Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp2454885imj;
        Mon, 18 Feb 2019 06:20:35 -0800 (PST)
X-Google-Smtp-Source: AHgI3IZpNbOiL2E5xSqrdhz/pPhuwb3SIfrVz8OG6/QxNOp7DExwjAPDfy/F1c6GqdHg3aCYKMXv
X-Received: by 2002:a63:354a:: with SMTP id c71mr19357815pga.150.1550499635665;
        Mon, 18 Feb 2019 06:20:35 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1550499635; cv=none;
        d=google.com; s=arc-20160816;
        b=t3rwEUvun5VImSRPIY3qxZ0tzpkQB8PqVa7hWMY8P5CtXtG7ri+agg/4S6FV9rwNBo
         v8xpMrKKVM6/gFipXEL1Qxdqfu9rEQmcnIRXsUP6EYn9hbiJotUZvHJNFwMoXZANa7TG
         O414ulEj5Ajz5Zo6e5hEcYdAtb2Mucbxy+p9PRh+kyOUnBEliAm8qKHnZlfk0nZF2ckn
         ny74LGL/EdsMUvj1BED2w+fc2VWT7tX9UMLYAfS3DVgId7M3a++/pbouxHOWqoPrkmPn
         8pLpaYE5fJf7rZVJAmFc1sJyje6XeIEWhjfVF2AnyKtsGNh4IhAZQamhiZ94enaI96VO
         sPmw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=EFW/YV1xALRnc+lx46aeyaHOm6zRgho+FIWbSjNSgXs=;
        b=oG2/t+ALIgJVJfcGTLSR7DUO+XnmC9w0oLHiykE5yyhgrT6QbggzpgY1USyk4QjZnr
         H8fwxYKwMrvObX336TwnmDwfcJiLtN5lyBx2I5LebT1UZpTBY4M5ZkL9OrHnl/fG7vcA
         Yt2N1pK7NYN4uXGumjAJ4OqP99AcpHqz3ECYok/JP9HjPyiEmooa7asrb7wmR6mSG/81
         gQAVY+dSLlLNOs4O6uRpStfO1FlcoqLF1Dho6vTZwDezj5kNhXXje2ULXO0b2mKKH6Nl
         3q511rHJnqR6T3eUAlh8WhJHdqvIeczFMO7yRsiDh//umCVvTSdvrBpu/LJF58EWOnjM
         0X9g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=QmTtgZif;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q20si12816962pgl.268.2019.02.18.06.20.19;
        Mon, 18 Feb 2019 06:20:35 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=QmTtgZif;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2388911AbfBROT2 (ORCPT <rfc822;zeqiangyin@gmail.com>
        + 99 others); Mon, 18 Feb 2019 09:19:28 -0500
Received: from mail.kernel.org ([198.145.29.99]:51276 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2390839AbfBROIE (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 18 Feb 2019 09:08:04 -0500
Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id BF17521902;
        Mon, 18 Feb 2019 14:08:02 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1550498883;
        bh=/Q7asnHEvtYZbGowDsqMBio6p2qVX/A4QZ4pmzXjQE0=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=QmTtgZifWiiFAAv423D163n0ALGE0VpCW+LbLDdLnVUD2+bYKZ52Mjjxo5A3y49I8
         7qUusP6YXOO1ywo15elN1AcVWZ21BoYjfL8XAwkzfuE2RH9ZcNfvwojVihWkrpaXyk
         tVUzmRe0QhSuSH9v8FFGthIpJzi7QHkPLETKs1Us=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Ross Lagerwall <ross.lagerwall@citrix.com>,
        Steve French <stfrench@microsoft.com>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.4 123/143] cifs: Limit memory used by lock request calls to a page
Date:   Mon, 18 Feb 2019 14:44:11 +0100
Message-Id: <20190218133533.494382891@linuxfoundation.org>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190218133529.099444112@linuxfoundation.org>
References: <20190218133529.099444112@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
X-Patchwork-Hint: ignore
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 92a8109e4d3a34fb6b115c9098b51767dc933444 ]

The code tries to allocate a contiguous buffer with a size supplied by
the server (maxBuf). This could fail if memory is fragmented since it
results in high order allocations for commonly used server
implementations. It is also wasteful since there are probably
few locks in the usual case. Limit the buffer to be no larger than a
page to avoid memory allocation failures due to fragmentation.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/cifs/file.c     | 8 ++++++++
 fs/cifs/smb2file.c | 4 ++++
 2 files changed, 12 insertions(+)

diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index 026b399af215..1062e96ee272 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -1081,6 +1081,10 @@ cifs_push_mandatory_locks(struct cifsFileInfo *cfile)
 		return -EINVAL;
 	}
 
+	BUILD_BUG_ON(sizeof(struct smb_hdr) + sizeof(LOCKING_ANDX_RANGE) >
+		     PAGE_SIZE);
+	max_buf = min_t(unsigned int, max_buf - sizeof(struct smb_hdr),
+			PAGE_SIZE);
 	max_num = (max_buf - sizeof(struct smb_hdr)) /
 						sizeof(LOCKING_ANDX_RANGE);
 	buf = kcalloc(max_num, sizeof(LOCKING_ANDX_RANGE), GFP_KERNEL);
@@ -1410,6 +1414,10 @@ cifs_unlock_range(struct cifsFileInfo *cfile, struct file_lock *flock,
 	if (max_buf < (sizeof(struct smb_hdr) + sizeof(LOCKING_ANDX_RANGE)))
 		return -EINVAL;
 
+	BUILD_BUG_ON(sizeof(struct smb_hdr) + sizeof(LOCKING_ANDX_RANGE) >
+		     PAGE_SIZE);
+	max_buf = min_t(unsigned int, max_buf - sizeof(struct smb_hdr),
+			PAGE_SIZE);
 	max_num = (max_buf - sizeof(struct smb_hdr)) /
 						sizeof(LOCKING_ANDX_RANGE);
 	buf = kcalloc(max_num, sizeof(LOCKING_ANDX_RANGE), GFP_KERNEL);
diff --git a/fs/cifs/smb2file.c b/fs/cifs/smb2file.c
index b7885dc0d9bb..dee5250701de 100644
--- a/fs/cifs/smb2file.c
+++ b/fs/cifs/smb2file.c
@@ -129,6 +129,8 @@ smb2_unlock_range(struct cifsFileInfo *cfile, struct file_lock *flock,
 	if (max_buf < sizeof(struct smb2_lock_element))
 		return -EINVAL;
 
+	BUILD_BUG_ON(sizeof(struct smb2_lock_element) > PAGE_SIZE);
+	max_buf = min_t(unsigned int, max_buf, PAGE_SIZE);
 	max_num = max_buf / sizeof(struct smb2_lock_element);
 	buf = kcalloc(max_num, sizeof(struct smb2_lock_element), GFP_KERNEL);
 	if (!buf)
@@ -265,6 +267,8 @@ smb2_push_mandatory_locks(struct cifsFileInfo *cfile)
 		return -EINVAL;
 	}
 
+	BUILD_BUG_ON(sizeof(struct smb2_lock_element) > PAGE_SIZE);
+	max_buf = min_t(unsigned int, max_buf, PAGE_SIZE);
 	max_num = max_buf / sizeof(struct smb2_lock_element);
 	buf = kcalloc(max_num, sizeof(struct smb2_lock_element), GFP_KERNEL);
 	if (!buf) {
-- 
2.19.1