Commit e25ca045 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag '5.15-rc3-ksmbd-fixes' of git://git.samba.org/ksmbd

Pull ksmbd server fixes from Steve French:
 "Eleven fixes for the ksmbd kernel server, mostly security related:

   - an important fix for disabling weak NTLMv1 authentication

   - seven security (improved buffer overflow checks) fixes

   - fix for wrong infolevel struct used in some getattr/setattr paths

   - two small documentation fixes"

* tag '5.15-rc3-ksmbd-fixes' of git://git.samba.org/ksmbd:
  ksmbd: missing check for NULL in convert_to_nt_pathname()
  ksmbd: fix transform header validation
  ksmbd: add buffer validation for SMB2_CREATE_CONTEXT
  ksmbd: add validation in smb2 negotiate
  ksmbd: add request buffer validation in smb2_set_info
  ksmbd: use correct basic info level in set_file_basic_info()
  ksmbd: remove NTLMv1 authentication
  ksmbd: fix documentation for 2 functions
  MAINTAINERS: rename cifs_common to smbfs_common in cifs and ksmbd entry
  ksmbd: fix invalid request buffer access in compound
  ksmbd: remove RFC1002 check in smb2 request
parents 9904468f 87ffb310
......@@ -4657,7 +4657,7 @@ W: http://linux-cifs.samba.org/
T: git git://git.samba.org/sfrench/cifs-2.6.git
F: Documentation/admin-guide/cifs/
F: fs/cifs/
F: fs/cifs_common/
F: fs/smbfs_common/
 
COMPACTPCI HOTPLUG CORE
M: Scott Murray <scott@spiteful.org>
......@@ -10195,8 +10195,8 @@ M: Hyunchul Lee <hyc.lee@gmail.com>
L: linux-cifs@vger.kernel.org
S: Maintained
T: git git://git.samba.org/ksmbd.git
F: fs/cifs_common/
F: fs/ksmbd/
F: fs/smbfs_common/
 
KERNEL UNIT TESTING FRAMEWORK (KUnit)
M: Brendan Higgins <brendanhiggins@google.com>
......
......@@ -68,125 +68,6 @@ void ksmbd_copy_gss_neg_header(void *buf)
memcpy(buf, NEGOTIATE_GSS_HEADER, AUTH_GSS_LENGTH);
}
static void
str_to_key(unsigned char *str, unsigned char *key)
{
int i;
key[0] = str[0] >> 1;
key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2);
key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3);
key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4);
key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5);
key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6);
key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7);
key[7] = str[6] & 0x7F;
for (i = 0; i < 8; i++)
key[i] = (key[i] << 1);
}
static int
smbhash(unsigned char *out, const unsigned char *in, unsigned char *key)
{
unsigned char key2[8];
struct des_ctx ctx;
if (fips_enabled) {
ksmbd_debug(AUTH, "FIPS compliance enabled: DES not permitted\n");
return -ENOENT;
}
str_to_key(key, key2);
des_expand_key(&ctx, key2, DES_KEY_SIZE);
des_encrypt(&ctx, out, in);
memzero_explicit(&ctx, sizeof(ctx));
return 0;
}
static int ksmbd_enc_p24(unsigned char *p21, const unsigned char *c8, unsigned char *p24)
{
int rc;
rc = smbhash(p24, c8, p21);
if (rc)
return rc;
rc = smbhash(p24 + 8, c8, p21 + 7);
if (rc)
return rc;
return smbhash(p24 + 16, c8, p21 + 14);
}
/* produce a md4 message digest from data of length n bytes */
