Skip to content
This repository was archived by the owner on Nov 8, 2023. It is now read-only.

Commit e2e33ca

Browse files
Hobin WooSteve French
Hobin Woo
authored and
Steve French
committed
ksmbd: discard write access to the directory open
may_open() does not allow a directory to be opened with the write access. However, some writing flags set by client result in adding write access on server, making ksmbd incompatible with FUSE file system. Simply, let's discard the write access when opening a directory. list_add corruption. next is NULL. ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:26! pc : __list_add_valid+0x88/0xbc lr : __list_add_valid+0x88/0xbc Call trace: __list_add_valid+0x88/0xbc fuse_finish_open+0x11c/0x170 fuse_open_common+0x284/0x5e8 fuse_dir_open+0x14/0x24 do_dentry_open+0x2a4/0x4e0 dentry_open+0x50/0x80 smb2_open+0xbe4/0x15a4 handle_ksmbd_work+0x478/0x5ec process_one_work+0x1b4/0x448 worker_thread+0x25c/0x430 kthread+0x104/0x1d4 ret_from_fork+0x10/0x20 Cc: stable@vger.kernel.org Signed-off-by: Yoonho Shin <yoonho.shin@samsung.com> Signed-off-by: Hobin Woo <hobin.woo@samsung.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
1 parent 25a6e13 commit e2e33ca

File tree

1 file changed

+11
-2
lines changed

1 file changed

+11
-2
lines changed

fs/smb/server/smb2pdu.c

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2051,15 +2051,22 @@ int smb2_tree_connect(struct ksmbd_work *work)
20512051
* @access: file access flags
20522052
* @disposition: file disposition flags
20532053
* @may_flags: set with MAY_ flags
2054+
* @is_dir: is creating open flags for directory
20542055
*
20552056
* Return: file open flags
20562057
*/
20572058
static int smb2_create_open_flags(bool file_present, __le32 access,
20582059
__le32 disposition,
2059-
int *may_flags)
2060+
int *may_flags,
2061+
bool is_dir)
20602062
{
20612063
int oflags = O_NONBLOCK | O_LARGEFILE;
20622064

2065+
if (is_dir) {
2066+
access &= ~FILE_WRITE_DESIRE_ACCESS_LE;
2067+
ksmbd_debug(SMB, "Discard write access to a directory\n");
2068+
}
2069+
20632070
if (access & FILE_READ_DESIRED_ACCESS_LE &&
20642071
access & FILE_WRITE_DESIRE_ACCESS_LE) {
20652072
oflags |= O_RDWR;
@@ -3167,7 +3174,9 @@ int smb2_open(struct ksmbd_work *work)
31673174

31683175
open_flags = smb2_create_open_flags(file_present, daccess,
31693176
req->CreateDisposition,
3170-
&may_flags);
3177+
&may_flags,
3178+
req->CreateOptions & FILE_DIRECTORY_FILE_LE ||
3179+
(file_present && S_ISDIR(d_inode(path.dentry)->i_mode)));
31713180

31723181
if (!test_tree_conn_flag(tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) {
31733182
if (open_flags & (O_CREAT | O_TRUNC)) {

0 commit comments

Comments
 (0)