Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp2481451imj;
        Mon, 18 Feb 2019 06:46:40 -0800 (PST)
X-Google-Smtp-Source: AHgI3Ia6Rzqj35hOO0XgTilvRNizyHRCO+M0TAK9Bd1AfMQQ45cH4xF8En9TjNnFzCUIxomaBkJ7
X-Received: by 2002:a17:902:207:: with SMTP id 7mr20440154plc.142.1550501200055;
        Mon, 18 Feb 2019 06:46:40 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1550501200; cv=none;
        d=google.com; s=arc-20160816;
        b=Ub1vE7hHYTbCDeAYWP0hIql7lnH2zhmwRVcd+DSuR4yk6Xn5A39pGS67evwTUzQ1Rn
         yO0FIS8VmrnKHecrdFL2w3xDsd9ycZAblllAmcXYtTV7MJUFKZqrSa5EDrRppLoZQ1fV
         fskxxnhNSyZQS2htPzpd95T2jL79y0ZznjFrwcB3KJ0lxp/vEozS2oafmww3XGxsgCkP
         si2OMZJnq42C0jU5F8xwIs0UiaFx3WSRj2XC8/rwLgHbBMwZW2Rj8IWeeYfN0DThQEln
         0Hc4hZ4beEItxUjm0fS4TCwFWtQ2FB/Fyb19pDoBt3h6oybfneO6OcotBPVeys7eSo99
         4n9Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=OGp+QKljNalEyIoVXqnCg6kO7sp/82PioqZjx1MTNUU=;
        b=oe4mhRqNfko/8bxSmhQIxuPnYavSoWj6M884pUTt8lOxP5mV4GBOSF4pFoDKEgcyjj
         UEJoc06QZBV/reJ9tDzTha1hzUmOIH6mn9hCIyBsW4fmtAB48e8Euscv+eWrdFTIiLap
         Bp4G3Sn1pGx46Iy2EIeMBPMuFG5e7tuYLEVk513fqdS8NbzQC03cCGxtGGE3FZcOqiTE
         QpmXBSVyoDJ0Cb4qMCSg6c3N1wQ7p64NjX76MJmc79ZcT1cm06d7yPaVUZuTRQr54vxd
         Ad9Wji7b3bHQTcTt8TPuIds/7lBnRJ+grh/sy61PgwOB6koFgky8JOQyO9uXlQqYgoB+
         t+3w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=gOFVQdbw;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q12si7859473pli.428.2019.02.18.06.46.23;
        Mon, 18 Feb 2019 06:46:40 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=gOFVQdbw;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731005AbfBRNrZ (ORCPT <rfc822;zeqiangyin@gmail.com>
        + 99 others); Mon, 18 Feb 2019 08:47:25 -0500
Received: from mail.kernel.org ([198.145.29.99]:53984 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1730945AbfBRNrX (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 18 Feb 2019 08:47:23 -0500
Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id C46B2218FC;
        Mon, 18 Feb 2019 13:47:21 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1550497642;
        bh=zHKRGemVqvcZi2+NoR3AImf85XUtOiLFTm3dc3/RK4I=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=gOFVQdbwqTdhsGZoe/z0ASEeIX1hCQuM9THsUsFA4+VQG/2GtvVzxPSF64W6VZ0if
         ZphwCzL0fUPWgZXGIQFthkUQt1tj1hxkh+52/m9CMDudui7m0hWo9+YRWrqrG9ZaxS
         gF716oNaKVC7R2KNWU5NcwwP2PMG8PzQI043BRHg=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Ross Lagerwall <ross.lagerwall@citrix.com>,
        Steve French <stfrench@microsoft.com>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.20 41/92] cifs: Limit memory used by lock request calls to a page
Date:   Mon, 18 Feb 2019 14:42:44 +0100
Message-Id: <20190218133458.550361264@linuxfoundation.org>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190218133454.668268457@linuxfoundation.org>
References: <20190218133454.668268457@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
X-Patchwork-Hint: ignore
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.20-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 92a8109e4d3a34fb6b115c9098b51767dc933444 ]

The code tries to allocate a contiguous buffer with a size supplied by
the server (maxBuf). This could fail if memory is fragmented since it
results in high order allocations for commonly used server
implementations. It is also wasteful since there are probably
few locks in the usual case. Limit the buffer to be no larger than a
page to avoid memory allocation failures due to fragmentation.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/cifs/file.c     | 8 ++++++++
 fs/cifs/smb2file.c | 4 ++++
 2 files changed, 12 insertions(+)

diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index 8431854b129f..116f8af0384f 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -1139,6 +1139,10 @@ cifs_push_mandatory_locks(struct cifsFileInfo *cfile)
 		return -EINVAL;
 	}
 
+	BUILD_BUG_ON(sizeof(struct smb_hdr) + sizeof(LOCKING_ANDX_RANGE) >
+		     PAGE_SIZE);
+	max_buf = min_t(unsigned int, max_buf - sizeof(struct smb_hdr),
+			PAGE_SIZE);
 	max_num = (max_buf - sizeof(struct smb_hdr)) /
 						sizeof(LOCKING_ANDX_RANGE);
 	buf = kcalloc(max_num, sizeof(LOCKING_ANDX_RANGE), GFP_KERNEL);
@@ -1477,6 +1481,10 @@ cifs_unlock_range(struct cifsFileInfo *cfile, struct file_lock *flock,
 	if (max_buf < (sizeof(struct smb_hdr) + sizeof(LOCKING_ANDX_RANGE)))
 		return -EINVAL;
 
+	BUILD_BUG_ON(sizeof(struct smb_hdr) + sizeof(LOCKING_ANDX_RANGE) >
+		     PAGE_SIZE);
+	max_buf = min_t(unsigned int, max_buf - sizeof(struct smb_hdr),
+			PAGE_SIZE);
 	max_num = (max_buf - sizeof(struct smb_hdr)) /
 						sizeof(LOCKING_ANDX_RANGE);
 	buf = kcalloc(max_num, sizeof(LOCKING_ANDX_RANGE), GFP_KERNEL);
diff --git a/fs/cifs/smb2file.c b/fs/cifs/smb2file.c
index 2fc3d31967ee..b204e84b87fb 100644
--- a/fs/cifs/smb2file.c
+++ b/fs/cifs/smb2file.c
@@ -128,6 +128,8 @@ smb2_unlock_range(struct cifsFileInfo *cfile, struct file_lock *flock,
 	if (max_buf < sizeof(struct smb2_lock_element))
 		return -EINVAL;
 
+	BUILD_BUG_ON(sizeof(struct smb2_lock_element) > PAGE_SIZE);
+	max_buf = min_t(unsigned int, max_buf, PAGE_SIZE);
 	max_num = max_buf / sizeof(struct smb2_lock_element);
 	buf = kcalloc(max_num, sizeof(struct smb2_lock_element), GFP_KERNEL);
 	if (!buf)
@@ -264,6 +266,8 @@ smb2_push_mandatory_locks(struct cifsFileInfo *cfile)
 		return -EINVAL;
 	}
 
+	BUILD_BUG_ON(sizeof(struct smb2_lock_element) > PAGE_SIZE);
+	max_buf = min_t(unsigned int, max_buf, PAGE_SIZE);
 	max_num = max_buf / sizeof(struct smb2_lock_element);
 	buf = kcalloc(max_num, sizeof(struct smb2_lock_element), GFP_KERNEL);
 	if (!buf) {
-- 
2.19.1