static int ksmbd_enc_md4(unsigned char *md4_hash, unsigned char *link_str,
int link_len)
{
int rc;
struct ksmbd_crypto_ctx *ctx;
ctx = ksmbd_crypto_ctx_find_md4();
if (!ctx) {
ksmbd_debug(AUTH, "Crypto md4 allocation error\n");
return -ENOMEM;
}
rc = crypto_shash_init(CRYPTO_MD4(ctx));
if (rc) {
ksmbd_debug(AUTH, "Could not init md4 shash\n");
goto out;
}
rc = crypto_shash_update(CRYPTO_MD4(ctx), link_str, link_len);
if (rc) {
ksmbd_debug(AUTH, "Could not update with link_str\n");
goto out;
}
rc = crypto_shash_final(CRYPTO_MD4(ctx), md4_hash);
if (rc)
ksmbd_debug(AUTH, "Could not generate md4 hash\n");
out:
ksmbd_release_crypto_ctx(ctx);
return rc;
}
static int ksmbd_enc_update_sess_key(unsigned char *md5_hash, char *nonce,
char *server_challenge, int len)
{
int rc;
struct ksmbd_crypto_ctx *ctx;
ctx = ksmbd_crypto_ctx_find_md5();
if (!ctx) {
ksmbd_debug(AUTH, "Crypto md5 allocation error\n");
return -ENOMEM;
}
rc = crypto_shash_init(CRYPTO_MD5(ctx));
if (rc) {
ksmbd_debug(AUTH, "Could not init md5 shash\n");
goto out;
}
rc = crypto_shash_update(CRYPTO_MD5(ctx), server_challenge, len);
if (rc) {
ksmbd_debug(AUTH, "Could not update with challenge\n");
goto out;
}
rc = crypto_shash_update(CRYPTO_MD5(ctx), nonce, len);
if (rc) {
ksmbd_debug(AUTH, "Could not update with nonce\n");
goto out;
}
rc = crypto_shash_final(CRYPTO_MD5(ctx), md5_hash);
if (rc)
ksmbd_debug(AUTH, "Could not generate md5 hash\n");
out:
ksmbd_release_crypto_ctx(ctx);
return rc;
}
/**
* ksmbd_gen_sess_key() - function to generate session key
* @sess: session of connection
......@@ -324,43 +205,6 @@ static int calc_ntlmv2_hash(struct ksmbd_session *sess, char *ntlmv2_hash,
return ret;
}
/**
* ksmbd_auth_ntlm() - NTLM authentication handler
* @sess: session of connection
* @pw_buf: NTLM challenge response
* @passkey: user password
*
* Return: 0 on success, error number on error
*/
int ksmbd_auth_ntlm(struct ksmbd_session *sess, char *pw_buf)
{
int rc;
unsigned char p21[21];
char key[CIFS_AUTH_RESP_SIZE];
memset(p21, '\0', 21);
memcpy(p21, user_passkey(sess->user), CIFS_NTHASH_SIZE);
rc = ksmbd_enc_p24(p21, sess->ntlmssp.cryptkey, key);
if (rc) {
pr_err("password processing failed\n");
return rc;
}
ksmbd_enc_md4(sess->sess_key, user_passkey(sess->user),
CIFS_SMB1_SESSKEY_SIZE);
memcpy(sess->sess_key + CIFS_SMB1_SESSKEY_SIZE, key,
CIFS_AUTH_RESP_SIZE);
sess->sequence_number = 1;
if (strncmp(pw_buf, key, CIFS_AUTH_RESP_SIZE) != 0) {
ksmbd_debug(AUTH, "ntlmv1 authentication failed\n");
return -EINVAL;
}
ksmbd_debug(AUTH, "ntlmv1 authentication pass\n");
return 0;
}
/**
* ksmbd_auth_ntlmv2() - NTLMv2 authentication handler
* @sess: session of connection
......@@ -441,44 +285,6 @@ int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2,
return rc;
}
/**
* __ksmbd_auth_ntlmv2() - NTLM2(extended security) authentication handler
* @sess: session of connection
* @client_nonce: client nonce from LM response.
* @ntlm_resp: ntlm response data from client.
