Patch "smb: client: handle DFS tcons in cifs_construct_tcon()" has been added to the 6.6-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    smb: client: handle DFS tcons in cifs_construct_tcon()

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     smb-client-handle-dfs-tcons-in-cifs_construct_tcon.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 4a5ba0e0bfe552ac7451f57e304f6343c3d87f89 Mon Sep 17 00:00:00 2001
From: Paulo Alcantara <pc@xxxxxxxxxxxxx>
Date: Mon, 1 Apr 2024 22:44:08 -0300
Subject: smb: client: handle DFS tcons in cifs_construct_tcon()

From: Paulo Alcantara <pc@xxxxxxxxxxxxx>

commit 4a5ba0e0bfe552ac7451f57e304f6343c3d87f89 upstream.

The tcons created by cifs_construct_tcon() on multiuser mounts must
also be able to failover and refresh DFS referrals, so set the
appropriate fields in order to get a full DFS tcon.  They could be
shared among different superblocks later, too.

Cc: stable@xxxxxxxxxxxxxxx # 6.4+
Reported-by: kernel test robot <lkp@xxxxxxxxx>
Closes: https://lore.kernel.org/oe-kbuild-all/202404021518.3Xu2VU4s-lkp@xxxxxxxxx/
Signed-off-by: Paulo Alcantara (Red Hat) <pc@xxxxxxxxxxxxx>
Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 fs/smb/client/connect.c |   30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

--- a/fs/smb/client/connect.c
+++ b/fs/smb/client/connect.c
@@ -3988,6 +3988,7 @@ cifs_construct_tcon(struct cifs_sb_info
 	struct cifs_ses *ses;
 	struct cifs_tcon *tcon = NULL;
 	struct smb3_fs_context *ctx;
+	char *origin_fullpath = NULL;
 
 	ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
 	if (ctx == NULL)
@@ -4011,6 +4012,7 @@ cifs_construct_tcon(struct cifs_sb_info
 	ctx->sign = master_tcon->ses->sign;
 	ctx->seal = master_tcon->seal;
 	ctx->witness = master_tcon->use_witness;
+	ctx->dfs_root_ses = master_tcon->ses->dfs_root_ses;
 
 	rc = cifs_set_vol_auth(ctx, master_tcon->ses);
 	if (rc) {
@@ -4030,12 +4032,39 @@ cifs_construct_tcon(struct cifs_sb_info
 		goto out;
 	}
 
+#ifdef CONFIG_CIFS_DFS_UPCALL
+	spin_lock(&master_tcon->tc_lock);
+	if (master_tcon->origin_fullpath) {
+		spin_unlock(&master_tcon->tc_lock);
+		origin_fullpath = dfs_get_path(cifs_sb, cifs_sb->ctx->source);
+		if (IS_ERR(origin_fullpath)) {
+			tcon = ERR_CAST(origin_fullpath);
+			origin_fullpath = NULL;
+			cifs_put_smb_ses(ses);
+			goto out;
+		}
+	} else {
+		spin_unlock(&master_tcon->tc_lock);
+	}
+#endif
+
 	tcon = cifs_get_tcon(ses, ctx);
 	if (IS_ERR(tcon)) {
 		cifs_put_smb_ses(ses);
 		goto out;
 	}
 
+#ifdef CONFIG_CIFS_DFS_UPCALL
+	if (origin_fullpath) {
+		spin_lock(&tcon->tc_lock);
+		tcon->origin_fullpath = origin_fullpath;
+		spin_unlock(&tcon->tc_lock);
+		origin_fullpath = NULL;
+		queue_delayed_work(dfscache_wq, &tcon->dfs_cache_work,
+				   dfs_cache_get_ttl() * HZ);
+	}
+#endif
+
 #ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY
 	if (cap_unix(ses))
 		reset_cifs_unix_caps(0, tcon, NULL, ctx);
@@ -4044,6 +4073,7 @@ cifs_construct_tcon(struct cifs_sb_info
 out:
 	kfree(ctx->username);
 	kfree_sensitive(ctx->password);
+	kfree(origin_fullpath);
 	kfree(ctx);
 
 	return tcon;


Patches currently in stable-queue which might be from pc@xxxxxxxxxxxxx are

queue-6.6/smb-client-fix-potential-uaf-in-cifs_stats_proc_write.patch
queue-6.6/smb-client-fix-potential-uaf-in-is_valid_oplock_break.patch
queue-6.6/smb-client-serialise-cifs_construct_tcon-with-cifs_mount_mutex.patch
queue-6.6/smb-client-fix-potential-uaf-in-cifs_dump_full_key.patch
queue-6.6/smb-client-fix-potential-uaf-in-smb2_is_network_name_deleted.patch
queue-6.6/smb-client-fix-potential-uaf-in-cifs_debug_files_proc_show.patch
queue-6.6/smb-client-handle-dfs-tcons-in-cifs_construct_tcon.patch
queue-6.6/smb-client-fix-potential-uaf-in-smb2_is_valid_lease_break.patch
queue-6.6/smb-client-fix-potential-uaf-in-cifs_signal_cifsd_for_reconnect.patch
queue-6.6/smb-client-fix-potential-uaf-in-cifs_stats_proc_show.patch
queue-6.6/smb-client-fix-potential-uaf-in-smb2_is_valid_oplock_break.patch




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux