<feed xmlns='http://www.w3.org/2005/Atom'>
<title>kernel/linux.git/fs/smb, branch v7.2-rc1</title>
<subtitle>Linux kernel stable tree (mirror)</subtitle>
<id>https://git.radix-linux.su/kernel/linux.git/atom?h=v7.2-rc1</id>
<link rel='self' href='https://git.radix-linux.su/kernel/linux.git/atom?h=v7.2-rc1'/>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/'/>
<updated>2026-06-26T15:17:42+00:00</updated>
<entry>
<title>Merge tag 'v7.2-rc-part2-smb3-server-fixes' of git://git.samba.org/ksmbd</title>
<updated>2026-06-26T15:17:42+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2026-06-26T15:17:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=71fab6fa7615fdf52679a3f80795f33b7f7e61d6'/>
<id>urn:sha1:71fab6fa7615fdf52679a3f80795f33b7f7e61d6</id>
<content type='text'>
Pull smb server updates from Steve French:
 "This is mostly a correctness and compatibility update for ksmbd's
  SMB2/3 lease, oplock, durable handle, compound request, CREATE,
  rename, stream and share-mode handling.

  A large part of the series fixes cases found by smbtorture where ksmbd
  diverged from the SMB2/3 protocol requirements.

  The main changes are:

   - Rework SMB2 lease state handling so lease state is shared per
     ClientGuid/LeaseKey across opens, with better validation of lease
     create contexts, ACK handling, epochs, break-in-progress reporting,
     v2 lease notification routing, and chained lease breaks

   - Fix several oplock break corner cases, including ACK validation,
     timeout downgrade behavior, level-II break handling on unlink,
     share-conflict lease breaks, and read-control/stat-open behavior

   - Fix durable handle behavior around delete-on-close, stale
     reconnects, reconnect context parsing, oplock/lease break
     invalidation, and durable v2 AppInstanceId replacement

   - Fix compound request handling so related commands propagate failed
     statuses correctly, preserve response framing across chained
     errors, keep compound FIDs across READ/WRITE/FLUSH, and send
     interim STATUS_PENDING where clients expect cancellable compound
     I/O

   - Tighten CREATE and stream semantics, including create attribute
     validation, allocation size reporting, explicit create security
     descriptors, unnamed DATA stream handling, stream directory
     validation, and stream delete sharing against the base file

   - Fix rename and metadata behavior, including parent directory
     sharing checks, denying directory rename with open children, and
     preserving SMB ChangeTime across rename for open handles

   - Fix two important safety issues: a multichannel byte-range lock
     list owner race that could lead to use-after-free, and an NTLMv2
     session key update before authentication proof validation

   - Fix a concurrent SMB2 NEGOTIATE preauth use-after-free, a UBSAN
     warning in compression capability parsing, a false hung-task
     warning in the durable handle scavenger, endian debug logging,
     Smatch indentation warnings, and kernel-doc warnings

   - Increase the default SMB3 transaction size from 1MB to 4MB to
     better match modern read/write negotiation and improve sequential
     I/O behavior"

* tag 'v7.2-rc-part2-smb3-server-fixes' of git://git.samba.org/ksmbd: (50 commits)
  ksmbd: fix kernel-doc warnings in smb2_lease_break_noti()
  ksmbd: fix inconsistent indenting warnings
  ksmbd: validate NTLMv2 response before updating session key
  ksmbd: increase SMB3_DEFAULT_TRANS_SIZE from 1MB to 4MB
  ksmbd: fix UBSAN array-index-out-of-bounds in decode_compress_ctxt()
  ksmbd: sleep interruptibly in the durable handle scavenger
  ksmbd: start file id allocation at 1
  ksmbd: treat read-control opens as stat opens only for leases
  ksmbd: validate :: stream type against directory create
  ksmbd: break conflicting-open leases only as far as needed
  ksmbd: break handle caching for share conflicts
  ksmbd: normalize ungrantable lease states
  ksmbd: return oplock protocol error for level II ack
  ksmbd: avoid level II oplock break notification on unlink
  ksmbd: downgrade oplock after break timeout
  ksmbd: apply create security descriptor first
  ksmbd: return requested create allocation size
  ksmbd: tighten create file attribute validation
  ksmbd: reject empty-attribute synchronize-only create
  ksmbd: honor stream delete sharing for base file
  ...
</content>
</entry>
<entry>
<title>cifs: define variable sized buffer for querydir responses</title>
<updated>2026-06-24T21:49:02+00:00</updated>
<author>
<name>Shyam Prasad N</name>
<email>sprasad@microsoft.com</email>
</author>
<published>2026-03-10T10:30:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=f53208233b2acaafe2af99c63c02481b2f5bcb39'/>
<id>urn:sha1:f53208233b2acaafe2af99c63c02481b2f5bcb39</id>
<content type='text'>
QueryDirectory responses today are stored in one of two fixed
sized buffers: smallbuf (448 bytes) or bigbuf (16KB). These are
borrowed from server struct and are not sufficient for large-sized
query dir operations.

