[RFC PATCH 13/36] cifs: Remove validate_t2()
From: David Howells
Date: Tue May 19 2026 - 06:25:31 EST
validate_t2() is no longer necessary as the checking is now done up front.
Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
cc: Steve French <sfrench@xxxxxxxxx>
cc: Paulo Alcantara <pc@xxxxxxxxxxxxx>
cc: Shyam Prasad N <sprasad@xxxxxxxxxxxxx>
cc: Tom Talpey <tom@xxxxxxxxxx>
cc: linux-cifs@xxxxxxxxxxxxxxx
cc: netfs@xxxxxxxxxxxxxxx
cc: linux-fsdevel@xxxxxxxxxxxxxxx
---
fs/smb/client/cifssmb.c | 132 +++++++---------------------------------
1 file changed, 22 insertions(+), 110 deletions(-)
diff --git a/fs/smb/client/cifssmb.c b/fs/smb/client/cifssmb.c
index c537cc3e66c8..901f8aff6134 100644
--- a/fs/smb/client/cifssmb.c
+++ b/fs/smb/client/cifssmb.c
@@ -332,40 +332,6 @@ smb_init_no_reconnect(int smb_command, int wct, struct cifs_tcon *tcon,
return __smb_init(smb_command, wct, tcon, request_buf, response_buf);
}
-static int validate_t2(struct smb_t2_rsp *pSMB)
-{
- unsigned int total_size;
-
- return 0; /* Checking now done in reception routine. */
-
- /* check for plausible wct */
- if (pSMB->hdr.WordCount < 10)
- goto vt2_err;
-
- /* check for parm and data offset going beyond end of smb */
- if (get_unaligned_le16(&pSMB->t2_rsp.ParameterOffset) > 1024 ||
- get_unaligned_le16(&pSMB->t2_rsp.DataOffset) > 1024)
- goto vt2_err;
-
- total_size = get_unaligned_le16(&pSMB->t2_rsp.ParameterCount);
- if (total_size >= 512)
- goto vt2_err;
-
- /* check that bcc is at least as big as parms + data, and that it is
- * less than negotiated smb buffer
- */
- total_size += get_unaligned_le16(&pSMB->t2_rsp.DataCount);
- if (total_size > get_bcc(&pSMB->hdr) ||
- total_size >= CIFSMaxBufSize + MAX_CIFS_HDR_SIZE)
- goto vt2_err;
-
- return 0;
-vt2_err:
- cifs_dump_mem("Invalid transact2 SMB: ", (char *)pSMB,
- sizeof(struct smb_t2_rsp) + 16);
- return -EINVAL;
-}
-
static int
decode_ext_sec_blob(struct cifs_ses *ses, SMB_NEGOTIATE_RSP *pSMBr)
{
@@ -1122,9 +1088,7 @@ CIFSPOSIXCreate(const unsigned int xid, struct cifs_tcon *tcon,
}
cifs_dbg(FYI, "copying inode info\n");
- rc = validate_t2((struct smb_t2_rsp *)pSMBr);
-
- if (rc || get_bcc(&pSMBr->hdr) < sizeof(OPEN_PSX_RSP)) {
+ if (get_bcc(&pSMBr->hdr) < sizeof(OPEN_PSX_RSP)) {
rc = smb_EIO2(smb_eio_trace_create_rsp_too_small,
get_bcc(&pSMBr->hdr), sizeof(OPEN_PSX_RSP));
goto psx_create_err;
@@ -2372,9 +2336,7 @@ CIFSSMBPosixLock(const unsigned int xid, struct cifs_tcon *tcon,
/* lock structure can be returned on get */
__u16 data_offset;
__u16 data_count;
- rc = validate_t2((struct smb_t2_rsp *)pSMBr);
-
- if (rc || get_bcc(&pSMBr->hdr) < sizeof(*parm_data)) {
+ if (get_bcc(&pSMBr->hdr) < sizeof(*parm_data)) {
rc = smb_EIO2(smb_eio_trace_lock_bcc_too_small,
get_bcc(&pSMBr->hdr), sizeof(*parm_data));
goto plk_err_exit;
@@ -2939,9 +2901,8 @@ CIFSSMBUnixQuerySymLink(const unsigned int xid, struct cifs_tcon *tcon,
} else {
