Hi,
On 15/01/24 7:52 pm, Mohamed Abuelfotoh, Hazem wrote:
It looks like both 5.15.146 and 5.10.206 are impacted by this regression as they both have the bad commit 33eae65c6f (smb: client: fix OOB in SMB2_query_info_init()). We tried to apply the proposed fix eb3e28c1e89b ("smb3: Replace smb2pdu 1-element arrays with flex-arrays”) but there are a lot of dependencies required to do the backport. Is it possible to consider the simple fix that Paulo proposed as a solution for 5.10 and 5.15. We were lucky with 5.4 as it doesn’t have the bad commit because of merge conflict reported in https://lore.kernel.org/all/2023122857-doubling-crazed-27f4@gregkh/T/#m3aa00...
I think we are also seeing the same error on running xfstests with cifs.
[root@vm xfstests-dev]# ./check -g quick -s smb3 TEST_DEV=//<SERVER_IP>/TEST is mounted but not a type cifs filesystem
This is with 5.15.147 stable kernel.
I started seeing this since 5.15.146 and on bisection it points to the same commit:
commit bfd18c0f570e ("smb: client: fix OOB in SMB2_query_info_init()"), reverting that commit fixed the issue and also when I applied the below diff provided in this thread, the tests run fine.
[root@vm xfstests-dev]# ./check -g quick -s smb3 cifs/001 SECTION -- smb3 FSTYP -- cifs PLATFORM -- Linux/x86_64 vm 5.15.147-master.el9.v5.x86_64 #1 SMP Mon Jan 15 22:39:33 PST 2024 MKFS_OPTIONS -- //<SERVER_IP>/SCRATCH MOUNT_OPTIONS -- -ousername=root,password=PASSWORD,noperm,mfsymlinks,actimeo=0 //<SERVER_IP>/SCRATCH /mnt/scratch
cifs/001 1s ... 1s generic/001 16s ...
Thanks, Harshit
diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c index 05ff8a457a3d..aed5067661de 100644 --- a/fs/smb/client/smb2pdu.c +++ b/fs/smb/client/smb2pdu.c @@ -3556,7 +3556,7 @@ SMB2_query_info_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server, iov[0].iov_base = (char *)req; /* 1 for Buffer */
- iov[0].iov_len = len;
- iov[0].iov_len = len - 1; return 0;
}
Hazem