Merge tag 'v7.1-rc-part1-ksmbd-srv-fixes' of git://git.samba.org/ksmbd

Pull smb server updates from Steve French:

 - smbdirect double free fixes

 - Add some smbdirect logging

 - Minor cleanup in crypto, and smbdirect and in IPC handling

 - Minor cleanup to move header info to common FSCC code

 - Fix crypt message use after free

 - Fix memory leak in session setup

 - Fix for DACL parsing

 - Fix EA name length validation

 - Reconnect fix

 - Fix use after free in close

* tag 'v7.1-rc-part1-ksmbd-srv-fixes' of git://git.samba.org/ksmbd:
  smb: smbdirect: add some logging to SMBDIRECT_CHECK_STATUS_{WARN,DISCONNECT}()
  smb: smbdirect: introduce smbdirect_socket.logging infrastructure
  smb: smbdirect: let smbdirect.h include #include <linux/types.h>
  smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()
  smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush()
  ksmbd: fix use-after-free from async crypto on Qualcomm crypto engine
  ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc
  ksmbd: require 3 sub-authorities before reading sub_auth[2]
  ksmbd: validate EaNameLength in smb2_get_ea()
  ksmbd: Remove unnecessary selection of CRYPTO_ECB
  ksmbd: validate owner of durable handle on reconnect
  ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger
  ksmbd: ipc: use kzalloc_flex and __counted_by
  smb: move filesystem_vol_info into common/fscc.h
  smb: move file_basic_info into common/fscc.h
  smb: move some definitions from common/smb2pdu.h into common/fscc.h

Author: torvalds

fs/smb/client/smb1pdu.h

@@ -2061,15 +2061,6 @@ typedef struct {
 	__le32 EASize;
 } __packed FILE_INFO_STANDARD;  /* level 1 SetPath/FileInfo */
 
-typedef struct {
-	__le64 CreationTime;
-	__le64 LastAccessTime;
-	__le64 LastWriteTime;
-	__le64 ChangeTime;
-	__le32 Attributes;
-	__u32 Pad;
-} __packed FILE_BASIC_INFO;	/* size info, level 0x101 */
-
 struct file_allocation_info {
 	__le64 AllocationSize; /* Note old Samba srvr rounds this up too much */
 } __packed; /* size used on disk, for level 0x103 for set, 0x105 for query */

fs/smb/client/smb2pdu.c

@@ -6147,8 +6147,8 @@ SMB2_QFS_attr(const unsigned int xid, struct cifs_tcon *tcon,
 		max_len = sizeof(struct smb3_fs_ss_info);
 		min_len = sizeof(struct smb3_fs_ss_info);
 	} else if (level == FS_VOLUME_INFORMATION) {
-		max_len = sizeof(struct smb3_fs_vol_info) + MAX_VOL_LABEL_LEN;
-		min_len = sizeof(struct smb3_fs_vol_info);
+		max_len = sizeof(struct filesystem_vol_info) + MAX_VOL_LABEL_LEN;
+		min_len = sizeof(struct filesystem_vol_info);
 	} else {
 		cifs_dbg(FYI, "Invalid qfsinfo level %d\n", level);
 		return -EINVAL;
@@ -6203,9 +6203,9 @@ SMB2_QFS_attr(const unsigned int xid, struct cifs_tcon *tcon,
 		tcon->perf_sector_size =
 			le32_to_cpu(ss_info->PhysicalBytesPerSectorForPerf);
 	} else if (level == FS_VOLUME_INFORMATION) {
-		struct smb3_fs_vol_info *vol_info = (struct smb3_fs_vol_info *)
+		struct filesystem_vol_info *vol_info = (struct filesystem_vol_info *)
 			(offset + (char *)rsp);
-		tcon->vol_serial_number = vol_info->VolumeSerialNumber;
+		tcon->vol_serial_number = le32_to_cpu(vol_info->VolumeSerialNumber);
 		tcon->vol_create_time = vol_info->VolumeCreationTime;
 	}
 

fs/smb/client/smbdirect.c

@@ -1551,17 +1551,25 @@ static int smbd_post_send_iter(struct smbdirect_socket *sc,
 
 	rc = smbd_post_send(sc, batch, request);
 	if (!rc) {
+		/*
+		 * From here request is moved to batch
+		 * and we should not free it explicitly.
+		 */
+
 		if (batch != &_batch)
 			return 0;
 
 		rc = smbd_send_batch_flush(sc, batch, true);
 		if (!rc)
 			return 0;
+
+		goto err_flush;
 	}
 
 err_dma:
 	smbd_free_send_io(request);
 
+err_flush:
 err_alloc:
 	atomic_inc(&sc->send_io.credits.count);
 	wake_up(&sc->send_io.credits.wait_queue);