[GIT PULL] ksmbd fixes

[Steve French]

Please pull the following changes since commit
0e0611827f3349d0a2ac121c023a6d3260dcecdb:

  Merge tag 'pull-fixes' of
gitolite.kernel.org:pub/scm/linux/kernel/git/viro/vfs (2026-06-15
15:53:57 +0530)

are available in the Git repository at:

  git://git.samba.org/ksmbd.git tags/v7.2-rc-part1-ksmbd-fixes

for you to fetch changes up to 1c8951963d8ed357f70f59e0ad4ddce2199d2016:

  ksmbd: fix path resolution in ksmbd_vfs_kern_path_create (2026-06-16
18:57:22 -0500)

----------------------------------------------------------------
31 ksmbd fixes
- Two use after free fixes
- Out of bounds read fix
- Add SMB compression support both at rest and over the wire: support
    decompression of compressed SMB2 requests, initially allow
    compressed SMB2 READ responses, and implement get/set
    compression operations for per-file compression state.
- Four credentials fixes: for various FSCTLs, setinfo, delete on close
and for alternate data streams
- Fix access checks and permission checks in DUPLICAT_EXTENTS and
SET_ZERO_DATA fsctls, find_file_posix_info, FILE_LINK_INFORMATION and
smb2_set_info_sec
- Reject non valid session in compound request
- Serialize QUERY_DIRECTORY
- Prevent path traversal bypass by restricting caseless retry
- Path lookup fix
- Two minor cleanup fixes
----------------------------------------------------------------
ChenXiaoSong (7):
      smb: remove duplicate server/smbfsctl.h
      smb: move compression definitions into common/fscc.h
      smb/server: get compression file attribute on open
      smb/server: implement FSCTL_GET_COMPRESSION ioctl handler
      smb/server: implement FSCTL_SET_COMPRESSION ioctl handler
      smb/server: get compression format in get_file_compression_info()
      smb/server: fix incorrect file size in get_file_compression_info()

Davide Ornaghi (2):
      ksmbd: fix UAF of struct file_lock in SMB2_LOCK deferred-lock cancellation
      ksmbd: fix path resolution in ksmbd_vfs_kern_path_create

Ethan Nelson-Moore (1):
      smb: server: remove code guarded by nonexistent config option

Gil Portnoy (7):
      ksmbd: fix use-after-free of a deferred file_lock on SMB2_CLOSE
then SMB2_CANCEL
      ksmbd: add a WRITE_DAC/WRITE_OWNER check to SMB2 SET_INFO SECURITY
      ksmbd: add a permission check for FSCTL_SET_ZERO_DATA
      ksmbd: add per-handle permission check to FILE_LINK_INFORMATION
      ksmbd: reject non-VALID session in compound request branch
      ksmbd: enforce FILE_READ_ATTRIBUTES on SMB_FIND_FILE_POSIX_INFORMATION
      ksmbd: add permission checks for FSCTL_DUPLICATE_EXTENTS_TO_FILE

Guangshuo Li (1):
      ksmbd: fix use-after-free in same_client_has_lease()

Hem Parekh (1):
      ksmbd: fix out-of-bounds read in smb_check_perm_dacl()

Namjae Jeon (12):
      ksmbd: prevent path traversal bypass by restricting caseless retry
      smb: move LZ77 compression into common code
      smb: add common SMB2 compression transform helpers
      cifs: negotiate chained SMB2 compression capabilities
      ksmbd: negotiate and decode SMB2 compression
      ksmbd: compress SMB2 READ responses
      ksmbd: serialize QUERY_DIRECTORY requests per file
      ksmbd: use opener credentials for delete-on-close
      ksmbd: run set info with opener credentials
      ksmbd: require source read access for duplicate extents
      ksmbd: use opener credentials for ADS I/O
      ksmbd: use opener credentials for FSCTL mutations

 fs/smb/client/Makefile                    |   2 +-
 fs/smb/client/cifsglob.h                  |   2 +
 fs/smb/client/compress.c                  |  12 +-
 fs/smb/client/compress.h                  |  28 +--
 fs/smb/client/smb1pdu.h                   |   5 -
 fs/smb/client/smb2pdu.c                   |  44 +++-
 fs/smb/client/smb2pdu.h                   |   4 -
 fs/smb/common/Makefile                    |   3 +
 fs/smb/common/compress/compress.c         | 399 ++++++++++++++++++++++++++++++
 fs/smb/common/compress/compress.h         |  28 +++
 fs/smb/{client => common}/compress/lz77.c | 136 +++++++++-
 fs/smb/{client => common}/compress/lz77.h |  17 +-
 fs/smb/common/fscc.h                      |  18 ++
 fs/smb/common/smb2pdu.h                   |  11 +-
 fs/smb/common/smbfsctl.h                  |  10 +-
 fs/smb/server/Makefile                    |   2 +-
 fs/smb/server/compress.c                  | 209 ++++++++++++++++
 fs/smb/server/compress.h                  |  16 ++
 fs/smb/server/connection.c                |  12 +
 fs/smb/server/connection.h                |   3 +
 fs/smb/server/ksmbd_work.c                |   1 +
 fs/smb/server/ksmbd_work.h                |   4 +
 fs/smb/server/misc.c                      |  33 ---
 fs/smb/server/misc.h                      |   1 -
 fs/smb/server/oplock.c                    |   6 +
 fs/smb/server/server.c                    |  10 +
 fs/smb/server/smb2pdu.c                   | 303 +++++++++++++++++++----
 fs/smb/server/smb2pdu.h                   |   3 -
 fs/smb/server/smb_common.c                |   8 -
 fs/smb/server/smbacl.c                    |   4 +-
 fs/smb/server/smbfsctl.h                  |  91 -------
 fs/smb/server/vfs.c                       | 182 ++++++++++++--
 fs/smb/server/vfs.h                       |   3 +
 fs/smb/server/vfs_cache.c                 |   5 +
 fs/smb/server/vfs_cache.h                 |   2 +
 35 files changed, 1344 insertions(+), 273 deletions(-)
 create mode 100644 fs/smb/common/compress/compress.c
 create mode 100644 fs/smb/common/compress/compress.h
 rename fs/smb/{client => common}/compress/lz77.c (75%)
 rename fs/smb/{client => common}/compress/lz77.h (65%)
 create mode 100644 fs/smb/server/compress.c
 create mode 100644 fs/smb/server/compress.h
 delete mode 100644 fs/smb/server/smbfsctl.h

--
Thanks,

Steve