iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs
History
Long Li 2796d303e3 cifs: Allocate validate negotiation request through kmalloc 
The data buffer allocated on the stack can't be DMA'ed, ib_dma_map_page will
return an invalid DMA address for a buffer on stack. Even worse, this
incorrect address can't be detected by ib_dma_mapping_error. Sending data
from this address to hardware will not fail, but the remote peer will get
junk data.

Fix this by allocating the request on the heap in smb3_validate_negotiate.

Changes in v2:
Removed duplicated code on freeing buffers on function exit.
(Thanks to Parav Pandit <parav@mellanox.com>)
Fixed typo in the patch title.

Changes in v3:
Added "Fixes" to the patch.
Changed several sizeof() to use *pointer in place of struct.

Changes in v4:
Added detailed comments on the failure through RDMA.
Allocate request buffer using GPF_NOFS.
Fixed possible memory leak.

Changes in v5:
Removed variable ret for checking return value.
Changed to use pneg_inbuf->Dialects[0] to calculate unused space in pneg_inbuf.

Fixes: ff1c038addc4 ("Check SMB3 dialects against downgrade attacks")
Signed-off-by: Long Li <longli@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Reviewed-by: Tom Talpey <ttalpey@microsoft.com>
2018-05-09 11:48:31 -05:00
..
9p
fscache development
2018-04-07 09:08:24 -07:00
adfs
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
affs
iversion: Rename make inode_cmp_iversion{+raw} to inode_eq_iversion{+raw}
2018-02-01 08:15:25 -05:00
afs
afs: Fix server record deletion
2018-04-20 09:59:33 -07:00
autofs4
autofs: mount point create should honour passed in mode
2018-04-20 17:18:35 -07:00
befs
befs: Define usercopy region in befs_inode_cache slab cache
2018-01-15 12:07:54 -08:00
bfs
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
btrfs
for-4.17-rc3-tag
2018-05-04 20:32:18 -10:00
cachefiles
fscache: Pass object size in rather than calling back for it
2018-04-06 14:05:14 +01:00
ceph
ceph: check if mds create snaprealm when setting quota
2018-04-23 17:35:19 +02:00
cifs
cifs: Allocate validate negotiation request through kmalloc
2018-05-09 11:48:31 -05:00
coda
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
configfs
cramfs
cramfs: better MTD dependency expression
2018-02-08 11:37:31 -08:00
crypto
fscrypt: fix build with pre-4.6 gcc versions
2018-02-01 10:51:18 -05:00
debugfs
debugfs_lookup(): switch to lookup_one_len_unlocked()
2018-03-29 15:07:47 -04:00
devpts
devpts: comment devpts_mntget()
2018-03-14 13:31:23 +01:00
dlm
net: make getname() functions return length rather than use int* parameter
2018-02-12 14:15:04 -05:00
ecryptfs
eCryptfs: don't pass up plaintext names when using filename encryption
2018-04-16 18:51:22 +00:00
efivarfs
efivarfs: Limit the rate for non-root to read files
2018-02-22 10:21:02 -08:00
efs
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
exofs
iversion.h related cleanup for v4.16
2018-02-07 14:25:22 -08:00
exportfs
ovl: do not try to reconnect a disconnected origin dentry
2018-04-12 12:04:49 +02:00
ext2
\n
2018-04-20 09:01:26 -07:00
ext4
Fix misc. bugs and a regression for ext4.
2018-04-28 20:07:21 -07:00
f2fs
page cache: use xa_lock
2018-04-11 10:28:39 -07:00
fat
iversion: Rename make inode_cmp_iversion{+raw} to inode_eq_iversion{+raw}
2018-02-01 08:15:25 -05:00
freevxfs
vxfs: Define usercopy region in vxfs_inode slab cache
2018-01-15 12:07:57 -08:00
fscache
fscache: use appropriate radix tree accessors
2018-04-11 10:28:39 -07:00
fuse
fuse: define the filesystem as untrusted
2018-03-23 06:31:37 -04:00
gfs2
GFS2: Minor improvements to comments and documentation
2018-04-12 10:07:51 -07:00
hfs
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
hfsplus
hfsplus: honor setgid flag on directories
2018-02-06 18:32:45 -08:00
hostfs
hostfs: rename do_rmdir() to hostfs_do_rmdir()
2018-04-02 20:15:53 +02:00
hpfs
hpfs: don't bother with the i_version counter or f_version
2017-12-10 12:58:18 -08:00
hugetlbfs
hugetlbfs: fix bug in pgoff overflow checking
