed with cifsd kernel server since commit
  11 e80ddeb2f70e. cifsd kernel server validates credit charge from client
  12 by calculating it base on max((InputCount + OutputCount) and
  13 (MaxInputResponse + MaxOutputResponse)) according to specification.
  14
  15 MS-SMB2 specification describe credit charge calculation of smb2 ioctl :
  16
  17 If Connection.SupportsMultiCredit is TRUE, the server MUST validate
  18 CreditCharge based on the maximum of (InputCount + OutputCount) and
  19 (MaxInputResponse + MaxOutputResponse), as specified in section 3.3.5.2.5.
  20 If the validation fails, it MUST fail the IOCTL request with
  21 STATUS_INVALID_PARAMETER.
  22
  23 This patch add indatalen that can be a non-zero value to calculation of
  24 credit charge in SMB2_ioctl_init().
  25
  26 Fixes: e80ddeb2f70e ("smb3: fix incorrect number of credits when ioctl
  27 MaxOutputResponse > 64K")
  28 Cc: Stable <stable@vger.kernel.org>
  29 Reviewed-by: Aurelien Aptel <aaptel@suse.com>
  30 Cc: Steve French <smfrench@gmail.com>
  31 Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
  32 Signed-off-by: Steve French <stfrench@microsoft.com>
  33 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  34
  35 ---
  36  fs/cifs/smb2pdu.c |    4 +++-
  37  1 file changed, 3 insertions(+), 1 deletion(-)
  38
  39 --- a/fs/cifs/smb2pdu.c
  40 +++ b/fs/cifs/smb2pdu.c
  41 @@ -2868,7 +2868,9 @@ SMB2_ioctl_init(struct cifs_tcon *tcon,
  42          * response size smaller.
  43          */
  44         req->MaxOutputResponse = cpu_to_le32(max_response_size);
  45 -       req->sync_hdr.CreditCharge = cpu_to_le16(DIV_ROUND_UP(max_response_size, SMB2_MAX_BUFFER_SIZE));
  46 +       req->sync_hdr.CreditCharge =
  47 +               cpu_to_le16(DIV_ROUND_UP(max(indatalen, max_response_size),
  48 +                                        SMB2_MAX_BUFFER_SIZE));
  49         if (is_fsctl)
  50                 req->Flags = cpu_to_le32(SMB2_0_IOCTL_IS_FSCTL);
  51         else