mainline inclusion from mainline-v6.15-rc1 commit 287906b20035a04a234d1a3c64f760a5678387be category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IC1OPD CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... -------------------------------- During mount option processing and negotiation with the server, the original user-specified rsize/wsize values were being modified directly. This makes it impossible to recover these values after a connection reset, leading to potential degraded performance after reconnection. The other problem is that When negotiating read and write sizes, there are cases where the negotiated values might calculate to zero, especially during reconnection when server->max_read or server->max_write might be reset. In general, these values come from the negotiation response. According to MS-SMB2 specification, these values should be at least 65536 bytes. This patch improves IO parameter handling: 1. Adds vol_rsize and vol_wsize fields to store the original user-specified values separately from the negotiated values 2. Uses got_rsize/got_wsize flags to determine if values were user-specified rather than checking for non-zero values, which is more reliable 3. Adds a prevent_zero_iosize() helper function to ensure IO sizes are never negotiated down to zero, which could happen in edge cases like when server->max_read/write is zero The changes make the CIFS client more resilient to unusual server responses and reconnection scenarios, preventing potential failures when IO sizes are calculated to be zero. Signed-off-by: Wang Zhaolong <wangzhaolong1@huawei.com> Signed-off-by: Steve French <stfrench@microsoft.com> Conflicts: fs/cifs/fs_context.c fs/cifs/fs_context.h fs/cifs/smb1ops.c fs/cifs/smb2ops.c fs/cifs/cifsglob.h fs/cifs/connect.c fs/cifs/cifs_fs_sb.h fs/smb/client/fs_context.c fs/smb/client/fs_context.h fs/smb/client/smb1ops.c fs/smb/client/smb2ops.c fs/smb/common/smb2pdu.h [The mainline code has already undergone multiple refactoring sessions.] Signed-off-by: Wang Zhaolong <wangzhaolong1@huawei.com> --- fs/cifs/cifs_fs_sb.h | 2 ++ fs/cifs/cifsglob.h | 9 +++++++-- fs/cifs/connect.c | 7 +++++-- fs/cifs/smb1ops.c | 10 +++++----- fs/cifs/smb2ops.c | 23 +++++++++++++++++------ 5 files changed, 36 insertions(+), 15 deletions(-) diff --git a/fs/cifs/cifs_fs_sb.h b/fs/cifs/cifs_fs_sb.h index 790347e16841..dca293d67f5b 100644 --- a/fs/cifs/cifs_fs_sb.h +++ b/fs/cifs/cifs_fs_sb.h @@ -58,10 +58,12 @@ struct cifs_sb_info { spinlock_t tlink_tree_lock; struct tcon_link *master_tlink; struct nls_table *local_nls; unsigned int rsize; unsigned int wsize; + unsigned int vol_rsize; + unsigned int vol_wsize; unsigned long actimeo; /* attribute cache timeout (jiffies) */ atomic_t active; kuid_t mnt_uid; kgid_t mnt_gid; kuid_t mnt_backupuid; diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index 3bd4e369f91a..08e9edbd8337 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -267,13 +267,15 @@ struct smb_version_operations { /* check if we need to negotiate */ bool (*need_neg)(struct TCP_Server_Info *); /* negotiate to the server */ int (*negotiate)(const unsigned int, struct cifs_ses *); /* set negotiated write size */ - unsigned int (*negotiate_wsize)(struct cifs_tcon *, struct smb_vol *); + unsigned int (*negotiate_wsize)(struct cifs_tcon *tcon, + unsigned int vol_wsize); /* set negotiated read size */ - unsigned int (*negotiate_rsize)(struct cifs_tcon *, struct smb_vol *); + unsigned int (*negotiate_rsize)(struct cifs_tcon *tcon, + unsigned int vol_rsize); /* setup smb sessionn */ int (*sess_setup)(const unsigned int, struct cifs_ses *, const struct nls_table *); /* close smb session */ int (*logoff)(const unsigned int, struct cifs_ses *); @@ -816,10 +818,13 @@ compare_mid(__u16 mid, const struct smb_hdr *smb) * pages in a single call. With PAGE_SIZE == 4k, this means we can fill * a single wsize request with a single call. */ #define CIFS_DEFAULT_IOSIZE (1024 * 1024) +/* According to MS-SMB2 specification The minimum recommended value is 65536.*/ +#define CIFS_MIN_DEFAULT_IOSIZE (65536) + /* * Windows only supports a max of 60kb reads and 65535 byte writes. Default to * those values when posix extensions aren't in force. In actuality here, we * use 65536 to allow for a write that is a multiple of 4k. Most servers seem * to be ok with the extra byte even though Windows doesn't send writes that diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 2861dd569d41..4f4889b8992d 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -3847,10 +3847,13 @@ int cifs_setup_cifs_sb(struct smb_vol *pvolume_info, * new sb then client will later negotiate it downward if needed. */ cifs_sb->rsize = pvolume_info->rsize; cifs_sb->wsize = pvolume_info->wsize; + cifs_sb->vol_rsize = pvolume_info->rsize; + cifs_sb->vol_wsize = pvolume_info->wsize; + cifs_sb->mnt_uid = pvolume_info->linux_uid; cifs_sb->mnt_gid = pvolume_info->linux_gid; cifs_sb->mnt_file_mode = pvolume_info->file_mode; cifs_sb->mnt_dir_mode = pvolume_info->dir_mode; cifs_dbg(FYI, "file mode: %04ho dir mode: %04ho\n", @@ -4241,12 +4244,12 @@ cifs_mount(struct cifs_sb_info *cifs_sb, struct smb_vol *volume_info) /* do not care if a following call succeed - informational */ if (!tcon->pipe && server->ops->qfs_tcon) server->ops->qfs_tcon(xid, tcon); - cifs_sb->wsize = server->ops->negotiate_wsize(tcon, volume_info); - cifs_sb->rsize = server->ops->negotiate_rsize(tcon, volume_info); + cifs_sb->wsize = server->ops->negotiate_wsize(tcon, cifs_sb->vol_wsize); + cifs_sb->rsize = server->ops->negotiate_rsize(tcon, cifs_sb->vol_rsize); remote_path_check: #ifdef CONFIG_CIFS_DFS_UPCALL /* * Perform an unconditional check for whether there are DFS diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c index c7f0c8566442..774043781e85 100644 --- a/fs/cifs/smb1ops.c +++ b/fs/cifs/smb1ops.c @@ -440,19 +440,19 @@ cifs_negotiate(const unsigned int xid, struct cifs_ses *ses) } return rc; } static unsigned int -cifs_negotiate_wsize(struct cifs_tcon *tcon, struct smb_vol *volume_info) +cifs_negotiate_wsize(struct cifs_tcon *tcon, unsigned int vol_wsize) { __u64 unix_cap = le64_to_cpu(tcon->fsUnixInfo.Capability); struct TCP_Server_Info *server = tcon->ses->server; unsigned int wsize; /* start with specified wsize, or default */ - if (volume_info->wsize) - wsize = volume_info->wsize; + if (vol_wsize) + wsize = vol_wsize; else if (tcon->unix_ext && (unix_cap & CIFS_UNIX_LARGE_WRITE_CAP)) wsize = CIFS_DEFAULT_IOSIZE; else wsize = CIFS_DEFAULT_NON_POSIX_WSIZE; @@ -475,11 +475,11 @@ cifs_negotiate_wsize(struct cifs_tcon *tcon, struct smb_vol *volume_info) return wsize; } static unsigned int -cifs_negotiate_rsize(struct cifs_tcon *tcon, struct smb_vol *volume_info) +cifs_negotiate_rsize(struct cifs_tcon *tcon, unsigned int vol_rsize) { __u64 unix_cap = le64_to_cpu(tcon->fsUnixInfo.Capability); struct TCP_Server_Info *server = tcon->ses->server; unsigned int rsize, defsize; @@ -500,11 +500,11 @@ cifs_negotiate_rsize(struct cifs_tcon *tcon, struct smb_vol *volume_info) else if (server->capabilities & CAP_LARGE_READ_X) defsize = CIFS_DEFAULT_NON_POSIX_RSIZE; else defsize = server->maxBuf - sizeof(READ_RSP); - rsize = volume_info->rsize ? volume_info->rsize : defsize; + rsize = vol_rsize ? vol_rsize : defsize; /* * no CAP_LARGE_READ_X? Then MS-CIFS states that we must limit this to * the client's MaxBufferSize. */ diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index 58d9554e74ce..193bfdc9d1d7 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -271,18 +271,29 @@ smb2_negotiate(const unsigned int xid, struct cifs_ses *ses) if (rc == -EAGAIN) rc = -EHOSTDOWN; return rc; } +static inline unsigned int +prevent_zero_iosize(unsigned int size, const char *type) +{ + if (size == 0) { + cifs_dbg(VFS, "SMB: Zero %ssize calculated, using minimum value %u\n", + type, CIFS_MIN_DEFAULT_IOSIZE); + return CIFS_MIN_DEFAULT_IOSIZE; + } + return size; +} + static unsigned int -smb2_negotiate_wsize(struct cifs_tcon *tcon, struct smb_vol *volume_info) +smb2_negotiate_wsize(struct cifs_tcon *tcon, unsigned int vol_wsize) { struct TCP_Server_Info *server = tcon->ses->server; unsigned int wsize; /* start with specified wsize, or default */ - wsize = volume_info->wsize ? volume_info->wsize : CIFS_DEFAULT_IOSIZE; + wsize = vol_wsize ? vol_wsize : CIFS_DEFAULT_IOSIZE; wsize = min_t(unsigned int, wsize, server->max_write); #ifdef CONFIG_CIFS_SMB_DIRECT if (server->rdma) { if (server->sign) wsize = min_t(unsigned int, @@ -293,21 +304,21 @@ smb2_negotiate_wsize(struct cifs_tcon *tcon, struct smb_vol *volume_info) } #endif if (!(server->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU)) wsize = min_t(unsigned int, wsize, SMB2_MAX_BUFFER_SIZE); - return wsize; + return prevent_zero_iosize(wsize, "w"); } static unsigned int -smb2_negotiate_rsize(struct cifs_tcon *tcon, struct smb_vol *volume_info) +smb2_negotiate_rsize(struct cifs_tcon *tcon, unsigned int vol_rsize) { struct TCP_Server_Info *server = tcon->ses->server; unsigned int rsize; /* start with specified rsize, or default */ - rsize = volume_info->rsize ? volume_info->rsize : CIFS_DEFAULT_IOSIZE; + rsize = vol_rsize ? vol_rsize : CIFS_DEFAULT_IOSIZE; rsize = min_t(unsigned int, rsize, server->max_read); #ifdef CONFIG_CIFS_SMB_DIRECT if (server->rdma) { if (server->sign) rsize = min_t(unsigned int, @@ -319,11 +330,11 @@ smb2_negotiate_rsize(struct cifs_tcon *tcon, struct smb_vol *volume_info) #endif if (!(server->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU)) rsize = min_t(unsigned int, rsize, SMB2_MAX_BUFFER_SIZE); - return rsize; + return prevent_zero_iosize(rsize, "r"); } static int parse_server_interfaces(struct network_interface_info_ioctl_rsp *buf, -- 2.39.2