/* decode response */
- rc = validate_t2((struct smb_t2_rsp *)pSMBr);
/* BB also check enough total bytes returned */
- if (rc || get_bcc(&pSMBr->hdr) < 2)
+ if (get_bcc(&pSMBr->hdr) < 2)
rc = smb_EIO2(smb_eio_trace_qsym_bcc_too_small,
get_bcc(&pSMBr->hdr), 2);
else {
@@ -3524,9 +3485,8 @@ int cifs_do_get_acl(const unsigned int xid, struct cifs_tcon *tcon,
} else {
/* decode response */
- rc = validate_t2((struct smb_t2_rsp *)pSMBr);
/* BB also check enough total bytes returned */
- if (rc || get_bcc(&pSMBr->hdr) < 2)
+ if (get_bcc(&pSMBr->hdr) < 2)
rc = smb_EIO2(smb_eio_trace_getacl_bcc_too_small,
get_bcc(&pSMBr->hdr), 2);
else {
@@ -3696,9 +3656,8 @@ CIFSGetExtAttr(const unsigned int xid, struct cifs_tcon *tcon,
cifs_dbg(FYI, "error %d in GetExtAttr\n", rc);
} else {
/* decode response */
- rc = validate_t2((struct smb_t2_rsp *)pSMBr);
/* BB also check enough total bytes returned */
- if (rc || get_bcc(&pSMBr->hdr) < 2)
+ if (get_bcc(&pSMBr->hdr) < 2)
/* If rc should we check for EOPNOSUPP and
disable the srvino flag? or in caller? */
rc = smb_EIO2(smb_eio_trace_getextattr_bcc_too_small,
@@ -4099,12 +4058,7 @@ CIFSSMBQFileInfo(const unsigned int xid, struct cifs_tcon *tcon,
if (rc) {
cifs_dbg(FYI, "Send error in QFileInfo = %d\n", rc);
} else { /* decode response */
- rc = validate_t2((struct smb_t2_rsp *)pSMBr);
-
- if (rc) /* BB add auto retry on EOPNOTSUPP? */
- rc = smb_EIO2(smb_eio_trace_qfileinfo_invalid,
- get_bcc(&pSMBr->hdr), 40);
- else if (get_bcc(&pSMBr->hdr) < 40)
+ if (get_bcc(&pSMBr->hdr) < 40)
rc = smb_EIO2(smb_eio_trace_qfileinfo_bcc_too_small,
get_bcc(&pSMBr->hdr), 40);
else if (pFindData) {
@@ -4188,12 +4142,7 @@ CIFSSMBQPathInfo(const unsigned int xid, struct cifs_tcon *tcon,
if (rc) {
cifs_dbg(FYI, "Send error in QPathInfo = %d\n", rc);
} else { /* decode response */
- rc = validate_t2((struct smb_t2_rsp *)pSMBr);
-
- if (rc) /* BB add auto retry on EOPNOTSUPP? */
- rc = smb_EIO2(smb_eio_trace_qpathinfo_invalid,
- get_bcc(&pSMBr->hdr), 40);
- else if (!legacy && get_bcc(&pSMBr->hdr) < 40)
+ if (!legacy && get_bcc(&pSMBr->hdr) < 40)
rc = smb_EIO2(smb_eio_trace_qpathinfo_bcc_too_small,
get_bcc(&pSMBr->hdr), 40);
else if (legacy && get_bcc(&pSMBr->hdr) < 24)
@@ -4275,9 +4224,7 @@ CIFSSMBUnixQFileInfo(const unsigned int xid, struct cifs_tcon *tcon,
if (rc) {
cifs_dbg(FYI, "Send error in UnixQFileInfo = %d\n", rc);
} else { /* decode response */
- rc = validate_t2((struct smb_t2_rsp *)pSMBr);
-
- if (rc || get_bcc(&pSMBr->hdr) < sizeof(FILE_UNIX_BASIC_INFO)) {
+ if (get_bcc(&pSMBr->hdr) < sizeof(FILE_UNIX_BASIC_INFO)) {
cifs_dbg(VFS, "Malformed FILE_UNIX_BASIC_INFO response. Unix Extensions can be disabled on mount by specifying the nosfu mount option.\n");
rc = smb_EIO2(smb_eio_trace_unixqfileinfo_bcc_too_small,
get_bcc(&pSMBr->hdr), sizeof(FILE_UNIX_BASIC_INFO));
@@ -4360,9 +4307,7 @@ CIFSSMBUnixQPathInfo(const unsigned int xid, struct cifs_tcon *tcon,
