Received: by 10.192.165.156 with SMTP id m28csp460471imm;
        Tue, 17 Apr 2018 13:12:59 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4/JLNNzaPJS9jDANHV8Ie/LP0946Diw4F5MgFGndcjTNJJHeEI5uG7o0nAw5y9rQnOoO//C
X-Received: by 10.167.129.85 with SMTP id d21mr3164112pfn.79.1523995978994;
        Tue, 17 Apr 2018 13:12:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1523995978; cv=none;
        d=google.com; s=arc-20160816;
        b=dxAMZ/Pfwsh/zm1eBsd3D+IZy5IzNA2T714gYUsZ7AcAoEKMAQyinSClD13G/r27Y4
         059bLru9cHvsI9uGE6TXvQnzu5AXux826ZT/BM6Gro0IvKdaVKDrgFqeVW4TLeL58dyQ
         mj5nd1khQ7eqGR5IK+wqnh2sLE0nJYOBMPbgMV57Vj/oi4XhPv9bgRhogdG57LghhZlf
         IyX9DLWS8sVYGj3tUa+jWppLYiDWyD/G8AKiFdYikre/SeU14KYCFCnTBCDWYN813VRg
         gCejjn0YB4UXrE5UPxgYrs7HUkNzpzBmfG+e1tlKZ0+7OD73DvYgiEn8q9BkXalJwof+
         ldIQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:content-transfer-encoding
         :spamdiagnosticmetadata:spamdiagnosticoutput:content-language
         :accept-language:in-reply-to:references:message-id:date:thread-index
         :thread-topic:subject:cc:to:from:dkim-signature
         :arc-authentication-results;
        bh=hv/c2hxnJctW6etd41Lasi4p+/f/DFb3O+DzqR2+CxY=;
        b=wrUlHOxjyAvzq/NpffsYzeMMzngAcYi6pJAJaKMP+z3UUKPapXzWBBdWw38T2smQ/a
         q2KNn5ii46me+sFGzpqK3pVd2oP0BY91ySryTFGsZkiNpOhibZ7hXYi77jVzAwLYlG19
         Tjmd9T65kMfjWsJRxx1OGkgrnQr5hHNxUeLKirzjZn4h4wmeLtu35hP5/vqydjwUn51B
         4WWq3zgWRYiTj5aq4dR1aZG7xHXmoCMoRSHuLbR2xbxIyroQI2YN4eN/pk58LXOyK0Et
         8JBZTLxGsYqYy5gYQsr8Srjzb4AxUQ3W95RtV1viAu9e3lPxF8CmjIn1rbO/Hru7+4ws
         G/xg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@microsoft.com header.s=selector1 header.b=OS1Qt+Wa;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id z20si13320834pfh.251.2018.04.17.13.12.44;
        Tue, 17 Apr 2018 13:12:58 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@microsoft.com header.s=selector1 header.b=OS1Qt+Wa;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752958AbeDQULU (ORCPT <rfc822;charleyewang@gmail.com>
        + 99 others); Tue, 17 Apr 2018 16:11:20 -0400
Received: from mail-cys01nam02on0121.outbound.protection.outlook.com ([104.47.37.121]:49510
        "EHLO NAM02-CY1-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1751204AbeDQULR (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 17 Apr 2018 16:11:17 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=hv/c2hxnJctW6etd41Lasi4p+/f/DFb3O+DzqR2+CxY=;
 b=OS1Qt+WaAiun6JfmPuWRCPeFKRo2006yytEn4AnoHqfFz3sN0knXb8PK4KwzYMVN+dnsUJd9uJ/CRW/DC+Hg2JN5FsszB3YCBSEv38tuS6SVgpqhIDRmDEjaK8ct0+er15x4fL7mRPukoZPb2GJ8nzGbwhn7rE44dCaMxeRcNo4=
Received: from MWHPR2101MB0729.namprd21.prod.outlook.com (10.167.161.167) by
 MWHPR2101MB0729.namprd21.prod.outlook.com (10.167.161.167) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.715.5; Tue, 17 Apr 2018 20:11:14 +0000
Received: from MWHPR2101MB0729.namprd21.prod.outlook.com
 ([fe80::40ba:e5b4:3d8d:325e]) by MWHPR2101MB0729.namprd21.prod.outlook.com
 ([fe80::40ba:e5b4:3d8d:325e%2]) with mapi id 15.20.0715.007; Tue, 17 Apr 2018
 20:11:14 +0000
From:   Long Li <longli@microsoft.com>
To:     Parav Pandit <parav@mellanox.com>,
        Steve French <sfrench@samba.org>,
        "linux-cifs@vger.kernel.org" <linux-cifs@vger.kernel.org>,
        "samba-technical@lists.samba.org" <samba-technical@lists.samba.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "linux-rdma@vger.kernel.org" <linux-rdma@vger.kernel.org>
CC:     "stable@vger.kernel.org" <stable@vger.kernel.org>
Subject: RE: [Patch v2 2/6] cifs: Allocate validate negotiation request
