Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp2472357imj;
        Mon, 18 Feb 2019 06:37:07 -0800 (PST)
X-Google-Smtp-Source: AHgI3IaQz0hSDfeA5CN41xdHS+r4t8VjytDC6qywFm9rFyB5+BB2hdF1qSiip1OSafEKOVN1G90t
X-Received: by 2002:a63:a11:: with SMTP id 17mr19082039pgk.310.1550500627221;
        Mon, 18 Feb 2019 06:37:07 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1550500627; cv=none;
        d=google.com; s=arc-20160816;
        b=DHbOHFFkq5pdQn/rkqtGI2fgBzbQs8xHV5GZJP4I0c1GAHc1dIdwtQexZbcVDJfiYc
         IRFJaaVt9magdm/8UKv/5xJvkOif2q6cKJGPGA2j8ct/Jm+n9lA4EycpYn4xHs8dapzq
         eTkOW3LYBZGzN0UgUQHV1if0cjZQ5ZO3lB/9UxMEDLLBi958T1f/WodWfqySntosPiys
         O0G+vMJniX+TwbcjTQQt2pjAbThGjIqGQzCskMGdNw1lt5BeIQZ4puHc6BgeHjouvXux
         xLOYNck1CdENqQYT+oBjuQSCljq0pK9e5iNjyP1dhFPhuQWn/QJR0mUGLYwzXr1PCbHn
         OHqw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=O8cYphfboeHruMQVaLNVqrQd3SeyEnYHb7TgZwVUG8E=;
        b=0uOjB9mbymnQrw+aAlcjPgBFZz5n/spAL2m4chdUaVMRcoT3Zg7h33AU3FwZ2kM1nt
         BGxkG07ykaTmiBgPhJyb7TR/kU+Wqf7RBdayYJGaUa4Tvxp6l96tpVdsBb2L7vw7gR+9
         rzoFGf3IMinu6f1x6Itvm30SyE3cmOlHxJ2Nz9no+1P8c65674oQhgFgkbXJC0SC5gNe
         abnDmC3mvUNqb7ahkv/IktLldgEIzs7LfUBUt8S1oV9XftV9NA5y0nDHkdGnaz0ui0UL
         eCOitXFt7w9T870BmAmLInoTRumDbbI3knsuxtPU/41gFNlm+1YaqftRBy3xEhZ3LoOc
         O4cw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=UdURHL7T;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id ce8si13680130plb.395.2019.02.18.06.36.51;
        Mon, 18 Feb 2019 06:37:07 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=UdURHL7T;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2387605AbfBRNzv (ORCPT <rfc822;zeqiangyin@gmail.com>
        + 99 others); Mon, 18 Feb 2019 08:55:51 -0500
Received: from mail.kernel.org ([198.145.29.99]:35912 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2387587AbfBRNzt (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 18 Feb 2019 08:55:49 -0500
Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id DBA26217D9;
        Mon, 18 Feb 2019 13:55:47 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1550498148;
        bh=H3kKwFrr3bmZt9Vsp+VtO0751YFKLGZbPpRMVbl5YZc=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=UdURHL7TWPaxvrM6xhlaZslS9WKGiVS8x9e2qOn9ozeMXHUMinsSi+fuMgvTEL7xD
         6kluQ3H3YZn+zLu7xk5tOmjMfNL++gYz/oyKN4zu5yznD7KWcqpt40DKQTrFD5MipG
         oM5/qYoJ2segnRORZOd9nCg7UfcyJsHWtghybz2s=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Ross Lagerwall <ross.lagerwall@citrix.com>,
        Steve French <stfrench@microsoft.com>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.14 39/62] cifs: Limit memory used by lock request calls to a page
Date:   Mon, 18 Feb 2019 14:43:45 +0100
Message-Id: <20190218133509.256534671@linuxfoundation.org>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190218133505.801423074@linuxfoundation.org>
References: <20190218133505.801423074@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
X-Patchwork-Hint: ignore
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.14-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 92a8109e4d3a34fb6b115c9098b51767dc933444 ]

The code tries to allocate a contiguous buffer with a size supplied by
the server (maxBuf). This could fail if memory is fragmented since it
results in high order allocations for commonly used server
implementations. It is also wasteful since there are probably
few locks in the usual case. Limit the buffer to be no larger than a
page to avoid memory allocation failures due to fragmentation.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/cifs/file.c     | 8 ++++++++
 fs/cifs/smb2file.c | 4 ++++
 2 files changed, 12 insertions(+)

diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index 1e176e11dbfa..852d7d1dcbbd 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -1128,6 +1128,10 @@ cifs_push_mandatory_locks(struct cifsFileInfo *cfile)
 		return -EINVAL;
 	}
 
+	BUILD_BUG_ON(sizeof(struct smb_hdr) + sizeof(LOCKING_ANDX_RANGE) >
+		     PAGE_SIZE);
+	max_buf = min_t(unsigned int, max_buf - sizeof(struct smb_hdr),
+			PAGE_SIZE);
 	max_num = (max_buf - sizeof(struct smb_hdr)) /
 						sizeof(LOCKING_ANDX_RANGE);
 	buf = kcalloc(max_num, sizeof(LOCKING_ANDX_RANGE), GFP_KERNEL);
@@ -1466,6 +1470,10 @@ cifs_unlock_range(struct cifsFileInfo *cfile, struct file_lock *flock,
 	if (max_buf < (sizeof(struct smb_hdr) + sizeof(LOCKING_ANDX_RANGE)))
 		return -EINVAL;
 
+	BUILD_BUG_ON(sizeof(struct smb_hdr) + sizeof(LOCKING_ANDX_RANGE) >
+		     PAGE_SIZE);
+	max_buf = min_t(unsigned int, max_buf - sizeof(struct smb_hdr),
+			PAGE_SIZE);
 	max_num = (max_buf - sizeof(struct smb_hdr)) /
 						sizeof(LOCKING_ANDX_RANGE);
 	buf = kcalloc(max_num, sizeof(LOCKING_ANDX_RANGE), GFP_KERNEL);
diff --git a/fs/cifs/smb2file.c b/fs/cifs/smb2file.c
index 79078533f807..1add404618f0 100644
--- a/fs/cifs/smb2file.c
+++ b/fs/cifs/smb2file.c
@@ -130,6 +130,8 @@ smb2_unlock_range(struct cifsFileInfo *cfile, struct file_lock *flock,
 	if (max_buf < sizeof(struct smb2_lock_element))
 		return -EINVAL;
 
+	BUILD_BUG_ON(sizeof(struct smb2_lock_element) > PAGE_SIZE);
+	max_buf = min_t(unsigned int, max_buf, PAGE_SIZE);
 	max_num = max_buf / sizeof(struct smb2_lock_element);
 	buf = kcalloc(max_num, sizeof(struct smb2_lock_element), GFP_KERNEL);
 	if (!buf)
@@ -266,6 +268,8 @@ smb2_push_mandatory_locks(struct cifsFileInfo *cfile)
 		return -EINVAL;
 	}
 
+	BUILD_BUG_ON(sizeof(struct smb2_lock_element) > PAGE_SIZE);
+	max_buf = min_t(unsigned int, max_buf, PAGE_SIZE);
 	max_num = max_buf / sizeof(struct smb2_lock_element);
 	buf = kcalloc(max_num, sizeof(struct smb2_lock_element), GFP_KERNEL);
 	if (!buf) {
-- 
2.19.1