Patch "ksmbd: fix credit count leakage" has been added to the 6.3-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Wed, 07 Jun 2023 14:37:07 +0200

This is a note to let you know that I've just added the patch titled

    ksmbd: fix credit count leakage

to the 6.3-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ksmbd-fix-credit-count-leakage.patch
and it can be found in the queue-6.3 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 84c5aa47925a1f40d698b6a6a2bf67e99617433d Mon Sep 17 00:00:00 2001
From: Namjae Jeon <linkinjeon@xxxxxxxxxx>
Date: Fri, 12 May 2023 23:29:12 +0900
Subject: ksmbd: fix credit count leakage

From: Namjae Jeon <linkinjeon@xxxxxxxxxx>

commit 84c5aa47925a1f40d698b6a6a2bf67e99617433d upstream.

This patch fix the failure from smb2.credits.single_req_credits_granted
test. When client send 8192 credit request, ksmbd return 8191 credit
granted. ksmbd should give maximum possible credits that must be granted
within the range of not exceeding the max credit to client.

Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Namjae Jeon <linkinjeon@xxxxxxxxxx>
Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 fs/ksmbd/smb2pdu.c |    6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -326,13 +326,9 @@ int smb2_set_rsp_credits(struct ksmbd_wo
 	if (hdr->Command == SMB2_NEGOTIATE)
 		aux_max = 1;
 	else
-		aux_max = conn->vals->max_credits - credit_charge;
+		aux_max = conn->vals->max_credits - conn->total_credits;
 	credits_granted = min_t(unsigned short, credits_requested, aux_max);
 
-	if (conn->vals->max_credits - conn->total_credits < credits_granted)
-		credits_granted = conn->vals->max_credits -
-			conn->total_credits;
-
 	conn->total_credits += credits_granted;
 	work->credits_granted += credits_granted;
 


Patches currently in stable-queue which might be from linkinjeon@xxxxxxxxxx are

queue-6.3/ksmbd-fix-incorrect-allocationsize-set-in-smb2_get_info.patch
queue-6.3/ksmbd-fix-credit-count-leakage.patch
queue-6.3/ksmbd-fix-slab-out-of-bounds-read-in-smb2_handle_negotiate.patch
queue-6.3/ksmbd-fix-multiple-out-of-bounds-read-during-context-decoding.patch
queue-6.3/ksmbd-fix-uaf-issue-from-opinfo-conn.patch






