[lvc-project] [PATCH] smb: remove redundant DACL check in smb_check_perm_dacl
Alexey Velichayshiy
a.velichayshiy at ispras.ru
Sun Dec 7 01:59:24 MSK 2025
Problem Analysis:
1. Permanently false condition:
The check `if (!pdacl->num_aces)` after the
`FILE_MAXIMAL_ACCESS_LE` block can never execute because when
`pdacl->num_aces == 0`, the function already jumps to `err_out`
in the earlier DACL validation check that precedes it.
2. Logical contradiction:
The code contains conflicting semantics for empty DACL handling:
- First check (before FILE_MAXIMAL_ACCESS_LE block):
Empty DACL → access denied → goto err_out.
- Second check (after FILE_MAXIMAL_ACCESS_LE block):
Empty DACL → grant GENERIC_ALL_FLAGS.
This creates unreachable code and semantic inconsistency.
Solution:
Remove the unreachable code block as the most
concise solution with no functional impact.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Alexey Velichayshiy <a.velichayshiy at ispras.ru>
---
fs/smb/server/smbacl.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/fs/smb/server/smbacl.c b/fs/smb/server/smbacl.c
index 5aa7a66334d9..05598d994a68 100644
--- a/fs/smb/server/smbacl.c
+++ b/fs/smb/server/smbacl.c
@@ -1307,9 +1307,6 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, const struct path *path,
granted |= le32_to_cpu(ace->access_req);
ace = (struct smb_ace *)((char *)ace + le16_to_cpu(ace->size));
}
-
- if (!pdacl->num_aces)
- granted = GENERIC_ALL_FLAGS;
}
if (!uid)
--
2.43.0
More information about the lvc-project
mailing list