Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp1078292yba; Wed, 15 May 2019 15:28:02 -0700 (PDT) X-Google-Smtp-Source: APXvYqyiKPYjSMTNH2MMwiaBi3V/irMVkeOD4Px37A/wL1SEFUY7jllAjYoXVW3rR1zajookONjL X-Received: by 2002:a62:1d0d:: with SMTP id d13mr49886996pfd.96.1557959282754; Wed, 15 May 2019 15:28:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557959282; cv=none; d=google.com; s=arc-20160816; b=eq9Rk6SbzN2HkEEQzKOOv62TSyez2Bm1UYh00G+JYkPiJo+OB88EU6sT8mQy3Lu1RD /50f3liEzQ49bYnnHKA2XMb1X/wQ8hCyGoWtulDqIVEJORnGIhFCd6UxIMX01Xmqbc00 +mqEOOF/vwCI8ZoVVTx6g44p5QkRk8xtqaha1dsJoW9bqXtKEJotHSjwAQEwuEu2rUVE DbnYWg2LIiXDztLqoFTfjhs/jWL4oFgBpc07Etkf2endREtjHUxkj/xgow5zhxDl0AHH nEX/kMx5iKBCb+e0VesbahUMu5yA3bECn7/DcG1nsDBSHew//OhIDcWd3mo/KfZD/ej6 EcQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=BI+5XxI12X2lRwb6h4wr8dsiBHIzz/BpYGz/CVy4Mc4=; b=ug7+QdcXaMeMZ6vuB1GZr46I+u15ooo1fBPKl2K+o2SGEn5/RIyIUjjTsZ1z83Jw6F buVjmmnwjyB0jQcz2CoZtXKFqPEWY5QK2Iq1e3ZvqHgyVDxHNTdsBX9Ij34sR3JbYq+b t+vGKSdb6FAgt9z8QCRspqpBrfnAYPLZI6MACRmKhKIbMa6glNsjz+UuELm+5E/7rFE5 M27ImvAgEyrn/mQkVV08vbRunOJnqdEQSGy0twcZjPQLP13euwhRmsigoXwqGWuByS0x 1j3vfti2cTR0DREFQx+vJy7hDbDtgC7yZXQ7hGfw3UHJfBNCxfEVkJaGaqKChuP/q70P kKUA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=kASEZCAm; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 202si2901357pgh.575.2019.05.15.15.27.38; Wed, 15 May 2019 15:28:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=kASEZCAm; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726324AbfEOW0c (ORCPT + 99 others); Wed, 15 May 2019 18:26:32 -0400 Received: from mail-lj1-f195.google.com ([209.85.208.195]:39182 "EHLO mail-lj1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725937AbfEOW0b (ORCPT ); Wed, 15 May 2019 18:26:31 -0400 Received: by mail-lj1-f195.google.com with SMTP id a10so1246705ljf.6; Wed, 15 May 2019 15:26:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=BI+5XxI12X2lRwb6h4wr8dsiBHIzz/BpYGz/CVy4Mc4=; b=kASEZCAmJ6x7vfVCdxHXiPm2z4vZO3NkJuKAjvUA4di/S3kmxI7yJcUadArWTSGKpL flpaOZvsU32pP/7Oupuu67XHJecRHcSY8W+sbK1yM63am8jUQPDBuD9eUhQAUinAZkoO 0ctD9R6ltTVnBaCyZcGERS7/qb08y+XNnSgSR9v7cAQi5VM9uAH3wQ23CkZ0vF2t8uN7 e2AeHm7U0VtIm8kbJHlpFpq3m/yr7Zj7A/w3OoAuI8ZhqlI/AoQt9ngJ9v8JZBK5zbEH IP1yJo+yzcp+AqBlXM6uehBDbaaXDeWxGdYS3Gh7U/q2fNR5yHdFO0hmN0snP4NBVZjS KBVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=BI+5XxI12X2lRwb6h4wr8dsiBHIzz/BpYGz/CVy4Mc4=; b=AKg3+9EhVTa+myoCRaoB3taF2DVC8EAydscC6qA6IYh8JzjUiBCIbHfEUgYKeup8L0 LpioMgRzlKcMEBxhbPOdbRNnbDUvcIcYk6Vn7GU7SOpzc8Y685xtcZJOwoNlAz6SnSiw pklFThQkBLr13VCurOaI/pYCEdYWfTJKT17xsHxzJSNtEoMTpkaZpGecd+HfMW0ySQQN devAxSaRVU23xaSlBR/0din7+hhK7ENyBq3Xo8F6RbaZnVg45jX6FlBitUI+FuXjzjdo kZqdJr/9OL5ktsIi13o2CgzmhbhTuI4M8XJAJhc4cNkOnTC9JMWxLqlpH7BoY1miJfPx YMsg== X-Gm-Message-State: APjAAAXhWr09sK8CXnsZ1xT3GJ9KbJicW3pAbt4h8qJ/LzLEu7+8mPRq fd6hY2nDCMLEplIai6UvMhCrwYdnq3TQIVbLag== X-Received: by 2002:a2e:994:: with SMTP id 142mr13721967ljj.192.1557959189767; Wed, 15 May 2019 15:26:29 -0700 (PDT) MIME-Version: 1.0 References: <1557954545-17831-1-git-send-email-longli@linuxonhyperv.com> <1557954545-17831-2-git-send-email-longli@linuxonhyperv.com> In-Reply-To: <1557954545-17831-2-git-send-email-longli@linuxonhyperv.com> From: Pavel Shilovsky Date: Wed, 15 May 2019 15:26:18 -0700 Message-ID: Subject: Re: [PATCH 2/2] cifs: Allocate memory for all iovs in smb2_ioctl To: Long Li Cc: Steve French , linux-cifs , samba-technical , Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org =D1=81=D1=80, 15 =D0=BC=D0=B0=D1=8F 2019 =D0=B3. =D0=B2 14:10, : > > From: Long Li > > An IOCTL uses up to 2 iovs. The 1st iov is the command itself, the 2nd io= v is > optional data for that command. The 1st iov is always allocated on the he= ap > but the 2nd iov may point to a variable on the stack. This will trigger a= n > error when passing the 2nd iov for RDMA I/O. > > Fix this by allocating a buffer for the 2nd iov. > > Signed-off-by: Long Li > --- > fs/cifs/smb2pdu.c | 21 +++++++++++++++++++-- > 1 file changed, 19 insertions(+), 2 deletions(-) > > diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c > index 29f011d8d8e2..710ceb875161 100644 > --- a/fs/cifs/smb2pdu.c > +++ b/fs/cifs/smb2pdu.c > @@ -2538,11 +2538,25 @@ SMB2_ioctl_init(struct cifs_tcon *tcon, struct sm= b_rqst *rqst, > struct kvec *iov =3D rqst->rq_iov; > unsigned int total_len; > int rc; > + char *in_data_buf; > > rc =3D smb2_plain_req_init(SMB2_IOCTL, tcon, (void **) &req, &tot= al_len); > if (rc) > return rc; > > + if (indatalen) { > + /* > + * indatalen is usually small at a couple of bytes max, s= o > + * just allocate through generic pool > + */ > + in_data_buf =3D kmalloc(indatalen, GFP_NOFS); > + if (!in_data_buf) { > + cifs_small_buf_release(req); > + return -ENOMEM; > + } > + memcpy(in_data_buf, in_data, indatalen); > + } > + > req->CtlCode =3D cpu_to_le32(opcode); > req->PersistentFileId =3D persistent_fid; > req->VolatileFileId =3D volatile_fid; > @@ -2563,7 +2577,7 @@ SMB2_ioctl_init(struct cifs_tcon *tcon, struct smb_= rqst *rqst, > cpu_to_le32(offsetof(struct smb2_ioctl_req, Buffer= )); > rqst->rq_nvec =3D 2; > iov[0].iov_len =3D total_len - 1; > - iov[1].iov_base =3D in_data; > + iov[1].iov_base =3D in_data_buf; > iov[1].iov_len =3D indatalen; > } else { > rqst->rq_nvec =3D 1; > @@ -2605,8 +2619,11 @@ SMB2_ioctl_init(struct cifs_tcon *tcon, struct smb= _rqst *rqst, > void > SMB2_ioctl_free(struct smb_rqst *rqst) > { > - if (rqst && rqst->rq_iov) > + if (rqst && rqst->rq_iov) { > cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* requ= est */ > + if (rqst->rq_iov[1].iov_len) > + kfree(rqst->rq_iov[1].iov_base); > + } > } > > > -- > 2.17.1 > Looks correct. Reviewed-by: Pavel Shilovsky -- Best regards, Pavel Shilovsky