With this change we will now define a new buffer type specifically
for cifs_search_info to hold variable sized responses. These will
be allocated by kmalloc and freed by kfree.

Signed-off-by: Shyam Prasad N &lt;sprasad@microsoft.com&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</content>
</entry>
<entry>
<title>smb/client: do not account EOF extension as allocation</title>
<updated>2026-06-24T21:48:56+00:00</updated>
<author>
<name>Huiwen He</name>
<email>hehuiwen@kylinos.cn</email>
</author>
<published>2026-06-24T02:15:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=99cd0a6eeb6c20fc6b914e7ce192c6b08e1ef906'/>
<id>urn:sha1:99cd0a6eeb6c20fc6b914e7ce192c6b08e1ef906</id>
<content type='text'>
cifs_setsize() updates the local inode size after SetEOF succeeds. It also
used the new EOF as a local i_blocks estimate, but extending EOF does not
prove that the intervening range was allocated.

For example, after writing 1 MiB and then extending EOF to 10 MiB, the
client can report the file as fully allocated even though the server still
reports a much smaller AllocationSize:

        $ dd if=/dev/zero of=test bs=1M count=1
        $ truncate -s 10M test &amp;&amp; stat -c 'size=%s blocks=%b' test
        $ stat --cached=never -c 'size=%s blocks=%b' test

        client stat:                    size=10485760 blocks=20480
        server stat:                    size=10485760 blocks=2056
        client stat after revalidation: size=10485760 blocks=2056

A later attribute revalidation may correct i_blocks, but callers such as
xfstests generic/495 invoke swapon immediately after truncate. The swapfile
hole check can therefore observe the inflated local i_blocks value and
accept a sparse file.

Do not grow i_blocks from cifs_setsize() on EOF extension.  Only clamp it
on shrink; allocation growth must come from write completion or from
server-reported AllocationSize.

With this change, EOF extension no longer makes a sparse file appear
fully allocated before the next attribute revalidation, and xfstests
generic/495 no longer accepts it through the inflated local i_blocks value.

Signed-off-by: Huiwen He &lt;hehuiwen@kylinos.cn&gt;
Reviewed-by: ChenXiaoSong &lt;chenxiaosong@kylinos.cn&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</content>
</entry>
<entry>
<title>smb/client: preserve errors from smb2_set_sparse()</title>
<updated>2026-06-24T15:33:51+00:00</updated>
<author>
<name>Huiwen He</name>
<email>hehuiwen@kylinos.cn</email>
</author>
<published>2026-06-24T02:15:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=2a4b3d2db5c6fcdba889baf7b2ae5661b0beac89'/>
<id>urn:sha1:2a4b3d2db5c6fcdba889baf7b2ae5661b0beac89</id>
<content type='text'>
smb2_set_sparse() converts every FSCTL_SET_SPARSE failure to false and
marks sparse support as broken for the share. Callers therefore report
EOPNOTSUPP even for errors such as ENOSPC or EACCES, and later sparse
operations remain disabled until the share is unmounted.

Return the SMB2 ioctl error directly. Set broken_sparse_sup only for
EOPNOTSUPP, which indicates that the server does not support the request.

Update smb3_punch_hole() to propagate the error returned by
smb2_set_sparse().

Fixes: 3d1a3745d8ca ("Add sparse file support to SMB2/SMB3 mounts")
Signed-off-by: Huiwen He &lt;hehuiwen@kylinos.cn&gt;
Reviewed-by: ChenXiaoSong &lt;chenxiaosong@kylinos.cn&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</content>
</entry>
<entry>
<title>smb: client: Fix next buffer leak in receive_encrypted_standard()</title>
<updated>2026-06-24T15:33:51+00:00</updated>
<author>
<name>Haoxiang Li</name>
<email>haoxiang_li2024@163.com</email>
</author>
<published>2026-06-23T01:45:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=1c6267a1d5cf4c73b656f8181b310cbbb3e4767b'/>
<id>urn:sha1:1c6267a1d5cf4c73b656f8181b310cbbb3e4767b</id>
<content type='text'>
receive_encrypted_standard() allocates next_buffer before checking
whether the number of compound PDUs already reached MAX_COMPOUND. If
the limit check fails, the function returns immediately and the newly
allocated next_buffer is not assigned to server-&gt;smallbuf/server-&gt;bigbuf,
making it leaked.

Move the MAX_COMPOUND check before allocating next_buffer.

