Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp102100yba; Wed, 15 May 2019 20:00:16 -0700 (PDT) X-Google-Smtp-Source: APXvYqwNhxdjkKdHP0RDXijmnrglsOyTc0OKM53jN+eaqmh104c4ew+njcKyDNJk6CjkvsU/fVai X-Received: by 2002:a63:555a:: with SMTP id f26mr48307712pgm.197.1557975616361; Wed, 15 May 2019 20:00:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557975616; cv=none; d=google.com; s=arc-20160816; b=wDYHDktsFCx9RL4DS+nGc4CK4hxOuyFBe+ViARy70MfMk3qvKWnX0VKFZJVPeds64C S0LphqMecqLDOK6ml41aETqj2vo3nrafy63+7Jtnyqj26zdU4TRZakBPtM8ByDZKhNVJ w4ijDjZqBziKelQYR9Mbh+Cfbgg/gYT3iOjK/QDpALCtjFWGH1Ph63WbZwoVND4Qrr+C KqR0Hd3/TwWqQKV971owGESE6Dojdo0U0MKeI4plmuLFjQOea1e1JnU2TVtEzTgtcOae +96wusRABQFXZKIGkSy05zEcHrtX1P/g4wT84nLs87xwvdm7EiDhP6fS2XHSfkqKZ5c9 RlEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=qVrC4Tuj5UyBfw+iLDxuy7o7a/GjCU+sQeQ56O5xCjQ=; b=OORdr6g6prL0atx/I7nq5j8eDvqK3krPAVOLIzrupG5HsiZGpaj/6P71rRA0W8w/qI 8V3ia54xC6gmm73/kP+Hf4DMjVuakN9h90ENZW9zEiysHbe4nDH/vAzdbp6BIFbRPl/t OED6gSM/ZygztP22BJpdqnXL/y5jpav8ggPXg3+hc/ALjEqfUHSW1mhu6+d32raYqtHk 6S81Nn1IbpqTjvIyDQQHbgyDX2rOBC676e911gdLXS1kjCHQd4SHAE413Q0LegOxPZ5h cPX38m3Y+mgOeFckbWdq8N0GB1f0m35yEZ9QtTCu5Oi54yj0+faHmF/0Xa2eK6342CEU FA4Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=LaQAxqZC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c13si3534211pgq.322.2019.05.15.20.00.00; Wed, 15 May 2019 20:00:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=LaQAxqZC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726277AbfEPC65 (ORCPT + 99 others); Wed, 15 May 2019 22:58:57 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:34648 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726084AbfEPC65 (ORCPT ); Wed, 15 May 2019 22:58:57 -0400 Received: by mail-pg1-f196.google.com with SMTP id c13so799211pgt.1; Wed, 15 May 2019 19:58:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qVrC4Tuj5UyBfw+iLDxuy7o7a/GjCU+sQeQ56O5xCjQ=; b=LaQAxqZCNGuGalss7W1xQlG5JefFBkrDN10HKyh2spwpNBgqTvOPZgNCAutAgDzpeM +r+fmX3D+tXaLddhfWuPPtRA09IH5ammf47tHnMtSR3/V1MMiamRlU7VnG3hrIek4UTJ P91rkzAmcBfWR2ENrcgMu+jRl4r6jM6Jdb+RETJV0ETbowdW+CiT8OLW+DRAJFs6ELps sPx3nKjr8glEFVeYIldsdlF2Q/15kABE7VthyE5HA0Ba/r3JD9+2ZJaiQO6oWw2x4Li8 EKo63JGHqnV9uzl/L6DcZ3PNbNS/qJepGawZX35aZ1bcjdIuKjrYSljZYgbnnurhTG8B LexA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qVrC4Tuj5UyBfw+iLDxuy7o7a/GjCU+sQeQ56O5xCjQ=; b=agsPvwwR3ChaxYncPwZpkpUH3H90wNLb+5oOxizF0eXzeWgtKQ3Nkt6lxCqxzGPuVJ +ix9zR0YDWTi9phgbmGk6bHPXWTWKKM+Sv6aucsePqlYTqjp4A33uKhy2GUFErBgpye1 ZASsAHGGSdrGQ+hASzA9VktIAJJE9Ja30xiJo1B2YCStOTR13/jzjOsLTQfJ7YFlkRqS a4H9DduRbxhQUW/oeMLEzttB+qVrkEjz+mRvEJfrGDR6P0VHcBbmMtpHn4hGjuHppCqB ta3BXuftcKOf/JV1Twkfx3TJIYyt/1Qxfhh+MZeJp1R0Ep/kNh3Z55z0vTAMwqXi8Yvg Kyjw== X-Gm-Message-State: APjAAAV4jv0NPH6opOd3O8MyiJbKMEmGvFyu0OBraM1BV85o484mptYU