*
* Return: 0 on success, error number on error
*/
static int __ksmbd_auth_ntlmv2(struct ksmbd_session *sess, char *client_nonce,
char *ntlm_resp)
{
char sess_key[CIFS_SMB1_SESSKEY_SIZE] = {0};
int rc;
unsigned char p21[21];
char key[CIFS_AUTH_RESP_SIZE];
rc = ksmbd_enc_update_sess_key(sess_key,
client_nonce,
(char *)sess->ntlmssp.cryptkey, 8);
if (rc) {
pr_err("password processing failed\n");
goto out;
}
memset(p21, '\0', 21);
memcpy(p21, user_passkey(sess->user), CIFS_NTHASH_SIZE);
rc = ksmbd_enc_p24(p21, sess_key, key);
if (rc) {
pr_err("password processing failed\n");
goto out;
}
if (memcmp(ntlm_resp, key, CIFS_AUTH_RESP_SIZE) != 0)
rc = -EINVAL;
out:
return rc;
}
/**
* ksmbd_decode_ntlmssp_auth_blob() - helper function to construct
* authenticate blob
......@@ -512,17 +318,6 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,
nt_off = le32_to_cpu(authblob->NtChallengeResponse.BufferOffset);
nt_len = le16_to_cpu(authblob->NtChallengeResponse.Length);
/* process NTLM authentication */
if (nt_len == CIFS_AUTH_RESP_SIZE) {
if (le32_to_cpu(authblob->NegotiateFlags) &
NTLMSSP_NEGOTIATE_EXTENDED_SEC)
return __ksmbd_auth_ntlmv2(sess, (char *)authblob +
lm_off, (char *)authblob + nt_off);
else
return ksmbd_auth_ntlm(sess, (char *)authblob +
nt_off);
}
/* TODO : use domain name that imported from configuration file */
domain_name = smb_strndup_from_utf16((const char *)authblob +
le32_to_cpu(authblob->DomainName.BufferOffset),
......
......@@ -81,12 +81,6 @@ static struct shash_desc *alloc_shash_desc(int id)
case CRYPTO_SHASH_SHA512:
tfm = crypto_alloc_shash("sha512", 0, 0);
break;
case CRYPTO_SHASH_MD4:
tfm = crypto_alloc_shash("md4", 0, 0);
break;
case CRYPTO_SHASH_MD5:
tfm = crypto_alloc_shash("md5", 0, 0);
break;
default:
return NULL;
}
......@@ -214,16 +208,6 @@ struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_sha512(void)
return ____crypto_shash_ctx_find(CRYPTO_SHASH_SHA512);
}
struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_md4(void)
{
return ____crypto_shash_ctx_find(CRYPTO_SHASH_MD4);
}
struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_md5(void)
{
return ____crypto_shash_ctx_find(CRYPTO_SHASH_MD5);
}
static struct ksmbd_crypto_ctx *____crypto_aead_ctx_find(int id)
{
struct ksmbd_crypto_ctx *ctx;
......
......@@ -15,8 +15,6 @@ enum {
CRYPTO_SHASH_CMACAES,
CRYPTO_SHASH_SHA256,
CRYPTO_SHASH_SHA512,
CRYPTO_SHASH_MD4,
CRYPTO_SHASH_MD5,
CRYPTO_SHASH_MAX,
};
......@@ -43,8 +41,6 @@ struct ksmbd_crypto_ctx {
#define CRYPTO_CMACAES(c) ((c)->desc[CRYPTO_SHASH_CMACAES])
#define CRYPTO_SHA256(c) ((c)->desc[CRYPTO_SHASH_SHA256])
#define CRYPTO_SHA512(c) ((c)->desc[CRYPTO_SHASH_SHA512])
#define CRYPTO_MD4(c) ((c)->desc[CRYPTO_SHASH_MD4])
#define CRYPTO_MD5(c) ((c)->desc[CRYPTO_SHASH_MD5])
#define CRYPTO_HMACMD5_TFM(c) ((c)->desc[CRYPTO_SHASH_HMACMD5]->tfm)
#define CRYPTO_HMACSHA256_TFM(c)\
......@@ -52,8 +48,6 @@ struct ksmbd_crypto_ctx {
#define CRYPTO_CMACAES_TFM(c) ((c)->desc[CRYPTO_SHASH_CMACAES]->tfm)
#define CRYPTO_SHA256_TFM(c) ((c)->desc[CRYPTO_SHASH_SHA256]->tfm)
#define CRYPTO_SHA512_TFM(c) ((c)->desc[CRYPTO_SHASH_SHA512]->tfm)
#define CRYPTO_MD4_TFM(c) ((c)->desc[CRYPTO_SHASH_MD4]->tfm)
#define CRYPTO_MD5_TFM(c) ((c)->desc[CRYPTO_SHASH_MD5]->tfm)
#define CRYPTO_GCM(c) ((c)->ccmaes[CRYPTO_AEAD_AES_GCM])
#define CRYPTO_CCM(c) ((c)->ccmaes[CRYPTO_AEAD_AES_CCM])
......@@ -64,8 +58,6 @@ struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_hmacsha256(void);
struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_cmacaes(void);
struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_sha512(void);
struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_sha256(void);
struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_md4(void);
struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_md5(void);
struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_gcm(void);
struct ksmbd_crypto_ctx *ksmbd_crypto_ctx_find_ccm(void);
void ksmbd_crypto_destroy(void);
......
