óÐÉÓÏË ÉÚÍÅÎÅÎÉÊ × Linux 5.15.145

 
fs: introduce lock_rename_child() helper [+ + +]
Author: Al Viro <[email protected]>
Date:   Tue Dec 19 00:33:46 2023 +0900

    fs: introduce lock_rename_child() helper
    
    [ Upstream commit 9bc37e04823b5280dd0f22b6680fc23fe81ca325 ]
    
    Pass the dentry of a source file and the dentry of a destination directory
    to lock parent inodes for rename. As soon as this function returns,
    ->d_parent of the source file dentry is stable and inodes are properly
    locked for calling vfs-rename. This helper is needed for ksmbd server.
    rename request of SMB protocol has to rename an opened file, no matter
    which directory it's in.
    
    Signed-off-by: Al Viro <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Al Viro <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

 
kasan: disable kasan_non_canonical_hook() for HW tags [+ + +]
Author: Arnd Bergmann <[email protected]>
Date:   Mon Oct 16 22:08:38 2023 +0200

    kasan: disable kasan_non_canonical_hook() for HW tags
    
    commit 17c17567fe510857b18fe01b7a88027600e76ac6 upstream.
    
    On arm64, building with CONFIG_KASAN_HW_TAGS now causes a compile-time
    error:
    
    mm/kasan/report.c: In function 'kasan_non_canonical_hook':
    mm/kasan/report.c:637:20: error: 'KASAN_SHADOW_OFFSET' undeclared (first use in this function)
      637 |         if (addr < KASAN_SHADOW_OFFSET)
          |                    ^~~~~~~~~~~~~~~~~~~
    mm/kasan/report.c:637:20: note: each undeclared identifier is reported only once for each function it appears in
    mm/kasan/report.c:640:77: error: expected expression before ';' token
      640 |         orig_addr = (addr - KASAN_SHADOW_OFFSET) << KASAN_SHADOW_SCALE_SHIFT;
    
    This was caused by removing the dependency on CONFIG_KASAN_INLINE that
    used to prevent this from happening. Use the more specific dependency
    on KASAN_SW_TAGS || KASAN_GENERIC to only ignore the function for hwasan
    mode.
    
    Link: https://lkml.kernel.org/r/[email protected]
    Fixes: 12ec6a919b0f ("kasan: print the original fault addr when access invalid shadow")
    Signed-off-by: Arnd Bergmann <[email protected]>
    Cc: Alexander Potapenko <[email protected]>
    Cc: Andrey Konovalov <[email protected]>
    Cc: Andrey Ryabinin <[email protected]>
    Cc: Dmitry Vyukov <[email protected]>
    Cc: Haibo Li <[email protected]>
    Cc: Kees Cook <[email protected]>
    Cc: Vincenzo Frascino <[email protected]>
    Cc: AngeloGioacchino Del Regno <[email protected]>
    Cc: Matthias Brugger <[email protected]>
    Signed-off-by: Andrew Morton <[email protected]>
    Signed-off-by: Amit Pundir <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

 
ksmbd: add missing calling smb2_set_err_rsp() on error [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:25 2023 +0900

    ksmbd: add missing calling smb2_set_err_rsp() on error
    
    [ Upstream commit 0e2378eaa2b3a663726cf740d4aaa8a801e2cb31 ]
    
    If some error happen on smb2_sess_setup(), Need to call
    smb2_set_err_rsp() to set error response.
    This patch add missing calling smb2_set_err_rsp() on error.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: add missing compound request handing in some commands [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:11 2023 +0900

    ksmbd: add missing compound request handing in some commands
    
    [ Upstream commit 7b7d709ef7cf285309157fb94c33f625dd22c5e1 ]
    
    This patch add the compound request handling to the some commands.
    Existing clients do not send these commands as compound requests,
    but ksmbd should consider that they may come.
    
    Cc: [email protected]
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: add mnt_want_write to ksmbd vfs functions [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:03 2023 +0900

    ksmbd: add mnt_want_write to ksmbd vfs functions
    
    [ Upstream commit 40b268d384a22276dca1450549f53eed60e21deb ]
    
    ksmbd is doing write access using vfs helpers. There are the cases that
    mnt_want_write() is not called in vfs helper. This patch add missing
    mnt_want_write() to ksmbd vfs functions.
    
    Cc: [email protected]
    Cc: Amir Goldstein <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: add smb-direct shutdown [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:32:41 2023 +0900

    ksmbd: add smb-direct shutdown
    
    [ Upstream commit 136dff3a6b71dc16c30b35cc390feb0bfc32ed50 ]
    
    When killing ksmbd server after connecting rdma, ksmbd threads does not
    terminate properly because the rdma connection is still alive.
    This patch add shutdown operation to disconnect rdma connection while
    ksmbd threads terminate.
    
    Signed-off-by: Yufan Chen <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: add support for key exchange [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:32:44 2023 +0900

    ksmbd: add support for key exchange
    
    [ Upstream commit f9929ef6a2a55f03aac61248c6a3a987b8546f2a ]
    
    When mounting cifs client, can see the following warning message.
    
    CIFS: decode_ntlmssp_challenge: authentication has been weakened as server
    does not support key exchange
    
    To remove this warning message, Add support for key exchange feature to
    ksmbd. This patch decrypts 16-byte ciphertext value sent by the client
    using RC4 with session key. The decrypted value is the recovered secondary
    key that will use instead of the session key for signing and sealing.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: add support for read compound [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:19 2023 +0900

    ksmbd: add support for read compound
    
    [ Upstream commit e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d ]
    
    MacOS sends a compound request including read to the server
    (e.g. open-read-close). So far, ksmbd has not handled read as
    a compound request. For compatibility between ksmbd and an OS that
    supports SMB, This patch provides compound support for read requests.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: add support for surrogate pair conversion [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:44 2023 +0900

    ksmbd: add support for surrogate pair conversion
    
    [ Upstream commit 0c180317c654a494fe429adbf7bc9b0793caf9e2 ]
    
    ksmbd is missing supporting to convert filename included surrogate pair
    characters. It triggers a "file or folder does not exist" error in
    Windows client.
    
    [Steps to Reproduce for bug]
    1. Create surrogate pair file
     touch $(echo -e '\xf0\x9d\x9f\xa3')
     touch $(echo -e '\xf0\x9d\x9f\xa4')
    
    2. Try to open these files in ksmbd share through Windows client.
    
    This patch update unicode functions not to consider about surrogate pair
    (and IVS).
    
    Reviewed-by: Marios Makassikis <[email protected]>
    Tested-by: Marios Makassikis <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: avoid duplicate negotiate ctx offset increments [+ + +]
Author: David Disseldorp <[email protected]>
Date:   Tue Dec 19 00:33:44 2023 +0900

    ksmbd: avoid duplicate negotiate ctx offset increments
    
    [ Upstream commit a12a07a85aff72e19520328f78b1c64d2281a1ec ]
    
    Both pneg_ctxt and ctxt_size change in unison, with each adding the
    length of the previously added context, rounded up to an eight byte
    boundary.
    Drop pneg_ctxt increments and instead use the ctxt_size offset when
    passing output pointers to per-context helper functions. This slightly
    simplifies offset tracking and shaves off a few text bytes.
    Before (x86-64 gcc 7.5):
       text    data     bss     dec     hex filename
     213234    8677     672  222583   36577 ksmbd.ko
    
    After:
       text    data     bss     dec     hex filename
     213218    8677     672  222567   36567 ksmbd.ko
    
    Signed-off-by: David Disseldorp <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: avoid out of bounds access in decode_preauth_ctxt() [+ + +]
Author: David Disseldorp <[email protected]>
Date:   Tue Dec 19 00:33:42 2023 +0900

    ksmbd: avoid out of bounds access in decode_preauth_ctxt()
    
    [ Upstream commit e7067a446264a7514fa1cfaa4052cdb6803bc6a2 ]
    
    Confirm that the accessed pneg_ctxt->HashAlgorithms address sits within
    the SMB request boundary; deassemble_neg_contexts() only checks that the
    eight byte smb2_neg_context header + (client controlled) DataLength are
    within the packet boundary, which is insufficient.
    
    Checking for sizeof(struct smb2_preauth_neg_context) is overkill given
    that the type currently assumes SMB311_SALT_SIZE bytes of trailing Salt.
    
    Signed-off-by: David Disseldorp <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Cc: <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: block asynchronous requests when making a delay on session setup [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:50 2023 +0900

    ksmbd: block asynchronous requests when making a delay on session setup
    
    [ Upstream commit b096d97f47326b1e2dbdef1c91fab69ffda54d17 ]
    
    ksmbd make a delay of 5 seconds on session setup to avoid dictionary
    attacks. But the 5 seconds delay can be bypassed by using asynchronous
    requests. This patch block all requests on current connection when
    making a delay on sesstion setup failure.
    
    Cc: [email protected]
    Reported-by: [email protected] # ZDI-CAN-20482
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: call ib_drain_qp when disconnected [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:22 2023 +0900

    ksmbd: call ib_drain_qp when disconnected
    
    [ Upstream commit 141fa9824c0fc11d44b2d5bb1266a33e95fa67fd ]
    
    When disconnected, call ib_drain_qp to cancel all pending work requests
    and prevent ksmbd_conn_handler_loop from waiting for a long time
    for those work requests to compelete.
    
    Signed-off-by: Hyunchul Lee <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Reviewed-by: Tom Talpey <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: call putname after using the last component [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:57 2023 +0900

    ksmbd: call putname after using the last component
    
    [ Upstream commit 6fe55c2799bc29624770c26f98ba7b06214f43e0 ]
    
    last component point filename struct. Currently putname is called after
    vfs_path_parent_lookup(). And then last component is used for
    lookup_one_qstr_excl(). name in last component is freed by previous
    calling putname(). And It cause file lookup failure when testing
    generic/464 test of xfstest.
    
    Fixes: 74d7970febf7 ("ksmbd: fix racy issue from using ->d_parent and ->d_name")
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: casefold utf-8 share names and fix ascii lowercase conversion [+ + +]
Author: Atte Heikkilä <[email protected]>
Date:   Tue Dec 19 00:33:12 2023 +0900

    ksmbd: casefold utf-8 share names and fix ascii lowercase conversion
    
    [ Upstream commit 16b5f54e30c1ddec36bdf946a299b3254aace477 ]
    
    strtolower() corrupts all UTF-8 share names that have a byte in the C0
    (À ISO8859-1) to DE (Þ ISO8859-1) range, since the non-ASCII part of
    ISO8859-1 is incompatible with UTF-8. Prevent this by checking that a
    byte is in the ASCII range with isascii(), before the conversion to
    lowercase with tolower(). Properly handle case-insensitivity of UTF-8
    share names by casefolding them, but fallback to ASCII lowercase
    conversion on failure or if CONFIG_UNICODE is not set. Refactor to move
    the share name casefolding immediately after the share name extraction.
    Also, make the associated constness corrections.
    
    Signed-off-by: Atte Heikkilä <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: change LeaseKey data type to u8 array [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:32:27 2023 +0900

    ksmbd: change LeaseKey data type to u8 array
    
    [ Upstream commit 2734b692f7b8167b93498dcd698067623d4267ca ]
    
    cifs define LeaseKey as u8 array in structure. To move lease structure
    to smbfs_common, ksmbd change LeaseKey data type to u8 array.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: change security id to the one samba used for posix extension [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:13 2023 +0900

    ksmbd: change security id to the one samba used for posix extension
    
    [ Upstream commit 5609bdd9ffdccd83f9003511b1801584b703baa5 ]
    
    Samba set SIDOWNER and SIDUNIX_GROUP in create posix context and
    set SIDUNIX_USER/GROUP in other sids for posix extension.
    This patch change security id to the one samba used.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: Change the return value of ksmbd_vfs_query_maximal_access to void [+ + +]
Author: Lu Hongfei <[email protected]>
Date:   Tue Dec 19 00:34:07 2023 +0900

    ksmbd: Change the return value of ksmbd_vfs_query_maximal_access to void
    
    [ Upstream commit ccb5889af97c03c67a83fcd649602034578c0d61 ]
    
    The return value of ksmbd_vfs_query_maximal_access is meaningless,
    it is better to modify it to void.
    
    Signed-off-by: Lu Hongfei <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: check if a mount point is crossed during path lookup [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:15 2023 +0900

    ksmbd: check if a mount point is crossed during path lookup
    
    [ Upstream commit 2b57a4322b1b14348940744fdc02f9a86cbbdbeb ]
    
    Since commit 74d7970febf7 ("ksmbd: fix racy issue from using ->d_parent and
    ->d_name"), ksmbd can not lookup cross mount points. If last component is
    a cross mount point during path lookup, check if it is crossed to follow it
    down. And allow path lookup to cross a mount point when a crossmnt
    parameter is set to 'yes' in smb.conf.
    
    Cc: [email protected]
    Fixes: 74d7970febf7 ("ksmbd: fix racy issue from using ->d_parent and ->d_name")
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: check iov vector index in ksmbd_conn_write() [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:30 2023 +0900

    ksmbd: check iov vector index in ksmbd_conn_write()
    
    [ Upstream commit 73f949ea87c7d697210653501ca21efe57295327 ]
    
    If ->iov_idx is zero, This means that the iov vector for the response
    was not added during the request process. In other words, it means that
    there is a problem in generating a response, So this patch return as
    an error to avoid NULL pointer dereferencing problem.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:01 2023 +0900

    ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop
    
    [ Upstream commit 368ba06881c395f1c9a7ba22203cf8d78b4addc0 ]
    
    The length field of netbios header must be greater than the SMB header
    sizes(smb1 or smb2 header), otherwise the packet is an invalid SMB packet.
    
