From: Marios Makassikis mmakassikis@freebox.fr
mainline inclusion from mainline-5.15-rc1 commit 8602c3e2ceef5f50f5718e8442a8ea17530101b4 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA
Reference: https://git.kernel.org/torvalds/linux/c/8602c3e2ceef
-------------------------------
Returning TreeID=0 is valid behaviour according to [MS-SMB2] 2.2.1.2:
TreeId (4 bytes): Uniquely identifies the tree connect for the command. This MUST be 0 for the SMB2 TREE_CONNECT Request. The TreeId can be any unsigned 32-bit integer that is received from a previous SMB2 TREE_CONNECT Response. TreeId SHOULD be set to 0 for the following commands: [...]
However, some client implementations reject it as invalid. Windows10 assigns ids starting from 1, and samba4 returns a random uint32_t which suggests there may be other clients that consider it is invalid behaviour.
Signed-off-by: Marios Makassikis mmakassikis@freebox.fr Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com Signed-off-by: Zhong Jinghua zhongjinghua@huawei.com --- fs/cifsd/mgmt/ksmbd_ida.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/fs/cifsd/mgmt/ksmbd_ida.c b/fs/cifsd/mgmt/ksmbd_ida.c index 3dbc27cb5385..54194d959a5e 100644 --- a/fs/cifsd/mgmt/ksmbd_ida.c +++ b/fs/cifsd/mgmt/ksmbd_ida.c @@ -14,9 +14,7 @@ int ksmbd_acquire_smb2_tid(struct ida *ida) { int id;
- id = __acquire_id(ida, 0, 0); - if (id == 0xFFFF) - id = __acquire_id(ida, 0, 0); + id = __acquire_id(ida, 1, 0xFFFFFFFF);
return id; }