......@@ -162,17 +162,14 @@ char *convert_to_nt_pathname(char *filename)
{
char *ab_pathname;
if (strlen(filename) == 0) {
ab_pathname = kmalloc(2, GFP_KERNEL);
ab_pathname[0] = '\\';
ab_pathname[1] = '\0';
} else {
ab_pathname = kstrdup(filename, GFP_KERNEL);
if (!ab_pathname)
return NULL;
if (strlen(filename) == 0)
filename = "\\";
ksmbd_conv_path_to_windows(ab_pathname);
}
ab_pathname = kstrdup(filename, GFP_KERNEL);
if (!ab_pathname)
return NULL;
ksmbd_conv_path_to_windows(ab_pathname);
return ab_pathname;
}
......
......@@ -1451,26 +1451,47 @@ struct lease_ctx_info *parse_lease_state(void *open_req)
*/
struct create_context *smb2_find_context_vals(void *open_req, const char *tag)
{
char *data_offset;
struct create_context *cc;
unsigned int next = 0;
char *name;
struct smb2_create_req *req = (struct smb2_create_req *)open_req;
unsigned int remain_len, name_off, name_len, value_off, value_len,
cc_len;
data_offset = (char *)req + 4 + le32_to_cpu(req->CreateContextsOffset);
cc = (struct create_context *)data_offset;
/*
* CreateContextsOffset and CreateContextsLength are guaranteed to
* be valid because of ksmbd_smb2_check_message().
*/
cc = (struct create_context *)((char *)req + 4 +
le32_to_cpu(req->CreateContextsOffset));
remain_len = le32_to_cpu(req->CreateContextsLength);
do {
int val;
cc = (struct create_context *)((char *)cc + next);
name = le16_to_cpu(cc->NameOffset) + (char *)cc;
val = le16_to_cpu(cc->NameLength);
if (val < 4)
if (remain_len < offsetof(struct create_context, Buffer))
return ERR_PTR(-EINVAL);
if (memcmp(name, tag, val) == 0)
return cc;
next = le32_to_cpu(cc->Next);
name_off = le16_to_cpu(cc->NameOffset);
name_len = le16_to_cpu(cc->NameLength);
value_off = le16_to_cpu(cc->DataOffset);
value_len = le32_to_cpu(cc->DataLength);
cc_len = next ? next : remain_len;
if ((next & 0x7) != 0 ||
next > remain_len ||
name_off != offsetof(struct create_context, Buffer) ||
name_len < 4 ||
name_off + name_len > cc_len ||
(value_off & 0x7) != 0 ||
(value_off && (value_off < name_off + name_len)) ||
((u64)value_off + value_len > cc_len))
return ERR_PTR(-EINVAL);
name = (char *)cc + name_off;
if (memcmp(name, tag, name_len) == 0)
return cc;
remain_len -= next;
} while (next != 0);
return NULL;
......
