6.1-stable patches

added patches:
	ksmbd-discard-write-access-to-the-directory-open.patch

diff --git a/queue-6.1/ksmbd-discard-write-access-to-the-directory-open.patch b/queue-6.1/ksmbd-discard-write-access-to-the-directory-open.patch
new file mode 100644 (file)
index 0000000..02c0b9f
--- /dev/null
+++ b/queue-6.1/ksmbd-discard-write-access-to-the-directory-open.patch
@@ -0,0 +1,80 @@
+From e2e33caa5dc2eae7bddf88b22ce11ec3d760e5cd Mon Sep 17 00:00:00 2001
+From: Hobin Woo <hobin.woo@samsung.com>
+Date: Fri, 5 Jul 2024 12:27:25 +0900
+Subject: ksmbd: discard write access to the directory open
+
+From: Hobin Woo <hobin.woo@samsung.com>
+
+commit e2e33caa5dc2eae7bddf88b22ce11ec3d760e5cd upstream.
+
+may_open() does not allow a directory to be opened with the write access.
+However, some writing flags set by client result in adding write access
+on server, making ksmbd incompatible with FUSE file system. Simply, let's
+discard the write access when opening a directory.
+
+list_add corruption. next is NULL.
+------------[ cut here ]------------
+kernel BUG at lib/list_debug.c:26!
+pc : __list_add_valid+0x88/0xbc
+lr : __list_add_valid+0x88/0xbc
+Call trace:
+__list_add_valid+0x88/0xbc
+fuse_finish_open+0x11c/0x170
+fuse_open_common+0x284/0x5e8
+fuse_dir_open+0x14/0x24
+do_dentry_open+0x2a4/0x4e0
+dentry_open+0x50/0x80
+smb2_open+0xbe4/0x15a4
+handle_ksmbd_work+0x478/0x5ec
+process_one_work+0x1b4/0x448
+worker_thread+0x25c/0x430
+kthread+0x104/0x1d4
+ret_from_fork+0x10/0x20
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Yoonho Shin <yoonho.shin@samsung.com>
+Signed-off-by: Hobin Woo <hobin.woo@samsung.com>
+Acked-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/server/smb2pdu.c |   13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+--- a/fs/smb/server/smb2pdu.c
++++ b/fs/smb/server/smb2pdu.c
+@@ -2062,15 +2062,22 @@ out_err1:
+  * @access:           file access flags
+  * @disposition:      file disposition flags
+  * @may_flags:                set with MAY_ flags
++ * @is_dir:           is creating open flags for directory
+  *
+  * Return:      file open flags
+  */
+ static int smb2_create_open_flags(bool file_present, __le32 access,
+                                 __le32 disposition,
+-                                int *may_flags)
++                                int *may_flags,
++                                bool is_dir)
+ {
+       int oflags = O_NONBLOCK | O_LARGEFILE;
+ 
++      if (is_dir) {
++              access &= ~FILE_WRITE_DESIRE_ACCESS_LE;
++              ksmbd_debug(SMB, "Discard write access to a directory\n");
++      }
++
+       if (access & FILE_READ_DESIRED_ACCESS_LE &&
+           access & FILE_WRITE_DESIRE_ACCESS_LE) {
+               oflags |= O_RDWR;
+@@ -2983,7 +2990,9 @@ int smb2_open(struct ksmbd_work *work)
+ 
+       open_flags = smb2_create_open_flags(file_present, daccess,
+                                           req->CreateDisposition,
+-                                          &may_flags);
++                                          &may_flags,
++              req->CreateOptions & FILE_DIRECTORY_FILE_LE ||
++              (file_present && S_ISDIR(d_inode(path.dentry)->i_mode)));
+ 
+       if (!test_tree_conn_flag(tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) {
+               if (open_flags & (O_CREAT | O_TRUNC)) {

diff --git a/queue-6.1/series b/queue-6.1/series
index 1ee8b2c992f86b3d4f460a78d7c9a9d25186b47d..235abac03d0141554ed21ab2b1ea480ff8752d84 100644 (file)
--- a/queue-6.1/series
+++ b/queue-6.1/series
@@ -59,3 +59,4 @@ usb-gadget-configfs-prevent-oob-read-write-in-usb_string_copy.patch
 usb-core-fix-duplicate-endpoint-bug-by-clearing-reserved-bits-in-the-descriptor.patch
 hpet-support-32-bit-userspace.patch
 xhci-always-resume-roothubs-if-xhc-was-reset-during-resume.patch
+ksmbd-discard-write-access-to-the-directory-open.patch