2018-04-05 21:36:21 -07:00
isofs
isofs: fix potential memory leak in mount option parsing
2018-04-16 09:47:41 +02:00
jbd2
ext4: set h_journal if there is a failure starting a reserved handle
2018-04-18 11:49:31 -04:00
jffs2
jffs2_kill_sb(): deal with failed allocations
2018-04-15 23:49:05 -04:00
jfs
Currently, hardened usercopy performs dynamic bounds checking on slab
2018-02-03 16:25:42 -08:00
kernfs
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
lockd
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00
minix
treewide: simplify Kconfig dependencies for removed archs
2018-03-26 15:55:57 +02:00
nfs
NFS client updates for Linux 4.17
2018-04-12 12:55:50 -07:00
nfs_common
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00
nfsd
nfsd: fix incorrect umasks
2018-04-03 16:27:08 -04:00
nilfs2
page cache: use xa_lock
2018-04-11 10:28:39 -07:00
nls
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
notify
fsnotify: fix ignore mask logic in send_to_group()
2018-04-13 15:52:49 +02:00
ntfs
ntfs: fix bogus __mark_inode_dirty(I_DIRTY_SYNC | I_DIRTY_DATASYNC) call
2018-03-28 01:39:02 -04:00
ocfs2
Merge branch 'akpm' (patches from Andrew)
2018-04-06 14:19:26 -07:00
omfs
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
openpromfs
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
orangefs
orangefs_kill_sb(): deal with allocation failures
2018-04-15 23:49:12 -04:00
overlayfs
ovl: add support for "xino" mount and config options
2018-04-12 12:04:50 +02:00
proc
proc: fix /proc/loadavg regression
2018-04-20 17:18:36 -07:00
pstore
pstore: fix crypto dependencies without compression
2018-04-06 15:45:33 -07:00
qnx4
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
qnx6
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
quota
fs: quota: Replace GFP_ATOMIC with GFP_KERNEL in dquot_init
2018-04-09 17:48:54 +02:00
ramfs
reiserfs
fs/reiserfs/journal.c: add missing resierfs_warning() arg
2018-04-11 10:28:36 -07:00
romfs
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
squashfs
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
sysfs
sysfs: symlink: export sysfs_create_link_nowarn()
2018-03-19 21:14:26 -04:00
sysv
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
tracefs
ubifs
This pull request contains updates for both UBI and UBIFS:
2018-04-11 16:39:34 -07:00
udf
udf: Fix leak of UTF-16 surrogates into encoded strings
2018-04-18 16:34:55 +02:00
ufs
iversion.h related cleanup for v4.16
2018-02-07 14:25:22 -08:00
xfs
xfs: cap the length of deduplication requests
2018-05-02 09:21:33 -07:00
aio.c
fs/aio: Use rcu_work instead of explicit rcu and work item
2018-03-19 10:12:03 -07:00
anon_inodes.c
attr.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
bad_inode.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
binfmt_aout.c
exec: introduce finalize_exec() before start_thread()
2018-04-11 10:28:37 -07:00
binfmt_elf_fdpic.c
exec: introduce finalize_exec() before start_thread()
2018-04-11 10:28:37 -07:00
binfmt_elf.c
fs, elf: don't complain MAP_FIXED_NOREPLACE unless -EEXIST error
2018-04-20 17:18:36 -07:00
binfmt_em86.c
binfmt_flat.c
exec: introduce finalize_exec() before start_thread()
2018-04-11 10:28:37 -07:00
binfmt_misc.c
fs: add ksys_close() wrapper; remove in-kernel calls to sys_close()
2018-04-02 20:16:00 +02:00
binfmt_script.c
block_dev.c
libnvdimm for 4.17
2018-04-10 10:25:57 -07:00
buffer.c
Merge branch 'work.thaw' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-04-12 12:28:32 -07:00
char_dev.c
block, char_dev: Use correct format specifier for unsigned ints
2018-03-15 17:59:24 +01:00
compat_binfmt_elf.c
compat_ioctl.c
fs: compat_ioctl: add new DVB demux ioctls
2017-12-28 11:17:29 -05:00
compat.c
coredump.c
Merge branch 'misc.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-11-17 11:54:55 -08:00
d_path.c
split d_path() and friends into a separate file
2018-03-29 15:07:46 -04:00
dax.c
page cache: use xa_lock
2018-04-11 10:28:39 -07:00
dcache.c
fs/dcache.c: add cond_resched() in shrink_dentry_list()