    If `pdu_size` is 0, ksmbd allocates a 4 bytes chunk to `conn->request_buf`.
    In the function `get_smb2_cmd_val` ksmbd will read cmd from
    `rcv_hdr->Command`, which is `conn->request_buf + 12`, causing the KASAN
    detector to print the following error message:
    
    [    7.205018] BUG: KASAN: slab-out-of-bounds in get_smb2_cmd_val+0x45/0x60
    [    7.205423] Read of size 2 at addr ffff8880062d8b50 by task ksmbd:42632/248
    ...
    [    7.207125]  <TASK>
    [    7.209191]  get_smb2_cmd_val+0x45/0x60
    [    7.209426]  ksmbd_conn_enqueue_request+0x3a/0x100
    [    7.209712]  ksmbd_server_process_request+0x72/0x160
    [    7.210295]  ksmbd_conn_handler_loop+0x30c/0x550
    [    7.212280]  kthread+0x160/0x190
    [    7.212762]  ret_from_fork+0x1f/0x30
    [    7.212981]  </TASK>
    
    Cc: [email protected]
    Reported-by: Chih-Yen Chang <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: constify struct path [+ + +]
Author: Al Viro <[email protected]>
Date:   Tue Dec 19 00:33:10 2023 +0900

    ksmbd: constify struct path
    
    [ Upstream commit c22180a5e2a9e1426fab01d9e54011ec531b1b52 ]
    
    ... in particular, there should never be a non-const pointers to
    any file->f_path.
    
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Al Viro <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: Convert to use sysfs_emit()/sysfs_emit_at() APIs [+ + +]
Author: ye xingchen <[email protected]>
Date:   Tue Dec 19 00:33:28 2023 +0900

    ksmbd: Convert to use sysfs_emit()/sysfs_emit_at() APIs
    
    [ Upstream commit 72ee45fd46d0d3578c4e6046f66fae3218543ce3 ]
    
    Follow the advice of the Documentation/filesystems/sysfs.rst and show()
    should only use sysfs_emit() or sysfs_emit_at() when formatting the
    value to be returned to user space.
    
    Signed-off-by: ye xingchen <[email protected]>
    Reviewed-by: Sergey Senozhatsky <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: decrease the number of SMB3 smbdirect server SGEs [+ + +]
Author: Tom Talpey <[email protected]>
Date:   Tue Dec 19 00:33:18 2023 +0900

    ksmbd: decrease the number of SMB3 smbdirect server SGEs
    
    [ Upstream commit 2b4eeeaa90617c5e37da7c804c422b4e833b87b2 ]
    
    The server-side SMBDirect layer requires no more than 6 send SGEs
    The previous default of 8 causes ksmbd to fail on the SoftiWARP
    (siw) provider, and possibly others. Additionally, large numbers
    of SGEs reduces performance significantly on adapter implementations.
    
    Signed-off-by: Tom Talpey <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: Delete an invalid argument description in smb2_populate_readdir_entry() [+ + +]
Author: Yang Li <[email protected]>
Date:   Tue Dec 19 00:32:34 2023 +0900

    ksmbd: Delete an invalid argument description in smb2_populate_readdir_entry()
    
    [ Upstream commit f5c381392948dcae19f854b9586b806654f08a11 ]
    
    A warning is reported because an invalid argument description, it is found
    by running scripts/kernel-doc, which is caused by using 'make W=1'.
    fs/ksmbd/smb2pdu.c:3406: warning: Excess function parameter 'user_ns'
    description in 'smb2_populate_readdir_entry'
    
    Reported-by: Abaci Robot <[email protected]>
    Fixes: 475d6f98804c ("ksmbd: fix translation in smb2_populate_readdir_entry()")
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Yang Li <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: delete asynchronous work from list [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:40 2023 +0900

    ksmbd: delete asynchronous work from list
    
    [ Upstream commit 3a9b557f44ea8f216aab515a7db20e23f0eb51b9 ]
    
    When smb2_lock request is canceled by smb2_cancel or smb2_close(),
    ksmbd is missing deleting async_request_entry async_requests list.
    Because calling init_smb2_rsp_hdr() in smb2_lock() mark ->synchronous
    as true and then it will not be deleted in
    ksmbd_conn_try_dequeue_request(). This patch add release_async_work() to
    release the ones allocated for async work.
    
    Cc: [email protected]
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: destroy expired sessions [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:49 2023 +0900

    ksmbd: destroy expired sessions
    
    [ Upstream commit ea174a91893956450510945a0c5d1a10b5323656 ]
    
    client can indefinitely send smb2 session setup requests with
    the SessionId set to 0, thus indefinitely spawning new sessions,
    and causing indefinite memory usage. This patch limit to the number
    of sessions using expired timeout and session state.
    
    Cc: [email protected]
    Reported-by: [email protected] # ZDI-CAN-20478
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: don't open-code %pD [+ + +]
Author: Al Viro <[email protected]>
Date:   Tue Dec 19 00:33:09 2023 +0900

    ksmbd: don't open-code %pD
    
    [ Upstream commit 369c1634cc7ae8645a5cba4c7eb874755c2a6a07 ]
    
    a bunch of places used %pd with file->f_path.dentry; shorter (and saner)
    way to spell that is %pD with file...
    
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Al Viro <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: don't open-code file_path() [+ + +]
Author: Al Viro <[email protected]>
Date:   Tue Dec 19 00:33:08 2023 +0900

    ksmbd: don't open-code file_path()
    
    [ Upstream commit 2f5930c1d7936b74eb820c5b157011994c707a74 ]
    
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Al Viro <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:54 2023 +0900

    ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error
    
    [ Upstream commit cd80ce7e68f1624ac29cd0a6b057789d1236641e ]
    
    ksmbd set ->op_state as OPLOCK_STATE_NONE on lease break ack error.
    op_state of lease should not be updated because client can send lease
    break ack again. This patch fix smb2.lease.breaking2 test failure.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fill sids in SMB_FIND_FILE_POSIX_INFO response [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:15 2023 +0900

    ksmbd: fill sids in SMB_FIND_FILE_POSIX_INFO response
    
    [ Upstream commit d5919f2a1459083bd0aaede7fc44e945290e44df ]
    
    This patch fill missing sids in SMB_FIND_FILE_POSIX_INFO response.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix `force create mode' and `force directory mode' [+ + +]
Author: Atte Heikkilä <[email protected]>
Date:   Tue Dec 19 00:34:21 2023 +0900

    ksmbd: fix `force create mode' and `force directory mode'
    
    [ Upstream commit 65656f5242e500dcfeffa6a0a1519eae14724f86 ]
    
    `force create mode' and `force directory mode' should be bitwise ORed
    with the perms after `create mask' and `directory mask' have been
    applied, respectively.
    
    Signed-off-by: Atte Heikkilä <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: Fix buffer_check_err() kernel-doc comment [+ + +]
Author: Yang Li <[email protected]>
Date:   Tue Dec 19 00:32:32 2023 +0900

    ksmbd: Fix buffer_check_err() kernel-doc comment
    
    [ Upstream commit e230d013378489bcd4b5589ca1d2a5b91ff8d098 ]
    
    Add the description of @rsp_org in buffer_check_err() kernel-doc comment
    to remove a warning found by running scripts/kernel-doc, which is caused
    by using 'make W=1'.
    fs/ksmbd/smb2pdu.c:4028: warning: Function parameter or member 'rsp_org'
    not described in 'buffer_check_err'
    
    Reported-by: Abaci Robot <[email protected]>
    Fixes: cb4517201b8a ("ksmbd: remove smb2_buf_length in smb2_hdr")
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Yang Li <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix encryption failure issue for session logoff response [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:16 2023 +0900

    ksmbd: fix encryption failure issue for session logoff response
    
    [ Upstream commit af705ef2b0ded0d8f54c238fdf3c17a1d47ad924 ]
    
    If client send encrypted session logoff request on seal mount,
    Encryption for that response fails.
    
    ksmbd: Could not get encryption key
    CIFS: VFS: cifs_put_smb_ses: Session Logoff failure rc=-512
    
    Session lookup fails in ksmbd_get_encryption_key() because sess->state is
    set to SMB2_SESSION_EXPIRED in session logoff. There is no need to do
    session lookup again to encrypt the response. This patch change to use
    ksmbd_session in ksmbd_work.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix kernel-doc comment of ksmbd_vfs_kern_path_locked() [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:46 2023 +0900

    ksmbd: fix kernel-doc comment of ksmbd_vfs_kern_path_locked()
    
    [ Upstream commit f6049712e520287ad695e9d4f1572ab76807fa0c ]
    
    Fix argument list that the kdoc format and script verified in
    ksmbd_vfs_kern_path_locked().
    
    fs/smb/server/vfs.c:1207: warning: Function parameter or member 'parent_path'
    not described in 'ksmbd_vfs_kern_path_locked'
    
    Reported-by: kernel test robot <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix kernel-doc comment of ksmbd_vfs_setxattr() [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:41 2023 +0900

    ksmbd: fix kernel-doc comment of ksmbd_vfs_setxattr()
    
    [ Upstream commit 3354db668808d5b6d7c5e0cb19ff4c9da4bb5e58 ]
    
    Fix argument list that the kdoc format and script verified in
    ksmbd_vfs_setxattr().
    
    fs/smb/server/vfs.c:929: warning: Function parameter or member 'path'
    not described in 'ksmbd_vfs_setxattr'
    
    Reported-by: kernel test robot <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix missing RDMA-capable flag for IPoIB device in ksmbd_rdma_capable_netdev() [+ + +]
Author: Kangjing Huang <[email protected]>
Date:   Tue Dec 19 00:34:43 2023 +0900

    ksmbd: fix missing RDMA-capable flag for IPoIB device in ksmbd_rdma_capable_netdev()
    
    [ Upstream commit ecce70cf17d91c3dd87a0c4ea00b2d1387729701 ]
    
    Physical ib_device does not have an underlying net_device, thus its
    association with IPoIB net_device cannot be retrieved via
    ops.get_netdev() or ib_device_get_by_netdev(). ksmbd reads physical
    ib_device port GUID from the lower 16 bytes of the hardware addresses on
    IPoIB net_device and match its underlying ib_device using ib_find_gid()
    
    Signed-off-by: Kangjing Huang <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Reviewed-by: Tom Talpey <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix multiple out-of-bounds read during context decoding [+ + +]
Author: Kuan-Ting Chen <[email protected]>
Date:   Tue Dec 19 00:33:55 2023 +0900

    ksmbd: fix multiple out-of-bounds read during context decoding
    
    [ Upstream commit 0512a5f89e1fae74251fde6893ff634f1c96c6fb ]
    
    Check the remaining data length before accessing the context structure
    to ensure that the entire structure is contained within the packet.
    Additionally, since the context data length `ctxt_len` has already been
    checked against the total packet length `len_of_ctxts`, update the
    comparison to use `ctxt_len`.
    
    Cc: [email protected]
    Signed-off-by: Kuan-Ting Chen <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix Null pointer dereferences in ksmbd_update_fstate() [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:37 2023 +0900

    ksmbd: fix Null pointer dereferences in ksmbd_update_fstate()
    
    [ Upstream commit 414849040fcf11d45025b8ae26c9fd91da1465da ]
    
    Coverity Scan report the following one. This report is a false alarm.
    Because fp is never NULL when rc is zero. This patch add null check for fp
    in ksmbd_update_fstate to make alarm silence.
    
    *** CID 1568583:  Null pointer dereferences  (FORWARD_NULL)
    /fs/smb/server/smb2pdu.c: 3408 in smb2_open()
    3402                    path_put(&path);
    3403                    path_put(&parent_path);
    3404            }
    3405            ksmbd_revert_fsids(work);
    3406     err_out1:
    3407            if (!rc) {
    >>>     CID 1568583:  Null pointer dereferences  (FORWARD_NULL)
    >>>     Passing null pointer "fp" to "ksmbd_update_fstate", which dereferences it.
    3408                    ksmbd_update_fstate(&work->sess->file_table, fp, FP_INITED);
    3409                    rc = ksmbd_iov_pin_rsp(work, (void *)rsp, iov_len);
    3410            }
    3411            if (rc) {
    3412                    if (rc == -EINVAL)
    3413                            rsp->hdr.Status = STATUS_INVALID_PARAMETER;
    
    Fixes: e2b76ab8b5c9 ("ksmbd: add support for read compound")
    Reported-by: Coverity Scan <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: Fix one kernel-doc comment [+ + +]
Author: Yang Li <[email protected]>
Date:   Tue Dec 19 00:34:23 2023 +0900

    ksmbd: Fix one kernel-doc comment
    
    [ Upstream commit bf26f1b4e0918f017775edfeacf6d867204b680b ]
    
    Fix one kernel-doc comment to silence the warning:
    fs/smb/server/smb2pdu.c:4160: warning: Excess function parameter 'infoclass_size' description in 'buffer_check_err'
    
    Signed-off-by: Yang Li <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix out of bounds in init_smb2_rsp_hdr() [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:17 2023 +0900

    ksmbd: fix out of bounds in init_smb2_rsp_hdr()
    
    [ Upstream commit 536bb492d39bb6c080c92f31e8a55fe9934f452b ]
    
    If client send smb2 negotiate request and then send smb1 negotiate
    request, init_smb2_rsp_hdr is called for smb1 negotiate request since
    need_neg is set to false. This patch ignore smb1 packets after ->need_neg
    is set to false.
    
    Reported-by: [email protected] # ZDI-CAN-21541
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix out of bounds read in smb2_sess_setup [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:10 2023 +0900

    ksmbd: fix out of bounds read in smb2_sess_setup
    
    [ Upstream commit 98422bdd4cb3ca4d08844046f6507d7ec2c2b8d8 ]
    
    ksmbd does not consider the case of that smb2 session setup is
    in compound request. If this is the second payload of the compound,
    OOB read issue occurs while processing the first payload in
    the smb2_sess_setup().
    
    Cc: [email protected]
    Reported-by: [email protected] # ZDI-CAN-21355
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix out-of-bound read in deassemble_neg_contexts() [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:58 2023 +0900

    ksmbd: fix out-of-bound read in deassemble_neg_contexts()
    
    [ Upstream commit f1a411873c85b642f13b01f21b534c2bab81fc1b ]
    
    The check in the beginning is
    `clen + sizeof(struct smb2_neg_context) <= len_of_ctxts`,
    but in the end of loop, `len_of_ctxts` will subtract
    `((clen + 7) & ~0x7) + sizeof(struct smb2_neg_context)`, which causes
    integer underflow when clen does the 8 alignment. We should use
    `(clen + 7) & ~0x7` in the check to avoid underflow from happening.
    
    Then there are some variables that need to be declared unsigned
    instead of signed.
    