if (rc) {
cifs_dbg(FYI, "Send error in UnixQPathInfo = %d\n", rc);
} else { /* decode response */
- rc = validate_t2((struct smb_t2_rsp *)pSMBr);
-
- if (rc || get_bcc(&pSMBr->hdr) < sizeof(FILE_UNIX_BASIC_INFO)) {
+ if (get_bcc(&pSMBr->hdr) < sizeof(FILE_UNIX_BASIC_INFO)) {
cifs_dbg(VFS, "Malformed FILE_UNIX_BASIC_INFO response. Unix Extensions can be disabled on mount by specifying the nosfu mount option.\n");
rc = smb_EIO2(smb_eio_trace_unixqpathinfo_bcc_too_small,
get_bcc(&pSMBr->hdr), sizeof(FILE_UNIX_BASIC_INFO));
@@ -4504,13 +4449,8 @@ CIFSFindFirst(const unsigned int xid, struct cifs_tcon *tcon,
goto findFirstRetry;
return rc;
}
- /* decode response */
- rc = validate_t2((struct smb_t2_rsp *)pSMBr);
- if (rc) {
- cifs_buf_release(pSMB);
- return rc;
- }
+ /* decode response */
psrch_inf->unicode = !!(pSMBr->hdr.Flags2 & SMBFLG2_UNICODE);
psrch_inf->ntwrk_buf_start = (char *)pSMBr;
psrch_inf->smallBuf = false;
@@ -4619,11 +4559,6 @@ int CIFSFindNext(const unsigned int xid, struct cifs_tcon *tcon,
}
/* decode response */
- rc = validate_t2((struct smb_t2_rsp *)pSMBr);
- if (rc) {
- cifs_buf_release(pSMB);
- return rc;
- }
/* BB fixme add lock for file (srch_info) struct here */
psrch_inf->unicode = !!(pSMBr->hdr.Flags2 & SMBFLG2_UNICODE);
response_data = (char *)&pSMBr->hdr.Protocol +
@@ -4763,9 +4698,8 @@ CIFSGetSrvInodeNumber(const unsigned int xid, struct cifs_tcon *tcon,
cifs_dbg(FYI, "error %d in QueryInternalInfo\n", rc);
} else {
/* decode response */
- rc = validate_t2((struct smb_t2_rsp *)pSMBr);
/* BB also check enough total bytes returned */
- if (rc || get_bcc(&pSMBr->hdr) < 2)
+ if (get_bcc(&pSMBr->hdr) < 2)
/* If rc should we check for EOPNOSUPP and
disable the srvino flag? or in caller? */
rc = smb_EIO2(smb_eio_trace_getsrvinonum_bcc_too_small,
@@ -4883,10 +4817,9 @@ CIFSGetDFSRefer(const unsigned int xid, struct cifs_ses *ses,
cifs_dbg(FYI, "Send error in GetDFSRefer = %d\n", rc);
goto GetDFSRefExit;
}
- rc = validate_t2((struct smb_t2_rsp *)pSMBr);
/* BB Also check if enough total bytes returned? */
- if (rc || get_bcc(&pSMBr->hdr) < 17) {
+ if (get_bcc(&pSMBr->hdr) < 17) {
rc = smb_EIO2(smb_eio_trace_getdfsrefer_bcc_too_small,
get_bcc(&pSMBr->hdr), 17);
goto GetDFSRefExit;
@@ -4961,12 +4894,10 @@ SMBOldQFSInfo(const unsigned int xid, struct cifs_tcon *tcon,
if (rc) {
cifs_dbg(FYI, "Send error in QFSInfo = %d\n", rc);
} else { /* decode response */
- rc = validate_t2((struct smb_t2_rsp *)pSMBr);
-
- if (rc || get_bcc(&pSMBr->hdr) < 18)
+ if (get_bcc(&pSMBr->hdr) < 18) {
rc = smb_EIO2(smb_eio_trace_oldqfsinfo_bcc_too_small,
get_bcc(&pSMBr->hdr), 18);
- else {
+ } else {
__u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset);
cifs_dbg(FYI, "qfsinf resp BCC: %d Offset %d\n",
get_bcc(&pSMBr->hdr), data_offset);
@@ -5051,12 +4982,10 @@ CIFSSMBQFSInfo(const unsigned int xid, struct cifs_tcon *tcon,
if (rc) {