 through kmalloc
Thread-Topic: [Patch v2 2/6] cifs: Allocate validate negotiation request
 through kmalloc
Thread-Index: AQHT1oDi/JtXjb7nnEuffEhFIifliqQFYCYAgAACRmA=
Date:   Tue, 17 Apr 2018 20:11:14 +0000
Message-ID: <MWHPR2101MB0729D25984E4C57E79355794CEB70@MWHPR2101MB0729.namprd21.prod.outlook.com>
References: <20180417191710.14855-1-longli@linuxonhyperv.com>
 <20180417191710.14855-2-longli@linuxonhyperv.com>
 <VI1PR0502MB30080A26FFC2A6132397C549D1B70@VI1PR0502MB3008.eurprd05.prod.outlook.com>
In-Reply-To: <VI1PR0502MB30080A26FFC2A6132397C549D1B70@VI1PR0502MB3008.eurprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [2001:4898:80e8:7::2e0]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1;MWHPR2101MB0729;7:8KrLydkEegdpks92mFx/ROfs2YKRoqDFUUlKjm0W0v3rP1gz0hVh2Yt9PCEwOe1R5DikiJAa+YW+gu5I+omRlJ8GEg+9I4ZP+uUv+Bt4LufhYNzIaxFEQLXrUKp6NaaLLlZP/6P/GCM0VDSyzypOK/s/kAQJb6yG+fU6tiQcwHRe0PW3QSiBqgOkkF3x3AldqBbhjLcSQs86+EgUeDuN12q/um8mBewInprOg7CqTkOh8oV09WnDttcUxbaxFLdU;20:eFKKncQKwIKQOjlSMZ7aXVg5kWJf/IuCyXvAtEkcfwjHfdDpobvDrMJcZlsEx7VzJ7GoTwq9CoYbATqEktcluZ/rVi5LQgvs8OI6kmzl/Ft4YvqE3zP80uns3lzuOussLbHGjyj4PuRfVSUzMTdzNMSv3JVQwoFa18sHl+7xPk4=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(2017052603328)(7193020);SRVR:MWHPR2101MB0729;
x-ms-traffictypediagnostic: MWHPR2101MB0729:
authentication-results: outbound.protection.outlook.com; spf=skipped
 (originating message); dkim=none (message not signed) header.d=none;
 dmarc=none action=none header.from=microsoft.com;
x-microsoft-antispam-prvs: <MWHPR2101MB072969E8171C9A6E4359205CCEB70@MWHPR2101MB0729.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(89211679590171)(9452136761055);
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(8211001083)(61425038)(6040522)(2401047)(8121501046)(5005006)(10201501046)(3231232)(944501361)(52105095)(3002001)(93006095)(93001095)(6055026)(61426038)(61427038)(6041310)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(6072148)(201708071742011);SRVR:MWHPR2101MB0729;BCL:0;PCL:0;RULEID:;SRVR:MWHPR2101MB0729;
x-forefront-prvs: 0645BEB7AA
x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(376002)(366004)(39860400002)(13464003)(9686003)(110136005)(3280700002)(575784001)(102836004)(10090500001)(2201001)(4326008)(86612001)(86362001)(316002)(6116002)(8936002)(5660300001)(8990500004)(14454004)(8676002)(22452003)(10290500003)(81166006)(2501003)(478600001)(305945005)(15650500001)(74316002)(99286004)(186003)(3660700001)(6436002)(2906002)(7696005)(33656002)(5250100002)(25786009)(446003)(6506007)(229853002)(476003)(7736002)(76176011)(59450400001)(53546011)(11346002);DIR:OUT;SFP:1102;SCL:1;SRVR:MWHPR2101MB0729;H:MWHPR2101MB0729.namprd21.prod.outlook.com;FPR:;SPF:None;LANG:en;MLV:sfv;
x-microsoft-antispam-message-info: dLZ/wAIOV4qyzO/hM4SpI8rDfOZ4ed8Sx1MVHWwUnxlPzVbgrpODUsiHOgBPJO56rykiVqE7GAomxOO84vYICSaA9UK9BfbWuAyXaWKhlXjS/iaoo6zQpCSTINqhRg7kjjZx740WKTggLKXnLSncwKphedjmpFPWhZofbGuO6WW1SRCkKat3F7SfHx3YQ+cf
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 8bf7ab6b-917b-4345-61d7-08d5a49f5f46
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8bf7ab6b-917b-4345-61d7-08d5a49f5f46
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Apr 2018 20:11:14.7527
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR2101MB0729
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

> Subject: RE: [Patch v2 2/6] cifs: Allocate validate negotiation request t=
hrough
> kmalloc
>=20
>=20
>=20
> > -----Original Message-----
> > From: linux-rdma-owner@vger.kernel.org [mailto:linux-rdma-
> > owner@vger.kernel.org] On Behalf Of Long Li
