[v3] ksmbd: limit read/write/trans buffer size not to exceed MAX_STREAM_PROT_LEN

Commit Message

Namjae Jeon Oct. 12, 2021, 1:23 a.m. UTC

ksmbd limit read/write/trans buffer size not to exceed maximum stream
protocol length(0x00FFFFFF). And set the minimum value of max response
buffer size to 64KB. Windows client doesn't send session setup request
if ksmbd set max trans/read/write size lower than 64KB in smb2 negotiate.
It means windows allow at least 64 KB or more about this value.

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
---
 v2:
  - change 8MB limitation to MAX_STREAM_PROT_LEN.
 v3:
  - use clamp_val to set minimum value.
  - subtract MAX_SMB2_HDR_SIZE from MAX_STREAM_PROT_LEN.

 fs/ksmbd/smb2ops.c | 3 +++
 1 file changed, 3 insertions(+)

Patch

diff --git a/fs/ksmbd/smb2ops.c b/fs/ksmbd/smb2ops.c
index b06456eb587b..ede6d96dabbf 100644
--- a/fs/ksmbd/smb2ops.c
+++ b/fs/ksmbd/smb2ops.c
@@ -284,6 +284,7 @@  int init_smb3_11_server(struct ksmbd_conn *conn)
 
 void init_smb2_max_read_size(unsigned int sz)
 {
+	sz = clamp_val(sz, 65536, MAX_STREAM_PROT_LEN - MAX_SMB2_HDR_SIZE);
 	smb21_server_values.max_read_size = sz;
 	smb30_server_values.max_read_size = sz;
 	smb302_server_values.max_read_size = sz;
@@ -292,6 +293,7 @@  void init_smb2_max_read_size(unsigned int sz)
 
 void init_smb2_max_write_size(unsigned int sz)
 {
+	sz = clamp_val(sz, 65536, MAX_STREAM_PROT_LEN - MAX_SMB2_HDR_SIZE);
 	smb21_server_values.max_write_size = sz;
 	smb30_server_values.max_write_size = sz;
 	smb302_server_values.max_write_size = sz;
@@ -300,6 +302,7 @@  void init_smb2_max_write_size(unsigned int sz)
 
 void init_smb2_max_trans_size(unsigned int sz)
 {
+	sz = clamp_val(sz, 65536, MAX_STREAM_PROT_LEN - MAX_SMB2_HDR_SIZE);
 	smb21_server_values.max_trans_size = sz;
 	smb30_server_values.max_trans_size = sz;
 	smb302_server_values.max_trans_size = sz;