Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.1/patches/2230954/?format=api
{ "id": 2230954, "url": "http://patchwork.ozlabs.org/api/1.1/patches/2230954/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-cifs-client/patch/20260430085731.1226229-1-doebel@amazon.de/", "project": { "id": 12, "url": "http://patchwork.ozlabs.org/api/1.1/projects/12/?format=api", "name": "Linux CIFS Client", "link_name": "linux-cifs-client", "list_id": "linux-cifs.vger.kernel.org", "list_email": "linux-cifs@vger.kernel.org", "web_url": "", "scm_url": "", "webscm_url": "" }, "msgid": "<20260430085731.1226229-1-doebel@amazon.de>", "date": "2026-04-30T08:57:17", "name": "smb: client: use kzalloc to zero-initialize security descriptor buffer", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "da474842574b8ef72281f8f8e70d6d98195cb966", "submitter": { "id": 93287, "url": "http://patchwork.ozlabs.org/api/1.1/people/93287/?format=api", "name": "Bjoern Doebel", "email": "doebel@amazon.de" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/linux-cifs-client/patch/20260430085731.1226229-1-doebel@amazon.de/mbox/", "series": [ { "id": 502241, "url": "http://patchwork.ozlabs.org/api/1.1/series/502241/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-cifs-client/list/?series=502241", "date": "2026-04-30T08:57:17", "name": "smb: client: use kzalloc to zero-initialize security descriptor buffer", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/502241/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2230954/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2230954/checks/", "tags": {}, "headers": { "Return-Path": "\n <linux-cifs+bounces-11309-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "linux-cifs@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=amazon.de header.i=@amazon.de header.a=rsa-sha256\n header.s=amazoncorp2 header.b=TWGwei1/;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c04:e001:36c::12fc:5321; helo=tor.lore.kernel.org;\n envelope-from=linux-cifs+bounces-11309-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=amazon.de header.i=@amazon.de\n header.b=\"TWGwei1/\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=50.112.246.219", "smtp.subspace.kernel.org;\n dmarc=pass (p=quarantine dis=none) header.from=amazon.de", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=amazon.de" ], "Received": [ "from tor.lore.kernel.org (tor.lore.kernel.org\n [IPv6:2600:3c04:e001:36c::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g5p3Y6ks3z1xqf\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 30 Apr 2026 18:58:01 +1000 (AEST)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby tor.lore.kernel.org (Postfix) with ESMTP id 9B5E7301048F\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 30 Apr 2026 08:57:58 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 5867A3FBEA4;\n\tThu, 30 Apr 2026 08:57:56 +0000 (UTC)", "from pdx-out-015.esa.us-west-2.outbound.mail-perimeter.amazon.com\n (pdx-out-015.esa.us-west-2.outbound.mail-perimeter.amazon.com\n [50.112.246.219])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 23FB23FE362;\n\tThu, 30 Apr 2026 08:57:54 +0000 (UTC)", "from ip-10-5-12-219.us-west-2.compute.internal (HELO\n smtpout.naws.us-west-2.prod.farcaster.email.amazon.dev) ([10.5.12.219])\n by internal-pdx-out-015.esa.us-west-2.outbound.mail-perimeter.amazon.com\n with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Apr 2026 08:57:52 +0000", "from EX19MTAUWA002.ant.amazon.com [205.251.233.234:6652]\n by smtpin.naws.us-west-2.prod.farcaster.email.amazon.dev [10.0.37.224:2525]\n with esmtp (Farcaster)\n id 58b8f1a8-5a6f-4e28-ae21-c24da03d262c;\n Thu, 30 Apr 2026 08:57:52 +0000 (UTC)", "from EX19D001UWA001.ant.amazon.com (10.13.138.214) by\n EX19MTAUWA002.ant.amazon.com (10.250.64.202) with Microsoft SMTP Server\n (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.37;\n Thu, 30 Apr 2026 08:57:52 +0000", "from dev-dsk-doebel-1a-7b355d76.us-east-1.amazon.com (10.169.119.5)\n by EX19D001UWA001.ant.amazon.com (10.13.138.214) with Microsoft SMTP Server\n (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.37;\n Thu, 30 Apr 2026 08:57:50 +0000" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777539476; cv=none;\n b=QH2NL8Dw+O7PIHRtTZXd08dO6788f9NeJRadLpA8X443Po/hU1Wg7ruaRsJS7WMLf2OaIehyxk77xbFmeTa1MhqVgyEJWAUC1Iro5T242nQK0enaXob2o2FJw5NsOKnHF0LKzNnwCl/fMRDDxDQ0yuLFrdLfiC4+tT4t+ocNgSc=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777539476; c=relaxed/simple;\n\tbh=OCHv4sNKD6FdjVg4X1i6KrqsmWVR5hjxcSUYjRoG4pA=;\n\th=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type;\n