Merge tag '6.5-rc3-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6

torvalds · torvalds · commit d31e3792919e · 2023-07-29T20:49:13.000-07:00
Pull smb client fixes from Steve French:
 "Four small SMB3 client fixes:

   - two reconnect fixes (to address the case where non-default
     iocharset gets incorrectly overridden at reconnect with the
     default charset)

   - fix for NTLMSSP_AUTH request setting a flag incorrectly)

   - Add missing check for invalid tlink (tree connection) in ioctl"

* tag '6.5-rc3-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
  cifs: add missing return value check for cifs_sb_tlink
  smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request
  cifs: fix charset issue in reconnection
  fs/nls: make load_nls() take a const parameter
diff --git a/fs/nls/nls_base.c b/fs/nls/nls_base.c
@@ -272,7 +272,7 @@ int unregister_nls(struct nls_table * nls)
 	return -EINVAL;
 }
 
-static struct nls_table *find_nls(char *charset)
+static struct nls_table *find_nls(const char *charset)
 {
 	struct nls_table *nls;
 	spin_lock(&nls_lock);
@@ -288,7 +288,7 @@ static struct nls_table *find_nls(char *charset)
 	return nls;
 }
 
-struct nls_table *load_nls(char *charset)
+struct nls_table *load_nls(const char *charset)
 {
 	return try_then_request_module(find_nls(charset), "nls_%s", charset);
 }
diff --git a/fs/smb/client/cifsglob.h b/fs/smb/client/cifsglob.h
@@ -1062,6 +1062,7 @@ struct cifs_ses {
 	unsigned long chans_need_reconnect;
 	/* ========= end: protected by chan_lock ======== */
 	struct cifs_ses *dfs_root_ses;
+	struct nls_table *local_nls;
 };
 
 static inline bool
diff --git a/fs/smb/client/cifssmb.c b/fs/smb/client/cifssmb.c
@@ -129,7 +129,7 @@ cifs_reconnect_tcon(struct cifs_tcon *tcon, int smb_command)
 	}
 	spin_unlock(&server->srv_lock);
 
-	nls_codepage = load_nls_default();
+	nls_codepage = ses->local_nls;
 
 	/*
 	 * need to prevent multiple threads trying to simultaneously
@@ -200,7 +200,6 @@ cifs_reconnect_tcon(struct cifs_tcon *tcon, int smb_command)
 		rc = -EAGAIN;
 	}
 
-	unload_nls(nls_codepage);
 	return rc;
 }
 
diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c
@@ -1842,6 +1842,10 @@ static int match_session(struct cifs_ses *ses, struct smb3_fs_context *ctx)
 			    CIFS_MAX_PASSWORD_LEN))
 			return 0;
 	}
+
+	if (strcmp(ctx->local_nls->charset, ses->local_nls->charset))
+		return 0;
+
 	return 1;
 }
 
@@ -2286,6 +2290,7 @@ cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx)
 
 	ses->sectype = ctx->sectype;
 	ses->sign = ctx->sign;
+	ses->local_nls = load_nls(ctx->local_nls->charset);
 
 	/* add server as first channel */
 	spin_lock(&ses->chan_lock);
diff --git a/fs/smb/client/ioctl.c b/fs/smb/client/ioctl.c
@@ -478,6 +478,11 @@ long cifs_ioctl(struct file *filep, unsigned int command, unsigned long arg)
 			}
 			cifs_sb = CIFS_SB(inode->i_sb);
 			tlink = cifs_sb_tlink(cifs_sb);
+			if (IS_ERR(tlink)) {
+				rc = PTR_ERR(tlink);
+				break;
+			}
+
 			tcon = tlink_tcon(tlink);
 			rc = cifs_dump_full_key(tcon, (void __user *)arg);
 			cifs_put_tlink(tlink);
diff --git a/fs/smb/client/misc.c b/fs/smb/client/misc.c
@@ -95,6 +95,7 @@ sesInfoFree(struct cifs_ses *buf_to_free)
 		return;
 	}
 
+	unload_nls(buf_to_free->local_nls);
 	atomic_dec(&sesInfoAllocCount);
 	kfree(buf_to_free->serverOS);
 	kfree(buf_to_free->serverDomain);
diff --git a/fs/smb/client/sess.c b/fs/smb/client/sess.c
@@ -1013,6 +1013,7 @@ int build_ntlmssp_smb3_negotiate_blob(unsigned char **pbuffer,
 }
 