    [   11.671070] BUG: KASAN: slab-out-of-bounds in smb2_handle_negotiate+0x799/0x1610
    [   11.671533] Read of size 2 at addr ffff888005e86cf2 by task kworker/0:0/7
    ...
    [   11.673383] Call Trace:
    [   11.673541]  <TASK>
    [   11.673679]  dump_stack_lvl+0x33/0x50
    [   11.673913]  print_report+0xcc/0x620
    [   11.674671]  kasan_report+0xae/0xe0
    [   11.675171]  kasan_check_range+0x35/0x1b0
    [   11.675412]  smb2_handle_negotiate+0x799/0x1610
    [   11.676217]  ksmbd_smb_negotiate_common+0x526/0x770
    [   11.676795]  handle_ksmbd_work+0x274/0x810
    ...
    
    Cc: [email protected]
    Signed-off-by: Chih-Yen Chang <[email protected]>
    Tested-by: Chih-Yen Chang <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix out-of-bound read in parse_lease_state() [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:59 2023 +0900

    ksmbd: fix out-of-bound read in parse_lease_state()
    
    [ Upstream commit fc6c6a3c324c1b3e93a03d0cfa3749c781f23de0 ]
    
    This bug is in parse_lease_state, and it is caused by the missing check
    of `struct create_context`. When the ksmbd traverses the create_contexts,
    it doesn't check if the field of `NameOffset` and `Next` is valid,
    The KASAN message is following:
    
    [    6.664323] BUG: KASAN: slab-out-of-bounds in parse_lease_state+0x7d/0x280
    [    6.664738] Read of size 2 at addr ffff888005c08988 by task kworker/0:3/103
    ...
    [    6.666644] Call Trace:
    [    6.666796]  <TASK>
    [    6.666933]  dump_stack_lvl+0x33/0x50
    [    6.667167]  print_report+0xcc/0x620
    [    6.667903]  kasan_report+0xae/0xe0
    [    6.668374]  kasan_check_range+0x35/0x1b0
    [    6.668621]  parse_lease_state+0x7d/0x280
    [    6.668868]  smb2_open+0xbe8/0x4420
    [    6.675137]  handle_ksmbd_work+0x282/0x820
    
    Use smb2_find_context_vals() to find smb2 create request lease context.
    smb2_find_context_vals validate create context fields.
    
    Cc: [email protected]
    Reported-by: Chih-Yen Chang <[email protected]>
    Tested-by: Chih-Yen Chang <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: Fix parameter name and comment mismatch [+ + +]
Author: Jiapeng Chong <[email protected]>
Date:   Tue Dec 19 00:33:36 2023 +0900

    ksmbd: Fix parameter name and comment mismatch
    
    [ Upstream commit 63f09a9986eb58578ed6ad0e27a6e2c54e49f797 ]
    
    fs/ksmbd/vfs.c:965: warning: Function parameter or member 'attr_value' not described in 'ksmbd_vfs_setxattr'.
    
    Reported-by: Abaci Robot <[email protected]>
    Link: https://bugzilla.openanolis.cn/show_bug.cgi?id=3946
    Signed-off-by: Jiapeng Chong <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Reviewed-by: Sergey Senozhatsky <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix passing freed memory 'aux_payload_buf' [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:28 2023 +0900

    ksmbd: fix passing freed memory 'aux_payload_buf'
    
    [ Upstream commit 59d8d24f4610333560cf2e8fe3f44cafe30322eb ]
    
    The patch e2b76ab8b5c9: "ksmbd: add support for read compound" leads
    to the following Smatch static checker warning:
    
      fs/smb/server/smb2pdu.c:6329 smb2_read()
            warn: passing freed memory 'aux_payload_buf'
    
    It doesn't matter that we're passing a freed variable because nbytes is
    zero. This patch set "aux_payload_buf = NULL" to make smatch silence.
    
    Fixes: e2b76ab8b5c9 ("ksmbd: add support for read compound")
    Reported-by: Dan Carpenter <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR() [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:00 2023 +0900

    ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR()
    
    [ Upstream commit 25933573ef48f3586f559c2cac6c436c62dcf63f ]
    
    Dan reported the following error message:
    
    fs/smb/server/smbacl.c:1296 smb_check_perm_dacl()
        error: 'posix_acls' dereferencing possible ERR_PTR()
    fs/smb/server/vfs.c:1323 ksmbd_vfs_make_xattr_posix_acl()
        error: 'posix_acls' dereferencing possible ERR_PTR()
    fs/smb/server/vfs.c:1830 ksmbd_vfs_inherit_posix_acl()
        error: 'acls' dereferencing possible ERR_PTR()
    
    __get_acl() returns a mix of error pointers and NULL. This change it
    with IS_ERR_OR_NULL().
    
    Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
    Cc: [email protected]
    Reported-by: Dan Carpenter <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix possible deadlock in smb2_open [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:49 2023 +0900

    ksmbd: fix possible deadlock in smb2_open
    
    [ Upstream commit 864fb5d3716303a045c3ffb397f651bfd37bfb36 ]
    
    [ 8743.393379] ======================================================
    [ 8743.393385] WARNING: possible circular locking dependency detected
    [ 8743.393391] 6.4.0-rc1+ #11 Tainted: G           OE
    [ 8743.393397] ------------------------------------------------------
    [ 8743.393402] kworker/0:2/12921 is trying to acquire lock:
    [ 8743.393408] ffff888127a14460 (sb_writers#8){.+.+}-{0:0}, at: ksmbd_vfs_setxattr+0x3d/0xd0 [ksmbd]
    [ 8743.393510]
                   but task is already holding lock:
    [ 8743.393515] ffff8880360d97f0 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: ksmbd_vfs_kern_path_locked+0x181/0x670 [ksmbd]
    [ 8743.393618]
                   which lock already depends on the new lock.
    
    [ 8743.393623]
                   the existing dependency chain (in reverse order) is:
    [ 8743.393628]
                   -> #1 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}:
    [ 8743.393648]        down_write_nested+0x9a/0x1b0
    [ 8743.393660]        filename_create+0x128/0x270
    [ 8743.393670]        do_mkdirat+0xab/0x1f0
    [ 8743.393680]        __x64_sys_mkdir+0x47/0x60
    [ 8743.393690]        do_syscall_64+0x5d/0x90
    [ 8743.393701]        entry_SYSCALL_64_after_hwframe+0x72/0xdc
    [ 8743.393711]
                   -> #0 (sb_writers#8){.+.+}-{0:0}:
    [ 8743.393728]        __lock_acquire+0x2201/0x3b80
    [ 8743.393737]        lock_acquire+0x18f/0x440
    [ 8743.393746]        mnt_want_write+0x5f/0x240
    [ 8743.393755]        ksmbd_vfs_setxattr+0x3d/0xd0 [ksmbd]
    [ 8743.393839]        ksmbd_vfs_set_dos_attrib_xattr+0xcc/0x110 [ksmbd]
    [ 8743.393924]        compat_ksmbd_vfs_set_dos_attrib_xattr+0x39/0x50 [ksmbd]
    [ 8743.394010]        smb2_open+0x3432/0x3cc0 [ksmbd]
    [ 8743.394099]        handle_ksmbd_work+0x2c9/0x7b0 [ksmbd]
    [ 8743.394187]        process_one_work+0x65a/0xb30
    [ 8743.394198]        worker_thread+0x2cf/0x700
    [ 8743.394209]        kthread+0x1ad/0x1f0
    [ 8743.394218]        ret_from_fork+0x29/0x50
    
    This patch add mnt_want_write() above parent inode lock and remove
    nested mnt_want_write calls in smb2_open().
    
    Fixes: 40b268d384a2 ("ksmbd: add mnt_want_write to ksmbd vfs functions")
    Cc: [email protected]
    Reported-by: Marios Makassikis <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix possible memory leak in smb2_lock() [+ + +]
Author: Hangyu Hua <[email protected]>
Date:   Tue Dec 19 00:33:37 2023 +0900

    ksmbd: fix possible memory leak in smb2_lock()
    
    [ Upstream commit d3ca9f7aeba793d74361d88a8800b2f205c9236b ]
    
    argv needs to be free when setup_async_work fails or when the current
    process is woken up.
    
    Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
    Cc: [email protected]
    Signed-off-by: Hangyu Hua <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix potential double free on smb2_read_pipe() error path [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:38 2023 +0900

    ksmbd: fix potential double free on smb2_read_pipe() error path
    
    [ Upstream commit 1903e6d0578118e9aab1ee23f4a9de55737d1d05 ]
    
    Fix new smatch warnings:
    fs/smb/server/smb2pdu.c:6131 smb2_read_pipe() error: double free of 'rpc_resp'
    
    Fixes: e2b76ab8b5c9 ("ksmbd: add support for read compound")
    Reported-by: kernel test robot <[email protected]>
    Reported-by: Dan Carpenter <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix race condition between session lookup and expire [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:31 2023 +0900

    ksmbd: fix race condition between session lookup and expire
    
    [ Upstream commit 53ff5cf89142b978b1a5ca8dc4d4425e6a09745f ]
    
     Thread A                        +  Thread B
     ksmbd_session_lookup            |  smb2_sess_setup
       sess = xa_load                |
                                     |
                                     |    xa_erase(&conn->sessions, sess->id);
                                     |
                                     |    ksmbd_session_destroy(sess) --> kfree(sess)
                                     |
       // UAF!                       |
       sess->last_active = jiffies   |
                                     +
    
    This patch add rwsem to fix race condition between ksmbd_session_lookup
    and ksmbd_expire_session.
    
    Reported-by: luosili <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix race condition between tree conn lookup and disconnect [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:35 2023 +0900

    ksmbd: fix race condition between tree conn lookup and disconnect
    
    [ Upstream commit 33b235a6e6ebe0f05f3586a71e8d281d00f71e2e ]
    
    if thread A in smb2_write is using work-tcon, other thread B use
    smb2_tree_disconnect free the tcon, then thread A will use free'd tcon.
    
                                Time
                                 +
     Thread A                    | Thread A
     smb2_write                  | smb2_tree_disconnect
                                 |
                                 |
                                 |   kfree(tree_conn)
                                 |
      // UAF!                    |
      work->tcon->share_conf     |
                                 +
    
    This patch add state, reference count and lock for tree conn to fix race
    condition issue.
    
    Reported-by: luosili <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix race condition from parallel smb2 lock requests [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:34 2023 +0900

    ksmbd: fix race condition from parallel smb2 lock requests
    
    [ Upstream commit 75ac9a3dd65f7eab4d12b0a0f744234b5300a491 ]
    
    There is a race condition issue between parallel smb2 lock request.
    
                                                Time
                                                 +
    Thread A                                     | Thread A
    smb2_lock                                    | smb2_lock
                                                 |
     insert smb_lock to lock_list                |
     spin_unlock(&work->conn->llist_lock)        |
                                                 |
                                                 |   spin_lock(&conn->llist_lock);
                                                 |   kfree(cmp_lock);
                                                 |
     // UAF!                                     |
     list_add(&smb_lock->llist, &rollback_list)  +
    
    This patch swaps the line for adding the smb lock to the rollback list and
    adding the lock list of connection to fix the race issue.
    
    Reported-by: luosili <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix race condition from parallel smb2 logoff requests [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:33 2023 +0900

    ksmbd: fix race condition from parallel smb2 logoff requests
    
    [ Upstream commit 7ca9da7d873ee8024e9548d3366101c2b6843eab ]
    
    If parallel smb2 logoff requests come in before closing door, running
    request count becomes more than 1 even though connection status is set to
    KSMBD_SESS_NEED_RECONNECT. It can't get condition true, and sleep forever.
    This patch fix race condition problem by returning error if connection
    status was already set to KSMBD_SESS_NEED_RECONNECT.
    
    Reported-by: luosili <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix race condition with fp [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:32 2023 +0900

    ksmbd: fix race condition with fp
    
    [ Upstream commit 5a7ee91d1154f35418367a6eaae74046fd06ed89 ]
    
    fp can used in each command. If smb2_close command is coming at the
    same time, UAF issue can happen by race condition.
    
                               Time
                                +
    Thread A                    | Thread B1 B2 .... B5
    smb2_open                   | smb2_close
                                |
     __open_id                  |
       insert fp to file_table  |
                                |
                                |   atomic_dec_and_test(&fp->refcount)
                                |   if fp->refcount == 0, free fp by kfree.
     // UAF!                    |
     use fp                     |
                                +
    This patch add f_state not to use freed fp is used and not to free fp in
    use.
    
    Reported-by: luosili <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix racy issue from session setup and logoff [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:48 2023 +0900

    ksmbd: fix racy issue from session setup and logoff
    
    [ Upstream commit f5c779b7ddbda30866cf2a27c63e34158f858c73 ]
    
    This racy issue is triggered by sending concurrent session setup and
    logoff requests. This patch does not set connection status as
    KSMBD_SESS_GOOD if state is KSMBD_SESS_NEED_RECONNECT in session setup.
    And relookup session to validate if session is deleted in logoff.
    
    Cc: [email protected]
    Reported-by: [email protected] # ZDI-CAN-20481, ZDI-CAN-20590, ZDI-CAN-20596
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix racy issue from smb2 close and logoff with multichannel [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:51 2023 +0900

    ksmbd: fix racy issue from smb2 close and logoff with multichannel
    
    [ Upstream commit abcc506a9a71976a8b4c9bf3ee6efd13229c1e19 ]
    
    When smb client send concurrent smb2 close and logoff request
    with multichannel connection, It can cause racy issue. logoff request
    free tcon and can cause UAF issues in smb2 close. When receiving logoff
    request with multichannel, ksmbd should wait until all remaning requests
    complete as well as ones in the current connection, and then make
    session expired.
    
    Cc: [email protected]
    Reported-by: [email protected] # ZDI-CAN-20796 ZDI-CAN-20595
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix racy issue from using ->d_parent and ->d_name [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:47 2023 +0900

    ksmbd: fix racy issue from using ->d_parent and ->d_name
    
    [ Upstream commit 74d7970febf7e9005375aeda0df821d2edffc9f7 ]
    
    Al pointed out that ksmbd has racy issue from using ->d_parent and ->d_name
    in ksmbd_vfs_unlink and smb2_vfs_rename(). and use new lock_rename_child()
    to lock stable parent while underlying rename racy.
    Introduce vfs_path_parent_lookup helper to avoid out of share access and
    export vfs functions like the following ones to use
    vfs_path_parent_lookup().
     - rename __lookup_hash() to lookup_one_qstr_excl().
     - export lookup_one_qstr_excl().
     - export getname_kernel() and putname().
    
    vfs_path_parent_lookup() is used for parent lookup of destination file
    using absolute pathname given from FILE_RENAME_INFORMATION request.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix racy issue under cocurrent smb2 tree disconnect [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:52 2023 +0900

    ksmbd: fix racy issue under cocurrent smb2 tree disconnect
    
    [ Upstream commit 30210947a343b6b3ca13adc9bfc88e1543e16dd5 ]
    
    There is UAF issue under cocurrent smb2 tree disconnect.
    This patch introduce TREE_CONN_EXPIRE flags for tcon to avoid cocurrent
    access.
    
