[SRU Jammy 0/3] CVE-2023-32252

[Cengiz Can]

[Impact]
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB
server. The specific flaw exists within the handling of SMB2_LOGOFF commands.
The issue results from the lack of proper validation of a pointer prior to
accessing it. An attacker can leverage this vulnerability to create a
denial-of-service condition on the system.

[Fix]
In addition to the fix commit, two other commits were required.

They required some careful context adjustments.

[Test case]
Compile, boot and ksmbd-tools (upstream version) tested.

Please do note that in our shipped configurations, ksmbd-tools is not provided
by default. Nor its use is encouraged.

Plus, our ksmbd-tools package version in Jammy is not in sync with the kernel
side API so many operations like `ksmbd.addshare` fails to parse cli arguments.

Test steps:
```
#
# Get latest ksmbd-tools from upstream
#

sudo apt install -y automake libtool-dev libkrb5-dev libkrb5-3 \
    pkg-config libglib2.0-dev libnl-genl-3-dev libnl-3-dev
git clone https://github.com/cifsd-team/ksmbd-tools.git
cd ksmbd-tools/
./autogen.sh
./configure --with-rundir=/run
make -j$(nproc)
sudo make install

#
# Test a few, very basic set of operations
#
mkdir -p /home/ubuntu/test_share
sudo ksmbd.adduser --add ubuntu --password=ksmbdtest
sudo ksmbd.addshare --add \
                    --option "path = /home/ubuntu/test_share" \
                    --option 'read only = no' \
                    --option "force user = ubuntu" \
                    --option "force group = ubuntu" \
                    test_share
sudo modprobe ksmbd
sudo ksmbd.mountd
sudo mount -o username=ubuntu,password=ksmbdtest //127.0.0.1/test_share /mnt
echo -n ABC123 | tee /home/ubuntu/test_share/data
test "$(cat /mnt/data)" = "ABC123" && echo "OK" || echo "FAIL"
cp /home/ubuntu/test_share/{data,data2}
sudo rm /mnt/data
mv /home/ubuntu/test_share/{data2,data3}
test "$(cat /mnt/data3)" = "ABC123" && echo "OK" || echo "FAIL"
sudo ksmbd.control --shutdown
sudo ksmbd.addshare --delete test_share
sudo ksmbd.adduser --delete ubuntu
sudo umount /mnt
sudo modprobe -r ksmbd
```

[Where things could go wrong]
Since the ksmbd is still experimental, lots of things can go wrong.

Dawei Li (1):
  ksmbd: Implements sess->ksmbd_chann_list as xarray

Namjae Jeon (1):
  ksmbd: fix racy issue from session setup and logoff

Yufan Chen (1):
  ksmbd: add smb-direct shutdown

 fs/ksmbd/connection.c        |  23 +++++---
 fs/ksmbd/connection.h        |  40 ++++++++------
 fs/ksmbd/mgmt/user_session.c |  62 +++++++++------------
 fs/ksmbd/mgmt/user_session.h |   4 +-
 fs/ksmbd/server.c            |   3 +-
 fs/ksmbd/smb2pdu.c           | 103 +++++++++++++++++------------------
 fs/ksmbd/transport_rdma.c    |  10 ++++
 fs/ksmbd/transport_tcp.c     |   2 +-
 8 files changed, 127 insertions(+), 120 deletions(-)

-- 
2.40.1