From patchwork Wed Nov 14 22:40:20 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ronnie Sahlberg <lsahlber@redhat.com>
X-Patchwork-Id: 10683257
Return-Path: <linux-cifs-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 197F214E2
	for <patchwork-cifs-client@patchwork.kernel.org>;
 Wed, 14 Nov 2018 22:40:35 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0AEF82BCF2
	for <patchwork-cifs-client@patchwork.kernel.org>;
 Wed, 14 Nov 2018 22:40:35 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id F34992BD0C; Wed, 14 Nov 2018 22:40:34 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9CEF52BCF2
	for <patchwork-cifs-client@patchwork.kernel.org>;
 Wed, 14 Nov 2018 22:40:34 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729062AbeKOIpm (ORCPT
        <rfc822;patchwork-cifs-client@patchwork.kernel.org>);
        Thu, 15 Nov 2018 03:45:42 -0500
Received: from mx1.redhat.com ([209.132.183.28]:20317 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1728160AbeKOIpl (ORCPT <rfc822;linux-cifs@vger.kernel.org>);
        Thu, 15 Nov 2018 03:45:41 -0500
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id 578B129A60;
        Wed, 14 Nov 2018 22:40:32 +0000 (UTC)
Received: from test1135.test.redhat.com (vpn2-54-34.bne.redhat.com
 [10.64.54.34])
        by smtp.corp.redhat.com (Postfix) with ESMTP id B10B3608F3;
        Wed, 14 Nov 2018 22:40:31 +0000 (UTC)
From: Ronnie Sahlberg <lsahlber@redhat.com>
To: Linux CIFS mailing list <linux-cifs@vger.kernel.org>
Cc: Steve French <smfrench@gmail.com>
Subject: [PATCH 3/3] cifs: check how much EA space we already use before
 adding more EAs
Date: Thu, 15 Nov 2018 08:40:20 +1000
Message-Id: <20181114224020.6100-4-lsahlber@redhat.com>
In-Reply-To: <20181114224020.6100-1-lsahlber@redhat.com>
References: <20181114224020.6100-1-lsahlber@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]);
 Wed, 14 Nov 2018 22:40:32 +0000 (UTC)
Sender: linux-cifs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-cifs.vger.kernel.org>
X-Mailing-List: linux-cifs@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

When setting/adding an EA, check how much EA space we arelady have on this
file and make sure that if we add this new EA that the result will still
fit inside a SMB2_MAX_EA_BUF.

In the client we limit the maximum buffer to currently 64k.
When we store these on the server we have no way of knowing if/what the
servers limit for EAs are. They could be, and often are, much larger than
64k.
This change is to return an error and not set the EA if we suspect that
the result could overflow the buffer.

This prevents the very annoying behaviour that we can add EAs well
beyond the maximum clientside buffer and thus, at that stage make
it is no longer query or list the existing EAs any more.

The check for overflow is overly conservative :
        if (len + rsp_iov[0].iov_len > SMB2_MAX_EA_BUF) {
since the actual size of the EAs are a bit less than iov_len
but this is simpler to read.

The only effect of this is that we will stop allowing adding new EAs ~100
bytes earlier than stricly needed which does not matter much for 64k
buffers.

Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
---
 fs/cifs/smb2ops.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index cea942056252..65e5d5521a6c 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -915,10 +915,30 @@ smb2_set_ea(const unsigned int xid, struct cifs_tcon *tcon,
 	if (!utf16_path)
 		return -ENOMEM;
 
+	len = sizeof(ea) + ea_name_len + ea_value_len + 1;
+
 	memset(rqst, 0, sizeof(rqst));
 	resp_buftype[0] = resp_buftype[1] = resp_buftype[2] = CIFS_NO_BUFFER;
 	memset(rsp_iov, 0, sizeof(rsp_iov));
 
+	/*
+	 * Make sure we have enough space to store the new EA.
+	 */
+	rc = smb2_query_info_compound(xid, tcon, utf16_path,
+				      FILE_READ_EA,
+				      FILE_FULL_EA_INFORMATION,
+				      SMB2_O_INFO_FILE,
+				      SMB2_MAX_EA_BUF,
+				      &rsp_iov[0], &resp_buftype[0], cifs_sb);
+	free_rsp_buf(resp_buftype[0], rsp_iov[0].iov_base);
+	resp_buftype[0] = CIFS_NO_BUFFER;
+	rsp_iov[0].iov_base = NULL;
+	if (len + rsp_iov[0].iov_len > SMB2_MAX_EA_BUF) {
+		rc = -ERANGE;
+		goto sea_exit;
+	}
+
+
 	/* Open */
 	memset(&open_iov, 0, sizeof(open_iov));
 	rqst[0].rq_iov = open_iov;