    Cc: [email protected]
    Reported-by: [email protected] # ZDI-CAN-20592
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix recursive locking in vfs helpers [+ + +]
Author: Marios Makassikis <[email protected]>
Date:   Tue Dec 19 00:34:42 2023 +0900

    ksmbd: fix recursive locking in vfs helpers
    
    [ Upstream commit 807252f028c59b9a3bac4d62ad84761548c10f11 ]
    
    Running smb2.rename test from Samba smbtorture suite against a kernel built
    with lockdep triggers a "possible recursive locking detected" warning.
    
    This is because mnt_want_write() is called twice with no mnt_drop_write()
    in between:
      -> ksmbd_vfs_mkdir()
        -> ksmbd_vfs_kern_path_create()
           -> kern_path_create()
              -> filename_create()
                -> mnt_want_write()
           -> mnt_want_write()
    
    Fix this by removing the mnt_want_write/mnt_drop_write calls from vfs
    helpers that call kern_path_create().
    
    Full lockdep trace below:
    
    ============================================
    WARNING: possible recursive locking detected
    6.6.0-rc5 #775 Not tainted
    --------------------------------------------
    kworker/1:1/32 is trying to acquire lock:
    ffff888005ac83f8 (sb_writers#5){.+.+}-{0:0}, at: ksmbd_vfs_mkdir+0xe1/0x410
    
    but task is already holding lock:
    ffff888005ac83f8 (sb_writers#5){.+.+}-{0:0}, at: filename_create+0xb6/0x260
    
    other info that might help us debug this:
     Possible unsafe locking scenario:
    
           CPU0
           ----
      lock(sb_writers#5);
      lock(sb_writers#5);
    
     *** DEADLOCK ***
    
     May be due to missing lock nesting notation
    
    4 locks held by kworker/1:1/32:
     #0: ffff8880064e4138 ((wq_completion)ksmbd-io){+.+.}-{0:0}, at: process_one_work+0x40e/0x980
     #1: ffff888005b0fdd0 ((work_completion)(&work->work)){+.+.}-{0:0}, at: process_one_work+0x40e/0x980
     #2: ffff888005ac83f8 (sb_writers#5){.+.+}-{0:0}, at: filename_create+0xb6/0x260
     #3: ffff8880057ce760 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}, at: filename_create+0x123/0x260
    
    Cc: [email protected]
    Fixes: 40b268d384a2 ("ksmbd: add mnt_want_write to ksmbd vfs functions")
    Signed-off-by: Marios Makassikis <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: Fix resource leak in smb2_lock() [+ + +]
Author: Marios Makassikis <[email protected]>
Date:   Tue Dec 19 00:33:27 2023 +0900

    ksmbd: Fix resource leak in smb2_lock()
    
    [ Upstream commit 01f6c61bae3d658058ee6322af77acea26a5ee3a ]
    
    "flock" is leaked if an error happens before smb2_lock_init(), as the
    lock is not added to the lock_list to be cleaned up.
    
    Signed-off-by: Marios Makassikis <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:41 2023 +0900

    ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr
    
    [ Upstream commit dc8289f912387c3bcfbc5d2db29c8947fa207c11 ]
    
    When smb1 mount fails, KASAN detect slab-out-of-bounds in
    init_smb2_rsp_hdr like the following one.
    For smb1 negotiate(56bytes) , init_smb2_rsp_hdr() for smb2 is called.
    The issue occurs while handling smb1 negotiate as smb2 server operations.
    Add smb server operations for smb1 (get_cmd_val, init_rsp_hdr,
    allocate_rsp_buf, check_user_session) to handle smb1 negotiate so that
    smb2 server operation does not handle it.
    
    [  411.400423] CIFS: VFS: Use of the less secure dialect vers=1.0 is
    not recommended unless required for access to very old servers
    [  411.400452] CIFS: Attempting to mount \\192.168.45.139\homes
    [  411.479312] ksmbd: init_smb2_rsp_hdr : 492
    [  411.479323] ==================================================================
    [  411.479327] BUG: KASAN: slab-out-of-bounds in
    init_smb2_rsp_hdr+0x1e2/0x1f4 [ksmbd]
    [  411.479369] Read of size 16 at addr ffff888488ed0734 by task kworker/14:1/199
    
    [  411.479379] CPU: 14 PID: 199 Comm: kworker/14:1 Tainted: G
     OE      6.1.21 #3
    [  411.479386] Hardware name: ASUSTeK COMPUTER INC. Z10PA-D8
    Series/Z10PA-D8 Series, BIOS 3801 08/23/2019
    [  411.479390] Workqueue: ksmbd-io handle_ksmbd_work [ksmbd]
    [  411.479425] Call Trace:
    [  411.479428]  <TASK>
    [  411.479432]  dump_stack_lvl+0x49/0x63
    [  411.479444]  print_report+0x171/0x4a8
    [  411.479452]  ? kasan_complete_mode_report_info+0x3c/0x200
    [  411.479463]  ? init_smb2_rsp_hdr+0x1e2/0x1f4 [ksmbd]
    [  411.479497]  kasan_report+0xb4/0x130
    [  411.479503]  ? init_smb2_rsp_hdr+0x1e2/0x1f4 [ksmbd]
    [  411.479537]  kasan_check_range+0x149/0x1e0
    [  411.479543]  memcpy+0x24/0x70
    [  411.479550]  init_smb2_rsp_hdr+0x1e2/0x1f4 [ksmbd]
    [  411.479585]  handle_ksmbd_work+0x109/0x760 [ksmbd]
    [  411.479616]  ? _raw_spin_unlock_irqrestore+0x50/0x50
    [  411.479624]  ? smb3_encrypt_resp+0x340/0x340 [ksmbd]
    [  411.479656]  process_one_work+0x49c/0x790
    [  411.479667]  worker_thread+0x2b1/0x6e0
    [  411.479674]  ? process_one_work+0x790/0x790
    [  411.479680]  kthread+0x177/0x1b0
    [  411.479686]  ? kthread_complete_and_exit+0x30/0x30
    [  411.479692]  ret_from_fork+0x22/0x30
    [  411.479702]  </TASK>
    
    Fixes: 39b291b86b59 ("ksmbd: return unsupported error on smb1 mount")
    Cc: [email protected]
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:24 2023 +0900

    ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
    
    [ Upstream commit 4b081ce0d830b684fdf967abc3696d1261387254 ]
    
    If authblob->SessionKey.Length is bigger than session key
    size(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes.
    cifs_arc4_crypt copy to session key array from SessionKey from client.
    
    Cc: [email protected]
    Reported-by: [email protected] # ZDI-CAN-21940
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: Fix smb2_get_name() kernel-doc comment [+ + +]
Author: Yang Li <[email protected]>
Date:   Tue Dec 19 00:32:35 2023 +0900

    ksmbd: Fix smb2_get_name() kernel-doc comment
    
    [ Upstream commit d4eeb82674acadf789277b577986e8e7d3faf695 ]
    
    Remove some warnings found by running scripts/kernel-doc,
    which is caused by using 'make W=1'.
    fs/ksmbd/smb2pdu.c:623: warning: Function parameter or member
    'local_nls' not described in 'smb2_get_name'
    fs/ksmbd/smb2pdu.c:623: warning: Excess function parameter 'nls_table'
    description in 'smb2_get_name'
    
    Reported-by: Abaci Robot <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Yang Li <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: Fix smb2_set_info_file() kernel-doc comment [+ + +]
Author: Yang Li <[email protected]>
Date:   Tue Dec 19 00:32:33 2023 +0900

    ksmbd: Fix smb2_set_info_file() kernel-doc comment
    
    [ Upstream commit 4bfd9eed15e163969156e976c62db5ef423e5b0f ]
    
    Fix argument list that the kdoc format and script verified in
    smb2_set_info_file().
    
    The warnings were found by running scripts/kernel-doc, which is
    caused by using 'make W=1'.
    fs/ksmbd/smb2pdu.c:5862: warning: Function parameter or member 'req' not
    described in 'smb2_set_info_file'
    fs/ksmbd/smb2pdu.c:5862: warning: Excess function parameter 'info_class'
    description in 'smb2_set_info_file'
    
    Reported-by: Abaci Robot <[email protected]>
    Fixes: 9496e268e3af ("ksmbd: add request buffer validation in smb2_set_info")
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Yang Li <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: Fix some kernel-doc comments [+ + +]
Author: Yang Li <[email protected]>
Date:   Tue Dec 19 00:32:59 2023 +0900

    ksmbd: Fix some kernel-doc comments
    
    [ Upstream commit 7820c6ee029548290b318e522eb2578516d05393 ]
    
    Remove some warnings found by running scripts/kernel-doc,
    which is caused by using 'make W=1'.
    
    fs/ksmbd/misc.c:30: warning: Function parameter or member 'str' not
    described in 'match_pattern'
    fs/ksmbd/misc.c:30: warning: Excess function parameter 'string'
    description in 'match_pattern'
    fs/ksmbd/misc.c:163: warning: Function parameter or member 'share' not
    described in 'convert_to_nt_pathname'
    fs/ksmbd/misc.c:163: warning: Function parameter or member 'path' not
    described in 'convert_to_nt_pathname'
    fs/ksmbd/misc.c:163: warning: Excess function parameter 'filename'
    description in 'convert_to_nt_pathname'
    fs/ksmbd/misc.c:163: warning: Excess function parameter 'sharepath'
    description in 'convert_to_nt_pathname'
    fs/ksmbd/misc.c:259: warning: Function parameter or member 'share' not
    described in 'convert_to_unix_name'
    fs/ksmbd/misc.c:259: warning: Function parameter or member 'name' not
    described in 'convert_to_unix_name'
    fs/ksmbd/misc.c:259: warning: Excess function parameter 'path'
    description in 'convert_to_unix_name'
    fs/ksmbd/misc.c:259: warning: Excess function parameter 'tid'
    description in 'convert_to_unix_name'
    
    Reported-by: Abaci Robot <[email protected]>
    Signed-off-by: Yang Li <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: Fix spelling mistake "excceed" -> "exceeded" [+ + +]
Author: Colin Ian King <[email protected]>
Date:   Tue Dec 19 00:33:35 2023 +0900

    ksmbd: Fix spelling mistake "excceed" -> "exceeded"
    
    [ Upstream commit 7a17c61ee3b2683c40090179c273f4701fca9677 ]
    
    There is a spelling mistake in an error message. Fix it.
    
    Signed-off-by: Colin Ian King <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix typo, syncronous->synchronous [+ + +]
Author: Dawei Li <[email protected]>
Date:   Tue Dec 19 00:33:32 2023 +0900

    ksmbd: fix typo, syncronous->synchronous
    
    [ Upstream commit f8d6e7442aa716a233c7eba99dec628f8885e00b ]
    
    syncronous->synchronous
    
    Signed-off-by: Dawei Li <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Reviewed-by: Sergey Senozhatsky <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix UAF issue from opinfo->conn [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:56 2023 +0900

    ksmbd: fix UAF issue from opinfo->conn
    
    [ Upstream commit 36322523dddb11107e9f7f528675a0dec2536103 ]
    
    If opinfo->conn is another connection and while ksmbd send oplock break
    request to cient on current connection, The connection for opinfo->conn
    can be disconnect and conn could be freed. When sending oplock break
    request, this ksmbd_conn can be used and cause user-after-free issue.
    When getting opinfo from the list, ksmbd check connection is being
    released. If it is not released, Increase ->r_count to wait that connection
    is freed.
    
    Cc: [email protected]
    Reported-by: Per Forlin <[email protected]>
    Tested-by: Per Forlin <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix uninitialized pointer read in ksmbd_vfs_rename() [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:53 2023 +0900

    ksmbd: fix uninitialized pointer read in ksmbd_vfs_rename()
    
    [ Upstream commit 48b47f0caaa8a9f05ed803cb4f335fa3a7bfc622 ]
    
    Uninitialized rd.delegated_inode can be used in vfs_rename().
    Fix this by setting rd.delegated_inode to NULL to avoid the uninitialized
    read.
    
    Fixes: 74d7970febf7 ("ksmbd: fix racy issue from using ->d_parent and ->d_name")
    Reported-by: Coverity Scan <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix uninitialized pointer read in smb2_create_link() [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:54 2023 +0900

    ksmbd: fix uninitialized pointer read in smb2_create_link()
    
    [ Upstream commit df14afeed2e6c1bbadef7d2f9c46887bbd6d8d94 ]
    
    There is a case that file_present is true and path is uninitialized.
    This patch change file_present is set to false by default and set to
    true when patch is initialized.
    
    Fixes: 74d7970febf7 ("ksmbd: fix racy issue from using ->d_parent and ->d_name")
    Reported-by: Coverity Scan <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: Fix unsigned expression compared with zero [+ + +]
Author: Wang Ming <[email protected]>
Date:   Tue Dec 19 00:34:14 2023 +0900

    ksmbd: Fix unsigned expression compared with zero
    
    [ Upstream commit 0266a2f791294e0b4ba36f4a1d89b8615ea3cac0 ]
    
    The return value of the ksmbd_vfs_getcasexattr() is signed.
    However, the return value is being assigned to an unsigned
    variable and subsequently recasted, causing warnings. Use
    a signed type.
    
    Signed-off-by: Wang Ming <[email protected]>
    Acked-by: Tom Talpey <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix wrong error response status by using set_smb2_rsp_status() [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:36 2023 +0900

    ksmbd: fix wrong error response status by using set_smb2_rsp_status()
    
    [ Upstream commit be0f89d4419dc5413a1cf06db3671c9949be0d52 ]
    
    set_smb2_rsp_status() after __process_request() sets the wrong error
    status. This patch resets all iov vectors and sets the error status
    on clean one.
    
