Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp920687imj;
        Sat, 9 Feb 2019 10:49:24 -0800 (PST)
X-Google-Smtp-Source: AHgI3Ibir6a3iLTd44ctNFUALvTxhAzdd9f68ohQ2mWHGpkAoLXY3rcBe7CwyGUhxVlmX2nqn/zH
X-Received: by 2002:a17:902:780c:: with SMTP id p12mr29019110pll.197.1549738164753;
        Sat, 09 Feb 2019 10:49:24 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1549738164; cv=none;
        d=google.com; s=arc-20160816;
        b=uklLergjih2Y/pQ/p/yIp9p5WGmVCY26ihzvGHJUEGOAK15VgBJfsNzOrH3pr6XuGa
         ZUABjcNvujQNYCOSFCdvgTSTChrrXho/f5A1Bf4bhcuVxdPmDkZMDJ53RZ5qqzyJOQ+U
         Owent0pC15QOMcujhlhmM48BcmhwiqVdAzvQHMz5kgZwT2pEZpRkMH4cjD4eVEvJXKCs
         /UvtStHIOJ339ySiu2aB4d6GjWzV8FXoMngR4DmVfbJdVd5SBM0YKCVWd7AvDXpwkbfC
         frNDb7MXo/bwpZKdd8KIUu8jh+/QplDxsY+WB8xds1ATcboZBdqw8ZQcBhUqMTxikwdQ
         i+DA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=9JU+fTgmZLMsonD9oW4subbsBLLtOu71f5YJxAWkYxU=;
        b=o80fQUeVPyKlvS4YVwNO8D9uFGxvmkdka50HjvaSNeiuobKLfJdmVH6FKGNz1dG20M
         NPZSbrcypV/l1bhUQQ/OyNiabccV4WTwWaII7mdnIjc8ikNMnX4SftwABO9uta2k6DmN
         saN9TDxjzM9i56kY4QUXa5URmNmQ+3ws4AQKiKg5BPU4zv4R/vGzA1Tgs6aAWqG3ccSN
         M38peM5aJGjbN2oX/XmyYt6CKI8tvUGFnY79Gu5WV2P1Vd2w+NE9dSsVMnn55SNiZ2C6
         6G3MCPEG1X2hlxDpPOFgJQWSxIesj/YnAad6nNj2u+BHehfZeIzXldA0s3pV8fm74nJx
         GLMg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=eVnf05MW;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id i3si5213398pgq.217.2019.02.09.10.49.09;
        Sat, 09 Feb 2019 10:49:24 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=eVnf05MW;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727752AbfBISsf (ORCPT <rfc822;speed.demon0047@gmail.com>
        + 99 others); Sat, 9 Feb 2019 13:48:35 -0500
Received: from mail.kernel.org ([198.145.29.99]:33480 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1727708AbfBISsc (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 9 Feb 2019 13:48:32 -0500
Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 73B3621934;
        Sat,  9 Feb 2019 18:48:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1549738111;
        bh=ZoPCB8tqw3roLy1AgwIiFD6d2xpTW4ehwCnp6yXgX9c=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=eVnf05MWvL6X39y/CK1yzwuoMUGzXJkXhst6UvovggD1HreAFzEfLkCoqodhq5Rb0
         KObGmP3Vw4Wdo7Kma6M7a97qwvETHLkTDVFkmB1WPRuQKfkQN9iopGvMyITnBuQwiv
         rUOdyHzHLf78ow8KRg/EGfkfeKRekbkft3tsI7zg=
From:   Sasha Levin <sashal@kernel.org>
To:     linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc:     Ross Lagerwall <ross.lagerwall@citrix.com>,
        Steve French <stfrench@microsoft.com>,
        Sasha Levin <sashal@kernel.org>, linux-cifs@vger.kernel.org
Subject: [PATCH AUTOSEL 4.20 38/42] cifs: Limit memory used by lock request calls to a page
Date:   Sat,  9 Feb 2019 13:47:30 -0500
Message-Id: <20190209184734.125935-38-sashal@kernel.org>
X-Mailer: git-send-email 2.19.1
In-Reply-To: <20190209184734.125935-1-sashal@kernel.org>
References: <20190209184734.125935-1-sashal@kernel.org>
MIME-Version: 1.0
X-Patchwork-Hint: Ignore
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Ross Lagerwall <ross.lagerwall@citrix.com>