......@@ -459,13 +459,22 @@ static void init_chained_smb2_rsp(struct ksmbd_work *work)
bool is_chained_smb2_message(struct ksmbd_work *work)
{
struct smb2_hdr *hdr = work->request_buf;
unsigned int len;
unsigned int len, next_cmd;
if (hdr->ProtocolId != SMB2_PROTO_NUMBER)
return false;
hdr = ksmbd_req_buf_next(work);
if (le32_to_cpu(hdr->NextCommand) > 0) {
next_cmd = le32_to_cpu(hdr->NextCommand);
if (next_cmd > 0) {
if ((u64)work->next_smb2_rcv_hdr_off + next_cmd +
__SMB2_HEADER_STRUCTURE_SIZE >
get_rfc1002_len(work->request_buf)) {
pr_err("next command(%u) offset exceeds smb msg size\n",
next_cmd);
return false;
}
ksmbd_debug(SMB, "got SMB2 chained command\n");
init_chained_smb2_rsp(work);
return true;
......@@ -1058,6 +1067,7 @@ int smb2_handle_negotiate(struct ksmbd_work *work)
struct smb2_negotiate_req *req = work->request_buf;
struct smb2_negotiate_rsp *rsp = work->response_buf;
int rc = 0;
unsigned int smb2_buf_len, smb2_neg_size;
__le32 status;
ksmbd_debug(SMB, "Received negotiate request\n");
......@@ -1075,6 +1085,44 @@ int smb2_handle_negotiate(struct ksmbd_work *work)
goto err_out;
}
smb2_buf_len = get_rfc1002_len(work->request_buf);
smb2_neg_size = offsetof(struct smb2_negotiate_req, Dialects) - 4;
if (smb2_neg_size > smb2_buf_len) {
rsp->hdr.Status = STATUS_INVALID_PARAMETER;
rc = -EINVAL;
goto err_out;
}
if (conn->dialect == SMB311_PROT_ID) {
unsigned int nego_ctxt_off = le32_to_cpu(req->NegotiateContextOffset);
if (smb2_buf_len < nego_ctxt_off) {
rsp->hdr.Status = STATUS_INVALID_PARAMETER;
rc = -EINVAL;
goto err_out;
}
if (smb2_neg_size > nego_ctxt_off) {
rsp->hdr.Status = STATUS_INVALID_PARAMETER;
rc = -EINVAL;
goto err_out;
}
if (smb2_neg_size + le16_to_cpu(req->DialectCount) * sizeof(__le16) >
nego_ctxt_off) {
rsp->hdr.Status = STATUS_INVALID_PARAMETER;
rc = -EINVAL;
goto err_out;
}
} else {
if (smb2_neg_size + le16_to_cpu(req->DialectCount) * sizeof(__le16) >
smb2_buf_len) {
rsp->hdr.Status = STATUS_INVALID_PARAMETER;
rc = -EINVAL;
goto err_out;
}
}
conn->cli_cap = le32_to_cpu(req->Capabilities);
switch (conn->dialect) {
case SMB311_PROT_ID:
......@@ -2093,16 +2141,22 @@ static noinline int create_smb2_pipe(struct ksmbd_work *work)
* smb2_set_ea() - handler for setting extended attributes using set
* info command
* @eabuf: set info command buffer
* @buf_len: set info command buffer length
* @path: dentry path for get ea
*
* Return: 0 on success, otherwise error
*/
static int smb2_set_ea(struct smb2_ea_info *eabuf, struct path *path)
static int smb2_set_ea(struct smb2_ea_info *eabuf, unsigned int buf_len,
struct path *path)
{
struct user_namespace *user_ns = mnt_user_ns(path->mnt);
char *attr_name = NULL, *value;
int rc = 0;
int next = 0;
unsigned int next = 0;
if (buf_len < sizeof(struct smb2_ea_info) + eabuf->EaNameLength +
le16_to_cpu(eabuf->EaValueLength))
return -EINVAL;
attr_name = kmalloc(XATTR_NAME_MAX + 1, GFP_KERNEL);
if (!attr_name)
......@@ -2167,7 +2221,13 @@ static int smb2_set_ea(struct smb2_ea_info *eabuf, struct path *path)
next:
next = le32_to_cpu(eabuf->NextEntryOffset);
if (next == 0 || buf_len < next)
break;
buf_len -= next;
eabuf = (struct smb2_ea_info *)((char *)eabuf + next);
if (next < (u32)eabuf->EaNameLength + le16_to_cpu(eabuf->EaValueLength))
break;
} while (next != 0);
kfree(attr_name);
......@@ -2367,6 +2427,10 @@ static int smb2_create_sd_buffer(struct ksmbd_work *work,
