[PATCH 064/308] cifsd: fix xfstests generic/504 test failure

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 50bf80a553ccb5eca0bc2426e5a082eaf65cb602 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/50bf80a553cc

-------------------------------

If lock length in smb2 lock request from client is over flock max length size, lock length is changed to flock max length and don't return error response.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com Signed-off-by: Zhong Jinghua zhongjinghua@huawei.com --- fs/cifsd/smb2pdu.c | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-)

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index e17ad2032fc7..3fd266a94996 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -6422,7 +6422,7 @@ int smb2_lock(struct ksmbd_work *work) int flags = 0; int cmd = 0; int err = 0, i; - u64 lock_length; + u64 lock_start, lock_length; struct ksmbd_lock *smb_lock = NULL, *cmp_lock, *tmp; int nolock = 0; LIST_HEAD(lock_list); @@ -6461,25 +6461,22 @@ int smb2_lock(struct ksmbd_work *work)

cmd = smb2_set_flock_flags(flock, flags);

- flock->fl_start = le64_to_cpu(lock_ele[i].Offset); - if (flock->fl_start > OFFSET_MAX) { + lock_start = le64_to_cpu(lock_ele[i].Offset); + lock_length = le64_to_cpu(lock_ele[i].Length); + if (lock_start > U64_MAX - lock_length) { ksmbd_err("Invalid lock range requested\n"); rsp->hdr.Status = STATUS_INVALID_LOCK_RANGE; goto out; }

+ if (lock_start > OFFSET_MAX) + flock->fl_start = OFFSET_MAX; + else + flock->fl_start = lock_start; + lock_length = le64_to_cpu(lock_ele[i].Length); - if (lock_length > 0) { - if (lock_length > OFFSET_MAX - flock->fl_start) { - ksmbd_debug(SMB, - "Invalid lock range requested\n"); - lock_length = OFFSET_MAX - flock->fl_start; - rsp->hdr.Status = STATUS_INVALID_LOCK_RANGE; - goto out; - } - } else { - lock_length = 0; - } + if (lock_length > OFFSET_MAX - flock->fl_start) + lock_length = OFFSET_MAX - flock->fl_start;

flock->fl_end = flock->fl_start + lock_length;