2018-04-11 10:28:38 -07:00
dcookies.c
fs: add do_lookup_dcookie() helper; remove in-kernel call to syscall
2018-04-02 20:15:39 +02:00
direct-io.c
Merge branch 'akpm' (patches from Andrew)
2018-04-06 14:19:26 -07:00
drop_caches.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
eventfd.c
fs: add do_eventfd() helper; remove internal call to sys_eventfd()
2018-04-02 20:15:39 +02:00
eventpoll.c
fs: add do_epoll_*() helpers; remove internal calls to sys_epoll_*()
2018-04-02 20:15:37 +02:00
exec.c
exec: pin stack limit during exec
2018-04-11 10:28:37 -07:00
fcntl.c
fs: add do_compat_fcntl64() helper; remove in-kernel call to compat syscall
2018-04-02 20:15:42 +02:00
fhandle.c
vfs: Copy struct mount.mnt_id to userspace using put_user()
2018-01-15 12:07:51 -08:00
file_table.c
vfs: remove unused hardirq.h
2017-12-07 14:23:30 -05:00
file.c
fs: add ksys_close() wrapper; remove in-kernel calls to sys_close()
2018-04-02 20:16:00 +02:00
filesystems.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
fs_pin.c
Merge branch 'linus' into locking/core, to resolve conflicts
2017-11-07 10:32:44 +01:00
fs_struct.c
fs-writeback.c
bdi: Fix oops in wb_workfn()
2018-05-03 16:11:37 -06:00
inode.c
page cache: use xa_lock
2018-04-11 10:28:39 -07:00
internal.h
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-04-06 11:07:08 -07:00
ioctl.c
fs: add ksys_ioctl() helper; remove in-kernel calls to sys_ioctl()
2018-04-02 20:16:03 +02:00
iomap.c
iomap: warn on zero-length mappings
2018-01-29 07:27:24 -08:00
Kconfig
libnvdimm for 4.16
2018-02-06 10:41:33 -08:00
Kconfig.binfmt
treewide: simplify Kconfig dependencies for removed archs
2018-03-26 15:55:57 +02:00
libfs.c
fs, dax: prepare for dax-specific address_space_operations
2018-03-30 11:34:55 -07:00
locks.c
treewide: Align function definition open/close braces
2018-03-26 11:13:09 +02:00
Makefile
split d_path() and friends into a separate file
2018-03-29 15:07:46 -04:00
mbcache.c
mbcache: make sure c_entry_count is not decremented past zero
2018-01-09 23:57:52 -05:00
mount.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mpage.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
namei.c
Merge branch 'work.namei' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-04-09 12:48:05 -07:00
namespace.c
vfs: Undo an overly zealous MS_RDONLY -> SB_RDONLY conversion
2018-04-20 09:59:33 -07:00
no-block.c
nsfs.c
net: Export open_related_ns()
2018-02-15 15:34:42 -05:00
open.c
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-04-06 11:07:08 -07:00
pipe.c
fs: add do_pipe2() helper; remove internal call to sys_pipe2()
2018-04-02 20:15:35 +02:00
pnode.c
pnode.h
posix_acl.c
posix_acl: convert posix_acl.a_refcount from atomic_t to refcount_t
2018-01-02 19:27:28 -08:00
proc_namespace.c
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
read_write.c
fs: add ksys_p{read,write}64() helpers; remove in-kernel calls to syscalls
2018-04-02 20:16:09 +02:00
readdir.c
fs: add ksys_getdents64() helper; remove in-kernel calls to sys_getdents64()
2018-04-02 20:16:02 +02:00
select.c
fs: add do_compat_select() helper; remove in-kernel call to compat syscall
2018-04-02 20:15:42 +02:00
seq_file.c
seq_file: account everything to kmemcg
2018-04-11 10:28:36 -07:00
signalfd.c
fs: add do_compat_signalfd4() helper; remove in-kernel call to compat syscall
2018-04-02 20:15:43 +02:00
splice.c
fs: add do_vmsplice() helper; remove in-kernel call to syscall
2018-04-02 20:15:40 +02:00
stack.c
stat.c
fs: add do_readlinkat() helper; remove internal call to sys_readlinkat()
2018-04-02 20:15:34 +02:00
statfs.c
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
super.c
mm,vmscan: Allow preallocating memory for register_shrinker().
2018-04-16 02:06:47 -04:00
sync.c
Changes for this release:
2018-04-04 12:44:02 -07:00
timerfd.c
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
userfaultfd.c
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
utimes.c
fs: add do_compat_futimesat() helper; remove in-kernel call to compat syscall
2018-04-02 20:15:44 +02:00
xattr.c