Revert kernel patch causing failures on CIFS share disk usage (#3051)

sairon · web-flow · commit baa756e7364d · 2024-01-08T13:03:22.000+01:00
* Revert kernel patch causing failures on CIFS share disk usage The issue was reported upstream, waiting for a fix there. Reverting the patch for a quick resolution of the bug that breaks some things in HA and add-ons badly. Refs #3041 * Move the patch to 6.1.71 subdirectory That way Raspberry Pi's kernel won't be patched (unless it's the same version which it's currently not).
diff --git a/buildroot-external/patches/linux/6.1.71/0001-Revert-smb-client-fix-OOB-in-SMB2_query_info_init.patch b/buildroot-external/patches/linux/6.1.71/0001-Revert-smb-client-fix-OOB-in-SMB2_query_info_init.patch
@@ -0,0 +1,113 @@
+From 0ef7210b8779b04a380775764ad1a6b8dbfc40ee Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jan=20=C4=8Cerm=C3=A1k?= <sairon@sairon.cz>
+Date: Mon, 8 Jan 2024 12:27:41 +0100
+Subject: [PATCH] Revert "smb: client: fix OOB in SMB2_query_info_init()"
+
+This reverts commit bef4315f19ba6f434054f58b958c0cf058c7a43f.
+
+This commit introduced regression causing stat operations on CIFS shares
+to fail [1]. Issue was reported in mailing lists [2], reverting the patch
+before it is resolved in linux-stable 6.1.y.
+
+[1] https://github.com/home-assistant/operating-system/issues/3041
+[2] https://lore.kernel.org/stable/8ad7c20e-0645-40f3-96e6-75257b4bd31a@schenkel.net/
+---
+ fs/smb/client/smb2pdu.c | 29 +++++++----------------------
+ 1 file changed, 7 insertions(+), 22 deletions(-)
+
+diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c
+index 05ff8a457a3d..847d69d327c2 100644
+--- a/fs/smb/client/smb2pdu.c
++++ b/fs/smb/client/smb2pdu.c
+@@ -372,15 +372,10 @@ static int __smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon,
+ 				 void **request_buf, unsigned int *total_len)
+ {
+ 	/* BB eventually switch this to SMB2 specific small buf size */
+-	switch (smb2_command) {
+-	case SMB2_SET_INFO:
+-	case SMB2_QUERY_INFO:
++	if (smb2_command == SMB2_SET_INFO)
+ 		*request_buf = cifs_buf_get();
+-		break;
+-	default:
++	else
+ 		*request_buf = cifs_small_buf_get();
+-		break;
+-	}
+ 	if (*request_buf == NULL) {
+ 		/* BB should we add a retry in here if not a writepage? */
+ 		return -ENOMEM;
+@@ -3528,13 +3523,8 @@ SMB2_query_info_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server,
+ 	struct smb2_query_info_req *req;
+ 	struct kvec *iov = rqst->rq_iov;
+ 	unsigned int total_len;
+-	size_t len;
+ 	int rc;
+ 
+-	if (unlikely(check_add_overflow(input_len, sizeof(*req), &len) ||
+-		     len > CIFSMaxBufSize))
+-		return -EINVAL;
+-
+ 	rc = smb2_plain_req_init(SMB2_QUERY_INFO, tcon, server,
+ 				 (void **) &req, &total_len);
+ 	if (rc)
+@@ -3556,7 +3546,7 @@ SMB2_query_info_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server,
+ 
+ 	iov[0].iov_base = (char *)req;
+ 	/* 1 for Buffer */
+-	iov[0].iov_len = len;
++	iov[0].iov_len = total_len - 1 + input_len;
+ 	return 0;
+ }
+ 
+@@ -3564,7 +3554,7 @@ void
+ SMB2_query_info_free(struct smb_rqst *rqst)
+ {
+ 	if (rqst && rqst->rq_iov)
+-		cifs_buf_release(rqst->rq_iov[0].iov_base); /* request */
++		cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */
+ }
+ 
+ static int
+@@ -5449,11 +5439,6 @@ build_qfs_info_req(struct kvec *iov, struct cifs_tcon *tcon,
+ 	return 0;
+ }
+ 
+-static inline void free_qfs_info_req(struct kvec *iov)
+-{
+-	cifs_buf_release(iov->iov_base);
+-}
+-
+ int
+ SMB311_posix_qfs_info(const unsigned int xid, struct cifs_tcon *tcon,
+ 	      u64 persistent_fid, u64 volatile_fid, struct kstatfs *fsdata)
+@@ -5485,7 +5470,7 @@ SMB311_posix_qfs_info(const unsigned int xid, struct cifs_tcon *tcon,
+ 
+ 	rc = cifs_send_recv(xid, ses, server,
+ 			    &rqst, &resp_buftype, flags, &rsp_iov);
+-	free_qfs_info_req(&iov);
++	cifs_small_buf_release(iov.iov_base);
+ 	if (rc) {
+ 		cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
+ 		goto posix_qfsinf_exit;
+@@ -5536,7 +5521,7 @@ SMB2_QFS_info(const unsigned int xid, struct cifs_tcon *tcon,
+ 
+ 	rc = cifs_send_recv(xid, ses, server,
+ 			    &rqst, &resp_buftype, flags, &rsp_iov);
+-	free_qfs_info_req(&iov);
++	cifs_small_buf_release(iov.iov_base);
+ 	if (rc) {
+ 		cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
+ 		goto qfsinf_exit;
+@@ -5603,7 +5588,7 @@ SMB2_QFS_attr(const unsigned int xid, struct cifs_tcon *tcon,
+ 
+ 	rc = cifs_send_recv(xid, ses, server,
+ 			    &rqst, &resp_buftype, flags, &rsp_iov);
+-	free_qfs_info_req(&iov);
++	cifs_small_buf_release(iov.iov_base);
+ 	if (rc) {
+ 		cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
+ 		goto qfsattr_exit;
+-- 
+2.34.1
+
