{"id":2230106,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2230106/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-cifs-client/patch/20260429085956.GA3326432@chcpu16/","project":{"id":12,"url":"http://patchwork.ozlabs.org/api/1.1/projects/12/?format=json","name":"Linux CIFS Client","link_name":"linux-cifs-client","list_id":"linux-cifs.vger.kernel.org","list_email":"linux-cifs@vger.kernel.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260429085956.GA3326432@chcpu16>","date":"2026-04-29T08:59:56","name":"ksmbd: fail share config requests when path allocation fails","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"31d7b6ce8f79afe7ea672a0b8a9fea943aeb696d","submitter":{"id":91564,"url":"http://patchwork.ozlabs.org/api/1.1/people/91564/?format=json","name":"Shuhao Fu","email":"sfual@cse.ust.hk"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/linux-cifs-client/patch/20260429085956.GA3326432@chcpu16/mbox/","series":[{"id":502018,"url":"http://patchwork.ozlabs.org/api/1.1/series/502018/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-cifs-client/list/?series=502018","date":"2026-04-29T08:59:56","name":"ksmbd: fail share config requests when path allocation fails","version":1,"mbox":"http://patchwork.ozlabs.org/series/502018/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2230106/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2230106/checks/","tags":{},"headers":{"Return-Path":"\n <linux-cifs+bounces-11268-incoming=patchwork.ozlabs.org@vger.kernel.org>","X-Original-To":["incoming@patchwork.ozlabs.org","linux-cifs@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=cse.ust.hk header.i=@cse.ust.hk header.a=rsa-sha256\n header.s=cseusthk header.b=3wpy67hA;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c09:e001:a7::12fc:5321; helo=sto.lore.kernel.org;\n envelope-from=linux-cifs+bounces-11268-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (1024-bit key) header.d=cse.ust.hk header.i=@cse.ust.hk\n header.b=\"3wpy67hA\"","smtp.subspace.kernel.org;\n arc=pass smtp.client-ip=143.89.41.157","smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=cse.ust.hk","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=cse.ust.hk"],"Received":["from sto.lore.kernel.org (sto.lore.kernel.org\n [IPv6:2600:3c09:e001:a7::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g5B9D5sgwz1yHX\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 29 Apr 2026 19:00:48 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sto.lore.kernel.org (Postfix) with ESMTP id 584D73006B78\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 29 Apr 2026 09:00:45 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 800303B27CD;\n\tWed, 29 Apr 2026 09:00:41 +0000 (UTC)","from cse.ust.hk (cssvr7.cse.ust.hk [143.89.41.157])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id C7E743AA50A;\n\tWed, 29 Apr 2026 09:00:37 +0000 (UTC)","from chcpu16 (191host045.mobilenet.cse.ust.hk [143.89.191.45])\n\t(authenticated bits=0)\n\tby cse.ust.hk (8.18.1/8.12.5) with ESMTPSA id 63T901P93610265\n\t(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT);\n\tWed, 29 Apr 2026 17:00:07 +0800"],"ARC-Seal":["i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777453241; cv=pass;\n b=C7q0mfWpGbuuRvvhurnLrhMdExYei016mdDa+wyrbROLox8+kylHqmzikk2p7YHML3hOAKWGKRThoACrLUUmE2Jp+/s/3qZ0LNM6T3FAzUEJiFvhYMguIjsQat+tqV1PxUg2gb+W52VnNEQINxEFdPOkdGY3t3zwgD+I64B6MhM=","i=1; d=cse.ust.hk; s=arccse; a=rsa-sha256; cv=none; t=1777453208;\n\tb=AB715FkAn4q2NzYXlUpNYKnqxTX4jZ0eGw+9kp/NgDLqAL58fT0Uno8IL+rJAruHd/Yr\n\t Dmu8ngDUi8mm8dQCA1PyaN6kdxCPG0jr4B3YlQzVt1x1pfUkZOBmpOJI6AC9jX44S37kK\n\t +p0kkTFE2CM70S4fK0wagDjzW7ov5A5pCs="],"ARC-Message-Signature":["i=2; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777453241; c=relaxed/simple;\n\tbh=rV8glw086WVi2K69FtjQnQtbin2wKiquM05qZaglO6k=;\n\th=Date:From:To:Cc:Subject:Message-ID:MIME-Version:Content-Type:\n\t Content-Disposition;\n