ksmbd_debug(SMB,
"Set ACLs using SMB2_CREATE_SD_BUFFER context\n");
sd_buf = (struct create_sd_buf_req *)context;
if (le16_to_cpu(context->DataOffset) +
le32_to_cpu(context->DataLength) <
sizeof(struct create_sd_buf_req))
return -EINVAL;
return set_info_sec(work->conn, work->tcon, path, &sd_buf->ntsd,
le32_to_cpu(sd_buf->ccontext.DataLength), true);
}
......@@ -2561,6 +2625,12 @@ int smb2_open(struct ksmbd_work *work)
goto err_out1;
} else if (context) {
ea_buf = (struct create_ea_buf_req *)context;
if (le16_to_cpu(context->DataOffset) +
le32_to_cpu(context->DataLength) <
sizeof(struct create_ea_buf_req)) {
rc = -EINVAL;
goto err_out1;
}
if (req->CreateOptions & FILE_NO_EA_KNOWLEDGE_LE) {
rsp->hdr.Status = STATUS_ACCESS_DENIED;
rc = -EACCES;
......@@ -2599,6 +2669,12 @@ int smb2_open(struct ksmbd_work *work)
} else if (context) {
struct create_posix *posix =
(struct create_posix *)context;
if (le16_to_cpu(context->DataOffset) +
le32_to_cpu(context->DataLength) <
sizeof(struct create_posix)) {
rc = -EINVAL;
goto err_out1;
}
ksmbd_debug(SMB, "get posix context\n");
posix_mode = le32_to_cpu(posix->Mode);
......@@ -2748,7 +2824,15 @@ int smb2_open(struct ksmbd_work *work)
created = true;
user_ns = mnt_user_ns(path.mnt);
if (ea_buf) {
rc = smb2_set_ea(&ea_buf->ea, &path);
if (le32_to_cpu(ea_buf->ccontext.DataLength) <
sizeof(struct smb2_ea_info)) {
rc = -EINVAL;
goto err_out;
}
rc = smb2_set_ea(&ea_buf->ea,
le32_to_cpu(ea_buf->ccontext.DataLength),
&path);
if (rc == -EOPNOTSUPP)
rc = 0;
else if (rc)
......@@ -2981,9 +3065,16 @@ int smb2_open(struct ksmbd_work *work)
rc = PTR_ERR(az_req);
goto err_out;
} else if (az_req) {
loff_t alloc_size = le64_to_cpu(az_req->AllocationSize);
loff_t alloc_size;
int err;
if (le16_to_cpu(az_req->ccontext.DataOffset) +
le32_to_cpu(az_req->ccontext.DataLength) <
sizeof(struct create_alloc_size_req)) {
rc = -EINVAL;
goto err_out;
}
alloc_size = le64_to_cpu(az_req->AllocationSize);
ksmbd_debug(SMB,
"request smb2 create allocate size : %llu\n",
alloc_size);
......@@ -4152,7 +4243,7 @@ static void get_file_access_info(struct smb2_query_info_rsp *rsp,
static int get_file_basic_info(struct smb2_query_info_rsp *rsp,
struct ksmbd_file *fp, void *rsp_org)
{
struct smb2_file_all_info *basic_info;
struct smb2_file_basic_info *basic_info;
struct kstat stat;
u64 time;
......@@ -4162,7 +4253,7 @@ static int get_file_basic_info(struct smb2_query_info_rsp *rsp,
return -EACCES;
}
basic_info = (struct smb2_file_all_info *)rsp->Buffer;
basic_info = (struct smb2_file_basic_info *)rsp->Buffer;
generic_fillattr(file_mnt_user_ns(fp->filp), file_inode(fp->filp),
&stat);
basic_info->CreationTime = cpu_to_le64(fp->create_time);
......@@ -4175,9 +4266,8 @@ static int get_file_basic_info(struct smb2_query_info_rsp *rsp,
basic_info->Attributes = fp->f_ci->m_fattr;
basic_info->Pad1 = 0;
rsp->OutputBufferLength =
cpu_to_le32(offsetof(struct smb2_file_all_info, AllocationSize));
inc_rfc1001_len(rsp_org, offsetof(struct smb2_file_all_info,
AllocationSize));
cpu_to_le32(sizeof(struct smb2_file_basic_info));
inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_basic_info));
return 0;
}
......@@ -5333,7 +5423,7 @@ static int smb2_rename(struct ksmbd_work *work,
static int smb2_create_link(struct ksmbd_work *work,
struct ksmbd_share_config *share,
struct smb2_file_link_info *file_info,
struct file *filp,