| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAN05THTH8-pK9uw77COWSUQ_knztT1o1Ms0b=2PPvmBJd=ovUw@mail.gmail.com>
Date: Thu, 26 Mar 2020 12:02:05 +1000
From: ronnie sahlberg <ronniesahlberg@...il.com>
To: Long Li <longli@...rosoft.com>
Cc: Steve French <sfrench@...ba.org>,
linux-cifs <linux-cifs@...r.kernel.org>,
"samba-technical@...ts.samba.org" <samba-technical@...ts.samba.org>,
LKML <linux-kernel@...r.kernel.org>, longli@...uxonhyperv.com
Subject: Re: [PATCH] cifs: smbd: Calculate the correct maximum packet size for
segmented SMBDirect send/receive
Long Li,
Mostly looks good but the magic constant 49 I think is wrong.
49 is the structure size of the read/write request header
but for these sizes, if they are odd it just means that the header contain a
variable sized blob.
I.e. the size is 48 bytes (for the fixed part of the header) + a variable part
which in this case are the ChannelInfo blobs.
So we should probably add to smb2pdu.h a
#define MAX_SMB2_READWRITE_RESPONSE_SIZE 48
and use this in the calculations. Then we need to add the maximum size
we will use for ChannelInfo.
Maybe we should have a define also for the MAX_SMB2_CHANNEL_INFO_SIZE
regards
ronnie sahlberg
On Thu, Mar 26, 2020 at 5:31 AM longli--- via samba-technical
<samba-technical@...ts.samba.org> wrote:
>
> From: Long Li <longli@...rosoft.com>
>
> The packet size needs to take account of SMB2 header size and possible
> encryption header size. This is only done when signing is used and it is for
> RDMA send/receive, not read/write.
>
> Also remove the dead SMBD code in smb2_negotiate_r(w)size.
>
> Signed-off-by: Long Li <longli@...rosoft.com>
> ---
> fs/cifs/smb2ops.c | 38 ++++++++++++++++----------------------
> fs/cifs/smbdirect.c | 3 +--
> 2 files changed, 17 insertions(+), 24 deletions(-)
>
> diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
> index 4c0922596467..9043d34eef43 100644
> --- a/fs/cifs/smb2ops.c
> +++ b/fs/cifs/smb2ops.c
> @@ -332,16 +332,6 @@ smb2_negotiate_wsize(struct cifs_tcon *tcon, struct smb_vol *volume_info)
> /* start with specified wsize, or default */
> wsize = volume_info->wsize ? volume_info->wsize : CIFS_DEFAULT_IOSIZE;
> wsize = min_t(unsigned int, wsize, server->max_write);
> -#ifdef CONFIG_CIFS_SMB_DIRECT
> - if (server->rdma) {
> - if (server->sign)
> - wsize = min_t(unsigned int,
> - wsize, server->smbd_conn->max_fragmented_send_size);
> - else
> - wsize = min_t(unsigned int,
> - wsize, server->smbd_conn->max_readwrite_size);
> - }
> -#endif
> if (!(server->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU))
> wsize = min_t(unsigned int, wsize, SMB2_MAX_BUFFER_SIZE);
>
> @@ -360,8 +350,15 @@ smb3_negotiate_wsize(struct cifs_tcon *tcon, struct smb_vol *volume_info)
> #ifdef CONFIG_CIFS_SMB_DIRECT
> if (server->rdma) {
> if (server->sign)
> + /*
> + * Account for SMB2 data transfer packet header
> + * SMB2_READ/SMB2_WRITE (49) and possible encryption
> + * headers
> + */
> wsize = min_t(unsigned int,
> - wsize, server->smbd_conn->max_fragmented_send_size);
> + wsize,
> + server->smbd_conn->max_fragmented_send_size -
> + 49 - sizeof(struct smb2_transform_hdr));
> else
> wsize = min_t(unsigned int,
> wsize, server->smbd_conn->max_readwrite_size);
> @@ -382,16 +379,6 @@ smb2_negotiate_rsize(struct cifs_tcon *tcon, struct smb_vol *volume_info)
> /* start with specified rsize, or default */
> rsize = volume_info->rsize ? volume_info->rsize : CIFS_DEFAULT_IOSIZE;
> rsize = min_t(unsigned int, rsize, server->max_read);
> -#ifdef CONFIG_CIFS_SMB_DIRECT
> - if (server->rdma) {
> - if (server->sign)
> - rsize = min_t(unsigned int,
> - rsize, server->smbd_conn->max_fragmented_recv_size);
> - else
> - rsize = min_t(unsigned int,
> - rsize, server->smbd_conn->max_readwrite_size);
> - }
> -#endif
>
> if (!(server->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU))
> rsize = min_t(unsigned int, rsize, SMB2_MAX_BUFFER_SIZE);
> @@ -411,8 +398,15 @@ smb3_negotiate_rsize(struct cifs_tcon *tcon, struct smb_vol *volume_info)
> #ifdef CONFIG_CIFS_SMB_DIRECT
> if (server->rdma) {
> if (server->sign)
> + /*
> + * Account for SMB2 data transfer packet header
> + * SMB2_READ/SMB2_WRITE (49) and possible encryption
> + * headers
> + */
> rsize = min_t(unsigned int,
> - rsize, server->smbd_conn->max_fragmented_recv_size);
> + rsize,
> + server->smbd_conn->max_fragmented_recv_size -
> + 49 - sizeof(struct smb2_transform_hdr));
> else
> rsize = min_t(unsigned int,
> rsize, server->smbd_conn->max_readwrite_size);
> diff --git a/fs/cifs/smbdirect.c b/fs/cifs/smbdirect.c
> index eb1e40af9f3a..0327b575ab87 100644
> --- a/fs/cifs/smbdirect.c
> +++ b/fs/cifs/smbdirect.c
> @@ -2097,8 +2097,7 @@ int smbd_send(struct TCP_Server_Info *server,
> for (i = 0; i < num_rqst; i++)
> remaining_data_length += smb_rqst_len(server, &rqst_array[i]);
>
> - if (remaining_data_length + sizeof(struct smbd_data_transfer) >
> - info->max_fragmented_send_size) {
> + if (remaining_data_length > info->max_fragmented_send_size) {
> log_write(ERR, "payload size %d > max size %d\n",
> remaining_data_length, info->max_fragmented_send_size);
> rc = -EINVAL;
> --
> 2.17.1
>
>
Powered by blists - more mailing lists