    Fixes: e2b76ab8b5c9 ("ksmbd: add support for read compound")
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix wrong interim response on compound [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:20 2023 +0900

    ksmbd: fix wrong interim response on compound
    
    [ Upstream commit 041bba4414cda37d00063952c9bff9c3d5812a19 ]
    
    If smb2_lock or smb2_open request is compound, ksmbd could send wrong
    interim response to client. ksmbd allocate new interim buffer instead of
    using resonse buffer to support compound request.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix wrong signingkey creation when encryption is AES256 [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:38 2023 +0900

    ksmbd: fix wrong signingkey creation when encryption is AES256
    
    [ Upstream commit 7a891d4b62d62566323676cb0e922ded4f37afe1 ]
    
    MacOS and Win11 support AES256 encrytion and it is included in the cipher
    array of encryption context. Especially on macOS, The most preferred
    cipher is AES256. Connecting to ksmbd fails on newer MacOS clients that
    support AES256 encryption. MacOS send disconnect request after receiving
    final session setup response from ksmbd. Because final session setup is
    signed with signing key was generated incorrectly.
    For signging key, 'L' value should be initialized to 128 if key size is
    16bytes.
    
    Cc: [email protected]
    Reported-by: Miao Lihua <[email protected]>
    Tested-by: Miao Lihua <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: fix wrong smbd max read/write size check [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:32:58 2023 +0900

    ksmbd: fix wrong smbd max read/write size check
    
    [ Upstream commit 7a84399e1ce3f5f2fbec3e7dd93459ba25badc2f ]
    
    smb-direct max read/write size can be different with smb2 max read/write
    size. So smb2_read() can return error by wrong max read/write size check.
    This patch use smb_direct_max_read_write_size for this check in
    smb-direct read/write().
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Reviewed-by: Hyunchul Lee <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: handle malformed smb1 message [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:47 2023 +0900

    ksmbd: handle malformed smb1 message
    
    [ Upstream commit 5a5409d90bd05f87fe5623a749ccfbf3f7c7d400 ]
    
    If set_smb1_rsp_status() is not implemented, It will cause NULL pointer
    dereferece error when client send malformed smb1 message.
    This patch add set_smb1_rsp_status() to ignore malformed smb1 message.
    
    Cc: [email protected]
    Reported-by: Robert Morris <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: hide socket error message when ipv6 config is disable [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:20 2023 +0900

    ksmbd: hide socket error message when ipv6 config is disable
    
    [ Upstream commit 5876e99611a91dfb2fb1f7af9d1ae5c017c8331c ]
    
    When ipv6 config is disable(CONFIG_IPV6 is not set), ksmbd fallback to
    create ipv4 socket. User reported that this error message lead to
    misunderstood some issue. Users have requested not to print this error
    message that occurs even though there is no problem.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Acked-by: Tom Talpey <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: Implements sess->ksmbd_chann_list as xarray [+ + +]
Author: Dawei Li <[email protected]>
Date:   Tue Dec 19 00:33:30 2023 +0900

    ksmbd: Implements sess->ksmbd_chann_list as xarray
    
    [ Upstream commit 1d9c4172110e645b383ff13eee759728d74f1a5d ]
    
    For some ops on channel:
    1. lookup_chann_list(), possibly on high frequency.
    2. ksmbd_chann_del().
    
    Connection is used as indexing key to lookup channel, in that case,
    linear search based on list may suffer a bit for performance.
    
    Implements sess->ksmbd_chann_list as xarray.
    
    Signed-off-by: Dawei Li <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: Implements sess->rpc_handle_list as xarray [+ + +]
Author: Dawei Li <[email protected]>
Date:   Tue Dec 19 00:33:31 2023 +0900

    ksmbd: Implements sess->rpc_handle_list as xarray
    
    [ Upstream commit b685757c7b08d5073046fb379be965fd6c06aafc ]
    
    For some ops on rpc handle:
    1. ksmbd_session_rpc_method(), possibly on high frequency.
    2. ksmbd_session_rpc_close().
    
    id is used as indexing key to lookup channel, in that case,
    linear search based on list may suffer a bit for performance.
    
    Implements sess->rpc_handle_list as xarray.
    
    Signed-off-by: Dawei Li <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: make utf-8 file name comparison work in __caseless_lookup() [+ + +]
Author: Atte Heikkilä <[email protected]>
Date:   Tue Dec 19 00:33:21 2023 +0900

    ksmbd: make utf-8 file name comparison work in __caseless_lookup()
    
    [ Upstream commit dbab80e2071ad8c702e50dab43326608a127d27b ]
    
    Case-insensitive file name lookups with __caseless_lookup() use
    strncasecmp() for file name comparison. strncasecmp() assumes an
    ISO8859-1-compatible encoding, which is not the case here as UTF-8
    is always used. As such, use of strncasecmp() here produces correct
    results only if both strings use characters in the ASCII range only.
    Fix this by using utf8_strncasecmp() if CONFIG_UNICODE is set. On
    failure or if CONFIG_UNICODE is not set, fallback to strncasecmp().
    Also, as we are adding an include for `linux/unicode.h', include it
    in `fs/ksmbd/connection.h' as well since it should be explicit there.
    
    Signed-off-by: Atte Heikkilä <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: move oplock handling after unlock parent dir [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:51 2023 +0900

    ksmbd: move oplock handling after unlock parent dir
    
    [ Upstream commit 2e450920d58b4991a436c8cecf3484bcacd8e535 ]
    
    ksmbd should process secound parallel smb2 create request during waiting
    oplock break ack. parent lock range that is too large in smb2_open() causes
    smb2_open() to be serialized. Move the oplock handling to the bottom of
    smb2_open() and make it called after parent unlock. This fixes the failure
    of smb2.lease.breaking1 testcase.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: move setting SMB2_FLAGS_ASYNC_COMMAND and AsyncId [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:53 2023 +0900

    ksmbd: move setting SMB2_FLAGS_ASYNC_COMMAND and AsyncId
    
    [ Upstream commit 9ac45ac7cf65b0623ceeab9b28b307a08efa22dc ]
    
    Directly set SMB2_FLAGS_ASYNC_COMMAND flags and AsyncId in smb2 header of
    interim response instead of current response header.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: no need to wait for binded connection termination at logoff [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:45 2023 +0900

    ksmbd: no need to wait for binded connection termination at logoff
    
    [ Upstream commit 67797da8a4b82446d42c52b6ee1419a3100d78ff ]
    
    The connection could be binded to the existing session for Multichannel.
    session will be destroyed when binded connections are released.
    So no need to wait for that's connection at logoff.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: prevent memory leak on error return [+ + +]
Author: Zongmin Zhou <[email protected]>
Date:   Tue Dec 19 00:34:48 2023 +0900

    ksmbd: prevent memory leak on error return
    
    [ Upstream commit 90044481e7cca6cb3125b3906544954a25f1309f ]
    
    When allocated memory for 'new' failed,just return
    will cause memory leak of 'ar'.
    
    Fixes: 1819a9042999 ("ksmbd: reorganize ksmbd_iov_pin_rsp()")
    Reported-by: kernel test robot <[email protected]>
    Reported-by: Dan Carpenter <[email protected]>
    Closes: https://lore.kernel.org/r/[email protected]/
    Signed-off-by: Zongmin Zhou<[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: reduce descriptor size if remaining bytes is less than request size [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:22 2023 +0900

    ksmbd: reduce descriptor size if remaining bytes is less than request size
    
    [ Upstream commit e628bf939aafb61fbc56e9bdac8795cea5127e25 ]
    
    Create 3 kinds of files to reproduce this problem.
    
    dd if=/dev/urandom of=127k.bin bs=1024 count=127
    dd if=/dev/urandom of=128k.bin bs=1024 count=128
    dd if=/dev/urandom of=129k.bin bs=1024 count=129
    
    When copying files from ksmbd share to windows or cifs.ko, The following
    error message happen from windows client.
    
    "The file '129k.bin' is too large for the destination filesystem."
    
    We can see the error logs from ksmbd debug prints
    
    [48394.611537] ksmbd: RDMA r/w request 0x0: token 0x669d, length 0x20000
    [48394.612054] ksmbd: smb_direct: RDMA write, len 0x20000, needed credits 0x1
    [48394.612572] ksmbd: filename 129k.bin, offset 131072, len 131072
    [48394.614189] ksmbd: nbytes 1024, offset 132096 mincount 0
    [48394.614585] ksmbd: Failed to process 8 [-22]
    
    And we can reproduce it with cifs.ko,
    e.g. dd if=129k.bin of=/dev/null bs=128KB count=2
    
    This problem is that ksmbd rdma return error if remaining bytes is less
    than Length of Buffer Descriptor V1 Structure.
    
    smb_direct_rdma_xmit()
    ...
         if (desc_buf_len == 0 || total_length > buf_len ||
               total_length > t->max_rdma_rw_size)
                   return -EINVAL;
    
    This patch reduce descriptor size with remaining bytes and remove the
    check for total_length and buf_len.
    
    Cc: [email protected]
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: reduce server smbdirect max send/receive segment sizes [+ + +]
Author: Tom Talpey <[email protected]>
Date:   Tue Dec 19 00:33:19 2023 +0900

    ksmbd: reduce server smbdirect max send/receive segment sizes
    
    [ Upstream commit 78af146e109bef5b3c411964141c6f8adbccd3b0 ]
    
    Reduce ksmbd smbdirect max segment send and receive size to 1364
    to match protocol norms. Larger buffers are unnecessary and add
    significant memory overhead.
    
    Signed-off-by: Tom Talpey <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: register ksmbd ib client with ib_register_client() [+ + +]
Author: Hyunchul Lee <[email protected]>
Date:   Tue Dec 19 00:32:36 2023 +0900

    ksmbd: register ksmbd ib client with ib_register_client()
    
    [ Upstream commit 31928a001bed0d9642711d2eba520fc46d41c376 ]
    
    Register ksmbd ib client with ib_register_client() to find the rdma capable
    network adapter. If ops.get_netdev(Chelsio NICs) is NULL, ksmbd will find
    it using ib_device_get_by_netdev in old way.
    
    Signed-off-by: Hyunchul Lee <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: release interim response after sending status pending response [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:52 2023 +0900

    ksmbd: release interim response after sending status pending response
    
    [ Upstream commit 2a3f7857ec742e212d6cee7fbbf7b0e2ae7f5161 ]
    
    Add missing release async id and delete interim response entry after
    sending status pending response. This only cause when smb2 lease is enable.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: Remove a redundant zeroing of memory [+ + +]
Author: Christophe JAILLET <[email protected]>
Date:   Tue Dec 19 00:32:48 2023 +0900

    ksmbd: Remove a redundant zeroing of memory
    
    [ Upstream commit 56b401fb0c506120f25c1b4feeb96d9117efe171 ]
    
    fill_transform_hdr() has only one caller that already clears tr_buf (it is
    kzalloc'ed).
    
    So there is no need to clear it another time here.
    
    Remove the superfluous memset() and add a comment to remind that the caller
    must clear the buffer.
    
    Signed-off-by: Christophe JAILLET <[email protected]>
    Acked-by: Hyunchul Lee <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: remove duplicate flag set in smb2_write [+ + +]
Author: Hyunchul Lee <[email protected]>
Date:   Tue Dec 19 00:33:03 2023 +0900

    ksmbd: remove duplicate flag set in smb2_write
    
    [ Upstream commit 745bbc0995c25917dfafb645b8efb29813ef9e0b ]
    
    The writethrough flag is set again if is_rdma_channel is false.
    
    Signed-off-by: Hyunchul Lee <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: Remove duplicated codes [+ + +]
Author: Dawei Li <[email protected]>
Date:   Tue Dec 19 00:33:33 2023 +0900

    ksmbd: Remove duplicated codes
    
    [ Upstream commit 7010357004096e54c884813e702d71147dc081f8 ]
    
    ksmbd_neg_token_init_mech_token() and ksmbd_neg_token_targ_resp_token()
    share same implementation, unify them.
    
    Signed-off-by: Dawei Li <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: remove experimental warning [+ + +]
Author: Steve French <[email protected]>
Date:   Tue Dec 19 00:34:26 2023 +0900

    ksmbd: remove experimental warning
    
    [ Upstream commit f5069159f32c8c943e047f22731317463c8e9b84 ]
    
    ksmbd has made significant improvements over the past two
    years and is regularly tested and used.  Remove the experimental
    warning.
    
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: remove filename in ksmbd_file [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:32:51 2023 +0900

    ksmbd: remove filename in ksmbd_file
    
    [ Upstream commit 50f500b7f6335404b18bbffa93e3a905a08d061a ]
    
    If the filename is change by underlying rename the server, fp->filename
    and real filename can be different. This patch remove the uses of
    fp->filename in ksmbd and replace it with d_path().
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Reviewed-by: Hyunchul Lee <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: remove generic_fillattr use in smb2_open() [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:11 2023 +0900

    ksmbd: remove generic_fillattr use in smb2_open()
    
    [ Upstream commit 823d0d3e2b05791ba8cbab22574b947c21f89c18 ]
    
    Removed the use of unneeded generic_fillattr() in smb2_open().
    
    Reviewed-by: Hyunchul Lee <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: remove md4 leftovers [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:32:24 2023 +0900

    ksmbd: remove md4 leftovers
    
    [ Upstream commit 561a1cf57535154f094f31167a9170197caae686 ]
    
    As NTLM authentication is removed, md4 is no longer used.
    ksmbd remove md4 leftovers, i.e. select CRYPTO_MD4, MODULE_SOFTDEP md4.
    
    Acked-by: Hyunchul Lee <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: Remove redundant 'flush_workqueue()' calls [+ + +]
Author: Christophe JAILLET <[email protected]>
Date:   Tue Dec 19 00:32:23 2023 +0900

    ksmbd: Remove redundant 'flush_workqueue()' calls
    
    [ Upstream commit e8d585b2f68c0b10c966ee55146de043429085a3 ]
    
    'destroy_workqueue()' already drains the queue before destroying it, so
    there is no need to flush it explicitly.
    
    Remove the redundant 'flush_workqueue()' calls.
    
    This was generated with coccinelle:
    
    @@
    expression E;
    @@
    -       flush_workqueue(E);
            destroy_workqueue(E);
    
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Christophe JAILLET <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: remove smb2_buf_length in smb2_hdr [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:32:25 2023 +0900

    ksmbd: remove smb2_buf_length in smb2_hdr
    
    [ Upstream commit cb4517201b8acdb5fd5314494aaf86c267f22345 ]
    
    To move smb2_hdr to smbfs_common, This patch remove smb2_buf_length
    variable in smb2_hdr. Also, declare smb2_get_msg function to get smb2
    request/response from ->request/response_buf.
    
