Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp2431961imj;
        Mon, 18 Feb 2019 06:01:05 -0800 (PST)
X-Google-Smtp-Source: AHgI3IZlV3AQDMXU5BOl752AWYPHIHh2aRfB2xm34MtEMVv3B2muAWtoAUXd90A/VtMsV2/RvIJo
X-Received: by 2002:a62:e704:: with SMTP id s4mr24285236pfh.94.1550498465027;
        Mon, 18 Feb 2019 06:01:05 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1550498465; cv=none;
        d=google.com; s=arc-20160816;
        b=Ge0W007ZMPzhxls8xqCInNEb41xhNK8F8j8oA2FXlKG1uxH3pX+QKK+BTczRFxv1jV
         m+O8oMKfl5JwzKnrzO1xE94j7G02MFlSkvID6De11A6CDZQleN2XCP923nYI3gQfbe4p
         Gs8Z5ehghwjdONX4VbbkKXdfuMP7wtSvgdO/khiNVLoU8x3sRYws+6aN6oJ3QBVQ8CAJ
         TYWTUR8YPAfm5Ni1DwyEckihY2mLHf011m7SmyC83Hp6X2RBkdE0S0WQ8L+gEJqO/UeA
         MnNFQ+gjRdAKg+uG77uYU14PznuqHVfV8wUfH1UtLWy9xyG4RziReg8my4pUiHyaFoV3
         9pmw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=uf7NtUkKNpWAeCnMuRsAqMmQUkAN2gixrkM6E7vkrsg=;
        b=oPpNGV9oFHUZu55RWmjb4FPdeiCq9GMpxoAg8FoUEgylm5+8Mw1gMx6FDEi8xmPolu
         6vSvfxCA5qKL5q6FlSDekAAP+a3WM18oa1NWW3ep1BYTYF+fy4FbeJNziCnIeLXHYJKc
         Oqr+dBWw0fKM3YFlDpdxUzFFwZSqoWvoeGRq7ea5we/74NMpZacGdgADWATvnPzeyciw
         7eWjpXiWpQsiDb1s0UN1mr67sbtY0h3e/OCflYJQn3NxG7Yz7xaPFvl5GR84Ya8utN4k
         5sREo7PjcXjQb1noRSG/Jr7Eu9XF1jPXJBJJ7y6/jVcCfBxQXap5kYlWN7Tm+0zcQt/R
         2Aig==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b="dJg/eWGT";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q5si5262740pgc.425.2019.02.18.06.00.49;
        Mon, 18 Feb 2019 06:01:05 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b="dJg/eWGT";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2388451AbfBRN6u (ORCPT <rfc822;zeqiangyin@gmail.com>
        + 99 others); Mon, 18 Feb 2019 08:58:50 -0500
Received: from mail.kernel.org ([198.145.29.99]:39564 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2388428AbfBRN6r (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 18 Feb 2019 08:58:47 -0500
Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id AA5AF21901;
        Mon, 18 Feb 2019 13:58:45 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1550498326;
        bh=okiAX8/GvgeHs96zqDcQhAP91OYi6LguLffJ11plJTQ=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=dJg/eWGTOf8EjmVgY6lRHmRoiQ+iMdqufWRv9z7XGJci2l01mBvYc0L4TFYqCNs/C
         NoJS26wWYDLZld0BoRN5FztYvjCQ+z/8nxq3cjDVxLhOqNOeP2sAsKQj9vAAy7m7yI
         utQk5wp/k4IuY9pWIJ7CPfhEOfC+Qdw7N+dviyZU=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Ross Lagerwall <ross.lagerwall@citrix.com>,
        Steve French <stfrench@microsoft.com>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.9 33/58] cifs: Limit memory used by lock request calls to a page
Date:   Mon, 18 Feb 2019 14:43:54 +0100
Message-Id: <20190218133511.215363164@linuxfoundation.org>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190218133508.567416115@linuxfoundation.org>
References: <20190218133508.567416115@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
X-Patchwork-Hint: ignore
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.9-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 92a8109e4d3a34fb6b115c9098b51767dc933444 ]

The code tries to allocate a contiguous buffer with a size supplied by
the server (maxBuf). This could fail if memory is fragmented since it
results in high order allocations for commonly used server
implementations. It is also wasteful since there are probably
few locks in the usual case. Limit the buffer to be no larger than a
page to avoid memory allocation failures due to fragmentation.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/cifs/file.c     | 8 ++++++++
 fs/cifs/smb2file.c | 4 ++++
 2 files changed, 12 insertions(+)

diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index a3046b6523c8..8ec296308729 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -1126,6 +1126,10 @@ cifs_push_mandatory_locks(struct cifsFileInfo *cfile)
 		return -EINVAL;
 	}
 
+	BUILD_BUG_ON(sizeof(struct smb_hdr) + sizeof(LOCKING_ANDX_RANGE) >
+		     PAGE_SIZE);
+	max_buf = min_t(unsigned int, max_buf - sizeof(struct smb_hdr),
+			PAGE_SIZE);
 	max_num = (max_buf - sizeof(struct smb_hdr)) /
 						sizeof(LOCKING_ANDX_RANGE);
 	buf = kcalloc(max_num, sizeof(LOCKING_ANDX_RANGE), GFP_KERNEL);
@@ -1462,6 +1466,10 @@ cifs_unlock_range(struct cifsFileInfo *cfile, struct file_lock *flock,
 	if (max_buf < (sizeof(struct smb_hdr) + sizeof(LOCKING_ANDX_RANGE)))
 		return -EINVAL;
 
+	BUILD_BUG_ON(sizeof(struct smb_hdr) + sizeof(LOCKING_ANDX_RANGE) >
+		     PAGE_SIZE);
+	max_buf = min_t(unsigned int, max_buf - sizeof(struct smb_hdr),
+			PAGE_SIZE);
 	max_num = (max_buf - sizeof(struct smb_hdr)) /
 						sizeof(LOCKING_ANDX_RANGE);
 	buf = kcalloc(max_num, sizeof(LOCKING_ANDX_RANGE), GFP_KERNEL);
diff --git a/fs/cifs/smb2file.c b/fs/cifs/smb2file.c
index b7885dc0d9bb..dee5250701de 100644
--- a/fs/cifs/smb2file.c
+++ b/fs/cifs/smb2file.c
@@ -129,6 +129,8 @@ smb2_unlock_range(struct cifsFileInfo *cfile, struct file_lock *flock,
 	if (max_buf < sizeof(struct smb2_lock_element))
 		return -EINVAL;
 
+	BUILD_BUG_ON(sizeof(struct smb2_lock_element) > PAGE_SIZE);
+	max_buf = min_t(unsigned int, max_buf, PAGE_SIZE);
 	max_num = max_buf / sizeof(struct smb2_lock_element);
 	buf = kcalloc(max_num, sizeof(struct smb2_lock_element), GFP_KERNEL);
 	if (!buf)
@@ -265,6 +267,8 @@ smb2_push_mandatory_locks(struct cifsFileInfo *cfile)
 		return -EINVAL;
 	}
 
+	BUILD_BUG_ON(sizeof(struct smb2_lock_element) > PAGE_SIZE);
+	max_buf = min_t(unsigned int, max_buf, PAGE_SIZE);
 	max_num = max_buf / sizeof(struct smb2_lock_element);
 	buf = kcalloc(max_num, sizeof(struct smb2_lock_element), GFP_KERNEL);
 	if (!buf) {
-- 
2.19.1