> > Sent: Tuesday, April 17, 2018 2:17 PM
> > To: Steve French <sfrench@samba.org>; linux-cifs@vger.kernel.org;
> > samba- technical@lists.samba.org; linux-kernel@vger.kernel.org; linux-
> > rdma@vger.kernel.org
> > Cc: longli <longli@microsoft.com>; stable@vger.kernel.org
> > Subject: [Patch v2 2/6] cifs: Allocate validate negotiation request
> > through kmalloc
> >
> > From: Long Li <longli@microsoft.com>
> >
> > The data buffer allocated on the stack can't be DMA'ed, and hence
> > can't send through RDMA via SMB Direct.
> >
> > Fix this by allocating the request on the heap in smb3_validate_negotia=
te.
> >
> > Fixes: ff1c038addc4f205d5f1ede449426c7d316c0eed "Check SMB3 dialects
> > against downgrade attacks"
> >
>=20
> Format is:
> Fixes: ff1c038addc4 ("Check SMB3 dialects against downgrade attacks") It
> should be right above Signed-off signature.

I will fix up and resend this patch.

How about the rest patches (1, 3-6) in the series? If they don't need any c=
hanges, is it okay that I resend this one only?

>=20
> > Changes in v2:
> > Removed duplicated code on freeing buffers on function exit.
> > (Thanks to Parav Pandit <parav@mellanox.com>)
> >
> > Fixed typo in the patch title.
> >
> > Signed-off-by: Long Li <longli@microsoft.com>
> > Cc: stable@vger.kernel.org
> > ---
> >  fs/cifs/smb2pdu.c | 57
> > ++++++++++++++++++++++++++++++------------------------
> > -
> >  1 file changed, 31 insertions(+), 26 deletions(-)
> >
> > diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index
> > 0f044c4..41625e4
> > 100644
> > --- a/fs/cifs/smb2pdu.c
> > +++ b/fs/cifs/smb2pdu.c
> > @@ -729,8 +729,8 @@ SMB2_negotiate(const unsigned int xid, struct
> > cifs_ses
> > *ses)
> >
> >  int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *=
tcon)
> {
> > -	int rc =3D 0;
> > -	struct validate_negotiate_info_req vneg_inbuf;
> > +	int ret, rc =3D -EIO;
> > +	struct validate_negotiate_info_req *pneg_inbuf;
> >  	struct validate_negotiate_info_rsp *pneg_rsp =3D NULL;
> >  	u32 rsplen;
> >  	u32 inbuflen; /* max of 4 dialects */ @@ -741,6 +741,9 @@ int
> > smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon
> > *tcon)
> >  	if (tcon->ses->server->rdma)
> >  		return 0;
> >  #endif
> > +	pneg_inbuf =3D kmalloc(sizeof(*pneg_inbuf), GFP_KERNEL);
> > +	if (!pneg_inbuf)
> > +		return -ENOMEM;
> >
> >  	/* In SMB3.11 preauth integrity supersedes validate negotiate */
> >  	if (tcon->ses->server->dialect =3D=3D SMB311_PROT_ID) @@ -764,53
> > +767,53 @@ int smb3_validate_negotiate(const unsigned int xid, struct
> > cifs_tcon *tcon)
> >  	if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_NULL)
> >  		cifs_dbg(VFS, "Unexpected null user (anonymous) auth flag
> sent by
> > server\n");
> >
> > -	vneg_inbuf.Capabilities =3D
> > +	pneg_inbuf->Capabilities =3D
> >  			cpu_to_le32(tcon->ses->server->vals-
> > >req_capabilities);
> > -	memcpy(vneg_inbuf.Guid, tcon->ses->server->client_guid,
> > +	memcpy(pneg_inbuf->Guid, tcon->ses->server->client_guid,
> >  					SMB2_CLIENT_GUID_SIZE);
> >
> >  	if (tcon->ses->sign)
> > -		vneg_inbuf.SecurityMode =3D
> > +		pneg_inbuf->SecurityMode =3D
> >
> 	cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED);
> >  	else if (global_secflags & CIFSSEC_MAY_SIGN)
> > -		vneg_inbuf.SecurityMode =3D
> > +		pneg_inbuf->SecurityMode =3D
> >
> 	cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED);
> >  	else
> > -		vneg_inbuf.SecurityMode =3D 0;
> > +		pneg_inbuf->SecurityMode =3D 0;
> >
> >
> >  	if (strcmp(tcon->ses->server->vals->version_string,
> Please check if strncmp() should be used or not.