cifs_dbg(FYI, "Send error in QFSInfo = %d\n", rc);
} else { /* decode response */
- rc = validate_t2((struct smb_t2_rsp *)pSMBr);
-
- if (rc || get_bcc(&pSMBr->hdr) < 24)
+ if (get_bcc(&pSMBr->hdr) < 24) {
rc = smb_EIO2(smb_eio_trace_qfsinfo_bcc_too_small,
get_bcc(&pSMBr->hdr), 24);
- else {
+ } else {
__u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset);
response_data =
@@ -5141,9 +5070,7 @@ CIFSSMBQFSAttributeInfo(const unsigned int xid, struct cifs_tcon *tcon)
if (rc) {
cifs_dbg(VFS, "Send error in QFSAttributeInfo = %d\n", rc);
} else { /* decode response */
- rc = validate_t2((struct smb_t2_rsp *)pSMBr);
-
- if (rc || get_bcc(&pSMBr->hdr) < 13) {
+ if (get_bcc(&pSMBr->hdr) < 13) {
/* BB also check if enough bytes returned */
rc = smb_EIO2(smb_eio_trace_qfsattrinfo_bcc_too_small,
get_bcc(&pSMBr->hdr), 13);
@@ -5215,9 +5142,7 @@ CIFSSMBQFSDeviceInfo(const unsigned int xid, struct cifs_tcon *tcon)
if (rc) {
cifs_dbg(FYI, "Send error in QFSDeviceInfo = %d\n", rc);
} else { /* decode response */
- rc = validate_t2((struct smb_t2_rsp *)pSMBr);
-
- if (rc || get_bcc(&pSMBr->hdr) <
+ if (get_bcc(&pSMBr->hdr) <
sizeof(FILE_SYSTEM_DEVICE_INFO))
rc = smb_EIO2(smb_eio_trace_qfsdevinfo_bcc_too_small,
get_bcc(&pSMBr->hdr),
@@ -5289,9 +5214,7 @@ CIFSSMBQFSUnixInfo(const unsigned int xid, struct cifs_tcon *tcon)
if (rc) {
cifs_dbg(VFS, "Send error in QFSUnixInfo = %d\n", rc);
} else { /* decode response */
- rc = validate_t2((struct smb_t2_rsp *)pSMBr);
-
- if (rc || get_bcc(&pSMBr->hdr) < 13) {
+ if (get_bcc(&pSMBr->hdr) < 13) {
rc = smb_EIO2(smb_eio_trace_qfsunixinfo_bcc_too_small,
get_bcc(&pSMBr->hdr), 13);
} else {
@@ -5371,13 +5294,8 @@ CIFSSMBSetFSUnixInfo(const unsigned int xid, struct cifs_tcon *tcon, __u64 cap)
rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len,
(struct smb_hdr *) pSMBr, &bytes_returned, 0);
- if (rc) {
+ if (rc)
cifs_dbg(VFS, "Send error in SETFSUnixInfo = %d\n", rc);
- } else { /* decode response */
- rc = validate_t2((struct smb_t2_rsp *)pSMBr);
- if (rc)
- rc = -EIO; /* bad smb */
- }
cifs_buf_release(pSMB);
if (rc == -EAGAIN)
@@ -5438,9 +5356,7 @@ CIFSSMBQFSPosixInfo(const unsigned int xid, struct cifs_tcon *tcon,
if (rc) {
cifs_dbg(FYI, "Send error in QFSUnixInfo = %d\n", rc);
} else { /* decode response */
- rc = validate_t2((struct smb_t2_rsp *)pSMBr);
-
- if (rc || get_bcc(&pSMBr->hdr) < 13) {
+ if (get_bcc(&pSMBr->hdr) < 13) {
rc = smb_EIO2(smb_eio_trace_qfsposixinfo_bcc_too_small,
get_bcc(&pSMBr->hdr), 13);
} else {
@@ -6237,11 +6153,7 @@ CIFSSMBQAllEAs(const unsigned int xid, struct cifs_tcon *tcon,
/* BB also check enough total bytes returned */
- /* BB we need to improve the validity checking
- of these trans2 responses */
-
- rc = validate_t2((struct smb_t2_rsp *)pSMBr);
- if (rc || get_bcc(&pSMBr->hdr) < 4) {
+ if (get_bcc(&pSMBr->hdr) < 4) {
rc = smb_EIO2(smb_eio_trace_qalleas_bcc_too_small,
get_bcc(&pSMBr->hdr), 4);
goto QAllEAsOut;