    Cc: Ronnie Sahlberg <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: remove smb2_buf_length in smb2_transform_hdr [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:32:26 2023 +0900

    ksmbd: remove smb2_buf_length in smb2_transform_hdr
    
    [ Upstream commit 2dd9129f7dec1de369e4447a54ea2edf695f765b ]
    
    To move smb2_transform_hdr to smbfs_common, This patch remove
    smb2_buf_length variable in smb2_transform_hdr.
    
    Cc: Ronnie Sahlberg <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: remove unnecessary generic_fillattr in smb2_open [+ + +]
Author: Hyunchul Lee <[email protected]>
Date:   Tue Dec 19 00:33:07 2023 +0900

    ksmbd: remove unnecessary generic_fillattr in smb2_open
    
    [ Upstream commit c90b31eaf9e77269d3803ed9223a2e0168b519ac ]
    
    Remove unnecessary generic_fillattr to fix wrong
    AllocationSize of SMB2_CREATE response, And
    Move the call of ksmbd_vfs_getattr above the place
    where stat is needed because of truncate.
    
    This patch fixes wrong AllocationSize of SMB2_CREATE
    response. Because ext4 updates inode->i_blocks only
    when disk space is allocated, generic_fillattr does
    not set stat.blocks properly for delayed allocation.
    But ext4 returns the blocks that include the delayed
    allocation blocks when getattr is called.
    
    The issue can be reproduced with commands below:
    
    touch ${FILENAME}
    xfs_io -c "pwrite -S 0xAB 0 40k" ${FILENAME}
    xfs_io -c "stat" ${FILENAME}
    
    40KB are written, but the count of blocks is 8.
    
    Signed-off-by: Hyunchul Lee <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: remove unneeded mark_inode_dirty in set_info_sec() [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:27 2023 +0900

    ksmbd: remove unneeded mark_inode_dirty in set_info_sec()
    
    [ Upstream commit e4e14095cc68a2efefba6f77d95efe1137e751d4 ]
    
    mark_inode_dirty will be called in notify_change().
    This patch remove unneeded mark_inode_dirty in set_info_sec().
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: remove unused compression negotiate ctx packing [+ + +]
Author: David Disseldorp <[email protected]>
Date:   Tue Dec 19 00:33:45 2023 +0900

    ksmbd: remove unused compression negotiate ctx packing
    
    [ Upstream commit af36c51e0e111de4e908328d49cba49de758f66e ]
    
    build_compression_ctxt() is currently unreachable due to
    conn.compress_algorithm remaining zero (SMB3_COMPRESS_NONE).
    
    It appears to have been broken in a couple of subtle ways over the
    years:
    - prior to d6c9ad23b421 ("ksmbd: use the common definitions for
      NEGOTIATE_PROTOCOL") smb2_compression_ctx.DataLength was set to 8,
      which didn't account for the single CompressionAlgorithms flexible
      array member.
    - post d6c9ad23b421 smb2_compression_capabilities_context
      CompressionAlgorithms is a three member array, while
      CompressionAlgorithmCount is set to indicate only one member.
      assemble_neg_contexts() ctxt_size is also incorrectly incremented by
      sizeof(struct smb2_compression_capabilities_context) + 2, which
      assumes one flexible array member.
    
    Signed-off-by: David Disseldorp <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: Remove unused field in ksmbd_user struct [+ + +]
Author: Cheng-Han Wu <[email protected]>
Date:   Tue Dec 19 00:34:39 2023 +0900

    ksmbd: Remove unused field in ksmbd_user struct
    
    [ Upstream commit eacc655e18d1dec9b50660d16a1ddeeb4d6c48f2 ]
    
    fs/smb/server/mgmt/user_config.h:21: Remove the unused field 'failed_login_count' from the ksmbd_user struct.
    
    Signed-off-by: Cheng-Han Wu <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: Remove unused fields from ksmbd_file struct definition [+ + +]
Author: Marios Makassikis <[email protected]>
Date:   Tue Dec 19 00:32:30 2023 +0900

    ksmbd: Remove unused fields from ksmbd_file struct definition
    
    [ Upstream commit 305f8bda15ebbe4004681286a5c67d0dc296c771 ]
    
    These fields are remnants of the not upstreamed SMB1 code.
    
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Marios Makassikis <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: remove unused is_char_allowed function [+ + +]
Author: Tom Rix <[email protected]>
Date:   Tue Dec 19 00:33:39 2023 +0900

    ksmbd: remove unused is_char_allowed function
    
    [ Upstream commit 2824861773eb512b37547516d81ef78108032cb2 ]
    
    clang with W=1 reports
    fs/ksmbd/unicode.c:122:19: error: unused function
      'is_char_allowed' [-Werror,-Wunused-function]
    static inline int is_char_allowed(char *ch)
                      ^
    This function is not used so remove it.
    
    Signed-off-by: Tom Rix <[email protected]>
    Reviewed-by: Sergey Senozhatsky <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: remove unused ksmbd_share_configs_cleanup function [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:04 2023 +0900

    ksmbd: remove unused ksmbd_share_configs_cleanup function
    
    [ Upstream commit 1c90b54718fdea4f89e7e0c2415803f33f6d0b00 ]
    
    remove unused ksmbd_share_configs_cleanup function.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: remove unused ksmbd_tree_conn_share function [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:04 2023 +0900

    ksmbd: remove unused ksmbd_tree_conn_share function
    
    [ Upstream commit 7bd9f0876fdef00f4e155be35e6b304981a53f80 ]
    
    Remove unused ksmbd_tree_conn_share function.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Reviewed-by: Sergey Senozhatsky <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: Remove unused parameter from smb2_get_name() [+ + +]
Author: Marios Makassikis <[email protected]>
Date:   Tue Dec 19 00:32:29 2023 +0900

    ksmbd: Remove unused parameter from smb2_get_name()
    
    [ Upstream commit 80917f17e3f99027661a45262c310139e53a9faa ]
    
    The 'share' parameter is no longer used by smb2_get_name() since
    commit 265fd1991c1d ("ksmbd: use LOOKUP_BENEATH to prevent the out of
    share access").
    
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Marios Makassikis <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: reorganize ksmbd_iov_pin_rsp() [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:40 2023 +0900

    ksmbd: reorganize ksmbd_iov_pin_rsp()
    
    [ Upstream commit 1819a904299942b309f687cc0f08b123500aa178 ]
    
    If ksmbd_iov_pin_rsp fail, io vertor should be rollback.
    This patch moves memory allocations to before setting the io vector
    to avoid rollbacks.
    
    Fixes: e2b76ab8b5c9 ("ksmbd: add support for read compound")
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: Replace one-element array with flexible-array member [+ + +]
Author: Gustavo A. R. Silva <[email protected]>
Date:   Tue Dec 19 00:34:13 2023 +0900

    ksmbd: Replace one-element array with flexible-array member
    
    [ Upstream commit 11d5e2061e973a8d4ff2b95a114b4b8ef8652633 ]
    
    One-element arrays are deprecated, and we are replacing them with flexible
    array members instead. So, replace one-element array with flexible-array
    member in struct smb_negotiate_req.
    
    This results in no differences in binary output.
    
    Link: https://github.com/KSPP/linux/issues/79
    Link: https://github.com/KSPP/linux/issues/317
    Signed-off-by: Gustavo A. R. Silva <[email protected]>
    Reviewed-by: Kees Cook <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Reviewed-by: Sergey Senozhatsky <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: replace one-element arrays with flexible-array members [+ + +]
Author: Gustavo A. R. Silva <[email protected]>
Date:   Tue Dec 19 00:33:24 2023 +0900

    ksmbd: replace one-element arrays with flexible-array members
    
    [ Upstream commit d272e01fa0a2f15c5c331a37cd99c6875c7b7186 ]
    
    One-element arrays are deprecated, and we are replacing them with flexible
    array members instead. So, replace one-element arrays with flexible-array
    members in multiple structs in fs/ksmbd/smb_common.h and one in
    fs/ksmbd/smb2pdu.h.
    
    Important to mention is that doing a build before/after this patch results
    in no binary output differences.
    
    This helps with the ongoing efforts to tighten the FORTIFY_SOURCE routines
    on memcpy() and help us make progress towards globally enabling
    -fstrict-flex-arrays=3 [1].
    
    Link: https://github.com/KSPP/linux/issues/242
    Link: https://github.com/KSPP/linux/issues/79
    Link: https://gcc.gnu.org/pipermail/gcc-patches/2022-October/602902.html [1]
    Signed-off-by: Gustavo A. R. Silva <[email protected]>
    Reviewed-by: Sergey Senozhatsky <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Reviewed-by: Kees Cook <[email protected]>
    Signed-off-by: Kees Cook <[email protected]>
    Link: https://lore.kernel.org/r/Y3OxronfaPYv9qGP@work
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: Replace the ternary conditional operator with min() [+ + +]
Author: Lu Hongfei <[email protected]>
Date:   Tue Dec 19 00:34:09 2023 +0900

    ksmbd: Replace the ternary conditional operator with min()
    
    [ Upstream commit f65fadb0422537d73f9a6472861852dc2f7a6a5b ]
    
    It would be better to replace the traditional ternary conditional
    operator with min() in compare_sids.
    
    Signed-off-by: Lu Hongfei <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: replace usage of found with dedicated list iterator variable [+ + +]
Author: Jakob Koschel <[email protected]>
Date:   Tue Dec 19 00:32:49 2023 +0900

    ksmbd: replace usage of found with dedicated list iterator variable
    
    [ Upstream commit edf5f0548fbb77e20b898460dc25281b0f4d974d ]
    
    To move the list iterator variable into the list_for_each_entry_*()
    macro in the future it should be avoided to use the list iterator
    variable after the loop body.
    
    To *never* use the list iterator variable after the loop it was
    concluded to use a separate iterator variable instead of a
    found boolean [1].
    
    This removes the need to use a found variable and simply checking if
    the variable was set, can determine if the break/goto was hit.
    
    Link: https://lore.kernel.org/all/CAHk-=wgRr_D8CB-D9Kg-c=EHreAsk5SqXPwr9Y7k9sA6cWXJ6w@mail.gmail.com/
    Signed-off-by: Jakob Koschel <[email protected]>
    Reviewed-by: Hyunchul Lee <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: request update to stale share config [+ + +]
Author: Atte Heikkilä <[email protected]>
Date:   Tue Dec 19 00:33:06 2023 +0900

    ksmbd: request update to stale share config
    
    [ Upstream commit 4963d74f8a6cc0eafd71d9ffc13e3a11ff1dd160 ]
    
    ksmbd_share_config_get() retrieves the cached share config as long
    as there is at least one connection to the share. This is an issue when
    the user space utilities are used to update share configs. In that case
    there is a need to inform ksmbd that it should not use the cached share
    config for a new connection to the share. With these changes the tree
    connection flag KSMBD_TREE_CONN_FLAG_UPDATE indicates this. When this
    flag is set, ksmbd removes the share config from the shares hash table
    meaning that ksmbd_share_config_get() ends up requesting a share config
    from user space.
    
    Signed-off-by: Atte Heikkilä <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: return a literal instead of 'err' in ksmbd_vfs_kern_path_locked() [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:06 2023 +0900

    ksmbd: return a literal instead of 'err' in ksmbd_vfs_kern_path_locked()
    
    [ Upstream commit cf5e7f734f445588a30350591360bca2f6bf016f ]
    
    Return a literal instead of 'err' in ksmbd_vfs_kern_path_locked().
    
    Reported-by: Dan Carpenter <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: return invalid parameter error response if smb2 request is invalid [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:29 2023 +0900

    ksmbd: return invalid parameter error response if smb2 request is invalid
    
    [ Upstream commit f2f11fca5d7112e2f91c4854cddd68a059fdaa4a ]
    
    If smb2 request from client is invalid, The following kernel oops could
    happen. The patch e2b76ab8b5c9: "ksmbd: add support for read compound"
    leads this issue. When request is invalid, It doesn't set anything in
    the response buffer. This patch add missing set invalid parameter error
    response.
    
    [  673.085542] ksmbd: cli req too short, len 184 not 142. cmd:5 mid:109
    [  673.085580] BUG: kernel NULL pointer dereference, address: 0000000000000000
    [  673.085591] #PF: supervisor read access in kernel mode
    [  673.085600] #PF: error_code(0x0000) - not-present page
    [  673.085608] PGD 0 P4D 0
    [  673.085620] Oops: 0000 [#1] PREEMPT SMP NOPTI
    [  673.085631] CPU: 3 PID: 1039 Comm: kworker/3:0 Not tainted 6.6.0-rc2-tmt #16
    [  673.085643] Hardware name: AZW U59/U59, BIOS JTKT001 05/05/2022
    [  673.085651] Workqueue: ksmbd-io handle_ksmbd_work [ksmbd]
    [  673.085719] RIP: 0010:ksmbd_conn_write+0x68/0xc0 [ksmbd]
    [  673.085808] RAX: 0000000000000000 RBX: ffff88811ade4f00 RCX: 0000000000000000
    [  673.085817] RDX: 0000000000000000 RSI: ffff88810c2a9780 RDI: ffff88810c2a9ac0
    [  673.085826] RBP: ffffc900005e3e00 R08: 0000000000000000 R09: 0000000000000000
    [  673.085834] R10: ffffffffa3168160 R11: 63203a64626d736b R12: ffff8881057c8800
    [  673.085842] R13: ffff8881057c8820 R14: ffff8882781b2380 R15: ffff8881057c8800
    [  673.085852] FS:  0000000000000000(0000) GS:ffff888278180000(0000) knlGS:0000000000000000
    [  673.085864] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    [  673.085872] CR2: 0000000000000000 CR3: 000000015b63c000 CR4: 0000000000350ee0
    [  673.085883] Call Trace:
    [  673.085890]  <TASK>
    [  673.085900]  ? show_regs+0x6a/0x80
    [  673.085916]  ? __die+0x25/0x70
    [  673.085926]  ? page_fault_oops+0x154/0x4b0
    [  673.085938]  ? tick_nohz_tick_stopped+0x18/0x50
    [  673.085954]  ? __irq_work_queue_local+0xba/0x140
    [  673.085967]  ? do_user_addr_fault+0x30f/0x6c0
    [  673.085979]  ? exc_page_fault+0x79/0x180
    [  673.085992]  ? asm_exc_page_fault+0x27/0x30
    [  673.086009]  ? ksmbd_conn_write+0x68/0xc0 [ksmbd]
    [  673.086067]  ? ksmbd_conn_write+0x46/0xc0 [ksmbd]
    [  673.086123]  handle_ksmbd_work+0x28d/0x4b0 [ksmbd]
    [  673.086177]  process_one_work+0x178/0x350
    [  673.086193]  ? __pfx_worker_thread+0x10/0x10
    [  673.086202]  worker_thread+0x2f3/0x420
    [  673.086210]  ? _raw_spin_unlock_irqrestore+0x27/0x50
    [  673.086222]  ? __pfx_worker_thread+0x10/0x10
    [  673.086230]  kthread+0x103/0x140
    [  673.086242]  ? __pfx_kthread+0x10/0x10
    [  673.086253]  ret_from_fork+0x39/0x60
    [  673.086263]  ? __pfx_kthread+0x10/0x10
    [  673.086274]  ret_from_fork_asm+0x1b/0x30
    
    Fixes: e2b76ab8b5c9 ("ksmbd: add support for read compound")
    Reported-by: Tom Talpey <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: send proper error response in smb2_tree_connect() [+ + +]
Author: Marios Makassikis <[email protected]>
Date:   Tue Dec 19 00:33:29 2023 +0900

    ksmbd: send proper error response in smb2_tree_connect()
    
    [ Upstream commit cdfb2fef522d0c3f9cf293db51de88e9b3d46846 ]
    
    Currently, smb2_tree_connect doesn't send an error response packet on
    error.
    
