Merge branches 'clk-range', 'clk-uniphier', 'clk-apple' and 'clk-qcom' into clk-next

[linux-2.6-microblaze.git] / fs / ksmbd / smb2pdu.c
diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c

index 1866c81..67e8e28 100644 (file)
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -2688,7 +2688,7 @@ int smb2_open(struct ksmbd_work *work)
                                         (struct create_posix *)context;
                                 if (le16_to_cpu(context->DataOffset) +
                                     le32_to_cpu(context->DataLength) <
-                                   sizeof(struct create_posix)) {
+                                   sizeof(struct create_posix) - 4) {
                                         rc = -EINVAL;
                                         goto err_out1;
                                 }
@@ -3422,9 +3422,9 @@ static int smb2_populate_readdir_entry(struct ksmbd_conn *conn, int info_level,
                 goto free_conv_name;
         }
  
-       struct_sz = readdir_info_level_struct_sz(info_level);
-       next_entry_offset = ALIGN(struct_sz - 1 + conv_len,
-                                 KSMBD_DIR_INFO_ALIGNMENT);
+       struct_sz = readdir_info_level_struct_sz(info_level) - 1 + conv_len;
+       next_entry_offset = ALIGN(struct_sz, KSMBD_DIR_INFO_ALIGNMENT);
+       d_info->last_entry_off_align = next_entry_offset - struct_sz;
  
         if (next_entry_offset > d_info->out_buf_len) {
                 d_info->out_buf_len = 0;
@@ -3976,6 +3976,7 @@ int smb2_query_dir(struct ksmbd_work *work)
                 ((struct file_directory_info *)
                 ((char *)rsp->Buffer + d_info.last_entry_offset))
                 ->NextEntryOffset = 0;
+               d_info.data_count -= d_info.last_entry_off_align;
  
                 rsp->StructureSize = cpu_to_le16(9);
                 rsp->OutputBufferOffset = cpu_to_le16(72);
@@ -6126,13 +6127,26 @@ static int smb2_set_remote_key_for_rdma(struct ksmbd_work *work,
                                         __le16 ChannelInfoOffset,
                                         __le16 ChannelInfoLength)
  {
+       unsigned int i, ch_count;
+
         if (work->conn->dialect == SMB30_PROT_ID &&
             Channel != SMB2_CHANNEL_RDMA_V1)
                 return -EINVAL;
  
-       if (ChannelInfoOffset == 0 ||
-           le16_to_cpu(ChannelInfoLength) < sizeof(*desc))
+       ch_count = le16_to_cpu(ChannelInfoLength) / sizeof(*desc);
+       if (ksmbd_debug_types & KSMBD_DEBUG_RDMA) {
+               for (i = 0; i < ch_count; i++) {
+                       pr_info("RDMA r/w request %#x: token %#x, length %#x\n",
+                               i,
+                               le32_to_cpu(desc[i].token),
+                               le32_to_cpu(desc[i].length));
+               }
+       }
+       if (ch_count != 1) {
+               ksmbd_debug(RDMA, "RDMA multiple buffer descriptors %d are not supported yet\n",
+                           ch_count);
                 return -EINVAL;
+       }
  
         work->need_invalidate_rkey =
                 (Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE);
@@ -6185,9 +6199,15 @@ int smb2_read(struct ksmbd_work *work)
  
         if (req->Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE ||
             req->Channel == SMB2_CHANNEL_RDMA_V1) {
+               unsigned int ch_offset = le16_to_cpu(req->ReadChannelInfoOffset);
+
+               if (ch_offset < offsetof(struct smb2_read_req, Buffer)) {
+                       err = -EINVAL;
+                       goto out;
+               }
                 err = smb2_set_remote_key_for_rdma(work,
                                                    (struct smb2_buffer_desc_v1 *)
-                                                  &req->Buffer[0],
+                                                  ((char *)req + ch_offset),
                                                    req->Channel,
                                                    req->ReadChannelInfoOffset,
                                                    req->ReadChannelInfoLength);
@@ -6428,11 +6448,16 @@ int smb2_write(struct ksmbd_work *work)
  
         if (req->Channel == SMB2_CHANNEL_RDMA_V1 ||
             req->Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE) {
-               if (req->Length != 0 || req->DataOffset != 0)
-                       return -EINVAL;
+               unsigned int ch_offset = le16_to_cpu(req->WriteChannelInfoOffset);
+
+               if (req->Length != 0 || req->DataOffset != 0 ||
+                   ch_offset < offsetof(struct smb2_write_req, Buffer)) {
+                       err = -EINVAL;
+                       goto out;
+               }
                 err = smb2_set_remote_key_for_rdma(work,
                                                    (struct smb2_buffer_desc_v1 *)
-                                                  &req->Buffer[0],
+                                                  ((char *)req + ch_offset),
                                                    req->Channel,
                                                    req->WriteChannelInfoOffset,
                                                    req->WriteChannelInfoLength);