b=tqnIEKh8u2z7DWAtDJND9I3vhyE1opCySeAoWMSaOw6CJyzT0iLsQrZUGxuiFe2Z+VQFPtgH4+DC5y8AgFuevQ2ewLnX4u2n6yDvdayXSTZlo7HrVOxKGS+StxLFwyi9YE2SFd/UPndE48VY8Nx1oG8uvjDScOSpcmOJCckr7SE=","i=1; d=cse.ust.hk; s=arccse; a=rsa-sha256;\n\tc=relaxed/relaxed; t=1777453208;\n\th=DKIM-Signature:Date:From:To:Subject:Message-ID:MIME-Version;\n\tbh=33PTQZPJbu6sjAhXoqNtjSbyDKywwjVQQR7Cb/Pb8Yc=;\n\tb=KsQfHfdGytO8i74eAr9WtYNJiWJ1DQnjsPVDg8ytPatg0AXWmMR+ugOozNZIQSjsuCO2\n\t QTrXY5lIxM7no2RCLXZVegDahw32IkfYrh2mQGAO9hF8e3MojYxf686F48/u2TWqOARXo\n\t DVIpdXDLlXgztGAZ+PCs3aidZvciInCgEY="],"ARC-Authentication-Results":["i=2; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=cse.ust.hk;\n spf=pass smtp.mailfrom=cse.ust.hk;\n dkim=pass (1024-bit key) header.d=cse.ust.hk header.i=@cse.ust.hk\n header.b=3wpy67hA; arc=pass smtp.client-ip=143.89.41.157","i=1; cse.ust.hk;\n arc=none smtp.remote-ip=143.89.191.45"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=cse.ust.hk;\n\ts=cseusthk; t=1777453208;\n\tbh=33PTQZPJbu6sjAhXoqNtjSbyDKywwjVQQR7Cb/Pb8Yc=;\n\th=Date:From:To:Cc:Subject:From;\n\tb=3wpy67hAMIIJPS1E0OPIBPEO61XNSe9SAaehA2iPKZt6ihAi88LSuKbw2x1/8Qmsk\n\t yhirey2caCmbWl04KdoyzFccvBNSRNVHbEZ7DRplgdalYc3A/DSfRW1lQuBQJOTyl0\n\t tePR4OwgNTjAjpIu/g12shjJnB8/aF3XJl1mRNts=","Date":"Wed, 29 Apr 2026 16:59:56 +0800","From":"Shuhao Fu <sfual@cse.ust.hk>","To":"Namjae Jeon <linkinjeon@kernel.org>, Steve French <smfrench@gmail.com>,\n        linux-cifs@vger.kernel.org","Cc":"Sergey Senozhatsky <senozhatsky@chromium.org>,\n Tom Talpey <tom@talpey.com>,\n        linux-kernel@vger.kernel.org","Subject":"[PATCH] ksmbd: fail share config requests when path allocation fails","Message-ID":"<20260429085956.GA3326432@chcpu16>","Precedence":"bulk","X-Mailing-List":"linux-cifs@vger.kernel.org","List-Id":"<linux-cifs.vger.kernel.org>","List-Subscribe":"<mailto:linux-cifs+subscribe@vger.kernel.org>","List-Unsubscribe":"<mailto:linux-cifs+unsubscribe@vger.kernel.org>","MIME-Version":"1.0","Content-Type":"text/plain; charset=us-ascii","Content-Disposition":"inline","X-Env-From":"sfual"},"content":"Non-pipe shares must have a duplicated backing path before they can be\npublished. share_config_request() currently calls kstrndup() for that\npath, but if the allocation fails it leaves ret unchanged. If veto list\nparsing succeeds and share->name exists, the partially built share is\nstill inserted into the global share table with share->path left NULL.\n\nA later share-root SMB2 create uses tree_conn->share_conf->path as the\nlookup root. If the share was published with path == NULL, that request\npasses a NULL pathname into do_getname_kernel()/strlen() and can crash\nthe ksmbd worker.\n\nSet ret = -ENOMEM when path duplication fails so the incomplete share is\ndestroyed before publication.\n\nFixes: e2f34481b24d (\"cifsd: add server-side procedures for SMB3\")\nSigned-off-by: Shuhao Fu <sfual@cse.ust.hk>\n---\n fs/smb/server/mgmt/share_config.c | 12 ++++++++----\n 1 file changed, 8 insertions(+), 4 deletions(-)","diff":"diff --git a/fs/smb/server/mgmt/share_config.c b/fs/smb/server/mgmt/share_config.c\nindex 53f44ff4d376f3e..6f97f8d39657cd2 100644\n--- a/fs/smb/server/mgmt/share_config.c\n+++ b/fs/smb/server/mgmt/share_config.c\n@@ -167,7 +167,10 @@ static struct ksmbd_share_config *share_config_request(struct ksmbd_work *work,\n \n \t\tshare->path = kstrndup(ksmbd_share_config_path(resp), path_len,\n \t\t\t\t      KSMBD_DEFAULT_GFP);\n-\t\tif (share->path) {\n+\t\tif (!share->path) {\n+\t\t\tret = -ENOMEM;\n+\t\t} else {\n+\t\t\tret = 0;\n \t\t\tshare->path_sz = strlen(share->path);\n \t\t\twhile (share->path_sz > 1 &&\n \t\t\t       share->path[share->path_sz - 1] == '/')\n@@ -179,9 +182,10 @@ static struct ksmbd_share_config *share_config_request(struct ksmbd_work *work,\n \t\tshare->force_directory_mode = resp->force_directory_mode;\n \t\tshare->force_uid = resp->force_uid;\n \t\tshare->force_gid = resp->force_gid;\n-\t\tret = parse_veto_list(share,\n-\t\t\t\t      KSMBD_SHARE_CONFIG_VETO_LIST(resp),\n-\t\t\t\t      resp->veto_list_sz);\n+\t\tif (!ret)\n+\t\t\tret = parse_veto_list(share,\n+\t\t\t\t\t      KSMBD_SHARE_CONFIG_VETO_LIST(resp),\n+\t\t\t\t\t      resp->veto_list_sz);\n \t\tif (!ret && share->path) {\n \t\t\tif (__ksmbd_override_fsids(work, share)) {\n \t\t\t\tkill_share(share);\n","prefixes":[]}