    This causes libsmb2 to skip the specific error code and fail with the
    following:
     smb2_service failed with : Failed to parse fixed part of command
     payload. Unexpected size of Error reply. Expected 9, got 8
    
    Signed-off-by: Marios Makassikis <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: separately allocate ci per dentry [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:50 2023 +0900

    ksmbd: separately allocate ci per dentry
    
    [ Upstream commit 4274a9dc6aeb9fea66bffba15697a35ae8983b6a ]
    
    xfstests generic/002 test fail when enabling smb2 leases feature.
    This test create hard link file, but removeal failed.
    ci has a file open count to count file open through the smb client,
    but in the case of hard link files, The allocation of ci per inode
    cause incorrectly open count for file deletion. This patch allocate
    ci per dentry to counts open counts for hard link.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: set 445 port to smbdirect port by default [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:32:37 2023 +0900

    ksmbd: set 445 port to smbdirect port by default
    
    [ Upstream commit cb097b3dd5ece9596a0a0b7e33893c02a9bde8c6 ]
    
    When SMB Direct is used with iWARP, Windows use 5445 port for smb direct
    port, 445 port for SMB. This patch check ib_device using ib_client to
    know if NICs type is iWARP or Infiniband.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: set both ipv4 and ipv6 in FSCTL_QUERY_NETWORK_INTERFACE_INFO [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:32:31 2023 +0900

    ksmbd: set both ipv4 and ipv6 in FSCTL_QUERY_NETWORK_INTERFACE_INFO
    
    [ Upstream commit a58b45a4dbfd0bf2ebb157789da4d8e6368afb1b ]
    
    Set ipv4 and ipv6 address in FSCTL_QUERY_NETWORK_INTERFACE_INFO.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: set file permission mode to match Samba server posix extension behavior [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:14 2023 +0900

    ksmbd: set file permission mode to match Samba server posix extension behavior
    
    [ Upstream commit f6c2b201da7588f7f7688ddc99b7bb000609129c ]
    
    Set file permission mode to match Samba server posix extension behavior.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: set NegotiateContextCount once instead of every inc [+ + +]
Author: David Disseldorp <[email protected]>
Date:   Tue Dec 19 00:33:43 2023 +0900

    ksmbd: set NegotiateContextCount once instead of every inc
    
    [ Upstream commit 34e8ccf9ce24b6b2e275bbe35cd392e18fbbd369 ]
    
    There are no early returns, so marshalling the incremented
    NegotiateContextCount with every context is unnecessary.
    
    Signed-off-by: David Disseldorp <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: set NTLMSSP_NEGOTIATE_SEAL flag to challenge blob [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:17 2023 +0900

    ksmbd: set NTLMSSP_NEGOTIATE_SEAL flag to challenge blob
    
    [ Upstream commit 5bedae90b369ca1a7660b9af39591ed19009b495 ]
    
    If NTLMSSP_NEGOTIATE_SEAL flags is set in negotiate blob from client,
    Set NTLMSSP_NEGOTIATE_SEAL flag to challenge blob.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: set SMB2_SESSION_FLAG_ENCRYPT_DATA when enforcing data encryption for this share [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:25 2023 +0900

    ksmbd: set SMB2_SESSION_FLAG_ENCRYPT_DATA when enforcing data encryption for this share
    
    [ Upstream commit 37ba7b005a7a4454046bd8659c7a9c5330552396 ]
    
    Currently, SMB2_SESSION_FLAG_ENCRYPT_DATA is always set session setup
    response. Since this forces data encryption from the client, there is a
    problem that data is always encrypted regardless of the use of the cifs
    seal mount option. SMB2_SESSION_FLAG_ENCRYPT_DATA should be set according
    to KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION flags, and in case of
    KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION_OFF, encryption mode is turned off for
    all connections.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: shorten experimental warning on loading the module [+ + +]
Author: Steve French <[email protected]>
Date:   Tue Dec 19 00:32:47 2023 +0900

    ksmbd: shorten experimental warning on loading the module
    
    [ Upstream commit adc32821409aef8d7f6d868c20a96f4901f48705 ]
    
    ksmbd is continuing to improve.  Shorten the warning message
    logged the first time it is loaded to:
       "The ksmbd server is experimental"
    
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: smbd: call rdma_accept() under CM handler [+ + +]
Author: Hyunchul Lee <[email protected]>
Date:   Tue Dec 19 00:32:38 2023 +0900

    ksmbd: smbd: call rdma_accept() under CM handler
    
    [ Upstream commit 99b7650ac51847e81b4d5139824e321e6cb76130 ]
    
    if CONFIG_LOCKDEP is enabled, the following
    kernel warning message is generated because
    rdma_accept() checks whehter the handler_mutex
    is held by lockdep_assert_held. CM(Connection
    Manager) holds the mutex before CM handler
    callback is called.
    
    [   63.211405 ] WARNING: CPU: 1 PID: 345 at drivers/infiniband/core/cma.c:4405 rdma_accept+0x17a/0x350
    [   63.212080 ] RIP: 0010:rdma_accept+0x17a/0x350
    ...
    [   63.214036 ] Call Trace:
    [   63.214098 ]  <TASK>
    [   63.214185 ]  smb_direct_accept_client+0xb4/0x170 [ksmbd]
    [   63.214412 ]  smb_direct_prepare+0x322/0x8c0 [ksmbd]
    [   63.214555 ]  ? rcu_read_lock_sched_held+0x3a/0x70
    [   63.214700 ]  ksmbd_conn_handler_loop+0x63/0x270 [ksmbd]
    [   63.214826 ]  ? ksmbd_conn_alive+0x80/0x80 [ksmbd]
    [   63.214952 ]  kthread+0x171/0x1a0
    [   63.215039 ]  ? set_kthread_struct+0x40/0x40
    [   63.215128 ]  ret_from_fork+0x22/0x30
    
    To avoid this, move creating a queue pair and accepting
    a client from transport_ops->prepare() to
    smb_direct_handle_connect_request().
    
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Hyunchul Lee <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: smbd: change prototypes of RDMA read/write related functions [+ + +]
Author: Hyunchul Lee <[email protected]>
Date:   Tue Dec 19 00:32:53 2023 +0900

    ksmbd: smbd: change prototypes of RDMA read/write related functions
    
    [ Upstream commit 1807abcf8778bcbbf584fe54da9ccbe9029c49bb ]
    
    Change the prototypes of RDMA read/write
    operations to accept a pointer and length
    of buffer descriptors.
    
    Signed-off-by: Hyunchul Lee <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: smbd: change the default maximum read/write, receive size [+ + +]
Author: Hyunchul Lee <[email protected]>
Date:   Tue Dec 19 00:32:40 2023 +0900

    ksmbd: smbd: change the default maximum read/write, receive size
    
    [ Upstream commit 4d02c4fdc0e256b493f9a3b604c7ff18f0019f17 ]
    
    Due to restriction that cannot handle multiple
    buffer descriptor structures, decrease the maximum
    read/write size for Windows clients.
    
    And set the maximum fragmented receive size
    in consideration of the receive queue size.
    
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Hyunchul Lee <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: smbd: change the return value of get_sg_list [+ + +]
Author: Hyunchul Lee <[email protected]>
Date:   Tue Dec 19 00:32:56 2023 +0900

    ksmbd: smbd: change the return value of get_sg_list
    
    [ Upstream commit 4e3edd0092704b25626a0fe60a974f6f382ff93d ]
    
    Make get_sg_list return EINVAL if there aren't
    mapped scatterlists.
    
    Signed-off-by: Hyunchul Lee <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: smbd: create MR pool [+ + +]
Author: Hyunchul Lee <[email protected]>
Date:   Tue Dec 19 00:32:39 2023 +0900

    ksmbd: smbd: create MR pool
    
    [ Upstream commit c9f189271cff85d5d735e25dfa4bc95952ec12d8 ]
    
    Create a memory region pool because rdma_rw_ctx_init()
    uses memory registration if memory registration yields
    better performance than using multiple SGE entries.
    
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Hyunchul Lee <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: smbd: fix connection dropped issue [+ + +]
Author: Hyunchul Lee <[email protected]>
Date:   Tue Dec 19 00:33:00 2023 +0900

    ksmbd: smbd: fix connection dropped issue
    
    [ Upstream commit 5366afc4065075a4456941fbd51c33604d631ee5 ]
    
    When there are bursty connection requests,
    RDMA connection event handler is deferred and
    Negotiation requests are received even if
    connection status is NEW.
    
    To handle it, set the status to CONNECTED
    if Negotiation requests are received.
    
    Reported-by: Yufan Chen <[email protected]>
    Signed-off-by: Hyunchul Lee <[email protected]>
    Tested-by: Yufan Chen <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: smbd: fix missing client's memory region invalidation [+ + +]
Author: Hyunchul Lee <[email protected]>
Date:   Tue Dec 19 00:32:42 2023 +0900

    ksmbd: smbd: fix missing client's memory region invalidation
    
    [ Upstream commit 2fd5dcb1c8ef96c9f0fa8bda53ca480524b80ae7 ]
    
    if the Channel of a SMB2 WRITE request is
    SMB2_CHANNEL_RDMA_V1_INVALIDTE, a client
    does not invalidate its memory regions but
    ksmbd must do it by sending a SMB2 WRITE response
    with IB_WR_SEND_WITH_INV.
    
    But if errors occur while processing a SMB2
    READ/WRITE request, ksmbd sends a response
    with IB_WR_SEND. So a client could use memory
    regions already in use.
    
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Hyunchul Lee <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: smbd: handle multiple Buffer descriptors [+ + +]
Author: Hyunchul Lee <[email protected]>
Date:   Tue Dec 19 00:32:57 2023 +0900

    ksmbd: smbd: handle multiple Buffer descriptors
    
    [ Upstream commit ee1b0558965909872775183dc237cdf9f8eddaba ]
    
    Make ksmbd handle multiple buffer descriptors
    when reading and writing files using SMB direct:
    Post the work requests of rdma_rw_ctx for
    RDMA read/write in smb_direct_rdma_xmit(), and
    the work request for the READ/WRITE response
    with a remote invalidation in smb_direct_writev().
    
    Signed-off-by: Hyunchul Lee <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: smbd: introduce read/write credits for RDMA read/write [+ + +]
Author: Hyunchul Lee <[email protected]>
Date:   Tue Dec 19 00:32:54 2023 +0900

    ksmbd: smbd: introduce read/write credits for RDMA read/write
    
    [ Upstream commit ddbdc861e37c168cf2fb8a7b7477f5d18b4daf76 ]
    
    SMB2_READ/SMB2_WRITE request has to be granted the number
    of rw credits, the pages the request wants to transfer
    / the maximum pages which can be registered with one
    MR to read and write a file.
    And allocate enough RDMA resources for the maximum
    number of rw credits allowed by ksmbd.
    
    Signed-off-by: Hyunchul Lee <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: smbd: relax the count of sges required [+ + +]
Author: Hyunchul Lee <[email protected]>
Date:   Tue Dec 19 00:33:01 2023 +0900

    ksmbd: smbd: relax the count of sges required
    
    [ Upstream commit 621433b7e25d6d42e5f75bd8c4a62d6c7251511b ]
    
    Remove the condition that the count of sges
    must be greater than or equal to
    SMB_DIRECT_MAX_SEND_SGES(8).
    Because ksmbd needs sges only for SMB direct
    header, SMB2 transform header, SMB2 response,
    and optional payload.
    
    Signed-off-by: Hyunchul Lee <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Reviewed-by: Tom Talpey <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: smbd: Remove useless license text when SPDX-License-Identifier is already used [+ + +]
Author: Christophe JAILLET <[email protected]>
Date:   Tue Dec 19 00:33:02 2023 +0900

    ksmbd: smbd: Remove useless license text when SPDX-License-Identifier is already used
    
    [ Upstream commit 06ee1c0aebd5dfdf6bf237165b22415f64f38b7c ]
    
    An SPDX-License-Identifier is already in place. There is no need to
    duplicate part of the corresponding license.
    
    Signed-off-by: Christophe JAILLET <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: smbd: simplify tracking pending packets [+ + +]
Author: Hyunchul Lee <[email protected]>
Date:   Tue Dec 19 00:32:55 2023 +0900

    ksmbd: smbd: simplify tracking pending packets
    
    [ Upstream commit 11659a8ddbd9c4c1ab6f3b8f52837178ef121b20 ]
    
    Because we don't have to tracking pending packets
    by dividing these into packets with payload and
    packets without payload, merge the tracking code.
    
