[PATCH 3/5] cifs: Fix validation of SMB2_OP_QUERY_WSL_EA response size

From: Pali Rohár
Date: Sun Jun 08 2025 - 13:02:00 EST

Next message: Pali Rohár: "[PATCH 2/5] cifs: Fix validation of EAs for WSL reparse points"
Previous message: Pali Rohár: "[PATCH 0/5] cifs: Fix validation of WSL-style special files"
In reply to: Pali Rohár: "[PATCH 0/5] cifs: Fix validation of WSL-style special files"
Next in thread: Paulo Alcantara: "Re: [PATCH 3/5] cifs: Fix validation of SMB2_OP_QUERY_WSL_EA response size"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Currently the SMB2_OP_QUERY_WSL_EA checks that response buffer has at least
size SMB2_WSL_MIN_QUERY_EA_RESP_SIZE and maximally it is
SMB2_WSL_MAX_QUERY_EA_RESP_SIZE.

Constant SMB2_WSL_MIN_QUERY_EA_RESP_SIZE is defined wrongly because it
expects that the there are at least 3 EAs. But WSL subsystem has only one
mandatory EA: $LXMOD. So fix the SMB2_WSL_MIN_QUERY_EA_RESP_SIZE to be size
of the structure of one EA.

Relax also SMB2_WSL_MAX_QUERY_EA_RESP_SIZE, calculate maximum size from the
size of the largest EA which is 8 bytes for $LXDEV.

This change allows to recognize WSL CHR and BLK reparse points which have
only $LXMOD and $LXDEV EAs (no $LXUID or $LXGID). WSL subsystem recognize
such reparse points too.

Fixes: ea41367b2a60 ("smb: client: introduce SMB2_OP_QUERY_WSL_EA")
Signed-off-by: Pali Rohár <pali@xxxxxxxxxx>
---
fs/smb/client/smb2pdu.h | 19 +++++++++----------
1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/fs/smb/client/smb2pdu.h b/fs/smb/client/smb2pdu.h
index 3c09a58dfd07..cdf0ab9ddbcd 100644
--- a/fs/smb/client/smb2pdu.h
+++ b/fs/smb/client/smb2pdu.h
@@ -425,24 +425,23 @@ struct smb2_create_ea_ctx {
#define SMB2_WSL_XATTR_MODE "$LXMOD"
#define SMB2_WSL_XATTR_DEV "$LXDEV"
#define SMB2_WSL_XATTR_NAME_LEN 6
-#define SMB2_WSL_NUM_XATTRS 4

#define SMB2_WSL_XATTR_UID_SIZE 4
#define SMB2_WSL_XATTR_GID_SIZE 4
#define SMB2_WSL_XATTR_MODE_SIZE 4
#define SMB2_WSL_XATTR_DEV_SIZE 8

+/* minimal size: at least the smallest EA has to be present */
#define SMB2_WSL_MIN_QUERY_EA_RESP_SIZE \
- (ALIGN((SMB2_WSL_NUM_XATTRS - 1) * \
- (SMB2_WSL_XATTR_NAME_LEN + 1 + \
- sizeof(struct smb2_file_full_ea_info)), 4) + \
- SMB2_WSL_XATTR_NAME_LEN + 1 + sizeof(struct smb2_file_full_ea_info))
+ (sizeof(struct smb2_file_full_ea_info) + SMB2_WSL_XATTR_NAME_LEN + 1 + 4)

+/*
+ * maximal size: all 4 EAs are present,
+ * beginning of each EA structure has to be aligned to 4 bytes,
+ * EAs have different size and can be returned in any other,
+ * use the largest EA size for aligning when calculating maximal size
+ */
#define SMB2_WSL_MAX_QUERY_EA_RESP_SIZE \
- (ALIGN(SMB2_WSL_MIN_QUERY_EA_RESP_SIZE + \
- SMB2_WSL_XATTR_UID_SIZE + \
- SMB2_WSL_XATTR_GID_SIZE + \
- SMB2_WSL_XATTR_MODE_SIZE + \
- SMB2_WSL_XATTR_DEV_SIZE, 4))
+ 4 * ALIGN((sizeof(struct smb2_file_full_ea_info) + SMB2_WSL_XATTR_NAME_LEN + 1 + 8), 4)

#endif /* _SMB2PDU_H */
--
2.20.1

Next message: Pali Rohár: "[PATCH 2/5] cifs: Fix validation of EAs for WSL reparse points"
Previous message: Pali Rohár: "[PATCH 0/5] cifs: Fix validation of WSL-style special files"
In reply to: Pali Rohár: "[PATCH 0/5] cifs: Fix validation of WSL-style special files"
Next in thread: Paulo Alcantara: "Re: [PATCH 3/5] cifs: Fix validation of SMB2_OP_QUERY_WSL_EA response size"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]