Commit 3bde70a2 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'v6.15-rc1-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 

Pull smb client fixes from Steve French:

 - Fix multichannel decryption UAF

 - Fix regression mounting to onedrive shares

 - Fix missing mount option check for posix vs. noposix

 - Fix version field in WSL symlinks

 - Three minor cleanup to reparse point handling

 - SMB1 fix for WSL special files

 - SMB1 Kerberos fix

 - Add SMB3 defines for two new FS attributes

* tag 'v6.15-rc1-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
  smb3: Add defines for two new FileSystemAttributes
  cifs: Fix querying of WSL CHR and BLK reparse points over SMB1
  cifs: Split parse_reparse_point callback to functions: get buffer and parse buffer
  cifs: Improve handling of name surrogate reparse points in reparse.c
  cifs: Remove explicit handling of IO_REPARSE_TAG_MOUNT_POINT in inode.c
  cifs: Fix encoding of SMB1 Session Setup Kerberos Request in non-UNICODE mode
  smb: client: fix UAF in decryption with multichannel
  cifs: Fix support for WSL-style symlinks
  smb311 client: fix missing tcon check when mounting with linux/posix extensions
  cifs: Ensure that all non-client-specific reparse points are processed by the server
parents 5d749923 56c283b9

fs/smb/client/cifsencrypt.c

+5 −11
Original line number Diff line number Diff line
@@ -704,18 +704,12 @@ cifs_crypto_secmech_release(struct TCP_Server_Info *server) 
	cifs_free_hash(&server->secmech.md5);

	cifs_free_hash(&server->secmech.sha512);



	if (!SERVER_IS_CHAN(server)) {

	if (server->secmech.enc) {

		crypto_free_aead(server->secmech.enc);

		server->secmech.enc = NULL;

	}



	if (server->secmech.dec) {

		crypto_free_aead(server->secmech.dec);

		server->secmech.dec = NULL;

	}

	} else {

		server->secmech.enc = NULL;

		server->secmech.dec = NULL;

	}

}

fs/smb/client/cifsglob.h

+2 −4
Original line number Diff line number Diff line
@@ -625,10 +625,8 @@ struct smb_version_operations { 
	bool (*is_status_io_timeout)(char *buf);

	/* Check for STATUS_NETWORK_NAME_DELETED */

	bool (*is_network_name_deleted)(char *buf, struct TCP_Server_Info *srv);

	int (*parse_reparse_point)(struct cifs_sb_info *cifs_sb,

				   const char *full_path,

				   struct kvec *rsp_iov,

				   struct cifs_open_info_data *data);

	struct reparse_data_buffer * (*get_reparse_point_buffer)(const struct kvec *rsp_iov,

								 u32 *plen);

	int (*create_reparse_symlink)(const unsigned int xid,

				      struct inode *inode,

				      struct dentry *dentry,

fs/smb/client/cifspdu.h

+2 −0
Original line number Diff line number Diff line
@@ -2256,6 +2256,8 @@ typedef struct { 
#define FILE_SUPPORTS_ENCRYPTION	0x00020000

#define FILE_SUPPORTS_OBJECT_IDS	0x00010000

#define FILE_VOLUME_IS_COMPRESSED	0x00008000

#define FILE_SUPPORTS_POSIX_UNLINK_RENAME 0x00000400

#define FILE_RETURNS_CLEANUP_RESULT_INFO  0x00000200

#define FILE_SUPPORTS_REMOTE_STORAGE	0x00000100

#define FILE_SUPPORTS_REPARSE_POINTS	0x00000080

#define FILE_SUPPORTS_SPARSE_FILES	0x00000040

fs/smb/client/connect.c

+2 −0
Original line number Diff line number Diff line
@@ -2556,6 +2556,8 @@ static int match_tcon(struct cifs_tcon *tcon, struct smb3_fs_context *ctx) 
		return 0;

	if (tcon->nodelete != ctx->nodelete)

		return 0;

	if (tcon->posix_extensions != ctx->linux_ext)

		return 0;

	return 1;

}

fs/smb/client/inode.c

+17 −8
Original line number Diff line number Diff line
@@ -1203,18 +1203,17 @@ static int reparse_info_to_fattr(struct cifs_open_info_data *data, 
			goto out;

		}

		break;

	case IO_REPARSE_TAG_MOUNT_POINT:

		cifs_create_junction_fattr(fattr, sb);

		rc = 0;

		goto out;

	default:

		/* Check for cached reparse point data */

		if (data->symlink_target || data->reparse.buf) {

			rc = 0;

		} else if (iov && server->ops->parse_reparse_point) {

			rc = server->ops->parse_reparse_point(cifs_sb,

							      full_path,

							      iov, data);

		} else if (iov && server->ops->get_reparse_point_buffer) {

			struct reparse_data_buffer *reparse_buf;

			u32 reparse_len;



			reparse_buf = server->ops->get_reparse_point_buffer(iov, &reparse_len);

			rc = parse_reparse_point(reparse_buf, reparse_len,

						 cifs_sb, full_path, data);

			/*

			 * If the reparse point was not handled but it is the

			 * name surrogate which points to directory, then treat
@@ -1228,6 +1227,16 @@ static int reparse_info_to_fattr(struct cifs_open_info_data *data, 
				cifs_create_junction_fattr(fattr, sb);

				goto out;

			}

			/*

			 * If the reparse point is unsupported by the Linux SMB

			 * client then let it process by the SMB server. So mask

			 * the -EOPNOTSUPP error code. This will allow Linux SMB

			 * client to send SMB OPEN request to server. If server

			 * does not support this reparse point too then server

			 * will return error during open the path.

			 */

			if (rc == -EOPNOTSUPP)

				rc = 0;

		}



		if (data->reparse.tag == IO_REPARSE_TAG_SYMLINK && !rc) {