    Signed-off-by: Hyunchul Lee <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: smbd: validate buffer descriptor structures [+ + +]
Author: Hyunchul Lee <[email protected]>
Date:   Tue Dec 19 00:32:43 2023 +0900

    ksmbd: smbd: validate buffer descriptor structures
    
    [ Upstream commit 6d896d3b44cf64ab9b2483697e222098e7b72f70 ]
    
    Check ChannelInfoOffset and ChannelInfoLength
    to validate buffer descriptor structures.
    And add a debug log to print the structures'
    content.
    
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Hyunchul Lee <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: store fids as opaque u64 integers [+ + +]
Author: Paulo Alcantara (SUSE) <[email protected]>
Date:   Tue Dec 19 00:32:46 2023 +0900

    ksmbd: store fids as opaque u64 integers
    
    [ Upstream commit 2d004c6cae567e33ab2e197757181c72a322451f ]
    
    There is no need to store the fids as le64 integers as they are opaque
    to the client and only used for equality.
    
    Signed-off-by: Paulo Alcantara (SUSE) <[email protected]>
    Reviewed-by: Tom Talpey <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: switch to use kmemdup_nul() helper [+ + +]
Author: Yang Yingliang <[email protected]>
Date:   Tue Dec 19 00:34:18 2023 +0900

    ksmbd: switch to use kmemdup_nul() helper
    
    [ Upstream commit 084ba46fc41c21ba827fd92e61f78def7a6e52ea ]
    
    Use kmemdup_nul() helper instead of open-coding to
    simplify the code.
    
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Yang Yingliang <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: update Kconfig to note Kerberos support and fix indentation [+ + +]
Author: Steve French <[email protected]>
Date:   Tue Dec 19 00:33:34 2023 +0900

    ksmbd: update Kconfig to note Kerberos support and fix indentation
    
    [ Upstream commit d280a958f8b2b62610c280ecdf35d780e7922620 ]
    
    Fix indentation of server config options, and also since
    support for very old, less secure, NTLM authentication was removed
    (and quite a while ago), remove the mention of that in Kconfig, but
    do note Kerberos (not just NTLMv2) which are supported and much
    more secure.
    
    Acked-by: Namjae Jeon <[email protected]>
    Acked-by: David Howells <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: use F_SETLK when unlocking a file [+ + +]
Author: Jeff Layton <[email protected]>
Date:   Tue Dec 19 00:33:26 2023 +0900

    ksmbd: use F_SETLK when unlocking a file
    
    [ Upstream commit 7ecbe92696bb7fe32c80b6cf64736a0d157717a9 ]
    
    ksmbd seems to be trying to use a cmd value of 0 when unlocking a file.
    That activity requires a type of F_UNLCK with a cmd of F_SETLK. For
    local POSIX locking, it doesn't matter much since vfs_lock_file ignores
    @cmd, but filesystems that define their own ->lock operation expect to
    see it set sanely.
    
    Cc: David Howells <[email protected]>
    Signed-off-by: Jeff Layton <[email protected]>
    Reviewed-by: David Howells <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: use ksmbd_req_buf_next() in ksmbd_verify_smb_message() [+ + +]
Author: Ralph Boehme <[email protected]>
Date:   Tue Dec 19 00:32:21 2023 +0900

    ksmbd: use ksmbd_req_buf_next() in ksmbd_verify_smb_message()
    
    [ Upstream commit a088ac859f8124d491f02a19d080fc5ee4dbd202 ]
    
    Use ksmbd_req_buf_next() in ksmbd_verify_smb_message().
    
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Ralph Boehme <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>
ksmbd: use kvzalloc instead of kvmalloc [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:08 2023 +0900

    ksmbd: use kvzalloc instead of kvmalloc
    
    [ Upstream commit 81a94b27847f7d2e499415db14dd9dc7c22b19b0 ]
    
    Use kvzalloc instead of kvmalloc.
    
    Reported-by: kernel test robot <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: use kzalloc() instead of __GFP_ZERO [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:05 2023 +0900

    ksmbd: use kzalloc() instead of __GFP_ZERO
    
    [ Upstream commit f87d4f85f43f0d4b12ef64b015478d8053e1a33e ]
    
    Use kzalloc() instead of __GFP_ZERO.
    
    Reported-by: Dan Carpenter <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Reviewed-by: Sergey Senozhatsky <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: use netif_is_bridge_port [+ + +]
Author: Tobias Klauser <[email protected]>
Date:   Tue Dec 19 00:32:45 2023 +0900

    ksmbd: use netif_is_bridge_port
    
    [ Upstream commit 1b699bf3a8786f7d41eebd9f6ba673185fa5b6bd ]
    
    Use netif_is_bridge_port defined in <linux/netdevice.h> instead of
    open-coding it.
    
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Tobias Klauser <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: use oid registry functions to decode OIDs [+ + +]
Author: Hyunchul Lee <[email protected]>
Date:   Tue Dec 19 00:32:28 2023 +0900

    ksmbd: use oid registry functions to decode OIDs
    
    [ Upstream commit 294277410cf3b46bee2b8282ab754e52975c0a70 ]
    
    Use look_up_OID to decode OIDs rather than
    implementing functions.
    
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Hyunchul Lee <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect() [+ + +]
Author: Gustavo A. R. Silva <[email protected]>
Date:   Tue Dec 19 00:34:12 2023 +0900

    ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect()
    
    [ Upstream commit 5211cc8727ed9701b04976ab47602955e5641bda ]
    
    Prefer struct_size() over open-coded versions.
    
    Link: https://github.com/KSPP/linux/issues/160
    Signed-off-by: Gustavo A. R. Silva <[email protected]>
    Reviewed-by: Kees Cook <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Reviewed-by: Sergey Senozhatsky <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: use wait_event instead of schedule_timeout() [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:33:05 2023 +0900

    ksmbd: use wait_event instead of schedule_timeout()
    
    [ Upstream commit a14c573870a664386adc10526a6c2648ea56dae1 ]
    
    ksmbd threads eating masses of cputime when connection is disconnected.
    If connection is disconnected, ksmbd thread waits for pending requests
    to be processed using schedule_timeout. schedule_timeout() incorrectly
    is used, and it is more efficient to use wait_event/wake_up than to check
    r_count every time with timeout.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Reviewed-by: Hyunchul Lee <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: validate length in smb2_write() [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:32:52 2023 +0900

    ksmbd: validate length in smb2_write()
    
    [ Upstream commit 158a66b245739e15858de42c0ba60fcf3de9b8e6 ]
    
    The SMB2 Write packet contains data that is to be written
    to a file or to a pipe. Depending on the client, there may
    be padding between the header and the data field.
    Currently, the length is validated only in the case padding
    is present.
    
    Since the DataOffset field always points to the beginning
    of the data, there is no need to have a special case for
    padding. By removing this, the length is validated in both
    cases.
    
    Signed-off-by: Marios Makassikis <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: validate session id and tree id in compound request [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:16 2023 +0900

    ksmbd: validate session id and tree id in compound request
    
    [ Upstream commit 3df0411e132ee74a87aa13142dfd2b190275332e ]
    
    `smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session()
    will always return the first request smb2 header in a compound request.
    if `SMB2_TREE_CONNECT_HE` is the first command in compound request, will
    return 0, i.e. The tree id check is skipped.
    This patch use ksmbd_req_buf_next() to get current command in compound.
    
    Reported-by: [email protected] # ZDI-CAN-21506
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: validate share name from share config response [+ + +]
Author: Atte Heikkilä <[email protected]>
Date:   Tue Dec 19 00:33:23 2023 +0900

    ksmbd: validate share name from share config response
    
    [ Upstream commit f5ba1cdaf5eb380e148183bda06d4844b457d095 ]
    
    Share config response may contain the share name without casefolding as
    it is known to the user space daemon. When it is present, casefold and
    compare it to the share name the share config request was made with. If
    they differ, we have a share config which is incompatible with the way
    share config caching is done. This is the case when CONFIG_UNICODE is
    not set, the share name contains non-ASCII characters, and those non-
    ASCII characters do not match those in the share name known to user
    space. In other words, when CONFIG_UNICODE is not set, UTF-8 share
    names now work but are only case-insensitive in the ASCII range.
    
    Signed-off-by: Atte Heikkilä <[email protected]>
    Acked-by: Tom Talpey <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ksmbd: validate smb request protocol id [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Dec 19 00:34:02 2023 +0900

    ksmbd: validate smb request protocol id
    
    [ Upstream commit 1c1bcf2d3ea061613119b534f57507c377df20f9 ]
    
    This patch add the validation for smb request protocol id.
    If it is not one of the four ids(SMB1_PROTO_NUMBER, SMB2_PROTO_NUMBER,
    SMB2_TRANSFORM_PROTO_NUM, SMB2_COMPRESSION_TRANSFORM_ID), don't allow
    processing the request. And this will fix the following KASAN warning
    also.
    
    [   13.905265] BUG: KASAN: slab-out-of-bounds in init_smb2_rsp_hdr+0x1b9/0x1f0
    [   13.905900] Read of size 16 at addr ffff888005fd2f34 by task kworker/0:2/44
    ...
    [   13.908553] Call Trace:
    [   13.908793]  <TASK>
    [   13.908995]  dump_stack_lvl+0x33/0x50
    [   13.909369]  print_report+0xcc/0x620
    [   13.910870]  kasan_report+0xae/0xe0
    [   13.911519]  kasan_check_range+0x35/0x1b0
    [   13.911796]  init_smb2_rsp_hdr+0x1b9/0x1f0
    [   13.912492]  handle_ksmbd_work+0xe5/0x820
    
    Cc: [email protected]
    Reported-by: Chih-Yen Chang <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

 
ksmdb: use cmd helper variable in smb2_get_ksmbd_tcon() [+ + +]
Author: Ralph Boehme <[email protected]>
Date:   Tue Dec 19 00:32:22 2023 +0900

    ksmdb: use cmd helper variable in smb2_get_ksmbd_tcon()
    
    [ Upstream commit 341b16014bf871115f0883e831372c4b76389d03 ]
    
    Use cmd helper variable in smb2_get_ksmbd_tcon().
    
    Cc: Tom Talpey <[email protected]>
    Cc: Ronnie Sahlberg <[email protected]>
    Cc: Steve French <[email protected]>
    Cc: Hyunchul Lee <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Ralph Boehme <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

 
Linux: Linux 5.15.145 [+ + +]
Author: Greg Kroah-Hartman <[email protected]>
Date:   Sat Dec 23 10:42:00 2023 +0100

    Linux 5.15.145
    
    Link: https://lore.kernel.org/r/[email protected]
    Tested-by: Florian Fainelli <[email protected]>
    Tested-by: Allen Pais <[email protected]>
    Tested-by: Shuah Khan <[email protected]>
    Tested-by: Namjae Jeon <[email protected]>
    Tested-by: Linux Kernel Functional Testing <[email protected]>
    Tested-by: Ron Economos <[email protected]>
    Tested-by: Guenter Roeck <[email protected]>
    Tested-by: SeongJae Park <[email protected]>
    Tested-by: Jon Hunter <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

 
Revert "drm/bridge: lt9611uxc: fix the race in the error path" [+ + +]
Author: Amit Pundir <[email protected]>
Date:   Tue Dec 19 15:41:16 2023 +0530

    Revert "drm/bridge: lt9611uxc: fix the race in the error path"
    
    This reverts commit d0d01bb4a56093fa214c0949e9e7ccb9fb437795.
    
    This and the dependent fixes broke display on RB5.
    
    Signed-off-by: Amit Pundir <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

Revert "drm/bridge: lt9611uxc: Register and attach our DSI device at probe" [+ + +]
Author: Amit Pundir <[email protected]>
Date:   Tue Dec 19 15:41:17 2023 +0530

    Revert "drm/bridge: lt9611uxc: Register and attach our DSI device at probe"
    
    This reverts commit 29aba28ea195182f547cd8dac1b80eed51b6b73d.
    
    This and the dependent fixes broke display on RB5.
    
    Signed-off-by: Amit Pundir <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

Revert "drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers" [+ + +]
Author: Amit Pundir <[email protected]>
Date:   Tue Dec 19 15:41:18 2023 +0530

    Revert "drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers"
    
    This reverts commit f53a045793289483b3c2930007fc52c7f1f642d5.
    
    This and the dependent fixes broke display on RB5.
    
    Signed-off-by: Amit Pundir <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

 
smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common [+ + +]
Author: Steve French <[email protected]>
Date:   Tue Dec 19 00:32:50 2023 +0900

    smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common
    
    [ Upstream commit c7803b05f74bc3941b127f3155671e1944f632ae ]
    
    Fix an endian bug in ksmbd for one remaining use of
    Persistent/VolatileFid that unnecessarily converted it (it is an
    opaque endian field that does not need to be and should not
    be converted) in oplock_break for ksmbd, and move the definitions
    for the oplock and lease break protocol requests and responses
    to fs/smbfs_common/smb2pdu.h
    
    Also move a few more definitions for various protocol requests
    that were duplicated (in fs/cifs/smb2pdu.h and fs/ksmbd/smb2pdu.h)
    into fs/smbfs_common/smb2pdu.h including:
    
    - various ioctls and reparse structures
    - validate negotiate request and response structs
    - duplicate extents structs
    
    Reviewed-by: Paulo Alcantara (SUSE) <[email protected]>
    Reviewed-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

 
tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols [+ + +]
Author: Francis Laniel <[email protected]>
Date:   Tue Dec 5 19:57:49 2023 +0100

    tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols
    
    commit b022f0c7e404887a7c5229788fc99eff9f9a80d5 upstream.
    
    When a kprobe is attached to a function that's name is not unique (is
    static and shares the name with other functions in the kernel), the
    kprobe is attached to the first function it finds. This is a bug as the
    function that it is attaching to is not necessarily the one that the
    user wants to attach to.
    
    Instead of blindly picking a function to attach to what is ambiguous,
    error with EADDRNOTAVAIL to let the user know that this function is not
    unique, and that the user must use another unique function with an
    address offset to get to the function they want to attach to.
    
    Link: https://lore.kernel.org/all/[email protected]/
    
    Cc: [email protected]
    Fixes: 413d37d1eb69 ("tracing: Add kprobe-based event tracer")
    Suggested-by: Masami Hiramatsu <[email protected]>
    Signed-off-by: Francis Laniel <[email protected]>
    Link: https://lore.kernel.org/lkml/[email protected]/
    Acked-by: Masami Hiramatsu (Google) <[email protected]>
    Signed-off-by: Masami Hiramatsu (Google) <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>