W3HCWeYx9Ip/QitP0PfEU0Vxf4B1Lm6U8cC5p5e4Gg== X-Received: by 2002:a63:a55:: with SMTP id z21mr47828274pgk.440.1557975536152; Wed, 15 May 2019 19:58:56 -0700 (PDT) MIME-Version: 1.0 References: <1557954545-17831-1-git-send-email-longli@linuxonhyperv.com> <1557954545-17831-2-git-send-email-longli@linuxonhyperv.com> In-Reply-To: <1557954545-17831-2-git-send-email-longli@linuxonhyperv.com> From: Steve French Date: Wed, 15 May 2019 21:58:44 -0500 Message-ID: Subject: Re: [PATCH 2/2] cifs: Allocate memory for all iovs in smb2_ioctl To: Long Li Cc: Steve French , CIFS , samba-technical , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org merged into cifs-2.6.git for-next On Wed, May 15, 2019 at 4:10 PM wrote: > > From: Long Li > > An IOCTL uses up to 2 iovs. The 1st iov is the command itself, the 2nd iov is > optional data for that command. The 1st iov is always allocated on the heap > but the 2nd iov may point to a variable on the stack. This will trigger an > error when passing the 2nd iov for RDMA I/O. > > Fix this by allocating a buffer for the 2nd iov. > > Signed-off-by: Long Li > --- > fs/cifs/smb2pdu.c | 21 +++++++++++++++++++-- > 1 file changed, 19 insertions(+), 2 deletions(-) > > diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c > index 29f011d8d8e2..710ceb875161 100644 > --- a/fs/cifs/smb2pdu.c > +++ b/fs/cifs/smb2pdu.c > @@ -2538,11 +2538,25 @@ SMB2_ioctl_init(struct cifs_tcon *tcon, struct smb_rqst *rqst, > struct kvec *iov = rqst->rq_iov; > unsigned int total_len; > int rc; > + char *in_data_buf; > > rc = smb2_plain_req_init(SMB2_IOCTL, tcon, (void **) &req, &total_len); > if (rc) > return rc; > > + if (indatalen) { > + /* > + * indatalen is usually small at a couple of bytes max, so > + * just allocate through generic pool > + */ > + in_data_buf = kmalloc(indatalen, GFP_NOFS); > + if (!in_data_buf) { > + cifs_small_buf_release(req); > + return -ENOMEM; > + } > + memcpy(in_data_buf, in_data, indatalen); > + } > + > req->CtlCode = cpu_to_le32(opcode); > req->PersistentFileId = persistent_fid; > req->VolatileFileId = volatile_fid; > @@ -2563,7 +2577,7 @@ SMB2_ioctl_init(struct cifs_tcon *tcon, struct smb_rqst *rqst, > cpu_to_le32(offsetof(struct smb2_ioctl_req, Buffer)); > rqst->rq_nvec = 2; > iov[0].iov_len = total_len - 1; > - iov[1].iov_base = in_data; > + iov[1].iov_base = in_data_buf; > iov[1].iov_len = indatalen; > } else { > rqst->rq_nvec = 1; > @@ -2605,8 +2619,11 @@ SMB2_ioctl_init(struct cifs_tcon *tcon, struct smb_rqst *rqst, > void > SMB2_ioctl_free(struct smb_rqst *rqst) > { > - if (rqst && rqst->rq_iov) > + if (rqst && rqst->rq_iov) { > cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */ > + if (rqst->rq_iov[1].iov_len) > + kfree(rqst->rq_iov[1].iov_base); > + } > } > > > -- > 2.17.1 > -- Thanks, Steve