>=20
> >  		SMB3ANY_VERSION_STRING) =3D=3D 0) {
> > -		vneg_inbuf.Dialects[0] =3D cpu_to_le16(SMB30_PROT_ID);
> > -		vneg_inbuf.Dialects[1] =3D cpu_to_le16(SMB302_PROT_ID);
> > -		vneg_inbuf.DialectCount =3D cpu_to_le16(2);
> > +		pneg_inbuf->Dialects[0] =3D cpu_to_le16(SMB30_PROT_ID);
> > +		pneg_inbuf->Dialects[1] =3D cpu_to_le16(SMB302_PROT_ID);
> > +		pneg_inbuf->DialectCount =3D cpu_to_le16(2);
> >  		/* structure is big enough for 3 dialects, sending only 2 */
> >  		inbuflen =3D sizeof(struct validate_negotiate_info_req) - 2;
> >  	} else if (strcmp(tcon->ses->server->vals->version_string,
> >  		SMBDEFAULT_VERSION_STRING) =3D=3D 0) {
> > -		vneg_inbuf.Dialects[0] =3D cpu_to_le16(SMB21_PROT_ID);
> > -		vneg_inbuf.Dialects[1] =3D cpu_to_le16(SMB30_PROT_ID);
> > -		vneg_inbuf.Dialects[2] =3D cpu_to_le16(SMB302_PROT_ID);
> > -		vneg_inbuf.DialectCount =3D cpu_to_le16(3);
> > +		pneg_inbuf->Dialects[0] =3D cpu_to_le16(SMB21_PROT_ID);
> > +		pneg_inbuf->Dialects[1] =3D cpu_to_le16(SMB30_PROT_ID);
> > +		pneg_inbuf->Dialects[2] =3D cpu_to_le16(SMB302_PROT_ID);
> > +		pneg_inbuf->DialectCount =3D cpu_to_le16(3);
> >  		/* structure is big enough for 3 dialects */
> >  		inbuflen =3D sizeof(struct validate_negotiate_info_req);
> >  	} else {
> >  		/* otherwise specific dialect was requested */
> > -		vneg_inbuf.Dialects[0] =3D
> > +		pneg_inbuf->Dialects[0] =3D
> >  			cpu_to_le16(tcon->ses->server->vals->protocol_id);
> > -		vneg_inbuf.DialectCount =3D cpu_to_le16(1);
> > +		pneg_inbuf->DialectCount =3D cpu_to_le16(1);
> >  		/* structure is big enough for 3 dialects, sending only 1 */
> >  		inbuflen =3D sizeof(struct validate_negotiate_info_req) - 4;
> >  	}
> >
> > -	rc =3D SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID,
> > +	ret =3D SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID,
> >  		FSCTL_VALIDATE_NEGOTIATE_INFO, true /* is_fsctl */,
> > -		(char *)&vneg_inbuf, sizeof(struct
> > validate_negotiate_info_req),
> > +		(char *)pneg_inbuf, sizeof(struct
> validate_negotiate_info_req),
>=20
> Use sizeof(*pneg_inbuf)
>=20
> >  		(char **)&pneg_rsp, &rsplen);
> >
> > -	if (rc !=3D 0) {
> > -		cifs_dbg(VFS, "validate protocol negotiate failed: %d\n", rc);
> > -		return -EIO;
> > +	if (ret !=3D 0) {
>=20
> if (ret) is fine.
>=20
> > +		cifs_dbg(VFS, "validate protocol negotiate failed: %d\n", ret);
> > +		goto out_free_inbuf;
> >  	}
> >
> >  	if (rsplen !=3D sizeof(struct validate_negotiate_info_rsp)) { @@
> > -820,7
>=20
> if (rsplen !=3D sizeof(*pneg_rsp))