 
+/* See MS-NLMP 2.2.1.3 */
 int build_ntlmssp_auth_blob(unsigned char **pbuffer,
 					u16 *buflen,
 				   struct cifs_ses *ses,
@@ -1047,7 +1048,8 @@ int build_ntlmssp_auth_blob(unsigned char **pbuffer,
 
 	flags = ses->ntlmssp->server_flags | NTLMSSP_REQUEST_TARGET |
 		NTLMSSP_NEGOTIATE_TARGET_INFO | NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED;
-
+	/* we only send version information in ntlmssp negotiate, so do not set this flag */
+	flags = flags & ~NTLMSSP_NEGOTIATE_VERSION;
 	tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE);
 	sec_blob->NegotiateFlags = cpu_to_le32(flags);
 
diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c
@@ -242,7 +242,7 @@ smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon,
 	}
 	spin_unlock(&server->srv_lock);
 
-	nls_codepage = load_nls_default();
+	nls_codepage = ses->local_nls;
 
 	/*
 	 * need to prevent multiple threads trying to simultaneously
@@ -324,7 +324,6 @@ smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon,
 		rc = -EAGAIN;
 	}
 failed:
-	unload_nls(nls_codepage);
 	return rc;
 }
 
diff --git a/include/linux/nls.h b/include/linux/nls.h
@@ -47,7 +47,7 @@ enum utf16_endian {
 /* nls_base.c */
 extern int __register_nls(struct nls_table *, struct module *);
 extern int unregister_nls(struct nls_table *);
-extern struct nls_table *load_nls(char *);
+extern struct nls_table *load_nls(const char *charset);
 extern void unload_nls(struct nls_table *);
 extern struct nls_table *load_nls_default(void);
 #define register_nls(nls) __register_nls((nls), THIS_MODULE)

Original file line number	Diff line number	Diff line change
`@@ -272,7 +272,7 @@ int unregister_nls(struct nls_table * nls)`
`272`	`272`	`return -EINVAL;`
`273`	`273`	`}`
`274`	`274`
`275`		`-static struct nls_table find_nls(char charset)`
	`275`	`+static struct nls_table find_nls(const char charset)`
`276`	`276`	`{`
`277`	`277`	`struct nls_table *nls;`
`278`	`278`	`spin_lock(&nls_lock);`
`@@ -288,7 +288,7 @@ static struct nls_table find_nls(char charset)`
`288`	`288`	`return nls;`
`289`	`289`	`}`
`290`	`290`
`291`		`-struct nls_table load_nls(char charset)`
	`291`	`+struct nls_table load_nls(const char charset)`
`292`	`292`	`{`
`293`	`293`	`return try_then_request_module(find_nls(charset), "nls_%s", charset);`
`294`	`294`	`}`
Original file line number	Diff line number	Diff line change
`@@ -129,7 +129,7 @@ cifs_reconnect_tcon(struct cifs_tcon *tcon, int smb_command)`
`129`	`129`	`}`
`130`	`130`	`spin_unlock(&server->srv_lock);`
`131`	`131`
`132`		`- nls_codepage = load_nls_default();`
	`132`	`+ nls_codepage = ses->local_nls;`
`133`	`133`
`134`	`134`	`/*`
`135`	`135`	`* need to prevent multiple threads trying to simultaneously`
`@@ -200,7 +200,6 @@ cifs_reconnect_tcon(struct cifs_tcon *tcon, int smb_command)`
`200`	`200`	`rc = -EAGAIN;`
`201`	`201`	`}`
`202`	`202`
`203`		`- unload_nls(nls_codepage);`
`204`	`203`	`return rc;`
`205`	`204`	`}`
`206`	`205`
Original file line number	Diff line number	Diff line change
`@@ -95,6 +95,7 @@ sesInfoFree(struct cifs_ses *buf_to_free)`
`95`	`95`	`return;`
`96`	`96`	`}`
`97`	`97`
	`98`	`+ unload_nls(buf_to_free->local_nls);`
`98`	`99`	`atomic_dec(&sesInfoAllocCount);`
`99`	`100`	`kfree(buf_to_free->serverOS);`
`100`	`101`	`kfree(buf_to_free->serverDomain);`
Original file line number	Diff line number	Diff line change
`@@ -242,7 +242,7 @@ smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon,`
`242`	`242`	`}`
`243`	`243`	`spin_unlock(&server->srv_lock);`
`244`	`244`
`245`		`- nls_codepage = load_nls_default();`
	`245`	`+ nls_codepage = ses->local_nls;`
`246`	`246`
`247`	`247`	`/*`
`248`	`248`	`* need to prevent multiple threads trying to simultaneously`
`@@ -324,7 +324,6 @@ smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon,`
`324`	`324`	`rc = -EAGAIN;`
`325`	`325`	`}`
`326`	`326`	`failed:`
`327`		`- unload_nls(nls_codepage);`
`328`	`327`	`return rc;`
`329`	`328`	`}`
`330`	`329`