linux/fs/cifs
David Disseldorp 179a88a855 cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
When compiled with CONFIG_CIFS_DFS_UPCALL disabled, cifs_dfs_d_automount
is NULL. cifs.ko logic for mapping CIFS_FATTR_DFS_REFERRAL attributes to
S_AUTOMOUNT and corresponding dentry flags is retained regardless of
CONFIG_CIFS_DFS_UPCALL, leading to a NULL pointer dereference in
VFS follow_automount() when traversing a DFS referral link:
  BUG: kernel NULL pointer dereference, address: 0000000000000000
  ...
  Call Trace:
   <TASK>
   __traverse_mounts+0xb5/0x220
   ? cifs_revalidate_mapping+0x65/0xc0 [cifs]
   step_into+0x195/0x610
   ? lookup_fast+0xe2/0xf0
   path_lookupat+0x64/0x140
   filename_lookup+0xc2/0x140
   ? __create_object+0x299/0x380
   ? kmem_cache_alloc+0x119/0x220
   ? user_path_at_empty+0x31/0x50
   user_path_at_empty+0x31/0x50
   __x64_sys_chdir+0x2a/0xd0
   ? exit_to_user_mode_prepare+0xca/0x100
   do_syscall_64+0x42/0x90
   entry_SYSCALL_64_after_hwframe+0x72/0xdc

This fix adds an inline cifs_dfs_d_automount() {return -EREMOTE} handler
when CONFIG_CIFS_DFS_UPCALL is disabled. An alternative would be to
avoid flagging S_AUTOMOUNT, etc. without CONFIG_CIFS_DFS_UPCALL. This
approach was chosen as it provides more control over the error path.

Signed-off-by: David Disseldorp <ddiss@suse.de>
Cc: stable@vger.kernel.org
Reviewed-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2023-03-30 17:28:44 -05:00
..
asn1.c cifs: decoding negTokenInit with generic ASN1 decoder 2021-06-20 21:28:17 -05:00
cached_dir.c cifs: fix dentry lookups in directory handle cache 2023-03-24 14:37:12 -05:00
cached_dir.h cifs: drop the lease for cached directories on rmdir or rename 2022-10-19 17:57:41 -05:00
cifs_debug.c cifs: print session id while listing open files 2023-03-23 11:19:42 -05:00
cifs_debug.h smb3: add dynamic trace points for tree disconnect 2022-10-05 01:31:18 -05:00
cifs_dfs_ref.c cifs: set DFS root session in cifs_get_smb_ses() 2023-03-14 21:05:53 -05:00
cifs_fs_sb.h cifs: fix use-after-free bug in refresh_cache_worker() 2023-03-14 21:07:44 -05:00
cifs_ioctl.h cifs: minor cleanup of some headers 2022-12-12 13:08:06 -06:00
cifs_spnego_negtokeninit.asn1 cifs: decoding negTokenInit with generic ASN1 decoder 2021-06-20 21:28:17 -05:00
cifs_spnego.c cred: Do not default to init_cred in prepare_kernel_cred() 2022-11-01 10:04:52 -07:00
cifs_spnego.h cifs: Replace remaining 1-element arrays 2023-02-20 11:48:48 -06:00
cifs_swn.c smb3: add dynamic trace points for tree disconnect 2022-10-05 01:31:18 -05:00
cifs_swn.h cifs: simplify SWN code with dummy funcs instead of ifdefs 2021-04-25 16:28:22 -05:00
cifs_unicode.c cifs: remove pathname for file from SPDX header 2021-09-13 14:51:10 -05:00
cifs_unicode.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
cifs_uniupr.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
cifsacl.c 46 fs/cifs (smb3 client) changesets, 37 in fs/cifs and 9 for related helper functions and cleanup outside from Dave Howells and Willy 2023-02-22 17:12:44 -08:00
cifsacl.h cifs: remove pathname for file from SPDX header 2021-09-13 14:51:10 -05:00
cifsencrypt.c cifs: Change the I/O paths to use an iterator rather than a page list 2023-02-20 18:36:02 -06:00
cifsfs.c smb3: fix unusable share after force unmount failure 2023-03-24 14:37:12 -05:00
cifsfs.h cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL 2023-03-30 17:28:44 -05:00
cifsglob.h cifs: fix use-after-free bug in refresh_cache_worker() 2023-03-14 21:07:44 -05:00
cifspdu.h cifs: Replace remaining 1-element arrays 2023-02-20 11:48:48 -06:00
cifsproto.h cifs: prevent data race in cifs_reconnect_tcon() 2023-03-01 18:18:25 -06:00
cifsroot.c cifs: move from strlcpy with unused retval to strscpy 2022-08-19 11:02:26 -05:00
cifssmb.c smb3: fix unusable share after force unmount failure 2023-03-24 14:37:12 -05:00
connect.c smb3: fix unusable share after force unmount failure 2023-03-24 14:37:12 -05:00
dfs_cache.c cifs: check only tcon status on tcon related functions 2023-03-17 13:22:22 -05:00
dfs_cache.h cifs: fix use-after-free bug in refresh_cache_worker() 2023-03-14 21:07:44 -05:00
dfs.c cifs: check only tcon status on tcon related functions 2023-03-17 13:22:22 -05:00
dfs.h cifs: fix use-after-free bug in refresh_cache_worker() 2023-03-14 21:07:44 -05:00
