From: Greg Kroah-Hartman Date: Mon, 15 Jul 2024 09:38:46 +0000 (+0200) Subject: 6.1-stable patches X-Git-Tag: v4.19.318~60 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=80363d7cf78bd9134bc0a1f463e3be996e963e13;p=thirdparty%2Fkernel%2Fstable-queue.git 6.1-stable patches added patches: ksmbd-discard-write-access-to-the-directory-open.patch --- diff --git a/queue-6.1/ksmbd-discard-write-access-to-the-directory-open.patch b/queue-6.1/ksmbd-discard-write-access-to-the-directory-open.patch new file mode 100644 index 00000000000..02c0b9fc496 --- /dev/null +++ b/queue-6.1/ksmbd-discard-write-access-to-the-directory-open.patch @@ -0,0 +1,80 @@ +From e2e33caa5dc2eae7bddf88b22ce11ec3d760e5cd Mon Sep 17 00:00:00 2001 +From: Hobin Woo +Date: Fri, 5 Jul 2024 12:27:25 +0900 +Subject: ksmbd: discard write access to the directory open + +From: Hobin Woo + +commit e2e33caa5dc2eae7bddf88b22ce11ec3d760e5cd upstream. + +may_open() does not allow a directory to be opened with the write access. +However, some writing flags set by client result in adding write access +on server, making ksmbd incompatible with FUSE file system. Simply, let's +discard the write access when opening a directory. + +list_add corruption. next is NULL. +------------[ cut here ]------------ +kernel BUG at lib/list_debug.c:26! +pc : __list_add_valid+0x88/0xbc +lr : __list_add_valid+0x88/0xbc +Call trace: +__list_add_valid+0x88/0xbc +fuse_finish_open+0x11c/0x170 +fuse_open_common+0x284/0x5e8 +fuse_dir_open+0x14/0x24 +do_dentry_open+0x2a4/0x4e0 +dentry_open+0x50/0x80 +smb2_open+0xbe4/0x15a4 +handle_ksmbd_work+0x478/0x5ec +process_one_work+0x1b4/0x448 +worker_thread+0x25c/0x430 +kthread+0x104/0x1d4 +ret_from_fork+0x10/0x20 + +Cc: stable@vger.kernel.org +Signed-off-by: Yoonho Shin +Signed-off-by: Hobin Woo +Acked-by: Namjae Jeon +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/smb/server/smb2pdu.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +--- a/fs/smb/server/smb2pdu.c ++++ b/fs/smb/server/smb2pdu.c +@@ -2062,15 +2062,22 @@ out_err1: + * @access: file access flags + * @disposition: file disposition flags + * @may_flags: set with MAY_ flags ++ * @is_dir: is creating open flags for directory + * + * Return: file open flags + */ + static int smb2_create_open_flags(bool file_present, __le32 access, + __le32 disposition, +- int *may_flags) ++ int *may_flags, ++ bool is_dir) + { + int oflags = O_NONBLOCK | O_LARGEFILE; + ++ if (is_dir) { ++ access &= ~FILE_WRITE_DESIRE_ACCESS_LE; ++ ksmbd_debug(SMB, "Discard write access to a directory\n"); ++ } ++ + if (access & FILE_READ_DESIRED_ACCESS_LE && + access & FILE_WRITE_DESIRE_ACCESS_LE) { + oflags |= O_RDWR; +@@ -2983,7 +2990,9 @@ int smb2_open(struct ksmbd_work *work) + + open_flags = smb2_create_open_flags(file_present, daccess, + req->CreateDisposition, +- &may_flags); ++ &may_flags, ++ req->CreateOptions & FILE_DIRECTORY_FILE_LE || ++ (file_present && S_ISDIR(d_inode(path.dentry)->i_mode))); + + if (!test_tree_conn_flag(tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { + if (open_flags & (O_CREAT | O_TRUNC)) { diff --git a/queue-6.1/series b/queue-6.1/series index 1ee8b2c992f..235abac03d0 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -59,3 +59,4 @@ usb-gadget-configfs-prevent-oob-read-write-in-usb_string_copy.patch usb-core-fix-duplicate-endpoint-bug-by-clearing-reserved-bits-in-the-descriptor.patch hpet-support-32-bit-userspace.patch xhci-always-resume-roothubs-if-xhc-was-reset-during-resume.patch +ksmbd-discard-write-access-to-the-directory-open.patch