| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250608170119.6813-3-pali@kernel.org>
Date: Sun, 8 Jun 2025 19:01:16 +0200
From: Pali Rohár <pali@...nel.org>
To: Steve French <sfrench@...ba.org>,
Paulo Alcantara <pc@...guebit.com>
Cc: linux-cifs@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH 2/5] cifs: Fix validation of EAs for WSL reparse points
When wsl_to_fattr() is called from readdir() then we should skip validation
of WSL EAs because readdir FIND_FIRST/NEXT results do not provide EA values
at all. For readdir() reply in this case return DT_UNKNOWN type instead of
DT_REG (which is the result of failed WSL EAs validation).
When validation is skipped and some required EAs are missing then returns
true from wsl_to_fattr() function but do not set fattr->cf_mode. This makes
readdir() to return DT_UNKNOWN type in the same way as it is doing NFS
reparse point function.
This change fixes readdir() result that for some WSL reparse points returns
DT_REG due to missing EAs. After this change it returns DT_UNKNOWN, which
is better than returning wrong type.
Fixes: ef201e8759d2 ("cifs: Validate EAs for WSL reparse points")
Signed-off-by: Pali Rohár <pali@...nel.org>
---
fs/smb/client/reparse.c | 27 ++++++++++++++++++++-------
1 file changed, 20 insertions(+), 7 deletions(-)
diff --git a/fs/smb/client/reparse.c b/fs/smb/client/reparse.c
index 5351d3d9d538..8d989e436517 100644
--- a/fs/smb/client/reparse.c
+++ b/fs/smb/client/reparse.c
@@ -1117,27 +1117,39 @@ static bool wsl_to_fattr(struct cifs_open_info_data *data,
u32 tag, struct cifs_fattr *fattr)
{
struct smb2_file_full_ea_info *ea;
+ bool ignore_missing_eas = false;
bool have_xattr_dev = false;
+ umode_t reparse_mode_type = 0;
u32 next = 0;
switch (tag) {
case IO_REPARSE_TAG_LX_SYMLINK:
- fattr->cf_mode |= S_IFLNK;
+ reparse_mode_type = S_IFLNK;
break;
case IO_REPARSE_TAG_LX_FIFO:
- fattr->cf_mode |= S_IFIFO;
+ reparse_mode_type = S_IFIFO;
break;
case IO_REPARSE_TAG_AF_UNIX:
- fattr->cf_mode |= S_IFSOCK;
+ reparse_mode_type = S_IFSOCK;
break;
case IO_REPARSE_TAG_LX_CHR:
- fattr->cf_mode |= S_IFCHR;
+ reparse_mode_type = S_IFCHR;
break;
case IO_REPARSE_TAG_LX_BLK:
- fattr->cf_mode |= S_IFBLK;
+ reparse_mode_type = S_IFBLK;
break;
+ default:
+ return false;
}
+ /*
+ * When reparse buffer is not available then this is from readdir() call
+ * which does not provide EAs. readdir() can return DT_UNKNOWN type,
+ * which is signaled by no filling the fattr->cf_mode and returning true.
+ */
+ if (!data->reparse.buf && !data->wsl.eas_len)
+ ignore_missing_eas = true;
+
if (!data->wsl.eas_len)
goto out;
@@ -1162,7 +1174,7 @@ static bool wsl_to_fattr(struct cifs_open_info_data *data,
fattr->cf_gid = wsl_make_kgid(cifs_sb, v);
else if (!strncmp(name, SMB2_WSL_XATTR_MODE, nlen)) {
/* File type in reparse point tag and in xattr mode must match. */
- if (S_DT(fattr->cf_mode) != S_DT(le32_to_cpu(*(__le32 *)v)))
+ if (S_DT(reparse_mode_type) != S_DT(le32_to_cpu(*(__le32 *)v)))
return false;
fattr->cf_mode = (umode_t)le32_to_cpu(*(__le32 *)v);
} else if (!strncmp(name, SMB2_WSL_XATTR_DEV, nlen)) {
@@ -1174,8 +1186,9 @@ static bool wsl_to_fattr(struct cifs_open_info_data *data,
/* Major and minor numbers for char and block devices are mandatory. */
if (!have_xattr_dev && (tag == IO_REPARSE_TAG_LX_CHR || tag == IO_REPARSE_TAG_LX_BLK))
- return false;
+ return ignore_missing_eas;
+ fattr->cf_mode |= reparse_mode_type;
return true;
}
--
2.20.1
Powered by blists - more mailing lists