dir.c 46 fs/cifs (smb3 client) changesets, 37 in fs/cifs and 9 for related helper functions and cleanup outside from Dave Howells and Willy 2023-02-22 17:12:44 -08:00
dns_resolve.c cifs: set resolved ip in sockaddr 2022-12-19 08:03:11 -06:00
dns_resolve.h cifs: set resolved ip in sockaddr 2022-12-19 08:03:11 -06:00
export.c cifs: remove pathname for file from SPDX header 2021-09-13 14:51:10 -05:00
file.c cifs: check only tcon status on tcon related functions 2023-03-17 13:22:22 -05:00
fs_context.c cifs: share dfs connections and supers 2022-12-19 08:03:12 -06:00
fs_context.h smb3: lower default deferred close timeout to address perf regression 2023-03-24 14:37:12 -05:00
fscache.c 46 fs/cifs (smb3 client) changesets, 37 in fs/cifs and 9 for related helper functions and cleanup outside from Dave Howells and Willy 2023-02-22 17:12:44 -08:00
fscache.h cifs: Change the I/O paths to use an iterator rather than a page list 2023-02-20 18:36:02 -06:00
inode.c 46 fs/cifs (smb3 client) changesets, 37 in fs/cifs and 9 for related helper functions and cleanup outside from Dave Howells and Willy 2023-02-22 17:12:44 -08:00
ioctl.c cifs: Fix wrong return value checking when GETFLAGS 2022-11-16 00:21:04 -06:00
Kconfig cifs: Change the I/O paths to use an iterator rather than a page list 2023-02-20 18:36:02 -06:00
link.c cifs: append path to open_enter trace event 2023-03-24 09:02:26 -05:00
Makefile cifs: get rid of mount options string parsing 2022-12-19 08:03:11 -06:00
misc.c cifs: use DFS root session instead of tcon ses 2023-03-14 22:48:53 -05:00
netlink.c genetlink: start to validate reserved header bytes 2022-08-29 12:47:15 +01:00
netlink.h cifs: Register generic netlink family 2020-12-14 09:16:22 -06:00
netmisc.c cifs: remove unused server parameter from calc_smb_size() 2022-08-17 18:07:13 -05:00
nterr.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 61 2019-05-24 17:36:45 +02:00
nterr.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 61 2019-05-24 17:36:45 +02:00
ntlmssp.h cifs: Replace zero-length arrays with flexible-array members 2023-02-20 11:48:47 -06:00
readdir.c cifs: Replace remaining 1-element arrays 2023-02-20 11:48:48 -06:00
rfc1002pdu.h cifs: remove pathname for file from SPDX header 2021-09-13 14:51:10 -05:00
sess.c cifs: get rid of dns resolve worker 2023-02-20 17:25:43 -06:00
smb1ops.c cifs: Fix uninitialized memory reads for oparms.mode 2023-02-20 11:48:48 -06:00
smb2file.c 46 fs/cifs (smb3 client) changesets, 37 in fs/cifs and 9 for related helper functions and cleanup outside from Dave Howells and Willy 2023-02-22 17:12:44 -08:00
smb2glob.h smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common 2022-03-26 23:09:20 -05:00
smb2inode.c cifs: append path to open_enter trace event 2023-03-24 09:02:26 -05:00
smb2maperror.c cifs: Create a new shared file holding smb2 pdu definitions 2021-11-05 09:50:57 -05:00
smb2misc.c smb3: Replace smb2pdu 1-element arrays with flex-arrays 2023-02-20 17:25:43 -06:00
smb2ops.c cifs: append path to open_enter trace event 2023-03-24 09:02:26 -05:00
smb2pdu.c smb3: fix unusable share after force unmount failure 2023-03-24 14:37:12 -05:00
smb2pdu.h smb3: Replace smb2pdu 1-element arrays with flex-arrays 2023-02-20 17:25:43 -06:00
smb2proto.h cifs: Parse owner/group for stat in smb311 posix extensions 2022-12-08 09:51:53 -06:00
smb2status.h cifs: remove pathname for file from SPDX header 2021-09-13 14:51:10 -05:00
smb2transport.c cifs: avoid race conditions with parallel reconnects 2023-03-24 09:03:55 -05:00
smbdirect.c cifs: Fix an uninitialised variable 2023-03-01 18:17:36 -06:00
smbdirect.h cifs: Build the RDMA SGE list directly from an iterator 2023-02-20 18:36:02 -06:00
smbencrypt.c cifs: rename cifs_common to smbfs_common 2021-09-08 23:59:26 -05:00
smberr.h cifs: remove pathname for file from SPDX header 2021-09-13 14:51:10 -05:00
trace.c
trace.h cifs: append path to open_enter trace event 2023-03-24 09:02:26 -05:00
transport.c cifs: Move the in_send statistic to __smb_send_rqst() 2023-03-05 17:50:38 -06:00
unc.c cifs: don't cargo-cult strndup() 2021-04-25 16:28:23 -05:00
winucase.c cifs: remove pathname for file from SPDX header 2021-09-13 14:51:10 -05:00
xattr.c fs: port xattr to mnt_idmap 2023-01-19 09:24:28 +01:00