2022년 6월 19일 (일) 오후 11:11, Namjae Jeon <linkinjeon@xxxxxxxxxx>님이 작성:
>
> FileOffset should not be greater than BeyondFinalZero in FSCTL_ZERO_DATA.
> And don't call ksmbd_vfs_zero_data() if length is zero.
>
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Namjae Jeon <linkinjeon@xxxxxxxxxx>
> ---
Reviewed-by: Hyunchul Lee <hyc.lee@xxxxxxxxx>
> fs/ksmbd/smb2pdu.c | 27 +++++++++++++++++----------
> 1 file changed, 17 insertions(+), 10 deletions(-)
>
> diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
> index e35930867893..94ab1dcd80e7 100644
> --- a/fs/ksmbd/smb2pdu.c
> +++ b/fs/ksmbd/smb2pdu.c
> @@ -7700,7 +7700,7 @@ int smb2_ioctl(struct ksmbd_work *work)
> {
> struct file_zero_data_information *zero_data;
> struct ksmbd_file *fp;
> - loff_t off, len;
> + loff_t off, len, bfz;
>
> if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) {
> ksmbd_debug(SMB,
> @@ -7717,19 +7717,26 @@ int smb2_ioctl(struct ksmbd_work *work)
> zero_data =
> (struct file_zero_data_information *)&req->Buffer[0];
>
> - fp = ksmbd_lookup_fd_fast(work, id);
> - if (!fp) {
> - ret = -ENOENT;
> + off = le64_to_cpu(zero_data->FileOffset);
> + bfz = le64_to_cpu(zero_data->BeyondFinalZero);
> + if (off > bfz) {
> + ret = -EINVAL;
> goto out;
> }
>
> - off = le64_to_cpu(zero_data->FileOffset);
> - len = le64_to_cpu(zero_data->BeyondFinalZero) - off;
> + len = bfz - off;
> + if (len) {
> + fp = ksmbd_lookup_fd_fast(work, id);
> + if (!fp) {
> + ret = -ENOENT;
> + goto out;
> + }
>
> - ret = ksmbd_vfs_zero_data(work, fp, off, len);
> - ksmbd_fd_put(work, fp);
> - if (ret < 0)
> - goto out;
> + ret = ksmbd_vfs_zero_data(work, fp, off, len);
> + ksmbd_fd_put(work, fp);
> + if (ret < 0)
> + goto out;
> + }
> break;
> }
> case FSCTL_QUERY_ALLOCATED_RANGES:
> --
> 2.25.1
>
--
Thanks,
Hyunchul