Fixes: b24df3e30cbf ("cifs: update receive_encrypted_standard to handle compounded responses")
Cc: stable@vger.kernel.org
Signed-off-by: Haoxiang Li &lt;haoxiang_li2024@163.com&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</content>
</entry>
<entry>
<title>smb/client: use %pe to print error pointer</title>
<updated>2026-06-24T15:33:51+00:00</updated>
<author>
<name>Fredric Cover</name>
<email>fredric.cover.lkernel@gmail.com</email>
</author>
<published>2026-06-23T16:49:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=2c253f230a31d4394f6f926a73f5e157ad88d347'/>
<id>urn:sha1:2c253f230a31d4394f6f926a73f5e157ad88d347</id>
<content type='text'>
Currently, __reconnect_target_locked() prints the error pointer
'hostname' using PTR_ERR() and %ld, printing only the error code.

Fix this by using by using %pe to print the error symbolic code instead,
and remove PTR_ERR().

Signed-off-by: Fredric Cover &lt;fredric.cover.lkernel@gmail.com&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</content>
</entry>
<entry>
<title>smb/client: name the default fallocate mode</title>
<updated>2026-06-24T15:33:51+00:00</updated>
<author>
<name>Huiwen He</name>
<email>hehuiwen@kylinos.cn</email>
</author>
<published>2026-06-23T02:46:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=898d280f4e4d6da53da8c1f5884a65487ae93603'/>
<id>urn:sha1:898d280f4e4d6da53da8c1f5884a65487ae93603</id>
<content type='text'>
FALLOC_FL_ALLOCATE_RANGE identifies the default fallocate
allocation mode and is defined as zero.

Use the symbolic name instead of a literal zero in
smb3_fallocate() to make the mode dispatch clearer. This
does not change behavior.

Signed-off-by: Huiwen He &lt;hehuiwen@kylinos.cn&gt;
Reviewed-by: ChenXiaoSong &lt;chenxiaosong@kylinos.cn&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</content>
</entry>
<entry>
<title>smb common: add missing AAPL defines</title>
<updated>2026-06-24T15:33:51+00:00</updated>
<author>
<name>Steve French</name>
<email>stfrench@microsoft.com</email>
</author>
<published>2026-06-22T01:39:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=d281a757ff1ca230b80b0eae16559f8054927083'/>
<id>urn:sha1:d281a757ff1ca230b80b0eae16559f8054927083</id>
<content type='text'>
Add various defines for AAPL open context, e.g. for queries of
server capabilities.

Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</content>
</entry>
<entry>
<title>smb/client: fix chown/chgrp with SMB3 POSIX Extensions</title>
<updated>2026-06-24T15:33:51+00:00</updated>
<author>
<name>Ralph Boehme</name>
<email>slow@samba.org</email>
</author>
<published>2026-06-07T13:23:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=760ef2c579c2609cf17fb1cd5392f64d42d43d33'/>
<id>urn:sha1:760ef2c579c2609cf17fb1cd5392f64d42d43d33</id>
<content type='text'>
Ownership (chown) and group (chgrp) modifications were being ignored when
mounting with SMB3 POSIX Extensions unless CIFS_MOUNT_CIFS_ACL or
CIFS_MOUNT_MODE_FROM_SID were also explicitly set.

Fix this by checking for posix_extensions in cifs_setattr_nounix() when
updating UID and GID, ensuring that id_mode_to_cifs_acl() is called to map
and set the ownership/group information on the server.

Cc: stable@vger.kernel.org
Signed-off-by: Ralph Boehme &lt;slow@samba.org&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</content>
</entry>
<entry>
<title>smb/client: fix security flag calculation when setting security descriptors</title>
<updated>2026-06-24T15:33:41+00:00</updated>
<author>
<name>Ralph Boehme</name>
<email>slow@samba.org</email>
</author>
<published>2026-06-20T07:12:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=4939889c985da68936090cc013e58c28b7bff34f'/>
<id>urn:sha1:4939889c985da68936090cc013e58c28b7bff34f</id>
<content type='text'>
In id_mode_to_cifs_acl(), aclflag was initialized to CIFS_ACL_DACL by default.
This forced the client to request setting the DACL even when only an ownership
(chown) or group (chgrp) change was being performed.

Let build_sec_desc() do the proper flag calculation by initializing aclflag
to 0. build_sec_desc() sets the appropriate bits (CIFS_ACL_OWNER, CIFS_ACL_GROUP,
or CIFS_ACL_DACL) depending on what actually changed. During ownership transfer,
CIFS_ACL_DACL is only set if replace_sids_and_copy_aces() actually replaces the
SIDs inside any of the DACL's ACEs.

If build_sec_desc() results in aclflag being 0 (meaning no changes were mapped),
exit early to avoid sending an empty security descriptor update to the server.

Signed-off-by: Ralph Boehme &lt;slow@samba.org&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</content>
</entry>
</feed>