b=sZD87U2Y0LXNAXo1qbBWmlO7GuhtuAm30KlieIx9iUEpIaziPu5MXW2HwzuLmplNQB3gg0cb89mjRwMh4itWwElqaNlEsKptgUGwQAprDlO9EoUS0esHk8DwOx1Wy+f3VWW2nh3MBu/z2sdJY4w5Ii5erfOZcfluIAa2BHVclcA=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=quarantine dis=none) header.from=amazon.de;\n spf=pass smtp.mailfrom=amazon.de;\n dkim=pass (2048-bit key) header.d=amazon.de header.i=@amazon.de\n header.b=TWGwei1/; arc=none smtp.client-ip=50.112.246.219", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=amazon.de; i=@amazon.de; q=dns/txt; s=amazoncorp2;\n t=1777539475; x=1809075475;\n h=from:to:cc:subject:date:message-id:mime-version:\n content-transfer-encoding;\n bh=Hn9udz7Pvym1RgV7NCPW6AXSi4+7PUHyGB012LjVUYA=;\n b=TWGwei1/45oNJHrp3lvy+VAFOpMQSmwoZ2rqO3axJk5lxim/L5tTH9kA\n RVU9XrtHU/onaX7aUIt8gohoXh1NK5PiSa0uOAyloAIoKD/UKsYBVWo6B\n I9X6jFwyNUrlx7G7Bu/zM+oOhe8v7CFBoYdqK7wrbeCQN9ojwX1kdQ5O/\n ozzXjcVjklNx3rm69cG1OSCAelSDFcOGEZQrtycWzEY/leEao0GDBOliM\n d53b/SNQkFfFL4Jx/CjjDyaVBjNpWq/n1NjT7exa1pZC1xNz4TsMNmp6B\n AboyvwJ4G8Z8xVItKti07uOJpW9z5SpVfIm3Tf7vvcS/QGJGIZ161fyOP\n A==;", "X-CSE-ConnectionGUID": "UCavD6MDRRiX+ID+sjkW/w==", "X-CSE-MsgGUID": "SjeS+foHSViH+O/9vNPIFg==", "X-IronPort-AV": "E=Sophos;i=\"6.23,207,1770595200\";\n d=\"scan'208\";a=\"18367693\"", "X-Farcaster-Flow-ID": "58b8f1a8-5a6f-4e28-ae21-c24da03d262c", "From": "Bjoern Doebel <doebel@amazon.de>", "To": "<sfrench@samba.org>", "CC": "Bjoern Doebel <doebel@amazon.de>, <stable@vger.kernel.org>, \"Paulo\n Alcantara\" <pc@manguebit.org>, Ronnie Sahlberg <ronniesahlberg@gmail.com>,\n\tShyam Prasad N <sprasad@microsoft.com>, Tom Talpey <tom@talpey.com>, \"Bharath\n SM\" <bharathsm@microsoft.com>, Namjae Jeon <linkinjeon@kernel.org>, \"open\n list:COMMON INTERNET FILE SYSTEM CLIENT (CIFS and SMB3)\"\n\t<linux-cifs@vger.kernel.org>, \"moderated list:COMMON INTERNET FILE SYSTEM\n CLIENT (CIFS and SMB3)\" <samba-technical@lists.samba.org>, open list\n\t<linux-kernel@vger.kernel.org>", "Subject": "[PATCH] smb: client: use kzalloc to zero-initialize security\n descriptor buffer", "Date": "Thu, 30 Apr 2026 08:57:17 +0000", "Message-ID": "<20260430085731.1226229-1-doebel@amazon.de>", "X-Mailer": "git-send-email 2.50.1", "Precedence": "bulk", "X-Mailing-List": "linux-cifs@vger.kernel.org", "List-Id": "<linux-cifs.vger.kernel.org>", "List-Subscribe": "<mailto:linux-cifs+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:linux-cifs+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "X-ClientProxiedBy": "EX19D041UWA004.ant.amazon.com (10.13.139.9) To\n EX19D001UWA001.ant.amazon.com (10.13.138.214)", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit" }, "content": "Commit 62e7dd0a39c2d (\"smb: common: change the data type of num_aces\nto le16\") split struct smb_acl's __le32 num_aces field into __le16\nnum_aces and __le16 reserved. The reserved field corresponds to Sbz2\nin the MS-DTYP ACL wire format, which must be zero [1].\n\nWhen building an ACL descriptor in build_sec_desc(), we are using a\nkmalloc()'ed descriptor buffer and writing the fields explicitly using\nle16() writes now. This never writes to the 2 byte reserved field,\nleaving it as uninitialized heap data.\n\nWhen the reserved field happens to contain non-zero slab garbage,\nSamba rejects the security descriptor with \"ndr_pull_security_descriptor\nfailed: Range Error\", causing chmod to fail with EINVAL.\n\nChange kmalloc() to kzalloc() to ensure the entire buffer is\nzero-initialized.\n\nFixes: 62e7dd0a39c2d (\"smb: common: change the data type of num_aces to le16\")\nCc: stable@vger.kernel.org\n\nSigned-off-by: Bjoern Doebel <doebel@amazon.de>\nAssisted-by: Kiro:claude-opus-4.6\n[1] https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/20233ed8-a6c6-4097-aafa-dd545ed24428\n---\nTested using xfstests' generic/680 test on CIFS (Samba server\non localhost) with AL2023 ARM64 kernel 6.18.22 and 7.1.0-rc1.\nWithout the fix, the test fails after 10-40 iterations. With\nthe fix, we successfully completed 1,000 iterations.\n---\n fs/smb/client/cifsacl.c | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)", "diff": "diff --git a/fs/smb/client/cifsacl.c b/fs/smb/client/cifsacl.c\nindex ec5d477793040..a2750f1e3d90b 100644\n--- a/fs/smb/client/cifsacl.c\n+++ b/fs/smb/client/cifsacl.c\n@@ -1732,7 +1732,7 @@ id_mode_to_cifs_acl(struct inode *inode, const char *path, __u64 *pnmode,\n \t * descriptor parameters, and security descriptor itself\n \t */\n \tnsecdesclen = max_t(u32, nsecdesclen, DEFAULT_SEC_DESC_LEN);\n-\tpnntsd = kmalloc(nsecdesclen, GFP_KERNEL);\n+\tpnntsd = kzalloc(nsecdesclen, GFP_KERNEL);\n \tif (!pnntsd) {\n \t\tkfree(pntsd);\n \t\tcifs_put_tlink(tlink);\n", "prefixes": [] }