From 6c17f19a708a00d7573cad3b37e9489b658257f9 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Tue, 25 Feb 2014 09:31:31 -0500 Subject: [PATCH] Fix mounting issues on cifs (rhbz 1068862) --- ...k-off-top-byte-in-get_rfc1002_length.patch | 88 +++++++++++++++++++ kernel.spec | 11 ++- 2 files changed, 98 insertions(+), 1 deletion(-) create mode 100644 cifs-mask-off-top-byte-in-get_rfc1002_length.patch diff --git a/cifs-mask-off-top-byte-in-get_rfc1002_length.patch b/cifs-mask-off-top-byte-in-get_rfc1002_length.patch new file mode 100644 index 000000000..572b0b320 --- /dev/null +++ b/cifs-mask-off-top-byte-in-get_rfc1002_length.patch @@ -0,0 +1,88 @@ +Path: news.gmane.org!not-for-mail +From: Jeff Layton +Newsgroups: gmane.linux.kernel.cifs +Subject: [PATCH] cifs: mask off top byte in get_rfc1002_length() +Date: Tue, 25 Feb 2014 05:27:17 -0800 +Lines: 31 +Approved: news@gmane.org +Message-ID: <1393334837-6480-1-git-send-email-jlayton@redhat.com> +NNTP-Posting-Host: plane.gmane.org +X-Trace: ger.gmane.org 1393334843 15695 80.91.229.3 (25 Feb 2014 13:27:23 GMT) +X-Complaints-To: usenet@ger.gmane.org +NNTP-Posting-Date: Tue, 25 Feb 2014 13:27:23 +0000 (UTC) +Cc: klaus-jjkdzbv0JQgAvxtiuMwx3w@public.gmane.org, sprabhu-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org, linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org +To: smfrench-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org +Original-X-From: linux-cifs-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Tue Feb 25 14:27:30 2014 +Return-path: +Envelope-to: glkc-linux-cifs-wOFGN7rlS/M9smdsby/KFg@public.gmane.org +Original-Received: from vger.kernel.org ([209.132.180.67]) + by plane.gmane.org with esmtp (Exim 4.69) + (envelope-from ) + id 1WII2h-0005Fo-GS + for glkc-linux-cifs-wOFGN7rlS/M9smdsby/KFg@public.gmane.org; Tue, 25 Feb 2014 14:27:27 +0100 +Original-Received: (majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org) by vger.kernel.org via listexpand + id S1752439AbaBYN10 (ORCPT ); + Tue, 25 Feb 2014 08:27:26 -0500 +Original-Received: from mail-pa0-f41.google.com ([209.85.220.41]:49339 "EHLO + mail-pa0-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org + with ESMTP id S1752329AbaBYN10 (ORCPT + ); Tue, 25 Feb 2014 08:27:26 -0500 +Original-Received: by mail-pa0-f41.google.com with SMTP id fa1so8081181pad.14 + for ; Tue, 25 Feb 2014 05:27:25 -0800 (PST) +X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=1e100.net; s=20130820; + h=x-gm-message-state:sender:from:to:cc:subject:date:message-id; + bh=I4guc46K5w45idU9LGsBcibRE60G/EkhmnDXX8d4lFc=; + b=YI5Ag6zKBzcWzALN9+g56fwi/XbV8N9i0JCfbhVRCEv9/JYNUHzVBZ+WO3Wqaf54U/ + qNNjrH1Io0LpiVTF5+ZuiDEee4Vt8QbMP7iD7rkxh4RZq9clRgum/wVTwV5l/SfIwud7 + HqGJlJ3jSGtTO4bhBuvX5mD4FrHw4RZJvaWzowzMvYH536b8nZu9typSL4G+KQEV34la + 19S6ikv1BjtJ49PUS3Gf9xMsqwkJNrLVBauag3yqhztcTSnP5UrxuauSWX0c68R2Lt70 + hdx5HGMQ0P2wgG6+Qvs3tEl2+infCJkpOH5X7KSvN1pT9hxtt6iE5QGFh5dtUTKe7FlA + /grg== +X-Gm-Message-State: ALoCoQlVCE5L6UI8IEC9kyuJlrAWBVyYN/eaeZJVp0fm2f2fDE/042yEkI6q9uGoP1vHrftB4/7C +X-Received: by 10.69.31.65 with SMTP id kk1mr6563795pbd.47.1393334845726; + Tue, 25 Feb 2014 05:27:25 -0800 (PST) +Original-Received: from corrin.poochiereds.net.cthon.org (64-71-23-226.static.wiline.com. [64.71.23.226]) + by mx.google.com with ESMTPSA id eb5sm143431078pad.22.2014.02.25.05.27.24 + for + (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); + Tue, 25 Feb 2014 05:27:25 -0800 (PST) +X-Mailer: git-send-email 1.8.5.3 +Original-Sender: linux-cifs-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org +Precedence: bulk +List-ID: +X-Mailing-List: linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org +Xref: news.gmane.org gmane.linux.kernel.cifs:9419 +Archived-At: + +The 32-bit rfc1002 header field consists of a type byte and then a +24-bit length field, but get_rfc1002_length doesn't mask off the top +byte. + +In most cases, it's not a problem since the RFC1002_SESSION_MESSAGE type +is '\0', but when doing a RFC1002 session establishment, the type is +non-zero and that throws off the returned length in smb_send_rqst. + +Reported-by: klaus-jjkdzbv0JQgAvxtiuMwx3w@public.gmane.org +Tested-by: Sachin Prabhu +Signed-off-by: Jeff Layton +--- + fs/cifs/cifsglob.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h +index e7fe49e..45376a4 100644 +--- a/fs/cifs/cifsglob.h ++++ b/fs/cifs/cifsglob.h +@@ -506,7 +506,7 @@ struct cifs_mnt_data { + static inline unsigned int + get_rfc1002_length(void *buf) + { +- return be32_to_cpu(*((__be32 *)buf)); ++ return be32_to_cpu(*((__be32 *)buf)) & 0xffffff; + } + + static inline void +-- +1.8.5.3 + diff --git a/kernel.spec b/kernel.spec index eaf0da1de..d22b77e83 100644 --- a/kernel.spec +++ b/kernel.spec @@ -621,8 +621,11 @@ Patch25128: dm-cache-policy-mq_fix-large-scale-table-allocation-bug.patch #CVE-2014-0069 rhbz 1064253 1062578 Patch25201: cifs-sanity-check-length-of-data-to-send-before-sending.patch +#rhbz 1068862 +Patch25002: cifs-mask-off-top-byte-in-get_rfc1002_length.patch + #rhbz 1062833 -Patch25202: dma-debug-account-for-cachelines-and-read-only-mappings.patch +Patch25203: dma-debug-account-for-cachelines-and-read-only-mappings.patch #rhbz 1056170 Patch25025: usb-ehci-fix-deadlock-when-threadirqs-option-is-used.patch @@ -1270,6 +1273,9 @@ ApplyPatch dm-cache-policy-mq_fix-large-scale-table-allocation-bug.patch #CVE-2014-0069 rhbz 1064253 1062578 ApplyPatch cifs-sanity-check-length-of-data-to-send-before-sending.patch +#rhbz 1068862 +ApplyPatch cifs-mask-off-top-byte-in-get_rfc1002_length.patch + #rhbz 1062833 ApplyPatch dma-debug-account-for-cachelines-and-read-only-mappings.patch @@ -2055,6 +2061,9 @@ fi # ||----w | # || || %changelog +* Tue Feb 25 2014 Josh Boyer +- Fix mounting issues on cifs (rhbz 1068862) + * Mon Feb 24 2014 Josh Boyer - Fix lockdep issue in EHCI when using threaded IRQs (rhbz 1056170)