On Mon, Jan 08, 2024 at 12:18:26PM +0100, Jan Čermák wrote: > Hi, > > I confirm Leonardo's findings about 6.1.70 introducing this regression, this > issue manifested in Home Assistant OS [1] which was recently bumped to that > version. I bisected the issue between 6.1.69 and 6.1.70 which pointed me to > this bad commit: > > ---- > commit bef4315f19ba6f434054f58b958c0cf058c7a43f (refs/bisect/bad) > Author: Paulo Alcantara <pc@xxxxxxxxxxxxx> > Date: Wed Dec 13 12:25:57 2023 -0300 > > smb: client: fix OOB in SMB2_query_info_init() > > commit 33eae65c6f49770fec7a662935d4eb4a6406d24b upstream. > > A small CIFS buffer (448 bytes) isn't big enough to hold > SMB2_QUERY_INFO request along with user's input data from > CIFS_QUERY_INFO ioctl. That is, if the user passed an input buffer > > 344 bytes, the client will memcpy() off the end of @req->Buffer in > SMB2_query_info_init() thus causing the following KASAN splat: > > (snip...) > ---- > > Reverting this change on 6.1.y makes the error go away. That's interesting, there's a different cifs report that says a different commit was the issue: https://lore.kernel.org/r/ZZhrpNJ3zxMR8wcU@xxxxxxxxxxx is that the same as this one? thanks, greg k-h