[ Upstream commit 92a8109e4d3a34fb6b115c9098b51767dc933444 ]

The code tries to allocate a contiguous buffer with a size supplied by
the server (maxBuf). This could fail if memory is fragmented since it
results in high order allocations for commonly used server
implementations. It is also wasteful since there are probably
few locks in the usual case. Limit the buffer to be no larger than a
page to avoid memory allocation failures due to fragmentation.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/cifs/file.c     | 8 ++++++++
 fs/cifs/smb2file.c | 4 ++++
 2 files changed, 12 insertions(+)

diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index 8431854b129f..116f8af0384f 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -1139,6 +1139,10 @@ cifs_push_mandatory_locks(struct cifsFileInfo *cfile)
 		return -EINVAL;
 	}
 
+	BUILD_BUG_ON(sizeof(struct smb_hdr) + sizeof(LOCKING_ANDX_RANGE) >
+		     PAGE_SIZE);
+	max_buf = min_t(unsigned int, max_buf - sizeof(struct smb_hdr),
+			PAGE_SIZE);
 	max_num = (max_buf - sizeof(struct smb_hdr)) /
 						sizeof(LOCKING_ANDX_RANGE);
 	buf = kcalloc(max_num, sizeof(LOCKING_ANDX_RANGE), GFP_KERNEL);
@@ -1477,6 +1481,10 @@ cifs_unlock_range(struct cifsFileInfo *cfile, struct file_lock *flock,
 	if (max_buf < (sizeof(struct smb_hdr) + sizeof(LOCKING_ANDX_RANGE)))
 		return -EINVAL;
 
+	BUILD_BUG_ON(sizeof(struct smb_hdr) + sizeof(LOCKING_ANDX_RANGE) >
+		     PAGE_SIZE);
+	max_buf = min_t(unsigned int, max_buf - sizeof(struct smb_hdr),
+			PAGE_SIZE);
 	max_num = (max_buf - sizeof(struct smb_hdr)) /
 						sizeof(LOCKING_ANDX_RANGE);
 	buf = kcalloc(max_num, sizeof(LOCKING_ANDX_RANGE), GFP_KERNEL);
diff --git a/fs/cifs/smb2file.c b/fs/cifs/smb2file.c
index 2fc3d31967ee..b204e84b87fb 100644
--- a/fs/cifs/smb2file.c
+++ b/fs/cifs/smb2file.c
@@ -128,6 +128,8 @@ smb2_unlock_range(struct cifsFileInfo *cfile, struct file_lock *flock,
 	if (max_buf < sizeof(struct smb2_lock_element))
 		return -EINVAL;
 
+	BUILD_BUG_ON(sizeof(struct smb2_lock_element) > PAGE_SIZE);
+	max_buf = min_t(unsigned int, max_buf, PAGE_SIZE);
 	max_num = max_buf / sizeof(struct smb2_lock_element);
 	buf = kcalloc(max_num, sizeof(struct smb2_lock_element), GFP_KERNEL);
 	if (!buf)
@@ -264,6 +266,8 @@ smb2_push_mandatory_locks(struct cifsFileInfo *cfile)
 		return -EINVAL;
 	}
 
+	BUILD_BUG_ON(sizeof(struct smb2_lock_element) > PAGE_SIZE);
+	max_buf = min_t(unsigned int, max_buf, PAGE_SIZE);
 	max_num = max_buf / sizeof(struct smb2_lock_element);
 	buf = kcalloc(max_num, sizeof(struct smb2_lock_element), GFP_KERNEL);
 	if (!buf) {
-- 
2.19.1