git.fsl.cs.sunysb.edu Git - wrapfs-4.14.y.git/commit

author	Long Li <longli@microsoft.com>
	Wed, 25 Apr 2018 18:30:04 +0000 (11:30 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 20 Jun 2018 19:01:39 +0000 (04:01 +0900)
commit	dbb2f7b3c978e9c233cb6186350cf8abd09919e2
tree	f6615ff8cbebcb7b2c8d646bca5f39dbf474f3c4	tree \| snapshot
parent	0b4995fb5c93ad683f70bc92968259c6a836b929	commit \| diff

cifs: Allocate validate negotiation request through kmalloc

[ Upstream commit 2796d303e3c5ec213c578ed3a66872205c126eb8 ]

The data buffer allocated on the stack can't be DMA'ed, ib_dma_map_page will
return an invalid DMA address for a buffer on stack. Even worse, this
incorrect address can't be detected by ib_dma_mapping_error. Sending data
from this address to hardware will not fail, but the remote peer will get
junk data.

Fix this by allocating the request on the heap in smb3_validate_negotiate.

Changes in v2:
Removed duplicated code on freeing buffers on function exit.
(Thanks to Parav Pandit <parav@mellanox.com>)
Fixed typo in the patch title.

Changes in v3:
Added "Fixes" to the patch.
Changed several sizeof() to use *pointer in place of struct.

Changes in v4:
Added detailed comments on the failure through RDMA.
Allocate request buffer using GPF_NOFS.
Fixed possible memory leak.

Changes in v5:
Removed variable ret for checking return value.
Changed to use pneg_inbuf->Dialects[0] to calculate unused space in pneg_inbuf.

Fixes: ff1c038addc4 ("Check SMB3 dialects against downgrade attacks")
Signed-off-by: Long Li <longli@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Reviewed-by: Tom Talpey <ttalpey@microsoft.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>